Weekly Axis Of Easy #83
This week’s quote: “Propaganda is to a democracy what the bludgeon is to a totalitarian state.” …by ????
Last Week’s Quote was “I guess I should warn you, if I turn out to be particularly clear, you’ve probably misunderstood what I said”, was Alan Greenspan, winner was Paul M.
THE RULES: No searching up the answer, must be posted in the comments below:
The Prize: First person to post, gets their next domain or hosting renewal on us.
In this issue:
- China blocks Bing search engine for a day
- Big Tech merging with Big Brother is Big Trouble
- Unfortunately, it is impossible to exist without Amazon
- Citizen cyber-watchdog targeted by foreign operatives
- Euro privacy regulators cry foul over RTB ad auctions
- CERT-US issues warning about rampant DNS hijacking
Last week netizens in China found themselves abruptly cut off from the only major search engine still accessible from within mainland China. Users attempting to access cn[.]bing[.]com were confronted with a page saying the server was unreachable. While the Financial Times originally reported that China Unicom confirmed the action was ordered by the government, the outage was later blamed on a technical error and access has resumed.
David Samuels pens a highly relevant warning, using China’s Sesame Credit as its departure point. We’ve written about Sesame Credit here numerous times, it’s the all knowing social media system in China that gamifies obedience to the State, every facet of your life is measured and scored, from how physically fit you are to your personal consumption habits. If your score is too low, you are penalized: which can result in denied flights, or permits to work abroad withheld.
But that can’t happen here, right? Well, maybe not in the same sense it’s happening over there, but Samuels compares and contrasts Sesame Credit with the more neo-feudal patchwork of Big Tech Factions, and the control they exert over our lives, “The all-seeing Amazon, Google, and Facebook have every incentive to help the national security state undermine privacy, free speech, and democracy. We’ve read this book before.”
(also see next article)
Kashmir Hill, a technology writer for Gizmodo decided to try to cut Amazon out of her life completely, or at least try to, for one week. She put herself on a VPN configured to null route 23 million IP addresses that comprise of the network footprint of the entire Amazon conglomerate and then went about her business, as best she could. Between her family’s dependency on Alexa at home to the reality that Slack, Netflix, Signal and about a million other tech services and apps all run on AWS, she couldn’t do it.
In a related article by Hill, what is also impossible, is getting a straight answer from Amazon and Chase about what they do with the data associated with her credit card data. That’s Big Tech today: ubiquitous, inscrutable, unaccountable and opaque.
We’ve reported on Toronto’s Citizen Lab more than once here. Like when they sounded the alarm on a Canadian surveillance-as-a-service outfit Netsweeper or uncovered a Saudi espionage operation against a Canadian citizen, this time the U of T Munk School of Global Affairs based outfit found themselves the target of an undercover investigation by foreign operatives after breaking the story that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi before his brutal murder in the Saudi Arabian consulate in Turkey.
On two occasions “men masquerading as socially conscious investors have lured members of the Citizen Lab internet watchdog group to meetings at luxury hotels to quiz them for hours about their work exposing Israeli surveillance and the details of their personal lives”
Another citizen run digital rights group, this time the Panoptykon Foundation in Warsaw joined complaints filed in the UK and Ireland against ad broker companies, including Google. The complaint alleges that the IAB ad category lists and taxonomies break users out into segments that reveal information about their sexuality, religious beliefs, traumas and other intimate details. By allowing advertisers to target users based on these criteria (examples include the identity group “IAB 113: ” Lesbian, Gay, Bisexual & Transgender” and IAB7-28, “Incest and Abuse support”), user privacy is violated and with it, provisions of the GDPR.
US-Cert issued an alert last week that The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of a widespread campaign to hijack DNS to execute man-in-the-middle attacks against various, unspecified targets. By taking over a victims’ DNS, attackers can erect fake websites to harvest login credentials, among other things.
The attack vector is through the DNS management vendor or domain registrar by compromising login credentials there. DNSSEC doesn’t really help in this case, because if they have control over your DNS, they can just re-sign your zone with their own info. (So make sure you have 2-factor authentication enabled, account ACLs and event notifications turned on in your account security settings.)
That’s it for this week. I had a couple other items but after shoveling snow for the last couple hours I’m too tired … Have a good one.