2017 Has Proven Privacy Activists Right

For years, privacy activism has been asking the question "what if?" When organizations want to increase their surveillance powers and delve deeper into our daily lives, a vocal minority shouts "what if this is misused?" "what if this data is stolen?" "how can this be used against us?"

2017 has turned many of these ethereal fears into hard realities.

The CIA and NSA have proven that they can't protect their own hacking tools with a high degree of certainty.

The FCC has proven that it has little to no regard for digital privacy rights.

The FBI is now going through a partisan purge that is removing any modicum of trust that anyone should have in the organization to responsibly do their jobs impartially.

The Supreme Court of the United States was underhandedly stacked by a party.

The Russian FSB is running an active disinformation campaign to weaken western democracies and alliances around the world, using targeted propoganda finely tailored to the demographics they wish to influence. Big data is directly harming democracy.

> read more

FCC Privacy Regulations Gutted by Senate

There's a lot of news coverage of this issue, which is a good thing.  We're not going to spend a lot of time to re-hash what everyone else is already saying:  This is bad.  This is stupid.

Viking VPN Service is against this action, and urges House & Senate Republicans to reconsider.  This regulation was good for consumers, regardless of the political party of the President who ordered it.

Why is Viking VPN Service opposed to gutting this regulation?  

One could argue that gutting it is good for our business - more customers will want our VPN Service if they know their private browsing data is being sold by their ISP.

We're opposed because of two things:

1. We're not horrible people who just want to make money.  We're an privacy-rights activist company.

2. Anti-Privacy measures like this are a slippery slope.  Today it's the removal of FCC regulations that protect consumers.  Tomorrow it could be the removal of the right of encrypted, no-logging, VPN Services to exist.

> read more

The Government Policy That Wastes Billions -- Offensive vs Defensive Cybersecurity

With the release of Wikileak's Vault7 repository, we have a major leak of the US Central Intelligence Agency's cyberweapon arsenal on the loose and circulating around the internet. This follows a regular pattern of these sorts of leaks of information. In the past few years we have seen:

The Snowden Documents Leak
Stratfor Cyberweapons Leak
HackingTeam Cyberweapons Leak
Gamma / Finfisher Cyberweapons Leak
The NSA ShadowBrokers Leak

And now we have the CIA Vault7 leak emerging at the time of the writing of this article.

These leaks force us to acknowledge a few key points that cryptographers and security experts have been stating unanimously for years.

1. Governments are hoarding vulnerabilities for themselves for offensive cyberwar campaigns, leaving their populations at serious risk.

2. Governments are unable to protect these weapons, leading to massive leaks of immensely dangerous flaws.

> read more

The US FCC Passes New Privacy Regulations for Internet Providers, but It's Largely Symbolic

The Federal Communications Commission has enacted new rules to protect the privacy of consumers from the prying eyes of their internet service providers. The new rules outlaw the practice of selling consumer browsing and location data to third parties for advertising data or other analytics, without the consent of the consumer.

This update to the rulebook governing ISPs does not, however, completely bar the practice. It allows the consumer's information to be sold with their consent, which creates a loophole for ISPs and will allow them to roll provisions allowing the practice into the contracts that people must sign to use their internet services. In the United States, a landscape where monolithic internet providers have colluded to create monopolies or duopolies for themselves and fix prices, this just adds a paragraph to the end-user-license-agreement that will force consumers with no choices to adopt surveillance, or to simply not have internet service.

> read more

VikingVPN Will Not Get a London Cluster Because of Brexit

One of VikingVPN's most requested features from users is for us to operate a cluster in London. This is because it gives streaming access to some channels for users, and because it will deliver higher performance for our customers that live inside of the country. Being a performance oriented VPN service, we have been tempted to give our customers what they want, as the nation is increasingly under surveillance and is now dealing with increasing levels of censorship of the internet.

We have resisted opening a cluster inside of the United Kingdom for a big reason. The GCHQ is the most aggressive intelligence agency in the world when it comes to digital surveillance, and it seems that their operations run entirely unchecked by legal authorities. Our organization does not want the liabilities that come with having servers seized, unreasonable demands from government agencies, or a situation where we create a server cluster, only to have to pull it because Britain passes laws outlawing encryption without backdoors or requiring VPN services to keep logs.

> read more
Google is going to have its Chrome browser warn users when they visit a page that is unencrypted. This move is to help reduce confusion about the security level of a website. Right now both Firefox and Chrome will throw a warning if you visit a site that uses a self-signed certificate.

Right now both Firefox and Chrome will throw a warning if you visit a site that uses a self-signed certificate. This is because a self-signed certificate is not from a Certificate Authority (CA) and thus the browser has no way to verify that the site is authentic. The problem that arises with this is that if you visit a website that has no encryption at all, which is arguably substantially worse than having a self-signed certificate, neither browser throws an error. This means that if the same spoofed website had no encryption at all, there would be no error shown, and the user would have to notice in their browsers URL that https and the green security logos are missing from the page they are visiting and then take action to leave the site.
> read more

Stop Global Warrants in the US

The United States Supreme Court, through an obscure rule-making process, is looking to expand the powers of the American clandestine agencies. This is a clear attempt by the US government to bypass congress, as they cannot get their surveillance and hacking agenda passed, to keep their currently legally questionable powers to hack targets both domestically and abroad without specific warrants allowing them to do so.

This new "global warrant" power would allow the US agencies to consider anyone to be using privacy software or services to be a suspect, and subject them to remote attacks on their systems and increased digital surveillance. It is yet another form of suspicionless surveillance, where reluctance to divulge all of your personal data at every given moment of your life automatically makes you a criminal suspect.

> read more

Draft Senate Bill To Ban Strong Encryption & Force Corporate Compliance With U.S. Law Enforcement  - Possibly The Dumbest Bill Ever

There's a draft bill in the U.S. Senate authored by Diane Feinstein & Richard Burr that bans strong encryption and forces companies to break their own privacy policies whenever the U.S. Govt. demands it.

Senator Feinstein & Burr are proving that Republicans & Democrats can truly work across the isle when it comes to stupid & impossible to enforce legislation.  Especially when the Intelligence Agencies tell them to.

This bill is so ludicrous that it's almost difficult to put into words the mental acrobatics one would have to go through in order to think this was a good idea.

Why is this bill so ridiculous?  This bit by John Oliver sums it up pretty nicely.

    > read more

    The Scary Monster of Terrorism vs The Scary Monster of the Surveillance State

    In light of recent attacks by DAESH in Paris, Beirut and aboard a Russian plane over Sinai, the debate over encryption and surveillance has reignited. The nations trying to increase their surveillance capabilities have quickly capitalized on these events, stating that they need wider legal authority to surveil their own citizens in order to protect their sovereign lands from foreign attack.

    The argument has been that unbreakable encryption is hampering the power for mass surveillance systems to intercept communications and prevent terrorist attacks. And this argument taken on its face is compelling. It is an easy assumption to make if you do not fact check any of the statements being made.

    The problems with these arguments arise when you look deeper into the latest terror attacks and what they mean for the world of privacy.

    > read more

    This Idiot Believes He Can Ban Encryption

    Prime Minister David Cameron

    We could discuss at length how one would have to completely misunderstand technology and encryption in order to believe such a thing to be possible.  We could talk about how delusional it is for the head of a government to think that they could ban from their shores a technology that is carried digitally.  That whole conversation seems wasted on the idiotic elite, like Mr. Cameron, who can't be bothered to listen to those more qualified than themselves on these matters.


    > read more