██                                                                
              ██     ████                                                       
              ██     ████                                                       
                       ██                                                       
  ▒█████░   ████       ██      ██    ██   ██░████            ██▓█▒██▒   ░████▒  
 ████████   ████       ██      ██    ██   ███████            ████████  ░██████▒ 
 ██▒  ░▒█     ██       ██      ██    ██   ███░               ██░██░██  ██▒  ▒██ 
 █████▓░      ██       ██      ██    ██   ██                 ██ ██ ██  ████████ 
 ░██████▒     ██       ██      ██    ██   ██                 ██ ██ ██  ████████ 
    ░▒▓██     ██       ██      ██    ██   ██                 ██ ██ ██  ██       
 █▒░  ▒██     ██       ██▒     ██▒  ███   ██          ██     ██ ██ ██  ███░  ▒█ 
 ████████  ████████    █████   ▓███████   ██          ██     ██ ██ ██  ░███████ 
 ░▓████▓   ████████    ░████    ▓███░██   ██          ██     ██ ██ ██   ░█████▒ 

Privacy thoughts in the covid drama

by silur

Covid19 catalyzed changes, better or worse

The the changes induced by the covid drama are interesting. Temporal HO practices, companies going full remote because they learn this works better for them, delivery logistics colleting better and more data which will allow us better UX on internet purchases and such.

I also don’t need to introduce the worse parts to readers of this blog, everyone is familiar with the Zoom case by now and that most countries (for eg which I live in) are going towards a totalitarian political model. Smarter people have already covered the political topics and the “post-corona era” will definitely be interesting and full of work for us privacy activists. I only want to make a single not on that topic - Don’t let them label “virus spreader” as the new “terrorist”.

There is a threat I thought is worth speaking about which is not covered…

Social distancing benefits social engineers

It’s common knowledge social engineering is marginally the most effective way to hack someone. But this is quadratically more easier when your victims are starving for social interaction and locked in for weeks. Social life is also a vital need for our body such as eating or sex, and not only governments can exploit our withdrawal to gain power (you gonna swallow everything just to finally be able to go outside :).

As our social skills go dull, we are even more suspectible to SE attacks. Our model of trust in the last weeks moved to the internet which especially favor crooks with spoofing or doxing experience. Before the quarantines, for people not well-versed in security, this haven’t been (too much) a problem as their data was too local. This is not the case now as we are hasty to move our accounting and law offices online, probably Google cloud which I think is a worse idea than to go outside and get in contact with the virus.

We also shouldn’t forget that now it’s easier to wardrive or sniff with yagis than ever - your victim will definitely be at home, generating precious data, probably in a grumpy mood which only makes him/her click on the famous “I don’t care about mismatching SSL fingerprint” button faster.

Last week I’ve received significantly more messages to help out with spoofed emails, impersonators, site defaces and such and I even expect a new ransomware wave to start this month which - as we are more online than ever before and generating more data than ever, could hit us harder than Covid19 or Wannacry