Scary security: Halloween costume ideas from the EFF and us

halloween

Still don’t have a Halloween costume?

The Electronic Frontier Foundation (EFF) has you covered – five costume ideas, all concerned with digital rights.

Facial Recognition Face Paint

If you’ve got a steady hand at face-painting or can whip up a stencil in time, the EFF suggests that you might want to recreate the blue lines of digitization algorithms on your own face.

As the rights organization points out, this is a great way to illustrate the news from earlier in the month, when we found out that facial recognition is being used by local and federal law enforcement far more than previously thought.

After looking at the issue for four years, the Center on Privacy & Technology at Georgetown found that facial recognition systems have spread rapidly and now make up a patchwork of networks spanning the FBI and up to 30 states.

In fact, the systems contain facial data on 117 million people – half the adult US population.

The images are typically taken from databases of driving licenses: currently, at least 26 states allow police to point facial recognition systems at their ID databases.

Need an image to use for a template to draw attention to this widespread amassing of biometrics? Here’s a Google image search that can help.

Beyond facial recognition algorithm lines, we’ve seen many apparel suggestions meant to foil the technology:

Stingray

International Mobile Subscriber Identity (IMSI) catchers are known by a few other names, including “stingray” – the brand name for one model that’s come to be used as a generic term for devices that imitate cell towers, tricking phones into connecting with them to intercept cellphone communications.

There are plenty of online guides to creating a stingray costume out of a towel or a sheet, and EFF suggests adding a little antenna or a phone on a fishing pole to give it that surveillance-themed finishing touch.

By the way, the Department of Justice recently raised the federal standard, requiring its own agents to “obtain a search warrant supported by probable cause… [except in] exigent circumstances or exceptional circumstances,” so you might want to also print out a warrant to show to candy-givers when you demand your treats.

Privacy Badger

You can’t blame the EFF for promoting its own Privacy Badger by suggesting you pick up a badger mask and make a few cardboard shields representing the browsers (Chrome, Firefox, and Opera) the extension works with.

Privacy Badger blocks spying ads and third-party trackers on those browsers.

No time to buy a mask? Simply cut holes in an old sheet to be a Ghostery ghost, carry around those browser shields, and thus promote the detection and control of javascript code that does things like collect your browsing habits.

Patent Troll

These “non-practicing entities” are companies that don’t actually make anything but instead just go around suing companies that do.

One of the worst examples was the victimization of comedian Marc Maron, who waged battle with a patent troll that claimed to have invented podcasting (before podcasting actually existed).

Going to a party with a partner? You go as the troll, and have him/her dress up like Maron, the EFF suggests.

A little green paint and a club should do the trick!

And finally, here’s a costume based on an EFF project…

Certbot

Certbot is software that system admins can use to automatically download and install HTTPS certificates for their website from the Let’s Encrypt certificate authority.

The EFF’s costume instructions:

Just take a robot costume, paint a giant lock on the front, and hold either a certificate (shiny gold paper works great) or an oversized key.

If you want to go all the way, paint the robot red and black like the Certbot logo, and write “ACME” over the robot’s mouth. (ACME is the protocol Certbot uses to talk to the Let’s Encrypt server.)

Naked Security is, of course, pro-encryption.

Let’s Encrypt did have a few recent slip-ups, though.

For one, it accidentally let slip a login key for its GitHub account.

Then, in June, it had another security SNAFU, this time accidentally sharing user email addresses.

We’ve got a robot-themed suggestion too: Mr. Robot. All it takes is a pale, haunted look, minimal speaking – and a lot of security smarts swirling around in your head.

If you want to be the most Mr. Robot you can be, check out our security rundowns of Mr. Robot episodes!