Plus Apple's blaring bluetooth beacons and Facebook's worrying plans for WhatsApp.

Links:

• Apple bleee. Everyone knows What Happens on Your iPhone – hexway — If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number
• Facebook Plans on Backdooring WhatsApp - Schneier on Security — In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user's device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.
• Signal — Privacy that fits in your pocket.
• xkcd: Security — Turns out it's a $5 wrench, even better!
• Jim Salter on Twitter — I wonder why #privacy wonks aren't talking about browser fingerprinting more frequently? Privacy Badger, Ghostery, etc don't do a damn thing to prevent or mitigate Canvas / WebGL #fingerprinting.
• Browser Fingerprinting: What Is It and What Should You Do About It? - PixelPrivacy — Browser fingerprinting is a powerful method that websites use to collect information about your browser type and version, as well as your operating system, active plugins, timezone, language, screen resolution and various other active settings.
• Canvas Fingerprinting - BrowserLeaks.com — The technique is based on the fact that the same canvas image may be rendered differently in different computers. This happens for several reasons. At the image format level – web browsers uses different image processing engines, image export options, compression level, the final images may got different checksum even if they are pixel-identical. At the system level – operating systems have different fonts, they use different algorithms and settings for anti-aliasing and sub-pixel rendering.
• WebGL Browser Report - WebGL Fingerprinting - WebGL 2 Test - BrowserLeaks.com — WebGL Browser Report checks WebGL support in your web browser, produce WebGL Device Fingerprinting, and shows the other WebGL and GPU capabilities more or less related web browser identity.
• AmIUnique — Device fingerprinting or browser fingerprinting is the systematic collection of information about a remote device, for identification purposes. Client-side scripting languages allow the development of procedures to collect very rich fingerprints: browser and operating system type and version, screen resolution, architecture type, lists of fonts, plugins, microphone, camera, etc.
• Panopticlick — Panopticlick will analyze how well your browser and add-ons protect you against online tracking techniques. We’ll also see if your system is uniquely configured—and thus identifiable—even if you are using privacy-protective software. However, we only do so with your explicit consent, through the TEST ME button below.
• How private is your browser’s Private mode? Research into porn suggests “not very” | Ars Technica — This leaves browser fingerprinting as a method to tie your profiles together—and unfortunately, Incognito mode doesn't appear to help.
• Privacy Tools - Encryption Against Global Mass Surveillance — You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides services, tools and knowledge to protect your privacy against global mass surveillance.
• ‘Fingerprinting’ to Track Us Online Is on the Rise. Here’s What to Do. - The New York Times — Fingerprinting involves looking at the many characteristics of your mobile device or computer, like the screen resolution, operating system and model, and triangulating this information to pinpoint and follow you as you browse the web and use apps. Once enough device characteristics are known, the theory goes, the data can be assembled into a profile that helps identify you the way a fingerprint would.
• Digital 'Fingerprinting' Is The Next Generation Tracking Technology | The Takeaway | WNYC Studios — This growing technology is almost invisible, making it impossible for users to opt-out of the tracking system. As it becomes more popular, tech companies are developing new ways to try and protect consumers from this form of tracking. But is it going to work?
• New Warning Issued Over Google's Chrome Ad-Blocking Plans — The plans, dubbed Manifest V3, represent a major transformation to Chrome extensions including a revamp of the permissions system. As a result, modern ad blockers such as uBlock Origin—which uses Chrome’s webRequest API to block ads before they’re downloaded–won’t work.
• Comment on Chrome extension manifest v3 proposal by gorhill — The blocking ability of the webRequest API is still deprecated, and Google Chrome's limited matching algorithm will be the only one possible, and with limits dictated by Google employees. It's annoying that they keep saying "the webRequest API is not deprecated" as if developers have been worried about this -- and as if they want to drown the real issue in a fabricated one nobody made.
• CanvasBlocker
• Ghostery
• Disconnect

Links:

• TechSNAP Episode 390: What’s Up with WireGuard
• WireGuard Sent Out Again For Review — WireGuard lead developer Jason Donenfeld has sent out the ninth version of the WireGuard secure network tunnel patches for review. If this review goes well and lands in net-next in the weeks ahead, this long-awaited VPN improvement could make it into the mainline Linux 5.2 kernel.
• CloudFlare announces Warp VPN — Using Cloudflare’s existing network of servers, Internet users all over the world will be able to connect to Warp VPN through the 1.1.1.1 app. In the same vein, Warp VPN will not significantly increase battery usage by using an efficient protocol called WireGuard.
• CloudFlare Launches "BoringTun" As Rust-Written WireGuard User-Space Implementation - Phoronix — CloudFlare took to creating BoringTun as they wanted a user-space solution as not to have to deal with kernel modules or satisfying certain kernel versions. They also wanted cross platform support and for their chosen implementation to be very fast, these choices which led them to writing a Rust-based solution.
• cloudflare/boringtun — BoringTun is an implementation of the WireGuard® protocol designed for portability and speed.
• VPN protocol WireGuard now has an official macOS app — You can already download the WireGuard app on Android and iOS, but today’s release is all about macOS.
• WireGuard Windows Pre-Alpha — I've been mostly absent these last weeks, due to being completely absorbed in Windows programming. I think we're finally getting to the state where we might really benefit from testing of the "pre-alpha".
• Wintun – Layer 3 TUN Driver for Windows — Wintun is a very simple and minimal TUN driver for the Windows kernel, which provides userspace programs with a simple network adapter for reading and writing packets. It is akin to Linux's /dev/net/tun and BSD's /dev/tun.
• WireGuard for Kubernetes: Introducing Gravitational Wormhole — Wormhole is a Kubernetes network plugin that combines the simplicity of flannel with encrypted networking from WireGuard.
• gravitational/wormhole: Wireguard based overlay network CNI plugin for kubernetes
• NetworkManager 1.16 — NetworkManager 1.16 is a big feature release bringing support for WireGuard VPN tunnels
• Portal Cloud - Subspace — Subspace is an open source WireGuard® VPN server that supports connecting all of your devices to help secure your internet access.
• subspacecloud/subspace — A simple WireGuard VPN server GUI
• jimsalterjrs/wg-admin — Simple CLI utilities to manage a WireGuard server
• 5 big misconceptions about virtual LANs — In the real world, VLANs are anything but simple.
• High Availability vs. Fault Tolerance vs. Disaster Recovery — You need IT infrastructure that you can count on even when you run into the rare network outage, equipment failure, or power issue. When your systems run into trouble, that’s where one or more of the three primary availability strategies will come into play: high availability, fault tolerance, and/or disaster recovery.
• High Availability: Concepts and Theory — Running server operations using clusters of either physical or virtual computers is all about improving both reliability and performance over and above what you could expect from a single, high-powered server.
• RPO and RTO: Understanding the Differences — Recovery time objective refers to how much time an application can be down without causing significant damage to the business. Recovery point objectives refer to your company’s loss tolerance: the amount of data that can be lost before significant harm to the business occurs.
• JupiterBroadcasting/Talks — Public repository of crew talks, slides, and additional resources.
• Command Line Threat Hunting — That viruses and malware are Windows problems is a misnomer that is often propagated through the Linux community and it's an easy one to believe until you start noticing strange behavior on your system. What do you do next? Join Ell Marquez and Tony Lambert in discussing a common sense approach to threat detection using only command line tools.
• Fear the Man in the Middle? This company wants to sell quantum key distribution — For now, Quantum XChange has only said about a dozen companies are part of the pilot. But with the appetite for quantum solutions in the US increasing—the National Quantum Initiative was just signed into law at the end of 2018 to advance the tech—this could be an opportune time to enter the market, so long as the service lives up to its billing.

Plus the importance of sane defaults and why netdata belongs on every system.

Links:

• Why you want QoS - Netdata Documentation — One of the features the Linux kernel has, but it is rarely used, is its ability to apply QoS on traffic. Even most interesting is that it can apply QoS to both inbound and outbound traffic.
• FireQOS Wiki — FireQOS is a helper to assist you configure traffic shaping on Linux.
• FireHOL - Linux firewalling and traffic shaping for humans — FireHOL is a language (and a program to run it) which builds secure, stateful firewalls from easy to understand, human-readable configurations. The configurations stay readable even for very complex setups.
• tc(8) man page — Traffic Control consists of the following: SHAPING When traffic is shaped, its rate of transmission is under control. Shaping may be more than lowering the available bandwidth - it is also used to smooth out bursts in traffic for better network behaviour. Shaping occurs on egress. SCHEDULING By scheduling the transmission of packets it is possible to improve interactivity for traffic that needs it while still guaranteeing bandwidth to bulk transfers. Reordering is also called prioritizing, and happens only on egress. POLICING Where shaping deals with transmission of traffic, policing pertains to traffic arriving. Policing thus occurs on ingress. DROPPING Traffic exceeding a set bandwidth may also be dropped forthwith, both on ingress and on egress.
• Overview of Traffic Control Concepts — Traffic control is the name given to the sets of queuing systems and mechanisms by which packets are received and transmitted on a router. This includes deciding which (and whether) packets to accept at what rate on the input of an interface and determining which packets to transmit in what order at what rate on the output of an interface.
• Advanced traffic control - ArchWiki
• Journey to the Center of the Linux Kernel: Traffic Control, Shaping and QoS — This document describes the Traffic Control subsystem of the Linux Kernel in depth, algorithm by algorithm, and shows how it can be used to manage the outgoing traffic of a Linux system.
• Netdata Real-time performance monitoring, done right! — Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.
• Add more charts to netdata — To collect non-system metrics, netdata supports a plugin architecture.