oh boy, i haven't used a proper chat integrator since i was running Adium locally way back in like... god, 2016, probably?

and even back then, Adium was showing its limits... iirc the adium/libpurple devs sort of hacked in some pseudo-xmpp support for facebook messenger back then but it was really buggy, to the point of uselessness, and the situation's only gotten more fragmented, protocol-wise, since then

so without having looked at the landscape at all, i'd say my bigger concern would be "does this thing even work well" before getting into any kind of security questions

it's sad that that is the state of the world! but it is what it is

if i could force everyone in my life to use Discord it would be measurably remarkably better

What is GDPR?

Source: https://faidepro.medium.com/what-is-gdpr-3ff0034ff454

The General Data Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world. Although it used to be drafted and exceeded by the EEC (EU), it imposes obligations on companies anywhere, so lengthy as they target or accumulate statistics related to human beings in the EU. The law was put into impact on May 25, 2018.

The GDPR can levy harsh fines in opposition to those who violate its privateness and safety standards, with penalties achieving into the tens of tens of millions of euros. With the GDPR, Europe is signalling its association stance on facts privateness, and safety at a time when extra people are entrusting their statistics with cloud services and breaches are a day-to-day occurrence.

The law itself is large, far-reaching, and pretty light on specifics, creating GDPR compliance a frightening prospect, mainly for tiny and medium-sized organizations (SMEs). They created this website to function as a useful resource for SME owners and managers to tackle particular challenges they may additionally face. whereas it is no longer a replacement for criminal advice, it can also assist you to understand where to focus your GDPR compliance efforts.

We additionally provide hints on privacy tools and the way to mitigate risks because the GDPR continues to be interpreted, they’ll preserve you up to this point on evolving great practices.

How did it start?

Proper privacy is the phase of the 1950 European Convention on Human Rights, which states, “Everyone has the proper to recognize for his personal and family life, his domestic and his correspondence.” From this basis, the ECU Union has sought-after to make certain the protection of this right thru legislation.

As technology advanced and the Internet used to be invented, the EU diagnosed the want for modern-day protections. So in 1995, it handed the European Information Protection Directive, establishing minimum facts privacy and security standards, upon which each member kingdom based its imposing law. However, already the Internet was morphing into the Hoover it’s today.

In 1994, the primary banner advert was regarded online. In 2000, a majority of economic establishments offered online banking. In 2006, Facebook opened to the public.

In 2011, a Google consumer sued the corporation for scanning her emails. 2 months after that, Europe’s facts protection authority declared the EU wished “a comprehensive method on non-public information protection” and work began to update the 1995 directive.

The GDPR entered into pressure in 2016 after passing the European Parliament, and as of 25 May 2018, all corporations have been required to be compliant.

Data safety principles If you method data, you have got to try to do so according to seven protection and accountability standards outlined in Article 5.1–2:Lawfulness, fairness and transparency — Processing ought to be lawful, fair, and transparent to the statistics subject.

Purpose problem — You have to process information for the legit functions detailed explicitly to the facts situation when you gathered it.

Data diminution — You must collect and method solely as much data as crucial for the purposes specified.

Accuracy — You ought to keep private information accurate and up to date.

Storage hassle — You may additionally only save personally-identifying statistics for as lengthy as indispensable for the unique purpose.

Integrity and confidentiality — Processing needs to be accomplished in such a way as to make certain excellent security, integrity, and confidentiality (e.g. by the use of encryption).

Accountability — The statistics controller is responsible for being capable to display GDPR compliance with all of those principles. Accountability The GDPR says fact controllers ought to be in a position to reveal they are GDPR compliant. And this isn’t something you will do when the fact is: If you suppose you are compliant with the GDPR but can’t show how then you’re no longer GDPR compliant.

Among the ways you can do this: Designate records safety duties to your team. Maintain detailed documentation of the statistics you’re collecting, however, it’s used, where it’s stored, which employee is accountable for it, etc. Train your workforce and put in force technical and structure safety measures.

Have processing Agreement contracts in a vicinity with 1/3 parties you contract to method statistics for you. Appoint an information Protection Officer (though no longer all corporations need one — more on that during this article).

Data security You’re needed to take care of statistics securely by means that of implementing “appropriate technical and organizational measures.”

Technical measures mean whatever from requiring your employees to use two-factor authentication on bills where personal information is stored to getting with cloud vendors that use end-to-end encryption.

Organizational measures are matters like personnel training, adding a statistics privateness policy to your worker handbook, or limiting gets admission to personal statistics to only these personnel in your business enterprise who want it. If you have got a facts breach, you have seventy-two hours to inform the facts subjects or face penalties. (This notification requirement may additionally be waived if you utilize technological safeguards, admire encryption, to render data useless to AN attacker.)

CONCLUSION:

What is GDPR, the EU’s new facts protection law? What is the GDPR? Europe’s new information privateness and safety regulation consist of heaps of pages’ really worth of new necessities for companies around the world. This GDPR summary can help you understand the law and determine what components of it follow to you. The General information Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world. Although it was drafted and handed by means of the EEC (EU), it imposes duties on businesses anywhere, so long as they target or acquire statistics related to humans in the EU. The legislation used to be put into effect on May 25, 2018, and helping data and IT services more significantly.

The GDPR will levy harsh fines towards those who violate its privateness and protection standards, with penalties achieving into the tens of hundreds of thousands of euros. With the GDPR, Europe is signalling its company stance on data privacy and security at a time when greater humans are entrusting their facts with cloud services and breaches are each day occurrence. The law itself is large, far-reaching, and pretty light on specifics, creating GDPR compliance a frightening prospect, mainly for tiny and medium-sized organisations (SMEs).

It’s difficult to imagine a corporation that can be more affected by GDPR than ADP (Automatic Data Processing). The corporation gives cloud-based Human Capital Management (HCM) and commercial enterprise.

Outsourcing offerings to extra than 650,000 corporations globally. ADP holds PII for hundreds of thousands of humans around the world, and its clients expect the organization to be GDPR compliant and to assist them to do the same. If ADP is determined non-compliant with GDPR, it dangers no longer solely fines however the loss of commercial enterprise from customers expecting ADP to possess them is covered.

Cadillac SRK_ARTVAR1

If you’re gazing for an immediate twenty four hour Cadillac keysmith service, you are in the right place. Passaic Key Replacement ration a local ignition switch repair, popalock and car key replacement services in Passaic NJ and greater surrounding area for each and every single motor vehicle year, model and manufacturer of automobiles by an adroit <strong>car keysmith</strong>. <br/><br/>Utilizing our useful high tech equipment and current cutters and programmers we ready to transfer nearly every sort of cars, whether it’s Japanese, domestic, European and Asian automobile manufacturers including a twenty four hour emergency car lockout and replacement keys services. In lieu of towing or going with your vehicle to the regional dealership for a regular lost key made service, we care the swiftest most appropriate solving to your car key lock dilemma on site for every maker, model and year.

Models: ESV, Vizon, CTS, STS, Sixteen, Aurora, Escalade, DeVille, XLR, Ciel, Allante, DTS, SRX, BLS and Cien

Cadillac lost key made in Passaic NJ

Passaic Key Replacement proudly hires a commissioned conversant <strong>key replacement</strong> man-power who will typically drive to your juncture with a work van fully armed diagnostic, compilers and cutters appliances capable to repair, program and replace each car key and lock situation regardless of of year, style or model avoiding harm to your the existing lock, door frame or car window. Alternately to hauling your vehicle to the dealer-ship and disuse needless time waiting on line, we minister a current expert for a budget and a quick broken ignition keys extraction, fob key and keyless device copied, VATS/PATS transponder chipped key programming or car lockout at your side. , call us now at (973)200-4870 for get a free no-obligation precise quotation as well as the estimate time of arrival to your position.

About Cadillac key and lock platform

Cadillac is an American universal car maker based in NYC, New York, America Created in 1902 by making higher end cars. <br/><br/> Cadillac started using transponder chipped keys in 1997. Some outdated vehicles keys could be easily reproduced employing control board procedure, though with majority of current designs the combination of audio and infrared message is encrypted and an exclusive diagnostic appliances is required. <br/><br/> Modern designs (since 2007) adopts push-start electrical ignition system and the <strong>Adaptive Remote Start & Keyless Access</strong> as key-less entry.

Ignition switch repair

The Cadillac ignition  has three phases that kindle specific system as the key is turned. The ignition lock will kindle the electronic parts on the first position, kindle the fuel supply on the second position and start the engine on the 3rd position. <br/><br/> One of the most frequent thing we get asked over the phone to assist with, is troubleshooting ignition cylinder problems. Even though we are always pleased to try and help in diagnosis your situation, it might be very hard to do so over the phone. Apart from carrying relevant Cadillac diagnostic and lock cracking tools, an elemental understanding of how vehicle ignition cylinder works is required, but before you call an ignnition lock-man please check the options below: <br/><br/> </p> <h5>No lights on dashboard</h5> <p> If you turn the ignition on but no lights come on at the dash board which in fact means that no electricity coming from the car battery. It might be a dead battery or often a failed alternator or electronic wiring connection could cause this. Turn over the headlights, if they wont light up, it means the battery is empty which is a problem for a  mechanic shop. <br/><br/> </p> <h5>Key will not turn in ignition</h5> <p> Most car compose of a steering wheel locking mechanism that activates whenever you take the ignition key out  at the end of a drive. Often, the steering column is in a position that puts pressure to the ignition cylinder, and bars the key from turning (when parking up a hill) or when a front wheel is pressed against something (e.g. pavement rock). <br/><br/> Warning - Before you try fixing this complication, assure that your car shifting gear is on park. <br/><br/> Hold the  wheel and try to turn the locked steering wheel to the sides right and left and left and right while lightly jiggling the ignition holding the key - which might help to release the steering column. <br/><br/> The ignition cylinder is remarkably significant component of any motor vehicle and consisting manifold tiny units that might be wearisome to inspect by an unskilled hands, so the most you may do coming across ignition lock  problems is to verify you’re actually trying to start up your very own car and ask a car key-smith to come out to your juncture to rekey, repair  replace the key or ignition which will priced as approximately $150–$325.

Transponder chip key generate

Motor vehicle ignition, keys and locks have evolved in the 90’s with development in electric chips and sidewinder cutting infrastructures to authorize actions as <em>vehicle antitheft</em> protection, mirror adjustment, power windows, automatic door opening and locking and many more. <br/><br/> Although transponder chipped key is incredibly practical, copying is no longer a fast, budget rate trip to the provincial hardware store or dealer. Occurrences like breaking a flipkey remote, dead key-fob battery or stolrn transponder chip key, besides the fact that the key must be cut to match the lock cylinder, it also need rightly computed to the car computer system and will cost you about 180-600$ depend on year, maker and model.

Cadillac keyless entry

Push button start ignition infrastructure come with a fobik device that a driver can keep in the purse, pocket or briefcase, or everywhere in 5 ft to the receiver in the vehicle. <br/><br/> The smartkey chip transfer a specific low-level combination of audio and infrared signal to the car's computer, which in turn confirms that the right signal has been sent and authorizes the driver to remotely open and close the car door locks and furthermore click a toggles on the dash-board to turn off or fire up the car bypassing inserting a key or pressing a toggles on the fob. <br/><br/> Although smartkeys and push to start ignition has become greatly applicable, even on mid-level cars, these infrastructures haven't yet reached the status of  essential requirement as electronic door locks and windows, nevertheless, the convenience aspect is a a key consideration for varied smart keys consumer.

Copy vs lost car keys

Car keys lately cost way more then $1.50 metal blade keys at a hardware or walmart store. Present-day Cadillac keys have gone computerized  flipkey, fob key, laser cut and smart key incorporating chipped keys that must be programmed with computer equipment to the vehicle immobilized computer. If the immobiliser doesn't detect a matching chipped key, the fuel supply will demilitarize and the vehicle wouldn't turn over. This technology arranges a safety factor insuring the car will forget a misplaced or stolen key. <br/><br/> Even though dash-board console platform is handy on few early vehicles to easily duplicate keys, normally to get an extraneous key copied, the transponder in the key need to be programmed by a compatible key programmer carried by a locksmith or the dealer-ship which usually priced at roughly $50-$120 in addition to the price of the blankey. <br/><br/> Misplacing a key to a car is a complete different occasion, as the engine control module need to be programmatically rekeyed to accept the new key and renounce the lost key which means that you’ll must hire a mobile vehicle lock-man or haul your vehicle to the dealership. <br/><br/> Using this process arranges a safety factor insuring the car will forget the misplaced or stolen key, however lost key made, system available solely to the Cadillac dealer or a licensed locksmith and therefore will priced as approximately $175–$275.

24hr car lock-out

Locked out of your car? No problem  WE CAN HELP!. Our trusted agent cater an adept lockout services twenty four hour 7 day a week 365 days a year. <br/><br/>With our contemporary lock-cracking equipage as well as attentive and professional skilled work force, we promise you fast and reliable service for your pop a lock emergency needs.. Our mission is to serve premium quickest vehicle lock out in town Our road-side agents specialize in remarkably all key troubles onsite, doesn’t matter what vehicle maker, model and year.

Car locks alterating

Did you lost your car keys?, got one of your Cadillac keys filched? or contracted for a new Cadillac ignition and prescribe to reinstate an older one?, cleave to ensures that no one else have the skill to run your car? Good News! You should look no further, for the sake of re keying of vehicle locks is one of Passaic Key Replacement head idiosyncrasy. Our professionals can converse the internal pins inside your door or ignition lock, so it would use the newish key and discount the old one. Elevate the buzz and call our dispatch center to get your vehicle lock qualified by a professionally trained locksmith in no time

Last word

Passaic Key Replacement team are on a duty call 24/7 with the quickest expedient response in town. If you need to program a new remote, locked-out of your car or misplaces the keys to your vehicle and want ward off the tow truck to the dealer, pick up the phone and dial at (973)200-4870, explain abount your year, manufacturer of cars, model and your address. Our thoroughly fitted local craftsmanship are able to response promptly open your locked car, recover your lost key or copy a flip key or a key-less entry at your side and help you back inside your vehicle promptly with cost-effective rates. . If you’re inspecting for Cadillac key replacement service 24HR in Passaic New Jersey, call (973)200-4870 for a reliable local mobile locksmith, lost car keys made, ignition repair, transponder, keyless entry remote fob cut and program.

07 | Privacy

Pre-Reading

This week in your tutorial class you’ll be debating privacy - specifically should the government or government agencies collect and have access to your data for good purposes, or should citizens, e.g. you, have a right to privacy which stops them?

2019 - Facial Recognition to Replace Opal Cards

... board trains using only their faces, with no need for Opal cards, barriers or turnstiles.

What about in the case of twins or people who look similar

Can someone impersonate someone else 

Would covering the face pose an issue 

Would many people boarding or leaving the train hide another person resulting in them unable to “tap” on / off

Good for people who may forget their opal 

Prevent people from fare evasion 

No worry about forgetting to tap on and off 

I want people to not think about their travel. To quite literally turn up and go. Customers have already embraced using their credit cards or electronic device to tap on and off trains.

True but that often does not tie in with their faces 

Pro reasons as above 

The data collected would be of enormous commercial value to whomever owned it.

... require extensive public consultation to ensure that citizens’ rights are not impacted ...

This is indeed a major concern 

Personally I don’t see an issue with what we have now. 

... difficult to see how an opt-out system could be opt-out when everyone using the transport system would be scanned ...

It is a lot of things that need to be stored in a system 

It is a system that is arguably not very reliable 

Digital identity verification will eventually be integrated with biometric recognition. This will read someone’s face, retina, breath, gait or voice to enable next level authorisation and access. 

But how is that relevant for public transport 

It’s hard to get all the biometrics required to truely verify a person in as short of a time frame as getting on a train especially if they just managed to get on the train by running. 

2019 - AFR discusses Facial Recognition

Couldn’t read much since I don’t have a financial review subscription

Check-in is by facial scan. 

How does this work ?

Do you submit a photo of yourself while booking?

The usual vulnerabilities should still be there i.e. housekeeping would still be able to get access 

I guess this makes access to the room harder than if its just with a key card providing a signal to the door which can be really attacked. 

... our features are already being used for a multitude of purposes ...

All of this requires a face to it initially 

Do they use photos from people’s passports or do everyone have to go to a location and get a 360 full body shot and them walking etc. 

I can’t say ID or passport photos are particularly up to date as you can opt for renewal of either every 10 years. Meaning, these photos may be almost a decade out of date.

2019 - Australian Views on Surveillance

Not only can this information be shared for reasons of national security, it can also be used for general law enforcement, and even road safety.

I am ok for this use of facial recognition 

...allows government agencies greater access to encrypted messages, like those sent over WhatsApp.

I am less ok with this but then again this is probably something WeChat has been doing with the Chinese Government 

Fun fact! If you criticise or say a phrase that the Chinese Government won't like on WeChat, you can’t actually send it out. Like you would still see it on your end, but the other people in the chat or in your moments won't even see that posted. This means the app has some sort of filter that prevents people from criticising the government. Fun! 

For instance, in the six years after 9/11, the Howard government pushed through a new anti-terror statute  [every 6.7 weeks on average].

Measures to ensure safety is often more closely looked at after a horrific incident as this is when the public will be more receptive to these changes. 

on average, people didn’t particularly trust the government to manage data.

I can’t blame them as they often don’t make the best decisions 

Threat of repurposing: when information collected for one purpose is used for another.

2018 - Facial Recognition Used by Aus Authorities

MISIDENTIFICATION! 

91 per cent of matches incorrectly identifying innocent members of the public.

When face recognition is used to identify suspects, there are often multiple records of images of people who are a close match to the suspect. This can result in a high error rate, posing a risk that innocent people are accused of criminality and wrongdoing.

This capability will only enable more targeted searching using still images taken from closed-circuit television or surveillance, for example, to quickly identify a person of interest to help keep the community safe

How much better would the machine be at identifying different faces compared to just a human when looking at a probably low resolution image taken from the CCTVs. 

2017 - Benefits of Surveillance (My god this was so long) 

However, policy makers can cherry-pick intelligence – select the intelligence that suits their political agenda and ignore the rest 

This has always been an issue, especially in the media, meaning, this is a very probably thing to occur

Tactical operations are more specific – targeted at specific individuals or groups. Here individuals are put under surveillance because they are, for example, suspected of plotting a terrorist attack or of being spies passing classified information to foreign countries. There is a defined beginning and end to this type of surveillance. Intelligence collected on a strategic level, however, is more broad – conducted against a foreign government or military for an unspecified time period, for example. While the goal is to gain information on the target entity’s activity, what will be discovered is unknown. Strategic intelligence “determine[s] the nature of the threat,” while tactical intelligence “relates to a specific operation”

How would you know they need to be under surveillance in the first place? Did they already show signs before hand? Did they just stumble on them randomly one day? Or are they going to keep an eye on particular groups? Really tiptoeing the line of racial profiling here. 

In other words, what he viewed as reasonable (or proportionate) on the morning of Sept. 10 was different than what he saw as reasonable on the afternoon of Sept 11. For instance, after 9/11, collection of American phone metadata was determined to be lawful and proportionate ... 

Events may change how a person makes decisions. If the person is powerful enough, they may result in a change involving large populations of people. 

This holds true for the public, if they have a reason to fear, they may push for a change in the law so that they feel more safe and protected 

If someone poses a security threat, British intelligence will seek to intercept that person’s communications. If someone is not a security threat and is not in contact with someone who is, intelligence agencies are not permitted to intercept their communications. 

This is a great way of handling the collection of data of individuals. They respect the privacy of those that are not involved in anything that may result in their surveillance. 

In Class Discussion 

The class is split into 2 groups to discuss reasons for and against facial recognition to be used as surveillance. 

I was part of the against group. 

Side Note: We joked that maybe when it comes to the debate, the 2 sides might have to swap what they are going to be arguing about. We jinxed ourselves. 

Topics to Argue

Scope of Abuse

Single point of failure  

Lack of Accuracy (What I chose to focus on) 

91% fail rate 

Technology is not superior to human recognition 

Centralisation of Data

security 

Lack of Trust of Government / Technology

Potential of single point of failure 

Cost of Implementation

While still making the system, it might become outdated and is vulnerability 

Human Rights 

Lack of accuracy of technology 

If the photos are based on passports and drivers licences, adults can opt for either a 5 or 10 year licence / passport meaning that these photos may be out of date.

Effectiveness of technology shows it is still less accurate than humans 

Accuracy rates significantly lower for people with skin / minorities and places with dark lighting 

Points FOR giving data 

Why are people ok with facial recognition in their phones and devices?

Your phone and facebook is able to detect familiar faces in your photos.

A lot of people use the facial recognition system to unlock their devices. 

When going through customs while entering Australia

They check your face against your passport

The fast lane gets you to insert your passport then stand in front of a camera 

These systems are fast 

China’s system, called Skynet, can reportedly scan its 1.3 billion citizens within one second with an accuracy rate of 99.8 per cent, which led to 2000 arrests between 2016 and 2018.

Near real-time tracking could be conducted for reasons as nebulous as “community safety”.

Why should the innocent be punished for the selected few?

How else will you determine who is likely to perform terror acts without prior surveillance? Are you going to wait until they preform their first terror act?

If done incorrectly, are that would be discrimination against particular groups

Unfair laws 

Laws go through a long process and hierarchy before being passed.

People can petition and protest which is often effective in preventing bills from being passed 

People can also change laws through referendums 

How are those with malicious intentions able to act on the information gained from their health records? 

Give them high enough blood pressure to kill them??

Force feed them peanuts if they are allergic?

How likely are they able to actually get access to the person to do harm according to the information they got from the health record

Thoughts 

This was an incredibly fun topic to argue about even if we had to switch sides all of a sudden and I am not very good at being put on the spot. It allowed me to consider the opposing viewpoint and try to find ways to justify those reasons.  It also helped me solidify my position in this topic as originally I was incredibly on the fence. 

In the end, I am against constant surveillance as I do enjoy my privacy. However, if in the future it was implemented correctly and it is used for the greater good, I may reconsider my stance on this issue. 

FAQ: Why Brazil’s Plan to Mandate Traceability in Private Messaging Apps Will Break User’s Expectation of Privacy and Security

Despite widespread complaints about its effects on human rights, the Brazilian Senate has fast-tracked the approval of “PLS 2630/2020”, the so-called “Fake News” bill. The bill lacked the necessarily broad and intense social participation that characterized the development of the 2014 Brazilian Civil Rights Framework for the Internet and is now in the Chamber of Deputies. The Chamber has been holding a series of public hearings that should be considered before releasing a new draft text. 

The traceability debate has mostly focused on malicious coordinated action on WhatsApp, which is the most popular encrypted messaging tool in Brazil. There has been minimal discussion of the impact on other tools and services such as Telegram, Signal, or iMessage. WhatsApp uses a specific privacy-by-design implementation that protects users by making forwarding indistinguishable for the private messaging app from other kinds of communications. So when a WhatsApp user forwards a message using the arrow, it serves to mark the forward information at the client-side (and count if it's more than 5 times or not), but the fact that the message has been forwarded is not visible to the WhatsApp server. In such a scenario, the traceability mandate would take this information, which was previously invisible to the server, and make it visible to the server, affecting the privacy-by-design secure implementation and undermine users' expectations of privacy and security.  

While we do not know how a service provider will implement any traceability mandate nor at what cost to security and privacy, ultimately, any implementation will break users’ expectations of privacy and security, and would be hard to implement to match current security and privacy standards. Such changes move companies away from privacy-focused engineering and data minimization principles that should characterize secure private messaging apps. Below, we will take a deep dive into a series of questions and answers to explain why the current language of two critical issues of the Senate’s bill would undermine human rights:

PROBLEM I: A tech mandate to force private messaging servers to track “massively forwarded” messages sent to groups or lists 

Article 10 of the bill compels private messaging applications to retain, for three months, the chain of all communications that have been “massively forwarded.” The data to be retained includes the users that did the mass forwarding, date and time of forwardings, and the total number of users who received the message. The bill defines “mass forwarding” as the sending of the same message by more than five users, in an interval of up to fifteen days, to chat groups, transmission lists, or similar mechanisms that group together multiple recipients. This retention obligation applies only to messages whose content has reached 1,000 or more users in 15 days.  The retained logs should be deleted if the virality threshold of 1,000 users has not been met in fifteen days.

Many of the most obvious implementations of this article would require companies to keep massive amounts of metadata about all users’ communications, or else to break encryption in order to get access to the payload of an encrypted message. Even if other implementations are possible, we don’t know exactly how any given provider will ultimately decide to comply, and at what cost to security, privacy, and human rights. Ultimately, all such implementations are moving away from the privacy-focused engineering and data minimization that should characterize secure private messaging apps.

When does access to the traceability records occur?

The third paragraph of Article 10 states that access to these records will “only occur with the purpose of determining the liability of mass forwarding illicit content, to constitute evidence in criminal investigation and procedural penal instruction, only by court order” as defined in the Brazilian Civil Framework for the Internet. (In Brazil, defamation liability can be obtained through a moral damage claim under civil law. But it is also a crime. Criminal defamation has been widely criticized by UN Special Rapporteurs on Free Expression and others for hindering free expression.)

The text is ambiguous. In one interpretation, both “mass forwarding purpose” and “criminal investigation” are mandatory elements. This means that the metadata could only be accessed in criminal investigations that involve the mass forwarding of a message. In another interpretation, this article may allow a much broader range of uses of the recorded message history information. In this interpretation, the elements related to the responsibility for massive forwarding of illegal content and to use in criminal investigations are separate, independently permitted uses of the data. In that case, the retained metadata could also be used to investigate illegal acts under civil law related to massively forwarded messages and also could be used for criminal investigations unrelated to massively forwarded messages.

How does traceability break the users’ expectation of secure and private messaging?

In common implementations, including WhatsApp’s, probabilistic end-to-end encryption ensures that an adversary can neither confirm nor disconfirm guesses about a message’s content. That also includes confirming a specific guess that the message was not about a certain topic. In such scenarios, traceability allows someone with access to the metadata to confirm that a user did send a message that was identical to another message (even when the content of that message is unknown). This disconfirms the guess that the user was actually talking about something else entirely, disconfirms the guess that the user was writing something original, and disconfirms many other possible guesses about the content! In general, “forward” vs. “write something new” is a kind of activity that is fundamentally related to knowing something about the content. 

In some cases, the fact that a person forwarded something could be extra-sensitive even when the forwarded item is not necessarily illegal, e.g. when someone who made a threat wants to punish someone for forwarding the threat, or when someone wants to punish a leaker for leaking something. WhatsApp made a specific privacy-by-design implementation that protects users by making forwarding indistinguishable for WhatsApp server from other kinds of communications. 

How does traceability for criminal and civil cases interfere with the right to privacy and data protection?

Traceability in civil and criminal cases creates serious concerns about privacy and freedom of expression. Revealing the complete chain of communication for a massively forwarded message can also be intrusive in a distinctive way beyond the intrusion of revealing individual relationships: the complete history for certain messages may reveal the structure and membership of a whole community, such as people who all share a certain belief or interest, or who speak a certain minority language, even when none of them is actually involved with illegal activities. The avenues are open for abuse.

Brazil is one of the few democracies with a Constitution prohibiting anonymity exclusively in the context of freedom of expression. However, that prohibition does not extend to the protection of privacy nor in accessing information anonymously. Moreover, such a restriction to anonymous speech cannot serve to impede the expression altogether when this protection is crucial to enable someone to speak in circumstances where her life or physical integrity might be at risk. 

The Inter-American Commission on Human Rights (IACHR) Office of the Special Rapporteur for Freedom of Expression has explained that privacy should be understood “in a broad sense as every personal and anonymous space that is free from intimidation or retaliation, and necessary for an individual to be able to freely form an opinion and express his or her ideas as well as to seek and receive information, without being forced to identify him or herself or reveal his or her beliefs and convictions or the sources he or she consults.” Anonymity does not shield Internet users who engage in  “illegal speech” in accordance with international human rights law. In all those cases, the IACHR Office has noted that judicial authorities would be authorized to take reasonable measures to disclose the identity of a user engaged in an illegal act as provided by law. At the United Nations, the Special Rapporteur on Freedom of Expression has also noted that “encryption and anonymity provide individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attack.” 

What could go wrong with achieving a traceability mandate?

First, forwarding a popular message does not mean you should automatically be under suspicion. In fact, the virality of a message does not change the privacy and due process rights of the original sender nor the presumption of innocence, a core requirement of international human rights law. Second, the first person to introduce some content into a particular private messaging system could be wrongly viewed as or assumed to be the author who massively forwarded an alleged illegal message.  Third, a person who forwarded content by any means other than an app’s forwarding interface could be wrongly viewed as or assumed to be the author. People could be framed as authors of content that they were not actually involved in creating. People could also be more frightened about sharing information if they think it’s more likely that someone will try to punish them for their role in disseminating it (which is also a very disproportionate measure for the huge majority of innocent users of messaging systems). Finally, the line between originating and forwarding messages can be blurred either by the government, leading to overzealous policing, or in the public's eyes, leading to self-censorship. The latter also creates a serious concern for freedom of expression.

Which assumptions are wrong in the traceability debate in Brazil?

Article 10 seeks to trace back everyone who has “massively forwarded” a message for the purpose of investigation or prosecution of alleged crimes. This includes the originator as well as everyone who forwarded the message, regardless of whether the distribution was done maliciously or not. The supporters of the bill have argued that mass retention of the chain of communication is needed to help trace back who the originator of the message was. 

That assumption is wrong from the outset.

First, while the details of how traceability will be carried out are based on the providers’ implementation choices, it shouldn't necessarily imply that there will be mass centralized retention. However, that would be the most simple implementation, so we have serious concerns about it. Mass data retention is a disproportionate measure that would affect millions of innocent users instead of only those investigated or prosecuted for an illegal act under criminal or civil law. Mass data retention programs can be arbitrary, even if they serve a legitimate aim and have been adopted on the basis of law. On this front, the UN High Commissioner for Human Rights stated that “it will not be enough that the [legal] measures are targeted to find certain needles in a haystack; the proper measure is the impact of the measures on the haystack, relative to the harm threatened; namely, whether the measure is necessary and proportionate.” These measures are not necessary and proportionate to the problem being solved. 

Second, legislators should take into account that metadata is personal data under Brazil’s data protection law when it relates to an identified or identifiable natural person. This means that companies should limit personal data collection, storage, and usage to data for legitimate, specific and explicit purposes, and such processing should be relevant, proportional, and non-excessive in relation to the purposes for which the data is processed. Recently, the Brazilian Supreme Court issued a landmark decision stressing the constitutional grounds for the protection of personal data as a fundamental right, separate from the right to privacy. As Bruno Bioni and Renato Leite have argued, “The new precedent of the Supreme Court is such a remarkable shift of how the Court has been analyzing privacy and data protection because it changes the focus from data that is secret to data that is attributed to persons and might impact their individual and collective lives, regardless of whether they are kept in secrecy or not.” Legislators should consider the impact on the right of data protection when requesting a traceability mandate in light of such developments. 

Third, the bill assumes that only messages that become widely forwarded need to be traceable, regardless of whether the distribution of the message was done maliciously or not. This assumption is wrong on both counts. 

Fourth, the bill ignores the fact that data minimization is essential in every privacy-by-design system, and is a key component of Brazil’s data protection law. Some systems have been developed to retain less data by not tracking the relevant information and don’t necessarily have a sensible way to begin to track it, which may lead to technological changes that would break users’ expectations of privacy and security. 

Fifth, traceability will not help trackback the originator of a message. Users of private messaging apps routinely use them to share media that they got somewhere else. For example, WhatsApp users might share a cartoon that they originally found on a web site or a social media site, or that they previously received through a different messaging app like Telegram or iMessage or through WhatsApp Desktop. In that case, a version of WhatsApp with traceability still doesn’t have any way of distinguishing between the case where the first user drew the cartoon herself, and the case where she found it in one of these other media. She’s simply tracked as the first person to introduce that cartoon into a particular forwarding chain on WhatsApp, but that’s obviously different from having created it herself. Similarly, for text messages, anyone who retyped a text message, or copied and pasted it (maybe from a different app or medium), would still be tracked as the original author by virtue of having been the first one to introduce the message into the particular app. 

Forwarding something other than by using a traceability-compliant in-app forwarding feature would presumably break and restart the chain. For example, WhatsApp users who receive text messages could copy and paste them instead of using the “forward” button inside WhatsApp or WhatsApp Desktop. The software wouldn’t have a way to correctly identify this as a form of forwarding. Likewise, if the phone number used is a virtual number or a foreign non-Brazilian one, the non-Brazilian account nor the virtual number will be covered by this law. In such scenarios, the software won’t be able to trace back the foreign originator. Similarly, in WhatsApp, the originator’s identity is not strongly and reliably authenticated by technical means. It is simply maintained as a metadata field within the forward encrypted message that can be seen by the client’s applications but not by the WhatsApp server. For example, the encrypted message headers might say that a certain message had originated from the user with an indicated telephone number. Official client software that complied with the requirements of these proposals would then copy that header, with no changes, when forwarding a message to new recipients.) So people using unofficial client software could remove or obscure it, or could even frame someone else as responsible for a message. It would not be practical to confirm by technical means whether the reported sender was really involved in originating the message or not. (Other proposals may be able to solve these problems, but at a significant cost to privacy, since the service provider would need to have much more access to confirm for itself exactly what its users are doing before the malicious act happens.)

Why are calls to separate private, encrypted conversations from group conversations misguided?

One argument for traceability is that, while private conversations and mass media or mass discussions should each be able to exist, they shouldn’t be combined. In other words, a particular tool or medium should either be private and secure (and only practical for use by small groups of people) or public (and visible, at least to some extent, for others in society to notice and respond to either in the media or via the legal system). This argument criticizes existing services for having both a private character (in terms of the confidentiality of contents and users’ behavior) and a quasi-mass media character (in terms of the extremely large audience for some forwarded items). But these arguments ignore the fact that, even under this traceability mandate, messages can be forwarded from person to person while not preserving their ultimate origin, or entire forwarding history, making it much less likely that the true original sender of very widely distributed content can ever be identified with confidence.

 Many existing private messaging systems already do not necessarily provide traceability. Why not? 

Consider email: you can forward an email message without necessarily forwarding any information about where you got it from—and you can also edit it when forwarding it, to remove or change that information. Systems like email don’t have traceability because they’re somewhat decentralized, and because they give users complete control over the content of the messages they send (so that the users could simply edit out any information that they don’t want to include). 

Encryption and privacy features have also discouraged traceability because modern systems are typically designed so that the developer or service provider doesn’t know exactly who is writing what, or what the content of a message is—including properties like whether or not two messages have the same or similar contents. (Even when WhatsApp, for example, centrally stores a copy of media attachments so that users don’t have to use up time and data re-uploading things that they forward, the design of the system avoids letting the company know which media is or isn’t included as an attachment to a particular message.) 

Regardless of why, many recently-developed messaging tools also do not allow traceability—some for the same reasons as email, some simply because their developers don’t feel that it would be in the users’ interest overall, and they may want to reduce users’ anxiety about being punished or threatened over information that they have passed along.

Why will newer technologies or messaging systems have difficulties complying with these proposals?

Though the messaging apps themselves may not appear “decentralized,” as email is, the idea of tracking when a user “forwards” a message may depend on control over client applications that simply don’t exist. It’s implausible to imagine that all client applications will cooperate with restrictions and limitations in the same way, or even can. Some systems are too decentralized (there is no central operator who could be responsible for compliance). This mandate assumes that application providers are always able to identify and distinguish forwarded and non-forwarded content, and also able to identify the origin of a forwarded message. This depends in practice on the service architecture and on the relation between the application and the service. When the two are independent, as is often the case with email, it is common that the service cannot differentiate between forwarded and non-forwarded content, and that the application does not store the forwarding history except on the user's device.  This architectural separation is very traditional in Internet services, and while it is less common today in the most-used private messaging applications, the obligation would limit the use of XMPP or similar solutions. This could also negatively impact open source messaging applications.

Is there any connection between traceability and innovation according to Article 10 and 11 of the Senate’s version of the bill? 

Article 10 compels private messaging applications to retain the chain of communications that have been “massively forwarded” based upon a virality threshold. Article 11 states that the use and trading of external tools by the private messaging service-providers aimed at mass messages forwarding are forbidden, except in the case of standardized technological protocols regarding Internet application interaction. The bill requests that a private messaging service provider must adopt policies within the technical limits of its service, to cope with the use of these tools.  We don’t know how a provider will comply with either Article 10 or Article 11, but it will presumably require developers to actively try to block and suppress the use of third-party software that interacts with their platforms by strictly controlling the client applications (to ensure that they cooperate with tracking forwarding history by recording whether they had or had not forwarded a message, and updating the records about the history). Many traceability proposals require the developer of a communication system to stop other people from developing or using third-party software that interacts with that system. So the developer is expected or required to monopolize the ability to make client application tools, and in turn to be the only one who is allowed to change or improve those tools. This limits interoperability in a way that will likely be damaging to competition and innovation. 

How does traceability relate to other efforts to regulate messaging services? Some countries such as China, Russia, and Turkey have threatened to ban messaging tools that don’t force data localization, government-approved content moderation policies, and mandatory legal ID of users. This traceability mandate would force similar practices to Brazilian users. No one’s government should keep them from practicing private, secure communication, and Brazil’s government should not consider joining the ranks of countries whose residents are at risk of prosecution and privacy invasion simply for using secure messaging.

PROBLEM II: Social media and private messaging companies may be required to collect users’ legal identification when there are complaints of violations of the "fake news" law (Article 1, Article 7, 5-iv, Article 5-ii, Article 7, sole paragraph)

As a result of this article, “large” social networks and private messaging apps (that offer service in Brazil to more than two million users) “may” demand a valid ID document from users where there are complaints of violations of the "fake news" law, or when there are reasons to suspect either automated accounts are bots not identified as such, or that they are behaving inauthentically, such as assuming someone else's identity to deceive the public. The system for submitting complaints for violations of the law could also create new serious unintended consequences by opening the door to abusive, inaccurate claims. For example, malicious actors may file false claims as a means to identify a certain account in order to harass the user.  The bill also exempted parody and humor, as well as pseudonyms from the application of the law. But this supposed failsafe won’t protect pseudonymous users; while users are explicitly permitted to use pseudonyms, the service provider “may” still demand their legal identities.    Article 7 (sole paragraph) compels social networks and private messenger apps to create some technical measures of detecting fraud in account creation and in the use of accounts that fail to comply with this bill. Providers will be forced to convey those new mechanisms in their terms of use and other documents available to users. Read together with Article 5, I, (identified account, means that the application provider has fully identified the account owner with confirmation of data previously provided by the owner). These new provisions seem to match many companies' existing practices but may be expanded and enforced in cases of non-compliance with this bill.

How will companies' obligation to identify users impact human rights?

Compelling these companies to identify an online user should only be done in response to a request by a competent authority, not by default without legal process. Currently, Brazil's Civil Rights Framework exempts subscriber data from the usual requirement for a judicial order for competent authorities. “Competent administrative authorities” can already directly demand these types of data in certain crimes. Police authorities have also already claimed the ability to directly access subscriber data, and at a recent hearing at the Chamber of Deputies, the representative of the Federal Prosecutors' Office agreed that the information already collected by application providers is enough to identify users in investigations. Also according to the prosecutor, demanding the collection of ID numbers would be disproportionate, run afoul of data minimization concerns, and could bring issues regarding ID counterfeit as well as authenticity challenges. 

Ultimately, forcing companies to demand identification of users will not solve the fake news problem; it will create a new series of problems, and will disproportionately impact users. 

Conclusion

There are policy responses and technical solutions that can improve the situation: for example, limiting the number of recipients of a  forwarded message, or labeling viral messages to indicate they did not originate from close contact. Silencing millions of other users, invading their privacy, or undermining their security are not viable solutions. While this bill has several serious flaws, we hope the Chamber of Deputies will take into account these particularly egregious ones, and recognize the danger, and ineffectiveness, of the traceability mandate.

from Deeplinks https://ift.tt/2ES1qe1

Lectures 06

Sick Richard on Skype

In hashing we want avalanching, so that one tiny change to the original document will completely change the hash. The point is to protect the whole document, don’t want to just protect a section of it. So just changing one tiny thing, adding an extra 0, a full stop, should change it completely.

Initialisation Vector

Like an initialisation lump of data

Mixing data and control example: Richard ‘stealing’ from the Post offices

Post office brought in express mail, with envelopes $5-10 each and satchels Was a lady at the door not much else

While I’m (Richard) standing in line I just open the satchel and put all the express post envelopes into the satchel, then I seal the satchel and address it to myself. So paid like 10 bucks for it and got it posted to me

They took them out of the shop for him, was ambiguous whether the stuff he was holding in the shop were his to be posted or the shop’s items for Richard to purchase. Objects to be purchased/objects to be posted

Same problem as having control and data in the same channel

Harvard Architecture A computer architecture with physically separate storage and signal pathways for instructions and data.

Buffer overflow

You can ‘persuade’ the computer that the array/buffer is bigger than it really is and write to the parts of the stack that are supposed to be the frozen/asleep programs. This contains stuff like what the other programs are about to do next, what their current variables are, so that is both control and data.

The return address will be where the last guy left off, but you can write to the return address and tell it to go to somewhere you control, e.g. back to the start of your program and keep doing this and this way you can execute your own code.

This is a buffer overflow attack

How can you write beyond the ends of a buffer? Generally you can only do this if code is written badly, but this happens all the time.

Moore’s Law The number of transistors in circuits doubles about every two years

And related to this, computing power doubles in slightly less than that

Wanna be able to assume someone has the physical disk but still can’t access the data

Most hard disks generate a key randomly to encrypt the disk, the encrypted version of that key is stored on the disk, and that key is encrypted with the user’s password.

Weaknesses normally don’t happen based off attackers attacking what you think they’re going to hack,

e.g. if something’s using AES-256 its unlikely that AES is what will be attacked, but rather the weaknesses in how it’s been implemented

Authentication is a tough problem to solve. How do you confirm people/computers are who they say they are?

I.e how can a computer determine who’s who in the real world

3 factors of auth

Something you know

Something you have

Something you are

Week 6 Notes and Reflection

REFLECTION

What a funny lecture - poor Richard was sick and instead gave the lecture over Skype. Too bad Skype has bad quality but it was delayed. Still I was able to learn lots!

One of the interesting things I learnt was buffer overflow attacks, and potentially how easy it is to make a mistake in your code where a malicious user can overflow the buffer. I also found it interesting on how the NSA is very resourceful compared to the rest of the world on this cryptographic stuff. They are hiding security vulnerabilities and methods that we may never know for a long time. For example, they might know a vulnerability in Windows but will keep it to themselves so they can exploit them to attack Iran or something.

My group also did the Cryptocurrency lecture. It went better than I thought, I thought we would be like 40 mins and cut out halfway through the presentation, but only 5 minutes over so it was good!!!

Richard played a very strange prank on us, apparently the first 10 mins of his lecture was “prerecorded”, which is rather strange, because he said he liked the questions/answers from our cryptocurrency group, but if he recorded the first part that means he was pretending, lol. Don’t understand.

NOTES

Initialisation Vectors - When an algorithm deals with a sequence of things e.g. merkle/damgard construction. We need avalanche effect. The point of a hash is to protect the whole document - we protect the whole document - capture the identity of the whole document. The idea is hash one block, roll that on and hash the next block etc. The very first requires as an Initialisation Vector (WEP is a stream cipher - it uses an IV somewhere).

A password like the one in the exam - 3 words concatenated together is still not that secure even though it might be 12 characters long.

WEP used a 64 bit key which is reasonable. How do we get users to type a 64 bit key?? Let’s let the user type a 40bit password, then we generate the rest - Initialisation Vector. Only 24 bit IV - Only need 2^12 to get a collision. IV collisions are a disaster - as soon as there is a collision, you have 2 different plain text with the same key, then it becomes easier to attack.

Mixing Data and Control - 

Richard lining up in the post office - post office doesn’t really have much security. Then they brought in Express Post - the stamp thing was pretty expensive. You could get packets of stamps from the shop (not much security). He also needed the satchel, which was very expensive. They moved the counter and it was near the door. He put all the stamps into the satchel, and posted it to himself!! Similar to WEP attack.

Look at Harvard Architecture - one stack for data, one stack for control.

Buffer overflow - Alec1 phrack magazine should read the article. Smashing stack for fun and profit. 

All that is happening in a PC is a CPU doing one thing at an instant. The computer is rapidly interleaving processes (context switching). The way it does this is through CPU interrupts. A stack keeps track of the current jobs and the interrupted jobs.

Buffer Overflow How It Works - All the data process is using is on the stack. When a process wakes up someone tells you the status of the local variables etc, and it was stored in the disk, and read back from the disk when it wakes up. The program that is running has the ability to store data on the stack. Instead of saving to disk, we store all the data saved on the stack for fast wakeup. The stack is stored backwards - E.g. House 1, 2, 3, 4. If you overflow the array (e.g. 100 byte array). If you can persuade the PC that it was 1000 bytes long, and then it will write to the stack, which is the middle of the stack frame of the person who is asleep. It contains a lot of control information - it contains pointer to the next instruction to be executed. As soon as the PC wake ups, it will execute that. You write to the return address of the asleep routine - change it to point to an area of memory you control - then you put your program in there and it will be executed. An attack usually involves putting the code itself in the buffer, and the return address being the pointer to the beginning of the buffer. Lets the user enter info, and the code doesn’t check the amount of info the user typed in fits in the array. E.g. user types in string containing - their program, nothings, overwrite return address.

Proof Of work - We want someone to do a lot of work. Proof of work in bitcoin - blockchain. A lot of work to make a new “page” of ledger book - hash needs lots of leading zeroes. In order to change a page few days ago requires you to modify the blockchain - too hard. Series of solving “puzzles”. Lots of work to fake pages in ledger. Keep trying to change the magic number to gets lots of zeroes. If you get enough zeroes, you solved the puzzle. e.g. 16 zeroes = 2^16 hashes. 

Moore’s Law - Number of transistors exponentially increasing over time. About every year or 2 - double the number of transistors. Compute power also increases (doubles every 18 months - every 18 months attacker gains 1 bit of security). 

Disk Encryption - If you want to encrypt a hard disk, how would you do it? They have physical access to the disk. Suppose you have 256bit key - will your normal password be good enough.... no. The way most hard disks do it is that they generate a key randomly and the encrypted version of that key is stored on the disk with the user’s password. Why is it better than encrypting the whole disk with the user’s lame password.

Disk Encryption Attack - You’ve told Windows to encrypt the hard disk. To save time, if the drive already has the encryption feature, Microsoft will just give the data in plaintext to the encryption feature of the drive. 

When you write something to RAM and you turn the power off, it takes a while for the information to leak away. What they did was sprayed an aerosol can on the RAM chip. Then you just read back, and then you can find the encryption keys. Trying to read active memory. Spray keeps the temperature cool.

Very unlikely a cryptographic protocol will be attacked - Weaknesses usually happen on the endpoints - the backdoor open. E.g. the OS. 

Encryption Algorithms

Ciphers after WW2 and before RSA - Most of the heavy lifting done by other encryption problems. RSA works because it is a hard mathematical problem. In the old days the hardness is tied to obscurity, jumbling things up. E.g. banks sent data to other banks, what did they do? They rolled their own. Security by obscurity, was pretty bad until 70s. NIST came up with a standard. They had a competition, trying to figure out the best algorithms - but barely anyone put anything up!! Decent thing was made up by IBM (Lucifer). They realised NSA works on codes and things. Guy from NIST went to NSA with the IBM algorithm. IBM cipher was jumble it, jumble etc, iterate it lots of times. NSA looked at the algorithm, published it, and change one random number to another random number. Decade later, people realised they can use differential analysis to crack it, but NSA already knew this!! 

DES was adopted. Kept asking for new ones, new ones etc. It was until 2000 NIST run a competition for an algorithm, and finally lots of cool algorithms appeared. The winner became AES. Better than DES.

Symmetric Ciphers - If you have knowledge of the key, you can use for encryption and decryption. Only asymmetric cipher is RSA.

Earthquake - San Andreas fault line. What would you do if an earthquake struck? Think about crisis and how to respond during crisis. Have sneakers next to their bed to jump out. Have Go Bag

Block Modes - read up about "Block Modes" - only need to learn/understand ECB, CBC, CTR. Adapt something that deals with fixed sized modes to variable sized things. In Cipher block mode means how you can combine them together to get the ciphertext. ECB (concatenating, the simple one). 

Mission Impossible Red box - To open the box needs prime minister recognition etc. Need all the 3 things right. Suppose youre the box designer. How can you build a USB stick that the data can only be accessed by the legitimate person? The problem of authentication.

Authentication - Identifying for who? Computer/human? If the human makes decision is that still authentication? Facebook goes around giving people names - is that authentication. Police scanning surveillance footage - is that authentication? Baggage screening - rather than looking for bad things, they look for good things. Authenticating stuff in bag. 

Auth - The computer making the decision, can we have a computerised authentication system? What decisions? E.g. shoot a gun, login to FB? Does the decision have a physical impact?

How can a computer decide someone is a French minister? Preloaded with DB with all the faces of French ministers?

How did you know your dad is your dad when you go home?

Factors - Authentication can be faked, and use Defence in Depth and use multiple factors. 3 Factors - Something you know (secret), you have, and you are.  

Hard to prove something is secret.

Use secrets to prove you are someone - Naive approach. How do you invent a shared secret? Post it like a bank? 

Something you have - Send SMS msg confirm code. (2FA). Worked well initially, but then people intercept messages.

Something you are - Face, fingerprint, retina scan. However easily fakeable. Costs 10c to make a fingerprint. Breathing on fingerprint scanner.

The computer doesn’t know the “something you have”, “are”, “know”. Etc there are 3 factors, but not really, there are just secrets. Computer is just 101010, they can mimic that and get in.

A bad can open a door by powering a solenoid - no need to press the button. Bad guy just has to know where the line is. 

Jay Tag - Selectively deactivate/activate circuits on board. 

At the end of the day, authentication in just data. 

MI IMPOSSIBLE box - someone can inject signal into the red box circuits. If the authentication is used for info, might be okay. Used the 3 pieces of info to combine into a key, then use that to encrypt the data.  Could work - but in terms of protecting atom bombs etc, authentication is a problem. Problem entirely based on secrets. 

French minister - Can’t make decisions without info from the outside world. North Korea - we know info could get in or out. They have an M&M type environment. The only people dictator worries about is the outside world. Danger is when the inside world has able to determine outside world. 

“outside” and “inside” world bubble.

WEB EXTENDED LECTURE

HTML is a language which defines elements in the web browser.

Javascript is a code embedded in HTML that defines logic and can interact with HTML elements.

On web servers you have databases stored in SQL. User sends HTTP post request, queries DB, Returns session cookie to user if valid and stores in the database if login successful. (Like Brain website)

HTTP Cookies / Sessions - small piece of data generated by server and stored on user’s computer. Session cookies is a unique id generated by the server and sent to the user when they connect.

Session Hijacking - If you steal someones cookies, put it into your browser, you’ll be logged into their account.

XSS - Launching malicious script into website. Inject memes, steal cookies and modify DOM elements. you can do whatever the site owner can do.

Reflected XSS - Input immediately returned to the client. 

Stored XSS - The injection returns in a later request. 

Samy is my hero linkedin XSS bug

Injections - Malicious SQL statements inserted into an entry field for execution. Allow attacks to spoof identity, tamper with existing data, view the data etc.

Blind Injection - Exploit an application rather than getting a useful error msg they get a generic page specified by the developer instead. 

Command Injection - Grep command injection.

Cross Site Request Forgery - They are logged in on a website somewhere. Browser sends cookie back for each request you make. So send a link to someone, it uses the cookie, boom send money. Defences - Tokens for the session. Expect this token back for all communications to the server.

CRYPTOCURRENCY EXTENDED LECTURE

This was my group!

Getting A Video Recording Baby Monitor: A Helpful Guideline

There are so many Video Baby monitors on the market nowadays that when it involves purchasing one, it can all be a little overwhelming. What kind of Monitor should you obtain, what features are important, what price should you pay? These are all concerns to believe about.

To aid you choose the right Video Recording best video baby monitor with 2 cameras for you, I have placed together a short overview of exactly what features and also features to take into consideration, to make sure that you could with confidence get the appropriate one.

 Kind of Transmission

 Video Baby displays are primarily a radio transmitter between the parent device as well as the cam. Many Video Baby checks nowadays have either analog or digital transmission and work on different regularities, typically around 49MHz, 900MHz and also 2.4 GHz. Analog displays (usually 900MHz) are cheaper to acquire but are extra open up to disturbance and also the array shorter, up to around 300 feet. Digital, on the other hand, offers a more safe and secure as well as interference cost-free function, and a longer signal variety, however has the tendency to be more expensive. Something to think of before you acquire a Video clip Baby Monitor, is to check out at other digital tools you have in your home such as cordless phones, microwave ovens, WiFi or blue tooth tools and also try to pick a version that runs on a different regularity band. This is since having gadgets on the exact same regularity as your Baby Monitor could cause interference. Note that signal function depends on whether you live in a largely populated area or an extra rural or country place. If you're close to next-door neighbors who take place to have a Video Recording Baby Monitor or other cordless gadgets after that this could conflict with your signal. If you want a Video Recording clip Baby Monitor that is totally secure as well as safe and secure, after that you need to think about getting one that has frequency hopping and information file encryption modern technology.

 Parent Unit

 A lot of Video Recording Baby Monitor moms and dad units come with a color LCD screen. It truly all depends on Best Ways To plainly you desire to see your Baby, however I think a 3.5" screen is flawlessly appropriate. If you really desire the most recent technology you can take a look at the Summertime Infant Baby Touch Video Recording Monitor which is the very first Monitor that has touch screen technology.

 Portability

 A lot of Video Recording Baby screens are extremely portable and are created to be portable. Lots of had a built-in kick out stand so you can position it on a level surface or with a belt clip so you could connect it to your belt or waistband to be hands totally free. Some even appear like cellphones that you could bring about in your hand or pocket or place in the billing station.

 Night Vision

 A wonderful feature that the majority of Video Baby screens have is automated black and also white evening vision capability. From low light to complete darkness, the in-built infrared LED lights on the electronic camera enable you to see your Baby as much as a specific variety. Some displays allow you to see as much as 10ft, but others more than 20ft from camera to baby crib.

 Two-Way Talk Back

 Having two-way communication is a truly cool attribute that parents truly enjoy. The two-way sound between the parent system and cam in your youngster's area enables you to speak with your kid without you also existing as well as you can hear them gurgle back to you.

 Expandability

 When you get a Video clip Baby keeps track of most come with one camera, but with some versions you could acquire 2, providing a conserving. Numerous versions can sustain as much as 4 electronic cameras, allowing multiple usage throughout your residence. Picking a monitor that allows expandability is practical if you assume you will certainly have to cover more locations of your house, e.g. if you have or are planning more than one kid or have or are having doubles.

 Movement and also Noise Sensors

 Another amazing feature is activity or noise alert sensing units. A lot of electronic cameras have very sensitive built-in microphones so when your Baby begins making sounds you will be immediately signaled. This is great in the evening when your Video Monitor is switched off and just switches on if voice activated.

 Audio Lights

 This function is generally discovered in Video Baby displays. The louder the Baby's noise is the brighter or even more lights will come on, depending on the design.

 Temperature sensing unit

 Some designs supply a temperature level sensing unit that could keep an eye on the temperature in your Baby's area. Ideally, the temperature level ought to be between 68 to 72 degrees F. Again this is an useful feature, but understand that some consumers have actually grumbled the temperature level is not precise on some models.

 Volume control

 Most models come with the ability to manage the volume. With some versions you have to scroll via the menu to access the volume control which can be a bit of a duty, whilst others have quantity control on the side of the Monitor which is easier.

 Lullabies

 Some Video Baby monitors featured preloaded lullabies. Some moms and dads actually enjoy this function whilst others reported that the audio quality was tinny and also frustrating. I would possibly not advised buying a design especially for the lullabies as you may be dissatisfied, yet if it happens to have this feature then well and also good. In the end, one of the most vital factor to consider is to buy a version that uses excellent photo as well as audio high quality, is interference complimentary as well as safe and secure. Obviously it's always nice to have an all vocal singing as well as dance version, however the even more features you have, the extra pricey the device. I wish this has been a practical overview.

This blog is mainly for myself but it may serve anyone who needs a refresher or who is beginning to enter the world of SIP and Skype for Business. Coming from a traditional Microsoft background, when I started with Lync I had no conception of voice, or SIP and spent the best part of my early career actively avoiding anything to do with the subject.

I have never been officially trained on Lync or Voice over IP. All of my knowledge has been a mixture of trial and error, death by fire and reading other people’s blogs. Some might say this is the best way to learn, and while I agree to a point, there are times where I am in a room full of people and feel like the novice still. There are still some areas where I feel I have gaps in my “data bank” as it were. As a result, I often find it difficult to grasp some concepts on how things work outside of Lync / Skype for Business. I have never deployed or administered a Cisco or Avaya PBX system for instance because I just haven’t been in a situation where I have needed to. I am Microsoft, why would I have this experience? But as a Skype consultant you’re expected to have knowledge of these systems to some degree if you are to integrate voice especially.

I know I am never going to deploy or work on these other systems, but learning how the underlying protocols work gives you a firmer footing to deal with questions around it. For instance Cisco and Microsoft are two very different VoIP ecosystems but they can quite easily talk to one another because under the bonnet there is a common set of protocols that define how they fundamentally work. SIP is just one of these protocols. Both Cisco, Microsoft and others conform to at least SIP RFC 3261 an internet standards based protocol. Granted almost every system has their own small modifications to the protocol (usually additional information only relevant to their system within the SIP message) but the core methods are pretty standardised. The result is of course that systems can communicate with each other at various degrees of integration.

Viewing SIP messages in Skype for Business you need the debugging tools installed on your machine. SIP messages are not located in Server Event Logs like most Microsoft applications.  They are stored in log files on clients and can also be captured from the Server using centralised logging or using a network packet capture program such as Wireshark.

With Skype for Business Online and Cloud PBX you lose some of this end to end traceability because you don’t have access to the Front End Servers, so all your troubleshooting is done using the client log file called Lync-UCCApi.UCCApiLog located in the local app data folder of the user’s profile. You open this log using Snooper, a tool included in the Skype for Business Debugging Tools. Snooper is a log parse program especially designed to parse Skype for Business SIP log files. It provides deep insight into a SIP conversation and it fundamental to troubleshooting communication problems within the Skype for Business ecosystem.

SIP Messaging 101

When you first open Snooper and parse the log file it can be quite daunting. I still struggle sometimes and get lost. Hence the reason for this blog. The key tab you probably always want to start in is the “Messages” tab. Here, lists all the SIP messages captured by the log. The trace tab gives you verbose information of the entire log file.

The first thing you want to do is filter the log to show only to conversation you want to troubleshoot. You can do this by searching the log for unique values e.g. the called party or find the first invite in the conversation and right click to find related messages to the same conversation. Either way you end up with something like this

This image shows you the complete conversation that happened between two parties. To explain what is going on here, there is a process flow view in Snooper (the purple icon top right with arrows) that provides a graphical view of a conversation

This view lists out the entire message transaction log of the conversation in order. Before we jump into a SIP message and try to make sense of it, lets look at the methods and responses of a normal conversation.

A conversation begins when an endpoint sends an INVITE method to their SIP Proxy (Skype for Business Front End or Edge). The INVITE contains information on who the endpoint is, who they are trying to contact and other information required in order to setup a call such as location information, supported methods and features. The SIP Proxy then forwards the INVITE to the called parties SIP Proxy which then forwards to the called parties endpoint (if available). Once the called parties endpoint accepts the INVITE it responds with a 200 OK message. The calling parties endpoint then sends an ACK message to the called parties client and then the call is setup to allow media to flow.

However, while this is going on, a whole bunch of other stuff is happening to make sure that by the time the calling party sends the ACK, both clients are ready to accept media.

You will notice that between the first INVITE and the ACK, several events happen. Events starting with 1xx are informational messages that provide an update to clients during a conversation. 100 TRYING means that the SIP Proxy is trying to proxy the communication to the called party. 101 PROGRESS REPORT is the result of the TRYING request. 183 SESSION PROGRESS is often referred to as Early Media. Early Media does not mean necessarily that media will be established, but rather the point when media capabilities between endpoints are exchanged. Typically 183 messages contain SDP information which tells each client what codec to use and which media candidate to connect to. Eventually you will see a 180 RINGING message. This is often referred to as Late Media. This is the point where both endpoints have enough information of each other in order to communicate and is often the point where you can guarantee that the called party will hear a ring tone. When the called party picks up the receiver, then the 200 OK message is sent by the called party and the ACK by the calling party. Then bingo!, you have an established call.

When the conversation ends, the endpoint that leaves the conversation first sends a BYE message to the other party. When the other party receives this message it responds with a 200 OK message and the call is then teared down and no longer valid.

Contents of a SIP Message

When you look at the body of a SIP Message it looks similar to e-mail. This is because the SIP protocol is an ASCII based protocol, meaning that it is a human readable format. As a result, people can make sense of what is going on rather than having to convert hex to ASCII to find error codes etc.

This image is an extract from the first INVITE message sent in a conversation. We can see it is an INVITE as the method is clearly displayed in BOLD and contains the SIP address of the called party as well as the protocol being used (SIP version 2.0). The VIA header is the network layer that the client is going to use. In this example we are using SIP version 2.0 encrypted with TLS from 192.168.1.61 which is the calling parties host machine. The port 32528 is a ephemeral outbound port that is used for SIP messages relating to this conversation.

The MAX-FORWARDS header is the amount of times that this message can be forwarded by a SIP Proxy before it is dropped. 70 times is an industry standard maximum. The FROM header contains the identity of the calling party and the TO header contains the identity of the called party exactly like an e-mail.

The CALL-ID header is a globally unique ID (similar to a MAC address) of the conversation. This ID is used to identify all subsequent messages relating to this conversation. The CSEQ header is the Call Sequence identifier. Here 1 is displayed because it is the first message to be sent and the method used is INVITE. This will increment as the conversation continues and is useful to determine where you are in a conversation when troubleshooting.

The CONTACT header contains the identity of the party where responses should be sent to. The USER-AGENT is the physical client the party is using to generate this conversation. In this case we can see that it is Skype for Business version 16.0.7571.2109 which relates to Skype for Business 2016 Click to Run Windows.

The SUPPORTED headers contain information of what other methods and headers the client supports in this conversation. Here we can see that the client supports features like transfer, escalation to conference, media bypass, early media, session timer etc. The MS-Conversation-ID is a Microsoft only header that is used to keep track of the conversation internally. The MS-KEEP-ALIVE header is also a Microsoft header that is used to keep connections alive when SIP is sent over the TCP network transport protocol. Noteworthy mention here is that UAC means User Agent Client e.g. my workstation. If it was UAS this would mean User Agent Server which would be the SIP Proxy server.

The ALLOW header tells the other party what SIP methods the client supports. So we have INVITE, BYE, ACK which we have already talked about, but what about the others?

CANCEL – this method is used to cancel a pending message / request e.g. you hang up before the called party answers

INFO – This is used for mid-session signaling information to be passed between clients

UPDATE – This is used for when something changes in a conversation from the last setup configuration, such as changing codecs due to bandwidth etc.

REFER – Refer is used to transfer a conversation from one endpoint to another like transferring from your desk phone to your mobile, or to another party entirely, or even voicemail

NOTIFY – Notify is used to alert an endpoint when the state of another endpoint changes. For instance the presence status of your contacts changes, your client will receive an alert of this in a NOTIFY message via the presence broker (front end server) which handles the SUBSCRIBES (explained later).

BENOTIFY – This is specific to Skype for Business / Lync. BE NOTIFY or Best Effort Notify is a method that allows notifications to be sent without the receiving endpoint sending an 200 OK and generating an ACK. The result of this is less network traffic. BENOTIFY is used for less important alerts.

OPTIONS – This allows an endpoint (or user agent) to query the capabilities of another client to discover information about supported methods. This is used in Skype for Business to determine if communication can be established between two endpoints. You will hear the term SIP OPTIONS ping quite regularly as a method SBCs and ISPs use to determine if the gateways are online or not. A reply means up, and timeout means down.

The MS-SUBNET header is unique to Microsoft and this is used for determining the network location of the endpoint. This is different to the SIP Location Server in that this information is used specifically for E-911 within Skype for Business.

The MS-ENDPOINT-LOCATION-DATA header again is Microsoft specific and contains data about where the media will be travelling. In this case over the Internet. The P-Preferred-Identity header is the assumed asserted ID of the caller, until we figure this out. In this case my SIP address. This is used for Caller ID services and if not set correctly can cause problems when dialling over the PSTN.

The PROXY-AUTHORIZATION header is used to authenticate the session through SIP Proxies. The CONTENT-TYPE header tells us that the SIP message also includes an application. This application is SDP or Session Description Protocol which is used for determining Media Codecs and Target Media candidates (available endpoints).

Finally the CONTENT-LENGTH header contains the number of bytes the application consumes.

The session progress report provides the status of the call setup. Again this is referred to as Early Media and to reiterate does not mean that you can speak at this point, but rather a time where both user agents (endpoints) may have enough information about each other to theoretically establish a media stream. 183 can contain SDP information but 180 RINGING does not. For instance, when you call a contact center and it fake rings once or twice, then plays hold music, this is an example of Early Media in effect.

In this progress report we can see that we have a new header called RECORD-ROUTE. These headers contain a list of SIP proxies that the SIP message has traversed in order to reach the called parties user agent. In this conversation both parties are using Skype for Business Online, but the calling party is in the Amsterdam Office 365 data center, while the called party is in the Irish Office 365 data center.

We also begin to find out information about the called user agent. In this case the USER-AGENT header contains information about the called party device, a Yealink T48G Skype for Business Edition phone running firmware version 35.8.9.46. So we now know the endpoint we are going to get through to, but we need to understand it’s capabilities.

The 180 RINGING message is sent when the called party’s user agent has finished exchanging capabilities and understand what audio / video codec to use to communicate with the calling party user agent. Here we can see that the Yealink phone is allowing SIP methods INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE and MESSAGE.

Some have been discussed earlier in this post, but the ones we haven’t talked about yet are:

PRACK – stands for Provisional Response ACKnowledgement. This is like an ACK message but is used to provide a response to the sending user agent that the destination user agent has received a provisional message such as a 183 SESSION PROGRESS message. PRACK stops calls hanging in limbo in the event of a network issue during call setup.

REGISTER – This message is responsible for retrieving the user agent’s location from the SIP Location Server to find it’s Address of Record (AOR). In our case the Front End server is our registrar and location server and this will respond with the user-agents host IP address e.g. [email protected]. The REGISTER message is important part of multiple points of presence (MPOP) within Skype for Business and allows mobility between subnets.

SUBSCRIBE – This message is used to susbcribe the user agent to a particular service. This could be a presence broker or perhaps Exchange Unified Messaging (Voicemail) to return a notification of a new message and light up the message waiting indicator (MWI) on a desk phone for instance.

PUBLISH – Publish works in hand with SUBSCRIBE. When the subscribed to system want to send information to subscribed clients it uses a PUBLISH message. This is commonly used to notify clients of a new voicemail for instance.

MESSAGE – is the method that allows the transfer of instant messages between user agents. These could by system messages or end user communication.

Back to the 183 message, and we can see that the Yealink phone is sending its allowed features using the ALLOW-EVENTS header. We can see that it is allowing, audio, conference, hold and transfer.

The MS-TELEMETRY-ID header is a Microsoft header. This is used to provide Microsoft with telemetry information about the call and the ID is the telemetry identifier of this call. If you create a user policy that disallows telemetry data to be sent to Microsoft, then this header will not be present. However, for Skype for Business Online, it is on by default.

The MS-EDGE -PROXY-MESSAGE-TRUST header, again is a Microsoft only header. This contains the information about the called party’s Edge server and declares that this conversation can be trusted to traverse the Edge SIP Proxy at the destination without re-authenticating each time.

Now we move on to the SIP 200 OK message. After all the progress messages and call setup information has been discovered and decided, the 200 OK message is sent by the called party’s user agent when the call has been answered.

By now the message should be self explanatory, but we can see that within the 200 OK we now have the P-ASSERTED-IDENTITY of the called party. This will contain authoritative information about the called party’s identity aka Caller ID and is used for things like caller display, call back etc. If you had a SIP trace from the called party side, you would see the P-ASSERTED-IDENTITY of the caller too. If this header is wrong, or in an incorrect format e.g. contains ;ext=4000 at the end of the telephone number, then some PSTN carriers will not allow, or have problems forwarding your call to the intended recipient (e.g. the called party receives a malformed caller display). Therefore, it is good practice to strip any extensions from your identity as the call passes over your outbound SIP trunk from Skype for Business to your SBC.

The calling party’s user agent will send an ACK in response to the received 200 OK message from the called party’s user agent. This is just a simple acknowledgement and is the point where the user agents begin to send media.

When a party hangs up a call, both clients need to know when this happens in order to tear down a call. If this does not happen then the call will stay up until the session timer expires and no progress reports have been received within that time. Session timers can vary depending on the platform, from 30 seconds to 5 minutes I have seen. The impact of not declaring a call as being terminated could mean additional billing from your telephone service provider for consumed minutes.

To combat this the party who hangs up sends a BYE message to the other party. In this example you can see that the Yealink phone was the party who hung up first and therefore sent the BYE message to the Skype for Business client party. The party who receives the BYE message sends an ACK back to confirm it has received and understood the message and the call is then torn down.

Hopefully this post will help you understand how Skype for Business communicates and the fundamentals of how a call is established.

Honda Ignition Repair & Key Replacement Baytown TX

Honda Ignition Repair & Key Replacement Baytown TX - CALL (832)930-4422

http://www.baytownkeyreplacement.com/honda.html

The highly qualified lock-smiths at Baytown Key Replacement can administer all of your Honda security and locksmith demands. We are illustrious to provision a collection of car keys, lockes and ignition services and moreover the setting up of remote start and engine control module. Our trained lock smiths come through in road-side ignition repair, keys replacement and lock out occurrence and our main lifework is to go outside the limits to protect your privacy and protection by catering skillful and low-cost service any time of the day or night using contemporary lock-cracking tools, key programmers and diagnostic equipment and moreover industry's unheard-of well trained and skillful locksmith.

Honda replacement keys in Baytown TX

If you broken or misplaced your Honda keys, you have several options to procure a fresh set of Honda key replacement:

Driving to the Baytown TX homegrown dealer-ship is in most cases probably a reasonable or fast alternative to issue a brand-new key by the vehicle identification number, but in a few circumstances (for example General-Motors) the dealer-ship require you to have a bona fide car registration or title with a matching address on the owner ID. In a few other episodes, the dealer do not have access to older key codes by the VIN (for example Ford, Mazda and Lincoln), the dealership can create substitution keys only for patterns from the previous ten years.

Besides the bureaucracy above, in varied circumstances, your motor vehicle is locked on the street in a far province area, with a locked with the key in the truck or broken key in the ignition and to favor the dealership will subsume relatively extra $100 for a towing truck service.

About Honda keys and locks instrumentation

Honda is a Japanese manufacturer of automobiles of top quality cars functions as a Honda Motor Co marquee and one of Japan's widest manufacturer of automobiles of Scooters, average vehicles, higher end vehicles, Motorcycles and commercial vehicles world wide. with an head quarter in Minato, entered the market in 1946,  Honda mainly accommodate the same sort of electric locks and key instrumentation on most of their designs starting from 1996.

On decrepit designs, to cut and program a supplemental key on the dash-board console, the driver should have not less than one programmed operational key, withal to duplicate another key for latest model, a unique diagnostic machinery and key programmer is needed.

Since 2007,  Honda designs can accommodate the Smart Entry System for it's smart key or a push-button start ignition as a optional or standard mechanism.

Ignition switch repair

When the car does not start up, there are plenty of malfunctions which could be the source. Since the fuel supply system and car battery are linked to the ignition switch, the issue can be difficult to troubleshoot by an unskilled hands, however following are several typical malfunctions, which driver might have to cope with.

</p> <h5>ignition key is stiffly turning</h5> <p> If the key wont turn in the ignition lock, it could be due to a few reasons: Frequently this takes place when the steering wheel sized by the ignition with the car front wheels shift to the side (when parking up a hill) or if one of a two front wheels is pushed against something (e.g. curb stone). In this situation, try swinging the sized steering wheel to the sides right and left at the same time as gently jiggling the ignition gripping the key - this might help in releasing the steering lock.

</p> <h5>Dead car battery</h5> <p> Another common reason why your ignition lock might not work is a problem with the vehicle battery. A deplated battery might be as a result of electronic wiring or alternator failure. If your dashboard lights are off when you turn the key in the ignition, most chances you should call a vehicle mechanic.

The ignition lock is remarkably important systems of any car and consisting so many tiny components that can be difficult to troubleshoot by an unskilled hands, so the best you can do experiencing ignition switch or key problems is to assure you are in fact attempting to start your very own car and schedule with a car lock-smith to arrive to your place of choice to replace, reprogram  repair the ignition or key which will costs $150–$350.

Chipped key issue

20 years ago car-makers used no computerized chips in their keys and locks instrument. Vehicle lock picking and thievery was frequent and was a hefty distress to drivers and insurance companies world-wide.

The goal of using chipped keys is to attain antitheft infrastructure where the vehicle accommodate vehicle computer unit and the key accommodate a small size chip normally concealed into it's plastic apex.

As soon as the driver place the key into the ignition crack-hole, authorization code is conveyed to the engine control module. If the car computer system will not know the signal, the engine would not turn over. Transponder keys means that cutting the key to fit the ignition will not be enough if you want to start the vehicle, as the key has a chip that should be programmatically fit to the immobiliser.

Honda key-less entry

Honda key-less entry allow a user to unlock and lock the car door and furthermore firing up the vehicle while avoiding using a metal key, and since 2007, a lot of Honda models on the road are fitted with some type of a keyless device structure that integrates a short-range remote transmitter.

With a keyless entry, access to your Honda is most commonly achieved by delivering a radio frequency signal from a remote transmitter to an ECM in the vehicle on an encrypted channel when the driver simply walks within five ft of the car with the keyless entry in the pocket or on a key ring.

This audio and infrared waves signal and the Honda proximity key infrastructure, by the same token qualify push start ignition (also known as Push starting or Clutch starting). In this method a user is able of activating a car  by clicking a push-buttons on the dashboard in lieu of twisting a key in a crack-hole.

Copy vs lost car keys

The platform of cutting and programming a car key varies among different models and year of your Honda. For some vehicles, onboard programming could be employed to copy a chipped key. This process eliminates the obligatory extravagant key coding machine and key codes when matching a new transponder key to the car. Models who don't provision Control panel key copy  option must have an extra key programmed utilizing a compatible key coding machine that is applicable solely to Honda dealership or a commissioned locksmith.

This coding machine costs a few grands to procured which is one of the main reasons making an electronic car key costs extremely more than it does to plainly cut an old-fashioned mechanical key.

If you lost your car key and have no spare you’ll probably need to tow your car to the dealer-ship or schedule with a vehicle locksmith to come out to your place of choice to re-code the car computer system to accept the new key and reject the lost one. Lost key recovery require the driver to proove ownership like registration, title or insurance and will costs $195–$250.

24hour vehicle lock out

Forgetting your keys in the trunk, front seat or golve box is a deeply bothersome instance and a brisk popalock service is precious to your assurance and usefulness. To Afford the briskest car door unlocked service in town, we elect lockpicking handy staff who are prepared 24 hrs to appear at your location to open up your door and trunk, let you back into your car and put you on the road once again.

Vehicle locks adapting

Baytown Key Replacement is glad to lend all type of Honda rekey services on site to supplant a ripped, lost or busted keys. Close to all modern car are equipped with electronic keylock infrastructure and the process required to get your lock alterated have to compose of the appropriate coder for the exact motor vehicle. Instead of dragging your vehicle to the dealer, just elevate the buzz and call our call center in Baytown TX and one of our vehicle adapting team will be with you as swiftly as possible with a mobile work van incorporating most advance ignition parts, programmers, key cutters and blank keys ready to figure out any kind of emergency incidences.

To summarize

Our 24hr mobile lock-smith service let drivers get a deft lock-smith every time they need one. Call our call center! Our personals are viable 24-7-365 ready to come down to you in order to repair your ignition cylinder, duplicate fob key or remove your beokwen ignition key on premises.

Keep our number saved in your contacts for the next day you are experiencing an emergency lost or locked keys and need an immediate lock smith service.

Our company have built it's name as a credible and a truly swift reply and our personnel are trained to get the job done assuring total satisfaction for an affordable cost whenever required.. If you’re inspecting for Car key replacement service in Baytown Texas call (832)930-4422 for a reliable local automotive locksmith, who duplicate and replace trunk, door and ignition keys and remote fob made on the spot.

This blog is mainly for myself but it may serve anyone who needs a refresher or who is beginning to enter the world of SIP and Skype for Business. Coming from a traditional Microsoft background, when I started with Lync I had no conception of voice, or SIP and spent the best part of my early career actively avoiding anything to do with the subject.

I have never been officially trained on Lync or Voice over IP. All of my knowledge has been a mixture of trial and error, death by fire and reading other people’s blogs. Some might say this is the best way to learn, and while I agree to a point, there are times where I am in a room full of people and feel like the novice still. There are still some areas where I feel I have gaps in my “data bank” as it were. As a result, I often find it difficult to grasp some concepts on how things work outside of Lync / Skype for Business. I have never deployed or administered a Cisco or Avaya PBX system for instance because I just haven’t been in a situation where I have needed to. I am Microsoft, why would I have this experience? But as a Skype consultant you’re expected to have knowledge of these systems to some degree if you are to integrate voice especially.

I know I am never going to deploy or work on these other systems, but learning how the underlying protocols work gives you a firmer footing to deal with questions around it. For instance Cisco and Microsoft are two very different VoIP ecosystems but they can quite easily talk to one another because under the bonnet there is a common set of protocols that define how they fundamentally work. SIP is just one of these protocols. Both Cisco, Microsoft and others conform to at least SIP RFC 3261 an internet standards based protocol. Granted almost every system has their own small modifications to the protocol (usually additional information only relevant to their system within the SIP message) but the core methods are pretty standardised. The result is of course that systems can communicate with each other at various degrees of integration.

Viewing SIP messages in Skype for Business you need the debugging tools installed on your machine. SIP messages are not located in Server Event Logs like most Microsoft applications.  They are stored in log files on clients and can also be captured from the Server using centralised logging or using a network packet capture program such as Wireshark.

With Skype for Business Online and Cloud PBX you lose some of this end to end traceability because you don’t have access to the Front End Servers, so all your troubleshooting is done using the client log file called Lync-UCCApi.UCCApiLog located in the local app data folder of the user’s profile. You open this log using Snooper, a tool included in the Skype for Business Debugging Tools. Snooper is a log parse program especially designed to parse Skype for Business SIP log files. It provides deep insight into a SIP conversation and it fundamental to troubleshooting communication problems within the Skype for Business ecosystem.

SIP Messaging 101

When you first open Snooper and parse the log file it can be quite daunting. I still struggle sometimes and get lost. Hence the reason for this blog. The key tab you probably always want to start in is the “Messages” tab. Here, lists all the SIP messages captured by the log. The trace tab gives you verbose information of the entire log file.

The first thing you want to do is filter the log to show only to conversation you want to troubleshoot. You can do this by searching the log for unique values e.g. the called party or find the first invite in the conversation and right click to find related messages to the same conversation. Either way you end up with something like this

This image shows you the complete conversation that happened between two parties. To explain what is going on here, there is a process flow view in Snooper (the purple icon top right with arrows) that provides a graphical view of a conversation

This view lists out the entire message transaction log of the conversation in order. Before we jump into a SIP message and try to make sense of it, lets look at the methods and responses of a normal conversation.

A conversation begins when an endpoint sends an INVITE method to their SIP Proxy (Skype for Business Front End or Edge). The INVITE contains information on who the endpoint is, who they are trying to contact and other information required in order to setup a call such as location information, supported methods and features. The SIP Proxy then forwards the INVITE to the called parties SIP Proxy which then forwards to the called parties endpoint (if available). Once the called parties endpoint accepts the INVITE it responds with a 200 OK message. The calling parties endpoint then sends an ACK message to the called parties client and then the call is setup to allow media to flow.

However, while this is going on, a whole bunch of other stuff is happening to make sure that by the time the calling party sends the ACK, both clients are ready to accept media.

You will notice that between the first INVITE and the ACK, several events happen. Events starting with 1xx are informational messages that provide an update to clients during a conversation. 100 TRYING means that the SIP Proxy is trying to proxy the communication to the called party. 101 PROGRESS REPORT is the result of the TRYING request. 183 SESSION PROGRESS is often referred to as Early Media. Early Media does not mean necessarily that media will be established, but rather the point when media capabilities between endpoints are exchanged. Typically 183 messages contain SDP information which tells each client what codec to use and which media candidate to connect to. Eventually you will see a 180 RINGING message. This is often referred to as Late Media. This is the point where both endpoints have enough information of each other in order to communicate and is often the point where you can guarantee that the called party will hear a ring tone. When the called party picks up the receiver, then the 200 OK message is sent by the called party and the ACK by the calling party. Then bingo!, you have an established call.

When the conversation ends, the endpoint that leaves the conversation first sends a BYE message to the other party. When the other party receives this message it responds with a 200 OK message and the call is then teared down and no longer valid.

Contents of a SIP Message

When you look at the body of a SIP Message it looks similar to e-mail. This is because the SIP protocol is an ASCII based protocol, meaning that it is a human readable format. As a result, people can make sense of what is going on rather than having to convert hex to ASCII to find error codes etc.

This image is an extract from the first INVITE message sent in a conversation. We can see it is an INVITE as the method is clearly displayed in BOLD and contains the SIP address of the called party as well as the protocol being used (SIP version 2.0). The VIA header is the network layer that the client is going to use. In this example we are using SIP version 2.0 encrypted with TLS from 192.168.1.61 which is the calling parties host machine. The port 32528 is a ephemeral outbound port that is used for SIP messages relating to this conversation.

The MAX-FORWARDS header is the amount of times that this message can be forwarded by a SIP Proxy before it is dropped. 70 times is an industry standard maximum. The FROM header contains the identity of the calling party and the TO header contains the identity of the called party exactly like an e-mail.

The CALL-ID header is a globally unique ID (similar to a MAC address) of the conversation. This ID is used to identify all subsequent messages relating to this conversation. The CSEQ header is the Call Sequence identifier. Here 1 is displayed because it is the first message to be sent and the method used is INVITE. This will increment as the conversation continues and is useful to determine where you are in a conversation when troubleshooting.

The CONTACT header contains the identity of the party where responses should be sent to. The USER-AGENT is the physical client the party is using to generate this conversation. In this case we can see that it is Skype for Business version 16.0.7571.2109 which relates to Skype for Business 2016 Click to Run Windows.

The SUPPORTED headers contain information of what other methods and headers the client supports in this conversation. Here we can see that the client supports features like transfer, escalation to conference, media bypass, early media, session timer etc. The MS-Conversation-ID is a Microsoft only header that is used to keep track of the conversation internally. The MS-KEEP-ALIVE header is also a Microsoft header that is used to keep connections alive when SIP is sent over the TCP network transport protocol. Noteworthy mention here is that UAC means User Agent Client e.g. my workstation. If it was UAS this would mean User Agent Server which would be the SIP Proxy server.

The ALLOW header tells the other party what SIP methods the client supports. So we have INVITE, BYE, ACK which we have already talked about, but what about the others?

CANCEL – this method is used to cancel a pending message / request e.g. you hang up before the called party answers

INFO – This is used for mid-session signaling information to be passed between clients

UPDATE – This is used for when something changes in a conversation from the last setup configuration, such as changing codecs due to bandwidth etc.

REFER – Refer is used to transfer a conversation from one endpoint to another like transferring from your desk phone to your mobile, or to another party entirely, or even voicemail

NOTIFY – Notify is used to alert an endpoint when the state of another endpoint changes. For instance the presence status of your contacts changes, your client will receive an alert of this in a NOTIFY message via the presence broker (front end server) which handles the SUBSCRIBES (explained later).

BENOTIFY – This is specific to Skype for Business / Lync. BE NOTIFY or Best Effort Notify is a method that allows notifications to be sent without the receiving endpoint sending an 200 OK and generating an ACK. The result of this is less network traffic. BENOTIFY is used for less important alerts.

OPTIONS – This allows an endpoint (or user agent) to query the capabilities of another client to discover information about supported methods. This is used in Skype for Business to determine if communication can be established between two endpoints. You will hear the term SIP OPTIONS ping quite regularly as a method SBCs and ISPs use to determine if the gateways are online or not. A reply means up, and timeout means down.

The MS-SUBNET header is unique to Microsoft and this is used for determining the network location of the endpoint. This is different to the SIP Location Server in that this information is used specifically for E-911 within Skype for Business.

The MS-ENDPOINT-LOCATION-DATA header again is Microsoft specific and contains data about where the media will be travelling. In this case over the Internet. The P-Preferred-Identity header is the assumed asserted ID of the caller, until we figure this out. In this case my SIP address. This is used for Caller ID services and if not set correctly can cause problems when dialling over the PSTN.

The PROXY-AUTHORIZATION header is used to authenticate the session through SIP Proxies. The CONTENT-TYPE header tells us that the SIP message also includes an application. This application is SDP or Session Description Protocol which is used for determining Media Codecs and Target Media candidates (available endpoints).

Finally the CONTENT-LENGTH header contains the number of bytes the application consumes.

The session progress report provides the status of the call setup. Again this is referred to as Early Media and to reiterate does not mean that you can speak at this point, but rather a time where both user agents (endpoints) may have enough information about each other to theoretically establish a media stream. 183 can contain SDP information but 180 RINGING does not. For instance, when you call a contact center and it fake rings once or twice, then plays hold music, this is an example of Early Media in effect.

In this progress report we can see that we have a new header called RECORD-ROUTE. These headers contain a list of SIP proxies that the SIP message has traversed in order to reach the called parties user agent. In this conversation both parties are using Skype for Business Online, but the calling party is in the Amsterdam Office 365 data center, while the called party is in the Irish Office 365 data center.

We also begin to find out information about the called user agent. In this case the USER-AGENT header contains information about the called party device, a Yealink T48G Skype for Business Edition phone running firmware version 35.8.9.46. So we now know the endpoint we are going to get through to, but we need to understand it’s capabilities.

The 180 RINGING message is sent when the called party’s user agent has finished exchanging capabilities and understand what audio / video codec to use to communicate with the calling party user agent. Here we can see that the Yealink phone is allowing SIP methods INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE and MESSAGE.

Some have been discussed earlier in this post, but the ones we haven’t talked about yet are:

PRACK – stands for Provisional Response ACKnowledgement. This is like an ACK message but is used to provide a response to the sending user agent that the destination user agent has received a provisional message such as a 183 SESSION PROGRESS message. PRACK stops calls hanging in limbo in the event of a network issue during call setup.

REGISTER – This message is responsible for retrieving the user agent’s location from the SIP Location Server to find it’s Address of Record (AOR). In our case the Front End server is our registrar and location server and this will respond with the user-agents host IP address e.g. [email protected]. The REGISTER message is important part of multiple points of presence (MPOP) within Skype for Business and allows mobility between subnets.

SUBSCRIBE – This message is used to susbcribe the user agent to a particular service. This could be a presence broker or perhaps Exchange Unified Messaging (Voicemail) to return a notification of a new message and light up the message waiting indicator (MWI) on a desk phone for instance.

PUBLISH – Publish works in hand with SUBSCRIBE. When the subscribed to system want to send information to subscribed clients it uses a PUBLISH message. This is commonly used to notify clients of a new voicemail for instance.

MESSAGE – is the method that allows the transfer of instant messages between user agents. These could by system messages or end user communication.

Back to the 183 message, and we can see that the Yealink phone is sending its allowed features using the ALLOW-EVENTS header. We can see that it is allowing, audio, conference, hold and transfer.

The MS-TELEMETRY-ID header is a Microsoft header. This is used to provide Microsoft with telemetry information about the call and the ID is the telemetry identifier of this call. If you create a user policy that disallows telemetry data to be sent to Microsoft, then this header will not be present. However, for Skype for Business Online, it is on by default.

The MS-EDGE -PROXY-MESSAGE-TRUST header, again is a Microsoft only header. This contains the information about the called party’s Edge server and declares that this conversation can be trusted to traverse the Edge SIP Proxy at the destination without re-authenticating each time.

Now we move on to the SIP 200 OK message. After all the progress messages and call setup information has been discovered and decided, the 200 OK message is sent by the called party’s user agent when the call has been answered.

By now the message should be self explanatory, but we can see that within the 200 OK we now have the P-ASSERTED-IDENTITY of the called party. This will contain authoritative information about the called party’s identity aka Caller ID and is used for things like caller display, call back etc. If you had a SIP trace from the called party side, you would see the P-ASSERTED-IDENTITY of the caller too. If this header is wrong, or in an incorrect format e.g. contains ;ext=4000 at the end of the telephone number, then some PSTN carriers will not allow, or have problems forwarding your call to the intended recipient (e.g. the called party receives a malformed caller display). Therefore, it is good practice to strip any extensions from your identity as the call passes over your outbound SIP trunk from Skype for Business to your SBC.

The calling party’s user agent will send an ACK in response to the received 200 OK message from the called party’s user agent. This is just a simple acknowledgement and is the point where the user agents begin to send media.

When a party hangs up a call, both clients need to know when this happens in order to tear down a call. If this does not happen then the call will stay up until the session timer expires and no progress reports have been received within that time. Session timers can vary depending on the platform, from 30 seconds to 5 minutes I have seen. The impact of not declaring a call as being terminated could mean additional billing from your telephone service provider for consumed minutes.

To combat this the party who hangs up sends a BYE message to the other party. In this example you can see that the Yealink phone was the party who hung up first and therefore sent the BYE message to the Skype for Business client party. The party who receives the BYE message sends an ACK back to confirm it has received and understood the message and the call is then torn down.

Hopefully this post will help you understand how Skype for Business communicates and the fundamentals of how a call is established.

This blog is mainly for myself but it may serve anyone who needs a refresher or who is beginning to enter the world of SIP and Skype for Business. Coming from a traditional Microsoft background, when I started with Lync I had no conception of voice, or SIP and spent the best part of my early career actively avoiding anything to do with the subject.

I have never been officially trained on Lync or Voice over IP. All of my knowledge has been a mixture of trial and error, death by fire and reading other people’s blogs. Some might say this is the best way to learn, and while I agree to a point, there are times where I am in a room full of people and feel like the novice still. There are still some areas where I feel I have gaps in my “data bank” as it were. As a result, I often find it difficult to grasp some concepts on how things work outside of Lync / Skype for Business. I have never deployed or administered a Cisco or Avaya PBX system for instance because I just haven’t been in a situation where I have needed to. I am Microsoft, why would I have this experience? But as a Skype consultant you’re expected to have knowledge of these systems to some degree if you are to integrate voice especially.

I know I am never going to deploy or work on these other systems, but learning how the underlying protocols work gives you a firmer footing to deal with questions around it. For instance Cisco and Microsoft are two very different VoIP ecosystems but they can quite easily talk to one another because under the bonnet there is a common set of protocols that define how they fundamentally work. SIP is just one of these protocols. Both Cisco, Microsoft and others conform to at least SIP RFC 3261 an internet standards based protocol. Granted almost every system has their own small modifications to the protocol (usually additional information only relevant to their system within the SIP message) but the core methods are pretty standardised. The result is of course that systems can communicate with each other at various degrees of integration.

Viewing SIP messages in Skype for Business you need the debugging tools installed on your machine. SIP messages are not located in Server Event Logs like most Microsoft applications.  They are stored in log files on clients and can also be captured from the Server using centralised logging or using a network packet capture program such as Wireshark.

With Skype for Business Online and Cloud PBX you lose some of this end to end traceability because you don’t have access to the Front End Servers, so all your troubleshooting is done using the client log file called Lync-UCCApi.UCCApiLog located in the local app data folder of the user’s profile. You open this log using Snooper, a tool included in the Skype for Business Debugging Tools. Snooper is a log parse program especially designed to parse Skype for Business SIP log files. It provides deep insight into a SIP conversation and it fundamental to troubleshooting communication problems within the Skype for Business ecosystem.

SIP Messaging 101

When you first open Snooper and parse the log file it can be quite daunting. I still struggle sometimes and get lost. Hence the reason for this blog. The key tab you probably always want to start in is the “Messages” tab. Here, lists all the SIP messages captured by the log. The trace tab gives you verbose information of the entire log file.

The first thing you want to do is filter the log to show only to conversation you want to troubleshoot. You can do this by searching the log for unique values e.g. the called party or find the first invite in the conversation and right click to find related messages to the same conversation. Either way you end up with something like this

This image shows you the complete conversation that happened between two parties. To explain what is going on here, there is a process flow view in Snooper (the purple icon top right with arrows) that provides a graphical view of a conversation

This view lists out the entire message transaction log of the conversation in order. Before we jump into a SIP message and try to make sense of it, lets look at the methods and responses of a normal conversation.

A conversation begins when an endpoint sends an INVITE method to their SIP Proxy (Skype for Business Front End or Edge). The INVITE contains information on who the endpoint is, who they are trying to contact and other information required in order to setup a call such as location information, supported methods and features. The SIP Proxy then forwards the INVITE to the called parties SIP Proxy which then forwards to the called parties endpoint (if available). Once the called parties endpoint accepts the INVITE it responds with a 200 OK message. The calling parties endpoint then sends an ACK message to the called parties client and then the call is setup to allow media to flow.

However, while this is going on, a whole bunch of other stuff is happening to make sure that by the time the calling party sends the ACK, both clients are ready to accept media.

You will notice that between the first INVITE and the ACK, several events happen. Events starting with 1xx are informational messages that provide an update to clients during a conversation. 100 TRYING means that the SIP Proxy is trying to proxy the communication to the called party. 101 PROGRESS REPORT is the result of the TRYING request. 183 SESSION PROGRESS is often referred to as Early Media. Early Media does not mean necessarily that media will be established, but rather the point when media capabilities between endpoints are exchanged. Typically 183 messages contain SDP information which tells each client what codec to use and which media candidate to connect to. Eventually you will see a 180 RINGING message. This is often referred to as Late Media. This is the point where both endpoints have enough information of each other in order to communicate and is often the point where you can guarantee that the called party will hear a ring tone. When the called party picks up the receiver, then the 200 OK message is sent by the called party and the ACK by the calling party. Then bingo!, you have an established call.

When the conversation ends, the endpoint that leaves the conversation first sends a BYE message to the other party. When the other party receives this message it responds with a 200 OK message and the call is then teared down and no longer valid.

Contents of a SIP Message

When you look at the body of a SIP Message it looks similar to e-mail. This is because the SIP protocol is an ASCII based protocol, meaning that it is a human readable format. As a result, people can make sense of what is going on rather than having to convert hex to ASCII to find error codes etc.

This image is an extract from the first INVITE message sent in a conversation. We can see it is an INVITE as the method is clearly displayed in BOLD and contains the SIP address of the called party as well as the protocol being used (SIP version 2.0). The VIA header is the network layer that the client is going to use. In this example we are using SIP version 2.0 encrypted with TLS from 192.168.1.61 which is the calling parties host machine. The port 32528 is a ephemeral outbound port that is used for SIP messages relating to this conversation.

The MAX-FORWARDS header is the amount of times that this message can be forwarded by a SIP Proxy before it is dropped. 70 times is an industry standard maximum. The FROM header contains the identity of the calling party and the TO header contains the identity of the called party exactly like an e-mail.

The CALL-ID header is a globally unique ID (similar to a MAC address) of the conversation. This ID is used to identify all subsequent messages relating to this conversation. The CSEQ header is the Call Sequence identifier. Here 1 is displayed because it is the first message to be sent and the method used is INVITE. This will increment as the conversation continues and is useful to determine where you are in a conversation when troubleshooting.

The CONTACT header contains the identity of the party where responses should be sent to. The USER-AGENT is the physical client the party is using to generate this conversation. In this case we can see that it is Skype for Business version 16.0.7571.2109 which relates to Skype for Business 2016 Click to Run Windows.

The SUPPORTED headers contain information of what other methods and headers the client supports in this conversation. Here we can see that the client supports features like transfer, escalation to conference, media bypass, early media, session timer etc. The MS-Conversation-ID is a Microsoft only header that is used to keep track of the conversation internally. The MS-KEEP-ALIVE header is also a Microsoft header that is used to keep connections alive when SIP is sent over the TCP network transport protocol. Noteworthy mention here is that UAC means User Agent Client e.g. my workstation. If it was UAS this would mean User Agent Server which would be the SIP Proxy server.

The ALLOW header tells the other party what SIP methods the client supports. So we have INVITE, BYE, ACK which we have already talked about, but what about the others?

CANCEL – this method is used to cancel a pending message / request e.g. you hang up before the called party answers

INFO – This is used for mid-session signaling information to be passed between clients

UPDATE – This is used for when something changes in a conversation from the last setup configuration, such as changing codecs due to bandwidth etc.

REFER – Refer is used to transfer a conversation from one endpoint to another like transferring from your desk phone to your mobile, or to another party entirely, or even voicemail

NOTIFY – Notify is used to alert an endpoint when the state of another endpoint changes. For instance the presence status of your contacts changes, your client will receive an alert of this in a NOTIFY message via the presence broker (front end server) which handles the SUBSCRIBES (explained later).

BENOTIFY – This is specific to Skype for Business / Lync. BE NOTIFY or Best Effort Notify is a method that allows notifications to be sent without the receiving endpoint sending an 200 OK and generating an ACK. The result of this is less network traffic. BENOTIFY is used for less important alerts.

OPTIONS – This allows an endpoint (or user agent) to query the capabilities of another client to discover information about supported methods. This is used in Skype for Business to determine if communication can be established between two endpoints. You will hear the term SIP OPTIONS ping quite regularly as a method SBCs and ISPs use to determine if the gateways are online or not. A reply means up, and timeout means down.

The MS-SUBNET header is unique to Microsoft and this is used for determining the network location of the endpoint. This is different to the SIP Location Server in that this information is used specifically for E-911 within Skype for Business.

The MS-ENDPOINT-LOCATION-DATA header again is Microsoft specific and contains data about where the media will be travelling. In this case over the Internet. The P-Preferred-Identity header is the assumed asserted ID of the caller, until we figure this out. In this case my SIP address. This is used for Caller ID services and if not set correctly can cause problems when dialling over the PSTN.

The PROXY-AUTHORIZATION header is used to authenticate the session through SIP Proxies. The CONTENT-TYPE header tells us that the SIP message also includes an application. This application is SDP or Session Description Protocol which is used for determining Media Codecs and Target Media candidates (available endpoints).

Finally the CONTENT-LENGTH header contains the number of bytes the application consumes.

The session progress report provides the status of the call setup. Again this is referred to as Early Media and to reiterate does not mean that you can speak at this point, but rather a time where both user agents (endpoints) may have enough information about each other to theoretically establish a media stream. 183 can contain SDP information but 180 RINGING does not. For instance, when you call a contact center and it fake rings once or twice, then plays hold music, this is an example of Early Media in effect.

In this progress report we can see that we have a new header called RECORD-ROUTE. These headers contain a list of SIP proxies that the SIP message has traversed in order to reach the called parties user agent. In this conversation both parties are using Skype for Business Online, but the calling party is in the Amsterdam Office 365 data center, while the called party is in the Irish Office 365 data center.

We also begin to find out information about the called user agent. In this case the USER-AGENT header contains information about the called party device, a Yealink T48G Skype for Business Edition phone running firmware version 35.8.9.46. So we now know the endpoint we are going to get through to, but we need to understand it’s capabilities.

The 180 RINGING message is sent when the called party’s user agent has finished exchanging capabilities and understand what audio / video codec to use to communicate with the calling party user agent. Here we can see that the Yealink phone is allowing SIP methods INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE and MESSAGE.

Some have been discussed earlier in this post, but the ones we haven’t talked about yet are:

PRACK – stands for Provisional Response ACKnowledgement. This is like an ACK message but is used to provide a response to the sending user agent that the destination user agent has received a provisional message such as a 183 SESSION PROGRESS message. PRACK stops calls hanging in limbo in the event of a network issue during call setup.

REGISTER – This message is responsible for retrieving the user agent’s location from the SIP Location Server to find it’s Address of Record (AOR). In our case the Front End server is our registrar and location server and this will respond with the user-agents host IP address e.g. [email protected]. The REGISTER message is important part of multiple points of presence (MPOP) within Skype for Business and allows mobility between subnets.

SUBSCRIBE – This message is used to susbcribe the user agent to a particular service. This could be a presence broker or perhaps Exchange Unified Messaging (Voicemail) to return a notification of a new message and light up the message waiting indicator (MWI) on a desk phone for instance.

PUBLISH – Publish works in hand with SUBSCRIBE. When the subscribed to system want to send information to subscribed clients it uses a PUBLISH message. This is commonly used to notify clients of a new voicemail for instance.

MESSAGE – is the method that allows the transfer of instant messages between user agents. These could by system messages or end user communication.

Back to the 183 message, and we can see that the Yealink phone is sending its allowed features using the ALLOW-EVENTS header. We can see that it is allowing, audio, conference, hold and transfer.

The MS-TELEMETRY-ID header is a Microsoft header. This is used to provide Microsoft with telemetry information about the call and the ID is the telemetry identifier of this call. If you create a user policy that disallows telemetry data to be sent to Microsoft, then this header will not be present. However, for Skype for Business Online, it is on by default.

The MS-EDGE -PROXY-MESSAGE-TRUST header, again is a Microsoft only header. This contains the information about the called party’s Edge server and declares that this conversation can be trusted to traverse the Edge SIP Proxy at the destination without re-authenticating each time.

Now we move on to the SIP 200 OK message. After all the progress messages and call setup information has been discovered and decided, the 200 OK message is sent by the called party’s user agent when the call has been answered.

By now the message should be self explanatory, but we can see that within the 200 OK we now have the P-ASSERTED-IDENTITY of the called party. This will contain authoritative information about the called party’s identity aka Caller ID and is used for things like caller display, call back etc. If you had a SIP trace from the called party side, you would see the P-ASSERTED-IDENTITY of the caller too. If this header is wrong, or in an incorrect format e.g. contains ;ext=4000 at the end of the telephone number, then some PSTN carriers will not allow, or have problems forwarding your call to the intended recipient (e.g. the called party receives a malformed caller display). Therefore, it is good practice to strip any extensions from your identity as the call passes over your outbound SIP trunk from Skype for Business to your SBC.

The calling party’s user agent will send an ACK in response to the received 200 OK message from the called party’s user agent. This is just a simple acknowledgement and is the point where the user agents begin to send media.

When a party hangs up a call, both clients need to know when this happens in order to tear down a call. If this does not happen then the call will stay up until the session timer expires and no progress reports have been received within that time. Session timers can vary depending on the platform, from 30 seconds to 5 minutes I have seen. The impact of not declaring a call as being terminated could mean additional billing from your telephone service provider for consumed minutes.

To combat this the party who hangs up sends a BYE message to the other party. In this example you can see that the Yealink phone was the party who hung up first and therefore sent the BYE message to the Skype for Business client party. The party who receives the BYE message sends an ACK back to confirm it has received and understood the message and the call is then torn down.

Hopefully this post will help you understand how Skype for Business communicates and the fundamentals of how a call is established.