IETF approves .onion as ‘special purpose domain’

Today I blogged about the Internet Engineering Task Force’s (IETF’s) registration of Tor’s “.onion” as a special-purpose domain, and what that means for Tor hidden services and HTTPS certificates, over at Electronic Frontiers Australia (EFA), in collaboration with EFA’s Executive Officer Jon Lawrence.


Looking for Tenants: Attempted Fraud

I’ve been on both sides of some dodgy accommodation application processes: excluded from renting a room for being in a same-sex relationship, dropping out of an intrusive application process, and looking for a tenant for a room.

In 2014, I had a supposed tenant attempt to defraud me of personal details, in particular, my PayPal email address. They had already stolen someone’s identity to make the rental application. I assume they planned to use my details as part of further identity theft and/or fraud.

This kind of fraud is pretty common: my applicant was “on a cruise ship”, so they could “only email”. They couldn’t call, or inspect the room. They were happy with the “photos on the site of the house”, but wanted the exact address. (More potential identity theft!) They seemed to have no idea it was an apartment.

The person provided pictures of “herself”, but the two pictures didn’t seem to be of the same person. They were also a very poor resolution and quality – not what you’d expect of contemporary holiday snaps. The same photo(s) were also used on a LinkedIn profile and on various dating sites, under various names. Google reverse image search is an essential tool for discovering this kind of fraud.

The scammer then used a name and email from a Facebook profile with a different picture. (I think the Facebook profile had been hacked.) Again, Googling email addresses and names uncovered this rather quickly.

The scammer wanted to pay for several months’ rent upfront to secure the room. This is really weird, but a terribly attractive offer when you’re sick of looking for tenants. (And, I have to admit, I felt sympathetic for their “difficult” situation.) They almost got some account details from me, because they said they wanted to pay thousands of dollars upfront.

But, as I searched online for the details they provided, the whole scam unravelled rather quickly.

I ended up reporting this scam to the real estate website, the State (well, Australian Capital Territory) and Federal Government Scam Watch websites, LinkedIn, and Facebook. Most of these sites took appropriate action quickly, except for Facebook, which seems to have a complaint threshold before a human gets involved.

(I hope) this is the end of my mini-series on accommodation search disasters.

Privacy, Secure Communications, and Law & Order

Understanding Apple and privacy | iMore.

I’m concerned that there is often a false dichotomy presented between privacy and security:

“It’s vital to understand that privacy and security, while often mentioned together, are not one and the same. Privacy demands security, but security does not demand privacy. Historically, privacy has often been violated in the name of security.”

In this context, I can’t quite tell if the author is talking about “secure communications”, rather than, say, “domestic security”. One could easily say: “(communication) security has often been violated in the name of (domestic) security.”

Perhaps we could define our terms more clearly.

But I still think there’s truth in the article: people’s privacy and communications security is dependent on a certain degree of law and order, yet is often violated in service of that same law and order.

Edit: Copy and paste error. I adapted this from a post to the Cyber101x forums on edX.

Updated: I know Crypto

I’ve been hard at work on:

So today’s update is short, and full of teasers.

Edit: I was in such a hurry, I forgot the post metadata (categories and tags).
Did you know that the NSA kills people based on metadata?

Yes, that’s really it. More to come in future posts.