Friday, April 21, 2017

Privacy and Transparency in 20 years

There is inherent tension between privacy and transparency.  For a democracy to function properly some argue that transparency (not privacy) is necessary for public institutions, but that privacy (not transparency) is necessary for individuals. And, yet governments and corporations have legitimate needs to keep certain secrets (think national defense and trade secrets) and certain individuals such as terrorists and criminals use privacy as a means of accomplishing their hostile and illegal acts (think encryption and ephemeral messaging).

How will the tensions between privacy and transparency be reconciled over the next 20 years?  Will one value prevail over the other or will they both be harmonized?  Will personal privacy be a thing of the past? Gaze into your crystal ball and describe our nation in 20 years in terms of privacy and transparency.

Thursday, April 20, 2017

Takeaways for Week 15

This week was all about reclaiming one's privacy.

On Monday, a discussion on ephemeral messaging took place, where several benefits of this type of service were brought to attention, which included the following:

  • Gives a sender greater control over who sees a message
  • Increases the level of privacy
  • Increases security of information
  • Greater convenience
  • Provides for spontaneity
However, it was noted that these apps are not created equal in terms of privacy.

Wednesday's class was all about detailing levels of privacy protection.  There were three types of protections:  strong, for normal people; stronger, for geeks; and super strong, for tin foil hat types.
The strong protections included:
  • Password hygiene:  Password-protecting all of one's devices with complex, 8-12-character passwords, using separate passwords for each online account, and not settling for default security questions.
  • Authentication:  Using two-factor authentication and biometric ID for accounts and devices
  • Self-censorship and Restraint:  Using cash to pay for embarrassing items, using the delete button liberally, "liking" fewer things on social media to make one's online profile less complete, and decreasing one's digital footprint
  • Caution with Social Media and Apps:  Turning off geotagging when posting photos and status updates, remembering that some personal details simply should not be shared on Facebook, using sound judgement when posting photos, signing out when through viewing or posting, changing Facebook privacy settings to "friends only," checking permissions when downloading an app, possibly skipping or monitoring automatic replies, and periodically reviewing apps and deleting those that are not used
Stronger included:
  • Encrypting hard drives
  • No use of unencrypted cloud services
  • Keeping malware and virus protection software up-to-date
  • Using a VPN
  • Properly wiping phones and computers when disposing
  • Confidential Communications:  Encrypting phone communications, using ephemeral messaging apps, and avoiding free public networks or wi-fi
  • Web Browsing:  Clearing browser history and cookies on a regular basis, using a browser that does not track, using an IP tracker, installing plugins to avoid tracking, and using a disposable/temporary e-mail address
The Super Strong category consisted of some fairly wacky ideas, including:
  • Keeping one's phone in a Faraday Cage when not making calls
  • Covering all inner-facing cameras on any Internet-connected devices
  • Plugging headphones when not listening to music
  • Wearing "unhackable" fashion, such as a drone cloak or plane laptop sock
With all of these possible protections, one can therefore come to the conclusion that privacy cannot be completely dead.  It will just take a little bit of extra effort to maintain.

Takeaways for Week No. 15


Recent Developments for 4/17/17
  • Burger King Ad hacked the Google Home Assistant (when the commercial was listened to, it triggered the Home Assistant to read off the ingredients in a Whopper Burger); Helped reinforce the issue that smart devices can be hacked
Ephemeral Messaging
  • Messages that don't persist, kind of like how a face-to-face conversation where no hard copy of communications is kept
  • More and more ephemeral messaging platforms are being developed, like Instagram Direct and Facebook Messenger's Secret Messages.
  • Benefits: sender has greater control over who sees the message, there is an increased level of privacy, there is increased security of information, there is greater control over distribution and life-time of messages, etc.
  • As ephemeral messaging becomes more popular, what are some concerns about people using this technology?
    • Drawbacks of ephemeral messaging: people can be less civil/ethical (in a sense, there is less accountability), there is no backup history of what was messaged/nothing to look back on
    • Concerns from a business perspective: there are often reasons/laws where a company will need a permanent copy of messaging/communications, there are concerns of messaging being used for sexual harassment or discrimination
    • Concerns from a government use perspective: there is a need for transparency/accountability
Ways to Protect Personal Privacy
  • Practice Good Password hygiene, practice self-censorship and restraint, be careful with social networks and apps, use confidential communications, practice good data security, etc.
  • What is the right amount of caution for a person to take?
    • It honestly probably depends on the person, although certain, basic measures should be taken by everyone.

Takeaways for Week 15

1.    Ephemeral messaging apps are becoming increasingly available and easy to use.  The contents of messages sent on these apps are encrypted and vanish from all devices/servers after a certain amount of time.  Many of them also have features that make it more difficult to screenshot the contents of the message.  Confide, for example, is an app that requires the user to decode a message one line at a time by dragging their finger down the screen.
2.  Ephemeral messaging ensures much safer and more secure messaging than other electronic forms of messaging.  This can be helpful for companies conveying private information or individuals involved in a very personal conversation. 
3.  On the down side, ephemeral messaging may enable illegal or inappropriate exchanges, such as child pornography, cyberbullying, or drug transactions.
4.   Users should investigate a few questions before using ephemeral messaging.  These questions might include:
-       Where will the message be stored, and for how long?
-       How easy is it to screenshot or copy the message?
-       How secure is the encryption?
           5.  There are three basic levels of privacy protection we can implement: strong          (normal person level), stronger (geek level), and super strong (tin foil hat-wearer level).  Some of the simplest but most effective suggestions include using password hygiene, using good judgment on what information and pictures we share on social media, and limiting geolocation.



Monday, April 17, 2017

QUESTION OF THE WEEK NO. 13

Do you agree with the following statement?:

 Privacy as we know it is essentially dead and we must learn to live in a totally transparent world where every aspect of our lives, except for our unexpressed thoughts, are an open book.

Thursday, April 13, 2017

A Less Permanent Internet: Ephemeral Messaging

What is it? Ephemeral messaging, or self-destructive messaging, is a system where messages are deleted after a certain period of time after being read. Messages can be text, images, videos or emails. The process usually involves encryption during transfer and strong password walls to verify users before messages are viewed. A certain period of time after the message is viewed it is deleted on both the sender’s and receiver’s devices, as well as the system servers. Examples of platforms that use ephemeral messaging are Snapchat, Wickr, Mirage, Dust, Confide and Facebook Messenger.

Purpose. Internet users have limited control over their online content, ephemeral messaging offers an increased level of privacy. It provides protection against a widespread distribution of the content you send and keeps conversations private from others. Since no record is maintained, someone with your device is unable to read those messages. Ephemeral messaging helps those who are hiding activities, which could be for privacy in everyday life up to hiding illegal activity or threatening messages that could otherwise be used in court. Generally, ephemeral messaging is for users to communicate without leaving a copy of everything they send to be permanently recorded. See this video (start at 2:45) for more information on benefits of ephemeral messaging.

How secure is it? It is impossible for ephemeral messaging to be perfectly secure. Some platforms have tools to prevent screenshots of messages, or require a finger to be on the screen to make it more difficult. However, this doesn’t prevent a user from having an external camera to take a picture of the content while viewing the message. There is also the possibility that the service provider doesn’t destroy their copy of the message. The apps’ companies may also collect some information for analysis or to sell to advertisers, or be forced to surrender that information when asked by the NSA or through the legal process for an employer or school. For more information see this website discussing potential security issues in ephemeral messaging. Despite the lack of perfect security, ephemeral messaging is more secure than regular messaging. The chances of the message content being released much lower, providing a more private means of communication.

Apps. The most popular app for ephemeral messaging is Snapchat. It has had some issues, such as getting hacked and potentially not deleting photos off their servers. Confide is another app, which has a feature requiring the user to drag their finger to reveal each line of the message, making it more difficult to copy the message. Facebook Messenger has a new feature, Secret Conversation, which includes encryption. Wickr allows its users to set the duration of auto-destruction on their messages. See this website for more information on popular ephemeral messaging apps.

Use in Business. Ephemeral messaging has begun to spread into business use. These apps could be useful in the communication of private and sensitive information. It can be essentially used as a digital version of in-person meetings or phone calls, in lieu of emails which maintain the information sent. Ephemeral messaging could protect businesses in the case of hacking, where their conversations would be vulnerable if stored. Sensitive information won’t be stored, where it has the potential to be found. Though ephemeral may not be for all communication, it may be used for information the company/entity wishes to keep private. This type of communication could be useful in government, hospitals, senior-citizen care, law enforcement, fire departments and financial institutions. Some regulation may be necessary to incorporate ephemeral messaging in business, this website outlines some possible regulations.

I cannot say if ephemeral messaging will be widely used, but it has benefits which gives it the potential to become commonplace. It offers a step towards making information on the Internet less permanent.

Works Cited

Weekly Takeaways #14

Weekly Takeaways #14

  1. Deep and Dark Web: websites which are not able to be indexed, cannot be accessed without a certain browser and URL.
    1. Guarded with encryption
    2. Anonymous use
    3. Also holds databases requiring login to access (restricted access)
  2. Dark Web: same type as Deep Web, but generally associated with ‘dark’ or illegal activities
    1. Deep web is broader, includes all content not accessible to search engines
  3. Tor: allows you to browse anonymously, difficult to track
  4. Virtual Currency: not regulated
    1. Peer-to-peer transactions
    2. Doesn’t protect against fraud or ability to get money back
    3. Subject to taxes
  5. Bitcoin: most popular form of virtual currency
    1. Not linked to identity
    2. Can only be accessed with password and two-factor authentication
    3. Used for illicit purposes as well as by regular businesses or investment
  6. Questions to consider:
    1. Should virtual currency such as Bitcoin be regulated?
      1. How would it be regulated?
    2. Should accessing/using the Dark Web be illegal?
      1. Line between intention and attempt. At what point should Dark Web use be criminalized?