The Hitchhiker’s Guide to Online Anonymity (new draft version v0.9.0 with a new Tor Mirror)
Here is a new version (v0.9.0) of The Hitchhiker’s Guide to Online Anonymity.
💡 TLDR: This is an open-source non-profit detailed and maintained guide on online anonymity (in addition to Privacy/Security). I've been writing/updating it for the past months. It covers Windows/Linux/MacOS/Whonix/TAILS/Qubes OS and more. It's written with hope for activists, journalists, scientists, lawyers, whistle-blowers, and good people being oppressed/censored anywhere!
The whole guide is backed up by many external references (over 500 external references, many of them academic) and is not sponsored by any commercial entity.
The guide is presented in a "book format" (Online ,or PDF with Light and Dark themes) and is quite a long read with over 180 pages of information (not counting the many 500+ external references). But there are ways you can read some parts and not others depending on your interest (and this is also explained in the introduction).
* Project Website: https://anonymousplanet.org/
* Mirror: https://mirror.anonymousplanet.org/
* Tor Mirror: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion
💡 Online Guide:
* Online Version (Dark Theme): https://anonymousplanet.org/guide.html
* Online Version Mirror (Dark Theme): https://mirror.anonymousplanet.org/guide.html
* Online Version Tor Mirror (Dark Theme): http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.html
💡 PDFs:
* PDF (Light Theme): https://anonymousplanet.org/guide.pdf
* PDF (Light Theme Mirror): https://mirror.anonymousplanet.org/guide.pdf
* PDF (Light Theme Tor Mirror): http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.pdf
* PDF (Dark Theme): https://anonymousplanet.org/guide-dark.pdf
* PDF (Dark Theme Mirror): https://mirror.anonymousplanet.org/guide-dark.pdf
* PDF (Dark Theme Tor Mirror): http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide-dark.pdf
💡 Changelog:
* https://anonymousplanet.org/CHANGELOG.html
* https://mirror.anonymousplanet.org/CHANGELOG.html
* http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/CHANGELOG.html
💡 Archives:
* Archive.org: https://web.archive.org/web/https://anonymousplanet.org/guide.html
* Archive.today: https://archive.fo/anonymousplanet.org/guide.html
* Archive.today over Tor: http://archivecaslytosk.onion/anonymousplanet.org/guide.html
* Cryptpad.fr: https://cryptpad.fr/drive/#/2/drive/view/Ughm9CjQJCwB8BIppdtvj5zy4PyE-8Gxn11x9zaqJLI/
Feel free to share and contribute through the repository at https://github.com/AnonymousPlanet/thgtoa
👉🏼 Follow me on:
* Twitter: https://twitter.com/AnonyPla
* Mastodon: https://mastodon.online/@anonypla
Any constructive opinion/idea/criticism is welcome if you spot any issue. Many changes have been done based based on suggestions from redditors. Don't be too harsh tho. Remember it's still a "work in progress" draft.
https://redd.it/mpc5k3
#guide #online #anonymity #anonymousplanet
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Here is a new version (v0.9.0) of The Hitchhiker’s Guide to Online Anonymity.
💡 TLDR: This is an open-source non-profit detailed and maintained guide on online anonymity (in addition to Privacy/Security). I've been writing/updating it for the past months. It covers Windows/Linux/MacOS/Whonix/TAILS/Qubes OS and more. It's written with hope for activists, journalists, scientists, lawyers, whistle-blowers, and good people being oppressed/censored anywhere!
The whole guide is backed up by many external references (over 500 external references, many of them academic) and is not sponsored by any commercial entity.
The guide is presented in a "book format" (Online ,or PDF with Light and Dark themes) and is quite a long read with over 180 pages of information (not counting the many 500+ external references). But there are ways you can read some parts and not others depending on your interest (and this is also explained in the introduction).
* Project Website: https://anonymousplanet.org/
* Mirror: https://mirror.anonymousplanet.org/
* Tor Mirror: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion
💡 Online Guide:
* Online Version (Dark Theme): https://anonymousplanet.org/guide.html
* Online Version Mirror (Dark Theme): https://mirror.anonymousplanet.org/guide.html
* Online Version Tor Mirror (Dark Theme): http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.html
💡 PDFs:
* PDF (Light Theme): https://anonymousplanet.org/guide.pdf
* PDF (Light Theme Mirror): https://mirror.anonymousplanet.org/guide.pdf
* PDF (Light Theme Tor Mirror): http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.pdf
* PDF (Dark Theme): https://anonymousplanet.org/guide-dark.pdf
* PDF (Dark Theme Mirror): https://mirror.anonymousplanet.org/guide-dark.pdf
* PDF (Dark Theme Tor Mirror): http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide-dark.pdf
💡 Changelog:
* https://anonymousplanet.org/CHANGELOG.html
* https://mirror.anonymousplanet.org/CHANGELOG.html
* http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/CHANGELOG.html
💡 Archives:
* Archive.org: https://web.archive.org/web/https://anonymousplanet.org/guide.html
* Archive.today: https://archive.fo/anonymousplanet.org/guide.html
* Archive.today over Tor: http://archivecaslytosk.onion/anonymousplanet.org/guide.html
* Cryptpad.fr: https://cryptpad.fr/drive/#/2/drive/view/Ughm9CjQJCwB8BIppdtvj5zy4PyE-8Gxn11x9zaqJLI/
Feel free to share and contribute through the repository at https://github.com/AnonymousPlanet/thgtoa
👉🏼 Follow me on:
* Twitter: https://twitter.com/AnonyPla
* Mastodon: https://mastodon.online/@anonypla
Any constructive opinion/idea/criticism is welcome if you spot any issue. Many changes have been done based based on suggestions from redditors. Don't be too harsh tho. Remember it's still a "work in progress" draft.
https://redd.it/mpc5k3
#guide #online #anonymity #anonymousplanet
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
BlackBox (Security) Archiv pinned «The Hitchhiker’s Guide to Online Anonymity (new draft version v0.9.0 with a new Tor Mirror) Here is a new version (v0.9.0) of The Hitchhiker’s Guide to Online Anonymity. 💡 TLDR: This is an open-source non-profit detailed and maintained guide on online anonymity…»
requests-2020-H1-en.pdf
802.6 KB
Apple Transparency Report: Government and Private Party Requests
Apple has released more iCloud content to authorities, end-to-end encryption is still missing.
User data was mainly sent to authorities in the U.S. and Brazil. In France, Sweden, Switzerland and the United Kingdom, Apple only transmitted iCloud data for one account request each, as the report lists. It remains unclear which of the partly sensitive data was transferred in detail and for what reason. In the new transparency report, Apple has confirmed for the first time that iCloud content may also be passed on in emergency requests from authorities - for example, to search for missing persons.
https://www.apple.com/legal/transparency/pdf/requests-2020-H1-en.pdf
#icloud #apple #requests #transparency #report #pdf
📡 @nogoolag 📡 @blackbox_archiv
Apple has released more iCloud content to authorities, end-to-end encryption is still missing.
User data was mainly sent to authorities in the U.S. and Brazil. In France, Sweden, Switzerland and the United Kingdom, Apple only transmitted iCloud data for one account request each, as the report lists. It remains unclear which of the partly sensitive data was transferred in detail and for what reason. In the new transparency report, Apple has confirmed for the first time that iCloud content may also be passed on in emergency requests from authorities - for example, to search for missing persons.
https://www.apple.com/legal/transparency/pdf/requests-2020-H1-en.pdf
#icloud #apple #requests #transparency #report #pdf
📡 @nogoolag 📡 @blackbox_archiv
Security as Social Engineering: Phishing Campaigns Spoofing Locked Account Workflows
Each Blox Tale will take a look at targeted email scams, outline why they made their way into an inbox, and provide tips and recommendations to protect against such attacks. In this blog, we’ll focus on three email attacks impersonating Facebook, Microsoft, and Apple respectively. All attacks aimed to extract victims’ account credentials by spoofing automated emails informing victims that their accounts had been locked or that they had a subnoscription that was close to expiry. Phishing pages were set up using services like Omnisend and DDNS[.]net to trick security technologies and users into thinking the links were legitimate.
👉🏼 Let’s go through the attacks in greater detail:
https://www.armorblox.com/blog/security-as-social-engineering-phishing-campaigns-spoofing-locked-account-workflows/
#security #phishing #email #scam #facebook #microsoft #apple
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Each Blox Tale will take a look at targeted email scams, outline why they made their way into an inbox, and provide tips and recommendations to protect against such attacks. In this blog, we’ll focus on three email attacks impersonating Facebook, Microsoft, and Apple respectively. All attacks aimed to extract victims’ account credentials by spoofing automated emails informing victims that their accounts had been locked or that they had a subnoscription that was close to expiry. Phishing pages were set up using services like Omnisend and DDNS[.]net to trick security technologies and users into thinking the links were legitimate.
👉🏼 Let’s go through the attacks in greater detail:
https://www.armorblox.com/blog/security-as-social-engineering-phishing-campaigns-spoofing-locked-account-workflows/
#security #phishing #email #scam #facebook #microsoft #apple
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Armorblox
Security as Social Engineering: Phishing Campaigns Impersonating Locked Account Workflows
This blog focuses on three email attacks impersonating Facebook, Microsoft, and Apple. All attacks aimed to extract victims’ account credentials by spoofing automated emails informing victims that their accounts had been locked or that they had a subnoscription…
CEO of a top bitcoin exchange warns a crackdown on cryptocurrencies may be coming
Governments around the world may start to clamp down on the use of bitcoin and other cryptocurrencies, the CEO of a top crypto exchange has warned.
A number of officials — from U.S. Treasury Secretary Janet Yellen to European Central Bank President Christine Lagarde — have sounded the alarm about the use of bitcoin for money laundering, terrorist financing and other illegal activities.
"I think there could be some crackdown," Jesse Powell, CEO of Kraken, told CNBC in an interview. Cryptocurrencies have surged in value lately, with bitcoin hitting a record high price of more than $61,000 last month. The world's most valuable digital coin was last trading at around $60,105.
Kraken is the world's fourth-largest digital currency exchange in terms of trading volume. The firm is considering going public through a direct listing — similar to Coinbase — next year after achieving record trading volumes in the first quarter, CNBC reported last week.
https://www.cnbc.com/2021/04/12/bitcoin-kraken-ceo-jesse-powell-warns-of-cryptocurrency-crackdown.html
#bitcoin #cryptocurrency #crackdown
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Governments around the world may start to clamp down on the use of bitcoin and other cryptocurrencies, the CEO of a top crypto exchange has warned.
A number of officials — from U.S. Treasury Secretary Janet Yellen to European Central Bank President Christine Lagarde — have sounded the alarm about the use of bitcoin for money laundering, terrorist financing and other illegal activities.
"I think there could be some crackdown," Jesse Powell, CEO of Kraken, told CNBC in an interview. Cryptocurrencies have surged in value lately, with bitcoin hitting a record high price of more than $61,000 last month. The world's most valuable digital coin was last trading at around $60,105.
Kraken is the world's fourth-largest digital currency exchange in terms of trading volume. The firm is considering going public through a direct listing — similar to Coinbase — next year after achieving record trading volumes in the first quarter, CNBC reported last week.
https://www.cnbc.com/2021/04/12/bitcoin-kraken-ceo-jesse-powell-warns-of-cryptocurrency-crackdown.html
#bitcoin #cryptocurrency #crackdown
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
CNBC
CEO of a top bitcoin exchange warns a crackdown on cryptocurrencies may be coming
Jesse Powell, CEO of bitcoin exchange Kraken, said there "could be some crackdown" on cryptocurrencies.
Revealed: the Facebook loophole that lets world leaders deceive and harass their citizens
Facebook has repeatedly allowed world leaders and politicians to use its platform to deceive the public or harass opponents despite being alerted to evidence of the wrongdoing.
The Guardian has seen extensive internal documentation showing how Facebook handled more than 30 cases across 25 countries of politically manipulative behavior that was proactively detected by company staff.
The investigation shows how Facebook has allowed major abuses of its platform in poor, small and non-western countries in order to prioritize addressing abuses that attract media attention or affect the US and other wealthy countries. The company acted quickly to address political manipulation affecting countries such as the US, Taiwan, South Korea and Poland, while moving slowly or not at all on cases in Afghanistan, Iraq, Mongolia, Mexico, and much of Latin America.
“There is a lot of harm being done on Facebook that is not being responded to because it is not considered enough of a PR risk to Facebook,” said Sophie Zhang, a former data scientist at Facebook who worked within the company’s “integrity” organization to combat inauthentic behavior. “The cost isn’t borne by Facebook. It’s borne by the broader world as a whole.”
https://www.theguardian.com/technology/2021/apr/12/facebook-loophole-state-backed-manipulation
#facebook #DeleteFacebook #loophole #manipulation #investigation #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Facebook has repeatedly allowed world leaders and politicians to use its platform to deceive the public or harass opponents despite being alerted to evidence of the wrongdoing.
The Guardian has seen extensive internal documentation showing how Facebook handled more than 30 cases across 25 countries of politically manipulative behavior that was proactively detected by company staff.
The investigation shows how Facebook has allowed major abuses of its platform in poor, small and non-western countries in order to prioritize addressing abuses that attract media attention or affect the US and other wealthy countries. The company acted quickly to address political manipulation affecting countries such as the US, Taiwan, South Korea and Poland, while moving slowly or not at all on cases in Afghanistan, Iraq, Mongolia, Mexico, and much of Latin America.
“There is a lot of harm being done on Facebook that is not being responded to because it is not considered enough of a PR risk to Facebook,” said Sophie Zhang, a former data scientist at Facebook who worked within the company’s “integrity” organization to combat inauthentic behavior. “The cost isn’t borne by Facebook. It’s borne by the broader world as a whole.”
https://www.theguardian.com/technology/2021/apr/12/facebook-loophole-state-backed-manipulation
#facebook #DeleteFacebook #loophole #manipulation #investigation #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
the Guardian
Revealed: the Facebook loophole that lets world leaders deceive and harass their citizens
A Guardian investigation exposes the breadth of state-backed manipulation of the platform
Mozilla partners with NVIDIA to democratize and diversify voice technology
As technology makes massive shift to voice-enabled products, NVIDIA invests $1.5 million in Mozilla Common Voice to transform the voice recognition landscape.
Over the next decade, speech is expected to become the primary way people interact with devices — from laptops and phones to digital assistants and retail kiosks. Today’s voice-enabled devices, however, are inaccessible to much of humanity because they cannot understand vast swaths of the world’s languages, accents, and speech patterns.
To help ensure that people everywhere benefit from this massive technological shift, Mozilla is partnering with NVIDIA, which is investing $1.5 million in Mozilla Common Voice, an ambitious, open-source initiative aimed at democratizing and diversifying voice technology development.
Most of the voice data currently used to train machine learning algorithms is held by a handful of major companies. This poses challenges for others seeking to develop high-quality speech recognition technologies, while also exacerbating the voice recognition divide between English speakers and the rest of the world.
https://blog.mozilla.org/blog/2021/04/12/mozilla-partners-with-nvidia-to-democratize-and-diversify-voice-technology/
https://venturebeat.com/2021/04/12/mozilla-winds-down-deepspeech-development-announces-grant-program/
#mozilla #firefox #nvidia #voice #technology
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
As technology makes massive shift to voice-enabled products, NVIDIA invests $1.5 million in Mozilla Common Voice to transform the voice recognition landscape.
Over the next decade, speech is expected to become the primary way people interact with devices — from laptops and phones to digital assistants and retail kiosks. Today’s voice-enabled devices, however, are inaccessible to much of humanity because they cannot understand vast swaths of the world’s languages, accents, and speech patterns.
To help ensure that people everywhere benefit from this massive technological shift, Mozilla is partnering with NVIDIA, which is investing $1.5 million in Mozilla Common Voice, an ambitious, open-source initiative aimed at democratizing and diversifying voice technology development.
Most of the voice data currently used to train machine learning algorithms is held by a handful of major companies. This poses challenges for others seeking to develop high-quality speech recognition technologies, while also exacerbating the voice recognition divide between English speakers and the rest of the world.
https://blog.mozilla.org/blog/2021/04/12/mozilla-partners-with-nvidia-to-democratize-and-diversify-voice-technology/
https://venturebeat.com/2021/04/12/mozilla-winds-down-deepspeech-development-announces-grant-program/
#mozilla #firefox #nvidia #voice #technology
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The Mozilla Blog
Mozilla partners with NVIDIA to democratize and diversify voice technology
As technology makes massive shift to voice-enabled products, NVIDIA invests $1.5 million in Mozilla Common Voice to transform the voice recognition landscape Over the next decade, speech is expected to ...
Another huge data breach, another stony silence from Facebook
The social media giant is still a law unto itself. Can anybody hold it to account?
Half a billion Facebook users’ accounts stolen. Personal information compromised. Telephone numbers and birth dates drifting across the internet being used for God knows what. And for four days, from Facebook’s corporate headquarters, nothing but silence.
If this sounds familiar, it’s because it is. This week saw reports of a massive new Facebook breach and everything about it, from Facebook’s denials of the words “data” and “breach” to its repeated refusal to answer journalists’ questions, has been uncannily reminiscent of the Cambridge Analytica scandal.
Three years on, “Cambridge Analytica” is a byword for mass-data abuse, Facebook has been fined billions of dollars for failing to protect users’ data and... not a thing has changed. If ever there were a moment to understand how profoundly all systems of accountability have failed, and continued to fail, it is this.
Last week Nick Clegg, vice president of global affairs at Facebook, admitted on The Verge website that the Cambridge Analytica scandal had “rocked Facebook right down to its foundations”. And yet it has learned nothing. It has paid no real price (the record $5 billion fine it paid to the Federal Trade Commission (FTC) is literally no price at all to Facebook), suffered no real consequences, and failed to answer any questions over the involvement of its executives.
https://www.theguardian.com/technology/2021/apr/11/another-huge-data-breach-another-stony-silence-from-facebook
#facebook #DeleteFacebook #data #breach #comment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
The social media giant is still a law unto itself. Can anybody hold it to account?
Half a billion Facebook users’ accounts stolen. Personal information compromised. Telephone numbers and birth dates drifting across the internet being used for God knows what. And for four days, from Facebook’s corporate headquarters, nothing but silence.
If this sounds familiar, it’s because it is. This week saw reports of a massive new Facebook breach and everything about it, from Facebook’s denials of the words “data” and “breach” to its repeated refusal to answer journalists’ questions, has been uncannily reminiscent of the Cambridge Analytica scandal.
Three years on, “Cambridge Analytica” is a byword for mass-data abuse, Facebook has been fined billions of dollars for failing to protect users’ data and... not a thing has changed. If ever there were a moment to understand how profoundly all systems of accountability have failed, and continued to fail, it is this.
Last week Nick Clegg, vice president of global affairs at Facebook, admitted on The Verge website that the Cambridge Analytica scandal had “rocked Facebook right down to its foundations”. And yet it has learned nothing. It has paid no real price (the record $5 billion fine it paid to the Federal Trade Commission (FTC) is literally no price at all to Facebook), suffered no real consequences, and failed to answer any questions over the involvement of its executives.
https://www.theguardian.com/technology/2021/apr/11/another-huge-data-breach-another-stony-silence-from-facebook
#facebook #DeleteFacebook #data #breach #comment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
the Guardian
Another huge data breach, another stony silence from Facebook | Carole Cadwalladr
The social media giant is still a law unto itself. Can anybody hold it to account?
Richard Stallman is trying to apologize
In a personal statement, he blames controversial remarks on personal incompetence.
Ever since my teenage years, I felt as if there were a filmy curtain separating me from other people my age. I understood the words of their conversations, but I could not grasp why they said what they did. Much later I realized that I didn't understand the subtle cues that other people were responding to.
Later in life, I discovered that some people had negative reactions to my behavior, which I did not even know about. Tending to be direct and honest with my thoughts, I sometimes made others uncomfortable or even offended them -- especially women. This was not a choice: I didn't understand the problem enough to know which choices there were.
Sometimes I lost my temper because I didn't have the social skills to avoid it. Some people could cope with this; others were hurt. I apologize to each of them. Please direct your criticism at me, not at the Free Software Foundation.
Occasionally I learned something about relationships and social skills, so over the years I've found ways to get better at these situations. When people help me understand an aspect of what went wrong, and that shows me a way of treating people better, I teach myself to recognize when I should act that way. I keep making this effort, and over time, I improve.
Some have described me as being "tone-deaf," and that is fair. With my difficulty in understanding social cues, that tends to happen. For instance, I defended Professor Minsky on an M.I.T. mailing list after someone leaped to the conclusion that he was just guilty as Jeffrey Epstein. To my surprise, some thought my message defended Epstein. As I had stated previously, Epstein is a serial rapist, and rapists should be punished. I wish for his victims and those harmed by him to receive justice.
False accusations -- real or imaginary, against me or against others -- especially anger me. I knew Minsky only distantly, but seeing him unjustly accused made me spring to his defense. I would have done it for anyone. Police brutality makes me angry, but when the cops lie about their victims afterwards, that false accusation is the ultimate outrage for me. I condemn racism and sexism, including their systemic forms, so when people say I don't, that hurts too.
It was right for me to talk about the injustice to Minsky, but it was tone-deaf that I didn't acknowledge as context the injustice that Epstein did to women or the pain that caused.
I've learned something from this about how to be kind to people who have been hurt. In the future, that will help me be kind to people in other situations, which is what I hope to do.
https://www.fsf.org/news/rms-addresses-the-free-software-community
#stallman #rms #fsf #excuse
📡 @nogoolag 📡 @blackbox_archiv
In a personal statement, he blames controversial remarks on personal incompetence.
Ever since my teenage years, I felt as if there were a filmy curtain separating me from other people my age. I understood the words of their conversations, but I could not grasp why they said what they did. Much later I realized that I didn't understand the subtle cues that other people were responding to.
Later in life, I discovered that some people had negative reactions to my behavior, which I did not even know about. Tending to be direct and honest with my thoughts, I sometimes made others uncomfortable or even offended them -- especially women. This was not a choice: I didn't understand the problem enough to know which choices there were.
Sometimes I lost my temper because I didn't have the social skills to avoid it. Some people could cope with this; others were hurt. I apologize to each of them. Please direct your criticism at me, not at the Free Software Foundation.
Occasionally I learned something about relationships and social skills, so over the years I've found ways to get better at these situations. When people help me understand an aspect of what went wrong, and that shows me a way of treating people better, I teach myself to recognize when I should act that way. I keep making this effort, and over time, I improve.
Some have described me as being "tone-deaf," and that is fair. With my difficulty in understanding social cues, that tends to happen. For instance, I defended Professor Minsky on an M.I.T. mailing list after someone leaped to the conclusion that he was just guilty as Jeffrey Epstein. To my surprise, some thought my message defended Epstein. As I had stated previously, Epstein is a serial rapist, and rapists should be punished. I wish for his victims and those harmed by him to receive justice.
False accusations -- real or imaginary, against me or against others -- especially anger me. I knew Minsky only distantly, but seeing him unjustly accused made me spring to his defense. I would have done it for anyone. Police brutality makes me angry, but when the cops lie about their victims afterwards, that false accusation is the ultimate outrage for me. I condemn racism and sexism, including their systemic forms, so when people say I don't, that hurts too.
It was right for me to talk about the injustice to Minsky, but it was tone-deaf that I didn't acknowledge as context the injustice that Epstein did to women or the pain that caused.
I've learned something from this about how to be kind to people who have been hurt. In the future, that will help me be kind to people in other situations, which is what I hope to do.
https://www.fsf.org/news/rms-addresses-the-free-software-community
#stallman #rms #fsf #excuse
📡 @nogoolag 📡 @blackbox_archiv
www.fsf.org
RMS addresses the free software community
90: Jenny
Darknet Diaries - EP 90: JENNY
Meet Jenny Radcliffe, the People Hacker. She’s a social engineer and physical penetration tester. Which means she gets paid to break into buildings and test their security. In this episode she tells us a few stories of some penetration testing jobs she’s done.
https://darknetdiaries.com/episode/90/
#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag
Meet Jenny Radcliffe, the People Hacker. She’s a social engineer and physical penetration tester. Which means she gets paid to break into buildings and test their security. In this episode she tells us a few stories of some penetration testing jobs she’s done.
https://darknetdiaries.com/episode/90/
#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag
Gmail 'safer than parliament's email system' says Tory MP
Google's email service - Gmail - is “more secure” than parliament's email system, the chair of the Foreign Affairs Select Committee has claimed.
Tom Tugendhat told BBC Radio 4’s Today programme he has repeatedly been the focus of cyber attacks over the past three years.
Hackers have tried to access his account and sent emails impersonating him, he told the BBC.
The Tory MP believes China and Iran were behind some of these attempts.
“I was told by friends at GCHQ that I was better off sticking to Gmail, rather than using the parliamentary system, because it was more secure,” said Mr Tugendhat.
“Frankly, that tells you the level of security and the priority we're giving to democracy in the United Kingdom.”
https://www.bbc.co.uk/news/technology-56733667
#google #gmail #uk #china #iran #cyberattack #tory #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Google's email service - Gmail - is “more secure” than parliament's email system, the chair of the Foreign Affairs Select Committee has claimed.
Tom Tugendhat told BBC Radio 4’s Today programme he has repeatedly been the focus of cyber attacks over the past three years.
Hackers have tried to access his account and sent emails impersonating him, he told the BBC.
The Tory MP believes China and Iran were behind some of these attempts.
“I was told by friends at GCHQ that I was better off sticking to Gmail, rather than using the parliamentary system, because it was more secure,” said Mr Tugendhat.
“Frankly, that tells you the level of security and the priority we're giving to democracy in the United Kingdom.”
https://www.bbc.co.uk/news/technology-56733667
#google #gmail #uk #china #iran #cyberattack #tory #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
BBC News
Gmail 'safer than parliament's email system' says Tory MP
Tom Tugendhat, Foreign Affairs Select Committee chair, says he was advised Gmail was 'more secure'.
Update on beta testing payments in Signal
As the world stands today, the future of transaction privacy does not look great. The existing landscape is dominated by traditional credit companies, who over the past decade have been steadily pushing their networks for increased access to user data. They (and their data customers) are on a track to getting SKU level data of every purchase everyone makes everywhere. There are other contenders, such as regional online payments networks (like Venmo in the US), but the data story there is similar.
This is not a future we are particularly excited about. At Signal, we want to help build a different kind of tech – where software is built for you rather than for your data – so these are trends that we watch warily.
https://signal.org/blog/update-on-beta-testing-payments/
#signal #privacy #messaging #cryptocurrency #payment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
As the world stands today, the future of transaction privacy does not look great. The existing landscape is dominated by traditional credit companies, who over the past decade have been steadily pushing their networks for increased access to user data. They (and their data customers) are on a track to getting SKU level data of every purchase everyone makes everywhere. There are other contenders, such as regional online payments networks (like Venmo in the US), but the data story there is similar.
This is not a future we are particularly excited about. At Signal, we want to help build a different kind of tech – where software is built for you rather than for your data – so these are trends that we watch warily.
https://signal.org/blog/update-on-beta-testing-payments/
#signal #privacy #messaging #cryptocurrency #payment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Signal
Update on beta testing payments in Signal
As the world stands today, the future of transaction privacy does not look great. The existing landscape is dominated by traditional credit companies, who over the past decade have been steadily pushing their networks for increased access to user data. They…
Hypercable Analytics
Hypercable Analytics is a fully featured high performance scalable alternative to Google Analytics, build with timescaledb openresty redis and rails.
💡 Feature list:
* Selfhost
* Basic Metrics
* Channel Referrer / Campaign Tracking
* Integration with Google Ads
* Ecommerce Analytics
* Event-level raw data
* Custom reporting logic
* No data sampling
* Measurment Protocol
https://github.com/HyperCable/hypercable
#hypercable #google #analytics #alternatives
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Hypercable Analytics is a fully featured high performance scalable alternative to Google Analytics, build with timescaledb openresty redis and rails.
💡 Feature list:
* Selfhost
* Basic Metrics
* Channel Referrer / Campaign Tracking
* Integration with Google Ads
* Ecommerce Analytics
* Event-level raw data
* Custom reporting logic
* No data sampling
* Measurment Protocol
https://github.com/HyperCable/hypercable
#hypercable #google #analytics #alternatives
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
GitHub
hypercable/measurement_protocol.md at main · HyperCable/hypercable
Hypercable Analytics is a fully featured high performance scalable alternative to Google Analytics, build with timescaledb openresty redis and rails. - hypercable/measurement_protocol.md at main ...
Morpheus Turns a CPU Into a Rubik’s Cube to Defeat Hackers
University of Michigan’s Todd Austin explains how his team’s processor defeated every attack in DARPA's hardware hacking challenge
Last summer, 580 cybersecurity researchers spent 13,000 hours trying to break into a new kind of processor. They all failed.
The hack attack was the first big test in a U.S. Defense Advanced Research Program Agency (DARPA) program called Security Integrated Through Hardware and firmware (SSITH). It’s aimed at developing processors that are inherently immune to whole classes of hardware vulnerabilities that can be exploited by malware. (Spectre and Meltdown are among those.)
A total of 10 vulnerabilities were uncovered among the five processors developed for SSITH, but none of those weak points were found in the University of Michigan processor, called Morpheus. Michigan professor of electrical engineering and computer science Todd Austin explained what makes Morpheus so puzzling for hackers to penetrate.
https://spectrum.ieee.org/tech-talk/semiconductors/processors/morpheus-turns-a-cpu-into-a-rubiks-cube-to-defeat-hackers
#morpheus #cpu #rubikscube #defeat #hackers
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
University of Michigan’s Todd Austin explains how his team’s processor defeated every attack in DARPA's hardware hacking challenge
Last summer, 580 cybersecurity researchers spent 13,000 hours trying to break into a new kind of processor. They all failed.
The hack attack was the first big test in a U.S. Defense Advanced Research Program Agency (DARPA) program called Security Integrated Through Hardware and firmware (SSITH). It’s aimed at developing processors that are inherently immune to whole classes of hardware vulnerabilities that can be exploited by malware. (Spectre and Meltdown are among those.)
A total of 10 vulnerabilities were uncovered among the five processors developed for SSITH, but none of those weak points were found in the University of Michigan processor, called Morpheus. Michigan professor of electrical engineering and computer science Todd Austin explained what makes Morpheus so puzzling for hackers to penetrate.
https://spectrum.ieee.org/tech-talk/semiconductors/processors/morpheus-turns-a-cpu-into-a-rubiks-cube-to-defeat-hackers
#morpheus #cpu #rubikscube #defeat #hackers
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
IEEE Spectrum
Morpheus Turns a CPU Into a Rubik’s Cube to Defeat Hackers
University of Michigan's Todd Austin explains how his team's processor defeated every attack in DARPA's hardware hacking challenge
Reverse engineering (Absolute) UEFI modules for beginners
This post introduces how one can start reverse engineering UEFI-based BIOS modules. Taking Absolute as an example, this post serves as a tutorial of BIOS module reverse engineering with free tools and approachable steps for beginners.
This post is not to explain how to disable or discover issues in Absolute.
In this post, terms "BIOS", "UEFI" and "firmware" all refer to UEFI-based host firmware and are interchangeable.
https://standa-note.blogspot.com/2021/04/reverse-engineering-absolute-uefi.html
#reverse #engineering #absolute #uefi #bios
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
This post introduces how one can start reverse engineering UEFI-based BIOS modules. Taking Absolute as an example, this post serves as a tutorial of BIOS module reverse engineering with free tools and approachable steps for beginners.
This post is not to explain how to disable or discover issues in Absolute.
In this post, terms "BIOS", "UEFI" and "firmware" all refer to UEFI-based host firmware and are interchangeable.
https://standa-note.blogspot.com/2021/04/reverse-engineering-absolute-uefi.html
#reverse #engineering #absolute #uefi #bios
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Blogspot
Reverse engineering (Absolute) UEFI modules for beginners
This post introduces how one can start reverse engineering UEFI-based BIOS modules. Taking Absolute as an example, this post serves as a tut...
WhatsApp's new privacy policy is so bad it might be illegal
A German data protection agency has opened proceedings
WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.
The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.
Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."
The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.
The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.
https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/
#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv
A German data protection agency has opened proceedings
WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.
The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.
Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."
The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.
The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.
https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/
#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv
Android Police
WhatsApp's new privacy policy is so bad it might be illegal
A German data protection agency has opened proceedings
👍1
2103.04952.pdf
798.8 KB
Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses
The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying out a cache-based attack. approaches completely defend against our attacks. We further argue that the protections of Chrome Zero need to be more comprehensively applied, and that the performance and user experience of Chrome Zero will be severely degraded if this approach is taken.
https://arxiv.org/abs/2103.04952
#pdf #browser #sidechannel #defenses
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying out a cache-based attack. approaches completely defend against our attacks. We further argue that the protections of Chrome Zero need to be more comprehensively applied, and that the performance and user experience of Chrome Zero will be severely degraded if this approach is taken.
https://arxiv.org/abs/2103.04952
#pdf #browser #sidechannel #defenses
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Media is too big
VIEW IN TELEGRAM
Discord and Slack Used To Spread RATs - ThreatWire
Facebook downplays the data leak, linkedin appears to be targeted in a similar attack, and Discord and Slack are being used to spread remote access trojans! All that coming up now on ThreatWire.
https://www.youtube.com/watch?v=mdTnhUJFnno
#threatwire #hak5 #discord #linkedin #facebook #slack #rats #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag
Facebook downplays the data leak, linkedin appears to be targeted in a similar attack, and Discord and Slack are being used to spread remote access trojans! All that coming up now on ThreatWire.
https://www.youtube.com/watch?v=mdTnhUJFnno
#threatwire #hak5 #discord #linkedin #facebook #slack #rats #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag
From Cracks to Empty Wallets – How Popular Cracks Lead to Digital Currency and Data Theft
For about three years, hackers have been stealing cryptocurrency from victims’ Monero wallets using powerful malware delivered through software cracks for popular apps.
Cracks and patches have been around since the advent of commercial software. Easy to use and widely available on specialized sharing websites, these small apps let people bypass commercial protections in popular software and use applications without paying for them. However, besides the legal implications of unauthorized software use, the cyber-security risks are serious.
Bitdefender analysts have recently uncovered a series of attacks that leverage office tools and image-editing software cracks to compromise computers, hijack crypto-currency wallets and exfiltrate information via the TOR network.
Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a TOR proxy. The Netcat and TOR proxy files are dropped on disk as either
https://labs.bitdefender.com/2021/04/from-cracks-to-empty-wallets--how-popular-cracks-lead-to-digital-currency-and-data-theft/
#cyberattack #cracks #hijack #compromise #tor #currency #data #theft #microsoft #adobe
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
For about three years, hackers have been stealing cryptocurrency from victims’ Monero wallets using powerful malware delivered through software cracks for popular apps.
Cracks and patches have been around since the advent of commercial software. Easy to use and widely available on specialized sharing websites, these small apps let people bypass commercial protections in popular software and use applications without paying for them. However, besides the legal implications of unauthorized software use, the cyber-security risks are serious.
Bitdefender analysts have recently uncovered a series of attacks that leverage office tools and image-editing software cracks to compromise computers, hijack crypto-currency wallets and exfiltrate information via the TOR network.
Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a TOR proxy. The Netcat and TOR proxy files are dropped on disk as either
%syswow64%\nap.exe or %syswow64%\ndc.exe for the first one and %syswow64\tarsrv.exe for the latter. Additionally, a batch file is dropped at %syswow64%\chknap.bat (for nap.exe) and %syswow64%\nddcf.cmd (for ndc.exe) that contains the command-line for the Ncat component, which cycles through ports 8000 to 9000 on a .onion domain, as shown in the screenshot below.https://labs.bitdefender.com/2021/04/from-cracks-to-empty-wallets--how-popular-cracks-lead-to-digital-currency-and-data-theft/
#cyberattack #cracks #hijack #compromise #tor #currency #data #theft #microsoft #adobe
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Bitdefender
Bitdefender - Global Leader in Cybersecurity Software
Bitdefender is a cybersecurity software leader delivering best-in-class threat prevention, detection, and response solutions worldwide.
Google to Start Censoring Telegram
Fake news or justifiable warning? You be the judge.
I saw a message today stating the “Google Play Store is now censoring certain pages on Telegram if you downloaded the app through them.” The message suggested a simple workaround to download the app directly from telegram.org/android.
👉🏼 Here’s the message in its entirety:
"Google Play Store is now censoring certain pages on Telegram if you downloaded the app through them.
To get around this simply download the Android app directly from Telegram themselves. Less censorship and more updates.
Before you delete the Google play store Telegram app, install the new one directly from Telegram which will send you a security code to your Telegram messages. Once you have the code from the old app and you enter it into the new one, you can then delete the Google play store version."
Having seen videos I consider important disappearing from YouTube recently I wouldn’t put it past Google to dupe the chattle into downloading a doctored version of Telegram in order to protect people stamp out free speech in order to suppress the fast-rising global freedom movement organizing on Telegram.
Whether or not the message I shared above was true or false is less important to me than maintaining free speech. And so I’d like to share a few resources I’ve learned about from being on Telegram which can help you do just that:
https://habd.as/post/google-start-censor-telegram/
#BigTech #censorship #dystopia #freedom #google #DeleteGoogle #youtube #telegram #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Fake news or justifiable warning? You be the judge.
I saw a message today stating the “Google Play Store is now censoring certain pages on Telegram if you downloaded the app through them.” The message suggested a simple workaround to download the app directly from telegram.org/android.
👉🏼 Here’s the message in its entirety:
"Google Play Store is now censoring certain pages on Telegram if you downloaded the app through them.
To get around this simply download the Android app directly from Telegram themselves. Less censorship and more updates.
Before you delete the Google play store Telegram app, install the new one directly from Telegram which will send you a security code to your Telegram messages. Once you have the code from the old app and you enter it into the new one, you can then delete the Google play store version."
Having seen videos I consider important disappearing from YouTube recently I wouldn’t put it past Google to dupe the chattle into downloading a doctored version of Telegram in order to protect people stamp out free speech in order to suppress the fast-rising global freedom movement organizing on Telegram.
Whether or not the message I shared above was true or false is less important to me than maintaining free speech. And so I’d like to share a few resources I’ve learned about from being on Telegram which can help you do just that:
https://habd.as/post/google-start-censor-telegram/
#BigTech #censorship #dystopia #freedom #google #DeleteGoogle #youtube #telegram #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
👎1