Data protection and data security
Criteria for safe and sustainable software
- Open Source
- The best way to check how secure your data is against unauthorised access is to use open source software.
- Virtual Private Network
- This is usually the basis for accessing a company network from outside. However, do not blindly trust the often false promises of VPN providers, but use open source programmes such as OpenVPN or WireGuard.
- Remote desktop software
- Remotely is a good open source alternative to TeamViewer or AnyDesk.
- Configuration
Even with open-source software, check whether the default settings are really privacy-friendly:
For example, Jitsi Meet creates external connections to gravatar.com and logs far too much information with the INFO logging level. Previous Jitsi apps also tied in the trackers Google CrashLytics, Google Firebase Analytics and Amplitude. Run your own STUN servers if possible, otherwise meet-jit-si-turnrelay.jitsi.net is used.
- Encryption methods
Here you should distinguish between transport encryption – ideally end-to-end – and encryption of stored data.
The synchronisation software Syncthing, for example, uses both TLS and Perfect Forward Secrecy to protect communication.
You should be informed if the fingerprint of a key changes.
- Metadata
- Make sure that communication software avoids or at least protects metadata; it can tell a lot about users’ lives.
- Audits
- Even the security risks of open source software can only be detected by experts. Use software that has successfully passed a security audit.
- Tracker
Smartphone apps often integrate a lot of trackers that pass on data to third parties such as Google or Facebook without the user’s knowledge. εxodus Privacy is a website that analyses Android apps and shows which trackers are included in an app.
It also checks whether the permissions requested by an app fit the intended use. For example, it is incomprehensible why messengers such as Signal, Telegram and WhatsApp compulsorily require the entry of one’s own telephone number.
- Malvertising
Avoid apps that embed advertising and thus pose the risk of malicious code advertising. Furthermore, tracking companies can evaluate and market the activities of users via embedded advertising.
There are numerous tools such as uBlock Origin for Firefox, Blokada for Android and iOS or AdGuard Pro for iOS that prevent the delivery of advertising and the leakage of personal data. With HttpCanary for Android apps and Charles Proxy for iOS apps, users can investigate for themselves how apps behave unless the app developers resort to certificate pinning. Burp Suite intercepts much more than just data packets and can also bypass certificate pinning.
- Decentralised data storage
- It is safest if data is stored decentrally. If this is not possible, federated systems, such as email infrastructure, are preferable to centralised ones.
- Financial transparency
- If there are companies behind open source software, they should be transparent about their finances and financial interests in the software. A good example in this respect is Delta Chat.
- Availability
- If an Android app is available, for example, only via Google's Play Store or also via the more privacy-friendly F-Droid Store.
- Data economy
- When selecting software, check not only whether it meets all functional requirements, but also whether it stores only the necessary data.
- Data synchronisation
- Data from a software should be able to be synchronised between multiple devices without the need for a central server to mediate it. For example, we sync our KeePass database directly between our devices using Syncthing and not via WebDAV or Nextcloud. This means that password data is not cached anywhere, but only stored where it is needed.
- Backup
- To ensure that all relevant data is securely available for the entire period of use, backup copies should be made. These should be stored in a safe place that is also legally permissible. The backup should also be automatic and the backups should be encrypted.
Rust for cryptography
The programming language Rust [1] is becoming more and more popular and is increasingly used for cryptography. In Rust’s favour is the fact that the language promises very secure memory management, making errors such as buffer overflows and use-after-free less likely. Considering one of the best-known TLS vulnerabilities, the OpenSSL Heartbleed bug [2], which violates memory security, this development is not surprising.
For example, a new TLS backend with Rustls [3] was recently announced for the curl library [4]. Hyper [5], an HTTP library written in Rust, is also to be made available as a backend for curl [6].
The Internet Security Research Group (ISRG) [7] also announced that they will support a Rust-based TLS module for the Apache web server [8]. This is funded as part of Google’s and the ISRG’s efforts to move ports of critical open source software into memory-safe languages [9].
The move of the cryptography package from Python, however, led to heated discussions in the community, as especially some older platforms would no longer be supported without the Rust compiler [10]. The cryptography [#]_project has already started to reimplement parts of its ASN1 parsing code in Rust, [11] [12] as ASN1 parsers often had memory security vulnerabilities in the past.
[1] | Rust |
[2] | The Heartbleed Bug |
[3] | Rustls |
[4] | curl supports rustls |
[5] | Hyper |
[6] | Rust in curl with hyper |
[7] | Internet Security Research Group |
[8] | A Memory Safe TLS Module for the Apache HTTP Server |
[9] | Google Security Blog: Mitigating Memory Safety Issues in Open Source Software |
[10] | Dependency on rust removes support for a number of platforms #5771 |
[11] | github.com/pyca/cryptography |
[12] | Port a tiny tiny bit of the ASN.1 parsing to Rust |
[13] | Rust in pyca/cryptography |
Compliance management with Gitlab
In detail, GitLab supports
- managing rules and policies
- automating compliance workflows
- audit management that logs activities, identifies incidents and proves compliance with rules
- security management that checks the security of the source code to track and manage vulnerabilities (→ DevSecOps).
Policy management
Rules and policies to be followed can be defined, both internal company policies and policies based on legal or regulatory frameworks such as GDPR, SOC2, PCI-DSS, SOX, HIPAA, ISO, COBIT, FedRAMP, etc. GitLab provides the following functions for this purpose:
- Fine-grained user roles and permissions
- GitLab supports five different roles with different permissions
- Compliance settings
- Different compliance policies can be set for different projects.
- Inventory
- All actions are inventoried.
Automate compliance workflows
Once the policies and rules are established, the processes can be automated, e.g. through
- Project templates
- Project templates with specific audit protocols and audit trails, such as HIPAA, can be created.
- Project label
- Depending on the policy, different labels can be predefined for projects and tasks.
Audit management
Compliance audits require the traceability of various events such as user actions, changes to authorisations or approvals.
[1] | ISO 19600:2014 Compliance management systems — Guidelines |
Data protection in times of Covid-19
Companies and organizations have data that they do not want to make available to others. They also have a special responsibility for their customers, partners and employees. Not being sovereign of this data means not only a loss of trust, but usually also commercial losses.
Show your customers, partners and employees that data protection is important to you and that you take responsibility to protect their privacy. Show that you have implemented the rules of the European General Data Protection Regulation (GDPR) from May 2018.
Therefore, do without Google services and use alternatives. Google makes money from the data you provide Google:
With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about. [1]
This statement by the Google CEO, Eric Schmidt, is more relevant than ever. It can get scary when you think that a company knows more or less what you think about. The group only reveals part of this information if you still have a Google account – saved graphs and other evaluations will remain hidden from you.
In the following we would like to introduce you to some privacy-friendly alternatives to Google services:
… for your office work
- Jitsi instead of Google Hangout, Zoom or Microsoft Teams
- Mattermost instead of Slack
- Nextcloud and OnlyOffice instead of Google Docs, Google Sheets, Google Slides, Google Calendar and Google Drive
… for your website
- Elasticsearch instead of Google Search
- Matomo instead of Google Analytics
- TextCaptcha or Securimage instead of Google reCAPTCHA
- Own OpenStreetMap server and Leaflet instead of Google Maps on websites
- Deliver fonts yourself with Make Google Fonts local and Google Webfonts Helper instead of Google Fonts
For further reading
- Telearbeit und Mobiles Arbeiten
- Information from the Federal Commissioner for Data Protection and Freedom of information (BfDI), January 2019
- Top Tips for Cybersecurity when Working Remotely
- Article by the European Union Agency for Cybersecurity (ENISA), March 2020
- Home-Office? – Aber sicher!
- Information from the Federal Office for Information Security (BSI), March 2020
[1] | Google’s CEO: ‹The Laws Are Written by Lobbyists›, 2010. |
Beuth University: Prototype for a medication app
For the Beuth University, we develop a prototype for a medication app.
The app is intended to improve the safety of the medication and in particular in the monitoring of ingestion rhythm and the knowledge of side effects and influences.
Not only the patients themselves should be able to use this app, but also relatives and caregivers.
In fact, there are already many apps that promise to meet the requirements. However, with more detailed research, they have significant shortcomings.
Professional quality
The professional quality of other apps is rarely discernible and, if the few reviews are taken as a basis, is usually very low. This is all the more problematic when apps promise to point out interactions and double prescriptions for medications with similar effects. For customers who rely on the fact that their app will warn them of dangers, for example with their self-medication requests, are likely to be at serious risk.
User groups
The apps also very rarely provide information about their user groups, neither about
- Suitability for specific diseases/conditions
- Suitability for gender, special age groups (or areas) etc.
- Suitability for certain health professions and settings: clinical, outpatient, at home, …
- Suitability for physiological and physical impairments, also not the support for TalkBack for Android and VoiceOver for iPhone.
- Support for country-specific drugs and pack sizes
Privacy
The handling of user data is usually poor. The data protection declarations usually leave customers unclear as to what happens to their information. This is all the more problematic since over 80% of the apps transfer data to infrastructure providers such as Google, Facebook etc. Not even the encrypted transmission of user data was always guaranteed, especially not when data was transmitted by email. The few independent test procedures are unlikely to contribute to clarification, since they mostly rely on self-assessment.