Everytime you try and go on a website

https://nitter.fdn.fr/5tevieM/status/1375116382770171906#m

#thinkabout #cookies #video
📡 @nogoolag 📡 @blackbox_archiv

When you need to confirm you're not a robot

https://nitter.pussthecat.org/5teviem/status/1333115413291552769

#thinkabout #captcha #video
📡 @nogoolag 📡 @blackbox_archiv

TrackerControl

TrackerControl allows users to monitor and control the widespread, ongoing, hidden data collection in mobile apps about user behaviour (‘tracking’).

To detect tracking, TrackerControl combines the power of the Disconnect blocklist, used by Firefox, and our in-house blocklist is used, created from analysing ~2 000 000 apps! Additionally, TrackerControl supports custom blocklists.

💡 This approach

👉🏼 reveals the companies behind tracking,

👉🏼 allows to block tracking selectively, and

👉🏼 exposes the purposes of tracking, such as analytics or advertising.

The app also aims to educate about your rights under Data Protection Law, such the EU General Data Protection Regulation (GDPR).

Under the hood, TrackerControl uses Android’s VPN functionality, to analyse apps’ network communications locally on the Android device. This is accomplished through a local VPN server, to enable network traffic analysis by TrackerControl.

💡 No root is required, other VPNs or Private DNS are not supported. No external VPN server is used, to keep your data safe! TrackerControl even protects you against DNS cloaking, a popular technique to hide trackers in websites and apps.

TrackerControl will always be free and open source, being a research project.

https://trackercontrol.org/

https://github.com/OxfordHCC/tracker-control-android/releases/latest/download/TrackerControl-githubRelease-latest.apk

#TrackerControl #data #collection #android #apps #opensource
📡 @nogoolag 📡 @blackbox_archiv

Cory Doctorow - How Facebook will benefit from its massive breach

Facebook has such a sweet racket. First, they used the Roach Motel model – data checks in, but it doesn't check out – to trap you and all your friends in a mutual hostage-taking situation, where you can't leave because they're there, and they can't leave because you're there.

All those address books they imported, the data they gathered from publishers' websites through the Like buttons (which gather data whether or not you click them), the data they bought or snaffled up through free mobile SDKs is now permanently siloed inside of FB.

FB is a walled garden: when you leave, you leave behind your friends and communities – you can't switch to a Diaspora instance or even Twitter and exchange messages with FB.

To their credit, millennials hated this shit, especially once their parents started joining FB and friending them. Those smart kids all bailed for Instagram.

So Facebook bought Instagram, explicitly to ensure that wherever you went, you'd still be in the Zuckersphere.

Facebook's surveillance data isn't that valuable, so it has to gather a lot of it. Most of its ad-tech advantage is just fraud: lying to advertisers about who saw its ads, lying to publishers about which kinds of content generate the most revenue.

https://pluralistic.net/2021/04/05/zucks-oily-rags/#into-the-breach

#DeleteFacebook #fb #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Why Democracy Needs Privacy

The more someone knows about us, the more they can influence us. We can wield democratic power only if our privacy is protected.

Imagine having a master key for your life. Would you go around making copies of it and giving them out to strangers? Probably not. So why are you willing to give up your personal data to pretty much anyone who asks for it?

Privacy is like the key that unlocks the aspects of yourself that are most intimate and personal, that most make you you. Your naked body. Your sexual history and fantasies. Your past, present, and possible future diseases. Your fears, your losses, your failures. The worst things you have ever done, said, and thought. Your inadequacies, your mistakes, your traumas. The moment in which you have felt most ashamed. That family relation you wish you didn’t have. Your most drunken night.

People who do not have your best interests at heart will exploit your data to further their own agenda. And most people and companies you interact with do not have your best interests as their priority. Privacy matters because the lack of it gives others power over you. Even more than monetary gain, personal data bestows power on those who collect and analyze it, and that is what makes it so coveted.

https://bostonreview.net/science-nature-politics/carissa-veliz-power-privacy

#privacy #democracy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

How A Facial Recognition Tool Found Its Way Into Hundreds Of US Police Departments, Schools, And Taxpayer-Funded Organizations

A BuzzFeed News investigation has found that employees at law enforcement agencies across the US ran thousands of Clearview AI facial recognition searches — often without the knowledge of the public or even their own departments.

A controversial facial recognition tool designed for policing has been quietly deployed across the country with little to no public oversight. According to reporting and data reviewed by BuzzFeed News, more than 7,000 individuals from nearly 2,000 public agencies nationwide have used Clearview AI to search through millions of Americans’ faces, looking for people, including Black Lives Matter protesters, Capitol insurrectionists, petty criminals, and their own friends and family members.

BuzzFeed News has developed a searchable table of 1,803 publicly funded agencies whose employees are listed in the data as having used or tested the controversial policing tool before February 2020. These include local and state police, US Immigration and Customs Enforcement, the Air Force, state healthcare organizations, offices of state attorneys general, and even public schools.

In many cases, leaders at these agencies were unaware that employees were using the tool; five said they would pause or ban its use in response to questions about it.

Our reporting is based on data that describes facial recognition searches conducted on Clearview AI between 2018 and February 2020, as well as tens of thousands of pages of public records, and outreach to every one of the hundreds of taxpayer-funded agencies included in the dataset.

https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition

#clearview #ai #facial #recognition #police #usa #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

License to Copy: Your Software Code Isn’t Safe After Google v. Oracle

“What is the point in obtaining a copyright in software? Not much, if Google can copy 11,500 lines of your code and it can still be a fair use. Copyrights just don’t protect computer code from actors like Google.”

In characteristic form, the Supreme Court has once again managed to blow it in another intellectual property case. This time, the Justices blessed Google’s copying of Oracle’s code and called it fair use despite the fact that Google copied that portion of the Sun Java API that allowed programmers to use the task-calling system that was most useful to programmers working on applications for mobile devices.

In the infinite wisdom of the Supreme Court, the copying of this code was found transformative because Google only used it to circumvent the need to license Java from Oracle with respect to Android smartphones. Of course, that isn’t exactly how the Supreme Court characterized it, but make no mistake, that is what they decided.

https://www.ipwatchdog.com/2021/04/06/license-copy-software-code-isnt-safe-google-v-oracle/id=131860/

#google #DeleteGoogle #software #code #copyright #oracle
📡 @nogoolag 📡 @blackbox_archiv

Darknet Diaries - EP 89: Cybereason: Molerats in the Cloud

The threat research team at Cybereason uncovered an interesting piece of malware. Studied it and tracked it. Which lead them to believe they were dealing with a threat actor known as Molerats.

https://darknetdiaries.com/episode/89/

#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag

Signal Adds a Payments Feature—With a Privacy-Focused Cryptocurrency

The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals.

When the encrypted communications app Signal launched nearly seven years ago, it brought the promise of the strongest available encryption to a dead-simple interface for calling and texting. Now, Signal is incorporating what it describes as a way to bring that same ease of use and security to a third, fundamentally distinct feature: payments.

Signal today announced that it's rolling out the ability for some of its users to send money to one another within its fast-growing encrypted communications network. To do so, it has integrated support for the cryptocurrency MobileCoin, a form of digital cash designed to work efficiently on mobile devices while protecting users' privacy and even their anonymity. For now, the payment feature will be available only to users in the UK, and only on iOS and Android, not the desktop. But the new feature nonetheless represents an experiment in bringing privacy-focused cryptocurrency to millions of users, one that Signal hopes to eventually expand around the world.

Moxie Marlinspike, the creator of Signal and the CEO of the non-profit that runs it, describes the new payments feature as an attempt to extend Signal's privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations. "There's a palpable difference in the feeling of what it's like to communicate over Signal, knowing you're not being watched or listened to, versus other communication platforms," Marlinspike told WIRED in an interview. "I would like to get to a world where not only can you feel that when you talk to your therapist over Signal, but also when you pay your therapist for the session over Signal."

https://www.wired.com/story/signal-mobilecoin-payments-messaging-cryptocurrency/

https://signal.org/blog/help-us-test-payments-in-signal/

#signal #privacy #payments #messaging #cryptocurrency #MobileCoin #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

DPC statement, re: Dataset appearing online

A dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals. A significant number of the users are EU users. Much of the data appears to been data scraped some time ago from Facebook public profiles.

Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality. Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR.

The newly published dataset seems to comprise the original 2018 (pre GDPR) dataset and combined with additional records, which may be from a later period.

The DPC attempted over the weekend to establish the full facts and is continuing to do so. It received no proactive communication from Facebook. Through a number of channels, it sought contact and answers from Facebook who have since indicated that:

“……… based on our investigation to date, we believe that the information in the data-set released this weekend was publicly available and scraped prior to changes made to the platform in 2018 and 2019. As I am sure you can appreciate, the data at issue appears to have been collated by third parties and potentially stems from multiple sources. It therefore requires extensive investigation to establish its provenance with a level of confidence sufficient to provide your Office and our users with additional information.”

Facebook assures the DPC it is giving highest priority to providing firm answers to the DPC. A percentage of the records released on the hacker website contain phone numbers and email address of users. Risks arise for users who may be spammed for marketing purposes but equally users need to be vigilant in relation to any services they use that require authentication using a person’s phone number or email address in case third parties are attempting to gain access.

The DPC will communicate further facts as it receives information from Facebook.

https://www.dataprotection.ie/en/news-media/press-releases/dpc-statement-re-dataset-appearing-online

#dpc #statement #investigation #DeleteFacebook #fb #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Catch me if you can (Part1)

How to build a disposable attack box using a Raspberry Pi

This post describes the basic process of building an attack box on a Pi. The goal here is to introduce the concept and rationale for building a minimal-resource attack box - not to deep dive into each command.

If you’ve worked with me long enough, you’ve probably seen me whip out a Raspberry Pi and start coding. For years, I’ve started every serious project on a Pi with 1GB RAM before shifting the code to a laptop for continued development.

Why?

Resource management. Clean code. Efficiency.

Raspberry Pi’s leave little room for the clumsy mistakes that are a common by-product of rushing the early development stages. By starting on a Pi, I’ve been able to put proper thought into the foundation of the code before expanding into larger, more forgiving environments.

I’ve built small systems applications, custom malware and even high-performance, big data (billions of files of throughput) applications, all starting on a measly $35 Pi.

The other day, a Raspberry Pi 4, complete with 8GB of RAM, arrived at my doorstep. The plan for this one? Build a disposable attack box I can use in real-world red team operations. And I figured I’d blog it as I go, in case it helps other minimalist programmers like myself.

https://feed.prelude.org/p/catch-me-if-you-can

👉🏼 Using a Raspberry Pi to hack grandma (Part2)
https://t.iss.one/BlackBox_Archiv/2052

#disposable #attackbox #grandma #raspberry
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Man Sentenced to 12 Years for Attempting to Purchase Chemical Weapon on the Dark Web

WASHINGTON – A Missouri man was sentenced to 12 years in federal prison without parole today for attempting to purchase a chemical weapon, capable of killing hundreds of people, on the dark web with Bitcoin.

Jason William Siesser, 46, of Columbia, Mo., pleaded guilty to one count of attempting to acquire a chemical weapon and one count of aggravated identity theft on Aug. 4, 2020. According to court documents, Siesser admitted that he attempted to acquire a chemical weapon on two occasions between June 14 and Aug. 23, 2018. He provided a shipping address in the name of a juvenile, whose identity he used without authorization, to place the orders for a highly toxic chemical in amounts capable of killing many people. Siesser paid for the chemical weapon with the digital cryptocurrency known as Bitcoin.

Siesser ordered two 10 mL units of the chemical on July 4, 2018, and paid with Bitcoin. The seller did not ship the chemical weapon at that time. Siesser continued to contact the seller. On July 19, 2018, Siesser told the seller that, “I plan to use it soon after I receive it.”

Siesser ordered three 10 mL units of the chemical weapon on Aug. 5, 2018. Siesser again paid for the order with Bitcoin, the equivalent of $150, and provided a shipping address in the name of a juvenile. This quantity of the chemical weapon has the capacity to kill approximately 300 people.

A controlled delivery of a package that contained an inert substance was made to Siesser’s residence on Aug. 23, 2018. Siesser believed the package contained the chemical weapon he had ordered, signed for the package and took it inside the residence.

Law enforcement officers then executed a search warrant at Siesser’s residence. On top of a shelf in the garage, officers located the inert substance Siesser believed to be a chemical weapon. Officers also located two separate and seemingly unopened shipping boxes on the shelf next to it. They contained approximately 10 grams of cadmium arsenide, a toxic compound, which can be deadly if ingested or inhaled; approximately 100 grams of cadmium metal; and approximately 500 mL of hydrochloric acid. An invoice for these products showed they had been ordered together on March 30, 2018.

Writings located within the home articulated Siesser’s heartache, anger and resentment over a breakup, and a desire for the person who caused the heartache to die.

https://telegra.ph/Man-Sentenced-to-12-Years-for-Attempting-to-Purchase-Chemical-Weapon-on-the-Dark-Web-04-06

via www.justice.gov

#purchase #darknet #chemical #weapon
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

European Institutions Were Targeted in a Cyber-Attack Last Week

A range of European Union institutions including the European Commission were hit by a significant cyber-attack last week.

A spokesperson for the commission said that a number of EU bodies “experienced an IT security incident in their IT infrastructure.” The spokesperson said forensic analysis of the incident is still in its initial phase and that it’s too early to provide any conclusive information about the nature of the attack.

“We are working closely with CERT-EU, the Computer Emergency Response Team for all EU institutions, bodies and agencies and the vendor of the affected IT solution,” the spokesperson said. “Thus far, no major information breach was detected.”

The attack was serious enough for senior officials at the commission to be alerted, according to a person familiar with the matter. The same person said the incident was bigger than the usual attacks that regularly hit the EU. Another EU official said that staff had recently been warned about potential phishing attempts.

Western institutions have uncovered at least two serious cyber-attacks recently.

The European Banking Authority disclosed last month that its systems may have been compromised following an attack on Microsoft Corp.’s email software that was linked to China and exposed the data of tens of thousands of organizations, according to cybersecurity experts. The U.S. government was hit by suspected Russian cyber-attackers last yearafter systems at The SolarWinds Corp. were breached.

https://www.bloomberg.com/news/articles/2021-04-06/european-institutions-were-targeted-in-a-cyber-attack-last-week

#cyberattack #breach #eu #SolarWinds #microsoft #phishing
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Signal finally updates public server code after months of silence

Signal Private Messenger has been a popular messaging platform for years, thanks to its focus on privacy and end-to-end encryption. The project has released the source code for every component of Signal, including the back-end server and client applications, but the public code for the server software was left outdated for months until just today.

Signal stores as little information as possible on remote servers, but there is still a server component for connecting users with phone numbers, sending push notifications, and other functionality. Signal has provided the source code for the server software on GitHub, making it possible for anyone to set up their own independent infrastructure. However, most people simply choose to use Signal’s platform, since communication between the primary server and self-hosted servers (federation) is not supported.

After April 22 of last year, Signal stopped updating the public code repository for its server software. The move was concerning, given that Signal’s open-source nature made it easier to perform security audits and ensure that the platform wasn’t leaking private data. A GitHub issue about the lack of releases was created last month, following other discussions on Reddit and Signal’s own community forum.

While Signal hasn’t yet made a public statement about the gap in code releases, the project finally published hundreds of commits today to the public GitHub repository. The repository now shows many code commits completed throughout 2020 and 2021, bumping the latest-available server version from 3.21 to 5.48.

It’s still not clear why Signal went so long without updating its public server code, especially when the group has historically prided itself on being open and transparent. We’ve reached out to Signal for a statement, and we’ll update our coverage when/if we get a response.

https://www.xda-developers.com/signal-updates-public-server-code/

https://github.com/signalapp/Signal-Server/

#signal #privacy #messaging #sourcecode #servercode #update
📡 @nogoolag 📡 @blackbox_archiv

Human- and Car-Tracking Autonomous Drones are Now On the Market

Is this the end of the police cruiser car chase?

It always starts innocuously, doesn't it? Autonomous drones look like good bets for home security cameras or hands-free versions of selfie sticks. But could they be used to track a person running through the woods, or a fleeing car?

https://www.core77.com/posts/108393/Human-and-Car-Tracking-Autonomous-Drones-are-Now-On-the-Market

https://www.youtube.com/watch?v=KFUf0kswmEg

#autonomous #drones #tracking #humans #cars #surveillance #police #thinkabout #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag

DIY Cryptocurrency Vending Machine

This project serves as a proof-of-concept Cryptocurrency Vending Machine (or "ATM"), more widely known as a "Bitcoin ATM." The aim is to teach people about how Bitcoin, and other cryptocurrencies work. The idea came about when at a meetup group where people were still new to the space, but wanted to learn about how this works by enabling to buy small amounts of crypto and learn about setting up a wallet, as well as sending and receiving crypto.

This Vending Machine was designed with simplicity in mind from the code all way through using inexpensive off-the-shelf parts like Arduino, Raspberry Pi, and other Hobby Electronics parts. The great thing about this project is that it isn't necesarily tied down to any platform. This can theoretically can be used on x86 based computers, rather than a Raspberry Pi, but could be used on other Single Board Computers. All it needs to have is the ability to run Python 3. This gives the flexibility for people to set this up on their own PC or recomission an older one they have around, if they choose to do so.

⚠️ Disclaimer: Please note that this repository hasn't been through a security audit, and running anything in a production scenario would be considered "unwise." Before running this in any scenario please realise that this is incubent on the end user to understand and apply legislation in the jurisdictions they are operating this hardware/software in and to be in compliance with their local authorities.

https://github.com/Michael-Free/BitcoinCash-VendingMachine

#bitcoin #cryptocurrency #vending #machine
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Nasdaq and Intel are teaming up on a new type of encryption that could prove key in speeding up adoption of AI and cloud tech on Wall Street

As banks, lenders, and other financial institutions increasingly turn towards artificial intelligence as a way to quickly analyze vast quantities of data, they're also attracting attention from US regulators.

Rulemakers' focus on AI is, in part, a result of concerns surrounding the safety and anonymity of customer data when used by this cutting-edge tech.

But a new tech collaboration between Nasdaq and Intel announced Tuesday might offer a solution. The partnership will see the trading venue adopt what's called homomorphic encryption, or HE, alongside Intel's latest-generation processors.

HE allows customers to perform AI and machine-learning computations on private data without ever having to decrypt the data itself, an especially critical tool in financial services where the safety of user data is increasingly important.

It's a technology that Intel also recently announced it's exploring with DARPA (The Defense Advanced Research Projects Agency, an arm of the Department of Defense) and will in Nasdaq's case provide the opportunity for next-generation computing to be tested in a business setting.

The ability to analyze large amounts of encrypted data using HE could lead to more efficient tools focused on anti-money laundering and fraud prevention efforts, areas that typically include sensitive data. Apart from finance, industries like healthcare, which tends to have restrictions around individuals' data, also stands to benefit from the use of HE.

HE could also help further increase the adoption of the public cloud, a growing trend on Wall Street. Concerns around data security in the public cloud would be alleviated by being able to keep the data encrypted.

https://telegra.ph/Nasdaq-and-Intel-are-teaming-up-on-a-new-type-of-encryption-that-could-prove-key-in-speeding-up-adoption-of-AI-and-cloud-tech-on-04-07

via www.businessinsider.com

#nasdaq #intel #encryption #ai
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Screw it, I’ll host it myself

It’s all fun and games until someone loses an eye. Likewise, it’s all fun and games until someone loses access to their private and/or business data because they trusted it to someone else.

You don’t have to be an expert seeker to be able to quickly duck out (it’s like the verb ‘googling’, but used to describe searching the interwebs through a decent search engine, like DuckDuckGo) all the stories about little guys being fucked over by “don’t be evil” type of corporate behemoths.

💡 You know what? Let me duck it out for you:

👉🏼 That time I got locked out of my Google account for a month

👉🏼 What it’s like to get locked out of Google indefinitely

👉🏼 Apple Card disabled my iCloud, App Store, and Apple ID accounts

👉🏼 GitHub blocks the entire company because one employee was in Iran

A drinking game recommendation (careful, it may and probably will lead to alcoholism): take a shot every time you find out how someone’s data has been locked and their business was jeopardized because they didn’t own, or at least back up their data.

💡 Owning your data and your tools

Owning your data is more than just having backup copies of your digital information. It’s also about control and privacy. It’s about trust. I don’t know about you, but I don’t trust a lot of services with my data (the ones I do are few and far between).

As this is a post about self-hosting, I won’t start preaching (trust me, it’s hard for me not to) how you should consider switching from WhatsApp to Signal, Google Maps to OpenStreetMap, or how you should quit Instagram and Facebook. You’re creating a lot of data there, and they don’t do pretty things with it. Fuck, I’m already preaching. Sorry about that.

https://www.markozivanovic.com/screw-it-ill-host-it-myself/

#mydata #selfhosting #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Et tu, Signal?

Many technologists viscerally felt yesterday’s announcement as a punch to the gut when we heard that the Signal messaging app was bundling an embedded cryptocurrency. This news really cut to heart of what many technologists have felt before when we as loyal users have been exploited and betrayed by corporations, but this time it felt much deeper because it introduced a conflict of interest from our fellow technologists that we truly believed were advancing a cause many of us also believed in. So many of us have spent significant time and social capital moving our friends and family away from the exploitative data siphon platforms that Facebook et al offer, and on to Signal in the hopes of breaking the cycle of commercial exploitation of our online relationships. And some of us feel used.

Signal users are overwhelmingly tech savvy consumers and we’re not idiots. Do they think we don’t see through the thinly veiled pump and dump scheme that’s proposed? It’s an old scam with a new face.

Allegedly the controlling entity prints 250 million units of some artificially scarce trashcoin called MOB (coincidence?) of which the issuing organization controls 85% of the supply. This token then floats on a shady offshore cryptocurrency exchange hiding in the Cayman Islands or the Bahamas, where users can buy and exchange the token. The token is wash traded back and forth by insiders and the exchange itself to artificially pump up the price before it’s dumped on users in the UK to buy to allegedly use as “payments”. All of this while insiders are free to silently use information asymmetry to cash out on the influx of pumped hype-driven buys before the token crashes in value. Did I mention that the exchange that floats the token is the primary investor in the company itself, does anyone else see a major conflict of interest here?

Let it be said that everything here is probably entirely legal or there simply is no precedent yet. The question everyone is asking before these projects launch now though is: should it be?

I think I speak for many technologists when I say that any bolted-on cryptocurrency monetization scheme smells like a giant pile of rubbish and feels enormously user-exploitative. We’ve seen this before, after all Telegram tried the same thing in an ICO that imploded when SEC shut them down, and Facebook famously tried and failed to monetize WhatsApp through their decentralized-but-not-really digital money market fund project.

https://www.stephendiehl.com/blog/signal.html

#signal #privacy #messaging #cryptocurrency #payment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Data protection activist Max Schrems: Google illegally tracks Android users

Facebook watchdog Max Schrems is taking on Google. He has filed a complaint in France accusing Google of massive violations of the GDPR - specifically, tracking via advertising ID.

Austrian privacy activist Max Schrems has filed a complaint against Google in France with his privacy association Noyb, alleging that the U.S. tech giant is illegally tracking the use of Android smartphones without the consent of their users. He bases his accusation on the unique advertising ID that every Android smartphone carries.

Accusation: Google's advertising ID allows tracking without consent

These IDs allow Google and its advertisers to track the surfing behavior of Android users in order to target them with suitable advertising. Apple has very similar technology with its Identifier for Advertisers (IDFA).

In the complaint filed Wednesday with France's data protection authority, Schrems accuses the tech giant of conducting "illegal operations" that violate EU data protection laws when creating and storing the advertising ID. In particular, he arguably sees the requirement for prior consent violated.

Schrems is calling on the data protection authorities to launch an investigation against Google. This should reveal Google's tracking practices and ultimately force the company to behave in a DSGVO-compliant manner. In addition, Schrems is calling for the imposition of hefty fines in the event that the authority finds evidence of misconduct.

"Trail of powder" allows detailed tracking

‼️ "These hidden identifiers on your phone allow Google and third parties to track users without their consent," Schrems' privacy lawyer Stefano Rossetti tells the Financial Times, adding, "It's like having a powder on your hands that leaves a trail of everything you do on your phone - from whether you swiped right or left to what song you were listening to."

Google has not yet commented on the allegations. Apple has just impressively proven that Schrems' concerns are not without substance by wanting to make the use of the advertising ID subject to consent in the upcoming iOS update.

(Paywall) https://www.ft.com/content/4617cc99-3ed2-49e1-b97f-db4f1b45b5db

https://t3n.de/news/google-trackt-android-1371162/#%E2%80%9ESpur_aus_Puder%E2%80%9C_erlaubt_detailliertes_Tracking

#dataprotection #android #advertising #id #user #tracking #illegal #gdpr #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Facebook does not plan to notify half-billion users affected by data leak

(Reuters) - Facebook Inc did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday.

Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post on Tuesday that “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts.

The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.

The scraped information did not include financial information, health information or passwords, Facebook said. However, the collated data could provide valuable information for hacks or other abuses.

Facebook, which has long been under scrutiny over how it handles user privacy, in 2019 reached a landmark settlement with the U.S. Federal Trade Commission over its investigation into allegations the company misused user data.

Ireland’s Data Protection Commission, the European Union’s lead regulator for Facebook, said on Tuesday it had contacted the company about the data leak. It said it received “no proactive communication from Facebook” but was now in contact.

The July 2019 FTC settlement requires Facebook to report details about unauthorized access to data on 500 or more users within 30 days of confirming an incident.

The Facebook spokesman declined to comment on the company’s conversations with regulators but said it was in contact to answer their questions.

https://www.reuters.com/article/us-facebook-data-leak/facebook-does-not-plan-to-notify-half-billion-users-affected-by-data-leak-idUSKBN2BU2ZY

#facebook #DeleteFacebook #data #leak #database #thinkabout
📡 @nogoolag 📡 @blackbox_archiv