NBN upgrades explained: how will they make internet speeds faster? And will the regions miss out?



Shutterstock

Thas Ampalavanapillai Nirmalathas, University of Melbourne

The federal government has announced a A$3.5 billion upgrade to the National Broadband Network (NBN) that will grant two million households on-demand access to faster fibre-to-the-node (FTTN) internet by 2023.

Reports from the ABC suggest the plan would go as far as to upgrade the FTTN services to fibre-to-the-premises (FTTP) – although this wasn’t explicitly said in Minister for Communications Paul Fletcher’s announcement.

The minister said the upgrade would involve expanding current FTTN connections to run along more streets across the country, giving people the option to connect to broadband speeds of up to one gigabit per second. Improvements have also been promised for the hybrid fibre coaxial (HFC) and fibre-to-the-curb (FTTC) systems.

Altogether the upgrade is expected to give about six million households access to internet speeds of up to one gigabit per second. But how will the existing infrastructure be boosted? And who will miss out?

Getting ahead of the terminology

Let’s first understand the various terms used to describe aspects of the NBN network.

Fibre to the Premises (FTTP)

FTTP refers to households with an optical fibre connection running from a device on a wall of the house directly to the network. This provides reliable high-speed internet.

The “network” simply refers to the exchange point from which households’ broadband connections are passed to service providers, such as Telstra, who help them get connected.

In an FTTP network, fibre optic connectors in the back of distribution hub panels connect homes to broadband services.
Shutterstock

Fibre to the Node (FTTN)

The FTTN system serves about 4.7 million premises in Australia, out of a total 11.5 million covered under the NBN.

With FTTN, households are connected via a copper line to a “node” in their neighbourhood. This node is further connected to the network with fibre optic cables that transfer data much faster than copper cables can.

With FTTN systems, the quality of the broadband service depends on the length of the copper cable and the choice of technology used to support data transmission via this cable.

It’s technically possible to offer high internet speeds when copper cables are very short and the latest data transmission technologies are used.

In reality, however, Australia’s FTTN speeds using a fibre/copper mix have been slow. An FTTN connection’s reliability also depends on network conditions, such as the age of the copper cabling and whether any of the signal is leaking due to degradation.

Illustration of fibre optic cables.
Fibre optic cables use pulses of light for high-speed data transmission across long distances.
Shutterstock

Fibre to the Curb (FTTC)

The limitations of FTTN mentioned above can be sidestepped by extending fibre cables from the network right up to a curbside “distribution point unit” nearer to households. This unit then becomes the “node” of the network.

FTTC allows significantly faster data transmission. This is because it services relatively fewer households (allowing better signal transmission to each one) and reduces the length of copper cable relied upon.

Hybrid Fibre Coaxial (HFC)

In many areas, the NBN uses coaxial cables instead of copper cables. These were first installed by Optus and Telstra in the 1990s to deliver cable broadband and television. They’ve since been modernised for use in the NBN’s fibre network.

In theory, HFC systems should be able to offer internet speeds of more than 100 megabits per second. But many households have been unable to achieve this due to the poor condition of cabling infrastructure in some parts, as well as large numbers of households sharing a single coaxial cable.

Coaxial cables are the most limiting part of the HFC system. So expanding the length of fibre cabling (and shortening the coaxial cables being used) would allow faster internet speeds. The NBN’s 2020 corporate plan identifies doing this as a priority.

Minister Fletcher today said the planned upgrades would ensure all customers serviced by HFC would have access to speeds of up to one gigabit per second. Currently, only 7% of HFC customers do.

Mixing things up isn’t always a good idea

Under the original NBN plan, the Labor government in 2009 promised optical fibre connections for 93% of all Australian households.

Successive reviews led to the use of multiple technologies in the network, rather than the full-fibre network Labor envisioned. Many households are not able to upgrade their connection because of limitations to the technology available in their neighbourhood.




Read more:
The NBN: how a national infrastructure dream fell short


Also, many businesses currently served by FTTN can’t access internet speeds that meet their needs. To avoid internet speeds hindering their work, many businesses need a minimum speed between 100 megabits and 1 gigabit per second, depending on their scale.

Currently, no FTTN services and few HFC services can support such speeds.

Moreover, the Australian Competition and Consumer Commission’s NBN monitoring report published in May (during the pandemic) found in about 95% of cases, NBN plans only delivered 83-91% of the maximum advertised speed.

The report also showed 10% of the monitored services were underperforming – and 95% of these were FTTN services. This makes a strong case for the need to upgrade FTTN.

Who will benefit?

While the NBN’s most recent corporate plan identifies work to be done across its various offerings (FTTN, FTTC, HFC, fixed wireless), it’s unclear exactly how much each system stands to gain from today’s announcements.

Ideally, urban and regional households that can’t access 100 megabits per second speeds would be prioritised for fibre expansion. The expanded FTTN network should also cover those struggling to access reliable broadband in regional Australia.

Bringing fibre cabling to households in remote areas would be difficult. One option, however, could be to extend fibre connections to an expanded network of base stations in regional Australia, thereby improving the NBN’s fixed wireless connectivity capacity.

These base stations “beam” signals to nearby premises. Installing more stations would mean fewer premises covered by each (and therefore better connectivity for each).

Regardless, it’s important the upgrades happen quickly. Many NBN customers now working and studying from home will be waiting eagerly for a much-needed boost to their internet speed.




Read more:
How to boost your internet speed when everyone is working from home


The Conversation


Thas Ampalavanapillai Nirmalathas, Group Head – Electronic and Photonic Systems Group and Professor of Electrical and Electronic Engineering, University of Melbourne

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Towards a post-privacy world: proposed bill would encourage agencies to widely share your data


Bruce Baer Arnold, University of Canberra

The federal government has announced a plan to increase the sharing of citizen data across the public sector.

This would include data sitting with agencies such as Centrelink, the Australian Tax Office, the Department of Home Affairs, the Bureau of Statistics and potentially other external “accredited” parties such as universities and businesses.

The draft Data Availability and Transparency Bill released today will not fix ongoing problems in public administration. It won’t solve many problems in public health. It is a worrying shift to a post-privacy society.

It’s a matter of arrogance, rather than effectiveness. It highlights deficiencies in Australian law that need fixing.




Read more:
Australians accept government surveillance, for now


Making sense of the plan

Australian governments on all levels have built huge silos of information about us all. We supply the data for these silos each time we deal with government.

It’s difficult to exercise your rights and responsibilities without providing data. If you’re a voter, a director, a doctor, a gun owner, on welfare, pay tax, have a driver’s licence or Medicare card – our governments have data about you.

Much of this is supplied on a legally mandatory basis. It allows the federal, state, territory and local governments to provide pensions, elections, parks, courts and hospitals, and to collect rates, fees and taxes.

The proposed Data Availability and Transparency Bill will authorise large-scale sharing of data about citizens and non-citizens across the public sector, between both public and private bodies. Previously called the “Data Sharing and Release” legislation, the word “transparency” has now replaced “release” to allay public fears.

The legislation would allow sharing between Commonwealth government agencies that are currently constrained by a range of acts overseen (weakly) by the under-resourced Australian Information Commissioner (OAIC).

The acts often only apply to specific agencies or data. Overall we have a threadbare patchwork of law that is supposed to respect our privacy but often isn’t effective. It hasn’t kept pace with law in Europe and elsewhere in the world.

The plan also envisages sharing data with trusted third parties. They might be universities or other research institutions. In future, the sharing could extend to include state or territory agencies and the private sector, too.

Any public or private bodies that receive data can then share it forward. Irrespective of whether one has anything to hide, this plan is worrying.

Why will there be sharing?

Sharing isn’t necessarily a bad thing. But it should be done accountably and appropriately.

Consultations over the past two years have highlighted the value of inter-agency sharing for law enforcement and for research into health and welfare. Universities have identified a range of uses regarding urban planning, environment protection, crime, education, employment, investment, disease control and medical treatment.

Many researchers will be delighted by the prospect of accessing data more cheaply than doing onerous small-scale surveys. IT people have also been enthusiastic about money that could be made helping the databases of different agencies talk to each other.

However, the reality is more complicated, as researchers and civil society advocates have pointed out.

Person hitting a 'share' button on a keyboard.
In a July speech to the Australian Society for Computers and Law, former High Court Justice Michael Kirby highlighted a growing need to fight for privacy, rather than let it slip away.
Shutterstock

Why should you be worried?

The plan for comprehensive data sharing is founded on the premise of accreditation of data recipients (entities deemed trustworthy) and oversight by the Office of the National Data Commissioner, under the proposed act.

The draft bill announced today is open for a short period of public comment before it goes to parliament. It features a consultation paper alongside a disquieting consultants’ report about the bill. In this report, the consultants refer to concerns and “high inherent risk”, but unsurprisingly appear to assume things will work out.

Federal Minister for Government Services Stuart Roberts, who presided over the tragedy known as the RoboDebt scheme, is optimistic about the bill. He dismissed critics’ concerns by stating consent is implied when someone uses a government service. This seems disingenuous, given people typically don’t have a choice.

However, the bill does exclude some data sharing. If you’re a criminologist researching law enforcement, for example, you won’t have an open sesame. Experience with the national Privacy Act and other Commonwealth and state legislation tells us such exclusions weaken over time

Outside the narrow exclusions centred on law enforcement and national security, the bill’s default position is to share widely and often. That’s because the accreditation requirements for agencies aren’t onerous and the bases for sharing are very broad.

This proposal exacerbates ongoing questions about day-to-day privacy protection. Who’s responsible, with what framework and what resources?

Responsibility is crucial, as national and state agencies recurrently experience data breaches. Although as RoboDebt revealed, they often stick to denial. Universities are also often wide open to data breaches.

Proponents of the plan argue privacy can be protected through robust de-identification, in other words removing the ability to identify specific individuals. However, research has recurrently shown “de-identification” is no silver bullet.

Most bodies don’t recognise the scope for re-identification of de-identified personal information and lots of sharing will emphasise data matching.

Be careful what you ask for

Sharing may result in social goods such as better cities, smarter government and healthier people by providing access to data (rather than just money) for service providers and researchers.

That said, our history of aspirational statements about privacy protection without meaningful enforcement by watchdogs should provoke some hard questions. It wasn’t long ago the government failed to prevent hackers from accessing sensitive data on more than 200,000 Australians.

It’s true this bill would ostensibly provide transparency, but it won’t provide genuine accountability. It shouldn’t be taken at face value.




Read more:
Seven ways the government can make Australians safer – without compromising online privacy


The Conversation


Bruce Baer Arnold, Assistant Professor, School of Law, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.

A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?



Paul Haskell-Dowland, Author provided

Paul Haskell-Dowland, Edith Cowan University and Brianna O’Shea, Edith Cowan University

Passwords have been used for thousands of years as a means of identifying ourselves to others and in more recent times, to computers. It’s a simple concept – a shared piece of information, kept secret between individuals and used to “prove” identity.

Passwords in an IT context emerged in the 1960s with mainframe computers – large centrally operated computers with remote “terminals” for user access. They’re now used for everything from the PIN we enter at an ATM, to logging in to our computers and various websites.

But why do we need to “prove” our identity to the systems we access? And why are passwords so hard to get right?




Read more:
The long history, and short future, of the password


What makes a good password?

Until relatively recently, a good password might have been a word or phrase of as little as six to eight characters. But we now have minimum length guidelines. This is because of “entropy”.

When talking about passwords, entropy is the measure of predictability. The maths behind this isn’t complex, but let’s examine it with an even simpler measure: the number of possible passwords, sometimes referred to as the “password space”.

If a one-character password only contains one lowercase letter, there are only 26 possible passwords (“a” to “z”). By including uppercase letters, we increase our password space to 52 potential passwords.

The password space continues to expand as the length is increased and other character types are added.

Making a password longer or more complex greatly increases the potential ‘password space’. More password space means a more secure password.

Looking at the above figures, it’s easy to understand why we’re encouraged to use long passwords with upper and lowercase letters, numbers and symbols. The more complex the password, the more attempts needed to guess it.

However, the problem with depending on password complexity is that computers are highly efficient at repeating tasks – including guessing passwords.

Last year, a record was set for a computer trying to generate every conceivable password. It achieved a rate faster than 100,000,000,000 guesses per second.

By leveraging this computing power, cyber criminals can hack into systems by bombarding them with as many password combinations as possible, in a process called brute force attacks.

And with cloud-based technology, guessing an eight-character password can be achieved in as little as 12 minutes and cost as little as US$25.

Also, because passwords are almost always used to give access to sensitive data or important systems, this motivates cyber criminals to actively seek them out. It also drives a lucrative online market selling passwords, some of which come with email addresses and/or usernames.

You can purchase almost 600 million passwords online for just AU$14!

How are passwords stored on websites?

Website passwords are usually stored in a protected manner using a mathematical algorithm called hashing. A hashed password is unrecognisable and can’t be turned back into the password (an irreversible process).

When you try to login, the password you enter is hashed using the same process and compared to the version stored on the site. This process is repeated each time you login.

For example, the password “Pa$$w0rd” is given the value “02726d40f378e716981c4321d60ba3a325ed6a4c” when calculated using the SHA1 hashing algorithm. Try it yourself.

When faced with a file full of hashed passwords, a brute force attack can be used, trying every combination of characters for a range of password lengths. This has become such common practice that there are websites that list common passwords alongside their (calculated) hashed value. You can simply search for the hash to reveal the corresponding password.

This screenshot of a Google search result for the SHA hashed password value ‘02726d40f378e716981c4321d60ba3a325ed6a4c’ reveals the original password: ‘Pa$$w0rd’.

The theft and selling of passwords lists is now so common, a dedicated website — haveibeenpwned.com — is available to help users check if their accounts are “in the wild”. This has grown to include more than 10 billion account details.

If your email address is listed on this site you should definitely change the detected password, as well as on any other sites for which you use the same credentials.




Read more:
Will the hack of 500 million Yahoo accounts get everyone to protect their passwords?


Is more complexity the solution?

You would think with so many password breaches occurring daily, we would have improved our password selection practices. Unfortunately, last year’s annual SplashData password survey has shown little change over five years.

The 2019 annual SplashData password survey revealed the most common passwords from 2015 to 2019.

As computing capabilities increase, the solution would appear to be increased complexity. But as humans, we are not skilled at (nor motivated to) remember highly complex passwords.

We’ve also passed the point where we use only two or three systems needing a password. It’s now common to access numerous sites, with each requiring a password (often of varying length and complexity). A recent survey suggests there are, on average, 70-80 passwords per person.

The good news is there are tools to address these issues. Most computers now support password storage in either the operating system or the web browser, usually with the option to share stored information across multiple devices.

Examples include Apple’s iCloud Keychain and the ability to save passwords in Internet Explorer, Chrome and Firefox (although less reliable).

Password managers such as KeePassXC can help users generate long, complex passwords and store them in a secure location for when they’re needed.

While this location still needs to be protected (usually with a long “master password”), using a password manager lets you have a unique, complex password for every website you visit.

This won’t prevent a password from being stolen from a vulnerable website. But if it is stolen, you won’t have to worry about changing the same password on all your other sites.

There are of course vulnerabilities in these solutions too, but perhaps that’s a story for another day.




Read more:
Facebook hack reveals the perils of using a single account to log in to other services


The Conversation


Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University and Brianna O’Shea, Lecturer, Ethical Hacking and Defense, Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Can I still be hacked with 2FA enabled?



Shutterstock

David Tuffley, Griffith University

Cybersecurity is like a game of whack-a-mole. As soon as the good guys put a stop to one type of attack, another pops up.

Usernames and passwords were once good enough to keep an account secure. But before long, cybercriminals figured out how to get around this.

Often they’ll use “brute force attacks”, bombarding a user’s account with various password and login combinations in a bid to guess the correct one.

To deal with such attacks, a second layer of security was added in an approach known as two-factor authentication, or 2FA. It’s widespread now, but does 2FA also leave room for loopholes cybercriminals can exploit?

2FA via text message

There are various types of 2FA. The most common method is to be sent a single-use code as an SMS message to your phone, which you then enter following a prompt from the website or service you’re trying to access.

Most of us are familiar with this method as it’s favoured by major social media platforms. However, while it may seem safe enough, it isn’t necessarily.

Hackers have been known to trick mobile phone carriers (such as Telstra or Optus) into transferring a victim’s phone number to their own phone.




Read more:
$2.5 billion lost over a decade: ‘Nigerian princes’ lose their sheen, but scams are on the rise


Pretending to be the intended victim, the hacker contacts the carrier with a story about losing their phone, requesting a new SIM with the victim’s number to be sent to them. Any authentication code sent to that number then goes directly to the hacker, granting them access to the victim’s accounts.
This method is called SIM swapping. It’s probably the easiest of several types of scams that can circumvent 2FA.

And while carriers’ verification processes for SIM requests are improving, a competent trickster can talk their way around them.

Authenticator apps

The authenticator method is more secure than 2FA via text message. It works on a principle known as TOTP, or “time-based one-time password”.

TOTP is more secure than SMS because a code is generated on your device rather than being sent across the network, where it might be intercepted.

The authenticator method uses apps such as Google Authenticator, LastPass, 1Password, Microsoft Authenticator, Authy and Yubico.

However, while it’s safer than 2FA via SMS, there have been reports of hackers stealing authentication codes from Android smartphones. They do this by tricking the user into installing malware (software designed to cause harm) that copies and sends the codes to the hacker.

The Android operating system is easier to hack than the iPhone iOS. Apple’s iOS is proprietary, while Android is open-source, making it easier to install malware on.

2FA using details unique to you

Biometric methods are another form of 2FA. These include fingerprint login, face recognition, retinal or iris scans, and voice recognition. Biometric identification is becoming popular for its ease of use.

Most smartphones today can be unlocked by placing a finger on the scanner or letting the camera scan your face – much quicker than entering a password or passcode.

However, biometric data can be hacked, too, either from the servers where they are stored or from the software that processes the data.

One case in point is last year’s Biostar 2 data breach in which nearly 28 million biometric records were hacked. BioStar 2 is a security system that uses facial recognition and fingerprinting technology to help organisations secure access to buildings.

There can also be false negatives and false positives in biometric recognition. Dirt on the fingerprint reader or on the person’s finger can lead to false negatives. Also, faces can sometimes be similar enough to fool facial recognition systems.

Another type of 2FA comes in the form of personal security questions such as “what city did your parents meet in?” or “what was your first pet’s name?”




Read more:
Don’t be phish food! Tips to avoid sharing your personal information online


Only the most determined and resourceful hacker will be able to find answers to these questions. It’s unlikely, but still possible, especially as more of us adopt public online profiles.

Person looks at a social media post from a woman, on their mobile.
Often when we share our lives on the internet, we fail to consider what kinds of people may be watching.
Shutterstock

2FA remains best practice

Despite all of the above, the biggest vulnerability to being hacked is still the human factor. Successful hackers have a bewildering array of psychological tricks in their arsenal.

A cyber attack could come as a polite request, a scary warning, a message ostensibly from a friend or colleague, or an intriguing “clickbait” link in an email.

The best way to protect yourself from hackers is to develop a healthy amount of scepticism. If you carefully check websites and links before clicking through and also use 2FA, the chances of being hacked become vanishingly small.

The bottom line is that 2FA is effective at keeping your accounts safe. However, try to avoid the less secure SMS method when given the option.

Just as burglars in the real world focus on houses with poor security, hackers on the internet look for weaknesses.

And while any security measure can be overcome with enough effort, a hacker won’t make that investment unless they stand to gain something of greater value.The Conversation

David Tuffley, Senior Lecturer in Applied Ethics & CyberSecurity, Griffith University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Private browsing: What it does – and doesn’t do – to shield you from prying eyes on the web



The major browsers have privacy modes, but don’t confuse privacy for anonymity.
Oleg Mishutin/iStock via Getty Images

Lorrie Cranor, Carnegie Mellon University and Hana Habib, Carnegie Mellon University

Many people look for more privacy when they browse the web by using their browsers in privacy-protecting modes, called “Private Browsing” in Mozilla Firefox, Opera and Apple Safari; “Incognito” in Google Chrome; and “InPrivate” in Microsoft Edge.

These private browsing tools sound reassuring, and they’re popular. According to a 2017 survey, nearly half of American internet users have tried a private browsing mode, and most who have tried it use it regularly.

However, our research has found that many people who use private browsing have misconceptions about what protection they’re gaining. A common misconception is that these browser modes allow you to browse the web anonymously, surfing the web without websites identifying you and without your internet service provider or your employer knowing what websites you visit. The tools actually provide much more limited protections.

Other studies conducted by the Pew Research Center and the privacy-protective search engine company DuckDuckGo have similar findings. In fact, a recent lawsuit against Google alleges that internet users are not getting the privacy protection they expect when using Chrome’s Incognito mode.

How it works

While the exact implementation varies from browser to browser, what private browsing modes have in common is that once you close your private browsing window, your browser no longer stores the websites you visited, cookies, user names, passwords and information from forms you filled out during that private browsing session.

Essentially, each time you open a new private browsing window you are given a “clean slate” in the form of a brand new browser window that has not stored any browsing history or cookies. When you close your private browsing window, the slate is wiped clean again and the browsing history and cookies from that private browsing session are deleted. However, if you bookmark a site or download a file while using private browsing mode, the bookmarks and file will remain on your system.

Although some browsers, including Safari and Firefox, offer some additional protection against web trackers, private browsing mode does not guarantee that your web activities cannot be linked back to you or your device. Notably, private browsing mode does not prevent websites from learning your internet address, and it does not prevent your employer, school or internet service provider from seeing your web activities by tracking your IP address.

Reasons to use it

We conducted a research study in which we identified reasons people use private browsing mode. Most study participants wanted to protect their browsing activities or personal data from other users of their devices. Private browsing is actually pretty effective for this purpose.

We found that people often used private browsing to visit websites or conduct searches that they did not want other users of their device to see, such as those that might be embarrassing or related to a surprise gift. In addition, private browsing is an easy way to log out of websites when borrowing someone else’s device – so long as you remember to close the window when you are done.

Smart phone displaying Google incognito mode
Private browsing can help cover your internet tracks by automatically deleting your browsing history and cookies when you close the browser.
Avishek Das/SOPA Images/LightRocket via Getty Images

Private browsing provides some protection against cookie-based tracking. Since cookies from your private browsing session are not stored after you close your private browsing window, it’s less likely that you will see online advertising in the future related to the websites you visit while using private browsing.

[Get the best of The Conversation, every weekend. Sign up for our weekly newsletter.]

Additionally, as long as you have not logged into your Google account, any searches you make will not appear in your Google account history and will not affect future Google search results. Similarly, if you watch a video on YouTube or other service in private browsing, as long as you are not logged into that service, your activity does not affect the recommendations you get in normal browsing mode.

What it doesn’t do

Private browsing does not make you anonymous online. Anyone who can see your internet traffic – your school or employer, your internet service provider, government agencies, people snooping on your public wireless connection – can see your browsing activity. Shielding that activity requires more sophisticated tools that use encryption, like virtual private networks.

Private browsing also offers few security protections. In particular, it does not prevent you from downloading a virus or malware to your device. Additionally, private browsing does not offer any additional protection for the transmission of your credit card or other personal information to a website when you fill out an online form.

It is also important to note that the longer you leave your private browsing window open, the more browsing data and cookies it accumulates, reducing your privacy protection. Therefore, you should get in the habit of closing your private browsing window frequently to wipe your slate clean.

What’s in a name

It is not all that surprising that people have misconceptions about how private browsing mode works; the word “private” suggests a lot more protection than these modes actually provide.

Furthermore, a 2018 research study found that the disclosures shown on the landing pages of private browsing windows do little to dispel misconceptions that people have about these modes. Chrome provides more information about what is and is not protected than most of the other browsers, and Mozilla now links to an informational page on the common myths related to private browsing.

However, it may be difficult to dispel all of these myths without changing the name of the browsing mode and making it clear that private browsing stops your browser from keeping a record of your browsing activity, but it isn’t a comprehensive privacy shield.The Conversation

Lorrie Cranor, Professor of Computer Science and of Engineering & Public Policy, Carnegie Mellon University and Hana Habib, Graduate Research Assistant at the Institute for Software Research, Carnegie Mellon University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Don’t be phish food! Tips to avoid sharing your personal information online



Shutterstock

Nik Thompson, Curtin University

Data is the new oil, and online platforms will siphon it off at any opportunity. Platforms increasingly demand our personal information in exchange for a service.

Avoiding online services altogether can limit your participation in society, so the advice to just opt out is easier said than done.

Here are some tricks you can use to avoid giving online platforms your personal information. Some ways to limit your exposure include using “alternative facts”, using guest check-out options, and a burner email.

Alternative facts

While “alternative facts” is a term coined by White House press staff to describe factual inaccuracies, in this context it refers to false details supplied in place of your personal information.




Read more:
Hackers are now targeting councils and governments, threatening to leak citizen data


This is an effective strategy to avoid giving out information online. Though platforms might insist you complete a user profile, they can do little to check if that information is correct. For example, they can check whether a phone number contains the correct amount of digits, or if an email address has a valid format, but that’s about it.

When a website requests your date of birth, address, or name, consider how this information will be used and whether you’re prepared to hand it over.

There’s a distinction to be made between which platforms do or don’t warrant using your real information. If it’s an official banking or educational institute website, then it’s important to be truthful.

But an online shopping, gaming, or movie review site shouldn’t require the same level of disclosure, and using an alternative identity could protect you.

Secret shopper

Online stores and services often encourage users to set up a profile, offering convenience in exchange for information. Stores value your profile data, as it can provide them additional revenue through targeted advertising and emails.

But many websites also offer a guest checkout option to streamline the purchase process. After all, one thing as valuable as your data is your money.

So unless you’re making very frequent purchases from a site, use guest checkout and skip profile creation altogether. Even without disclosing extra details, you can still track your delivery, as tracking is provided by transport companies (and not the store).

Also consider your payment options. Many credit cards and payment merchants such as PayPal provide additional buyer protection, adding another layer of separation between you and the website.

Avoid sharing your bank account details online, and instead use an intermediary such as PayPal, or a credit card, to provide additional protection.

If you use a credit card (even prepaid), then even if your details are compromised, any potential losses are limited to the card balance. Also, with credit cards this balance is effectively the bank’s funds, meaning you won’t be charged out of pocket for any fraudulent transactions.

Burner emails

An email address is usually the first item a site requests.

They also often require email verification when a profile is created, and that verification email is probably the only one you’ll ever want to receive from the site. So rather than handing over your main email address, consider a burner email.

This is a fully functional but disposable email address that remains active for about 10 minutes. You can get one for free from online services including Maildrop, Guerilla Mail and 10 Minute Mail.

Just make sure you don’t forget your password, as you won’t be able to recover it once your burner email becomes inactive.

The 10 Minute Mail website offers free burner emails.
screenshot

The risk of being honest

Every online profile containing your personal information is another potential target for attackers. The more profiles you make, the greater the chance of your details being breached.

A breach in one place can lead to others. Names and emails alone are sufficient for email phishing attacks. And a phish becomes more convincing (and more likely to succeed) when paired with other details such as your recent purchasing history.

Surveys indicate about half of us recycle passwords across multiple sites. While this is convenient, it means if a breach at one site reveals your password, then attackers can hack into your other accounts.

In fact, even just an email address is a valuable piece of intelligence, as emails are used as a login for many sites, and a login (unlike a password) can sometimes be impossible to change.

Obtaining your email could open the door for targeted attacks on your other accounts, such as social media accounts.




Read more:
The ugly truth: tech companies are tracking and misusing our data, and there’s little we can do


In “password spraying” attacks“, cybercriminals test common passwords against many emails/usernames in hopes of landing a correct combination.

The bottom line is, the safest information is the information you never release. And practising alternatives to disclosing your true details could go a long way to limiting your data being used against you.The Conversation

Nik Thompson, Senior Lecturer, Curtin University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

There is no specific crime of catfishing. But is it illegal?



http://www.shutterstock.com

Marilyn McMahon, Deakin University and Paul McGorrery, Deakin University

Twenty-year-old Sydney woman Renae Marsden died by suicide after she was the victim of an elaborate catfishing scam.

A recent coronial investigation into her 2013 death found no offence had been committed by the perpetrator, revealing the difficulties of dealing with this new and emerging phenomenon.

While we wait for law reform in this area, we think police and prosecutors could make better use of our existing laws to deal with these sorts of behaviours.

What is catfishing?

“Catfishing” occurs when a person creates a fake profile on social media in order to deceive someone else and abuse them, take their money or otherwise
manipulate and control them.

While statistics about the prevalence of catfishing are elusive, popular dating sites such as eHarmony and the Australian government’s eSafety Commission offer advice about spotting catfishers.




Read more:
From catfish to romance fraud, how to avoid getting caught in any online scam


Catfishing is also the subject of an MTV reality series, major Hollywood films, and psychological research on why people do it.

Dangerous, damaging but not a specific crime

There is no specific crime of catfishing in Australia. But there are many different behaviours involved in catfishing, which can come under various existing offences.

One of these is financial fraud. In 2018, a Canberra woman pleaded guilty to 10 fraud offences after she created an elaborate and false online profile on a dating website. She befriended at least ten men online, then lied to them about having cancer and other illnesses and asked them to help her pay for treatment. She obtained more than $300,000.

Catfishers create fake online profiles to deceive others.
http://www.shutterstock.com

Another crime associated with catfishing is stalking. In 2019, a Victorian woman was convicted of stalking and sentenced to two years and eight months jail after she created a Facebook page where she pretended to be Australian actor Lincoln Lewis. This case is currently subject to an appeal.

The grey area of psychological and emotional abuse

When catfishing doesn’t involve fraud or threats, but involves psychological and emotional manipulation, it can be more difficult to obtain convictions.

One of the most notorious cases occurred more than a decade ago in the United States. Missouri mother Lori Drew catfished a teenager she believed had been unkind to her daughter.




Read more:
Have you caught a catfish? Online dating can be deceptive


With the help of her daughter and young employee, Drew created a fake MySpace profile as a teenage boy and contacted the 13-year-old victim. Online flirting took place until the relationship was abruptly ended. The victim was told that “the world would be a better place without her”. Later that day, she killed herself.

Because the harm suffered by the victim was not physical but psychological, and had been perpetrated online, prosecutors had trouble identifying an appropriate criminal charge.

Eventually, Drew was charged with computer fraud and found guilty. But the conviction was overturned in 2009 when an appeal court concluded the legislation was never meant to capture this type of behaviour.

Renae Marsden’s case

The harm done to Marsden was also psychological and emotional. She was deliberately deceived and psychologically manipulated through the creation of a fake online identity by one of her oldest female friends.

Marsden thought she had met a man online who would become her husband. For almost two years, they exchanged thousands of text and Facebook messages. Marsden ended an engagement to another man so that she could be with the man she met online. They planned their wedding.

When he abruptly ended the relationship, Marsden ended her life.

The coroner described the conduct of Marsden’s catfisher as “appalling” and an “extreme betrayal”, but found that no offence had been committed. She observed:

Where ‘catfishing’ is without threat or intimidation or is not for monetary gain, then the conduct appears to be committed with the intent to coerce and control someone for the purpose of a wish fulfilment or some other gratification. Though such conduct may cause the recipient mental and or physical harm because it is not conduct committed with the necessary intent it falls outside the parameters of a known State criminal offence.

Existing laws like manslaughter could apply

We disagree with the coroner’s conclusion. We think that existing state criminal offences might capture some of this behaviour.

In particular, deliberately deceptive and psychologically manipulative online conduct, resulting in the death of a victim by suicide, could potentially make a perpetrator liable for manslaughter.

This is because a perpetrator who commits the offence of recklessly causing grievous bodily harm (which may include psychological harm), in circumstances where a reasonable person would realise this exposed the victim to an appreciable risk of serious injury, could be liable for the crime of “manslaughter by unlawful and dangerous act”.

Such prosecutions can and should be contemplated as an appropriate response to the serious wrongdoing that has occurred.

Where to from here?

Marsden’s parents are pushing for catfishing to be made illegal.

Teresa and Mark Marsden want catfishing to be made illegal.
Dean Lewis/AAP

The coroner chose not to recommend a specific offence of catfishing, noting:

there are complex matters which were not canvassed at the inquest which need to be taken into account before any coronial recommendation involving the introduction of criminal legislation.

But the report did recommend a closer look at making “coercive control” an offence.

Coercive control involves a wide range of controlling behaviours and could potentially criminalise the sort of psychologically and emotionally abusive conduct Marsden experienced.

It is also on the political agenda. In March, New South Wales Attorney-General Mark Speakman announced he would consult on possible new “coercive control” laws.




Read more:
It’s time ‘coercive control’ was made illegal in Australia


We note, however, that the coercive control discussion is happening in the context of domestic violence. Whether prospective new laws can or should extend to catfishing will require careful consideration and drafting.

While we wait for a new offence, we should also ensure that we make use of the laws we already have to protect people from the devastating damage that can be done by catfishing.The Conversation

Marilyn McMahon, Deputy Dean, School of Law, Deakin University and Paul McGorrery, PhD Candidate in Criminal Law, Deakin University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Trump’s Twitter tantrum may wreck the internet


Michael Douglas, University of Western Australia

US President Donald Trump, who tweeted more than 11,000 times in the first two years of his presidency, is very upset with Twitter.

Earlier this week Trump tweeted complaints about mail-in ballots, alleging voter fraud – a familiar Trump falsehood. Twitter attached a label to two of his tweets with links to sources that fact–checked the tweets, showing Trump’s claims were unsubstantiated.

Trump retaliated with the power of the presidency. On May 28 he made an “Executive Order on Preventing Online Censorship”. The order focuses on an important piece of legislation: section 230 of the Communications Decency Act 1996.




Read more:
Can you be liable for defamation for what other people write on your Facebook page? Australian court says: maybe


What is section 230?

Section 230 has been described as “the bedrock of the internet”.

It affects companies that host content on the internet. It provides in part:

(2) Civil liability. No provider or user of an interactive computer service shall be held liable on account of

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

This means that, generally, the companies behind Google, Facebook, Twitter and other “internet intermediaries” are not liable for the content on their platforms.

For example, if something defamatory is written by a Twitter user, the company Twitter Inc will enjoy a shield from liability in the United States even if the author does not.




Read more:
A push to make social media companies liable in defamation is great for newspapers and lawyers, but not you


Trump’s executive order

Within the US legal system, an executive order is a “signed, written, and published directive from the President of the United States that manages operations of the federal government”. It is not legislation. Under the Constitution of the United States, Congress – the equivalent of our Parliament – has the power to make legislation.

Trump’s executive order claims to protect free speech by narrowing the protection section 230 provides for social media companies.

The text of the order includes the following:

It is the policy of the United States that such a provider [who does not act in “good faith”, but stifles viewpoints with which they disagree] should properly lose the limited liability shield of subparagraph (c)(2)(A) and be exposed to liability like any traditional editor and publisher that is not an online provider …

To advance [this] policy … all executive departments and agencies should ensure that their application of section 230 (c) properly reflects the narrow purpose of the section and take all appropriate actions in this regard.

The order attempts to do a lot of other things too. For example, it calls for the creation of new regulations concerning section 230, and what “taken in good faith” means.

The reaction

Trump’s action has some support. Republican senator Marco Rubio said if social media companies “have now decided to exercise an editorial role like a publisher, then they should no longer be shielded from liability and treated as publishers under the law”.

Critics argue the order threatens, rather than protects, freedom of speech, thus threatening the internet itself.

The status of this order within the American legal system is an issue for American constitutional lawyers. Experts were quick to suggest the order is unconstitutional; it seems contrary to the separation of powers enshrined in the US Constitution (which partly inspired Australia’s Constitution).

Harvard Law School constitutional law professor Laurence Tribe has described the order as “totally absurd and legally illiterate”.

That may be so, but the constitutionality of the order is an issue for the US judiciary. Many judges in the United States were appointed by Trump or his ideological allies.

Even if the order is legally illiterate, it should not be assumed it will lack force.

What this means for Australia

Section 230 is part of US law. It is not in force in Australia. But its effects are felt around the globe.

Social media companies who would otherwise feel safe under section 230 may be more likely to remove content when threatened with legal action.

The order might cause these companies to change their internal policies and practices. If that happens, policy changes could be implemented at a global level.

Compare, for example, what happened when the European Union introduced its General Data Protection Regulation (GDPR). Countless companies in Australia had to ensure they were meeting European standards. US-based tech companies such as Facebook changed their privacy policies and disclosures globally – they did not want to meet two different privacy standards.

If section 230 is diminished, it could also impact Australian litigation by providing another target for people who are hurt by damaging content on social media, or accessible by internet search. When your neighbour defames you on Facebook, for example, you can sue both the neighbour and Facebook.

That was already the law in Australia. But with a toothless section 230, if you win, the judgement could be enforceable in the US.

Currently, suing certain American tech companies is not always a good idea. Even if you win, you may not be able to enforce the Australian judgement overseas. Tech companies are aware of this.

In 2017 litigation, Twitter did not even bother sending anyone to respond to litigation in the Supreme Court of New South Wales involving leaks of confidential information by tweet. When tech companies like Google have responded to Aussie litigation, it might be understood as a weird brand of corporate social responsibility: a way of keeping up appearances in an economy that makes them money.

A big day for ‘social media and fairness’?

When Trump made his order, he called it a big day for “fairness”. This is standard Trump fare. But it should not be dismissed outright.

As our own Australian Competition and Consumer Commission recognised last year in its Digital Platforms Inquiry, companies such as Twitter have enormous market power. Their exercise of that power does not always benefit society.

In recent years, social media has advanced the goals of terrorists and undermined democracy. So if social media companies can be held legally liable for some of what they cause, it may do some good.

As for Twitter, the inclusion of the fact check links was a good thing. It’s not like they deleted Trump’s tweets. Also, they’re a private company, and Trump is not compelled to use Twitter.

We should support Twitter’s recognition of its moral responsibility for the dissemination of information (and misinformation), while still leaving room for free speech.

Trump’s executive order is legally illiterate spite, but it should prompt us to consider how free we want the internet to be. And we should take that issue more seriously than we take Trump’s order.The Conversation

Michael Douglas, Senior Lecturer in Law, University of Western Australia

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Internet traffic is growing 25% each year. We created a fingernail-sized chip that can help the NBN keep up


<

This tiny micro-comb chip produces a precision rainbow of light that can support transmission of 40 terabits of data per second in standard optic fibres.
Corcoran et al., N.Comms., 2020, CC BY-SA

Bill Corcoran, Monash University

Our internet connections have never been more important to us, nor have they been under such strain. As the COVID-19 pandemic has made remote working, remote socialisation, and online entertainment the norm, we have seen an unprecedented spike in society’s demand for data.

Singapore’s prime minister declared broadband to be essential infrastructure. The European Union asked streaming services to limit their traffic. Video conferencing service Zoom was suddenly unavoidable. Even my parents have grown used to reading to my four-year-old over Skype.

In Australia telecommunications companies have supported this growth, with Telstra removing data caps on users and the National Broadband Network (NBN) enabling ISPs to expand their network capacity. In fact, the NBN saw its highest ever peak capacity of 13.8 terabits per second (or Tbps) on April 8 this year. A terabit is one trillion bits, and 1 Tbps is the equivalent of about 40,000 standard NBN connections.




Read more:
Around 50% of homes in Sydney, Melbourne and Brisbane have the oldest NBN technology


This has given us a glimpse of the capacity crunch we could be facing in the near future, as high-speed 5G wireless connections, self-driving cars and the internet of things put more stress on our networks. Internet traffic is growing by 25% each year as society becomes increasingly connected.

We need new technological solutions to expand data infrastructure, without breaking the bank. The key to this is making devices that can transmit and receive massive amounts of data using the optical fibre infrastructure we have already spent time and money putting into the ground.

A high-speed rainbow

Fortunately, such a device is at hand. My colleagues and I have demonstrated a new fingernail-sized chip that can transmit data at 40 Tbps through a single optical fibre connection of the same kind used in the NBN. That’s about three times the record data rate for the entire NBN network and about 100 times the speed of any single device currently used in Australian fibre networks.

The chip uses an “optical micro-comb” to create a rainbow of infrared light that allows data to be transmitted with many frequencies of light at the same time. Our results are published in Nature Communications today.

This collaboration, between Monash, RMIT and Swinburne universities in Melbourne, and international partners (INRS, CIOPM Xi’an, CityU Hong Kong), is the first “field-trial” of an optical micro-comb system, and a record capacity for such a device.

The internet runs on light

Optical fibres have formed the backbone of our communication systems since the late 1980s. The fibres that link the world together carry light signals that are periodically boosted by optical amplifiers which can transmit light with a huge range of wavelengths.

To make the most of this range of wavelengths, different information is sent using signals of different infrared “colours” of light. If you’ve ever seen a prism split up white light into separate colours, you’ve got an insight into how this works – we can add a bunch of these colours together, send the combined signal through a single optical fibre, then split it back up again into the original colours at the other end.




Read more:
What should be done with the NBN in the long run?


Making powerful rainbows from tiny chips

Optical micro-combs are tiny gadgets that in essence use a single laser, a temperature-controlled chip, and a tiny ring called an optical resonator to send out signals using many different wavelengths of light.

(left) Micrograph of the optical ring resonator on the chip. Launching light from a single laser into this chip generates over 100 new laser lines (right). We use 80 lines in the optical C-band (right, green shaded) for our communications system demonstration.
Corcoran et al, N.Comms, 2020

Optical combs have had a major impact on a massive range of research in optics and photonics. Optical microcombs are miniature devices that can produce optical combs, and have been used in a wide range of exciting demonstrations, including optical communications.

The key to micro-combs are optical resonator structures, tiny rings (see picture above) that when hit with enough light convert the incoming single wavelength into a precise rainbow of wavelengths.

The demonstration

The test was carried out on a 75-km optical fibre loop in Melbourne.

For our demonstration transmitting data at 40 Tbps, we used a novel kind of micro-comb called a “soliton crystal” that produces 80 separate wavelengths of light that can carry different signals at the same time. To prove the micro-comb could be used in a real-world environment, we transmitted the data through installed optical fibres in Melbourne (provided by AARNet) between RMIT’s City campus and Monash’s Clayton campus and back, for a round trip of 75 kilometres.

This shows that the optical fibres we have in the ground today can handle huge capacity growth, simply by changing what we plug into those fibres.

What’s next?

There is more work to do! Monash and RMIT are working together to make the micro-comb devices more flexible and simpler to run.

Putting not only the micro-comb, but also the modulators that turn an electrical signal into an optical signal, on a single chip is a tremendous technical challenge.

There are new frontiers of optical communications to explore with these micro-combs, looking at using parallel paths in space, improving data rates for satellite communications, and in making “light that thinks”: artificial optical neural networks. The future is bright for these tiny rainbows.


We gratefully acknowledge support from Australia’s Academic Research Network (AARNet) for supporting our access to the field-trial cabling through the Australian Lightwave Infrastructure Research Testbed (ALIRT), and in particular Tim Rayner, John Nicholls, Anna Van, Jodie O’Donohoe and Stuart Robinson.The Conversation

Bill Corcoran, Lecturer & Research Fellow, Monash Photonic Communications Lab & InPAC, Monash University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The darknet – a wild west for fake coronavirus ‘cures’? The reality is more complicated (and regulated)



Shutterstock

James Martin, Swinburne University of Technology

The coronavirus pandemic has spawned reports of unregulated health products and fake cures being sold on the dark web. These include black market PPE, illicit medications such as the widely touted “miracle” drug chloroquine, and fake COVID-19 “cures” including blood supposedly from recovered coronavirus patients.

These dealings have once again focused public attention on this little-understood section of the internet. Nearly a decade since it started being used on a significant scale, the dark web continues to be a lucrative safe haven for traders in a range of illegal goods and services, especially illicit drugs.

Black market trading on the dark web is carried out primarily through darknet marketplaces or cryptomarkets. These are anonymised trading platforms that directly connect buyers and sellers of a range of illegal goods and services – similar to legitimate trading websites such as eBay.

So how do darknet marketplaces work? And how much illegal trading of COVID-19-related products is happening via these online spaces?




Read more:
Dark web, not dark alley: why drug sellers see the internet as a lucrative safe haven


Not a free-for-all

There are currently more than a dozen darknet marketplaces in operation. Protected by powerful encryption technology, authorities around the world have largely failed to contain their growth. A steadily increasing proportion of illicit drug users around the world report sourcing their drugs online. In Australia, we have one of the world’s highest concentrations of darknet drug vendors per capita.

Contrary to popular belief, cryptomarkets are not the “lawless spaces” they’re often presented as in the news. Market prohibitions exist on all mainstream cryptomarkets. Universally prohibited goods and services include: hitman services, trafficked human organs and snuff movies.

Although cryptomarkets lie outside the realm of state regulation, each one is set up and maintained by a central administrator who, along with employees or associates, is responsible for the market’s security, dispute resolution between buyers and sellers, and the charging of commissions on transactions.

Administrators are also ultimately responsible for determining what can and can’t be sold on their cryptomarket. These decisions are likely informed by:

  • the attitudes of the surrounding community comprising buyers and sellers
  • the extent of consumer demand and supply for certain products
  • the revenues a site makes from commissions charged on transactions
  • and the perceived “heat” that may be attracted from law enforcement in the trading of particularly dangerous illegal goods and services.



Read more:
Illuminating the ‘dark web’


Experts delve into the dark web

A report from the Australian National University published last week looks at several hundred coronavirus-related products for sale across a dozen cryptomarkets, including supposed vaccines and antidotes.

While the study confirms some unscrupulous dark web traders are indeed exploiting the pandemic and seeking to defraud naïve customers, this information should be contextualised with a couple of important caveats.

Firstly, the number of dodgy covid-related products for sale on the dark web is relatively small. According to this research, they account for about 0.2% of all listed items. The overwhelming majority of products were those we are already familiar with – particularly illicit drugs such as cannabis and MDMA.

Also, while the study focused on products listed for sale, these are most likely listings for products that either do no exist or are listed with the specific intention to defraud a customer.

Thus, the actual sale of fake coronavirus “cures” on the dark web is likely minimal, at best.

A self-regulating entity

By far the most commonly traded products on cryptomarkets are illicit drugs. Smaller sub-markets exist for other products such as stolen credit card information and fraudulent identity documents.

This isn’t to say extraordinarily dangerous and disturbing content, such as child exploitation material, can’t be found on the dark web. Rather, the sites that trade in such “products” are segregated from mainstream cryptomarkets, in much the same way convicted paedophiles are segregated from mainstream prison populations.

Since the outbreak of the coronavirus, dark web journalist and author Eileen Ormsby reported some cryptomarkets have quickly imposed bans on vendors seeking to profit from the pandemic. For instance, the following was tweeted by one cryptomarket administrator:

Any vendor caught flogging goods as a “cure” to coronavirus will not only be permanently removed from this market but should be avoided like the Spanish Flu. You are about to ingest drugs from a stranger on the internet –- under no circumstances should you trust any vendor that is using COVID-19 as a marketing tool to peddle tangible/already questionable goods. I highly doubt many of you would fall for that shit to begin with but you know, dishonest practice is never a good sign and a sure sign to stay away.

So it seems, despite the activities of a few dodgy operators, the vast majority of dark web traders are steering clear of exploiting the pandemic for their own profit. Instead, they are sticking to trading in products they can genuinely supply, such as illicit drugs.




Read more:
What is the dark web and how does it work?


The Conversation


James Martin, Associate Professor in Criminology, Swinburne University of Technology

This article is republished from The Conversation under a Creative Commons license. Read the original article.