Ban Surveillance Advertising

As leaders across a broad range of issues and industries, we are united in our concern for the safety of our communities and the health of democracy. Social media giants are eroding our consensus reality and threatening public safety in service of a toxic, extractive business model. That’s why we’re joining forces in an effort to ban surveillance advertising.

Surveillance advertising – the core profit-driver for gatekeepers like Facebook and Google, as well as adtech middlemen – is the practice of extensively tracking and profiling individuals and groups, and then microtargeting ads at them based on their behavioral history, relationships, and identity.

These dominant firms curate the content each person sees on their platforms using those dossiers – not just the ads, but newsfeeds, recommendations, trends, and so forth – to keep each user hooked, so they can be served more ads and mined for more data.

Big Tech platforms amplify hate, illegal activities, and conspiracism – and feed users increasingly extreme content – because that’s what generates the most engagement and profit. Their own algorithmic tools have boosted everything from white supremacist groups and Holocaust denialism to COVID-19 hoaxes, counterfeit opioids and fake cancer cures. Echo chambers, radicalization, and viral lies are features of these platforms, not bugs—central to the business model.

And surveillance advertising is further damaging the information ecosystem by starving the traditional news industry, especially local journalism. Facebook and Google’s monopoly power and data harvesting practices have given them an unfair advantage, allowing them to dominate the digital advertising market, siphoning up revenue that once kept local newspapers afloat. So while Big Tech CEOs get richer, journalists get laid off.

https://www.bansurveillanceadvertising.com/coalition-letter

#ban #surveillance #advertising #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

We’re all digital idiots

Our children seem to be the prime targets of digital overload, according to Michel Desmurget, research director at Lyon’s Institut des Sciences Cognitives. But what about adults, asks Desmurget in his latest book, La Fabrique du Crétin Digital?

It’s a question that’s worth asking, especially when it comes to the workplace. Why? Because homo sapiens’ craving for social relations and group life (which progressively shaped the society and organizations we know today) now seem to be turning against us. The most noticeable symptom is probably FOMO, our fear of missing out on information or being excluded (even temporarily) from a group that is engaged in discussion. This feeling of exclusion turn into an almost morbid fear, leading to a need to be constantly connected to social networks.

Of course, this dependence on networks is not necessarily pathological. Nevertheless, regardless of how connected we are, it’s interesting to ask ourselves questions about our own digital use. This is worthwhile because it means we can avoid a situation in which our digital tools — which are supposed to bring us wealth, joy, and greater efficiency — become synonymous with stress and hassle.

https://business-digest.eu/were-all-digital-idiots/?lang=en

#digital #idiots #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Police bust 'world's biggest' video-game-cheat operation

A collaborative effort between Chinese police and gaming giant Tencent has led to the closure of what police say is the biggest ever video-game-cheat operation.

The gang designed and sold cheats to popular video games, including Overwatch and Call of Duty Mobile.

Roughly $76m (£55m) in revenue was made by the organisation which charged a subscription fee to clients.

Police seized assets worth $46m, including several luxury cars.

The operation was called "Chicken Drumstick", and had a website selling to "hundreds of countries and regions", local media reported.

Subscription prices for users began at around $10 a day, and up to $200 a month.

https://www.bbc.com/news/technology-56579449

#bust #police #video #game #cheats #ChickenDrumstick
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Google Is Testing Its Controversial New Ad Targeting Tech in Millions of Browsers. Here’s What We Know.

Today, Google launched an “origin trial” of Federated Learning of Cohorts (aka FLoC), its experimental new technology for targeting ads. A switch has silently been flipped in millions of instances of Google Chrome: those browsers will begin sorting their users into groups based on behavior, then sharing group labels with third-party trackers and advertisers around the web. A random set of users have been selected for the trial, and they can currently only opt out by disabling third-party cookies.

Although Google announced this was coming, the company has been sparse with details about the trial until now. We’ve pored over blog posts, mailing lists, draft web standards, and Chromium’s source code to figure out exactly what’s going on.

EFF has already written that FLoC is a terrible idea. Google’s launch of this trial—without notice to the individuals who will be part of the test, much less their consent—is a concrete breach of user trust in service of a technology that should not exist.

Below we describe how this trial will work, and some of the most important technical details we’ve learned so far.

https://www.eff.org/deeplinks/2021/03/google-testing-its-controversial-new-ad-targeting-tech-millions-browsers-heres

#google #FLoC #chrome #browser #ad #targeting #tracking #cookies #DeleteGoogle #thinkabout
📡 @nogoolag @blackbox_archiv

What the hell is happening with Android One?

Google's once-pivotal program for exceptional yet affordable Android phones seems to be fading — and maybe for good reason.

Not long ago, a low-profile program called Android One looked like it could be just the one-two punch Android needed.

Android One, like lots of Google initiatives, has had a long and winding history with plenty of twists and turns. When Android One first came into the picture in 2014, it was described as an effort to "make high-quality smartphones accessible to as many people as possible." The focus was squarely on bringing affordable phones with exceptional experiences to emerging markets — places like Pakistan and India, where it could be "hard for people" to "get their hands on a high-quality smartphone," as Google put it at the time.

But that was just the start of Google's Android One ambitions. Three years later, in 2017, Google expanded the program with the launch of Android One phones in places like Japan, Taiwan, and eventually the United States. The company changed its description of the effort from that original small-scale focus to the much broader vision of a "collaboration between Google and [its] partners to deliver a software experience designed by Google," with a guarantee of reasonably timely ongoing operating system updates and an experience that'd be free from all the bloat and shenanigans baked into so many Android products.

http://telegra.ph/What-the-hell-is-happening-with-Android-One-03-31-2

via www.computerworld.com

#google #android1 #thinkabout
📡 @nogoolag @blackbox_archiv

Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google

We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins.

‼️ The phone IMEI, hardware serial number, SIM serial number and IMSI, handsetphone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this.

💡 When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

#apple #google #study #telemetry #data #mobilephones #pdf
📡 @nogoolag @blackbox_archiv

Darknet Diaries - EP 88: Victor

Victor looks for vulnerabilities on the web and reports them responsibly. This is the story about discloser number 5780.

https://darknetdiaries.com/episode/88/

https://nitter.pussthecat.org/0xDUDE

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag

Joint Statement by Commissioner Reynders and Yoon Jong In, Chairperson of the Personal Information Protection Commission of the Republic of Korea

In their call today, Commissioner for Justice Didier Reynders and Chairperson of the Personal Information Protection Commission Yoon Jong In welcomed the successful conclusion of the adequacy talks between the European Union and the Republic of Korea.

The adequacy dialogue confirmed the high degree of convergence between the European Union and the Republic of Korea in the area of data protection, which increased further with the recent entry into force of the new Personal Information Protection Act in the Republic of Korea and the strengthening of the powers of the Personal Information Protection Commission.

Building on these similarities, which ensure the continuity of protection for the exchange of personal data, an adequacy finding will enable free and safe data flows from the EU to the Republic of Korea.

By covering both commercial operators and the public sector, such an adequacy finding will not only support business operators transferring personal data as part of their commercial operations, but also facilitate regulatory cooperation, to the benefit of both sides.

It will also complement the EU-Republic of Korea Free Trade Agreement and boost cooperation between the EU and the Republic of Korea as leading digital powers.

https://ec.europa.eu/commission/presscorner/detail/en/statement_21_1506

#statement #eu #korea #data #flows
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Microsoft wins $21.9 billion contract with U.S. Army to supply augmented reality headsets

(Reuters) - Microsoft Corp on Wednesday said it has won a deal to sell the U.S. Army augmented reality headsets based on its HoloLens product and backed by Azure cloud computing services.

Citing a Microsoft spokesperson, CNBC reported that the contract could be worth up to $21.88 billion over 10 years.

https://www.reuters.com/article/us-microsoft-army/microsoft-wins-21-9-billion-contract-with-u-s-army-to-supply-augmented-reality-headsets-idUSKBN2BN36B

#usa #microsoft #army #contract #augmented #reality
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

PHP releases on hold

As announced on the php.internals mailing list, a pair of malicious commits were made in the PHP source code repository over the weekend. These commits were immediately noticed and reverted, and thus never reached end users. The investigation into the root cause and exact scope of the compromise is still ongoing, therefore releases will be put on hold for two weeks assuming no further issues are discovered.

Thank you for bearing with us while we endeavor to ensure that PHP is a stable and reliable platform for web development.

https://www.php.net/archive/2021.php#2021-03-30-1

#php #malicious #commits #sourcecode #repository
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Tracing Paper

Color printers mark printouts with barely visible codes that are used to track down currency counterfeiters, as well as everyone else.

In 2017, when a National Security Agency (NSA) whistleblower wanted to extract classified government documents from her work computer, she sought refuge in the printed page. Maybe she thought physical paper would be safer from digital surveillance than an email. So she printed the documents at her office and then mailed them to The Intercept, which broke the news with the headline, “Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election” on June 5th, 2017 at 3:44 p.m. eastern time. A few hours later, the US Department of Justice officially announced their arrest of Reality Winner, a former US Air Force officer and NSA contractor.

What happened? The Intercept contacted the NSA on May 30th asking them to verify the documents. But by sending the scanned images that included each page’s wrinkles and folds, as opposed to retyping the information, the journalists shared more than they intended to: they sent the NSA the pale yellow tracking dots that are embedded in every piece of paper that is printed by a color laser printer. The dots form rectangular grids of rows and columns, with each dot’s position corresponding to the value of a date, time, or printer model.

Together, the rows and columns constitute a machine-readable bitmap known as a machine identification code (MIC). MIC grids repeat across the page so that even if only a shred of a page is recovered, the MIC on that shred can still be decoded and traced. While neither the Justice Department’s nor the FBI’s statements about Winner’s arrest mentioned MICs, security experts strongly suggested that they played a role in helping the agencies identify her and, at the very least, corroborated other evidence linking Winner to the leak.

https://logicmag.io/security/tracing-paper/

#tracing #paper #printers #digital #surveillance
📡 @nogoolag @blackbox_archiv

California Suspended ‘Copyright Troll’ Malibu Media’s Corporate Status

California's Franchise Tax Board has suspended the corporate status of adult entertainment company Malibu Media. The Los Angeles company, which is known for suing alleged BitTorrent pirates, failed to meet its tax obligations. In light of this development, an accused file-sharer now wants the company's CEO Colette Pelissier to be added to a pending countersuit.

Just two years ago, Malibu Media was one of the most active ‘copyright trolls’ in the United States.

The Los Angeles-based company behind the ‘X-Art’ adult movies filed thousands of lawsuits targeting Internet subscribers whose accounts were allegedly used to share Malibu’s films via BitTorrent.

Then, seemingly out of nowhere, the lawsuits stopped. For more than a year there haven’t been any new John Doe complaints. In fact, the only notable case dates back to January 2020, when Malibu’s former law firm sued the company over breach of contract and unpaid bills.

This doesn’t mean that all outstanding “John Doe” cases have been resolved. At the time of writing, there are a few still pending. This includes one where Malibu Media has to defend itself against a counterclaim of abuse of process, among other things.

https://torrentfreak.com/california-has-suspended-copyright-troll-malibu-medias-corporate-status-210330/

#usa #california #malibu #copyright #troll
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened. If, on the other hand, you're on this page because you're interested in reading about the illicit use of cryptomining on compromised websites and how through fortuitous circumstances, I now own coinhive.com and am doing something useful with it, read on.

You know how people don't like ads? Yeah, me either (at least not the spammy tracky ones that invade both your privacy and your bandwidth), but I also like free content on the web and therein lies the rub; how do content producers monetise their work if they can't put ads on pages? Well naturally, you "Monetize Your Business with Your Users' CPU Power" which was Coinhives's modus operandi. That's a link to the last snapshotted version on archive.org because if you go to coinhive.com today, you'll see nothing. The website is dead. However, it's now owned by me and it's just sitting there doing pretty much nothing other than serving a little bit of JavaScript. I'll come back to that shortly, let's return to the business model of Coinhive:

So, instead of serving ads you put a JavaScript based cryptominer on your victi... sorry - visitors - browsers then whilst they're sitting there reading your content, you're harvesting Monero coin on their machine. They're paying for the CPU cycles to put money into your pocket - ingenious! But there were two massive problems with this and the first one is probably obvious: it's a sleazy business model that (usually unknowingly) exploits people's electricity bills for the personal gain of the site operator. It might only be exploiting them a little bit (how much power can an in-browser JS cryptominer really draw?), but it still feels super shady. The second problem is that due to the anonymous nature of cryptocurrency, every hacker and their dog wanted to put Coinhive on any sites they were able to run their own arbitrary JavaScript on.

https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/

#coinhive #cryptojacking
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Windows 10 AME

Version 20H2 Dated 2021-04-01

The goal of the AME project is to provide a stable and non-intrusive build of Windows 10, without sacrificing usability and Win32 compatibility for the majority of mainstream applications. This includes the avoidance and riddance of privacy infringing automated data collection services, central to Microsoft’s strategy for the Windows 10 operating system.

This page provides a complete step-by-step description of how AME images are mastered based on Windows 10 build 20H2 with minor proceeding updates, defining a complete documentation of this project.

While large portions of this process have been automated using various scripts and Linux command line utilities, a large majority requires manual effort, with many of the steps often producing differing and sometimes non-predictable results from instance to instance, increasing the difficulty of this procedure. As such, sections where abnormal behavior may occur have been appropriately highlighted.

💡 It is also recommended that anyone attempting to reproduce the steps in this guide be moderately versed with Linux and consequently also not afraid of using the command line.

👉🏼 ISO Download:
https://t.me/amereleases/41

💡 Documentation:
https://wiki.ameliorated.info/documentation_20H2

👉🏼 Source Code:
https://git.ameliorated.info/malte/scripts

👀 Join the Discussion:
https://t.me/joinchat/TFCUAzfq6Y-Bl9vG

#ame #windows
📡 @nogoolag 📡 @blackbox_archiv

You Can’t Trust Amazon When It Feels Threatened

Last week, someone behind the @AmazonNews Twitter account took a fistful of pills, washed them down with a handle of Old Grand-Dad, and started tweeting.

They picked fights with Bernie Sanders and Elizabeth Warren. They also argued with Wisconsin’s congressional Representative Mark Pocan.

And while all of this is embarrassing and highly cringey, my problem entirely centers around a single tweet in the midst of the storm that says in part: “You don’t really believe the peeing in bottles thing, do you?”

Wait a second. Are you seriously asking if I believe in something that has been independently reported by multiple reputable media outlets?

Yes. I absolutely do. Most people will.

My problem is not that Amazon told an easily disprovable lie about something on the retail side of their business; that’s relatively minor—and, at any rate, isn’t anywhere close to my area of focus: their cloud division.

The problem is what that teaches us as customers. We should continue to trust Amazon and Amazonians that we encounter in the course of doing businesses. They’re all well-intentioned people working to do right by us, because Customer Obsession matters to them. We should also trust and continue to trust AWS official communications—when the stakes are low.

But what Amazon has just demonstrated for all the world to see is that when they’re facing a significant obstacle, when it matters to them, they’ll toss leadership principles like Earn Trust and Customer Obsession and Are Right, A Lot to the wind and say whatever’s expedient.

https://www.lastweekinaws.com/blog/you-cant-trust-amazon-when-it-feels-threatened/

#amazon #DeleteAmazon #DickPunchBezos
📡 @nogoolag 📡 @blackbox_archiv

Apple Silicon M1 Power Consumption Deep Dive Part 1: Safari vs Chrome

https://singhkays.com/blog/apple-silicon-m1-video-power-consumption-pt-1/

#apple #siliconM1 #safari #chrome
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

How workplace surveillance is entering our homes and driving through our streets

The home is not the only space where workplace surveillance outside the office or factory is becoming more common. For many, work means driving a vehicle, and so installing cameras that monitor behavior there is an obvious step. Once more, AI is being applied to take such surveillance to the next level. One of the biggest rollouts of this approach is by Amazon to its 75,000 delivery vehicles

https://www.privateinternetaccess.com/blog/how-workplace-surveillance-is-entering-our-homes-and-driving-through-our-streets/

💡 http://www.itechgps.com/sites/itechbus/uploads/documents/Netradyne_Presentation.pdf

#workplace #surveillance #ai #amazon #DeleteAmazon #DickPunchBezos #netradyne #pdf #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Amazon offers rare apology, says it will look for solutions to drivers peeing in bottles

Amazon issued a rare apology Friday night, stepping back from comments made on Twitter last week in a response to Rep. Mark Pocan of Wisconsin over whether its delivery drivers felt the need to urinate in bottles since bathroom breaks were challenging to achieve.

https://www.geekwire.com/2021/amazon-offers-rare-apology-says-will-look-solutions-drivers-peeing-bottles/

#amazon #DeleteAmazon #DickPunchBezos
📡 @nogoolag 📡 @blackbox_archiv

Gamifying Propaganda: Everything You Need to Know about China’s ‘Study Xi’ App

Scoring points by doing Xi-focused quizzes and watching ‘Xi Time’ news: this app takes propaganda to a whole other level.

A new app that encourages China’s online population to study Xi Jinping Thought has made headlines, both in and outside of China. Here’s everything you need to know about this new interactive propaganda tool.

On January 1st, the Xué Xí Qiáng Guó app was launched on various Chinese app stores. The app is an initiative by the Propaganda Department of the Central Committee of the Communist Party, and is linked to the xuexi.cn platform, which was first set up in 2018.

The app has been making headlines in Chinese and English-language media this week. The BBC referred to the app as a “little red book,” and reported that members of the ruling Communist Party, as well as state-owned company employees who are not Party members, have allegedly been required to download and use it on a daily basis (Feb 15).

The Guardian reported that government officials in Fujian province and Qingdao city held workshops last month stressing the political importance of the app, and directing local leaders to promote the app across government departments (Feb 15).

Although some reports claim that the app is making its way to top lists of most downloaded apps in China, it only scored a position 72 in the top 100 list of popular Chinese app store 360app at time of writing. The app store does state that the app has been downloaded 340000 times, with app users rating it with 2,5 stars out of 5. In the Tencent store, the app was downloaded 2,1 million times.

However, these numbers do not necessarily indicate much about the total number of downloads, since the app can be directly downloaded as an APK file from various locations. In the Chinese Apple store, the app is now the number one scoring app in the educational category. The app is only available in Chinese, and is not available from the Google Play store or Apple stores outside of China.

https://www.whatsonweibo.com/gamifying-propaganda-everything-you-need-to-know-about-chinas-study-xi-app/

#china #xi #app #gaming #propaganda #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Breaking VeraCrypt containers

VeraCrypt is a de-facto successor to TrueCrypt, one of the most popular cryptographic tools for full-disk encryption of internal and external storage devices. Compared to TrueCrypt, which it effectively replaced, VeraCrypt employs a newer and more secure format for encrypted containers, and significantly expands the number of supported encryption algorithms and hash functions. Learn how to break VeraCrypt containers with distributed password attacks.

VeraCrypt Encryption

Full-disk encryption tools rely on symmetric cryptography to encrypt data, and employ one-way transformations (hash functions) to protect the binary data encryption key with the user’s password. When attacking an encrypted container, the expert must either know the exact combination of the cipher and hash function, or try all of their possible combinations. If the expert makes the wrong choice of a hash function or cipher, the data will not be decrypted even if the correct password is known.

During the times TrueCrypt ruled the world of third-party full-disk encryption tools, users were presented with the choice of three individual encryption algorithms (AES, Serpent, and Twofish). In addition, five combinations of cascaded algorithms (AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent) were available, making the total of eight possible combinations. Passwords could be protected with one of the three supported hash functions (RIPEMD-160, SHA-512, or Whirlpool).

VeraCrypt offers the choice of some fifteen combinations of individual encryption algorithms and their cascaded combinations. Five different hash functions are supported, making it 15×5=75 possible combinations of symmetric ciphers and one-way hash functions to try. If you don’t know exactly which cipher and which hash function has been used to encrypt the container, you’ll have to try all of the 75 combinations during the attack.

https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/

#breaking #veracrypt #truecrypt #containers #cryptography #aes
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Everytime you try and go on a website

https://nitter.fdn.fr/5tevieM/status/1375116382770171906#m

#thinkabout #cookies #video
📡 @nogoolag 📡 @blackbox_archiv