#signal

Why Signal and not Threema ? : signal
▻https://www.reddit.com/r/signal/comments/852qor/why_signal_and_not_threema

https://upload.wikimedia.org/wikipedia/commons/thumb/4/4f/Signal_Blue_Icon.png/480px-Signal_Blue_Icon.png

Signal is open source, Threema is not, so that disqualifies Threema as a secure app in my opinion. You could as well continue using WhatsApp since it’s also end to end encrypted but closed source. Wire is another great alternative, and it’s German.

Hacker erklären, welche Messenger-App am sichersten ist - Motherboard
▻https://motherboard.vice.com/de/article/7xea4z/hacker-erklaren-welche-messenger-app-am-sichersten-ist

https://video-images.vice.com/_uncategorized/1516617451244-end-to-end_v2-1.jpeg

Passons sur les exigences plus poussées, je ne vois que Signal qui satisfait tous ces besoins. Après on peut toujours utiliser plusieurs « messenger apps » afin de rester au courant des « updates » de tout le monde - à l’exception des apps de Facebook (Whatsapp), Wechat et Google parce que leur utilistion constitue une menace de votre vie privée simplement par l’installation sur votre portable.

Roland Schilling (33) und Frieder Steinmetz (28) haben vor sechs Jahren begonnen, an der TU Hamburg unter anderem zu dieser Frage zu forschen. In einer Zeit, als noch niemand den Namen Edward Snowden auch nur gehört hatte, brüteten Schilling und Steinmetz bereits über die Vor- und Nachteile verschiedener Verschlüsselungsprotokolle und Messenger-Apps. So haben sie beispielsweise im vergangenen Jahr geschafft, die Verschlüsselung von Threema per Reverse Engineering nachzuvollziehen.

Ihre Forschung ist mittlerweile zu einer Art Aktivismus und Hobby geworden, sagen die beiden: Sie wollen Menschen außerhalb von Fachkreisen vermitteln, wie elementar die Privatsphäre in einer Demokratie ist. Im Interview erklären sie, auf was man bei der Wahl des Messengers achten soll, welche App in punkto Sicherheit nicht unbedingt hält, was sie verspricht und warum Kreditinstitute sich über datenhungrige Messenger freuen.
...
Roland Schilling: Bei mir ist es anders. Ich bringe die Leute einfach dazu, die Apps zu benutzen, die ich auch nutze. Das sind ausschließlich Threema, Signal und Wire. Wenn Leute mit mir reden wollen, dann klappt das eigentlich immer auf einer von den Dreien.
...
Frieder: ... Signal und WhatsApp etwa setzen auf die gleiche technische Grundlage, das Signal-Protokoll, unterscheiden sich aber in Nuancen. Threema hat ein eigenes, nicht ganz schlechtes Protokoll, das aber beispielsweise keine ‘Perfect Forward Secrecy’ garantiert. Die Technik verhindert, dass jemand mir in der Zukunft meinen geheimen Schlüssel vom Handy klaut und damit meine gesamte verschlüsselte Kommunikation entschlüsseln kann, die ich über das Handy geführt habe. Signal und WhatsApp haben das.
...
Roland: Ein gutes Messenger-Protokoll ist Open Source und ermöglicht damit Forschern und der Öffentlichkeit, eventuell bestehende Schwachstellen zu entdecken und das Protokoll zu verbessern. Leider gibt es auf dem Messenger-Markt auch viele Angebote, die ihre vorgebliche „Verschlüsselung“ diesem Prozess entziehen und geheim halten, oder das Protokoll zwar veröffentlichen, aber auf Kritik nicht eingehen.

Secure WhatsApp Alternatives – Messenger Comparison
▻https://www.boxcryptor.com/en/blog/post/encryption-comparison-secure-messaging-apps

Threema and Telegram under Control of Russia’s Government ?
▻https://medium.com/@vadiman/threema-and-telegram-under-control-of-russias-government-f81f8e28714b

WhatsApp Exploited by NSA and US Secret Services?
Go to the profile of Vadim An
Vadim An
Mar 7, 2018
This is the end of era centralized communication!

The 2017/2018 years are hot and saturated with cybersecurity challenges. Almost every week, a major media source reported hacking incidents or backdoor exploits in popular communication and messaging services. Some of which granted government agents unauthorized access to private and confidential information from within the communications industry.

According to mass-media reports, one of the most popular Swiss secure messaging apps Threema moved under the control of the Russian government and has been listed in the official registry with a view to controlling user communications.

This can be seen on regulatory public website ▻https://97-fz.rkn.gov.ru/organizer-dissemination/viewregistry/#searchform

This knockout news was commented by Crypviser — innovative German developer of the most secure instant communication platform based on Blockchain technologies, of the point of view, what does it mean for millions of Threema users?

To answer this question, let’s understand the requirements for getting listed in this registry as an “information-dissemination organizers” according to a new Russian federal law, beginning from 01 June 2018.

The law requires that all companies listed in internet regulator’s registry must store all users’ metadata (“information about the arrival, transmission, delivery, and processing of voice data, written text, images, sounds, or other kinds of action”), along with content of correspondence, voice call records and make it accessible to the Russian authorities. Websites can avoid the hassle of setting aside this information by granting Russian officials unfettered, constant access to their entire data stream.

This is very bad news for Threema users. Threema officials have reported that they are not aware of any requirements to store, collect, or provide information. Maybe not yet though since there is still some time until 01 June 2018 when the new law kicks in and Threema will be obligated to provide direct access to sensitive user’s data.

It’s possible that Threema is fully aware of this despite claiming otherwise. They may realize that the most popular messenger in Russia, Telegram, has been under pressure since refusing to officially cooperate with Russian secret services. If Russia takes steps to block Telegram as a result, then Threema would become the next best alternative service. That is assuming they’re willing to violating the security and privacy rights of its users by giving in to the new law’s requirements.

Based on the reports of Financial Time magazine, the Telegram founder agreed to register their app with Russian censors by the end of June 2017. This, however; is not a big loss for Telegram community because of the lack of security in Telegram to date. During the last 2 years, its security protocol has been criticized many times and many security issues were found by researchers. Although there is no direct evidence showing that Telegram has already cooperated with the Russian government or other governments, these exploitable bugs and poor security models make Telegram users vulnerable victims to hackers and secret services of different countries.

The same security benchmark issues have been explored in the biggest communication app WhatsApp. The security model of WhatsApp has been recognized as vulnerable by the most reputed cryptographic experts and researchers worldwide. According to the Guardian, a serious “backdoor” was found in encryption. More specifically, the key exchange algorithm.

A common security practice in encrypted messaging services involves the generation and store of a private encryption key offline on the user’s device. And only the public key gets broadcasted to other users through the company’s server. In the case of WhatsApp, we have to trust the company that it will not alter public key exchange mechanism between the sender and receiver to perform man-in-the-middle attack for snooping of users encrypted private communication.

Tobias Boelter, security researcher from the University of California, has reported that WhatsApp’s end-to-end encryption, based on Signal protocol, has been implemented in a way that if WhatsApp or any hacker intercepts your chats, by exploiting trust-based key exchange mechanism, you will never come to know if any change in encryption key has occurred in the background.

The Guardian reports, “WhatsApp has implemented a backdoor into the Signal protocol, giving itself the ability to force the generation of new encryption keys for offline users and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered. The recipient is not made aware of this change in encryption.”

But on the other hand, the developer of Signal messaging app Open Whisper Systems says, ”There is no WhatsApp backdoor”, “it is how cryptography works,” and the MITM attack “is endemic to public key cryptography, not just WhatsApp.”

It’s worth noting that none of the security experts or the company itself have denied the fact that, if required by the government, WhatsApp can intercept your chats. They do say; however, WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. With this statement, agrees on a cybersecurity expert and CTO of Crypviser, Vadim Andryan.

“The Man-in-the-Middle attack threat is the biggest and historical challenge of asymmetric cryptography, which is the base of end-to-end encryption model. It’s hard to say, is this “backdoor” admitted intentionally or its became on front due lack of reliable public — key authentication model. But it definitely one of the huge disadvantages of current cryptographic models used for secure instant communication networks, and one of the main advantage of Crypviser platform.”

Crypviser has introduced a new era of cryptography based on Blockchain technologies. It utilizes Blockchain to eliminate all threats of Man-in-the-Middle attack and solves the historical public key encryption issue by using decentralized encryption keys, exchanges, and authorization algorithms. The authentication model of Crypviser provides public key distribution and authorization in peer-to-peer or automated mode through Blockchain.

After commercial launch of Crypviser unified app, ”messenger” for secure social communication will be available on the market in free and premium plans. The free plan in peer-to-peer authentication mode requires user interaction to check security codes for every new chat and call. The full-featured premium plan offers Blockchain based automated encryption model and powerful professional security features on all levels.

You can see the comperisation table of Crypviser with centralized alternatives in the below table

#internet #communication #sécurité #vie_privée

allo @Place_Beauvau - c’est pour un signalement

https://i.imgur.com/85kBUPS.png

–-> #David_Dufresne @davduf a décidé d’alerter le #Ministre_de_l'Intérieur chaque fois qu’une vidéo montre des pratiques policières qui ne sont pas conformes à la Loi et aux réglements du maintien de l’ordre. ►https://twitter.com/search?f=tweets&vertical=default&q=allo+%40Place_Beauvau+-+c%27est+pour+un+ … Il demande aux vidéastes et aux autres de l’aider.

#twitter #réseaux_sociaux #dénonciation #résistance #violences_policières #police #signalement #gilets_jaunes

ping @isskein

I tracked my iPhone usage for a week and this is what I learned
▻https://www.theguardian.com/technology/2018/jul/12/i-tracked-my-iphone-usage-for-a-week-and-this-is-what-i-learned

From picking up the phone every seven minutes to realising that Safari is my main time sync, Apple’s Screen Time tools revealed more than I expected How many times do you pick up and interact with your phone in a week ? More than 500 times ? How about the sheer number of notifications you get ? It might number in the thousands. With all the talk of smartphone addiction, I was curious to find out just how often I actually use my phone and why, so I took Apple’s new Screen Time phone-tracking (...)

#Apple #Google_Dashboard #Signal #smartphone #iPhone #addiction #ScreenTime

Encrypted Messaging Apps Have Limitations You Should Know
►https://www.wired.com/story/encrypted-messaging-isnt-magic

https://media.wired.com/photos/5b1ef5ebb878a15e9ce80d43/191:100/pass/Encrypted-Messaging.png

Encrypted communication used to be too complicated for mainstream use, but approachable apps like WhatsApp and Signal have become a no-brainer for digital privacy. With all of their security-minded features, like disappearing messages and identity-confirming safety numbers, secure chat apps can rightfully give you peace of mind. You should absolutely use them. As the adage goes, though, there’s no such thing as perfect security. And feeling invincible could get you in trouble.

End-to-end encryption transforms messages into unintelligible chunks of data as soon as a user presses send. From there, the message isn’t reconstituted into something understandable until it reaches the receiver’s device. Along the way, the message is unreadable, protected from prying eyes. It essentially amounts to a bodyguard who picks you up at your house, rides around with you in your car, and walks you to the door of wherever you’re going. You’re safe during the transport, but your vigilance shouldn’t end there.

“These tools are hugely better than traditional email and things like Slack” for security, says Matthew Green, a cryptographer at Johns Hopkins University. “But encryption isn’t magic. You can easily get it wrong. In particular, if you don’t trust the people you’re talking to, you’re screwed.”

On one level it’s obvious that both you and the person you’re chatting with have access to the encrypted conversation—that’s the whole point. But it’s easy to forget in practice that people you message with could show the chat to someone else, take screenshots, or retain the conversation on their device indefinitely.

Former Trump campaign chair Paul Manafort found this out the hard way recently, when the FBI obtained messages he’d sent over WhatsApp from the people who received them.

In another current investigation, the FBI was able to access Signal messages sent by former Senate Intelligence Committee aide James Wolfe, and had at least some information about the encrypted messaging habits of New York Times reporter Ali Watkins, after the Justice Department seized her communications records as part of a leak investigation. Though it’s unknown how the FBI gained access to these encrypted chats, it wouldn’t necessarily have taken a crypto-breaking backdoor if investigators had device access or records from other chat participants.

You also need to keep track of how many devices you’ve stored your encrypted messages on. If you sync chats between, say, your smartphone and your laptop, or back them up in the cloud, there are potentially more opportunities for the data to be exposed. Some services, like iMessage and WhatsApp, either have cloud backups enabled by default or nudge users toward it to streamline the user experience. Manafort provides a useful illustration once again; investigators accessed his iCloud to access some of the same information informants gave them, as well as to glean new information about his activity. The chats were encrypted in WhatsApp; the backups were not.

“Digital systems strew data all over the place,” Green notes. “And providers may keep metadata like who you talked to and when. Encrypted messaging apps are valuable in that they tend to reduce the number of places where your data can live. However, the data is decrypted when it reaches your phone.”

That’s where operations security comes in, the process of protecting information by looking holistically at all the ways it could be obtained, and defending against each of them. An “opsec fail,” as it’s known, happens when someone’s data leaks because they didn’t think of a method an attacker could use to access it, or they didn’t carry out the procedure that was meant to protect against that particular theft strategy. Relying solely on these encrypted messaging tools without considering how they work, and without adding other, additional protections, leaves some paths exposed.

“Good opsec will save you from bad crypto, but good crypto won’t save you from bad opsec,” says Kenn White, director of the Open Crypto Audit Project, referencing a classic warning from security researcher The Grugq. “It’s easy for people to be confused.”

The stakes are especially high in government, where encrypted chat apps and disappearing message features are increasingly popular among officials. Just last week, sources told CNBC that investigators for special counsel Robert Mueller have been asking witnesses to voluntarily grant access to their encrypted messaging apps, including Dust, Confide, WhatsApp, and Signal. CNBC reported that witnesses have cooperated to avoid being subpoenaed.

Several encrypted messaging apps offer a disappearing message feature to help ensure that neither you nor the person you’re chatting with keeps data around longer than necessary. But even this precaution needs to come with the understanding that the service you’re using could fail to actually delete the messages you mark for erasure from their servers. Signal had a recent problem, first reported by Motherboard, where a fix for one bug inadvertently created another that failed to delete a set of messages users had set to disappear. The app quickly resolved the issue, but the situation serves as a reminder that all systems have flaws.

“Encrypted communication apps are tools, and just like any other tool, they have limited uses,” says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation.

In fact, simply choosing an encrypted messaging service may cary unknown risks. Some services like Confide and Telegram haven’t allowed an independent auditor to evaluate their cryptography, meaning it’s difficult to know how trustworthy they are, which of their promises they keep, and what user data they actually retain. And iMessage may collect more metadata than you think.

Signal, WIRED’s secure messaging recommendation, is open source, but it also proved its trustworthiness in a 2016 case where the service was subpoenaed. Developer Open Whisper Systems responded to a grand jury subpoena saying it could only produce the time an account was created and the most recent date that a user’s Signal app connected to its servers. The court had asked for significantly more detail like user names, addresses, telephone numbers, and email addresses. Signal had retained none of it.

While end-to-end encryption is a vital privacy protection that can thwart many types of surveillance, you still need to understand the other avenues a government or attacker could take to obtain chat logs. Even when a service works perfectly factors like where messages are stored, who else has received them, and who else has access to devices that contain them play an important role in your security. If you’re using encrypted chat apps as one tool in your privacy and security toolbox, more power to you. If you’re relying on it as a panacea, you’re more at risk than you realize.

Lily Hay Newman - 06.14.18

▻https://www.wired.com/story/ditch-all-those-other-messaging-apps-heres-why-you-should-use-signal
►https://www.wired.com/story/encrypt-all-of-the-things
▻https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/06/06/the-cybersecurity-202-paul-manafort-s-case-may-undermine-the-fbi-s-encryption-argument/5b16ae5e1b326b08e8839150
▻https://blogsofwar.com/hacker-opsec-with-the-grugq
▻https://www.cnbc.com/2018/06/06/mueller-team-zeroes-in-on-encrypted-apps-as-witness-turn-in-phones.html
▻https://motherboard.vice.com/en_us/article/bj3pxd/signal-disappearing-messages-not-disappearing
►https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police
▻https://www.wired.com/story/ditch-all-those-other-messaging-apps-heres-why-you-should-use-signal
▻https://www.aclu.org/blog/national-security/secrecy/new-documents-reveal-government-effort-impose-secrecy-encryption?redirect=blog/free-future/new-documents-reveal-government-effort-impose-secrecy-encryption-company

#vie_privée #messagerie_chiffrée #protection_des_données_personnelles #autodéfense_numérique #cryptography #chiffrement #Signal #gnupg

Following the #EFF blunder about #Efail, a good analysis of “security nihilism” (“Since we can’t solve that problem, it’s not worth solving other related problems.”)

▻https://www.aclu.org/blog/privacy-technology/internet-privacy/encrypted-email-and-security-nihilism

#security #cybersecurity #PGP #Signal

Technology and Sex Work — it will get better.
▻https://hackernoon.com/technology-and-sex-work-it-will-get-better-e893192f1379?source=rss----3a

https://cdn-images-1.medium.com/max/720/1*5Fn2P6sop0Ohl2onrh55lg.jpeg

I wrote this article so I could share a picture of my hot girlfriend and talk about how she and others could potentially avoid being punched in the head.Last week my girlfriend, a professional dominatrix, was assaulted (punched in the head actually) by a first time client who works at the Blue Cross Blue Shield headquarters here in downtown Chicago.The last few weeks have been a bit of a downer in our household, to say the least. My girlfriend used to get the majority of her clients off Backpage. This in and of itself was fraught with danger — due to the anonymity of sites like Backpage, you never were quite sure who you were getting. When Backpage, craigslist and various forums shut down over SESTA/FOSTA, we had a minor rent emergency in the household. Would there be enough to make it by (...)

#sexual-assault #signal #blockchain #sex-work #sextech

Amazon refuse que Signal se cache dans son trafic pour éviter la censure
▻https://www.numerama.com/tech/364702-amazon-refuse-que-signal-se-cache-dans-son-trafic-pour-eviter-la-ce

Amazon a averti Open Whisper Systems, l’organisation qui développe Signal, de bien respecter les conditions d’utilisation de son infrastructure dans le cloud. En effet, la société américaine a appris que Signal envisage de cacher son trafic pour esquiver la censure dans certains pays. Il n’y a pas que Telegram qui rencontre quelques problèmes avec le stratagème anti-censure appelé « domain fronting ». L’application de messagerie Signal pourrait aussi avoir des ennuis si elle ne change pas très vite de (...)

#Google #OWS #Amazon #Signal #censure #cloud

SMS-chiffr---Silence-vs-Signal/Genma_SMS_Chiffres_Silence_Signal.pdf at master · genma/SMS-chiffr---Silence-vs-Signal · GitHub
▻https://github.com/genma/SMS-chiffr---Silence-vs-Signal/blob/master/Genma_SMS_Chiffres_Silence_Signal.pdf

un comparatif des fonctionnalités et des niveaux de confidentialité en fonction des types d’échanges des applis Signal et Silence.
A compléter avec ▻https://blog.genma.fr/?Silence-vs-signal-quelle-combinaison pour la configuration précise Signal/Silence si l’on veut faire cohabiter les 2 applis.

#silence #signal #chiffrage #communication #sms #message #smartphone

Alors-là je n’en renviens pas, je viens de faire une recherche sur seenthis, pas la moindre trace, dans ce réseau de demi savants et demie savantes, de la Loi de Hofstadter. L’ayant citée aujourd’hui en réunion, j’ai voulu en vérifier l’intitulé après-coup.

« Il faut toujours plus de temps que prévu, même en tenant compte de la Loi de Hofstadter. »

▻https://fr.wikipedia.org/wiki/Loi_de_Hofstadter

En revanche si j’en juge la réaction de mes opposants dans cette réunion aujourd’hui, le maniement de cette loi en open space n’est pas nécessairement conseillé. Pourtant.

#signalement_a_la_@arno

Dark Caracal, une vaste opération de cyberespionnage lancée depuis Beyrouth
▻http://www.lemonde.fr/pixels/article/2018/01/19/dark-caracal-une-vaste-operation-de-cyberespionnage-lancee-depuis-beyrouth_5

Une ONG et une firme de sécurité informatique disent avoir pisté des pirates à l’origine d’une campagne mondiale d’espionnage informatique jusqu’au cœur de Beyrouth. Originaire du Liban, le caracal est un discret félin aux longues oreilles. Ces qualités expliquent qu’il ait donné son nom à plusieurs opérations d’espionnage informatique visant – depuis Beyrouth – des milliers d’activistes, responsables politiques, journalistes, avocats, militaires et entreprises à travers le monde. Les pirates informatiques (...)

#smartphone #malware #activisme #journalisme #surveillance #EFF #DarkCaracal #Pallas #WhatsApp #Signal (...)

##Telegram

WhatsApp Security Flaws Could Allow Snoops to Slide Into Group Chats
▻https://www.wired.com/story/whatsapp-security-flaws-encryption-group-chats

When WhatsApp added end-to-end encryption to every conversation for its billion users two years ago, the mobile messaging giant significantly raised the bar for the privacy of digital communications worldwide. But one of the tricky elements of encryption—and even trickier in a group chat setting—has always been ensuring that a secure conversation reaches only the intended audience, rather than some impostor or infiltrator. And according to new research from one team of German cryptographers, (...)

#WhatsApp #Signal #Threema #cryptage #hacking

WhatsApp : des chercheurs découvrent un défaut de sécurité dans les discussions de groupe
▻http://www.lemonde.fr/pixels/article/2018/01/11/whatsapp-des-chercheurs-decouvrent-un-defaut-de-securite-dans-les-discussion

L’entreprise ne compte pas y remédier, car cette défaillance est très difficile à exploiter en pratique. WhatsApp reste ce qu’il se fait de mieux en matière de messageries sécurisées. Des chercheurs ont découvert un défaut de conception dans les discussions de groupe de plusieurs messageries sécurisées, dont WhatsApp, a révélé mercredi 10 janvier le site spécialisé Wired. Dans le cas de cette dernière, il est possible pour un pirate qui prendrait le contrôle des serveurs de WhatsApp d’insérer un participant (...)

#WhatsApp #cryptage #hacking #Signal #Threema

Guerrilla Public Service
▻https://99percentinvisible.org/episode/guerrilla-public-service

At some point in your life you’ve probably encountered a problem in the built world where the fix was obvious to you. Maybe a door that opened the wrong way, or poorly painted marker on the road. Mostly, when we see these things, we grumble on the inside, and then do nothing. But not Richard Ankrom.

https://99percentinvisible.org/app/uploads/2015/02/Screen-Shot-2015-02-06-at-1.17.31-PM.png

▻https://www.youtube.com/watch?v=Clgl63CWOkM

(...) There is another #guerrilla_public_service project in New York City by group called the Efficient Passenger Project. The EPP has been hanging signs in subway stations informing people where they should board the train to make the most efficient transfers.

https://99percentinvisible.org/app/uploads/2015/02/0epp.jpg

(...) In San Francisco, a guerrilla bike lane installed by activists was later made official by the city. A nearby public bench project has been putting up free benches in SF for decades as well. The Bay Area has also been home to a number of guerrilla movie theater initiatives.

Guerrilla urbanism is not just limited to streets and sidewalks, either — guerrilla gardening efforts, including seed bombs and ammunition, have helped spread greenery around cities. Meanwhile, guerrilla grafters have done creative work that questions whether ornamental street trees could also be used to grow fruit and feed hungry citizens.

#service_public #autogestion #signalétique #vélo #transports_en_commun

Waldoscope : Rancho Dominguez - Drift Day 5 / Track Rat

▻http://waldoscope.blogspot.com/2017/10/rancho-dominguez-drift-day-5-track-rat.html

Il faut suivre cette série photo remarquable

https://3.bp.blogspot.com/-TCYcCR0K9PE/Wfg083RwSZI/AAAAAAAAZC0/OG-MqJo3m2wzGllIMCejAjhLmhKF3xXTACLcBGAs/s1600/Rancho5F.jpg

Rancho Dominguez - Drift Day 5 / Track Rat

#dérive #paysage #landscape #Los_Angeles #psychogéographie, #train #Rancho_Dominguez #signalétique #panneaux #urban_matter #paysage_urbains #urbanscape

Pour compléter la série « signalétique toilettes »

ici, dans un lieu public, Islande, 2017 :

https://farm5.staticflickr.com/4491/37210034032_b93eafda9d_k_d.jpg

#toilettes #signalétique

►https://paris-luttes.info/et-si-on-securisait-nos-echanges-8229 - @paris

Appels, SMS, réseaux sociaux… tous ces moyens d’échanges sont surveillés par les flics et pourtant nous sommes nombreux.ses à continuer de discuter de nos actions dessus. Si on changeait nos habitudes ?
Il existe de nombreux moyens facile de communiquer entre nous de manière à échapper au flicage. Évidemment l’échange direct, la discussion réelle sera toujours à privilégier. Toutefois dans cet article nous vous présenterons comment être plus discret en trois points.
#ParisLuttes #MédiasLibres #Mutu #SMS #RéseauxSociaux #Surveillance #Signal #Riseup #Framateam #Gafam

(Je rajoute aussi utilisation de Diaspora* et Mastodon plutôt que Facebook et Twitter :))

Piéger une voiture autonome
Une équipe de chercheurs de l’Université de Washington a trompé un système de pilotage automatique avec de simples autocollants.
▻http://www.lessentiel.lu/fr/hi_tech/story/Des-autocollants-piegent-une-voiture-autonome-30629111

http://www.lessentiel.lu/dyim/6e7e9e/B.M600,1000/images/content/3/0/6/30629111/6/topelement.jpg

Appelés à écrire l’avenir de l’automobile, les véhicules autonomes doivent encore prouver leur fiabilité en matière de sécurité. En analysant la manière dont le système de reconnaissance d’images en temps réel de l’une de ces voitures fonctionnait, des chercheurs de l’Université de Washington ont découvert qu’il était facile de le piéger. Il suffit d’altérer des panneaux de signalisation avec de simples autocollants.

Ce procédé peut amener les algorithmes à « se comporter de manière inattendue et potentiellement dangereuse », expliquent les chercheurs. Par exemple, en ajoutant les mots « Love » et « Hate » (amour et haine, en français) sur un panneau Stop, ce dernier a été interprété comme une limitation de vitesse. De quoi causer de potentiels accidents. Dans un autre cas, modifier la couleur de la flèche d’un panneau d’obligation de tourner à droite, avec des stickers, a provoqué son interprétation comme un Stop.

Pour éviter ces attaques, l’équipe suggère que le système prenne en compte des infos contextuelles afin de s’assurer qu’un panneau est légitime ou pas, comme par exemple l’étrange présence d’un Stop sur une autoroute. Ce n’est pas la première fois que des chercheurs ont réussi à tromper les capteurs des véhicules autonomes. En 2015, en utilisant un pointeur laser et un micro-ordinateur, il a été possible de simuler de faux obstacles à éviter.

(L’essentiel/man)

#Voiture_autonome #signalisation #route

▻https://arxiv.org/abs/1707.08945
Robust Physical-World Attacks on Machine Learning Models
Subjects: Cryptography and Security (cs.CR); Learning (cs.LG)

Deep neural network-based classifiers are known to be vulnerable to adversarial examples that can fool them into misclassifying their input through the addition of small-magnitude perturbations. However, recent studies have demonstrated that such adversarial examples are not very effective in the physical world—they either completely fail to cause misclassification or only work in restricted cases where a relatively complex image is perturbed and printed on paper. In this paper we propose a new attack algorithm—Robust Physical Perturbations (RP2)— that generates perturbations by taking images under different conditions into account. Our algorithm can create spatially-constrained perturbations that mimic vandalism or art to reduce the likelihood of detection by a casual observer. We show that adversarial examples generated by RP2 achieve high success rates under various conditions for real road sign recognition by using an evaluation methodology that captures physical world conditions. We physically realized and evaluated two attacks, one that causes a Stop sign to be misclassified as a Speed Limit sign in 100% of the testing conditions, and one that causes a Right Turn sign to be misclassified as either a Stop or Added Lane sign in 100% of the testing conditions.

Deux notes de la Fondation pour la Recherche Stratégique, de juin 2016 (à la veille de la décision de la Cour permanente d’arbitrage)

Procédure d’arbitrage et montée des tensions en mer de Chine : la nécessaire consolidation du système de normes internationales - Notes de la FRS
▻