DEFCON, Cliqz, StrandHogg, Tails, CCM, Payments, Article 13

  • Listened DEF CON 27 - The Tor Censorship Arms Race The Next Chapter talk. Comments: Backdooring software is bad for everyone. That's something I can totally agree about. National Security Issues, traffic monitoring and blocking. The need of having enough background / cover traffic. Same problem applies to the alternate networking / encryption protocols and platforms. If your "team" is only one using the system, then you don't need to crack the system. The members can be identified by the usage data alone. Nothing new there either. You need to be hiding in plain sight in a large crowd. FTE / Marionette - Format Transforming Encryption @ Wikipedia, Decoy routing using steganographic tags. kw: obfsproxy, meek, tor bridge, tor client, DPL, obfs2, obfs3, obfs4, Snowflake @ TorProject, TorProject, Tor Project @ TorProject, censorship, surveillance, centralization.

  • Checked out new search engine Cliqz @ Cliqz. Competition in search market is very important. I really welcome any new players, Google monopoly has gotten way too far in some areas. Yet interestingly the Cliqz runs on Amazon. Mojeek @ Mojeek also announced that they've just installed new servers. So they're running own physical servers, instead of pushing all of their information into the cloud services.

  • Studied Android StrandHogg. Nothing new, it's all magic and illusion, showing fake screens to the user. Yet that also utilizes system bug, which allows applications to create illusion to the end-user. As a concept, nothing new at all. With that capability you can easily mislead the user in several ways. Some simpler like getting permissions and stealing password can be fully automated, but of course more advanced attackers can create highly personalized deceptions.

  • Continued setting up new development workstation. Phew, so much work to get everything installed and tuned. After getting all the basics right, there's still the final test, if I can use 64 bit Python, or if some of the libraries / dependencies force me to still using the 32 bit version. I've tried this I think five years ago and back then it was impossible to use 64 bit version. Most of the limitations came from ODBC drivers used to connecting database. I which I could upgrade everything to the latest Python 3.8 / 64 bit.

  • Carefully studied everything that the latest [ Tails @ Tails | Tails @ Wikipedia ] provides. It's nice software package, not only the Tor-browser. But in general, GnuPG, SSH, torify,7z, gtkhash, mat2, GnuPG Applet with TextEditor etc, everything preinstalled and of course encrypted (LUKS) persistent volumes with ext4 file system, or other volumes using VeraCrypt.

  • Finally had time to study CCM @ Wikipedia. Which is mode of AEAD @ Wikipedia and can be constructed with any block cipher. A&T,MtA, EtA, EtM, MtE, E&A, AE. - Yet this isn't really my problem, I'll gladly leave it to the experts, because often they're not even getting these things right.

  • Read a long article about risks of electronic payments. How cash is being abandoned and replaced by mostly American payment systems like MasterCard or Visa. Many businesses do not even accept cash payments anymore. Only card payments are accepted. It's easy to forget that these systems can stop working. Even cash itself is just government or ECB issued paper with pretty pictures. What about stuff which got real value, food, water, things to keep you warm (Note near polar regions like: Finland, Canada and so on). Without forgetting semi precious items like gold and diamonds. Those are better than cash, but still worthless if something really bad happens. It's better not to forget that things can change really quickly. In the military museum you can study how long and bloody history Finland got with our ahem, friend, Russia. - Paranoid? Maybe? Maybe not.

  • Upload filters (Article 13) and China's Great Cannon (DDoS). Interesting times, control of content and information distribution is hot topic. It remains to be seen where all this is going.

2020-11-15