Android developer class action suit targets Play Store and its 30% transaction fee

The suit needs approval from federal court

Epic Games is waging legal war against Apple and Google for what it calls the exorbitant 30% revenue share those companies make on every app and in-app purchase. Indeed, every developer finds themselves paying the piper for the privilege of using what may arguably be the only practical commerce platforms of Android and iOS, but they don't usually have the means to file a suit. Now, though, one law firm is attempting to round up the aggrieved with proposed class-action litigation against Google.

https://www.androidpolice.com/2020/08/20/android-developer-class-action-suit-targets-play-store-and-its-30-transaction-fee/

#US #Google #Play

AI wins flawless victory against human F-16 fighter pilot in DARPA dogfight

DARPA’s AlphaDogfight trials have officially come to a close with Heron Systems’ incredible artificial intelligence pilot system defeating not only its industry competitors, but going on to secure 5 straight victories against a highly trained U.S. Air Force F-16 pilot, without the human pilot scoring a single hit.

Eight teams were selected to create artificial intelligence (AI) “agents” that would be capable of simulating a real dogfight between fighters, referred to as within-visual-range air combat maneuvering, more formally. The first two rounds of this competition saw these virtual pilots engage with one another in simulated combat environments in November and again in January. This third round of AI dogfighting included similar competitions, with the four finalist firms squaring off in a round robin. The event then culminated with the hands-down victor, Heron Systems, taking on a real human fighter pilot in another simulated fight.

And Heron really brought the heat, with its artificial intelligence system ultimately securing the AI championship by defeating Lockheed Martin’s AI system.

https://taskandpurpose.com/military-tech/darpa-artificial-intelligence-dogfight-competition

#US #AI #DARPA #dogfight #simulator

Phones could detect drinking over legal driving limit

Smartphones can detect when you've had too much to drink by monitoring your walk, a study has found.

American researchers used sensors in smartphones to detect when somebody was over the legal drink-drive limit.

Phones were able to do this with about 90% accuracy when users walked just 10 steps in the study by the University of Pittsburgh.

Scientists hope the discovery can be used to develop device alerts, such as asking people not to drive while drunk.

"We have powerful sensors we carry around with us wherever we go," lead researcher Brian Suffoletto said. "We need to learn how to use them to best serve public health."

https://www.bbc.co.uk/news/technology-53834476

#smartphone #privacy

Nanodroid developer is back!

https://forum.xda-developers.com/apps/magisk/module-nanomod-5-0-20170405-microg-t3584928/page816

Hi everyone,

I know I've been inactive for about 2 or 3 months here.

Those who follow the git repository might already know that some groundbreaking work was going on since beginning of August.

A new beta release 22.6.91 (= 22.7-beta2) will drop this weekend. What's to expect:

- full support for Android 10 (many issues resolved)
- full support for Android 10 if deodexed in the Patcher
- flashing all Packages (except the Uninstaller, needs a few changes, still) through Magisk Manager, this includes the Patcher as well (yes, yes!)
- more. See ChangeLog.md for the full list.

I won't go into reading the past 10+ pages, if there are any unresolved issues or questions, feel free to post them again (or in case of issues even better: create a ticket over at gitlab, with logs included).


NanoDroid 22.6.91 (22.7-beta2)

As promised, a new beta release is now available for testing: 22.6.91 (= 22.7-beta2)

Highlights

Full Android 10 compatibility (many issues resolved)
Full Android 10 compatibility for Patcher (services.jar must be deodexed, though)
Support flashing of all modules (including the Patcher!) through Magisk Manager (requires Magisk 19.0 at minimum)
Fixed several issues
build-package previously only worked in GNU/Linux, will now work on *BSD and Darwin (= MacOS) aswell
Usual updates


Configuration Changes:

1) Full package switched from Oandbackup to OAndBackupX (you'll be auto-migrated)

2) You can now install Play Store and Aurora Store (+ Aurora Services) together by using
Code:

nanodroid_play=30

3) You can now install official F-Droid and Aurora F-Droid clients (+ F-Droid Privileged Extension / Aurora Services) together by using
Code:

nanodroid_fdroid=3

4) You can now choose which init scripts to install by removing unwanted ones from the list
Code:

nanodroid_init="10_sqlite 20_fstrim 30_logcat 40_external_sd 50_logscleaner"

5) You can now choose which shell utils to install by removing unwanted ones from the list (the column utility will always be installed, as it's required by nanodroid-overlay script)
Code:

nanodroid_utils="findfs findmnt hexdump lessecho lesskey lsblk lscpu lsipc lslocks lsns ncal whereis"

6) You can select all new/changed stuff from Setup Wizard aswell, of course

DOWNLOADS:
https://downloads.nanolx.org/NanoDroid/Beta


#nanodroid #installer #microg

Full Nanodroid ChangeLog since 22.6

## 22.7 (in-dev)

### Bug Fixes

* SetupWizard
* when selecting no apps create empty config file (working around an uncommon corner case)
* when one selects no apps but still activates "install apps", the installer would install all apps

* Patcher
* drop -Xnodex2oat`from `dalvikvm flags to avoid crashes on Android 10
* falsely listed as supported flag by dalvikvm --help

* Installer
* fix bootloops with recent Play/GmsCore on Android 10 due to changed privapp-permissions

* SysTest
* fix collecting dalvikvm information on some recent ROMs

* Installer, Patcher, SysTest, Uninstaller
* improved APEX compatibility
* improved Android 10 compatibility

* Google Package
* fix GoogleCalendarSync on SDK 21 - 29 @Spongebob
* fix installing swipe libraries in cases where LatinIME does not have it's libs linked to /system

* build-package Script
* Darwin compatibility
* BSD compatibility
* fix build-package clean not properly working

### General Changes

* Installer
* Installing through Magisk Manager is possible again (atleast 19.0 required, 20.4 highly recommended)
* setup variable nanodroid_init is now a list nanodroid_init="10_sqlite 20_fstrim 30_logcat 40_external_sd 50_logscleaner"
* all listed init scripts will be installed
* setup variable nanodroid_utils is now a list nanodroid_utils="findfs findmnt hexdump lessecho lesskey lsblk lscpu lsipc lslocks lsns ncal whereis"
* all listed utils will be installed
* the column util will always be installed (required by nanodroid-overlay)

* Full Package
* switch from Oandbackup to OAndBackupX

* Full, microG package
* setup variable nanodroid_play has new value 30 which will install both Play Store and Aurora Store
* use own DroidGuard instead of Official, as long as there's no release

* Full, F-Droid package
* setup variable nanodroid_fdroid has new value 3 which will install both official and Aurora Store F-Droid clients
* installs F-Droid priviledged extension and Aurora Services alongside

* Patcher
* Patching through Magisk Manager is possible (atleast 19.0 required, 20.4 highly recommended)
* remove restriction for Android 10
* use Android 7 - 9 patch for Android 10
* collect APEX information in log
* create BOOTCLASSPATH on-the-fly and log it
* experimental: use newly proposed Haystack patches, see https://github.com/Lanchon/haystack/pull/34
* various minor improvements

* SysTest
* check and log LD_CONFIG_FILE
* log loaded APEX modules

* Patcher, Uninstaller
* drop old code regarding NanoMod (= NanoDroid older than version 16.0)

* Setup Wizard
* updated for aforementioned changes
* other minor changes

* build-package Script
* a bit more info when BP_DEBUG=1 is passed over

* Documentation
* minor updates

### Updates

* automatic
* microG GmsCore (0.2.11.202414)
* microG Droidguard Helper (0.1.2) [custom build]
* note: SafetyNet attestation still does not work with microG!
* AnySoftKeyboard (1.10.1109)
* Aurora Droid (1.0.6)
* Aurora Services (1.0.6)
* Aurora Store (3.2.9)
* Bromite System WebView (84.0.4147.132)
* F-Droid (1.10-alpha0)
* Frost (2.4.5)
* K-9 Mail (5.717)
* KeePassDX (2.8.1)
* NewPipe (0.19.8)
* OAndBackupX (3.0.0)
* Odyssey (1.1.19)
* Open Camera (1.48.2)
* OpenLauncher (0.7.3)
* OpenVPN (0.7.15)
* OsmAnd+ (3.7.4)
* Privacy Browser (3.4.1)
* Simple Calendar (6.10.0)
* Simple Gallery (6.15.2)
* SmartPack Kernel Manager (12.8)
* Termux (0.96)
* Tor Browser (68.10.1)
* Twidere (4.1.4)

* manual
* Google Play (20.9.20)
* MPV (20200728-nightly)

* tools
* sqlite3 (3330000)
* smali (2.4.0) [SDK26+]
* baksmali (2.4.0) [SDK26+]
* file (5.38-5)
* dexpatcher (1.8.0-beta1) [SDK26+]
* aapt [from Substratum 1021]

#nanodroid #installer #microg

Firefox Relay: create email aliases to combat spam and improve privacy

Mozilla revealed Firefox Private Relay, an experimental service to protect email addresses through the creation of aliases, in May 2020. The service was invite-only at the time but it is now available to anyone who wants to give it a try.

Now called Firefox Relay, it is available globally. A Firefox Account is required to sign-up for Firefox Relay and Firefox users may install the companion extension to better integrate the service into the browser and improve the generation of aliases, e.g. when signing up for a new service.

https://www.ghacks.net/2020/08/22/firefox-relay-create-email-aliases-to-combat-spam-and-improve-privacy/

#Mozilla #Firefox #Relay #spam

How the Dark Web Drug Supply Has Responded to COVID-19

The darknet drug markets suffered initial disruptions in shipment speeds before recovering to become more efficient than legitimate supply chain systems.

Like legitimate supply chains, dark web drug markets depend on substance imports from China, and the coronavirus pandemic led to closure of Chinese chemical supply firms and factories.

Importantly, drug dealers depend of legitimate trade routes to sustain their illicit commercial activities. The fact that EU borders remained open did not make things better for most of the darknet and legitimate supply chains as shipping capacities took a nose dive.

Nonetheless, although the coronavirus-related restrictions seemed to freeze operations across the global drug supply chains, the situation in the dark web economy was different. Mexican drug cartels suffered from the pandemic’s economic ramifications as user buying power tanked – meanwhile, the darknet drug markets did not really suffer a serious dent in drug sales.

👀 👉🏼 (Tor-Browser)
http://tapeucwutvne7l5o.onion/how-the-dark-web-drug-supply-has-responded-to-covid-19

👀 👉🏼 Online Drug Markets Are Entering a 'Golden Age'
https://www.vice.com/en_us/article/dyz3v7/online-drug-markets-are-entering-a-golden-age

👀 👉🏼 Vaccine for COVID-19 and Other Scams on the Dark Web
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vaccine-for-covid-19-and-other-scams-on-the-dark-web/

👀 👉🏼 (PDF) From Dealer to Doorstep – How Drugs Are Sold On the Dark Net
https://www.swansea.ac.uk/media/From-Dealer-to-Doorstep-%C3%A2%C2%80%C2%93-How-Drugs-Are-Sold-On-the-Dark-Net.pdf

👀 👉🏼 (PDF) EMCDDA AND EUROPOL ANALYSE IMPACT OF PANDEMIC ON EU DRUG MARKETS
https://www.emcdda.europa.eu/system/files/attachments/13099/COVID19_DrugMarkets_EMCDDA_Europol_Final_web.pdf

#darknet #markets #drugs #europol #covid #study #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Internet use increases among poor Brazilians

A greater percentage of individuals on lower incomes is shopping online and paying for streaming services during the Covid-19 outbreak, according to new research.

There has been a significant increase in online access to financial offerings and government services in Brazil among low-income citizens, according to a study on the role of the Internet during the Covid-19 outbreak.

The study carried out by Cetic.br, research arm of the Brazilian Network Information Center (NIC.br) suggests that Internet access through all devices has gone up significantly and online traffic in Brazil has reached record levels in the last five months, peaking at 13,5 Tbps.

https://www.zdnet.com/article/internet-use-increases-among-poor-brazilians/

#SouthAmerica #Brazil #internet

Stealing Data With CSS: Attack and Defense

Summary: A method is detailed - dubbed CSS Exfil - which can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector. Due to the modern web's heavy reliance on CSS, a wide variety of data is potentially at risk, including: usernames, passwords, and sensitive data such as date of birth, social security numbers, and credit card numbers. The technique can also be used to de-anonymize users on dark nets like Tor. Defense methods are discussed for both website operators as well as web users, and a pair of browser extensions are offered which guard against this class of attack.

👀 👉🏼 Want to check if you are vulnerable?
https://www.mike-gualtieri.com/css-exfil-vulnerability-tester

💡 👉🏼 Want to protect yourself?

👉🏼 Install the Chrome plugin:
https://chrome.google.com/webstore/detail/css-exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo

👉🏼 Install the Firefox plugin:
https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection

👀 👉🏼 Methods of Exploitation and Proof of Concept
https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense

#css #attack #defense #exploitation #vulnerability
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Bellingcat's free online open source research toolkit

Version 5.3 (August 19, 2020)

The list includes satellite and map services, photo and video review tools, web archiving sites, and more.

Content (All links lead to GoogleDocs):

💡 Maps, Satellites & Streetview
💡 Location Based Searches
💡 Image & Video Verification
💡 Social Media
💡 Transportation
💡 Date & Time

💡 WhoIs, IPs & Website Analysis
💡 People & Phone Numbers
💡 Archiving & Downloading
💡 Company Registries
💡 Data Visualization
💡 Online Security & Privacy
💡 Finding Experts
💡 Miscellaneous
💡 Guides & Handbooks

https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA/mobilebasic#h.6igzqqftqvh4

#Bellingcat #toolkit #research #collection
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

me and my shadow - take control of your data

💡 What are digital traces?

Through your computer, mobile phone, and other digital devices, you leave behind hundreds of digital traces (also called data traces) every day: bits of information about you that are created, stored, and collected.

When your digital traces are put together to create stories about you or profiles of you, these become your digital shadows. These can give others huge insight into your life; and they can also be totally wrong. Either way, once they're out there, they are almost impossible to control....

👀 👉🏼 https://myshadow.org/

#shadow #data #digital #traces #yourdata #toolkit #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Dutch ISPs Unblock Pirate Bay Proxies, Because They Can

Dutch ISPs Ziggo and XS4ALL have unblocked dozens of Pirate Bay proxies and mirrors. While the companies must block the torrent site itself, the latest court order supersedes the injunction which covered the site's proxies. Anti-piracy group BREIN characterizes the ISPs move as "shenanigans" and "downright silly."

The Pirate Bay is blocked in dozens of countries around the world. In most cases, ISPs are ordered to take action after a relatively short court proceeding.

In the Netherlands, however, the process took more than a decade, and it’s still not completely over yet.

https://torrentfreak.com/dutch-isps-unblock-pirate-bay-proxies-because-they-can-200822/

#Europe #Netherlands #ISP #PirateBay #piracy

NSO Group Closes Cyprus Office of Spy Firm

NSO recently closed the Cyprus office of phone network exploitation company Circles and fired a number of staff, according to two former NSO employees.

Controversial phone hacking company NSO Group has closed the Cyprus office of Circles, a surveillance firm that previously merged with NSO, and fired a number of staff, according to two former NSO employees.

Cyprus is a hotbed for surveillance companies that sometimes set up shop in the country and then sell their technology from the region.

"They fired all the Cyprus office," one of the former NSO employees told Motherboard.

"All Cyprus site was closed recently; all of the people fired," the second former employee added. Motherboard granted the sources anonymity as they weren't authorized to speak to the press about internal company issues, and to avoid retaliation from NSO.

https://www.vice.com/en_us/article/ep48kp/nso-group-cyprus-circles-bulgaria-ss7

#Israel #Cyprus #NSO #spy #firm

The Digital First Aid Kit!

The Digital First Aid Kit is a free resource to help rapid responders, digital security trainers, and tech-savvy activists to better protect themselves and the communities they support against the most common types of digital emergencies. It can also be used by activists, human rights defenders, bloggers, journalists or media activists who want to learn more about how they can protect themselves and support others. If you or someone you are assisting is experiencing a digital emergency, the Digital First Aid Kit will guide you in diagnosing the issues you are facing, and refer you to support providers for further help if needed.

👀 👉🏼 https://digitalfirstaid.org/en/index.html

👀 👉🏼 Digital Security Helpline
https://www.accessnow.org/help/

#data #digital #firstaid #security #help #toolkit #guide #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Belarus blocks over 50 news websites amid large protests

MINSK, Belarus (AP) — Authorities in Belarus have blocked more than 50 news media websites reporting on how the country has been shaken by two weeks of protests demanding that authoritarian President Alexander Lukashenko resign after 26 years in power.

The Belarusian Association of Journalists reported the shutdowns Saturday, which included sites for the U.S.-funded Radio Liberty and Belsat, a Polish-funded satellite TV channel focusing on neighboring Belarus.

On Friday, the state publishing house stopped printing two top independent newspapers, the Narodnaya Volya and Komsomolskaya Pravda, citing an equipment malfunction.

https://apnews.com/7d92cfccbc7cbed1aaab40fd6f0b6e0b

#Europe #Belarus #free #press #protests

Welcome @ our BlackBox Security Group and News Channel :)

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google Has a Plan to Disrupt the College Degree

Google's new certificate program takes only six months to complete, and will be a fraction of the cost of college.

Google recently made a huge announcement that could change the future of work and higher education: It's launching a selection of professional courses that teach candidates how to perform in-demand jobs.

These courses, which the company is calling Google Career Certificates, teach foundational skills that can help job-seekers immediately find employment. However, instead of taking years to finish like a traditional university degree, these courses are designed to be completed in about six months.

https://www.inc.com/justin-bariso/google-plan-disrupt-college-degree-university-higher-education-certificate-project-management-data-analyst.html

#US #Google #education

The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer.

Due to missing verification when configuring mail routes, both Gmail’s and any G Suite customer’s strict DMARC/SPF policy may be subverted by using G Suite’s mail routing rules to relay and grant authenticity to fraudulent messages. This is notably not the same as classic mail spoofing of yesteryear in which the From header is given an arbitrary value, a technique which is easily blocked by mail servers using the Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC). This issue is a bug unique to Google which allows an attacker to send mail as any other user or G Suite customer while still passing even the most restrictive SPF and DMARC rules.

https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google wants to shut down dezoomify

A free and open source software that offers zoomable images from Google Art service

https://github.com/lovasoa/dezoomify/issues/435


#dezoomify #Google #art

Censorship: Google and YouTube shut down accounts of the Cuban government

Censura: Google y YouTube cierran cuentas del gobierno cubano

https://www.elperiodico.com.do/2020/08/21/censura-google-y-youtube-cierran-cuentas-del-gobierno-cubano


#Google #Cuba