Avoid Google apps spyware!

📡 @NoGoolag (links at @microGsupport)

★English Group:
https://news.1rj.ru/str/joinchat/FyFlS0X2D7eDayZ4R4Gkzw

★Indonesian Group:
https://news.1rj.ru/str/joinchat/HVU5S1HNr9FuSwsX0vRCuQ

★Off-Topic Group:
https://news.1rj.ru/str/joinchat/LepbVElZLJbkWMRBNhcPfA

★Guide: t.me/NoGoolag/63
★Installers: t.me/NoGoolag/182

More software
📡 @Libreware

📡 @AuroraOfficial Aurora sw channel

💬 @AuroraSupport Aurora Store group (Foss playstore alternative)

💬 @AuroraDroid Aurora Droid group (F-Droid client)

💬 @AuroraOSS
Group to discuss upcoming Aurora projects (Contacts & Dialer, Aurora Services, Aurora Sync, Aurora Maps)

🦊 Firefox Configuration hardening: @qd_invitation

News
📡 @cRyPtHoN_INFOSEC_EN
📡 @cRyPtHoN_INFOSEC_DE

Data octopuses: Not only Google wants to know where you are and what you do

Google's location tracking on Android devices is legendary. Privacy is almost always a huge problem. Data protectors regularly go to the barricades. Law enforcement agencies are rubbing their hands more and more often. What's more, the largest data octopus of all has created an "unprecedented" data collection system for law enforcement agencies. A data collection that we usually always and mostly unknowingly agree to. But our Android smartphone or iPhone also reveals a lot about us. And that regardless of whether we want it or not.

Why do we unknowingly agree with the passion for data collection, some readers will surely ask. You can turn off location tracking in the settings. Or I simply switch to the so-called "aircraft mode", or alternatively take my SIM card out of the mobile phone. Then Google can no longer track my location and everything is fine, you think. Why this is not quite right and what our android or iPhone and others collect so much data about us, we want to take a closer look at today in this article.

Location tracking: Google doesn't do things by halves
Even if we deactivate the "location history" or "location history" for iPhones and Android smartphones, the data octopus Google continues to locate its users. Even if the function "location history" is switched off, Google or Apps, which we have installed on our Android, evaluates the user's location and saves it locally on the respective device. If we open certain apps or services, the data is then transferred. Even in "airplane mode" or without a SIM card, Google collects location data for each of our steps in the background, i.e. indirectly. As soon as our smartphone has access to the Internet again, the data collected about us in the meantime is automatically uploaded to Google's Sensorvault database.

📺 Video:
https://news.1rj.ru/str/NoGoolag/76

👉🏽 Google is Malware
https://www.gnu.org/proprietary/malware-google.html

👉🏽 Read more:
https://tarnkappe.info/datenkraken-nicht-nur-google-moechte-immer-wissen-wo-ihr-seid/

#DeleteGoogle #GoogleMalware #DataStealers #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

First Lawsuit of Its Kind Accuses Big Tech of Profiting From Child Labor in Cobalt Mines

#Apple, #Google, #Microsoft, #Dell, and #Tesla are being sued over their alleged reliance on #cobalt mined by #children.

In the first lawsuit of its kind, Apple, Google, Microsoft, Dell, and Tesla are being sued on behalf of 14 Congolese families whose children were killed or permanently injured while illegally mining cobalt for electronics made by these companies.

Filed in #UnitedStates District Court for the District of Columbia by human rights group International Rights Advocates, the federal class-action lawsuit alleges the companies "aided and abetted" a system of #forced child labor and had "specific knowledge" of the conditions these children were working in but did not act to protect their profit margins.

"Apple, #Alphabet, Dell, Microsoft, and Tesla all have specific policies claiming to prohibit child labour in their supply chains," said IRAdvocates in the complaint. "Their failure to actually implement these policies to stop forced #child #labour in cobalt #mining is an intentional act to avoid ending the windfall of getting cheap cobalt."

Cobalt is an important component of lithium-ion #batteries that are used in many modern #electronics. In the lawsuit, the families argue that their children were #illegally working at cobalt mines owned by #Glencore, the world's largest cobalt producer. Glencore then supplied cobalt to #Umicore, a #Belgian mining company and metals trader. Umicore then provided cobalt for lithium-ion batteries to Apple, Google, Tesla, and Dell. Also implicated is Zhejiang Huayou Cobalt, a #Chinese cobalt producer, which works with Apple, Dell, and Microsoft.

👉🏽 Read more:
https://www.vice.com/en_us/article/bvg8n8/first-lawsuit-of-its-kind-accuses-big-tech-of-profiting-from-child-labor-in-cobalt-mines

#DeleteGoogle
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

With artificial intelligence: Google makes now animal protection

Google has discovered a new field for itself. With the help of a huge network of wild cameras, the company monitors the populations of various animal species. An AI classifies the animals on the images.

📺 Bringing Cutting-Edge Technology to Wildlife Conservation
https://www.wildlifeinsights.org/

#DeleteGoogle #wildlifeinsights #ai #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

LifeLabs Paid Hackers to Recover Stolen Medical Data of 15 Million Canadians

#LifeLabs, the largest provider of #healthcare #laboratory testing services in #Canada, has suffered a massive data breach that #exposed the personal and medical information of nearly 15 million Canadians customers.

The company announced the breach in a press release posted on its website, revealing that an unknown attacker unauthorizedly accessed its computer systems last month and stole customers' information, including their:

Names
Addresses
Email addresses
Login information
Passwords, for their LifeLabs account
Dates of birth
Health card numbers
Lab test results

The Toronto-based company discovered the #data #breach at the end of October, but the press release does not say anything about the identity of the attacker(s) and how they managed to infiltrate its systems.

However, LifeLabs admitted it paid an undisclosed amount of #ransom to the #hackers to retrieve the stolen data, which indicates that the #attack might have been carried out using a #ransomware style #malware with data exfiltration abilities.

👉🏽 Read more:
https://thehackernews.com/2019/12/lifelabs-data-breach.html

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Browser activating the front-facing camera: Big Brother or just a bug?

This post is about a disturbing (in terms of privacy) situation that we have recently encountered.

Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.

📺 https://youtu.be/JVrfUhc6l0M

👉🏽 Read more:
https://medium.com/@mva.name/browser-activating-the-front-facing-camera-big-brother-or-just-a-bug-e7a2ff9d6856

#DeleteGoogle #PoC #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Twelve Million Phones, One Dataset, Zero Privacy

Every minute of every day, everywhere on the planet, dozens of companies — largely unregulated, little scrutinized — are #logging the #movements of tens of millions of #people with #mobile #phones and storing the information in gigantic #data #files. The Times #Privacy #Project obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.

Each piece of #information in this file represents the precise location of a single #smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.

After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.

One search turned up more than a dozen people visiting the Playboy Mansion, some overnight. Without much effort we spotted visitors to the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger, connecting the devices’ owners to the residences indefinitely.

If you lived in one of the cities the #dataset covers and use #apps that share your #location — anything from weather apps to local news apps to coupon savers — you could be in there, too.

If you could see the full trove, you might never use your phone the same way again.

Read more:
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html

#surveillance #privacy #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

microG: Android without Google - Interview with the developer, please submit questions!

microG is a term that many of us have probably heard at some point. At least, if you have ever considered using your mobile phone without setting up Google, you will certainly stumble upon the term „microG“ sooner or later. What exactly microG is, how it works and why it was created, we want to find out together with you in this article and in the upcoming interview with its „creator“.
....(.....)
We look forward to your questions. Deadline ends on 31th of December!
We are happy to have the opportunity to get to know this ambitious project and its developer together with our readers. Most of the microG manuals are still in English and there are always questions from users who are stuck or don’t really understand what it’s all about or what possibilities microG offers.

Here is your opportunity to ask the developer of microG questions. Well, I have one question on my tongue: Who is behind microG?

Please send us your questions to the developer until December 31st. As always, we can’t accept any questions after that date.

👉🏽 Read the full story:
https://tarnkappe.info/microg-android-without-google-an-interview-with-the-developer/

👉🏽 Read the full story in german:
https://tarnkappe.info/microg-android-ohne-google-ein-interview-mit-dem-entwickler/

#microG #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Is It Too Late to Stop Amazon?

The brain-splitting moment happened about a week ago. A video (watermarked with the logo of a camera from Ring, an Amazon company) showing a man delivering an Amazon package, finding a box of snacks on a porch, then dancing went viral. My mind failed to find joy in the moment.

Think of the moving parts. There’s a hungry and dehydrated Amazon employee—or, more likely, an Amazon contractor—finding a slight reprieve from his grueling job only to see that moment turned into some weird viral ad. There’s a Ring security camera, made by Amazon, watching what this Amazon employee or anyone else in the neighborhood is doing and potentially sharing that video feed with the local police department. There’s the knowledge that Amazon and Ring have used police partnerships to bait potential package thieves in what could be described as a marketing campaign for a privately run state-sponsored surveillance effort.

👉🏽 Video (Facebook):
https://www.facebook.com/kathy.slater.330/posts/10157619021525967

👉🏽 Read more:
https://gizmodo.com/is-it-too-late-to-stop-amazon-1840393075

#DeleteAmazon #DeleteRing #ring #surveillance #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

microG: Android (almost) without Google - Interview with the developer, please submit Your questions!

👉🏽 Read the full article in English:
https://tarnkappe.info/microg-android-without-google-an-interview-with-the-developer/

👉🏽 Submit your questions in English:
https://tarnkappe-forum.info/t/microg-android-without-google-an-interview-with-the-developer/2933

👉🏽 Read the full article in German:
https://tarnkappe.info/microg-android-ohne-google-ein-interview-mit-dem-entwickler/

👉🏽 Submit your questions in German:
https://tarnkappe-forum.info/t/microg-android-ohne-google-ein-interview-mit-dem-entwickler/2934/8

👉🏽 For all Telegram users, whether German or English, there is the option to ask your questions here:
https://news.1rj.ru/str/joinchat/Ev2mTVbTsZQ0QcpnIQ3fWA

👉🏽 Or here: @NoGoolag

Please mark your questions in them Telegram Groups with #question

And please send us your questions to the developer until December 31st. As always, we can’t accept any questions after that date.

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Daily feed of bad IPs (with blacklist hit scores)

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

💡 As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

💡 If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

https://github.com/stamparm/ipsum

#IPsum #tool #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Live streaming from the 36th Chaos Communication Congress

Every year at the end of December, not only Christmas but also the Chaos Communication Congress is on our schedule. Under the motto "Resource Exhaustion", several thousand hackers meet again in Leipzig between the years.

📺 Livestream:
https://streaming.media.ccc.de/36c3/

💡 Schedule overview:
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/

#CCC #36C3 #Streaming #Video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

CCC analyses Munich's state trojan FinSpy

The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.

#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft für Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to § 18 para. 2 No. 1 and § 18 para. 5 No. 1 Foreign Trade Act (AWG).

The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players

💡 The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.

💡 By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.

💡 In its report, the CCC also documents references to German-speaking developers that can be found in the source code.

"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."

https://github.com/linuzifer/FinSpy-Dokumentation

https://github.com/devio/FinSpy-Tools

👉🏼 Read more:
https://www.ccc.de/de/updates/2019/finspy

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

No roborders, no nation, or: smile for a European surveillance propagation

How an agency implements Fortress Europe by degrading Non-Europeans to second-rate people

Robots, Satellites and biometrical traps - more than a Billion Euro will be spent in 2021 for what they call "Border Security." The European Border and Coastguard, formerly Frontex, dreams of a fully automomus border surveillance system.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-10994-no_roborders_no_nation_or_smile_for_a_european_surveillance_propagation

#video #CCC #36c3 #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Cryptography demystified - An introduction without maths

This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science.
In particular, the talk will explain encryption, what it is and what it does, what it is not and what it doesn't do, and what other tools cryptography can offer.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-10627-cryptography_demystified

#video #CCC #36c3 #cryptography
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

What the World can learn from Hongkong - From Unanimity to Anonymity

The people of Hong Kong have been using unique tactics, novel uses of technology, and a constantly adapting toolset in their fight to maintain their distinctiveness from China since early June. Numerous anonymous interviews with protesters from front liners to middle class supporters and left wing activists reveal a movement that has been unfairly simplified in international reporting.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-10933-what_the_world_can_learn_from_hongkong

#video #CCC #36c3 #Hongkong #Anonymity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The Eye on the Nile - Egypt's Civil Society Under Attack

What happens when we come across a surveillance operation targeting Egypt’s civil society? And what happens when the attackers expose all of their backend code by mistake? This is The Eye on the Nile.

Egyptian activists and journalists report and fight against human rights violations, only to face human rights violations themselves: they are often silenced, detained, tortured and imprisoned.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

#video #CCC #36c3 #surveillance #Egypt
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Technical aspects of the surveillance in and around the Ecuadorian embassy in London - Details about the man hunt for Julian Assange and Wikileaks

The talk explains and illustrates the procedural and technical details of the surveillance in and around the Ecuadorian embassy in London during the time Julian Assange stayed in there from June 2012 until April 2019.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-11247-technical_aspects_of_the_surveillance_in_and_around_the_ecuadorian_embassy_in_london

#video #CCC #36c3 #surveillance #Assange
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Listening Back Browser Add-On Tranlates Cookies Into Sound

‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. Utilising digital waveform synthesis, ‘Listening Back’ provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. By directing the listener’s attention to hidden processes of online data collection, Listening Back functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised.

Our access to the World Wide Web is mediated by screen devices and ‘Listening Back’ enables users to go beyond the event on the screen and experience some of the algorithmic surveillance processes that underlie our Web experience. This project therefore explores how sound can help us engage with complex phenomena beyond the visual interface of our smart devices by highlighting a disconnect between the graphical interface of the Web, and the socio-political implications of background mechanisms of data capture.

By sonifying a largely invisible tracking technology ‘Listening Back’ critiques a lack of transparency inherent to online monitoring technologies and the broader context of opt in / default cultures intrinsic to contemporary modes of online connectivity. By providing a sonic experiential platform for the real-time activity of Internet cookies this project engages listening as a mode of examination and asks what is the potential of sound as a tool for transparent questioning?

👉🏼 Chrome:
https://chrome.google.com/webstore/detail/listening-back/gdkmphlncmoloepkpifnhneogcliiiah

👉🏼 Firefox:
https://addons.mozilla.org/en-GB/firefox/addon/listening-back/

💡 Read more:
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10855.html

#addon #chrome #firefox #CCC #36c3 #cookies #ListeningBack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Listening Back Browser Add-On Tranlates Cookies Into Sound

https://mirror.netcologne.de/CCC/congress/2019/h264-hd/36c3-10855-eng-Listening_Back_Browser_Add-On_Tranlates_Cookies_Into_Sound.mp4

👉🏼 Read more:
https://news.1rj.ru/str/BlackBox_Archiv/779

#addon #chrome #firefox #CCC #36c3 #cookies #ListeningBack #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Vincent Canfield - 36C3 Staff Brutally Assaulted Me for Political Reasons

On Saturday night (Sunday morning) at around 4:30AM my friend and I were the victim of a brutal assault that was started, escalated, and carried out by the most senior members of the Orga group of the Chaos Communication Congress. If it were not for the evidence we collected, you would think I was crazy. But these abuses are very real.

https://vc.gg/blog/36c3-staff-assaulted-me-for-political-reasons.html

https://twitter.com/gexcolo/status/1211268694741061632?s=19

#CCC #36c3 #Canfield #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN