Android without Google: Take back control! (Part 1)
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
2.1 The bitter reality and small rays of hope
In 2019, the market dominance of Android is overwhelming. Over the past three years, Android's market share in the smartphone segment has continuously exceeded 85% - one could also say that Google's mobile operating system Android dominates the market like no other. Only iOS still plays a role and costs Android a few market shares.
The market dominance of Android is enormous and prevents almost every new development. It is therefore not surprising that alternative mobile operating systems like Sailfish OS or Ubuntu Touch are hardly noticed by the market and disappear from the market as fast as they have been introduced.
This market dominance of Google inevitably arouses the feeling of helplessness. Or, if we think further: without alternatives, helplessness would inevitably end in resignation. But there is hope. Over the last few years, various alternatives to Google services have emerged. Projects like the Nextcloud, OpenStreeMap, mailbox.org and others are not only a glimmer of hope, but offer a real way out of Google's ecosystem. If you would like to get to know them, we recommend the article "Bye Data Octopus: A Life Without Google".
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
2.1 The bitter reality and small rays of hope
In 2019, the market dominance of Android is overwhelming. Over the past three years, Android's market share in the smartphone segment has continuously exceeded 85% - one could also say that Google's mobile operating system Android dominates the market like no other. Only iOS still plays a role and costs Android a few market shares.
The market dominance of Android is enormous and prevents almost every new development. It is therefore not surprising that alternative mobile operating systems like Sailfish OS or Ubuntu Touch are hardly noticed by the market and disappear from the market as fast as they have been introduced.
This market dominance of Google inevitably arouses the feeling of helplessness. Or, if we think further: without alternatives, helplessness would inevitably end in resignation. But there is hope. Over the last few years, various alternatives to Google services have emerged. Projects like the Nextcloud, OpenStreeMap, mailbox.org and others are not only a glimmer of hope, but offer a real way out of Google's ecosystem. If you would like to get to know them, we recommend the article "Bye Data Octopus: A Life Without Google".
In the following, we will deal specifically with Android and what alternatives and possibilities we have to free ourselves not only from Google's tentacles, but how we can achieve an overall self-determined handling of our data on the smartphone.
3 What we can achieve
Before we regain control of our android, a problem of the smartphone world should not go unmentioned: The lack of verifiability or transparency of proprietary hardware chips (e.g. basebands). Even if we only use open source software on a smartphone, the trustworthiness is directly influenced by the underlying hardware. However, this consideration leads too far in the context of the series of articles, since this is particularly relevant if a (state) secret service wants to gain access. But the combination of open source software and (semi-)open or proprietary hardware will at least protect us from the ubiquitous data krakens like Google and Co.
That's why I don't want to leave out the obligatory note and make it unmistakably clear: The project "Take back control!" does not protect against targeted surveillance by secret services or other organizations that have "targeted" you.
Regardless of these "restrictions", we want to achieve the following with our project:
✅Complete control over your own data
✅Independent and self-determined use of the device
✅The decoupling from the Google eco-system
✅The exit from the advertising machinery of the manufacturers
✅Protection against advertising profiling
Ultimately, our ambitious goal must be to regain dominion and control over our data - even if it always remains a "blind spot". As soon as you exchange data with other people, be it via e-mail or Messenger, there is simply no guarantee that the transmitted data will be treated sensitively by the recipient or that it will not end up in the Microsoft cloud immediately upon receipt, or that the contact data will be synchronized via a Google account.
Ultimately this means that even if you handle your data responsibly and only use services and software that keep you in control, you are always exposed to external influences. However, this should not diminish our goal, but make us aware that the protection of our own data sovereignty depends on various factors.
4. the components
Our ambitious goal of a "free Android" can only be achieved if we include all necessary components and combine them to a whole. Only the interaction as a "whole" allows us to regain our independence and data control. In my opinion, the following components are necessary for this:
Operating system:
The central software component of our Android is based on the free operating system LineageOS. This Android operating system variant is available for many smartphones, is constantly further developed by an active community and does not contain any Google apps. In the context of the article series "Take back control! I decided in advance for the BQ Aquaris X Pro. With this device I will describe the unlock process and the installation of LineageOS. Of course you can follow the article series even if you don't have a BQ Aquaris X (Pro).
App Store:
Many users only know the Google Play Store as a source for new apps. As an alternative we will use for our Projekt F-Droid, where only "free" and "open source" apps will be offered for download. If you want to get apps from the Google Play Store later, you can use alternatives like the Yalp Store.
Apps:
We will only use free and open source apps from F-Droid. The FOSS apps available there will be of particular benefit to critical users who value apps that do not require a tracker or deal sensitively with (fed) data.
Services:
We will only become independent of Google's ecosystem if we also say goodbye to Google on other levels or services. For example, alternative services for e-mails, Google Maps, etc. must be used.
Tools:
We get additional control over Android with tools like AFWall+, Magisk or XPrivacyLua - the latter is only necessary if you don't want to or can't do without apps from the Google Play Store.
3 What we can achieve
Before we regain control of our android, a problem of the smartphone world should not go unmentioned: The lack of verifiability or transparency of proprietary hardware chips (e.g. basebands). Even if we only use open source software on a smartphone, the trustworthiness is directly influenced by the underlying hardware. However, this consideration leads too far in the context of the series of articles, since this is particularly relevant if a (state) secret service wants to gain access. But the combination of open source software and (semi-)open or proprietary hardware will at least protect us from the ubiquitous data krakens like Google and Co.
That's why I don't want to leave out the obligatory note and make it unmistakably clear: The project "Take back control!" does not protect against targeted surveillance by secret services or other organizations that have "targeted" you.
Regardless of these "restrictions", we want to achieve the following with our project:
✅Complete control over your own data
✅Independent and self-determined use of the device
✅The decoupling from the Google eco-system
✅The exit from the advertising machinery of the manufacturers
✅Protection against advertising profiling
Ultimately, our ambitious goal must be to regain dominion and control over our data - even if it always remains a "blind spot". As soon as you exchange data with other people, be it via e-mail or Messenger, there is simply no guarantee that the transmitted data will be treated sensitively by the recipient or that it will not end up in the Microsoft cloud immediately upon receipt, or that the contact data will be synchronized via a Google account.
Ultimately this means that even if you handle your data responsibly and only use services and software that keep you in control, you are always exposed to external influences. However, this should not diminish our goal, but make us aware that the protection of our own data sovereignty depends on various factors.
4. the components
Our ambitious goal of a "free Android" can only be achieved if we include all necessary components and combine them to a whole. Only the interaction as a "whole" allows us to regain our independence and data control. In my opinion, the following components are necessary for this:
Operating system:
The central software component of our Android is based on the free operating system LineageOS. This Android operating system variant is available for many smartphones, is constantly further developed by an active community and does not contain any Google apps. In the context of the article series "Take back control! I decided in advance for the BQ Aquaris X Pro. With this device I will describe the unlock process and the installation of LineageOS. Of course you can follow the article series even if you don't have a BQ Aquaris X (Pro).
App Store:
Many users only know the Google Play Store as a source for new apps. As an alternative we will use for our Projekt F-Droid, where only "free" and "open source" apps will be offered for download. If you want to get apps from the Google Play Store later, you can use alternatives like the Yalp Store.
Apps:
We will only use free and open source apps from F-Droid. The FOSS apps available there will be of particular benefit to critical users who value apps that do not require a tracker or deal sensitively with (fed) data.
Services:
We will only become independent of Google's ecosystem if we also say goodbye to Google on other levels or services. For example, alternative services for e-mails, Google Maps, etc. must be used.
Tools:
We get additional control over Android with tools like AFWall+, Magisk or XPrivacyLua - the latter is only necessary if you don't want to or can't do without apps from the Google Play Store.
Correct settings:
The installation of LineageOS alone is not enough. Only the activation of the device encryption and a sufficiently long unlock PIN will protect your data from physical attackers. In short: Also the settings of the system play a role, because also in LineageOS we encounter critical default settings.
Common sense:
Technology alone cannot protect you from Google's data collection frenzy. Common sense is also needed to make all the above components work.
⚠️ In the coming parts of the article series I will deal in detail with the components only briefly introduced here. You should be aware that switching to an alternative system (LineageOS) does not necessarily protect you from the unwanted outflow of sensitive data. It requires further adjustments and the correct use of the tools linked above. Please consider this, if you want to use tools like AFWall+ already before the detailed denoscription, in further parts of the article series.
5. conclusion
The road to more control over the Android device and your own data is rocky. It's often not easy to dare to break out of the Google eco-system by taking advantage of the convenience you've grown fond of and self-taught.
Whether the individual will ultimately succeed in regaining a (large) piece of informational self-determination depends solely on the individual's willingness to learn and take on personal responsibility. The inner pig will be your biggest enemy.
#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
The installation of LineageOS alone is not enough. Only the activation of the device encryption and a sufficiently long unlock PIN will protect your data from physical attackers. In short: Also the settings of the system play a role, because also in LineageOS we encounter critical default settings.
Common sense:
Technology alone cannot protect you from Google's data collection frenzy. Common sense is also needed to make all the above components work.
⚠️ In the coming parts of the article series I will deal in detail with the components only briefly introduced here. You should be aware that switching to an alternative system (LineageOS) does not necessarily protect you from the unwanted outflow of sensitive data. It requires further adjustments and the correct use of the tools linked above. Please consider this, if you want to use tools like AFWall+ already before the detailed denoscription, in further parts of the article series.
5. conclusion
The road to more control over the Android device and your own data is rocky. It's often not easy to dare to break out of the Google eco-system by taking advantage of the convenience you've grown fond of and self-taught.
Whether the individual will ultimately succeed in regaining a (large) piece of informational self-determination depends solely on the individual's willingness to learn and take on personal responsibility. The inner pig will be your biggest enemy.
Soure and more infos / read in german (🇩🇪
) at:https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Audio
🎧🇬🇧 Drugs as Weapons Against Us
Porkins Policy Radio episode 175 John Potash
Writer and filmmaker John Potash joined me to discuss his latest documentary Drugs As Weapons Against Us. We talked about the main thesis behind the film and the original book. We discussed about the CIA’s involvement in the LSD movement in the 1960’s with groups like The Brotherhood of Eternal Love and the Mellon Hitchcock family.
📻 Web player: http://podplayer.net/?id=64489847
http://JohnPotash.com
#drugs #weapons #CIA #Podcast
📡 @NoGoolag
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Porkins Policy Radio episode 175 John Potash
Writer and filmmaker John Potash joined me to discuss his latest documentary Drugs As Weapons Against Us. We talked about the main thesis behind the film and the original book. We discussed about the CIA’s involvement in the LSD movement in the 1960’s with groups like The Brotherhood of Eternal Love and the Mellon Hitchcock family.
📻 Web player: http://podplayer.net/?id=64489847
http://JohnPotash.com
#drugs #weapons #CIA #Podcast
📡 @NoGoolag
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
🇩🇪 🇬🇧 📺 Smart Home - Smart Hack
Wie der Weg ins digitale Zuhause zum Spaziergang wird
Mehr als 10.000 unterschiedliche Device-Hersteller aus aller Welt verwenden die Basis-Plattform (WIFI-Modul, Cloud, App) eines einzigen Unternehmens zur technischen Umsetzung ihrer Smart-Home-Produkte.
Die Analyse dieser Basis zeigt erhebliche Sicherheitsmängel auch konzeptioneller Natur und somit diverse Angriffspunkte, von denen mehrere Millionen Smart Devices betroffen sind.
Der Vortrag stellt die Funktionsweise smarter Geräte im Zusammenhang mit der genannten Basis-Plattform dar, zeigt das Ausmaß der Sicherheitslücken anhand diverser Angriffsszenarien und bietet der Community eine Lösung für die sichere Nutzung der betroffenen Geräte.
🇬🇧 Smart Home - Smart Hack
How the digital home becomes a stroll
More than 10,000 different device manufacturers from all over the world use the basic platform (WIFI module, cloud, app) of a single company to technically implement their smart home products.
The analysis of this base shows considerable security deficiencies, also of a conceptual nature, and thus various points of attack, which affects millions of smart devices.
The lecture will present the functionality of smart devices in relation with the above-mentioned basic platform, show the extent of the security gaps using various attack scenarios and offer the community a solution for the secure use of the affected devices.
📺 Original (🇩🇪🇬🇧):
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack#t=35
📺 BlackBox Archive:
https://news.1rj.ru/str/BlackBox_Archiv/160
🇬🇧🇩🇪
Audio (mp3) https://mirror.netcologne.de/CCC/congress/2018/mp3/35c3-9723-deu-Smart_Home_-_Smart_Hack_mp3.mp3
#smarthome #smarthack #ccc #podcast #guide #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Wie der Weg ins digitale Zuhause zum Spaziergang wird
Mehr als 10.000 unterschiedliche Device-Hersteller aus aller Welt verwenden die Basis-Plattform (WIFI-Modul, Cloud, App) eines einzigen Unternehmens zur technischen Umsetzung ihrer Smart-Home-Produkte.
Die Analyse dieser Basis zeigt erhebliche Sicherheitsmängel auch konzeptioneller Natur und somit diverse Angriffspunkte, von denen mehrere Millionen Smart Devices betroffen sind.
Der Vortrag stellt die Funktionsweise smarter Geräte im Zusammenhang mit der genannten Basis-Plattform dar, zeigt das Ausmaß der Sicherheitslücken anhand diverser Angriffsszenarien und bietet der Community eine Lösung für die sichere Nutzung der betroffenen Geräte.
🇬🇧 Smart Home - Smart Hack
How the digital home becomes a stroll
More than 10,000 different device manufacturers from all over the world use the basic platform (WIFI module, cloud, app) of a single company to technically implement their smart home products.
The analysis of this base shows considerable security deficiencies, also of a conceptual nature, and thus various points of attack, which affects millions of smart devices.
The lecture will present the functionality of smart devices in relation with the above-mentioned basic platform, show the extent of the security gaps using various attack scenarios and offer the community a solution for the secure use of the affected devices.
📺 Original (🇩🇪🇬🇧):
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack#t=35
📺 BlackBox Archive:
https://news.1rj.ru/str/BlackBox_Archiv/160
🇬🇧🇩🇪
Audio (mp3) https://mirror.netcologne.de/CCC/congress/2018/mp3/35c3-9723-deu-Smart_Home_-_Smart_Hack_mp3.mp3
#smarthome #smarthack #ccc #podcast #guide #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
1703.05953.pdf
341.1 KB
🇩🇪 Das Internet-Adressbuch bedroht unsere Privatsphäre
🇬🇧 The Internet address book threatens our privacy
PDF (🇩🇪) Universität Hamburg, Fachbereich Informatik, Sicherheit in verteilten Systemen
https://arxiv.org/pdf/1703.05953.pdf
#android9 #pie #DoT #DNS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
🇬🇧 The Internet address book threatens our privacy
PDF (🇩🇪) Universität Hamburg, Fachbereich Informatik, Sicherheit in verteilten Systemen
https://arxiv.org/pdf/1703.05953.pdf
#android9 #pie #DoT #DNS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
🇬🇧 Cloudflare – The bad, the worse and the ugly?
What is Cloudflare and why not to use Cloudflare!
Cloudflare, the operator of the probably best-known content delivery network, is not only very popular with black copiers. Credit card fraudsters, phishing site operators, blackmailers and terrorists also like to use the services of the Californian company. Volker Rieck takes a closer look.
In the USA, a large technology company is about to go public. Cloudflare from San Francisco wants to collect almost 3.5 billion dollars on the stock exchange in the first half of the year with the support of the investment bank Goldman Sachs. However, there are heavy shadows over Cloudflare. The spectrum of his customers ranges from credit card fraudsters and spammers to sites that operate copyright infringement as a business model and terrorist sites. Even US embargoes are undermined.
💡 What is Cloudflare?
The service of Cloudflare is the supply of a content Delivery network (CDN) - also content distribution network called. That is simplified said a type of turbo for web pages, so that these are delivered world-wide fast and surely. Cloudflare hangs itself thereby between the web page and/or the servers of its customers and the visitor of the side and/or user of a service and provides by purposeful control and distribution of the Traffics for a correspondingly high speed. In this way Cloudflare can offer also protection against overload attacks (DDoS) in the net.
💡 However, it offers a hidden feature:
the company anonymizes its customers.
By doing so, Cloudflare will put a screen over the original website or its server, making the operator of this site almost untraceable. If, for example, you want to know where a certain website is hosted, you only receive Cloudflare data, but you can neither identify the original computer center nor the IP address, which would be necessary, among other things, for prosecuting legal violations.
Civil law inquiries are useless, because Cloudflare only provides the naming of a computer center, which is worthless without the respective IP address. This would be roughly comparable to the information of an address in a high-rise building with thousands of residents, where there are no bell signs.
💡 The copyright problem "Cloudflare" is well-known
This hidden service from Cloudflare attracts a number of dubious customers. Among other things, the company appears again and again in connection with copyright infringements, but not only there.
Since December 2018, the EU Commission has listed Cloudflare in a watch list for counterfeiting and piracy. Most recently, the service received the dubious prize as the worst enemy of the creative from the US blog The Trichordist.
The listing of infringing market participants has a long tradition in the USA. The music association RIAA submits the list of the worst cases to the US Department of Commerce on an annual basis. In 2017, 9 out of 20 disturbers could not be identified by the RIAA because Cloudflare effectively camouflaged them.
The US film association MPA is also aware of the problems with cloudflare obfuscation and names them in its annual list of disturbers. In the relatively new piracy segment IPTV, i.e. the streaming of non-licensed TV signals, the company is also on the move. A study from autumn 2018 shows the role of Cloudflare both in camouflaging the sites that sell IPTV subnoscriptions and in concealing the origin of the streams. In a survey of file and streaming host data centers in 2016, 40% of the top 10 and 47% of the top 30 used cloudflare.
What is Cloudflare and why not to use Cloudflare!
Cloudflare, the operator of the probably best-known content delivery network, is not only very popular with black copiers. Credit card fraudsters, phishing site operators, blackmailers and terrorists also like to use the services of the Californian company. Volker Rieck takes a closer look.
In the USA, a large technology company is about to go public. Cloudflare from San Francisco wants to collect almost 3.5 billion dollars on the stock exchange in the first half of the year with the support of the investment bank Goldman Sachs. However, there are heavy shadows over Cloudflare. The spectrum of his customers ranges from credit card fraudsters and spammers to sites that operate copyright infringement as a business model and terrorist sites. Even US embargoes are undermined.
💡 What is Cloudflare?
The service of Cloudflare is the supply of a content Delivery network (CDN) - also content distribution network called. That is simplified said a type of turbo for web pages, so that these are delivered world-wide fast and surely. Cloudflare hangs itself thereby between the web page and/or the servers of its customers and the visitor of the side and/or user of a service and provides by purposeful control and distribution of the Traffics for a correspondingly high speed. In this way Cloudflare can offer also protection against overload attacks (DDoS) in the net.
💡 However, it offers a hidden feature:
the company anonymizes its customers.
By doing so, Cloudflare will put a screen over the original website or its server, making the operator of this site almost untraceable. If, for example, you want to know where a certain website is hosted, you only receive Cloudflare data, but you can neither identify the original computer center nor the IP address, which would be necessary, among other things, for prosecuting legal violations.
Civil law inquiries are useless, because Cloudflare only provides the naming of a computer center, which is worthless without the respective IP address. This would be roughly comparable to the information of an address in a high-rise building with thousands of residents, where there are no bell signs.
💡 The copyright problem "Cloudflare" is well-known
This hidden service from Cloudflare attracts a number of dubious customers. Among other things, the company appears again and again in connection with copyright infringements, but not only there.
Since December 2018, the EU Commission has listed Cloudflare in a watch list for counterfeiting and piracy. Most recently, the service received the dubious prize as the worst enemy of the creative from the US blog The Trichordist.
The listing of infringing market participants has a long tradition in the USA. The music association RIAA submits the list of the worst cases to the US Department of Commerce on an annual basis. In 2017, 9 out of 20 disturbers could not be identified by the RIAA because Cloudflare effectively camouflaged them.
The US film association MPA is also aware of the problems with cloudflare obfuscation and names them in its annual list of disturbers. In the relatively new piracy segment IPTV, i.e. the streaming of non-licensed TV signals, the company is also on the move. A study from autumn 2018 shows the role of Cloudflare both in camouflaging the sites that sell IPTV subnoscriptions and in concealing the origin of the streams. In a survey of file and streaming host data centers in 2016, 40% of the top 10 and 47% of the top 30 used cloudflare.
💡 The ECO, a German association, which obviously doesn't care about anything
The company is a member of the German industry association ECO. The purpose of this membership is probably to get a discount for traffic at the Frankfurt (DE-CIX) internet node, which ECO operates through a subsidiary.
ECO has always been unimpressed by the fact that, in addition to Cloudflare, other providers who are extremely heavily involved in piracy are members of the association. In any case, no reaction was made to corresponding reports, although ECO members, in addition to Cloudflare, are responsible for over 50% of piracy traffic in the film sector in 2014, for example; 45.2% of this is accounted for by Cloudflare and around 6% by a further five members.
💡 Cloudflare in court
The list of reports of court cases against Cloudflare is long. The lawsuits do not only concern virtual goods. Two manufacturers of bridal fashions filed suits for trademark and copyright infringements by plagiarism shops, which were made anonymous by Cloudflare.
In particular, the proceedings of the adult entertainment provider ALS-Scan against the company, which ended in a settlement when it became tight for the service provider, caused a sensation. The judge had decided that Cloudflare can significantly support copyright infringement by hosting cached copies of files.
The decision, whether Cloudflare also did this and must be liable for it, averted Cloudflare by the settlement.
💡 Support for Illegal Offerings - System or Slip?
Further news caused a sensation in autumn 2018, when Cloudflare discontinued its business relationship with the scene host Rapidvideo. After all, until then there had only been the case of Daily Stormer, a US Nazi site that Cloudflare had announced had terminated its business relationship with in 2017.
💡 Big Data brings it to the surface
The current Google Transparency Report makes it possible to demonstrate the actual extent of Cloudflare's involvement in piracy. In the report, Google lists all requests from rights holders for deletions from the Google search index that concern infringements. Meanwhile that is more than 2.9 billion messages. The top 5,000 of still existing domains already account for 79% of all reported URLs.
If one takes a closer look at these 5,000 domains, especially with regard to whether they use cloudflare as masking, the result speaks for itself: 37% of the infringements come from their customers, who operate 34% of the 5,000 pages.
If one were to extrapolate this proportion to the total number of domains listed in the Google Report for copyright infringements, one would arrive at almost 750,000 domains protected by cloudflare. And that with a total of 2.2 million domains for which there were deletion requests.
Among the "Piraterie customers" of the enterprise Cloudflare rank among other things: Torrentz.eu, Gosong.net, Share-online.biz, Catshare.net, Bitnoop.com, Deepwarez.org, Turbobit.net, Myfreemp3.eu or also Nitroflare.com. Each of these web pages received at least three million deletion inquiries from the Google search index.
💡 Also credit card fraudsters, Phisher, blackmailers & terrorists love Cloudflare
The Watchwebsite Crimeflare is a real treasure trove for information around Cloudflare. It lists alone 650 credit card fraud sides, to which Cloudflare is to offer shelter.
In addition, in things SSL certificates the enterprise mixes cheerfully also. Particularly Phishingseiten need such actually confidence-building certificates, in order to be successful and the consumer security to pretend. Apparently hundreds of such certificates for cheats were issued by Cloudflare according to the German magazine Heise.
The company is a member of the German industry association ECO. The purpose of this membership is probably to get a discount for traffic at the Frankfurt (DE-CIX) internet node, which ECO operates through a subsidiary.
ECO has always been unimpressed by the fact that, in addition to Cloudflare, other providers who are extremely heavily involved in piracy are members of the association. In any case, no reaction was made to corresponding reports, although ECO members, in addition to Cloudflare, are responsible for over 50% of piracy traffic in the film sector in 2014, for example; 45.2% of this is accounted for by Cloudflare and around 6% by a further five members.
💡 Cloudflare in court
The list of reports of court cases against Cloudflare is long. The lawsuits do not only concern virtual goods. Two manufacturers of bridal fashions filed suits for trademark and copyright infringements by plagiarism shops, which were made anonymous by Cloudflare.
In particular, the proceedings of the adult entertainment provider ALS-Scan against the company, which ended in a settlement when it became tight for the service provider, caused a sensation. The judge had decided that Cloudflare can significantly support copyright infringement by hosting cached copies of files.
The decision, whether Cloudflare also did this and must be liable for it, averted Cloudflare by the settlement.
💡 Support for Illegal Offerings - System or Slip?
Further news caused a sensation in autumn 2018, when Cloudflare discontinued its business relationship with the scene host Rapidvideo. After all, until then there had only been the case of Daily Stormer, a US Nazi site that Cloudflare had announced had terminated its business relationship with in 2017.
💡 Big Data brings it to the surface
The current Google Transparency Report makes it possible to demonstrate the actual extent of Cloudflare's involvement in piracy. In the report, Google lists all requests from rights holders for deletions from the Google search index that concern infringements. Meanwhile that is more than 2.9 billion messages. The top 5,000 of still existing domains already account for 79% of all reported URLs.
If one takes a closer look at these 5,000 domains, especially with regard to whether they use cloudflare as masking, the result speaks for itself: 37% of the infringements come from their customers, who operate 34% of the 5,000 pages.
If one were to extrapolate this proportion to the total number of domains listed in the Google Report for copyright infringements, one would arrive at almost 750,000 domains protected by cloudflare. And that with a total of 2.2 million domains for which there were deletion requests.
Among the "Piraterie customers" of the enterprise Cloudflare rank among other things: Torrentz.eu, Gosong.net, Share-online.biz, Catshare.net, Bitnoop.com, Deepwarez.org, Turbobit.net, Myfreemp3.eu or also Nitroflare.com. Each of these web pages received at least three million deletion inquiries from the Google search index.
💡 Also credit card fraudsters, Phisher, blackmailers & terrorists love Cloudflare
The Watchwebsite Crimeflare is a real treasure trove for information around Cloudflare. It lists alone 650 credit card fraud sides, to which Cloudflare is to offer shelter.
In addition, in things SSL certificates the enterprise mixes cheerfully also. Particularly Phishingseiten need such actually confidence-building certificates, in order to be successful and the consumer security to pretend. Apparently hundreds of such certificates for cheats were issued by Cloudflare according to the German magazine Heise.
💡 Also the spreading of Malware takes place over Cloudflare, as Spamhaus reports.
With extortioners the enterprise is likewise highly in the course. The German news magazine mirror reports of a twin business. On the one hand, this CDN service ensures that blackmailers who threaten, for example, to bring a website to a standstill via DDoS can no longer be tracked. The sites affected by the DDoS attacks are then sold their DDoS protection. A special form of customer acquisition.
The topic of terror is very special, because good business can also be done there. Already in 2012, the news agency Reuters Cloudflare confronted Cloudflare with the fact that the websites of Hamas and Al-Quds would be maintained; both are called terrorist groups by the United States. In 2015 there was even a petition against Cloudflare in the USA, because the service offered shelter to about 50 websites, which are attributed to ISIS. But even in 2018, terrorist organizations were still supported. The Dutch security researcher Bert Hubert identified at the end of 2018 at least 7 different websites of terrorist organisations that use cloudflare.
The Huffingtonpost had these findings evaluated by Benjamin Wittes, Senior Fellow of the Brookings Institution:
"This is not a content-based issue. Cloudflare] can be as pure-free-speech people as they want - they have an arguable position that it's not their job to decide what speech is worthy and what speech is not - but there is a law, a criminal statute, that says that you are not allowed to give services to designated foreign terrorist organisations. Full stop."
As a icing on the cake, the company even has customers who are on the official embargo list of the USA (SDN list). For example, CENTRAL REPUBLIC BANK from the Donetsk region (Ukraine) uses the service of Cloudflare.
❗️Do investors actually know what they are investing in?
Given all these facts, two things are surprising:
1) How has the company been able to obtain financing rounds from various investment companies in the past, including Google's mother Alphabet?
2) Does Goldman Sachs actually know anything about the extent of its involvement in rights violations and its support for very dubious "ventures" - even to the point of undermining US embargoes?
Risk management is one of the central parameters of investment banks when evaluating investments. Risks must be known and assessable in advance. However, such a large participation in dubious transactions is rare in an IPO and a huge risk. All the more so if, as in the ALS-Scan procedure, the company is faced with its own liability or if criminal law is violated with the service for terrorist organisations.
Either Goldman Sachs and the current investors are not interested in moral standards, are naive or consider the risk of failure to be very low. This shows how urgently there is a need for government regulation of intermediaries on the Internet.
https://thetrichordist.com/2019/01/01/2019-artist-enemy-1-cloudflare/
https://torrentfreak.com/images/RIAA_2017NotoriousMarketOCR.pdf
https://torrentfreak.com/cloudflare-counters-mpaa-and-riaas-rehashed-piracy-complaints-171020/
http://webschauder.de/iptv-rechenzentren-illegaler-streamingangebote/
http://webschauder.de/tag/cloudflare_verfahren/
https://torrentfreak.com/cloudflare-settles-dangerous-piracy-liability-lawsuit-180621/
https://transparencyreport.google.com/copyright/overview?hl=de
http://www.crimeflare.com:82/carders.html
http://www.heise.de/newsticker/meldung/SSL-Zertifizierungsstellen-stellen-hunderte-Zertifikate-fuer-Phishing-Seiten-aus-2848793.html
https://tarnkappe.info/steckt-cloudflare-bald-in-schwierigkeiten/
Source and more info (🇩🇪):
https://tarnkappe.info/cloudflare-the-bad-the-worse-and-the-ugly/
📡 @NoGoolag
#cloudflare #truth #why
With extortioners the enterprise is likewise highly in the course. The German news magazine mirror reports of a twin business. On the one hand, this CDN service ensures that blackmailers who threaten, for example, to bring a website to a standstill via DDoS can no longer be tracked. The sites affected by the DDoS attacks are then sold their DDoS protection. A special form of customer acquisition.
The topic of terror is very special, because good business can also be done there. Already in 2012, the news agency Reuters Cloudflare confronted Cloudflare with the fact that the websites of Hamas and Al-Quds would be maintained; both are called terrorist groups by the United States. In 2015 there was even a petition against Cloudflare in the USA, because the service offered shelter to about 50 websites, which are attributed to ISIS. But even in 2018, terrorist organizations were still supported. The Dutch security researcher Bert Hubert identified at the end of 2018 at least 7 different websites of terrorist organisations that use cloudflare.
The Huffingtonpost had these findings evaluated by Benjamin Wittes, Senior Fellow of the Brookings Institution:
"This is not a content-based issue. Cloudflare] can be as pure-free-speech people as they want - they have an arguable position that it's not their job to decide what speech is worthy and what speech is not - but there is a law, a criminal statute, that says that you are not allowed to give services to designated foreign terrorist organisations. Full stop."
As a icing on the cake, the company even has customers who are on the official embargo list of the USA (SDN list). For example, CENTRAL REPUBLIC BANK from the Donetsk region (Ukraine) uses the service of Cloudflare.
❗️Do investors actually know what they are investing in?
Given all these facts, two things are surprising:
1) How has the company been able to obtain financing rounds from various investment companies in the past, including Google's mother Alphabet?
2) Does Goldman Sachs actually know anything about the extent of its involvement in rights violations and its support for very dubious "ventures" - even to the point of undermining US embargoes?
Risk management is one of the central parameters of investment banks when evaluating investments. Risks must be known and assessable in advance. However, such a large participation in dubious transactions is rare in an IPO and a huge risk. All the more so if, as in the ALS-Scan procedure, the company is faced with its own liability or if criminal law is violated with the service for terrorist organisations.
Either Goldman Sachs and the current investors are not interested in moral standards, are naive or consider the risk of failure to be very low. This shows how urgently there is a need for government regulation of intermediaries on the Internet.
Links:http://trade.ec.europa.eu/doclib/docs/2018/december/tradoc_157564.pdf
https://thetrichordist.com/2019/01/01/2019-artist-enemy-1-cloudflare/
https://torrentfreak.com/images/RIAA_2017NotoriousMarketOCR.pdf
https://torrentfreak.com/cloudflare-counters-mpaa-and-riaas-rehashed-piracy-complaints-171020/
http://webschauder.de/iptv-rechenzentren-illegaler-streamingangebote/
http://webschauder.de/tag/cloudflare_verfahren/
https://torrentfreak.com/cloudflare-settles-dangerous-piracy-liability-lawsuit-180621/
https://transparencyreport.google.com/copyright/overview?hl=de
http://www.crimeflare.com:82/carders.html
http://www.heise.de/newsticker/meldung/SSL-Zertifizierungsstellen-stellen-hunderte-Zertifikate-fuer-Phishing-Seiten-aus-2848793.html
https://tarnkappe.info/steckt-cloudflare-bald-in-schwierigkeiten/
Source and more info (🇩🇪):
https://tarnkappe.info/cloudflare-the-bad-the-worse-and-the-ugly/
📡 @NoGoolag
#cloudflare #truth #why
🇩🇪 Cloudflare – The bad, the worse and the ugly?
Was Cloudflare wirklich ist und warum man es nicht nutzen sollte!
Cloudflare, der Betreiber des wohl bekanntesten Content Delivery Networks, ist nicht nur bei den Schwarzkopierern hoch im Kurs. Auch Kreditkartenbetrüger, Betreiber von Phishing-Seiten, Erpresser und Terroristen nehmen die Dienstleistungen des kalifornischen Unternehmens gerne in Anspruch. Volker Rieck schaut einmal genauer hin.
In den USA kündigt sich der Börsengang eines großen Technologieunternehmens an. Cloudflare aus San Francisco will im ersten Halbjahr mit der Unterstützung der Investmentbank Goldman Sachs an der Börse fast 3,5 Mrd. Dollar einsammeln. Es liegen allerdings schwere Schatten über Cloudflare. Die Bandbreite seiner Kunden reicht nämlich von Kreditkartenbetrügern und Spammern über Seiten, die Urheberrechtsverletzungen als Geschäftsmodell betreiben, bis hin zu Terrorseiten. Sogar US-Embargos werden unterlaufen.
💡 Was ist Cloudflare?
Die Dienstleistung von Cloudflare ist die Bereitstellung eines Content Delivery Networks (CDN) – auch Content Distribution Network genannt. Das ist vereinfacht gesagt eine Art Turbo für Webseiten, damit diese weltweit schnell und sicher ausgeliefert werden. Cloudflare hängt sich dabei zwischen die Webseite bzw. die Server seiner Kunden und den Besucher der Seite bzw. Nutzer eines Service und sorgt durch gezielte Steuerung und Verteilung des Traffics für eine entsprechend hohe Geschwindigkeit. Auf diese Weise kann Cloudflare auch Schutz vor Überlastungsattacken (DDoS) im Netz anbieten.
💡 Allerdings bietet es dabei ein verstecktes Feature, das es in sich hat:
das Unternehmen anonymisiert seine Kunden.
Durch die Art und Weise wie Cloudflare quasi einen Schirm über die Originalwebseite bzw. deren Server legt, wird der Betreiber dieser Seite nahezu unauffindbar. Will man beispielsweise wissen, wo eine bestimmte Webseite gehostet wird, erhält man lediglich Cloudflare-Daten, kann aber weder das Originalrechenzentrum identifizieren noch die IP-Adresse, die unter anderem bei der Verfolgung von Rechtsverletzungen notwendig wäre.
Zivilrechtliche Anfragen laufen ins Leere, weil Cloudflare lediglich die Nennung irgendeines Rechenzentrums liefert, welche aber ohne die jeweilige IP-Adresse wertlos ist. Dies wäre in etwa vergleichbar mit der Auskunft einer Anschrift in einem Hochhaus mit tausenden Bewohnern, bei dem es keine Klingelschilder gibt.
💡 Das Urheberechtsproblem „Cloudflare“ ist bekannt
Diese verstecke Dienstleistung von Cloudflare zieht reihenweise dubiose Kunden an. Unter anderem taucht das Unternehmen immer wieder im Zusammenhang mit Urheberrechtsverletzungen auf, aber nicht nur dort.
Die EU-Kommission führt Cloudflare seit Dezember 2018 in einer Watchlist für Fälschungen und Piraterie. Zuletzt erhielt der Service den zweifelhaften Preis als schlimmster Feind der Kreativen vom US-Blog The Trichordist.
Die Auflistung rechtsverletzender Marktteilnehmer hat eine lange Tradition in den USA. Der Musikverband RIAA reicht auf jährlicher Basis die Liste der schlimmsten Fälle beim US-Handelsministerium ein. Im Jahr 2017 konnten 9 von 20 Störern von der RIAA nicht identifiziert werden, weil Cloudflare diese effektiv camouflierte.
Auch der US-Filmverband MPA kennt die Probleme mit der Verschleierung durch Cloudflare und benennt diese in seiner jährlichen Störerliste. Im relativ jungen Piraterie-Segment IPTV, also dem Streamen von nicht-lizenzierten TV- Signalen, ist das Unternehmen ebenfalls unterwegs. Eine Studie aus dem Herbst 2018 belegt die Rolle von Cloudflare sowohl bei der Tarnung der Seiten, die IPTV Abonnements verkaufen, als auch beim Kaschieren der Herkunft der Streams. Bei einer Untersuchung der Rechenzentren von File- und Streaminghostern in 2016 nutzten 40 % der Top 10 und 47 % der Top 30 Cloudflare.
Was Cloudflare wirklich ist und warum man es nicht nutzen sollte!
Cloudflare, der Betreiber des wohl bekanntesten Content Delivery Networks, ist nicht nur bei den Schwarzkopierern hoch im Kurs. Auch Kreditkartenbetrüger, Betreiber von Phishing-Seiten, Erpresser und Terroristen nehmen die Dienstleistungen des kalifornischen Unternehmens gerne in Anspruch. Volker Rieck schaut einmal genauer hin.
In den USA kündigt sich der Börsengang eines großen Technologieunternehmens an. Cloudflare aus San Francisco will im ersten Halbjahr mit der Unterstützung der Investmentbank Goldman Sachs an der Börse fast 3,5 Mrd. Dollar einsammeln. Es liegen allerdings schwere Schatten über Cloudflare. Die Bandbreite seiner Kunden reicht nämlich von Kreditkartenbetrügern und Spammern über Seiten, die Urheberrechtsverletzungen als Geschäftsmodell betreiben, bis hin zu Terrorseiten. Sogar US-Embargos werden unterlaufen.
💡 Was ist Cloudflare?
Die Dienstleistung von Cloudflare ist die Bereitstellung eines Content Delivery Networks (CDN) – auch Content Distribution Network genannt. Das ist vereinfacht gesagt eine Art Turbo für Webseiten, damit diese weltweit schnell und sicher ausgeliefert werden. Cloudflare hängt sich dabei zwischen die Webseite bzw. die Server seiner Kunden und den Besucher der Seite bzw. Nutzer eines Service und sorgt durch gezielte Steuerung und Verteilung des Traffics für eine entsprechend hohe Geschwindigkeit. Auf diese Weise kann Cloudflare auch Schutz vor Überlastungsattacken (DDoS) im Netz anbieten.
💡 Allerdings bietet es dabei ein verstecktes Feature, das es in sich hat:
das Unternehmen anonymisiert seine Kunden.
Durch die Art und Weise wie Cloudflare quasi einen Schirm über die Originalwebseite bzw. deren Server legt, wird der Betreiber dieser Seite nahezu unauffindbar. Will man beispielsweise wissen, wo eine bestimmte Webseite gehostet wird, erhält man lediglich Cloudflare-Daten, kann aber weder das Originalrechenzentrum identifizieren noch die IP-Adresse, die unter anderem bei der Verfolgung von Rechtsverletzungen notwendig wäre.
Zivilrechtliche Anfragen laufen ins Leere, weil Cloudflare lediglich die Nennung irgendeines Rechenzentrums liefert, welche aber ohne die jeweilige IP-Adresse wertlos ist. Dies wäre in etwa vergleichbar mit der Auskunft einer Anschrift in einem Hochhaus mit tausenden Bewohnern, bei dem es keine Klingelschilder gibt.
💡 Das Urheberechtsproblem „Cloudflare“ ist bekannt
Diese verstecke Dienstleistung von Cloudflare zieht reihenweise dubiose Kunden an. Unter anderem taucht das Unternehmen immer wieder im Zusammenhang mit Urheberrechtsverletzungen auf, aber nicht nur dort.
Die EU-Kommission führt Cloudflare seit Dezember 2018 in einer Watchlist für Fälschungen und Piraterie. Zuletzt erhielt der Service den zweifelhaften Preis als schlimmster Feind der Kreativen vom US-Blog The Trichordist.
Die Auflistung rechtsverletzender Marktteilnehmer hat eine lange Tradition in den USA. Der Musikverband RIAA reicht auf jährlicher Basis die Liste der schlimmsten Fälle beim US-Handelsministerium ein. Im Jahr 2017 konnten 9 von 20 Störern von der RIAA nicht identifiziert werden, weil Cloudflare diese effektiv camouflierte.
Auch der US-Filmverband MPA kennt die Probleme mit der Verschleierung durch Cloudflare und benennt diese in seiner jährlichen Störerliste. Im relativ jungen Piraterie-Segment IPTV, also dem Streamen von nicht-lizenzierten TV- Signalen, ist das Unternehmen ebenfalls unterwegs. Eine Studie aus dem Herbst 2018 belegt die Rolle von Cloudflare sowohl bei der Tarnung der Seiten, die IPTV Abonnements verkaufen, als auch beim Kaschieren der Herkunft der Streams. Bei einer Untersuchung der Rechenzentren von File- und Streaminghostern in 2016 nutzten 40 % der Top 10 und 47 % der Top 30 Cloudflare.
💡 Der ECO, ein deutscher Verband, dem offenbar alles egal ist
Das Unternehmen ist Mitglied im deutschen Branchenverband ECO. Der Sinn dieser Mitgliedschaft dürfte darin bestehen, einen Rabatt für Traffic am Internetknoten Frankfurt (DE-CIX) zu bekommen, den der ECO über eine Tochterfirma betreibt.
Den ECO schert seit jeher nicht, dass neben Cloudflare noch weitere Anbieter, die extrem stark in Piraterie verwickelt sind, Verbandsmitglieder sind. Auf entsprechende Berichte wurde jedenfalls nicht reagiert, obwohl ECO-Mitglieder neben Cloudflare zum Beispiel 2014 für über 50% des Piraterie-Traffics im Filmbereich verantwortlich sind; davon entfallen 45,2 % auf Cloudflare und rund 6 % auf weitere fünf Mitglieder.
💡 Cloudflare vor Gericht
Die Liste der Meldungen über Gerichtsverfahren gegen Cloudflare ist lang. Die Klagen betreffen nicht nur virtuelle Güter. Zwei Hersteller von Brautmoden klagten wegen Marken- und Urheberrechtsverletzungen von Plagiatsshops, die durch Cloudflare anonymisiert wurden.
Aufsehen erregte insbesondere das Verfahren des Adult-Entertainment-Anbieters ALS-Scan gegen das Unternehmen, das in einem Vergleich endete, als es für den Dienstleister eng wurde. Der Richter hatte nämlich entschieden, dass Cloudflare Urheberrechtsverletzungen erheblich unterstützen kann, indem es zwischengespeicherte Kopien von Dateien hostet.
Die Entscheidung, ob Cloudflare dies auch tat und dafür haften muss, hat Cloudflare durch den Vergleich abgewendet.
💡 Unterstützung Illegaler Angebote – System oder Ausrutscher?
Weiteres Aufsehen erregten Nachrichten im Herbst 2018, als Cloudflare die Geschäftsbeziehung zu dem Szene-Hoster Rapidvideo einstellte. Schließlich gab es bis dahin nur den bekanntgewordenen Fall Daily Stormer, einer US-Naziseite, dem Cloudflare die Geschäftsbeziehung in 2017 von sich aus gekündigt hatte.
💡 Big Data bringt es an den Tag
Der aktuelle Google Transparency-Report ermöglicht es, den tatsächlichen Umfang der Beteiligung von Cloudflare am Piraterieaufkommen zu demonstrieren. In dem Report listet Google alle Anfragen von Rechteinhabern zu Löschungen aus dem Google Suchindex auf, die Rechtsverletzungen betreffen. Mittlerweile sind das mehr als 2,9 Milliarden Meldungen. Die Top 5.000 der noch existierenden Domains machen davon bereits 79 % aller gemeldeten URLs aus.
Betrachtet man diese 5.000 Domains näher, insbesondere im Hinblick darauf, ob sie Cloudflare als Maskierung benutzen, spricht das Ergebnis für sich: 37 % der Rechtsverletzungen kommen von ihren Kunden, die 34 % der 5.000 Seiten betreiben.
Wenn man diesen Anteil auf die gesamte Zahl von Domains hochrechnen würde, die im Google Report wegen Urheberrechtsverletzungen aufgeführt sind, käme man auf fast 750.000 durch Cloudflare geschützte Domains. Und das bei insgesamt 2,2 Millionen Domains, zu denen es Löschanforderungen gab.
Zu den „Piraterie Kunden“ des Unternehmens Cloudflare zählen u. a.: Torrentz.eu, Gosong.net, Share-online.biz, Catshare.net, Bitnoop.com, Deepwarez.org, Turbobit.net, Myfreemp3.eu oder auch Nitroflare.com. Jede dieser Webseiten erhielt mindestens drei Millionen Löschanfragen aus dem Google Suchindex.
💡 Auch Kreditkartenbetrüger, Phisher, Erpresser & Terroristen lieben Cloudflare
Die Watchwebsite Crimeflare ist eine wahre Fundgrube für Informationen rund um Cloudflare. Sie listet alleine 650 Kreditkartenbetrugsseiten auf, denen Cloudflare Unterschlupf bieten soll.
Aber auch in Sachen SSL Zertifikaten mischt das Unternehmen munter mit. Ganz besonders Phishingseiten brauchen solche eigentlich vertrauensbildenden Zertifikate, um erfolgreich zu sein und dem Konsumenten Sicherheit vorzugaukeln. Offenbar wurden laut dem deutschen Magazin Heise Hunderte solcher Zertifikate für Betrüger durch Cloudflare ausgestellt.
Das Unternehmen ist Mitglied im deutschen Branchenverband ECO. Der Sinn dieser Mitgliedschaft dürfte darin bestehen, einen Rabatt für Traffic am Internetknoten Frankfurt (DE-CIX) zu bekommen, den der ECO über eine Tochterfirma betreibt.
Den ECO schert seit jeher nicht, dass neben Cloudflare noch weitere Anbieter, die extrem stark in Piraterie verwickelt sind, Verbandsmitglieder sind. Auf entsprechende Berichte wurde jedenfalls nicht reagiert, obwohl ECO-Mitglieder neben Cloudflare zum Beispiel 2014 für über 50% des Piraterie-Traffics im Filmbereich verantwortlich sind; davon entfallen 45,2 % auf Cloudflare und rund 6 % auf weitere fünf Mitglieder.
💡 Cloudflare vor Gericht
Die Liste der Meldungen über Gerichtsverfahren gegen Cloudflare ist lang. Die Klagen betreffen nicht nur virtuelle Güter. Zwei Hersteller von Brautmoden klagten wegen Marken- und Urheberrechtsverletzungen von Plagiatsshops, die durch Cloudflare anonymisiert wurden.
Aufsehen erregte insbesondere das Verfahren des Adult-Entertainment-Anbieters ALS-Scan gegen das Unternehmen, das in einem Vergleich endete, als es für den Dienstleister eng wurde. Der Richter hatte nämlich entschieden, dass Cloudflare Urheberrechtsverletzungen erheblich unterstützen kann, indem es zwischengespeicherte Kopien von Dateien hostet.
Die Entscheidung, ob Cloudflare dies auch tat und dafür haften muss, hat Cloudflare durch den Vergleich abgewendet.
💡 Unterstützung Illegaler Angebote – System oder Ausrutscher?
Weiteres Aufsehen erregten Nachrichten im Herbst 2018, als Cloudflare die Geschäftsbeziehung zu dem Szene-Hoster Rapidvideo einstellte. Schließlich gab es bis dahin nur den bekanntgewordenen Fall Daily Stormer, einer US-Naziseite, dem Cloudflare die Geschäftsbeziehung in 2017 von sich aus gekündigt hatte.
💡 Big Data bringt es an den Tag
Der aktuelle Google Transparency-Report ermöglicht es, den tatsächlichen Umfang der Beteiligung von Cloudflare am Piraterieaufkommen zu demonstrieren. In dem Report listet Google alle Anfragen von Rechteinhabern zu Löschungen aus dem Google Suchindex auf, die Rechtsverletzungen betreffen. Mittlerweile sind das mehr als 2,9 Milliarden Meldungen. Die Top 5.000 der noch existierenden Domains machen davon bereits 79 % aller gemeldeten URLs aus.
Betrachtet man diese 5.000 Domains näher, insbesondere im Hinblick darauf, ob sie Cloudflare als Maskierung benutzen, spricht das Ergebnis für sich: 37 % der Rechtsverletzungen kommen von ihren Kunden, die 34 % der 5.000 Seiten betreiben.
Wenn man diesen Anteil auf die gesamte Zahl von Domains hochrechnen würde, die im Google Report wegen Urheberrechtsverletzungen aufgeführt sind, käme man auf fast 750.000 durch Cloudflare geschützte Domains. Und das bei insgesamt 2,2 Millionen Domains, zu denen es Löschanforderungen gab.
Zu den „Piraterie Kunden“ des Unternehmens Cloudflare zählen u. a.: Torrentz.eu, Gosong.net, Share-online.biz, Catshare.net, Bitnoop.com, Deepwarez.org, Turbobit.net, Myfreemp3.eu oder auch Nitroflare.com. Jede dieser Webseiten erhielt mindestens drei Millionen Löschanfragen aus dem Google Suchindex.
💡 Auch Kreditkartenbetrüger, Phisher, Erpresser & Terroristen lieben Cloudflare
Die Watchwebsite Crimeflare ist eine wahre Fundgrube für Informationen rund um Cloudflare. Sie listet alleine 650 Kreditkartenbetrugsseiten auf, denen Cloudflare Unterschlupf bieten soll.
Aber auch in Sachen SSL Zertifikaten mischt das Unternehmen munter mit. Ganz besonders Phishingseiten brauchen solche eigentlich vertrauensbildenden Zertifikate, um erfolgreich zu sein und dem Konsumenten Sicherheit vorzugaukeln. Offenbar wurden laut dem deutschen Magazin Heise Hunderte solcher Zertifikate für Betrüger durch Cloudflare ausgestellt.
💡 Auch die Verbreitung von Malware findet über Cloudflare statt, wie Spamhaus berichtet.
Bei Erpressern liegt das Unternehmen ebenfalls hoch im Kurs. Das deutsche Nachrichten-Magazin „Der Spiegel“ berichtet von einem Zwillingsgeschäft. Einerseits sorgt dieser CDN-Dienst dafür, dass Erpressern, die z. B. damit drohen, eine Webseite per DDoS zum Erliegen zu bringen, nicht mehr verfolgbar sind. Den von den DDoS-Attacken betroffenen Seiten verkauft man dann seinen DDoS-Schutz. Eine besondere Form der Kundengewinnung.
Ganz speziell wird es beim Thema Terror, denn auch dort sind gute Geschäfte zu machen. Bereits 2012 konfrontierte die Nachrichtenagentur Reuters Cloudflare damit, dass man Webseiten von Hamas und Al-Quds betreuen würde; beide werden von den Vereinigten Staaten als terroristische Gruppen bezeichnet. 2015 gab es in den USA sogar eine Petition gegen Cloudflare, weil der Dienst etwa 50 Webseiten Unterschlupf bot, die der ISIS zugerechnet werden. Aber auch 2018 wurden noch Terrororganisationen unterstützt. Der niederländische Sicherheitsforscher Bert Hubert identifizierte Ende 2018 mindestens 7 verschiedene Webseiten von Terrororganisationen, die Cloudflare benutzen.
Die Huffingtonpost ließ diese Erkenntnisse von Benjamin Wittes, Senior Fellow der Brookings Institution, bewerten:
“This is not a content-based issue. [Cloudflare] can be as pure-free-speech people as they want — they have an arguable position that it’s not their job to decide what speech is worthy and what speech is not — but there is a law, a criminal statute, that says that you are not allowed to give services to designated foreign terrorist organizations. Full stop.”
Als Sahnehäubchen hat das Unternehmen sogar Kunden, die auf der offiziellen Embargoliste der USA stehen (SDN Liste). So nutzt beispielsweise die CENTRAL REPUBLIC BANK aus der Donezk-Region (Ukraine) den Dienst von Cloudflare.
❗️Wissen die Anleger eigentlich, in was sie da investieren?
Vor dem Hintergrund dieser ganzen Fakten verwundern zwei Dinge:
1. Wie konnte das Unternehmen in der Vergangenheit bereits Finanzierungsrunden diverser Investmentgesellschaften, unter anderem auch der Google Mutter Alphabet erhalten?
2. Weiß man bei Goldman Sachs eigentlich etwas über das Ausmaß der Beteiligung an Rechtsverletzungen und der Unterstützung von sehr zweifelhaften „Unternehmungen“ – bis hin zum Unterlaufen von US-Embargos?
Risikomanagement ist einer der zentralen Parameter von Investmentbanken bei der Bewertung von Investments. Risiken müssen vorab bekannt und einschätzbar sein. Eine derartig große Beteiligung an dubiosen Geschäften ist bei einem Börsengang allerdings selten und ein gewaltiges Risiko. Erst recht, wenn, wie im Verfahren ALS-Scan, eine eigene Haftung des Unternehmens im Raume steht oder mit dem Service für Terrororganisationen gegen Strafrecht verstoßen wird.
Entweder Goldman Sachs und die aktuellen Investoren interessieren keine moralischen Standards, sind blauäugig oder sie schätzen das Risiko des Scheiterns als sehr gering ein. Das zeigt, wie dringend es hier staatlicher Regulierung von Intermediären im Internet bedarf.
https://thetrichordist.com/2019/01/01/2019-artist-enemy-1-cloudflare/
https://torrentfreak.com/images/RIAA_2017NotoriousMarketOCR.pdf
https://torrentfreak.com/cloudflare-counters-mpaa-and-riaas-rehashed-piracy-complaints-171020/
http://webschauder.de/iptv-rechenzentren-illegaler-streamingangebote/
http://webschauder.de/tag/cloudflare_verfahren/
https://torrentfreak.com/cloudflare-settles-dangerous-piracy-liability-lawsuit-180621/
https://transparencyreport.google.com/copyright/overview?hl=de
http://www.crimeflare.com:82/carders.html
http://www.heise.de/newsticker/meldung/SSL-Zertifizierungsstellen-stellen-hunderte-Zertifikate-fuer-Phishing-Seiten-aus-2848793.html
https://tarnkappe.info/steckt-cloudflare-bald-in-schwierigkeiten/
Quelle und mehr Infos:
https://tarnkappe.info/cloudflare-the-bad-the-worse-and-the-ugly/
📡 @NoGoolag
#Cloudflare #Wahrheit #warum
Bei Erpressern liegt das Unternehmen ebenfalls hoch im Kurs. Das deutsche Nachrichten-Magazin „Der Spiegel“ berichtet von einem Zwillingsgeschäft. Einerseits sorgt dieser CDN-Dienst dafür, dass Erpressern, die z. B. damit drohen, eine Webseite per DDoS zum Erliegen zu bringen, nicht mehr verfolgbar sind. Den von den DDoS-Attacken betroffenen Seiten verkauft man dann seinen DDoS-Schutz. Eine besondere Form der Kundengewinnung.
Ganz speziell wird es beim Thema Terror, denn auch dort sind gute Geschäfte zu machen. Bereits 2012 konfrontierte die Nachrichtenagentur Reuters Cloudflare damit, dass man Webseiten von Hamas und Al-Quds betreuen würde; beide werden von den Vereinigten Staaten als terroristische Gruppen bezeichnet. 2015 gab es in den USA sogar eine Petition gegen Cloudflare, weil der Dienst etwa 50 Webseiten Unterschlupf bot, die der ISIS zugerechnet werden. Aber auch 2018 wurden noch Terrororganisationen unterstützt. Der niederländische Sicherheitsforscher Bert Hubert identifizierte Ende 2018 mindestens 7 verschiedene Webseiten von Terrororganisationen, die Cloudflare benutzen.
Die Huffingtonpost ließ diese Erkenntnisse von Benjamin Wittes, Senior Fellow der Brookings Institution, bewerten:
“This is not a content-based issue. [Cloudflare] can be as pure-free-speech people as they want — they have an arguable position that it’s not their job to decide what speech is worthy and what speech is not — but there is a law, a criminal statute, that says that you are not allowed to give services to designated foreign terrorist organizations. Full stop.”
Als Sahnehäubchen hat das Unternehmen sogar Kunden, die auf der offiziellen Embargoliste der USA stehen (SDN Liste). So nutzt beispielsweise die CENTRAL REPUBLIC BANK aus der Donezk-Region (Ukraine) den Dienst von Cloudflare.
❗️Wissen die Anleger eigentlich, in was sie da investieren?
Vor dem Hintergrund dieser ganzen Fakten verwundern zwei Dinge:
1. Wie konnte das Unternehmen in der Vergangenheit bereits Finanzierungsrunden diverser Investmentgesellschaften, unter anderem auch der Google Mutter Alphabet erhalten?
2. Weiß man bei Goldman Sachs eigentlich etwas über das Ausmaß der Beteiligung an Rechtsverletzungen und der Unterstützung von sehr zweifelhaften „Unternehmungen“ – bis hin zum Unterlaufen von US-Embargos?
Risikomanagement ist einer der zentralen Parameter von Investmentbanken bei der Bewertung von Investments. Risiken müssen vorab bekannt und einschätzbar sein. Eine derartig große Beteiligung an dubiosen Geschäften ist bei einem Börsengang allerdings selten und ein gewaltiges Risiko. Erst recht, wenn, wie im Verfahren ALS-Scan, eine eigene Haftung des Unternehmens im Raume steht oder mit dem Service für Terrororganisationen gegen Strafrecht verstoßen wird.
Entweder Goldman Sachs und die aktuellen Investoren interessieren keine moralischen Standards, sind blauäugig oder sie schätzen das Risiko des Scheiterns als sehr gering ein. Das zeigt, wie dringend es hier staatlicher Regulierung von Intermediären im Internet bedarf.
Links:http://trade.ec.europa.eu/doclib/docs/2018/december/tradoc_157564.pdf
https://thetrichordist.com/2019/01/01/2019-artist-enemy-1-cloudflare/
https://torrentfreak.com/images/RIAA_2017NotoriousMarketOCR.pdf
https://torrentfreak.com/cloudflare-counters-mpaa-and-riaas-rehashed-piracy-complaints-171020/
http://webschauder.de/iptv-rechenzentren-illegaler-streamingangebote/
http://webschauder.de/tag/cloudflare_verfahren/
https://torrentfreak.com/cloudflare-settles-dangerous-piracy-liability-lawsuit-180621/
https://transparencyreport.google.com/copyright/overview?hl=de
http://www.crimeflare.com:82/carders.html
http://www.heise.de/newsticker/meldung/SSL-Zertifizierungsstellen-stellen-hunderte-Zertifikate-fuer-Phishing-Seiten-aus-2848793.html
https://tarnkappe.info/steckt-cloudflare-bald-in-schwierigkeiten/
Quelle und mehr Infos:
https://tarnkappe.info/cloudflare-the-bad-the-worse-and-the-ugly/
📡 @NoGoolag
#Cloudflare #Wahrheit #warum
Con la promesa de verificación, los piratas informáticos apuntan a influenciadores de Instagram.
Los piratas informáticos han enviado correos electrónicos que dicen ser del “Equipo de verificación de Instagram” y ofrecen a los usuarios la oportunidad de solicitar una marca de validación verificada, según descubrió la firma de ciberseguridad Trend Micro. No está claro cuándo comenzó este esquema de piratería.
Se les pide a los usuarios que caen en el correo electrónico de phishing que ingresen su nombre de usuario, contraseña, dirección de correo electrónico y fecha de nacimiento de Instagram, un esfuerzo que permite a los piratas informáticos obtener el control de las cuentas.
Trend Micro dijo que en un caso había visto a los piratas informáticos amenazando con eliminar una cuenta a menos que el usuario pagara un rescate o enviara fotos o videos de desnudos.
“Hemos visto casos en los que los propietarios de perfiles de Instagram con seguidores entre 15.000 y 70.000 fueron pirateados y nunca fueron recuperados. Las víctimas iban desde actores y cantantes famosos hasta propietarios de empresas de nueva creación, como de alquiler de equipos de fotos”, informó Trend Micro en su blog este jueves.
La compañía dijo que buscara correos electrónicos con “estilos de fuente dudosos”, y gramática y puntuación incorrectas.
Aunque no está claro a partir de ahora quién está tras este caso de piratería, la compañía dijo que parecen ser personas que hablan turco.
Trend Micro dijo que había revelado sus hallazgos a Instagram y su empresa matriz Facebook, pero aún no ha recibido respuesta.
En una declaración enviada a CNN Business, Instagram advirtió a los usuarios que desconfíen de cualquier comunicación que alegue ser de la empresa.
“Nunca le enviaremos un correo electrónico proactivo acerca de la verificación, y ciertamente nunca intentaremos venderle la verificación. Más allá de los anuncios, Instagram no vende ningún producto o servicio y no le haremos ninguna oferta por correo electrónico”, indica el comunicado.
La compañía dijo que recomienda a sus usuarios implementar una autenticación de dos factores para hacer que las cuentas sean aún más seguras.
https://cnnespanol.cnn.com/2019/03/01/instagram-influencers-verificacion-piratas-informaticos-phishing/
#instagram #seguridad #hacker
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Los piratas informáticos han enviado correos electrónicos que dicen ser del “Equipo de verificación de Instagram” y ofrecen a los usuarios la oportunidad de solicitar una marca de validación verificada, según descubrió la firma de ciberseguridad Trend Micro. No está claro cuándo comenzó este esquema de piratería.
Se les pide a los usuarios que caen en el correo electrónico de phishing que ingresen su nombre de usuario, contraseña, dirección de correo electrónico y fecha de nacimiento de Instagram, un esfuerzo que permite a los piratas informáticos obtener el control de las cuentas.
Trend Micro dijo que en un caso había visto a los piratas informáticos amenazando con eliminar una cuenta a menos que el usuario pagara un rescate o enviara fotos o videos de desnudos.
“Hemos visto casos en los que los propietarios de perfiles de Instagram con seguidores entre 15.000 y 70.000 fueron pirateados y nunca fueron recuperados. Las víctimas iban desde actores y cantantes famosos hasta propietarios de empresas de nueva creación, como de alquiler de equipos de fotos”, informó Trend Micro en su blog este jueves.
La compañía dijo que buscara correos electrónicos con “estilos de fuente dudosos”, y gramática y puntuación incorrectas.
Aunque no está claro a partir de ahora quién está tras este caso de piratería, la compañía dijo que parecen ser personas que hablan turco.
Trend Micro dijo que había revelado sus hallazgos a Instagram y su empresa matriz Facebook, pero aún no ha recibido respuesta.
En una declaración enviada a CNN Business, Instagram advirtió a los usuarios que desconfíen de cualquier comunicación que alegue ser de la empresa.
“Nunca le enviaremos un correo electrónico proactivo acerca de la verificación, y ciertamente nunca intentaremos venderle la verificación. Más allá de los anuncios, Instagram no vende ningún producto o servicio y no le haremos ninguna oferta por correo electrónico”, indica el comunicado.
La compañía dijo que recomienda a sus usuarios implementar una autenticación de dos factores para hacer que las cuentas sean aún más seguras.
https://cnnespanol.cnn.com/2019/03/01/instagram-influencers-verificacion-piratas-informaticos-phishing/
#instagram #seguridad #hacker
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
CNN
Con la promesa de verificación, los piratas informáticos apuntan a influenciadores de Instagram | CNN
Los piratas informáticos han enviado correos electrónicos en los que ofrecen a los usuarios la oportunidad de solicitar una marca de cuenta verificada. | Tecnología | CNN
OpenWPM_1_million_site_tracking_measurement.pdf
2.5 MB
Online Tracking:A 1-million-site Measurement and Analysis
We present the largest and most detailed measurement ofonline tracking conducted to date, based on a crawl of thetop 1 million websites. We make 15 types of measurementson each site, including stateful (cookie-based) and stateless(fingerprinting-based) tracking, the effect of browser privacytools, and the exchange of tracking data between differentsites (“cookie syncing”). Our findings include multiple so-phisticated fingerprinting techniques never before measuredin the wild.
http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf
#tracking #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
We present the largest and most detailed measurement ofonline tracking conducted to date, based on a crawl of thetop 1 million websites. We make 15 types of measurementson each site, including stateful (cookie-based) and stateless(fingerprinting-based) tracking, the effect of browser privacytools, and the exchange of tracking data between differentsites (“cookie syncing”). Our findings include multiple so-phisticated fingerprinting techniques never before measuredin the wild.
http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf
#tracking #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Episode 1: The Roots of Evil
Malicious Life By Cybereason
🎧 🇬🇧 Ghost in the Machine - The Roots of Evil
Cybercrime is one of the most notable threats we face as computer users nowadays. But it wasn’t always so. Those of us who’ve been working with computers long enough may remember a time when computer viruses were much more benign, and virus authors were usually just bored computer geeks, and not members of a sophisticated, well-organized crime syndicate. Join us in exploring the world of early viruses, the precursors to the types of malware we know all too well today.
📻 #malicious_life Ghost in the Machine #Season1 / #Episode1 #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Cybercrime is one of the most notable threats we face as computer users nowadays. But it wasn’t always so. Those of us who’ve been working with computers long enough may remember a time when computer viruses were much more benign, and virus authors were usually just bored computer geeks, and not members of a sophisticated, well-organized crime syndicate. Join us in exploring the world of early viruses, the precursors to the types of malware we know all too well today.
📻 #malicious_life Ghost in the Machine #Season1 / #Episode1 #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
The Secrets Hidden in Our Google Location Data
🎧 🇬🇧 The Secrets Hidden in Our Google Location Data
This week on Decrypted, Bloomberg Technology’s Alistair Barr and Pia Gadkari explore the myriad secrets that our location data can reveal and some of the ways it can be used against us.
📻 The #secrets #hidden in Our #google #location #data #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
This week on Decrypted, Bloomberg Technology’s Alistair Barr and Pia Gadkari explore the myriad secrets that our location data can reveal and some of the ways it can be used against us.
📻 The #secrets #hidden in Our #google #location #data #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Crypto-Gram 2018-12 (December)
🎧 🇬🇧 Crypto-Gram Security Podcast
👉 Information #attacks against #democracies
👉 How #surveillance Inhibits #freedom of #expression
👉 #propaganda and the Weakening of Trust in #government
📻 #CryptoGram #security #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
👉 Information #attacks against #democracies
👉 How #surveillance Inhibits #freedom of #expression
👉 #propaganda and the Weakening of Trust in #government
📻 #CryptoGram #security #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Media is too big
VIEW IN TELEGRAM
📺 🇬🇧 DEF CON 25 - Roger Dingledine - Next Generation Tor Onion Services
Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While most people use Tor to reach ordinary websites more safely, a tiny fraction of Tor traffic makes up what overhyped journalists like to call the "dark web". Tor onion services (formerly known as Tor hidden services) let people run Internet services such as websites in a way where both the service and the people reaching it can get stronger security and privacy.
📺 #DEFCON 25 - Roger Dingledine - Next Generation #Tor #Onion #Services
https://invidio.us/watch?v=Di7qAVidy1Y
Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While most people use Tor to reach ordinary websites more safely, a tiny fraction of Tor traffic makes up what overhyped journalists like to call the "dark web". Tor onion services (formerly known as Tor hidden services) let people run Internet services such as websites in a way where both the service and the people reaching it can get stronger security and privacy.
📺 #DEFCON 25 - Roger Dingledine - Next Generation #Tor #Onion #Services
https://invidio.us/watch?v=Di7qAVidy1Y
🇪🇸Fix It Already: Nueve pasos que las compañías deben tomar para protegerte.
Hoy anunciamos Fix It Already, una nueva forma de mostrar a las empresas que nos tomamos en serio los grandes problemas de seguridad y privacidad que deben solucionar. Estamos exigiendo soluciones para diferentes problemas de nueve empresas y plataformas tecnológicas, dirigidas a empresas de medios sociales, sistemas operativos y plataformas empresariales en temas que van desde el diseño de cifrado hasta las políticas de retención.
Algunas de estas cuestiones se derivan de decisiones empresariales. Algunos son agujeros de seguridad. Algunas son opciones de diseño. ¿El hilo conductor? Todos estos conocidos problemas de privacidad y seguridad tienen soluciones alcanzables y un gran impacto en la vida de las personas.
Queremos que las empresas adapten sus productos a lo que los consumidores esperan y merecen. Y necesitamos saber de ti para hacerlo. ¿Cómo han afectado estos problemas a ti, o a la gente que conoces? ¿A qué riesgos te enfrentas como resultado? ¿Qué soluciones has utilizado para intentar que estos productos y plataformas funcionen para tus problemas de seguridad y privacidad? Dirígete a Fix It Already y dinos -y a estas compañías- qué significan estos problemas para ti.
- Android debería permitir a los usuarios denegar y revocar los permisos de Internet de las aplicaciones.
- Apple debería permitir a los usuarios cifrar sus copias de seguridad de iCloud.
- Facebook debería dejar tu número de teléfono donde lo pusiste.
- Slack debería dar a los administradores del espacio de trabajo el control sobre la retención de datos.
- Twitter debería cifrar los mensajes directos de principio a fin.
- Venmo debería permitir a los usuarios ocultar sus listas de amigos.
- Verizon debe dejar de preinstalar spyware en los teléfonos de sus usuarios.
- WhatsApp debería obtener tu consentimiento antes de que se agregue a un grupo.
- Windows 10 debería permitir a los usuarios guardar sus claves de cifrado de disco para sí mismos.
Es 2019. Tenemos la tecnología para solucionar estos problemas, y las empresas se están quedando sin excusas para descuidar las mejores prácticas de seguridad y privacidad. Esperamos que con un poco más de atención, estas empresas se tomen en serio estos problemas y los solucionen ya.
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES
Hoy anunciamos Fix It Already, una nueva forma de mostrar a las empresas que nos tomamos en serio los grandes problemas de seguridad y privacidad que deben solucionar. Estamos exigiendo soluciones para diferentes problemas de nueve empresas y plataformas tecnológicas, dirigidas a empresas de medios sociales, sistemas operativos y plataformas empresariales en temas que van desde el diseño de cifrado hasta las políticas de retención.
Algunas de estas cuestiones se derivan de decisiones empresariales. Algunos son agujeros de seguridad. Algunas son opciones de diseño. ¿El hilo conductor? Todos estos conocidos problemas de privacidad y seguridad tienen soluciones alcanzables y un gran impacto en la vida de las personas.
Queremos que las empresas adapten sus productos a lo que los consumidores esperan y merecen. Y necesitamos saber de ti para hacerlo. ¿Cómo han afectado estos problemas a ti, o a la gente que conoces? ¿A qué riesgos te enfrentas como resultado? ¿Qué soluciones has utilizado para intentar que estos productos y plataformas funcionen para tus problemas de seguridad y privacidad? Dirígete a Fix It Already y dinos -y a estas compañías- qué significan estos problemas para ti.
- Android debería permitir a los usuarios denegar y revocar los permisos de Internet de las aplicaciones.
- Apple debería permitir a los usuarios cifrar sus copias de seguridad de iCloud.
- Facebook debería dejar tu número de teléfono donde lo pusiste.
- Slack debería dar a los administradores del espacio de trabajo el control sobre la retención de datos.
- Twitter debería cifrar los mensajes directos de principio a fin.
- Venmo debería permitir a los usuarios ocultar sus listas de amigos.
- Verizon debe dejar de preinstalar spyware en los teléfonos de sus usuarios.
- WhatsApp debería obtener tu consentimiento antes de que se agregue a un grupo.
- Windows 10 debería permitir a los usuarios guardar sus claves de cifrado de disco para sí mismos.
Es 2019. Tenemos la tecnología para solucionar estos problemas, y las empresas se están quedando sin excusas para descuidar las mejores prácticas de seguridad y privacidad. Esperamos que con un poco más de atención, estas empresas se tomen en serio estos problemas y los solucionen ya.
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES
Fix It Already
Tech companies could change these things to make your life easier and protect your digital security and privacy. Why haven’t they yet?
🇪🇸 Teléfonos inteligentes para privacidad y seguridad.
Los teléfonos inteligentes son intrínsecamente malos para la privacidad. Básicamente, tienes un dispositivo de rastreo en tu bolsillo, haciendo ping de las torres de telefonía móvil y fijando los satélites GPS. Al mismo tiempo, la conexión de datos del teléfono garantiza que las cookies de seguimiento, los identificadores de publicidad y las estadísticas de uso te sigan por Internet.
Así que no, no hay un smartphone perfectamente seguro y verdaderamente privado, vamos a dejar eso por ahora. Pero en la era de la información, prácticamente se necesita un teléfono inteligente para salir adelante en la sociedad, por lo que la pregunta es: ¿Qué teléfono se las arregla para ser el menor de todos los males?
Con vulnerabilidades críticas como el KRACK exploit y Blueborne, sin mencionar que el FBI intenta encontrar una puerta trasera en prácticamente todos los teléfonos, esa es una pregunta difícil de responder. Así que para encontrar los dispositivos más seguros, probamos los mejores smartphones del mercado, buscando factores clave como la potencia de cifrado, la biometría, la seguridad asistida por hardware, la disponibilidad de VPN y los plazos de los parches de seguridad. Nuestra investigación redujo la lista a cinco grandes teléfonos, así que vamos a discutir qué tan bien cada uno de estos dispositivos protege su privacidad.
Puntos clave de comparación
A la hora de comparar nuestros cinco teléfonos finalistas, estos fueron los factores clave de diferenciación para la privacidad y la seguridad:
✳️Biometría
✳️Métodos de autenticación
✳️Cifrado
✳️Llaves almacenadas en hardware
✳️Módulos de seguridad de hardware
✳️Cuentas de usuario en el entorno de pruebas
✳️Restringir el rastreo de anuncios
✳️VPN siempre activa
✳️Bloquear el acceso a Internet para aplicaciones
✳️Borrado de datos después de un inicio de sesión fallido
✳️DNS sobre TLS
✳️Forzar contraseña para desbloquear el teléfono
✳️Restringir el uso del puerto de datos
✳️Protección antirrobo
✳️Administrador de contraseñas integrado
✳️Generador de contraseñas
✳️Autocompletar contraseñas
✳️Aplicaciones protegidas por contraseña
✳️Archivos protegidos por contraseña
✳️Aplicación del centro de seguridad de stock
✳️Plazo para el parche de seguridad
✳️Recompensas por Bugs
#consejos #smartphones #seguridad #privacidad
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES
Los teléfonos inteligentes son intrínsecamente malos para la privacidad. Básicamente, tienes un dispositivo de rastreo en tu bolsillo, haciendo ping de las torres de telefonía móvil y fijando los satélites GPS. Al mismo tiempo, la conexión de datos del teléfono garantiza que las cookies de seguimiento, los identificadores de publicidad y las estadísticas de uso te sigan por Internet.
Así que no, no hay un smartphone perfectamente seguro y verdaderamente privado, vamos a dejar eso por ahora. Pero en la era de la información, prácticamente se necesita un teléfono inteligente para salir adelante en la sociedad, por lo que la pregunta es: ¿Qué teléfono se las arregla para ser el menor de todos los males?
Con vulnerabilidades críticas como el KRACK exploit y Blueborne, sin mencionar que el FBI intenta encontrar una puerta trasera en prácticamente todos los teléfonos, esa es una pregunta difícil de responder. Así que para encontrar los dispositivos más seguros, probamos los mejores smartphones del mercado, buscando factores clave como la potencia de cifrado, la biometría, la seguridad asistida por hardware, la disponibilidad de VPN y los plazos de los parches de seguridad. Nuestra investigación redujo la lista a cinco grandes teléfonos, así que vamos a discutir qué tan bien cada uno de estos dispositivos protege su privacidad.
Puntos clave de comparación
A la hora de comparar nuestros cinco teléfonos finalistas, estos fueron los factores clave de diferenciación para la privacidad y la seguridad:
✳️Biometría
✳️Métodos de autenticación
✳️Cifrado
✳️Llaves almacenadas en hardware
✳️Módulos de seguridad de hardware
✳️Cuentas de usuario en el entorno de pruebas
✳️Restringir el rastreo de anuncios
✳️VPN siempre activa
✳️Bloquear el acceso a Internet para aplicaciones
✳️Borrado de datos después de un inicio de sesión fallido
✳️DNS sobre TLS
✳️Forzar contraseña para desbloquear el teléfono
✳️Restringir el uso del puerto de datos
✳️Protección antirrobo
✳️Administrador de contraseñas integrado
✳️Generador de contraseñas
✳️Autocompletar contraseñas
✳️Aplicaciones protegidas por contraseña
✳️Archivos protegidos por contraseña
✳️Aplicación del centro de seguridad de stock
✳️Plazo para el parche de seguridad
✳️Recompensas por Bugs
#consejos #smartphones #seguridad #privacidad
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES
Telegram
BlackBox (Security) Archiv
🇪🇸 Biometría:
Hay dos escuelas de pensamiento que involucran escáneres de huellas dactilares y otros métodos de desbloqueo biométrico. En primer lugar, está la idea de que si sus identificadores biométricos fueran robados, no podría cambiarlos como una…
Hay dos escuelas de pensamiento que involucran escáneres de huellas dactilares y otros métodos de desbloqueo biométrico. En primer lugar, está la idea de que si sus identificadores biométricos fueran robados, no podría cambiarlos como una…