Me on COVID-19 Contact Tracing Apps

"My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? ... This is just something governments want to do for the hell of it. To me, it's just techies doing techie things because they don't know what else to do."

I haven't blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.

This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.

False positives:
Any app will have a precise definition of a contact: let's say it's less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don't result in transmissions. This will be because of several reasons. One, the app's location and proximity systems -- based on GPS and Bluetooth -- just aren't accurate enough to capture every contact. Two, the app won't be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that's less than 100% (and I don't know what that is).

False negatives:
This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app's location and proximity systems. Two, transmissions that occur from people who don't have the app (even Singapore didn't get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact -- the virus sometimes travels further.

Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It's not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can't confirm the app's diagnosis. So the alert is useless.

Similarly, assume you take the app out grocery shopping and it doesn't alert you of any contact. Are you in the clear? No, you're not. You actually have no idea if you've been infected.

The end result is an app that doesn't work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.

It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.

👉🏼 Read more:
https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html

#coronavirus #apps #tracing #tracking #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Monitoring COVID-19 from hospital to home: First wearable device continuously tracks key symptoms

Wireless sensor gently sits on throat to monitor coughs, fever and respiratory activity

EVANSTON, Ill. — The more we learn about the novel coronavirus (COVID-19), the more unknowns seem to arise. These ever-emerging mysteries highlight the desperate need for more data to help researchers and physicians better understand — and treat — the extremely contagious and deadly disease.

Researchers at Northwestern University and Shirley Ryan AbilityLab in Chicago have developed a novel wearable device and are creating a set of data algorithms specifically tailored to catch early signs and symptoms associated with COVID-19 and to monitor patients as the illness progresses.

Capable of being worn 24/7, the device produces continuous streams of data and uses artificial intelligence to uncover subtle, but potentially life-saving, insights. Filling a vital data gap, it continuously measures and interprets coughing and respiratory activity in ways that are impossible with traditional monitoring systems.

Developed in an engineering laboratory at Northwestern and using custom algorithms being created by Shirley Ryan AbilityLab scientists, the devices are currently being used at Shirley Ryan AbilityLab by COVID-19 patients and the healthcare workers who treat them. About 25 affected individuals began using the devices two weeks ago. They are being monitored both in the clinic and at home, totaling more than 1,500 cumulative hours and generating more than one terabyte of data.

👉🏼 Read more:
https://news.northwestern.edu/stories/2020/04/monitoring-covid-19-from-hospital-to-home-first-wearable-device-continuously-tracks-key-symptoms

#coronavirus #wearable #tracing #tracking #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Companies overestimate their security

There are two types of companies: Those who know they've been hacked and those who don't. The actual security situation is even worse than is generally known and many attacks go undetected.

💡 Mandiant Security Effectiveness Report 2020 - Deep Dive into Cyber Reality

PDF:
https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html

#FireEye #cyber #security #report #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Coronavirus and cyberattacks: 2020 campaigns already being hacked, experts warn

President Trump signed an executive order to protect the power grid from hackers last week, but experts warn that the 2020 campaign cycle has already suffered cyberattacks.

Elections large and small are looming in an increasingly work-from-home and social-distancing environment, one that has forced many campaigns (like most Americans) to conduct their day-to-day operations remotely. That has created a perfect opportunity for bad actors online, experts warn, and it could pose an unprecedented threat to the integrity of the U.S. elections.

“This is an ongoing battle that will be going on right up until Election Day,” cybersecurity expert Michael Kaiser told Fox News.

Kaiser is president and CEO of Defending Digital Campaigns (DDC), a bipartisan group comprised of both presidential campaign staff and cybersecurity professionals that advises federal-level campaigns and staff about all things cybersecurity.

Campaigns are able to learn about and obtain things like encryption services at cost or for free with DDC’s assistance. These kinds of protections have become increasingly valuable as town halls and fundraising dinners shift to online platforms like Zoom and as campaigns share sensitive information with each other online.

👉🏼 Read more:
https://www.foxnews.com/politics/coronavirus-cyberattacks-2020-campaigns-already-being-hacked

#coronavirus #cyberattacks #election #campaigns #USA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Telegram’s TON OS to Go Open Source on GitHub Tomorrow

Telegram’s blockchain operating system, TON OS, which is planned for launch on Google Play market and Apple's AppStore, will be open sourced tomorrow.

Telegram recently delayed their open network, TON, and their cryptocurrency, GRAM, once again. There is one related project that has not experienced these setbacks, however. TON OS, an operating system for the TON blockchain, will soon get an open source release.

The project’s core infrastructure developers, TON Labs, are planning to open source the main components of the TON OS on GitHub tomorrow. Mitja Goroshevsky, CTO at TON Labs, confirmed the news to Cointelegraph on May 6.

TON Labs to issue a token known as TON Cash within a month
As reported by industry publication, ForkLog, the release includes TON Node in the Rust programming language, command line interface, TON Multisignature Wallet smart contract, as well as tools for launching TON validators. The report notes that within a month, TON Labs also plans to issue its decentralized browser, Surf, its staking pool, DePool, and the token known as TON Cash.

In conjunction with the TON OS open source release, TON Labs is joining the Free Software Foundation (FSF), a major free software movement. As such, all the components of the TON OS are being launched as a free software. According to the developers, the idea of a permissionless blockchain in a closed source is absurd. TON Labs reportedly felt that joining the FSF will help them maintain free use of the application as well as the TON blockchain.

👉🏼 Read more:
https://cointelegraph.com/news/telegrams-ton-os-to-go-open-source-on-github-tomorrow

https://www.bitcoinisle.com/2020/05/06/telegrams-ton-os-to-go-open-source-on-github-tomorrow/

https://criptotendencia.com/2020/05/07/solo-horas-para-el-lanzamiento-de-ton-os-el-sistema-operativo-de-telegram/

#tg #telegram #TON #OS #OpenSource #GitHub
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The Great Hack

The #Cambridge #Analytica #scandal is examined through the roles of several affected persons.

#docu #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Riot Web 1.6, RiotX Android 0.19 & Riot iOS 0.11 — E2E Encryption by Default & Cross-signing is here!!

Hi folks,

We are incredibly excited to present the biggest change in Riot ever: as of the last 24 hours we are enabling end-to-end encryption by default for all new non-public conversations, together with a complete rework of Riot’s user experience around E2E encryption, powered by a whole new suite of encryption features in Matrix. We have released this simultaneously on Web, Desktop, iOS and RiotX Android!

👉🏼 Web:
https://riot.im/app

👉🏼 Desktop:
https://riot.im/download/desktop/

👉🏼 iOS:
https://apps.apple.com/us/app/riot-im/id1083446067

👉🏼 RiotX Android:
https://play.google.com/store/apps/details?id=im.vector.riotx

💡 More info:
https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/

#riot #matrix #messenger #e2e #encryption #android #iOS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Fido: Full ISO Download Script (for Windows retail ISOs)

Fido is a PowerShell script that is primarily designed to be used in Rufus, but that can also be used in standalone fashion, and whose purpose is to automate access to the official Microsoft Windows retail ISO download links.

👀 Description
This script exists because, while Microsoft does make retail ISO download links freely and publicly available (at least for Windows 8 and Windows 10), it only does so after actively forcing users to jump through a lot of unwarranted hoops, that create an exceedingly counterproductive, if not downright unfriendly, consumer experience and that greatly detract from what people really want (direct access to ISO downloads).

As to the reason one might want to download Windows retail ISOs, as opposed to the ISOs that are generated by Microsoft's own Media Creation Tool (MCT), this is because using official retail ISOs is currently the only way to assert with absolute certainty that the OS content has not been altered. Indeed, because there only exists a single master for each of them, Microsoft retail ISOs are the only ones you can obtain an official SHA-1 for (from MSDN, if you have access to it, or from sites such as this one) allowing you to be 100% sure that the image you are using has not been corrupted and is safe to use.

💡 How it works
The script basically performs the same operation as one might perform when visiting either of the following URLs (that is, provided that you have also changed your User-Agent browser string, since, when they detect that you are using a version of Windows that is the same as the one you are trying to download, the Microsoft web servers at these addresses redirect you away from the pages that allow you to download retail ISOs):

https://www.microsoft.com/software-download/Windows8ISO
https://www.microsoft.com/software-download/Windows10ISO

After visiting those with a full browser (Internet Explorer, running through the Invoke-WebRequest PowerShell Cmdlet), to confirm that they are accessible, the script then queries the web API from the Microsoft servers to first request the language selection available for the version of Windows selected by the user, and then request the actual download links for all the architectures available for that specific combination of version + language.

👉🏼 Read more:
https://github.com/pbatard/Fido

#Fido #script #PowerShell #Rufus #Windows #download #ISO #retail
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Apple plans to shift 20% of production capacity from China to India, eying $40 billion export revenue

The iPhone makes is currently looking to scale up its local manufacturing revenues as it seeks alternatives to China for shifting its production facility.

New Delhi: Amid the coronavirus pandemic which originated from Wuhan, several companies are looking to move out of China. Tech giant Apple is planning to shift nearly one-fifth of its production capacity from China to India. As per reports, Apple's senior executives and Indian government's top-ranking officials have discussed the move over the last few days.

The iPhone makes is currently looking to scale up its local manufacturing revenues. Amid the pandemic, Apple is seeking alternatives to China for shifting its production. An official familiar with the matter told Economic Times (ET) that Apple is looking to scale its local revenue to $40 billion over the next five years.

"We expect Apple to produce up to $40 billion worth of smartphones, mostly for exports through its contract manufacturers Wistron and Foxconn, availing the benefits under the production-linked incentive (PLI) scheme," the business daily quoted a senior government official as saying,

Government's PLI scheme:
Because of the coronavirus crisis, several companies are looking to move out of China. In fact, Japan has announced a $2.2 billion monetary support for its businesses to shift its manufacturing and production out of China. The US is expected to do the same. India is hoping to attract some of these global companies looking to shift from China. In March, the government had notified three schemes with incentives totalling Rs 48,000 crore to boost mobile phone manufacturing in the country. The dominant production-linked incentive (PLI) scheme has a share of close to Rs 41,000 crore with sops to be spread over three years.

👉🏼 Read more:
https://www.timesnownews.com/business-economy/companies/article/apple-plans-to-shift-20-of-production-capacity-from-china-to-india-eying-40-billion-export-revenue/590043

#apple #china #india #coronavirus
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.

The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.

"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.

👀 The full contents of the database, spanning across 4,282 apps, included:

‼️ Email addresses: 7,000,000+
‼️ Usernames: 4,400,000+
‼️ Passwords: 1,000,000+
‼️ Phone numbers: 5,300,000+
‼️ Full names: 18,300,000+
‼️ Chat messages: 6,800,000+
‼️ GPS data: 6,200,000+
‼️ IP addresses: 156,000+
‼️ Street addresses: 560,000+

👉🏼 Read more:
https://thehackernews.com/2020/05/android-firebase-database-security.html

#android #app #google #playstore #firebase #database #security #breach #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Bill Gates’ Plan to Vaccinate the World

In January of 2010, Bill and Melinda Gates announced a $10 billion pledge to usher in a decade of vaccines. But far from an unalloyed good, the truth is that this attempt to reorient the global health economy was part of a much bigger agenda. An agenda that would ultimately lead to greater profits for Big Pharma companies, greater control for the Gates Foundation over the field of global health, and greater power for Bill Gates to shape the course of the future for billions of peop

https://www.corbettreport.com/gatesvaccine/

mp3:
https://www.corbettreport.com/mp3/episode378_gates_vaccine.mp3

#corbettreport #gates #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The end is near (from Google Play Music): Transfer to YouTube Music

Google Play Music is discontinued, but the company now offers a transfer to YouTube Music.

Over the past few years, we have enhanced YouTube Music to deliver a comprehensive listening experience, and have also added features to make Google Play Music users feel right at home. Starting today, we’re excited to officially begin inviting Google Play Music listeners to effortlessly transfer their music libraries, personal taste preferences and playlists to YouTube Music, their new home for music listening and discovery.

For now, users will continue to have access to both services. We want to ensure everyone has time to transfer their content and get used to YouTube Music, so we’ll provide plenty of notice ahead of users no longer having access to Google Play Music later this year.

👉🏼 Read more:
https://youtube.googleblog.com/2020/05/youtube-music-transfer-google-play-music-library.html

#Google #DeleteGoogle #YouTube #music #discontinued
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Screen New Deal - Under Cover of Mass Death, Andrew Cuomo Calls in the Billionaires to Build a High-Tech Dystopia

For a few fleeting moments during New York Gov. Andrew Cuomo’s daily coronavirus briefing on Wednesday, the somber grimace that has filled our screens for weeks was briefly replaced by something resembling a smile.

“We are ready, we’re all-in,” the governor gushed. “We are New Yorkers, so we’re aggressive about it, we’re ambitious about it. … We realize that change is not only imminent, but it can actually be a friend if done the right way.”

The inspiration for these uncharacteristically good vibes was a video visit from former Google CEO Eric Schmidt, who joined the governor’s briefing to announce that he will be heading up a blue-ribbon commission to reimagine New York state’s post-Covid reality, with an emphasis on permanently integrating technology into every aspect of civic life.

“The first priorities of what we’re trying to do,” Schmidt said, “are focused on telehealth, remote learning, and broadband. … We need to look for solutions that can be presented now, and accelerated, and use technology to make things better.” Lest there be any doubt that the former Google chair’s goals were purely benevolent, his video background featured a framed pair of golden angel wings.

Just one day earlier, Cuomo had announced a similar partnership with the Bill and Melinda Gates Foundation to develop “a smarter education system.” Calling Gates a “visionary,” Cuomo said the pandemic has created “a moment in history when we can actually incorporate and advance [Gates’s] ideas … all these buildings, all these physical classrooms — why with all the technology you have?” he asked, apparently rhetorically.

It has taken some time to gel, but something resembling a coherent Pandemic Shock Doctrine is beginning to emerge. Call it the “Screen New Deal.” Far more high-tech than anything we have seen during previous disasters, the future that is being rushed into being as the bodies still pile up treats our past weeks of physical isolation not as a painful necessity to save lives, but as a living laboratory for a permanent — and highly profitable — no-touch future.

👉🏼 Read more:
https://theintercept.com/2020/05/08/andrew-cuomo-eric-schmidt-coronavirus-tech-shock-doctrine/

#coronavirus #HighTech #Dystopia #surveillance #SurveillanceCapitalism #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Huawei HKSP Introduces Trivially Exploitable Vulnerability

5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.

Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.

The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.

We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.

👉🏼 Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability

https://www.openwall.com/lists/kernel-hardening/2020/05/10/3

https://api.github.com/repos/cloudsec/hksp/events

#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The StartPage.com interview: please submit your questions!

Deadline for questions to StartPage.com runs until 1 June!
Last week, press spokesman Jörg Bauer called me because he wanted to complain about the content of Sunny's article more than five months after its publication. He would never act for a data octopus, he assured me. Our presentation was misleading or simply incorrect in some points. Since nobody can remember a catalogue of points of criticism presented by telephone, I asked for a transmission by e-mail. But before he could do that, we developed the idea for a community interview. It makes much more sense to ask open questions yourself instead of overloading an ancient contribution with additions. Mr. Bauer thinks the idea is good and immediately agreed to the action.

Lets get this done!
Everyone can now participate to their heart's content. There are many things that can be addressed. If the answers from Startpage.com are too evasive, we would then go back and ask questions. Several times if necessary. But hopefully this will not be necessary.

Please keep in mind: Ask your questions in a consistently constructive manner! With hostility or the like we will not get anywhere. Either way, the deadline will expire on 1.6.2020. Unfortunately we cannot accept any further questions after that date. As usual, we will sort the questions according to their content, work on them, add our own ideas and send them to you. We hope for a lively participation in this exciting topic.

👉🏼 Please ask your questions in one of the following TG-Groups:

@BlackBox▪️Security
or
@NoGoolag

❗️please mark your questions with #startpage

Read more 🇩🇪:
https://tarnkappe.info/die-suchmaschine-startpage-com-im-interview-bitte-fragen-einreichen/

#startpage #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

butter_bot - Telegram Bot for managing groups

I manage your telegram groups. I use TLG_JoinCaptchaBot for captchas.
Features:

bot protection: verify new users with captchas, auto kick spamming bots

log protection: let me manage your invitation links; bots can not even join your group

notes: add notes for your user

connect: manage your group settings in private

auto-delete: I do not spam your group, messages are automatically deleted

Log Protection

You probably never saw a log protection like that before(I didnt).

Any usual bot-protection solution verifies "users" after they joined your group. Any bad bot can dump your whole group history before it fails the verification.

This solution verifies users before they can join your group!

Set your group to private

Activate Log Protection with /protection

Tell users to ask me for an invitation link in private chat

I will create an invitation link for the user if he passes the captcha

I revoke the invitation link after a timeout, or after the user joined your group

Only the verified user can join your group. If another user uses the generated link, I will kick him and revoke the link

ButterBot TG Channel:
https://t.iss.one/butter_bot_info

ButterBott on GitHub:
https://github.com/v1nc/butter_bot

#butterbot #tg #group #bot #v1nc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Angela Merkel says ‘hard evidence’ she was target of Russian hackers

Der Spiegel magazine reported last week that Russia's GRU military intelligence service appeared to have got hold of many emails from Merkel's constituency office in 2015

German Chancellor Angela Merkel has cited 'hard evidence' that she was the target of Russian hacking.

The Spiegel magazine reported last week that Russia's GRU military intelligence service appeared to have got hold of many emails from Merkel's constituency office in a 2015 hack attack on Germany's parliament.

Moscow has denied previous allegations of hacking abroad.

Ms Merkel said she "will keep trying to improve ties with Russia", but admitted the hacking attack did not make Germany's efforts any easier.

"I will strive for good relations with Russia because I think there is every reason to continue our diplomatic efforts but it doesn't make it easier," she told told the Bundestag lower house of parliament when asked about the hack.

👉🏼 Read more:
https://www.independent.co.uk/news/world/europe/angela-merkel-russia-hackers-emails-gru-latest-a9512026.html

#germany #merkel #russia #gru #hacked #hackers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Congress plans to expand Patriot Act with DOJ access to your web browsing and search activity without a warrant

The infamous Patriot Act, which uses the threat of terrorism to expand surveillance over American citizens, is up for renewal under the USA FREEDOM Reauthorization Act – which is set to be voted on soon. Specifically, Section 215 of the Patriot Act allows the government to ask record keepers for records relating to ongoing investigations. As if the original phone metadata siphoning provisions of the Patriot Act aren’t enough, Senator Mitch McConnell (R-KY) has introduced an amendment which would allow the Department of Justice (DOJ) to have access to anybody’s web browsing and search history under Section 215.

The impetus of the reauthorization amendment is the ongoing investigation into President Trump and possible collusion with the Kremlin. Essentially, the amendment allows Attorney General Bill Barr to look at the web browsing history of any American without a warrant – citizen or not – if he simply claims that it is related to the ongoing investigation. Senator Rob Wyden (D-OR) explained to The Daily Beast:

“Under the McConnell amendment, Barr gets to look through the web browsing history of any American—including journalists, politicians, and political rivals—without a warrant, just by saying it is relevant to an investigation.”

👉🏼 Read more:
https://www.privateinternetaccess.com/blog/congress-plans-to-expand-patriot-act-with-doj-access-to-your-web-browsing-and-search-activity-without-a-warrant/

#USA #Congress #patriotact #DOJ #phone #metadata #surveillance #privacy #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

EU official calls for law against encryption

The European Union should finally bring forward legislation to break the trend of unregulated encryption. The anti-terrorism coordinator calls for this in a letter that we are publishing. Meanwhile, NGOs are forming a Global Coalition for Encryption.

Law enforcement and judicial aspects of encryption

Introduction
Some emerging trends in encryption have gained a lot of attention lately. Several recent changes to the encryption practices of service providers [online service providers (OSPs) and telecommunication providers], including many more planned to be implemented in the coming months, have been in the international news and prompted public responses from governments, particularly among partner countries such as the US.

This paper aims to present the state of play of the evolving issues in the field of encryption that are disrupting the ability of Member States and EU Agencies to carry out their vital law enforcement and judicial roles through limiting the possibility for lawful access to data (in transit – lawful interception – or at rest, including in clouds) that they currently have at their disposal. The technical addendum includes more detail on the various forms of encryption.

The note also intends to stimulate a discussion of the proposed recommendations in COSI, on steps the EU and its Member states can take to address the situation, notably legislative solutions, but also by proactively engaging at technical level with service providers. It thereby hopes to contribute to continue to develop effective responses towards the evolving trends of encryption at the European level, to position the EU and its Member States not only as the protectors of their citizens‘ personal data, but also of their security, including victim’gs rights and to ensure that law enforcement does not lose valuable tools because of technological developments. Impunity for serious crimes must be avoided.

👉🏼 Read more:
https://netzpolitik.org/2020/eu-beamter-fordert-gesetz-gegen-verschluesselung/#2020-05-08_EU-Counter-Terror_LEA-Encryption

👉🏼 Read more 🇩🇪:
https://netzpolitik.org/2020/eu-beamter-fordert-gesetz-gegen-verschluesselung/

#eu #law #encryption #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

India's Contact Tracing App Is All But Mandatory. So This Programmer Hacked It So That He Always Appears Safe.

A software engineer from Bangalore was worried about being forced to download Aarogya Setu. So he ripped its guts out.

For days, Jay, a software engineer in Bangalore, watched with mounting alarm as people in India were forced to install the government’s coronavirus contact tracing app. Then, he rolled up his sleeves and ripped its guts out.

“I didn’t like the fact that installing this app is slowly becoming mandatory in India,” said Jay, who requested a pseudonym to speak freely. “So I kept thinking of what I could personally do to avoid putting it on my phone.”

Jay started work at 9 a.m. on a Saturday. He chopped away at the app’s code to bypass the registration page that required people to sign up with their cellphone numbers. More pruning let him bypass a page that requested personal information like name, age, gender, travel history, and COVID-19 symptoms. Then, he carved away the permissions that he viewed as invasive: those requiring access to the phone’s Bluetooth and GPS at all times

By 1 p.m., the app had become a harmless shell, collecting no data but still flashing a green badge declaring that the user was at low risk of infection.

“That was my goal,” said Jay. “I succeeded. You can show the green badge to anyone if they ask to check your phone and they won’t be able to tell.”

👉🏼 Read more:
https://www.buzzfeednews.com/article/pranavdixit/india-aarogya-setu-hacked

#hacked #india #coronavirus #tracing #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

EU-funded COVID-19 app ‘listens to voices and coughs’

A recently launched EU-funded mobile application records users’ breathing and coughing to diagnose cases of COVID-19, scientists involved in the project have said.

The initiative, which has been developed by researchers at Cambridge University and partially funded by the European Research Council through Project EAR, aims to build up a large, crowdsourced dataset in order to develop machine learning algorithms to be used in automatic disease detection.

It will collect demographic and medical information from users, in addition to “spoken voice samples, breathing and coughing samples through the phone’s microphone.”

In an attempt to allay privacy fears, researchers say that the app will collect ‘one coarse grain location sample’ but that it would not track users, only recording location data once when are actively using the software.

“The data will be stored on University servers and be used solely for research purposes,” the university added.

“There are very few large datasets of respiratory sounds, so to make better algorithms that could be used for early detection, we need as many samples from as many participants as we can get,” said Professor Cecilia Mascolo from Cambridge’s Department of Computer Science and Technology, the lead team on the app.

“Even if we don’t get many positive cases of coronavirus, we could find links with other health conditions.”

👉🏼 Read more:
https://www.euractiv.com/section/digital/news/eu-funded-covid-19-app-listens-to-voices-and-coughs/

#coronavirus #eu #tracing #tracking #app #privacy #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN