Autonomía digital y tecnológica

Código e ideas para una internet distribuida

Linkoteca. privacidad

Le passe sanitaire est la traduction d’évolutions techniques qui pourraient supprimer ces anciennes limites et permettre à cette forme de répression de s’appliquer à l’ensemble de la population, pour une très large diversité de lieux et d’activités.

Elle permet notamment de confier à des dizaines de milliers de personnes non-formées et non-payées par l’État (mais simplement munies d’un smartphone) la mission de contrôler l’ensemble de la population à l’entrée d’innombrables lieux publics, et ce, à un coût extrêmement faible pour l’État puisque l’essentiel de l’infrastructure (les téléphones) a déjà été financée de manière privée par les personnes chargées du contrôle.

Désormais, et soudainement, l’État a les moyens matériels pour réguler l’espace public dans des proportions presque totales.

Ce parallèle nous permet d’apporter une précision importante : qu’il s’agisse du passe sanitaire ou de la détection automatique des comportements « anormaux », ces systèmes ne nécessitent pas forcément un contrôle d’identité. Le logiciel d’imagerie qui signale votre comportement « anormal » se moque bien de connaître votre nom. De même, en théorie, le passe sanitaire aussi pourrait fonctionner sans contenir votre nom – c’est d’ailleurs ce que prévoyait la loi initiale sur la sortie de crise ou, plus inquiétant, ce que proposent désormais certaines entreprises en se fondant non plus sur le nom mais le visage. Dans ces situations, tout ce qui compte pour l’État est de diriger nos corps dans l’espace afin de renvoyer aux marges celles et ceux qui – peu importe leurs noms – ne se conforment pas à ses exigences.

Même dans son format le plus sophistiqué, l’efficacité du passe sur le plan sanitaire resterait toujours à démontrer – il demeure de nombreuses incertitudes, que ce soit sur la valeur des tests au bout de 72 heures, sur le taux de transmission même une fois vacciné, sur le cas des nouveaux variants, sur l’efficacité de la contrainte pour inciter la population à se faire vacciner, ou sur la durée de validité à retenir pour les tests de dépistage.

The Cybersecurity Tech Accord promotes a safer online world by fostering collaboration among global technology companies committed to protecting their customers and users and helping them defend against malicious threats.

Signatories are committed to advancing the mission of the Cybersecurity Tech Accord by partnering on initiatives that improve the security, stability and resilience of cyberspace. By combining the resources and expertise of the global technology industry, the Cybersecurity Tech Accord creates a starting point for dialogue, discovery and decisive action.

¿Qué medidas tomas al navegar por internet?. ¿Te proteges contra scripts como javascript y otros, contra la publicidad, el rastreo y el fingerprinting o evitar en lo posible tu huella digital?. ¿Qué navegadores usas en tu ordenador?, ¿usas extensiones en los mismos?

Desde hace años uso Firefox compilado con unos cuantos arreglos. No suelo bloquear demasiado mediante extensiones y sí mediante firewall y el famoso /etc/hosts con miles de dominios y subdominios.

I’ve managed to cobble together a device that is not only dirt cheap for what it does, but is extremely capable in its own right. If you have any interest in building your own home router, I’ll demonstrate here that doing so is not only feasible, but relatively easy to do and offers a huge amount of utility – from traffic shaping, to netflow monitoring, to dynamic DNS.

I built it using the espressobin, Arch Linux Arm, and Shorewall.

The Linksys WRT3200ACM has Tri-Stream 160 technology that doubles bandwidth to help maintain speed better than most dual-band routers. Additional features such as MU-MIMO technology helps each device stay connected to the network at the fastest possible speed without interfering with the performance of other devices.

Linksys’ Smart Wi-Fi smartphone app also lets you manage and monitor your network from anywhere at any given time, but it’s the open-source aspect that really shines for security-focused router buyers, since you can easily use “packages” from trustworthy open source distributions such as OpenWRT or DD-WRT and establish a secure VPN, monitor and analyze network traffic or detect network intrusions instantaneously. Since the firmware packages are all open source, that also means that they’ve been extensively “peer-reviewed” by security experts, making them much more likely to be free of vulnerabilities that hackers can exploit.

SPs (Internet Service Providers) generally offer DNS services to their customers, so when you don’t set up DNS servers on your computer or router, your DNS queries will run on your ISPs DNS servers. Using the default ISP DNS servers can result in certain problems while browsing the Internet:

Issues can happen with DNS requests themselves; most of the time they’re unencrypted and this leaves room for different types of DNS attacks.

Al instalar la aplicación, la misma solicita permisos para acceder al micrófono y al sistema de geolocalización. De esta manera, cuando el usuario está en un lugar público, como puede ser un bar o un café, el micrófono del teléfono móvil se activa y es utilizado para analizar el sonido ambiente del entorno, el cual es contrastado con la base de datos para determinar si el audio corresponde a un partido cuyos derechos de reproducción son propiedad de LaLiga. Además del micrófono, la aplicación utiliza el sistema de geolocalización del equipo para ubicar el local desde el que se retransmite el partido y comprobar si se trata de un cliente. En caso de que no lo sea y que la emisión del partido sea ilegal, la entidad propietaria de los derechos de reproducción de los partidos ha llegado a enviar inspectores a los bares para comprobar que sean abonados.

The PinePhone is a smartphone, developed by computer manufacturer Pine64, intended for allowing the user to have full control over the device. Measures to ensure this are running mainline Linux based mobile operating systems, assembling the phone with screws, so that it can be easily disassembled for repairs and upgrades[4], and including six kill switches / security switches for its hardware, which are accessible by removing the back cover of the phone.

Captura de pantalla de

Run your own cloud with email, calendar, storage and many other services in-house easily and get out of locked-in SaaS services to your own self hosted cloud.

IUVIA is a commercial hardware device and OS architecture that privacy-centric projects can use as a distribution ecosystem, and activists and other privacy-concerned individuals can use to access all the different features they need or that currently seek from cloud services.

There are a number of suggestions for the technical implementation of this concept. These proposals range from dystopian systems of full surveillance to targeted, completely anonymous methods of alerting potentially infected persons without knowledge of the specific person.

In principle, the concept of a «Corona App» involves an enormous risk due to the contact and health data that may be collected. At the same time, there is a chance for «privacy-by-design» concepts and technologies that have been developed by the crypto and privacy community over the last decades. With the help of these technologies, it is possible to unfold the epidemilogical potential of contact tracing without creating a privacy disaster. For this reason alone, all concepts that violate or even endanger privacy must be strictly rejected.

Solid, an open-source project to restore the power and agency of individuals on the web.

Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we’ve all discovered, this hasn’t been in our best interests. Solid is how we evolve the web in order to restore balance – by giving every one of us complete control over data, personal or not, in a revolutionary way.

Solid is a platform, built using the existing web. It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time.

In 2009, I said, “The web as I envisaged it we have not seen yet.” That was because people were using the web just for documents, not for the data of a big web-wide computer. Since then, we have seen a wave of open data, but not of read-write data. For example, much open government data is produced through a one-way pipeline, so we can only view it. With Solid, it becomes a read-write web where users can interact and innovate, collaborate and share.

Surveillance on news websites is particularly problematic because the news you consume may reveal your political leanings or health interests — information that is not just exploited by corporations to sell you things, but could also be abused by governments. And because news organizations benefit from the surveillance economy by running advertisements targeted to reader interests, they may be less likely to report on their own tracking practices.

The Times’s privacy policy does not disclose the vast majority of tracking companies (including BlueKai) on its site, requires users to accept cookies to fully use the site and explicitly states that The Times ignores the “do not track” browser setting.

Worse, only 10 percent of these outside parties are disclosed in privacy policies of the news sites we studied, meaning even diligent readers will never learn who collects their data. From a privacy perspective, news websites are among the worst on the web.

The result is that as online advertising networks become more highly centralized, the old model of a independently managed and free press is being replaced by one where giant technology companies control user data and the purse strings.

Users are tracked online by a multitude of companies in order to build detailed records of individual browsing behaviors, often without consent. Many website operators are unaware of the user data they collect, and more importantly, the third parties who collect data on visitors to their sites.

Identifying data leaks and locating inadequate privacy policies which govern this type of data collection is critical in the context of new international regulations governing data protection.

“Sueño con un mundo en el que cada uno tenga sus datos encriptados antes de subirlos a la red. Ahora mismo, la situación es que todo el mundo da sus datos sin recibir nada a cambio. Y los damos para todo. Le preguntamos a Siri por la recomendación de un restaurante para comer, para cualquier cosa. Creo que debería haber, y Microsoft lo ha planteado en ocasiones, un mercado de datos que la gente pudiera decidir si quiere dar sus datos y a cambio pudiera recibir un tipo de compensación”, explica. “Ahora en la inteligencia artificial se utilizan muchos algoritmos con múltiples propósitos, como el reconocimiento de caras, recomendaciones de libros, imágenes médicas y tratamientos… Pero hay un problema de privacidad porque si subes todos tus datos biológicos a la nube no sabes quién y cómo puede utilizarlos”

Fue fundadora de Women in Numbers, un exitoso colectivo para trabajar en red que se ha extendido a otros campos como el de las biomatemáticas, Lauter sostiene que la sociedad debería apoyar más a las mujeres.

Do you hate your Internet Service Provider? Do you hate your Email Provider?

We’ll help you send them a GDPR Data Access Request designed to waste as much of their time as possible. They are legally required to respond to your request within 30 days!

It’s been a few years since this kind of argument has come up, but it’s one that we’ve had to swat down a few times in the past: it’s the argument that somehow if a company offers a service for free, it means that they’ll absolutely snarf up all your data, and that requiring services be paid for directly by users somehow would fix that.

Of course, it seems rather easy to point out why that’s wrong with two examples. First we pay for other services such as our broadband and mobile data providers and they are so much worse on the privacy front, it’s not even remotely comparable. It’s not as if magically paying for the service has stopped AT&T or Verizon from being horrific on the privacy front. The snarfing up of data doesn’t go away if you pay for services.

Second, there are businesses that have been built on giving away free tools without having to snarf up your data. Indeed, that’s actually how Google succeeded for much of its early history. It didn’t need to know everything about you. It just needed to know what you were searching for. And that was massively successful. It’s true that, over time, Google has moved away from that, but others (like DuckDuckGo) have stepped into that space as well.

está la aproximación íntima y personal a la gestión de las claves, en contraposición a la aproximación colectiva o comunal. He visto a varios colectivos compartir la contraseña de una cuenta de correo electrónico, Facebook, o Twitter, que son del colectivo y se gestionan de forma grupal. Obviamente no es la mejor forma de gestionar y resguardar la información de nuestro colectivo, pero es valioso recordar que en grupos militantes de gran parte del sur global seguramente lo «privado» se entiende de forma diferente que en el norte, y las más de las veces cruza lo personal y llega a lo colectivo.

Si hablamos de cuentas de correo electrónico es fácil decir: pues hay que usar una lista de correos en vez. Pero se complica si hablamos de plataformas como Twitter que no están diseñadas para las colectividades, al contrario, fomentan el individualismo y el «leadership» informativo.

Otro punto interesante es que tenemos que plantearnos radicalmente cómo es que hacemos las capacitaciones. No se trata de enseñar herramientas, asumiendo demasiado rápido dónde están los problemas. Varios procesos de aprendizaje tienden a fracasar porque son como la misa cristiana: todas hacemos reconocimiento de culpa y en la euforia del momento prometemos mejorar, y luego hacemos unas claves GPG larguísimas y super buenas pero que acaban inservibles porque a los tres meses de no usarlas nos las olvidamos

Es como lo de la mooncup: no porque nos digan que es lo mejor tiene necesariamente que resultarnos fácil, ni cómodo.

Por ahora, esa idea: afirmar nuestro derecho a la intimidad, también en la red. Y de poner una llave del tamaño que queramos, aunque luego, en casa, la pongamos bajo la alfombra porque así nos viene en gana.

A January investigation by the site Top10VPN found that more than half of the top 20 free VPN apps on the iOS and Android app stores either have Chinese ownership or are based in China. That’s all the more suspicious given that China officially banned VPNs last year. The concern: If China is allowing them to continue operating, it could be because they’re sharing data on their users with the Chinese government. When you use a VPN, you’re trusting that VPN with the same deep level of access to your online activity that you’d normally give your ISP. In other words, now they can see what you’re up to whenever you’re using the internet. VPNs may be more privacy-focused than big, corporate ISPs, but they’re also smaller, more opaque, and less publicly accountable.

…la CNIL vient de sanctionner Google à hauteur de 50 millions d’euros, considérant que le ciblage publicitaire qu’il réalise sur son système d’exploitation Android n’est pas conforme au règlement général pour la protection des données (RGPD), la nouvelle loi européenne entrée en application le 25 mai 2018. Cependant, cette sanction n’est qu’une toute première partie de la réponse à notre plainte contre Google, qui dénonçait surtout le ciblage publicitaire imposé sur Youtube, Gmail et Google Search en violation de notre consentement.

Amazon has launched a new service that uses machine learning to extract key data from patient records and can potentially help healthcare providers and researchers save money, make treatment decisions, and manage clinical trials. The company announced the service, called Amazon Comprehend Medical

Amazon’s other recent forays into healthcare include paying almost $1 billion to acquire online prescription service PillPack

It joins other large tech companies that are increasingly focused on healthcare. For example, earlier this year Apple launched a feature that lets customers view their hospital medical records on their iPhones, while Google recently hired former Geisinger CEO David Feinberg to unify and lead the healthcare initiatives across its businesses, including search, Google Brain, Google Fit, and Nest.

Of course, the uploading of medical records to the cloud for machine-learning analysis might questions from patients about how Comprehend Medical will ensure their privacy. Amazon says patient data is encrypted and can only be unlocked by customers who have a key, and that no data processed will be stored or used for training its algorithms. Comprehend Medical complies with the Health Insurance Portability and Accountability Act (HIPAA).

La modificación más relevante es la que hace que se deje de dar visibilidad a los contenidos que están a punto de violar las condiciones de uso de Facebook. Es decir, las publicaciones que se acercan a las líneas rojas marcadas por la red sobre desinformación, violencia, incitación al odio, clickbait y amenazas; incluso aunque no hayan violado estas condiciones de forma estricta.

Google is reportedly working on an A.I.-based health and wellness coach.

Thanks to its spectrum of hardware products, Google would have a notable advantage over existing wellness coaching apps. While its coach, as reported, would primarily exist on smartwatches to start, Android Police noted that the company could include a smartphone counterpart as well. The company could also eventually spread it to Google Home or Android TV. The latter is unchartered territory for these kinds of apps, which are typically limited to smartphones and wearables. With availability in the home, lifestyle coaching recommendations could become increasingly contextual and less obtrusive. If you ask for a chicken parmesan dinner recipe, it could offer a healthier alternative instead; or if you’re streaming music at 10 p.m. and have set a goal to get more sleep, perhaps it could interrupt your music playback to remind you start getting ready for bed. A smartwatch or phone could do this too, of course, but by linking up its product ecosystem, Google could deliver helpful notifications in the context that makes the most sense.

Confidential Mode will push users further into Google’s own walled garden while giving them what we believe are misleading assurances of privacy and security.

It’s important to note at the outset that because Confidential Mode emails are not end-to-end encrypted, Google can see the contents of your messages and has the technical capability to store them indefinitely, regardless of any “expiration date” you set. In other words, Confidential Mode provides zero confidentiality with regard to Google.

But that’s only the beginning of the problems with Gmail’s new built-in IRM. Indeed, the security properties of the system depend not on the tech, but instead on a Clinton-era copyright statute. Under Section 1201 of the 1998 Digital Millennium Copyright Act (“DMCA 1201”), making a commercial product that bypasses IRM is a potential felony, carrying a five-year prison sentence and a $500,000 fine for a first offense. DMCA 1201 is so broad and sloppily drafted that just revealing defects in Google IRM could land you in court.

We believe that using the term “Confidential Mode” for a feature that doesn’t provide confidentiality as that term is understood in infosec is misleading.

Un cliente de mensajería que no depende de servidores centralizados, usa la red Tor para ofrecer comunicaciones cifradas de extremo a extremo y es de código abierto.

A diferencia de las aplicaciones de mensajería tradicionales, Briar no depende de un servidor central – los mensajes se sincronizan directamente entre los dispositivos de los usuarios. Los mensajes se envían a través de la red Tor, protegiendo a los usuarios y en caso de que Internet no funcione, puede sincronizarse vía Bluetooth o Wi-Fi.

Su sistema para añadir contactos tampoco es convencional ya que, se genera un código que la persona a añadir debe escanear con su dispositivo móvil. De esta forma se busca que haya un encuentro físico entre el usuario y el futuro contacto. La lista de contacto se cifra y se almacena localmente en cada dispositivo.

Logo Fuck off Google

Search results without being spyed on.

Results are obtained -via proxy- from Google, Yahoo, Bing, etc. to ensure you will not disclose any personal or behavioural data to these companies. These results are «neutral» ie. not influenced by your profile (you are out of the «filter bubble» designed to serve you ads you are more likely to click…).

Sidewalk Labs says the sensor information would also support long-term planning. The data would fuel a virtual model of Quayside, which urban planners could use to test infrastructure changes quickly, at low cost, and without bothering residents. It could also be stored in a shared repository that entrepreneurs and companies could draw on to make their own products and services for Quayside.

Unsurprisingly for a company spawned, in part, by technologists, Sidewalk thinks of smart cities as being rather like smartphones. It sees itself as a platform provider responsible for offering basic tools (from software that identifies available parking spots to location-based services monitoring the exact position of delivery robots), much as Google does with its smartphone operating system, Android. Details are still under discussion, but Sidewalk plans to let third parties access the data and technologies, just as developers can use Google’s and Apple’s software tools to craft apps.

Though Sidewalk Labs says the data would be used for a community purpose, such as giving transit discounts to low-income residents, regulating building temperatures, and keeping trash cans from overflowing, not everyone is convinced. “There are definitely questions about whether Sidewalk Labs will try to make money by tracking people’s daily interactions,” says David Roberts, who studies cities at the University of Toronto. “What data will be collected, how personal will it be, how will it be used, and who will have access to it?”

…vos signets, vos courriels, vos contacts, vos fichiers sur Google Drive, toutes les informations citées ci-dessus, vos vidéos YouTube, les photos que vous avez prises sur votre téléphone, les produits que vous avez achetés en passant par Google et les sociétés qui vous les ont vendus…

La société détient également les informations de votre calendrier, vos hangouts Google, l’historique de vos déplacements, la musique que vous écoutez, les Google books que vous avez achetés, les groupes Google dont vous faites partie, les sites Internet que vous avez créés, les téléphones que vous avez eus, les pages que vous avez partagées, combien de pas vous faites par jour…

I understand this reaction, but it’s also an unfair one: Deleting Facebook is privilege. The company has become so good at the many things it does that for lots of people, leaving the service would be a self-harming act. And they deserve better from it, too. Which is why the initial answer to Facebook’s failings shouldn’t be to flee Facebook. We need to demand a better Facebook.

Unlike broadcast television and radio, which are also free for the price of having to endure ads, on Facebook you can’t change the channel. If you leave Facebook—which is where your friends, scene, and community already is—you’re alone, because for many people, Facebook is becoming the internet and the internet is becoming Facebook.

Facebook, for all its problems, has become a necessary part of life for people, one that they can’t afford to shed, personally or professionally.

And in countries with lower internet adoption, Facebook is often people’s foray onto the whole internet. Facebook’s Free Basics program is operating in 63 countries and municipalities across Africa, Asia, and Latin America—and with that, people get free access to Facebook and a small handful of websites that partner with Facebook, though they can’t access other sites or email. For those users, Facebook is, in a sense, the whole internet.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

The section of Google’s privacy policy that covers location sharing says the company will collect location information from devices that use its services, but does not indicate whether it will collect data from Android devices when location services are disabled

« Si c’est gratuit, c’est vous le produit ! » En lançant le premier forfait de téléphonie mobile entièrement financé par la publicité, l’opérateur français Prixtel adapte un modèle économique bien installé et sans cesse en progression dans le paysage du Web : un modèle qui, au premier abord, semble gratuit.

« Si vous êtes le produit, alors ce n’est pas gratuit car l’utilisation du service n’est pas sans contrepartie : vous acceptez l’utilisation de vos données personnelles, vous acceptez des contrats d’utilisation léonins qui font de vous une main-d’oeuvre sans droit ni titre, vous acceptez d’être pisté, tracé, traqué pour que le client final, généralement une régie publicitaire, sache tout de vous pour mieux vous cibler…

Le réseau social est à nouveau montré du doigt après la découverte de l’utilisation de données personnelles de plusieurs millions d’utilisateurs, par une entreprise d’analyse liée à la campagne présidentielle de Donald Trump.

L’affaire Cambridge Analytica tourne autour d’une application, nommée «thisisyourdigitallife» (littéralement «cestvotrevienumérique») et accessible via le réseau social, jusqu’à sa suppression en 2015.

Derrière cette façade, présentée comme «une application de recherche utilisée par les psychologues», un système bien plus complexe. Non seulement les 270 000 personnes ayant utilisé l’application ont fourni des informations volontairement sur eux-mêmes, mais ils en ont aussi fourni d’autres de manière bien moins consciente (l’application avait accès aux contenus qu’ils avaient «aimé» sur le réseau social ou à leur ville actuelle).

Pire, ils ont aussi permis à l’application d’accéder aux données des contacts de ces personnes sur Facebook. Un effet boule de neige qui rend difficile d’évaluer l’ampleur de cette collecte : entre 30 millions (pour le New York Times) et 50 millions (selon le Guardian) de personnes. Des données récupérées par une première société (SCL) puis une seconde (Cambridge Analytica).