Welcome to Privacy Guides

We are excited to announce the launch of Privacy Guides and r/PrivacyGuides, and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.

As we announced on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and growing issues with the .IO top-level domain. As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.

We chose the name Privacy Guides because it represents two things for us as an organization: An expansion beyond simple recommendation lists, and a goal of acting as the trusted guides to anyone newly learning about protecting their personal data.

As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more education — rather than direction — surrounding privacy-related topics. You can see the very beginnings of this work in our new page on threat modeling, or our VPN and Email Provider recommendations, but this is just the start of what we eventually hope to accomplish.

https://privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/

#privacyguides #privacytools
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Hackers steal 'decade's worth of data' from far-right webhost Epik - report

Epik is a company rife with controversy, associated by many with the far-Right due to hosting sites like Gab, 8chan, BitChute, the Daily Stormer and sites for the Proud Boys and Oath Keepers.

Hacktivist group Anonymous has allegedly hacked web domain registrar Epik and has stolen "a decade's worth of data," including considerable info regarding their clients and domains.

https://www.jpost.com/diaspora/antisemitism/hackers-steal-decades-worth-of-data-from-far-right-webhost-epik-report-679573

⚠️ Web hosting Company "Epik", known for hosting far right Neonazi sites, hacked by "Anonymous" which claims it leaked a decade worth of userdata. Their press release site contains a torrent, but I'm not gonna touch this shit with a stick. ⚠️

Here's their "press-release": epikfail.win

‼️ Visiting this site will very likely put you on a list. Downloading the torrent is probably illegal in many jurisdictions. ‼️

💡 Read as well:
https://t.me/BlackBox_Archiv/2537

#epik #hack #anonymous
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Darknet Diaries - EP 100: NSO

The NSO Group creates a spyware called Pegasus which gives someone access to the data on a mobile phone. They sell this spyware to government agencies around the world. How is it used and what kind of company is the NSO Group?

https://darknetdiaries.com/episode/100/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

The Battle for Digital Privacy Is Reshaping the Internet

As Apple and Google enact privacy changes, businesses are grappling with the fallout, Madison Avenue is fighting back and Facebook has cried foul.

SAN FRANCISCO — Apple introduced a pop-up window for iPhones in April that asks people for their permission to be tracked by different apps.

Google recently outlined plans to disable a tracking technology in its Chrome web browser.

And Facebook said last month that hundreds of its engineers were working on a new method of showing ads without relying on people’s personal data.

The developments may seem like technical tinkering, but they were connected to something bigger: an intensifying battle over the future of the internet. The struggle has entangled tech titans, upended Madison Avenue and disrupted small businesses. And it heralds a profound shift in how people’s personal information may be used online, with sweeping implications for the ways that businesses make money digitally.

At the center of the tussle is what has been the internet’s lifeblood: advertising.

https://www.nytimes.com/2021/09/16/technology/digital-privacy-reshaping-internet.html

#digital #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Enigma Reloaded

Offline ready web app, that allows encrypted communication across less trustworthy channels.

No ads, tracking and external services. Implements private public key encryption.

💡 Features:

- DIY Encrypt and decrypt messages and files
- Open source license(GPL V3) and open source code
- Local data such as contacts and messages are encrypted using AES-256, and your PIN is used as the passphrase
- Messages and files are encrypted using Public-key authenticated encryption (box) from https://github.com/dchest/tweetnacl-js. Which is implements x25519-xsalsa20-poly1305
- No ads, tracking, remote server
- Offline support
- Compatible with services such as: Messenger, Signal, Slack, Whatsapp, Twitter, Instagram DM, SMS etc. You can even print the cypher on a paper
- Import export encrypted backups

💡 Why not use PGP, instead of this?
https://github.com/enigma-reloaded/enigma-reloaded/blob/master/why-not-pgp.md

💡 Demo Video:
https://enigma-reloaded.github.io/enigma-reloaded/static/media/example.87b40669.mp4

💡 Latest version is deployed at:
https://enigma-reloaded.github.io/enigma-reloaded/

https://github.com/enigma-reloaded/enigma-reloaded//

#enigma #encrypted #communication
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Dodging Attack Using Carefully Crafted Natural Makeup

In this study, we present a novel black-box AML attack which carefully crafts natural makeup, which, when applied on a human participant, prevents the participant from being identified by facial recognition models. We evaluated our proposed attack against the ArcFace face recognition model, with 20 participants in a real-world setup that includes two cameras, different shooting angles, and different lighting conditions.

https://arxiv.org/abs/2109.06467

https://arxiv.org/pdf/2109.06467.pdf

#dodging #aml #attack #facialrecognition #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Chinese teenagers can now use Douyin, China’s TikTok, for only 40 minutes a day

Play time’s over for China’s youth as the country increasingly cracks down on culture and business following President Xi Jinping’s call for a “national rejuvenation.” Joining a three-hour ban on “electronic drugs” (popularly known as video games), is yet another limitation on how the demographic spends their free time.
TikTok on the clock

On 18 September, ByteDance, the parent company of Chinese video-sharing app TikTok—known as Douyin—imposed a daily usage limit for those under the age of 14. The new measures not only restrict them to a maximum of 40 minutes spent on the app per day but bans them from accessing it between 10 p.m to 6 a.m.

Called Xiao Qu Xing, which translates to ‘Little Fun Star’, these restrictions are implemented with a built-in feature called ‘teenage mode’. “If you are a real-name registered user under 14 years old, you will automatically find yourself in ‘teenage mode’ upon opening Douyin,” the company wrote on its corporate blog. Apart from the daily usage limits, the mode offers a personalised feed of short video-based educational content including “interesting popular science experiments, exhibitions in museums and galleries, beautiful scenery across the country, explanations of historical knowledge, and so on.” While young users are allowed to ‘like’ these clips, they are banned from sharing them with others or even uploading their own.

The autonomy to adjust the time limit further (from a maximum of 40 minutes) is under parental control. The company also encourages them to help their children complete the ‘real-name’ authentication process—which requests their name, phone number and an official ID—and activate the mode when prompted by the app.

https://screenshot-media.com/technology/social-media/douyin-teenage-mode/

#china #beijing #tiktok #douyin
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Global Innovation Index 2021: Innovation Investments Resilient Despite COVID-19 Pandemic; Switzerland, Sweden, U.S., U.K. and the Republic of Korea Lead Ranking; China Edges Closer to Top 10

Published by WIPO, in partnership with the Portulans Institute and our corporate partners: The Brazilian National Confederation of Industry (CNI), Confederation of Indian Industry (CII), Ecopetrol (Colombia) and the Turkish Exporters Assembly (TIM).

https://www.wipo.int/pressroom/en/articles/2021/article_0008.html

#innovation #index
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Call for Participation to MCH2022

Due to the uncertainties surrounding the COVID-19 pandemic, MCH2021 did not take place. However, we are planning for a MCH2022, happening between July 22nd and July 26th of 2022.

May Contain Hackers 2022 is requesting proposals for participation, including content.

💡 What is May Contain Hackers 2022 (MCH2022)?

— MCH2022 is a five-day international outdoor technology and security conference, to be held in the Netherlands, running from the 22nd till the 26th of July 2022. We are calling for participation in the form of talks, workshops, installations, volunteers - the only limits are your imagination!

💡Is this a new thing?

— No, it is the 9th edition of an event with a proud lineage and which happens every four years. Starting with the Galactic Hacker Party in 1989 and going outdoors with Hackers at the End of the Universe in 1993, here we are, several wars and pandemics later, with another outdoor hacker camp. So there'll be 32 years of history by the time it rolls around.

💡 Where is it?

— Near Zeewolde, the Netherlands, Europe, Earth. The exact location is the Scoutinglandgoed in Zeewolde, 55km east of Amsterdam and a bit less than 55km north-east of Utrecht. OpenStreetMap shows it here.

💡 When is it?

— The 22nd to the 26th of July 2022.

💡 What kind of participation are you looking for?

— Right now we want your content: the things that you are enthusiastic about and want to share on a stage and engage an audience with. Lectures, workshops, art installations - all those kinds of things.

💡 What kind of an audience can I expect?

— A motley crew of around 3500 hackers, freethinkers, philosophers, activists, geeks, scientists, artists, makers, creative minds, and others from all over the world will convene to share, discuss, criticise, look ahead, code, build, and reflect.

https://mch2022.org

#mch22 #event
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Using Tor Browser Safely

Tor Browser is a great tool when used the right way. We cover how browsing habits can link you to your identity and a few rules I suggest Tor browser users stick to (at the least). We all have that basic, fundamental Human Right to Privacy.

https://devtube.dev-wiki.de/videos/watch/5deade87-1a54-4d0b-8bbd-ae7dec59ed49

#tor #browser #privacy #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

How Secret Algorithms Decide Your Life Behind Closed Doors

AI-derived scores rank individuals based on their profitability or risk as consumers, job candidates, or even defendants in court. Machine-learning algorithms decide your life.

https://www.youtube.com/watch?v=VUhKTngpd8c

#ai #algorithm #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Inside Tor’s Perverted Underworld

Apart from legitimate underground communities, the Tor network’s hidden services play host to a large number of illicit child sex abuse sites

The Tor network boasts an excess of 170, 000 active addresses, some of which have been identified as criminal hotbeds where child sex abuse masterminds thrive.

Law enforcement agents note that the main reason why Tor has become very popular is due to its support of the hidden services. Hidden services, also referred to as onion services, ensure that users and websites achieve anonymity by Tor.

Essentially, the IP addresses belonging to hidden services found on the Tor network are effectively concealed – all sets of information about the host, location and content of hidden websites are not identifiable.

Point to note, Tor itself is not a hidden service, but the online platforms hosted on the Tor network constitute the hidden services. Cybersecurity experts acknowledge the legitimate uses of the Tor network, but have also lifted the lid on rampant cases of illicit activities being supported by hidden services.

What’s the Evidence?

According to the 2019 Global Threat Assessment Report by the WeProtect Alliance (a global movement that combats online-facilitated child sex abuse), more than 2.88 million users are found across multiple child sex abuse forums hosted by Tor’s onion services.

Another empirical study on the Tor hidden services made shocking revelations about a thriving child sex abuse environment on the world’s most popular anonymity network. From a single data capture, the researchers reported that about 80 percent of traffic to Tor’s hidden services was headed to platforms supporting child sex abuse material and other forms of illicit porn.

The study also expressed how easy it was to identify the child sex abuse sites from the metadata, which points to the fact that the criminals behind these platforms have solid confidence in the anonymity promised by Tor.

http://tape6m4x7swc7lwx2n2wtyccu4lt2qyahgwinx563gqfzeedn5nb4gid.onion/inside-tors-perverted-underworld-429

#tor #hiddenservices #cp #child #sex #abuse
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Darknet Diaries - EP 101: Lotería

In 2014 the Puerto Rico Lottery was mysteriously losing money. Listen to this never before told story about what happened and who did it.

https://darknetdiaries.com/episode/101/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv

Facebook seems to be struggling with major technical issues at the moment

https://facebook.com/

#DeleteFacebook #facebook #issues
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Over 120GB of Twitch website data has been leaked online (source code, encrypted passwords, streamer payouts, etc.)

CHANGE YOUR PASSWORDS AND ENABLE 2FA !!

A few hours ago, a 120GB data leak of Twitch was released online. This leak includes data such as "source code with comments for the website and various console/phone versions, references to an unreleased steam competitor, streamer payouts, encrypted passwords, etc."

https://www.reddit.com/r/Twitch/comments/q2gcq2/over_120gb_of_twitch_website_data_has_been_leaked/

https://www.videogameschronicle.com/news/the-entirety-of-twitch-has-reportedly-been-leaked/

#twitch #leak
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

From Surveillance Capitalism to “Influence Government”: Using Microtargeted Ads to “Nudge” People’s Everyday Behavior

Privacy News Online has written a number of times about “surveillance capitalism“, and its use of micro-targeted advertising to influence people’s buying decisions. But the worrying power of such highly-targeted advertising is not restricted to the world of commerce. As the Cambridge Analytica saga shows, it is also deployed in the world of politics, to encourage people to vote for candidates and to support particular policies.

Some fascinating work from the Scottish Centre for Crime and Justice Research (SCCJR), looks at how the UK government has drawn on micro-targeted advertising in order to modify the everyday behavior of certain groups of people – what the researchers call “influence government“:

https://www.privateinternetaccess.com/blog/from-surveillance-capitalism-to-influence-government-using-microtargeted-ads-to-nudge-peoples-everyday-behavior/

#surveillance #capitalism #influence #government #microtargeting #ads
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

VPN Service ‘Agrees’ to Block BitTorrent and Keep Logs to Settle Piracy Lawsuit (Updated)

VPN.ht has settled a copyright infringement lawsuit filed by a group of independent movie companies earlier this year. As part of the deal, the VPN agreed to block all BitTorrent traffic and log IP-address information on its US servers. While this a controversial order, VPN.ht says that users are still protected as the company will stop using US servers.

https://torrentfreak.com/vpn-service-will-block-bittorrent-and-keep-logs-to-settle-piracy-lawsuit-211011/

#piracy #vpn #bittorrent #lawsuit
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

IoT Hacking and Rickrolling My High School District

On April 30th, 2021, I rickrolled my high school district. Not just my school but the entirety of Township High School District 214. It's the second-largest high school district in Illinois, consisting of 6 different schools with over 11,000 enrolled students.

This story isn't one of those typical rickrolls where students sneak Rick Astley into presentations, talent shows, or Zoom calls. I did it by hijacking every networked display in every school to broadcast "Never Gonna Give You Up" in perfect synchronization. Whether it was a TV in a hall, a projector in a classroom, or a jumbotron displaying the lunch menu, as long as it was networked, I hacked it!

In this post, I'll be explaining how I did it and how I evaded detection, as well as the aftermath when I revealed myself and didn't get into trouble.

https://whitehoodhacker.net/posts/2021-10-04-the-big-rick

⚠️ Always remember to use these techniques, instructions, or hardware only on devices whose owners or users have allowed it. Unauthorized access to other people's infrastructure is punishable by law.

#educational #iot #hacking
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Howto: Anonymous Internet Using Tor (+ Proxychains)

What proxies are and how to use them to make internet connections more anonymous/private: using Proxychains and Tor.

Proxychains allows you to string together as many proxies together as you like using a simple configuration file format.

We go into Tor Browser Preferences to help Windows users learn to configure a proxy without access to proxychains. This configuration applies to other browsers as well.

https://devtube.dev-wiki.de/videos/watch/991657ca-0f61-401d-bee0-19969271d442

#howto #guide #tor #proxys #privacy #internet #video
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

Android Mobile OS Snooping By Samsung, Xiaomi, Huawei and Realme Handsets

Study reveals scale of data-sharing from Android mobile phones

An in-depth analysis of a range of popular Android mobile phones has revealed significant data collection and sharing, including with third parties, with no opt-out available to users.

Prof. Doug Leith at Trinity College Dublin along with Dr Paul Patras and Haoyu Liu at the University of Edinburgh examined the data sent by six variants of the Android OS developed by Samsung, Xiaomi, Huawei, Realme, LineageOS and /e/OS.

https://www.tcd.ie/news_events/articles/study-reveals-scale-of-data-sharing-from-android-mobile-phones/

👉🏽 PDF: https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf

#android #privacy #snooping #samsung #huawai #xiaomi #realme #lineage #eOS #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

[Reported] - Breach Exposed records from Brazil E-commerce platforms including MercadoLivre, amazonBR and many other.

https://canaltech.com.br/seguranca/brecha-expoe-17-bilhao-de-registros-de-plataforma-brasileira-de-e-commerce-198373/

https://nitter.pussthecat.org/hak1mlukha/status/1447889984615223297

via Twitter

#brazil #breach #MercadoLivre #amazonBR
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv