Connect with us

Internet

Google Chrome Update — ‘A Threat To Children, Cybersecurity And Government Snooping’

Published

on

The way we access websites is about to change. As a result, crisis talks have now been scheduled between the U.K. government and the internet industry to discuss the risks. The primary concern is a proposed but as yet unconfirmed update to Google’s popular Chrome web browser, one that would hit many of the techniques used to monitor internet content for both safety and snooping. It isn’t just Google that will change. But the market-leading position of its Chrome browser has focused governmental minds.

These days, almost everyone is familiar with the concept of internet domain names and the fact that memorable, human-readable addresses are translated into machine-readable IP addresses. But most people have likely never heard of DNS over HTTPS or DOH, and so will be unaware of a planned change to how all this works.

However, DOH is now being fast-tracked, and it has agitated U.K. child safety and intelligence agencies enough to convene a crisis meeting on 8 May, citing child safety, cybersecurity and even terrorism as concerns.

DOH will encrypt the addresses of the websites we visit, potentially bypassing local Internet Service Providers (ISPs), and connecting directly to central nameservers that could well be managed by the companies behind the browsers themselves. This means that many of the filtering and protection tools in place today, usually administered by ISPs, would no longer work.

The new approach brings definite security advantages, notwithstanding that we’ll be entrusting Google and its peers with even more data on us. If the addresses of the websites you want to visit can’t be seen, they can’t be filtered or policed. And campaigners claim that this has implications for the fights against terrorism and extremism, as well as for child safety.

Coming at a time when the monitoring of online content has never been more in the news, and when cybersecurity breaches are reported weekly, the clear need to improve online security is driving welcome change. But the unintended consequences of those changes are apparently now a major concern.

All change

The Internet’s Domain Name System (DNS) is one of its greatest strengths and also one of its greatest weaknesses. The internet is easy to use, but that comes with the risk of the manipulation of DNS names, with snooping on open traffic, and, in many parts of the world, with local monitoring and filtering. So it’s little surprise that the Internet Engineering Task Force (IETF) has been working on a revised approach.

As open traffic, your IP address and browsing activities can be profiled and your requests can potentially be intercepted and manipulated. Who you are and what you’re looking at can be monitored. But with more and more of what is done online being encrypted, the very act of accessing specific websites can be encrypted as well. This is what DNS over HTTPS is all about, bypassing locally held DNS nameservers, sending encrypted traffic to a central server instead.

The change would see web browsers (or other central services) handling domain queries, transparently to users, rather than fielding these as open internet traffic through the ISP. More secure and less open to interception, yes, because all of this would be encrypted HTTPS traffic, but it means that you would be serviced from a central location and not by an operator under your country’s legislative control. Think of it as a built-in, always-on VPN.

presentation from BT on the ‘Potential ISP Challenges with DNS over HTTPS’ earlier this month, acknowledged that “DOH could be a game changer in operator/application dynamics” with fast-tracked standards bringing potentially adverse implications on cybersecurity and on safety from online harms. BT cited a reduced ability to derive cybersecurity intelligence from malware activity and DNS insight, significant new attack opportunities for hackers, and the inability to fulfill government mandated regulation or court orders as potential concerns.

Online responses to the ‘crisis’ suggested that this latter point, the impact on government snooping, was much more of a concern for the authorities than any impact on online safety filters.

Crisis meeting scheduled

According to the Sunday Times, a crisis meeting has now been convened for 8 May to bring together the country’s major ISPs, including BT, Virgin, Sky and TalkTalk, with the country’s National Cyber Security Centre (NCSC) to discuss the implications. The primary concern is that it will be impossible for the country’s ISPs to filter out illegal or inappropriate material. This could have implications for terrorism, extremism, child safety and, of course, password-protecting the U.K.’s countrywide porn habits from July 15, as announced last week.

Because DOH is expected to be largely centralized, and (at least initially) managed by the major browsers, this is where Google comes in. Chrome is the U.K.’s most popular browsing application. With DNS queries not being serviced by an ISP’s nameservers, the ISPs would have no way of tracking, filtering or policing browsing. It would invalidate child safety locks and render useless the planned porn filter. For the ISPs, it could also mandate a rethink in the ways content is cached through efficient and cost-effective content delivery networks.

The well-populated databases of dangerous sites held by ISPs would be bypassed. But, it would also make government online snooping much more difficult. According to the Sunday Times, “BT, which has 9m broadband customers, said in a statement that parental controls, the first line of defense for millions of households, could be rendered ‘ineffective’ by the new system. It added that it could ‘hamper our ability to protect customers from online harms’.”

A spokesperson for the U.K.’s Internet Services Providers’ Association, the trade association representing more than 200 ISPs, including BT, Sky and Virgin, told me that “U.K. broadband providers are actively involved at a national and international level in ensuring that encrypted DNS is implemented in a way that does not break existing protections provided to U.K. internet users. If internet browser manufacturers switch on DNS encryption by default, they will put users at serious risk by allowing harmful online content to go unchecked. Internet browser companies must ensure that parental controls and cybersecurity protections offered by broadband companies continue to work and protect users. We would expect internet browsers to provide the same protections, uphold the same standards and follow the same laws as U.K. ISPs currently do.”

No need to panic?

The encryption of DNS name traffic is not the issue. The central management of the system, bypassing local controls, is the issue. There’s no reason that the new ecosystem cannot work in the existing framework. But it won’t start out that way, and it puts significant control in the hands of the device browsers. Theoretically, there could be device- or even application-specific DOH datasets accessed. And any user filtering would need to be at a device level instead of relying on the ISP. These changes need to be fully communicated and documented in how-to guides before being made.

For their part, Google has confirmed that an encrypted version of Chrome is already available but is not yet included as standard. In a statement, the company said that “Google has not made any changes to the default behavior of Chrome.”

Source: https://www.forbes.com/sites/zakdoffman/2019/04/22/crisis-as-changes-to-google-chrome-threaten-child-safety-and-cybersecurity/#7d0977f05704

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Internet

Instagram to require birth dates in move to block under-13 users

Published

on

By

Instagram said Wednesday it would require new users to verify they are at least 13 when they join the visually focused, Facebook-owned social network.

The move aims to help Instagram comply with a US law and its own policies that require any user to be at least 13.

“Asking for this information will help prevent underage people from joining Instagram, help us keep young people safer and enable more age-appropriate experiences overall,” an Instagram blog said.

The company said the age information would not be visible to others but would help in creating “age-appropriate and safer experiences” on the social network with more than a billion users.

It was not immediately clear how Instagram would protect against young people providing false information, which has been a persistent issue for social media.

The announcement came a day after a TechCrunch article which noted that Instagram did not follow the example of most of its social media peers in checking the ages of users, which could put the network in violation of the Child Online Privacy Protection Act.

The article noted that Facebook and Instagram both employed moderators who may lock the accounts of any users they suspect are under 13.

Source:
https://punchng.com/instagram-to-require-birth-dates-in-move-to-block-under-13-users/

Continue Reading

Internet

Facebook tests tool that allows users to export photos to Google

Published

on

By

Facebook today announced a new tool that would allow users to transfer their photos and videos from Facebook to other storage services, starting with Google Photos.

This tool would be similar to the one we already have that allows us to download our Facebook information. While I’m sure many users already have their photos backed up to Google’s repositories, those who don’t might find this easy to use when it eventually rolls out to everyone. At the moment, the tool is in testing, with the company taking feedback from its users.

The tool itself would be nifty enough, but it’s part of a larger endgame that involves Facebook, Google, Apple, Microsoft, and Twitter. All of these companies are part of the Data Transfer Project, an open-source project aimed at (as the name implies) making it so that “all individuals across the web could easily move their data between online service providers whenever they want.” So that means that Facebook‘s tool could potentially work with, say, Microsoft’s OneDrive or Apple’s iCloud.

Steve Satterfield, Facebook‘s Director of Privacy and Public Policy, says of potential privacy concerns: “We’ve kept privacy and security as top priorities, so all data transferred will be encrypted and people will be asked to enter their password before a transfer is initiated.” He also links to a Facebook white paper where the company ruminates on the conundrums in “data portability” — a paper that acknowledges photos are one of the easiest use cases: “It seems clear that people should be able to transfer data such as the photos they upload to a service.”

This tool isn’t being offered in a vacuum. Facebook‘s currently the subject of scrutiny from antitrust regulators worried about its anti-competition tendencies. Actually, that might be underselling it. The FTC launched an investigation into Facebook in July for just this reason, as did the Department of Justice in September. Satterfield obliquely refers to this — or at least this among Facebook multitude of other problems — when he says “We’ve learned from our conversations with policymakers, regulators, academics, advocates and others that real-world use cases and tools will help drive policy discussions forward.”

Most likely this effort from the Data Transfer Project is born in response to the European General Data Protection Regulation (GDPR). Article 20 of the GDPR states:

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided… [and] the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Facebook is currently testing the Photo Transfer tool in Ireland. It plans to make it available worldwide in the first half of 2020.

Source:
https://thenextweb.com/facebook/2019/12/02/facebook-tool-google-photos/

Continue Reading

Internet

WhatsApp Spotted Working on Self-Destructing ‘Delete Message’ Feature in Latest Android Beta

Published

on

By

WhatsApp has released a new Android beta update, and this version is said to show the company restarting work on a previously reported feature. This feature, earlier called Disappearing Messages, allowed users to delete their messages automatically after a stipulated period of time. This feature has now been renamed to Delete Messages in the latest beta, and it has been implemented in the Dark Mode as well, which is also under development. The Delete Messages feature is also under development, therefore you won’t be able to see it even after you update to the latest beta version.

The latest Android beta from WhatsApp carries the version number 2.19.348. The update can be installed via Google Play beta programme, or can alternatively be side loaded using an APK from APK Mirror. In this beta update, the Disappearing Messages feature reportedly sees its name change to Delete Messages. The feature is available in Contact Info or Group Settings and can be enabled by administrators only. As mentioned, this feature is still under development, so users won’t be able to see it even after updating to the latest beta.

The WhatsApp Delete Messages feature brings the ability to choose how long new messages will last, before they are deleted. Options include one hour, one day, one week, one month, and one year. These options could change when the feature rolls out in the stable version. Furthermore, this Delete Messages feature has also been implemented in Dark Mode as well. To recall, Dark Mode is also under development, and the latest feature was first spotted by WhatsApp features tracker WABetaInfo.

As is the norm with all features spotting, there is no word on when this feature will be enabled for beta users, or when it will roll out in the stable version.

Source:
https://gadgets.ndtv.com/apps/news/whatsapp-android-beta-disappearing-delete-messages-spotted-under-development-dark-mode-2138777

Continue Reading
Advertisement

Trending

%d bloggers like this: