Internet history can be used for “reidentification” finds study by Mozilla

A recent research paper has reaffirmed that our internet history can be reliably used to identify us. The research was conducted by Sarah Bird, Ilana Segall, and Martin Lopatka from Mozilla and is titled: Replication: Why We Still Can’t Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. The paper was released at the Symposium on Usable Privacy and Security and is a continuation of a 2012 paper that highlighted the same reidentifiability problem.

‼️ Just your internet history can be used to reidentify you on the internet ‼️

Using data from 52,000 consenting Firefox users, the researchers were able to identify 48,919 distinct browsing profiles which had 99% uniqueness.

This is especially concerning because internet history is routinely sold by your internet service provider (ISP) and mobile data provider to third party advertising and marketing firms which are demonstrably able to tie a list of sites back to an individual they already have a profile on – even if the ISP claims to be “anonymizing” the data being sold. This is a legally sanctioned activity ever since 2017 when Congress voted to get rid of broadband privacy and allow the monetization of this type of data collection.

This type of “history-based profiling” is undoubtedly being used to build ad profiles on internet users around the world. Previous studies have shown that an IP address usually stays static for about a month – which the researchers noted: “is more than enough time to build reidentifiable browsing profiles.”

👀 👉🏼 (PDF)
https://www.usenix.org/system/files/soups2020-bird.pdf

👀 👉🏼 https://www.cozyit.com/internet-history-can-be-used-for-reidentification-finds-study-by-mozilla/

#mozilla #study #research #internet #history #reidentification #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google Safebrowsing can no longer be disabled on mobile Firefox

I am reposting this because I was shadowbanned from Reddit with no reason given by their Anti-Evil Operations Team for several days which means nobody saw this even after it was restored:

[No way to disable Phishing and Malware Protection for users who are suspicious of Google and leaking browsing history to Google.](https://github.com/mozilla-mobile/fenix/issues/14163)

Relevant content on the failure of anonymization:

[How safebrowsing fails to protect privacy](https://blog.trailofbits.com/2019/10/30/how-safe-browsing-fails-to-protect-user-privacy/)

[A Privacy Analysis of Google and Yandex Safe Browsing](https://hal.inria.fr/hal-01120186v4/document)

> Our experimental analysis estimates the rate of such collisions and shows that hashing and truncation fails to prevent re-identification when a user visits small-sized domains or certain URLs of larger domains. We further materialize this in the form of an algorithm that Google and Yandex could potentially employ to track users. We conclude this work by providing an analysis of the databases of Google and Yandex (Section 7). By crawling their databases, we detect a number of “suspicious” prefixes that we call orphans. Orphans trigger communication with the servers, but no full digest corresponds to them. We also observe several URLs which have multiples prefixes included in the blacklists. These provide concrete examples of URLs and domains that can be easily tracked by Google and Yandex.

https://github.com/mozilla-mobile/fenix/issues/14163#issuecomment-680291892

> Does it have the potential of sending full URL-s to Google? Yes, it does. From the page given by you:
"Otherwise, send the binary file's metadata to the remote application reputation server (browser.safebrowsing.downloads.remote.url) and block the download if the server indicates that the file isn't safe."
with the link on "metadata" leading to parts of code where there is setting in request properties of origin URL. If I read code correctly - https://dxr.mozilla.org/mozilla-central/source/toolkit/components/reputationservice/ApplicationReputation.cpp#1306 - it is stripped from query params, but full hostname + path ARE included in this case.

https://forum.f-droid.org/t/google-safebrowsing-can-no-longer-be-disabled-on-mobile-firefox/11224

https://redd.it/j5i8h1
@r_privacy

#ff #firefox #Google

Stop the EARN IT Bill Before It Breaks Encryption

The House and Senate are both pushing forward with the so-called “EARN IT” Act, a bill that will undermine encryption and free speech online. Attorney General William Barr and the DOJ have demanded for years that messaging services give the government special access to users’ private messages. If EARN IT passes, Barr will likely get his wish—law enforcement agencies will be able to scan every message sent online.

💡 The EARN IT Act (S. 3398) is anti-speech, anti-security, and unnecessary. It could come to the Senate floor this month—we need to tell Congress to reject this dangerous proposal.

👀 👉🏼 https://act.eff.org/action/stop-the-earn-it-bill-before-it-breaks-encryption-a7904e20-2083-4d5e-88ae-44ee5fef7a5d

#eff #earnit #bill #encryption #freespeech #usa #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The European Court Just Ruled That Bulk Data Retention Schemes Are Illegal

via www.vice.com

#eu #data #retention

EuGH allows data retention - but only in case of emergency

The judges ruled that in the event of an acute threat to "public security", mass data on telephone calls and Internet visits could be collected in exceptional cases. This should please security politicians.

With its ruling on Tuesday, the ECJ softened the ban on data retention. If national security was threatened, and it was "actual, present and foreseeable", providers could be obliged by law to collect the data and keep it available for investigators.

https://www.sueddeutsche.de/digital/vda-vorratsdaten-eugh-1.5055872

I Am A Conspiracy Theorist

SHOW NOTES: https://www.corbettreport.com/?p=38025

If you are afraid of being called a conspiracy theorist, then those words are having their intended effect. I will not censor myself to appeal to the Normie McNormiesons of the world. Yes, sometimes I theorize about conspiracies. And guess what? So do you! Now let's discuss some evidence, shall we?

https://www.youtube.com/watch?v=h-p5mQmmf9M


#conspiracy #theory

Edward Snowden - How Your Cell Phone Spies on You

https://www.youtube.com/watch?v=VFns39RXPrU

#snowden #phone

Warning about using graphics from Clipartstation.com ‼️

Robert Kneschke charges 450 EUR for a children's drawing

One of our most active users, voluntarily maintains a homepage for a small elementary school. In the course of this he downloaded a children's drawing from clipartstation.com for a vacation article. The site advertises that all kinds of graphics can be used free of charge, so the user thought he had fulfilled his obligations to check the copyright. But the graphic is in truth by Robert Kneschke.

The problem is that the site does not have an imprint. The English language links about privacy and copyright also lead to empty pages. Cloudflare protects the location of the web servers from being discovered. And also the Whois query of the domain Clipartstation.com does not reveal any useful information, not surprisingly. Since everything is anonymous, thanks to GoDaddy, one must unfortunately assume that the operators do not usually take it so closely with copyright law. Whoever uses graphics from there should be prepared for possible disciplinary warnings!

👀 👉🏼 Translated with DeepL:
https://tarnkappe.info/robert-kneschke-verlangt-450-eur-fuer-eine-kinderzeichnung/

#warning #alert #fraud #kneschke #clipartstation #copyright
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Awful AI

Awful AI is a curated list to track current scary usages of AI - hoping to raise awareness to its misuses in society

Artificial intelligence in its current state is unfair, easily susceptible to attacks and notoriously difficult to control. Often, AI systems and predictions amplify existing systematic biases even when the data is balanced. Nevertheless, more and more concerning the uses of AI technology are appearing in the wild. This list aims to track all of them. We hope that Awful AI can be a platform to spur discussion for the development of possible preventive technology (to fight back!).

➡️ Discrimination

➡️ Influencing, disinformation, and fakes

➡️ Surveillance

➡️ Social credit systems

➡️ Misleading platforms, and scams

➡️ Autonomous weapon systems and military

➡️ Awful research

👀 👉🏼 https://github.com/daviddao/awful-ai

#awful #ai #answers #guide #tool #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The #Epic @fedilab @k9mail cases have reinforced our strong stance that we must control the distribution channels of #FLOSS and no longer depend on the #PlayStore

A major threat to the adoption of an alternative is that users expect updates to be automatic but #Google made that possible only for the #PlayStore

Code Lutin will invest on @fdroidorg to make software update possible on non-rooted #Android devices thus, allowing people to adopt #FreeSoftware

#MécénatCodeLutin #DeleteGoogle #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Orders from the Top: The EU’s Timetable for Dismantling End-to-End Encryption

https://www.eff.org/deeplinks/2020/10/orders-top-eus-timetable-dismantling-end-end-encryption


#eu #e2e #encryption #eff

Leaked: Confidential Amazon memo reveals new software to track unions

The new tool would also track other non-union threats to the company, like crime and weather.

Amazon has long opposed the idea of its warehouse employees forming a union, though much of its anti-union strategies have stayed under wraps. But a confidential Amazon internal memo viewed by Recode reveals how the company is making significant investments in technology to track and counter the threat of unionization.

The 11-page document, dated February 2020, describes Amazon’s plans to spend hundreds of thousands of dollars to better analyze and visualize data on unions around the globe, alongside other non-union “threats” to the company related to factors like crime and weather. Out of 40 or so data points listed in the memo, around half of them were union-related or related to employee issues, like mandatory overtime and safety incidents. The memo requested staffing and funds to purchase software that would specifically help consolidate and visually map data from three different Amazon groups, led by employee relations (which is part of human resources), along with Amazon’s Global Intelligence Unit and Global Intelligence Program.

The new technology system — called the geoSPatial Operating Console, or SPOC — would help the company analyze and visualize at least around 40 different data sets, the memo says. Among them are many related to unions, including “Whole Foods Market Activism/Unionization Efforts,” “union grant money flow patterns,” “and “Presence of Local Union Chapters and Alt Labor Groups.” Additionally, one of the potential use cases for the tool is described in the memo as “The Union Relationship Map,” though no other details are provided.

The memo offers evidence of how Amazon is dedicating significant time and resources to reduce the likelihood of unionization among its front-line workforce, which totaled nearly 1.4 million people across Amazon and Whole Foods from March through September 19, counting every employee who worked for the companies for any period of time.

👀 👉🏼 https://www.vox.com/recode/2020/10/6/21502639/amazon-union-busting-tracking-memo-spoc

#amazon #DeleteAmazon #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Take Control Of Your Privacy

Exercising privacy rights more simply is critical to making online privacy accessible to all.

You might have noticed “Do Not Sell” and “Object To Processing” links around the web from companies complying with privacy regulations. Rather than having to click on each of these links individually across many websites, you can exercise your rights in one step via the “Global Privacy Control” (GPC) signal, which is required under the California Consumer Protection Act (CCPA) and Europe’s Global Data Protection Regulation (GDPR).

💡 👉🏼 Get your privacy rights under control:
https://globalprivacycontrol.org/#download

👀 👉🏼 https://globalprivacycontrol.org/

💡 👉🏼 Read as well 👈🏼 💡
https://spreadprivacy.com/announcing-global-privacy-control/

#privacy #control #tool #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Amazon Allegedly Forced Pregnant People to Risk Miscarriages or Lose Their Jobs

Four workers at an Oklahoma City Amazon fulfillment center report that the company routinely takes months to honor doctor’s orders for lighter assignments for pregnant people, putting employees in the position of either risking miscarriage or taking unpaid leave and facing the prospect of being fired.

A pregnant Amazon worker at the Oklahoma facility named Michelle Posey told Vice that in June, she presented her managers at Amazon a “modified duty” letter from her doctor advising that she not lift weights greater than 15 pounds. The company responded that due to covid, there were no available positions to accommodate the request. After a supervisor allegedly told her “If you can’t do your job, why don’t you leave?,” Posey says she took an unpaid leave of absence during which someone who worked for Amazon contacted her and instructed her to ask her gynecologist to “lift the restrictions.” When the doctor did not, Posey says she couldn’t work until September, five months after submitting her modified duty request, when the distribution center finally reassigned her and paid her just $500 in back wages.

Three other employees who wished to remain anonymous shared similar stories, with one pregnant worker telling Vice’s Motherboard that her doctor-ordered accommodation request for a 20-pound weight limit for pushing, pulling, and lifting along with a 10-minute break was only honored after multiple visits to the emergency room for vaginal bleeding. Another says her car was repossessed and she faced shut off notices from utility companies over unpaid bills as she took unpaid leave rather than go against doctor’s orders waiting for her request for reassignment to be approved by Amazon.

👀 👉🏼 https://jezebel.com/amazon-allegedly-forced-pregnant-people-to-risk-miscarr-1845302182

👀 👉🏼 https://www.vice.com/en/article/akzxpe/pregnant-amazon-employees-speak-out-about-nightmare-at-oklahoma-warehouse

👀 👉🏼 https://www.nolo.com/legal-encyclopedia/am-i-entitled-light-duty-i-am-pregnant.html

#DeleteAmazon #amazon #bezos #thinkabout #why #wtf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Thailand shop installs system to keep doors shut to customers not wearing masks

Twitter user Niall Harbison shared a video of the shop which has a door fitted with a machine that scans the face of the customer for a mask and also records the body temperature. The doors open only if the machine detects a mask and the customer doesn’t have a fever.

👀 👉🏼 https://indianexpress.com/article/trending/trending-globally/thailand-face-mask-detection-machine-6716001/

👀 👉🏼 https://nitter.net/NiallHarbison/status/1312668730791403520#m

#thailand #corona #facemask #detection #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

French court: Google must open payment talks with publishers.

PARIS (AP) — A French appeals court upheld an order for Google to open negotiations with French publishers over payments to use their news content.

The Paris Court of Appeal sided with France’s competition authority, which had ordered the U.S. tech company to discuss compensation with publishers and news agencies for reusing their material online.

French regulators had argued that Google must sit down for talks under a “neighboring rights” law adopted after the European Union overhauled the bloc’s copyright rules, which include allowing news companies to demand payments when search engines display snippets of their stories.

https://apnews.com/article/paris-europe-archive-france-676170fc19d38cb4d6a8885f9f839d7c

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

USA's monopolistic violent government mafia thinks that Amazon, Facebook, Apple, Google have “monopoly power,” and should be split

https://arstechnica.com/tech-policy/2020/10/house-amazon-facebook-apple-google-have-monopoly-power-should-be-split

Comments
https://news.ycombinator.com/item?id=24714206

#usa #gov #Google #apple #Facebook

Google And Oracle's Decade-Long Copyright Battle Reaches Supreme Court.

Most of the world's smartphones run on Google's Android software. But did Google play fairly when it created that software?

That question is at the heart of a case being argued in front of the U.S. Supreme Court on Wednesday. It's the culmination of a battle that started 10 years ago, when tech company Oracle first accused Google of illegally copying its code.

The code in question is about 11,000 lines, accounting for less than 0.1% of the 15 million lines that make up Android software. Google used parts of a software called Java, owned by Oracle, in those 11,000 lines — without paying any licensing fee. Now, Oracle says Google owes it nearly $9 billion in damages, given the ubiquity and success of Android.

https://www.npr.org/2020/10/07/921018204/google-and-oracles-decade-long-copyright-battle-reaches-supreme-court

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

We Hacked Apple for 3 Months: Here’s What We Found

Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.

During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.

There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact.

As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).

👀 👉🏼 https://samcurry.net/hacking-apple/

#apple #hacking #hacked #bugbounty
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Social Media Dangers — Childhood 2.0

For the first time in history, mental illness and suicide have become one of the greatest threats to school-aged children. Many parents still view dangers as primarily physical and external, but they’re missing the real danger: kids spending more time online and less time engaging in real life, free play, and autonomy. What are the effects on the next generation's mental, physical, and spiritual health? Childhood was more or less unchanged for millennia, but this is CHILDHOOD 2.0.

📺 👉🏼 https://www.youtube.com/watch?v=He3IJJhFy-I

#socialmedia #dangers #docu #childhood #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag