rpg.pbem.online

Search

Items tagged with: privacy

● NEWS ● #eff #privacy ☞ How to Identify Visible (and Invisible) #Surveillance at Protests
 
● NEWS ● #eff #privacy ☞ How to Identify Visible (and Invisible) #Surveillance at Protests
 

AI firm that worked with Vote Leave wins new coronavirus contract | Technology | The Guardian

An artificial intelligence firm hired to work on the Vote Leave campaign may analyse social media data, utility bills and credit rating scores as part of a £400,000 contract to help the government deal with the coronavirus pandemic.
The company, Faculty, was awarded the contract by the Ministry of Housing, Communities and Local Government last month. However the full details of its work for the government are unknown because the published version of the contract was partly redacted.
The disclosure comes amid questions from civil liberties groups as to how private companies hired by the government during the pandemic are using confidential data.
#politics #CivilLiberties #security #privacy #UK #Tories #cronyism
 
Rod Rosenstein is working with NSO Group, the Israeli firm accused of spying on dissidents

"Rod Rosenstein, a former deputy attorney general at the Department of Justice, has been providing counsel on cybersecurity and national security to NSO Group, the Israeli software surveillance firm accused of spying on human rights activists and journalists, according to court documents obtained by CyberScoop."

"Rosenstein’s work with NSO Group was revealed in court documents in relation to a lawsuit WhatsApp filed against the company, accusing them of surveilling over 1,000 WhatsApp users."

#cybersecurity #NSOGroup #surveillance #privacy #humanrights
Rod Rosenstein is working with NSO Group, the Israeli firm accused of spying on dissidents
 

Scammers are using a social engineering trick to hijack WhatsApp accounts | TechRadar

Fraudsters are using a social engineering trick to fool WhatsApp users into handing over the keys to their accounts.
As Zak Doffman of Forbes explains, the scam has been around for some time, but has seen a recent resurgence, possibly due to increased reliance on messaging apps during the coronavirus pandemic.
#technology #tech #WhatsApp #security #privacy
 
Well, this is an interesting 'development'...

"According to Minnesota Public Safety Commissioner John Harringon, officials there have been using what they describe, without going into much detail, as contact-tracing in order to build out a picture of protestor affiliations — a process that officials in the state say has led them to conclude that much of the protest activity there is being fueled by people from outside coming in."

"In fact, Minnesota’s Gov. Tim Walz told reporters that as much as 80% of those being destructive are from outside Minnesota."

"Setting aside whether or not that’s true, the non-protest aspect to this is the fact that it speaks to privacy concerns around contact-tracing in general, since using this tool to fight the coronavirus pandemic is by definition an invasion of privacy. Contact tracers need to know personal details about you, such as who you’ve been around and where you’ve gone over a not-insignificant period of time. And now, it’s a tool that’s apparently being used to build a completely different, non-coronavirus-related informational picture of Americans."

"And what makes this even more interesting is the fact that a CNN analysis of Minneapolis data found what appears to be the complete opposite of the assertion about out-of-towners. Per CNN, 'More than 80% of people booked into jail in Minneapolis on riot and other potentially riot-related charges over the past two days are from Minnesota, according to a CNN analysis of data from the Hennepin County Sheriff’s office. Officials had earlier claimed that most protesters came from out of state'."

Via Minnesota is now using contact tracing to track protestors, as demonstrations escalate

#Minnesota #privacy #contacttracing #Amerika #surveillance
 
Well, this is an interesting 'development'...

"According to Minnesota Public Safety Commissioner John Harringon, officials there have been using what they describe, without going into much detail, as contact-tracing in order to build out a picture of protestor affiliations — a process that officials in the state say has led them to conclude that much of the protest activity there is being fueled by people from outside coming in."

"In fact, Minnesota’s Gov. Tim Walz told reporters that as much as 80% of those being destructive are from outside Minnesota."

"Setting aside whether or not that’s true, the non-protest aspect to this is the fact that it speaks to privacy concerns around contact-tracing in general, since using this tool to fight the coronavirus pandemic is by definition an invasion of privacy. Contact tracers need to know personal details about you, such as who you’ve been around and where you’ve gone over a not-insignificant period of time. And now, it’s a tool that’s apparently being used to build a completely different, non-coronavirus-related informational picture of Americans."

"And what makes this even more interesting is the fact that a CNN analysis of Minneapolis data found what appears to be the complete opposite of the assertion about out-of-towners. Per CNN, 'More than 80% of people booked into jail in Minneapolis on riot and other potentially riot-related charges over the past two days are from Minnesota, according to a CNN analysis of data from the Hennepin County Sheriff’s office. Officials had earlier claimed that most protesters came from out of state'."

Via Minnesota is now using contact tracing to track protestors, as demonstrations escalate

#Minnesota #privacy #contacttracing #Amerika #surveillance
 
Well, this is an interesting 'development'...

"According to Minnesota Public Safety Commissioner John Harringon, officials there have been using what they describe, without going into much detail, as contact-tracing in order to build out a picture of protestor affiliations — a process that officials in the state say has led them to conclude that much of the protest activity there is being fueled by people from outside coming in."

"In fact, Minnesota’s Gov. Tim Walz told reporters that as much as 80% of those being destructive are from outside Minnesota."

"Setting aside whether or not that’s true, the non-protest aspect to this is the fact that it speaks to privacy concerns around contact-tracing in general, since using this tool to fight the coronavirus pandemic is by definition an invasion of privacy. Contact tracers need to know personal details about you, such as who you’ve been around and where you’ve gone over a not-insignificant period of time. And now, it’s a tool that’s apparently being used to build a completely different, non-coronavirus-related informational picture of Americans."

"And what makes this even more interesting is the fact that a CNN analysis of Minneapolis data found what appears to be the complete opposite of the assertion about out-of-towners. Per CNN, 'More than 80% of people booked into jail in Minneapolis on riot and other potentially riot-related charges over the past two days are from Minnesota, according to a CNN analysis of data from the Hennepin County Sheriff’s office. Officials had earlier claimed that most protesters came from out of state'."

Via Minnesota is now using contact tracing to track protestors, as demonstrations escalate

#Minnesota #privacy #contacttracing #Amerika #surveillance
 
Image/Photo

Why a lot of the GNOME / GTK users prefer to install an exterior password managers instead of native #seahorse or standard unix-way: #pass + #gpg + #pwgen?

Take a look at these crazy dependencies:

  • KeePass (dependence: Mono framework! - aka "free .NET")
  • KeePassX (dependence: bloody Qt!)
  • KeePassXC (dependence: damned Qt!)
  • MyPasswordSafe (dependence: fucking Qt! Obsolete since 2004)
  • PasswordSafe (Wine recommended!) :)
  • Password Gorilla (needs Tcl. Obsolete since 2014)
  • PasswordSafe for GNOME (Flatpack! Or Meson + Python)
Why #Qt is bloody? By default! :) ... and as a main part of #KDE - the biggest evil too (sorry, it was a joke).

But do you really need the half of KDE - to install one(!) 100Kb package? :)

Vice versa, you can install #pass and #pwgen (amazing #gpg was installed by default):

Ve-e-ery simple examples

<br />Initialize password store 

    $ pass init [email protected]\* 
    mkdir: created directory ‘/home/zx2c4/.password-store’ 
    Password store initialized for [email protected] 

* or (for example): B7C077CF - GNUPG ID. 

List existing passwords in store 

    $ pass 
    Password Store 
    ├── Business 
    │   ├── some-silly-business-site.com 
    │   └── another-business-site.net 
    ├── Email 
    │   ├── donenfeld.com 
    │   └── zx2c4.com 
    └── France 
       ├── bank 
       ├── freebox 
       └── mobilephone   

    Alternatively, "pass ls". 

Find existing passwords in store that match .com 

    $ pass find .com 
    Search Terms: .com 
    ├── Business 
    │   ├── some-silly-business-site.com 
    └── Email 
       ├── donenfeld.com 
       └── zx2c4.com 

    Alternatively, "pass search .com". 

Show existing password 

    $ pass Email/zx2c4.com 
    sup3rh4x3rizmynam3  

Copy existing password to clipboard 

    $ pass -c Email/zx2c4.com 
    Copied Email/[email protected] to clipboard. Will clear in 45 seconds. 

Add password to store 

    $ pass insert Business/cheese-whiz-factory 
    Enter password for Business/cheese-whiz-factory: omg so much cheese what am i gonna do 

Add multiline password to store 

    $ pass insert -m Business/cheese-whiz-factory 
    Enter contents of Business/cheese-whiz-factory and press Ctrl+D when finished: 

    Hey this is my 
    awesome 
    multi 
    line 
    passworrrrrrrrd. 
    ^D  

Generate new password 

    $ pass generate Email/jasondonenfeld.com 15 
    The generated password to Email/jasondonenfeld.com is: 
    $(-QF&Q=IN2nFBx 

Generate new alphanumeric password 

    $ pass generate -n Email/jasondonenfeld.com 12 
    The generated password to Email/jasondonenfeld.com is: 
    YqFsMkBeO6di 

Generate new password and copy it to the clipboard 

    $ pass generate -c Email/jasondonenfeld.com 19 
    Copied Email/jasondonenfeld.com to clipboard. Will clear in 45 seconds. 

Remove password from store 

    $ pass remove Business/cheese-whiz-factory 
    rm: remove regular file ‘/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg’? y 
    removed ‘/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg’

The standalone #pwgen is very useful too:

pwgen -1 -B -c -n -s -y 24 -N 10 

    on/b?!mH5&`Cb\lx9no6P/Rb 
    O)]C}\Kl;t`>vXr5JdeS8k!6 
    UneVz^yylSL!x\*5Om)6!D:ZT 
    %vo~6HWNA1Nwaa-%EprAdY1| 
    1aC\*&C9,[email protected](G!Lg.D 
    V$k+4/On~Q%8|G31>BGt<\{b 
    X:!a|U8fNQ+,A)a,=%)w=?Wq 
    @7`Dj{_Lv[k0]T116DG;lCZc 
    []kaP"TvvSjC9zmJ4yd3"ld" 
    \<yf|>OzJ>?Pf&bxz2OE(.-?

If you prefer GUI, the simplest way is:

  • Open Seahorse
  • create any groups, keyrings and login+pass entries.

Don't forget about #GnomePasswordGenerator





#GNU #Linux #GNOME #GTK #Fedora #RedHat #CentOS #security #privacy #OS #keepass #keepassx #passwordsafe #pass #key #keyring #pgp #gnupg #man #manual #howto #Qt #KDE #mono #pwgen #password generator
 
From the annals of Sensible things that will never come to pass:

'Just Let the Patriot Act Die You Cowards': House Lawmakers Urged to Vote Down Flawed Domestic Spy Bill


"It would be unconscionable for the Democratic House to pass any PATRIOT Act reauthorization without critical privacy reforms."

[The problem is that the "Patriot" Act is a fascist's wet dream. It was their foot in the door. Asking them to give it up would be... an act of optimism. Their goal is to expand the civil violations, not repeal them.]

Progressive privacy advocates and civil libertarians on Wednesday called on constituents to urgently call their representative in the U.S. House and demand they vote against a surveillance bill that would allow the Justice Department and FBI to spy on the internet browser histories of people living in the United States—including citizens and undocumented immigrants.

... "It would be unconscionable for the Democratic House to pass any PATRIOT Act reauthorization without critical privacy reforms that would pass the Senate," said Vitka. "It is on Congress, and in particular House Democrats, to protect people from [Attorney General] Bill Barr's FBI."

#PatriotAct #Internet #Privacy
 
From the annals of Sensible things that will never come to pass:

'Just Let the Patriot Act Die You Cowards': House Lawmakers Urged to Vote Down Flawed Domestic Spy Bill


"It would be unconscionable for the Democratic House to pass any PATRIOT Act reauthorization without critical privacy reforms."

[The problem is that the "Patriot" Act is a fascist's wet dream. It was their foot in the door. Asking them to give it up would be... an act of optimism. Their goal is to expand the civil violations, not repeal them.]

Progressive privacy advocates and civil libertarians on Wednesday called on constituents to urgently call their representative in the U.S. House and demand they vote against a surveillance bill that would allow the Justice Department and FBI to spy on the internet browser histories of people living in the United States—including citizens and undocumented immigrants.

... "It would be unconscionable for the Democratic House to pass any PATRIOT Act reauthorization without critical privacy reforms that would pass the Senate," said Vitka. "It is on Congress, and in particular House Democrats, to protect people from [Attorney General] Bill Barr's FBI."

#PatriotAct #Internet #Privacy
 
tl;dr #clowncomputing is for clowns who love #security issues and think outsourcing the data to #surveillance companies is miraculously not a #privacy breach
 
tl;dr #clowncomputing is for clowns who love #security issues and think outsourcing the data to #surveillance companies is miraculously not a #privacy breach
 

Microsoft warns of huge email phishing scam - here's how to stay protected | TechRadar

Microsoft has issued an alert to users concerning a new widespread Covid-19 themed phishing campaign.
The threat installs the NetSupport Manager remote administration tool to completely take over a user's system and even execute commands on it remotely.
TLDR: If you get an email from the John Hopkins Center, don't open the spreadsheet attachment.

#technology #tech #security #privacy #hacking #Covid-19 #CoronaVirus
 

Lying bastards...




Ex-apple contractor:


I listened to hundreds of recordings every day, from various Apple devices (eg. iPhones, Apple Watches, or iPads). These recordings were often taken outside of any activation of Siri, i.e. in the context of an actual intention from the user to activate it for a request. These processings were made without users being aware of it, and were gathered into datasets to correct the transcription of the recording made by the device,” he said.

“The recordings were not limited to the users of Apple devices, but also involved relatives, children, friends, colleagues, and whoever could be recorded by the device. The system recorded everything: names, addresses, messages, searches, arguments, background noises, films, and conversations. I heard people talking about their cancer, referring to dead relatives, religion, sexuality, pornography, politics, school, relationships, or drugs with no intention to activate Siri whatsoever."

#apple #marketing #gnu #privacy #linux #gnulinux #siri #surveillance #datasets #security
 

What does coronavirus tracking in iOS 13.5 do? Cleaning up the confusion | Cult of Mac

iOS 13.5 dropped Wednesday, introducing a slew of upgrades — including, most notably, the API for Apple’s coronavirus contact-tracing tool, developed in conjunction with Google.
But, despite what you might hear online, this is neither an “app” or an update that means downloaders are being tracked without their knowledge. Let’s correct a few popular misconceptions.
#technology #tech #security #privacy #hacking #Apple #Covid-19 #CoronaVirus #ContactTracking
What exactly does coronavirus tracking in iOS 13.5 do? Clearing up the confusion
 

Signal to move away from using phone numbers as user IDs | ZDNet

Secure instant messaging app Signal launched this week a new feature called "Signal PINs" which the company says will help users migrate account data between devices.
Signal says that in the long run, this new feature is the base and the first step towards moving away from using phone numbers as profile IDs.
About time, too!

#technology #tech #security #privacy #hacking #messaging #Signal
 
Random stuff.

#EasyJet #databreach #cybersecurity #privacy
 

Schneier Gets It Exactly Right

California's new privacy law was actually a compromise to get a much better law off the November ballot.

We can do better, and we may!


https://www.schneier.com/blog/archives/2020/05/another_califor.html
I don't know why they accepted the compromise in the first place. It was obvious that the legislative process would be hijacked by the powerful tech companies. I support getting this onto the ballot this year.
See also https://clsbluesky.law.columbia.edu/2018/07/23/sullivan-cromwell-discusses-california-consumer-privacy-act-of-2018/

#schneier #bruce-schneier #privacy #surveillance #vote #ballot #initiative #measure #liberty #freedom
 

Schneier Gets It Exactly Right

California's new privacy law was actually a compromise to get a much better law off the November ballot.

We can do better, and we may!


https://www.schneier.com/blog/archives/2020/05/another_califor.html
I don't know why they accepted the compromise in the first place. It was obvious that the legislative process would be hijacked by the powerful tech companies. I support getting this onto the ballot this year.
See also https://clsbluesky.law.columbia.edu/2018/07/23/sullivan-cromwell-discusses-california-consumer-privacy-act-of-2018/

#schneier #bruce-schneier #privacy #surveillance #vote #ballot #initiative #measure #liberty #freedom
 

Critical vulnerabilities found in popular VPN apps | TechRadar

Researchers have found various flaws in popular VPN applications that may have exposed users to the hackers allowing them to install malicious updates and ransomware remotely.
According to the experts, top VPN apps including PrivateVPN and Betternet were found to be able to download fake software updates forcing users to install malware, keyloggers, etc. eventually helping in stealing private data.
Other VPN applications like Torguard, CyberGhost, Hotspot Shield and Hide Me were also found to be vulnerable and allowed the researchers to intercept the communication.
#technology #tech #security #privacy #hacking
 

ShinyHunters leak millions of user details | TechRadar

A hacking group known as ShinyHunters has put up a huge cache of stolen user details online.
According to reports, the hackers were able to steal the data of over 73 million users from various websites, which is now up for sale for approximately $18,000 on the underground marketplaces.
Among the sites that have fallen victim to the attack are the likes of Zoosk, Chatbooks, Star Tribune newspaper, Chronicle of Higher Education and various South Korean fashion and furniture websites.
#technology #tech #security #privacy #hacking
 

This is not funny: Xiaomi is spying on web and phone activity


“It’s a backdoor with phone functionality,” quips Gabi Cirlig about his new Xiaomi phone. He’s only half-joking.

When he looked around the Web on the device’s default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private “incognito” mode.

The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing.

He also found browsers shipped by Xiaomi on Google Play—Mi Browser Pro and the Mint Browser—were collecting the same data. Together, they have more than 15 million downloads, according to Google Play statistics. Many more millions are likely to be affected by what Cirlig described as a serious privacy issue, though Xiaomi denied there was a problem.

And the response?

Xiaomi’s spokesperson also denied that browsing data was being recorded under incognito mode. Both Cirlig and Tierney, however, found in their independent tests that their web habits were sent off to remote servers regardless of what mode the browser was set to, providing both photos and videos as proof. When Forbes provided Xiaomi with a video made by Cirlig showing how his Google search for “porn” and a visit to the site PornHub were sent to remote servers, even when in incognito mode, the company spokesperson continued to deny that the information was being recorded.

Sigh, that was it. No more Xiaomi phones...

#privacy #surveillance
 

This is not funny: Xiaomi is spying on web and phone activity


“It’s a backdoor with phone functionality,” quips Gabi Cirlig about his new Xiaomi phone. He’s only half-joking.

When he looked around the Web on the device’s default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private “incognito” mode.

The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing.

He also found browsers shipped by Xiaomi on Google Play—Mi Browser Pro and the Mint Browser—were collecting the same data. Together, they have more than 15 million downloads, according to Google Play statistics. Many more millions are likely to be affected by what Cirlig described as a serious privacy issue, though Xiaomi denied there was a problem.

And the response?

Xiaomi’s spokesperson also denied that browsing data was being recorded under incognito mode. Both Cirlig and Tierney, however, found in their independent tests that their web habits were sent off to remote servers regardless of what mode the browser was set to, providing both photos and videos as proof. When Forbes provided Xiaomi with a video made by Cirlig showing how his Google search for “porn” and a visit to the site PornHub were sent to remote servers, even when in incognito mode, the company spokesperson continued to deny that the information was being recorded.

Sigh, that was it. No more Xiaomi phones...

#privacy #surveillance
 

Meet EventBot, a new Android malware that steals banking passwords and two-factor codes | TechCrunch

Security researchers are sounding the alarm over a newly discovered Android malware that targets banking apps and cryptocurrency wallets.
#technology #tech #Google #Android #malware #hacking #privacy #security
Meet EventBot, a new Android malware that steals banking passwords and two-factor codes
 
Image/Photo
#Fairphone and #efoundation (/e/) just partnered and they are now offering the Fairphone 3 with /e/OS installed: https://e.foundation/product/e-os-fairphone-3/

#privacy #mobile #android
 

Fairphone teams up with /e/OS on a box-fresh ‘deGoogled’ handset | TechCrunch

The Netherlands-based device maker has partnered with France’s /e/OS to offer a “de-Googled” version of its latest handset, running an Android AOSP fork out of the box that’s itself built atop a fork of CyanogenMod (remember them?) — called LineageOS (via Engadget).
#technology #tech #Fairphone #Android #security #privacy
Fairphone teams up with /e/OS on a box-fresh ‘deGoogled’ handset
 

Apple’s latest iOS beta makes it easier to unlock an iPhone while wearing a face mask | The Verge

Instead of constantly attempting to identify your face using Face ID, a process that will not work while wearing a cloth or respiratory face mask to protect against COVID-19, iOS will now pull up the manual passcode option after one swipe up from the bottom of the screen. The change — which should eventually arrive in the standard, non-beta iOS release — will be a welcome one for any iPhone user who no longer has a model with a physical home button.
#technology #tech #Apple #iOS #FaceID #security #privacy
 

WhatsApp: Israeli firm 'deeply involved' in hacking our users | World news | The Guardian

WhatsApp has alleged in new court filings that an Israeli spyware company used US-based servers and was “deeply involved” in carrying out mobile phone hacks of 1,400 WhatsApp users, including senior government officials, journalists, and human rights activists.
Still using WhatsApp?

#technology #tech #WhatsApp #surveillance #security #privacy
 

Ministers plan to give more UK public bodies power to access phone data | World news | The Guardian

Ministers want to expand the scope of UK surveillance laws to give more public authorities – including a pensions watchdog and the Environment Agency – the power to access vast databases of personal phone and computer data.
Five additional public bodies are to be allowed to obtain communications data under the Investigatory Powers Act – frequently dubbed the snooper’s charter – as they are “increasingly unable to rely on local police forces to investigate crimes on their behalf”, according to documents published by the government.
#government #politics #surveillance #privacy #security #uk
 
Neo-Nazis Are Spreading a List of Emails and Passwords for Gates Foundation and WHO Employees

" A data dump of what appears to be the email addresses and passwords of members of the Gates Foundation, World Health Organziation (WHO), Center for Disease Control and Prevention (CDC), and a virology center based in Wuhan, China, is circulating within a network of neo-Nazi extremists."

"The data dump and circulation appears to be an attempt at intimidating several of the leading government and non-governmental groups currently leading the fight against the worldwide coronavirus pandemic, though it's likely many of the emails and passwords are outdated."

#Nazis #RWNJ #COVID19 #coronavirus #pandemic #disinformation #doxxing #cybersecurity #privacy
 

Telling Police Where People With COVID-19 Live Erodes Public Health


#privacy #covid19anddigitalrights #medicalprivacy #electronicfrontierfoundation #eff #digitalrights #digitalprivacy
posted by pod_feeder_v2
 

Telling Police Where People With COVID-19 Live Erodes Public Health


#privacy #covid19anddigitalrights #medicalprivacy #electronicfrontierfoundation #eff #digitalrights #digitalprivacy
posted by pod_feeder_v2
 

UK government using confidential patient data in coronavirus response | World news | The Guardian

Technology firms are processing large volumes of confidential UK patient information in a data-mining operation that is part of the government’s response to the coronavirus outbreak, according to documents seen by the Guardian.

Palantir, the US big data firm founded by the rightwing billionaire Peter Thiel, is working with Faculty, a British artificial intelligence startup, to consolidate government databases and help ministers and officials respond to the pandemic.

Data is also being used by Faculty to build predictive computer models around the Covid-19 outbreak. One NHS document suggests that, two weeks ago, Faculty considered running a computer simulation to assess the impact of a policy of “targeted herd immunity”. Lawyers for Faculty said the proposed herd immunity simulation never took place.
So, what's going on here?

#technology #tech #Covid-19 #CoronaVirus-19 #CoronaVirus #security #privacy
 

ProtonMail Users Get Free Storage, ProtonVPN Gets More Servers | The Mac Observer

Proton is giving users additional storage for ProtonMail at no extra cost, and added 53 additional ProtonVPN servers in 17 countries.
#technology #tech #email #security #privacy #ProtonMail

https://www.macobserver.com/link/proton-covid-19/?utm_source=macobserver&utm_medium=rss&utm_campaign=rss_everything
ProtonMail Users Get Free Storage, ProtonVPN Gets More Servers

The Mac Observer: ProtonMail Users Get Free Storage, ProtonVPN Gets More Servers - The Mac Observer (Andrew Orr)

 

Facebook tried to buy controversial tool to spy on iPhone users, court filing reveals | 9to5Mac

Over the last few years, Facebook has had a slew of privacy and security blunders and more details about one of them have come to light through a new court filing as the social media company is suing the spyware company NSO Group. It turns out Facebook tried to buy controversial government spyware to monitor iPhone and iPad users.
#technology #tech #Apple #iPhone #iPad #Facebook #spying #security #privacy
Facebook tried to buy controversial tool to spy on iPhone users, court filing reveals
 
(German translation below.)

If you're stuck at home and use Zoom as a video conferencing solution that works for you, that's fine. Keep using it. Here are some options you might want to check to enhance the overall security of your and your guests.

First, log in at https://zoom.us/signin and head to your settings at https://zoom.us/profile/setting.

* In the "Meeting" tab:
1. Set "Audio Type" to "Computer Audio". This will block people from using their phone to join a meeting - but that's required if you want to use End-to-End encryption all the time. Phones can't do encryption.
1. Make sure "Use Personal Meeting ID (PMI) when scheduling a meeting" is disabled. The PMI is a meeting ID that never changes, so don't use it. It should be disabled by default, but make sure.
1. Enable "Require a password for Personal Meeting ID (PMI)", so people can't join via your PMI even if you accidentally share it.
1. Make sure "Join before host" is disabled. If enabled, people can join your meetings before a host is there - meaning there won't be moderation.
1. Enable "Play sound when participants join or leave". That's useful, as everyone will be aware when someone joins unexpectedly.
1. Enable "Require Encryption for 3rd Party Endpoints (H323/SIP)".
* In the "Recording" tab:
1. Disable "Cloud recording". You can still record meetings to your local disk, but there is no need to store potentially private conversations on Zoom's servers.

If you have a more "presentation"-like format scheduled, where only you or a small number of presenters will be speaking to a high number of consuming participants, there are a couple of additional tips in addition to the settings above:

* Before the meeting: Require people to sign-up and collect their eMail addresses. Do not share the join-link publicly, and only send the credentials via eMail to the people who signed up.
* In the "Meeting" tab:
1. Enable "Mute participants upon entry" - this will force-mute everyone joining. You will have the option to decide whether people can speak or not.
1. Enable "Co-host" and promote someone you trust as Co-host to assist with muting/unmuting people as needed.
1. Set "Screen sharing" to "Host-Only" to avoid random people sharing their screens, which can be used for abuse. Promote people who need to share as Co-hosts, if you trust them.
1. Enable "Nonverbal feedback". This is useful if you have force-muted everyone. People can raise their hands if they want to say something, allowing you to unmute people for a short period.
1. Enable "Waiting room" for all participants if the nature of the call is sensitive/private. This means that people will not be able to join your meeting directly, but will be placed in a virtual waiting room, waiting for you to approve them to join the meeting. If you enable this, make sure to keep an eye on the participant list to avoid missing someone.
1. Make sure "Allow removed participants to rejoin" is disabled. This means that people that got kicked out of the meeting will not be able to rejoin, even if they know the credentials.
Wenn du zuhause festsitzt und Zoom als das Tool deiner Wahl für Videokonferenzen und Videotelefonate entdeckt hast, mach dir nicht zu viel Sorgen und bleibe dabei. Es ist wichtiger, ein Tool zu haben, dass stressfrei und problemlos die Aufgabe erledigt, als sich stundenlang mit Alternativen zu schlagen. Hier sind einige Tipps, wie du deine Meetings für dich und deine Teilnehmerinnen sicherer gestalten kannst.

Als Erstes, melde dich auf https://zoom.us/signin an und rufe deine Einstellungen unter https://zoom.us/profile/setting auf.

* Im "Meeting"-Tab:
1. Setze "Audiotyp" auf "Computeraudio". Damit deaktivierst du zwar die Möglichkeit, über ein Telefon am Meeting teilzunehmen, aber das ist wichtig, wenn du Ende-zu-Ende-Verschlüsselung verwenden willst. Telefone verstehen keine Verschlüsselung.
1. Stelle sicher, dass "Beim Planen eines Meetings die persönliche Meeting-ID (PMI) verwenden" nicht aktiv ist. Deine PMI ist eine Meeting-ID, die sich nie ändert, also sollte man davon besser die Finger lassen.
1. Schalte "Bei Personal-Meeting-ID (PMI) Kennwort verlangen" an, falls man doch mal versehentlich die fixe PMI weitergibt. Mit Kennwort kann dann trotzdem niemand das Meeting betreten.
1. Deaktiviere "Beitritt vor Moderator", dann können deine Gäste das Meeting erst betreten, wenn du da bist. Ist diese Option deaktiviert, können Leute ohne Moderation das Meeting betreten.
1. Aktiviere "Sound wiedergeben, wenn Teilnehmer teilnehmen oder verlassen". Dann wird immer, wenn eine Teilnehmerin beitritt, ein Ton für alle abgespielt. Damit wissen alle, wenn unerwartet jemand dazu kommt.
1. Aktiviere "Verschlüsselung für Endpunkte von Drittanbietern erforderlich (H323/SIP)".
* Im "Aufzeichnung"-Tab:
1. "Cloud-Aufzeichnung" ausschalten. Du kannst das Meeting immernoch auf deine Festplatte aufnehmen, aber es gibt keinen Grund, potenziell private Gespräche auf Zoom's Servern zu speichern.

Wenn man ein "vortragsähliches" Ding geplant hat, also ein Format in dem eine kleine Gruppe an Leuten aktiv zu einer großen, ggf. öffentlichen Gruppe spricht, gibt es zu den Einstellungen oben noch ein paar weitere Tipps:

* Vor dem Meeting: Stelle sicher, dass sich alle Teilnehmerinnen vor der Veranstaltung anmelden und sammle eMail-Adressen. Verteile den Zoom-Link oder die Meetingdaten dann nicht öffentlich, sondern nur per eMail an angemeldete Personen.
* Im "Meeting"-Tab:
1. Aktiviere "Teilnehmer beim Beitritt stumm schalten". Du hast dann bei jedem Meeting die Option, zu entscheiden, ob sich Teilnehmerinnen entstummen dürfen oder ob du das Sprechrecht einzeln vergeben willst.
1. Schalte "Co-Moderator" ein und befördere einer Person, der du vertraust, als Co-Moderator. Diese Person hat dann ebenfalls das Recht, Leute stummzuschalten oder zu kicken, und kann dir arbeit abnehmen.
1. Setze "Bildschirmübertragung" so, dass nur der Host den Bildschirm freigeben darf. Das verhindert, dass Leute ihren Bildschirm freigeben, um "Inhalte" zu präsentieren. Leute, die Vortragen müssen, können zum Co-Moderator befördert werden.
1. Aktiviere "Feedback ohne Worte". Das ist nützlich, damit Leute "die Hand heben können" wenn sie etwas sagen wollen - und dann kannst du als Host sie Entstummschalten und sie können reden.
1. Schalte den "Warteraum" für alle Teilnehmerinnen an, wenn das Gespräch persönlich ist. Das bedeutet, dass alle neuen Teilnehmerinnen in einen virtuellen Warteraum gesetzt werden, und die Moderatoren haben die Möglichkeit, diese Leute dann in das Meeting zu holen. Wenn du diese Option aktivierst, achte darauf, die Teilnehmerliste im Blick zu halten, damit du niemanden übersiehst.
1. Stelle sicher, dass "Entfernten Teilnehmern den erneuten Beitritt erlauben" deaktiviert ist. Das bedeutet, dass Leute, die aus dem Meeting geworfen wurden, nicht wieder beitreten können, auch wenn sie die Zugangsdaten kennen.
#zoom #privacy #security
 
(German translation below.)

If you're stuck at home and use Zoom as a video conferencing solution that works for you, that's fine. Keep using it. Here are some options you might want to check to enhance the overall security of your and your guests.

First, log in at https://zoom.us/signin and head to your settings at https://zoom.us/profile/setting.

* In the "Meeting" tab:
1. Set "Audio Type" to "Computer Audio". This will block people from using their phone to join a meeting - but that's required if you want to use End-to-End encryption all the time. Phones can't do encryption.
1. Make sure "Use Personal Meeting ID (PMI) when scheduling a meeting" is disabled. The PMI is a meeting ID that never changes, so don't use it. It should be disabled by default, but make sure.
1. Enable "Require a password for Personal Meeting ID (PMI)", so people can't join via your PMI even if you accidentally share it.
1. Make sure "Join before host" is disabled. If enabled, people can join your meetings before a host is there - meaning there won't be moderation.
1. Enable "Play sound when participants join or leave". That's useful, as everyone will be aware when someone joins unexpectedly.
1. Enable "Require Encryption for 3rd Party Endpoints (H323/SIP)".
* In the "Recording" tab:
1. Disable "Cloud recording". You can still record meetings to your local disk, but there is no need to store potentially private conversations on Zoom's servers.

If you have a more "presentation"-like format scheduled, where only you or a small number of presenters will be speaking to a high number of consuming participants, there are a couple of additional tips in addition to the settings above:

* Before the meeting: Require people to sign-up and collect their eMail addresses. Do not share the join-link publicly, and only send the credentials via eMail to the people who signed up.
* In the "Meeting" tab:
1. Enable "Mute participants upon entry" - this will force-mute everyone joining. You will have the option to decide whether people can speak or not.
1. Enable "Co-host" and promote someone you trust as Co-host to assist with muting/unmuting people as needed.
1. Set "Screen sharing" to "Host-Only" to avoid random people sharing their screens, which can be used for abuse. Promote people who need to share as Co-hosts, if you trust them.
1. Enable "Nonverbal feedback". This is useful if you have force-muted everyone. People can raise their hands if they want to say something, allowing you to unmute people for a short period.
1. Enable "Waiting room" for all participants if the nature of the call is sensitive/private. This means that people will not be able to join your meeting directly, but will be placed in a virtual waiting room, waiting for you to approve them to join the meeting. If you enable this, make sure to keep an eye on the participant list to avoid missing someone.
1. Make sure "Allow removed participants to rejoin" is disabled. This means that people that got kicked out of the meeting will not be able to rejoin, even if they know the credentials.
Wenn du zuhause festsitzt und Zoom als das Tool deiner Wahl für Videokonferenzen und Videotelefonate entdeckt hast, mach dir nicht zu viel Sorgen und bleibe dabei. Es ist wichtiger, ein Tool zu haben, dass stressfrei und problemlos die Aufgabe erledigt, als sich stundenlang mit Alternativen zu schlagen. Hier sind einige Tipps, wie du deine Meetings für dich und deine Teilnehmerinnen sicherer gestalten kannst.

Als Erstes, melde dich auf https://zoom.us/signin an und rufe deine Einstellungen unter https://zoom.us/profile/setting auf.

* Im "Meeting"-Tab:
1. Setze "Audiotyp" auf "Computeraudio". Damit deaktivierst du zwar die Möglichkeit, über ein Telefon am Meeting teilzunehmen, aber das ist wichtig, wenn du Ende-zu-Ende-Verschlüsselung verwenden willst. Telefone verstehen keine Verschlüsselung.
1. Stelle sicher, dass "Beim Planen eines Meetings die persönliche Meeting-ID (PMI) verwenden" nicht aktiv ist. Deine PMI ist eine Meeting-ID, die sich nie ändert, also sollte man davon besser die Finger lassen.
1. Schalte "Bei Personal-Meeting-ID (PMI) Kennwort verlangen" an, falls man doch mal versehentlich die fixe PMI weitergibt. Mit Kennwort kann dann trotzdem niemand das Meeting betreten.
1. Deaktiviere "Beitritt vor Moderator", dann können deine Gäste das Meeting erst betreten, wenn du da bist. Ist diese Option deaktiviert, können Leute ohne Moderation das Meeting betreten.
1. Aktiviere "Sound wiedergeben, wenn Teilnehmer teilnehmen oder verlassen". Dann wird immer, wenn eine Teilnehmerin beitritt, ein Ton für alle abgespielt. Damit wissen alle, wenn unerwartet jemand dazu kommt.
1. Aktiviere "Verschlüsselung für Endpunkte von Drittanbietern erforderlich (H323/SIP)".
* Im "Aufzeichnung"-Tab:
1. "Cloud-Aufzeichnung" ausschalten. Du kannst das Meeting immernoch auf deine Festplatte aufnehmen, aber es gibt keinen Grund, potenziell private Gespräche auf Zoom's Servern zu speichern.

Wenn man ein "vortragsähliches" Ding geplant hat, also ein Format in dem eine kleine Gruppe an Leuten aktiv zu einer großen, ggf. öffentlichen Gruppe spricht, gibt es zu den Einstellungen oben noch ein paar weitere Tipps:

* Vor dem Meeting: Stelle sicher, dass sich alle Teilnehmerinnen vor der Veranstaltung anmelden und sammle eMail-Adressen. Verteile den Zoom-Link oder die Meetingdaten dann nicht öffentlich, sondern nur per eMail an angemeldete Personen.
* Im "Meeting"-Tab:
1. Aktiviere "Teilnehmer beim Beitritt stumm schalten". Du hast dann bei jedem Meeting die Option, zu entscheiden, ob sich Teilnehmerinnen entstummen dürfen oder ob du das Sprechrecht einzeln vergeben willst.
1. Schalte "Co-Moderator" ein und befördere einer Person, der du vertraust, als Co-Moderator. Diese Person hat dann ebenfalls das Recht, Leute stummzuschalten oder zu kicken, und kann dir arbeit abnehmen.
1. Setze "Bildschirmübertragung" so, dass nur der Host den Bildschirm freigeben darf. Das verhindert, dass Leute ihren Bildschirm freigeben, um "Inhalte" zu präsentieren. Leute, die Vortragen müssen, können zum Co-Moderator befördert werden.
1. Aktiviere "Feedback ohne Worte". Das ist nützlich, damit Leute "die Hand heben können" wenn sie etwas sagen wollen - und dann kannst du als Host sie Entstummschalten und sie können reden.
1. Schalte den "Warteraum" für alle Teilnehmerinnen an, wenn das Gespräch persönlich ist. Das bedeutet, dass alle neuen Teilnehmerinnen in einen virtuellen Warteraum gesetzt werden, und die Moderatoren haben die Möglichkeit, diese Leute dann in das Meeting zu holen. Wenn du diese Option aktivierst, achte darauf, die Teilnehmerliste im Blick zu halten, damit du niemanden übersiehst.
1. Stelle sicher, dass "Entfernten Teilnehmern den erneuten Beitritt erlauben" deaktiviert ist. Das bedeutet, dass Leute, die aus dem Meeting geworfen wurden, nicht wieder beitreten können, auch wenn sie die Zugangsdaten kennen.
#zoom #privacy #security
 

This WhatsApp hack puts your friends, family at risk | Android Authority

WhatsApp is one of the best messaging services you can use. It’s been around for more than 10 years, and people all around the world use it every day. Unfortunately, WhatsApp’s popularity makes it a prime target for attackers. That’s exactly what’s happening right now as a current WhatsApp hack is putting users’ accounts at risk.
#internet #messaging #WhatsApp #privacy #security #hacking
A current WhatsApp hack could put your friends and family at risk
 

Responding to backlash, Zoom stops sharing user data with Facebook | iMore

Zoom has updated its iOS app to stop sharing user data with Facebook.
The company was sharing device data when users used "Login with Facebook".
Even users without a Facebook account were having their data harvested.
#technology #tech #VideoConferencing #Zoom #Facebook #security #privacy
 

Snowden warns: The surveillance states we’re creating now will outlast the coronavirus


Temporary security measures can soon become permanent

https://thenextweb.com/neural/2020/03/25/snowden-warns-the-surveillance-states-were-creating-now-will-outlast-the-coronavirus/

#coronavirus #covid19 #surveillance #privacy #permanent #snowden
 

Bruce Schneier: Emergency Surveillance During COVID-19 Crisis:

[A]ny data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles:
  • Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
  • Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for improper government containment efforts driven by bias based on nationality, ethnicity, religion, and race­ -- rather than facts about a particular individual's actual likelihood of contracting the virus...
  • Expiration. ... The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.
  • Transparency. Any government use of \"big data\" to track virus spread must be clearly and quickly explained to the public....
  • Due Process. If the government seeks to limit a person's rights based on this \"big data\" surveillance ... then the person must have the opportunity to timely and fairly challenge these conclusions and limits.
Abridged from original, well worth reading in full.

https://www.schneier.com/blog/archives/2020/03/emergency_surve.html

#covid19 #privacy #surveillance #surveillanceState #surveillanceCapitalism #BruceSchneier
 

Coronavirus bill: The biggest expansion in executive power we've seen in our lifetime | Politics.co.uk

We've never seen a bill like this. The powers it is going to give the state are unprecedented. It is the most extensive encroachment on British civil liberties we have ever seen outside of wartime.

Let's get the obvious out the way. The government is going to need many of these powers. Most - and perhaps even all of them - can be justified in their own right, given what we're facing.

But that means it is more, not less, important to scrutinise what is going on.
#security #privacy #science #Covid-19 #CoronaVirus
 
Later posts Earlier posts