Menu

Timesdelhi.com

February 24, 2019
Category archive

Internet

Zimbabwe’s government faces off against its tech community over internet restrictions

in cameroon/ceo/Column/Congress/davos/dc/Delhi/digital media/Econet Wireless/ethiopia/India/Internet/internet access/new media/Politics/president/SMS/social media/Washington DC/WhatsApp by

After days of intermittent blackouts at the order of the Zimbabwe’s Minister of State for National Security, ISPs have restored connectivity through a judicial order issued Monday.  

The cyber-affair adds Zimbabwe to a growing list of African countries—including Cameroon, Congo, and Ethiopia—whose governments have restricted internet expression in recent years.

The debacle demonstrates how easily internet access—a baseline for all tech ecosystems—can be taken away at the hands of the state.  

It also provides another case study for techies and ISPs regaining their cyber rights. Internet and social media are back up in Zimbabwe — at least for now.   

Protests lead to blackout

Similar to net shutdowns around the continent, politics and protests were the catalyst. Shortly after the government announced a dramatic increase in fuel prices on January 12, Zimbabwe’s Congress of Trade Unions called for a national strike.

Web and app blackouts in the Southern African country followed demonstrations that broke out in several cities. A government crackdown ensued with deaths reported.

“That began Monday [January 14]. A few demonstrations around the country become violent…Then on Tuesday morning there was a block on social media: Facebook, Twitter, and WhatsApp,” TechZim CEO Tinashe Nyahasha told TechCrunch on a call from Harare.

On January 15, Zimbabwe’s largest mobile carrier Econet Wireless confirmed via SMS and a message from founder Strive Masiyiwa that it had complied with a directive from the Minister of State for National Security to shutdown internet.

Net access was restored, taken down again, then restored, but social media sites remained blocked through January 21.

Data provided to TechCrunch from Oracle’s Internet Intelligence research unit confirm the net blackouts on January 16 and 18.

VPNs, government response

Throughout the restrictions, many of Zimbabwe’s citizens and techies resorted to VPNs and workarounds to access net and social media, according to Nyahasha.

Throughout the interruption TechZim ran updated stories on ways to bypass the cyber restrictions.

The Zimbabwean government’s response to the net shutdown started with denial—one minister referred to it as a congestion problem on local TV—to presidential spokesperson George Charamba invoking its necessity for national security reasons.

Then President Dambudzo Mnangawa took to Twitter to announce he would skip Davos meetings and return home to address the country’s unrest—a move panned online given his government’s restrictions on citizens using social media.    

The Embassy of Zimbabwe in Washington, DC and Ministry for ICT did not respond to TechCrunch inquiries on the country’s internet and app restrictions.

Court ruling, takeaways

On Monday this week, Zimbabwe’s high court ordered an end to any net restrictions, ruling only the country’s president, not the National Security Minister, could legally block the internet. Econet’s Zimbabwe Chief of Staff Lovemore Nyatsine and sources on the ground confirmed to TechCrunch that net and app access were back up Tuesday.  

Zimbabwe’s internet debacle created yet another obstacle for the country’s tech scene. The 2018 departure of 37–year President Robert Mugabe—a  hero to some and progress impeding dictator to others—sparked hope for the lifting of long-time economic sanctions on Zimbabwe and optimism for its startup scene.

Some of that has been dashed by subsequent political instability and worsening economic conditions since Mugabe’s departure, but not all of it, according to TechZim CEO Tinashe Nyahasha.   

“There was momentum and talk of people coming home and investing seed money. That’s slowed down…but that momentum is still there. It’s just not as fast as it could have been if the government had lived up to the expectations,” he said.  

Of the current macro-environment for Zimbabwe’s tech sector, “The truth is, it’s bad but it has been much worse,” Tinashe said

With calls for continued protests, Monday’s court ruling is likely not the last word on the internet face-off between the government and Zimbabwe’s ISPs and tech community.

Per the ruling, a decision to restrict net or apps will have to come directly from Zimbabwe’s president, who will weigh the pros and cons.

On a case by case basis, African governments may see the economic and reputational costs of internet shutdowns are exceeding whatever benefits they seek to achieve.

Cameroon’s 2017 shutdown, covered here by TechCrunch, cost businesses millions and spurred international condemnation when local activists created a  #BringBackOurInternet campaign that ultimately succeeded.

In the case of Zimbabwe, global internet rights group Access Now sprung to action, attaching its #KeepItOn hashtag to calls for the country’s government to reopen cyberspace soon after digital interference began.

Further attempts to restrict net and app access in Zimbabwe will likely revive what’s become a somewhat ironic cycle for cyber shutdowns. When governments cut off internet and social media access, citizens still find ways to use internet and social media to stop them.

News Source = techcrunch.com

Scooter startup Bird tried to silence a journalist. It did not go well.

in bank/blogs/Boing Boing/China/copyright law/cyberpunk/Delhi/digital media/electronic/India/Internet/journalist/lawsuit/online rights/Politics/reporter/Security/spokesperson/Startups/Transportation by

Cory Doctorow doesn’t like censorship. He especially doesn’t like his own work being censored.

Anyone who knows Doctorow knows his popular tech and culture blog Boing Boing, and anyone who reads Boing Boing knows Doctorow and his cohort of bloggers. The part-blogger, part special advisor at the online rights group Electronic Frontier Foundation, has written for years on topics of technology, hacking, security research, online digital rights, and censorship and its intersection with free speech and expression.

Yet, this week it looked like his own free speech and expression could have been under threat.

Doctorow revealed in a blog post on Friday that scooter startup Bird sent him a legal threat, accusing him of copyright infringement and that his blog post encourages “illegal conduct.”

In its letter to Doctorow, Bird demanded that he “immediately take[s] down this offensive blog.”

Doctorow declined, published the legal threat, and fired back with a rebuttal letter from the EFF accusing the scooter startup of making “baseless legal threats” in an attempt to “suppress coverage that it dislikes.”

The whole debacle started after Doctorow wrote about about how Bird’s many abandoned scooters can be easily converted into a “personal scooter” by swapping out its innards with a plug-and-play converter kit. Citing an initial write-up by Hackaday, these scooters can have “all recovery and payment components permanently disabled” using the converter kit, available for purchase from China on eBay for about $30.

In fact, Doctorow’s blog post was only two paragraphs long and, though didn’t link to the eBay listing directly, did cite the hacker who wrote about it in the first place — bringing interesting things to the masses in bitesize form in in true Boing Boing fashion.

Bird didn’t like this much, and senior counsel Linda Kwak sent the letter — which the EFF published today — claiming that Doctorow’s blog post was “promoting the sale/use of an illegal product that is solely designed to circumvent the copyright protections of Bird’s proprietary technology, as described in greater detail below, as well as promoting illegal activity in general by encouraging the vandalism and misappropriation of Bird property.” The letter also falsely stated that Doctorow’s blog post “provides links to a website where such Infringing Product may be purchased,” given that the post at no point links to the purchasable eBay converter kit.

EFF senior attorney Kit Walsh fired back. “Our client has no obligation to, and will not, comply with your request to remove the article,” she wrote. “Bird may not be pleased that the technology exists to modify the scooters that it deploys, but it should not make baseless legal threats to silence reporting on that technology.”

The three-page rebuttal says Bird used incorrectly cited legal statutes to substantiate its demands for Boing Boing to pull down the blog post. The letter added that unplugging and discarding a motherboard containing unwanted code within the scooter isn’t an act of circumventing as it doesn’t bypass or modify Bird’s code — which copyright law says is illegal.

As Doctorow himself put it in his blog post Friday: “If motherboard swaps were circumvention, then selling someone a screwdriver could be an offense punishable by a five year prison sentence and a $500,000 fine.”

In an email to TechCrunch, Doctorow said that legal threats “are no fun.”

AUSTIN, TX – MARCH 10: Journalist Cory Doctorow speaks onstage at “Snowden 2.0: A Field Report from the NSA Archives” during the 2014 SXSW Music, Film + Interactive Festival at Austin Convention Center on March 10, 2014 in Austin, Texas. (Photo by Travis P Ball/Getty Images for SXSW)

“We’re a small, shoestring operation, and even though this particular threat is one that we have very deep expertise on, it’s still chilling when a company with millions in the bank sends a threat — even a bogus one like this — to you,” he said.

The EFF’s response also said that Doctorow’s freedom of speech “does not in fact impinge on any of Bird’s rights,” adding that Bird should not send takedown notices to journalists using “meritless legal claims,” the letter said.

“So, in a sense, it doesn’t matter whether Bird is right or wrong when it claims that it’s illegal to convert a Bird scooter to a personal scooter,” said Walsh in a separate blog post. “Either way, Boing Boing was free to report on it,” she added.

What’s bizarre is why Bird targeted Doctorow and, apparently nobody else — so far.

TechCrunch reached out to several people who wrote about and were involved with blog posts and write-ups about the Bird converter kit kit. Of those who responded, all said that they had not received a legal demand from Bird.

We asked Bird why it sent the letter, and if this was a one-off letter or if Bird had sent similar legal demands to others. When reached, a Bird spokesperson did not comment on the record.

All too often, companies send legal threats and demands to try to silence work or findings that they find critical, often using misinterpreted, incorrect or vague legal statutes to get things pulled off from the internet. Some companies have been more successful than others, despite an increase in awareness and bug bounties, and a general willingness to fix security issues before they inevitably become public.

Now Bird becomes the latest in a long list of companies that have threatened reporters or security researchers, alongside companies like drone maker DJI, which in 2017 threatened a security researcher trying to report a bug in good faith, and spam operator River City, which sued a security researcher who found the spammer’s exposed servers and a reporter who wrote about it. Most recently, password manager maker Keeper sued a security reporter claiming allegedly defamatory remarks over a security flaw in one of its products. The case was eventually dropped but not before over 50 experts, advocates, and journalist (including this reporter) signed onto a letter calling for companies to stop using legal threats to stifle — and silence security researcher.

That effort resulted in several companies — notably LinkedIn and Tesla — to double down on their protection of security researchers by changing their vulnerability disclosure rules to promise that the companies will not seek to prosecute hackers acting in good-faith.

But some companies have bucked that trend and have taken a more hostile, aggressive — and regressive — approach to security researchers and reporters.

“Bird Scooters and other dockless transport are hugely controversial right now, thanks in large part to a ‘move-fast, break-things’ approach to regulation, and it’s not surprising that they would want to control the debate,” said Doctorow.

“But to my mind, this kind of bullying speaks volumes about the overall character of the company,” he said.

News Source = techcrunch.com

A simple bug makes it easy to spoof Google search results into spreading misinformation

in Delhi/digital media/Donald Trump/google search/Government/Hack/India/Internet/London/online advertising/Politics/search engine/search results/Security/United States/world wide web by

A bug that anyone can easily exploit in Google makes it easy to kick out manipulated search results that look entirely real.

The search manipulation bug was documented by Wietze Beukema, a London-based security specialist, who warned that a malicious user could use this bug to generate misinformation.

This is done by splicing together values from a Google search result’s “knowledge graph,” the cards that pop up in search results to supplement the search query with visuals and quick facts. Anything from countries, planets, tech news sites and more have cards that appear on the right-side of Google’s search results, displaying other nuggets of information at a glance.

In a blog post, Beukema explained that the short, shareable URL when entered into a Google search result could be chopped and added to the web address of any other search query.

So, when you’d search: “What is the capital of Britain,” you’d expect London to return. Actually, you can make it any value — such as Mars.

It also works if you search “Who is the US president?” You can just manipulate the result to read “Snoop Dogg.”

A bug makes it easy to put the contents of a knowledge card into a search result. (Image: TechCrunch)The manipulated search query doesn’t break HTTPS, so anyone can craft a link, send it in an email, tweet it out or share it on Facebook — and the recipient, one assumes, would be none the wiser. But that can be a real problem in an age of mistrust of internet companies after misinformation campaigns by nation-state actors.

Beukema warned that this search manipulation bug could be used to spread factually incorrect information, or even propaganda.

“Who is responsible for 9/11?” can be pointed to George Bush, a widely held conspiracy theory. “Where was Barack Obama born?” can be pointed to Kenya, another conspiracy theory largely propagated by his successor, Donald Trump, who later backtracked on the claim.

And even, “Which party should I vote for?” can be pointed to either the Republicans or the Democrats.

No wonder so many people think the election was rigged if they think they can click a button and have a search engine tell them who to vote for.

Beukema told TechCrunch that anyone can “generate normal-looking Google URLs that make controversial assertions,” which can “either look bad on Google, or worse, people will accept them as being true.”

He said that he first reported the bug to Google in December 2017, but the report was closed without the company taking any action.

“The ‘attack’ I described relies on this trust people have in Google and the facts it presents,” he said.

The bug is still active at the time of writing. In fact, it’s been known about for almost three years. Beukema simply brought the issue to light after first discovering the issue more than a year ago. But it’s already sparked interest from the hacker community. One developer, Lucas Miller, took just a few hours to build a Python script to automatically generate fake results based on search queries.

It’s a mystery why Google, despite claims of political bias (though no evidence to say it’s true), has taken so long to fix a basic weakness in its search results that would make the service far more trustworthy.

A Google spokesperson told TechCrunch that it was “working to fix” the issue.

News Source = techcrunch.com

How to browse the web securely and privately

in 2018 Year in Review/ad networks/browser extension/Cybersecurity 101/Delhi/dns/firewall/http/India/Internet/Internet traffic/online advertising/Politics/privacy/Security/vpn/web browser/web traffic by

So you want to browse the web securely and privately? Here’s a hard truth: it’s almost impossible.

It’s not just your internet provider that knows which sites you visit, it’s also the government — and other governments! And when it’s not them, it’s social media sites, ad networks or apps tracking you across the web to serve you specific and targeted ads. Your web browsing history can be highly personal. It can reveal your health concerns, your political beliefs and even your porn habits — you name it. Why should anyone other than you know those things?

Any time you visit a website, you leave a trail of data behind you. You can’t stop it all — that’s just how the internet works. But there are plenty of things that you can do to reduce your footprint.

Here are a few tips to cover most of your bases.

A VPN can help hide your identity, but doesn’t make you anonymous

You might have heard that a VPN — or a virtual private network — might keep your internet traffic safe from snoopers. Well, not really.

A VPN lets you create a dedicated tunnel that all of your internet traffic flows through — usually a VPN server — allowing you to hide your internet traffic from your internet provider. That’s good if you’re in a country where censorship or surveillance is rife or trying to avoid location-based blocking. But otherwise, you’re just sending all of your internet traffic to a VPN provider instead. Essentially, you have to choose who you trust more: your VPN provider or your internet provider. The problem is, most free VPN providers make their money by selling your data or serving you ads — and some are just downright shady. Even if you use a premium VPN provider for privacy, they can connect your payment information to your internet traffic, and many VPN providers don’t even bother to encrypt your data.

Some VPN providers are better than others: tried, tested — and trusted — by security professionals.

Services like WireGuard are highly recommended, and are available on a variety of devices and systems — including iPhones and iPads. We recently profiled the Guardian Mobile Firewall, a smart firewall-type app for your iPhone that securely tunnels your data anonymously so that even its creators don’t know who you are. The app also prevents apps on your phone from tracking you and accessing your data, like your contacts or your geolocation.

As TechCrunch’s Romain Dillet explains, the best VPN providers are the ones that you control yourself. You can create your own Algo VPN server in just a few minutes. Algo is created by Trial of Bits, a highly trusted and respected security company in New York. The source code is available on GitHub, making it far more difficult to covertly insert backdoors into the code.

With your own Algo VPN setup, you control the connection, the server, and your data.

You’ll need a secure DNS

What does it mean that “your internet provider knows what sites you visit,” anyway?

Behind the scenes on the internet, DNS — or Domain Name System — converts web addresses into computer-readable IP addresses. Most devices automatically use the resolver that’s set by the network you’re connected to — usually your internet provider. That means your internet provider knows what websites you’re visiting. And recently, Congress passed a law allowing your internet provider to sell your browsing history to advertisers.

You need a secure and private DNS provider. Many use publicly available services — like OpenDNS or Google’s Public DNS. They’re easy to set up — usually on your computer or device, or on your home router.

One recommended offering is Cloudflare’s secure DNS, which it calls 1.1.1.1. Cloudflare encrypts your traffic, won’t use your data to serve ads, and doesn’t store your IP address for any longer than 24 hours. You can get started here, and you can even download Cloudflare’s 1.1.1.1 app from Apple’s App Store and Google Play.

HTTPS is your friend

One of the best things for personal internet security is HTTPS.

HTTPS secures your connection from your phone or your computer all the way to the site you’re visiting. Most major websites are HTTPS-enabled, and appear as such with a green padlock in the address bar. HTTPS makes it almost impossible for someone to spy on your internet traffic intercept and steal your data in transit.

Every time your browser lights up in green or flashes a padlock, HTTPS encrypts the connection between your computer and the website. Even when you’re on a public Wi-Fi network, an HTTPS-enabled website will protect you from snoopers on the same network.

Every day, the web becomes more secure, but there’s a way to go. Some websites are HTTPS ready but don’t have it enabled by default. That means you’re loading an unencrypted HTTP page when you could be accessing a fully HTTPS page.

That’s where one browser extension, HTTPS Everywhere, comes into play. This extension automatically forces websites to load HTTPS by default. It’s a lightweight, handy tool that you’ll forget is even there.

Reconsider your web plug-ins

Remember Flash? How about Java? You probably haven’t seen much of them recently, because the web has evolved to render them obsolete. Both Flash and Java, two once-popular web plug-ins, let you view interactive content in your web browser. But nowadays, most of that has been replaced by HTML5, a technology native to your web browser.

Flash and Java were long derided for their perpetual state of insecurity. They were full of bugs and vulnerabilities that plagued the internet for years — so much so that web browsers started to pull the plug on Java back in 2015, with Flash set to sunset in 2020. Good riddance!

If you don’t use them — and most people don’t anymore — you should remove them. Just having them installed can put you at risk of attack. It takes just a minute to uninstall Flash on Windows and Mac, and to uninstall Java on Windows and Mac.

Most browsers — like Firefox and Chrome — let you run other add-ons or extensions to improve your web experience. Like apps on your phone, they often require certain access to your browser, your data or even your computer. Although browser extensions are usually vetted and checked to prevent malicious use, sometimes bad extensions slip through the net. Sometimes, extensions that were once fine are automatically updated to contain malicious code or secretly mine cryptocurrency in the background.

There’s no simple rule to what’s a good extension and what isn’t. Use your judgment. Make sure each extension you install doesn’t ask for more access than you think it needs. And make sure you uninstall or remove any extension that you no longer use.

These plug-ins and extensions can protect you

There are some extensions that are worth their weight in gold. You should consider:

  • An ad-blocker: Ad-blockers are great for blocking ads — as the name suggests — but also the privacy invasive code that can track you across sites. uBlock is a popular, open source efficient blocker that doesn’t consume as much memory as AdBlock and others. Many ad-blockers now permit “acceptable ads” that allow publishers to still make money but aren’t memory hogs or intrusive — like the ones that take over your screen. Ad-blockers also make websites load much faster.
  • A cross-site tracker blocker: Privacy Badger is a great tool that blocks tiny “pixel”-sized trackers that are hidden on web pages but track you from site to site, learning more about you to serve you ads. To advertisers and trackers, it’s as if you vanish. Ghostery is another example of an advanced-level anti-tracker that aims to protect the user by default from hidden trackers.

And you could also consider switching to more privacy-minded search engines, like DuckDuckGo, a popular search engine that promises to never store your personal information and doesn’t track you to serve ads.

Use Tor if you want a better shot at anonymity

But if you’re on the quest for anonymity, you’ll want Tor.

Tor, known as the anonymity network is a protocol that bounces your internet traffic through a series of random relay servers dotted across the world that scrambles your data and covers your tracks. You can configure it on most devices and routers. Most people who use Tor will simply use the Tor Browser, a preconfigured and locked-down version of Firefox that’s good to go from the start — whether it’s a regular website, or an .onion site — a special top-level domain used exclusively for websites accessible only over Tor.

Tor makes it near-impossible for anyone to snoop on your web traffic, know which site you’re visiting, or that you are the person accessing the site. Activists and journalists often use Tor to circumvent censorship and surveillance.

But Tor isn’t a silver bullet. Although the browser is the most common way to access Tor, it also — somewhat ironically — exposes users to the greatest risk. Although the Tor protocol is largely secure, most of the bugs and issues will be in the browser. The FBI has been known to use hacking tools to exploit vulnerabilities in the browser in an effort to unmask criminals who use Tor. That puts the many ordinary, privacy-minded people who use Tor at risk, too.

It’s important to keep the Tor browser up to date and to adhere to its warnings. The Tor Project, which maintains the technology, has a list of suggestions — including changing your browsing behavior — to ensure you’re as protected as you can be. That includes not using web plug-ins, not downloading documents and files through Tor, and keeping an eye out for in-app warnings that advise you on the best action.

Just don’t expect Tor to be fast. It’s not good for streaming video or accessing bandwidth-hungry sites. For that, a VPN would probably be better.

More guides:

News Source = techcrunch.com

The most common forms of censorship the public doesn’t know about

in cloudflare/Column/Delhi/digital media/dns/encryption/Freedom of Speech/India/Internet/internet censorship/Internet Engineering Task Force/net neutrality/open Internet/Politics/privacy/rights/Technology by

Amid all the discussion today about online threats, from censorship to surveillance to cyberwar, we often spend more time on the symptoms than on the underlying chronic conditions. If we want to make people around the world safer from an oppressive, weaponized Internet, we need to get a bit nerdy and talk about Internet standards.

Most Internet censorship today is only possible because the Internet wasn’t designed to protect the privacy of your connections. It wasn’t private by design, so when censors came along, they pushed on an open door. Making Internet connections truly private and secure means updating the fundamental technical standards that govern the global internet.

Fortunately, the first step toward making global internet standards safer and more censorship-resistant is neither controversial nor particularly complicated. Put simply, we should make Internet protocols—the who, what, where of internet addresses—more private. Everyone from regulators to users has been asking for more privacy protections, and improving Internet standards is one foundational way of providing that.

Privacy makes selective censorship harder because censors no longer know the blow-by-blow details of what everyone is doing, so they can’t micromanage a person’s access to the Internet. Improving standards doesn’t take magic — just prototyping, debating, consensus-building, and implementing. The standards that govern the Internet are driven through organizations like the Internet Engineering Task Force.

Since 2015, technologists, facilitated by the IETF, have been considering proposals to enhance privacy for a key element of the Internet: the Domain Name System (DNS). It’s often described as the “address book of the Internet” and it was not designed to use encryption.

Unfortunately, every time you visit a website, your computer first consults the DNS system without any encryption, allowing censors and snoopers to know the name of every website you visit. A new standard is emerging to encrypt DNS lookups.

The standardization of encrypted DNS is just one way Internet standards could be improved. Another example can be seen at CloudFlare, one of the largest content delivery networks in the world. They recently announced support for an evolving standard — “encrypted SNI” — that would close another subtle privacy hole that often occurs when users visit websites hosted on cloud providers.

As a final example, the W3C (another Internet standards body) has been establishing a draft standard for Network Error Logging. This potentially helps address one of the trickiest challenges in tackling network interference: figuring out when interference is even happening. After all, if someone attempts to load a website but cannot access it, any number of things could have gone wrong, from a network glitch to network interference. Because no connection was ever established, the website owner may never even know that someone tried and failed to reach their site. Network Error Logging allows the user’s device to report a failed lookup to a neutral third party that is not blocked. Think of it as enabling ombudsmen when sites are blocked.

The standards we define for the Internet today will determine how the next generation of technologists and technology companies build the tools of the future.

If we don’t approach internet standards with a strong set of values that promote user privacy and freedom of expression, the standards will be set by people who do not share those values, and the overall integrity of the global open internet will inevitably suffer.

The internet may not have been initially designed to prevent censorship by protecting user privacy, but the protection of individual privacy ought to be the North Star guiding how we navigate the challenges of an evolving, global internet. If we’re serious about addressing those challenges, we need to start with improving standards.

News Source = techcrunch.com

1 2 3 4
Go to Top