Forwarded from XiaomiTime: Xiaomi & HyperOS News (IFTTT)
"Become a HyperOS Mi Pilot beta tester!1. Download the latest Mi Community app.2. Change region to Global in settings.3. Apply for the Beta Program under 'Beta testing'.Eligibility checks and basic questions apply. Approval within 7 days! Enjoy early access to HyperOS!"
🔗 Check More
🔗 Check More
XiaomiTime
How to become a HyperOS Mi Pilot beta tester? - XiaomiTime
If you want to be able to test and install HyperOS Mi Pilot releases early, you should become a HyperOS Beta Tester. Becoming a HyperOS Beta tester is a very
Forwarded from Tech & Leaks Zone
OnePlus Nord CE 5 Announced Globally
OnePlus Nord CE 5 is rebranded Ace 5 Racing Edition. As usual, OnePlus is again offering inferior processor & storage to the global markets. These includes:
1. Dimensity 9400e (basically flagship Dimensity 9300 Plus) in China while midrange MediaTek Dimensity 8350 globally.
2. UFS 4.0 storage for China while UFS 3.1 globally.
However, OnePlus has added MicroSD Card slot support for global markets and have also replaced the 2MP useless camera with 8MP ultrawide. All other specifications remains the same like the single mono speaker, 7100mAh battery etc.
Pricing:
• 8GB+128GB= Rs. 25,000/ €299/ £249
• 8GB+256GB= Rs. 27,000/ €349/ £299
• 12GB+256GB= Rs. 29,000
Follow @TechLeaksZone
OnePlus Nord CE 5 is rebranded Ace 5 Racing Edition. As usual, OnePlus is again offering inferior processor & storage to the global markets. These includes:
1. Dimensity 9400e (basically flagship Dimensity 9300 Plus) in China while midrange MediaTek Dimensity 8350 globally.
2. UFS 4.0 storage for China while UFS 3.1 globally.
However, OnePlus has added MicroSD Card slot support for global markets and have also replaced the 2MP useless camera with 8MP ultrawide. All other specifications remains the same like the single mono speaker, 7100mAh battery etc.
Pricing:
• 8GB+128GB= Rs. 25,000/ €299/ £249
• 8GB+256GB= Rs. 27,000/ €349/ £299
• 12GB+256GB= Rs. 29,000
Follow @TechLeaksZone
Telegram
Tech & Leaks Zone
OnePlus Ace 5 Ultra and Ace 5 Racing Edition Launched in China
Both of them features self-developed “Fengchi gaming core kernel”, glacier cooling system and self-developed "Lingxi touch chip" which enhances touch responsiveness with upto 3000Hz touch sampling…
Both of them features self-developed “Fengchi gaming core kernel”, glacier cooling system and self-developed "Lingxi touch chip" which enhances touch responsiveness with upto 3000Hz touch sampling…
https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md
TL;DR
matrix.org and vector.im receive a lot of private, personal and identifiable data on a regular basis, or metadata that can be used to precisely identify and/or track users/server, their social graph, usage pattern and potential location. This is possible both by the default configuration values in synapse/Riot that do not promote privacy, and by specific choices made by their developers to not disclose, inform users or resolve in a timely manner several known behaviours of the software.
Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver:
The Matrix ID of users, usually including their username.
Email addresses, phone numbers of the user and their contacts.
Associations of Email, phone numbers with Matrix IDs.
Usage patterns of the user.
IP address of the user, which can give more or less precise geographical location information.
The user's devices and system information.
The other servers that users talks to.
Room IDs, potentially identifying the Direct chat ones and the other user/server.
With default settings, they allow unrestricted, non-obfuscated public access to the following potentially personal data/info:
Matrix IDs mapped to Email addresses/phone numbers added to a user's settings.
Every file, image, video, audio that is uploaded to the Homeserver.
Profile name and avatar of users.
See below for a detailed analysis.
TL;DR
matrix.org and vector.im receive a lot of private, personal and identifiable data on a regular basis, or metadata that can be used to precisely identify and/or track users/server, their social graph, usage pattern and potential location. This is possible both by the default configuration values in synapse/Riot that do not promote privacy, and by specific choices made by their developers to not disclose, inform users or resolve in a timely manner several known behaviours of the software.
Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver:
The Matrix ID of users, usually including their username.
Email addresses, phone numbers of the user and their contacts.
Associations of Email, phone numbers with Matrix IDs.
Usage patterns of the user.
IP address of the user, which can give more or less precise geographical location information.
The user's devices and system information.
The other servers that users talks to.
Room IDs, potentially identifying the Direct chat ones and the other user/server.
With default settings, they allow unrestricted, non-obfuscated public access to the following potentially personal data/info:
Matrix IDs mapped to Email addresses/phone numbers added to a user's settings.
Every file, image, video, audio that is uploaded to the Homeserver.
Profile name and avatar of users.
See below for a detailed analysis.
GitHub
paper-research-privacy-matrix.org/part1/README.md at master · libremonde-org/paper-research-privacy-matrix.org
Privacy research on Matrix.org. Contribute to libremonde-org/paper-research-privacy-matrix.org development by creating an account on GitHub.
Forwarded from cKure
■■■■□ New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities.
https://cybersecuritynews.com/esim-hack/
https://cybersecuritynews.com/esim-hack/
Cyber Security News
New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities
A critical vulnerability in eSIM technology enables attackers to clone mobile subscriber profiles and hijack phone identities.
Bypassing Google's big anti-adblock update
Article, Comments
After a lot of time looking into the C++ code, I found exactly one vulnerable thing:
the opt_webViewInstanceId parameter. This was set for Chrome platform apps, in order to let them manage their embedded websites (WebViews). Among other things, it let them use web request blocking to control navigation. Basically, if an event had a WebView ID, the permission check for webRequestBlocking would be skipped. The issue was that the browser never verified that an event with a WebView ID actually belonged to a platform app. So an extension could spoof it, skip the check, and use the blocking feature.
Maybe I should note that platform apps were deprecated in 2020. I found this bug in 2023, and the code to handle opt_webViewInstanceId still exists in 2025. Goes to show how ancient code leads to bugs.
Article, Comments
After a lot of time looking into the C++ code, I found exactly one vulnerable thing:
the opt_webViewInstanceId parameter. This was set for Chrome platform apps, in order to let them manage their embedded websites (WebViews). Among other things, it let them use web request blocking to control navigation. Basically, if an event had a WebView ID, the permission check for webRequestBlocking would be skipped. The issue was that the browser never verified that an event with a WebView ID actually belonged to a platform app. So an extension could spoof it, skip the check, and use the blocking feature.
let WebRequestEvent = chrome.webRequest.onBeforeRequest.constructor // opt_webViewInstanceId is the 5th argument let fakeEvent = new WebRequestEvent("webRequest.onBeforeRequest", 0, 0, 0, 1337) fakeEvent.addListener(() => { return { cancel: true } }, { urls: ['*://*.example.com/*'] }, ['blocking']) Maybe I should note that platform apps were deprecated in 2020. I found this bug in 2023, and the code to handle opt_webViewInstanceId still exists in 2025. Goes to show how ancient code leads to bugs.
Forwarded from Gizchina.com
The dark politics of messaging apps: end-to-end encryption isn’t enough
https://www.gizchina.com/2025/07/13/the-dark-politics-of-messaging-apps-end-to-end-encryption-isnt-enough/
https://www.gizchina.com/2025/07/13/the-dark-politics-of-messaging-apps-end-to-end-encryption-isnt-enough/
DockWalls_1.0.11.apk
23.5 MB
Live wallpaper + goofy icon pack
Forwarded from Hacker News
Tilburg University
'Europe must ban American Big Tech and create a European Silicon Valley' | Tilburg University
Despite new laws in the field of digitalization, the existing European legislation is totally inadequate to counterbalance the Big Tech wave from Silicon Valley. This is argued by philosopher of law Bart van der Sloot. If we take the influence in the field…