USA: The Graham-Blumenthal Bill Is an Attack on Online Speech and Security

https://www.eff.org/deeplinks/2020/03/graham-blumenthal-bill-attack-online-speech-and-security

https://act.eff.org/action/protect-our-speech-and-security-online-reject-the-graham-blumenthal-bill


#usa #encryption #gov #why #earnit

Zuckerberg's personal security costs Facebook millions of dollars

Facebook reports rising costs for Mark Zuckerberg's bodyguards and private jets.

Facebook has spent more than $23 million in 2019 on personal security and flights in private jets of its CEO Mark Zuckerberg. This is the result of a mandatory disclosure of the company to the US Securities and Exchange Commission (SEC).

In 2018, Facebook paid about $20 million for these purposes; in 2017, it paid $9.1 million. Zuckerberg's annual salary remains $1. Expenditures include "$10.46 million related to personal security for Zuckerberg at home and travel.

An additional $10 million was required to protect Zuckerberg and his family. For comparison, Facebook spent $9.95 million on personal protection in 2018 and $7.5 million in 2017.

💡 https://www.sec.gov/Archives/edgar/data/1326801/000132680120000037/facebook2020definitiveprox.htm#sF199B9027C8357DCA91270FD24840CBA

#DeleteFacebook #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Reasons not to use the Discord communications system

The Discord communications system requires running a nonfree client program. That alone is reason to refuse to use it.

❗️ The program reportedly collects lots of data about users.

❗️ The developer denies the claim that Discord reports which processes are running on the user's machine. I have no way of determining the facts about this specific point. Whether it collects those particular data is a minor detail; I mention it only to avoid appearing to assert a criticism that might not be true.

❗️ For the same reason, I mention that selling personal data is not the sole way that the company makes money.

❗️ I don't think that question how it makes money really matters. What matters, ethically, is what the software does to users.

❗️ The developers' motives for making it do those things are pertinent to understanding the situation but should not affect our moral judgment of mistreatment of users.

❗️ One user quit using Discord because it demanded she fill out a Google reCAPTCHA, apparently because she was connecting through Tor.

❗️ Google CAPTCHAs didn't work for me, because they required running nonfree Javascript code.

❗️ Discord insists on tracking users. If a user connects through a VPN, Discord demands that user provide a phone number.

❗️ Discord locks accounts that don't have associated phone numbers. When an account is locked, also called "deactivated", the user is not allowed to make real use of it until person adds a phone number.
Discord may demand to talk with you by phone if it decides you are suspicious — for instance, if you contact it via Tor.

❗️ If I understand right, if you use Discord regularly via Tor you would need to carry that phone with you all the time. A burner phone, one what you possess only for a short time, would not be allowed to do the job.

❗️ Thus, whoever uses Discord gets tracked either by the Discord server (and anyone looking at where the packets are coming from) or by the phone.

❗️ Users report that Discord shut off their accounts and won't tell them why.

The Discord web site also offers application nonfree programs. You shouldn't use them, naturally, but they are a separate issue from using the communications system itself.

💡 Reasons not to use the Discord communications system
https://stallman.org/discord.html

#stallman #discord
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Interview with Edward Snowden (Vice) - 11 april 2020

https://vid.lelux.fi/videos/watch/dddf5797-d013-4cd7-9766-578ef76a3efa

#snowden #interview #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Interview with Edward Snowden (Vice) - 11 april 2020

In 720p

Watt

Watt is an open source android component management application. It uses IFW (Intent Firewall) to disable or enable app components (receivers/services/activities), requires root permissions

https://github.com/tuyafeng/Watt


Features
-Disable or enable components (receivers/services/activities) easily
-Block a broadcast so that no app can receive it to wake itself
-Block the bad Keep-Alive services of some apps without errors
-No data collection
-Efficient and simple interface


⬇️ Download
https://f-droid.org/app/com.tuyafeng.watt (on IzzyOnDroid F-Droid repository)

https://github.com/tuyafeng/Watt/releases


📖 Explanation of IFW (Intent Firewall)
https://carteryagemann.com/pages/android-intent-firewall.html


📡 @Libreware 📡 @NoGoolag
#watt #blocker #intent #mat

FAT File-System Driver For Linux Sees Patch To Run Multiple Times Faster

https://www.phoronix.com/scan.php?page=news_item&px=Linux-Faster-FAT

https://lore.kernel.org/lkml/87d08e1dlh.fsf@mail.parknet.co.jp

https://github.com/OGAWAHirofumi/linux-tux3


#linux #fat #filesystem #speed

Hackers bring multi-boot support to newer iPhones and iPads

Apple makes it easy to upgrade an iPhone or iPad to a new version of iOS and often boasts about the high-percentages of users running the latest version of the operating system.

A few things the company doesn’t make easy? Downgrading to an earlier version of iOS, installing an alternate operating system, or dual-booting. Or multi-booting, actually, since it’s possible to load more than two operating systems.

But folks have been finding unofficial ways to do those things for years. In March we learned about a project to bring Android to the iPhone 7 and iPhone 7+. Now a team of developers have released a guide for dual-booting multiple operating systems on iPhones and iPads with 64-bit processors.
So far the guide is designed to let you run multiple versions of iOS. But theoretically it could open the door to dual-booting Linux and/or Android on an iPhone or iPad.

💡 Dual Booting 64 Bit devices
https://dualbootfun.github.io/dualboot/

https://liliputing.com/2020/04/hackers-bring-multi-boot-support-to-newer-iphones-and-ipads.html

#multiboot #iphones #ipads #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Latest Fenix (Firefox Preview) Nightly got more extension support

You can get it here:
https://firefox-ci-tc.services.mozilla.com/tasks/index/project.mobile.fenix.v2.fennec-nightly/latest

#fenix #ff #firefox #preview

Palantir - UK government using confidential patient data in coronavirus response

Documents seen by Guardian show tech firms using information to build ‘Covid-19 datastore’

Technology firms are processing large volumes of confidential UK patient information in a data-mining operation that is part of the government’s response to the coronavirus outbreak, according to documents seen by the Guardian.

Palantir, the US big data firm founded by the rightwing billionaire Peter Thiel, is working with Faculty, a British artificial intelligence startup, to consolidate government databases and help ministers and officials respond to the pandemic.

Data is also being used by Faculty to build predictive computer models around the Covid-19 outbreak. One NHS document suggests that, two weeks ago, Faculty considered running a computer simulation to assess the impact of a policy of “targeted herd immunity”. Lawyers for Faculty said the proposed herd immunity simulation never took place.

NHSX, the digital transformation arm of the National Health Service that has contracted the tech companies to help build the “Covid-19 datastore”, said the technology would give ministers and officials “real-time information about health services, showing where demand is rising and where critical equipment needs to be deployed”.

“The companies involved do not control the data and are not permitted to use or share it for their own purposes,” a spokesperson said. Faculty’s lawyers said the firm only had access to aggregated or anonymised data via NHS systems.

The government had previously said it would use Faculty and Palantir in a Covid-19 data project. But the full scope of that operation, and the sensitive nature of patient-level data being used, is revealed in the documents seen by the Guardian.

👉🏼 Read more:
https://www.theguardian.com/world/2020/apr/12/uk-government-using-confidential-patient-data-in-coronavirus-response

#palantir #thiel #BigData #uk #coronavirus #datastore
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets

Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
Using a familiar phishing method to target new brands.

The 49 browser add-ons, potentially the work of Russian threat actors, were identified (find the list here) by researchers from MyCrypto and PhishFort.

"Essentially, the extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto. "Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts."

Motivation and Purpose

We keep an eye on the type of attacks that come to cryptocurrency users on a daily basis and often write about our findings to help educate the community. We’ve seen various types of attacks on users, ranging from simple trust-trading scams to SIM hijacking to compromising and stealing funds from exchange accounts.

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies.

👉🏼 Read more:
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9

https://thehackernews.com/2020/04/chrome-cryptocurrency-extensions.html

#hijacking #cryptocurrency #wallets #google #chrome #browser #extensions
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Signal: We’ll be eaten alive by EARN IT Act’s anti-encryption wolves.

Recent weeks have been rough, with droves of people turning to virtual communication for sensitive conversations they’d like to keep private – medical visits, seeing friends’ faces and hearing their voices, or solace for those who’ve lost loved ones.

Understandably, the end-to-end (E2E) encrypted messaging app Signal has been signing up new users at “unprecedented” rates and flipping the switch on servers “faster than we ever anticipated,” Signal’s Joshua Lund said last week.

… and you can say goodbye to any of that staying stateside if the EARN IT Act passes.

https://nakedsecurity.sophos.com/2020/04/15/signal-well-be-eaten-alive-by-earn-it-acts-anti-encryption-wolves/

Earlier Post - HERE

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Google and Apple have conspired to install tracking spyware into your smartphones with the coronavirus excuse in a mandatory update

https://9to5google.com/2020/04/13/android-contact-tracing-google-play-services/

Here are some ways to avoid it:

1 Don't use Apple, it's a closed source tyranny, destroy them

2 Get devices like #pinephone, #librem or other non Android #phones instead

3 If you have an Android, be sure you can unlock the bootloader to be able to install a clean operating system (rom) free from Google spyware (without gapps).
Search on the internet your phone model + unlock bootloader.
Then install a recovery like twrp and from it a rom without gapps

4 Check out these instructions for Android if you don't have unlocked bootloader or root:
https://old.reddit.com/r/privatelife/comments/g13tyz


📡 @NoGoolag
#google #apple #gapps #mandatory #update #tracking #spyware #why

Changelog : v3.2.5
• Fixed auto install issues for bulk updates
• Fixed no-network issues for Anbox setups
• Various other bug fixes and improvements
• Updated Translations

PS:

Aurora Store wont be updated regularly now onwards,
only critical updates will be rolled out. No more feature requests.

Don't worry its not Aurora Store's EOL.

I just want to shift my focus to other Aurora projects.
I will not be a student always, getting pocket money from family, I need to earn now.

So not all my apps will be Open Source & Free.

Looking forward !

https://t.me/AuroraSupport
https://t.me/AuroraOSS

We are not far from the point where the US digital technology companies will become the virtual passport authority of the world, determining who is allowed to move within which radius. In future, even the physical contacts of every carrier of an Android or Apple smartphone will be recorded and evaluated by the USA.
— Norbert Häring

Wir sind nicht mehr weit davon entfernt, dass die digitalen Technologiekonzerne der USA virtuelle Passbehörde der Welt werden, die bestimmt, wer sich in welchem Radius bewegen darf. Sogar die physischen Kontakte jedes Trägers eines Android oder Apple-Smartphones sollen künftig erfasst und von den USA aus auswertbar sein.
— Norbert Häring

#id2020 #agenda #Privacy #HumanRights #Apple #Google #CorporatoCracy
✊ @noGooLag! @LibreWare

Kiwi browser

Kiwi browser (phone chromium with extensions support) just got open sourced

https://forum.xda-developers.com/showpost.php?p=82317933

https://github.com/kiwibrowser/src

Do tell us if it compiles. Also you might want to ask the dev to submit it to FDroid

@nogoolag @libreware
#kiwi #browser #chromium #extensions

Changelog : 3.2.6

• Bug fixes & improvements

PS : This build will clear all saved preferences just to avoid inconsistencies from version 3.1.x to 3.2.5

Configure your blacklists accordingly.

Hackers selling 267 million Facebook records on hacker forum.

Currently, the trove of 267 million Facebook records are being sold for around $600 on the hacker forum.

Facebook has more than 2.5 billion monthly active users and when its data is breached, that’s bad news for everyone. Today is one of those days where personal data of millions of unsuspected users has been put at risk.

In December 2019, Hackread.com reported that a misconfigured Elasticsearch server exposed the personal information of 267 million (267,140,436) users. These records mostly belonged to users in the United States and included Facebook profiles, full names, a unique ID for each account and timestamp, etc.

https://www.hackread.com/hacker-forum-sell-267-million-facebook-records/

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Changelog : 1.0.6

1. Use same color scheme for both the charts