Source: Hacker News
Source: Schneier on Security
My personal definition of a brilliant idea is one that is immediately obvious once it’s explained, but no one has thought of it before. I can’t believe that no one has described this taxonomy of access control before Ittay Eyal laid it out in this paper. The paper is about cryptocurrency wallet design, but the ideas are more general. Ittay points out that a key—or an account, or anything similar—can be in one of four states:
safe Only the user has access,
loss No one has access,
leak Both the user and the adversary have access, or
theft Only the adversary has access.
Once you know these states, you can assign probabilities of transitioning from one state to another (someone hacks your account and locks you out, you forgot your own password, etc.) and then build optimal security and reliability to deal with it. It’s a truly elegant way of conceptualizing the problem.
Source: Ars Technica
Enlarge / FTC Chair Lina Khan said the commission intends to act on commercial data collection, which happens at "a massive scale and in a stunning array of contexts." (credit: Getty Images)
The Federal Trade Commission has kicked off the rulemaking process for privacy regulations that could restrict online surveillance and punish bad data-security practices. It's a move that some privacy advocates say is long overdue, as similar Congressional efforts face endless uncertainty.
The Advanced Notice of Proposed Rulemaking, approved on a 3-2 vote along partisan lines, was spurred by commercial data collection, which occurs at "a massive scale and in a stunning array of contexts," FTC Chair Lina M. Khan said in a press release. Companies surveil online activity, friend networks, browsing and purchase history, location data, and other details; analyze it with opaque algorithms; and sell it through "the massive, opaque market for consumer data," Khan said.
Companies can also fail to secure that data or use it to make services addictive to children. They can also potentially discriminate against customers based on legally protected statuses like race, gender, religion, and age, the FTC said. What's more, the release said, some companies make taking part in their "commercial surveillance" required for service or charge a premium to avoid it, employing dark patterns to keep the systems in place.
Source: Engadget
Meta has long been working on end-to-end encryption for its messaging products, but so far, only WhatsApp has switched on the privacy feature by default. In its latest update about its efforts, Meta said it will start testing default end-to-end encrypted chats for select users on Messenger. Those chosen to be part of the test will find that some of their most frequent chats have been automatically end-to-end encrypted. That means there's no reason to start "Secret Conversations" with those friends anymore.
The company is also testing secure storage for encrypted chats, which gives users access to their conversation history in case they lose their phone or want to restore it on a new device. To be able to access their backups through security storage, users will have to create a PIN or generate codes that they'll then have to save. Those two are end-to-end encrypted options and provide another layer of protection. That said, users can also opt to use cloud services to restore conversations — those with iOS devices, for instance, can use iCloud to store the secret key needed to access their backups. Meta will also begin testing secure storage this week, but only on Android and iOS. It's still not available for Messenger on the web or for unencrypted chats.
The other tests Meta is rolling out in the coming weeks include bringing regular Messenger features to end-to-end encrypted chats. It will test the ability to unsend messages and to send replies to Facebook Stories as encrypted chats, and it's also planning to bring end-to-end encrypted calls to the Calls Tab on Messenger. Ray-Ban Stories users will be able to send encrypted hands-free messages through Messenger, as well.
In addition, Meta is launching a new security feature called Code Verify, which is an open-source browser extension for Chrome, Firefox and Microsoft Edge. As its name implies, it can verify the authenticity of the Messenger website's web code and ensure that it hasn't been tampered with. As for Instagram, the company is retiring the app's vanish mode chats, which aren't encrypted, while also expanding ongoing tests for opt-in end-to-end encrypted messages and calls on the service.
All of these are part of Meta's preparations as it works its way towards the global rollout of default end-to-end encryption for messages and calls on its services. It plans to launch even more tests and updates before its target rollout sometime in 2023.
Source: Hacker News
Source: Hacker News
Source: Hacker News
Source: Ars Technica
Enlarge (credit: Intel)
Intel’s latest generation of CPUs contains a vulnerability that allows attackers to obtain encryption keys and other confidential information protected by the company’s software guard extensions, the advanced feature that acts as a digital vault for security users’ most sensitive secrets.
Abbreviated as SGX, the protection is designed to provide a fortress of sorts for the safekeeping of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top is maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.
SGX is a cornerstone of the security assurances many companies provide to users. Servers used to handle contact discovery for the Signal Messenger, for instance, rely on SGX to ensure the process is anonymous. Signal says running its advanced hashing scheme provides a “general recipe for doing private contact discovery in SGX without leaking any information to parties that have control over the machine, even if they were to attach physical hardware to the memory bus.”
Source: Hacker News
Source: TorrentFreak
As the first major legal subscription streaming service on the Internet, Netflix paved the way for a streaming revolution.
The company began competing with piracy from the get-go, branding itself as a superior alternative. In the early years, the strategy paid off.
Millions of subscribers switched from casually consuming pirated content on unlicensed platforms in favor of a convenient and reasonably-priced legal alternative. Piracy never went away, but downloading Netflix content illegally seemed silly.
In the years that followed the legal streaming landscape became more crowded. Inspired by Netflix’s success, new streaming portals such as Amazon, Disney+, HBO Max, Hulu, Paramount+, and Peacock started competing for a share of the lucrative streaming market.
The media often refers to this competition as the “streaming wars,” but the real threat may not come from legal streaming services but illegal pirate sites.
The suggestion that “subscription fatigue” may motivate people to start pirating again isn’t new. We have highlighted this issue in the past and it has been confirmed by research, but it’s now reaching a point where it’s hard for Hollywood to ignore.
Piracy tracking firm MUSO recognizes the problem too. In addition to doing anti-piracy work for major copyright holders, the UK company also helps major players such as Amazon, Lionsgate, and Sony, to understand the latest piracy trends.
In an op-ed, MUSO CEO Andy Chatterley highlights that increased fragmentation in the streaming ecosystem, paired with higher prices, is starting to make piracy more appealing again. And without an option to pay for everything, people are seeking out alternatives.
“[F]aced with an increasingly fractured streaming landscape, the consumer does the math and realizes that having access to all the shows they want to watch is not a justifiable expense when their grocery bill has doubled and they’re cycling or carpooling to work to save money on fuel,” Chatterley says.
“And in the absence of a one-stop shop like Spotify is to music lovers, and now that piracy sites have evolved to become sophisticated, easy-to-use experiences, people who have never resorted to piracy before are finding it more appealing than ever. Everything you could ever want to watch, all in one place, only a few clicks away and all for free. What’s not to like?”
Chatterley notes that copyright holders should be aware of this potential shift in user behavior, which is backed up by data. Earlier this year Netflix reported that its subscriber numbers had dropped for the first time in history and piracy continues to grow.
According to MUSO’s data, Netflix content was good for an 11.4% U.S. piracy market share in June. Globally, this number is even higher, with Netflix content making up 16% of the worldwide piracy demand.
“Now, imagine if they could convert those pirate consumers into paying customers,” Chatterley comments.
MUSO’s messaging is in part out of self-interest as the company offers piracy insights as a commercial service. This is serious business for Muso. Just last week the company announced that it had secured a $3.9M investment from Puma Private Equity.
That said, the fact that a company working with several Hollywood players is prepared to highlight the dangers of too many subscriptions is quite something. Especially when that company started as a fairly traditional anti-piracy outfit roughly a decade ago.
Instead of pointing a finger at pirates, Chatterley focuses more on the shortcomings of the TV and movie industry. Piracy can be lowered by offering a one-stop solution for a fair price but somehow that seems to be a pipe dream.
“By offering a service that is both comprehensive and good value for money, you render piracy a much less attractive option,” he writes.
“But with content providers investing billions in their platforms and determined to keep their shows exclusive to them, this seems fanciful. And so the drop off in subscribers seems set to continue, with piracy sites continuing to welcome them with open arms,” Chatterley concludes.
From: TF, for the latest news on copyright battles, piracy and more.
