Kev

Kev

HomeArchives

Common Threats

#隐私#安全85
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This passage discusses the need for extreme anonymity and security for whistleblowers and journalists. It emphasizes the importance of both security and privacy, as well as the potential risks of using certain software or services. It suggests using different security measures, such as using separate computers for different tasks or using secure operating systems with application sandboxing and access control. The passage also mentions the differences in security between mobile and desktop operating systems and suggests using specialized distributions like Qubes OS to mitigate vulnerabilities. It discusses targeted attacks as a potential threat and provides strategies to mitigate these threats. It also highlights the risks of service providers accessing private messages and interactions stored on their servers. The passage discusses the use of end-to-end encryption to protect communication, but warns about the potential vulnerabilities of web-based implementations. It mentions the analysis of metadata by service providers and the risks of mass surveillance programs. It explains surveillance capitalism and provides strategies to limit online tracking. The passage also addresses online censorship and suggests using technologies like Tor to evade censorship, while cautioning about the potential risks involved.

In a broad sense, we classify our recommendations as threats or goals that apply to most people. You may not be concerned about any, one, several, or all of these possibilities, and the tools and services you use depend on your goals. You may also encounter specific threats outside of these categories, which is great! The important part is understanding the advantages and disadvantages of the tools you choose to use, as there is no one tool that can protect you from all threats.

  • Anonymity - Protect your online activities from being associated with your real identity and protect yourself from those who try to expose your identity.
  • Targeted attacks - Protect yourself from hackers or other malicious actors who specifically target your data or devices.
  • Passive attacks - Protect yourself from malware, data breaches, and other attacks that target multiple people at the same time.
  • Service providers - Protect your data from being influenced by service providers (e.g. using E2EE, which prevents servers from reading your data).
  • Mass surveillance - Prevent government agencies, organizations, websites, and services from collectively tracking your activities.
  • Surveillance Capitalism - Protect yourself from large advertising networks (such as Google and Facebook) and countless other third-party data collectors.
  • Public exposure - Limit the information about you that is accessible online - search engines or the public.
  • Censorship - Avoid censorship of information or self-censorship when speaking online.

Depending on your specific concerns, some threats may be more important to you than others. For example, software developers with access to valuable or critical data may primarily be concerned with targeted attacks, but they may still want to protect their personal data from mass surveillance. Similarly, many people may be primarily concerned with public exposure of their personal data, but they should still be vigilant about security-focused issues such as passive attacks, such as malware affecting their devices.

Anonymity and Privacy#

Anonymity

Anonymity is often confused with privacy, but they are different concepts. While privacy is a series of choices you make about how your data is used and shared, anonymity is the complete separation of your online activities from your real identity.

For example, whistleblowers and journalists may have a more extreme threat model that requires complete anonymity. This not only hides their actions, the data they possess, and protects them from malicious actors or government hackers, but also hides their complete identity. If this means protecting their anonymity, privacy, or security, they will often sacrifice any convenience because their lives may depend on it. Most people don't need to go that far.

Security and Privacy#

Passive attacks

Security and privacy are also often confused because you need security to achieve any semblance of privacy: if tools are easily exploited by attackers who later release your data, it is futile even if they are designed to be private. However, the reverse is not necessarily true: the most secure services in the world are not necessarily private. The best example is entrusting your data to Google, given its scale, Google protects its infrastructure by hiring industry-leading security experts and rarely experiences security incidents. While Google provides very secure services, few would consider their data private in Google's free consumer products (Gmail, YouTube, etc.).

In terms of application security, we often don't know (sometimes can't know) if the software we use is malware or may become malware one day. Even the most trusted developers often cannot guarantee that their software does not have serious vulnerabilities that may be exploited in the future.

To minimize the potential damage from malware, you should use compartmentalization for security. For example, this could manifest as using different computers for different work, using virtual machines to separate different related applications, or using security-focused operating systems with strong application sandboxing and mandatory access controls.

Tip
Mobile operating systems often have better application sandboxing than desktop operating systems: applications cannot gain root access and need permissions to access system resources.
Desktop operating systems often lag behind in proper sandboxing. ChromeOS has sandboxing capabilities similar to Android, while macOS has full system permission controls (developers can opt-in applications to join the sandbox). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends not to submit information to vendors, but it has poor protection against exploits and malicious applications. This can be mitigated by using specialized distributions that heavily utilize virtual machines or containers, such as Qubes OS.

Targeted Attacks#

Targeted attacks

Targeted attacks against specific individuals are more difficult to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If you are concerned about this, you should adopt more advanced threat mitigation strategies.

Tip
By design, web browsers, email clients, and office applications often run untrusted code that is sent to you by third parties. Running multiple virtual machines - separating these applications from the host system and from each other - is a technique that can be used to reduce the chances of vulnerabilities in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient ways to do this.

If you are concerned about physical attacks, you should use an operating system with secure boot implementations that have been verified, such as Android, iOS, macOS, or Windows (with TPM). You should also ensure that your drives are encrypted and that the operating system uses TPM or Secure Enclave/Element to limit attempts to input encryption passwords. You should avoid sharing your computer with people you do not trust, as most desktop operating systems do not encrypt data individually for each user.

Privacy from Service Providers#

Service providers

We live in a world where almost everything is connected to the internet. Our "private" messages, emails, and social interactions are often stored on servers somewhere. Typically, when you send a message to someone, the message is stored on a server and when your friend wants to read the message, the server displays it to them.

The obvious problem with this is that service providers (or hackers who compromise servers) can access your conversations at any time without you knowing. This applies to many common services, such as SMS messages, Telegram, and Discord.

Fortunately, end-to-end encryption (E2EE) can mitigate this issue by encrypting your communication between you and your intended recipient before it is sent to the server. Assuming the service provider cannot access the private keys of either party, the confidentiality of your messages can be guaranteed.

Web-based Encryption Considerations
In practice, the effectiveness of different E2EE implementations varies. Applications like Signal run locally on your device, and each copy of the application is the same across different installations. If a service provider were to introduce a backdoor in their application - attempting to steal your private keys - it could be detected later through reverse engineering.
On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's Web Vault, rely on servers dynamically providing JavaScript code to the browser to handle encryption. A malicious server could target you and send you malicious JavaScript code to steal your encryption keys (and it would be difficult to detect). Because servers can choose to provide different web clients to different people - even if you notice the attack - proving the provider's wrongdoing is very difficult.
Therefore, you should use native applications on the web client whenever possible.

Even with E2EE, service providers can still analyze you based on metadata, which is usually unprotected. While service providers cannot read your messages, they can still observe important things such as who you are talking to, the frequency of your messages to them, and the times you are typically active. Metadata protection is relatively rare, and if it is in your threat model, you should pay close attention to the technical documentation of the software you are using to see if there are any metadata minimization or protection measures.

Mass Surveillance Programs#

Mass surveillance

Mass surveillance is the complex task of monitoring the "behavior, many activities, or information" of an entire (or large part of) population.1 It often refers to government programs, such as those disclosed by Edward Snowden in 2013. However, it can also be conducted by companies on behalf of government agencies or proactively.

Surveillance Atlas
If you want to learn more about surveillance methods and how they are implemented in your city, you can also check out the Surveillance Atlas by the Electronic Frontier Foundation.
In France, you can check out the Technolopolice website maintained by the non-profit association La Quadrature du Net.

Governments often present mass surveillance programs as necessary means to combat terrorism and prevent crime. However, they infringe on human rights and are most commonly used to disproportionately target minority groups and dissenting voices, among others.

ACLU: The Privacy Lesson of 9/11: Mass Surveillance Isn't the Way Forward
Faced with government programs revealed by Edward Snowden, such as PRISM and Upstream, intelligence officials also admitted that the NSA has been secretly collecting the phone records of nearly every American for years - who is calling whom, when those calls are made, and how long they last. The National Security Agency collects this kind of information day in and day out, revealing extremely sensitive details about people's lives and associations, such as whether they call a priest, an abortion provider, an addiction counselor, or a suicide hotline.

Despite the increasing prevalence of mass surveillance in the United States, government findings suggest that programs like Section 215 have "no unique value" in preventing actual crimes or terrorist plots, and their efforts largely duplicate the FBI's own targeted surveillance programs.2

Online, you can be tracked in various ways:

  • Your IP address
  • Browser cookies
  • Data you submit to websites
  • Your browser or device fingerprint
  • Payment method associations

[This list is not exhaustive].

If you are concerned about mass surveillance programs, you can employ strategies such as compartmentalizing your online identities, blending in with other users, or minimizing the disclosure of identity information as much as possible.

Surveillance Capitalism
Surveillance capitalism is an economic system centered around the collection and commodification of personal data, with the core purpose of profit.3

For many people, tracking and surveillance by private companies is becoming increasingly concerning. Ubiquitous advertising networks, such as those operated by Google and Facebook, extend beyond the websites they control and track your behavior. Using content blockers or similar tools to limit network requests to their servers and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it cannot completely stop tracking).4

Additionally, even companies outside of the ad tech or tracking industry can share your information with data brokers (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You cannot automatically assume that your data is secure just because the service you use does not belong to the typical ad tech or tracking business model. The strongest protection against company data collection is to encrypt or obfuscate your data as much as possible, making it difficult for different providers to correlate data and build your profile.

Limiting Public Exposure#

Public exposure

The best way to keep data private is to not make it public in the first place. Deleting unnecessary information about yourself that you find online is the best first step you can take to restore privacy.

On websites where you share information, it is important to check the privacy settings of your account to limit the scope of data dissemination. For example, if there is an option, enable "private mode" on your account: this ensures that your account is not indexed by search engines and cannot be viewed without your permission.

If you have already submitted your real information to a website that should not have that information, consider using a strategy of false information, such as submitting fictional information related to that online identity. This makes it impossible to distinguish your real information from the false information.

Avoiding Censorship#

Censorship regimes

Actors including authoritarian governments, network administrators, and service providers can enforce online censorship and restrict access to information. These efforts to control communication and limit access to information are always incompatible with the human right to freedom of speech.5

As platforms like Twitter and Facebook succumb to public demand, market pressures, and government pressure, censorship on corporate platforms is becoming increasingly common. Government pressure can take the form of subtle requests to companies, such as the White House requesting the removal of provocative YouTube videos.

Those concerned about censorship threats can use technologies like Tor to bypass censorship and support censorship-resistant communication platforms like Matrix, which do not have centralized account authorities that can arbitrarily shut down accounts.

Tip
While evading censorship itself is relatively easy, hiding the fact that you are doing so can bring significant problems.
You should consider what aspects of the network your adversaries can observe and whether you can reasonably deny your actions. For example, using encrypted DNS can help you bypass basic DNS-based censorship systems, but it does not truly hide the content you are accessing from your ISP. VPNs or Tor can help hide the content you are accessing from network administrators, but they cannot hide the fact that you are using these networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you bypass firewalls that block common VPN protocols or Tor, but your evasion attempts can still be detected through techniques like probing or deep packet inspection.

You must always consider the risks, potential consequences, and the sophistication of your adversaries when attempting to bypass censorship regimes. You should carefully choose software and have contingency plans in case of any issues.
Translated from privacyguides

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.