Bangladesh’s Digital Security Bill can have a ‘chilling effect on free speech’: Asia Internet Coalition
We missed this earlier.
Asia Internet Coalition said in June that Bangladesh’s Digital Security Bill (BDSA) creates several obstacles to the conducive use of the internet ecosystem due to several vague obligations, unchecked powers, disproportionate penalties, and unworkable compliance requirements. The coalition, to which Facebook, Google, Amazon, LinkedIn, Twitter, Yahoo! are members, pointed out that the Act can have a chilling effect on free speech, and highlighted issues with how offences are laid out in it. Other members of the coalition are Apple, Expedia Group, Line, Rakuten, Airbnb, Grab, and Booking.com.
Bangladesh had passed the Digital Security Bill 2018 in September last year. Protests have been carried out against the bill; Amnesty International has called the law an attack on freedom of expression.
The coalition pointed out its issues with the Act, and also made some recommendations:
The act can have a ‘chilling effect on free speech’; offences under Act vague and subjective
AIC said that certain provisions of the act such as Section 21, 25 and 31 will have a “chilling effect on speech” because they’re “vaguely drafted”. It cited Section 66A of India’s IT Act which the Indian Supreme Court struck down for being “open ended, undefined, and vague”. It also urged the Bangladeshi government bear in view the “well established” tenets of international human rights law such as Article 19(3) of the International Convention on Civil and Political Rights. It points out issues specific to different clauses:
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/bangladeshs-digital-security-bill-can-have-a-chilling-effect-on-free-speech-asia-internet-coalition
#Bangladesh #DigitalSecurityBil #BDSA #Asia #FreeSpeach #chilling #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
We missed this earlier.
Asia Internet Coalition said in June that Bangladesh’s Digital Security Bill (BDSA) creates several obstacles to the conducive use of the internet ecosystem due to several vague obligations, unchecked powers, disproportionate penalties, and unworkable compliance requirements. The coalition, to which Facebook, Google, Amazon, LinkedIn, Twitter, Yahoo! are members, pointed out that the Act can have a chilling effect on free speech, and highlighted issues with how offences are laid out in it. Other members of the coalition are Apple, Expedia Group, Line, Rakuten, Airbnb, Grab, and Booking.com.
Bangladesh had passed the Digital Security Bill 2018 in September last year. Protests have been carried out against the bill; Amnesty International has called the law an attack on freedom of expression.
The coalition pointed out its issues with the Act, and also made some recommendations:
The act can have a ‘chilling effect on free speech’; offences under Act vague and subjective
AIC said that certain provisions of the act such as Section 21, 25 and 31 will have a “chilling effect on speech” because they’re “vaguely drafted”. It cited Section 66A of India’s IT Act which the Indian Supreme Court struck down for being “open ended, undefined, and vague”. It also urged the Bangladeshi government bear in view the “well established” tenets of international human rights law such as Article 19(3) of the International Convention on Civil and Political Rights. It points out issues specific to different clauses:
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/bangladeshs-digital-security-bill-can-have-a-chilling-effect-on-free-speech-asia-internet-coalition
#Bangladesh #DigitalSecurityBil #BDSA #Asia #FreeSpeach #chilling #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Attacking the Heart of the German Industry
For a number of years now, a group of professional hackers has been busy spying on businesses all over the world: Winnti. Believed to be controlled by China. For the first time, in a joint investigation, German public broadcasters BR and NDR are shedding light on how the hackers operate and how widespread they are.
This investigation starts with a code: daa0 c7cb f4f0 fbcf d6d1. If you know what to look for, you’ll find Winnti. Hackers who have been spying on businesses all over the world for years. A group, presumably China-based, has honed in on Germany and its DAX corporations. For the first time ever, BR and NDR reporters have successfully analyzed hundreds of the malware versions used for that unsavory purpose. The targets: At least six DAX corporations, the stock-listed top companies of the German industry.
Winnti is a highly complex structure that is difficult to penetrate. The term denotes both a sophisticated malware and an actual group of hackers. IT security experts like to call them digital mercenaries. Since at least 2011, these hackers have been using malware to spy on corporate networks. Their mode of operation: to collect information on the organizational charts of companies, on cooperating departments, on the IT systems of individual business units, and on trade secrets, obviously.
Asked about the group an IT security expert who has been analyzing the attacks for years replies, tongue in cheek: “Any DAX corporation that hasn’t been attacked by Winnti must have done something wrong.” A high-ranking German official says: “The numbers of cases are mind-boggling.” And claims that the group continues to be highly active—to this very day. The official’s name will remain undisclosed, as will names of the more than 30 people whom we were able to interview for this article: Company staff, IT security experts, government officials, and representatives of security authorities. They are either not willing or not allowed to speak frankly. But they are allowed to reveal some of their tactics.
This allows us to find the software and to figure out for ourselves how the attackers work. Thanks to the help received from the informers, we, the reporters, are able to get on to the group. Part of their trail is the following code: daa0 c7cb f4f0 fbcf d6d1.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/attacking-the-heart-of-the-german-industry
#hacker #china #winnti #attack #spionage #cyberattack #cyberspionage #BASF #Siemens #Henkel
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
For a number of years now, a group of professional hackers has been busy spying on businesses all over the world: Winnti. Believed to be controlled by China. For the first time, in a joint investigation, German public broadcasters BR and NDR are shedding light on how the hackers operate and how widespread they are.
This investigation starts with a code: daa0 c7cb f4f0 fbcf d6d1. If you know what to look for, you’ll find Winnti. Hackers who have been spying on businesses all over the world for years. A group, presumably China-based, has honed in on Germany and its DAX corporations. For the first time ever, BR and NDR reporters have successfully analyzed hundreds of the malware versions used for that unsavory purpose. The targets: At least six DAX corporations, the stock-listed top companies of the German industry.
Winnti is a highly complex structure that is difficult to penetrate. The term denotes both a sophisticated malware and an actual group of hackers. IT security experts like to call them digital mercenaries. Since at least 2011, these hackers have been using malware to spy on corporate networks. Their mode of operation: to collect information on the organizational charts of companies, on cooperating departments, on the IT systems of individual business units, and on trade secrets, obviously.
Asked about the group an IT security expert who has been analyzing the attacks for years replies, tongue in cheek: “Any DAX corporation that hasn’t been attacked by Winnti must have done something wrong.” A high-ranking German official says: “The numbers of cases are mind-boggling.” And claims that the group continues to be highly active—to this very day. The official’s name will remain undisclosed, as will names of the more than 30 people whom we were able to interview for this article: Company staff, IT security experts, government officials, and representatives of security authorities. They are either not willing or not allowed to speak frankly. But they are allowed to reveal some of their tactics.
This allows us to find the software and to figure out for ourselves how the attackers work. Thanks to the help received from the informers, we, the reporters, are able to get on to the group. Part of their trail is the following code: daa0 c7cb f4f0 fbcf d6d1.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/attacking-the-heart-of-the-german-industry
#hacker #china #winnti #attack #spionage #cyberattack #cyberspionage #BASF #Siemens #Henkel
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
Your family is none of their business
❗️ Today’s children have the most complex digital footprint in human history, with their data being collected by private companies and governments alike.
❗️ The consequences on a child’s future revolve around one’s freedom to learn from mistakes, the reputation damage caused by past mistakes, and the traumatic effects of discriminatory algorithms.
💡 https://edri.org/your-family-is-none-of-their-business/
#children #tracking #DigitalFootprint #EDRI #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
❗️ Today’s children have the most complex digital footprint in human history, with their data being collected by private companies and governments alike.
❗️ The consequences on a child’s future revolve around one’s freedom to learn from mistakes, the reputation damage caused by past mistakes, and the traumatic effects of discriminatory algorithms.
💡 https://edri.org/your-family-is-none-of-their-business/
#children #tracking #DigitalFootprint #EDRI #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
TikTok suspends accounts of three users after Shiv Sena’s IT Cell files FIR
Until last week Team 07 was one of the most popular TikTok groups in India. Then some of the members posted videos protesting a lynching of a Muslim - and their accounts were banned. “We have a zero tolerance policy against content that has a negative impact on our users or the country we operate in,” TikTok said.
In India, the Chinese app has been on talk shows for weeks, accused of unpatriotic propaganda.
Faisal Shaikh, 22, is so famous he can’t leave his home in suburban Mumbai without being mobbed. It’s hard not to be identified on the streets if 22 million people know what you look like. Until two weeks ago, Shaikh, or Mr Faisu, was one of TikTok’s biggest stars in India, but today neither he nor his millions of fans can access his page. On July 8, TikTok suspended the accounts of three of its users based on an FIR filed by a member of the Shiv Sena’s IT Cell. All three of them are young Muslim men with millions of followers each on the social network meant for sharing short, quirky videos.
Hasnain Khan, Shadan Farooqui and Faisal Shaikh are part of a five-member college group from Mumbai who are known on TikTok as Team 07. The other two members of the team are Adnan Shaikh and Faiz Baloch. They first bonded over their love of motorcycle stunts. Together, the five users have a following of over 40 million people.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/tiktok-suspends-accounts-of-three-users-after-shiv-senas-it-cell-files-fir
#TikTok #India #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Until last week Team 07 was one of the most popular TikTok groups in India. Then some of the members posted videos protesting a lynching of a Muslim - and their accounts were banned. “We have a zero tolerance policy against content that has a negative impact on our users or the country we operate in,” TikTok said.
In India, the Chinese app has been on talk shows for weeks, accused of unpatriotic propaganda.
Faisal Shaikh, 22, is so famous he can’t leave his home in suburban Mumbai without being mobbed. It’s hard not to be identified on the streets if 22 million people know what you look like. Until two weeks ago, Shaikh, or Mr Faisu, was one of TikTok’s biggest stars in India, but today neither he nor his millions of fans can access his page. On July 8, TikTok suspended the accounts of three of its users based on an FIR filed by a member of the Shiv Sena’s IT Cell. All three of them are young Muslim men with millions of followers each on the social network meant for sharing short, quirky videos.
Hasnain Khan, Shadan Farooqui and Faisal Shaikh are part of a five-member college group from Mumbai who are known on TikTok as Team 07. The other two members of the team are Adnan Shaikh and Faiz Baloch. They first bonded over their love of motorcycle stunts. Together, the five users have a following of over 40 million people.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/tiktok-suspends-accounts-of-three-users-after-shiv-senas-it-cell-files-fir
#TikTok #India #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Internet’s wildest man arrested after Caribbean odyssey
John McAfee, inventor of the virus scanner named after him and self-proclaimed US presidential candidate, has been temporarily arrested in the Dominican Republic for illegal possession of weapons.
A few days ago, McAfee posed with the weapons on Twitter, possibly providing the reason for the arrest.
Wednesday night he was released after three days and said he was leaving the country. He must leave his yacht behind.
Weapons, getaways, conspiracy theories, murder suspicions: John McAfee’s life is so exciting that Netflix made a series out of it - and Hollywood wanted to shoot a film of his life story with Johnny Depp in the leading role. Planned title: “Welcome to the Jungle”.
The eccentric IT entrepreneur is something like the mascot of the Internet. He has made millions with software, lost millions, staged himself as a renegade against everything and everyone, and claims that the CIA is after him. On photos he usually has a cigarette, a drink or a pump gun in his hand. On Twitter he entertains more than a million followers with his escapades. In recent days, another chapter has been added to the McAfee saga.
After an odyssey through the Caribbean, McAfee, his wife Janice and four other people, including a German citizen, were arrested in a port in the Dominican Republic. The country’s security forces confirmed Monday’s arrest, according to the AP news agency. Since Wednesday night, he has been at large again, as he announced on Twitter, garnished with photos in which he embraces grinning Dominican policemen.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/internets-wildest-man-arrested-after-caribbean-odyssey
#McAfee #arrested #caribbean
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
John McAfee, inventor of the virus scanner named after him and self-proclaimed US presidential candidate, has been temporarily arrested in the Dominican Republic for illegal possession of weapons.
A few days ago, McAfee posed with the weapons on Twitter, possibly providing the reason for the arrest.
Wednesday night he was released after three days and said he was leaving the country. He must leave his yacht behind.
Weapons, getaways, conspiracy theories, murder suspicions: John McAfee’s life is so exciting that Netflix made a series out of it - and Hollywood wanted to shoot a film of his life story with Johnny Depp in the leading role. Planned title: “Welcome to the Jungle”.
The eccentric IT entrepreneur is something like the mascot of the Internet. He has made millions with software, lost millions, staged himself as a renegade against everything and everyone, and claims that the CIA is after him. On photos he usually has a cigarette, a drink or a pump gun in his hand. On Twitter he entertains more than a million followers with his escapades. In recent days, another chapter has been added to the McAfee saga.
After an odyssey through the Caribbean, McAfee, his wife Janice and four other people, including a German citizen, were arrested in a port in the Dominican Republic. The country’s security forces confirmed Monday’s arrest, according to the AP news agency. Since Wednesday night, he has been at large again, as he announced on Twitter, garnished with photos in which he embraces grinning Dominican policemen.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/internets-wildest-man-arrested-after-caribbean-odyssey
#McAfee #arrested #caribbean
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Further study proves lie of “anonymous” data
Anonymous data is often not really anonymous at all, in many data records individuals can be uniquely identified even without a name. A new study illustrates the amazing precision with which this can be done. Many companies and databases undermine the basic data protection regulation.
Not everywhere where it says anonymous is also anonymous in it. This is made clear by a study in the scientific journal “Nature”. The researchers can identify 99.98 percent of Americans in each data set, with only 15 characteristics such as age, place of residence or nationality.
The scientists’ example: a cheap health insurance company sells customer data, but only “anonymously” and only from a fraction of the database. The study makes it clear: this is not true anonymity, the data is not secure. People are simply too unique to hide in databases. Removing names only makes records pseudonymous, not anonymous. With an online tool, anyone can trace the de-anonymization themselves.
The authors write that “even highly fragmented anonymized data records do not meet the modern anonymization standards of the Basic Data Protection Ordinance”. Their results question “the technical and legal adequacy” of simply deleting directly identifying data types and not worrying about identifiability using other data types.
Data is never completely anonymous
“The study once again shows very beautifully what we have known for a long time,” says data protection researcher Wolfie Christl to netzpolitik.org. “As long as data records relating to individuals are being processed, no form of anonymization can prevent individuals from being reidentified with complete certainty.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/further-study-proves-lie-of-anonymous-data
#study #data #anonymous #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Anonymous data is often not really anonymous at all, in many data records individuals can be uniquely identified even without a name. A new study illustrates the amazing precision with which this can be done. Many companies and databases undermine the basic data protection regulation.
Not everywhere where it says anonymous is also anonymous in it. This is made clear by a study in the scientific journal “Nature”. The researchers can identify 99.98 percent of Americans in each data set, with only 15 characteristics such as age, place of residence or nationality.
The scientists’ example: a cheap health insurance company sells customer data, but only “anonymously” and only from a fraction of the database. The study makes it clear: this is not true anonymity, the data is not secure. People are simply too unique to hide in databases. Removing names only makes records pseudonymous, not anonymous. With an online tool, anyone can trace the de-anonymization themselves.
The authors write that “even highly fragmented anonymized data records do not meet the modern anonymization standards of the Basic Data Protection Ordinance”. Their results question “the technical and legal adequacy” of simply deleting directly identifying data types and not worrying about identifiability using other data types.
Data is never completely anonymous
“The study once again shows very beautifully what we have known for a long time,” says data protection researcher Wolfie Christl to netzpolitik.org. “As long as data records relating to individuals are being processed, no form of anonymization can prevent individuals from being reidentified with complete certainty.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/further-study-proves-lie-of-anonymous-data
#study #data #anonymous #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Amazon Requires Police to Shill Surveillance Cameras in Secret Agreement
Amazon's home security company Ring has enlisted local police departments around the country to advertise its surveillance cameras in exchange for free Ring products and a “portal” that allows police to request footage from these cameras, a secret agreement obtained by Motherboard shows. The agreement also requires police to “keep the terms of this program confidential.”
Dozens of police departments around the country have partnered with Ring, but until now, the exact terms of these partnerships have remained unknown. A signed memorandum of understanding between Ring and the police department of Lakeland, Florida, and emails obtained via a public records request, show that Ring is using local police as a de facto advertising firm. Police are contractually required to "Engage the Lakeland community with outreach efforts on the platform to encourage adoption of the platform/app.”
In order to partner with Ring, police departments must also assign officers to Ring-specific roles that include a press coordinator, a social media manager, and a community relations coordinator.
Ring donated 15 free doorbell surveillance cameras to the Lakeland Police Department, and created a program to encourage people to download its “neighborhood watch” app, Neighbors. For every Lakeland resident that downloads Neighbors as a result of the partnership, the documents show, the Lakeland Police Department gets credit toward more free Ring cameras for residents: “Each qualifying download will count as $10 towards these free Ring cameras.” A Ring doorbell camera currently costs $130 on Amazon.
👉🏼 Read more:
https://outline.com/TvwejM
#DeleteAmazon #security #ring #surveillance #police #shill #secret #agreement #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Amazon's home security company Ring has enlisted local police departments around the country to advertise its surveillance cameras in exchange for free Ring products and a “portal” that allows police to request footage from these cameras, a secret agreement obtained by Motherboard shows. The agreement also requires police to “keep the terms of this program confidential.”
Dozens of police departments around the country have partnered with Ring, but until now, the exact terms of these partnerships have remained unknown. A signed memorandum of understanding between Ring and the police department of Lakeland, Florida, and emails obtained via a public records request, show that Ring is using local police as a de facto advertising firm. Police are contractually required to "Engage the Lakeland community with outreach efforts on the platform to encourage adoption of the platform/app.”
In order to partner with Ring, police departments must also assign officers to Ring-specific roles that include a press coordinator, a social media manager, and a community relations coordinator.
Ring donated 15 free doorbell surveillance cameras to the Lakeland Police Department, and created a program to encourage people to download its “neighborhood watch” app, Neighbors. For every Lakeland resident that downloads Neighbors as a result of the partnership, the documents show, the Lakeland Police Department gets credit toward more free Ring cameras for residents: “Each qualifying download will count as $10 towards these free Ring cameras.” A Ring doorbell camera currently costs $130 on Amazon.
👉🏼 Read more:
https://outline.com/TvwejM
#DeleteAmazon #security #ring #surveillance #police #shill #secret #agreement #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
US state of Louisiana proclaims state of emergency because of blackmail Trojan attack
The governor of the US state of Louisiana has declared a state of emergency after several school districts in his state were attacked by blackmail Trojans. After Colorado in February 2018, this is the second time a U.S. state has activated such laws.
https://gov.louisiana.gov/assets/EmergencyProclamations/115-JBE-2019-State-of-Emergency-Cybersecurity-Incident.pdf
#USA #louisiana #cybersecurity #StateOfEmergency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The governor of the US state of Louisiana has declared a state of emergency after several school districts in his state were attacked by blackmail Trojans. After Colorado in February 2018, this is the second time a U.S. state has activated such laws.
https://gov.louisiana.gov/assets/EmergencyProclamations/115-JBE-2019-State-of-Emergency-Cybersecurity-Incident.pdf
#USA #louisiana #cybersecurity #StateOfEmergency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Ad Tool Facebook Built to Fight Disinformation Doesn’t Work as Advertised
The social network’s new ad library is so flawed, researchers say, that it is effectively useless as a way to track political messaging.
Faced with a rising backlash over the spread of disinformation in the aftermath of the 2016 elections, Facebook last year came up with a seemingly straightforward solution: It created an online library of all the advertisements on the social network.
Transparency, it decided, was the best disinfectant.
Ads would stay in the library for seven years, letting ordinary users see who was pushing what messages and how much they were paying to do it. Facebook gave researchers and journalists deeper access, allowing them to extract information directly from the library so they could create their own databases and tools to analyze the ads — and ferret out disinformation that had slipped past the social network’s safeguards.
“We know we can’t protect elections alone,” Facebook said when it unveiled the latest version of its Ad Library in March. “We’re committed to creating a new standard of transparency and authenticity for advertising.”
But instead of setting a new standard, Facebook appears to have fallen short. While ordinary users can look up individual ads without a problem, access to the library’s data is so plagued by bugs and technical constraints that it is effectively useless as a way to comprehensively track political advertising, according to independent researchers and two previously unreported studies on the archive’s reliability, one by the French government and the other by researchers at Mozilla, the maker of the Firefox web browser.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/ad-tool-facebook-built-to-fight-disinformation-doesnt-work-as-advertised
#DeleteFacebook #disinformation #researchers #Transparency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The social network’s new ad library is so flawed, researchers say, that it is effectively useless as a way to track political messaging.
Faced with a rising backlash over the spread of disinformation in the aftermath of the 2016 elections, Facebook last year came up with a seemingly straightforward solution: It created an online library of all the advertisements on the social network.
Transparency, it decided, was the best disinfectant.
Ads would stay in the library for seven years, letting ordinary users see who was pushing what messages and how much they were paying to do it. Facebook gave researchers and journalists deeper access, allowing them to extract information directly from the library so they could create their own databases and tools to analyze the ads — and ferret out disinformation that had slipped past the social network’s safeguards.
“We know we can’t protect elections alone,” Facebook said when it unveiled the latest version of its Ad Library in March. “We’re committed to creating a new standard of transparency and authenticity for advertising.”
But instead of setting a new standard, Facebook appears to have fallen short. While ordinary users can look up individual ads without a problem, access to the library’s data is so plagued by bugs and technical constraints that it is effectively useless as a way to comprehensively track political advertising, according to independent researchers and two previously unreported studies on the archive’s reliability, one by the French government and the other by researchers at Mozilla, the maker of the Firefox web browser.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/ad-tool-facebook-built-to-fight-disinformation-doesnt-work-as-advertised
#DeleteFacebook #disinformation #researchers #Transparency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
US Congress: Election systems attacked in all 50 states
In the US presidential election, hackers attacked digital election infrastructure in all 50 states. This is the result of an investigation by the US Congress. MEPs warn against incalculable risks, even without manipulated votes.
Read the Senate Intelligence Committee’s report: ‘Russian Efforts Against Election Infrastructure,’ (volume one)
https://games-cdn.washingtonpost.com/notes/prod/default/documents/6d6ee989-d0bf-4d7c-a158-a979c74bad3e/note/fe8e288b-e6fe-45ee-8a8b-c5ec463f293f.pdf
#USA #congress #hackers #russia #attack #election #votes #manipulation
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
In the US presidential election, hackers attacked digital election infrastructure in all 50 states. This is the result of an investigation by the US Congress. MEPs warn against incalculable risks, even without manipulated votes.
Read the Senate Intelligence Committee’s report: ‘Russian Efforts Against Election Infrastructure,’ (volume one)
https://games-cdn.washingtonpost.com/notes/prod/default/documents/6d6ee989-d0bf-4d7c-a158-a979c74bad3e/note/fe8e288b-e6fe-45ee-8a8b-c5ec463f293f.pdf
#USA #congress #hackers #russia #attack #election #votes #manipulation
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Tell us if traceability is technically possible: Madras HC to WhatsApp and IIT Madras professor
India has had a problem with WhatsApp rumours and lies for some time now. Therefore, a court demanded that the number of the original channel be displayed next to a forwarded message. Experts should now clarify how this would be technically possible.
On July 24, Court No. 3 of the Madras High Court was packed with barely any standing room. As item no. 14 drew closer on the roster, more people jammed in. That’s because some of the biggest names in Indian legal fraternity had combined forced to make a case against implementing traceability in WhatsApp as the case examined ways in which cybercrime might be curbed with the assistance of social media companies.
Senior Advocates Kapil Sibal and Arvind Datar defended WhatsApp, as former Attorney General of India, Mukul Rohatgi, represented Facebook. The hearing began at 12:20 pm and went on for almost an hour. It saw representation from the government of Tamil Nadu (E. Manoharan), Twitter (Senior Advocate Sajan Poovayya), and Google (Senior Advocate P. S. Raman). Senior Advocate N. L. Rajah, who had represented WhatsApp in the last hearing, was also present. Internet Freedom Foundation, which had been made an intervener in the last hearing on June 27, was represented by Suhrith Parthasarathy. IFF’s executive director, Apar Gupta, was also present.
If this litany of names wasn’t enough, the presence of Brian Hennessey, the director and associate general counsel of WhatsApp, drove home the point that WhatsApp Inc. is paying particular attention to this case.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/tell-us-if-traceability-is-technically-possible-madras-hc-to-whatsapp-and-iit-madras-professor
#DeleteWhatsapp #tracing #india
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
India has had a problem with WhatsApp rumours and lies for some time now. Therefore, a court demanded that the number of the original channel be displayed next to a forwarded message. Experts should now clarify how this would be technically possible.
On July 24, Court No. 3 of the Madras High Court was packed with barely any standing room. As item no. 14 drew closer on the roster, more people jammed in. That’s because some of the biggest names in Indian legal fraternity had combined forced to make a case against implementing traceability in WhatsApp as the case examined ways in which cybercrime might be curbed with the assistance of social media companies.
Senior Advocates Kapil Sibal and Arvind Datar defended WhatsApp, as former Attorney General of India, Mukul Rohatgi, represented Facebook. The hearing began at 12:20 pm and went on for almost an hour. It saw representation from the government of Tamil Nadu (E. Manoharan), Twitter (Senior Advocate Sajan Poovayya), and Google (Senior Advocate P. S. Raman). Senior Advocate N. L. Rajah, who had represented WhatsApp in the last hearing, was also present. Internet Freedom Foundation, which had been made an intervener in the last hearing on June 27, was represented by Suhrith Parthasarathy. IFF’s executive director, Apar Gupta, was also present.
If this litany of names wasn’t enough, the presence of Brian Hennessey, the director and associate general counsel of WhatsApp, drove home the point that WhatsApp Inc. is paying particular attention to this case.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/tell-us-if-traceability-is-technically-possible-madras-hc-to-whatsapp-and-iit-madras-professor
#DeleteWhatsapp #tracing #india
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
🇪🇸 El anonimato va camino de desaparecer.
Con solo 15 atributos demográficos es posible identificar a cada uno de los ciudadanos de Estados Unidos.
Hasta ahora nos identificaba nuestro nombre, un número de DNI, un número de teléfono, una dirección postal o de email. Bastaba con ocultar estos detalles en una base de datos para que no pudiera vincularse una serie de informaciones con su propietario. Ya no.
El reguero de datos que dejamos más la capacidad de almacenarlos y tratarlos hacen que sea cada vez más sencillo identificarnos individualmente a partir de lo que hacemos o somos. El anonimato ya no depende de que alguien averigüe nuestro nombre o teléfono. Ahora nuestro comportamiento o identidad puede desanonimizarnos.
Las oficinas de censo, hospitales o empresas comparten muestras anonimizadas de sus inmensas bases de datos por transparencia o para estudios y comprobaciones. El pequeño tamaño de la muestra hacía difícil que esa información acabara vinculándose a un individuo.
Un nuevo estudio publicado por Nature Communications determina que esa incertidumbre es cuantificable. Y puede eliminarse. La coincidencia de unos datos no tenía por qué implicar que era exactamente esa persona. Con 15 atributos es suficiente para distinguir a cada uno de los estadounidenses, sea cual sea el tamaño de la muestra. "Aunque puede haber mucha gente que tiene 30 y pico años, es hombre, vive en Nueva York, muchos menos nacieron un 5 de enero de 1985, conducen un deportivo rojo y viven con dos niñas y un perro", dice Yves-Alexandre de Montjoye, profesor del Imperial College de Londres y uno de los autores de la investigación.
Los factores decisivos no son siempre los mismos o en la misma medida: a veces es el estado civil y otra la raza o cualquier otro. Pero solo tomando 15 factores el modelo es capaz de certificar con una probabilidad del 99,98% que la persona que buscamos es un perfil único entre una enorme base de datos.
Para encontrar a ese individuo hay que conocerlo o tener acceso obviamente a otra base de datos que nos dé parte de la información equivalente para cotejar. Parece difícil, pero la cantidad de combinaciones que pueden darse es cada vez mayor. La información sobre nosotros que puede encontrarse públicamente es cada día mayor.
A lo largo de la última década, los investigadores han encontrado que puede desanonimizarse con multitud de variables si el número de datos es suficiente: uso de redes sociales, datos genéticos, localización, gasto de tarjeta de crédito, historial de navegación, estilo de escritura, código informático.
El presidente Donald Trump ha sido una víctima reciente de la posibilidad de vincular información obtenida por ahí con muestras públicas de bases de datos. El New York Times publicó hace unos meses unos artículos de investigación sobre la declaración de renta del presidente. El periódico logró desanonimizar información fiscal de Trump en una lista de los contribuyentes más ricos del país a partir de unos datos que les había pasado una fuente: "El Times fue capaz de encontrar datos coincidentes en la información fiscal de los mayores contribuyentes (una base de datos disponible públicamente que cada año incluye una muestra de un tercio de esos contribuyentes, con los datos identificativos suprimidos)", dice el periódico.
"Los ataques solo van a mejorar", dice Arvind Narayanan, profesor de la Universidad de Princeton y autor del estudio que demostró que en una base de datos de 2006 solo con la información de evaluación de películas de medio millón de suscriptores de Netflix era posible identificar a individuos. Es decir, la capacidad de vincular nuestro pasado con información de bases de datos anónimas pero públicas solo va a mejorar.
"Nuestra recomendación", añade Narayanan, "es que la carga de la prueba recaiga en el controlador de los datos para que demuestre fehacientemente que los datos anónimos no pueden ser ligados a individuos, en lugar de que sean los defensores de la privacidad los que deban probar que esa relación es posible."
Con solo 15 atributos demográficos es posible identificar a cada uno de los ciudadanos de Estados Unidos.
Hasta ahora nos identificaba nuestro nombre, un número de DNI, un número de teléfono, una dirección postal o de email. Bastaba con ocultar estos detalles en una base de datos para que no pudiera vincularse una serie de informaciones con su propietario. Ya no.
El reguero de datos que dejamos más la capacidad de almacenarlos y tratarlos hacen que sea cada vez más sencillo identificarnos individualmente a partir de lo que hacemos o somos. El anonimato ya no depende de que alguien averigüe nuestro nombre o teléfono. Ahora nuestro comportamiento o identidad puede desanonimizarnos.
Las oficinas de censo, hospitales o empresas comparten muestras anonimizadas de sus inmensas bases de datos por transparencia o para estudios y comprobaciones. El pequeño tamaño de la muestra hacía difícil que esa información acabara vinculándose a un individuo.
Un nuevo estudio publicado por Nature Communications determina que esa incertidumbre es cuantificable. Y puede eliminarse. La coincidencia de unos datos no tenía por qué implicar que era exactamente esa persona. Con 15 atributos es suficiente para distinguir a cada uno de los estadounidenses, sea cual sea el tamaño de la muestra. "Aunque puede haber mucha gente que tiene 30 y pico años, es hombre, vive en Nueva York, muchos menos nacieron un 5 de enero de 1985, conducen un deportivo rojo y viven con dos niñas y un perro", dice Yves-Alexandre de Montjoye, profesor del Imperial College de Londres y uno de los autores de la investigación.
Los factores decisivos no son siempre los mismos o en la misma medida: a veces es el estado civil y otra la raza o cualquier otro. Pero solo tomando 15 factores el modelo es capaz de certificar con una probabilidad del 99,98% que la persona que buscamos es un perfil único entre una enorme base de datos.
Para encontrar a ese individuo hay que conocerlo o tener acceso obviamente a otra base de datos que nos dé parte de la información equivalente para cotejar. Parece difícil, pero la cantidad de combinaciones que pueden darse es cada vez mayor. La información sobre nosotros que puede encontrarse públicamente es cada día mayor.
A lo largo de la última década, los investigadores han encontrado que puede desanonimizarse con multitud de variables si el número de datos es suficiente: uso de redes sociales, datos genéticos, localización, gasto de tarjeta de crédito, historial de navegación, estilo de escritura, código informático.
El presidente Donald Trump ha sido una víctima reciente de la posibilidad de vincular información obtenida por ahí con muestras públicas de bases de datos. El New York Times publicó hace unos meses unos artículos de investigación sobre la declaración de renta del presidente. El periódico logró desanonimizar información fiscal de Trump en una lista de los contribuyentes más ricos del país a partir de unos datos que les había pasado una fuente: "El Times fue capaz de encontrar datos coincidentes en la información fiscal de los mayores contribuyentes (una base de datos disponible públicamente que cada año incluye una muestra de un tercio de esos contribuyentes, con los datos identificativos suprimidos)", dice el periódico.
"Los ataques solo van a mejorar", dice Arvind Narayanan, profesor de la Universidad de Princeton y autor del estudio que demostró que en una base de datos de 2006 solo con la información de evaluación de películas de medio millón de suscriptores de Netflix era posible identificar a individuos. Es decir, la capacidad de vincular nuestro pasado con información de bases de datos anónimas pero públicas solo va a mejorar.
"Nuestra recomendación", añade Narayanan, "es que la carga de la prueba recaiga en el controlador de los datos para que demuestre fehacientemente que los datos anónimos no pueden ser ligados a individuos, en lugar de que sean los defensores de la privacidad los que deban probar que esa relación es posible."
Los métodos deberán ser otros. El uso de grandes bases de datos ayuda a entender una enfermedad, la movilidad en una ciudad u otros comportamientos humanos. Esta labor deberá seguir haciéndose, pero será cada día más difícil. Los organismos o empresas que compartan o pierdan parte de sus bases de datos anonimizadas se creían invulnerables al no estar vinculadas a información personal. Cada vez más sin embargo lo que hacemos queda registrado y es información personal, esté o no ligada a un nombre o identificador único.
"Necesitamos estándares más altos para lo que constituyan datos anónimos legalmente y empezar a usar herramientas de ingeniería que permitan usar datos que logren preservar la privacidad de la gente", dice De Montjoye.
Este tipo de estudios deben tenerse en cuenta cuando las grandes tecnológicas dicen que no vinculan información personal con nuestros "datos". Para desanonimizar a alguien, ya no hace falta el carné de identidad.
https://elpais.com/tecnologia/2019/07/24/actualidad/1563927638_772353.html
#privacidad #anonimato #rastreo
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
"Necesitamos estándares más altos para lo que constituyan datos anónimos legalmente y empezar a usar herramientas de ingeniería que permitan usar datos que logren preservar la privacidad de la gente", dice De Montjoye.
Este tipo de estudios deben tenerse en cuenta cuando las grandes tecnológicas dicen que no vinculan información personal con nuestros "datos". Para desanonimizar a alguien, ya no hace falta el carné de identidad.
https://elpais.com/tecnologia/2019/07/24/actualidad/1563927638_772353.html
#privacidad #anonimato #rastreo
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El País
El anonimato va camino de desaparecer
Con solo 15 atributos demográficos es posible identificar a cada uno de los ciudadanos de Estados Unidos
Media is too big
VIEW IN TELEGRAM
Hong Kong police storm Yuen Long MTR station - 11 arrests, 23 injured at banned anti-triad demo
At least 23 people were injured and 11 were arrested following police-protester clashes during a banned anti-mob violence protest in Yuen Long on Saturday.
Among those hospitalised, two people were in a severe condition as of 1am Sunday, with 11 in a stable condition. Ten were discharged. At least four police officers and two journalists were also hurt as the violence escalated into the evening.
📺 https://www.hongkongfp.com/2019/07/28/video-11-arrests-23-injured-banned-anti-triad-demo-hong-kong-police-storm-yuen-long-mtr-station/
#FreeHongKong #freespeach #humanrights #demos #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
At least 23 people were injured and 11 were arrested following police-protester clashes during a banned anti-mob violence protest in Yuen Long on Saturday.
Among those hospitalised, two people were in a severe condition as of 1am Sunday, with 11 in a stable condition. Ten were discharged. At least four police officers and two journalists were also hurt as the violence escalated into the evening.
📺 https://www.hongkongfp.com/2019/07/28/video-11-arrests-23-injured-banned-anti-triad-demo-hong-kong-police-storm-yuen-long-mtr-station/
#FreeHongKong #freespeach #humanrights #demos #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
IP Freely (Screw YouTube)
In this clip from Episode 360 of The Corbett Report podcast, James debuts his blockbuster online protest song, “IP Freely (Screw YouTube),” featuring the #YouTube thoughtcrime chord: the Dsus2!
📺 https://www.corbettreport.com/ip-freely-screw-youtube/
#ScrewYouTube #corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
In this clip from Episode 360 of The Corbett Report podcast, James debuts his blockbuster online protest song, “IP Freely (Screw YouTube),” featuring the #YouTube thoughtcrime chord: the Dsus2!
📺 https://www.corbettreport.com/ip-freely-screw-youtube/
#ScrewYouTube #corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Home Affairs pushes for cyber spy powers
The Department of Home Affairs is pushing ahead with moves to expand the powers of Australia’s cyber spy agency, the Australian Signals Directorate, to potentially embed ASD within the corporate computer systems that run the nation’s banks, telecommunications and other critical infrastructure.
https://www.thesaturdaypaper.com.au/news/politics/2019/07/27/home-affairs-pushes-cyber-spy-powers/15641496008501
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The Department of Home Affairs is pushing ahead with moves to expand the powers of Australia’s cyber spy agency, the Australian Signals Directorate, to potentially embed ASD within the corporate computer systems that run the nation’s banks, telecommunications and other critical infrastructure.
https://www.thesaturdaypaper.com.au/news/politics/2019/07/27/home-affairs-pushes-cyber-spy-powers/15641496008501
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
YouTuber and IG Metall set YouTube deadline for negotiations
The FairTube campaign demands transparency, independent arbitration and a codetermination for YouTuber. The campaign is backed by YouTubers Union and the IG Metall trade union. If the company has not started negotiations in a month, FairTube wants to sue it for bogus self-employment and DSGVO violations.
📺 🇬🇧 https://www.youtube.com/watch?v=oZZ5Kouj_hQ
📺 🇩🇪 https://www.youtube.com/watch?v=f6ZBfOIerR4v%3DoZZ5Kouj_hQ
#Youtube #FairTube #IGmetall #negotiations #DSGVO
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The FairTube campaign demands transparency, independent arbitration and a codetermination for YouTuber. The campaign is backed by YouTubers Union and the IG Metall trade union. If the company has not started negotiations in a month, FairTube wants to sue it for bogus self-employment and DSGVO violations.
📺 🇬🇧 https://www.youtube.com/watch?v=oZZ5Kouj_hQ
📺 🇩🇪 https://www.youtube.com/watch?v=f6ZBfOIerR4v%3DoZZ5Kouj_hQ
#Youtube #FairTube #IGmetall #negotiations #DSGVO
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
ProtonMail: Secret adjustments to the transparency report
ProtonMail is one of the few Internet companies in Switzerland with a transparency report. The transparency that such a report can create is intended to create trust.
Thanks in part to this transparency report, it became known that real-time monitoring is also possible for ProtonMail.
The ProtonMail Transparency Report, however, has the flaw that it has been adapted considerably over the last few weeks in silence and secrecy.
According to the information in the transparency report, the last adjustment was made on 24 April 2019 (“Updated on 24 April 2019”).
But if you compare the versions that the Internet Archive Wayback machine had saved on April 25 and July 26, 2019 (screenshot), you can see several adjustments, among others:
👉🏼 Read the full (translated) report without ads n shit:
https://rwtxt.lelux.fi/blackbox/protonmail-secret-adjustments-to-the-transparency-report
#ProtonMail #Switzerland #transparency #report
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
ProtonMail is one of the few Internet companies in Switzerland with a transparency report. The transparency that such a report can create is intended to create trust.
Thanks in part to this transparency report, it became known that real-time monitoring is also possible for ProtonMail.
The ProtonMail Transparency Report, however, has the flaw that it has been adapted considerably over the last few weeks in silence and secrecy.
According to the information in the transparency report, the last adjustment was made on 24 April 2019 (“Updated on 24 April 2019”).
But if you compare the versions that the Internet Archive Wayback machine had saved on April 25 and July 26, 2019 (screenshot), you can see several adjustments, among others:
👉🏼 Read the full (translated) report without ads n shit:
https://rwtxt.lelux.fi/blackbox/protonmail-secret-adjustments-to-the-transparency-report
#ProtonMail #Switzerland #transparency #report
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Kazakhstan's HTTPS Interception
This post describes our analysis of carrier-level HTTPS interception ordered by the government of Kazakhstan.
The Kazakhstan government recently began using a fake root CA to perform a man-in-the-middle (MitM) attack against HTTPS connections to websites including Facebook, Twitter, and Google. We have been tracking the attack, and in this post, we provide preliminary results from our ongoing research and new technical details about the Kazakh interception system.
👉🏼 Read more:
https://censoredplanet.org/kazakhstan
#kazakhstan #HTTPS #interception #websites #MitM #tracking #attack #research #analysis #facebook #twitter #google
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This post describes our analysis of carrier-level HTTPS interception ordered by the government of Kazakhstan.
The Kazakhstan government recently began using a fake root CA to perform a man-in-the-middle (MitM) attack against HTTPS connections to websites including Facebook, Twitter, and Google. We have been tracking the attack, and in this post, we provide preliminary results from our ongoing research and new technical details about the Kazakh interception system.
👉🏼 Read more:
https://censoredplanet.org/kazakhstan
#kazakhstan #HTTPS #interception #websites #MitM #tracking #attack #research #analysis #facebook #twitter #google
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Facebook is funding brain experiments to create a device that reads your mind
Big tech firms are trying to read people’s thoughts, and no one’s ready for the consequences.
In 2017, Facebook announced that it wanted to create a headband that would let people type at a speed of 100 words per minute, just by thinking.
Now, a little over two years later, the social-media giant is revealing that it has been financing extensive university research on human volunteers.
Today, some of that research was described in a scientific paper from the University of California, San Francisco, where researchers have been developing “speech decoders” able to determine what people are trying to say by analyzing their brain signals.
The research is important because it could help show whether a wearable brain-control device is feasible and because it is an early example of a giant tech company being involved in getting hold of data directly from people’s minds.
To some neuro-ethicists, that means we are going to need some rules, and fast, about how brain data is collected, stored, and used.
In the report published today in Nature Communications, UCSF researchers led by neuroscientist Edward Chang used sheets of electrodes, called ECoG arrays, that were placed directly on the brains of volunteers.
The scientists were able to listen in in real time as three subjects heard questions read from a list and spoke simple answers. One question was “From 0 to 10, how much pain are you in?” The system was able to detect both the question and the response of 0 to 10 far better than chance.
Another question asked was which musical instrument they preferred, and the volunteers were able to answer “piano” and “violin.” The volunteers were undergoing brain surgery for epilepsy.
Facebook says the research project is ongoing, and that is it now funding UCSF in efforts to try to restore the ability to communicate to a disabled person with a speech impairment.
Eventually, Facebook wants to create a wearable headset that lets users control music or interact in virtual reality using their thoughts.
To that end, Facebook has also been funding work on systems that listen in on the brain from outside the skull, using fiber optics or lasers to measure changes in blood flow, similar to an MRI machine.
Such blood-flow patterns represent only a small part of what’s going on in the brain, but they could be enough to distinguish between a limited set of commands.
👉🏼 Read more:
https://www.technologyreview.com/s/614034/facebook-is-funding-brain-experiments-to-create-a-device-that-reads-your-mind/
💡 Also intresting:
https://www.ucsf.edu/news/2019/07/415046/team-ids-spoken-words-and-phrases-real-time-brains-speech-signals
#DeleteFacebook #experiments #brain #SpeechSignals #BigTech #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Big tech firms are trying to read people’s thoughts, and no one’s ready for the consequences.
In 2017, Facebook announced that it wanted to create a headband that would let people type at a speed of 100 words per minute, just by thinking.
Now, a little over two years later, the social-media giant is revealing that it has been financing extensive university research on human volunteers.
Today, some of that research was described in a scientific paper from the University of California, San Francisco, where researchers have been developing “speech decoders” able to determine what people are trying to say by analyzing their brain signals.
The research is important because it could help show whether a wearable brain-control device is feasible and because it is an early example of a giant tech company being involved in getting hold of data directly from people’s minds.
To some neuro-ethicists, that means we are going to need some rules, and fast, about how brain data is collected, stored, and used.
In the report published today in Nature Communications, UCSF researchers led by neuroscientist Edward Chang used sheets of electrodes, called ECoG arrays, that were placed directly on the brains of volunteers.
The scientists were able to listen in in real time as three subjects heard questions read from a list and spoke simple answers. One question was “From 0 to 10, how much pain are you in?” The system was able to detect both the question and the response of 0 to 10 far better than chance.
Another question asked was which musical instrument they preferred, and the volunteers were able to answer “piano” and “violin.” The volunteers were undergoing brain surgery for epilepsy.
Facebook says the research project is ongoing, and that is it now funding UCSF in efforts to try to restore the ability to communicate to a disabled person with a speech impairment.
Eventually, Facebook wants to create a wearable headset that lets users control music or interact in virtual reality using their thoughts.
To that end, Facebook has also been funding work on systems that listen in on the brain from outside the skull, using fiber optics or lasers to measure changes in blood flow, similar to an MRI machine.
Such blood-flow patterns represent only a small part of what’s going on in the brain, but they could be enough to distinguish between a limited set of commands.
👉🏼 Read more:
https://www.technologyreview.com/s/614034/facebook-is-funding-brain-experiments-to-create-a-device-that-reads-your-mind/
💡 Also intresting:
https://www.ucsf.edu/news/2019/07/415046/team-ids-spoken-words-and-phrases-real-time-brains-speech-signals
#DeleteFacebook #experiments #brain #SpeechSignals #BigTech #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
🇪🇸 Multas millonarias en protección de datos para British Airways y Marriott…y estas son solo las primeras.
Las agencias quieren que las sanciones tengan un efecto disuasorio e impondrán multas que estén ligadas al volumen de facturación de la compañía.
Poco más de 1 año después de la entrada en vigor de la nueva regulación sobre protección de datos en Europa, hemos visto como la agencia de protección de datos inglesa, la Oficina del Comisionado de Información de Reino Unido (ICO) ha anunciado su intención de imponer las primeras multas millonarias en Europa: 203 millones de euros a British Airways y 110 millones de euros para Marriott.
Pero, ¿qué es lo que la ICO ha tenido en consideración para proponer este importe de sanciones a los que no estamos nada acostumbrados? En ambos casos, las propuestas de sanciones se impondrían como consecuencia de una brecha de seguridad y en ambos casos la ICO ha valorado, multitud de factores, siendo probablemente el más relevante, la existencia de fallos en las medidas de seguridad.
Si la empresa no tiene implementadas las medidas de seguridad necesarias para proteger los datos personales, las sanciones van a ser muy elevadas. Es cierto que la sofisticación de los ciberataques es cada vez mayor y que no existe ninguna medida de seguridad 100 % infalible, no obstante, lo que los reguladores van a tener en consideración en este tipo de casos es si las empresas se lo han puesto fácil a los atacantes porque no tenían implementadas las medidas adecuadas.
Y ambas multas son prueba de ello. En el caso de British Airways la ICO ha manifestado que la aerolínea no cumplía con los estándares básicos de seguridad que hay que aplicar cuando se trata información de pagos con tarjetas (PCI) y no tenía encriptados los códigos de seguridad (CVV) de las tarjetas de crédito.
Qué tipo de información se ve afectada por la brecha y las consecuencias que pueden derivarse para los usuarios es otro factor a tener en consideración en este tipo de investigaciones. Las consecuencias no son las mismas si los datos afectados son, por ejemplo, direcciones de email, que si además, como es el caso de British Airways, los atacantes tienen acceso a datos financieros como números de tarjetas de crédito que pueden fácilmente ser usados con fines fraudulentos.
No obstante, la ICO no tiene en consideración si ese uso fraudulento se ha producido o no, dado que como indica su directora, Elizabeth Denham, en una entrevista publicada por el Wall Street Journal, pueden transcurrir bastantes años desde que se produce la brecha hasta que los datos se utilizan con estos fines, como fue el caso de Yahoo! (la brecha se produjo en 2014 y el uso fraudulento se detectó 3 años más tarde).
El número de afectados también es otro criterio a tener en cuenta, en el caso de British Airways estamos hablando de 500.000 clientes , pero en el caso de Marriott se cree que la brecha afectó a la información de alrededor de 500.000.000 de clientes. La duración de la brecha, esto es, el tiempo durante el cual los hackers han podido acceder a la información hasta que se descubre la brecha es otro criterio a valorar; en el caso de Bristirh Airways fueron dos semanas mientras que en el de Marriott fueron 4 años.
En el caso de Marriott, la ICO también ha tenido en consideración las medidas que se adoptaron el momento de la adquisición de la cadena Starwood.
Las agencias quieren que las sanciones tengan un efecto disuasorio e impondrán multas que estén ligadas al volumen de facturación de la compañía.
Poco más de 1 año después de la entrada en vigor de la nueva regulación sobre protección de datos en Europa, hemos visto como la agencia de protección de datos inglesa, la Oficina del Comisionado de Información de Reino Unido (ICO) ha anunciado su intención de imponer las primeras multas millonarias en Europa: 203 millones de euros a British Airways y 110 millones de euros para Marriott.
Pero, ¿qué es lo que la ICO ha tenido en consideración para proponer este importe de sanciones a los que no estamos nada acostumbrados? En ambos casos, las propuestas de sanciones se impondrían como consecuencia de una brecha de seguridad y en ambos casos la ICO ha valorado, multitud de factores, siendo probablemente el más relevante, la existencia de fallos en las medidas de seguridad.
Si la empresa no tiene implementadas las medidas de seguridad necesarias para proteger los datos personales, las sanciones van a ser muy elevadas. Es cierto que la sofisticación de los ciberataques es cada vez mayor y que no existe ninguna medida de seguridad 100 % infalible, no obstante, lo que los reguladores van a tener en consideración en este tipo de casos es si las empresas se lo han puesto fácil a los atacantes porque no tenían implementadas las medidas adecuadas.
Y ambas multas son prueba de ello. En el caso de British Airways la ICO ha manifestado que la aerolínea no cumplía con los estándares básicos de seguridad que hay que aplicar cuando se trata información de pagos con tarjetas (PCI) y no tenía encriptados los códigos de seguridad (CVV) de las tarjetas de crédito.
Qué tipo de información se ve afectada por la brecha y las consecuencias que pueden derivarse para los usuarios es otro factor a tener en consideración en este tipo de investigaciones. Las consecuencias no son las mismas si los datos afectados son, por ejemplo, direcciones de email, que si además, como es el caso de British Airways, los atacantes tienen acceso a datos financieros como números de tarjetas de crédito que pueden fácilmente ser usados con fines fraudulentos.
No obstante, la ICO no tiene en consideración si ese uso fraudulento se ha producido o no, dado que como indica su directora, Elizabeth Denham, en una entrevista publicada por el Wall Street Journal, pueden transcurrir bastantes años desde que se produce la brecha hasta que los datos se utilizan con estos fines, como fue el caso de Yahoo! (la brecha se produjo en 2014 y el uso fraudulento se detectó 3 años más tarde).
El número de afectados también es otro criterio a tener en cuenta, en el caso de British Airways estamos hablando de 500.000 clientes , pero en el caso de Marriott se cree que la brecha afectó a la información de alrededor de 500.000.000 de clientes. La duración de la brecha, esto es, el tiempo durante el cual los hackers han podido acceder a la información hasta que se descubre la brecha es otro criterio a valorar; en el caso de Bristirh Airways fueron dos semanas mientras que en el de Marriott fueron 4 años.
En el caso de Marriott, la ICO también ha tenido en consideración las medidas que se adoptaron el momento de la adquisición de la cadena Starwood.