How they harvest our data

TL;DR: everything is very bad. Prognosis is not comforting; if we do nothing all the distopias we read in fiction novels will look like a happy holiday at granny's.

It's hard to be in IT, cause your friends have no idea what you do. Engineer, product manager, QA — how does it all differ from fixing a printer in the office? (tip: you don't get $150k/year for fixing printers).

You also can't really talk to normal people about IT, because they use this industry, but they don't get it. But there's a topic you can raise with any mortal, that will get their attention: data privacy.

How do they gather data about us? Will VPN and incognito mode save us? Maybe we should all just pack our stuff and go into the woods and make friends with wolves and bears?

https://dkzlv.com/en/how-they-harvest-data/

#data #bigdata #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Fake Contacts

Android phone app that creates fake contacts, which will be stored on your smartphone along with your real contacts. This feeds fake data to any apps or companies who are copying our private data to use or sell it. This is called "data-poisoning".

Nothing about these fake contacts will interfere with your normal use of your phone or your real contacts.

https://github.com/BillDietrich/fake_contacts

https://f-droid.org/en/packages/me.billdietrich.fake_contacts/

#fakecontacts #contacts #data #poisoning

After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it.

Spying on users has nothing to do with building a great web browser or search engine. We would know (our app is both in one).

https://nitter.nixnet.services/DuckDuckGo/status/1371509053613084679

#duckduckgo #google #DeleteGoogle #personal #data #yourdata
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

This is what happens when ICE asks Google for your user information

You’re scrolling through your Gmail inbox and see an email with a strange subject line: A string of numbers followed by “Notification from Google.”

It may seem like a phishing scam or an update to Gmail’s terms of service. But it could be the only chance you’ll have to stop Google from sharing your personal information with authorities.

Tech companies, which have treasure troves of personal information, have become natural targets for law enforcement and government requests. The industry’s biggest names, such as Google, Facebook, Twitter and LinkedIn, receive data requests — from subpoenas to National Security Letters — to assist in, among other efforts, criminal and non-criminal investigations as well as lawsuits.

An email like this one is a rare chance for users to discover when government agencies are seeking their data.

In Google’s case, the company typically lets users know which agency is seeking their information.

In one email The Times reviewed, Google notified the recipient that the company received a request from the Department of Homeland Security to turn over information related to their Google account. (The recipient shared the email on the condition of anonymity due to concern about immigration enforcement). That account may be attached to Gmail, YouTube, Google Photos, Google Pay, Google Calendar and other services and apps.

The email, sent from Google’s Legal Investigations Support team, notified the recipient that Google may hand over personal information to DHS unless it receives within seven days a copy of a court-stamped motion to quash the request.

https://www.latimes.com/business/technology/story/2021-03-24/federal-agencies-subpoena-google-personal-information

#ice #federal #agencies #google #DeleteGoogle #personal #data #information #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google

We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins.

‼️ The phone IMEI, hardware serial number, SIM serial number and IMSI, handsetphone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this.

💡 When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

#apple #google #study #telemetry #data #mobilephones #pdf
📡 @nogoolag @blackbox_archiv

TrackerControl

TrackerControl allows users to monitor and control the widespread, ongoing, hidden data collection in mobile apps about user behaviour (‘tracking’).

To detect tracking, TrackerControl combines the power of the Disconnect blocklist, used by Firefox, and our in-house blocklist is used, created from analysing ~2 000 000 apps! Additionally, TrackerControl supports custom blocklists.

💡 This approach

👉🏼 reveals the companies behind tracking,

👉🏼 allows to block tracking selectively, and

👉🏼 exposes the purposes of tracking, such as analytics or advertising.

The app also aims to educate about your rights under Data Protection Law, such the EU General Data Protection Regulation (GDPR).

Under the hood, TrackerControl uses Android’s VPN functionality, to analyse apps’ network communications locally on the Android device. This is accomplished through a local VPN server, to enable network traffic analysis by TrackerControl.

💡 No root is required, other VPNs or Private DNS are not supported. No external VPN server is used, to keep your data safe! TrackerControl even protects you against DNS cloaking, a popular technique to hide trackers in websites and apps.

TrackerControl will always be free and open source, being a research project.

https://trackercontrol.org/

https://github.com/OxfordHCC/tracker-control-android/releases/latest/download/TrackerControl-githubRelease-latest.apk

#TrackerControl #data #collection #android #apps #opensource
📡 @nogoolag 📡 @blackbox_archiv

Your 'smart home' is watching – and possibly sharing your data with the police

Smart-home devices like thermostats and fridges may be too smart for comfort – especially in a country with few laws preventing the sale of digital data to third parties

You may have a roommate you have never met. And even worse, they are nosy. They track what you watch on TV, they track when you leave the lights on in the living room, and they even track whenever you use a key fob to enter the house. This is the reality of living in a “smart home”: the house is always watching, always tracking, and sometimes it offers that data up to the highest bidder – or even to police.

This problem stems from the US government buying data from private companies, a practice increasingly unearthed in media investigations though still quite shrouded in secrecy. It’s relatively simple in a country like the United States without strong privacy laws: approach a third-party firm that sells databases of information on citizens, pay them for it and then use the data however deemed fit. The Washington Post recently reported – citing documents uncovered by researchers at the Georgetown school of law – that US Immigration and Customs Enforcement has been using this very playbook to buy up “hundreds of millions of phone, water, electricity and other utility records while pursuing immigration violations”.

https://www.theguardian.com/commentisfree/2021/apr/05/tech-police-surveillance-smart-home-devices

#smarthome #data #sharing #privacy #surveillance

Facebook does not plan to notify half-billion users affected by data leak

(Reuters) - Facebook Inc did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday.

Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post on Tuesday that “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts.

The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.

The scraped information did not include financial information, health information or passwords, Facebook said. However, the collated data could provide valuable information for hacks or other abuses.

Facebook, which has long been under scrutiny over how it handles user privacy, in 2019 reached a landmark settlement with the U.S. Federal Trade Commission over its investigation into allegations the company misused user data.

Ireland’s Data Protection Commission, the European Union’s lead regulator for Facebook, said on Tuesday it had contacted the company about the data leak. It said it received “no proactive communication from Facebook” but was now in contact.

The July 2019 FTC settlement requires Facebook to report details about unauthorized access to data on 500 or more users within 30 days of confirming an incident.

The Facebook spokesman declined to comment on the company’s conversations with regulators but said it was in contact to answer their questions.

https://www.reuters.com/article/us-facebook-data-leak/facebook-does-not-plan-to-notify-half-billion-users-affected-by-data-leak-idUSKBN2BU2ZY

#facebook #DeleteFacebook #data #leak #database #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Another huge data breach, another stony silence from Facebook

The social media giant is still a law unto itself. Can anybody hold it to account?

Half a billion Facebook users’ accounts stolen. Personal information compromised. Telephone numbers and birth dates drifting across the internet being used for God knows what. And for four days, from Facebook’s corporate headquarters, nothing but silence.

If this sounds familiar, it’s because it is. This week saw reports of a massive new Facebook breach and everything about it, from Facebook’s denials of the words “data” and “breach” to its repeated refusal to answer journalists’ questions, has been uncannily reminiscent of the Cambridge Analytica scandal.

Three years on, “Cambridge Analytica” is a byword for mass-data abuse, Facebook has been fined billions of dollars for failing to protect users’ data and... not a thing has changed. If ever there were a moment to understand how profoundly all systems of accountability have failed, and continued to fail, it is this.

Last week Nick Clegg, vice president of global affairs at Facebook, admitted on The Verge website that the Cambridge Analytica scandal had “rocked Facebook right down to its foundations”. And yet it has learned nothing. It has paid no real price (the record $5 billion fine it paid to the Federal Trade Commission (FTC) is literally no price at all to Facebook), suffered no real consequences, and failed to answer any questions over the involvement of its executives.

https://www.theguardian.com/technology/2021/apr/11/another-huge-data-breach-another-stony-silence-from-facebook

#facebook #DeleteFacebook #data #breach #comment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

WhatsApp's new privacy policy is so bad it might be illegal

A German data protection agency has opened proceedings

WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.

The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.

Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."

The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.

The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.

https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/

#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv