Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
You were talking about implicit consent and that if a photo is uploaded to the internet, there is implicit consent that it is public.
But that is only the implicit consent of the photographer, which for the purposes of identification is totally irrelevant! You have to ensure the explicit consent of all people in the photograph, before you should be able to use it for identification.
Likewise, in Germany, taking a photo of someone in public is not allowed without their consent / you cannot upload it to social media or use it for commercial purposes or and form of wider distribution - if the stroll into the frame of your photo, you don’t have to delete the photo, but you would have to make them unrecognisable, before you could post it online.
When we go to parties and people are taking photos, my wife explicitly announces that no photos of her are allowed to be uploaded to social media. This is binding under DSGVO (German implementation of GDRP). If I take pictures of her at home, I have to get her permission, before I can post them on the family Signal group…
She isn’t a privacy advocate, she is actually technically illiterate, she just doesn’t think she looks good and doesn’t want photos of her circulating around.
Regarding the BLE spoofing, the locks do use response times, aka latency, to defeat traditional BLE spoofing. The NCC group has a new spoofer that greatly reduces the latency and therefore the latency based security is defeated. The equipment isn’t hard to make, but it isn’t, yet, widely available.
The best analogy I can think of is diseases like a pandemic. We’re well aware it’s spreading, but seem unable to prevent it from spreading. Being aware of the damage doesn’t mean you can control the damage. The problem with a malware group is they have many ways to attack (breaking in, phishing, impersonation, etc) and a perfect defense relies on everyone never making a single mistake.
As for doing something about them in a policing fashion, they operate in another country, one unfriendly to the nations they target. If you find which countries DON’T have a problem you can figure out where they’re likely operating.
A good analogy, part of the problem is, we can see it spreading and we do have a vaccine (Cybersecurity), but few companies invest in real cybersecurity with qualified people and good kit (vaccine).
In the past, it has been cheaper to just put in the basics (firewall and maybe AV) and claim the job is done, then let the insurance take care of any problems that arise.
With many crypto malware groups now being sanctioned and you can’t pay them, maybe companies will start to invest properly in their cybersecurity.
Laws also mean you can’t attack back.