Tag: Security

Practicing Digital Safety in India – Kaarana – Medium

Kaarana community has put together a primer on digital safety in India to understand and minimise threats to your digital life by securing your key digital tools. Are you an activist defending human, social or cultural rights? Do you rely on digital tools and platforms such as Facebook, Twitter or WhatsApp for collaborating or organising […]

Extracting personal phone numbers linked to Aadhaar

The purpose of this article is to demonstrate how the personal phone number linked to any given Aadhaar can be extrapolated due to problems in implementation of the text-based authentication mechanism which websites offering Aadhaar authentication rely on. Websites which make use of text-based (OTP) Aadhaar authentication display to the user only the last four […]

Aadhaar — A Self Certified ID – Kaarana – Medium

Aadhaar — A Self Certified ID Public availability of cracked Enrollment software makes Aadhaar information equivalent to a Self Certified ID Anand Venkatanarayanan Follow May 2, 2018 · 5 min read The biggest question that the Asia Times news story raises about the compromised enrollment software is — Why UIDAI cannot fix it? This post […]

Gujarat biometric leak and Registered Devices – Kaarana – Medium

Image Credit: Narendra Bhooshan Gujarat biometric leak and Registered Devices The leak proves beyond doubt that Registered Devices cannot protect from fraud or identity theft Anand Venkatanarayanan Follow Feb 27, 2018 · 6 min read The basics Biometrics are private information — neither a secret, like passwords are, nor public, meant to be shared freely. […]

The “relative print” feature in the Aadhaar enrolment client

The “relative print” feature in the Aadhaar enrolment client Every enrolment operator has always had full access to every resident’s demographic data Anand Venkatanarayanan Follow Jan 24, 2018 · 7 min read On 3 January, 2017, The Tribune published one of the best kept secrets in the Aadhaar enrolment ecosystem: that anyone can access the […]

Public, private and secret information – Kaarana – Medium

Aadhaar proponents regularly ask opponents why they have a problem sharing their biometrics with Aadhaar if they have no problem sharing with the US government for a visa. Proponents seem to be genuinely perplexed by this apparent hypocrisy. It helps to understand it in terms of the types of information and how they are used. […]

A billion users, but no bug reporting policy – Kaarana – Medium

Mainstream and social media have carried several reports about security issues in Aadhaar. Any organisation holding so much sensitive information of individuals (including yours) should ideally host a bug bounty program for independent security researchers, to receive and process bug reports in a secure manner. Certain features of Aadhaar — like eKYC — share sensitive […]

How not to screw up your National ID – Kaarana – Medium

At an ISOC Asia Pacific meeting on privacy last week, a representative of a government asked about how we can have National ID systems that protect privacy. From what I gathered from conversations that followed, several governments are looking to set up National IDs in the Asia Pacific region. While having National ID system is […]

Understanding traceable time – Kaarana – Medium

Earlier this year at a workshop for researchers, I met someone who told me that India had no official policy on synchronized time traceability, and this was a problem in an increasingly digital world. She was having a hard time explaining to officials why it mattered. I immediately joined the ranks of the confused. What […]

Security Analysis of mAadhaar – Kaarana – Medium

Be forewarned. This is a technical post. I have tried to reduce the complexity of the topic for non-technical users, but it may still not be enough. How are OTPs generated? OTP Authentication How does Aadhaar mobile authentication work? The resident must link his mobile number with Aadhaar number either during enrollment or through a […]

Back to top