Am I Being Targeted With Spyware? Come find out!

[mozfest-bot]

[ UUID ] 78800205-37ca-4ff5-a1ed-6c5dce341591

[ Session Name ] Am I Being Targeted With Spyware? Come find out!
[ Primary Space ] Privacy and Security
[ Secondary Space ] Digital Inclusion

[ Submitter's Name ] Bill Marczak
[ Submitter's Affiliated Organisation ] Bahrain Watch

[ Additional facilitators ] Ahmed Ali,Ali Abdulemam

What will happen in your session?

The session will provide a review of how activists, dissidents, and journalists are commonly targeted with spyware, particularly in the Gulf, as well as an overview of Himaya, a university IRB-approved defensive tool that can scan users’ email accounts for threats and alert them if any potentially malicious messages are detected. We will offer interested individuals the opportunity to scan their email accounts (both past emails and live scanning of new emails) with Himaya. Himaya can detect attacks based on published (and unpublished) research, as well as generic signatures for malicious attachment and link behavior (e.g., documents that cause installation of a program).

What is the goal or outcome of your session?

The goal is to reach activists, journalists (especially from repressive countries), or others who may be targeted with spyware, provide some short, catchy, and easy-to-remember “clickbait-style” tips on avoiding falling victim to targeted digital attacks, as well as provide them with access to a concrete defensive tool, Himaya. As Himaya is an active research project, another goal is to gain more users and solicit feedback about the tool to improve it. The session will also serve as an outlook on how Himaya was created after maticulous investigations into spyware use in the Gulf.

If your session requires additional materials or electronic equipment, please outline your needs.

Projector.

Time needed

60 mins

[EPIKhub]

Interesting session Id like to attend

[bunnybooboo]

I'm a little torn on this one. It is very very interesting but the addition of an email scanning tool throws immediate alarm bells on trust & consent. Transparently expressing my thoughts there, without another wrangler to validate them against. Some of our team are unavailable this week and I do not have enough data points to bring a clear decision without them. Deferring until their return next week.

[billmarczak]

@bunnybooboo The tool has been designed with informed consent in mind (in consultation with, and vetted by the IRB at UC Berkeley). Before the user can scan their account, they need to read through a consent form (and fill out information throughout the form, as well as opt-in to various types of scanning). The consent form describes various potential risks associated with the use of the tool, and mentions how the tool is designed to minimize those risks. If the user does not agree or is not comfortable, they do not need to participate in the scanning. Would be happy to share the consent forms presented to the user if that would be helpful.

[bunnybooboo]

@billmarczak well Mozfest has a clear policy for attendees data usage. As a general rule we never hand over names and email addresses to any partner, organisation or tech request. We have an absolute duty of care. Attendees, especially in the P&S space, will be highly adverse to handing over access to any PII.

Some of the team have been unavailable this week and I know this proposal will spark further questions. We've got just under 2 weeks to make our decisions, so expect to here further from us shortly.

[bunnybooboo]

I'm sorry to have to inform you, your proposal did not make it to our draft P&S space schedule. Unlocking for consideration from other teams.

[mozfest-bot]

Thank you for taking the time to submit a session to MozFest. Due to the high level of submissions, we’re unable to accept all proposals and unfortunately, your session was not part of the final group.

Thank you for taking the time to submit and we will follow up on email very soon.

[kaodro]

Hi @billmarczak , my name is Kasia and I work on Mozilla’s Internet Health Report. At Mozfest we will be present with an “Internet Research Hub” #618 (last comment) - an easy-going, cozy space for discussions and networking both with us about Internet Health and among researchers themselves.

We also invite anyone who does work in an Internet research field to sign up and present their work at a couple of open display tables we will have in the hub. We will promote these sessions throughout the festival. You can do it spontaneously with pen and paper on site or if you would like to save a spot beforehand, drop me an email at kasia@mozillafoundation.org with a short description of the session.

In any case, if you are planning to attend Mozfest I would like to invite you to pass by the Hub and say hi. We will start with an informal "Research and coffee grinder” get-together at the beginning of the festival where people can get to know each other. Space and exact schedule for the Hub are still being decided and I will update you once we know the details. Hope to see you there!