The First Nepal School on Internet Governance
In January 2018, the Internet Society Nepal Chapter organized the first Nepal School on Internet Governance (npSIG) in collaboration with the Forum for Digital Equality. The initiative offered an intensive two-day learning course covering a wide list of topics at the Institute of Engineering Pulchowk in Kathmandu. The initiative helped participants to identify global and regional issues and facilitate the understanding of several aspects of Internet Governance, including access, diversity, security, privacy, IoT, and human rights within the Nepalese policy framework. The schedule included theoretical sessions, roleplays, and attendee engagement activities. All brilliant speakers presentations are available on sig.org.np for further consultation.
One of the major objectives of npSIG was to raise awareness among young people about Internet Governance issues and to promote their participation in the discussion. The speakers inspired analysis, critical thinking and motivated the audience to design effective questions and take action.
How can we manage the Internet’s evolution in our country?
The opening speech delivered by Baburam Aryal, Chairperson at the Forum for Digital Equality, enhanced the understanding of the Internet Governance concept, which in Nepal is in the very early stages of development. The establishment of a proper ecosystem is complex as Continue reading
Nest Alert: Protection From Pwned* Passwords
A colleague just received an “Urgent Security Alert – Action Requested” email from Nest. At first glance it looked like either a phishing attempt or one of the way-too-often breach notifications we all receive these days. Instead, it was a real alert notifying him that the password he uses for his Nest account had been compromised in a data breach – not at Nest but somewhere else. Nest encouraged him to update to a unique password and enable two-step verification (additional authentication beyond a password, usually referred to as multi-factor authentication).
While it’s not clear exactly how Nest determined that the password was compromised, it could have come from security researcher Troy Hunt’s recently updated Pwned Passwords service (part of his “have i been pwned?” site). Via this service, you can enter a password to see if it matches more than half a billion passwords that have been compromised in data breaches. A hashed version of the full list of passwords can also be downloaded to do local or batch processing. (“Pwned” is video gamer talk for “utterly defeated,” as in “Last time we played, I pwned him.”)
Hunt created this service in response to the National Continue reading
DNA Tests Raise Privacy Questions
The news was amazing: Police in California used DNA evidence collected decades ago to identify the suspected Golden State Killer, a serial killer and rapist active between the mid-‘70s and mid-‘80s.
Investigators from the Sacramento County Sheriff’s Department entered the old DNA into online genealogical database GEDmatch and were able to zero in on suspect Joseph James DeAngelo Jr. by linking the DNA sample to relatives in the database.
A suspected serial killer won’t generate much sympathy from the public, but privacy advocates say the case raises a series of difficult questions about uses of DNA.
The Golden State Killer “was absolutely evil,” said Pam Dixon, executive director of the World Privacy Forum. “We can all definitely agree that serial killers should be taken off the street.”
Still, Dixon and other privacy advocates wonder about the repercussions of the case. “There is no privacy right that I know of in regard to this kind of linking,” she said.
Among the major questions:
- What court approvals should police get before searching DNA databases?
- Should police be able to use DNA from distant relatives to track down criminals?
- And how long should DNA evidence be searchable?
These are difficult questions, but Continue reading
The Internet Society and African Union Commission Launch Personal Data Protections Guidelines for Africa
The Internet Society and the African Union Commission (AUC) today launched the Personal Data Protection Guidelines for Africa (“the Guidelines”) at the Africa Internet Summit in Dakar, Senegal. Grounded on principles of privacy, trust and responsible use, the Guidelines introduced another step in securing the African Internet infrastructure and emphasized the notion that good data protection strengthens trust in online services and contributes to sustainable growth of the digital economy. This timely development follows a recent massive privacy breach at Facebook and the much talked about Cambridge Analytica saga which mishandled the data of millions of Facebook users, including many on the African continent.
Speaking at the launch event, the Director for Africa Regional Bureau, Dawit Bekele, applauded Senegal for becoming the first country in Africa to show leadership and commitment towards building a solid information society. “Africa – indeed like the rest of the world – considers personal data protection as key in securing the Internet infrastructure and Senegal has shown us the way by being the first African country to ratify the Malabo Convention.”
The African digital economy is continuing to grow, with the potential to reach $300 billion or 10% of GDP of the African economy Continue reading
What is BGP Hijacking, Anyway?
Two weeks ago, we learned about yet another routing security incident, namely the hijack of BGP routes to the Amazon DNS infrastructure, used as a stepping stone to steal about $150,000 of Ethereum cryptocurrency from MyEtherWallet.com. We’ve been talking a lot lately about BGP hijacking, digging into the details of what happened in this post. But maybe we need to back up a minute and answer: What in the world is BGP hijacking, anyway, and why does it matter? Here, we’ll explain the basics and how network operators and Internet Exchange Points can join MANRS to help solve the problem.
What is BGP?
BGP, or Border Gateway Protocol, is used to direct traffic across the Internet. Networks use BGP to exchange “reachability information” – networks they know how to get to. Any network that is connected to the Internet eventually relies on BGP to reach other networks.
What is BGP Hijacking?
In short, BGP hijacking is when an attacker disguises itself as another network; it announces network prefixes belonging to another network as if those prefixes are theirs. If this false information is accepted by neighboring networks and propagated further using BGP, it distorts the “roadmap” of the Continue reading
The Week in Internet News: Criminal Cryptocurrency Miners Target IoT
Cryptomining the IoT: Cryptocurrency mining has caused a run on high-powered graphics cards, but criminal groups are looking for ways to exploit other computing power for mining operations. One target is Internet of Things networks because of the lack of strong security on many IoT devices, reports ZDNet. IoT cryptojacking malware is becoming popular on underground forums.
Secrecy for Slackers: Have you ever sent a message on Slack that you didn’t want your boss to see? Or maybe you’re concerned that someone could forward your Slack conversations. Apparently, you’re not alone. Security consulting firm Minded Security has created a tool, called Shhlack, that allows for encrypted messages in the popular messaging app, Motherboard says.
Hey, something worked! Law enforcement authorities in several countries worked together to take down WebStresser, a large DDoS-for-hire service, in late April. In the week following the takedown, DDoS attacks observed by one security provider dropped by about 60 percent in Europe, BleepingComputer reports. The drop may have been only temporary, however.
Fake news hits the courts: Malaysia’s controversial new has its first casualties. A Danish citizen has pleaded guilty maliciously publishing a fake news report by posting a YouTube video that appeared to contradict Continue reading
European Agenda on Digital for Development: Can the Multistakeholder Approach Help?
The year 2017 was an important milestone in moving forward the European agenda for Digital for Development (D4D). The European Commission (EC) paper on mainstreaming digital technologies into EU development policy and the European Council conclusions on Digital for Development have activated the European development community to share opinions and ideas on how to help bridge the global digital divide.
In the past month, we have had a couple of open events in Brussels to discuss this important issue. The European Parliament’s EPP group hosted a public hearing on Digitalisation for Development to collect ideas and to push for more progress. Two weeks later, the EC held the first multistakeholder meeting for Digital4Development with a focus on Africa.
Building a Balanced Agenda
There are a number of pillars of activities that most stakeholders agree on. These include Internet access with a focus on last mile; Internet as an enabler across different sectors; skills; and entrepreneurship. During the recent meetings, the EC, the national development agencies and the private sector showcased impressive and innovative digitalisation programmes.
However, several stakeholders pointed out that while it is important to continue to invest in Internet access, this is no longer enough. We need Continue reading
Encryption Is Key to Safety of Journalists
At a time when we notice increasing and alarming threats to media freedom around the world, World Press Freedom Day (WPFD) is more pertinent today than ever before. We therefore can’t afford to celebrate this important day without both considering the damage done to the free press over the past year and intensifying our efforts to protect journalists and the future of journalism around the world.
To ensure that we can continue to celebrate the media’s vital role in democracies in the future, we must tackle the increasing number of Internet shutdowns around the world and find better ways to secure the safety of journalists.
Let’s start with the latter. The surveillance of journalists, in particular, has profound implications for democratic institutions, including freedom of the press. It threatens journalists’ ability to confidently and confidentially work with sources and to unlock information about controversial issues. It therefore hinders their ability to play their roles as watchdogs in democratic or undemocratic, developed or developing societies alike. But reports indicate that more and more journalists are at risk of facing state or societal surveillance.
Encryption offers a vital and relatively simple defense for such intrusions. Building on last year’s Continue reading
Call for Contributions to Northern Public Affairs: Internet Connectivity in Indigenous and Northern Communities
Northern Public Affairs, in collaboration with the Internet Society, is pleased to release a call for contributions to the Fall 2018 special issue of NPA Magazine focusing on emerging developments in community networks among Indigenous peoples in North America.
Internet connectivity for Indigenous Peoples in Canada and the United States has long been difficult to implement due to many environmental and socioeconomic factors such as remoteness of communities, difficulty gaining first mile access, reliable networks, slow speeds, expensive equipment, and high data costs. Community networks are communications infrastructure deployed and operated by local people, offering Indigenous communities a way to access the Internet to meet their own needs. For many, affordable, high-quality Internet access means community sustainability. Community networks encourage policymakers and regulators to examine new ways and means to fill local digital divides, like supporting local content in the appropriate language(s).
In this special edition issue of NPA Magazine the goal is to assemble diverse voices to explore the impact of access in the areas of education, healthcare, digital literacy, cultural/language promotion and preservation, as well as any negative impacts. We will seek existing Indigenous Community Networks and developing ones, highlighting successful and promising initiatives bringing Internet connectivity Continue reading
Internet Society, LACNIC, and LAC-IX Partner to Strengthen IXPs in Latin America
Wednesday, 2 May 2018, the Internet Society signed a Memorandum of Understanding with the Association of Internet Exchange Points (LAC-IX) and the Latin American Registry for Internet Numbers (LACNIC) to create and strengthen Internet Exchange Points (IXPs) for a stable, secure, and open Internet and to maximise the impact of our activities across Latin America and the Caribbean.
Internet Society’s work on interconnection, traffic exchange, and IXPs not only improves local Internet service in developed regions, but also engages with the local communities that are instrumental in advancing the Internet Society’s mission. The IXP program helps develop Internet technical communities and network operators across the globe.
The Internet Society cooperates with regional organisations that lead IXP work in the field, supporting their work, promoting new IXPs where needed, and helping spread Internet Society work that is valuable to their communities.
LAC-IX and LACNIC have a unique role in promoting new IXPs, supporting existing communities, and, through them, providing the messages that contribute to a stable and scalable Internet.
This Memorandum of Understanding establishes a reference framework for cooperation mechanisms between the Parties. Plans include supporting capacity-building events, disseminating common initiatives and projects, and promoting good routing practices at traffic exchange Continue reading
Some Fake News Fighters Embrace AI, Others Seek the Human Touch
Fake news doesn’t seem to be going away anytime soon, and some entrepreneurs are targeting false news reports with new services designed to alert readers.
Some countries have pushed for new laws to criminalize the creation of fake news – raising questions about government censorship – but these new fake news fighters take a different approach, some using Artificial Intelligence, some using human power, and some using a combination of AI and humans.
Several high-profile fake news fighting services have launched in recent years, some of them driven by the amount of fake news generated during the 2016 U.S. election. These services generally focus on web content appearing to be legitimate news, as an alternative to traditional fact-checking services like Snopes – which takes a broad look at Web-based news and rumors – or PolitiFact – which addresses claims made by politicians and political groups.
The amount of fake news generated during the election campaign was the main reason FightHoax founder Valentinos Tzekas began working on his service two years ago. At the time, Tzekas was a first-year applied informatics student at a Greek university, but he is planning to leave school to work full time on FightHoax.
The 2016 Continue reading
Hackathon at Africa Internet Summit Focuses on Time, Vehicular Communications, and Network Programmability
We are pleased to announce the 2nd Hackathon@AIS will be held in Dakar, Senegal, on 9-10 May, alongside the Africa Internet Summit. Participants from 14 countries have confirmed their participation and will work on activities centered around three main topics:
- The Network Time Protocol (or NTP)
- Wireless communication in vehicular environments – based on Intelligent Transportation Systems
- Network Programmability
Working on open Internet standards involves a collaborative effort whereby individuals from different backgrounds provide input and expertise to improve the Internet. Work is focused on common objectives with set timelines. This work is mostly done by people in different geographical locations using the Internet (and online tools) to collaborate on the work. In some cases, short technical events called hackathons place experts in one physical location to work collaboratively to solve a problem or develop a new product or output in a short period of time.
Last year, the Internet Society’s African Regional Bureau, together with AFRINIC, organized a hackathon in Kenya, during the 2017 Africa Internet Summit. In Africa, work on open Internet standards development is low, with only a handful of Request For Comments (RFCs) known to have been published by experts from the region. One of Continue reading
The State of Broadband Connectivity in Canada’s Rural and Remote Regions
In April, the Canadian Standing Committee on Industry, Science, and Technology presented the “Broadband Connectivity in Rural Canada: Overcoming the Digital Divide” to the House of Commons in order to make public their findings and recommendations from a study on broadband connectivity. (In May 2016, the committee adopted a motion to do a study on broadband connectivity, with the primary purpose of developing a plan to improve rural broadband and demonstrate the Internet’s effect on rural economies.) To create the report, the committee used information and conversations from seven meetings, as well as 50 oral and written submissions. Participants in this process represented businesses, small and large service providers, experts, and on-the-ground rural providers. The Internet Society applauds the committee’s use of a consultative process and its effort to provide concrete recommendations to the House of Commons to connect Canada’s rural and remote citizens.
In 2016, the Canadian Radio-television and Telecommunications (CRTC) declared Internet access an essential service and set the minimum performance standard at 50 Mbps download and 10 Mbps upload. At the same time, it estimated that it will take between 10 and 15 years for the remaining 18% of Canadians to reach those Continue reading
CONSENT: Privacy Is Key to Reinforcing Trust
To address mounting US user concerns, Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) have introduced the Consumer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. (They have also introduced legislation to increase transparency and consumer privacy protection, though the text is not yet public.) While the Internet Society is weary of a reactionary regulatory trend and would rather see proactive anticipatory movement towards stronger privacy protections, we are supportive of legislation, like the CLOUD Act, that puts more control over how data is used in consumers’ hands, and moves towards a more user-centric Internet.
Currently, US users often have to go through an extensive and complicated process to opt out of data usage practices. Some may not even be aware that those options exist. Opt-out processes make data collection the “default” setting and weaken consumers’ ability to really consent to data handling practices.
The CONSENT Act, however, would require “edge-providers” (defined by the Act as persons that provide a service over the Internet) to notify users when they subscribe, establish an account, purchase, or begin receiving service if their data will be collected. This would make significant gains for user trust, as it would increase transparency at Continue reading
Future Thinking: Augusto Mathurin on Digital Divides
In 2017, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. In April 2018, we interviewed two stakeholders –Getachew Engida, Deputy Director-General of the United Nations Educational, Scientific and Cultural Organization (UNESCO), and Augusto Mathurin, who created Virtuágora, an open source digital participation platform – to hear their different perspectives on the forces shaping the Internet.
Augusto Mathurin is a 25-year-old Argentinian who strongly believes in the need to enable all people to participate in decision-making which can impact them and their communities. With this in mind, Augusto developed an open source digital participation platform as part of a university project. The main goal of this platform, Virtuágora, was to create a common space in which citizens’ opinions and their representatives’ proposals could converge. The concept was derived from the Greek agora – the central square of ancient Grecian cities where citizens met to discuss their society. In 2017, Augusto was awarded the Internet Society’s 25 under 25 award for making an impact in his community and beyond. (You can Continue reading
Future Thinking: Getachew Engida on Digital Divides
In 2017, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. In April 2018, we interviewed two stakeholders – Getachew Engida, Deputy Director-General of the United Nations Educational, Scientific and Cultural Organization (UNESCO), and Augusto Mathurin, who created Virtuágora, an open source digital participation platform – to hear their different perspectives on the forces shaping the Internet.
Getachew Engida is the Deputy Director-General of UNESCO. He has spent the past twenty years leading and managing international organizations and advancing the cause of poverty eradication, peace-building, and sustainable development. He has worked extensively on rural and agricultural development, water and climate challenges, education, science, technology and innovation, intercultural dialogue and cultural diversity, communication and information with emphasis on freedom of expression, and the free flow information on and offline. (You can read Augusto Mathurin’s interview here).
The Internet Society: You have, in the past, stressed the role that education has played in your own life and can play in others’ lives. Do you see technology helping to promote literacy and Continue reading
The Week in Internet News: A New Use for Blockchain
Blockchain takes on censorship: Students looking into sexual harassment accusations involving a professor at Peking University in China wrote a letter accusing the school of trying to silence one of them, but the letter was removed from social media outlets for “violating rules.” So some supporters distributed the letter using the Ethereum blockchain, reports Yahoo finance.
Why routing security matters: Hackers used a well-known weakness in Border Gateway Protocol routing to hijack Amazon Web Services’ DNS traffic for about two hours last Tuesday. Attackers were able to redirect an Ethereum wallet developer’s website to a phishing site and steal about $150,000 from MyEtherWallet.com users, ZDNet reports.
Hacking-for-hire site attacked: In this case, law enforcement agencies from 12 countries were the people who shut down hacking-for-hire site Webstresser.org. The site had 136,000 customers and its hackers launched more than 4 million DDoS attacks in recent years, according to Europol. GovTech.com has a story.
Inspecting the IoT: Researchers at Princeton University are launching IoT Inspector, an open-source tool designed to give Internet of Things users insight into the security of their devices. There’s even Raspberry Pi code for the project, says The Register.
Cryptocurrency for the suits: The Continue reading
What Happened? The Amazon Route 53 BGP Hijack to Take Over Ethereum Cryptocurrency Wallets
Yesterday, we published a blog post sharing the news and some initial details about Amazon’s DNS route hijack event to steal Ethereum cryptocurrency from myetherwallet.com. In this post, we’ll explore more details about the incident from the BGP hijack’s perspective.
As noted by Dyn, CloudFlare, and various other entities who monitor Internet routing and health, Amazon’s Route 53 (the DNS service offered by AWS) prefixes were hijacked. A BGP update taken from Isolario suggests that on 24 April, its BGP feeders were correctly receiving 205.251.192.0/23, 205.251.194.0/23, 205.251.196.0/23, 205.251.198.0/23, originated from Amazon (AS16509), until 11:04:00 (UTC). But, at 11:05:41 (UTC), Isolario recorded the first more specific /24 malicious announcements via BGP feeder and the announcements originated from eNET (AS10297) to its peer 1&1 Internet SE (AS8560). Click to enlarge image.
RIPE Stats collected the first more specific malicious advertisement at 11:05:42 (UTC) originating from eNET (AS10297), but this time through peer Hurricane Electric (AS6939).
Exactly at the same time, 11:05:42 (UTC), the Isolario BGP feeder received another update originating from eNET (AS10297) and it was also coming via Hurricane Electric (AS6939). Click to enlarge image.
Hurricane Electric has a worldwide Continue reading
Visually Impaired Students in Rwanda Get a New Chance
Jacqueline is attending S4 secondary school HVP Gatagara. She used to read well, but when she reached primary five she went blind and started using audios.
“Studying with audios was challenging” she explains. “Sometimes I got bored and fell asleep. As time went by, I got experienced and I was able to pass my national examination regardless of my blindness.”
A project led by The Internet Society Rwanda Chapter and supported by Beyond the Net Funding Programme is implementing a breakthrough solution that will impact Rwanda’s education sector, addressing the urgent need of a functional learning environment for the visually impaired students.Visual impaired people are not aware of benefits they can get from the Internet. Awareness of what is possible and what is already available is crucial especially for blind students. Young Jacqueline believes that big things have small beginnings and that the Internet will give all students a better opportunity for a successful education: “We have a lot of books here, but we can’t take them home as others do. My request is to turn these books into audios and make them accessible to allow me and my classmates to keep on studying.”
Jazmin Fallas Kerr: Creating Opportunities for Women in Costa Rica
The age-old tradition of the physical marketplace may be crumbling, and many women-led families in Costa Rica are feeling the pinch. In fact, in Jazmin Fallas Kerr’s hometown, Desamparados, nearly half of all families with women as head of household are in poverty.
To combat that, Kerr made a digital bridge between creation and commerce. Hyena is an Internet-based marketplace which allows women artisans to sell their handiwork online for a fair price. The site now has more than 50 local women courting customers for their crafts. Kerr’s upbringing helped her develop the idea.
“I was inspired by my mother; she is a family leader and artisan,” Kerr said. “We are from an area of social vulnerability, and I know the difficulties these families face.”
The site helps solve a more universal problem. It gives women the flexibility and time to work outside of homemaking responsibilities.
“[I want to] empower women to create better opportunities for their families,” Kerr said. “It is being achieved through a platform involving different actors in society that involves from fair trade to online education.”
Winner of the “Creator of Digital Change” contest, Hyena exists thanks to that $3,000 prize money from the Continue reading