Privacy, Government, Surveillance, and You.

Latest John Oliver is on facial recognition.

Ars Technica: To evade detection, hackers are requiring targets to complete CAPTCHAs

Microsoft security experts recently spotted a new variation in hacking designed to foil counter-detection. When you get a malicious email attachment purporting to be a file download, it may redirect you to a site containing a simulacrum of Google's CAPTCHA or reCAPTCHA service. While not genuine, this does work to prevent bots from accessing the files, thus preventing automated security tools from screening them to determine if they are malicious.

I've been seeing a rash of spam emails since the COVID-19 shutdown occurred, generally purporting to be banks or delivery services, and always asking me to click on an attachment.

Cross-posted from the Computer Thread, where someone was asking how to maintain their privacy even with a Facebook Account:

Demarquis' Privacy Primer:

Protonmail is a free, encrypted email service that does not require you to identify yourself to them. I've used them myself, so I can vouch for them.

You can also get an anonymous phone number I have used Google Voice myself.

As for Facebook, the reason that's tough to do is because they gather information about you from other people who have friended you or connected to you through their FB pages. So even if you yourself don't have an active FB account, they may very well have a file on you anyway. Lesson: if you don't want to be profiled, you not only have to remember to be careful who you share stuff with, but who is sharing stuff with you.

In the US, getting street addresses people lived at (or their phone numbers) is easy and cheap. You can get income information if they worked for a publicly funded agency, otherwise that should be no easy way to get it. HIPAA laws mandate that personal medical information should never be shared except between care-providers, and that only with the patient's permission (as I indicated, all this applies only to the US—I have no idea what privacy protections exist in other countries).

Of course, you can be profiled in various ways without anyone getting your data. Knowing what advertisements you click on and what you are interested in purchasing will allow someone to guess things about you (your income, age, race, family status, political affiliation, etc.) with a fair degree of accuracy.

And of course your internet provider is tracking you, the keywords you search for and the websites you visit, which is why many people only access the internet via TOR or a VPN (Protonmail provides a free one).

Note that we very frequently see Protonmail accounts as sources of abuse, because surprise surprise: when people think they aren't being tracked, they lose all sense of accountability.

Link?

This is personal experience. Every email address that anyone uses across the entire Internet goes into databases where its reputation is tracked. We use such a service at registration to catch abusers before they get the opportunity to use the site.

Protonmail accounts and VPN usage (which we also block at registration) are highly correlated, as are Protonmail accounts with high risk scores.

Really, though, it's GIFT in action. The perception of invulnerability afforded by the use of VPNs, "secure" email, anonymizers, etc., gives a sense of license to be an asshole. This is well documented. I would much rather each person be required to positively identify themselves online, albeit not necessarily make their identity known to all and sundry.

That way, for example, we could make a ban stick, and people would be much less likely to engage in abusive behavior because they would be at risk of their permanent public reputation being harmed.

Some allowance for people who live under oppressive regimes should be given, to be sure, but that should not be taken as a blanket license to be anonymous online.

Also, positive online identification would end spammers, hackers, and fraudsters, or at least make their work harder.

Edited to add: this doesn't mean that TV Tropes would know you're Avril Borgues of Lima, Peru. That's completely unnecessary. It does mean that we would have a unique token that would distinctly identify you as an individual, so if you make multiple accounts, we can link them together. I've thought this out.

Edited by Fighteer on Jun 25th 2020 at 9:00:17 AM

Lindsey Graham, Tom Cotton, and Marsha Blackburn are all cosponsoring a bill in the US Senate to outlaw end-to-end encryption due to criminal activity.

@Fighteer— that's fascinating. Are you saying that TV Tropes blocks protonmail accounts?

I would point out that my post back in the politics thread was in response to someone who does live in an oppressive regime, but, by definition, there would be no way for anyone to know that.

No, we don't block them. We check them against a third-party database that scores email addresses for reputation. Well, I exaggerate: we check email addresses on a discretionary basis. Primarily, this is to screen for "disposable" email accounts or ones that are fake, but we also frequently catch malicious accounts that use a normal service, like gmail.

Protonmail is just one of those triggers that makes me (I'm the primary screener) look up an address, especially if there are other red flags, like the IP being from certain countries or tripping certain other criteria.

Note that none of these concerns apply to reading a website. You can browse TV Tropes or any other site to your heart's content. But to contribute as an editor or poster, you must pass an initial screening to ensure you aren't a ban evader or spammer. VPNs and other forms of anonymization are red flags for us in this regard. As it says in our policy page, you may use a VPN after registering if you want to. That's not a concern.

Edited by Fighteer on Jun 25th 2020 at 1:04:54 PM

I see. I will caution you against the confirmation bias. My guess is that, in terms of absolute numbers, more gmail and other popular email services are used to facilitate trolling than protonmail accounts.

Basically, you want an unavoidable system for tracking people that would make Google and Facebook's practices seem lovely, and make it even easier for governments to spy on whatever any given person is doing? Introducing a single, centralised method of tracking someone is going to do that. It won't help to say it's anonymised, because somewhere along the way some service will need directly personally identifying information too.

What we unofficially have and are creeping towards, but made easier for enforcing rules, would be a privacy nightmare.

I think governments should also have limited access to the data. I'll admit that's the Step 2: ??? part of my plan — building an agency that can be trusted to manage all of this information yet is not under undue influence from any government.

I don't believe in the right to privacy in that you can refuse to be known by anyone. We've accepted that we need photo IDs and Social Security numbers (or the equivalent) to have adult lives in the "real world", but we continue to insist that the Internet be some bastion of anarchy. This is nonsense.

I believe in the right to privacy in that you can choose whom to share your data with. Right now you have basically none of that unless you go to extreme measures to conceal yourself. The only way to make it work is to have that data controlled by a centralized system whose integrity is unimpeachable. How we get that is the critical problem, but I firmly believe that it is the only way that you can ever count on your online presence being secure.

You are, of course, correct that more Gmail accounts would be malicious in absolute numbers, and we check plenty of those. The manual nature of this system is a serious problem and is something we will try to get corrected once the admins have more time to devote to development tasks.

Edited by Fighteer on Jun 25th 2020 at 5:13:08 AM

Yeah the problem is that such a database wouldn’t even be safe in the hands of a non-profit, and one would never have the money to build such a thing anyway.

The closest we’ve gotten to a universal internet ID has been Facebook, which can be used to log in to a lot of different sites I think, the problem is that that ID is controlled by Facebook.

In fact, Facebook's login system is exactly the model I was looking at. Google also has one, as does Microsoft (although mainly for Microsoft properties). Twitch is another example. Unify all those and place control over your data exclusively in the hands of the individual and you have something that can guarantee privacy.

Heck, I wouldn't even mind Facebook sharing my data if I profited by it somehow. Facebook seems to think my data belongs to it rather than to me. I'd accept being marketed to if I got royalties... and had a say in the matter.

Edited by Fighteer on Jun 25th 2020 at 5:20:04 AM

See, I only need a photo ID in real life if I need to prove who I am or that I'm an adult (which obviously becomes less common), and the only reason anyone needs anything to do with my National Insurance number is if monetary transactions are involved. I do not need to give out all the details of my identity to do most other things.

The distinct difference between collating this information centrally online and in real life is that the closest central authority for real life (a government) might have your important financial information, ID, and generally address, but they don't get every business and group in the country checking in to ask who you say you are and if you're allowed to do something, therefore building up a massive comprehensive list of everything you do or show interest in, and meaning that a fault anywhere might mean someone can get access to all of this—or simply malicious intent by requesting all information that is for some reason deemed "relevant".

It's pretty much analogous to saying that you should submit to a background check in order to join a book club. There's a point of overreach.

Honestly, it reminds me of the UK government's prior insistence on trying to have a central authority to do age checks to restrict access to adult material.

Because we really need a central blackmail repository.

Edited by RainehDaze on Jun 25th 2020 at 10:22:12 AM

Obviously, each individual entity drawing from or using this database could determine what level of access it requires. It's like how a grocery store doesn't need your name and address (unless you get one of those loyalty cards) but does need to collect payment, while a library definitely needs to know how to reach you to get its books back.

The transaction token generated by the central system would grant access only to the data you agree to provide the business, and only for as long as necessary to complete the transaction (plus some reasonable amount of time for storage).

The same general rules would apply to anyone seeking your information. A warrant would be required for anyone — private or government — to obtain any of your information without your permission, save that data that you have explicitly designated as public. We could go crazy with this: you could flag certain data useful to marketers as requiring royalty payments to access... it's kind of nuts what you could accomplish, really.

In combination with two- or three-factor authentication, identity theft would be a thing of the past. You wouldn't need a wallet full of identification cards. It goes on and on. Heck, I love Apple Pay (or Google Pay if you're an Android user) and am disappointed every time a business doesn't support it. I want all my cards to be loaded into an app that I can whip out whenever I need it. I can do that with travel documents and not have to worry about losing a boarding pass at the airport. It's revolutionary.

Edited to add: "Adult" material is a concern that I have. I'm thinking we may need some facility for extra-private transactions that you don't want anyone snooping on. Perhaps some sort of double-blind system could be used where people tracking your activity couldn't even know what sites you visited or businesses you patronized without a warrant or your explicit permission. Of course, most of my transactions with "adult" sites don't require that I log in, but if I want to pay them for something, I still need a credit card, and those can be traced through the servicer. I'm not exactly anonymous even now — someone wanting to know my porn preferences wouldn't have a terribly difficult time.

Edited by Fighteer on Jun 25th 2020 at 5:31:33 AM

Or we could expect the inevitable when you want to put a private entity in control of anything like this and it'll sell all information out to the highest bidder and be preferred by companies because it's better for them, and then governments will produce laws obliging any information to be handed over for the most trivial of reasons. The US Senate just received a bill to render end-to-end encryption illegal again; I'm not having any faith in companies.

Google Pay (which for some reason has been repeatedly dodgy with working for me, though I could probably turn it on again) and Apple Pay have a key difference: financial companies very much don't want to be defrauded, so the security considerations are actually high. Your personal data? Hah, no chance.

If you assume the worst of people, you'll always find reasons not to do something like this. I'm optimistic, but also realistic: it has no chance of happening as things stand today. However, what is happening is exactly the dystopian reality you are afraid of. It's already here and getting worse. Why not at least make an effort to fix it (that doesn't involve some anarchistic dream that will also never happen)?

Edited by Fighteer on Jun 25th 2020 at 5:34:39 AM

Well, let's consider the flaws to overcome here (taken from a long line of failed bizarre internet ventures and notions over time). The first one is that, whilst this would be an incredibly useful service in theory, someone has to run it, host it, make sure that (if it gets big) the systems can cope with the throughput (and all the extra security problems you introduce by distributing it to keep latency within acceptable bounds), deal with differing international privacy regulations and legal requirements... it will cost. A lot.

So, how are they going to make money? They could charge websites for it, but then nobody would want to implement its technologies as the obvious way to do that is a cost-per-transaction and that can easily scale faster than revenue. They could charge users, but then sites won't implement it because they've accidentally blocked off users and people don't want to pay more just to use the internet at all. So what does that leave? Monetising what you have. Which is data. Lots and lots of personal data.

It would just be guaranteeing all the dystopian problems whilst explicitly demanding that you use them.

Edited by RainehDaze on Jun 25th 2020 at 10:43:58 AM

You are correct in all of those, but I would consider funding the majority of it through government contributions appropriated from general taxes.

However, consider that businesses already pay substantial fees to gain access to credit card processing, fraud prevention, and other related services. If we roll all of that into one system, economies of scale could mean they pay less than they do now.

I'm not really worried about security at distributed data centers: nobody tries to hack Google physically. Or maybe they do and we don't hear about it because the hackers get disappeared. (only half joking)

Anyway, the fact that millions of businesses all need to invest independently in security is an unholy mess that can only be improved by centralization.

Edited by Fighteer on Jun 25th 2020 at 5:49:38 AM

"The manual nature of this system is a serious problem and is something we will try to get corrected once the admins have more time to devote to development tasks.'

I would be interested to know, if you dont mind sharing the information, what your hit rate is—that is, of those email/ip addresses that you submit to the database, how many turn out to have bad reputations, and of the accounts that end up causing some sort of trouble here at TV Tropes, how many had been flagged by the database?

I have absolutely no way of calculating that, but I'm going to give a very rough approximation purely from memory. I personally check ten to twenty percent of email addresses and find abuse flags on around ten percent of those. This is usually a secondary check if the IP is risky but not identified as a VPN. I rarely use it as a primary check. If the IP is risky but the email is clean, I generally pass the account. ^note IPs, especially IPv4 addresses, that are part of a dynamic IP pool or represent a home network with multiple computers behind it get reported as "proxies" without any real risk, so we take those with a grain of salt and only block if actual abuse has been reported. A genuine VPN is different, although school and corporate networks can get flagged as VPNs even though they are generally safe.

I'm not counting addresses that are obviously from disposable mailhosts. I won't enumerate them here but we have quite the blacklist by now. They are usually obvious, I always check them, and if they are disposable, I always block them.

Most of the accounts that we reject on a daily basis are due to VPN use. ^note If they message us to appeal the rejection, they get an opportunity to disable their VPN and let us check again. Most of the rest are due to geolocation flags combined with email addresses flagged for abuse. The remainder are ban evaders or people who register multiple accounts in rapid succession ^note (and that is just to make sure they know what they're doing).

I should point out that most spammers are really blatant about their choice of handle and/or email address. There's little ambiguity, because they apparently don't expect to get caught that way. For example, if the handle or email includes 'seo' [1], I immediately check them.

Our software is too primitive to perform any kind of statistical analysis, but I can say that since we began this screening process, spammers have almost completely disappeared from the wiki and forums. Ban evasion is a separate matter, but screening for VPNs has cut that problem by at least 90 percent. The remaining ban evaders are using mobile IPs or highly dynamic landline IPs, which are extremely difficult to stop without unfairly penalizing legitimate users.

Some extremely persistent ban evaders (again, I won't say who) are identifiable only by their geolocations and choices of ISP. However, they are very consistent within those patterns and easy to block.

I don't know how representative this is, but out of 40 accounts that registered today (a relatively low number), we rejected 10. Yesterday, we rejected 11 out of 46. The day before, we rejected 11 out of 56.

Edited by Fighteer on Jun 25th 2020 at 10:18:13 AM

Calling back to this post:

Lindsey Graham, Tom Cotton, and Marsha Blackburn are all cosponsoring a bill in the US Senate to outlaw end-to-end encryption due to criminal activity.

This is one of those bills that gives me heartburn because I can't decide which particular aspect of it is more important to me. I will say that the fact that all of the sponsors are Republicans on my coal-in-the-stocking list doesn't help dispose me favorably towards it, especially given the Republican Party's history of abusing privacy in the name of national security.

However, I generally agree that the government should be able to subpoena private communications as evidence in a criminal proceeding. The right to privacy has never been be an absolute right; it can be suspended under due process of law, and courts have long ruled that the right against self-incrimination does not allow the withholding of relevant evidence.

If you believe in those things, then you should accept that the government may, under some circumstances, read private communications even if they are encrypted. End-to-end encryption services that negotiate keys between parties without any third-party managing them are virtually impossible to break, defeating this principle of law. Even if you subpoena the app creator, they can't break the encryption.

The "what if terrorists" card is fearmongering, and I reject it. However, consider the current administration. If members of this administration conduct corrupt or illegal dealings, we'd like to be able to prove it in court, and if they (hypothetically) use these encryption methods, those acts may never come to light. On the other hand, if they use the ability to snoop on encrypted communications to target their political enemies, that is an intolerable abuse of power. It goes both ways, but my vote has to fall on the side of the public's right to know.

Edited by Fighteer on Jun 25th 2020 at 11:18:50 AM

The obvious problem is that end-to-end encryption is the only way to ensure secure communication. I obviously won't go into how that works (there are far better explanations for how two parties can exchange keys without ever exposing the keys themselves online; I'm a particular fan of the paint mixing one) but since it all comes down to how (pretty much) factoring primes is computationally absurd†, you fatally undermine the entire notion if you introduce a factor that will all the time, and guaranteed, ignore both of those keys.

And fundamentally I cannot agree with the notion that crime solving should introduce such avenues for crime as fatally compromising every piece of security software in existence, let alone the chilling effects on democracy and freedom of speech in other countries when you force everyone to have to develop their own infrastructure to have secure communication. Oh, and then we have the problems of no common communication, which is exactly what authoritarian states have been wanting since the internet came into existence...

"The good of the public!" is the best way to disguise handing every authoritarian dictatorship exactly what they want. Oh, and for an international perspective this would of course give the US carte blanche to snoop on traffic from foreign countries with even greater ease if they don't immediately launch into segregated networks.

But if solving a tiny minority of crimes and the very slight chance you might need the government to snoop on the prior communications of... itself, then sure. Sell everyone else out.

This isn't even remotely a what-if. The instant a law like this passes and a deliberate security hole is introduced, every interested party on the planet is going to invest into finding and exploiting it. And known security vulnerabilities do not stay secret long.

† Without quantum computing and isn't that going to be a headache once it messes with NP completeness and is widely available)

Edited by RainehDaze on Jun 25th 2020 at 4:57:36 PM

Anything amounting to “Republicans threatening privacy” should immediately raise red flags.