Is this blog secure? It depends on you.

4

October

2020

5/5 (2)

When entering this blog a small icon appears on your browser bar showing the warning that this blog is not secure. What does this mean and why does your browser shows this message?

Currently the message showing that a website is not secure appears in almost all browsers when the website does not consists of an SSL/TLS certificate and uses HTTPS to connect to the website. The internet started as simple HTTP requests send over between a client and user, but over time people started noticing that this practice is not really safe. HTTP request data that was transmitted is not encrypted or secured in any way. When somebody has the possibility to tap in between your router and laptop, transmitted data can be captured and read. This is why the last 10 years you were always warned to not connect to public Wi-Fi hotspots. If somebody fakes a McDonalds Wi-Fi hotspot and you connect to this hotspot to start serving the web, all unencrypted data can be captured by the attacker and read out in simple excel like format.

To demonstrate the ease of this action, I captured my own Wi-Fi router at home and recorded my login action. In the table below you see the output of the program and that my password and email are captured really easily by this software (of course I skipped out parts). It isn’t a big problem if the attacker has access to this blog and can write articles or comments, but the problem becomes more prominent if I would use the same password for this blog as for my ERNA account for example, then the attacker would have access to more personal information.

Excel Output

There is the possibility to setup websites with a SSL/TLS certificate, resulting in your mail and password being send encrypted over the network which eliminates the possibility of snooping on your personal information. Another advantage of these certificates is that you can be sure that the domain you are on is really provided by the creator and is not a fake version that is spoofed by an attacker in order to steal your credentials.

In order to reduce the chance of your password getting compromised there are a few easy practical tips to follow. Never login to an unsecured website on public or shared hotspot, use password managers so you can create randomized passwords and never use the same password twice.

 

Sources:

https://ahrefs.com/blog/what-is-https/#how-tls-works
https://www.namecheap.com/support/knowledgebase/article.aspx/786/33/what-is-an-ssl-certificate-and-what-is-it-used-for
https://doesmysiteneedhttps.com/

 

 

 

Please rate this

Your Profile Is Being Scraped

18

September

2020

4.33/5 (3)

Facial recognition is gaining interest the last few years, all around the internet and also on this forum, more and more is being written about facial recognition itself, the positive and negative effects and the underlying technologies. Major companies are competing on developing better algorithms and are selling their developed technologies as cloud services. Easy API’s make it possible for every tech savvy person to use those services within minutes. But still the subject of facial recognition is still a lot of theory and less action. Current news items often discussed a few local tests or the implementation of video tracking within law enforcements. The major steps made on facial recognition are made within China, were facial identification or payment becomes more mainstream. But over the last year one company’s name popped up several times, gaining interest of several tech journalist, Clearview AI.

A lot of people nowadays have a certain social media profile, often with a public name, profile picture and some basic information. Of course it would be possible to go to every page and collect user information randomly, but no one every took the time to do this or saw the benefits of doing this, expect the startup Clearview AI.

Scraping is the act of automatically extracting public data of the internet. Every website can be scraped, even all data and texts from this blog for example. Clearview AI, performed these scraping operations on a huge level, they started scraping all the public profiles of Facebook and saved this data in one big database. If your profile picture and name are public on one of your social media accounts, which are probably most of the profiles, it is likely that these are included in the database of Clearview AI.

Would not every law enforcement agency be interested in the possibility of finding a suspect with the help of a few clicks? Robbers, fraudsters or cyber bullies are also people, most of the time with a personal social media account. This is exactly what Clearview AI thought while developing their business model, by scraping all public available data, training huge neural networks and selling it worldwide all bundled in a good looking application to law enforcement agencies. According to a graph of the New York Times, this will bring the number of photos the FBI can search from their own database of 411 million photos to a staggering number of 3 billion photos that are included in the Clearview AI application, all supported by an impressive artifical intelligence model.

This brings up some important questions, do we support facial recognition as a way of law enforcement? Is it legal to scrape information from social networks? Does making your profile public also implies that you give permission for your data to be saved and used for AI training purposes?

Next to the negative sides of web scraping, there are also interesting possibilities of using these methods. You could for example scrape this blog and analyze the word usage or identify trends and topics of interest over time. Web scraping also enables new innovations that aggregate data from multiple sources in creative ways creating information that was not available before.

The New York Times has an article going more into depth in the background of Clearview AI. Click here to read the full article or listen to accompanying podcast if your interested.

I would love to hear your opinion about the subject of web scraping and the usage of facial recognition. If you like to have a more technical background on how to implement web scraping techniques please let me know in the comments.

 

Sources

Hill, K. (2020, January 18). The Secretive Company That Might End Privacy as We Know It. The New York Times. https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html

Matsakis, L. (2020, January 27). Scraping the Web Is a Powerful Tool. Clearview AI Abused It. Wired. https://www.wired.com/story/clearview-ai-scraping-web/

 

 

Please rate this

GDPR and AI: A story of love or hate?

13

September

2018

No ratings yet.

The Past

On the 25th of May 2018 a significant change has marked the EU’s business world. The General Data Protection Regulation (GDPR) came into force, with the goal of empowering customers’ data privacy and protection throughout all stages of the data’s collection, storage, processing and transfer.

Short video on GDPR explanation:

Many companies in order to reach GDPR compliance, had to make significant changes to their processes, especially the ones that concern data, otherwise they would have to pay extravagant fines that could easily lead them to bankruptcy.

The Present

At the same time, with personalised conversations and relevance being the need of the hour, AI and disruptive innovation on most businesses handling personal data inevitably go hand in hand.

The majority of the aforementioned data are used to empower the newly introduced businesses’ AI algorithms: the more data available, the better an algorithm’s predictions (Coles, 2018). These companies currently struggle with the changes they need to perform and are “loosening” their tight knots with the AI implementation. They need to concentrate on what needs to change, how does it need to change and, naturally, will their offering still be effective and/or useful after shifting to a more GDPR compliant technology?

The Future

Although GDPR compliance may seem a great burden to most of the companies which have adopted AI technologies to their functions, we cannot ignore the benefits that can occur. Machine learning could be used to reduce the number of fraudulent behaviours, while tracing and confronting those can be a lot easier (Coles, 2018). The company may as well choose to build AI-powered tools that can notify all stakeholders in case of unauthorized access to their data.

Also, companies can plan strategically and deploy AI technologies in order to create what is needed for their GDPR compliance. In that way, they can easily keep their processes untouched while using AI to prove their processes as safe and protective (Nguyen, 2018).

Depending on the above and your personal insights, would you consider this relationship as love, hate or both?

References:

Please rate this