Privacy Analysis of Tiktok’s App and Website (#PoC)

I did a detailed privacy check of the Tiktok app and website. Tiktok commits multiple breaches of law, trust, transparency and data protection.

Here are all technical and legal details. You can read a less technical article about it at the Süddeutsche Zeitung (german).

This is my setup: I used #mitmproxy to route all #app #traffic for #analysis. See in this #video how device information, usage time and watched videos are sent to #Appsflyer and #Facebook.

Hard to believe that this is covered by „legitimate interest“ and transparency: Entered search terms are sent to Facebook...

👉🏼 Read more:
https://rufposten.de/blog/2019/12/05/privacy-analysis-of-tiktoks-app-and-website/

#TikTok #PoC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Project DREAD: White House veterans helped Gulf monarchy build secret surveillance unit

In the years after 9/11, former U.S. counterterrorism czar Richard Clarke warned Congress that the country needed more expansive spying powers to prevent another catastrophe. Five years after leaving government, he shopped the same idea to an enthusiastic partner: an Arab monarchy with deep pockets.

In 2008, Clarke went to work as a consultant guiding the United Arab Emirates as it created a cyber surveillance capability that would utilize top American intelligence contractors to help monitor threats against the tiny nation.

The secret unit Clarke helped create had an ominous acronym: #DREAD, short for #Development #Research #Exploitation and #Analysis #Department. In the years that followed, the #UAE unit expanded its hunt far beyond suspected extremists to include a #Saudi women’s rights activist, diplomats at the United Nations and personnel at #FIFA, the world soccer body. By 2012, the program would be known among its #American operatives by a codename: #Project #Raven.

Reuters reports this year revealed how a group of former National Security Agency operatives and other elite American intelligence veterans helped the UAE spy on a wide range of targets through the previously undisclosed program — from terrorists to human rights activists, journalists and dissidents.

Now, an examination of the origins of DREAD, reported here for the first time, shows how a pair of former senior White House leaders, working with ex-#NSA #spies and #Beltway contractors, played pivotal roles in building a program whose actions are now under scrutiny by federal authorities.

To chart the UAE spying mission’s evolution, #Reuters examined more than 10,000 DREAD program documents and interviewed more than a dozen contractors, intelligence operatives and former government insiders with direct knowledge of the program. The documents Reuters reviewed span nearly a decade of the DREAD program, starting in 2008, and include internal memos describing the project’s logistics, operational plans and targets.

Clarke was the first in a string of former White House and U.S. defense executives who arrived in the UAE after 9/11 to build the spying unit. Utilizing his close relationship to the country’s rulers, forged through decades of experience as a senior U.S. decision-maker, Clarke won numerous security consulting contracts in the UAE. One of them was to help build the secret spying unit in an unused airport facility in Abu Dhabi.

👉🏼 Read more:
https://www.reuters.com/investigates/special-report/usa-raven-whitehouse/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

CCC analyses Munich's state trojan FinSpy

The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.

#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft für Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to § 18 para. 2 No. 1 and § 18 para. 5 No. 1 Foreign Trade Act (AWG).

The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players

💡 The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.

💡 By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.

💡 In its report, the CCC also documents references to German-speaking developers that can be found in the source code.

"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."

https://github.com/linuzifer/FinSpy-Dokumentation

https://github.com/devio/FinSpy-Tools

👉🏼 Read more:
https://www.ccc.de/de/updates/2019/finspy

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Analyzing Analytics (Featuring: The FBI)

Recently while conducting some research, I found myself down the path of Google Analytics ID’s as well as other analytics services. I was investigating ways to not only identify varying analytics code in sites, but to correlate them with other sites that may be linked to the same owner. Please note before further reading: I make some guesses about what I find, though that’s contrary to the concept of analysis, and I am not presuming to know definitively why I am seeing what I am seeing in this specific case study. It’s all just very curious to me. Dive in and take a look for yourself!

👉🏼 Read more:
https://exploits.run/analytics-analysis-fbi/

#FBI #analytics #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

PWDB - New generation of Password Mass-Analysis

One out of every 142 passwords is '123456'

The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind.

👉🏼 PWDB - New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public

👉🏼 Read more:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/

#passwords #study #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

A Five-Year Analysis of the Darknet

The last five years have seen the evolution and adaptation of dark web marketplaces to usher in a new era of cybercrime.

The dark web has played host to a large community of users selling illegal goods and cybercriminal services for years.

The past five years has seen the paradigm shift in the manner in which darknet markets operate, with the evolution of these sites to adapt to changing buyer need, supply chain factors and emerging technologies.

An Overview:

Looking back, Silk Road was launched in the year 2011 at the first dark web marketplace. The years that followed were marked with steady growth that has since expanded. Tor, which happens to be one of the most popular anonymity tools used by darknet market users, was found to host roughly 80,000 platforms, according to a 2015 report.

Experts estimate that the dark web economy garners more than $1 trillion in annual revenues, a staggering figure that surpasses the Gross Domestic Product of several countries of the world.

Indeed, this success can be attributed to the fact that dark web marketplaces have continued to evolve and shift according to metamorphoses of the global threat landscape. The past five years have been marked by significant shifts to emergent platforms, communication channels and products, as darknet user paranoia continues to grow across the board.

In 2019 alone, analysts noted that the emergence of radical changes in the public sphere had a profound effect in the dark web underworld where fake news and propaganda services grew tremendously.

In addition, the channels of darknet communication were subjected to significant changes, along with shift in the manner in which dark web markets and forums were managed.

👀 👉🏼 (Tor-Browser)
http://tapeucwutvne7l5o.onion/a-five-year-analysis-of-the-darknet

#analysis #darknet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

What they do in the shadows - examining the far-right networks on Telegram

The present paper contributes to the research on the activities of far-right actors on social media by examining the interconnections between far-right actors and groups on Telegram platform using network analysis. The far-right network observed on Telegram is highly decentralized, similarly to the far-right networks found on other social media platforms. The network is divided mostly along the ideological and national lines, with the communities related to 4chan imageboard and Donald Trump’s supporters being the most influential.

The analysis of the network evolution shows that the start of its explosive growth coincides in time with the mass bans of the far-right actors on mainstream social media platforms. The observed patterns of network evolution suggest that the simultaneous migration of these actors to Telegram has allowed them to swiftly recreate their connections and gain prominence in the network thus casting doubt on the effectiveness of deplatforming for curbing the influence of far-right and other extremist actors.

👀 👉🏼 https://www.tandfonline.com/doi/full/10.1080/1369118X.2020.1803946

#telegram #tg #shadow #interconnections #research #analysis #extremist #4chan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

So, these asses have been scraping telegram searching for users and groups and building a whole goddamn database containing thousands of records of people talking/connecting/being in groups (which goes against telegram's main premise).

They even admit that governments use them... Which is also something Durov doesn't approve of.

And they cannot even sanitize their input.

👀 👉🏼 https://t.me/BlackBox_Archiv/1166

#telegram #tg #durov #shadow #interconnections #research #analysis #gov #extremist #4chan #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Digital #forensics #analysis of #Ubuntu #Touch on #Pinephone

Injections & blood #analysis under microscope presented by independent researchers, lawyers & a doctor

#dr

Injections & blood #analysis under microscope presented by independent researchers, lawyers & a doctor

#dr

It is a human right, and global law governed under the Nuremberg Code, that vaccine specific ingredient information is disclosed. It is critical, required and necessary information so anyone, from any country in the world, can make an informed decision whether or not to consent to medical intervention. Because the full list of ingredients of the Covid “vaccines” have not been made available, Dr. Robert Young and his team conducted research to identify the specific ingredients in the Pfizer, Moderna, AstraZeneca and Johnson & Johnson Covid injections. On 20 August, they published their findings.

https://dailyexpose.co.uk/2021/08/30/american-scientists-confirm-toxic-graphene-oxide-and-more-in-covid-injections/

#dr #robert #young #analysis

BLOOD TESTING AFTER KILL SHOT, BLOOD CLOTTING? - #BLOODTESTCHALLENGE

https://odysee.com/@TimTruth:b/blood-test-challenge:5

https://www.bitchute.com/video/WzP8YzsPYg0B/


#dr #blood #timtruth #analysis

“There is no organ that is not affected."
https://rumble.com/vmyk1t-deadly-covid-vaccines-reported-by-german-scientists.html

”On September 20, 2021, a conference was held at the Pathological Institute in Reutlingen, Germany, where the results of autopsies of 40 people who received the Covid-19 vaccine were presented. It is concluded that at least 30% of the causes of death were the result of fatal vaccine injuries. The more likely figure is 40%, according to the research team.”

“Tissue analyzes were performed by pathologists Professor Arne Burkhardt and Professor Walter Lang . The results are confirmed by Professor Peter Schirmacher that more than a third of 40 people died due to fatal vaccine injuries. All examined persons had died within 2 weeks after vaccination.”

“The vaccines contain undeclared metal-like components. The suspected substance is graphene oxide.”
https://newsvoice.se/2021/09/fatala-vaccinskador-obduktioner/

#analysis #autopsy

A microscopy analysis of a Pfizer-BioNTech injection sample.
The analysis was performed with bright field and phase contrast microscopy and applying rigorous scientific and hygiene standards.
Two samples were analyzed from the same vial.
These are the results:

https://threadreaderapp.com/thread/1444639912880443396.html

https://twitter.com/drjohnb2/status/1444639912880443396

#analysis

CV-19 VACCINE VIALS OR VACCINATED PATIENTS BLOOD UNDER MICROSCOPE

http://vaccinesandmicroscopes.mydiscussion.net/

Or

https://vaccinesandmicroscopes.wordpress.com/

#analysis #blood

HEALTHCARE INSIDER ALLEGES BLOOD LAB RESULTS LOOKING 'VERY BAD' FOR THEIR VACCINATED PATIENTS (09-Oct-2021)
"I work in healthcare and I want to bring something to your attention. If you have received the shot, I want to suggest going to your physician and having a complete blood count test done and a platelet test done and any other blood paneling that your doctor can order for you (d-dimer). All the patients that we have admitted right now, have received the jab and their labs are very bad. All of them. We have 1 or 2 patients and don't get very many with C19. The majority of them are fully jabbed. Our ICU is fully jabbed. Not with C19, but with other issues that they've never had before. Go to your doctor and get these labs done if you don't believe me. Good Luck. Stay safe."

See photos of rouleaux in next post. Jump to the 2:30 mark

#blood #analysis

DR. ZANDRE BOTHA REVEALS HER FINDINGS COMPARING UNVACCINATED VS VACCINATED PATIENT BLOOD, AND COVID VACCINE VIAL CONTENTS USING MICROSCOPY
1:36 - Normal, healthy blood of patient prior to vaccination
2:30 - Same patient post vaccine, blood shows very severe stacked rouleaux.
3:26 - Other vaccinated patients also had foreign objects/structures and their blood was deformed
5:31 - Vial examination showed similar objects, including
6:19 - Magnetic self-assembling discs ( microbubble)
7:15 - Video of self assembly/movement
8:45 - When the micro disc's dry they open and deliver a "mystery payload" that looks like a lattice or web structure
11:29 - Patient symptoms

https://www.bitchute.com/video/F6GzY383zklU/

#blood #analysis