This Week In Security - 12/09/2019
The British-based National Society for the Prevention of Cruelty to Children slammed Facebook’s plans to improve user privacy by implementing the same end-to-end encryption used on WhatsApp to both Facebook Messenger and Instagram. According to the charity’s head of child safety online, Andy Burrows, in doing so, “Facebook is actively choosing to give offenders a place to hide in the shadows”. While privacy advocates are all in favor of such a move, the NSPCC has proposed certain measures are put in place, “such as no end-to-end encryption for messages going to or coming from children’s accounts” to protect children while giving adult users the privacy they crave.
The problem, the NSPCC says, is that end-to-end encryption makes it very difficult to detect criminal behavior, especially those engaged in child pornography and other forms of child abuse. It seems Facebook is sympathetic to such concerns, however, and responded to the NSPCC’s comments, saying, “we’re consulting with experts on the best ways to implement safety measures before fully implementing end-to-end encryption”.
Facebook announced that it would go ahead with its plans to call more attention to the Secret Conversation feature which has been part of Messenger since 2016 but isn’t widely used.
As the first few months of beta testing the Firefox Private Network (FPN) encryption tool draws to an end, Mozilla announced it will be releasing a fully-fledged VPN app based on the features and security measures introduced with its FPN browser extension. Although FPN is currently only available to desktop devices and restricts users to a 12-hour private browsing session, Mozilla plans to release a Windows app that will encrypt all your online traffic and your app usage. This is great news for Mozilla enthusiasts, although it may struggle to compete with the best VPNs which have been honing their skills for the past decade.
One of the latest VPN providers, Surfshark, offered its services at a budget price but it seems Mozilla is confident of its popularity and will be charging $4.99 per month for its VPN which is not cheap enough to undercut the competition yet expensive enough to be off-putting.
There’s a battle taking place in cyberspace and this one is on a global scale and involves national leaders and international institutions. On the one side are advocates for an open and global internet while on the other are those seeking a more “sovereign and controlled” approach. Last month, the UN approved a proposal backed by Russia that aims to “create terms of reference for a global ‘cybercrime’ treaty”. The aim is, apparently, to squash political dissent online and fight cyberterrorism but we’ve heard those arguments many times before and often they are simply a cover for blocking content and extending government censorship and surveillance capabilities.
Countries advocating online freedom may be tempted to boycott the resolution, which is entitled, “Countering the use of information and communications technologies for criminal purposes” but doing so would be tantamount to handing the reins over to Russia and other authoritarian regimes. According to a report in the Washington Post, “if the United States and other champions of an open Internet boycott the process, authoritarian regimes will be free to shape the treaty’s terms of reference in ways that advance digital authoritarianism even more”.
Android devices have always struggled to compete with iOS when it comes to security but its finally making moves in the right direction. Google data indicates that most Android apps currently available in the Google Play Store use network encryption by default, boosting security and reducing the threat of man-in-the-middle attacks. This is great news for Android users and the rate at which TLS encryption has been rolled out is impressive with zero apps using it at the beginning of 2018, to 80% by the end of October 2019. Don’t be drawn into a false sense of security just yet, however.
Although new and updated apps may be using the secure cryptographic protocol standard, TLS, there are still somewhere in the region of 500,000 Android apps out there that send and receive unencrypted data. You likely have at least one of these causing vulnerabilities on your device right now, which is why regular updates are so crucial to your device security. Nevertheless, the future looks rosy for privacy advocates and a little thornier for hackers and cybercriminals targeting Android devices. Find out more about how encryption works here.