Unfortunatly the linked nginx module [1] seems to be unmaintained since 2016. While there is a more maintained fork [2] it seems like neither the Ubuntu [3] nor the Debian team [4] want to package it due to open bugs and security concerns.
It's really surprising considering how widespread Brotli support is, that there isn't a better nginx support for it.
The on-device Machine Learning sounds pretty amazing.
Does anyone know if this will be a part of AOSP or be a closed-source extension (like digital wellbeing)?
Asked by the interviewer if this isn't the same as asking bar owners to check the ID of every visitor just in case a bar fight breaks out, the minister answered:
"Das ist ja ein Blödsinn, was sie da reden"
(This is total nonsense you are talking about)
In case anyone wants to know how this should work, this is the explanation by the minister:
There are "technical possibilities where software can run on the backend that can immediately identify: Does the registered mobile phone number match the name and address or not?" - derstandard.at/2000101678440/Minister-Bluemels-Ominous-De-Anonymization-Software
(from https://derstandard.at/2000101678440/Minister-Bluemels-Omino...)
Translating it as "backend" is very friendly as he literally said "a software in the rear end".
I think the important part is that they have mobile number stored, and later police can verify whether it matches the name or not, and if it doesn't, I assume, there will be additional penalty for providing false identification information.
The important part is that they want the online communities to store name and address of individuals, already verified, by authenticating the user against a third party service like Mobile Connect. The authorities wouldn't have to match name and telephone number. They just have to audit that the account registration is correctly connected to that external service (and not doing so would result in penalties).
To get a sim card (even prepaid) in Austria you need to provide a valid ID/passport. If it's not an Austrian/German/Swiss ID you will need to go in person to activate your sim card. This would make it really difficult for someone to manage a few accounts.
So tell me how this will work. Will you swap SIM cards just to post anonymously sometimes and let the telecom providers (among others) find out what your other SIM cards are through your device ID? Or will you get a SIM card from another country to use exclusively and pay roaming costs / live with a worse data plan in Austria?
People apparently forget that telecoms providers cooperate with authorities, new legislation is planned for this too.
> So tell me how this will work. Will you swap SIM cards just to post anonymously sometimes and let the telecom providers (among others) find out what your other SIM cards are through your device ID? Or will you get a SIM card from another country to use exclusively and pay roaming costs / live with a worse data plan in Austria?
> People apparently forget that telecoms providers cooperate with authorities, new legislation is planned for this too.
Also remember that as soon as you connect to the cell phone network, your location is made known. If you ever slip up and use your personal and private sims in a more private place, you are likely to get caught. Coupled with other potential identifier leakage (like device id as you mentioned) the opsec bar is high for this use case.
> Roaming costs are basically non-existant these days in the EU.
Data plans can be limited for other countries, even within the EU (and frequently are), i.e. if your prepaid contract allows 5GB monthly data transfer for free, the provider might limit this to 500MB for roaming and beyond that limit, you can pay a hefty fee per MB.
In general, prepaid cards aren't famous for having a generous data plan...
But in eu it's more like 20euros for 100go/month and 25go of roaming.
The main problem is tje provider will close your account/ask you to pay more if you use roaming exclusively
Giffgaff in the UK gives you 20GB for £20 on pay as you go, and it can be used up to that limit anywhere in the EU. And you don't need a passport to get a simcard either.
I cannot say for sure but as I remember EU countries eliminated roaming charges, even for prepaid.
OTOH there are not so many EU countries that sell prepaid without ID.
"So tell me how this will work. Will you swap SIM cards just to post anonymously sometimes and let the telecom providers (among others) find out what your other SIM cards are through your device ID?"
Imagine connecting to the Internet using a non-phone ?
Alright then I am mistaken. But I do know for sure that you are required to show ID to get a sim card inside the country and there are no unregistered prepaid cards.
this will work for a minority who pay attention to privacy, though the majority just won't bother. The problem I think is that because it's being criminalized to have an anonymous SIM the average citizen will just comply while those who have something to say are silenced.
what you suggest is a really good technique which has the additional benefit of inheriting the social graph of whoever owned the phone before. it's easy to get them from immigrants in one of the mom+pop shops offering international "calling-home" services.
tbh I'd rather not considering how easy it is to give the wrong advise. OpSec is a deeply personal affair very everything you do (and don't do) needs to be tailored to what you're trying to protect and consistently (!!) revised.
I did a writeup that was aimed to illustrate the insane complexity of OpSec and for people to follow along to achieve better privacy (e.g. first install some browser plugins, then /etc/hosts blocking, then pi-hole, then Tor, etc ... so it gradually introduces people to the idea, until eventually the steps become too hard or impractical for them). Also be warned about the psychological pitfalls of what secrets/compartmentalization can do to the brain and remember that cops and spooks have specialists to support them while a lone wolf trying to protect themselves remains exposed to these dangers this can do to your mind.
some of the first couple of "Steps" from the document should be ignored in 2019 (or moved to the bottom - to where the more difficult points are listed - because people will get it wrong) and are no longer useful but the final points of the document give some tricks on how to hide completely. Things like sending a friend around the world with a budget of monthly $50,- debit card for beer money (under your name) remain highly relevant.
Other things are totally missing such as what to do if you think your phone is compromised or how to do damage control in general.
Again be warned that certain points are very dated and may not give you the protection they promise in 2019:
> Use a burner phone with a prepaid SIM to safely enable 2-Factor Authentication (2FA) without leaking your primary mobile number to any «cloud based data-krakens». Nokia’s relaunch of the 3110 is OK for that purpose and doesn’t immediately out you as somebody holding a burner phone in their hands. But the problem is that it has a GPS chip and camera. Probably a show-stopper for stricter scenarios. Just get any cheap phone that doesn’t include the word «smart» in the name. You want to be able to text and that’s it. Consider buying a used prepaid SIM for a few extra bucks from somebody not associated to you and who hasn’t advertised this to you before either. In some countries this might be your only choice meanwhile. Immigrants are usually happy to sell their prepaid SIM for some extra cash. This gives you a number including all existing metadata (call and movement history visible to the operator and the spooks) already associated to that device and its previous owner. You have now purchased the «cover» of a whole network of people connected to the previous owner. This adds plausible deniability to what would otherwise be a pristine dataset (starting from zero). You will also inherit any active tracking that the original device owner themselves might have already accumulated. So if you’re unlucky you may buy the phone from someone under active surveillance. However the idea is that as data-sets age they increase in value to anyone studying them (and people who do are never your friends regardless if you have anything to hide). In other words, what we did above with TrackMeNot/AdNauseum, we’re now repeating with a prepaid SIM from a stranger.
It's not yet clear (at least to the public) how the registration will actually work on a technical level. I think the idea is that there will be third party services who are responsible for validating the identity of a user (similar to what banks use for KYC purposes). Users could identify themselves via different means, e.g. by providing their phone number or by simply uploading an ID. But that's all speculation on my side.
The easiest way is when the user provides their phone number and confirms it by receiving a SMS. That's how users of public WiFi points are identified in Russia and how users of IM programs are supposed to be identified in near future.
There was a practice in Germany where people traded registered pre-paid SIM cards openly on a website created for that purpose - which was perfectly legal[1].
However they stopped when a court shot down the surveillance law that made people concerned in the first place[2].
If Austrians are even half as privacy-conscious as Germans, expect much of the same happening.
> If Austrians are even half as privacy-conscious as Germans, expect much of the same happening.
Possibly among groups of people who regularly break the law. I can't see a normal person willingly accepting this sort of risk (e.g. being persecuted for child pornography someone else downloaded) for no good reason.
Also, the authorities will find you anyway if you've ever used a SIM card with your real name in the same phone or even if you only bought the phone from a place where device IDs are registered (like Apple, presumably).
> I can't see a normal person willingly accepting this sort of risk
A lot of Germans did in fact do it. So... there.
Even my father considered doing it, being ever suspicious of the handheld tracking device that is the smartphone we forced on him.
There's not much police will (or can) do once it's established that you traded SIM-cards. It's actually discussed in the first article I linked.
There's also a good chance you weren't even remotely physically close to the phone/sim when the crime was committed.
The point is you have a path to trace if needed. Say some criminal has done that, they've established some kind of contact with the "cash strapped person" to do so - either electronically or in person. Electronic traces are pretty feasible for major nation states to uncover since they're ingesting packet traffic metadata from the whole internet traffic of countries. In-person traces can often be covered by surveillance camera records etc etc. Once there is a point of entry, there is usually a path for entities with governmental powers to investigate.
I can claim to have experience [0] with generating funny nonsense based on Stackoverflow data (what a wired thing to say :))
Seems like you beat me to my plan to make a Neural Network based variant and I really like the results (especially that they stay a topic instead of totally drifting off into fun nonsense like my Markov Chains.
Have you tried also using other Stackexchange sites as a source? In my experience they result in more fun questions as they have more "human" interactions (especially the more personal advice based sites) which creates things like:
- Do Greeks driving affect the whaling industry?
- Essential windsurfing equipment to fish?
- Do mountaineers eat grass?
- Can I toast
You can configure Matomo [1] to both not use any cookies [2] and to automatically delete just the raw data or all data that is older than x months. Log Analytics is also possible.
If you want something that is far more minimalistic, but also Open Source and self-hostable, you can take a look at [3]. (Not sure about how they use cookies)
It's really surprising considering how widespread Brotli support is, that there isn't a better nginx support for it.
[1] https://github.com/google/ngx_brotli [2] https://github.com/eustas/ngx_brotli [3] https://answers.launchpad.net/ubuntu/+source/nginx/+question... [4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919320