Airbnb’s Chinese data policies reportedly cost it an executive

Chief trust officer Sean Joyce left in 2019 — reportedly over data sharing with China

Airbnb’s chief trust officer Sean Joyce left the company after just six months in 2019 because the former FBI deputy director took issue with the company’s data sharing practices in China, according to a report in The Wall Street Journal.

For years, Airbnb has disclosed that it shares information such as phone numbers and email addresses with the Chinese government when a user books a rental in China. That happens whether the user is a Chinese citizen or a foreign visitor — a policy that’s required from all hospitality businesses operating in the country. Joyce, who Airbnb hired in May 2019 to protect the platform’s users, was concerned with Airbnb’s willingness to share data. Joyce also objected to the scope of the data shared, such as messages sent between guests and hosts, The Wall Street Journal reports. He feared it could allow the Chinese government to track foreign visitors and its own citizens.

https://www.theverge.com/2020/11/20/21585500/airbnb-trust-officer-resignation-privacy-concerns-china-data-sharing

#airbnb #china #data #sharing #privacy

Designed to Deceive: Do These People Look Real to You?

These people may look familiar, like ones you’ve seen on Facebook or Twitter.

Or people whose product reviews you’ve read on Amazon, or dating profiles you’ve seen on Tinder.

They look stunningly real at first glance.

But they do not exist.

They were born from the mind of a computer.

And the technology that makes them is improving at a startling pace.

There are now businesses that sell fake people. On the website Generated.Photos, you can buy a “unique, worry-free” fake person for $2.99, or 1,000 people for $1,000. If you just need a couple of fake people — for characters in a video game, or to make your company website appear more diverse — you can get their photos for free on ThisPersonDoesNotExist.com. Adjust their likeness as needed; make them old or young or the ethnicity of your choosing. If you want your fake person animated, a company called Rosebud.AI can do that and can even make them talk.

These simulated people are starting to show up around the internet, used as masks by real people with nefarious intent: spies who don an attractive face in an effort to infiltrate the intelligence community; right-wing propagandists who hide behind fake profiles, photo and all; online harassers who troll their targets with a friendly visage.

https://www.nytimes.com/interactive/2020/11/21/science/artificial-intelligence-fake-people-faces.html

#AI #deepfake

Nipe - An engine to make Tor Network your default gateway

Summary

The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence agencies, hacking groups, criminal activities and even ordinary users who care about their privacy in the digital world.

Nipe is an engine, developed in Perl, that aims on making the Tor network your default network gateway. Nipe can route the traffic from your machine to the Internet through Tor network, so you can surf the Internet having a more formidable stance on privacy and anonymity in cyberspace.

👀 👉🏼 Download and install:
https://github.com/htrgouvea/nipe#download-and-install

#nipe #tor #routing #privacy #anonymity #tool
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Don’t be duped by performance, Apple’s M1 silicon is all about platform control

With the dust settling on Apple’s first Arm-based Macs and new M1 chip announcements, it’s time to take stock of what this means for one of the industry’s biggest computing ecosystems. The transition to Arm CPUs is a major shift that will be felt across the industry in the coming years. The energy efficiency benefits for consumers are obviously great, but the change is likely to be a headache for software developers who need to go back and rebuild their apps.

While Apple looks to have produced some very powerful silicon based on initial reviews and testing from the tech-sphere, the need for emulation means we should take its performance claims with a pinch of salt. After all, software emulation takes a toll on both performance and power consumption. We’ll be putting the chip and one of Apple’s new laptops through their paces very soon to find out for sure.

However, what we can say is that this transition is already proving to be a pretext for greater ecosystem control.

👀 👉🏼 https://www.androidauthority.com/apple-m1-chip-platform-control-1178210/

#apple #platform #control #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Guelph police have tool to unlock iPhones and copy contents, with no policy on when or how to use it

The Guelph Police Service has a device that can unlock iPhones and copy their contents, and no policy on when or how it should be used – something that privacy experts said raises alarm bells.

According to a letter responding to a request made by the Mercury Tribune under the Municipal Freedom of Information and Protection of Privacy Act, the Guelph Police Service (GPS) confirmed that it owns what is called a GrayKey, a tool developed by Atlanta-based tech company Grayshift.

The GrayKey, according to Grayshift’s website, can unlock iPhones and “extracts encrypted or inaccessible data” from said device.

The letter from GPS adds that there is no internal policy or procedural documents about the device, and no directives have been issued by police leadership on its use. As well, the letter notes that the GrayKey “is used only by our technological crimes detectives.”

👀 👉🏼 https://www.guelphmercury.com/news-story/10272853-guelph-police-have-tool-to-unlock-iphones-and-copy-contents-with-no-policy-on-when-or-how-to-use-it/

#apple #guelph #canada #police #unlock #iphones #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

ZeroSSL Introducing another free CA as an alternative to Let's Encrypt

https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/


#ca #certs #certificate #letsencrypt

Walmart router, others on Amazon, eBay have hidden backdoors to control devices
Article, Comments

#router #walmart #backdoor #china

microG v0.2.14.204115 released!

- Includes fixes and improvements for Exposure Notifications API
- Also fixes a lot of issues with other apps.

If you are using microG Exposure Notifications API, please update ASAP as you might be missing out exposure warnings.

See details at https://github.com/microg/GmsCore/releases/tag/v0.2.14.204215
Download via F-Droid repository or https://microg.org/download.html


#microg #official #update

Whatsapp corporation can read your messages

Since it introduced end-to-end encryption, WhatsApp bragged that it couldn't read the content of chats. However, in its latest version - already available for some users - it has incorporated a function that allows the application to access your latest messages exchanged with another user (or the latest messages from a group) if you have been reported to the app.

https://wabetainfo.com/whatsapp-beta-for-android-2-20-206-3-whats-new


#WhatsApp

Edward Snowden on the Dangers of Silicon Valley Censorship - System Update with Glenn Greenwald

📺 👉🏼 https://www.youtube.com/watch?v=5qEuKCS-czU

#snowden #siliconvalley #censorship #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Baidu's Android apps caught collecting sensitive user details

Data collection issue identified in Baidu Maps and Baidu Search Box apps. Both apps were removed from the Play Store in October 2020 after a Google investigation, with Baidu Search Box making a comeback last week.

Two Android applications belonging to Chinese tech giant Baidu have been removed from the official Google Play Store at the end of October.

The two apps —Baidu Maps and Baidu Search Box— were removed after Google received a report from US cyber-security firm Palo Alto Networks claiming that the two apps contained code that collected information about users.

According to Palo Alto Networks, the data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps.

https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/

#baidu #data #collection #privacy

Alexa, Disarm the Victim's Home Security System.

Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.

It's still a mystery to researchers at the University of Michigan and The University of Electro-Communications (Tokyo) – just what physically enabled them to inject commands into the embedded microphones of Amazon Alexa, Google Home, and other digital voice assistant devices via laser pointers.

The team in 2019 used light to remotely control Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri by exploiting a vulnerability in their so-called MEMS microphones. They used the light beams to inject invisible and inaudible commands to the digital voice assistants as well as voice-controlled smartphones and tablets – through glass windows as far away as 110 meters (120 yards)

https://www.darkreading.com/risk/alexa-disarm-the-victims-home-security-system-/d/d-id/1339532

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

People Can't Vacuum Or Use Their Doorbell Because Amazon's Cloud Servers Are Down

via www.gizmodo.com.au


#amazon #aws #down #vacuum #doorbell

Investigating Chinese Intelligence Firm Zhenhua Data

CCP is collecting massive amounts of data from social media including Twitter, LinkedIn, Facebook, TikTok, VK, Instagram etc. They also monitor a wide range of media outlets, news websites, news aggregators such as Reddit, etc.

Stories of Chinese Intelligence Firms leveraging Big Data Analysis, Social Media Platforms, LinkedIn, Mobile Devices, SIGINT, etc are all over the internet. However the recent stories about the Zhenhua Data Leak in the Indian Express caught our attention and we decided to leverage our ShadowMap platform to get some more insight on the Zhenhua Data operation.

After spending several days deep into this rabbit hole of vague corporations, a wide range of collection systems, some really interesting correlation use-cases – we’ve been able to put together a fairly comprehensive image of the Zhenhua Data operation.

While on the surface Zhenhua Data seems to be “just another” firm capturing, processing and selling publicly available information, the story changes rapidly once you look beyond the surface.

Zhenhua Data & Affiliates

According to the Zhenhua Data website (which has been taken offline, but is still accessible via ShadowMap) – “Zhenhua Data focuses on integrating overseas data and information to provide services for domestic institutions”. In-addition to Shenzhen Zhenhua Data Information Technology Co., Ltd. (china-revival.com) that has already received wide-spread coverage, we also found the involvement of Weiju (aggso.com) & SocialDataMax (socialdatamax.com).

Weiju, started out as a “location-based, instant messaging application that enables users to chat with nearby strangers.”, however the last update on its website (in 2015) mentions “Public opinion monitoring and early warning”, “Communication analysis statistics”, etc.

There are also several mentions of the underlying platforms being developed by “Beijing Juwei Hezhi Information Technology Co., Ltd.”, which has a very limited public presence but is listed online as “Juwei Hezhi is a company that analyzes social media big data”.

https://outline.com/MpwBFt

original article : https://shadowmap.com/security-research/investigating-chinese-intelligence-firm-zhenhua-data/

#Asia #China #intelligence

EU anti-terrorism commissioner warns against video games and pleads for backdoors

According to Gilles de Keroche, terrorists use video games for attack preparation and communication. Platform operators should therefore hand over the plain text of encrypted messages to law enforcement agencies.

In an interview with the news agency AFP, the EU anti-terrorism commissioner demands stronger regulation of computer games. Terrorists could use them to prepare attacks and as a means of communication. Combat games are suitable for testing attack scenarios.

The Belgian emphasizes that extremists already abuse video games for propaganda purposes. Right-wing extremists in Germany in particular have developed titles in which one could shoot at Arabs, the Jewish billionaire George Soros or the German Chancellor. In addition, the politician points out the danger of money laundering via game currencies. The games sector is not problematic as a whole, he said, but from the point of view of counter-terrorism there is too little regulation.

👀 👉🏼 Translated with DeepL:
https://t3n.de/news/anti-terrorbeauftragter-eu-computerspiele-videospiele-warnung-anschlaege-hintertueren-verschluesselung-1341260

#eu #antiterrorism #videogames #encryption #backdoors #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Windows 10 PCs will directly install and run Android apps from 2021, claims report

The report claims these apps will be brought to Windows 10 OS through the Microsoft Store.

https://www.indiatoday.in/technology/news/story/windows-10-pcs-will-directly-install-and-run-android-apps-from-2021-claims-report-1744347-2020-11-26

https://www.gizchina.com/2020/11/26/windows-10-to-receive-support-for-android-apps-next-year


#windows #android #apps

#SKTelecom #NUGU Smart Assistant iOS App

Full sources, including full git history, for the NUGU iOS App.

NUGU is basically a fully featured voice assistant similar to Google Assistant or Siri.

https://git.rip/exconfidential/sk-telecom/nugu-ios

Microsoft's new 'Productivity Score' lets your boss track how much you use email, Teams, and even whether you turn your camera on during meetings

Microsoft has a new tool that lets companies break down how much time employees are spending on work tools like email, Microsoft Teams, and Word — and privacy experts say it amounts to "workplace surveillance."

The tool, called Productivity Score, was first announced by the company in October and launched on November 17. It allows employers to gather granular data about how their employees are using Microsoft's suite of tools.

The system then assigns an organization a "productivity score" out of 800 over a 28-day period, which they can compare to scores from other companies in their industry.

https://www.businessinsider.com/microsofts-productivity-score-tool-invades-employee-privacy-2020-11

#microsoft #surveillance #privacy

You've Got Spam: With this tool you send back your spam mails

You get unwanted emails every day, no matter how often you unsubscribe from mailing lists? With this tool, e-mail revenge is yours.

💡 👉🏼 https://youvegotspam.mschfmag.com

#youvegotspam #email #spam #tool #gmail
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Crypto Wars: Green light for contested EU declaration on decryption

Diplomats have approved the EU Council resolution on encryption drafted by the German government. IT companies should help with decryption.

🇬🇧 EU: Council set to adopt declaration against encryption
https://www.statewatch.org/news/2020/november/eu-council-set-to-adopt-declaration-against-encryption/

👀 👉🏼 🇩🇪 https://data.consilium.europa.eu/doc/document/ST-13245-2020-INIT/de/pdf

#eu #encryption #declaration #cryptowars #netpolitics #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag