- Comms
- Law
- Medic
- News
- Opinion
- Threat Watch
- Training
- Warrior Tools
- Accessories
- Ammo
- Body Armor
- Books
- Clothing
- Commo
- Gear
- Handguns
- Holsters
- Knives
- Long Guns
- ACC
- Accuracy International
- Barrett
- Benelli
- Beretta
- Blaser
- Bushmaster
- Custom
- CZ
- Desert Tactical Arms
- DPMS
- FN
- Forums
- HK
- IWI
- Kel-Tec Long Guns
- LaRue
- LWRC
- McMillan
- Mosin Nagant
- Mossberg
- Para
- Remington
- Rock River Arms
- Ruger Long Guns
- Sabre Defense
- Sako
- SIG Sauer
- SKS
- Smith & Wesson Long Guns
- Springfield
- Styer
- Weatherby
- Wilson Combat
- Winchester
- Magazines
- Maintenance
- Navigation
- Optics
- Sights
- Tech
- Warriors
Posts Tagged privacy
Researcher Tracked Gun Buyers For 12 Years
From The Truth About Guns:
These researchers — including noted anti-gun rights UC Davis Violence Prevention Research Program director Garen Wintemute — used Dealer Records of Sales to identify 160,619 lawful gun owners. They then tracked these individuals, including where they lived, for the period of 2001-2013.
Mobile Customer Locations Easily Accessible
From Motherboard:
Motherboard’s investigation shows just how exposed mobile networks and the data they generate are, leaving them open to surveillance by ordinary citizens, stalkers, and criminals, and comes as media and policy makers are paying more attention than ever to how location and other sensitive data is collected and sold. The investigation also shows that a wide variety of companies can access cell phone location data, and that the information trickles down from cell phone providers to a wide array of smaller players, who don’t necessarily have the correct safeguards in place to protect that data.
CA Registration Data Breach
Posted by Brian in Law, News, Threat Watch on 9/Jul/2018 12:40
From NRA-ILA:
Possibly even more concerning with DOJ’s online registration system were the reports of the system’s improper disclosure of personal information to other users. There have been confirmed reports of individuals attempting to register their firearms who were improperly given access to the account information associated with another individual, due to a complete breakdown of CA DOJ’s registration application system. In some cases, the system allowed users to see all the personal information (including home address, telephone number, email, and Driver’s License number) for another user and all the information that user had submitted for registering their firearms as “assault weaponsâ€â€”including the firearms make/model/serial number and all of the photos and attachments to the user’s registration application.
Choosing A Strong Password Is Easier Than You Think
Posted by Brian in Tech, Threat Watch on 8/Aug/2016 07:00
From EFF:
Randomly-generated passphrases offer a major security upgrade over user-chosen passwords. Estimating the difficulty of guessing or cracking a human-chosen password is very difficult. It was the primary topic of my own PhD thesis and remains an active area of research. (One of many difficulties when people choose passwords themselves is that people aren’t very good at making random, unpredictable choices.)
Measuring the security of a randomly-generated passphrase is easy. The most common approach to randomly-generated passphrases (immortalized by XKCD) is to simply choose several words from a list of words, at random. The more words you choose, or the longer the list, the harder it is to crack. Looking at it mathematically, for k words chosen from a list of length n, there are kn possible passphrases of this type. It will take an adversary about kn/2 guesses on average to crack this passphrase. This leaves a big question, though: where do we get a list of words suitable for passphrases, and how do we choose the length of that list?
In general choosing four five-letter words is better than one long word with number substitutions and some weird characters thrown in. It’s easier to remember and vastly harder for a computer to guess.
How Did The FBI Break Into iPhone?
From the EFF:
In addition, this new method of accessing the phone raises questions about the government’s apparent use of security vulnerabilities in iOS and whether it will inform Apple about these vulnerabilities. As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability. Thanks to a lawsuit by EFF, the government has released its official policy for determining when to disclose security vulnerabilities, the Vulnerabilities Equities Process (VEP).
The Apple Case Could Violate The Thirteenth Amendment
If Apple is compelled to create a program that doesn’t exist for the government, that would be a type of slavery.
From Reason.com:
Instead, the DOJ has obtained the most unique search warrant I have ever seen in 40 years of examining them. Here, the DOJ has persuaded a judge to issue a search warrant for A THING THAT DOES NOT EXIST, by forcing Apple to create a key that the FBI is incapable of creating.
There is no authority for the government to compel a nonparty to its case to do its work, against the nonparty’s will, and against profound constitutional values. Essentially, the DOJ wants Apple to hack into its own computer product, thereby telling anyone who can access the key how to do the same.
If the courts conscripted Apple to work for the government and thereby destroy or diminish its own product, the decision would constitute a form of slavery, which is prohibited by our values and by the Thirteenth Amendment.
Apple, Privacy and the FBI
It’s way more complicated than the pundits are saying. To be fully informed read these articles.
From the EFF:
…the FBI’s demands reflect a familiar pattern of security agencies leveraging the most seemingly compelling situations—usually the aftermath of terror attacks—to create powers that are later used more widely and eventually abused. The government programs monitoring the telephone system and Internet, for example, were created in the wake of the 9/11 attacks. Those programs came to undermine the rights of billions of people, doing more damage to our security than the tragic events that prompted their creation.
ArsTechnica discusses Fifth Amendment issues:
But the Fifth Amendment goes beyond the well-known right against compelled self-incrimination. The relevant part for the Apple analysis is: “nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”
The idea here is that the government is conscripting Apple to build something that it doesn’t want to do. That allegedly is a breach of its “substantive due process.” The government is “conscripting a company’s employees to become agents for the government,” as one source familiar with Apple’s legal strategy told Ars. The doctrine of substantive due process, according to Cornell University School of Law, holds “that the 5th and 14th Amendments require all governmental intrusions into fundamental rights and liberties be fair and reasonable and in furtherance of a legitimate governmental interest.”
Reason discusses the political battle over encryption:
This incident is only the latest conflict in a years-long encryption and security war waging between privacy- and security-minded groups and the law enforcement community. As more communications are digitized, authorities have been calling for industry assistance to build so-called government “backdoors” into secure technologies by hook or by crook.
Those in law enforcement fear a scenario where critical evidence in a terrorism or criminal case is beyond the reach of law enforcement because it is protected by strong encryption techniques that conceal data from anyone but the intended recipient. Hence, leaders at agencies like the Department of Justice, the Department of Homeland Security, and the National Security Agency, along with President Obama, have weighed in against strong encryption.
Fourth Amendment Should Cover Your Digital Life
From Fox News:
In an era of constant political gamesmanship and gridlock, getting things done in Congress is never easy. That was never clearer than the last Congress’ failure to pass long overdue reforms to an antiquated that today threatens the very thing it was intended to protect – the privacy of Americans’ digital communications and records.
A bipartisan group of more than 270 members of the House of Representatives co-sponsored legislation with the same underlying objective — to update the Electronic Communications Privacy Act (ECPA). And yet, these bills were left to die without a vote.
Google Backtracks on Default Encryption for Devices
From ArsTechnica:
In short, devices are required to support encryption, but it’s still up to OEMs to actually enable it; this is exactly what Google was doing in KitKat and older versions (PDF, see section 9.9). Full-disk encryption is expected to become a requirement in some future Android version, but it remains optional in Lollipop despite Google’s earlier statements.
Silent Circle Raises $50 Million
Posted by Brian in Comms, News, Threat Watch on 2/Mar/2015 13:35
From ArsTechnica:
Terms of the buyout deal with Spanish smartphone maker Geeksphone, the phone’s hardware manufacturer, were not disclosed. Silent Circle said Thursday that it has raised $50 million and plans on showing off an encrypted “enterprise privacy ecosystem” at World Mobile Congress next week. A BlackPhone tablet is on the way, too.
“Silent Circle has brought tremendous disruption to the mobile industry and created an integrated suite of secure enterprise communication products that are challenging the status quo,” Mike Janke, cofounder and chairman of the Silent Circle board, said in a statement. “This first stage of growth has enabled us to raise approximately $50M to accelerate our continued rapid expansion and fuel our second stage of growth.”
Mozilla Working To Make Privacy Easier
Posted by Brian in News, Threat Watch on 16/Nov/2014 07:00
The company that makes the Firefox web browser has a new privacy initiative.
Today, we are excited to announce a new strategic initiative at Mozilla called Polaris. Polaris is a privacy initiative built to pull together our own privacy efforts along with other privacy leaders in the industry. Polaris is designed to allow us to collaborate more effectively, more explicitly and more directly to bring more privacy features into our products. We want to accelerate pragmatic and user-focused advances in privacy technology for the Web, giving users more control, awareness and protection in their Web experiences. We want to advance the state of the art in privacy features, with a specific focus on bringing them to more mainstream audiences.
Fourth Amendment Negated By AOL Terms of Service
From TechDirt:
The ACLU’s Jameel Jaffer alerts us to a district court ruling in NY that effectively says that by merely agreeing to AOL’s terms of service, you’ve waived your 4th Amendment rights. The case is the United States v. Frank DiTomasso, where DiTomasso is accused of producing child porn — with most of the evidence used against him coming from AOL. DiTomasso argues that it was obtained via an unconstitutional search in violation of the 4th Amendment, but judge Shira Scheindlin rejects that, by basically saying that AOL’s terms of service make you effectively waive any 4th Amendment right you might have in any such information.
All the more reason to use services like Silent Circle and encrypt your email.
Italy Gives Google Privacy Ultimatum
From The Guardian:
Google has been given 18 months by the Italian data regulator to change how it handles and stores user data.
Users will now have to grant permission before the firm creates a profile on them, and Google has to honour requests to delete data within two months (although it will have an additional six months to remove the content from backups). Google will also have to explicitly inform users that the profiles it creates on them are for commercial purposes.
Phone Wiping Fails on Android Phones
From CNET.com:
Avast — known for its security software on Windows, Mac, and Android — purchased 20 Android smartphones from eBay, which has around 80,000 used smartphones for sale at any given time. Among the data that Avast employees recovered from the phones were more than 40,000 photos — including 250 nude male selfies — along with 750 emails and text messages, 250 contacts, the identities of four phones’ previous owners, and one completed loan application.