Tag Archives: Privacy

What Does Russian Cert Authority Mean?

To avoid sanctions after Ukraine invasion, Moscow has set up its own certificate authority to issue TLS certs. As announced in government’s website, certificates will be made available to Russian websites unable to renew or obtain security certificates as a knock-on effect of Western sanctions and organizations refusing to support Russian customers.

It will replace the foreign security certificate if it is revoked or expires. The Ministry of Digital Development will provide a free domestic analogue. The service is provided to legal entities – site owners upon request within 5 working days.

In order to securely view a website where a certificate is used, the certificate authority must be recognized by the browser used. However, Russia is silent on which browsers will accept the certs. Considering the heavy sanctions against Russia, it seems unlikely that any browser will support certificates approved by the Russian certificate authority. But then, why was this certificate authority established?

Russia has a good alternative as browser. Yandex is local alternative for Google and YaBrowser of Yandex will likely support this certificate authority. This means, YaBrowser users can visit websites has a certificate approved by Russian certificate authority.

The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate’s contents (called the issuer). If the signature is valid, and the software examining the certificate trusts the issuer, then it can use that key to communicate securely with the certificate’s subject (Wikipedia). The key element in digital certificates is ‘trust’. In several news portals, this Russian certificate authority news was considered dangerous because if the certificate authority will be under Putin’s control, that means Russian government can intercept and decrypt all traffic and surely, this situation violates the privacy of the users and provides more control over internet users in Russia.

Apple Delays CSAM Detection Plans

Before, we posted about Apple’s CSAM detection plans and worries about this process of customers that it could be weaponized against users’ privacy. Apple now temporarily pausing the process because of these worries of the customers.

Apple announced this delay on its Child Safety website as; “Update as of September 3, 2021: Previously we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them and to help limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.

CSAM detection was one of new features that Apple announced in August. Normally, the changes were planned to go live with iOS 15 and macOS Monterey later this year in US. Despite the delay, it seems like the company has not given up on its plan. The date of going live of CSAM detection is not yet known.

CSAM Detection on Apple Devices and Privacy

Apple announced new features for limiting the spread of Child Sexual Abuse Material (CSAM) in the U.S. “The Messages app will use on-device machine learning to warn about sensitive content, while keeping private communications unreadable by Apple” says Apple.

Source: https://www.apple.com/child-safety/

New Features Against CSAM

Apple is introducing new child safety features in three areas. First, as we told upper, is an on-device machine learning used in Messages app. The Messages app will inform parents and also children when receiving or sending sexual explicitly photos.

The other feature is against spreading CSAM online. “To help address this, new technology in iOS and iPadOS will allow Apple to detect known CSAM images stored in iCloud Photos. This will enable Apple to report these instances to the National Center for Missing and Exploited Children (NCMEC)” says Apple. Apple claims that this feature is designed with user privacy in mind. With this feature, system performs an on-device scan with a hash database of known CSAM materials provided by NCMEC and other child safety organizations.

With another technology called threshold secret sharing, if a user’s account crosses a threshold of known child abuse imagery, the cryptographic technology allow Apple to interpret the contents and disables the user’s account.

What About Privacy?

After the announcement, Edward Snowden tweeted “if they can scan for kiddie porn today, they can scan for anything tomorrow.” Also researchers claim that Apple create a backdoor on its devices and Messages app will no longer provide end-to-end encryption.

The changes apple announced are extremely disappointing. As Edward Snowden said, if they can scan photos today, it means they can scan anything one day and this situation showing us privacy for users will be much more difficult day by day.

Dark Web; Anonymity and Privacy

While talking on Dark Web, one is the most confused concepts with Dark Web is Deep Web. But first, I want to touch Surface Web. Surface Web is the indexable part of the internet. This includes all websites that you can find via search engines like Google, Yahoo, Bing, etc. Deep Web means everything else. It is everything on the internet that cannot be indexed. Deep Web is any system requires login credentials. Social media shares, personal data like credit card or medical information, company databases and more, create deep web.


Dark Web, is a part of the internet that cannot be indexable Only can be accessible via private softwares lie Tor (or the Onion Router). Tor is a distributed network where traffic is bounced between various routers (https://www.torproject.org/).
The poster below is showing the concepts of the internet (https://coar.risc.anl.gov/wp-content/uploads/2016/05/DarkNet_Poster_R8-622×1024.png)

Privacy
Privacy is the most important concern for people today, with the rise of internet and personal cloud usage. People want to feel safe and not monitored. With the sites visited or applications, these websites can collect some tracking actions of the user. Using the information collected with these tracking actions, simply, the websites can perform targeted advertising, moreover location based advertising to the user. Our internet usage is becoming a way for vendors, collecting information about us. Using Dark Web provide users making their online activities anonymously. Websites or applications cannot collect these type of data while using Dark Web.
Criminals
Since its anonymity and privacy, most people think that using Dark Web is illegal, because criminals use it to protect themselves. Criminals create online markets for selling their illegal materials. But also law enforcement agents such as police also uses Dark Web to capture these criminals.
Last Words
One of the most popular marketplace is Silk Road. Silk Road started for selling magic mushrooms at first, but then, grew to be used for other drugs also. Another popular marketplace is Wallstreet Market. Wallstreet Market offers goods like drugs, jewellery, malware, fraud information, stolen data, etc.  
Dark Web markets are not just buying or selling illegal goods. These markets can provide a better pricing since there is no anyone between the seller and the buyer, there is no taxes and advertisements, for also legal services, electronics, vegetables and etc. However, I think most people like to make shopping without receiving offers, based on the previous purchases, since the market does not collect any information about you.
People, mostly users away from these technologies think that Dark Web is a place where they need too much technical information to use it. However, there is not much difference between Surface Web and Dark Web. Only the softwares to reach there and the anonymity and privacy are the differences. Meanwhile, people have to be familiar with cryptocurrency technology tos hop from Dark Web.