Category Archives: Privacy

Introducing WireGuard: the new official VPN of Linux

While end-to-end encryption dominates the headlines in light of recent legislative efforts, the encryption of our data in transit is also now more relevant than ever before. As a significant chunk of the American population continues to work from home, VPN traffic from private networks has soared by a whopping 34%, according to Verizon. Many companies have decided on the VPN software they will use to help stay afloat. But for many Linux users, WireGuard has already become the preferred weapon of choice after an exciting announcement made late last year: its official integration into the Linux kernel.

While there are several different VPN implementations to choose from, few come close to the simplicity of WireGuard’s open-source tunneling protocol. Compared to other protocols such as IPSec and OpenVPN, WireGuard is notorious for being lightweight, easy to set up, and (most importantly) highly secure. While it is also available for multiple different operating systems, including Windows, macOS, and FreeBSD, it now has a unique home inside the Linux kernel itself. As of version 5.6, users no longer need to manually download and include the VPN as a kernel module (add-on).

News of WireGuard’s merge could not have come at a more appropriate time. As millions around the globe rely on remote connections to access corporate resources from home, WireGuard becomes the de-facto new standard for point-to-point encryption on Linux. Not only does this decision advance the interests of privacy and confidentiality among users, but has also received overwhelming support among the Linux community, including none other than the creator of Linux himself, Linus Torvalds, referring to WireGuard as “a work of art.”

Written by: Conrad Schneggenburger

Sources:
https://www.wireguard.com/
https://www.fiercetelecom.com/telecom/sizing-up-covid-19-s-impact-broadband-networks
https://fossbytes.com/wireguard-vpn-linux-ready-launch/
https://itsfoss.com/wireguard/
https://www.wired.com/story/wireguard-gives-linux-faster-secure-vpn/

FCC Proposes $200m in Fines to Wireless Carriers for Selling Customer Location Data

The FCC has proposed to fine the four largest wireless carriers in the United States: T-Mobile, AT&T, Verizon, and Sprint, for not only selling customer location data to third parties without their consent, but also not protecting the information they sold against unauthorized access. T-Mobile possibly faces over $91 million in charges, AT&T over $57 million, Verizon over $48 million, and Sprint over $12 million.

The fines come after multiple third party companies including Securus Technologies and LocationSmart had been found reselling the customer location data [Krebs]. These third parties might have legitimate reasons to access location data (with consent) in some cases. For example, a user might need help with fraud prevention or emergency roadside assistance. However, there are users with malicious intent that can also obtain the same data.

Unfortunately, these fines are just drops in the bucket compared to the profit the carriers are probably making off of these third party sales, and will hardly deter them from stopping. Unless legislation is passed that enforces stronger privacy laws, companies like Verizon, AT&T, T-Mobile, Sprint and more will continue to take advantage of our data. It seems so far none of the carriers have contested to the fines or responded otherwise.

Written by Julie McGlensey

Sources:
https://krebsonsecurity.com/2020/02/fcc-proposes-to-fine-wireless-carriers-200m-for-selling-customer-location-data/
https://docs.fcc.gov/public/attachments/DOC-362754A1.pdf
https://www.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile

Zoom is trying to fix their mistakes, here’s how

Everybody’s been talking on Zoom lately, and everybody’s been talking about Zoom as well. More specifically, the topic of Zoom’s cyber security has been brought up lately due to their poor security of data, which allows anyone to potentially see anyone else’s recorded videos, and other people getting on their personal Zoom chats.

This brings up the question of “what are they doing about it?” and ”should we switch to another platform?”, which some New York schools and the company Google have been asking, disallowing Zoom’s usage for their people. Well, the people at Zoom are taking measures to try and fix some of these glaring issues. First of all, they are adding and grouping together new security features, allowing them to be access at a click of a button, granting you the ability to lock meetings so no one new can show up, and the function of the waiting room is now turned on by default, so the host will have to manually accept anybody who wants to come in.

They have also decided to take even more time and put in more effort into fixing their issues, with them stopping work on all their new features to focus on these problems. They also hired a security consultant, former Facebook CSO Alex Stamos, who will hopefully help them fix these issues (forbes).

Zoom has a lot on it’s plate for the next month, and I’m sure it will only grow, as Zoom has now increased its active users by twenty-fold, with 10 million users in December and now 200 million in March (businessinsider). I think with this huge boom of users, we can be somewhat lenient to Zoom, as it seems like they are making good strides to fix their problems in a efficient way.

Sources:
https://www.forbes.com/sites/kateoflahertyuk/2020/04/10/zoom-security-heres-what-zoom-is-doing-to-make-its-service-safer/
https://www.businessinsider.com/zoom-security-features-easier-access-stop-zoombombing-eric-yuan-2020-4

Zoom Security Flaws

The use of the video communication tool Zoom has seen a gigantic influx of users over the past month as a result of the COVID-19 pandemic. It has quickly become an important part of remote work and online education. The sudden increase in attention has also made clear some of the security flaws that come with the program.

It was discovered by the Washington Post that Zoom video calls were saved in an unprotected storage space online. This space did not have a password on it, so anyone could access these videos. The videos were also using a naming system that allowed for an easy search for all kinds of content, such as business matters, personal calls, and education.

Another recent issue with Zoom is what is known as “Zoom bombing”. This type of attack involves a hacker or an unauthorized person gaining access to a private Zoom call and spamming it with hate or pornographic images. Some of these attacks come from the leaking of Zoom meeting codes, but many come from direct attacks on video calls that potentially are not end-to-end encrypted.

Security flaws may be some of the more obvious concerns with Zoom, but the way they track users is something else to look at. One feature of Zoom involves attention tracking. The host of a meeting can enable this option when they share their screen to see which participants do not have Zoom as the active window for a set period of time. Not only this, but Zoom also collects certain pieces of data such as name, physical address, phone number, job title, type of device, and even information from a Facebook account if one is connected to the service. They don’t sell the data in the monetary sense, but they do share that data with third parties for “business purposes”.

Overall, while Zoom is a very useful tool in the current time to help continue both work and education online, the sudden popularity of the service has exposed some of the security flaws and data collection practices that may not have been as obvious before.

Sources:
https://securityboulevard.com/2020/04/zoom-recordings-exposed/

https://www.cbsnews.com/news/zoom-video-conferencing-feature-freeze-security-flaws/

https://securityboulevard.com/2020/03/using-zoom-here-are-the-privacy-issues-you-need-to-be-aware-of/

Written by Alex Haubert

The California Consumer Protection Act: How does this change things?

One of the more recent additions to the laws in California is, as I’m sure many of you know, the California Consumer Protection Act. While the CCPA isn’t exclusive to the realm of cybersecurity, it definitely increases the rights of the cyber denizens living in California, who now have rights to the data that companies collect from them.

This means that when companies like Facebook or Google collect data through their platforms, Californians can now request to see that data, prevent the sale of that data, and learn if a company has sold that data. The CCPA also makes it so the company can’t charge them extra depending on if you use the rights the CCPA gives them.

However, things aren’t all as they seem. There are ways for companies to get around these limitations, such as removing the parts of the data that identify a specific person, thus making it into data that could have come from anyone. Another little thing that lets companies work like they would want to is that you have to opt out of their data collecting and selling, it doesn’t happen automatically. This makes it so that people who aren’t as tech-savvy or informed on news like this will never see the benefits.

Another problem that I could see arise is how to clarify what data is personal, and what is impersonal. For example, according to the Washington Post, companies Uber and Lyft collect data such as ratings, credit card information, and location data. However, Uber only reveals the user ratings, and not much else. Who decides which is which? This will surely be a discussion that will come up many times in the future.

The reason I found this happening to be related to the class is that I remembered what we did on Barlow’s Declaration of the Independence of Cyberspace, a piece on how he and the rest of the internet did not want to get involved with governments and wanted freedom for the citizens of the web. I feel like CCPA is a step in the right direction towards what Barlow wants, but I believe that this is too small of a step and that we need to think bigger, or at least expand outside of the Golden State.

By: Jake Peverly

Sources:
https://www.vox.com/recode/2019/12/30/21030754/ccpa-2020-california-privacy-law-rights-explained
https://www.washingtonpost.com/technology/2020/01/21/ccpa-transparency/
https://www.forbes.com/sites/michaelfertik/2020/01/27/ccpa-is-a-win-for-consumers-but-businesses-must-now-step-up-on-cx/#403b48bd6557
(Picture) https://multichannelmerchant.com/ecommerce/top-approach-accelerates-ccpa-compliance/