ProtonMail, Tutanota among authors of letter urging EU to reconsider encryption rules

Encrypted service providers are urging lawmakers to back away from a controversial plan that critics say would undercut effective data protection measures.

ProtonMail, Threema, Tresorit and Tutanota — all European companies that offer some form of encrypted services — issued a joint statement this week declaring that a resolution the European Council adopted on Dec. 14 is ill-advised. That measure calls for “security through encryption and security despite encryption,” which technologists have interpreted as a threat to end-to-end encryption. In recent months governments around the world, including the U.S., U.K., Australia, New Zealand, Canada, India and Japan, have been reigniting conversations about law enforcement officials’ interest in bypassing encryption, as they have sporadically done for years.

In a letter that will be sent to council members on Thursday, the authors write that the council’s stated goal of endorsing encryption, and the council’s argument that law enforcement authorities must rely on accessing electronic evidence “despite encryption,” contradict one another. The advancement of legislation that forces technology companies to guarantee police investigators a way to intercept user messages, for instance, repeatedly has been scrutinized by technology leaders who argue there is no way to stop such a tool from being abused.

https://www.cyberscoop.com/encryption-europe-tutanota-protonmail-threema-tresorit/

#tutanota #protonmail #threema #eu #encryption
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

China releases draft of major new privacy law: why it matters to everyone online

China has frequently figured in this blog, usually in the context of its censorship, surveillance activities, and wide-ranging abuse of human rights. But there’s another side to the story. Like other people around the world, China’s billion or so Internet users want their privacy protected when they go online. Trying to satisfy that need while preserving state control is a tough problem that the Chinese authorities have been grappling with recently. Back in May 2018, the Personal Information Security Specification took effect.

It offered “granular guidelines for consent and how personal data (called “personal information”) should be collected, used, and shared”, as the introduction to a translation of the new digital rules by New America puts it. Now the Chinese government has followed that up with a draft version of the Personal Information Protection Law (PIPL), a far more comprehensive and rigorous approach to protecting the digital privacy of Chinese citizens. A blog post on New America explains:

"China’s draft PIPL represents a third way between the sectoral U.S. approach, which applies different rules for specific industries or classes of consumers, and the European Union’s comprehensive General Data Protection Regulation (GDPR) framework, which enshrines fundamental rights across contexts. With the draft law, China’s evolving data governance regime emphasizes consumer privacy while also prioritizing national security through data localization measures, cross-border data flow restrictions, and continued surveillance and law enforcement powers."

The New America post points out that the PIPL draws quite heavily on the GDPR, which provides further proof of the influence of the latter legislation, something noted many times before on this blog. In the draft, the definitions of personal information, sensitive information, individual rights, and legal bases for processing, all have similarities to the EU framing. However, China’s requirements for national security mean that there are important differences when it comes to data flows.

Under the GDPR, these are allowed provided privacy is safeguarded. Under the PIPL, the limitations are far greater. China’s existing “Cybersecurity law” requires data held by so-called “critical information infrastructure” operators – essentially the most important digital companies – to be stored in China. The PIPL would require personal data referring to Chinese citizens to be stored within the country, even for some smaller companies. A rigorous assessment by China’s cybersecurity department is needed before any personal data can be sent abroad. In addition, the PIPL would grant the authorities the power to establish a blacklist of overseas companies that are banned from processing Chinese personal data if it is determined they violate China’s national security interests.

Moreover, the PIPL would allow the government to retaliate against entire countries that are deemed to have taken discriminatory regulatory measures against Chinese companies in the field of data protection. This is clearly with a view to counter the growing calls in the West to shut out Chinese companies from processing citizens’ personal data.

https://www.privateinternetaccess.com/blog/china-releases-draft-of-major-new-privacy-law-why-it-matters-to-everyone-online/

#china #draft #privacy #law #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Apple is sharing ‘A Day in the Life of Your Data’

28 January is Privacy Day and Apple is marking this occasion by sharing a study called ‘A Day in the Life of Your Data’, which walks users through a scenario of a father and daughter’s day at the playground and how their data is tracked by various websites and apps throughout.

https://www.apple.com/privacy/docs/A_Day_in_the_Life_of_Your_Data.pdf

https://www.ithinkdiff.com/apple-privacy-day-in-the-life-of-your-data/

#apple #yourdata #DeleteApple #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

More non free market manipulation

Trading companies impede people from buying certain stocks, they can only sell

No restriction to hedge funds, so they can recover from their shorting bets

Hi all,

I need a little help from you all.
I want to integrate something similar to Plexus into Aurora Store, that would help find users to check the compatibility of an app without Google Play Service & with microG.

@techlore has done fantastic job regarding the same, but the current data does not have packagename of the apps & to integrate these data into AuroraStore packagename is a must.

At later course of time I will add a form withing the app to collect this data anonymously.

Attaching you the current datasheet, available at Plexus.

You can easily find the packagename at PlayStore, just search the app name & select correct app.

Package id will be at the end of the URL, eg for Nova Launcher it would be : id=com.teslacoilsw.launcher

You can either make a PR to Plexus or update the online shared sheet here.

Kindly help me feed this data.

Regards,
Aurora Dev

Project Zero Security Blog

A Look at iMessage in iOS 14

https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html

@nogoolag
#projectzero #security #iOS #spiOS #goolag

The Hackerfleet Operating System & the Isomer Framework

A quick and dirty hands on introduction to Isomer development and how to set up the prime project using it, the Hackerfleet Operating System. This workshop is mostly intended for sailors, campers etc. but also very useful in many other situations.

What is all this? What are the benefits? How do things work? What will you need to get started? How to set everything up? How do you join the project and how to contribute? These kind of questions shall be answered! Additional workshopping and hacking may happen in a breakout room or something.

https://media.ccc.de/v/rc3-176543-the_hackerfleet_operating_system_the_isomer_framework

#hackerfleet #isomer #framework #rc3 #ccc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

CEO of Twitter loves GrapheneOS

https://nitter.net/jack/status/1355295732836626432

But everyone should boycott Twitter

#graphene #grapheneos #android #hardening #twitter

This IoT Mesh Network Watches You As You Shop - Without Cameras

We built an IoT mesh network to help understand shopper behavior, without using cameras.

Online retailers know a lot about how their customers are navigating their virtual stores. Offline retailers are not so lucky.

Together with consumer behavior experts B:Clarity and a multinational home appliance brand we built a system to help understand customer movement and behavior.

The system consists of wireless sensors that are installed in electronics stores. A few hundred sensors in each store.

💡 There are two types of sensors:

👉🏼 Vibration sensors. That trigger when someone is trying out a product.

👉🏼 Light sensors. Trigger when someone is standing in front of a product.

With these sensors, we can see what items are most popular, how it correlates to sales data – and how to take action to improve sales.

But without collecting any personally identifiable information.

https://www.thingsquare.com/blog/articles/iot-mesh-retail/

#iot #mesh #network #surveillance #shopping
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Changelog : v1.0.7
* Fix favourite button state not getting updated
* Sort apps by-default based on date updated
* Add new locale Portugese-Brazil (Pt-BR)
* Fix issue where installer method was getting reset to native on MIUI
* Fix issue where exta : was appended to download path

Garuda Linux

Hello and welcome to the Garuda Linux

Garuda Linux is an appealing Arch Linux based Distro with BTRFS (modern filesystem), Linux-tkg kernel, auto snapshots, gaming edition and much more.

💡 Choose your desktop environment from
#KDE, #GNOME, #Xfce, #Cinnamon, #MATE, #LXQt-kwin, #Wayfire, #Qtile, #BSPWM and #i3wm.

https://garudalinux.org/index.html

#garuda #linux #arch #distro
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Surveillance is about control

#surveillance #control #snowden #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Amazon CEO Jeff Bezos to step down this year, replaced by AWS chief Andy Jassy

Jeff Bezos will step down as CEO of Amazon in the third quarter of this year, becoming executive chairman of the company he conceived 27 years ago on a road trip to Seattle, and turning over day-to-day operations to longtime lieutenant Andy Jassy, who made his mark as the leader of Amazon’s fast-growing cloud business.

Here’s a statement from Bezos:

“Amazon is what it is because of invention. We do crazy things together and then make them normal. We pioneered customer reviews, 1-Click, personalized recommendations, Prime’s insanely-fast shipping, Just Walk Out shopping, the Climate Pledge, Kindle, Alexa, marketplace, infrastructure cloud computing, Career Choice, and much more. If you do it right, a few years after a surprising invention, the new thing has become normal. People yawn. That yawn is the greatest compliment an inventor can receive. When you look at our financial results, what you’re actually seeing are the long-run cumulative results of invention. Right now I see Amazon at its most inventive ever, making it an optimal time for this transition.”

https://www.geekwire.com/2021/amazon-ceo-jeff-bezos-step-year-replaced-aws-chief-andy-jassy/

#amazon #DeleteAmazon #bezos
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Here’s a sneak peek at Aurora Store v4, a big update to the open source Play Store client

The Aurora Store is a popular open-source client of the Google Play Store, allowing users to search, download, and update Android apps and games on any device running Android 5.0 and above. The app’s main highlight is that it doesn’t require GApps, MicroG, or Google service of any kind. Originally a fork of the Yalp Store, the app was later rewritten from scratch to offer a modern UI with Material Design.

The team behind Aurora Store is working on a major update that improves the app discovery and brings the user interface a step closer to the Google Play Store. XDA Senior Member Hb20032003 has shared some images — originally posted over at Aurora Store’s official Telegram group — giving us a sneak peek at what the fresh UI will look like. As you can see in the screenshots below, the new UI is clearly inspired by the Google Play Store, focusing on making it easier to discover new apps. The old Home, Updates, Categories tabs have been replaced by the Apps, Games, and Updates, and there’s now a floating search button instead of the top search bar. We also see new columns such as “For You,” “Top Charts,” and “Editor’s Choice,” along with proper app categories.

https://www.xda-developers.com/aurora-store-v4-update-sneak-peek-open-source-play-store-client/

#aurora #appstore #playstore #client
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

A French Infosec channel on Telegram

Are you interested in cybersecurity, privacy, vulnerabilities and Internet politics? You speak French and like to deal with these topics? Gathering knowledge, sharing knowledge and helping others sounds good to you? Then we are looking for exactly you. Get in touch with us.

#infosec #french #telegram #tg
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hi all,

Here is the first public alpha for AuroraStore v4.
A lot has changed from v3.2.9 which was like 7 months ago.

Google keeps changing the API, so instead of patching every changes.
I decided to write a new GPlay API that is dynamic enough to embrace this regular changes.

Therefore a new client was required to explore this dynamic API.

Here are few things that are new:
1. You can browse streams similar to Play Store, ie For You, Editor's Choice, Early Access. EC & EA is not available on anonymous logins.
2. App Library, so you can track your app install history.
3. App-on-Sale, uses a 3rd party API for index, but app data is fetched from Google's servers
4. A dedicated section for Games
5. A new improved App UI
6. A lot of under the hood improvements.
7. Kotlin

Here are few things that will no longer be available or has changed:
1. Geo-spoof, would provide a companion app to facilitate the same, if required.
2. Favourite app, will add something called similar to WishList, limited to google login only.
3. Anonymous logins now use your device-config to create session, so your device-config is sent to my dispenser server. It may sound scary but it is not, here is a sample of what I send to my dispenser in order to create a anonymous session.

Whatever else is missing, will be added soon,

Please keep in mind that this is a alpha build and it has many bugs & scope for improvements.
Help us improve & support building a friendly FOSS Community.

Use /bug to report a bug & /suggestion to add a suggestion.

I read all messages, I may not reply to all. But I do read all.

Regards,
Rahul

Google couldn't sign me in, so I signed out, indefinitely

I saw the above warning using Vivaldi: a successful and powerful Chromium based browser. There's nothing insecure about it. I tried to fix the problem by disabling all extensions, clearing all browser data, and enabling “less secure app access” in the Google account settings. Alas. The only solution I found was reinstalling the browser. But after having done so—five times—each time when clearing the cookies, or enabling a VPN, it wouldn't let me sign in again. Then the following email found my inbox.

“Someone knows the password to your linked Google Account”… Me. It was me! Obviously I know the password to my linked Google account. Forced to change my password I was duly annoyed. I realized how dependent I was. If Google unpredictably revokes access to your account, you can't log into anything else of their services: YouTube, Gmail, Play Store, Docs, Drive, Calendar, etc. Fortunately I already did a partial Google and social media exodus. Nevertheless, even when only using YouTube and Google Play, losing access startled me. Therefore, because I don't want to be put in this position again, I completed the exodus: discarding the need for a Google account.

A quick aside, I have nothing against monopolies as a general rule. Usually they grow so big because of a significantly superior service (1). But as convenient as they may be—even though their products aren't superior anymore—if their power goes to their head and they start pulling insidious shenanigans, like using false claims to deter people from browsers other than Chrome, then I'm out.

So that's exactly what I did and I was pleasantly surprised by the results. Believe it or not but my phone is more responsive and the battery lasts longer. Although the former might be due to the factory reset, I assume the latter has to do with the decrease in background processes due to 1. removing my Google account 2. subsequently disabling Google Play Store 3. disabling everything in the settings tab called Google services & preferences. Digital minimalism, it's so incredibly satisfying. You should try it. Your life was perfectly fine before you had all that extra stuff to worry about (or pay for); I learnt that from my teacher, Diogenes of Sinope, 404 – 323 BC.

https://www.quitfacebook.org/file/google.html

#google #DeleteGoogle #quitgoogle #alternatives #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

WikiLeaks Shop Banned From Facebook, No Explanation Given

The official Facebook account for the WikiLeaks Shop has been banned from the platform without explanation.

The shop raises money for Julian Assange’s defense fund by selling merch.

Speaking to the Gateway Pundit, the person who runs the account said that “it seems they banned us for posting a graphic of one of our Free Assange t-shirts.”

The last post on the account before it was removed was simply a black t-shirt with “Free Assange” written across it in white lettering.

“We’ve had no warnings and they won’t say what rule we broke,” the admin explained. “We contacted Facebook support and they were unable to assist us.”

https://www.thegatewaypundit.com/2021/02/wikileaks-shop-banned-facebook-no-explanation-given/

#wikileaks #assange #facebook #DeleteFacebook #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag