Wednesday, January 1, 2020

Authoritarian Nations Are Turning the Internet into a Weapon

Authoritarian Nations Are Turning the Internet Into a Weapon

From Twitter’s spies to complete shutdowns, repressive regimes are using A.I. and VPN fingerprinting to silence their critics

Credit: Chris McGrath/Getty Images

WWhen two former Twitter employees were charged with spying on behalf of Saudi Arabia in November 2019, the case spotlighted the new and inventive ways oppressive governments are using technology to stifle dissent. According to the U.S. Justice Department, the two men — a U.S. citizen and a Saudi citizen — passed private information about more than 6,000 Twitter users, including regime critics, to a Saudi official in exchange for hundreds of thousands of dollars and a designer watch.

For most people, the news sparked concerns that companies like Twitter are failing to keep user information secure. But for activists operating in or against repressive regimes, the privacy breach sparked fears that their Twitter data could be life-threatening in the wrong government’s hands. According to court documents, one alleged spy had access to recent IP information — which details a user’s location — despite having “no legitimate business purpose for accessing user accounts.”

Twitter says it has since changed its rules and now “restrict[s] access to sensitive account information to a limited group of trained and vetted employees.” But the extraordinary case draws attention to how dictatorships are increasingly using technology to crush online dissent. Digital tools are no longer the existential threat they were at the start of the decade; instead, democracy activists must now contend with social media spies, spyware that can hack into their phones, social media trolls that attack them, and government propaganda and website blocking that can censor online content. Last year, Facebook CEO Mark Zuckerberg described cybersecurity as “an arms race,” with bad actors racing to outdo Facebook’s technology to win the information war. But it is not only social media giants that are facing off against increasingly tech savvy autocrats.

In December 2018, Sudan’s then-President Omar al-Bashir grew sick of near-daily demonstrations calling for his resignation and tried to prevent protesters from organizing by blocking the country’s favorite social media platforms, including Twitter, Facebook, Instagram, and WhatsApp. The disruption lasted for 68 days, according to monitoring service NetBlocks. But activist Mohammed Ameen says that during that time, most people could easily skirt censorship by using VPNs — software that masks a user’s location and enables them to access sites that are banned in their country. “I was using [the VPN tool] Psiphon. It was the most common,” says Ameen, speaking from the Sudanese capital of Khartoum.

When Michael Hull launched Psiphon from Canada in 2006, much of his audience was in China or Iran — two countries with highly censored internets. “Over the years, that has expanded quite exponentially,” he says. Today, the software has between 5 million and 6 million daily users across Iraq, Syria, Turkey, Sudan, Uganda, Brazil, and Vietnam. “Pretty much everywhere in the Middle East, North Africa region, there’s some form of filtering, whether to block communication platforms, voice over IP (Skype, for example), or conventional websites,” Hull says.

Governments are turning to internet shutdowns to counter political protests. Last year saw 196 shutdowns compared to 106 the year before.

As governments get better at imposing online censorship, Hull’s job gets harder. He believes repressive regimes are increasingly using machine learning algorithms to “fingerprint” connections used by VPN services and block them. Access points that have been working well for months can suddenly be blocked. “It looks to me they [governments] are starting to implement and deploy machine learning algorithms and they are starting to do fingerprinting at a scale that is unprecedented,” he says.

Earlier this year, a Chinese man named Zhu Yunfeng was fined for using the VPN app Lantern. In 2017 in Turkey, 75,000 citizens were reportedly detained or dismissed from their jobs for having the encrypted messaging app ByLock on their phones. “Designing things specifically for activists is often a challenging proposition,” says security expert Tom Lowenthal. “When you make a tool for a threatened group, you run the risk that just using the tool highlights that you’re worth paying attention to.”

Some companies are trying to redefine the way people access the internet itself. Lowenthal used to advise activists and journalists about tools that could protect them from online threats and then began working at Brave. The Santa Clara–based company launched a privacy-focused browser in November, advertising itself as a solution to an internet broken by “surveillance capitalism.”

According to Lowenthal, the Brave browser tries to block all trackers (“It’s a cat and mouse game,” they say) and uses “safe browsing” to block phishing sites — fake websites often employed to trick activists into entering their email and password so their accounts can be hacked. The browser ensures “a very high baseline standard of security and privacy so that nobody is placed in danger when they use the product, no matter whether they’re worried about corporate data collection or targeted government surveillance,” Lowenthal says. “No system is foolproof, but it is considerably more difficult to orchestrate a targeted attack against an activist using Brave. You’d have to turn [the attack] up to 11 and use much more sophisticated and expensive techniques, so you’d run a much greater risk of being caught.”

A number of governments are turning to internet shutdowns to counter political protests. According to digital rights group Access Now, the internet is being turned off at a national or regional level more than ever before. Last year saw 196 shutdowns compared to 106 in 2017.

November saw a countrywide shutdown imposed in Iran after widespread protests broke out in opposition to rising fuel price. Hull speculates the increased use of shutdowns could be a symptom of government frustration. “Maybe the reason why the Iranian government has shut down the internet is because they realize they can’t stop anti-censorship tools from happening,” he says.

Whatever their motivation, shutdowns can be blisteringly effective unless users have an advanced knowledge of how to circumvent them. Amir Rashisi, a researcher at New York’s Center for Human Rights in Iran, says that only a few people in Iran were still able to get online, “But these people are tech people, not ordinary people.”

As governments continue to expand their arsenal of technologies designed to suppress dissent, so grows the need for more imaginative and reliable tools to defy them.

An app called Bridgefy is using mesh network technology that could keep protesters connected even when there is no internet. Mesh networks connect a chain of devices using Bluetooth and encrypted messages that can either communicate with all users in the chain or “mesh” between users until they reach their intended recipient. Launched in 2015, Bridgefy is trying to license its technology to other apps. “If an app — let’s say Uber — adopts our tech, you would be able to use Uber [without the internet],” says Jorge Ribs, CEO of Bridgefy, who adds that his team is currently in talks with Twitter.

However, the idea of mesh networks is dependent on a large number of downloads to work on a citywide scale, and each link in the mesh network chain cannot be more than 100 meters away from the next. Bridgefy had a sufficient network to support pro-democracy protesters in Hong Kong this summer, Ribs says, and peaked at 96,000 users on one day. Protesters were worried about a potential internet shutdown, as well as government surveillance. The app does not require users to verify their phone number, meaning, according to Ribs, users can opt to be entirely anonymous. The app’s role in the protest also turned it into a target: Shortly after the spike in downloads, its website was hacked, and visitors were redirected to a spam site.

As governments continue to expand their arsenal of technologies designed to control communication and suppress dissent, so grows the need for more imaginative and reliable tools to defy them. Yet Lowenthal, from Brave, hopes there is a more sustainable future. “I don’t think that safety and security for vulnerable groups should start or end with tools,” they say. “Honestly, I’m pretty embarrassed and sad that we focus on tools so much when we talk about how to ensure activists can do their work without being murdered.”



from Hacker News https://ift.tt/34b9M7n

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.