February 2 2023 GM

From TCU Wiki
Revision as of 15:04, 2 February 2023 by Victoria (talk | contribs) (→‎Notes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Glitter Meetups

Glitter Meetup is the weekly town hall of the Internet Freedom community at the IF Square on the TCU Mattermost, at 9am EST / 2pm UTC. Do you need an invite? Learn how to get one here.

Date: Thursday, February 2nd

Time: 9am EST / 2pm UTC

Who: The community

Moderator: Astha

Where: On IFF Mattermost Square Channel.

The Glitterest Glitter Meetup

At the Glitterest GM you’re welcome to join and talk about whatever you want: sharing a song, insights on the latest big tech nonsense, general questions about the experience of working in the digital rights field. We will be happy to hear from you!

Notes

What is happening in India
  • The BBC aired a documentary on the Indian PM, Narendra Modi, in the UK. It was so controversial that the government banned platforms like Twitter from even sharing any clips from it online.
  • It was wild since it wasn't even being aired IN India in the first place
  • But the law that enabled it to happen was the country’s information and technology law, which allows the government to demand that Twitter and YouTube block any content it deems a "civil threat"
  • This is particular worrying: "The Indian government is now looking to significantly expand that control, proposing another amendment to its technology laws last week that would require online platforms to take down information identified as “fake or false” by the government’s own Press Information Bureau or by other government agencies. The proposal was slammed as “censorship” by the Editors Guild of India, a leading journalist group."
  • Has this happened in other places where digital authoritarianism is high?
Updates from Vini Fortuna: Outline VPN, Remote IDS & OTF Internet Controls Fellowship Program
  • We released Dynamic Access Keys, which lets server operators update configs without having to resend keys.
  • We released Prefix Disguise, which lets one make the connection look like another protocol, bypassing protocol allowlists.
  • Remote IDS:
    • We open sourced a tool that helps you identify Pegasus infections (and possibly other malware) based on suspicious network activity. You can run on an Outline server to keep your users safer.
    • I put together some slides explaining it.
    • It's a functional prototype, so you can use it right away. However, the engineer working on it got laid off, so I'm looking for other people to move the project forward, since I believe it's promising.
    • I would love to host people interested in applying for the OTF Internet Controls Fellowship Program to work on internet censorship, measurements or our remote IDS idea.
Updates from Localization Lab member
  • I just started doing translation (Chinese Simplified) at Localization Lab (Briar + I2P) last month, and I'm also learning hacking now (might wanna go direction digital forensic later)

What kind of stuff are you finding as you learn hacking? Anything that's surprised you?

  • That there are so many entry points.  I can never see the input field without concern. I mean, in web applications for example, the field for users to search information like specific items could also be a point to inject some malicious codes.

So people can inject codes in the search bar?

  • Yes, it's possible but I think most sites have good protection against it

And are you seeing this happen mostly in Chinese websites or more broadly?

  • There is no universal method to do the injection, it always depends on several factors like what database they're using, so the codes (or so called payload) are always different.
  • Theoretically you can perform it on every website that doesn't have enough protection. I never tried this in real life (except my own website), I mostly do exercise and learn on tryhackme.com.