Android: Over 1000 apps bypass permissions and collect user data
The apps collect information such as location data, although the user has not given permission to do so. According to Google, only Android Q can prevent this data theft.
With permissions for Android apps, the user determines which data an app has access to and which not. If you don't want a flashlight app to have access to call logs, you simply deny access to that data. So much for theory. According to CNET, security researchers have now discovered that more than 1000 apps can bypass the Android authorization system and collect data such as location information, even though the user has prohibited this.
Researchers at the International Computer Science Institute found 1325 Android apps that collected data from devices even after they were expressly denied permission. Serge Egelman, director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI), presented the study at the Federal Trade Commission's PrivacyCon in late June.
(PDF)
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf_events/1415032/privacycon2019_serge_egelman.pdf
https://www.darkreading.com/endpoint/android-app-publishers-wont-take-no-for-an-answer-on-personal-data/d/d-id/1335169
https://www.zdnet.de/88364341/android-ueber-1000-apps-umgehen-berechtigungen-und-sammeln-nutzerdaten/
Read on TG:
https://news.1rj.ru/str/BlackBox_EN/2231
#android #userdata #permissions #DataTheft #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The apps collect information such as location data, although the user has not given permission to do so. According to Google, only Android Q can prevent this data theft.
With permissions for Android apps, the user determines which data an app has access to and which not. If you don't want a flashlight app to have access to call logs, you simply deny access to that data. So much for theory. According to CNET, security researchers have now discovered that more than 1000 apps can bypass the Android authorization system and collect data such as location information, even though the user has prohibited this.
Researchers at the International Computer Science Institute found 1325 Android apps that collected data from devices even after they were expressly denied permission. Serge Egelman, director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI), presented the study at the Federal Trade Commission's PrivacyCon in late June.
(PDF)
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf_events/1415032/privacycon2019_serge_egelman.pdf
https://www.darkreading.com/endpoint/android-app-publishers-wont-take-no-for-an-answer-on-personal-data/d/d-id/1335169
https://www.zdnet.de/88364341/android-ueber-1000-apps-umgehen-berechtigungen-und-sammeln-nutzerdaten/
Read on TG:
https://news.1rj.ru/str/BlackBox_EN/2231
#android #userdata #permissions #DataTheft #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The world's most famous and dangerous APT (state-developed) malware
A list of the most dangerous, effective, and most well-known malware strains that have been developed by the cyber-security units of various countries' intelligence and military branches.
Source:
https://www.zdnet.com/pictures/the-worlds-most-famous-and-dangerous-apt-state-developed-malware/
👉🏼 Read without ads n shit:
https://telegra.ph/The-worlds-most-famous-and-dangerous-APT-state-developed-malware-07-09
#apt #malware #cybersecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A list of the most dangerous, effective, and most well-known malware strains that have been developed by the cyber-security units of various countries' intelligence and military branches.
Source:
https://www.zdnet.com/pictures/the-worlds-most-famous-and-dangerous-apt-state-developed-malware/
👉🏼 Read without ads n shit:
https://telegra.ph/The-worlds-most-famous-and-dangerous-APT-state-developed-malware-07-09
#apt #malware #cybersecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Amidst furor over face recognition, Veritone promotes software’s use in law enforcement
The world is in an uproar about the use of facial recognition software by police to identify suspects. But five-year-old software vendor Veritone believes the software can be used for good, to "change the job of law enforcement." Police in the city of Anaheim, Calif., have been impressed with the results in a trial phase.
There is an uproar over the use of facial recognition technology, with San Francisco's Board of Supervisors earlier this month voting overwhelmingly to prohibit use of the technology by the city's law enforcement authorities.
📺 https://www.zdnet.com/article/amidst-furor-over-face-recognition-veritone-promotes-softwares-use-in-law-enforcement/
#veritone #software #FacialReconition #LawEnforcement
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The world is in an uproar about the use of facial recognition software by police to identify suspects. But five-year-old software vendor Veritone believes the software can be used for good, to "change the job of law enforcement." Police in the city of Anaheim, Calif., have been impressed with the results in a trial phase.
There is an uproar over the use of facial recognition technology, with San Francisco's Board of Supervisors earlier this month voting overwhelmingly to prohibit use of the technology by the city's law enforcement authorities.
📺 https://www.zdnet.com/article/amidst-furor-over-face-recognition-veritone-promotes-softwares-use-in-law-enforcement/
#veritone #software #FacialReconition #LawEnforcement
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
How Banks Make Online Banking Insecure Through Apps
1. App obligation
Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:
"Digital first - Concerns second"
banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.
1st problem: Android update policy
Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.
Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.
Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09
Source (🇩🇪):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/
#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
1. App obligation
Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:
"Digital first - Concerns second"
banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.
1st problem: Android update policy
Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.
Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.
Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09
Source (🇩🇪):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/
#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
FPM vulnerability: Exfiltrating data with Facebooks HHVM
Servers for the so-called FastCGI Process Manager (FPM) can give unauthorized access to files on a system if they can be reached via the Internet. This is especially true for HHVM on Facebook, but PHP is less risky.
By default, the use of Facebooks HHVM can cause attackers to exfiltrate files on a server. This is due to the so-called FastCGI Process Manager (FPM), a method originally developed by PHP to execute CGI noscripts faster. PHP itself is theoretically also affected, but some protection mechanisms ensure that the risk there is significantly lower.
HHVM or Hiphop Virtual Machine was originally an implementation of the PHP programming language developed by Facebook. However, HHVM has evolved in a different direction, Facebook has changed parts of the syntax and current versions now implement their own programming language called HACK. The current version 4 of HHVM no longer supports PHP.
FPM works in such a way that a PHP or HHVM process runs permanently on a server. A web server can forward requests for corresponding noscripts to the FPM daemon, where they are processed. FPM can be addressed either via a local socket or a network port. If FPM is accessible via a network port and from the outside, there is a security risk which, in the worst case, can lead to the exfiltration of arbitrary files.
Read more (🇩🇪):
https://www.golem.de/news/fpm-sicherheitsluecke-daten-exfiltrieren-mit-facebooks-hhvm-1907-142418.html
Translation (🇬🇧):
https://telegra.ph/FPM-vulnerability-Exfiltrating-data-with-Facebooks-HHVM-07-09
#fpm #vulnerability #exfiltrating #data #facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Servers for the so-called FastCGI Process Manager (FPM) can give unauthorized access to files on a system if they can be reached via the Internet. This is especially true for HHVM on Facebook, but PHP is less risky.
By default, the use of Facebooks HHVM can cause attackers to exfiltrate files on a server. This is due to the so-called FastCGI Process Manager (FPM), a method originally developed by PHP to execute CGI noscripts faster. PHP itself is theoretically also affected, but some protection mechanisms ensure that the risk there is significantly lower.
HHVM or Hiphop Virtual Machine was originally an implementation of the PHP programming language developed by Facebook. However, HHVM has evolved in a different direction, Facebook has changed parts of the syntax and current versions now implement their own programming language called HACK. The current version 4 of HHVM no longer supports PHP.
FPM works in such a way that a PHP or HHVM process runs permanently on a server. A web server can forward requests for corresponding noscripts to the FPM daemon, where they are processed. FPM can be addressed either via a local socket or a network port. If FPM is accessible via a network port and from the outside, there is a security risk which, in the worst case, can lead to the exfiltration of arbitrary files.
Read more (🇩🇪):
https://www.golem.de/news/fpm-sicherheitsluecke-daten-exfiltrieren-mit-facebooks-hhvm-1907-142418.html
Translation (🇬🇧):
https://telegra.ph/FPM-vulnerability-Exfiltrating-data-with-Facebooks-HHVM-07-09
#fpm #vulnerability #exfiltrating #data #facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Selling Your Private Information Is a Terrible Idea
We don’t allow people to sell their kidneys. We shouldn’t let them sell the details of their lives, either.
“Claim Your 31st Right,” declares the #My31 app’s splash screen. “Review, share, and confirm your HUMAN right to your data as your property.”
(The United Nations Declaration of Human Rights currently has 30, so a right to data would presumably come next.)
That’s why #My31 doesn’t bill itself as a business so much as a cause. “Join the movement by staking a claim to data you’ve produced, declaring it your personal property,” proclaims the App Store denoscription. Sign up, the app says, and “get a noscript of ownership for your personal data.”
The idea is that once you own your data, you can sell it. Many companies seem convinced that this is the future. PatientSphere, a platform for health care information, purports to offer patients “the ability to not only share” data on their own terms, “but also get paid for it.” PatientTruth similarly bills itself as a health record system and a way for patients to “own” and “monetize” their health data. SUPA, which markets smart exercise bras to Gen Z, offers money in exchange for data. “SUPA is tokenizing the body,” the company website declares.
All of these apps, platforms and services use blockchain — a technology first used by bitcoin, a type of digital money — to store health information. Because the term “blockchain” has become so nebulous, it’s difficult to pin down the actual upsides to storing health data this way. In most situations, blockchain is not any more secure, reliable or usable than its alternatives. But it does have one distinct advantage: A data-sharing platform can double as both database and cryptocurrency. Behold, the data pays for itself.
There’s just one small wrinkle. There’s no legal property right to personal data.
Source:
https://www.nytimes.com/2019/07/05/opinion/health-data-property-privacy.html4
👉🏼 Read without ads n shit:
https://telegra.ph/Selling-Your-Private-Information-Is-a-Terrible-Idea-07-09
#OurData #privacy #My31 #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
We don’t allow people to sell their kidneys. We shouldn’t let them sell the details of their lives, either.
“Claim Your 31st Right,” declares the #My31 app’s splash screen. “Review, share, and confirm your HUMAN right to your data as your property.”
(The United Nations Declaration of Human Rights currently has 30, so a right to data would presumably come next.)
That’s why #My31 doesn’t bill itself as a business so much as a cause. “Join the movement by staking a claim to data you’ve produced, declaring it your personal property,” proclaims the App Store denoscription. Sign up, the app says, and “get a noscript of ownership for your personal data.”
The idea is that once you own your data, you can sell it. Many companies seem convinced that this is the future. PatientSphere, a platform for health care information, purports to offer patients “the ability to not only share” data on their own terms, “but also get paid for it.” PatientTruth similarly bills itself as a health record system and a way for patients to “own” and “monetize” their health data. SUPA, which markets smart exercise bras to Gen Z, offers money in exchange for data. “SUPA is tokenizing the body,” the company website declares.
All of these apps, platforms and services use blockchain — a technology first used by bitcoin, a type of digital money — to store health information. Because the term “blockchain” has become so nebulous, it’s difficult to pin down the actual upsides to storing health data this way. In most situations, blockchain is not any more secure, reliable or usable than its alternatives. But it does have one distinct advantage: A data-sharing platform can double as both database and cryptocurrency. Behold, the data pays for itself.
There’s just one small wrinkle. There’s no legal property right to personal data.
Source:
https://www.nytimes.com/2019/07/05/opinion/health-data-property-privacy.html4
👉🏼 Read without ads n shit:
https://telegra.ph/Selling-Your-Private-Information-Is-a-Terrible-Idea-07-09
#OurData #privacy #My31 #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
#Godlua a #Linux #DDoS #bot, is the first-ever malware strain seen using DoH to hide its DNS traffic.
#Security #researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever #malware #strain seen #abusing the #DNS over #HTTPS #DoH #protocol.
📺 https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/
#video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
#Godlua a #Linux #DDoS #bot, is the first-ever malware strain seen using DoH to hide its DNS traffic.
#Security #researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have discovered the first ever #malware #strain seen #abusing the #DNS over #HTTPS #DoH #protocol.
📺 https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/
#video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
From Silicon Valley to the Georgia Guidestones
Corbett Report member Octium connects the dots between two seemingly disparate Corbett reports: one on silicon valley and the other on the Georgia guidestones. So who is William Shockley, what does he have to do with the guidestones, and what does this all have to do with eugenics and computers? Find out in today’s intriguing exploration.
📺 #corbettreport #video #podcast
https://www.corbettreport.com/from-silicon-valley-to-the-georgia-guidestones/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Corbett Report member Octium connects the dots between two seemingly disparate Corbett reports: one on silicon valley and the other on the Georgia guidestones. So who is William Shockley, what does he have to do with the guidestones, and what does this all have to do with eugenics and computers? Find out in today’s intriguing exploration.
📺 #corbettreport #video #podcast
https://www.corbettreport.com/from-silicon-valley-to-the-georgia-guidestones/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Know and spot the patterns.
the CyberWire
🎧 Know and spot the patterns
Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interview Michael Coates, head of Altitude Networks and former CISO at Twitter.
📻 https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-07-11.html
#HackingHumans #cyberwire #patterns #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interview Michael Coates, head of Altitude Networks and former CISO at Twitter.
📻 https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-07-11.html
#HackingHumans #cyberwire #patterns #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Why Facebook should be smashed
A former Obama advisor calls for the revival of an American anti-trust spirit. #Facebook would be vulnerable due to its size, Standard Oil and AT&T would be examples of successful unbundling. He accuses #MarkZuckerberg of illegally taking over #Instagram.
Tim Wu: Facebook's Purchase of Instagram was a Felony
Tim Wu points to the danger that an early and successful Instagram represented to Facebook. The photo-centric platform was a competitor to Mark Zuckerberg's larger company, says #Wu.
📺 https://youtu.be/bqkau41MFvI
#DeleteFacebook #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A former Obama advisor calls for the revival of an American anti-trust spirit. #Facebook would be vulnerable due to its size, Standard Oil and AT&T would be examples of successful unbundling. He accuses #MarkZuckerberg of illegally taking over #Instagram.
Tim Wu: Facebook's Purchase of Instagram was a Felony
Tim Wu points to the danger that an early and successful Instagram represented to Facebook. The photo-centric platform was a competitor to Mark Zuckerberg's larger company, says #Wu.
📺 https://youtu.be/bqkau41MFvI
#DeleteFacebook #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
It Wasn’t Me
All the things a bank won’t ask, but a fraudster will! Our latest film “It Wasn’t Me”, in collaboration with the DubaiPoliceHQ, gives you the do’s and don’ts of keeping your identity and account secure at all times.
📺 Dubai Police & Emirates National Bank Dubai
https://mobile.twitter.com/EmiratesNBD_AE/status/1144261859517894658
#music #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
All the things a bank won’t ask, but a fraudster will! Our latest film “It Wasn’t Me”, in collaboration with the DubaiPoliceHQ, gives you the do’s and don’ts of keeping your identity and account secure at all times.
📺 Dubai Police & Emirates National Bank Dubai
https://mobile.twitter.com/EmiratesNBD_AE/status/1144261859517894658
#music #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Facebook’s Algorithm Shapes Our Lives. This Hacker Wants to Find Out How.
Claudio Agosti wants to know what Facebook does with him. The programmer has developed a browser extension that collects data donations from users. He wants to decipher why we only get to see very specific political news – and what Facebook is hiding from us in their News Feed.
Claudio Agosti is laughing. The hacker is giving a talk about how Facebook works at the art festival Transmediale in Berlin. He talks about how the social network weaves its algorithms in order to attract people into their web like spiders do with flies. In his melodic Italian accent, Agosti asks the crowd who would want to make a bet on whether Facebook treats their users in a fair manner.
Agosti straightaway gives the answer himself: “The truth is: nobody wins. In an oppressive system you are just subject to the decisions of someone else”. He grins mischievously. A game of algorithms, their power over the minds of their billions of users – it’s all a sinister joke to Agosti.
Claudio Agosti, 39 years old, bald and sturdy, has spent half his life exploring the impact of modern technology on us. He comes from near Milan and lives in Berlin. Whether you call him a hacker, a privacy activist or a critical researcher does not really matter. Agosti probably knows more about the way Facebook’s algorithms work than anyone who hasn’t worked on them personally.
It has been 10 years since Agosti first wondered how algorithms impact our lives. Back then, he noticed that Google’s search results had become more and more personalized. From a standard of results that were the same for everyone, he observed a filter bubble developing the he fears keeps us ever more encapsulated in the algorithms‘ world.
“Algorithms decide for you what is important”, he says. This is what bothers Agosti, the self-taught programmer who is used to mastering technology. “To be free, an individual should have full control over this logic.” A simple, yet radical thought.
#DeleteFacebook #algorithm #hacker #browser #addon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Claudio Agosti wants to know what Facebook does with him. The programmer has developed a browser extension that collects data donations from users. He wants to decipher why we only get to see very specific political news – and what Facebook is hiding from us in their News Feed.
Claudio Agosti is laughing. The hacker is giving a talk about how Facebook works at the art festival Transmediale in Berlin. He talks about how the social network weaves its algorithms in order to attract people into their web like spiders do with flies. In his melodic Italian accent, Agosti asks the crowd who would want to make a bet on whether Facebook treats their users in a fair manner.
Agosti straightaway gives the answer himself: “The truth is: nobody wins. In an oppressive system you are just subject to the decisions of someone else”. He grins mischievously. A game of algorithms, their power over the minds of their billions of users – it’s all a sinister joke to Agosti.
Claudio Agosti, 39 years old, bald and sturdy, has spent half his life exploring the impact of modern technology on us. He comes from near Milan and lives in Berlin. Whether you call him a hacker, a privacy activist or a critical researcher does not really matter. Agosti probably knows more about the way Facebook’s algorithms work than anyone who hasn’t worked on them personally.
It has been 10 years since Agosti first wondered how algorithms impact our lives. Back then, he noticed that Google’s search results had become more and more personalized. From a standard of results that were the same for everyone, he observed a filter bubble developing the he fears keeps us ever more encapsulated in the algorithms‘ world.
“Algorithms decide for you what is important”, he says. This is what bothers Agosti, the self-taught programmer who is used to mastering technology. “To be free, an individual should have full control over this logic.” A simple, yet radical thought.
Read without ads n trackers:https://rwtxt.lelux.fi/blackbox/pstrongfacebooks-algorithm-shapes-our-lives-this-hacker-wants-to-find-out-howstrongp
#DeleteFacebook #algorithm #hacker #browser #addon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Financial Survival in the “Clash of Civilizations”
James joins Melody for his regular bi-monthly appearance on #FinancialSurvival to discuss the latest incident in the Persian Gulf, the future of the global reserve currency, the clash of civilizations, and how Italy is facing off with the European banksters.
📺 #corbettreport #video #podcast
https://www.corbettreport.com/financial-survival-in-the-clash-of-civilizations/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
James joins Melody for his regular bi-monthly appearance on #FinancialSurvival to discuss the latest incident in the Persian Gulf, the future of the global reserve currency, the clash of civilizations, and how Italy is facing off with the European banksters.
📺 #corbettreport #video #podcast
https://www.corbettreport.com/financial-survival-in-the-clash-of-civilizations/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Komoot: Facebook goes also on tour
The App Review Week starts with the Android app Komoot (version 9.16.2) - a navigation app for cyclists and hikers. Let's start with the network connections that Komoot establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after starting the app, the app contacts Facebook. Among other things, the following information is transmitted [graph.facebook.com]:
👉🏼 Read the fully translated article:
https://rwtxt.lelux.fi/blackbox/pstrongkomoot-facebook-goes-also-on-tourstrong
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/komoot-facebook-geht-mit-auf-tour/
#komoot #navigation #app #review #kuketz #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The App Review Week starts with the Android app Komoot (version 9.16.2) - a navigation app for cyclists and hikers. Let's start with the network connections that Komoot establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after starting the app, the app contacts Facebook. Among other things, the following information is transmitted [graph.facebook.com]:
Google Advertising ID: advertiser_id = c3639f11-626a-4692-9574-6a0f632e1ea3
Whether Ad-Tracking is enabled / allowed: advertisertrackingenabled = true
One identifier: anon_id = XZce953baa-18a8-42e0-82ad-2d1b3866fe63
Whether app tracking is enabled / allowed: applicationtrackingenabled = true
Further information:Package name of the app: de.komoot.android
Version number of the app: 9.16.2
Android version number: 7.1.2
Device model: Redmi Note 4
Country code: de_DE
Time zone: CEST, Europe/Berlin
Display resolution: 1080×1920
❗️ How critical the integration of Facebook building blocks (SDKs) are with regard to privacy still doesn't seem to have penetrated the app developers - simply irresponsible. The mere transmission of the Google Advertising ID is basically enough for Facebook to establish a link between Facebook users and the data transmitted. The reason: The Facebok app (if installed) also reads the Google Advertising ID. Facebook then has an identifier that they can assign to a person exactly.👉🏼 Read the fully translated article:
https://rwtxt.lelux.fi/blackbox/pstrongkomoot-facebook-goes-also-on-tourstrong
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/komoot-facebook-geht-mit-auf-tour/
#komoot #navigation #app #review #kuketz #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Read emails unobserved: How to protect yourself against tracking pixels in newsletters and Co.
Many services for sending newsletters use tracking pixels to analyze your behavior: Retrieval time of the e-mail, bounce rate, clicked links, location. Here you can find out how it works, why you should fight it and what you can do.
Ping. There's a newsletter coming into your digital mailbox. One click later you'll hopefully be a little smarter. In any case the senders of the newsletter are smarter after your click. They know at what time and where on earth you open the e-mail. They know which links from the newsletter you clicked on and which e-mail program you use. Depending on the newsletter service, you may know even more. Sounds creepy, but is everyday in email marketing.
Many professional newsletters are sent with the software of special service providers. They offer very different services. Tracking of the readers: inside belongs almost always to it. For some it's about being cheap. Others advertise with the fact that they can pursue visitors: inside with the help of individual tags also outside of the E-Mail on the web page of the sender. Still others make so-called A/B testing possible, with which similar target groups are presented different contents, in order to test for example the success of different formulations.
☣️ 1 pixel × 1 pixel = ∞ Tracking
Usually, these providers use HTML emails: that is, they embed the text to be displayed in HTML encodings so that the email becomes prettier and gets more design elements. Images can also be integrated via HTML code. The graphic can either be attached to the e-mail or downloaded externally.
Almost all newsletter services have in common the use of so-called "tracking pixels". They are integrated in the way described above via HTML codes and reloaded by an external server when the e-mail is opened. These tracking graphics are usually one pixel times one pixel in size or completely hidden. For each reader:in, a unique identifier is added to the graphic, which makes it possible to assign the behavior to individual profiles. A link could look like this:
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/pstrongread-emails-unobserved-how-to-protect-yourself-against-tracking-pixels-in-newsletters-and-costrongp
👉🏼 Source 🇩🇪:
https://netzpolitik.org/2019/unbeobachtet-mails-lesen-so-schuetzt-ihr-euch-gegen-tracking-pixel-in-newslettern-und-co/#trick-applemail
#mail #tracking #guide #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Many services for sending newsletters use tracking pixels to analyze your behavior: Retrieval time of the e-mail, bounce rate, clicked links, location. Here you can find out how it works, why you should fight it and what you can do.
Ping. There's a newsletter coming into your digital mailbox. One click later you'll hopefully be a little smarter. In any case the senders of the newsletter are smarter after your click. They know at what time and where on earth you open the e-mail. They know which links from the newsletter you clicked on and which e-mail program you use. Depending on the newsletter service, you may know even more. Sounds creepy, but is everyday in email marketing.
Many professional newsletters are sent with the software of special service providers. They offer very different services. Tracking of the readers: inside belongs almost always to it. For some it's about being cheap. Others advertise with the fact that they can pursue visitors: inside with the help of individual tags also outside of the E-Mail on the web page of the sender. Still others make so-called A/B testing possible, with which similar target groups are presented different contents, in order to test for example the success of different formulations.
☣️ 1 pixel × 1 pixel = ∞ Tracking
Usually, these providers use HTML emails: that is, they embed the text to be displayed in HTML encodings so that the email becomes prettier and gets more design elements. Images can also be integrated via HTML code. The graphic can either be attached to the e-mail or downloaded externally.
Almost all newsletter services have in common the use of so-called "tracking pixels". They are integrated in the way described above via HTML codes and reloaded by an external server when the e-mail is opened. These tracking graphics are usually one pixel times one pixel in size or completely hidden. For each reader:in, a unique identifier is added to the graphic, which makes it possible to assign the behavior to individual profiles. A link could look like this:
https://newsletterversand.domain/trackingpixel.gif?identifier=123456789Consequently, the server from which the pixel is loaded can analyze your behavior. A program stores on the server: When exactly was this link retrieved for the first time? And from where? From this it is also possible to determine which links from the newsletter you click on and thus also your more precise interests. The IP address is used to read out your supposed whereabouts.
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/pstrongread-emails-unobserved-how-to-protect-yourself-against-tracking-pixels-in-newsletters-and-costrongp
👉🏼 Source 🇩🇪:
https://netzpolitik.org/2019/unbeobachtet-mails-lesen-so-schuetzt-ihr-euch-gegen-tracking-pixel-in-newslettern-und-co/#trick-applemail
#mail #tracking #guide #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Tech billionaire Thiel wants FBI and CIA to investigate Google
According to media reports, tech billionaire Peter Thiel has demanded FBI and CIA investigations against Google. The question is whether the company has been infiltrated by China.
Billionaire investor Peter Thiel said Sunday that the FBI and the CIA should investigate if Google has been infiltrated by Chinese intelligence, according to a report from Axios.
Thiel blasted the Alphabet-owned Google for its work in China, saying the search engine giant was "engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," according to Axios.
Last year, Google came under fire after it was revealed that the company was working on a controversial project to launch a censored search service in China.
Billionaire investor Peter Thiel said Sunday that the FBI and the CIA should investigate if Google has been infiltrated by Chinese intelligence, according to a report from Axios.
Thiel, a Facebook board member, was speaking at the National Conservatism Conference in Washington, D.C. and his speech focused on three questions that should be presented to the tech giant, Axios said.
"Number one, how many foreign intelligence agencies have infiltrated your Manhattan Project for AI (artificial intelligence)?" Thiel reportedly asked. "Number two, does Google's senior management consider itself to have been thoroughly infiltrated by Chinese intelligence?"
He said those questions "need to be asked by the FBI, by the CIA."
Thiel also blasted Alphabet-owned Google for its work in China.
"Number three, is it because they consider themselves to be so thoroughly infiltrated that they have engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," Thiel said, according to Axios.
Google did not immediately respond to CNBC's request for comments.
#thiel #CIA #FBI #Google #DeleteGoogle
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
According to media reports, tech billionaire Peter Thiel has demanded FBI and CIA investigations against Google. The question is whether the company has been infiltrated by China.
Billionaire investor Peter Thiel said Sunday that the FBI and the CIA should investigate if Google has been infiltrated by Chinese intelligence, according to a report from Axios.
Thiel blasted the Alphabet-owned Google for its work in China, saying the search engine giant was "engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," according to Axios.
Last year, Google came under fire after it was revealed that the company was working on a controversial project to launch a censored search service in China.
Billionaire investor Peter Thiel said Sunday that the FBI and the CIA should investigate if Google has been infiltrated by Chinese intelligence, according to a report from Axios.
Thiel, a Facebook board member, was speaking at the National Conservatism Conference in Washington, D.C. and his speech focused on three questions that should be presented to the tech giant, Axios said.
"Number one, how many foreign intelligence agencies have infiltrated your Manhattan Project for AI (artificial intelligence)?" Thiel reportedly asked. "Number two, does Google's senior management consider itself to have been thoroughly infiltrated by Chinese intelligence?"
He said those questions "need to be asked by the FBI, by the CIA."
Thiel also blasted Alphabet-owned Google for its work in China.
"Number three, is it because they consider themselves to be so thoroughly infiltrated that they have engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," Thiel said, according to Axios.
Google did not immediately respond to CNBC's request for comments.
Read more:https://www.cnbc.com/2019/07/15/peter-thiel-reportedly-says-the-fbi-and-cia-should-investigate-google.html
#thiel #CIA #FBI #Google #DeleteGoogle
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Richard Stallman on Pedophilia
Richard Stallman had a birthday a couple of days ago. On varius forums and subreddits, people were wishing RMS a happy birthday and some were sharing their favorite quotes from Stallman. Some of these quotes I had never read before and, to be honest, kind of shocked me. Not sure I will ever view Richard Stallman the same.
📺 https://www.youtube.com/watch?v=8BDm88o94nk
#RMS #Stallman #pedophilia #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Richard Stallman had a birthday a couple of days ago. On varius forums and subreddits, people were wishing RMS a happy birthday and some were sharing their favorite quotes from Stallman. Some of these quotes I had never read before and, to be honest, kind of shocked me. Not sure I will ever view Richard Stallman the same.
📺 https://www.youtube.com/watch?v=8BDm88o94nk
#RMS #Stallman #pedophilia #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
EU states unanimously vote against stricter export controls for surveillance equipment
The EU wants to more closely control the trade of the European surveillance industry with autocratic regimes. After two years of tough negotiations, the member states have found a „compromise“: they are against anything that could limit the trade of spyware. Germany agreed as well.
Daniel Moßbrucker accompanies the reform of the EU Dual Use Regulation for Reporters Without Borders. The human rights NGO works globally for the protection of journalists and fights against censorship online and offline. (This text is the translation of the original German version.)
On 28 May, the UN special rapporteur on the right to freedom of opinion and expression, David Kaye, appealed to the international community and demanded a moratorium on the sale of spying technology. Everywhere in the world, journalists, activists and opposition members are being monitored with state-of-the-art technology, trade is flourishing – and global regulation is at best in its infancy.
With the same arguments, the EU Commission had already submitted a reform proposal in 2016 for the European control system. The items include hacking software, large data centres for data retention, IMSI catchers for monitoring demonstrations and equipment for telecommunications surveillance.
For more than two years, the EU member states had been arguing fiercely about the Commission’s plans before they presented their „compromise“ exactly one week after Kaye’s demand. They are against any plans that would allow stronger controls on surveillance technology.
Read more:
https://rwtxt.lelux.fi/blackbox/peu-states-unanimously-vote-against-stricter-export-controls-for-surveillance-equipmentp
#EU #surveillance #export #equipment
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The EU wants to more closely control the trade of the European surveillance industry with autocratic regimes. After two years of tough negotiations, the member states have found a „compromise“: they are against anything that could limit the trade of spyware. Germany agreed as well.
Daniel Moßbrucker accompanies the reform of the EU Dual Use Regulation for Reporters Without Borders. The human rights NGO works globally for the protection of journalists and fights against censorship online and offline. (This text is the translation of the original German version.)
On 28 May, the UN special rapporteur on the right to freedom of opinion and expression, David Kaye, appealed to the international community and demanded a moratorium on the sale of spying technology. Everywhere in the world, journalists, activists and opposition members are being monitored with state-of-the-art technology, trade is flourishing – and global regulation is at best in its infancy.
With the same arguments, the EU Commission had already submitted a reform proposal in 2016 for the European control system. The items include hacking software, large data centres for data retention, IMSI catchers for monitoring demonstrations and equipment for telecommunications surveillance.
For more than two years, the EU member states had been arguing fiercely about the Commission’s plans before they presented their „compromise“ exactly one week after Kaye’s demand. They are against any plans that would allow stronger controls on surveillance technology.
Read more:
https://rwtxt.lelux.fi/blackbox/peu-states-unanimously-vote-against-stricter-export-controls-for-surveillance-equipmentp
#EU #surveillance #export #equipment
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System
Apps can also access tracking data without authorization
The Android permission model can be circumvented with tricks. A study found 1,325 apps that can access the corresponding data even without authorization.
The Android authorization system is designed to protect particularly sensitive data. Only when the user grants an app the corresponding authorization can it access the location or the device ID, for example. However, some applications bypass the permissions by accessing the corresponding data in other ways. Researchers at Berkeley University (USA), the IMDEA Networks Institute (Spain) and the University of Calgary (Canada) found this out.
PDF:
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf
#android #data #circumvent #tracking #authorization #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Apps can also access tracking data without authorization
The Android permission model can be circumvented with tricks. A study found 1,325 apps that can access the corresponding data even without authorization.
The Android authorization system is designed to protect particularly sensitive data. Only when the user grants an app the corresponding authorization can it access the location or the device ID, for example. However, some applications bypass the permissions by accessing the corresponding data in other ways. Researchers at Berkeley University (USA), the IMDEA Networks Institute (Spain) and the University of Calgary (Canada) found this out.
PDF:
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf
#android #data #circumvent #tracking #authorization #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Audio
🎧 The Internet’s Carbon Footprint
Manoush Zomorodi explores the surprising environmental impact of the internet in this episode of IRL. Because while it’s easy to think of the internet as living only on your screen, energy demand for the internet is indeed powered by massive server farms, running around the clock, all over the world. What exactly is the internet’s carbon footprint? And, what can we do about it?
📻 https://irlpodcast.org/
#IRL #carbon #footprint #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Manoush Zomorodi explores the surprising environmental impact of the internet in this episode of IRL. Because while it’s easy to think of the internet as living only on your screen, energy demand for the internet is indeed powered by massive server farms, running around the clock, all over the world. What exactly is the internet’s carbon footprint? And, what can we do about it?
📻 https://irlpodcast.org/
#IRL #carbon #footprint #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
(Can’t) Picture This 2 An Analysis of WeChat’s Realtime Image Filtering in Chats
Key Findings:
👁🗨 WeChat implements realtime, automatic censorship of chat images based on text contained in images and on an image’s visual similarity to those on a blacklist
👁🗨 WeChat facilitates realtime filtering by maintaining a hash index populated by MD5 hashes of images sent by users of the chat platform
👁🗨 We compare levels of filtering across WeChat’s Moments, group chat, and 1-to-1 chat features and find that each has different images censored; we find that Moments and group chat are generally more heavily filtered than 1-to-1
👁🗨 WeChat targets predominantly political content including images pertaining to government and social resistance
👁🗨 WeChat’s image censorship is reactive to news events; we found censored images covering a wide range of events, including the arrest of Huawei’s CFO, the Sino-US Trade War, and the 2018 US Midterm Elections
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
#WeChat #filter #realtime #images #china #censorship
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Key Findings:
👁🗨 WeChat implements realtime, automatic censorship of chat images based on text contained in images and on an image’s visual similarity to those on a blacklist
👁🗨 WeChat facilitates realtime filtering by maintaining a hash index populated by MD5 hashes of images sent by users of the chat platform
👁🗨 We compare levels of filtering across WeChat’s Moments, group chat, and 1-to-1 chat features and find that each has different images censored; we find that Moments and group chat are generally more heavily filtered than 1-to-1
👁🗨 WeChat targets predominantly political content including images pertaining to government and social resistance
👁🗨 WeChat’s image censorship is reactive to news events; we found censored images covering a wide range of events, including the arrest of Huawei’s CFO, the Sino-US Trade War, and the 2018 US Midterm Elections
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
#WeChat #filter #realtime #images #china #censorship
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN