Shelter: Isolate Big Brother apps - Take back control! (Part 7)
1. Big Data
The collection, processing and analysis of as much information as possible is Big Data’s core business. In this non-transparent data processing, which is determined by algorithms, personal rights are hardly taken into consideration. This dilemma becomes particularly clear in the Android world: Apps access personal data uninhibitedly and send it unsolicited to the most diverse protagonists. This is exactly what the article series “Take back control!” wants to protect against.
Another piece of the puzzle to achieve this goal is the App Shelter, which locks selected Android apps in a sandbox, depriving them of access to phone books, calendars, images and other data. Curious apps can thus be denied access to sensitive user data.
💡 This article is part of a series of articles:
✅ Android without Google: Take back control! Part 1
✅ LineageOS - Take back control! Part2
✅ Magisk: By the power of Root - Take back control! Part 3 (not yet translated)
✅ AFWall+: Digital Door Controller - Take back control! Part 4
✅ F-Droid: Free and Open Source Apps - Take back control! Part 5
✅ AdAway: Advertising and tracking blocker - Take back control! Part 6
✅ Shelter: Isolate Big Brother apps - Take back control! Part 7
2. Shelter
Shelter is an open source app for Android that can be downloaded from the App-Store F-Droid. Alternatively the app can be downloaded via GitHub or the Google Play Store.
To separate apps, Shelter uses the Android work profiles that Google introduced as early as 2015 to separate private data from business content or apps. The work profile is a specially isolated area in which, for example, data-hungry apps can be stored. In addition to the normal environment in which all apps are normally located, Shelter creates another workspace that is logically separated from the other workspace. From this bunker (Shelter) apps can not access data which are in the normal environment - but all data of apps which are also stored or locked in the Shelter.
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/shelter-isolate-big-brother-apps-take-back-control-part-7
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/shelter-big-brother-apps-isolieren-take-back-control-teil7/
#android #shelter #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #part7 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
1. Big Data
The collection, processing and analysis of as much information as possible is Big Data’s core business. In this non-transparent data processing, which is determined by algorithms, personal rights are hardly taken into consideration. This dilemma becomes particularly clear in the Android world: Apps access personal data uninhibitedly and send it unsolicited to the most diverse protagonists. This is exactly what the article series “Take back control!” wants to protect against.
Another piece of the puzzle to achieve this goal is the App Shelter, which locks selected Android apps in a sandbox, depriving them of access to phone books, calendars, images and other data. Curious apps can thus be denied access to sensitive user data.
💡 This article is part of a series of articles:
✅ Android without Google: Take back control! Part 1
✅ LineageOS - Take back control! Part2
✅ Magisk: By the power of Root - Take back control! Part 3 (not yet translated)
✅ AFWall+: Digital Door Controller - Take back control! Part 4
✅ F-Droid: Free and Open Source Apps - Take back control! Part 5
✅ AdAway: Advertising and tracking blocker - Take back control! Part 6
✅ Shelter: Isolate Big Brother apps - Take back control! Part 7
2. Shelter
Shelter is an open source app for Android that can be downloaded from the App-Store F-Droid. Alternatively the app can be downloaded via GitHub or the Google Play Store.
To separate apps, Shelter uses the Android work profiles that Google introduced as early as 2015 to separate private data from business content or apps. The work profile is a specially isolated area in which, for example, data-hungry apps can be stored. In addition to the normal environment in which all apps are normally located, Shelter creates another workspace that is logically separated from the other workspace. From this bunker (Shelter) apps can not access data which are in the normal environment - but all data of apps which are also stored or locked in the Shelter.
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/shelter-isolate-big-brother-apps-take-back-control-part-7
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/shelter-big-brother-apps-isolieren-take-back-control-teil7/
#android #shelter #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #part7 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Amazon is listening to your kids and visitors, warns German parliament report
Smart speakers like Alexa not only store the voices of their registered users, but also those of children and unsuspecting guests. This constitutes a legal problem, says a report commissioned by the German parliament.
Amazon’s voice assistant listens far more often than people might know. Alexa does not only pick up the voices of adults who consciously interact with the system, but also those of others who do not know the assistant is recording them. That could be a visitor or a minor.
This function of Alexa is now subject of a report by the Research Service of the German parliament, the Bundestag. The service is impartial, researching and analysing information on behalf of committees and by request of members of parliament. The paper examines whether the recording, trannoscription and evaluation of voice recordings by Amazon are legal under German law.
When Alexa is first installed, users must give their consent to the processing and storage of their data. The mandatory information about the use and administration of their data is described sufficiently on Amazon’s website and in the Alexa app, according to the experts. Users can manage and delete the stored data in their profile. However, it remains unclear for how long Amazon stores the voice recordings and how often the software records unintended noises and conversations.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/amazon-is-listening-to-your-kids-and-visitors-warns-german-parliament-report
#DeleteAmazon #Alexa #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Smart speakers like Alexa not only store the voices of their registered users, but also those of children and unsuspecting guests. This constitutes a legal problem, says a report commissioned by the German parliament.
Amazon’s voice assistant listens far more often than people might know. Alexa does not only pick up the voices of adults who consciously interact with the system, but also those of others who do not know the assistant is recording them. That could be a visitor or a minor.
This function of Alexa is now subject of a report by the Research Service of the German parliament, the Bundestag. The service is impartial, researching and analysing information on behalf of committees and by request of members of parliament. The paper examines whether the recording, trannoscription and evaluation of voice recordings by Amazon are legal under German law.
When Alexa is first installed, users must give their consent to the processing and storage of their data. The mandatory information about the use and administration of their data is described sufficiently on Amazon’s website and in the Alexa app, according to the experts. Users can manage and delete the stored data in their profile. However, it remains unclear for how long Amazon stores the voice recordings and how often the software records unintended noises and conversations.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/amazon-is-listening-to-your-kids-and-visitors-warns-german-parliament-report
#DeleteAmazon #Alexa #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
SwiftKey: BlackBox with permanent tracking
On the fourth day of the App Review Week, I test the Android app SwiftKey (version 7.3.3.12) - a keyboard app from Microsoft that accepts input via wipe gestures. Let’s start with the network connections that SwiftKey establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after startup, the app contacts the SwiftKey servers [jenson.api.swiftkey.com] to update LanguagePack information:
👉🏼 Full translated review:
https://rwtxt.lelux.fi/blackbox/swiftkey-blackbox-with-permanent-tracking
Source 🇩🇪:
https://www.kuketz-blog.de/swiftkey-blackbox-mit-dauerhaftem-tracking/
#SwifkKey #App #review #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
On the fourth day of the App Review Week, I test the Android app SwiftKey (version 7.3.3.12) - a keyboard app from Microsoft that accepts input via wipe gestures. Let’s start with the network connections that SwiftKey establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after startup, the app contacts the SwiftKey servers [jenson.api.swiftkey.com] to update LanguagePack information:
GET /swiftkey/sksdk-3.0/sk-7.3.3/market/languagePacksSSL.json HTTP/1.1 Accept-Encoding: gzip, deflate Range: bytes=0- User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Mi A1 Build/PQ3A.190705.003) Host: jenson.api.swiftkey.com Connection: close[2] The updates for the language packs (LanguagePacks) are then downloaded via a cloudfront server
[d4kkhvu20wq9i.cloudfront.net]:👉🏼 Full translated review:
https://rwtxt.lelux.fi/blackbox/swiftkey-blackbox-with-permanent-tracking
Source 🇩🇪:
https://www.kuketz-blog.de/swiftkey-blackbox-mit-dauerhaftem-tracking/
#SwifkKey #App #review #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Firefox classifies HTTP websites as insecure in the future
The function is active and works in Firefox 70. The function is currently available only in the Nightly Channel. But Firefox 68 can also be configured manually so that the URLs of unencrypted websites are provided with a crossed-out lock and the addition "Not secure".
💡 According to the report, the security warning is now activated in the Nightly version of Firefox 70.
Users of the current version 68 can already unlock the feature via the configuration page "
You simply have to change the following settings by double clicking to "True":
„
„
„
„
„
https://www.ghacks.net/2019/07/18/firefox-to-mark-all-http-sites-as-not-secure/
#mozilla #firefox #browser #tip #tricks #HTTP #encryption
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The function is active and works in Firefox 70. The function is currently available only in the Nightly Channel. But Firefox 68 can also be configured manually so that the URLs of unencrypted websites are provided with a crossed-out lock and the addition "Not secure".
💡 According to the report, the security warning is now activated in the Nightly version of Firefox 70.
Users of the current version 68 can already unlock the feature via the configuration page "
about:config".You simply have to change the following settings by double clicking to "True":
„
about:config“„
security.insecure_connection_icon.enabled“„
security.insecure_connection_icon.pbmode.enabled“„
security.insecure_connection_text.enabled“„
security.insecure_connection_text.pbmode.enabled“ https://www.ghacks.net/2019/07/18/firefox-to-mark-all-http-sites-as-not-secure/
#mozilla #firefox #browser #tip #tricks #HTTP #encryption
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Amazon is turning advertising into its next huge business — here’s how
☢️ Amazon has built a huge advertising business. Here’s a little more about how it all works.
☢️ The e-commerce giant lets advertisers reach consumers through product ads or even videos on third-party websites.
☢️ While shopping on Prime Day, this is how to spot and understand some of the ad products used to encourage you to buy certain products.
If you were browsing Amazon in search of deals for Prime Day, you undoubtedly came across a lot of ads. That’s because Amazon has a trove of information about buying habits that makes it a valuable place for advertisers.
Think about it: Amazon knows the last time you bought toothpaste on the site and which brand you typically like to buy. Advertisers can use that information to try to get you to buy their brand of toothpaste right when you’re running low.
Other advertisers can use Amazon to target ads, even if they’re selling products that you can’t necessarily buy on Amazon, like insurance or a car. These advertisers can use Amazon’s extensive customer data to figure out who might buy their product or services, and they can use Amazon’s ad products to reach those people, both on Amazon’s properties and through a network of third-party sites.
This rich trove of data has made Amazon into the third-largest digital ad platform in the U.S. and a growing contender to take on the digital ad duopoly of Google and Facebook. Earlier this year, eMarketer said it expected Amazon to claim 8.8% of U.S. digital ad spend in 2019, up from 6.8% in 2018, while expecting Google to drop from 38.2% to 37.2%. Meanwhile, Facebook was expected to pull 22.1% of digital ad spend in 2019, up very slightly from 21.8%. Amazon’s net sales in its “other” category, which consists primarily of advertising sales, was $2.72 billion in the first quarter.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/amazon-is-turning-advertising-into-its-next-huge-business-heres-how
#DeleteAmazon #advertising #business
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
☢️ Amazon has built a huge advertising business. Here’s a little more about how it all works.
☢️ The e-commerce giant lets advertisers reach consumers through product ads or even videos on third-party websites.
☢️ While shopping on Prime Day, this is how to spot and understand some of the ad products used to encourage you to buy certain products.
If you were browsing Amazon in search of deals for Prime Day, you undoubtedly came across a lot of ads. That’s because Amazon has a trove of information about buying habits that makes it a valuable place for advertisers.
Think about it: Amazon knows the last time you bought toothpaste on the site and which brand you typically like to buy. Advertisers can use that information to try to get you to buy their brand of toothpaste right when you’re running low.
Other advertisers can use Amazon to target ads, even if they’re selling products that you can’t necessarily buy on Amazon, like insurance or a car. These advertisers can use Amazon’s extensive customer data to figure out who might buy their product or services, and they can use Amazon’s ad products to reach those people, both on Amazon’s properties and through a network of third-party sites.
This rich trove of data has made Amazon into the third-largest digital ad platform in the U.S. and a growing contender to take on the digital ad duopoly of Google and Facebook. Earlier this year, eMarketer said it expected Amazon to claim 8.8% of U.S. digital ad spend in 2019, up from 6.8% in 2018, while expecting Google to drop from 38.2% to 37.2%. Meanwhile, Facebook was expected to pull 22.1% of digital ad spend in 2019, up very slightly from 21.8%. Amazon’s net sales in its “other” category, which consists primarily of advertising sales, was $2.72 billion in the first quarter.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/amazon-is-turning-advertising-into-its-next-huge-business-heres-how
#DeleteAmazon #advertising #business
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Newly Discovered Malware Framework Cashing in on Ad Fraud
A newly discovered malware framework is responsible for more than one billion fraudulent ad impressions in the past three months, generating its operators significant Google AdSense revenue on a monthly basis.
Flashpoint researchers uncovered the framework, which features three separate stages that ultimately install a malicious browser extension designed to perform fraudulent AdSense impressions, as well as generate likes on YouTube videos and watch hidden Twitch streams.
The framework is designed to pad statistics on social sites and ad impressions, creating revenue for its operators who are using a botnet to attack the content and advertising platforms by spreading the malware and targeting browsers including Google Chrome, Mozilla Firefox, and Yandex’s browser.
Most video and streaming services have tiers for their content producers, which calculates how much they are paid for their content. Content producers benefit financially from higher counts, which can lead to some unscrupulous behavior.
Flashpoint researchers found code, for example, that looks for YouTube referrers and then injects a new noscript tag to load code for YouTube. In this case, the injected JavaScript has an extensive amount of code that is designed to like videos, most of which are related to political topics in Russia. Separately, researchers also found code that injects an iframe into the browser designed to play a hidden Twitch stream, padding the viewer stats for the streamer on that page.
Read more:
https://www.flashpoint-intel.com/blog/newly-discovered-malware-framework-cashing-in-on-ad-fraud/
#malware #malicious #framework #AdFraud #AdSense #browser #extension
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A newly discovered malware framework is responsible for more than one billion fraudulent ad impressions in the past three months, generating its operators significant Google AdSense revenue on a monthly basis.
Flashpoint researchers uncovered the framework, which features three separate stages that ultimately install a malicious browser extension designed to perform fraudulent AdSense impressions, as well as generate likes on YouTube videos and watch hidden Twitch streams.
The framework is designed to pad statistics on social sites and ad impressions, creating revenue for its operators who are using a botnet to attack the content and advertising platforms by spreading the malware and targeting browsers including Google Chrome, Mozilla Firefox, and Yandex’s browser.
Most video and streaming services have tiers for their content producers, which calculates how much they are paid for their content. Content producers benefit financially from higher counts, which can lead to some unscrupulous behavior.
Flashpoint researchers found code, for example, that looks for YouTube referrers and then injects a new noscript tag to load code for YouTube. In this case, the injected JavaScript has an extensive amount of code that is designed to like videos, most of which are related to political topics in Russia. Separately, researchers also found code that injects an iframe into the browser designed to play a hidden Twitch stream, padding the viewer stats for the streamer on that page.
Read more:
https://www.flashpoint-intel.com/blog/newly-discovered-malware-framework-cashing-in-on-ad-fraud/
#malware #malicious #framework #AdFraud #AdSense #browser #extension
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
David K. Levine is Against Intellectual Monopoly
David K. Levine is an economist at the European University Institute and at Washington University in St. Louis. He is the author with Michele Boldrin of Against Intellectual Monopoly, an empirical study of the economics of intellectual property that concludes that IP is not necessary for innovation and as a practical matter is damaging to growth, prosperity and liberty.
📺 https://www.corbettreport.com/david-k-levine-is-against-intellectual-monopoly/
#corbettreport #intellectual #monopoly #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
David K. Levine is an economist at the European University Institute and at Washington University in St. Louis. He is the author with Michele Boldrin of Against Intellectual Monopoly, an empirical study of the economics of intellectual property that concludes that IP is not necessary for innovation and as a practical matter is damaging to growth, prosperity and liberty.
📺 https://www.corbettreport.com/david-k-levine-is-against-intellectual-monopoly/
#corbettreport #intellectual #monopoly #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
NBC Released A Tape Showing Donald Trump and Jeffrey Epstein discussing women at 1992 party
An footage from 1992 released this week by NBC, United States President Donald Trump can be seen joking and laughing with Jeffrey Epstein at a party.
Trump said that Epstein was a “terrific guy”
“He’s a lot of fun to be with. It is even said that he likes beautiful women as much as I do, and many of them are on the younger side,” Trump said at the time.
https://www.nbcnews.com/news/us-news/tape-shows-donald-trump-jeffrey-epstein-discussing-women-1992-party-n1030686
#Epstein #Trump #pedo #conspiracy #SexTrafficking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
An footage from 1992 released this week by NBC, United States President Donald Trump can be seen joking and laughing with Jeffrey Epstein at a party.
Trump said that Epstein was a “terrific guy”
“He’s a lot of fun to be with. It is even said that he likes beautiful women as much as I do, and many of them are on the younger side,” Trump said at the time.
https://www.nbcnews.com/news/us-news/tape-shows-donald-trump-jeffrey-epstein-discussing-women-1992-party-n1030686
#Epstein #Trump #pedo #conspiracy #SexTrafficking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Tracking sex: The implications of widespread sexual data leakage and tracking on porn websites
This paper explores tracking and privacy risks on pornography websites. Our analysis of 22,484 pornography websites indicated that 93% leak user data to a third party.
Tracking on these sites is highly concentrated by a handful of major companies, which we identify. We successfully extracted privacy policies for 3,856 sites, 17% of the total. The policies were written such that one might need a two-year college education to understand them.
Our content analysis of the sample's domains indicated 44.97% of them expose or suggest a specific gender/sexual identity or interest likely to be linked to the user. We identify three core implications of the quantitative results: 1) the unique/elevated risks of porn data leakage versus other types of data, 2) the particular risks/impact for vulnerable populations, and 3) the complications of providing consent for porn site users and the need for affirmative consent in these online sexual interactions.
PDF - Analysis:
https://arxiv.org/pdf/1907.06520.pdf
#study #analysis #sex #porn #websites #tracking #google #facebook #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This paper explores tracking and privacy risks on pornography websites. Our analysis of 22,484 pornography websites indicated that 93% leak user data to a third party.
Tracking on these sites is highly concentrated by a handful of major companies, which we identify. We successfully extracted privacy policies for 3,856 sites, 17% of the total. The policies were written such that one might need a two-year college education to understand them.
Our content analysis of the sample's domains indicated 44.97% of them expose or suggest a specific gender/sexual identity or interest likely to be linked to the user. We identify three core implications of the quantitative results: 1) the unique/elevated risks of porn data leakage versus other types of data, 2) the particular risks/impact for vulnerable populations, and 3) the complications of providing consent for porn site users and the need for affirmative consent in these online sexual interactions.
PDF - Analysis:
https://arxiv.org/pdf/1907.06520.pdf
#study #analysis #sex #porn #websites #tracking #google #facebook #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
DataSpii: The catastrophic data leak via browser extensions
We present DataSpii (pronounced data-spy), the catastrophic data leak that occurs when any one of eight browser extensions collects browsing activity data — including personally identifiable information (PII) and corporate information (CI) — from unwitting Chrome and Firefox users.
Our investigation uncovered an online service selling the collected browsing activity data to its subnoscription members in near real-time. In this report, we delineate the sensitive data source types relevant to the security of individuals and businesses across the globe.
We observed two extensions employing dilatory tactics — an effective maneuver for eluding detection — to collect the data. We identified the collection of sensitive data from the internal network environments of Fortune 500 companies.
Several Fortune 500 companies provided an additional measure of confirmation through a process of responsible disclosure. By deploying a honeypot to monitor web traffic, we discovered near-immediate visits to URLs collected by the extensions. To address the evolving threat to data security, we propose preemptive measures such as limiting access to shareable links, and removing PII and CI from metadata.
👉🏼 https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/
I found your data. It’s for sale.
As many as 4 million people have Web browser extensions that sell their every click. And that’s just the tip of the iceberg.
I’ve watched you check in for a flight and seen your doctor refilling a prenoscription.
I’ve peeked inside corporate networks at reports on faulty rockets. If I wanted, I could’ve even opened a tax return you only shared with your accountant.
I found your data because it’s for sale online. Even more terrifying: It’s happening because of software you probably installed yourself.
My latest investigation into the secret life of our data is not a fire drill. Working with an independent security researcher, I found as many as 4 million people have been leaking personal and corporate secrets through Chrome and Firefox. Even a colleague in The Washington Post’s newsroom got caught up. When we told browser makers Google and Mozilla, they shut these leaks immediately — but we probably identified only a fraction of the problem
👉🏼 https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/
#DataSpii #DataSpy #browser #extensions #data #leak #security #investigation #chrome #firefox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
We present DataSpii (pronounced data-spy), the catastrophic data leak that occurs when any one of eight browser extensions collects browsing activity data — including personally identifiable information (PII) and corporate information (CI) — from unwitting Chrome and Firefox users.
Our investigation uncovered an online service selling the collected browsing activity data to its subnoscription members in near real-time. In this report, we delineate the sensitive data source types relevant to the security of individuals and businesses across the globe.
We observed two extensions employing dilatory tactics — an effective maneuver for eluding detection — to collect the data. We identified the collection of sensitive data from the internal network environments of Fortune 500 companies.
Several Fortune 500 companies provided an additional measure of confirmation through a process of responsible disclosure. By deploying a honeypot to monitor web traffic, we discovered near-immediate visits to URLs collected by the extensions. To address the evolving threat to data security, we propose preemptive measures such as limiting access to shareable links, and removing PII and CI from metadata.
👉🏼 https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/
I found your data. It’s for sale.
As many as 4 million people have Web browser extensions that sell their every click. And that’s just the tip of the iceberg.
I’ve watched you check in for a flight and seen your doctor refilling a prenoscription.
I’ve peeked inside corporate networks at reports on faulty rockets. If I wanted, I could’ve even opened a tax return you only shared with your accountant.
I found your data because it’s for sale online. Even more terrifying: It’s happening because of software you probably installed yourself.
My latest investigation into the secret life of our data is not a fire drill. Working with an independent security researcher, I found as many as 4 million people have been leaking personal and corporate secrets through Chrome and Firefox. Even a colleague in The Washington Post’s newsroom got caught up. When we told browser makers Google and Mozilla, they shut these leaks immediately — but we probably identified only a fraction of the problem
👉🏼 https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/
#DataSpii #DataSpy #browser #extensions #data #leak #security #investigation #chrome #firefox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
No solo FaceApp: miles de aplicaciones espían aunque se les niegue el permiso.
El caso de FaceApp, la aplicación que utiliza inteligencia artificial para envejecer un rostro y mostrar una imagen realista, ha puesto el punto de mira sobre un aspecto común en el que pocos usuarios reparan. Al instalarla, se advierte de que todos nuestros datos serán utilizados e incluso cedidos a terceros, por lo que se pierde el control. En este caso se avisa en un proceso que pocos usuarios leen o que aceptan sin pensar en las consecuencias. Pero algunos programas para móviles pueden no necesitar ni siquiera el consentimiento explícito. Miles de aplicaciones burlan las limitaciones y espían, aunque no se les autorice.
¿Para qué necesita la linterna del móvil acceder a la ubicación de un usuario? ¿Y una aplicación de retoque fotográfico al micrófono? ¿O una grabadora a los contactos? En principio, estas apps no precisan de este tipo de permisos para su funcionamiento. Cuando acceden a ellos, suele ser en búsqueda de un bien sumamente valioso: los datos. Los usuarios pueden dar o denegar diferentes permisos a las aplicaciones para que accedan a su ubicación, los contactos o los archivos almacenados en el teléfono. Pero una investigación de un equipo de expertos en ciberseguridad ha revelado que hasta 12.923 apps han encontrado la forma de seguir recopilando información privada pese a haberles negado los permisos explícitamente.
Este estudio pone de manifiesto la dificultad de los usuarios de salvaguardar su privacidad. Investigadores del Instituto Internacional de Ciencias Computacionales (ICSI) en Berkeley, IMDEA Networks Institute de Madrid, la Universidad de Calgary y AppCensus han analizado un total de 88.000 aplicaciones de la Play Store y han observado cómo miles de aplicaciones acceden a información como la ubicación o datos del terminal que el usuario les había denegado previamente.
Los expertos aún no han hecho pública la lista completa de apps que realizan estas prácticas. Pero según la investigación, se encuentran entre ellas la aplicación del parque de Disneyland en Hong Kong, el navegador de Samsung o el buscador chino Baidu. El número de usuarios potenciales afectados por estos hallazgos es de “cientos de millones”.
Borja Adsuara, abogado experto en derecho digital, asegura que se trata de “una infracción muy grave” porque el sistema operativo Android requiere que las apps pidan el acceso consentido a estos datos a través de permisos y el usuario les dice expresamente que no. El consentimiento, según explica, funciona de forma muy parecida tanto en la intimidad física como en la no física —datos personales—. “Es como en el caso de una violación en el que la víctima dice expresamente que no”, afirma.
Narseo Vallina-Rodríguez, coautor del estudio, señala que “no está claro si habrá parches o actualizaciones para los miles de millones de usuarios Android que a día de hoy utilizan versiones del sistema operativo con estas vulnerabilidades". Google no ha concretado a este periódico si tiene pensado retirar del mercado o tomar alguna medida en relación a las aplicaciones que, según el estudio, acceden a los datos de los usuarios sin el permiso pertinente. No obstante, ha asegurado que el problema se resolverá con Android Q, la próxima versión de su sistema operativo. La compañía pretende lanzar a lo largo del año seis versiones beta antes de dar a conocer la versión final durante el tercer trimestre del año.
¿Cómo acceden las aplicaciones a información privada del usuario sin los permisos necesarios? Las apps burlan los mecanismos de control del sistema operativo mediante los side channels y los covert channels. Vallina hace la siguiente comparación: “Para entrar en una casa [el dato del usuario] puedes hacerlo por la puerta con la llave que te ha dado el dueño [el permiso], pero también lo puedes hacer sin consentimiento del propietario aprovechándote de una vulnerabilidad de la puerta [un side channel] o con la ayuda de alguien que ya está dentro [covert channel]".
El caso de FaceApp, la aplicación que utiliza inteligencia artificial para envejecer un rostro y mostrar una imagen realista, ha puesto el punto de mira sobre un aspecto común en el que pocos usuarios reparan. Al instalarla, se advierte de que todos nuestros datos serán utilizados e incluso cedidos a terceros, por lo que se pierde el control. En este caso se avisa en un proceso que pocos usuarios leen o que aceptan sin pensar en las consecuencias. Pero algunos programas para móviles pueden no necesitar ni siquiera el consentimiento explícito. Miles de aplicaciones burlan las limitaciones y espían, aunque no se les autorice.
¿Para qué necesita la linterna del móvil acceder a la ubicación de un usuario? ¿Y una aplicación de retoque fotográfico al micrófono? ¿O una grabadora a los contactos? En principio, estas apps no precisan de este tipo de permisos para su funcionamiento. Cuando acceden a ellos, suele ser en búsqueda de un bien sumamente valioso: los datos. Los usuarios pueden dar o denegar diferentes permisos a las aplicaciones para que accedan a su ubicación, los contactos o los archivos almacenados en el teléfono. Pero una investigación de un equipo de expertos en ciberseguridad ha revelado que hasta 12.923 apps han encontrado la forma de seguir recopilando información privada pese a haberles negado los permisos explícitamente.
Este estudio pone de manifiesto la dificultad de los usuarios de salvaguardar su privacidad. Investigadores del Instituto Internacional de Ciencias Computacionales (ICSI) en Berkeley, IMDEA Networks Institute de Madrid, la Universidad de Calgary y AppCensus han analizado un total de 88.000 aplicaciones de la Play Store y han observado cómo miles de aplicaciones acceden a información como la ubicación o datos del terminal que el usuario les había denegado previamente.
Los expertos aún no han hecho pública la lista completa de apps que realizan estas prácticas. Pero según la investigación, se encuentran entre ellas la aplicación del parque de Disneyland en Hong Kong, el navegador de Samsung o el buscador chino Baidu. El número de usuarios potenciales afectados por estos hallazgos es de “cientos de millones”.
Borja Adsuara, abogado experto en derecho digital, asegura que se trata de “una infracción muy grave” porque el sistema operativo Android requiere que las apps pidan el acceso consentido a estos datos a través de permisos y el usuario les dice expresamente que no. El consentimiento, según explica, funciona de forma muy parecida tanto en la intimidad física como en la no física —datos personales—. “Es como en el caso de una violación en el que la víctima dice expresamente que no”, afirma.
Narseo Vallina-Rodríguez, coautor del estudio, señala que “no está claro si habrá parches o actualizaciones para los miles de millones de usuarios Android que a día de hoy utilizan versiones del sistema operativo con estas vulnerabilidades". Google no ha concretado a este periódico si tiene pensado retirar del mercado o tomar alguna medida en relación a las aplicaciones que, según el estudio, acceden a los datos de los usuarios sin el permiso pertinente. No obstante, ha asegurado que el problema se resolverá con Android Q, la próxima versión de su sistema operativo. La compañía pretende lanzar a lo largo del año seis versiones beta antes de dar a conocer la versión final durante el tercer trimestre del año.
¿Cómo acceden las aplicaciones a información privada del usuario sin los permisos necesarios? Las apps burlan los mecanismos de control del sistema operativo mediante los side channels y los covert channels. Vallina hace la siguiente comparación: “Para entrar en una casa [el dato del usuario] puedes hacerlo por la puerta con la llave que te ha dado el dueño [el permiso], pero también lo puedes hacer sin consentimiento del propietario aprovechándote de una vulnerabilidad de la puerta [un side channel] o con la ayuda de alguien que ya está dentro [covert channel]".
Puedes abrir una puerta con una llave, pero también puedes encontrar la forma de hacerlo sin tener esa llave”. Lo mismo ocurre al intentar acceder a la geolocalización de un terminal. Puedes no tener acceso al GPS, pero hallar el modo de acceder a la información del posicionamiento del usuario.
Metadatos
Una forma de hacerlo es a través de los metadatos que están integrados en las fotografías sacadas por el propietario del smartphone, según Vallina. "Por defecto, cada fotografía que saca un usuario Android contiene metadatos como la posición y la hora en la que se han tomado. Varias apps acceden a la posición histórica del usuario pidiendo el permiso para leer la tarjeta de memoria, porque ahí es donde están almacenadas las fotografías, sin tener que pedir acceso al GPS”, afirma. Es el caso de Shutterfly, una aplicación de edición de fotografía. Los investigadores han comprobado que recababa información de coordenadas de GPS a partir de las imágenes de los usuarios pese a que le hubieran denegado el permiso para acceder a su ubicación.
También es posible acceder a la geolocalización a través del punto de acceso wifi con la dirección MAC del router, un identificador asignado por el fabricante que se puede correlacionar con bases de datos existentes para averiguar la posición del usuario “con una resolución bastante precisa”.
Para que la aplicación pueda acceder a esta información, existe un permiso que el usuario debe activar en su smartphone llamado “información de la conexión wifi”, según explica Vallina. Pero hay apps que consiguen obtener estos datos sin que el permiso esté activado. Para hacerlo, extraen la dirección MAC del router que el terminal obtiene mediante el protocolo ARP (Address Resolution Protocol), que se usa para conectar y descubrir los dispositivos que están en una red local. Es decir, las aplicaciones pueden acceder a un fichero que expone la información MAC del punto de acceso wifi: “Si lees ese fichero que el sistema operativo expone sin ningún tipo de permiso, puedes saber la geolocalización de forma totalmente opaca para el usuario”.
Librerías de terceros
Muchas de estas filtraciones de datos o abusos a la privacidad del usuario se realizan por librerías, que son servicios o miniprogramas de terceros incluidos en el código de las aplicaciones. Estas librerías se ejecutan con los mismos privilegios que la app en la que se encuentran. En muchas ocasiones, el usuario no es consciente de que existen. “Muchos de esos servicios tienen un modelo de negocio que está basado en la obtención y el procesado de los datos personales”, afirma el investigador.
Por ejemplo, aplicaciones como la del parque de Disneyland de Hong Kong utilizan el servicio de mapas de la compañía china Baidu. De esta forma, pueden acceder sin necesidad de tener ningún permiso a información como el IMEI y otros identificadores que las librerías del buscador chino almacenan en la tarjeta SD. Las aplicaciones de salud y navegación de Samsung, que están instaladas en más de 500 millones de dispositivos, también han utilizado este tipo de librerías para su funcionamiento. “La propia librería explota esas vulnerabilidades para acceder a esos datos para sus propios fines. No está claro si luego el desarrollador de la app accede a esos datos a través de la librería”, explica.
Vallina afirma que en las próximas investigaciones analizarán el ecosistema de las librerías de terceros y para qué fines se obtienen los datos. También estudiarán los modelos de monetización que existen en Android y la transparencia de las aplicaciones en cuanto a lo que hacen y lo que dicen hacer en las políticas de privacidad. Para evitar este tipo de prácticas, el también coautor del estudio Joel Reardon señala la importancia de realizar investigaciones de este tipo con el objetivo de “encontrar estos errores y prevenirlos”.
Metadatos
Una forma de hacerlo es a través de los metadatos que están integrados en las fotografías sacadas por el propietario del smartphone, según Vallina. "Por defecto, cada fotografía que saca un usuario Android contiene metadatos como la posición y la hora en la que se han tomado. Varias apps acceden a la posición histórica del usuario pidiendo el permiso para leer la tarjeta de memoria, porque ahí es donde están almacenadas las fotografías, sin tener que pedir acceso al GPS”, afirma. Es el caso de Shutterfly, una aplicación de edición de fotografía. Los investigadores han comprobado que recababa información de coordenadas de GPS a partir de las imágenes de los usuarios pese a que le hubieran denegado el permiso para acceder a su ubicación.
También es posible acceder a la geolocalización a través del punto de acceso wifi con la dirección MAC del router, un identificador asignado por el fabricante que se puede correlacionar con bases de datos existentes para averiguar la posición del usuario “con una resolución bastante precisa”.
Para que la aplicación pueda acceder a esta información, existe un permiso que el usuario debe activar en su smartphone llamado “información de la conexión wifi”, según explica Vallina. Pero hay apps que consiguen obtener estos datos sin que el permiso esté activado. Para hacerlo, extraen la dirección MAC del router que el terminal obtiene mediante el protocolo ARP (Address Resolution Protocol), que se usa para conectar y descubrir los dispositivos que están en una red local. Es decir, las aplicaciones pueden acceder a un fichero que expone la información MAC del punto de acceso wifi: “Si lees ese fichero que el sistema operativo expone sin ningún tipo de permiso, puedes saber la geolocalización de forma totalmente opaca para el usuario”.
Librerías de terceros
Muchas de estas filtraciones de datos o abusos a la privacidad del usuario se realizan por librerías, que son servicios o miniprogramas de terceros incluidos en el código de las aplicaciones. Estas librerías se ejecutan con los mismos privilegios que la app en la que se encuentran. En muchas ocasiones, el usuario no es consciente de que existen. “Muchos de esos servicios tienen un modelo de negocio que está basado en la obtención y el procesado de los datos personales”, afirma el investigador.
Por ejemplo, aplicaciones como la del parque de Disneyland de Hong Kong utilizan el servicio de mapas de la compañía china Baidu. De esta forma, pueden acceder sin necesidad de tener ningún permiso a información como el IMEI y otros identificadores que las librerías del buscador chino almacenan en la tarjeta SD. Las aplicaciones de salud y navegación de Samsung, que están instaladas en más de 500 millones de dispositivos, también han utilizado este tipo de librerías para su funcionamiento. “La propia librería explota esas vulnerabilidades para acceder a esos datos para sus propios fines. No está claro si luego el desarrollador de la app accede a esos datos a través de la librería”, explica.
Vallina afirma que en las próximas investigaciones analizarán el ecosistema de las librerías de terceros y para qué fines se obtienen los datos. También estudiarán los modelos de monetización que existen en Android y la transparencia de las aplicaciones en cuanto a lo que hacen y lo que dicen hacer en las políticas de privacidad. Para evitar este tipo de prácticas, el también coautor del estudio Joel Reardon señala la importancia de realizar investigaciones de este tipo con el objetivo de “encontrar estos errores y prevenirlos”.
❤1
Si los desarrolladores de aplicaciones pueden eludir los permisos, ¿tiene sentido pedir permiso a los usuarios? “Sí”, responde tajante Reardon. El investigador hace hincapié en que las aplicaciones no pueden burlar todos los mecanismos de control y que poco a poco lo tendrán más difícil. “El sistema de permisos tiene muchos fallos, pero aún así sirve y persigue un propósito importante”, afirma.
Responsabilidad de los desarrolladores
Estas prácticas realizadas sin el consentimiento de los usuarios incumplen, entre otras normativas, el Reglamento General de Protección de Datos (RGPD) y la Ley Orgánica de Protección de Datos. Los desarrolladores de estas aplicaciones podrían enfrentarse, según el RGPD, a sanciones económicas de hasta 20 millones de euros o el 4% de la facturación anual de la empresa. E incluso podrían constituir un delito contra la intimidad (artículo 197 del Código Penal) que podría conllevar penas de prisión, según Adsuara.
El abogado sostiene que la mayor parte de la responsabilidad recae en los desarrolladores. Pero considera que tanto las tiendas —Google Play y Apple Store— como las plataformas que dan acceso a las aplicaciones a los datos de sus usuarios —como Facebook en el caso Cambridge Analytica— tienen una responsabilidad in vigilando: “Es decir, el deber de vigilar que las aplicaciones que aceptan en su tienda o a las que dan acceso a los datos de sus usuarios en su plataforma sean seguras”.
“Aunque cada uno es responsable de sus actos, se echa en falta alguna autoridad española o europea que revise la seguridad de las aplicaciones y servicios TIC antes de lanzarlas al mercado”, afirma. Y subraya que en otros sectores sí existe algún tipo de certificación que garantiza que un producto o servicio es seguro: “A nadie se le ocurre, por ejemplo, que se autorice la circulación de coches a los que les fallan los frenos. Y ya no digamos medicinas, alimentos o juguetes. Sin embargo, es normal en el sector TIC que se lancen al mercado aplicaciones y servicios con agujeros de seguridad, que luego, sobre la marcha, se van parcheando”.
https://elpais.com/tecnologia/2019/07/18/actualidad/1563452146_195128.html
#faceapp #privacidad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Responsabilidad de los desarrolladores
Estas prácticas realizadas sin el consentimiento de los usuarios incumplen, entre otras normativas, el Reglamento General de Protección de Datos (RGPD) y la Ley Orgánica de Protección de Datos. Los desarrolladores de estas aplicaciones podrían enfrentarse, según el RGPD, a sanciones económicas de hasta 20 millones de euros o el 4% de la facturación anual de la empresa. E incluso podrían constituir un delito contra la intimidad (artículo 197 del Código Penal) que podría conllevar penas de prisión, según Adsuara.
El abogado sostiene que la mayor parte de la responsabilidad recae en los desarrolladores. Pero considera que tanto las tiendas —Google Play y Apple Store— como las plataformas que dan acceso a las aplicaciones a los datos de sus usuarios —como Facebook en el caso Cambridge Analytica— tienen una responsabilidad in vigilando: “Es decir, el deber de vigilar que las aplicaciones que aceptan en su tienda o a las que dan acceso a los datos de sus usuarios en su plataforma sean seguras”.
“Aunque cada uno es responsable de sus actos, se echa en falta alguna autoridad española o europea que revise la seguridad de las aplicaciones y servicios TIC antes de lanzarlas al mercado”, afirma. Y subraya que en otros sectores sí existe algún tipo de certificación que garantiza que un producto o servicio es seguro: “A nadie se le ocurre, por ejemplo, que se autorice la circulación de coches a los que les fallan los frenos. Y ya no digamos medicinas, alimentos o juguetes. Sin embargo, es normal en el sector TIC que se lancen al mercado aplicaciones y servicios con agujeros de seguridad, que luego, sobre la marcha, se van parcheando”.
https://elpais.com/tecnologia/2019/07/18/actualidad/1563452146_195128.html
#faceapp #privacidad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El País
No solo FaceApp: miles de aplicaciones espían aunque se les niegue el permiso
Casi 13.000 ‘apps’ burlan los permisos de Android para recopilar datos de los usuarios
Media is too big
VIEW IN TELEGRAM
Gaslight – Film, Literature and the New World Order
In this edition of Film, Literature and the #NewWorldOrder we welcome Thomas Sheridan, author of The Anvil of the Psyche, to discuss Gaslight, the 1940 British psychological thriller that introduced us to the concept of ‘gaslighting.’ In the discussion we point out how common #gaslighting is, ask “Are you being gaslighted?”, talk about techniques for defending oneself from gaslighting, and talk about how this technique is used on a societal level by the# psychopaths at the top of the pyramid.
📺 https://www.corbettreport.com/gaslight-film-literature-and-the-new-world-order/
#corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
In this edition of Film, Literature and the #NewWorldOrder we welcome Thomas Sheridan, author of The Anvil of the Psyche, to discuss Gaslight, the 1940 British psychological thriller that introduced us to the concept of ‘gaslighting.’ In the discussion we point out how common #gaslighting is, ask “Are you being gaslighted?”, talk about techniques for defending oneself from gaslighting, and talk about how this technique is used on a societal level by the# psychopaths at the top of the pyramid.
📺 https://www.corbettreport.com/gaslight-film-literature-and-the-new-world-order/
#corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
On TikTok, Teens Meme the Safety App Ruining Their Summer
Spend enough time on the social media app TikTok, and you’re bound to see a Life360 meme. That’s because Life360, a location-sharing app aimed at families, is apparently ruining the lives of teenagers all across the United States. The service allows parents to track their kids’ whereabouts in real time, among other features. As one girl with long, blond hair jokes in a popular TikTok clip, it’s set her summer vacation on fire. Some of the videos have racked up hundreds of thousands of likes—in other words, they’re relatable.
That’s because for many adolescents, adult supervision has turned into adult surveillance. Schools are adopting facial recognition technology to monitor campuses. Parents can now remotely check their child’s browsing histories and social media accounts, watch their movements via motion-sensing cameras, and track everywhere they go with location-sharing apps. In a Pew Research Center study last year, 58 percent of US parents said they sometimes or often look at their teenager’s messages, call logs, and the websites they visit. In a separate study from 2016, 16 percent said they used location-sharing apps.
Life360 is one of the many digital monitoring tools now used by millions of parents in the United States. The app functions like an enhanced version of Apple’s “Find My” feature that lets you share your location with friends or family—or what the company calls “your Circle.” In addition to location sharing, Life360 lets family members see how fast people in their circle are driving, how much battery their cell phones have, and more. The service is free to download and use, although you can pay for additional features. According to the San Francisco-based company, Life360 had over 18 million monthly active users at the end of 2018.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/on-tiktok-teens-meme-the-safety-app-ruining-their-summer
#Life360 #surveillance #teens #USA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Spend enough time on the social media app TikTok, and you’re bound to see a Life360 meme. That’s because Life360, a location-sharing app aimed at families, is apparently ruining the lives of teenagers all across the United States. The service allows parents to track their kids’ whereabouts in real time, among other features. As one girl with long, blond hair jokes in a popular TikTok clip, it’s set her summer vacation on fire. Some of the videos have racked up hundreds of thousands of likes—in other words, they’re relatable.
That’s because for many adolescents, adult supervision has turned into adult surveillance. Schools are adopting facial recognition technology to monitor campuses. Parents can now remotely check their child’s browsing histories and social media accounts, watch their movements via motion-sensing cameras, and track everywhere they go with location-sharing apps. In a Pew Research Center study last year, 58 percent of US parents said they sometimes or often look at their teenager’s messages, call logs, and the websites they visit. In a separate study from 2016, 16 percent said they used location-sharing apps.
Life360 is one of the many digital monitoring tools now used by millions of parents in the United States. The app functions like an enhanced version of Apple’s “Find My” feature that lets you share your location with friends or family—or what the company calls “your Circle.” In addition to location sharing, Life360 lets family members see how fast people in their circle are driving, how much battery their cell phones have, and more. The service is free to download and use, although you can pay for additional features. According to the San Francisco-based company, Life360 had over 18 million monthly active users at the end of 2018.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/on-tiktok-teens-meme-the-safety-app-ruining-their-summer
#Life360 #surveillance #teens #USA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
Why change to Telegram?
Telegram is for everyone who likes fast and reliable messages and calls.
Whether small or large groups. Your own username, desktop applications or powerful options to share files with your friends ....
#telegram #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Telegram is for everyone who likes fast and reliable messages and calls.
Whether small or large groups. Your own username, desktop applications or powerful options to share files with your friends ....
#telegram #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Israeli group’s spyware ‘offers keys to Big Tech’s cloud’
Company’s sales pitch claimed technology can access data from Apple, Google, Facebook and Amazon
The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch.
NSO Group’s flagship smartphone malware, nicknamed Pegasus, has for years been used by spy agencies and governments to harvest data from targeted individuals’ smartphones.
But it has now evolved to capture the much greater trove of information stored beyond the phone in the cloud, such as a full history of a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration.
The documents raise difficult questions for Silicon Valley’s technology giants, which are trusted by billions of users to keep critical personal information, corporate secrets and medical records safe from potential hackers.
NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents.
The company has always maintained that its software, which is designated by Israel as a weapon, is only sold to responsible governments to help prevent terrorist attacks and crimes. But Pegasus has been traced by researchers to the phones of human rights activists and journalists around the world, raising allegations that it is being abused by repressive regimes.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/israeli-groups-spyware-offers-keys-to-big-techs-cloud
#spyware #israel #pegasus #cloud #apple #facebook #google #amazon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Company’s sales pitch claimed technology can access data from Apple, Google, Facebook and Amazon
The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch.
NSO Group’s flagship smartphone malware, nicknamed Pegasus, has for years been used by spy agencies and governments to harvest data from targeted individuals’ smartphones.
But it has now evolved to capture the much greater trove of information stored beyond the phone in the cloud, such as a full history of a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration.
The documents raise difficult questions for Silicon Valley’s technology giants, which are trusted by billions of users to keep critical personal information, corporate secrets and medical records safe from potential hackers.
NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents.
The company has always maintained that its software, which is designated by Israel as a weapon, is only sold to responsible governments to help prevent terrorist attacks and crimes. But Pegasus has been traced by researchers to the phones of human rights activists and journalists around the world, raising allegations that it is being abused by repressive regimes.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/israeli-groups-spyware-offers-keys-to-big-techs-cloud
#spyware #israel #pegasus #cloud #apple #facebook #google #amazon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Dancing to the beat of the 419
How internet scams are funding Nigerias pop scene
Would-be Afrobeats stars need cash to make it in Nigeria’s music industry — and cybercriminals have plenty to burn. The partnership has generated some of the country’s biggest hits, and put famous names behind bars.
Naira Marley swaggers on to the stage. He needs no introduction. Instantly, the mood of the crowd at the open-air Eko Atlantic concert venue in Lagos lifts.
Some start to scream his name, and he nods in their direction, soaking up the adulation before launching straight into his biggest hit.
“Issa Goal, Issa Goal,” the crowd sings along with him, and he delights them further with a few steps from Zanku, a popular dance routine.
It is December 28 2018, and Marley is one of the hottest stars in the country, performing here at the invitation of an even bigger Nigerian star, Davido. Issa Goal propelled Marley to stardom, and it is being played in every club, on every dance floor, and was even chosen as the official soundtrack for Nigeria’s efforts at the 2018 football World Cup.
But if Marley’s rise was spectacular, his fall from grace was even more so. Six months later, he found himself behind bars at the Kirikiri Maximum Security Prison in Lagos, facing 11 criminal charges relating to cybercrime, fraud and possession of counterfeit cards.
His next public appearance, at a court hearing, was a far cry from his sold-out concerts. He looked chastened as he pushed his way through a scrum of photographers; a video of his mother crying went viral.
In June, Marley was granted bail, but if convicted he could spend seven years in prison.
Marley’s is by no means an isolated case. Nigeria is world-famous when it comes to cyberscamming. What is less well understood is that internet fraudsters are also bankrolling some of the biggest stars in Nigerian music and that these stars, in turn, are using their platform to generate sympathy for the criminals.
Full story at:
http://atavist.mg.co.za/dancing-to-the-beat-of-the-419
#Nigeria #scams #internet #music #funding
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
How internet scams are funding Nigerias pop scene
Would-be Afrobeats stars need cash to make it in Nigeria’s music industry — and cybercriminals have plenty to burn. The partnership has generated some of the country’s biggest hits, and put famous names behind bars.
Naira Marley swaggers on to the stage. He needs no introduction. Instantly, the mood of the crowd at the open-air Eko Atlantic concert venue in Lagos lifts.
Some start to scream his name, and he nods in their direction, soaking up the adulation before launching straight into his biggest hit.
“Issa Goal, Issa Goal,” the crowd sings along with him, and he delights them further with a few steps from Zanku, a popular dance routine.
It is December 28 2018, and Marley is one of the hottest stars in the country, performing here at the invitation of an even bigger Nigerian star, Davido. Issa Goal propelled Marley to stardom, and it is being played in every club, on every dance floor, and was even chosen as the official soundtrack for Nigeria’s efforts at the 2018 football World Cup.
But if Marley’s rise was spectacular, his fall from grace was even more so. Six months later, he found himself behind bars at the Kirikiri Maximum Security Prison in Lagos, facing 11 criminal charges relating to cybercrime, fraud and possession of counterfeit cards.
His next public appearance, at a court hearing, was a far cry from his sold-out concerts. He looked chastened as he pushed his way through a scrum of photographers; a video of his mother crying went viral.
In June, Marley was granted bail, but if convicted he could spend seven years in prison.
Marley’s is by no means an isolated case. Nigeria is world-famous when it comes to cyberscamming. What is less well understood is that internet fraudsters are also bankrolling some of the biggest stars in Nigerian music and that these stars, in turn, are using their platform to generate sympathy for the criminals.
Full story at:
http://atavist.mg.co.za/dancing-to-the-beat-of-the-419
#Nigeria #scams #internet #music #funding
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The government or the people. Telecoms firms trapped in internet shutdowns
Several African governments have ordered some form of internet restriction in recent years. The blackouts are a major risk, especially for telecoms, which can be considered complicit. And that could cost them.
Chad ended its social media blackout last week. Facebook, Twitter and other similar apps were blocked in the country since March 2018. That could have cost the Chadian economy more than $200 million (€177 million), based on calculations from NGO NetBlocks’ Cost of Shutdown Tool (COST).
The cost of internet restrictions in Africa may have amounted to many hundreds of millions this year alone — with Sudan’s recent blackout being the most expensive to date. COST allows users to see the indirect economic effects of internet shutdowns, says NetBlocks’ director, Alp Toker.
“You see the impact to traders who are not registered in official books,” he adds, pointing to the fact that both the informal sector and the impact to investment are included in the calculation.
Toker believes internet shutdowns can even be more costly in developing countries because they are less likely to have other good communication systems, such as a functioning postal service or a good network of landlines.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/the-government-or-the-people-telecoms-firms-trapped-in-internet-shutdowns
#goverments #internet #shutdown #restriction #blackout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Several African governments have ordered some form of internet restriction in recent years. The blackouts are a major risk, especially for telecoms, which can be considered complicit. And that could cost them.
Chad ended its social media blackout last week. Facebook, Twitter and other similar apps were blocked in the country since March 2018. That could have cost the Chadian economy more than $200 million (€177 million), based on calculations from NGO NetBlocks’ Cost of Shutdown Tool (COST).
The cost of internet restrictions in Africa may have amounted to many hundreds of millions this year alone — with Sudan’s recent blackout being the most expensive to date. COST allows users to see the indirect economic effects of internet shutdowns, says NetBlocks’ director, Alp Toker.
“You see the impact to traders who are not registered in official books,” he adds, pointing to the fact that both the informal sector and the impact to investment are included in the calculation.
Toker believes internet shutdowns can even be more costly in developing countries because they are less likely to have other good communication systems, such as a functioning postal service or a good network of landlines.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/the-government-or-the-people-telecoms-firms-trapped-in-internet-shutdowns
#goverments #internet #shutdown #restriction #blackout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
What Are You DOING With This Information?
Today we hear from a listener who is actually taking steps to detach herself from the #BigTech #matrix. So what are you doing with this information and what changes are you making in your life? Inspire us with your story!
📺 https://www.corbettreport.com/what-are-you-doing-with-this-information/
#corbettreport #podcast #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Today we hear from a listener who is actually taking steps to detach herself from the #BigTech #matrix. So what are you doing with this information and what changes are you making in your life? Inspire us with your story!
📺 https://www.corbettreport.com/what-are-you-doing-with-this-information/
#corbettreport #podcast #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Bangladesh’s Digital Security Bill can have a ‘chilling effect on free speech’: Asia Internet Coalition
We missed this earlier.
Asia Internet Coalition said in June that Bangladesh’s Digital Security Bill (BDSA) creates several obstacles to the conducive use of the internet ecosystem due to several vague obligations, unchecked powers, disproportionate penalties, and unworkable compliance requirements. The coalition, to which Facebook, Google, Amazon, LinkedIn, Twitter, Yahoo! are members, pointed out that the Act can have a chilling effect on free speech, and highlighted issues with how offences are laid out in it. Other members of the coalition are Apple, Expedia Group, Line, Rakuten, Airbnb, Grab, and Booking.com.
Bangladesh had passed the Digital Security Bill 2018 in September last year. Protests have been carried out against the bill; Amnesty International has called the law an attack on freedom of expression.
The coalition pointed out its issues with the Act, and also made some recommendations:
The act can have a ‘chilling effect on free speech’; offences under Act vague and subjective
AIC said that certain provisions of the act such as Section 21, 25 and 31 will have a “chilling effect on speech” because they’re “vaguely drafted”. It cited Section 66A of India’s IT Act which the Indian Supreme Court struck down for being “open ended, undefined, and vague”. It also urged the Bangladeshi government bear in view the “well established” tenets of international human rights law such as Article 19(3) of the International Convention on Civil and Political Rights. It points out issues specific to different clauses:
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/bangladeshs-digital-security-bill-can-have-a-chilling-effect-on-free-speech-asia-internet-coalition
#Bangladesh #DigitalSecurityBil #BDSA #Asia #FreeSpeach #chilling #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
We missed this earlier.
Asia Internet Coalition said in June that Bangladesh’s Digital Security Bill (BDSA) creates several obstacles to the conducive use of the internet ecosystem due to several vague obligations, unchecked powers, disproportionate penalties, and unworkable compliance requirements. The coalition, to which Facebook, Google, Amazon, LinkedIn, Twitter, Yahoo! are members, pointed out that the Act can have a chilling effect on free speech, and highlighted issues with how offences are laid out in it. Other members of the coalition are Apple, Expedia Group, Line, Rakuten, Airbnb, Grab, and Booking.com.
Bangladesh had passed the Digital Security Bill 2018 in September last year. Protests have been carried out against the bill; Amnesty International has called the law an attack on freedom of expression.
The coalition pointed out its issues with the Act, and also made some recommendations:
The act can have a ‘chilling effect on free speech’; offences under Act vague and subjective
AIC said that certain provisions of the act such as Section 21, 25 and 31 will have a “chilling effect on speech” because they’re “vaguely drafted”. It cited Section 66A of India’s IT Act which the Indian Supreme Court struck down for being “open ended, undefined, and vague”. It also urged the Bangladeshi government bear in view the “well established” tenets of international human rights law such as Article 19(3) of the International Convention on Civil and Political Rights. It points out issues specific to different clauses:
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/bangladeshs-digital-security-bill-can-have-a-chilling-effect-on-free-speech-asia-internet-coalition
#Bangladesh #DigitalSecurityBil #BDSA #Asia #FreeSpeach #chilling #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN