Identifying Computer-Generated Faces

https://www.schneier.com/blog/archives/2021/09/identifying-computer-generated-faces.html

https://www.schneier.com/?p=63675

It’s the eyes:

The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities. They also note that it would not be difficult to write software to spot such errors and for social media sites to use it to remove such content. Unfortunately, they also note that now that such irregularities have been identified, the people creating the fake pictures can simply add a feature to ensure the roundness of pupils.

And the arms race continues….

Research paper.

Upcoming Speaking Engagements

https://www.schneier.com/blog/archives/2021/09/upcoming-speaking-engagements-12.html

https://www.schneier.com/?p=63666

This is a current list of where and when I am scheduled to speak:

The list is maintained on this page.

Friday Squid Blogging: Possible Evidence of Squid Paternal Care

https://www.schneier.com/blog/archives/2021/09/friday-squid-blogging-possible-evidence-of-squid-paternal-care.html

https://www.schneier.com/?p=63658

Researchers have found possible evidence of paternal care among bigfin reef squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

ProtonMail Now Keeps IP Logs

https://www.schneier.com/blog/archives/2021/09/protonmail-now-keeps-ip-logs.html

https://www.schneier.com/?p=63656

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.”

EDITED TO ADD (9/14): This seems to be more complicated. ProtonMail is not yet saying that they keep logs. Their privacy policy still states that they do not keep logs except in certain circumstances, and outlines those circumstances. And ProtonMail’s warrant canary has an interesting list of data orders they have received from various authorities, whether they complied, and why or why not.

Security Risks of Relying on a Single Smartphone

https://www.schneier.com/blog/archives/2021/09/security-risks-of-relying-on-a-single-smartphone.html

https://www.schneier.com/?p=63649

Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the phone and replaced the SIM card, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse.

Here’s a link to an archived version.