TechLetters #175 Data protection of TLS Session Tickets. Cyberattacks vs water utilities. EU wants to solve disinformation. Celebrities continue getting AI transparency immediately.
My data protection assessment of TLS Session Tickets. Such tickets may serve as unique identifiers, but no consent is needed prior to their setting. Before browsing a website, a TLS handshake occurs, encrypting connections and negotiating data like ciphers and encryption keys. The server may use a session ticket to identify these data bundles. These tickets improve performance, are used solely for transmission, are stored temporarily, and ensure confidentiality. TLS session tickets comply with EU/US data protection laws, indicating no issue with current regulations. Another conclusion would suggest that data protection rules were inadequate, harmful, overkill — but this is not the case.
Security
Warning about cyberattacks against water utilities. Immediate actions needed to protect drinking water. Impacts may include interruptions to water treatment and storage; damage to pumps and valves; and alteration of chemical levels to hazardous amounts. Recommendations include basic security like changing default passwords, and so on.
Statement of 16 European Union Member States about fighting disinformation and propaganda. „essential to strengthen ability to detect foreign information manipulation and interference to swiftly unveil them, to break their virality”. Defensive information sphere activities to be extended to candidate States (Balkan, Ukraine), and create internal EU active information campaigns to promote European Union enlargement.
Location system using Wi-fi Positioning System. WPS allows tracking people. Risk of privacy, mass surveillance. In Ukraine, it allows targeting of Starlink terminals: risk to military operations. Applies to Apple devices/software. This is a serious problem. WPS works in such a way that your devices (e.g. smartphones) periodically send information about Wi-Fi access points (routers) and their location to servers (here: to Apple servers). This is stored and one may later determine where a device is located based on known names (addresses: BSSID) of the WiFi network. This is great because it allows to determine location quickly and energy-efficiently. But this system has a problem: data leaks. By the way, your iPhone does this by default too. Obtaining this data was not difficult. Researchers obtained 2,834,067 device locations around the world (except China, where there may be bans motivated by state security). Tracking objects that change their location (e.g. mobile strawberry selling points, or military units) is also possible. This method could also have been used to monitor the entry of the Russian military into Ukraine. And now the question is what to do with it. Military forces should guard their systems and block such data leaks. For example, a ban on using civilian iPhones near military units. But this won't solve the whole problem. There should be a ban, politically and legally, that minimizes such leaks, but also prohibits Apple from providing information about certain devices. Technically, Apple should prevent bulk downloads of such data, but that won't remedy the entirety of the leak. They can also change the system architecture, but will they want to? Change your AP MACs to something not having the standard industry number (OUI) part.
Privacy
Scarlet Johansson's complaint on OpenAI using 'voice similar to her' in the latest release of ChatGPT voice assistant. "demanding that OpenAI disclose how it developed an AI personal assistant voice"
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: