Category: Privacy

On your own, or forever be weak

Just a note that ‘cyber’security vendors (that hate #ditchcyber) will not save you whatever their claims are. Because they live off the perpetuation of the problem, and will make you weaker by lack of upkeep of your strengths at whatever levels they were.
Just a note that this applies to ‘intelligent’ devices of whatever sorts, too. Like, The Shallows squared; Home voice-recognising butlering devices (is there a category name for those already? The Echo’s, Alexia’s, Home’s I mean) or the bots out there on the ‘net, self-driving cars, etc.etc.

So, ed-ju-cay-shun is still to be pursued, in all directions! And:
DSC_0711
[Yes art education as well, to not skew your persepctive…; DC sculpture garden]

Non Dad Bots

With all the attention having gone to the not-so-Russian-or-are-they hacks, and some ransomware and CES17 news, over the past couple of months, one could have forgotten that not too long before, there was the wavelet (not like this) of hype over the, then, sudden exponential roll-out of bots in all sorts of customer-interactive sittuwaysjons.
Have these non dad bots, contrary to the MAMILs, disappeared from the streets ..? Or where are they; not like “out there in the cloud” which means a. they’re on someone’s machines, still, geo-bound as physically these are and hence under someone’s (non!)privacy control, b. nobody cares. But in a sense of ‘market share’ by any measure (which?), and who are the big players, what are the typical products/services and what metrics are there to compare these?
[Edited to add after scheduling the first version: this]

Just wanted to know. Surreptitious developments are ominous in their invisibility already. And working worse than ever… — some help may be thinkable, not yet on its way I’m sure, but that’s a long way off what we’d need…
Oh and I didn’t mean the idea of botnets for attack purposes; that’s done deal and yesterday’s weapons technology, right?
And also not robots, as they have a physical presence which enables some form of physical override options, at least in theory, when required and not hindered
Not even the personal at-home quasi-sentient devices limiting your world view ever more whilst plucking you bare for unwanted purchases behind your back.
But did mean the kinda chat bot-ish software working in the background…

Until then, we’re stuck with bad not dad bots not bods … With:
DSCN6171
[Physical protection, if of the obese/obsolete kind; Nancy (sic)]

Secret Health

The year hasn’t started in earnest, and already we’re swamped in news about the over-easy hackability in and/or frequent leakage of medical data from the Care sector — haha we aren’t swamped but rather, quite ignore the news because either one cannot do anything about it (but complain) or it’s too embarrassing …
Also, it turns out that people are more reluctant to share medical data (info) with their practitioner(s) when they are less secure about the secrecy of it; the very reason there’s such a thing as medical professional code of secrecy (doctor/patient confidentiality) and now, leading to worse care (quality, cost) then if proper secrecy wouldn’t be in doubt.

So, either you medical/care expert have professional pride to provide the best medical care and hence implement proper infosec measures (from ISMS to crypto-details) and chastise your managerial staaf for not doing it properly — or you try to wing it, don’t secure properly hence don’t provide maximal care, and should be banned.

And:

[A good health figure; Barça]

And … down goes LI

OK, so has a new platform risen yet, where ppl can just have their resumés and contacts and that sort of stuff, beyond the diversion that LinkedIn is on ..?

‘Cause all the talk you read, isn’t about what actual users (not the few that would want and need other, much better tools anyway) have their LinkedIn profile for. So any disruptor can finally get a shot at this. No, Flunkbook and the others with market shares and caps already, have their own niche (sic) and not this one by miles.

So, what’s your guess which one it will be ..? and:
DSCN0263
[Old-school defensive functionality; Ávila]

Two stikes and you’re out of third party standards

What a wobbling title.

When already for a second time (here), the European Supreme Court has ruled that laws requiring broad (meta)data retention for trawling are illegal per se, with a minute few exceptions, making it illegal to consider it legal (i.e., have a law requiring it — which of course is much stronger than just doing it on private company want) you’d better comply.

That’s all, folks, only adding the following thus undoing that:

  • You may read back some posts on how to pull off better Privacy (-compliance) in a fun and efficient way;
  • And note how this seems to run counter the above, or does it ..? Distinction is finer than initially thought;
  • Standards as yet fail to address sufficiently the main cause of leakage, being third parties or in your case, second parties; known for being the #1 Saying Yes (on paper) Doing No when it comes to maintaining security to the impeccable standards of yours. Those impeccable standards of yours that … can’t even seriously assume you’re at those levels. Can’t assume the second parties are anywhere near your levels even, because of their business model which is Profit over Non-profit [think that through] so have no incentive to take the moral high ground and all the incentives to the opposite … Those second parties of course are in your standards (are they? certainly not everywhere) under transparency towards first parties (customers) regulators if ever they’d look so (only just beyond skin-) deep or rather disregard the issue;
  • If not when those your standards would have been clear enough to yourself to collect and put them up as requirements, and properly communicated to the second parties, and (checked to have initially been) implemented with them;
  • But then no-one really knows how to pull off even core but real oversight over the infosec quality at second parties — don’t fool yourselves: reporting, always throught their Marketing/Sales, will give no real info (info being the things you’d want to notice, not the stuff you can skip because it’s green lights/smileys all the way); actual audits, are either by third parties most usually on pay of second parties hence on their hand (don’t believe the outright lie of independence [I’ve been there, countless scores of times..]) e.g., when ISAE- or other certification is in play (certification after petty-rules-compliance checking not Auditing see tomorrow’s post) or by your own auditors — how good are they, anyway, when this outsourced stuff is special to them too (as you outsourced, their knowledge / experience re this, tumbled) and again it’s a side show to their audit universe, hard to pull off (have a look at the notification requirements and their freedom of movement in the contracts…) and still with an interest of the second parties to show a nice picture not truth which is almost completely in their hands, or by some third party hired and paid by you, for which the latter flaw of pretty-picture needs; the Diginotar case anyone?
  • Summa summarum: You may be hosed.

Even more so, when it comes to Privacy. Either as an organisation, or as private person [ditch the oh so pejorative ‘individual’ and ‘citizen’ — don’t start me on the utter ridicule of the moronic ‘corporate personhood’], or both.

Oh well:

DSC_1024

[May be prone to strike the wrong way, too, anyway; DC]

Hoodies are off

Truly, we have arrived in a distopian world when crime fighters go after the petty ‘criminals’ only — if there were any bigger catches, the headlines would be flooded and as we hardly ever see that, this is the best for the fighters that they can brag about ..?
I mean, have a look at <link>; a real Cyberrr! (#ditchcyber) criminal was caught! How incredibly clever he was! Being traceable by his ‘own’ IP address and own bank account. So certain of his own greatness that he didn’t even seem to have worn a hoodie — you know, the device that keeps all ‘hackers’ [Dammit! Learn the difference between hacking and cracking!!! or remain a stool forever] completely anonymous. And in Russia. Or did I say R I meant China, when it’s about nation-state retaliation (sic!).

Where in Lucky Luke and Billy the Kid was it that the quote passes “Yes yes be silent dear little boy we do know you’re a really grow-up thug.” ..?
Time to hold this to the Police …?

Oh, and:
DSCN9971
[Surely, no-one would dare to attack here? Surely, this is just a decoy and nothing of value would be inside ..? — Well, the value’s not only in the hotel facilities but much more in the wine cellars … next door; Castello Gabbiano]

Hacking not allowed

… at least, if you’re from an official agency that would have to stick to basic rules of common decency.
Despite the push for the police to be allowed to exploit backdoors (and not report/repair them), the thing seems to not sit well with supreme legislation… (link in Dutch; with PDF and/or give Alphabet’s translator a try) — apart from making us all including themselves, much unsafer…

We’ll see. And:
DSCN8502
[The humane workplace — non doctored pic; Zuid-As Amsterdam]

Two AI tipping point(er)s

You may have misread that title.

It’s about tips, being pointers, two to papers that give such a nice overview of the year ahead in AI-and-ethics (mostly) research. Like, this and this. With, of course, subsequent linkage to many other useful stuff that you’d almost miss even if you’d pay attention.

Be ware of quite a number of follow-up posts, that will delve into all sorts of issue listed in the papers, and will quiz or puzzle you depending on wether you did pay attention or not. OK, you’ll be puzzled, right?

And:
DSCN1441
[Self-learned AI question could be: “Why?” but to be honest and demonstrating some issues, that’s completely besides the point; Toronto]

No, you're hacked

OK, we have a couple of little things:

  • “It’s not if but when an organisation is hacked”
  • This leads to access to some of your personal data however innocious (or not)
  • Only a handful of your however innocious personal data is needed to identify you and/or take over your ID
  • Your personal data however innocious on the surface (sic) is with so many organisations.

Syllogically, ID theft will ruin your life, pretty soon.

Now you may counter that … blabla you’re not interesting enough (maybe, but how sure are you, and if you’re so clean your ID has value to the not-so-clean), it won’t happen to you because it hasn’t happened to you (yet, that’s the point) … et cetera.

But oh, you will be hit …

And with that positive reminder, this:

DSCN8391

[If life were as simple as at once major global city Edam…]

Four horsemen, with a badge

Now that ‘our failproof heroes of integrity’ (one of those five words is correct) have gained the right to hack and exploit each and every users’ device in their battle (huh) against the four horsemen, each, all and every proof of misconduct of however grave or minor import that anyone would conduct using any such ‘cyber’ device would not hold in court because no-one can prove it was the general user / suspect (sic) that put the data onto there or used it and the police would be implicated as well but cannot prove satisfactory it wasn’t them.

Obliterating any chance of ever proving actual foul horsemen…

But hey, they seem to have wanted that. For a reason? E.g., the above suspects were in majority already among the pursuers ..?

Why would I care… and:
DSCN8626cut
[Your ‘straight’ thinking…; Zuid-As Amsterdam]

Maverisk / Étoiles du Nord