Twelve Million Phones, One Dataset, Zero Privacy

Every minute of every day, everywhere on the planet, dozens of companies — largely unregulated, little scrutinized — are #logging the #movements of tens of millions of #people with #mobile #phones and storing the information in gigantic #data #files. The Times #Privacy #Project obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.

Each piece of #information in this file represents the precise location of a single #smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.

After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.

One search turned up more than a dozen people visiting the Playboy Mansion, some overnight. Without much effort we spotted visitors to the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger, connecting the devices’ owners to the residences indefinitely.

If you lived in one of the cities the #dataset covers and use #apps that share your #location — anything from weather apps to local news apps to coupon savers — you could be in there, too.

If you could see the full trove, you might never use your phone the same way again.

Read more:
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html

#surveillance #privacy #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

microG: Android without Google - Interview with the developer, please submit questions!

microG is a term that many of us have probably heard at some point. At least, if you have ever considered using your mobile phone without setting up Google, you will certainly stumble upon the term „microG“ sooner or later. What exactly microG is, how it works and why it was created, we want to find out together with you in this article and in the upcoming interview with its „creator“.
....(.....)
We look forward to your questions. Deadline ends on 31th of December!
We are happy to have the opportunity to get to know this ambitious project and its developer together with our readers. Most of the microG manuals are still in English and there are always questions from users who are stuck or don’t really understand what it’s all about or what possibilities microG offers.

Here is your opportunity to ask the developer of microG questions. Well, I have one question on my tongue: Who is behind microG?

Please send us your questions to the developer until December 31st. As always, we can’t accept any questions after that date.

👉🏽 Read the full story:
https://tarnkappe.info/microg-android-without-google-an-interview-with-the-developer/

👉🏽 Read the full story in german:
https://tarnkappe.info/microg-android-ohne-google-ein-interview-mit-dem-entwickler/

#microG #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Is It Too Late to Stop Amazon?

The brain-splitting moment happened about a week ago. A video (watermarked with the logo of a camera from Ring, an Amazon company) showing a man delivering an Amazon package, finding a box of snacks on a porch, then dancing went viral. My mind failed to find joy in the moment.

Think of the moving parts. There’s a hungry and dehydrated Amazon employee—or, more likely, an Amazon contractor—finding a slight reprieve from his grueling job only to see that moment turned into some weird viral ad. There’s a Ring security camera, made by Amazon, watching what this Amazon employee or anyone else in the neighborhood is doing and potentially sharing that video feed with the local police department. There’s the knowledge that Amazon and Ring have used police partnerships to bait potential package thieves in what could be described as a marketing campaign for a privately run state-sponsored surveillance effort.

👉🏽 Video (Facebook):
https://www.facebook.com/kathy.slater.330/posts/10157619021525967

👉🏽 Read more:
https://gizmodo.com/is-it-too-late-to-stop-amazon-1840393075

#DeleteAmazon #DeleteRing #ring #surveillance #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

microG: Android (almost) without Google - Interview with the developer, please submit Your questions!

👉🏽 Read the full article in English:
https://tarnkappe.info/microg-android-without-google-an-interview-with-the-developer/

👉🏽 Submit your questions in English:
https://tarnkappe-forum.info/t/microg-android-without-google-an-interview-with-the-developer/2933

👉🏽 Read the full article in German:
https://tarnkappe.info/microg-android-ohne-google-ein-interview-mit-dem-entwickler/

👉🏽 Submit your questions in German:
https://tarnkappe-forum.info/t/microg-android-ohne-google-ein-interview-mit-dem-entwickler/2934/8

👉🏽 For all Telegram users, whether German or English, there is the option to ask your questions here:
https://news.1rj.ru/str/joinchat/Ev2mTVbTsZQ0QcpnIQ3fWA

👉🏽 Or here: @NoGoolag

Please mark your questions in them Telegram Groups with #question

And please send us your questions to the developer until December 31st. As always, we can’t accept any questions after that date.

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Daily feed of bad IPs (with blacklist hit scores)

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

💡 As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

💡 If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

https://github.com/stamparm/ipsum

#IPsum #tool #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Live streaming from the 36th Chaos Communication Congress

Every year at the end of December, not only Christmas but also the Chaos Communication Congress is on our schedule. Under the motto "Resource Exhaustion", several thousand hackers meet again in Leipzig between the years.

📺 Livestream:
https://streaming.media.ccc.de/36c3/

💡 Schedule overview:
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/

#CCC #36C3 #Streaming #Video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

CCC analyses Munich's state trojan FinSpy

The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.

#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft für Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to § 18 para. 2 No. 1 and § 18 para. 5 No. 1 Foreign Trade Act (AWG).

The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players

💡 The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.

💡 By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.

💡 In its report, the CCC also documents references to German-speaking developers that can be found in the source code.

"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."

https://github.com/linuzifer/FinSpy-Dokumentation

https://github.com/devio/FinSpy-Tools

👉🏼 Read more:
https://www.ccc.de/de/updates/2019/finspy

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

No roborders, no nation, or: smile for a European surveillance propagation

How an agency implements Fortress Europe by degrading Non-Europeans to second-rate people

Robots, Satellites and biometrical traps - more than a Billion Euro will be spent in 2021 for what they call "Border Security." The European Border and Coastguard, formerly Frontex, dreams of a fully automomus border surveillance system.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-10994-no_roborders_no_nation_or_smile_for_a_european_surveillance_propagation

#video #CCC #36c3 #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Cryptography demystified - An introduction without maths

This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science.
In particular, the talk will explain encryption, what it is and what it does, what it is not and what it doesn't do, and what other tools cryptography can offer.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-10627-cryptography_demystified

#video #CCC #36c3 #cryptography
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

What the World can learn from Hongkong - From Unanimity to Anonymity

The people of Hong Kong have been using unique tactics, novel uses of technology, and a constantly adapting toolset in their fight to maintain their distinctiveness from China since early June. Numerous anonymous interviews with protesters from front liners to middle class supporters and left wing activists reveal a movement that has been unfairly simplified in international reporting.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-10933-what_the_world_can_learn_from_hongkong

#video #CCC #36c3 #Hongkong #Anonymity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The Eye on the Nile - Egypt's Civil Society Under Attack

What happens when we come across a surveillance operation targeting Egypt’s civil society? And what happens when the attackers expose all of their backend code by mistake? This is The Eye on the Nile.

Egyptian activists and journalists report and fight against human rights violations, only to face human rights violations themselves: they are often silenced, detained, tortured and imprisoned.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

#video #CCC #36c3 #surveillance #Egypt
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Technical aspects of the surveillance in and around the Ecuadorian embassy in London - Details about the man hunt for Julian Assange and Wikileaks

The talk explains and illustrates the procedural and technical details of the surveillance in and around the Ecuadorian embassy in London during the time Julian Assange stayed in there from June 2012 until April 2019.

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-11247-technical_aspects_of_the_surveillance_in_and_around_the_ecuadorian_embassy_in_london

#video #CCC #36c3 #surveillance #Assange
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Listening Back Browser Add-On Tranlates Cookies Into Sound

‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. Utilising digital waveform synthesis, ‘Listening Back’ provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. By directing the listener’s attention to hidden processes of online data collection, Listening Back functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised.

Our access to the World Wide Web is mediated by screen devices and ‘Listening Back’ enables users to go beyond the event on the screen and experience some of the algorithmic surveillance processes that underlie our Web experience. This project therefore explores how sound can help us engage with complex phenomena beyond the visual interface of our smart devices by highlighting a disconnect between the graphical interface of the Web, and the socio-political implications of background mechanisms of data capture.

By sonifying a largely invisible tracking technology ‘Listening Back’ critiques a lack of transparency inherent to online monitoring technologies and the broader context of opt in / default cultures intrinsic to contemporary modes of online connectivity. By providing a sonic experiential platform for the real-time activity of Internet cookies this project engages listening as a mode of examination and asks what is the potential of sound as a tool for transparent questioning?

👉🏼 Chrome:
https://chrome.google.com/webstore/detail/listening-back/gdkmphlncmoloepkpifnhneogcliiiah

👉🏼 Firefox:
https://addons.mozilla.org/en-GB/firefox/addon/listening-back/

💡 Read more:
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10855.html

#addon #chrome #firefox #CCC #36c3 #cookies #ListeningBack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Listening Back Browser Add-On Tranlates Cookies Into Sound

https://mirror.netcologne.de/CCC/congress/2019/h264-hd/36c3-10855-eng-Listening_Back_Browser_Add-On_Tranlates_Cookies_Into_Sound.mp4

👉🏼 Read more:
https://news.1rj.ru/str/BlackBox_Archiv/779

#addon #chrome #firefox #CCC #36c3 #cookies #ListeningBack #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Vincent Canfield - 36C3 Staff Brutally Assaulted Me for Political Reasons

On Saturday night (Sunday morning) at around 4:30AM my friend and I were the victim of a brutal assault that was started, escalated, and carried out by the most senior members of the Orga group of the Chaos Communication Congress. If it were not for the evidence we collected, you would think I was crazy. But these abuses are very real.

https://vc.gg/blog/36c3-staff-assaulted-me-for-political-reasons.html

https://twitter.com/gexcolo/status/1211268694741061632?s=19

#CCC #36c3 #Canfield #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The KGB Hack: 30 Years Later

The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst).

⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.

https://media.ccc.de/v/36c3-11031-the_kgb_hack_30_years_later

#video #CCC #36c3 #KGB #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Septor 2020

Septor Linux is a operating system that provides users with a perfect computing environment for surfing the Internet anonymously. Septor providing users with a stable and reliable distribution that is based on Debian GNU/Linux and works on a wide range of computers. Distribution featuring a customised KDE Plasma deskop and Tor technologies.

Linux Kernel 5.3 Plasma 5.14.5
Software Management: Synaptic, GDebi
Internet: Tor Browser, Thunderbird, Ricochet IM, HexChat, QuiteRSS, OnionShare
Utilities: Gufw, Konsole, Ark, Image Writer, Bootiso, Sweeper, KGpg, Kleopatra, MAT, KWallet, VeraCrypt
Graphics / Multimedia: GIMP, Gwenview. VLC, K3b, Guvcview
Office: LibreOffice, Kontact, КOrganizer, Okular, Kwrite, Kate, Eqonomize

https://septor.sourceforge.io/

#Septor #Linux #Debian
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Obscurix: Linux Live System for privacy, security and anonymity

#Obscurix is a new open source #Live operating system based on #Arch #Linux. Obscurix attaches great importance to your #privacy, #security and #anonymity on the net. The live operating system routes all your traffic quite securely through the #Tor# network and also supports many other networks like #I2P and #Freenet.

Privacy, Security and Anonymity
To get it straight up front: Obscurix does not want to be a Linux operating system for pentesters. Even if you mainly want to play games on your computer, you better find something else. Obscurix is simply a secure and easy to use live operating system. In addition, the developers have done a lot to make it resistant against various forms of tracking and #surveillance. As a user you don't have to configure much, which makes it easy to get started.

One of the big differences between this and other Linux operating systems is the special focus on privacy, security and anonymity. Therefore Obscurix is not an operating system that you should install on your hard disk. As a pure live operating system it runs only in the memory of your computer. During shutdown the #OS automatically deletes all digital "traces" that third parties could otherwise evaluate later.

Continue on:
https://tarnkappe.info/obscurix-linux-live-system-fuer-privatsphaere-sicherheit-und-anonymitaet/

👉🏼 Obscurix:
https://obscurix.github.io/

👉🏼 ObscurixOS TG support group:
https://news.1rj.ru/str/Obscurix_OS

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’

Company’s work in 68 countries laid bare with release of more than 100,000 documents

An explosive #leak of tens of thousands of documents from the defunct data firm #CambridgeAnalytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million #Facebook profiles.

More than 100,000 documents relating to work in 68 countries that will lay bare the global infrastructure of an operation used to manipulate voters on “an industrial scale” is set to be released over the next months.

It comes as Christopher Steele, the ex-head of MI6’s Russia desk and the intelligence expert behind the so-called “Steele dossier” into Trump’s relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for manipulation of the US election this year were even worse.

The release of documents began on New Year’s Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoeaned by Robert Mueller’s investigation into Russian interference in the 2016 presidential election.

Kaiser, who starred in the Oscar-shortlisted Netflix documentary The Great Hack, decided to go public after last month’s election in Britain. “It’s so abundantly clear our electoral systems are wide open to abuse,” she said. “I’m very fearful about what is going to happen in the US election later this year, and I think one of the few ways of protecting ourselves is to get as much information out there as possible.”

Read more:
https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation

#DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Serious cyber-attack on Austria's foreign ministry

Austria's foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.

The ministry said the seriousness of the attack suggested it might have been carried out by a "state actor".

The hack started on Saturday night and experts warn it could continue for several days.

The breach occurred on the same day Austria's Green party backed forming a coalition with conservatives .

It was recognised very quickly and countermeasures taken immediately, the foreign ministry said in a statement.

"Despite all intensive security measures, there is never 100% protection against cyber-attacks," the ministry said.

https://www.bbc.com/news/world-europe-50997773

https://www.rte.ie/news/world/2020/0105/1104411-austria-cyber-attack/

#austria #cyberattack #stateactor #hacker #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Interview: Vincent Canfield from cock.li comments on his expulsion from the 36C3

In our conversation Vincent Canfield tells us how the violent expulsion from 36C3 happened from his point of view. Vincent is not exactly an undisputed personality, to put it objectively. He tells us how he came up with the idea of founding his e-mail service cock.li. We also learn about Vincent’s political view of the world or how seriously he thinks cock.li should be taken. Of course we also talk to him about the „unpleasant“ moments he unfortunately had to experience at this year’s Chaos Communication Congress (36C3) in Leipzig. The man from the National.Shitposting.Agency (NSA?)had to face some questions in our interview.

Vincent Canfield: a topic about which people elsewhere prefer to remain silent?

No year should end without the annual Chaos Communication Congress (36C3). Also this year, one headline quickly followed the next. As has been the case for many years, the media have taken up the topics of the Chaos Communication Congress. Whether it’s about hacking in general, data protection or autonomous driving, 5G networks or the final proof that Deutsche Bahn is indeed unpunctual. As every year, everything was reported in detail. Apparently, (almost) nobody wanted to report on just one topic until today: Vincent Canfield, the head of cock.li, has obviously been thrown out of this year’s 36C3 congress in a rather unpleasant way.

👉🏼 The interview in english:
https://tarnkappe.info/vincent-canfield-from-cock-li-comments-on-his-expulsion-from-the-36c3/

👉🏼 The interview in german:
https://tarnkappe.info/interview-vincent-canfields-meinung-zu-cock-li-und-ueber-den-ccc/

https://twitter.com/gexcolo/status/1214261610338037761

#Vincent #cockli #CCC #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN