More Spying on Spies

Strava’s heat map has made a lot of people step back and realize, “wow, there are side-channels to data.” Most of us in the computer security world have known that for a long time; some of us have spent our lives trying to stop such channels from happening; it’s a frustrating way to spend your life but, as Townes says, “it beats sitting around waiting to die.”

[Read more…]

A Good Resource

Internet security is complicated and there are lots of dependencies – usually if you ask an internet security practitioner “is ${this thing} safe?” they’ll tell you “if you’re trying to do ${this} or ${that} then…” and carry on for a half an hour in that vein.

[Read more…]

Bigtime Fake News

Congratulations to our own Shiv, whose reporting on the J20 case is in VICE. [vice]

Writing something that is timely and fact-filled, in this day of “fake news” is a huge amount of work and takes tremendous dedication. Usually I don’t have much to say about her pieces, because I’m reading them to educate myself about the oppression transpeople experience, and I’m just in absorb mode. For someone like me, who’s coming at that world from “cishet, ignorant” perspective, she’s an invaluable read.

The actions of the police state are a concern Shiv and I share, for different reasons. The stuff she’s writing about is what’s happening on the cutting end of the retro-scope and the intelligence state. All the stuff I post about surveillance is theoretical(-ish) and she’s talking about the fear that real people have to deal with, confronting the abuse of power by the state. It’s only going to get worse.

It’s Worse Than You Think: Mining Apps

I just stumbled across this one; perhaps it’s what was going on with my browser the other day. I’ve been thinking about how to enumerate all the stuff that’s going on in a system – building a “petri dish” surrounded with sniffers, then watching and memory-scraping my browser to see what it was doing. It sounds like the answer would be “too much.”

[Read more…]

It’s Worse Than You Think: Tracking Apps

The currency of computer security is Trust – the degree to which you can believe that your system is doing what you expect it to. There are a lot of properties that comprise trust, including integrity, reliability, etc., each of which is made up of smaller properties like non-repudiation, auditability, resistance to replay attacks, ad infinitum. We talk about trust loosely; it’s like Liberty or Good Cinematography – it’s a useful concept for describing the relationship between ourselves and the systems we use – whether they work right for any given notion of “right.”

[Read more…]