Security News This Week: Russia’s FindFace Face-Recognition App Is a Privacy Nightmare
These last few months have presented some complicated security stories, and this week we took steps to untangle them. We looked at the many, many ways in which the FBI hacks people, revelations of which have been trickling out for decades. And we broke down just how hackers were able to lift $81 million from a Bangladeshi bank in a matter of hours—well short of their billion-dollar goal, but still a hefty sum, cleverly obtained.
In the world of software, Google has finally offered end-to-end encryption in its messaging products. No, not Hangouts. It’s Allo and Duo, new chat and video apps that use the stalwart end-to-end encryption known as Signal. It’s the same that locks down WhatsApp. On Allo, end-to-end kicks in only when you’re in incognito mode, which we guess is better than nothing. Dating app Grindr, meanwhile, turns out to be decidedly not secure; researchers found that it leaks a user’s exact location, even when a setting intended to mask it has been enabled.
In other research news, a team at Purdue University has developed a new surveillance system that matches up public, unprotected cameras with an incident map of crime and emergencies. It could do wonders for first responders, but gives privacy advocates pause. Lastly, Wikileaks whistleblower Chelsea Manning has finally filed an appeal in her case, nearly three years after sentencing.
And there was more: Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Earlier this week, the Iraqi government shut off the internet. That’s nothing new; it did so over a dozen times last year. The reason for the blackout? To prevent kids from cheating on exams. Which, weirdly enough, is also not a first-time occurrence.
In fact, the frequency (and ease) with which Iraq unplugs the broadband for its citizens has become more interesting than any isolated incident. WIRED UK takes a look at how Iraq pulls off the troubling disappearing act. Here’s a hint: Owning most of the ISPs, as well as the infrastructural backbone, sure doesn’t hurt.
The FBI’s long and storied history of trying to crack Tor, a distributed network that lets you use the internet with relative anonymity, added a surprising chapter this week. In an interview with CNN, Tor developer Isis Agora Lovecruft explains that her recent move to Germany was prompted by a visit from the feds.
Lovecruft isn’t sure what it is the FBI wants, but expressed concern that the agency would attempt to compel her to compromise Tor’s security. Rather than take that risk, she flew to Berlin in December. As of April, the FBI was still trying to get in touch, asking her lawyer where it might best send a subpoena.
Digital first-amendment rights have a new, deep-pocketed defender: The First Amendment Institute, spawned by the Knight Foundation and Columbia University, is a new $60 million effort that will fund research, education, and litigation that relates to freedom of expression. Specifically, the kind that takes place online.
A release announcing the plans cited the uncertain finances of many media organizations, and the need for a backstop to ensure they can fight the kinds of legal battles that aggressive reporting can precipitate. It’s a real concern; just last fall, Mother Jones scored a landmark legal victory against billionaire Frank VanderSloot, but not before a total legal cost of over $3 million. That’s more than many media organizations would be able to pay. The First Amendment Institute will help them fight those battles, without fear of a ruinous end—even in victory.
You know that version of dystopia where everyone’s face is in one big database and their identities can be called up with a few taps on a smartphone? Welcome to Russia!
FindFace, an app that launched in Russia two months ago, draws from the 700,000-strong profile picture database of social network Vkontakte to match up photographs with actual humans. It’s reportedly 70 percent reliable, which is about 70 percent more reliable than most people would be comfortable with. Even more unsettling, the two founders sound keen to license the tech to retailers and law enforcement.
At least there’s some reassurance in that it doesn’t work on Facebook photos. For now.
Ransomware can be a nasty business, freezing up access to people’s digital storehouses, usually offering relief only after the payment of, well, a ransom. Not so with TeslaCrypt, which has targeted Windows PC video games for the last several years. Its owners recently didn’t just shut down operations; they gave everyone the master decryption key, a universal get-out-of-hack free card. They also said they were sorry, with an exclamation point, so you know they really meant it.
Since not all ransomware proprietors are likely to be so accommodating, the best thing you can do is preemptively protect yourself. Here are some tips for doing just that. For what it’s worth, most of the advice applies to general computer security hygiene as well.