Por otra parte, la víctima del ataque también puede acudir a una empresa de ciberseguridad, donde técnicos expertos en estos malware tratarán de ofrecer una solución más personalizada e intensiva al cifrado. “Identificamos la familia y la versión del ramsonware y aplicamos técnicas de ingeniería inversa para tratar de descifrar y recuperar la información afectada”, explica Labiaga.

✳️ La prevención, fundamental

A pesar de todos estos esfuerzos, la complejidad para resolver los ataques de ramsonware a posteriori es tan elevada que en muchas ocasiones no se pueden recuperar los archivos encriptados. Por ello, todas las fuentes consultadas por Xataka coinciden en que la mejor forma de defenderse contra este tipo de malware es la prevención.
Marco Antonio

“Es el único método efectivo, con soluciones de ciberseguridad para empresas, auditorías continuas de vulnerabilidades, formación de los usuarios en buenas prácticas y, por supuesto, la realización de copias de seguridad de toda la información crítica de la empresa”, explica el director técnico de OnRetrieval.

Además de las soluciones de protección que ofrecen empresas de ciberseguridad como OnRetrieval, el Instituto Nacional de Ciberseguridad y No More Ransom disponen en sus sitios web de una gran cantidad de pautas, guías y herramientas para adoptar las mejores medidas de prevención en cada caso.

Entre ellas, la más efectiva siempre será la de crear copias de seguridad de forma exhaustiva. “Lo ideal es tener una política de problemas con ransomware con duplicados de la información, es decir, hacer prácticamente una copia diaria que pueda garantizar la restauración de los archivos en el caso de que haya algún problema con ese tipo de malware”, concluye Marco Antonio Lozano.
https://www.xataka.com/seguridad/cuando-empresa-sufre-ataque-ransomware-me-llaman-para-solucionarlo-dificil-lucha-malware-momento

#ransomware #seguridad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

I Opted Out of Facial Recognition at the Airport—It Wasn't Easy

The announcement came as we began to board. Last month, I was at Detroit’s Metro Airport for a connecting flight to Southeast Asia. I listened as a Delta Air Lines staff member informed passengers that the boarding process would use facial recognition instead of passport scanners.

As a privacy-conscious person, I was uncomfortable boarding this way. I also knew I could opt out. Presumably, most of my fellow fliers did not: I didn't hear a single announcement alerting passengers how to avoid the face scanners.

To figure out how to do so, I had to leave the boarding line, speak with a Delta representative at their information desk, get back in line, then request a passport scan when it was my turn to board. Federal agencies and airlines claim that facial recognition is an opt-out system, but my recent experience suggests they are incentivizing travelers to have their faces scanned—and disincentivizing them to sidestep the tech—by not clearly communicating alternative options. Last year, a Delta customer service representative reported that only 2 percent of customers opt out of facial-recognition. It's easy to see why.

As I watched traveler after traveler stand in front of a facial scanner before boarding our flight, I had an eerie vision of a new privacy-invasive status quo. With our faces becoming yet another form of data to be collected, stored, and used, it seems we’re sleepwalking toward a hyper-surveilled environment, mollified by assurances that the process is undertaken in the name of security and convenience. I began to wonder: Will we only wake up once we no longer have the choice to opt out?

Until we have evidence that facial recognition is accurate and reliable—as opposed to simply convenient—travelers should avoid the technology where they can.

The facial recognition plan in US airports is built around the Customs and Border Protection Biometric Exit Program, which utilizes face-scanning technology to verify a traveler’s identity. CBP partners with airlines—including Delta, JetBlue, American Airlines, and others—to photograph each traveler while boarding. That image gets compared to one stored in a cloud-based photo-matching service populated with photos from visas, passports, or related immigration applications. The Biometric Exit Program is used in at least 17 airports, and a recently-released Department of Homeland Security report states that CBP anticipates having the ability to scan the faces of 97 percent of commercial air passengers departing the United States by 2023.

Read more:
https://www.wired.com/story/opt-out-of-facial-recognition-at-the-airport/

#biometric #privacy #facescanning #airport #surveillance #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.

Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.

📺 https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html

#Weakness #Firefox #Mozilla #SOP #HTML #poc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

🎧 Democracy and the Internet

Part of celebrating democracy is questioning what influences it. In this episode of IRL, we look at how the internet influences us, our votes, and our systems of government. Is democracy in trouble? Are democratic elections and the internet incompatible?

Politico’s Mark Scott takes us into Facebook’s European Union election war room. Karina Gould, Canada’s Minister for Democratic Institutions, explains why they passed a law governing online political ads. The ACLU’s Ben Wizner says our online electoral integrity problem goes well beyond a few bad ads. The team at Stop Fake describes a massive problem that Ukraine faces in telling political news fact from fiction, as well as how they’re tackling it.

📻 #IRL #Democracy and the #Internet
https://irlpodcast.org/season5/episode2/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

The Secrets of Silicon Valley: What Big Tech Doesn’t Want You to Know

Once a sleepy farming region, #SiliconValley is now the hub of a global industry that is transforming the economy, shaping our political discourse, and changing the very nature of our society. So what happened? How did this remarkable change take place? Why is this area the epicenter of this transformation? Discover the #dark #secrets behind the real history of Silicon Valley and the #BigTech giants in this important edition of The #CorbettReport #video #podcast

📻 https://www.corbettreport.com/siliconvalley/
📻 https://www.youtube.com/watch?v=TbKxUYl3WSE
📻 https://d.tube/#!/v/corbettreport/QmPurHEQuYfpkdd5wKWjEhxCh7YBcUcXxV4fmSKwDEXdhJ

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Logitech Unifying - ultimate goal achieved: Running a RF based reverse shell through a Unifying receiver on an otherwise airgapped machine.

There are security holes in a number of Logitech keyboards, mouses and wireless presenters. An attacker can wirelessly intercept keystrokes and even infect the computer.

The vulnerabilities allow the attacker to eavesdrop on keystrokes and record typed mails, passwords & Co. The attacker can also become active himself and send his own key commands to his victim's computer. And that's no less dangerous, because it's easy to infect the computer with malicious code.

📺 https://mobile.twitter.com/mame82/status/1104044796761595904

#Logitech #unifying #poc #attacker #wireless
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Android: Over 1000 apps bypass permissions and collect user data

The apps collect information such as location data, although the user has not given permission to do so. According to Google, only Android Q can prevent this data theft.

With permissions for Android apps, the user determines which data an app has access to and which not. If you don't want a flashlight app to have access to call logs, you simply deny access to that data. So much for theory. According to CNET, security researchers have now discovered that more than 1000 apps can bypass the Android authorization system and collect data such as location information, even though the user has prohibited this.

Researchers at the International Computer Science Institute found 1325 Android apps that collected data from devices even after they were expressly denied permission. Serge Egelman, director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI), presented the study at the Federal Trade Commission's PrivacyCon in late June.

(PDF)
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf_events/1415032/privacycon2019_serge_egelman.pdf

https://www.darkreading.com/endpoint/android-app-publishers-wont-take-no-for-an-answer-on-personal-data/d/d-id/1335169

https://www.zdnet.de/88364341/android-ueber-1000-apps-umgehen-berechtigungen-und-sammeln-nutzerdaten/

Read on TG:
https://news.1rj.ru/str/BlackBox_EN/2231

#android #userdata #permissions #DataTheft #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

The world's most famous and dangerous APT (state-developed) malware

A list of the most dangerous, effective, and most well-known malware strains that have been developed by the cyber-security units of various countries' intelligence and military branches.

Source:
https://www.zdnet.com/pictures/the-worlds-most-famous-and-dangerous-apt-state-developed-malware/

👉🏼 Read without ads n shit:
https://telegra.ph/The-worlds-most-famous-and-dangerous-APT-state-developed-malware-07-09

#apt #malware #cybersecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Amidst furor over face recognition, Veritone promotes software’s use in law enforcement

The world is in an uproar about the use of facial recognition software by police to identify suspects. But five-year-old software vendor Veritone believes the software can be used for good, to "change the job of law enforcement." Police in the city of Anaheim, Calif., have been impressed with the results in a trial phase.

There is an uproar over the use of facial recognition technology, with San Francisco's Board of Supervisors earlier this month voting overwhelmingly to prohibit use of the technology by the city's law enforcement authorities.

📺 https://www.zdnet.com/article/amidst-furor-over-face-recognition-veritone-promotes-softwares-use-in-law-enforcement/

#veritone #software #FacialReconition #LawEnforcement
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

How Banks Make Online Banking Insecure Through Apps

1. App obligation

Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:

"Digital first - Concerns second"

banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.

1st problem: Android update policy

Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.

Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.

Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09

Source (🇩🇪):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/

#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

FPM vulnerability: Exfiltrating data with Facebooks HHVM

Servers for the so-called FastCGI Process Manager (FPM) can give unauthorized access to files on a system if they can be reached via the Internet. This is especially true for HHVM on Facebook, but PHP is less risky.

By default, the use of Facebooks HHVM can cause attackers to exfiltrate files on a server. This is due to the so-called FastCGI Process Manager (FPM), a method originally developed by PHP to execute CGI noscripts faster. PHP itself is theoretically also affected, but some protection mechanisms ensure that the risk there is significantly lower.

HHVM or Hiphop Virtual Machine was originally an implementation of the PHP programming language developed by Facebook. However, HHVM has evolved in a different direction, Facebook has changed parts of the syntax and current versions now implement their own programming language called HACK. The current version 4 of HHVM no longer supports PHP.

FPM works in such a way that a PHP or HHVM process runs permanently on a server. A web server can forward requests for corresponding noscripts to the FPM daemon, where they are processed. FPM can be addressed either via a local socket or a network port. If FPM is accessible via a network port and from the outside, there is a security risk which, in the worst case, can lead to the exfiltration of arbitrary files.

Read more (🇩🇪):
https://www.golem.de/news/fpm-sicherheitsluecke-daten-exfiltrieren-mit-facebooks-hhvm-1907-142418.html

Translation (🇬🇧):
https://telegra.ph/FPM-vulnerability-Exfiltrating-data-with-Facebooks-HHVM-07-09

#fpm #vulnerability #exfiltrating #data #facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Selling Your Private Information Is a Terrible Idea

We don’t allow people to sell their kidneys. We shouldn’t let them sell the details of their lives, either.

“Claim Your 31st Right,” declares the #My31 app’s splash screen. “Review, share, and confirm your HUMAN right to your data as your property.”

(The United Nations Declaration of Human Rights currently has 30, so a right to data would presumably come next.)

That’s why #My31 doesn’t bill itself as a business so much as a cause. “Join the movement by staking a claim to data you’ve produced, declaring it your personal property,” proclaims the App Store denoscription. Sign up, the app says, and “get a noscript of ownership for your personal data.”

The idea is that once you own your data, you can sell it. Many companies seem convinced that this is the future. PatientSphere, a platform for health care information, purports to offer patients “the ability to not only share” data on their own terms, “but also get paid for it.” PatientTruth similarly bills itself as a health record system and a way for patients to “own” and “monetize” their health data. SUPA, which markets smart exercise bras to Gen Z, offers money in exchange for data. “SUPA is tokenizing the body,” the company website declares.

All of these apps, platforms and services use blockchain — a technology first used by bitcoin, a type of digital money — to store health information. Because the term “blockchain” has become so nebulous, it’s difficult to pin down the actual upsides to storing health data this way. In most situations, blockchain is not any more secure, reliable or usable than its alternatives. But it does have one distinct advantage: A data-sharing platform can double as both database and cryptocurrency. Behold, the data pays for itself.

There’s just one small wrinkle. There’s no legal property right to personal data.

Source:
https://www.nytimes.com/2019/07/05/opinion/health-data-property-privacy.html4

👉🏼 Read without ads n shit:
https://telegra.ph/Selling-Your-Private-Information-Is-a-Terrible-Idea-07-09

#OurData #privacy #My31 #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol

#Godlua a #Linux #DDoS #bot, is the first-ever malware strain seen using DoH to hide its DNS traffic.

#Security #researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever #malware #strain seen #abusing the #DNS over #HTTPS #DoH #protocol.

📺 https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/

#video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

From Silicon Valley to the Georgia Guidestones

Corbett Report member Octium connects the dots between two seemingly disparate Corbett reports: one on silicon valley and the other on the Georgia guidestones. So who is William Shockley, what does he have to do with the guidestones, and what does this all have to do with eugenics and computers? Find out in today’s intriguing exploration.

📺 #corbettreport #video #podcast
https://www.corbettreport.com/from-silicon-valley-to-the-georgia-guidestones/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

🎧 Know and spot the patterns

Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interview Michael Coates, head of Altitude Networks and former CISO at Twitter.

📻 https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-07-11.html

#HackingHumans #cyberwire #patterns #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Why Facebook should be smashed

A former Obama advisor calls for the revival of an American anti-trust spirit. #Facebook would be vulnerable due to its size, Standard Oil and AT&T would be examples of successful unbundling. He accuses #MarkZuckerberg of illegally taking over #Instagram.

Tim Wu: Facebook's Purchase of Instagram was a Felony
Tim Wu points to the danger that an early and successful Instagram represented to Facebook. The photo-centric platform was a competitor to Mark Zuckerberg's larger company, says #Wu.

📺 https://youtu.be/bqkau41MFvI

#DeleteFacebook #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

It Wasn’t Me

All the things a bank won’t ask, but a fraudster will! Our latest film “It Wasn’t Me”, in collaboration with the DubaiPoliceHQ, gives you the do’s and don’ts of keeping your identity and account secure at all times.

📺 Dubai Police & Emirates National Bank Dubai
https://mobile.twitter.com/EmiratesNBD_AE/status/1144261859517894658

#music #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Facebook’s Algorithm Shapes Our Lives. This Hacker Wants to Find Out How.

Claudio Agosti wants to know what Facebook does with him. The programmer has developed a browser extension that collects data donations from users. He wants to decipher why we only get to see very specific political news – and what Facebook is hiding from us in their News Feed.

Claudio Agosti is laughing. The hacker is giving a talk about how Facebook works at the art festival Transmediale in Berlin. He talks about how the social network weaves its algorithms in order to attract people into their web like spiders do with flies. In his melodic Italian accent, Agosti asks the crowd who would want to make a bet on whether Facebook treats their users in a fair manner.

Agosti straightaway gives the answer himself: “The truth is: nobody wins. In an oppressive system you are just subject to the decisions of someone else”. He grins mischievously. A game of algorithms, their power over the minds of their billions of users – it’s all a sinister joke to Agosti.

Claudio Agosti, 39 years old, bald and sturdy, has spent half his life exploring the impact of modern technology on us. He comes from near Milan and lives in Berlin. Whether you call him a hacker, a privacy activist or a critical researcher does not really matter. Agosti probably knows more about the way Facebook’s algorithms work than anyone who hasn’t worked on them personally.

It has been 10 years since Agosti first wondered how algorithms impact our lives. Back then, he noticed that Google’s search results had become more and more personalized. From a standard of results that were the same for everyone, he observed a filter bubble developing the he fears keeps us ever more encapsulated in the algorithms‘ world.

“Algorithms decide for you what is important”, he says. This is what bothers Agosti, the self-taught programmer who is used to mastering technology. “To be free, an individual should have full control over this logic.” A simple, yet radical thought.

Read without ads n trackers:

https://rwtxt.lelux.fi/blackbox/pstrongfacebooks-algorithm-shapes-our-lives-this-hacker-wants-to-find-out-howstrongp

#DeleteFacebook #algorithm #hacker #browser #addon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Financial Survival in the “Clash of Civilizations”

James joins Melody for his regular bi-monthly appearance on #FinancialSurvival to discuss the latest incident in the Persian Gulf, the future of the global reserve currency, the clash of civilizations, and how Italy is facing off with the European banksters.

📺 #corbettreport #video #podcast
https://www.corbettreport.com/financial-survival-in-the-clash-of-civilizations/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Komoot: Facebook goes also on tour

The App Review Week starts with the Android app Komoot (version 9.16.2) - a navigation app for cyclists and hikers. Let's start with the network connections that Komoot establishes during use.

App start: Immediately after start (no user interaction)

[1] Immediately after starting the app, the app contacts Facebook. Among other things, the following information is transmitted [graph.facebook.com]:

Google Advertising ID: advertiser_id = c3639f11-626a-4692-9574-6a0f632e1ea3
Whether Ad-Tracking is enabled / allowed: advertisertrackingenabled = true
One identifier: anon_id = XZce953baa-18a8-42e0-82ad-2d1b3866fe63
Whether app tracking is enabled / allowed: applicationtrackingenabled = true

Further information:

Package name of the app: de.komoot.android
Version number of the app: 9.16.2
Android version number: 7.1.2
Device model: Redmi Note 4
Country code: de_DE
Time zone: CEST, Europe/Berlin
Display resolution: 1080×1920

❗️ How critical the integration of Facebook building blocks (SDKs) are with regard to privacy still doesn't seem to have penetrated the app developers - simply irresponsible. The mere transmission of the Google Advertising ID is basically enough for Facebook to establish a link between Facebook users and the data transmitted. The reason: The Facebok app (if installed) also reads the Google Advertising ID. Facebook then has an identifier that they can assign to a person exactly.

👉🏼 Read the fully translated article:
https://rwtxt.lelux.fi/blackbox/pstrongkomoot-facebook-goes-also-on-tourstrong

👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/komoot-facebook-geht-mit-auf-tour/

#komoot #navigation #app #review #kuketz #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Read emails unobserved: How to protect yourself against tracking pixels in newsletters and Co.

Many services for sending newsletters use tracking pixels to analyze your behavior: Retrieval time of the e-mail, bounce rate, clicked links, location. Here you can find out how it works, why you should fight it and what you can do.

Ping. There's a newsletter coming into your digital mailbox. One click later you'll hopefully be a little smarter. In any case the senders of the newsletter are smarter after your click. They know at what time and where on earth you open the e-mail. They know which links from the newsletter you clicked on and which e-mail program you use. Depending on the newsletter service, you may know even more. Sounds creepy, but is everyday in email marketing.

Many professional newsletters are sent with the software of special service providers. They offer very different services. Tracking of the readers: inside belongs almost always to it. For some it's about being cheap. Others advertise with the fact that they can pursue visitors: inside with the help of individual tags also outside of the E-Mail on the web page of the sender. Still others make so-called A/B testing possible, with which similar target groups are presented different contents, in order to test for example the success of different formulations.

☣️ 1 pixel × 1 pixel = ∞ Tracking
Usually, these providers use HTML emails: that is, they embed the text to be displayed in HTML encodings so that the email becomes prettier and gets more design elements. Images can also be integrated via HTML code. The graphic can either be attached to the e-mail or downloaded externally.

Almost all newsletter services have in common the use of so-called "tracking pixels". They are integrated in the way described above via HTML codes and reloaded by an external server when the e-mail is opened. These tracking graphics are usually one pixel times one pixel in size or completely hidden. For each reader:in, a unique identifier is added to the graphic, which makes it possible to assign the behavior to individual profiles. A link could look like this:

https://newsletterversand.domain/trackingpixel.gif?identifier=123456789

Consequently, the server from which the pixel is loaded can analyze your behavior. A program stores on the server: When exactly was this link retrieved for the first time? And from where? From this it is also possible to determine which links from the newsletter you click on and thus also your more precise interests. The IP address is used to read out your supposed whereabouts.

👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/pstrongread-emails-unobserved-how-to-protect-yourself-against-tracking-pixels-in-newsletters-and-costrongp

👉🏼 Source 🇩🇪:
https://netzpolitik.org/2019/unbeobachtet-mails-lesen-so-schuetzt-ihr-euch-gegen-tracking-pixel-in-newslettern-und-co/#trick-applemail

#mail #tracking #guide #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN