Latest articles in ‘Privacy’

  1. What is web users tracking and why (and how) you should care

    Published: Mon 21 May 2018 in Cookbook.

    For a lot of people, web users tracking remains something quite abstract, vaguely related to the ads displayed on websites, ads seemingly necessary to help the websites authors to make the website survive. They often also know that these ads often revolve around their centers of interests, like a seller in a shop where you have your habits and advising you on the products most suited to your tastes.

    But all this is just the tip of the iceberg of a poorly legislated and controlled multi-billion dollars industry, in which advertisement is not the goal anymore but just a mean among others to make money.

    The product is not what the ads try to sell you anymore, the product is you.

    In this article, I try to uncover an industry crafted around the question how to extract as much information as possible from people’s lives and make profit out …

  2. RSA key lengths, elliptic curve cryptography and quantum computing

    Published: Thu 14 December 2017 in Opinions.
    Are RSA keys over 2048 bits overkill? Are elliptic curve the future of cryptography? Is quantum computing a real threat and what is its exact impact?

    Some tools, like PGP, are still stuck1 to legacy cryptography, mainly the RSA algorithm. For such tools, RSA-2048 is often described as strong enough for any foreseeable future, anything above being overkill The GnuPG official documentation in particular even goes this far as considering that using RSA-3027 or RSA-4096 constitutes “an improvement so marginal that it’s really not worth mentioning”, adding that “the way to go would be to switch to elliptical curve cryptography”.

    The assertion that this improvement is “marginal” is debatable, as is the trust in the elliptical curves to protect us in the future.

    Longer RSA keys

    While the NIST considers RSA-2048 to be safe for commercial use up to 2030, it still advises the use of at least a RSA-3072 key for beyond (see BlueKrypt’s Keylength website to get an overview of various recommendations).

    Read quickly, such recommendation …

  3. NSA and Microsoft, toward a tighter “collaborative teamwork”?

    Published: Tue 16 May 2017 in Opinions.
    An history of forced love and denial between the National "Security" Agency and large corporations.

    This article is somewhat a sequel of my thoughts about the Wannacry case.

    The NSA relies on a large database of undisclosed and unfixed software vulnerabilities database to allow them to hack their way into any system either deemed hostile or useful for their intelligence gathering. As explained by explained by the former NSA director Michael Hayden:

    If the agency thinks that no one else will be able to exploit a vulnerability, it leaves the problem unfixed to aid in its own spying efforts.

    It is only if the NSA estimates that the exploit may be known to someone else, and therefore represents a potential risk to the US safety, that they will inform the vendor for the vulnerability to get fixed.

    It may happen that sometime this process gets a hiccup, with a vendor interfering with NSA activity like it most probably happened to Microsoft with the MS08-067 …

  4. How to block laptops and cellphones microphones from spying you?

    Published: Mon 18 July 2016 in Cookbook.
    Various ways to prevent your mobile devices microphones to be used as roving bugs.

    In State of surveillance, Edward Snowden explains the real danger behind cellphones spying, notably the fact that such form of spying provides access to information you precautiously never stored in any electronical device.

    It also demonstrate how to take appart and remove the camera and the microphone from a cellphone. Is going this far really necessary? Are there any revesible or more convenient ways?

    While IMHO using some black electrical duct-tape should be enough to blind a camera in most situations, things gets more complicated with the microphone but we still have several possibilities.

    Physical destruction / removal

    The most well-known and most effective solution is to physically destruct (drill) or remove (desolder) the microphone: no microphone anymore, no malicious way to use it. An external microphone can then be plugged whenever required (earphones for instance in the case of cellphones).

    Be aware however that certain devices (in particular cellphones and …

  5. Prevention measures against laptop seizure by the customs.

    Published: Mon 11 May 2015 in Cookbook.
    Steps to mitigate the risk of data theft and backdoor installation upon device seizure.

    The ANSSI, French government service in charge of IT security, has published a document (in French) providing brief advice to people having to travel abroad.

    The ANSSI advices concerning preparation before travel are as follow:

    1. Review the applicable company policy,
    2. Review destination country applicable laws,
    3. Prefer to use devices dedicated to travel (computers, smartphones, external storage etc.) and not containing any data not strictly needed for the mission,
    4. Backup all of your data before leaving and keep the backup in a safe place,
    5. Avoid taking any sensitive data at all, prefer to use a VPN (or a specially set up secured mailbox where all data will be deleted after retrieval) to retrieve the data securely (this is one of the most on-topic pieces of advice, since this one prevents any sensitive data from being present on the computer when crossing the border),
    6. Use a screen filter to avoid shoulder surfing …

Popular tags see all