Germany as a pioneer when it comes to limiting Facebook's data collection madness.
Will other countries now follow them restricting Facebook's data collection madness?

German Cartel Office restricts data collection from Facebook

Facebook has a dominant market position in Germany - and abuses it:
This has now been decided by the Bundeskartellamt. It prohibits the merging of data, Whatsapp and Instagram are also affected.

❗️The Bundeskartellamt has prohibited Facebook from collecting data outside the online network, for example with the Like button, because it sees unfair competition in it. Facebook has a dominant position in Germany and abuses it, the authority declared on 7 February 2019.

The Cartel Office also prohibited Facebook from merging the data collected on third-party websites with information collected from the users themselves on the platform of the online network. The authority also considers apps belonging to the group, such as Instagram and Whatsapp, to be third-party sources.

👉 https://www.golem.de/news/like-kartellamt-schraenkt-datensammelei-von-facebook-ein-1902-139243.html
👉 https://t.me/cRyPtHoN_INFOSEC_DE/2087

#Facebook #Bundeskartellamt #Cookies #Datenschutz #Datensicherheit #Instagram #Messenger #SozialesNetz #Whatsapp
#Internet #DeleteFacebook #DeleteWhatsapp
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

Cutting the Wire

It has recently come to the attention of the PrivacyTools team that Wire, the popular end-to-end encryption messaging platform had been sold or moved to a US company. After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.

Morpheus Ventures holds a portfolio including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?

Earlier this year, Wire announced they had entered a partnership with FedResults, in a move that would bring Wire's secure messaging platform to US federal agencies. This raised a few eyebrows, but did not alarm the privacy community as Wire remained Swiss based and beholden to Switzerland's strict privacy laws. Today however, while much of Wire's business will continue to be run out of their Swiss offices, with new US-based ownership it is not entirely clear how much jurisdiction the United States will have over Wire data.

This is alarming because it is well known that Wire stores unencrypted metadata for every user.

👉🏼 Read more:
https://blog.privacytools.io/delisting-wire/

#privacytools #delisting #wire #FedResults #messenger #swiss #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Riot Web 1.6, RiotX Android 0.19 & Riot iOS 0.11 — E2E Encryption by Default & Cross-signing is here!!

Hi folks,

We are incredibly excited to present the biggest change in Riot ever: as of the last 24 hours we are enabling end-to-end encryption by default for all new non-public conversations, together with a complete rework of Riot’s user experience around E2E encryption, powered by a whole new suite of encryption features in Matrix. We have released this simultaneously on Web, Desktop, iOS and RiotX Android!

👉🏼 Web:
https://riot.im/app

👉🏼 Desktop:
https://riot.im/download/desktop/

👉🏼 iOS:
https://apps.apple.com/us/app/riot-im/id1083446067

👉🏼 RiotX Android:
https://play.google.com/store/apps/details?id=im.vector.riotx

💡 More info:
https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/

#riot #matrix #messenger #e2e #encryption #android #iOS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Facebook merges Messenger chat service with Instagram

http://telegra.ph/Facebook-merges-Messenger-chat-service-with-Instagram-10-01

via www.theguardian.com


#fb #Facebook #instagram #messenger

Five-Eyes intelligence services to help Europe circumvent encryption

Strongly secured chats annoy secret services and prosecutors worldwide. On this sensitive issue, the EU states are now to coordinate with the powerful Anglo-Saxon secret service alliance.

In future, the EU states are to work closely with the Anglo-Saxon secret service alliance of the "Five Eyes" to circumvent secure encryption in digital communications. This can be seen from documents sent to the member states by the German EU Council Presidency and available to the Süddeutsche Zeitung. As "Five Eyes", the secret services of the USA, Great Britain, Australia, New Zealand and Canada are cooperating with each other.

A report by the Austrian radio station ORF had already pointed out two weeks ago the similarity of the wording in the draft EU paper with a statement by the secret service alliance "Five Eyes" as well as India and Japan on October 11, which also demanded "lawful access to encrypted communication". Another paper from the EU Council of Ministers now substantiates this suspicion: The document called "Recommendations for the future handling of the encryption issue" is dated November 16 and has been submitted to the SZ.

The document is addressed to the EU member states and is a kind of handout. Point six states that governments should engage in a close dialogue on the topic with the initiators of the paper "End-to-End-Encryption and Public Safety". This is the declaration of the Five Eyes countries, as well as India and Japan, in which they call on companies such as Facebook to allow states access to encrypted content.

👀 👉🏼 Translated with DeepL
https://www.sueddeutsche.de/digital/geheimdienste-verschluesselung-crypto-wars-messenger-1.5131084

#fiveeyes #intelligence #eu #encryption #messenger #cryptowars #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Threema boss: Master key for secret services "not possible at all

The head of the messenger service Threema has sharply criticized demands for access to private chat messages for state security authorities. "These demands for a master key testify to the inexperience of the authorities," Martin Blatter told Welt am Sonntag. Technically, he said, it was not even possible. "We don't have a master key that we could deposit. The encryption is done by the users and not by us.

"Criminals almost always already known to the authorities"

In mid-November, alleged plans by EU countries to ban the secure encryption of messages on channels such as WhatsApp caused a great stir. The German EU Council Presidency had drafted a resolution on the subject. However, the paper was vaguely formulated and did not go into detail about how security authorities should be able to decrypt encrypted messages. Nevertheless, civil rights activists and data protectionists strongly criticized the initiative.

Blatter also emphasized that in the case of terrorist attacks, the perpetrators were almost always already known to the authorities and on file. "This means that politicians have not managed to protect citizens". In the newspaper interview, he also spoke of U.S. secret services having forced manufacturers of routers to install back doors, which in the end were also used by China.

👀 👉🏼 Translated with DeepL
https://telegra.ph/Threema-Chef-Generalschl%C3%BCssel-f%C3%BCr-Geheimdienste-gar-nicht-m%C3%B6glich-11-29

via www.heise.de

#fiveeyes #intelligence #eu #encryption #messenger #threema #cryptowars #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Whatsapp, Threema & Co.: Messenger must hand over personal data

A new telecommunications law provides new surveillance powers for security authorities. It also includes data retention.

The new Telecommunications Act (TKG) has it all. On 465 pages, messengers and e-mail are declared to be telecommunications services, thus introducing surveillance powers similar to those for conventional telephones. Data retention and faster network expansion also appear in the bill. This is to be decided on a fast-track basis.

Whereas many of the provisions of the Telecommunications Act previously applied to Internet providers or telephone providers, they will now be extended to so-called over-the-top services such as e-mail providers or messengers like Whatsapp, Signal, Threema, Telegram or Wire. According to the so-called Gmail ruling of the European Court of Justice (ECJ), these are not telecommunications services, and accordingly the surveillance powers of the security authorities do not apply to them.

With the TKG amendment, messengers that collect inventory data such as name, address or an identifier such as phone number, user name or other ID are obliged to store this data and hand it over to security authorities upon request, even if the account has already been deleted.

👉🏼 Source 🇩🇪 👈🏼
https://www.golem.de/news/whatsapp-threema-co-messenger-sollen-bestandsdaten-herausgeben-muessen-2012-152770.html

#whatsapp #threema #telegram #personaldata #surveillance #authorities #messenger #netpolitics #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Facebook and Instagram disable features in Europe

Facebook is disabling several features in its Messenger and Instagram apps for people in Europe, to make sure they comply with a change in privacy rules.

From 21 December, messaging apps will fall under EU rules known as the ePrivacy directive.

Facebook has decided to switch off several interactive options and offer just a core messaging service until it can add the extras back in.

Group chat polls on Messenger are among the tools to be switched off.

The ability to set nicknames for friends on Messenger will also be deactivated, while the sharing of augmented-reality face filters via direct message on Instagram will also be switched off in Europe.

Facebook said it had not published a list of all the features it was suspending in Europe because it would be quickly reactivating ones that it was confident complied with the rules.

The core text messaging and calling options on Instagram and Messenger will not be affected.

"We're still determining the best way to bring these features back. It takes time to rebuild products in a way that work seamlessly for people and also comply with new regulation," the company said in a statement.

The tools will be deactivated for users across Europe in stages, so some people may find they can still use them for a few more days.

https://www.bbc.co.uk/news/technology-55350795

#DeleteFacebook #facebook #eu #messenger #instagram #ePrivacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Threema publishes source code and lowers prices

The messenger service has disclosed its complete source code and cut its app prices by half.

After the service had already revealed its cryptographic processes to the public for some time, the next step now follows. The entire source code of the apps can now be viewed. It is subject to the third version of the GNU Affero General Public License (AGPLv3). Using reproducible builds, specialists can check at any time whether it matches the source code of the sales apps. Due to Apple's app store policies, this is currently only possible via the Android versions.

https://telegra.ph/Open-Source-Threema-publishes-source-code-and-lowers-prices---Aroged-12-21

via www.aroged.com

Source Code and Documentation:
https://threema.ch/de/open-source

👉🏼 Criticism (in German)
https://mastodon.social/@larma/105417391165300578

#threema #messenger #opensource
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Signal: New Signal groups use Google servers

Some readers have pointed out to me that Signal appears to be using the Google Data Center to create / manage new Signal groups. The domain storage.signal.org resolves to the IP addresses:

216.239.32.21
216.239.34.21
216.239.36.21
and 216.239.38.21

These addresses belong to Google, Mountain View. The host name of these servers or the Revese lookup also listens to the name any-in-2015.1e100.net.

The question now is, why the group function is linked to Google servers. Especially for privacy-sensitive users Google is a red flag - for a good reason: The sick WWW: Stop using Google Web-Services.

https://www.kuketz-blog.de/signal-neue-signal-gruppen-nutzen-google-server/

#signal #messenger #google #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Signal: All communication takes place via tech giants like Amazon, Microsoft, Google and Cloudflare.

At Signal, all communication takes place via various tech giants such as Amazon, Microsoft, Google and Cloudflare. Broken down by domains, the following picture emerges:

❗️ Amazon: textsecure-service.whispersystems.org, cdn.signal.org, sfu.voip.signal.org
❗️ Google: storage.signal.org, contentproxy.signal.org
❗️ Microsoft: api.directory.signal.org, api.backup.signal.org
❗️ Cloudflare: cdn2.signal.org

Message exchange (textsecure-service.whispersystems.org) is done via Amazon AWS, for example, while Google Data Servers (storage.signal.org) are responsible for creating and managing the groups. This means that all communication is handled via central servers of the tech giants. Especially privacy-sensitive users may be put off by this, which I can understand. However, at least from an IT security perspective, I think the use of the rented servers is negligible, since Signal works with the zero-knowledge principle. Certainly, it would be desirable if the Signal Foundation hosted the servers itself. However, this would not necessarily mean a security gain. Nevertheless, this is a point of criticism, since this naturally also flushes money into the coffers of the tech data octopuses.

https://www.kuketz-blog.de/signal-jegliche-kommunikation-erfolgt-ueber-tech-giganten-wie-amazon-microsoft-google-und-cloudflare/

#signal #messenger #google #amazon #microsoft #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag