• chevron_right

    Fourteen of the world's leading computer security and cryptography experts have released a paper arguing against the use of client-side scanning because it creates security and privacy risks

    Danie van der Merwe · / gadgeteerza-tech-blog · Friday, 15 October - 16:47

Client-side scanning (CSS, not to be confused with Cascading Style Sheets) involves analysing data on a mobile device or personal computer prior to the application of encryption for secure network transit or remote storage. CSS in theory provides a way to look for unlawful content while also allowing data to be protected off-device.

Apple in August proposed a CSS system by which it would analyse photos destined for iCloud backup on customers' devices to look for child sexual abuse material (CSAM), only to backtrack in the face of objections from the security community and many advocacy organizations.

The paper, "Bugs in our Pockets: The Risks of Client-Side Scanning," elaborates on the concerns raised immediately following Apple's CSAM scanning announcement with an extensive analysis of the technology.

"In this report, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance," the paper says.


#technology #security #privacy #clientsidescanning #apple

  • Sc chevron_right

    Recovering Real Faces from Face-Generation ML System / Schneier · Thursday, 14 October - 14:56

New paper: “ This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces.

Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek website, taunts users with GAN generated images that seem too real to believe. On the other hand, GANs do leak information about their training data, as evidenced by membership attacks recently demonstrated in the literature. In this work, we challenge the assumption that GAN faces really are novel creations, by constructing a successful membership attack of a new kind. Unlike previous works, our attack can accurately discern samples sharing the same identity as training samples without being the same samples. We demonstrate the interest of our attack across several popular face datasets and GAN training procedures. Notably, we show that even in the presence of significant dataset diversity, an over represented person can pose a privacy concern.

News article . Slashdot post .

  • Sc chevron_right

    The European Parliament Voted to Ban Remote Biometric Surveillance / Schneier · Monday, 11 October - 12:49

It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance.

To respect “privacy and human dignity,” MEPs said that EU lawmakers should pass a permanent ban on the automated recognition of individuals in public spaces, saying citizens should only be monitored when suspected of a crime.

The parliament has also called for a ban on the use of private facial recognition databases — such as the controversial AI system created by U.S. startup Clearview (also already in use by some police forces in Europe ) — and said predictive policing based on behavioural data should also be outlawed.

MEPs also want to ban social scoring systems which seek to rate the trustworthiness of citizens based on their behaviour or personality.

  • chevron_right

    Is WhatsApp safe for companies? They are not GDPR-compliant, so rather look at Self-Hosting

    Danie van der Merwe · / gadgeteerza-tech-blog · Tuesday, 5 October - 17:35

A study conducted by the technology company Guild showed that almost half of UK workers (41%) admitted to using the messaging app for work. And even though WhatsApp has penetrated the corporate space due to its popularity, companies are in search of a more reliable secure messaging platform.

Italy’s data protection agency contacted the European Data Protection Board (EDPB) in order to demand clear information over WhatsApp security. Besides that, some Indian and multinational companies have even issued advisories to employees asking them to use WhatsApp with caution and stop using the platform for critical business calls, as reported by Economic Times.

Yes it's well worth considering rather self-hosting something like RocketChat, Matrix, Elgg, or similar that does not attract the heavy subscription costs, and you have 100% own control over all data.


#technology #deletewhatsapp #GDPR #privacy #selfhosting

  • Pictures 1 image

  • visibility
  • Ar chevron_right

    It’s not easy to control police use of tech—even with a law / ArsTechnica · Sunday, 26 September - 10:30

It’s not easy to control police use of tech—even with a law

Enlarge (credit: Roy Rochlin | Getty Images)

In 2018, Oakland enacted an innovative law giving citizens a voice in police use of surveillance technology. The Electronic Frontier Foundation called it “ the new gold standard in community control of police surveillance .” Since then, about 20 other cities have adopted similar laws.

Now, Brian Hofer, one of the architects of Oakland’s law, says it’s not working. Earlier this month, Hofer filed suit against the city and the police department, saying they had repeatedly violated the law.

“We ignored human nature,” Hofer says in an interview. “Police don't like to be transparent. Surveillance technology use is by design secretive, and no self-interested party is going to voluntarily highlight anything negative about their own proposal.” A spokesperson for the Oakland Police Department says it doesn’t comment on ongoing legal matters.

Read 16 remaining paragraphs | Comments

  • chevron_right

    Conduit is an efficient lightweight Matrix server implementation for home use and will even run on a Raspberry Pi

    Danie van der Merwe · / gadgeteerza-tech-blog · Friday, 17 September - 13:01

Matrix has a reputation for good chat features as well as security, but the consensus has been that it is quite heavy on resources, especially if you want to just host it from home for friends and family.

Conduit is still in early beta release and also does not have all the Matrix bells and whistles, but it has been engineered to be very easy to set up, and is efficient and lightweight. You can install it on a mini-computer like the Raspberry Pi to host Matrix for your family, friends or company.

As of 2021-09-01, Conduit is Beta, meaning you can join and participate in most Matrix rooms, but not all features are supported, and you might run into bugs from time to time. For example, E2EE verification over federation is not yet implemented.


#technology #opensource #conduit #matrix #privacy

  • Famedly / Conduit

    Conduit is a simple, fast and reliable chat server powered by Matrix

  • Pictures 1 image

  • visibility
  • chevron_right

    FreeTube is a standalone YouTube client (without any tracking) for Linux, Mac, and Windows

    Danie van der Merwe · / gadgeteerza-tech-blog · Friday, 17 September - 11:45

FreeTube is a YouTube client for Windows, Mac, and Linux built around using YouTube more privately. You can enjoy your favourite content and creators without your habits being tracked. All of your user data is stored locally and never sent or published to the internet. FreeTube grabs data by scraping the information it needs (with either local methods or by optionally utilizing the Invidious API). With many features similar to YouTube, FreeTube has become one of the best methods to watch YouTube privately on desktop.

The guide below shows specifically how to install it on Linux.


#technology #privacy #freetube #opensource #linux

  • Ar chevron_right

    Ireland fails to enforce EU law against Big Tech / ArsTechnica · Monday, 13 September - 17:04

Ireland fails to enforce EU law against Big Tech

Enlarge (credit: NurPhoto | Getty Images)

Ireland is failing to apply the EU’s privacy laws to US Big Tech companies, with 98 percent of 164 significant complaints about privacy abuses still unresolved by its regulator.

Google, Facebook, Apple, Microsoft, and Twitter all have their European headquarters in Dublin, making Ireland’s Data Protection Commissioner the lead EU regulator responsible for holding them to the law.

But the Irish DPC has been repeatedly criticized, both by privacy campaigners and by other EU regulators for failing to take action.

Read 14 remaining paragraphs | Comments