Fwd: [kictanet] Safaricom and Internet Traffic Tampering
<Start> ---------- Forwarded message ---------- From: Mose Karanja via kictanet <kictanet@lists.kictanet.or.ke> Date: 23 March 2017 at 09:27 Subject: [kictanet] Safaricom and Internet Traffic Tampering To: odhiambo@gmail.com Cc: Mose Karanja <mosekaranja@gmail.com> Hello listers. CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship. In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes. You can download the brief from this link: http://blog.cipit.org/2017/03/23/cipit-research-reveals- evidence-of-internet-traffic-tampering-in-kenya-the-case- of-safaricoms-network/#more-5833 -Moses </End> -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
On 23 March 2017 at 09:52, Odhiambo Washington via skunkworks < skunkworks@lists.my.co.ke> wrote:
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
i always wonder, what do people hide? Safcom and telcos of the world can sniff on my data all they want [so long as they dont tamper with my bank account]- if you have nothing to hide what's fear for? Kind Regards, Wilson./
Hahaha...its the fear of The Fappening 3.0.....lol! Have a great day! Warm regards, Amarjit Singh Labhuram. On Thu, Mar 23, 2017 at 2:54 PM, Thuo Wilson via skunkworks < skunkworks@lists.my.co.ke> wrote:
On 23 March 2017 at 09:52, Odhiambo Washington via skunkworks < skunkworks@lists.my.co.ke> wrote:
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
i always wonder, what do people hide? Safcom and telcos of the world can sniff on my data all they want [so long as they dont tamper with my bank account]- if you have nothing to hide what's fear for?
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Hahah agreeed Thuo. Also, I can only imagine that the interest for such a thing would be from GoK due to (in)security reasons. I gave up on Internet rights when Snowden confirmed that even our very own Obama approved some of the most aggressive snooping done in the World's history. The only problem is the potential for abuse especially for monitoring political rivals etc. Kevin On 23 March 2017 at 14:54, Thuo Wilson via skunkworks < skunkworks@lists.my.co.ke> wrote:
On 23 March 2017 at 09:52, Odhiambo Washington via skunkworks < skunkworks@lists.my.co.ke> wrote:
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
i always wonder, what do people hide? Safcom and telcos of the world can sniff on my data all they want [so long as they dont tamper with my bank account]- if you have nothing to hide what's fear for?
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
At the expense of digressing such an important thread, I will ask Thuo, who claims to not have anything to hide to share the following information on this list 1. National ID card details 2. High school results slip, and university transcripts 3. Payslip 4. Bank statement 5. Health status, and medical records 6. Name of past and current girl friends, wife, and kids 7. The name of your kids, age, where they go to school, and class 8. Listers can add more mundane data here The point is, the mundane information about us belongs only to us, and those we have entrusted the information. In the wrong hands, this information may be potent On Mar 23, 2017 2:56 PM, "Thuo Wilson via skunkworks" < skunkworks@lists.my.co.ke> wrote:
On 23 March 2017 at 09:52, Odhiambo Washington via skunkworks < skunkworks@lists.my.co.ke> wrote:
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
i always wonder, what do people hide? Safcom and telcos of the world can sniff on my data all they want [so long as they dont tamper with my bank account]- if you have nothing to hide what's fear for?
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
+1 Share it! On 23 Mar 2017 21:03, "Mwendwa Kivuva via skunkworks" < skunkworks@lists.my.co.ke> wrote:
At the expense of digressing such an important thread, I will ask Thuo, who claims to not have anything to hide to share the following information on this list 1. National ID card details 2. High school results slip, and university transcripts 3. Payslip 4. Bank statement 5. Health status, and medical records 6. Name of past and current girl friends, wife, and kids 7. The name of your kids, age, where they go to school, and class 8. Listers can add more mundane data here
The point is, the mundane information about us belongs only to us, and those we have entrusted the information. In the wrong hands, this information may be potent On Mar 23, 2017 2:56 PM, "Thuo Wilson via skunkworks" < skunkworks@lists.my.co.ke> wrote:
On 23 March 2017 at 09:52, Odhiambo Washington via skunkworks < skunkworks@lists.my.co.ke> wrote:
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
i always wonder, what do people hide? Safcom and telcos of the world can sniff on my data all they want [so long as they dont tamper with my bank account]- if you have nothing to hide what's fear for?
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
In the defense of my good friend Thuo; 1. The kind of entities that would (allegedly so far) compel Safaricom (SC) to mine your data has access to all the below mentioned. 1. National ID card details 2. High school results slip, and university transcripts 3. Payslip 4. Bank statement 5. Health status, and medical records 6. Name of past and current girl friends, wife, and kids (Unless you have never texted or called them) 7. The name of your kids, age, where they go to school, and class 2. I think we also need to give some benefit of doubt that SC is simply running an optimizer that could essentially be doing some transparent caching. Whenever the actual truth will be confirmed, I will perhaps join the protest by making some serious noises with my keyboard. 3. We could also blowing this out of proportion. How much sensitive data do we transmit over the basic HTTP protocol nowadays? And if you are telling me that KE has NSA and GCHQ grade HTTPS popping capabilities, then first of all I am impressed.. The issue for me would be more towards the protection of this data by requiring court orders (even if in secret but recorded requests eg. between AG -> CJ) for a particular person's data to be accessed from the archives or in real-time. For my part, a concern that I have had with SC has to do with the permissions they request for on their Apps. I could be very wrong here, but I believe that these Apps only need Internet access so that they can pull your data from SC servers. These permissions could potentially grant a malicious attacker access to a lot of information if SC's systems were to be compromised. I request Steve to clarify these in detail so that I may be able to have the peace of mind of installing and using their very useful (really) features, and remove my bad rating for mledger :) Below are the current permission requests. mLedger:- Version 5.0 can access: Identity - find accounts on the device Contacts - find accounts on the device - read your contacts SMS - read your text messages (SMS or MMS) - edit your text messages (SMS or MMS) Phone - directly call phone numbers - read phone status and identity Photos/Media/Files - read the contents of your USB storage - modify or delete the contents of your USB storage Storage - read the contents of your USB storage - modify or delete the contents of your USB storage Device ID & call information - read phone status and identity Other - view network connections - create accounts and set passwords - full network access - run at startup - control vibration - prevent device from sleeping - set an alarm - install shortcuts - uninstall shortcuts [image: Inline images 2] MySafaricom:- Version 1.1.1.0 can access: Device & app history - retrieve running apps Contacts - read your contacts Location - approximate location (network-based) - precise location (GPS and network-based) SMS - read your text messages (SMS or MMS) - receive text messages (SMS) Phone - read call log - read phone status and identity Photos/Media/Files - read the contents of your USB storage - modify or delete the contents of your USB storage Storage - read the contents of your USB storage - modify or delete the contents of your USB storage Wi-Fi connection information - view Wi-Fi connections Device ID & call information - read phone status and identity Other - receive data from Internet - view network connections - full network access - run at startup - control vibration - prevent device from sleeping - install shortcuts - read Google service configuration Kevin On 23 March 2017 at 21:01, Mwendwa Kivuva via skunkworks < skunkworks@lists.my.co.ke> wrote:
At the expense of digressing such an important thread, I will ask Thuo, who claims to not have anything to hide to share the following information on this list 1. National ID card details 2. High school results slip, and university transcripts 3. Payslip 4. Bank statement 5. Health status, and medical records 6. Name of past and current girl friends, wife, and kids 7. The name of your kids, age, where they go to school, and class 8. Listers can add more mundane data here
The point is, the mundane information about us belongs only to us, and those we have entrusted the information. In the wrong hands, this information may be potent On Mar 23, 2017 2:56 PM, "Thuo Wilson via skunkworks" < skunkworks@lists.my.co.ke> wrote:
On 23 March 2017 at 09:52, Odhiambo Washington via skunkworks < skunkworks@lists.my.co.ke> wrote:
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
i always wonder, what do people hide? Safcom and telcos of the world can sniff on my data all they want [so long as they dont tamper with my bank account]- if you have nothing to hide what's fear for?
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
*"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say," - Edward Snowden* *Alex* /dev/mobile On Mar 23, 2017 13:57, "Thuo Wilson via skunkworks" < skunkworks@lists.my.co.ke> wrote:
On 23 March 2017 at 09:52, Odhiambo Washington via skunkworks < skunkworks@lists.my.co.ke> wrote:
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
i always wonder, what do people hide? Safcom and telcos of the world can sniff on my data all they want [so long as they dont tamper with my bank account]- if you have nothing to hide what's fear for?
Kind Regards, Wilson./
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (7)
-
Amarjit Labhuram -
Anderson Levi -
Kevin Kamonye -
Kisakye Alex -
Mwendwa Kivuva -
Odhiambo Washington -
Thuo Wilson