Facebook says it will ignore emergency data collection ban issued in Germany over WhatApp rules
Privacy watchdog is calling on GDPR regulators to enforce an EU-wide ban
A hot potato: Germany has banned Facebook from collecting data on WhatsApp users within its borders. The Hamburg Data Protection and Freedom of Information (HmbBfDI) commission claims that the app's new data collection policies and Facebook's heavy-handed efforts to get users to accept them violate the General Data Protection Regulation (GDPR).
Johannes Caspar, the commissioner of the HmbBfDI, indicated in a press release that Facebook has a history of user-privacy abuse, pointing to the Cambridge Analytica scandal and the recent leak of 500 million records. More urgently, Caspar fears that WhatsApp's less than transparent advertising policies will influence German elections coming up in September.
"The data protection scandals of the last few years from 'Cambridge Analytica' to the data leak that recently became known, which affected more than 500 million Facebook users, show the extent and the dangers of massive profiling," said Caspar. "This affects not only privacy but also the possibility of using profiles to influence voter decisions in order to manipulate democratic decisions. In view of the nearly 60 million WhatsApp users with a view to the upcoming federal elections in Germany in September 2021, the risk is all the more concrete, as these will arouse desires after influencing the opinion-forming of Facebook's advertisers."
https://www.techspot.com/news/89639-facebook-ignore-emergency-data-collection-ban-issued-germany.html
#whatsapp #DeleteWhatsApp #user #data #facebook #DeleteFacebook #gdpr #eu #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Privacy watchdog is calling on GDPR regulators to enforce an EU-wide ban
A hot potato: Germany has banned Facebook from collecting data on WhatsApp users within its borders. The Hamburg Data Protection and Freedom of Information (HmbBfDI) commission claims that the app's new data collection policies and Facebook's heavy-handed efforts to get users to accept them violate the General Data Protection Regulation (GDPR).
Johannes Caspar, the commissioner of the HmbBfDI, indicated in a press release that Facebook has a history of user-privacy abuse, pointing to the Cambridge Analytica scandal and the recent leak of 500 million records. More urgently, Caspar fears that WhatsApp's less than transparent advertising policies will influence German elections coming up in September.
"The data protection scandals of the last few years from 'Cambridge Analytica' to the data leak that recently became known, which affected more than 500 million Facebook users, show the extent and the dangers of massive profiling," said Caspar. "This affects not only privacy but also the possibility of using profiles to influence voter decisions in order to manipulate democratic decisions. In view of the nearly 60 million WhatsApp users with a view to the upcoming federal elections in Germany in September 2021, the risk is all the more concrete, as these will arouse desires after influencing the opinion-forming of Facebook's advertisers."
https://www.techspot.com/news/89639-facebook-ignore-emergency-data-collection-ban-issued-germany.html
#whatsapp #DeleteWhatsApp #user #data #facebook #DeleteFacebook #gdpr #eu #germany
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
TechSpot
Germany issues emergency data collection ban against Facebook over WhatsApp rules [Updated]
Update (05/13/21): A WhatsApp spokesman reached out to TechSpot to clarify that the Hamburg DPA order does not impact the WhatsApp update as the DPA is raising...
Facebook Still ‘Secretly’ Tracks Your iPhone—This Is How To Stop It
So, this isn’t good. Your iPhone settings enable you to tell Facebook you don’t want your location tracked. It’s clear and non-ambiguous. Why then, if you tell Facebook “never” to access your location, is the data harvesting giant doing exactly that?
...(...)
Despite me telling my iPhone “never” to allow Facebook access to my location, despite me checking Facebook online to confirm it knows “location history for mobile devices” is set to “off.” Facebook continues to exploit a loophole, harvesting photo location tags and IP addresses, all of which it will, in its own words, “collect and process.”
I took a photo with my iPhone and then uploaded that to my Facebook account. I used Facebook’s app on my iPhone, the same app that has been told “never” to access my location, the same account that knows I have this switched off. But Facebook still collects the location tag from that photo, along with my IP address.
My iPhone adds GPS tags to photos—useful to sort and find images. I can use the share function in Apple Photos to strip location data as I send, and most messengers strip this data, but in Facebook’s app, when I upload a photo, the data is sent as well.
Facebook and Instagram do in fact strip the metadata, the so-called EXIF information, from photos that are saved to their platforms. You can see this, because if you save a photo from Instagram or your Facebook albums onto your phone, there will be no location information. That has been replaced with Facebook’s own codes.
And so, you might assume that Facebook has deleted this data. Wrong. If you go to your Facebook privacy settings and select “your Facebook information,” you can download a copy of the data it holds. If you select “photos and videos,” you will see the data that Facebook saved from the images you uploaded.
In the case of this specific photo, the one just uploaded from my iPhone, that data includes a very precise location and my “upload IP address.” Facebook doesn’t need any more than that. If I type those lat/long co-ordinates into Google Maps, I get an exact match to my location, and Google’s Street View shows me the front of my house. As you can imagine, this is not the kind of privacy I had in mind.
https://www.forbes.com/sites/zakdoffman/2021/05/22/apple-user-warning-how-to-stop-facebook-secretly-tracking-your-iphone-ipad/
#facebook #DeleteFacebook #iphone #apple #privacy #data
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
So, this isn’t good. Your iPhone settings enable you to tell Facebook you don’t want your location tracked. It’s clear and non-ambiguous. Why then, if you tell Facebook “never” to access your location, is the data harvesting giant doing exactly that?
...(...)
Despite me telling my iPhone “never” to allow Facebook access to my location, despite me checking Facebook online to confirm it knows “location history for mobile devices” is set to “off.” Facebook continues to exploit a loophole, harvesting photo location tags and IP addresses, all of which it will, in its own words, “collect and process.”
I took a photo with my iPhone and then uploaded that to my Facebook account. I used Facebook’s app on my iPhone, the same app that has been told “never” to access my location, the same account that knows I have this switched off. But Facebook still collects the location tag from that photo, along with my IP address.
My iPhone adds GPS tags to photos—useful to sort and find images. I can use the share function in Apple Photos to strip location data as I send, and most messengers strip this data, but in Facebook’s app, when I upload a photo, the data is sent as well.
Facebook and Instagram do in fact strip the metadata, the so-called EXIF information, from photos that are saved to their platforms. You can see this, because if you save a photo from Instagram or your Facebook albums onto your phone, there will be no location information. That has been replaced with Facebook’s own codes.
And so, you might assume that Facebook has deleted this data. Wrong. If you go to your Facebook privacy settings and select “your Facebook information,” you can download a copy of the data it holds. If you select “photos and videos,” you will see the data that Facebook saved from the images you uploaded.
In the case of this specific photo, the one just uploaded from my iPhone, that data includes a very precise location and my “upload IP address.” Facebook doesn’t need any more than that. If I type those lat/long co-ordinates into Google Maps, I get an exact match to my location, and Google’s Street View shows me the front of my house. As you can imagine, this is not the kind of privacy I had in mind.
https://www.forbes.com/sites/zakdoffman/2021/05/22/apple-user-warning-how-to-stop-facebook-secretly-tracking-your-iphone-ipad/
#facebook #DeleteFacebook #iphone #apple #privacy #data
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Forbes
Facebook Tracks Your iPhone Location—This Is How To Stop It
If you think Facebook can no longer track your iPhone, then you're wrong...
Proceeding against Google based on new rules for large digital players (Section 19a GWB) – Bundeskartellamt examines Google's significance for competition across markets and its data processing terms
Date of issue: 25.05.2021
The Bundeskartellamt has today initiated two proceedings against Google Germany GmbH, Hamburg, Google Ireland Ltd., Dublin, Ireland, and Alphabet Inc., Mountain View, USA, based on the new competition law provisions applicable to large digital companies. In the past months, the authority has already commenced investigations against Facebook (see press release of 28 January 2021) and Amazon (see press release of 18 May 2021) based on this new competition law tool.
In January 2021, the 10th amendment to the German Competition Act (GWB Digitalisation Act) came into force. A key new provision (Section 19a GWB) enables the authority to intervene earlier and more effectively, in particular against the practices of large digital companies. In a two-step procedure, the Bundeskartellamt can prohibit companies which are of paramount significance for competition across markets from engaging in anti-competitive practices.
Today, the Bundeskartellamt has initiated a proceeding to determine whether the company is of paramount significance across markets.
Andreas Mundt, President of the Bundeskartellamt: "“An ecosystem which extends across various markets may be an indication that a company holds such a market position. It is often very difficult for other companies to challenge this position of power. Due to the large number of digital services offered by Google, such as the Google search engine, YouTube, Google Maps, the Android operating system or the Chrome browser, the company could be considered to be of paramount significance for competition across markets.”"
In a second proceeding based on this general classification also initiated today, the Bundeskartellamt will undertake an in-depth analysis of Google’s data processing terms.
Andreas Mundt: "“Google’s business model relies to a very large extent on processing data relating to its users. Due to its established access to data relevant for competition, Google enjoys a strategic advantage. We will therefore take a close look at the company’s data processing terms. A key question in this context is whether consumers wishing to use Google’s services have sufficient choice as to how Google will use their data.”"
https://www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2021/25_05_2021_Google_19a.html
#germany #bundeskartellamt #google #DeleteGoogle #data #processing
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Date of issue: 25.05.2021
The Bundeskartellamt has today initiated two proceedings against Google Germany GmbH, Hamburg, Google Ireland Ltd., Dublin, Ireland, and Alphabet Inc., Mountain View, USA, based on the new competition law provisions applicable to large digital companies. In the past months, the authority has already commenced investigations against Facebook (see press release of 28 January 2021) and Amazon (see press release of 18 May 2021) based on this new competition law tool.
In January 2021, the 10th amendment to the German Competition Act (GWB Digitalisation Act) came into force. A key new provision (Section 19a GWB) enables the authority to intervene earlier and more effectively, in particular against the practices of large digital companies. In a two-step procedure, the Bundeskartellamt can prohibit companies which are of paramount significance for competition across markets from engaging in anti-competitive practices.
Today, the Bundeskartellamt has initiated a proceeding to determine whether the company is of paramount significance across markets.
Andreas Mundt, President of the Bundeskartellamt: "“An ecosystem which extends across various markets may be an indication that a company holds such a market position. It is often very difficult for other companies to challenge this position of power. Due to the large number of digital services offered by Google, such as the Google search engine, YouTube, Google Maps, the Android operating system or the Chrome browser, the company could be considered to be of paramount significance for competition across markets.”"
In a second proceeding based on this general classification also initiated today, the Bundeskartellamt will undertake an in-depth analysis of Google’s data processing terms.
Andreas Mundt: "“Google’s business model relies to a very large extent on processing data relating to its users. Due to its established access to data relevant for competition, Google enjoys a strategic advantage. We will therefore take a close look at the company’s data processing terms. A key question in this context is whether consumers wishing to use Google’s services have sufficient choice as to how Google will use their data.”"
https://www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2021/25_05_2021_Google_19a.html
#germany #bundeskartellamt #google #DeleteGoogle #data #processing
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Hacktivist Posts Massive Scrape of Crime App Citizen to Dark Web
The cache includes data on 1.7 million incidents, giving insight into the scale of Citizen around the country.
A hacktivist has scraped a wealth of data from the crime and neighborhood watch app Citizen and posted it on a dark web site, Motherboard has learned. The data includes a huge amount of data related to 1.7 million "incidents"—events that Citizen informs users about concerning crime or perceived crime in their area—such as the GPS coordinates of where the incident took place, its update history, a clip of the police radio that the incident relates to, and associated images.
On their dark web site, called "The Concerned Citizen's Citizen Hack," the hacker writes "Fuck snitches, fuck Citizen, fuck Andrew Frame and remember, kids: Cops are not your friends." Andrew Frame is the CEO of Citizen; Frame was responsible for putting a $30,000 bounty for information that would lead to the arrest of a person the company mistakenly suspected of starting a recent wildfire, The Verge reported.
Much of this information would ordinarily be available to users as part of the normal functioning of the Citizen app. But with the hacker scraping it en masse and releasing it as a series of files to download, the data is qualitatively different from what the Citizen app offers, and allows journalists and researchers to gain greater insight into the use and spread of the app around the country. The scrape is somewhat similar to other recent mass collections and redistributions of public information, such as the Parler scrape that occurred after the January 6 insurrection at the U.S. Capitol.
"It's like a full log of police activity in multiple U.S. cities," the hacker, who said they affiliate themselves with the hacking collective Anonymous, told Motherboard. Citizen incidents are often (but not always) linked to police activity; Citizen produces its own summaries of events by listening to police scanners and pushing alerts about them to Citizen users. Users can also contribute their own videos.
https://www.vice.com/en/article/pkbg89/hacker-hacktivist-citizen-app-scrape-dark-web
#hacker #acktivist #scrape #citizen #app #data #darknetlive
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The cache includes data on 1.7 million incidents, giving insight into the scale of Citizen around the country.
A hacktivist has scraped a wealth of data from the crime and neighborhood watch app Citizen and posted it on a dark web site, Motherboard has learned. The data includes a huge amount of data related to 1.7 million "incidents"—events that Citizen informs users about concerning crime or perceived crime in their area—such as the GPS coordinates of where the incident took place, its update history, a clip of the police radio that the incident relates to, and associated images.
On their dark web site, called "The Concerned Citizen's Citizen Hack," the hacker writes "Fuck snitches, fuck Citizen, fuck Andrew Frame and remember, kids: Cops are not your friends." Andrew Frame is the CEO of Citizen; Frame was responsible for putting a $30,000 bounty for information that would lead to the arrest of a person the company mistakenly suspected of starting a recent wildfire, The Verge reported.
Much of this information would ordinarily be available to users as part of the normal functioning of the Citizen app. But with the hacker scraping it en masse and releasing it as a series of files to download, the data is qualitatively different from what the Citizen app offers, and allows journalists and researchers to gain greater insight into the use and spread of the app around the country. The scrape is somewhat similar to other recent mass collections and redistributions of public information, such as the Parler scrape that occurred after the January 6 insurrection at the U.S. Capitol.
"It's like a full log of police activity in multiple U.S. cities," the hacker, who said they affiliate themselves with the hacking collective Anonymous, told Motherboard. Citizen incidents are often (but not always) linked to police activity; Citizen produces its own summaries of events by listening to police scanners and pushing alerts about them to Citizen users. Users can also contribute their own videos.
https://www.vice.com/en/article/pkbg89/hacker-hacktivist-citizen-app-scrape-dark-web
#hacker #acktivist #scrape #citizen #app #data #darknetlive
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Vice
Hacktivist Posts Massive Scrape of Crime App Citizen to Dark Web
The cache includes data on 1.7 million incidents, giving insight into the scale of Citizen around the country.
Japanese government agencies suffer data breaches after Fujitsu hack
Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool.
Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data.
It is not yet clear if this breach occurred because of a vulnerability exploit, or a targeted supply-chain attack, and an investigation is ongoing.
Attackers accessed at least 76,000 email addresses
Yesterday, the Ministry of Land, Infrastructure, Transport and Tourism and the National Cyber Security Center (NISC) of Japan announced that attackers were able to obtain inside information via Fujitsu's information-sharing tool.
Fujitsu also said that attackers had gained unauthorized access to projects that used ProjectWEB, and stolen proprietary data.
Fujitsu's ProjectWEB enables companies and organizations to exchange information internally, with project managers and stakeholders, for example.
https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/
#japanese #gov #data #breach #fujitsu #attack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool.
Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data.
It is not yet clear if this breach occurred because of a vulnerability exploit, or a targeted supply-chain attack, and an investigation is ongoing.
Attackers accessed at least 76,000 email addresses
Yesterday, the Ministry of Land, Infrastructure, Transport and Tourism and the National Cyber Security Center (NISC) of Japan announced that attackers were able to obtain inside information via Fujitsu's information-sharing tool.
Fujitsu also said that attackers had gained unauthorized access to projects that used ProjectWEB, and stolen proprietary data.
Fujitsu's ProjectWEB enables companies and organizations to exchange information internally, with project managers and stakeholders, for example.
https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/
#japanese #gov #data #breach #fujitsu #attack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
BleepingComputer
Japanese government agencies suffer data breaches after Fujitsu hack
Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool. Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data.
TikTok just gave itself permission to collect biometric data on US users, including ‘faceprints and voiceprints’
A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began.
The biometric data collection details were introduced in the newly added section, “Image and Audio Information,” found under the heading of “Information we collect automatically” in the policy.
This is the part of TikTok’s Privacy Policy that lists the types of data the app gathers from users, which was already fairly extensive.
The first part of the new section explains that TikTok may collect information about the images and audio that are in users’ content, “such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.”
While that may sound creepy, other social networks do object recognition on images you upload to power accessibility features (like describing what’s in an Instagram photo, for example), as well as for ad targeting purposes. Identifying where a person and the scenery is can help with AR effects, while converting spoken words to text helps with features like TikTok’s automatic captions.
https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints
#tiktok #DeleteTikTok #privacy #usa #biometric #data #faceprints #voiceprints
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began.
The biometric data collection details were introduced in the newly added section, “Image and Audio Information,” found under the heading of “Information we collect automatically” in the policy.
This is the part of TikTok’s Privacy Policy that lists the types of data the app gathers from users, which was already fairly extensive.
The first part of the new section explains that TikTok may collect information about the images and audio that are in users’ content, “such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.”
While that may sound creepy, other social networks do object recognition on images you upload to power accessibility features (like describing what’s in an Instagram photo, for example), as well as for ad targeting purposes. Identifying where a person and the scenery is can help with AR effects, while converting spoken words to text helps with features like TikTok’s automatic captions.
https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints
#tiktok #DeleteTikTok #privacy #usa #biometric #data #faceprints #voiceprints
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
TechCrunch
TikTok just gave itself permission to collect biometric data on US users, including ‘faceprints and voiceprints’
A change to TikTok's U.S. privacy policy on Wednesday introduced a new section that says the social video app "may collect biometric identifiers and
Mozilla: Take control over your data with Rally, a novel privacy-first data sharing platform
Mozilla teams up with Princeton University researchers to enable crowdsourced science for public good; collaborates with research groups at Princeton, Stanford on upcoming studies.
Your data is valuable. But for too long, online services have pilfered, swapped, and exploited your data without your awareness. Privacy violations and filter bubbles are all consequences of a surveillance data economy. But what if, instead of companies taking your data without giving you a say, you could select who gets access to your data and put it to work for public good?
Today, we’re announcing the Mozilla Rally platform. Built for the browser with privacy and transparency at its core, Rally puts users in control of their data and empowers them to contribute their browsing data to crowdfund projects for a better Internet and a better society. At Mozilla, we’re working on building a better internet, one that puts people first, respects their privacy and gives them power over their online experience. We’ve been a leader in privacy features that help you control your data by blocking trackers. But, being “data-empowered” also requires the ability to choose who you want to access your data.
https://blog.mozilla.org/en/mozilla/take-control-over-your-data-with-rally-a-novel-privacy-first-data-sharing-platform/
#mozilla #privacy #rally #data #sharing
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Mozilla teams up with Princeton University researchers to enable crowdsourced science for public good; collaborates with research groups at Princeton, Stanford on upcoming studies.
Your data is valuable. But for too long, online services have pilfered, swapped, and exploited your data without your awareness. Privacy violations and filter bubbles are all consequences of a surveillance data economy. But what if, instead of companies taking your data without giving you a say, you could select who gets access to your data and put it to work for public good?
Today, we’re announcing the Mozilla Rally platform. Built for the browser with privacy and transparency at its core, Rally puts users in control of their data and empowers them to contribute their browsing data to crowdfund projects for a better Internet and a better society. At Mozilla, we’re working on building a better internet, one that puts people first, respects their privacy and gives them power over their online experience. We’ve been a leader in privacy features that help you control your data by blocking trackers. But, being “data-empowered” also requires the ability to choose who you want to access your data.
https://blog.mozilla.org/en/mozilla/take-control-over-your-data-with-rally-a-novel-privacy-first-data-sharing-platform/
#mozilla #privacy #rally #data #sharing
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
blog.mozilla.org
Take control over your data with Rally, a novel privacy-first data sharing platform | The Mozilla Blog
Mozilla teams up with Princeton University researchers to enable crowdsourced science for public good; collaborates with research groups at Princeton, Stan
2106.14851.pdf
1.5 MB
Data Poisoning Won't Save You From Facial Recognition
Data poisoning has been proposed as a compelling defense against facial recognition models trained on Web-scraped pictures. By perturbing the images they post online, users can fool models into misclassifying future (unperturbed) pictures.
We demonstrate that this strategy provides a false sense of security, as it ignores an inherent asymmetry between the parties: users' pictures are perturbed once and for all before being published (at which point they are scraped) and must thereafter fool all future models -- including models trained adaptively against the users' past attacks, or models that use technologies discovered after the attack.
https://arxiv.org/abs/2106.14851
#facial #recognition #defense #data #poisoning #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Data poisoning has been proposed as a compelling defense against facial recognition models trained on Web-scraped pictures. By perturbing the images they post online, users can fool models into misclassifying future (unperturbed) pictures.
We demonstrate that this strategy provides a false sense of security, as it ignores an inherent asymmetry between the parties: users' pictures are perturbed once and for all before being published (at which point they are scraped) and must thereafter fool all future models -- including models trained adaptively against the users' past attacks, or models that use technologies discovered after the attack.
https://arxiv.org/abs/2106.14851
#facial #recognition #defense #data #poisoning #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
MacOS Being Picked Apart by $49 XLoader Data Stealer
Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes.
There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49.
It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service (MaaS) and stands out from competing malware by being drop-dead simple to use, outfitting even code dummies with a multipurpose malware tool.
In a report posted on Wednesday, analysts at Check Point Research (CPR) said that the new strain of FormBook – which mainly targeted Windows users when it first popped up on hacking forums in 2016 – is named XLoader. According to the report, FormBook disappeared from malware markets in 2018, then rebranded to XLoader in 2020.
https://threatpost.com/macos-49-xloader-data-stealer/167971/
#macos #xloader #data #stealer #keylogger#malware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes.
There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49.
It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service (MaaS) and stands out from competing malware by being drop-dead simple to use, outfitting even code dummies with a multipurpose malware tool.
In a report posted on Wednesday, analysts at Check Point Research (CPR) said that the new strain of FormBook – which mainly targeted Windows users when it first popped up on hacking forums in 2016 – is named XLoader. According to the report, FormBook disappeared from malware markets in 2018, then rebranded to XLoader in 2020.
https://threatpost.com/macos-49-xloader-data-stealer/167971/
#macos #xloader #data #stealer #keylogger#malware
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Threat Post
MacOS Being Picked Apart by $49 XLoader Data Stealer
Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes.
why not allow tracking?
why "i have nothing to hide" isn't enough. it's nowhere near enough.
because, by allowing tracking, you can be giving up way more information than you think! some examples:
❗️ who you sleep with because both you and the person you share your bed with keep your phones nearby. [1]
❗️ whether you sleep soundly at night or whether your troubles are keeping you up. [1]
❗️ whether you pick up your phone in the middle of the night and search for things like "loan repayment". [1]
❗️ your IQ based on the pages you "like" on Facebook and the friends you have. [1]
❗️ your restaurant visits and shopping habits. [1]
❗️ how fast you drive, even if you don't have a smart car, because your phone contains an accelerometer. [1]
❗️ your life expectancy based on how fast you walk, as measured by your phone. [1]
❗️ whether you suffer from depression by how you slide your finger across your phone’s screen. [1]
❗️ if your spouse is considering leaving you because she's been searching online for a divorce lawyer. [1]
❗️ journalists, lawyers, human rights defenders, and other innocent people are targeted. [2]
❗️ LGBTQ+ people can be outed against their will. [3]
💡 Source(s):
[1] https://thereboot.com/why-we-should-end-the-data-economy/
[2] https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance
[3] https://www.nytimes.com/2021/07/21/technology/phones-location-data.html
https://whynottrack.com/
#whynottrack #tracking #data #bigdata #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
why "i have nothing to hide" isn't enough. it's nowhere near enough.
because, by allowing tracking, you can be giving up way more information than you think! some examples:
❗️ who you sleep with because both you and the person you share your bed with keep your phones nearby. [1]
❗️ whether you sleep soundly at night or whether your troubles are keeping you up. [1]
❗️ whether you pick up your phone in the middle of the night and search for things like "loan repayment". [1]
❗️ your IQ based on the pages you "like" on Facebook and the friends you have. [1]
❗️ your restaurant visits and shopping habits. [1]
❗️ how fast you drive, even if you don't have a smart car, because your phone contains an accelerometer. [1]
❗️ your life expectancy based on how fast you walk, as measured by your phone. [1]
❗️ whether you suffer from depression by how you slide your finger across your phone’s screen. [1]
❗️ if your spouse is considering leaving you because she's been searching online for a divorce lawyer. [1]
❗️ journalists, lawyers, human rights defenders, and other innocent people are targeted. [2]
❗️ LGBTQ+ people can be outed against their will. [3]
💡 Source(s):
[1] https://thereboot.com/why-we-should-end-the-data-economy/
[2] https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance
[3] https://www.nytimes.com/2021/07/21/technology/phones-location-data.html
https://whynottrack.com/
#whynottrack #tracking #data #bigdata #privacy
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv