My Privacy Tools
Image credit: “Lets leave planet GAFAM NATU BATX” by David Revoy for Framasoft − CC-BY 4.0 Why Privacy & Security Matter Others wrote it much earlier and much better than I could: Parce que vous vous foutez de vos libertés, ce sont les miennes qui disparaissent – @aeris, 2014. Everything Is Broken – Quinn Norton, 2014. Available in French. ...
Guide CNIL: sécurité des données personnelles
RGPD - Le guide pratique La CNIL1 est sympa. Le gendarme français des données personnelles inflige (parfois) des amendes (modestes au regard de ce qu’autorise le RGPD) à ceux qui bafouent le respect de la vie privée et la sécurité des données personnelles. Enfin, quand elle ne fait pas de siestes trop longues2 ou ne fait pas preuve d’un laxisme éhonté comme le rapportait La Quadrature du Net en 20213. Mais globalement la situation s’améliore: en 2023, la CNIL a instruit 16 000 plaintes, procédé à 340 contrôles et prononcé 168 mises en demeure et 42 sanctions pour un montant de 90 millions d’Euros. ...
France Travail ou la 'Start-up nation' à l’œuvre
Chez le tout nouveau France Travail (ex- Pôle Emploi, ex- ANPE) il y a ceux qui font leur boulot1 et puis il y a les autres, notamment ceux du service SSI2 qui devaient avoir aqua-poney le jour où la solidité du tout nouveau site web et de son backend a été éprouvée. Si elle l’a été, ce dont vous me permettrez de douter (voir plus bas). ...
R.I.P. Fakawi Chief
A True Friend Is Gone Nick Ong aka Fakawi Chief as he was called among the South-East Asian mountain biking community, has passed today in Kuala Lumpur, Malaysia. Nick Ong 1 was a man of many talents: creator of the Fakawi Tribe, captain of the Malaysian Fakawi Banshee Downhill Team, Malaysian importer of Banshee Bikes, jungle explorer on weekends, unwavering supporter of traks.org, the advocacy group for Bukit Kiara, Kuala Lumpur’s mountain biking gem, outdoor and MTB film maker 2, oh, and also a medical doctor, all served by a sharp mind with an unparalleled sense of humour. ...
Threema: analysis of a secure messenger
[EDIT: 09.01.2023]: Threema has reacted to the publication in bold terms: The [research] paper is based on an old protocol that is no longer in use. The presented findings do not apply to Threema’s current communication protocol “Ibex” or have already been addressed. None of them ever had any considerable real-world impact. See how the story develops. Threema is a Swiss encrypted messaging application which has been widely advertised as a secure alternative to Signal, WhatsApp or Wire. Their website claims the app is used by more than 10 million users and 7,000 corporate customers. Prominent users of Threema include the Swiss Government, the Swiss Army and the current Chancellor of Germany, Olaf Scholz. ...
Protect a parked domain without email
DNS entries for a parked domain that does not send emails but has a website Hostname Type TTL Data @ MX 1800 0 . @ TXT 1800 "v=spf1 -all" *._domainkey TXT 1800 "v=DKIM1; p=" _dmarc TXT 1800 "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;" DNS entries explained Null MX Explicitly configure an ’empty’ MX record according to RFC7505. @ 1800 IN MX 0 . SPF Set an an empty policy and a hard fail. @ 1800 IN TXT "v=spf1 -all" DKIM *._domainkey 1800 IN TXT "v=DKIM1; p=" DMARC Set DMARC policy to reject emails1 ...
Telling users to ‘avoid clicking bad links’ isn’t working
Abstract: Telling users to ‘avoid clicking bad links’ still isn’t working by David C. - Technical Director for Platforms Research and Principal Architect - NCSC (UK) Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing. Infosec tenets simply don’t work Advising users not to click on bad link: users frequently need to click on links from unfamiliar domains to do their job, and being able to spot a phish is not their job ...
Sign the web0 manifesto
## web0 is the decentralised web ## web3 = **decentralization** + blockchain + NFTs + metaverse web0 = **decentralization** - blockchain - NFTs - metaverse web0 = **decentralization** In other words, web0 is web3 without all the corporate right-libertarian Silicon Valley bullshit – Aral Balkan1 Head over here and sign the web0 Manifesto. This will probably not change the world overnight but let these different voices be heard. Thank you. ...
Ditching WhatsApp [updated]
[First published on September 05, 2016] I am ditching WhatsApp, following Facebook’s decision to begin harvesting data from its messaging service. Even though Motherboard claims “it may be possible to prevent WhatsApp to give your phone number to Facebook” (LOL) WhatsApp will still harvest your metadata. “Sharing metadata with Facebook still exposes users to significant risks,” says Claire Gartland, consumer protection counsel for the Electronic Privacy Information Center. “Facebook will have data indicating who WhatsApp users communicate with and how frequently, and connecting WhatsApp users with their social media accounts and broader online activity, associations, political affiliations, and more.” – Wired ...
Chiffrement de messagerie instantanée: à quel protocole se vouer?
Vu sur le site de l’ANSSI: Accompagnant la prise de conscience généralisée du besoin de sécuriser ses communications électroniques, de nombreuses applications de messagerie (quasi) instantanée ont fait leur apparition sur les ordiphones. Toutes annoncent un haut niveau de sécurité, laissant ainsi l’utilisateur dans le doute, vis-à-vis du niveau réel de sécurité à escompter. Donc, que privilégier entre Signal, Telegram ou XMPP? Je ne cite pas WhatsApp/Facecrook à dessein, hein. ...