Tech News

2019

2008   2009   2010   2011   2012   2013   2014   2015   2016   2017   2018   2019   Latest  


 

Forget Chrome...

Nominet outlines the UK stance on maintaining state censorship via DNS over HTTPS and Google will comply


Link Here 27th July 2019
Russell Haworth, CEO of Nominet, Britain's domain name authority has outlined the UK's stance on maintaining UK censorship and surveillance capabilities as the introduction of encrypted DNS over HTTPS (DoH) will make their job a bit more difficult.

The authorities' basic idea is that UK ISPs will provide their own servers for DNS over HTTPS so that they can still use this DNS traffic to block websites and keep a log of everyone's internet use. Browser companies will then be expected to enforce using the governments preferred DoH server.

And Google duly announced that it will comply with this censorship request. Google Chrome will only allow DoH servers that are government or corporate approved.

Note that this decision is more nuanced than just banning internet users from sidestepping state censors. It also applies to users being prevented from sidestepping corporate controls on company networks, perhaps a necessary commercial consideration that simply can't be ignored.

Russell Haworth, CEO of Nominet explains:

Firefox and Google Chrome -- the two biggest web browsers with a combined market share of over 70% -- are both looking to implement DoH in the coming months, alongside other operators. The big question now is how they implement it, who they offer to be the resolvers, and what policies they use. The benefit offered by DoH is encryption, which prevents eavesdropping or interception of DNS communication. However, DoH raises a number of issues which deserve careful consideration as we move towards it.

Some of the internet safety and security measures that have been built over the years involve the DNS. Parental controls, for example, generally rely on the ISP blocking particular domains for their customers. The Internet Watch Foundation (IWF) also ask ISPs to block certain domains because they are hosting child sexual abuse material. There may also be issues for law enforcement using DNS data to track criminals. In terms of cyber security, many organisations currently use the DNS to secure their networks, by blocking domains known to contain malware. All of these measures could be impacted by the introduction of DoH.

Sitting above all of these is one question: Will users know any of this is happening? It is important that people understand how and where their data is being used. It is crucial that DoH is not simply turned on by default and DNS traffic disappears off to a server somewhere without people understanding and signing up to the privacy implications. This is the reason what we have produced a simple explainer and will be doing more to communicate about DoH in the coming weeks.

DoH can bring positive changes, but only if it is accompanied by understanding, informed consent, and attention to some key principles, as detailed below:

Informed user choice:

users will need to be educated on the way in which their data use is changing so they can give their informed consent to this new approach. We also need some clarity on who would see the data, who can access the data and under what circumstances, how it is being protected and how long it will be available for.

Equal or better safety:

DoH disrupts and potentially breaks safety measures that have built over many years. It must therefore be the responsibility of the browsers and DoH resolvers who implement DoH to take up these responsibilities. It will also be important for current protections to be maintained.

Local jurisdiction and governance:

Local DoH resolvers will be needed in individual countries to allow for application of local law, regulators and safety bodies (like the IWF). This is also important to encourage innovation globally, rather than having just a handful of operators running a pivotal service. Indeed, the internet was designed to be highly distributed to improve its resilience.

Security:

Many organisations use the DNS for security by keeping suspicious domains that could include malware out of networks. It will be important for DoH to allow enterprises to continue to use these methods -- at Nominet we are embracing this in a scalable and secure way for the benefit of customers through our cyber security offering.

Change is a constant in our digital age, and I for one would not stand in the way of innovation and development. This new approach to resolving requests could be a real improvement for our digital world, but it must be implemented carefully and with the full involvement of Government and law enforcement, as well as the wider internet governance community and the third sector.

A Google developer has outlined tentative short term plans for DoH in Chrome. It suggest that Chrome will only allow the selection of DoH servers that are equivalent to approved non encrypted servers.

This is a complex space and our short term plans won't necessarily solve or mitigate all these issues but are nevertheless steps in the right direction.

For the first milestone, we are considering an auto-upgrade approach. At a high level, here is how this would work:

  • Chrome will have a small (i.e. non-exhaustive) table to map non-DoH DNS servers to their equivalent DoH DNS servers. Note: this table is not finalized yet.

  • Per this table, if the system's recursive resolver is known to support DoH, Chrome will upgrade to the DoH version of that resolver. On some platforms, this may mean that where Chrome previously used the OS DNS resolution APIs, it now uses its own DNS implementation in order to implement DoH.

  • A group policy will be available so that Administrators can disable the feature as needed.

  • Ability to opt-out of the experiment via chrome://flags.

In other words, this would upgrade the protocol used for DNS resolution while keeping the user's DNS provider unchanged. It's also important to note that DNS over HTTPS does not preclude its operator from offering features such as family-safe filtering.

 

 

Offsite Article: A Dangerous Edge...


Link Here 24th July 2019
A technical article explaining how Microsoft's internet browser Edge sends all your page URLs to Microsoft in the name of blocking phishing websites

See article from bleepingcomputer.com

 

 

Offsite Article: Google's new reCAPTCHA has a dark side...


Link Here 28th June 2019
Full story: Gooogle Privacy...Google sued for snooping on Iphone users
Analysing the way you navigate around websites and hassling those it considers aren't doing it right

See article from fastcompany.com

 

 

Ramping up the encrypted internet to protect against the dangers of age verification...

Firefox has a research project to integrate with TOR to create a Super Private Browsing mode


Link Here 21st May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Age verification for porn is pushing internet users into areas of the internet that provide more privacy, security and resistance to censorship.

I'd have thought that security services would prefer that internet users to remain in the more open areas of the internet for easier snooping.

So I wonder if it protecting kids from stumbling across porn is worth the increased difficulty in monitoring terrorists and the like? Or perhaps GCHQ can already see through the encrypted internet.

RQ12: Privacy & Security for Firefox

Mozilla has an interest in potentially integrating more of Tor into Firefox, for the purposes of providing a Super Private Browsing (SPB) mode for our users.

Tor offers privacy and anonymity on the Web, features which are sorely needed in the modern era of mass surveillance, tracking and fingerprinting. However, enabling a large number of additional users to make use of the Tor network requires solving for inefficiencies currently present in Tor so as to make the protocol optimal to deploy at scale. Academic research is just getting started with regards to investigating alternative protocol architectures and route selection protocols, such as Tor-over-QUIC, employing DTLS, and Walking Onions.

What alternative protocol architectures and route selection protocols would offer acceptable gains in Tor performance? And would they preserve Tor properties? Is it truly possible to deploy Tor at scale? And what would the full integration of Tor and Firefox look like?

 

 

Anti European People...

The next monstrosity from our EU lawmakers is to relax net neutrality laws so that large internet corporates can better snoop on and censor the European peoples


Link Here 18th May 2019

The internet technology known as deep packet inspection is currently illegal in Europe, but big telecom companies doing business in the European Union want to change that. They want deep packet inspection permitted as part of the new net neutrality rules currently under negotiation in the EU, but on Wednesday, a group of 45 privacy and internet freedom advocates and groups published an open letter warning against the change:

Dear Vice-President Andrus Ansip, (and others)

We are writing you in the context of the evaluation of Regulation (EU) 2015/2120 and the reform of the BEREC Guidelines on its implementation. Specifically, we are concerned because of the increased use of Deep Packet Inspection (DPI) technology by providers of internet access services (IAS). DPI is a technology that examines data packets that are transmitted in a given network beyond what would be necessary for the provision IAS by looking at specific content from the part of the user-defined payload of the transmission.

IAS providers are increasingly using DPI technology for the purpose of traffic management and the differentiated pricing of specific applications or services (e.g. zero-rating) as part of their product design. DPI allows IAS providers to identify and distinguish traffic in their networks in order to identify traffic of specific applications or services for the purpose such as billing them differently throttling or prioritising them over other traffic.

The undersigned would like to recall the concerning practice of examining domain names or the addresses (URLs) of visited websites and other internet resources. The evaluation of these types of data can reveal sensitive information about a user, such as preferred news publications, interest in specific health conditions, sexual preferences, or religious beliefs. URLs directly identify specific resources on the world wide web (e.g. a specific image, a specific article in an encyclopedia, a specific segment of a video stream, etc.) and give direct information on the content of a transmission.

A mapping of differential pricing products in the EEA conducted in 2018 identified 186 such products which potentially make use of DPI technology. Among those, several of these products by mobile operators with large market shares are confirmed to rely on DPI because their products offer providers of applications or services the option of identifying their traffic via criteria such as Domain names, SNI, URLs or DNS snooping.

Currently, the BEREC Guidelines3 clearly state that traffic management based on the monitoring of domain names and URLs (as implied by the phrase transport protocol layer payload) is not reasonable traffic management under the Regulation. However, this clear rule has been mostly ignored by IAS providers in their treatment of traffic.

The nature of DPI necessitates telecom expertise as well as expertise in data protection issues. Yet, we observe a lack of cooperation between national regulatory authorities for electronic communications and regulatory authorities for data protection on this issue, both in the decisions put forward on these products as well as cooperation on joint opinions on the question in general. For example, some regulators issue justifications of DPI based on the consent of the customer of the IAS provider which crucially ignores the clear ban of DPI in the BEREC Guidelines and the processing of the data of the other party communicating with the subscriber, which never gave consent.

Given the scale and sensitivity of the issue, we urge the Commission and BEREC to carefully consider the use of DPI technologies and their data protection impact in the ongoing reform of the net neutrality Regulation and the Guidelines. In addition, we recommend to the Commission and BEREC to explore an interpretation of the proportionality requirement included in Article 3, paragraph 3 of Regulation 2015/2120 in line with the data minimization principle established by the GDPR. Finally, we suggest to mandate the European Data Protection Board to produce guidelines on the use of DPI by IAS providers.

Best regards

European Digital Rights, Europe Electronic Frontier Foundation, International Council of European Professional Informatics Societies, Europe Article 19, International Chaos Computer Club e.V, Germany epicenter.works - for digital rights, Austria Austrian Computer Society (OCG), Austria Bits of Freedom, the Netherlands La Quadrature du Net, France ApTI, Romania Code4Romania, Romania IT-Pol, Denmark Homo Digitalis, Greece Hermes Center, Italy X-net, Spain Vrijschrift, the Netherlands Dataskydd.net, Sweden Electronic Frontier Norway (EFN), Norway Alternatif Bilisim (Alternative Informatics Association), Turkey Digitalcourage, Germany Fitug e.V., Germany Digitale Freiheit, Germany Deutsche Vereinigung f3cr Datenschutz e.V. (DVD), Germany Gesellschaft f3cr Informatik e.V. (GI), Germany LOAD e.V. - Verein f3cr liberale Netzpolitik, Germany (And others)

 

 

Website blocking blocked...

House of Lords: Questions about DNS over HTTPS


Link Here 15th May 2019
At the moment when internet users want to view a page, they specify the page they want in the clear. ISPs can see the page requested and block it if the authorities don't like it. A new internet protocol has been launched that encrypts the specification of the page requested so that ISPs can't tell what page is being requested, so can't block it.

This new DNS Over HTTPS protocol is already available in Firefox which also provides an uncensored and encrypted DNS server. Users simply have to change the settings in about:config (being careful of the dragons of course)

Questions have been raised in the House of Lords about the impact on the UK's ability to censor the internet.

House of Lords, 14th May 2019, Internet Encryption Question

Baroness Thornton Shadow Spokesperson (Health) 2:53 pm, 14th May 2019

To ask Her Majesty 's Government what assessment they have made of the deployment of the Internet Engineering Task Force 's new " DNS over HTTPS " protocol and its implications for the blocking of content by internet service providers and the Internet Watch Foundation ; and what steps they intend to take in response.

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

My Lords, DCMS is working together with the National Cyber Security Centre to understand and resolve the implications of DNS over HTTPS , also referred to as DoH, for the blocking of content online. This involves liaising across government and engaging with industry at all levels, operators, internet service providers, browser providers and pan-industry organisations to understand rollout options and influence the way ahead. The rollout of DoH is a complex commercial and technical issue revolving around the global nature of the internet.

Baroness Thornton Shadow Spokesperson (Health)

My Lords, I thank the Minister for that Answer, and I apologise to the House for this somewhat geeky Question. This Question concerns the danger posed to existing internet safety mechanisms by an encryption protocol that, if implemented, would render useless the family filters in millions of homes and the ability to track down illegal content by organisations such as the Internet Watch Foundation . Does the Minister agree that there is a fundamental and very concerning lack of accountability when obscure technical groups, peopled largely by the employees of the big internet companies, take decisions that have major public policy implications with enormous consequences for all of us and the safety of our children? What engagement have the British Government had with the internet companies that are represented on the Internet Engineering Task Force about this matter?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

My Lords, I thank the noble Baroness for discussing this with me beforehand, which was very welcome. I agree that there may be serious consequences from DoH. The DoH protocol has been defined by the Internet Engineering Task Force . Where I do not agree with the noble Baroness is that this is not an obscure organisation; it has been the dominant internet technical standards organisation for 30-plus years and has attendants from civil society, academia and the UK Government as well as the industry. The proceedings are available online and are not restricted. It is important to know that DoH has not been rolled out yet and the picture in it is complex--there are pros to DoH as well as cons. We will continue to be part of these discussions; indeed, there was a meeting last week, convened by the NCSC , with DCMS and industry stakeholders present.

Lord Clement-Jones Liberal Democrat Lords Spokesperson (Digital)

My Lords, the noble Baroness has raised a very important issue, and it sounds from the Minister 's Answer as though the Government are somewhat behind the curve on this. When did Ministers actually get to hear about the new encrypted DoH protocol? Does it not risk blowing a very large hole in the Government's online safety strategy set out in the White Paper ?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

As I said to the noble Baroness, the Government attend the IETF . The protocol was discussed from October 2017 to October 2018, so it was during that process. As far as the online harms White Paper is concerned, the technology will potentially cause changes in enforcement by online companies, but of course it does not change the duty of care in any way. We will have to look at the alternatives to some of the most dramatic forms of enforcement, which are DNS blocking.

Lord Stevenson of Balmacara Opposition Whip (Lords)

My Lords, if there is obscurity, it is probably in the use of the technology itself and the terminology that we have to use--DoH and the other protocols that have been referred to are complicated. At heart, there are two issues at stake, are there not? The first is that the intentions of DoH, as the Minister said, are quite helpful in terms of protecting identity, and we do not want to lose that. On the other hand, it makes it difficult, as has been said, to see how the Government can continue with their current plan. We support the Digital Economy Act approach to age-appropriate design, and we hope that that will not be affected. We also think that the soon to be legislated for--we hope--duty of care on all companies to protect users of their services will help. I note that the Minister says in his recent letter that there is a requirement on the Secretary of State to carry out a review of the impact and effectiveness of the regulatory framework included in the DEA within the next 12 to 18 months. Can he confirm that the issue of DoH will be included?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

Clearly, DoH is on the agenda at DCMS and will be included everywhere it is relevant. On the consideration of enforcement--as I said before, it may require changes to potential enforcement mechanisms--we are aware that there are other enforcement mechanisms. It is not true to say that you cannot block sites; it makes it more difficult, and you have to do it in a different way.

The Countess of Mar Deputy Chairman of Committees, Deputy Speaker (Lords)

My Lords, for the uninitiated, can the noble Lord tell us what DoH means --very briefly, please?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

It is not possible to do so very briefly. It means that, when you send a request to a server and you have to work out which server you are going to by finding out the IP address, the message is encrypted so that the intervening servers are not able to look at what is in the message. It encrypts the message that is sent to the servers. What that means is that, whereas previously every server along the route could see what was in the message, now only the browser will have the ability to look at it, and that will put more power in the hands of the browsers.

Lord West of Spithead Labour

My Lords, I thought I understood this subject until the Minister explained it a minute ago. This is a very serious issue. I was unclear from his answer: is this going to be addressed in the White Paper ? Will the new officer who is being appointed have the ability to look at this issue when the White Paper comes out?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

It is not something that the White Paper per se can look at, because it is not within the purview of the Government. The protocol is designed by the IETF , which is not a government body; it is a standards body, so to that extent it is not possible. Obviously, however, when it comes to regulating and the powers that the regulator can use, the White Paper is consulting precisely on those matters, which include DNS blocking, so it can be considered in the consultation.

 

 

Offsite Article: Amazon is too big to block...unless...


Link Here 10th May 2019
Amazon Web Services backtrack on a technical cloud access change that would have removed a method of eluding state internet censorship

See article from theregister.co.uk

 

 

Offsite Article: DNS over HTTPS...


Link Here 12th April 2019
A new internet technology will make it more difficult for ISPs to block websites

See article from ispreview.co.uk

 

 

Feeding your face...

Facebook to explain to users why articles have been selected for their timelines


Link Here 1st April 2019
Facebook is set to begin telling its users why posts appear in their news feeds, presumably in response to government concerns over its influence over billions of people's reading habits.

The social network will today introduce a button on each post revealing why users are seeing it, including factors such as whether they have interacted often with the person who made the post or whether it is popular with other users.

It comes as part of a wider effort to make Facebook's systems more transparent and secure in advance of the EU elections in May and attempts by European and American politicians to regulate social media. John Hegeman, Facebook's vice president of news feed, told the Telegraph:

We hear from people frequently that they don't know how the news feed algorithm works, why things show up where they do, as well as how their data is used, This is a step towards addressing that.

We haven't done as much as we could do to explain to people how the products work and help them access this information... I can't blame people for being a little bit uncertain or suspicious.

We recognise how important the platform that Facebook has become now is in the world, and that means we have a responsibility to ensure that people who use it have a good experience and that it can't be used in ways that are harmful.

We are making decisions that are really important, and so we are trying to be more and more transparent... we want the external world to be able to hold us accountable.

 

 

Offsite Article: Porn apps unbanned...


Link Here 19th February 2019
YouPorn introduces progressive web apps that are mobile websites that work pretty much like native apps

See article from venturebeat.com

 

 

Tech News

2019

2008   2009   2010   2011   2012   2013   2014   2015   2016   2017   2018   2019   Latest