@madaidan says this article is FUD and g

Firstly, macOS sends a cryptographic hash of each program only upon the first launch of the program. Hashes are meant to be irreversible. Apple are not running correlation attacks on every single possible binary that could ever be made.

Furthermore, this feature is not nefarious - it is part of macOS' notarization process and is used to vet applications for malware. It has existed and been documented for a long time.

https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution

Moreover, if you still dislike this feature, it can be disabled if you so wish.

And finally, the majority of the article makes no sense at all such as the OCSP remarks. OCSP is a protocol used to check the revocation status of TLS certificates - it has absolutely nothing to do with this. OCSP is not specific to macOS either. It is used everywhere for security purposes (although the supposed advantages of most implementations are dubious at best considering they usually soft fail but I digress).

https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

TLDR: that article is just plain FUD.


Edit

Even this isn't completely correct. It's more benign than I originally thought.

This is a great analysis of the feature
https://blog.jacopo.io/en/post/apple-ocsp

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

Ad giant sued after mobile allowances eaten by hidden transfers

Google on Thursday was sued for allegedly stealing Android users' cellular data allowances though unapproved, undisclosed transmissions to the web giant's servers.

The lawsuit, Taylor et al v. Google [PDF], was filed in a US federal district court in San Jose on behalf of four plaintiffs based in Illinois, Iowa, and Wisconsin in the hope the case will be certified by a judge as a class action.

The complaint contends that Google is using Android users' limited cellular data allowances without permission to transmit information about those individuals that's unrelated to their use of Google services.

https://www.theregister.com/2020/11/14/google_android_data_allowance/

#DeleteGoogle
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Switzerland: Draft anti-terrorism law sets ‘dangerous precedent’, rights experts warn

A proposed new anti-terrorism law in Switzerland could set a dangerous precedent for the suppression of political dissent worldwide, a group of five independent UN human rights experts warned on Friday.

The draft legislation, currently before the Swiss Parliament, expands the definition of terrorism and no longer requires the prospect of any crime at all, they said, in a plea for a last-minute reversal by legislators.

👀 👉🏼 https://news.un.org/en/story/2020/09/1072192

#switzerland #antiterrorism #law #humanrights #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoola

APT1- Exposing One of China’s Cyber Espionage Units

👀 👉🏼 (PDF)
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf

#apt1 #china #cyber #espionage #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoola

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

Ad giant sued after mobile allowances eaten by hidden transfers

Google on Thursday was sued for allegedly stealing Android users' cellular data allowances through unapproved, undisclosed transmissions to the web giant's servers.

The lawsuit, Taylor et al v. Google [PDF], was filed in a US federal district court in San Jose on behalf of four plaintiffs based in Illinois, Iowa, and Wisconsin in the hope the case will be certified by a judge as a class action.

The complaint contends that Google is using Android users' limited cellular data allowances without permission to transmit information about those individuals that's unrelated to their use of Google services.

https://www.theregister.com/2020/11/14/google_android_data_allowance/

PDF - HERE

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Apple apps on Big Sur bypass firewalls and VPNs — this is terrible

Don't worry though, Apple really, really, really cares about your privacy

For all of Apple’s talk of being privacy-first, often its marketing speak doesn’t match up with what it’s actually doing. And the latest example? Well, it’s Apple apps on Big Sur bypassing firewalls and VPNs.

I don’t need to tell you just how worrying this is.

👀 👉🏼 https://thenextweb.com/plugged/2020/11/16/apple-apps-on-big-sur-bypass-firewalls-vpns-analysis-macos/

#apple #apps #privacy #bypass #firewall #vpn #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Youtube-dl is back again - repository has been restored on GitHub

👀 👉🏼 https://github.com/ytdl-org/youtube-dl

#youtubedl #copyright #RIAA #takedown #github
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How the U.S. Military Buys Location Data from Ordinary Apps

A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.

The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom.

Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.

https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x


#US #military #intelligence #privacy #location #why

Popular Pirate Sites ‘Disappear’ From DuckDuckGo’s Top Search Results

https://torrentfreak.com/popular-pirate-sites-disappear-from-duckduckgos-top-search-results-201112


#torrent #ddg #duckduckgo #piracy

What If Cambridge Analytica Owned Its Own Social Network? CA Backer Rebekah Mercer Admits She's A Co-Founder Of Parler

https://www.techdirt.com/articles/20201116/01141545710/what-if-cambridge-analytica-owned-own-social-network-ca-backer-rebekah-mercer-admits-shes-co-founder-parler.shtml


#parler #fb #alternatives #ca #Cambridge #analytica

Chinese Capitalist Party bails out Huawei Honor brand

https://www.msn.com/en-xl/news/other/huawei-sells-honor-brand-to-state-backed-group/ar-BB1b5ds9


#huawei #honor #china #gov

Etebase - An open-source and end-to-end encrypted SDK and backend

Hey everyone, I'm Tom, the lead developer of [Etebase](https://www.etebase.com) and [EteSync](https://www.etesync.com).

The idea behind Etebase is to make it easy for developers to build encrypted applications, and enable more privacy-first and encrypted applications to be built.

It's fully open-source and it's what powers EteSync 2.0, and its integrations with GNOME, KDE and the likes. There are libraries available for Rust, JavaScript/TypeScript, Java, Python and C/C++ with more languages coming.

My hope is to never use non-encrypted applications ever again, and I believe Etebase can help us get there. Let's end-to-end encrypt everything!

If you know of projects that could benefit from Etebase, please let us (and them) know! If you have any thoughts, feedback or suggestions? Please join the discussion below. I'll be here answering questions.


Website: https://www.etebase.com

Docs: https://docs.etebase.com

Source code: https://www.etebase.com/#open-source

https://redd.it/jvtudc
@r_privacy

#etebase #encryption #build #dev

What Happens When A Freerunner Loses His Phone?

Free runner Jason Paul chases ‘lost’ phone through Germany’s Hamburg

The video show how Paul, manoeuvres through the port city’s land, waterways and architecture using parkour, a training discipline developed from military obstacle course training.

📺 👉🏼 https://youtu.be/cdCdtfjm3g8

👀 👉🏼 https://indianexpress.com/article/trending/trending-globally/free-runner-jason-paul-phone-chase-germany-hamburg-7054570/

#justforfun #freerunner #hamburg #germany #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Facebook touts free speech. In Vietnam, it’s aiding in censorship

For months, Bui Van Thuan, a chemistry teacher turned crusading blogger in Vietnam, published one scathing Facebook post after another on a land dispute between villagers and the communist government.

In a country with no independent media, Facebook provides the only platform where Vietnamese can read about contentious topics such as Dong Tam, a village outside Hanoi where residents were fighting authorities’ plans to seize farmland to build a factory.

Believing a confrontation was inevitable, the 40-year-old Thuan condemned the country’s leaders in a Jan. 7 post. “Your crimes will be engraved on my mind,” he wrote. “I know you — the land robbers — will do everything, however cruel it is, to grab the people’s land.”

Facebook blocked his account the next day at the government’s insistence, preventing 60 million Vietnamese users from seeing his posts.

One day later, as Thuan had warned, police stormed Dong Tam with tear gas and grenades. A village leader and three officers were killed.

https://www.latimes.com/world-nation/story/2020-10-22/facebook-censorship-suppress-dissent-vietnam

#Asia #Vietnam #facebook #censorship

iOS uses tracking codes without the users' consent

Third-party providers can track users across different iPhone apps using unique IDs without their consent. noyd has filed two complaints against Apple.

The Austrian NGO noyb ("none of your business") has filed a complaint against Apple for accusations of illegal data collection in Germany and Spain. According to the initiative around data protection activist Max Schrems, the Group uses an identification system comparable to cookies without obtaining the necessary consent from users:inside.

The complaint concerns the so-called Identifier for Advertisers (IDFA) - a unique ID that Apple generates for each iPhone. Third parties can use this ID to track end users through various apps, for example to track purchasing behavior.

The installation or reading of tracking codes should only be possible with the consent of the users, but most of them are unaware of IDFA. The fact that, strictly speaking, these are not cookies is no argument for noyb lawyer Stefano Rossetti: "This very simple rule applies regardless of the tracking technology used. While Apple even plans to block cookies in their browser, they themselves place similar codes in their cell phones without any user consent. This is a clear violation of EU data protection laws".

👀 👉🏼 Translated with DeepL
https://netzpolitik.org/2020/ios-nutzt-tracking-codes-ohne-einwilligung-der-nutzerinnen/

👀 👉🏼 COMPLAINT (PDF)
https://noyb.eu/sites/default/files/2020-11/IDFA_Germany_DEF_Redacted.pdf

#ios #tracking #ngo #noyb #IDFA #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

New program reduces App Store commission to 15 percent for small businesses earning up to $1 million per year

https://www.apple.com/newsroom/2020/11/apple-announces-app-store-small-business-program/
Comments: https://news.ycombinator.com/item?id=25135410

https://www.theverge.com/2020/11/18/21572302/apple-app-store-small-business-program-commission-cut-15-percent-reduction
Comments :https://news.ycombinator.com/item?id=25135462

Apple's 15% Deflection Tactic
https://www.johnluxford.com/blog/apples-15-percent-deflection-tactic
Comments: https://news.ycombinator.com/item?id=25143303


#apple #appstore #store #15% #extortion

Openstreetmap is having a moment – the billion dollar dataset next door

https://joemorrison.medium.com/openstreetmap-is-having-a-moment-dcc7eef1bb01

Comments
https://news.ycombinator.com/item?id=25137235


#osm #openstreetmaps #maps

Egregor ransomware shoots ransom notes out of victims' printers

The Egregor ransomware uses a novel approach to get a victim's attention after an attack - shoot ransom notes from all available printers. [...]

https://www.bleepingcomputer.com/news/security/egregor-ransomware-bombards-victims-printers-with-ransom-notes/


#egregor #printer #ramsomware

NewPipe 0.20.3 improves YouTube video loading speed and adds a new two-finger swipe gesture

https://www.xda-developers.com/newpipe-0-20-3-improves-youtube-video-loading-speed-adds-two-finger-swipe-gesture/

#np #newpipe

A Court Ruling in Austria Could Censor the Internet Worldwide

A little more than a year ago, I wrote with concern about the risk that a single EU court within single EU member state would become the censor for the world. That fear has now become reality. In a ruling Thursday, the Austrian Supreme Court ordered, pursuant to local defamation rules, that Facebook remove a post insulting a former Green Party leader, keep equivalent posts off its site, and do so on a global scale.

The case started with an April 2016 Facebook post, in which a user shared an article featuring a photo of Eva Glawischnig-Piesczek, then-chair of Austria’s Green Party, along with commentary labeling her a “lousy traitor,” “corrupt oaf,” and member of a “fascist party,” apparently in response to her immigration policies. This is core, protected speech in the United States. But it was deemed defamation under Austrian law. And in a series of rulings, Austrian courts ordered that Facebook take down and keep off any such post, and do so around the world.

Facebook complied, but only in part. Employing what is known as geoblocking, it made the particular post that had been identified inaccessible to users within Austria. But it objected both to the global reach of the order and to the obligation to look for and keep other, equivalent posts off their site. And it argued that the order violated the applicable EU’s e-Commerce Directive, which prohibits EU member states from imposing general monitoring obligations on tech companies like Facebook.

https://outline.com/HhzqhP

original article : https://slate.com/technology/2020/11/austria-facebook-eva-glawischnig-piesczek-censorship.html

#Europe #Austria #facebook #censorship

Europol Innovation Laboratory

While end-to-end encryption is to be generally weakened, Europol is developing new applications for secure communication for the police. Some of the measures are part of the "European Police Partnership" proclaimed by the German EU Council Presidency. These include the "WhatsApp for law enforcement officers" project.

👀 👉🏼 (PDF)
https://www.statewatch.org/media/1474/eu-council-europol-innovation-lab-update-12859-20.pdf

#europol #bka #encryption #whatsapp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag