TECH TALK SHOW NOTES

January 17 – 23, 2021

The NSA warns enterprises to beware of third-party DNS resolvers

DNS over HTTPS is a new protocol that protects domain-lookup traffic from eavesdropping and manipulation by malicious parties. Rather than an end-user device communicating with a DNS server over a plaintext channel—as DNS has done for more than three decades—DoH, as DNS over HTTPS is known, encrypts requests and responses using the same encryption websites rely on to send and receive HTTPS traffic.

Using DoH or a similar protocol known as DoT—short for DNS over TLS—is a no brainer in 2021, since DNS traffic can be every bit as sensitive as any other data sent over the Internet. On Thursday, however, the National Security Agency said in some cases Fortune 500 companies, large government agencies, and other enterprise users are better off not using it. The reason: the same encryption that thwarts malicious third parties can hamper engineers’ efforts to secure their networks.

________

How Law Enforcement Gets Around Your Smartphone’s Encryption

LAWMAKERS AND LAW enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade’s worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools. The researchers have dug into the current mobile privacy state of affairs, and provided technical recommendations for how the two major mobile operating systems can continue to improve their protections.

“It just really shocked me, because I came into this project thinking that these phones are really protecting user data well,” says Johns Hopkins cryptographer Matthew Green, who oversaw the research. “Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”

____________

Trump team modernizes car safety regulations for the driverless era

Until this week, the federal government’s car safety regulations were based on two assumptions that probably seemed self-evident when they were written: that every car will have people inside, and that one of those people will be the driver. To protect the safety of the driver and possible passengers, the Federal Motor Vehicle Safety Standard (FMVSS) requires that every car have seatbelts and airbags. It also sets minimum standards for everything from windshield strength to crash test performance.

In the coming years, these assumptions will be increasingly out of date. So on Thursday, as the Trump administration is coming to a close, the National Highway Traffic Safety Administration (NHTSA) published a new version of the FMVSS that recognizes that some cars don’t have drivers—and some vehicles don’t have anyone inside at all.

______________

WhatsApp clarifies it’s not giving all your data to Facebook after surge in Signal and Telegram users

WhatsApp has published a new FAQ page to its website outlining its stances on user privacy in response to widespread backlash over an upcoming privacy policy update. The core issue relates to WhatsApp’s data-sharing procedures with Facebook, with many users concerned an updated privacy policy going into effect on February 8th will mandate sharing of sensitive profile information with WhatsApp’s parent company.

That isn’t true — the update has nothing to do with consumer chats or profile data, and instead, the change is designed to outline how businesses who use WhatsApp for customer service may store logs of its chats on Facebook servers. That’s something the company feels it is required to disclose in its privacy policy, which it’s now doing after previewing the upcoming changes to business chats back in October.

But a wave of misinformation on social media, not helped by Facebook’s abysmal track record on privacy and its reputation for obfuscating changes to its various terms of service agreements, has resulted in a full-blown WhatsApp backlash that has users fleeing to competitors like Signal and Telegram.

____________

Signal recovers from a day-long service outage

Signal has learned first-hand that there really can be too much of a good thing. As Android Police reports, Signal has recovered from an outage that plagued the secure chat service for over a day. Messaging and even sign-ins became unreliable as the company dealt with an influx of WhatsApp users worried that the platform’s new privacy policy would compromise their data. “Expanded capacity” helped deal with the surge, Signal said.

The company warned that the outage might have led to some residual errors, such as missed messages. Future app updates should solve these automatically.

It’s not certain just how many users Signal added in recent days, but Apptopia told the New York Times there were 1.3 million new sign-ups on January 11th alone. Telegram has also benefited from WhatsApp concerns, having added 25 million new users in just three days.

______________

Warren Buffett blasted Bitcoin as a worthless delusion and ‘rat poison squared.’

Warren Buffett has been a vocal critic of Bitcoin in recent years, repeatedly dismissing the cryptocurrency as worthless and a risky, speculative asset.

Crypto fans have brushed off the billionaire investor and Berkshire Hathaway CEO’s warnings, driving Bitcoin’s price up as much as 350% to record highs over the past year.

Here are Buffett’s 16 best quotes about Bitcoin and crypto, edited and condensed for clarity:

  1. “Cryptocurrencies basically have no value and they don’t produce anything. They don’t reproduce, they can’t mail you a check, they can’t do anything, and what you hope is that somebody else comes along and pays you more money for them later on, but then that person’s got the problem. In terms of value: zero.” – CNBC, February 2020
  2. “It’s ingenious and blockchain is important but Bitcoin has no unique value at all, it doesn’t produce anything. You can stare at it all day and no little Bitcoins come our or anything like that. It’s a delusion basically.” – CNBC, February 2019

____________

The Guy Who Built The World Wide Web Is Building A ‘New Internet’, Where You Control Your Data

Unless you’ve been living under a rock, you know Tim Berners-Lee is a pretty important dude in the technology world. He’s the father of the Internet, responsible for the birth of the World Wide Web as we know it.

And he hates what it has become. So he’s taking some action to fix it.

You see, for years now Berners-Lee has expressed his distaste at how major corporations have taken what was supposed to be a free environment and placed restrictions on it. He doesn’t like how groups like Facebook, Google, and Amazon have effectively centralized the Internet, nor how they control people’s data. So he’s instead working on a new platform and startup that’s declaring war on Big Tech.

Inrupt is a startup that Berners-Lee has been working on in stealth for about nine months. He’s even taken a sabbatical from his prestigious position teaching at MIT’s CSAIL labs in order to work full time. And Inrupt will finally launch to the world this week, Berners-Lee told Fast Company in an exclusive interview.

_____________

Superfast 5G in the US still a work in progress

Marketing pitches in the US are bullish on superfast 5G telecom networks, but they remain more of a promise than reality.

Promoters of the technology say it will bring such innovations as fast-thinking self-driving cars and rapid-fire video downloads.

And nationwide coverage with 5G could add $1.5 trillion to GDP in the next five years. But actually deploying it here is “very fragmented” given the maze of local regulations and agencies that telecom companies have to navigate across 50 states, said Jefferson Wang, head of 5G strategy at Accenture.