Weekly Axis Of Easy #124
Last Week’s Quote was “Secrecy is the keystone to all tyranny. Not force, but secrecy and censorship.” by Robert A Heinlein. Winner was Adriano Correa
This Week’s Quote: “The most successful people are those who are good at Plan B” by….???
THE RULES: No searching up the answer, must be posted to the blog
The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.
Please forward this to friends and colleagues. Feedback welcome. Reply to this email or @easydns on Twitter.
Listen to the podcast edition of #AxisOfEasy here: https://vimeo.com/377075890
In this issue:
- Europe runs out of IPv4 space
- Teksavvy appeals GoldTV blocking
- Public backlash against .ORG sale
- Ring doorbells to compile list of suspicious neighbours for police
- Twitter wil remove dormant accounts and free up usernames in December
- Ransomware attack cuts off over 100 nursing homes from their data
- A deep dive into the QuadrigaCX saga
- Ethereum foundation member arrested for helping North Korea evade sanctions
- China introduces mandatory face scans for new phone users
- SMS text data leak puts privacy of millions at risk
- Metaviews: Tor and the Darkweb; Also high speed internet in the Arctic
RIPE NCC, the regional authority that apportions network address space for the Euro region announced last week that it has run out of IPv4 space. This is/was not unexpected, everybody knew it was coming, and at 15:35 UTC+1 on November 25th they made their final IPv4 allocation, a /22 address block.
With IPv4 quickly heading to depletion globally, a robust aftermarket has evolved in the leasing or purchase of already assigned net blocks, and (in theory) the adoption of IPv6. Some people still say IPv6 will never happen, I can’t see how it couldn’t. But I don’t think it’ll ever replace IPv4 completely. The latter will be around for as long as there is an internet.
Canadian indie ISP Teksavvy has put its money where its mouth is by filing an appeal asking that the Federal order to block an IPTV nationally be set aside. The motion asserts that the judge made at least three errors in this decision:
- Offering site blocking as a remedy under the Copyright Act (which the act does not provide for)
- Ruling that Section 36 of the Telecommunications act did not apply to the site blocking order (that section says ISPs are not responsible for content traversing their network), and
- That the judge erred in the way he applied a test for a mandatory injunction known as the RJR-MacDonald test.
The order also violates the Canadian Charter of Rights and Freedoms, a.k.a free speech, according to the filing by Andy Kaplan-Myrth, VP of regulatory and carrier affairs.
The public is not amused. Backlash over the sale of the Internet Society’s .ORG TLD to a VC firm has drawn widespread criticism, if not outrage, from netizens far and wide. ISOC chairman Andrew Sullivan appeared on the CBC to proffer their side of the story, but so far not a lot of buy-in from the internet public, including World Wide Web inventor, Sir Tim Berners Lee, who tweeted concern along with the #SaveDotOrg hashtag.There is also an online petition to halt the proposed sale at https://savedotorg.org/
As disclosed last week, I sit on the board of Internet Society Canada Chapter (ISCC). We have a call scheduled for our monthly policy meeting to discuss this. I haven‘t publicly written what I think about this yet. I should probably hold off until somebody in authority tells me what that should be (j/k). I do note that the Netherlands chapter of the Internet Society has already come out against this. See: https://isoc.nl/nieuws/statement-against-the-sale-of-dot-org/
Most recently Sam Biddle reports on documents obtained of Rings’ plans to use facial recognition to create an “AI-enabled neighbourhood”, where homeowners would be alerted when a “suspicious” individual is captured in frame. These events could be compiled into neighbourhood watchlists. Though information sharing with the police is not spelled out specifically, there are numerous references to local authorities and law enforcement agencies in the documents. As previously noted, Ring already has a portal for law enforcement use and coaches police on how to obtain footage without a warrant.
An Amazon rep stated that there are no facial recognition capabilities in Ring cameras and none in development, refusing to answer further questions.
AT LONG LAST!!!! Ever have an idea for some new project and when you go to register the Twitter handle it’s been already taken by some 40-year old virgin with 2 followers that hasn’t tweeted since 2009? I hate it when that happens. Twitter has announced that in December they will be sending out email notifications to accounts that haven’t logged in for over 6 months telling them if they don’t do so soon, their account will be de-registered and allocated back to the available pool.
It’ll be like domain sniping all over again. Good luck!
<>Via Krebs on Security: “A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business, but also to the untimely demise of some patients.”
Just wow. It doesn’t surprise me when I see non-tech companies get hit by ransomware without backups. But an IT company? There’s no excuse. Get backups, then backup your backups.
Jim Carroll sent me this Vanity Fair article over the weekend on the secret life and strange death of QuadrigaCX CEO Gerald Cotten. QuadrigaCX was Canada’s largest crypto-currency exchange (not to mention a Domainsure beta client for domain phishing) and when Cotten died he purportedly took the password to his laptop, and its private keys for the exchange’s cold wallets, with him. Close to 200M dollars worth of crypto are now lost and the exchange was declared bankrupt by a Canadian court.
This article is a long read, detailing the CEO, his lavish lifestyle, his mysterious partner with the checkered past, and his wife and heir, who seems to change her name a lot.
Now… here’s where it got weird for me, in a “bizarre coincidence” sense of the word. Notwithstanding that I exchanged emails with Cotten a mere 4 days before he died, I noticed that his wife’s maiden name was Griffith. I found myself wondering if she, the wife of a crypto guy, was in any way related to Virgil Griffith, a member of the Ethereum Foundation and whom I’ve met in person at the Ethereum Name Service WG meeting in London, UK in 2017 and kept in touch with on and off since.
So when I search up Virgil to find out more on his background, I realize that….
Virgil was just arrested, days prior, at LAX for intending to help North Korea avert US sanctions using the blockchain. Apparently there was a blockchain conference in North Korea, and he asked the U.S. State Department for permission to go there and deliver a talk. They refused, so he went anyway. He gave his talk there, entitled “Blockchain and Peace”, and then allegedly discussed exchanging crypto-currency between North and South Korea, knowing that this would be a violation of sanctions.
Personally I just find it hard to believe that this transpired as is being widely reported. It just seems too crazy for me and given a lifetime of watching media rarely getting it right, I can’t help but wonder if something is being lost in translation or there is some critical nuance absent. Ethereum founder Vitalik Buterin tweeted his support for Griffith (many in the community, including the Ethereum Foundation are distancing themselves) and there is a “Free Virgil” petition online.
(And no, after all that, I don‘t think that Jennifer Robertson, née Griffith, is related to Virgil Griffith. She‘s Canadian, while Virgil was born in Alabama).
“China will require telecom operators to collect face scans when registering new phone users at offline outlets starting Sunday”. A telco representative told AFP that customers may have to submit videos of themselves turning their heads and blinking to facilitate “portrait matching”. Telco operators may then use AI “and other technical means” to verify the new telephone aspirant’s identity.
All this coming under a directive issued by the Chinese government called “safeguarding the legitimate rights and interests of citizens online”.
In a related topic, a video has gone viral over Twitter depicting a Chinese citizen being interrogated by police after he was caught criticizing the police in a WeChat group.
Not uncommon? https://observers.france24.com/en/20191104-chinese-police-musical-videos-arrests-interrogations-douyin-tiktok
vpnMentor has found yet another wide open database (YAWODB), with zero authentication (YAWODBW0A) hanging out on the net. This one containing tens of millions of text and SMS messages. The data belongs to TrueDialog, which bills itself as “Business SMS Solutions” company. Included in the data are PII such as logins, passwords, email addresses and phone numbers of participants.
Metaviews: Tor and the Darkweb; Also high speed internet in the Arctic
Our Metaviews articles this week by way of Jesse Hirsh at Metaviews are:
- Future Tools: Tor and the Dark Web, how to connect to the digital underground. https://easydns.com/blog/2019/11/29/future-tools-tor-and-the-dark-web/
- Future Fibre: High Speed Internet in the Arctic. https://easydns.com/blog/2019/12/02/future-fibre-nuvujaq-and-leo-satellites/