Parental Control – Surveilling your parents … Ew!

There you have it: Parental Control is needed more than ever, in a subtle way (I’d suggest you would do best to re-study The Cyber Effect; as I do), given the ever increasing (sic) risks online for the smaller than you.

But what about the more grown-up than you; your parents …? They either are only now, slowly, coming online, or they have been there already longer and have practiced but now are becoming older and mentally less capable or acute.
Hence, would we need to instate parental control to (also) mean: control over your parents (‘ their online behaviour)? And how would we have to arrange that; the norms for what e.g., appropriate content would be, are, ahem, not so clear. When a child would want to explore a vast portion of the Internet / its traffic, many agree that this would be either to be forbidden or a serious learning opportunity qua acceptability. When the one(s) that taught you about the birds and the bees would want to visit such sites, well, ew! but on the other hand…
Similar, qua gambling sites, hooliganism, et al. — not forbidden for any adult but where do things get out of hand, squared with how the capacity to operate in society may deteriorate with the elderly and where the thresholds might be.

Yes, in Europe, when you die your data (on socmed etc. too!) belongs to the government and your family has no rights over them. By consequence of some weird interpretations of obscure articles, contra reasonable moral and ethical expectations by relatives (either biologically/family-related or qua social media ‘friends’..?).
But for bank accounts et al., there have been practical rules and protocols already a long time, so that children (come of age) slide stepwise into custodianship. Would we need something similar for parents’ online behaviour? What would the rules of thumb look like, and could they be enforced somehow, to protect the weak against abuse ..?

Let’s discuss. And:
[Bridge too far? Cala aging again; Sevilla this time]

Colluding AI

As more and more grunt work (like, so much that’s done in the intenisve people farms called ‘offices’) is replaced with AI, how soon will we find that some decision by a human, hardly in control anymore but totally reliant on the precooked algorithmic outcome provided by AI, will be contested in court – that will be presided over by a judge, hardly in control anymore but totally reliant on the precooked algorithmic outcome provided by AI, and the two colliding against humans’ interests…

Note that “of course”, there will be humans nominally handing out the final verdict(s), because so many (not yet) fought so hard (not enough yet) to keep a ‘human in the loop’. But having achieved not much more than the nominal thing, and there quickly being far too little humans with enough experience (how would they gain that, when they haven’t gone through the grunt work themselves, including being allowed to err sometimes or how would they otherwise have learned ..?) to be able to usefully overrule the AI. Usefully, in the sense that the AI will have all the better, rational even if outlandish arguments… No more gut feelings … That may be part of what makes us human; whaddabout Kahnemann’s 90% System 1 ..?

And then, still, what when AI finds it rational to re-introduce the death penalty ..? Swiftly executed, to preempt appeals?

Oh how bright is our future! Also:
[There was supposed to be a shut-down button somewhere in one AI/pillar at least… Now they switch each other On again …; Córdoba]

Discharging DPOs by auditors

Now that it by and large seems to be that GDPR hypestuff is mostly pushed into the legal corner, … let it stay there. Let the others do their job, and reap all the benefits. I.e., via the avenue (required budget-wise; wildlands qua budgets received) of data discovery [Uchg ugly word I meant inventory] / data minimalisation/cleansing / data security [the old way, like information security, not the #ditchcyber fail] towards magnificent efficiencies in IT ops, and much clearer, exponentially better profile’able data even if Big.

Hey, the DPO was so self-inflatedly Important, right? Let him (sic) handle all the fan mail then… Let him panick-crash during every high-pressure breach BCM handling.

And then a. get fired, b. get sued, c. get replaced by yet another legal scholar turned business savvy (quod non) ‘executive’ [who executes who?].

But … in the mean time, someone would have to discharge the DPO. Not from internal audit because they’re part of the problem organisation.

OK, let’s have that done by an external auditor, then. A specialist, hopefully.

Hereby my claim to that specialty. Will develop fully-compliant methodology, will travel (charging expense…).

And:

[As an external auditor specialist, I love to have this sort of view; NY]

Some Quotum of Questions of Quantum

Am I the only one with questions how the following intertwine:
An article on how quantum-secured blockchain may be so safe, but possibly not in the hands of whom you’d want it? If in anyone’s hands at all, since no-one can be trusted forever; if you wouldn’t believe that, you declare yourself incapable of discussion on this subject…
A most brillant blog post on a related subject.
An equally insightful piece on how blockchain-of-command would lead to Totalitarianism.
An equally … Being the Why Johnny Can’t Encrypt, 2017 version. Notably, the previous versions hadn’t been patched properly…

So, you see a Perfect Storm or what ..?

Plus:

[Why did you cross the street, you chicken? M’drid]

Car disruption

Have governments gone insane?? They penalise anyone (but certainly not everyone) going over some completely [?] arbitrary speed, whereas my car can do double that, easily. This needs to be disrupted! Just drive as fast as you can handle, don’t care about the ‘others’ that stand in the way of you in your fundamental rights to freedom and the pursuit of happiness, and fight government in courts when they go after you – they are the stupid ones! They can’t stand you disrupting the traffic market by being quicker than the stupid sheeple [or is that you disruptor-user ..?] from A to B! People will die in traffic (e.g., by being so stupid as to always stay on the pavement but wanting to cross the road at a pedestrian crossing; fools. Children will veer off onto the streets; too bad. There will always be some less lucky and they take themselves out of the gene pool, just let them not hinder the Winners.

I’m into privacy. Which is of course completely different? from traffic ‘markets’ where the road is a commons, bound by rules (like, one doesn’t have priority but should give it to others when due) to make it reasonably safe for anyone (as a commons: no over-use till Tragedy Of). Just like hotels having to live by all sorts of safety rules (training staff, smoke alarms, hygiene, etc.etc.) for a reason. The same reason (or worse, given casuality of visitors) that goes for the V-sign company?
So, privacy in public space, the more virtual the more so [at least, no bit less so], can one (ab)use it when in breach of laws of common decency – that go much beyond mere laws or constitutions ..?

Not even a personal thing, the above … and:

[Perfect space for street racing…? Wouldn’t even hit too many ‘innocents’ here…; Zuid-As Ams]

Macrodots on your Opsec training card

Already a couple of weeks (month) ago, the whole secret-microdots-ID-your-printer thing came out. Re the leakage of something-TLA in relation to electionhacking [let’s write that as one word, better aligning the construct] or what was it, where the leakster was IDd quickly because the microdot on the published material(s) revealed the printer used.
Here I was, thinking that this microdot thing – Some claim it goes with laser printers only, not inktjet/dot matrix ones; anyone has any definitive confirmation of this? If confirmed, how many non-stupid bad guys will still use laser printers not have switched already …? – was wider known (like, I had yet to meet anyone in the infosec field that didn’t know of them or could not expect them, nor give any canary) but was supposed to not be used for any but the most extreme evidence-requiring circumstances. Like, you let incidental bombers walk because you don’t want to reveal your methods in order to be able to trace networks of them.

But here, a simple case of whistleblowing (is it, or is there more at play, like, Western democracy or even something serious, unfake …?) and everyone knows it now, in the open. Strange.
Tons of good info in the link, BTW.

Also strange that someone with such high clearance wouldn’t be better trained in Opsec, hence a. know about microdots and b. have used more covert leak channels. If training of such critical staff is so poor, there’s more serious troubles than just the demise of democratic institutions forthcoming.

Or maybe pretty-face leakster was ousted for not (falling for blackmail pushing to) providing some kind of services. Who knows. No one, these days of non-non-repudiatable news.

Oh well. And:

[In some relation to the above, that guy on the pole would know much better than to want encryption banned or backdoor’d to counter some moronic attackers like latter-day flat-out lying PMs]

Ten reasons quantum crypto will not

There may be more reasons that quantum crypto will not protect you against those evil villains out there, as suggested here (in Dutch) but quod non!!! (as I said; in Dutch ;-| ), for the not ten but one single reason:

When ‘hackers’ will not be able to access your comms when you will be using quantum crypto, so governments will also not so forget about it you will be jailed for life for using quantum crypto in the first place and also you are the most suspect of all and if still you’d try to use it, you will be whacked off-line … and your house raided, etc.etc. Because this.

And because, however clever you might think you are, obviously in vein, there will always be the ‘endpoint-to-you gap’ where parties may intervene.

Or they put a gun to your head. Good luck refusing.

And governments will restrict to their own comms; the most powerful one grabbing the scene and leaving all of the rest in the dust. And IF you believe their beneficial ethics, well you just removed yourself from serious discussion.

Anyway:
[Drone with too much tilt shift, or ’70s display scanned from an (actual, physical) slide..? (mine; ed.); <undisclosed location>]

Nudge, nudge, wink, wink, know what infosec behaviour I mean?

Am working on an extensive piece, a long-longread, on as many aspects of behavioural change towards true ‘secure’ user behaviour as I can cram into text. I.e., moving beyond mere full ‘awareness’ as phases 2/3 of this, to phase 4. Strange, by the way, that there is in that no end ‘phase’ or cycle in which one finds out to have been in phase 4 already for some time but didn’t notice and now forgets just as quickly as that seems ‘logical’.

But back to today’s subject, which is the same, but on a tangent. My question to you dear readers [why the plural, or >0 ..?] is:
Would you have pointers to (semi)scientific writing on the use of nudges to (almost)stealthily change (infosec-related) behaviour ..?
I could very much use that. Other sectors of human behaviour influencing studies have ample info on the effectiveness of such nudges, but for infosec I’m still with Googlewhack-like results.

Thanks in advance… Plus:

[The ways to seek prosperity from misery; EPIC Dublin]

Knitting against Cyberrrr…

This here piece, being the explanation why hiding in plain sight beats overtly-crypto tools. Quite enough said, right, apart from the note that the solution is a form of arms’ race flipping, as predicted. Would only wonder (again) how many cat pics out there, have stego messages, and how many TLAs are constantly scanning all Pinterest- and others- uploaded pics for nefarious content. Where the sheer volume created by innocent users, helps the bad guys (girls…!) to escape (timely) detection, or what?

Maybe sometimes human interaction can still help, like with this. Of quite another category but deserving massive global support nevertheless. Can ABC’s and Facebk’s image recognition engines be sollicited, or are we looking at the hardest pics still eluding the strongest AI-yet ..?

Back to knitting-style help it is … And:

[If you recognise this’ your country, you just got an interesting PM story… (truly congrats)]

Stay put while moving your address

Lately, there were a number of times I was reminded that for those that still use email (i.e., the overly vast majority of us!), some email addresses have been more stable over time than mere snail street addresses. And, with the different use of email versus the type that it was (derived-)named after, quite some times your ‘stable’ email address is harder to change. Where moving physical home address will easily redirect your mailman’s delivery for a large sway of services (utilities, subscriptions, et al.), such service doesn’t necessarily exist for email.
Not strange. You can move house and then take your email with you. Come to think of it, this is part of the greatness of the OSI model, right?
But strange. Try to ‘move’ (i.e., change) your private email address, that you use for innumerable websites, affiliation subscriptions, socmed profiles, etc.etc., and … you’re hosed. In particular, when you don’t have access to your former email address e.g., when switching employers (wasn’t a good idea to begin with, even in about-all of the world where using company equipment still leaves you with all privacy protection you’d need, excepting the corner of the world that their figurehead took out of the world’s developments so will revert to backwater, developing country-terrain), the confirm-change email may be unreachable as you can’t login to your old mail account… No solution provided anywhere.

So, as easy as it should be to move physically and have your physical address changed in public record systems, as easy it should be to keep some email address(es) that are used to identify you in person even when you’ve moved ISP…
Question to you: Is this covered under the “Must be able to move” hardcore requirement always under the GDPR..? *All* data should be coughed up in a machine-readable format to be processed in similar manner by some other service provider. That goes for email services too, automatically, so how will the (your!) sender/receiver addresses still be valid when you’ve moved ..?
If the latter works, then any service provider ID in your email address must work on any other provider’s systems, or your former is liable for up to 2% of global (sic) turnover. Quite a (damages avoidance) budget, to make things work…

Oh, and:

[Take a seat; not your address of any kind; Dublin Castle]

Maverisk / Étoiles du Nord