Early Morning Open Thread: Wikileaks Proposes Weaponizing Doxxing

Dox: search for and publish private or identifying information about (a particular individual) on the Internet, typically with malicious intent.

Putin/Trump’s new BFFs may have overreached themselves. As of Friday afternoon, per Brian Fung the Washington Post:

WikiLeaks wants to start building a list of verified Twitter users that would include highly sensitive and personal information about their families, their finances and their housing situations.

“We are thinking of making an online database with all ‘verified’ twitter accounts & their family/job/financial/housing relationships,” WikiLeaks tweeted Friday.

[Ed. Note: They have since taken that tweet down.]

The disclosure organization, run by Julian Assange, says the information would be used for an artificial-intelligence program. But Twitter users immediately fired back, saying WikiLeaks would use the list to take political vengeance against those who criticize it.

Twitter “verifies” certain users, such as world leaders, nonprofit organizations and news outlets, with a blue check mark beside their names so that other users of the service can be confident about the posters’ identities. WikiLeaks, which has a verified Twitter account, did not say whether it would subject itself to the scrutiny it was proposing. (It was also unclear whether, under its plan, WikiLeaks would seek to uncover information about the financial lives of Russian President Vladimir Putin or President-elect Donald Trump, both of whom are verified on Twitter.)

Asked by journalist Kevin Collier why it needed to build a database of dossiers, WikiLeaks replied that the database would be used as a “metric to understand influence networks based on proximity graphs.”

But the proposal faced a sharp and swift backlash as technologists, journalists and security researchers slammed the idea as a “sinister” and dangerous abuse of power and privacy…

Timothy Berners-Lee, the inventor of the World Wide Web, compared the WikiLeaks proposal to a piece of British legislation that has been criticized as a massive boon to the surveillance industry.

“Don’t.even.think.about.it,” he tweeted.

Even the “hacktivist” organization Anonymous lined up against WikiLeaks.

“This is a sickening display of intimidation tactics,” it said, tagging the official Twitter accounts for the social network, its support team and chief executive Jack Dorsey.
Read more

Data security and you

Hi everyone….

I’m a friend of John’s for several years now who works in the IT security industry.  I’m also the dad of Cole, his godson.  John and I met through World of Warcraft way back in vanilla and stomped around Azeroth for many years.

He has asked me to do a few posts about helping you secure your personal communications and the like.  This will hopefully be a multipart series that you will find useful.  I want to cover different vectors of communication like texting, instant messaging, email and more.  Later, we can talk about data leakage on social media and the like.

Starting with texting/instant messaging…..  Anything sent via SMS or MMS (traditional text messages) are not secure at all.  They are not encrypted in transit so a man in the middle can read the message while it travels across the network.  Your cellular carrier also keeps copies of these messages and can retrieve them and provide them to law enforcement.  Bottom line, if you care about secure communication, don’t use this AT ALL.  It doesn’t matter who made your phone or what version of the OS is on it, this communication is unencrypted and vulnerable to both rogue malicious actors as well as the state.

Instant messaging has taken off and replaced SMS and MMS for a lot of people, both because it doesn’t cost per message like SMS used to be sold, but also because of the features the different clients offered.  These are things like iMessage, WhatsApp, Telegram, Allo, Facebook Messenger and more.  There is a good article on The Verge that does a quick and dirty breakdown of each from a security perspective.  Click here to read it!

I think that’s all for tonight.  I’ll talk more about how to deal with things like backups, server side copies and more in the coming days.  I leave you with some kid pics of Cole since John said you guys like that stuff.