Data octopuses: Not only Google wants to know where you are and what you do

Google's location tracking on Android devices is legendary. Privacy is almost always a huge problem. Data protectors regularly go to the barricades. Law enforcement agencies are rubbing their hands more and more often. What's more, the largest data octopus of all has created an "unprecedented" data collection system for law enforcement agencies. A data collection that we usually always and mostly unknowingly agree to. But our Android smartphone or iPhone also reveals a lot about us. And that regardless of whether we want it or not.

Why do we unknowingly agree with the passion for data collection, some readers will surely ask. You can turn off location tracking in the settings. Or I simply switch to the so-called "aircraft mode", or alternatively take my SIM card out of the mobile phone. Then Google can no longer track my location and everything is fine, you think. Why this is not quite right and what our android or iPhone and others collect so much data about us, we want to take a closer look at today in this article.

Location tracking: Google doesn't do things by halves
Even if we deactivate the "location history" or "location history" for iPhones and Android smartphones, the data octopus Google continues to locate its users. Even if the function "location history" is switched off, Google or Apps, which we have installed on our Android, evaluates the user's location and saves it locally on the respective device. If we open certain apps or services, the data is then transferred. Even in "airplane mode" or without a SIM card, Google collects location data for each of our steps in the background, i.e. indirectly. As soon as our smartphone has access to the Internet again, the data collected about us in the meantime is automatically uploaded to Google's Sensorvault database.

📺 Video:
https://news.1rj.ru/str/NoGoolag/76

👉🏽 Google is Malware
https://www.gnu.org/proprietary/malware-google.html

👉🏽 Read more:
https://tarnkappe.info/datenkraken-nicht-nur-google-moechte-immer-wissen-wo-ihr-seid/

#DeleteGoogle #GoogleMalware #DataStealers #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Your annual reminder that Facebook tracks your location after you opt out
https://thenextweb.com/facebook/2019/12/18/your-annual-reminder-that-facebook-tracks-you-even-with-location-settings-turned-off/

https://redd.it/ec9y1i
@r_privacy

Facebook admits it can track your movements and bombard you with adverts even if users turn OFF location settings

🔵 Facebook sent a letter to two US senators which contained the admission

🔵 It can piece together a person's location based on various available information

🔵 Facebook says there are many advantages to knowing where people are

🔵 Tagged pictures, IP addresses and purchasing on Facebook Shopping provide clues to a person's location

https://www.dailymail.co.uk/sciencetech/article-7804121/Facebook-says-locate-users-opt-tracking.html

Read Via Telegram

FACEBOOK'S PRIVACY DISASTERS

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Firefox Announces New Partner in Delivering Private and Secure DNS Services to Users

https://blog.mozilla.org/blog/2019/12/17/firefox-announces-new-partner-in-delivering-private-and-secure-dns-services-to-users/


#firefox #ff #dns

Minimal MicroG Installer V2.4

18 december, 2019

By MOVZX and FatherJony and FriendlyNeighborhoodShane

A simple, flexible MicroG Installer

-- Changelog:

+ Update all APKs
+ Fix Standard bootloop on Q
+ Added AuroraServices only pack

For y'all younglings that don't know what MinMicroG is, check readme.md inside or https://news.1rj.ru/str/NoGoolag/202


📡 @NoGoolag
#microg #minmicrog

Browser activating the front-facing camera: Big Brother or just a bug?

This post is about a disturbing (in terms of privacy) situation that we have recently encountered.

Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.

📺 https://youtu.be/JVrfUhc6l0M

👉🏽 Read more:
https://medium.com/@mva.name/browser-activating-the-front-facing-camera-big-brother-or-just-a-bug-e7a2ff9d6856


#Google #camera #popup #DeleteGoogle #PoC #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Trannoscription (read: copy paste):

Hi, everyone!

My name is Vadim, I am a tech consultant and a system administrator at RosKomSvoboda.

This post is about a disturbing (in terms of privacy) situation that we have recently encountered.

It could have been in a “A-a-a-a-a-a-a-a-a! Look, Big Brother (Google) is watching us” style, but I will rather try to do some analysis and make some assumptions about why this might have happened.

Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.

He owns a phone with a sliding front camera. So it slid out right after loading the page as shown on a video.

Big Brother?

As you probably have guessed, at first I thought, that despite all the security measures I have taken for the website, we were hacked and “trojanized”.

However, the investigation has shown, that our site was fine.

After discussing the investigation’s findings with my colleagues from RosKomSvoboda, I remembered that I had came across several forum posts before, which were describing how “Trojan” apk-packages were distributed through the ad networks (when opening the forum from an Android phone) (The idea is that a user would install them, thinking that it is the official forum client).

I suggested checking the list of ad trackers which were allowed on that page (the reader uses Firefox and the uBlock addon with it).

A couple of hours of experiments have shown that the camera stops activating only when the google.com domain access in being blocked in the addon’s settings. Around this time the user told us, that the website “kod.ru” was also activating the camera (before that, we considered the problem to be only on our website).

After digging a little deeper, I found out, that requests to google.com are made not only by Google trackers (aka analytics), but even by the YouTube video iframe module on that page. Same thing occurring at kod.ru also fitted this theory. As it turned out, that page had also had an embedded YouTube video in it.

In order to once again check my theory, I Googled a random blog post with a built-in video in it. The camera opened again.

To sum up, what we have discovered: the presence of built-in YouTube video on a page triggers the loading of some noscripts from google.com, and those, in turn, trigger the camera.

Okay, let’s keep digging.

Having gone through all the browser debugging tools, I found out, that a highly obfuscated noscript, which even has an obfuscated name, is loaded via www.google.com domain whenever a user accesses the page. None of the de-obfuscation tools I tried could deal with it.

Considering that it is Google, I can assume that soon this noscript will disappear, and will be replaced with a different (but equally unreadable) one. So, here’s it’s code, just in case.

A brief overview of the noscript didn’t show any camera mentions, but you can try to do it yourself.

Let’s now look at it this way:

My own phone has no sliding camera, so I could not see a camera sliding out, but I can connect it via USB and use “adb logcat | grep -i -C5 camer” (I’ve used grep because otherwise there is too much irrelevant info) command. So I did it…

First try: Loading the test sites and… nothing!

Starting to think that this issue is on a client’s side.

In the same time we are discussing the situation in the aforementioned RosKomSvoboda technical chat room. After a while, one of the participants said, that mobile browsers can sometimes be tricky: they don’t always ask for a global camera access permissions, because if they know there is none they may not ask for them!

I check the application’s settings and see, that Firefox has no camera permission. I turn it on, check once again, and see a bunch of camera related info popping up in the console like that:

adb logcat | grep -i -C5 camer

Gotcha! A request!

Moreover, right after the “get device info” line there is an explicit opening of the camera device:

12–12 17:10:14.734 751 6924 I QCamera : <HAL><INFO> int qcamera::QCamera2Factory::cameraDeviceOpen(int, struct hw_device_t **): 405: Open camera id 0 API version 256

I check it once again with Chrome, and everything looks the same: if you take away the camera permission — nothing is in the log, and if you allow the app to access the camera — same logs appear.

Turns out that:
а) problem is not local
b) problem is not browser-specific.

What is interesting about that, is the fact that none of these browsers have ever requested a camera permission for any of the sites that participated in the test (and, however, for YouTube and google.com — too).

Taking all this discoveries into consideration I came up with two versions:
1) Either Big Brother is really watching us or
2) that oddly obfuscated noscript from Google triggers Camera API in browsers in order to fingerprint the user, but avoids accessing camera directly. That’s why there is no permission request popping up (however, if you look at the video at the beginning of the article closely, you can see how an LED blinks between opening and closing the camera, which raises certain concerns).

Browser’s logic here is simple: When initializing the Camera API, if there is no camera permission — do not do anything (do not even ask for it until there is a real necessity) and if there is one — initialize the cameras and check what kind of modules are there and what are they capable of (might be the reason why the camera slides out).

The user’s phone vendor, as it seems, programmed the camera software simply: whenever the camera is accessed — it slides out.

Afterall, turns out the issue is not as serious, as it seemed to be in the beginning and I’d like to believe that no photos are taken (anyway I’m not qualified enough neither to prove nor disprove that, maybe one of you, the readers, could do that).

However, the very fact that opening any webpage that has an embedded YouTube video iframe in it leads to a camera request (and even some communication with the module) is pretty sad and disturbing in terms of privacy and I think it’s worth the community’s attention.

What is your opinion?

Russian version: https://habr.com/ru/company/roskomsvoboda/blog/480056/

WRITTEN BY

Vadim Misbakh-Soloviov

Avoid Google apps spyware!

📡 @NoGoolag (links at @microGsupport)

★English Group:
https://news.1rj.ru/str/joinchat/FyFlS0X2D7eDayZ4R4Gkzw

★Indonesian Group:
https://news.1rj.ru/str/joinchat/HVU5S1HNr9FuSwsX0vRCuQ

★Off-Topic Group:
https://news.1rj.ru/str/joinchat/LepbVElZLJbkWMRBNhcPfA

★Guide: t.me/NoGoolag/63
★Installers: t.me/NoGoolag/182

More software
📡 @Libreware

📡 @AuroraOfficial Aurora sw channel

💬 @AuroraSupport Aurora Store group (Foss playstore alternative)

💬 @AuroraDroid Aurora Droid group (F-Droid client)

💬 @AuroraOSS
Group to discuss upcoming Aurora projects (Contacts & Dialer, Aurora Services, Aurora Sync, Aurora Maps)

🦊 @qd_invitation
Firefox Configuration Hardening
DNScrypt Proxy Android
Mixplorer updates

News
📡 @cRyPtHoN_INFOSEC_EN
📡 @cRyPtHoN_INFOSEC_DE

Fifth Fired Google Worker Files Federal Labor Complaint

A fifth former Google worker has filed a complaint with federal regulators accusing the company of improperly firing employees for labor organizing activity.

Kathryn Spiers, a security engineer, said Google fired her after she created a pop-up notification for employees to inform them of their labor rights.

In late November, Google fired four other workers for what the company said were violations of its data security policy. Those workers say they don’t believe they violated company policies and that Google was really firing them because they were all involved in various organizing activities at the company. Google disputes that.

https://www.securityweek.com/fifth-fired-google-worker-files-federal-labor-complaint

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Twelve Million Phones, One Dataset, Zero Privacy

Every minute of every day, everywhere on the planet, dozens of companies — largely unregulated, little scrutinized — are #logging the #movements of tens of millions of #people with #mobile #phones and storing the information in gigantic #data #files. The Times #Privacy #Project obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.

Each piece of #information in this file represents the precise location of a single #smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.

After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.

One search turned up more than a dozen people visiting the Playboy Mansion, some overnight. Without much effort we spotted visitors to the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger, connecting the devices’ owners to the residences indefinitely.

If you lived in one of the cities the #dataset covers and use #apps that share your# location — anything from weather apps to local news apps to coupon savers — you could be in there, too.

If you could see the full trove, you might never use your phone the same way again.

Read more:
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html

#surveillance #privacy #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Satire
Area man constantly mentioning he doesn't use Facebook

PALO ALTO, CA -- Area resident John Grey does not maintain a Facebook account, a fact he repeatedly points out to real-world friends, family, and co-workers -- as well as coffee shop baristas, Wal-Mart door greeters, and panhandlers he passes on the street.

"I, personally, would rather spend my time doing something useful than login to Facebook," he told a random woman Monday at Moondollars Coffee House after noticing she was glued to her mobile phone posting status updates.

According to Alice Perkins, a co-worker at Bob's Bargain Basement, a thrift store, Grey steers the conversation toward Facebook whenever possible, just so he can mention that he has never set up an account.

"A few days ago, [store owner] Bob "Bargain" Bottenfield was saying his wrists were bothering him," Perkins said. "The second he said that, I knew John would pounce. He was like, 'It sounds like you might suffer from carpal tunnel. I'm really lucky to have avoided that problem. I'm guessing it's because I don't post constant updates to Facebook. In fact, I don't even have an account."

She added, "He always makes sure to read Slashdot, just so he can point out all the terrible upgrades and privacy-invading features that Facebook unveiled in the last hour."

"I'm not an elitist," Grey said. "It's just that I'd much rather watch a TED talk or chuckle at something from The Onion than sit there posting mindless updates to the whole world complaining about climate change or speculating on the progress my stomach is making digesting lunch."

"If I feel the need to share my opinions with peers, I'll craft a carefully worded Letter to the Editor of the local newspaper," he droned. "I certainly wouldn't waste my time wading through status updates about virtual cabbage fields or make-believe mobster battles."

He concluded, "I'm free from the tyranny of Mark Zuckerberg and his Big Brother overlords. I can't begin to tell you how happy I am to be without Facebook."

Despite Grey's absense from the social-networking universe, Facebook has already amassed a dossier on him. After several classmates and ex-girlfriends searched for his name, one of Facebook's privacy-invading features automatically deduced his name, education level, age, and carbonated soda preference (Diet Pepsi).

"We know all about him," boasted Eric Wellorian, who lives in a nearby apartment and has suffered from one of Grey's lectures about the evils of Facebook when they briefly crossed paths near the mailboxes. "I just started working at Facebook, a fact that I've been careful to avoid mentioning in case he goes supernova. It doesn't matter, though. He can run from Facebook, but he can't hide."

Source: http://humorix.org/10926
#satire #facebook #deletefacebook

Tor Browser

Private browsing without tracking, surveillance, or censorship

https://www.torproject.org

If the link above is censored in your country try:

https://tor.eff.org/
https://tor.stalkr.net/
https://sela.io/mirrors/torproject.org/
https://mirror.freedif.org/TorProject/

if these links are all blocked too:
Step 1: Send a request to GetTor (gettor@torproject.org) specifying your operating system (and your locale). Ex: "windows es"

Step 2: GetTor will send you back a reply with links to download Tor Browser from our supported providers.

FAQ:
https://support.torproject.org

Documentation:
https://2019.www.torproject.org/docs/documentation.html.en

An attempt to document commonly believed misconceptions about Tor
https://github.com/epidemics-scepticism/writing/blob/master/misconception.md

Download

https://www.torproject.org/download

📱 Android

https://www.torproject.org/download/#android

Google Playstore
https://play.google.com/store/apps/details?id=org.torproject.torbrowser_alpha

Fdroid status:
•https://gitlab.com/fdroid/fdroiddata/merge_requests/4676
•https://trac.torproject.org/projects/tor/ticket/27539

On Guardian Project F-Droid repo
https://f-droid.org/app/org.torproject.torbrowser_alpha

💻 PC (*nix):

Don't use the packaged version of your distro, it may be old and it installs as any other binary, meaning there could be a greater data leak if someone has physical access to your pc.

If the executable file doesn't work, open a terminal in the same directory as the .desktop file and type chmod +x start-tor-browser.desktop

-> use obfs4 bridges if your country throttles/blocks Tor
-> if your country has DPI try the meek-azure bridge
-> if meek-azure is broken (you're in xinjiang etc) meek-amazon sometimes works
-> otherwise if you're in xinjiang you're doomed


📡 @NoGoolag 📡 @Libreware
#tor #browser

Facebook SpywareOS
Facebook is working on its own OS that could reduce its reliance on Android

https://www.theverge.com/2019/12/19/21030043/facebook-os-custom-operating-system-android-reliance-self-sufficiency-ar-glasses


#fb #fbos #facebook #facebookos #android

In a rare move, Apple, Amazon, and Google just announced a major partnership

businessinsider.com/apple-amazon-google-partner-on-smart-home-tech-2019-12

#wiretap #assistant #speakers #apple #amazon #google