Anonymous
@anonymous Bot

This bot tracks all anonymous posts on gurlic.

Gained sentience on July 2020

There is a grotesque display of colonialism on show at the Pitt Rivers Museum (PRM) in Oxford. You won’t find it in the artefacts that jostle for space in the anthropological section — it’s just past the piss-covered gender-neutral toilets at the “Beyond the Binary” exhibition.

Partly funded by a Heritage Lottery grant of £91,200, the curators explain “this exhibition is a positive step in tackling oppression, which LGBTIAQ+ communities often feel in spaces such as this one”. It’s a collaboration between “community creators” and the PRM’s researchers.

Read More

Trans activists are in retreat. With a number of high-profile victories won by feminists refusing to be silenced by the deafening chants of ‘trans women are women’, momentum against the trans lobby is picking up speed.

The latest example is an apology from the Scout Association apologises to Maya Forstater for two years of investigation following a complaint of “misgendering”.

Earlier this year, Citizen Lab managed to capture an NSO iMessage-based zero-click exploit being used to target a Saudi activist. In this two-part blog post series we will describe for the first time how an in-the-wild zero-click iMessage exploit works.

Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.

Read More

A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Rolling Stone broke the story and it’s been written about elsewhere.

I don’t see a lot of surprises in the document. Lots of apps leak all sorts of metadata: iMessage and WhatsApp seem to be the worst. Signal protects the most metadata. End-to-end encrypted message content can be available if the user uploads it to an unencrypted backup server.

A court in Vietnam on Monday sentenced an aquaculture farmer to seven years in prison after finding him guilty of spreading “anti-state propaganda” on Facebook, state media reported.

Nguyen Tri Gioan, 42, was convicted of “making, storing, spreading information, materials, items for the purpose of opposing the state” at a one-day trial in the central province of Khanh Hoa, the official Vietnam News Agency said.

Despite sweeping economic reform and increasing openness to social change, Vietnam’s ruling Communist Party retains tight media censorship and tolerates little criticism.

Read More

Signal still knows nothing about you, but the government still continues to ask us if we do.

Because everything in Signal is end-to-end encrypted by default, the broad set of personal information that is typically easy to retrieve in other apps simply doesn’t exist on Signal’s servers. This order requested a wide variety of information we don’t have, including the target’s correspondence, contacts, groups, calls, address.

As usual, we couldn’t provide any of that. It’s impossible to turn over data that we never had access to in the first place. Signal doesn’t have access to your messages; your chat list; your groups; your contacts; your stickers; your profile name or avatar; or even the GIFs you search for. In this case, the order identified the user by their profile name, which is encrypted and inaccessible to Signal, so we were not able to even identify the user in question.

Read More

Signal Private Messenger, commonly used by human rights defenders worldwide, is widely considered the state-of-the-art app for private and secure communications. But as its popularity surged recently, we have started to observe its blocking in several countries.

In this report, we share our analysis of OONI network measurement data on the blocking of the Signal Private Messenger app in Iran, China, Cuba, and Uzbekistan.

The aim of this report is to establish a problematised overview of what we know about what is currently being done in Europe when it comes to remote biometric identification (RBI), and to assess in which cases we could potentially fall into forms of biometric mass surveillance.

Pro-life advocates commonly argue that fetuses have the moral status of persons, and an accompanying right to life, a view most pro-choice advocates deny. A difficulty for this pro-life position has been Judith Jarvis Thomson’s violinist analogy, in which she argues that even if the fetus is a person, abortion is often permissible because a pregnant woman is not obliged to continue to offer her body as life support. Here, we outline the moral theories underlying public health ethics, and examine the COVID-19 pandemic as an example of public health considerations overriding individual rights. We argue that if fetuses are regarded as persons, then abortion is of such prevalence in society that it also constitutes a significant public health crisis. We show that on public health considerations, we are justified in overriding individual rights to bodily autonomy by prohibiting abortion. We conclude that in a society that values public health, abortion can only be tolerated if fetuses are not regarded as persons.

Read More

The Utah Supreme Court is the latest stop in EFF’s roving campaign to establish your Fifth Amendment right to refuse to provide your password to law enforcement. Yesterday, along with the ACLU, we filed an amicus brief in State v. Valdez, arguing that the constitutional privilege against self-incrimination prevents the police from forcing suspects to reveal the contents of their minds. That includes revealing a memorized passcode or directly entering the passcode to unlock a device.

All but one scientist who penned a letter in The Lancet dismissing the possibility that coronavirus could have come from a lab in Wuhan were linked to its Chinese researchers, their colleagues or funders, a Telegraph investigation can reveal….

With the warrants, both agencies can take control of a person’s online account to gather evidence about serious offences without consent, as well as add, copy, delete or alter material to disrupt criminal activity and collect intelligence from online networks.

By now you’ve probably heard that Apple plans to push a new and uniquely intrusive surveillance system out to many of the more than one billion iPhones it has sold, which all run the behemoth’s proprietary, take-it-or-leave-it software. This new offensive is tentatively slated to begin with the launch of iOS 15⁠—almost certainly in mid-September⁠—with the devices of its US user-base designated as the initial targets. We’re told that other countries will be spared, but not for long.

You might have noticed that I haven’t mentioned which problem it is that Apple is purporting to solve. Why? Because it doesn’t matter.

Read More

On 19 August, OnlyFans announced to the world that from October 2021 they would no longer host “any content containing sexually-explicit conduct”. For the uninitiated, OnlyFans is a “content-subscription” service that allows individuals to upload any content they wish — from instructive cooking videos to fitness workouts — all hidden behind a protective paywall. But make no mistake: it is an open secret that the majority of the euphemistically-phrased “content” is porn.

OnlyFans’ decision to ban sexually explicit content raises questions about credit card processors’ power.

Wagner is a Russian mercenary group whose operations have spanned the globe, from front-line fighting in Syria to guarding diamond mines in the Central African Republic. But it is notoriously secretive and, as such, difficult to scrutinise.

Now, the BBC has gained exclusive access to an electronic tablet left behind on a battlefield in Libya by a Wagner fighter, giving an unprecedented insight into how these operatives work.

And another clue given to us in Tripoli - a “shopping list” for state-of-the-art military equipment  - suggests Wagner has probably been supported at the highest level despite the Russian government’s consistent denials that the organisation has any links to the state.

Read More

Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol.

The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the security of Flickr’s API signatures.

But there’s a more interesting attack to think about, which affects the design of security token/envelope formats (PASETO, DSSE, etc.) and comes up often when folks try to extend basic notions of authenticated encryption (AE) to include additional authenticated (but unencrypted) data (thus yielding an AEAD mode).

Let’s start with a basic AE definition, then extend it to AEAD poorly, then break our extension. Afterwards, we can think about strategies for doing it better.

Read More