Is life imitating art? WhatsApp Security Breach Reminds Me Of The Matrix.

20 years have passed since the Matrix was released… hard to believe, I know. Even harder to accept, without feeling a little bit old, especially if you remember being a bright young thing when the movie hit the big screen, back in 1999. Sounds prehistoric? Well, you’re right, it kind of is.

The ideas in the movies however,are more relevant today than ever. The dystopian future in which artificial intelligence takes over humankind, could be one of the supercuts, but the movie itself abounds in symbolisms, referring to the greater, bigger, more meaningful themes of the 21st century and beyond. It is perhaps a new syntax of sci fi/ action movies, the perfect mix of special effects, narrative and style, underpinning philosophical themes. This whole mix is what makes the movie, much more than just a sci-fi, but a cult film, a classic of its genre.

 

When news about WhatsApp security breach broke, there was something in the way the hacking took place, that screamed to me: THE MATRIX. I’m getting a lot of that, lately.

Not sure if I was following the Aristotelian mimesis or the Oscar Wilde anti-mimesis, in my thought process, but one thing was for sure: there really was “a glitch in the system”.

Remember how Neo uses the phone to “exit” the Matrix? Well, WhatsApp hackers used the same principle, a phone call, only this time to “enter”.

Credits: The Matrix, movie screenshot

In the words of Oscar Wilde or Lana del Rey’s gods and monsters song, I guess life really imitates art. I find this version to be more poetic than prophetic, so I’m sorry Aristotel, I’m taking the Del Rey — Wilde route, this time around.

Game of phones

Back to reality. Only last week, one of the largest communication apps, WhatsApp, amounting more than 1.5 billion users, was the target of an unprecedented hack, that revealed quite a vulnerability in its security system.

Even though, the app is popular for having end to end encryption on all messages going through its servers, hackers managed to enter the system via in-app voice calls. Basically, the users affected by the hack, got one or two calls from a number unknown to them, which delivered a code in the process of calling. Regardless if the user answered the call or not, the code was shipped.

Nothing a user could’ve done, short of not having the app altogether, could have prevented the infection. WhatsApp has since resolved the security breach and patched the flaw, while urging their users to update the app sooner rather than later.

However this particular security breach is very important from another aspect, that of the technology the hackers used. The hacking tool involved in the cyber attack is reportedly similar, if not identical, to the spyware and surveillance tools used by governments to capture high profile criminals and is often nearly impossible to track. As in this case, hackers could even erase records of the call used to inject the code, after the fact.

The alleged culprit? A company, known as the largest player in the business of surveillance tools, the Israeli cyber security company NSO Group is believed to be the developer of the tool. Even though the hacking tool gives a few cues and has the distinguishing marks of the type of surveillance tools developed by the company, NSO denies the allegations.

The target? Human Rights activists and apparently one lawyer in particular.

The motive? Let’s give a little more context. The alleged targeted lawyer, who spoke in condition of anonymity, is helping a Saudi dissident and several Mexican journalists build a civil case against the NSO. The NSO Group claims to only sell surveillance tools for legitimate targets, selling exclusively to law enforcement and intelligence agencies, but is suspected to do otherwise, in practice, targeting honest individuals and not high profile criminals or terrorists, being involved in illegal surveillance and thus violating human rights.

These are, in a nutshell, the facts so far of last week’s “Game of Phones” finale. But in real life.

Still, the case looks a lot more like Matrix to me. Am I taking it too far? I can’t tell.

Maybe I’m in too deep on this one, but the phone metaphor still echoes in my head. And no, I don’t suppose they’ll open a portal in spacetime any time soon through a phone call, but suffice to say they opened a very dense, resourceful and highly popular messaging app, in the meantime.

And so, could it be that these devices we so often use, be nothing more than pocket-sized surveillance devices we gladly accept?

Ok, that’s an oversimplification and I take that back, but the thought is worth to ponder upon, as it might lead to savvier users and a safer digital environment. As we arrive to a new age kicking and screaming all the way, we might even find our way to Zion. I somehow, take solace in that.

2019

Until Zion, let’s take it each step at a time and see how the 2019 digital world looks like.

In the sharing, internet economy, data is the currency and sometimes even a political weapon to be reckoned with. In other words, data is today an informational, political and economic asset capable of traveling the speed of light in a vacuum, when going through state of the art optical fibers. Able to operate at 99.7% the speed of light according to researchers at the University of Southampton in England. (source: Extreme Tech)

The digital world is now creating tangible value from big data so expect internet privacy to take an even more prominent route in the future. (Ain’t no going back)

Nowadays, security must come in layers, not only in the corporate environment, but on a personal level also.

The number one thing you need to get in line with is having a VPN connection. It’s really simple to use and just like that poof! your data travels through an encrypted tunnel, safe from prying eyes and encrypted all the while.

It won’t save you from all the threats out there, but it will make you less vulnerable.

Think you know the safest, best web browser?

8 Popular Web Browsers Ranked by How Secure They Are

Photo Credit: Online Privacy Risks by Angel Roxas

Web browsers. We use them on a regular, so much so we don’t even realize they’re there, we perceive them as a given, a tool that comes with the territory of internet access. Still, not all web browsers were created equal. Today, we take the measure of some of the most popular web browsers on the market through a security lens and see which one scores best on the challenge.

Frequency of updates, embedded security tools and features are indicators of a good reliable web browser in terms of privacy. Taking the aforementioned criteria into account, here are the most secure web browsers ranked

8. Internet Explorer

Once upon a time, there was Internet Explorer. An undeniable favorite, holding monopoly in the early ages of the proto-internet, Internet Explorer is today a “deserted”web browser, especially since Microsoft introduced Edge. In terms of updates, Microsoft stopped making major updates to IE, as the focus shifted to its successor.

Securitywise, IE can detect malicious or potentially harmful sites, but is lagging behind on a lot of security features of its competitors.

Privacywise, you can toggle pop up blockers, have a tracking protection feature, preventing listed sites from dropping cookies upon subscribing in advance to a protection list, but that’s mainly about it, as the browser itself is closed-source (packed widgets remain undisclosed and obscure to the “naked eye”).

7. Edge

As the name suggests, the descendant of Internet Explorer really has an edge in terms of speed over what has otherwise become a meme for delayed effects, in general.

In what updates are concerned, Edge updates twice an year on average. That’s still a low frequency on updates, when compared to competitors on the market.

The fact that it runs in a sandbox makes all browser processes contained and the extension support is limited which could potentially limit malicious questionable extensions you may download accidentally.

All in all, privacy and security wise, Edge only ranks at the bottom of the list and it’s still not a very secure browser.

6. Opera

Developed by the person who also created the CSS web standard, Opera is not only an ingenious browser with a cute face, but it is also a staple for privacy oriented web browsers, the poster child of private web browsing. It runs on Google Chromium system, using Google Chrome’s open-source, tweaked to add features of its own.

Updating every 4 to 6 weeks, Opera comes close to a very healthy update frequency, which is once every 3–4 weeks.

From a security standpoint, Opera has integrated fraud and malware protection, has a built-in free VPN, an ad blocker, social messengers like what’s app and facebook messenger, battery saver a VR player among its main features.

The built in VPN however, is known to be tracking logs and bandwidth, so not exactly the best choice for a VPN service as it may actually defeat the purpose of using such a tool.

5. Google Chrome

At almost 80% market share, Google Chrome is leading the rankings for obvious reasons. Those reasons can be summed up to the fact that Chrome is simply a Google product. Just like the web search, YouTube, Gmail or Google Docs, it is only natural that people are naturally drawn to it, considering the dominant role Google is playing in the online world.

There are usually 6 weeks between its updates as Google automatically updates Chrome. Securitywise, Chrome regularly scores the highest on security test and Google is actively requesting hackers to discover vulnerabilities that the company can later improve. Still, the fact that Chrome is owned by Google, the larger than life company, that virtually knows “everything” about its users should serve as a bit of warning, in what privacy is concerned.

The standard Chrome version is closed source, everything (if anything) packed inside the code is therefore obscure. Truth be told, there is also an open-source version of Chrome available.

4. Apple Safari

Safari, the default web browser for Mac is usually perceived as being more secure, since Mac devices are arguably less vulnerable to malware. Chrome’s popularity however, pushed it to a marginal fate similar to that of Internet Explorer.

Updates are irregular, but tend to be on the slow side, as weeks between updates can vary between 9 and 47 weeks.

Despite its irregular updates, Safari does a pretty god job security wise, by running web pages contained, in a sandbox, thus preventing malware to infect the entire browser. Safari also introduced a password manager meant to improve the quality and strength of your passwords.

The only culprit of Safari is the fact that is closed sourced, otherwise making a close to perfect impression in terms of security and privacy.

3. Brave

Brave is the bold, fast-performing, privacy-oriented newcomer dressed in a minimalist attire. The browser updates every 8–9 weeks an its still working towards a version v1.0 for t desktop. Brave offers a fairly customized browsing experience as it allows the user to remove selected data every time the user closes the app.

A default ad blocker and an HTTPS function allows its users to browse unencrypted sites more secure.

2. Mozilla Firefox

Owned by a nonprofit organization, Mozilla it’s the caliber alternative for Chrome, also harboring a more hyped, privacy-focused version: Quantum.

Mozilla is updated by volunteers with a 6 to 10 weeks frequency, making it a bit slower than the competition, but keeping an overall regularity to its updates.

Security features include malware protection, add-ons warnings, but perhaps the most important things is the fact that Firefox is open-source.

1. Tor Browser

Tor is probably the true rebel out of the bunch. Based on Firefox, Tor was designed to let users access the world wide web via the Tor network, encrypting traffic and bouncing your data across a network of relays composed of thousands of volunteers computers.

Following Firefox’s bug fixes, most Tor updates happen with a frequency of about 2 weeks. Browsing history of users is not tracked by Tor and cookies are cleared after each session. Add the no script policy and privacy features and you will get a pretty safe browsing experience, probably the safest.

Out of bunch, Tor is the most secure web browser, for enhanced security and privacy you can always turn to a VPN. A good VPN will have its own servers and encryption protocols designed for it, reducing possible security failures to a minimum. Free VPN services are often an open door to malware and can be easily used by scammers.

In the FREE vs. PAID matter, its is important to understand that most legit businesses will offer 7 days of free trial, but a free connection on a indefinite period of time is sure to get its profit elsewhere; in ways that can harm your security and defeat the whole purpose of having a VPN in the first place.

We suggest you do yourself a favor and invest a good 5 bucks for a reliable VPN like the dedicated VPN you can get from My IP.io or from another reliable provider.

Internet Shutdowns, The Ugly truth

And how you can survive them

Credits: Please Shut Down, illustration by Emmanuel Hyronimus

Internet access is nowadays a fundamental human right coined by the UN Human Rights Council, adopted in 2016 by resolution.

 

However, not all governments respect it, especially not around elections. Across Asia and Africa several governments tried to silence speech through what is called “an internet shutdown”, where access to certain platforms, especially social media, is either restricted or blocked, altogether.

 

If you read through the first statements of the 32nd session of the UN resolution, the document outlines the importance of preserving internet access as a fundamental human right, “recognizing that the spread of information and communications technology and global interconnectedness has great potential to accelerate human progress, to bridge the digital divide and to develop knowledge societies”.

 

So having an open and free online environment is not only a matter of rights, but also a condition for progress.

 

Not only the right to freedom of opinion and expression, or the right to privacy in the digital age, but also innovation and influencing elections is at stake, in the opposite scenario.

 

In the case of innovation, let’s take the example of net neutrality. This concept argues in favor of keeping an unobstructed online environment as a sine qua non for online freedom, but also innovation and it sure makes a strong case.

 

Imagine that broadband providers had the liberty of picking favorites, of deciding which service you may or may not access while using their internet service. They could limit or even block access to some products or services, while creating “fast lanes” for others, thus controlling information flow and traffic. New technologies might never see the light of day.

 

 

To go even further, imagine your ISP blocking or limiting access to services like Youtube, when Youtube came to shape 18 years ago. Had that been the case, Youtube as we know it, might not even exist today, or not at the same scale, maybe not at all.

 

Internet shutdowns on the other hand are a different kind of evil, meaning that they usually happen around or during elections and that they usually don’t last long as the economic costs could quickly spiral into hundreds of millions of dollars. However, no less than 134 internet shutdowns occurred in India alone, in 2018. 2019 recorded 19 shutdowns already in the same country, the most recent, just a few days ago “following the terrorist attack against the militants in Jammu and Kashmir’s (Pulwama district, India, 14th of February 2019) in which 45 CRPF personnel died and many others got injured when a Jaish suicide bomber rammed an explosive-laden vehicle into a CRPF bus, Jammu observed a complete shutdown and Mobile Internet services were suspended on 15th February 2019” (source).

 

So be wary when you hear the “fake news”, national security, public safety reasoning as this may only be a manipulating maneuver to conveniently stop protests from happening and ultimately control elections. And as the saying goes, just because you’re paranoid, doesn’t mean they’re not out to get you.

 

Credits: Mindshots VII, illustration, Sergio Ingravalle

Let’s also set some expectations before we go on, you can’t really escape a total internet shutdown.

 

Not really, but you can always try Firechat. Take the example of the “Occupy Central” movement in Hong Kong protests back in 2014, when the concern that the government might cut reception, made protesters head to Firechat, an app that does not require a network to work, functioning on a peer to peer mesh network. The protesters used Firechat to exchange information, figure out which road was blocked by the police and coordinate. There are limits however in using your phone as a “walkie-talkie” that for the sake of the argument we needed to point out.

Not counting Firechat, escaping a total internet shutdown can be a very daunting task.

For partial shutdowns, however, there are plenty of solutions that you can use in order to overcome limitations.

 

 

 

 

We’ll list the best that we can think of, below:

1. Become Security Savvy

be aware of the websites you visit and whether they use an SSL certificate, these are the https sites, providing secure browsing while on a particular website.

2. Use a VPN Service like MyIP.io or any other that you trust

a reliable VPN service that keeps your data extra safe, traveling through a tunnel encrypted from end to end, so nobody, not even your ISP will be able to make sense of it, since all your information will go through the VPN server and not your ISP’s. You will also be able to bypass geo-restriction.

3. Use encrypted messaging apps like Signal or any other that you trust

use encrypted messaging and voice-calling similar with Telegraph or Wire.