Search the Community

A small Swiss app developer has invented what it claims is a way to securely and anonymously transfer files between a browser and a mobile device without having to leave any traces of the user's identity, device ID or location. Marketed by creators Bitdrop as a way of defeating surveillance by the NSA and others - "zero knowledge privacy" - users simply initiate transfers from the firm's upload portal after scanning a QR Code using a dedicated app running on their mobile device. This code creates a unique and time-limited window for files to be transferred to the user's mobile (or shared with a third party that has a download code), secured using what the company calls 256-bit "variable encryption," essentially a way to randomise conventional symmetric keys for each transfer. BitdropBitdrop: Big on security, not so much on design. The keys themselves are sucked onto the sender's own mobile device during a temporary connection. Files can't be accessed by Bitdrop itself or any other authority because the encryption key is stored only on the sender's mobile device. In the event the files are not moved from the firm's servers to the mobile by a third party receiver within 24 hours they are destroyed. The location of the encryption key is critical. They keys are never retained on the sending computer, never sit on Bitdrop's servers and are never moved to third-parties receiving the files. Only the sender has these keys. The firm heralds the concept as a way of moving encrypted data around without it being tied to any identity; Bitdrop does not require users to register or reveal their email address. Neither the sender nor receiver can be identified. What about the security of the mobile app itself? According to Bitdrop, the identity of all contacts using the service is accessible only after entering an access code. It sounds like complex 'down the rabbit hole' security but it should be simple to use with an interesting extra advantage that although the sender needs to install the app to scan the QR code, the receiver does not, making it free of the friction of many secure file transfer systems that require both ends to use identical software. This is the kind of app that not long ago would have sounded like overkill but that was before the NSA and Edward Snowden alerted the security-conscious to the reality of state surveillance. This might or not bother US or UK users who trust their Governments but what about business users using their mobiles in other parts of the world; do they trust the Russian or Chinese Governments too? Undoubtedly these already have or will soon have systems similar to Prism. Explaining its architecture, founder 'Markus Kristian Kangas had this to say when contacted by Techworld: One slight issue is that the launch app is iPhone-only although an Android app is promised, as is a version for web-to-web transfers. The company is also a total unknown so issues such as longevity, support and security must be taken on trust. The app costs $4.99 (£3.20).

Sending a Snapchat, at this point, is like sending a photo over regular text message. People you don’t want viewing your private pics are still going to see them — even the cops. For those unfamiliar, Snapchat lets users send photos called Snaps that expire after 30 seconds (once you’ve opened them), so you can share your private or embarrassing photos without leaving them out in the ether indefinitely. The company “revealed” — I put this in quotations because, to me, this is obvious — that unopened Snaps can and have been handed over to law enforcement as part of criminal investigations (as long as the cops have a warrant). This includes your photos, videos, and the company’s new feature – “Stories.” Stories can be pulled from a server even after they have been opened given that they expire after 24-hours. How can this be when Snaps are designed to disappear forever? Snapchat runs all your photos and videos through its servers before delivering them to the recipient. While waiting to be opened and viewed, Snaps sit on that server, accessible by a special tool only chief technology officer Bobby Murphy and Micah Schaffer, who runs Snapchat’s trust and safety department, have access to. There are over 350 million Snaps that run through the system daily, according to Snapchat, and a dozen requests for Snaps have been fulfilled since May 2013. That you can read below https://www.documentcloud.org/documents/717257-snapchat-law-enforcement-guide-12112-1.html It’s apparent that you can’t truly believe your Snaps will remain under lock and key. First off, the people you send your Snaps to can take screenshots of the photos, so they may not disappear at all. Beyond that there are even products made to save this content. Snaphack is one of these, as noted by NBC. That said, I doubt this kind of news will make even the smallest dent in the app’s usage. People sending pics of criminal activities may think twice, but otherwise Snapchat seems to have one thing really going for it: a strong community. A good number of my peers — mid-twenties young professionals — who use Snapchat say it legitimately keeps them in touch with friends and family. It’s a form of novel entertainment. None of them trust the service for its “privacy” merits; it’s just another social network that connects people through a funny premise: Send me a picture with your eyelids inverted and I’ll send you one of my double-chin. And hey, as long as they don’t mind those photos ending up just about anywhere — including the courtroom — then more power to them.

Millions of Americans, non-Americans have been swept up in this digital dragnet. According to a new report from the Washington Post, the National Security Agency is This new revelation, not surprisingly, comes from the top secret documents entrusted to the Post and other media outlets by former National Security Agency contractor Edward Snowden. This new unnamed program, which the Post says “has not been disclosed before, The paper added: Based on the Post’s reporting, which includes a byline from independent security researcher Ashkan Soltani, the program appears to be related to X-Keyscore, which snags nearly all short-term unencrypted traffic from various points around the globe. As Ars previously described, it would be nearly impossible for the NSA to store all that data for an extended period of time. One slide published in June 2013 says that for a single 30-day period in 2012, this amounted to “at least 41 billion total records.” According to an unnamed intelligence official, the Post noted that “because of the method employed, the agency is not legally required or technically able to restrict its intake to contact lists belonging to specified foreign intelligence targets,” adding that “when information passes through 'the overseas collection apparatus... the assumption is you’re not a US person.'" A spokesperson for the Office of the Director of National Intelligence also told the Post that the agency is focused on "terrorists, human traffickers, and drug smugglers," not the contacts of ordinary Americans.

The European Court of Human Rights (ECHR) has issued a decision that anti-censorship campaigners say could spell an end to anonymous website comments in the EU. The judgment came through on Thursday in the case of Delfi AS v. Estonia. Delfi is an Estonian news site that had been found liable by a court in that country for offensive comments posted by anonymous users under one of its stories – it went to the ECHR claiming this violated its right to freedom of expression, but the human rights court disagreed. This all traces back to the start of 2006, when Delfi carried a story about a ferry company that had changed its routes in a way that delayed the opening of new ice roads to various islands. Enraged readers wrote nasty things about the ferry firm, which successfully sued Delfi, winning around €320 ($434) in damages. Having established that the comments were defamatory and Delfi should have expected that, given the nature of the article, the ECHR’s ruling (which can still be appealed) noted that the comments had not been taken down by Delfi’s automated system for catching naughty words, nor by its notice-and-take-down system. Now here comes the crucial bit for online publishers. Although Delfi’s site was clear that commenters were themselves liable for what they wrote, which would theoretically have allowed the ferry company to sue them rather than Delfi, the commenters were anonymous. And so, according to the ECHR’s subsequent statement: Index on Censorship’s Padraig Reidy responded by saying : What it could stand as a precedent for is not entirely clear. The Delfi case was quite specific: it was largely about the legality of Estonia’s interpretation of EU free-expression law (which the court upheld); the comments were apparently merely offensive rather than whistleblowing or anything like that; the fine in question was small and found to be reasonable; and Delfi’s systems for picking up abusive comments seem to have failed in this instance. Also, the EU is not America – it has fairly good guarantees for free expression, but not as cast-iron as those stateside. But nonetheless, particularly in the context of a wider questioning of anonymous comments, it’s not hard to see why Index on Censorship finds the ruling troubling. There can be great value in anonymous comments, and a ruling such as this may have a chilling effect if it leads publishers and site operators to decide the potential liability is too great.

The journey was long and full of baby steps, but we’ve finally reached the destination: Google updated its terms of service on Friday to allow the company to slap your real name and face alongside ads, under an expansion of its “shared endorsements” program. Getting here took a while, and it took a slow expansion of the Google+ social service. First, Google+ users had to sign up for the service with their real names, rather than pseudonyms. Next, all new Google Accounts—even if you only wanted Gmail—required you to sign up for Google+. Then, back in May, Google began coaxing veteran YouTubers into adopting Google+ accounts, and a few weeks ago, the company announced that all YouTube comments will be powered exclusively by Google+. Google+ integration throughout Google’s services seemed pretty handy at first. When searching the Play Store, the power of “shared endorsements” showed you when your friends like a given app (not unlike what iOS and OS X users see when looking for game recommendations in Apple’s Game Center app). When searching the web, Google+ identified when your buddies +1’d a given site. Now, Google’s bringing your real name, face, reviews, and comments to Search ads across the web. But while Facebook forces all users to participate in “sponsored stories,” Google gives you the opportunity to opt out of its ad program. Minors will be automatically excluded, but you’ll have to manually tell Google to leave your name out of its ads if you’re over 18. Fortunately, it’s easy to do so. How to tell Google to stop using your face and name in ads To stop Google from using details from your Google+ profile in its advertising campaign, you’ll need to head to the Shared Endorsements page on Google+. The Shared Endorsements page spells out the details of the program. If you scroll down below all the words and pictures, you’ll see a single settings option on the page: “Based upon my activity, Google may show my name and profile photo in shared endorsements that appear in ads.” Simply uncheck the box and click Save and you won’t have to worry about your face and name appearing in Google’s ads. Here’s the settings option you need to change. Opting out of the ad campaign doesn’t opt you out of all Shared Endorsements, however; your persona will still appear alongside websites you +1 and apps you like while your friends are scouring the web or Google Play.

In a scathing statement on the state of the Web, leading organizations on Internet policy, governance, and architecture blasted the U.S. for its spying on Internet users. Without calling out the United States by name, leaders from the World Wide Web Consortium (W3C), ICANN, the Internet Architecture Board, and other organizations nevertheless made it clear that the U.S.’s policies and practices are harmful to an open web. From the official statement: They called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing. Currently, the U.S. Department of Commerce wields a substantial amount of control and unilateral oversight where ICANN is concerned. Also, the next Internet Governance Summit will be held in Brazil, where President Dilma Rousseff has been vocally critical of U.S. Internet surveillance. Rousseff cancelled a diplomatic visit to the U.S. in the wake of the Snowden revelations (including the fact that the U.S. was spying on Brazil, an ally). Rousseff told reporters as the summit location was announced.