Facebook Expands To Spy On The Workforce

Apparently Facebook is trying to be a better spy.  They’re integrating common workplace apps such as Microsoft Sharepoint and many other commonly used digital tools in the workplace.  This is a strategic move so they could sell this data to the highest bidder in order for another IT company to get an advantage over the competition.  With this new level of spying Facebook gets an idea of what tools people prefer since they already know more than we do about ourselves.  As with people data, data based on their work habits is extremely valuable as it filters up to knowing how their workplace functions.

I admit this was written nearly entirely with sarcasm but I’m really not joking.

Wikileaks Shutdown by Coinbase

Apparently Julian Assange’s Wikileaks merchant account on Coinbase was shutdown.  This is not at all surprising since PayPal, VISA, Mastercard and the banks did the same thing to him/them in the past.  In all fairness I don’t think Coinbase is to blame, aside from the fact they are a US based company and under the jurisdiction of the US of course.

PayPal came out and admitted they were forced to close down Wikileaks account, and I am certain the same thing has happened with Coinbase.

They have no say in the matter when the US government comes knocking.  Coinbase even recently had to give out information to the US tax department (IRS).

Of course users can still directly pay and donate to any wallets that Wikileaks controls.  As of now he lists addresses for Bitcoin, Litecoin, Ethereum, ZCash and Monero.  This is where things will heat up if he were to have a centralized currency like Ripple or Stellar Lumens.  The US government could possibly have those accounts in XRP/XLM frozen since they are a US based company.

This comes down to the wider issue of privacy, rights and freedom online and how cryptocurrency can prevent persecution for political reasons.  It also stands to reason that entities based in the US have very little say when the government comes knocking.  Coinbase and PayPal couldn’t have said no to the US government or by doing so they would be in seriously hot water.

I always advocate having some IT resources out of the reach of PRISM countries for reasons of privacy and freedom.  One of my current favorites are Singapore and Hong Kong in Asia.  Hong Kong I place particularly high value on because it has the British based system, yet it is under the protection of China.  Hong Kong is less likely to be influenced by a foreign entity than a smaller country like Singapore.  A good example of this is how Edward Snowden miraculously made it out of Hong Kong as a wanted fugitive.  Surely, Hong Kong was pressured and asked to hand him over, but somehow it never happened.

There are positives here, it looks like some brave entities in Europe have stood up for Wikileaks and at least for now, in France, Germany and Iceland there are some banks, foundations and even a University who are providing him access to the fiat system.

Bitcoin Private and Cloak Cryptocurrencies

There is a huge emphasis on privacy with a lot of new coins but I do feel that a lot of coins focus on a single issue and leave the overall business and usability aspect out.  How do these newer coins fare?

Cloak

My first impression is why doesn’t the non-www version work while the www version does?  Does their team not know how to properly configure nginx or is it just a simple mistake and oversight?

Cloakcoin.com-Forbidden-ConfigError

They call their encryption ENIGMA which I am not sure is a joke or if they aren’t aware of the ENIGMA encryption box in Germany that was compromised during WWII?  I would more so be worried that it is a read between the lines joke or a hint that the team is doing something more than they claim?  Sorry but I just can’t get over the fact that they would not know about the Enigma box from Germany that was decoded.

For my second point I do like the privacy aspects but this is where I have concerns.  On one head they tout privacy, but then to have more privacy they obfuscate transactions by using other clients wallets?  Why would you allow a third-party and random strange to process or handle any part of the transaction?  I do realize they say it is fully encrypted and obfuscated so the random third party stranger on the network shouldn’t know anything about you or your transaction, but to me it violates the principle of privacy and security.  It reminds me of how everyone believed the TOR network is a good idea and secure, but in reality whoever runs an exit node can spy on other users, including the NSA.  This architecture of Cloak makes me worried that a vulnerability could be found and that privacy could be worse than most other Bitcoin-style coins.  Even if a simple vulnerability was not found, you are essentially passing private information to random strangers on the network, the NSA or other large funded organizations could use this to spy on other users or even perhaps modify transactions and create chaos on the network.

I also find it confusing how they say it is private but you have to enable “ENIGMA” on top of “Cloak Shield” to truly make it private?

Here are the parts I’ve picked on from their website:

Alice’s Cloak wallet then automatically sends a request to the network for other Cloak wallets who have elected to become ENIGMA mixer nodes to obfuscate her transaction. All of this is done privately and securely throughout with no identities or true IP addresses revealed.

Bob has cloaking mode enabled in his wallet and the wallet generates a secure CloakShield encryption channel for communications with Alice’s wallet. Bob’s wallet sends Alice a secure connection, containing encrypted inputs and outputs to commence the transaction.

With this confirmed, Alice, with full anonymity, creates an encrypted ENIGMA transaction containing her true inputs and outputs and Bob’s cloaking (obscured) inputs and outputs. Bob and Alice both sign the ENIGMA transaction before it is submitted to the network for inclusion into a PoS block.

Going back to the concerns I have above, I really don’t like how Alice’s wallet would ever communicate with anyone other than the receiver or the Cloak network.  By introducing Bob, there is the chance that Bob could decipher and identify what Alice is doing.  Of course that’s not what should happen, but I believe it is a huge security whole to involve random third parties in confirming or obfuscating transactions.  The situation reminds me a lot of the vulnerabilities in the TOR network.  Essentially Bob is like an exit node, running transactions for Alice.  Bob shouldn’t know who Alice is or what she is doing, but what if there is an implementation error or other issue?  This could be avoided by not using any random third party.

I think Cloak does a great job but they’ve actually introduced a huge security hole by doing the random, third party, processes the transaction part.  It would be like saying “my data is encrypted so I’ll send encrypted copies to everyone”.  Sure it is encrypted but if someone can ever hack your encrypted data either through bruteforce or an algorithm/implementation error then you are done for.  The best solution is to never send private and sensitive data to an extra, third party.

I do think the Cloak project has worked hard and it has some great ideas but aside from privacy and what I believe are security holes in how they implement it, they have done a great job but it is not a coin that does everything right.

Bitcoin Private

For those who know me, I am very much against forks.  As I’ve stated before they decrease, value, lead to scams and confusion.  This can be evidenced with Bitcoin Gold regardless of who you believe was responsible.  Right off the bat Bitcoin Private is warning of scammers trying to confuse you with a warning on their website.

BitcoinPrivate-BTCP-Scam-Private-Keys

The problem with these types of coins, hardforks or what I think are really counterfeits is that you need to give up the very “private keys” of your real, valuable Bitcoin to claim the “new counterfeit coin”.  This is a huge security problem, regardless of who made the wallet what if the wallet is designed or hacked to maliciously steal your real Bitcoins?  There is no easy and secure way to claim your coins from these counterfeits.   Once you give up your private keys to Bitcoin Cash, Bitcoin Gold, Bitcoin Private they could steal your real Bitcoins.

Now there is a way around it, you could transfer your coins to another wallet but it’s a huge pain and a mistake could cost a novice user all of their Bitcoin.

Now in all fairness I appreciate this team at least has official wallets ready for download, unlike Bitcoin Cash.

Users who have the currency called “ZClassic” are also involved here, which is also another confusing fork of ZCash.

This is what I mean about all of the confusion.  It creates an environment where holders and buyers are easily confused about which is the real “Bitcoin”, which is the real ZCash.  And really, I can’t see any reason why people are forking except as a cash grab and counterfeiting spree.

For this reason I don’t trust Bitcoin Private anymore than I trust the other forks (although I trust Bitcoin Gold the least).  I personally feel there is no good reason to trust any of them.  If they want to make a new or better currency they should really just make their own, or at least copy it under a new name.  But of course forking, creates unwilling participants and owners of the new currency, while enriching and rewarding the hardforkers for their counterfeiting.

For those reason if I had to pick between the two, I think Cloak has our best interests at heart and hardforked coins are just a scam, counterfeit and cash grab by unscrupulous people.

Facebook Tracks Non-Users Too!

As some people are just learning, Facebook has been tracking both users and even non-users in a violation of their privacy that most never opted into.  Anytime you visit a Facebook related or enabled site, they are tracking you.  Conversely as a Facebook user, they track and relate all of your off-Facebook activity on any site that uses Facebook plugins or functionality (which are a lot of sites).  This is horrible and should be stopped but in all fairness “they all do it” and if anything Google is probably worse.

If the above is not bad enough, the PRISM network has backdoors to all of these services so you are being violated directly by corporations and multiple governments who index all of your activity.  Privacy is a thing of the past unfortunately.

However there are ways to fight back such as disabling cookies and deleting all cookies regularly and especially to use a random VPN to make tracking harder.

It’s not so much that the majority of people have anything to hide, but privacy is a right everyone has.  Most people would object to having cameras in the washroom, not because they are doing something wrong but because you have the right to dignity and privacy.

Hopefully the longstanding issue with most giant online sites from Facebook, Google etc.. will drive demands from people around the world to restore privacy and digital rights in an era where infringement is common.

 

Alibaba’s Sesame China’s All-in-One Credit Rating System

Alibaba’s Sesame Credit which launched in 2015 is one of the highest profile Social Credit Systems in China.  In part this is because it gathers a lot of data from Alibaba Cloud services (the same thing as essentially what Facebook, Google and other US companies do).  However, in China the process is more formal and complex as it isn’t just for spying and marketing purposes.

It is a system that essentially rates your associates, activities, lifestyle and not just your financial credit alone.  So it is both a pro and con in some cases that these aspects are used, but it all depends on your lifestyle.

I find it highly controversial and it all really depends on how fair will the system be and is it more fair than the traditional model?

With ICOs like Bloom I wonder how it will fare and compare?

Did Facebook, Zuckerberg and Big Data Elect Trump?

New revelations about SCL and CA (Cambridge Analytica) have revealed that they may have even altered the Brexit Vote.  In fact an article quotes the CEO of Camridge Analytica as bragging that they got Trump elected using dirty and undetectable tricks.

If any of these is true it is safe to assume that Cambridge Analytica is not alone, and they have likely influenced more than just the US election.  What’s more, there could be other companies that Facebook, Google, Twitter, Instagram and other US based social platforms used data from whether knowingly or unknowingly.  This has been the big evil that I’ve warned about for years, that these free social platforms are analyzing and mining your data for bad purposes.  Apparently there are no limits to the violation of your privacy, proven social experiments conducted by Facebook and likely the others etc..  It’s all in their TOS essentially.  It’s well known that using any of those platforms including Gmail is the same as typing your most personal thoughts and messages to the bots and analysts at the big social media companies and government minders.

Going back to all of this, I thought we were told that it was the Russians who elected Trump (without any evidence ever being provided mind you)?   Now it comes out that private companies based in the West have been influencing elections and I suspect this is just the tip of the iceberg.  The bigger question is who are the clients of Cambridge Analytica?  I don’t think we have to look far considering the relationship to the UK government and Royal Family.

 

Why Deleting Facebook Is Futile Unless…..

I’ve had this conversion with a lot of people over the years and what I’ve found is that the majority of people are complacent about privacy and security.  In a way it is good that some have woken up to what Facebook is and has been doing but this idea of some floated around that “I will trust Facebook until it gave me reason not to”.  This is a completely flawed idea in my opinion.  Facebook was never trustworthy and its TOS always gave it a right to violate your privacy, harvest your data for both government and marketing purposes etc… In fact Google, Gmail, Hotmail, Telegram, Whatsapp and the list goes on are free for a reason.  One, they make money by spying on you and they also provide a great backdoor to the NSA to spy on you (hopefully everyone now understand the PRISM spying network).

There were times where some would debate about the length and depth of spying by major free services but this is no longer in debate.  If you are using these freebie services and just delete Facebook alone you haven’t done enough.

Here are some steps to secure yourself and your privacy:

Delete Everything!

Seriously stop using these free chat and e-mail services and tell your friends and family that you won’t communicate via those mediums.

Secure Your E-mail

Use your very own, owned e-mail server with encryption including GnuPG to encrypt e-mails in both transit and storage.  There are providers who can get you a VPS or full Dedicated Server for this purpose.  You will probably find that your e-mail stops going missing, is fast and more reliable to boot!

Stop Using US Based Massive Cloud Servers

This could be in the form of an Amazon, Microsoft, Alibaba VPS instance but you can expect that those services will not be keeping your data private and most likely have been obliged to allow backdoor access to your server and data.

Another type of user would again be those who “store data in the Microsoft, Google or Apple Cloud”.  Stop using those services if you value your privacy.

Secure Your Chat

Everyone likes instant chat but did you ever wonder why all the traditional chat services like ICQ and MSN Messenger shutdown?  My belief is that being forced to chat on your phone makes it easier to both identify and track you but also to spy on you.  Once again top offenders are Telegram, Whatsapp and any similar ones.

To secure your chat you should run your own encrypted chat server.

These are just a few common sense things you can do to make it much more difficult to have your rights and privacy violated.  Personal and intimate moments shouldn’t be uploaded to the Cloud for corporate and government agencies to peruse!]

In general try to think in a security minded way perhaps as you would your house.  Would you feel secure at home if you knew your living quarters was shared with multiple people or that it was being spied on constantly.   Think about steps you would take to protect your house or property from intruders and spies.  Your digital house works the same way, so be sure to keep the keys and access in your control and not that of a third party which can’t be trusted.

We Need A Better Coin Now!

Cryptocurrency today as of the time of this writing is in a bit of a flux and identity crisis.  Part of this is due to a well directed campaign in the news via government and banking entities.  However, I will always give credit where it is due and many of the flaws that have been pointed out by these entities are completely true.  In fact, from a business, security and IT standpoint I find that most cryptocurrencies are almost impossible to use.  There are coins that individually address “some of the issues” but I have never seen a coin or team that “just seems to get it”.

Whether it’s how an ICO is run, basic functionality, security, privacy, getting out information it seems apparent to me that the vast majority of teams and coins do not sufficient combined IT and Business Knowledge to make things work.

There are just so many issues with a lot of the top coins that could kill them, let me name a few in no particular order.

Speed – 99% of cryptocurrencies are extremely slow taking minutes, hours or several days to complete a transaction!

Expensive – A lot of times you can spend a small fortune just sending a small amount of coin to someone (you could spend $100 to send $5 of coins with some Ethereum tokens for example)!

Security – Most coins are by default completely insecure.  Any coin that has a public ledger is insecure and has 0 privacy.  This allows for replay attacks and all kinds of nasty things.  It also means your activities are easily tracked and traced.  Imagine if your competitors can see exactly who is paying and who you are paying including the full amounts?  It would put your business at a huge disadvantage.  Having “public, permissionless blockchain” such as Bitcoin, Ethereum, Litecoin etc..  will mean the coins can never be secure when the whole public is involved.

Hardforks – Most coins are easily counterfeited, hard or softforked where basically anyone can copy an entire coin and just rename it and call it their own, while confusing and devaluing the original coin holders.  This should never be able to happen just for the reason of sanity, continuity and integrity.  There have already been scams like the BTG Scam and replay attacks.

PoW/Mining – It is absolutely crazy that mining still exists, as cool as it originally was, mining is now a hindrance in many ways to the cryptocurrency community.  Not only is it wasteful in terms of energy resources, it is unsustainable in both environmental, monetary and functional terms.  Returns are so slow with most major coins that it is almost not worth it unless your power is cheap or free.

To top it off why on earth should we let transactions be controlled by “miners finding the next block”.  It doesn’t secure the network anymore and that is because coins like Bitcoin were created before ASICs and assumed “no one would party would hold more than 10% hashing power”.  Of course single pools in China have way more than 10% power and so do some mining farms possibly.  This means that pools and large farms could work together to defraud people by sending false transactions and confirming it among themselves.  By the time the scam is realized the parties who initiated the scam would already have escaped with the money.

Mining also leads to centralization, the very thing that cryptocurrency was meant to avoid.  This inevitable because as difficulty increases, only large corporate or government players with deep pockets can continue.

The same applies with running full nodes, large organizations will be the one running them.

Usability – Most coins are unusable because they are slow and insecure but to make it worse there’s more.  The current coins are not easily integrated in a secure way.  You shouldn’t have to run a full Litecoin, Bitcoin or Ethereum node on a huge mega server with tons of RAM and HDD just to create receiving addresses and receive payments.  This not only inefficient, it is insecure because the same computer that generates the receiving addresses is usually the one that holds the wallet/funds.

To top it off you can send to a wrong or non-existent address and lose your money forever with virtually all currencies.  Blockchain is just a big database, couldn’t some query be done to make sure the address actually exists?!  On top of that there is no feedback, send by e-mail or notifications by e-mail you always need to keep your wallet open to notice.  It would be much easier if these different functions are kept separate.  However this is a problem too because most cryptocurrencies are admittedly not secure if you don’t sync the entire chain.  And that’s another issue, syncing is a huge issue with coins like Ethereum it is extremely slow and takes a ridiculous amount of CPU cycles.  Imagine paying someone from Craigslist in person  and one of you says “hold on mate sorry I have to wait for my wallet to sync for hours or days!”.

 

Facebook’s Mark Zuckerberg finally apologies for the 3rd party data breach

Mark Zuckerberg has been noticeably absent since the scandal broke.  It personally doesn’t surprise me because Facebook has never been safe, secure or private regardless of your privacy settings.  Your data is legally there to be traversed by third parties for marketing purposes and for governmental agencies to surveil and analyze you.  This is essentially all in the TOS and for a company based in the US they are legally obligated to co-operate with entities such as the NSA, FBI, CIA for whatever they need, even if it would normally be a violation of the law.

To add insult to injury, Mark Zuckerberg actually didn’t apologize in his initial response to the privacy issues.

Deeper issues have recently revealed right to the top of the British Government and the Royal Family, including MoD ties to SCL (the company which is regarded as one and the same as CA).  They had contracts with NATO, UK Tory Party, and even the US State Department.  There is a General Tolhurst who is an aide to the Queen who is also on the board of SCL.  Even closer is a third cousin of Queen Elizabeth the II, Ivar Mountbatten.

The reason I mention all of this is because it sounds more like a co-operation between elite business and government than an accidental data breach or hacking done on behalf of a private company.

This could be why Mark Zuckerberg has been so quiet about it, after all those who are familiar with IT security and espionage cannot believe this is just a group of hackers.  With the breach being so significant and wide scale, why didn’t Facebook notice this sooner?  It seems like they either noticed it or were fully aware, but only took action after someone revealed it to the public.

I am certain more revelations will come out and they will probably be no less shocking than what we know.

NEM Gives Up Chase for $500M USD in Stolen Coins

For no apparent reason NEM has given up the chase for these coins.  In all fairness I don’t think it was ever their issue, the stolen coins were the fault of the Coincheck Exchange’s security and not due to any flaw in the NEM client or network side.  Of course naturally they were interested but one bold prediction is that “hackers would not be able to launder the coins due to lack of liquidity”.  I am not sure if the NEM developers really believed that or if they thought heat on the exchanges would dissuade or slow the thieves down.  I suspect they exchanged the NEM for other coins and then sold them back again clean through multiple exchanges.

I would say this isn’t bad for cryptocurrency because bank heists occur each day and nothing stops one from spending or exchanging the money in real life.  It’s really no different than the initial fears of “e-commerce sites were hacked” just as real life stores have theft and holdups everyday.  It is just a matter of mitigation whether physical or virtual.

But with that aside NEM clearly said they were ending the chase and wouldn’t say much more due to the “sensitivity of the investigation”.  This is something I find a little strange, is it that they did find something but the authorities have forbidden them from disclosing it?

Was this an inside job on the part of Coincheck in Japan or was it something else explosive that they found?  Could it have been a rival currency, bankers or government behind the hack?  Anything is possible and speculation will rightfully run abound until more details emerge.