We LOST More of Our Privacy in 2023. A Bad Year: Year Review
Summary
TLDREl año 2023 fue un año desafiante para la privacidad, con intrusión gubernamental y adopción de leyes invasivas en el Reino Unido y la UE. La industria tecnológica enfrenta presiones para implementar escaneo de contenido y la vigilancia de notificaciones push. A pesar de los intentos de reformas, la ley FISA se renueva, perpetuando la vigilancia masiva. La respuesta a estas amenazas a la privacidad incluye educación y el uso de tecnologías como teléfonos libres de Google, VPN y servicios de correo electrónico que protejan la identidad y el privacidad.
Takeaways
- 🌐 El año 2023 fue un año difícil para la privacidad, con intrusión gubernamental en nuestras vidas.
- 📜 La pérdida de privacidad más grande ocurrió en el Reino Unido y puede afectarnos a nivel global.
- 🧐 Se rechazó la ley de la UE sobre CSAM (material de explotación infantil), pero se aprobó un nuevo movimiento que aumentará la vigilancia masiva.
- 🇺🇸 Las cortes estadounidenas estuvieron ocupadas con los disturbios del 6 de enero en la Capital, lo que dejó en evidencia la vigilancia sin orden judicial.
- 📱 Apple y Google admitieron que la vigilancia de las notificaciones push de teléfonos móviles ha estado en marcha.
- 🔍 Se ha promovido una técnica llamada escaneo del lado del cliente para identificar y reportar CSAM, lo que requiere la ruptura de la encriptación.
- 🔗 La协调推动 por parte del Congreso de EE. UU., los legisladores del Reino Unido y la UE para combatir el llamado威胁 de CSAM fue casi completamente sincronizada.
- 🛑 El escaneo del lado del cliente es un enfoque de sledgehammer para la vigilancia que puede detectar cualquier tipo de contenido.
- 📈 La revelación de que las notificaciones push están siendo vigiladas por las fuerzas del orden es preocupante, ya que la mayoría de estas no están encriptadas.
- 📍 Los datos de ubicación, como los proporcionados por Google durante los disturbios del 6 de enero, pueden ser utilizados selectivamente según la conveniencia política del gobierno.
- 🌐 La UE busca implementar tarjetas de identificación nacional estándar para sus ciudadanos y crear un certificado raíz para la entidad EU, lo que podría comprometer la seguridad de la web.
- 🔄 La renovación de la ley FISA por el Congreso demuestra la falta de voluntad para reformar la vigilancia masiva y proteger la privacidad.
Q & A
¿Qué evento significativo sucedió en el Reino Unido en 2023 en cuanto a la privacidad?
-El Reino Unido aprobó el Acta de Seguridad Online, que establece la responsabilidad de construir mecanismos de escaneo de contenido pre-encriptado en cada plataforma, lo que representa una amenaza para la privacidad.
¿Qué es CESAM y por qué se considera una preocupación para las leyes de privacidad?
-CESAM se refiere a imágenes relacionadas con la explotación infantil. La preocupación es que se utiliza como una justificación para romper la encriptación y permitir que las plataformas扫描内容 pre-encriptado, lo que podría extenderse a otras formas de vigilancia.
¿Qué es el escaneo del lado del cliente y cómo se implementó Apple en 2022?
-El escaneo del lado del cliente es una técnica en la que se escanea el contenido de los dispositivos para identificar material ilegal, como imágenes de explotación infantil. Apple implementó una versión de este escaneo en sus dispositivos, pero después de recibir críticas, decidió posponer el proyecto.
¿Qué reveló el registro de la corte sobre las notificaciones push?
-El registro de la corte reveló que las notificaciones push están siendo supervisadas por las fuerzas del orden, y que en muchos casos, estas notificaciones no están encriptadas, lo que facilita el acceso estatal a todos los contenidos de notificación en un dispositivo.
¿Qué es la geofencing y cómo se utiliza en la vigilancia selectiva?
-La geofencing es un método de vigilancia que utiliza coordenadas GPS para delinear un área y luego determinar un período de tiempo para solicitar a las compañías como Google y Apple que proporcionen información de ubicación de los dispositivos dentro de esa área.
¿Qué es el Google Sensor Vault y por qué es preocupante?
-El Google Sensor Vault es una base de datos de información de ubicación proporcionada voluntariamente por Google, que se utiliza para identificar a las personas en el edificio del Capitolio el 6 de enero. Esto es preocupante porque demuestra que la ubicación de los ciudadanos es rastreada constantemente y puede ser utilizada selectivamente.
¿Qué es la Ley de Tarjetas de Identidad Nacional Estandarizadas que la UE busca implementar?
-La Ley de Tarjetas de Identidad Nacional Estandarizadas es una propuesta de la UE para crear una tarjeta de identidad común para los ciudadanos de la UE, lo que podría tener implicaciones en la privacidad y la seguridad de los datos de los ciudadanos.
¿Qué es la Ley FISA y por qué se renovó en 2023?
-La Ley FISA, o Ley de Vigilancia de Inteligencia Extranjera, fue originalmente diseñada para supervisar a personas extranjeras en nombre de la seguridad nacional. Sin embargo, se ha utilizado para la vigilancia masiva y sin autorización de estadounidenses y extranjeros. Se renovó en 2023, lo que demuestra la falta de voluntad para reformar esta ley y limitar la vigilancia.
¿Qué sugiere el orador en el video para proteger la privacidad en línea?
-El orador sugiere varias soluciones, como el uso de un teléfono 'degoogle' para proteger la identidad y evitar la geofencing, un servicio VPN para protegerse de la vigilancia masiva y ataques 'man in the middle', y el uso de un servicio de correo electrónico que proteja la información de identidad.
Outlines
📉 2023: Un año difícil para la privacidad
El año 2023 fue un desafío para la privacidad, con intrusiones gubernamentales y narrativas confusas que sugieren que las medidas son para el bien del ciudadano. A pesar de algunos retrasos en la adopción de leyes invasivas, el mayor retroceso fue en el Reino Unido, con implicaciones globales. La UE también está promoviendo medidas de vigilancia masiva. En los Estados Unidos, las riotes del 6 de enero揭露了 la existencia de vigilancia sin orden judicial, y la renovación de la ley FISA en diciembre reafirmó la justificación para la vigilancia en la ley, sin recourse para el ciudadano promedio.
🛡️ La lucha contra el CESAM y la vigilancia de las notificaciones push
Se ha promovido una ley para combatir el CESAM (material relacionado con la explotación infantil), que se utiliza como excusa para justificar la quebra de la encriptación. La propuesta requiere que las plataformas sean proactivas en la identificación y reporte de dichas imágenes, lo que implica la implementación de escaneo de lado del cliente, como Apple propuso en 2022. Aunque la UE no pasó la ley de CESAM, el Reino Unido aprobó el Online Safety Act, lo que obliga a las plataformas a construir mecanismos de escaneo de contenido, y las notificaciones push también han sido objeto de vigilancia por parte del gobierno.
📱 Geofencing y la vigilancia de ubicación
El gobierno ha utilizado datos de ubicación para identificar a individuos presentes en el Capitolio el 6 de enero. La técnica de geofencing permite solicitar a Google y Apple información de ubicación de dispositivos en áreas específicas. Google ha proporcionado esta información voluntariamente bajo el nombre de 'Google Sensor Vault'. Además, el gobierno está implementando tarjetas de identidad estándar para los ciudadanos de la UE y creando un certificado raíz para la UE, lo que podría permitir la emisión de certificados falsos y la quebra de la encriptación web.
🚨 Renovación de la ley FISA y la lucha por la privacidad
La ley FISA ha sido renovada nuevamente por el Congreso, lo que perpetúa la vigilancia masiva y secreta, incluso en contra de ciudadanos estadounidenses. A pesar de los esfuerzos de grupos de defensa de la privacidad para reformar FISA, no se han logrado cambios significativos. En 2023, la privacidad continuó su declive, y se prevé que esta tendencia continúe. Para combatir esto, se han desarrollado soluciones como teléfonos 'degoogle' y servicios de VPN que protegen la identidad y el IP, así como herramientas para proteger el correo electrónico.
Mindmap
Keywords
💡privacidad
💡intrusión gubernamental
💡vigilancia masiva
💡CESAM
💡escaneo del lado del cliente
💡geofencing
💡notificaciones push
💡FISA
💡certificados raíz
💡degoogle
💡VPN
💡alias de correo electrónico
Highlights
2023年对隐私权来说不是一个好的年份,特别是在政府侵入我们生活方面。
英国发生的最大的隐私损失可能会影响到我们,即使我们不在英国。
欧盟曾推迟了一个可能对隐私产生重大影响的危险法案,但现在他们有了新的举措,这将肯定增加大规模监控。
1月6日国会暴乱事件使一种我们目前可以命名的无证监控机制变得更加清晰。
12月,FISA法案再次被更新,监控的理由再次被嵌入法律中,而普通民众没有追索权。
苹果和谷歌终于承认,手机推送通知的监控已经存在一段时间。
今年,美国国会、英国和欧盟几乎协调一致地推动了所谓的对抗CESAM(与儿童虐待相关的图片)的威胁。
CESAM的说法是,它不能在加密平台上被观察到,所以解决方案是破解加密。
客户端扫描是一种对监控的大锤式方法,其中只有一小部分适用于CESAM。
苹果公司已经实现了客户端扫描,他们的论点是没有人类在检查照片,尽管决定照片内容的逻辑是内置在手机AI芯片本身的。
英国通过了在线安全法案,这基本上嵌入了构建客户端扫描的责任,每个平台都必须这样做。
由于英国的法律,每个平台都需要建立自己的基础设施,所以这只是开始。
如果你听到CESAM,假设你被愚弄了,国家想要破解加密,这通常是他们唯一关心的事情。
我们的推送通知正在被执法机构监视,这些推送通知在大多数情况下是完全未加密的。
政府可以使用位置数据有选择性地根据他们的政治目的或目的来识别人们的位置,这种方法称为地理围栏。
谷歌愿意并主动提供位置数据,甚至给位置数据库起了名字,叫做谷歌传感器保险库。
欧盟想要为欧盟公民实施标准化的国家身份证,并且还想创建一个欧盟实体的根证书。
FISA法案再次被国会更新,这是自1978年以来的外国情报监视法案。
FISA法案的实施是秘密的,它被用来对20万美国人进行无证监控。
隐私权每年都在减少,今年我们又遭受了一次重大打击。
Transcripts
2023 wasn't a particularly good year for
privacy particularly with government
intrusion to our lives as always the
narrative has been convoluted in such a
way that you actually think that things
are being done for your own good
worldwide there were some successes or
at least a delay in adopting privacy
invading laws but not entirely our
biggest privacy loss occurred in the UK
this can impact us even if we're not in
the UK the EU at one point pushed off a
dangerous bill that could have had major
effects on privacy however they have a
new move that will definitely increase
Mass surveillance with repercussions way
past the EU the courts were busy with
the January 6 Capital riots but that
exposed a kind of surveillance that we
can now attach a name to the mechanics
of warrantless surveillance become all
the more clear this December once again
the FIS of law was renewed and the
justification for surveillance is again
embedded in law without recourse to the
normal person and just as we thought
that that was it for the year we finally
get acknowledgement from Apple and
Google that surveillance of phone push
notifications has been in place for a
while let me explain to you what these
anti-privacy changes are and for the
most part they are the ones initiated by
the state the best ammunition against
these is to destroy the fake narratives
pushed by lawmakers and to make sure
those lawmakers do not get reelected
it's not an easy battle but our weapons
are based on education which I will try
to provide to you stay right
[Music]
there this year there was an almost
coordinated Push by the US Congress the
UK and EU lawmakers to battle the
so-called threat of cesam which are
photos related to child abuse the reason
this wording was specifically used is
because our gut reaction is that we need
to protect our kids and I'm sure the
focus groups measured the reaction of
the average person to see Sam and
without explaining the repercussions of
what they're selling it was an easy
thing to
push so let's dive deep been through
this specifically the claim is that each
platform needs to be proactive in
identifying child abuse photos and
Reporting these to law
enforcement however what a suspect is
that it was almost completely
coordinated with the EU UK and US
completely in sync with this messaging
the claim about cesam is that it is
something that cannot be observed on
encrypted platforms so the solution is
to break into to an encryption and that
will supposedly allow the policing of
cesam now this is the most important
part here supposedly in order to protect
kids from cesam they need to break into
an encryption right and the way to
implement this is through a technique
called client side scanning this is
something that Apple pushed in the prior
year in 2022 and they were left with a
decision to set this aside for now
because of the user backlash they
encountered now this triggered the
various State players to push this
Solution by embedding it into law
basically each state was pushing that
the responsibility for the presence of
cesam on their platforms belonged to the
platforms and if they took no action
they could be sued for the liability of
having such content many platforms
include some form of endtoend encryption
such as WhatsApp iMessage signal to name
a few this also exposes any cloud-based
feature like iCloud Microsoft One Drive
Google Drive Google photos and so on
though these are more easily surveilled
these platforms would be forced by these
laws to scan for Content supposedly that
could contain csab except here's the
main problem client size scanning is
basically a sledgehammer approach to
surveillance where only a tiny fraction
of it would apply to
cesam at least in the US so this whole
thing was about creating an
infrastructure that didn't exist before
I repeat the story because it showed the
history of three-letter agency thought
processes if you recall the 2015
terrorist shooting in San Bernardino
California Apple was being forced by the
FBI to Aid and unlock blocking the phone
of the terrorist Apple refused to comply
and I can understand why if they
provided a way to break into the iPhone
then no one would trust apple and it
would have been a major impact on their
business image but over the years
following the 2015 incident various CIA
directors took to the press and stated
that the solution to end to an
encryption was to collect the data prior
to
encryption this would then in theory
solve the encryption problem as it
relates to terrorists but terrorists
have not been common lately saying new
Boogeyman was needed and that's the
child
Predators the dangerous thing about this
that you should be aware of is that
apple found a way to have the AI on the
phone scan the content of the phone and
have that reported to HQ without a human
involved at least
initially this is the Apple
implementation of client side scanning
their argument is that no human is
examining the photos though the logic
for determining the content in a photo
is built into the phone AI chip itself
the problem once again with this
Sledgehammer approach is that the AI can
find any kind of content it did not be
connected to Children whatsoever or it
could be parents taking pictures of
their children and causing false
positives but the reality is that client
side scanning just requires Specific
Instructions to the AI to search for any
content for example it wouldn't be too
much of a stretch to assume that the AI
could identify subversive content at
least as it relates to the government in
power let me first tell you the status
of these various bills as they progress
through the various chambers of
lawmakers the EU failed to pass a cesam
law the US has not yet successfully
passed any of this laws however the bad
news is that the UK did pass the Online
safety act which basically embeds the
responsibility for building client size
getting to each
platform even if only the UK puts this
into law the problem is that each
platform has to build their own
mechanisms for scanning content pre-
encryption Apple already has this so
that is a big evil right there many
Apple Fans actually believe in the Apple
respon that they put this project on
hold what Apple did not acknowledge is
that the API or programming interface to
scan for images was already put into an
earlier version of iOS even
earlier and lately we've heard that this
API was also added to Mac OS so forget
about cesam now the tools to do client
size scanning are now part of every
Apple
device some testers were able to
intercept calls by the file manager to
use some of these image scanning apis
this was discussed heavily in a Louis
Rosman video again because of the UK law
likely each platform will need to build
their own infrastructure too so this is
just the beginning of this watch out
folks if you hear C Sam then assume
you're being fooled the state wants to
break into an encryption generally this
is the only thing important to them and
this technology already exists on Apple
products and likely coming to other
platforms near
you while Cam and client ey scanning are
on the Forefront of future actions it
was recently revealed and wired that our
push notifications are being surveilled
by law enforcement the thing about push
notifications is that in most cases
these are completely unencrypted so simp
simply by knowing which device to track
it becomes easy for a state to review
all push notifications to your device
this was revealed in court record and
brought to the Public's attention by
Senator Ron weiden and as usual when
these actions take place it is often
accompanied by a gag order on the
platform so we would not know about this
and other surveillance methods obviously
we already know from Snowden that there
are bunch of surveillance methods like
capturing email texting and phone
records the point is that these are
always stated as necessary for
protection against terrorists though it
will be interesting to note that the use
of these surveillance methods are not
connected to terrorists or foreign
persons one specific case used
notifications in a January 6 Capital
Riot case and I have more to say about
that
later
so beyond notifications the court record
specifically for the January 6 Capital
Riot cases showed that close to a
thousand people have been charged in the
capital riots based on location data
acquired from Google this is important
to understand Way Beyond the capital
Riot cases it's just that the government
was very eager to prosecute individuals
found in a capital building on January 6
though I do not recall where governments
have identified people involved in riots
and destruction of property in the
various riots around the country so
governments can use location data
selectively depending on their political
expediency or purpose this method of
identifying people's locations based on
the presence of their phone is called
geofencing you mark GPS coordinates of
the area you want to surveil and then
determine a time span and you can then
ask Google and apple to supply this
information I don't have specific
information on Apple's response to Geo
fencing since nothing is public that I'm
aware but Google has been providing the
data on locations willingly and even
gave the database of locations a name it
is called the Google sensor Vault we
know this because it is in the court
records I've discussed this in various
videos and I won't go into detail on
this in fact I explained it again in
last week's video but generally be aware
that your location is constantly tracked
on a phone
24/7 and you cannot turn this off unless
you have a the Google phone and worse
iPhones can be tracked even if you turn
the phone off since they turn into air
tags so just be aware of this technology
because it is used for for Dragnet in
many areas I wouldn't be surprised if a
large portion of the population has been
part of search results just by being
near places where crimes have occurred
this would victimize average citizens in
many big cities this would fall under
the category of warrantless digital
searches while the EU did us a good turn
by not passing the cesam related laws un
un fortunately we did not pass 2023
unscathed apparently the EU wants to
implement standardized national identity
cards for EU citizens now that part is
the business of the EU but they are
apparently implementing something else
that will impact us all the EU wants to
create a root certificate for the EU
entity and then this root certificate
will grant intermediate root certificate
authority to each country just so you
know it is very unusual to have a root
certificate be forced Upon Us by a
democratic government this is a policy
implemented in countries like Iran Cuba
China and so
on but the presence of a root
certificate that is not a valid rot
certificate Authority is very dangerous
as I explained in multiple recent videos
it allows that government to issue fake
certificates which can then be used to
break web encryption in cyber security
speech it allows a man in the middle to
capture Network traffic and observe it
this capability will be in the hands of
each EU country when this law gets
implemented apparently the browsers
would be banned by law from removing
these root
certificates and these are not really
true root certificates issued by valid
authorities they would be impos
certificates the same way Google Apple
and Microsoft imposes their root
certificate
on their devices without any check and
balance so in addition to the already
dangerous Ro certificates from Big Tech
we now will have governments to worry
about selective surveillance of web
traffic would become easy to do anywhere
in the world as long as you are in
cahoots with one of these EU countries
scary stuff and I personally feel that
web encryption is completely broken I
made a proposal to change the whole
public infrastructure to defend against
mitm or man in the middle that was in a
recent
video another highlight of 2023 is that
once again the fisa law has been renewed
by Congress fisa means the foreign
intelligence surveillance act originally
from 1978 it was meant to provide
judicial and congressional oversight on
investigations on foreign person
in the name of National Security this
law was changed rapidly though with the
passing of the Patriot Act as a result
of 9911 under Section 702 of the foreign
intelligence surveillance act the US
government engaged in Mass warrantless
surveillance of Americans and foreigners
phone calls text messages emails and
other electronic
communications information collected
under the law without a warrant can be
used to prosecute and imprison people
even for crimes that have nothing to do
with National Security First of all fisa
is implemented in secret second though
the original intent was to spy on
foreign persons the reality is that fisa
was used to spy on 200,000 us persons
fisa was abused constantly and fisa
courts really rubber stamped every
request once again Congress was weak
privacy group groups including the ACLU
and the Electronic Frontier Foundation
have lobbied for reform of fisa to put
limits on the surveillance but once
again they
failed it failed because we as a people
accept surveillance as a fact of
life yeah yeah you have nothing to hide
so you don't
care got
it these are the events highlighted for
2023 each year a further reduction in
privacy occurs and this year we took
another big hit I thought there was
going to be a positive in 2023 with the
introduction of past keys and I've
learned recently that even that's a fake
so I thought that was going to be a
privacy positive but apparently not I've
said over and over that my goals are
very simple I don't care that I have
nothing to hide I care that it's none of
their business as a law abiding and
taxpaying citizen I just want to be left
alone I started a company to provide
solutions to the average person instead
of just talking about problems privacy
is a changing Battlefield and approaches
always change so I've studied the
Privacy problem and I came up with a few
things that will greatly help the
primary solution to use is still a
degoogle phone as as I discussed in
other videos it is immune from Geo
fencing and also protects your identity
since it does not have a Google ID check
that out these phones are around $400 so
they are cheaper than normal phones I
have a VPN product that protects you
from Mass surveillance and even hackers
doing man in the midle attacks they also
protect your IP address so this solves
one of the issues I mentioned in this
video which is the EU root
certificate and the solution is the bvpn
service which I started a few years ago
we have worldwide coverage and a known
entity providing the service me
hopefully someone you can
trust we have a bra Mill service that
highs identity information from your
email we offer unlimited aliases seven
domains and web mail check that out for
$50 a year all these are on my store on
bra me sign up on there and you will not
be asked for personal information to
sign up thanks for watching and see you
next
[Music]
time
Посмотреть больше похожих видео
5.0 / 5 (0 votes)