Internet and its enemies

 

Mont Pelerin Society Conference 2018, Gran Canaria

Let me introduce myself

  • Cryptoanarchist & voluntaryist focused on technology and society hacking
  • Certified IT security professional, founder of IT security hacking companies (Nethemba, Hacktrophy) & contemporary art (Satori)
  • Co-founder of Bratislava's and Prague's hackerspaces (Progressbar & Paralelni Polis)
  • Organizer of HCPP (the world's cryptoanarchist conference)
  • Member of Czech contemporary controversal artistic group Ztohoven
  • Responsible for libertarian & digital privacy projects www.nepracujemeprestat.sk, www.internetbezcenzury.sk

Internet privacy threats

 

Random

  • Unexpected threats caused by various viruses, malware, targeted attackers
  • Cyber-terrorism (often a hype and pretext for hugely expensive government IT security projects paid by tax-payers)
  • Can be reduced by antiviruses, anti-malware, systems' hardening

 

Persistent

  • Forced by governments and their legislation
  • Can be reduced by end-to-end crypto, anonymization and system hardening and decentralization
  • Most people are not aware or ignore these threats

Persistent privacy threats - governments spying

  • Governments - there is a need to spy on their citizens because of many reasons (e.g. tax evasion, terrorism)
  • Secret agencies in most countries (including the EU) use special highly sophisticated spying software (from German-UK company Gamma Group and Italian company Hacking Team) to gain full control over any computer / phone
  • Their software is used by most dictatorship regimes (Iran, Pakistan, Egypt, Ethiopia, Bahrain, ..) to spy, catch and send to prison a lot of political activists / opponents  / dissidents 
  • Also used by Western-European / US governments for "legal reasons", top-secret/classified with no transparency
  • It uses 0-day exploits (vulnerabilities which are not published yet), therefore it is almost impossible to defend these attacks

Persistent privacy threats - governments censorship

 

  • Proposals for ban of end-to-end encryption (even in the developed democratic countries like the UK)
  • Key-disclosure laws in the UK, Australia, New Zealand

 

Four Horsemen of the Information Apocalypse:

  1. Terrorists
  2. Drug dealers
  3. Kidnappers
  4. Child pornographers

 

Term coined by Timothy C May in 1988 

Persistent privacy threats - governments censorship


Internet censorship in Russia started with the protection of children from harmful content; particularly content which glorifies drug usage, advocates suicide or describes suicide method....

Persistent privacy threats - governments censorship

  • 3 weeks ago the EU parliament approved the controversial article 11 ("link tax") and 13 ("meme ban").
  • All uploaded videos or audios in the EU have to be checked for copyrighted material (!)
  • Will this mean another censorship?

True reasons for censorship

  1. Everybody wants to be a politician who cares!
  2. Better monitoring and control of all citizens
  3. Efficient tool to preserve the government's power and eliminate their political oposition

Internet censorship is now in almost all countries

  • Including  developed Western-Europe ones (blocking because of intellectual property reasons, online gambling sites, ...)
  • Developing ones (blocking of porn, homosexuality, human rights websites..)
  • Censorship is always extending over time ("salami slicing of free speech"), e.g. in the UK:
    1. Access to Pirate Bay and other torrent portals were blocked
    2. Then opt-in/opt-out access to the porn sites was approved
    3. Now they are trying to approve ban of end-to-end encryption
    4. In the future, will it be blocking of political opposition & anti-government websites? 

Persistent privacy threats: GDPR

  • The General Data Protection (GDPR) directive valid for all EU countries
  • Not following the regulation may cost you a fine up to 20 000 000 EUR or up to 4% of the annual worldwide turnover
  • For sure there are a lot of interesting ideas and concepts in GDPR that can improve the privacy of EU citizens
  • But the crucial questions are:
    • Are these security / privacy measures economically effective? Do they make economic sense? 
    • Can we morally define the new rights and externalize all costs for their legislation and enforcement to tax-payers?

GDPR takes away from people a choice to decide between their privacy and other benefits.

The privacy is for sure important, but cannot be forced to all people especially if many of them are willing to exchange it for some benefits

GDPR introduces new "positive" rights

  • Right of access by the data subject
  • Right to erasure / Right to be forgotten 
  • Right to rectification
  • Right to restriction of processing
  • Right to data portability
  • Right to object

Everytime you create a new positive right, you also create an obligation to tax payers to cover all related expenses

Should we expect another Internet censorship of all websites of international companies delivering their products/services to the EU citizens which decide not to follow GDPR rules?

(Yes, this already happened with online gambling companies!)

How to cope with persistent privacy threats

  • Privacy intrusions by 3rd parties (government, corporations) will be more likely in the future
  • You are already tracked by your mobile/internet operator, your social networks, government agencies
  • Care about your privacy:
    • Encrypt all your communication (Signal, PGP, S/MIME)
    • Encrypt your storage (including cloud)
    • Use anonymization networks (Tor, I2P) and/or VPNs
    • Update all your systems including smartphones
    • Do not use generic operating systems (like Windows) or generic applications (like Skype), prefer Linux or Mac OS

Check the new world of digital decentralization & cryptoanarchy

  • Thanks to Tor/I2P hidden services it is possible to build "anonymous cipherspace" where it is impossible to impose any censorship or enforce any regulations
  • Using anonymization technologies you can access safely to free Internet even from countries with strong censorship & regulations
  • Check decentralized
    • truly anonymous cryptocurrencies (Monero, ZCash
    • media/blog websites (steemit.com, yours.org, d.tube)
    • companies (DAOs)


Your biggest persistent privacy threat is your government!

Thanks a lot for your attention!

Internet and its enemies

By Pavol Luptak

Internet and its enemies

Despite the fact that random Internet threats caused by various viruses, malware or targeted attackers are well known, most people are not aware of persistent risks enforced by governments and their legislation. The goal of the presentation is to describe these induced threats - massive spying of citizens, global censorship and other potentially dangerous legislation. Revealing an interesting paradox - governments responsible for new privacy legislation (like GDPR) are becoming the most dangerous threat to the privacy of their citizens.

  • 2,345