privacy

88 Articles

Decentralized Privacy-Preserving Proximity Tracing

April 9, 2020 by 6 Comments

As we continue through the pandemic, whether we are on lockdown or still at work, there is a chance for all of us that we could still pick up the virus from a stray contact. Mapping these infections and tracing those in proximity to patients can present a major problem to infection control authorities, and there have been a variety of proposals for smartphone apps designed to track users’ contacts via the Bluetooth identities their phones encounter. This is a particular concern to privacy advocates, because there is a chance that some governments could use this as an excuse to bring in intrusive personal surveillance by this means. A group of academics from institutions across Europe have come together with a proposal for a decentralised proximity tracing system that allows identification of infection risk without compromising the privacy of those using it.

Where a privacy-intrusive system might use a back-end database tracking all users and recording their locations and interactions, this one uses anonymised tokens stored at the local level rather than at the central server. When a user is infected this is entered at app level rather than at server level, and the centralised part of the system merely distributes the anonymised tokens to the clients. The computation of whether contact has been made with an infected person is thus made on the client, meaning that the operator has no opportunity to collect surveillance data. After the pandemic has passed the system will evaporate as people stop using it, rather than remaining in place harvesting details from installed apps. They are certainly not the first academics to wrestle with this thorny issue, but they seem to have ventured further into the mechanics of it all.

As with all new systems, it’s probably good to subject it to significant scrutiny before deploying it live. Have a read. What do you think?

We are all watching our authorities as they race to respond to the pandemic in an effective manner, and we hope that should they opt for an app that it does an effective job and they resist the temptation to make it too intrusive. Our best course of action meanwhile as the general public is to fully observe all advised public health measures such as self-isolation or the wearing of appropriate personal protective equipment.

Can Solid Save The Internet?

April 4, 2020 by 32 Comments

We ran an article on Solid this week, a project that aims to do nothing less than change the privacy and security aspects of the Internet as we use it today. Sir Tim Berners-Lee, the guy who invented the World Wide Web as a side project at work, is behind it, and it’s got a lot to recommend it. I certainly hope they succeed.

The basic idea is that instead of handing your photos, your content, and your thoughts over to social media and other sharing platforms, you’d store your own personal data in a Personal Online Data (POD) container, and grant revocable access to these companies to access your data on your behalf. It’s like it’s your own website contents, but with an API for sharing parts of it elsewhere.

This is a clever legal hack, because today you give over rights to your data so that Facebook and Co. can display them in your name. This gives them all the bargaining power, and locks you into their service. If instead, you simply gave Facebook a revocable access token, the power dynamic shifts. Today you can migrate your data and delete your Facebook account, but that’s a major hassle that few undertake.

Mike and I were discussing this on this week’s podcast, and we were thinking about the privacy aspects of PODs. In particular, whatever firm you use to socially share your stuff will still be able to snoop you out, map your behavior, and target you with ads and other content, because they see it while it’s in transit. But I failed to put two and two together.

The real power of a common API for sharing your content/data is that it will make it that much easier to switch from one sharing platform to another. This means that you could easily migrate to a system that respects your privacy. If we’re lucky, we’ll see competition in this space. At the same time, storing and hosting the data would be portable as well, hopefully promoting the best practices in the providers. Real competition in where your data lives and how it’s served may well save the Internet. (Or at least we can dream.)

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.

Want this type of article to hit your inbox every Friday morning? You should sign up!

Stay Smarter Than Your Smart Speaker

April 1, 2020 by 56 Comments

Smart speakers have always posed a risk to privacy and security — that’s just the price we pay for getting instant answers to life’s urgent and not-so-urgent questions the moment they arise. But it seems that many owners of the 76 million or so smart speakers on the active install list have yet to wake up to the reality that this particular trick of technology requires a microphone that’s always listening. Always. Listening.

With so much of the world’s workforce now working from home due to the global SARS-CoV-2 pandemic, smart speakers have suddenly become a big risk for business, too — especially those where confidential conversations are as common and crucial as coffee.

Imagine the legions of lawyers out there, suddenly thrust from behind their solid-wood doors and forced to set up ramshackle sub rosa sanctuaries in their homes to discuss private matters with their equally out-of-sorts clients. How many of them don’t realize that their smart speaker bristles with invisible thorns, and is even vulnerable to threats outside the house? Given the recent study showing that smart speakers can and do activate accidentally up to 19 times per day, the prevalence of the consumer-constructed surveillance state looms like a huge crisis of confidentiality.

So what are the best practices of confidential work in earshot of these audio-triggered gadgets?

Continue reading “Stay Smarter Than Your Smart Speaker”

SOLID Promises A New Approach To How The Web Works

March 30, 2020 by 71 Comments

As it stands on the modern Internet, your data is no longer your own. Your emails, photos, and posts all live on servers owned by large corporations. Their policies give them access to your data, which is mined to generate advertising revenue. And if you want your data back, there are innumerable hoops to jump through. Want it deleted entirely? Good luck.

Tim Berners-Lee, original creator of the World Wide Web, is behind the project.

Sir Tim Berners-Lee, as the original creator of what became the Web, has drawn issue with the current state of play. To move the ball on the issue, he’s been working on a design for decentralized internet and the efforts have led to the establishment of the Solid project. The goal is to rectify online privacy and ownership issues and give users greater control over their personal data.

The big question is how do you do that? When SOLID was announced last year there were few if any details on the approach taken by the program. But since then, more details have surface and you can even take an early version of the program for a spin. Let’s take a look.

Continue reading “SOLID Promises A New Approach To How The Web Works”

Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars

March 25, 2020 by 98 Comments

About a year ago, Zachary McCoy took a bike ride around his neighborhood in Gainesville, Florida. It may have been forgettable to him, but not to history. Because McCoy used an app to track his mileage, the route was forever etched in the Google-verse and attached to his name.

On the day of this ill-fated bike ride, McCoy passed a certain neighbor’s house three times. While this normally wouldn’t raise alarm, the neighbor happened to be the victim of a burglary that day, and had thousands of dollars worth of jewelry stolen. The Gainesville police had zero leads after a four-day investigation, so they went to the county to get a geofence warrant. Thanks to all the location data McCoy had willingly generated, he became the prime suspect.

Continue reading “Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars”

Keep The Family At Bay While Working From Home With This WiFi Do Not Disturb Dongle

March 20, 2020 by 12 Comments

Those who have been suddenly introduced to the wonderful world of working from home over the last couple of weeks may have experienced a bit of culture shock. Even with today’s open floorplan workspaces and less-formal expectations, work isn’t home. That’s especially true with young children in the house, who’ll probably respond to seeing mommy or daddy working from home much differently than [Bob] from accounting would at the office.

To smooth out the rough spots of transitioning to a full-time work-from-home setup, [Brian Lough] threw together this web-enabled “do not disturb” beacon for his office door. The original idea was to simply provide a red light and a green light to let the rest of the family know when [Brian] would be in a meeting, but in an example of scope creep that turned out to be useful, [Mrs. Lough] rewrote the spec to include a button on the family-facing side so that she could alert him that his presence is requested.

[Brian] went through a couple of prototype using both an ESP32 and an ESP8266. We were rooting for the ESP32, which [Brian] was leveraging for its built-in capacitive touch input. That would have eliminated a physical button, but alas, the ESP8266 made it into the final build, along with lots and lots of Blu-Tack. The video below details the build and the code, and features an adorable Irish lesson as a bonus.

Yes, a simple text message would probably have satisfied the specs, but where’s the sport in that? Then again, as [Brian] points out, this build seemed oddly familiar for a good reason.

Continue reading “Keep The Family At Bay While Working From Home With This WiFi Do Not Disturb Dongle”

Smart Speakers “Accidentally” Listen Up To 19 Times A Day

March 11, 2020 by 66 Comments

In the spring of 2018, a couple in Portland, OR reported to a local news station that their Amazon Echo had recorded a conversation without their knowledge, and then sent that recording to someone in their contacts list. As it turned out, the commands Alexa followed came were issued by television dialogue. The whole thing took a sitcom-sized string of coincidences to happen, but it happened. Good thing the conversation was only about hardwood floors.

But of course these smart speakers are listening all the time, at least locally. How else are they going to know that someone uttered one of their wake words, or something close enough? It would sure help a lot if we could change the wake word to something like ‘rutabaga’ or ‘supercalifragilistic’, but they probably have ASICs that are made to listen for a few specific words. On the Echo for example, your only choices are “Alexa”, “Amazon”, “Echo”, or “Computer”.

So how often are smart speakers listening when they shouldn’t? A team of researchers at Boston’s Northeastern University are conducting an ongoing study to determine just how bad the problem really is. They’ve set up an experiment to generate unexpected activation triggers and study them inside and out.

Continue reading “Smart Speakers “Accidentally” Listen Up To 19 Times A Day”