My Privacy Tools
Image credit: “Lets leave planet GAFAM NATU BATX” by David Revoy for Framasoft − CC-BY 4.0 Why Privacy & Security Matter Others wrote it much earlier and much better than I could: Parce que vous vous foutez de vos libertés, ce sont les miennes qui disparaissent – @aeris, 2014. Everything Is Broken – Quinn Norton, 2014. Available in French. Most of us have nothing to hide but we all have something to lose – Tommy Collison, 2014....
Guide CNIL: sécurité des données personnelles
RGPD - Le guide pratique La CNIL1 est sympa. Le gendarme français des données personnelles inflige (parfois) des amendes (modestes au regard de ce qu’autorise le RGPD) à ceux qui bafouent le respect de la vie privée et la sécurité des données personnelles. Enfin, quand elle ne fait pas de siestes trop longues2 ou ne fait pas preuve d’un laxisme éhonté comme le rapportait La Quadrature du Net en 20213....
France Travail ou la 'Start-up nation' à l’œuvre
Chez le tout nouveau France Travail (ex- Pôle Emploi, ex- ANPE) il y a ceux qui font leur boulot1 et puis il y a les autres, notamment ceux du service SSI2 qui devaient avoir aqua-poney le jour où la solidité du tout nouveau site web et de son backend a été éprouvée. Si elle l’a été, ce dont vous me permettrez de douter (voir plus bas). 43 millions de Français impactés France Travail, sans doute animée par le souci de démontrer que la gabegie le budget alloué à son rebranding ne l’a pas été en vain, réussit à battre la précédent record détenu jusqu’à présent par le duo Viamedis et Almerys qui avaient laissé fuiter les données personnelles de plus 33 millions de personnes (état civil, date de naissance, numéro de sécurité sociale, nom de l’assureur santé, garanties du contrat souscrit - Février 2024)....
R.I.P. Fakawi Chief
A True Friend Is Gone Nick Ong aka Fakawi Chief as he was called among the South-East Asian mountain biking community, has passed today in Kuala Lumpur, Malaysia. Nick Ong 1 was a man of many talents: creator of the Fakawi Tribe, captain of the Malaysian Fakawi Banshee Downhill Team, Malaysian importer of Banshee Bikes, jungle explorer on weekends, unwavering supporter of traks.org, the advocacy group for Bukit Kiara, Kuala Lumpur’s mountain biking gem, outdoor and MTB film maker 2, oh, and also a medical doctor, all served by a sharp mind with an unparalleled sense of humour....
Threema: analysis of a secure messenger
[EDIT: 09.01.2023]: Threema has reacted to the publication in bold terms: The [research] paper is based on an old protocol that is no longer in use. The presented findings do not apply to Threema’s current communication protocol “Ibex” or have already been addressed. None of them ever had any considerable real-world impact. See how the story develops. Threema is a Swiss encrypted messaging application which has been widely advertised as a secure alternative to Signal, WhatsApp or Wire....
Protect a parked domain without email
DNS entries for a parked domain that does not send emails but has a website Hostname Type TTL Data @ MX 1800 0 . @ TXT 1800 "v=spf1 -all" *._domainkey TXT 1800 "v=DKIM1; p=" _dmarc TXT 1800 "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;" DNS entries explained Null MX Explicitly configure an ’empty’ MX record according to RFC7505. @ 1800 IN MX 0 . SPF Set an an empty policy and a hard fail. @ 1800 IN TXT "v=spf1 -all" DKIM *....
Telling users to ‘avoid clicking bad links’ isn’t working
Abstract: Telling users to ‘avoid clicking bad links’ still isn’t working by David C. - Technical Director for Platforms Research and Principal Architect - NCSC (UK) Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing. Infosec tenets simply don’t work Advising users not to click on bad link: users frequently need to click on links from unfamiliar domains to do their job, and being able to spot a phish is not their job...
Sign the web0 manifesto
## web0 is the decentralised web ## web3 = **decentralization** + blockchain + NFTs + metaverse web0 = **decentralization** - blockchain - NFTs - metaverse web0 = **decentralization** In other words, web0 is web3 without all the corporate right-libertarian Silicon Valley bullshit – Aral Balkan1 Head over here and sign the web0 Manifesto. This will probably not change the world overnight but let these different voices be heard. Thank you....
Ditching WhatsApp [updated]
[First published on September 05, 2016] I am ditching WhatsApp, following Facebook’s decision to begin harvesting data from its messaging service. Even though Motherboard claims “it may be possible to prevent WhatsApp to give your phone number to Facebook” (LOL) WhatsApp will still harvest your metadata. “Sharing metadata with Facebook still exposes users to significant risks,” says Claire Gartland, consumer protection counsel for the Electronic Privacy Information Center. “Facebook will have data indicating who WhatsApp users communicate with and how frequently, and connecting WhatsApp users with their social media accounts and broader online activity, associations, political affiliations, and more....
Chiffrement de messagerie instantanée: à quel protocole se vouer?
Vu sur le site de l’ANSSI: Accompagnant la prise de conscience généralisée du besoin de sécuriser ses communications électroniques, de nombreuses applications de messagerie (quasi) instantanée ont fait leur apparition sur les ordiphones. Toutes annoncent un haut niveau de sécurité, laissant ainsi l’utilisateur dans le doute, vis-à-vis du niveau réel de sécurité à escompter. Donc, que privilégier entre Signal, Telegram ou XMPP? Je ne cite pas WhatsApp/Facecrook à dessein, hein....