Eerst nog een nagekomen bericht, vertrouw het voor nul cent maar het luidt:
Groot deel Kamer tegen verzwakken WhatsApp-encryptie
Een groot deel van de Tweede Kamer is tegen de wens van de AIVD om de encryptie van WhatsApp en andere chatdiensten te verzwakken zodat de inlichtingendienst versleutelde chatberichten toch kan lezen. Gisteren deed AIVD-directeur Rob Bertholee daartoe een oproep in de Volkskrant.
Hoewel Bertholee stelt dat de dreiging nog nooit zo groot is geweest, is het dreigingsniveau dat de Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV) hanteert al jaren hetzelfde. “De AIVD-baas jaagt mensen schrik aan zonder concreet te worden en zonder het officiële dreigingsniveau aan te passen. Hij vindt privacy maar gezeur en eist vergaande nieuwe bevoegdheden zonder de noodzaak ervan te onderbouwen. Ik weet niet hoe het met u zit maar na het lezen van dit interview ga ik vanavond niet rustiger slapen”, besluit het D66-Kamerlid.
Ockje Tellegen, VVD-Tweede Kamerlid en woordvoerder openbare orde/veiligheid, terrorisme en veiligheidsdiensten, laat een ander geluid horen. In een reactie op het interview en de wens van de AIVD om de encryptie van chatdiensten te beperken tweet ze. “Eens. Een terrorist heeft geen recht op privacy.”
Over of het mag, reverse engineering:
Reverse engineering of the Skype protocol by inspecting/disassembling binaries is prohibited by the terms and conditions of Skype’s license agreement. However European Union law allows reverse-engineering a computer program without getting a permission from an author for inter-operability purposes. In the United States, the Digital Millennium Copyright Act provides protections for reverse engineering software for the purposes of interoperability with other software. There are also legal precedents in the United States when the reverse-engineering is aimed at interoperability of file formats and protocols.
In addition, some countries specifically permit a program to be copied for the purposes of reverse engineering.
Zou dat Skype lekker links laten liggen, zie dit bij Slashdot naar aanleiding van een Ars-Technica-artikel:
Skype Finalizes Its Move To the Cloud; To Kill Older Clients – Remains Tight Lipped About Privacy
When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as “supernodes,” and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype’s operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article:
Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients – in particular, those integrated into smart TVs and available for the PlayStation 3 – are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.
The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds:
The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype’s traditionally peer-to-peer infrastructure. Accordingly, we’ve seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype’s peer-to-peer system can only raise suspicions here.
Matthew Green, who teaches cryptography at Johns Hopkins, said: “The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won’t just admit it.”
Ander AT-artikel waarnaar verwezen wordt:
Think your Skype messages get end-to-end encryption? Think again
Ars catches Microsoft accessing links we sent in our test messages.
With the help of independent privacy and security researcher Ashkan Soltani, Ars used Skype to send four Web links that were created solely for purposes of this article. Two of them were never clicked on, but the other two—one beginning in HTTP link and the other HTTPS—were accessed by a machine at 65.52.100.214, an IP address belonging to Microsoft. For those interested in the technical details, the log line looked like this:
65.52.100.214 - - [16/May/2013 11:30:10] "HEAD /index.html?test_never_clicked HTTP/1.1" 200 -
The results—which were similar but not identical to those reported last week by The H Security—prove conclusively that Microsoft not only has ability to peer at the plaintext sent from one Skype user to another, but that the company regularly flexes that monitoring muscle.
Eerste artikel van Ars Technica weer:
Skype finalizes its move to the cloud, ignores the elephant in the room
The move away from peer-to-peer has its virtues, but much is left unanswered.
The concerns over privacy serve only to highlight the awkwardness of Skype’s secrecy. Skype’s lack of clearly defined encryption and dependence on proprietary protocols isn’t good enough in 2016. In re-engineering the Skype network, Microsoft could, and should, be making it a best-of-breed application that matches competing systems, such as iMessage, WhatsApp, FaceTime, and more, not just in terms of features, but also in terms of privacy.
En tenslotte weer terug naar Slashdot, niks Skype, niks Asterisk:
You’re living in the past. […] Simple LAMP/LEMP stack and you can very easily set up a system that allows video chat. (e.g. Owncloud + spreed.me webrtc server).
Elephant in the room + video chat …
Gisteren “Lo and Behold” gezien van Werner Herzog, helemaal te gek. Iemand van 74 die nooit veel met internet deed, pakt dat in een keer helemaal voor je in en houdt daarna ook nog de deur voor je open, fantastisch.
Steken daarin ook nog eens olifanten over in iemands hersenpan, gereconstrueerd uit een MRI-scan. Daarvoor hebben ze [subject] van alles laten zien aan filmfragmenten:
Using image processing to improve reconstruction of movies from brain activity
One human subject underwent fMRI brain scanning while viewing a complex natural movie. Voxel-wise modeling was used to estimate a forward encoding model for each location in visual cortex (see Nishimoto et al., 2011). For each one second segment of the movie, the encoding model was used in decoding mode to identify, from a library of 5000 hours of random video, 100 random clips most likely to be similar to the original clip that elicited the measured brain activity. The top 5 clips from these 100 were then selected using histograms of gradient features, image gradient similarity, and SIFT-flow features across time. These clips were averaged to produce the final reconstruction.
Hierzo, uit de documentaire van Herzog en gelinkt naar video gepost door die Berkeley onderzoekers:
De filmfragmenten zijn zo verbluffend omdat je origineel en reconstructie synchroon ziet opschuiven. Bertholee die er ook bij was zat gewoon te wippen op zijn stoel en slaakte onsamenhangende kreten. Zag zijn hele surveillance-probleem in één keer als sneeuw voor de zon verdwijnen …
Volledige titel:
Werner Herzog - Lo and Behold: Reveries of a Connected World
Gaat dat zien o/o