Browser add-ons from various antivirus vendors are spying on you
According to a report by penetration tester Mike Kuketz, the browser add-ons of some antivirus vendors transfer far too much data. The extensions from Avast, Avira, Bitdefender, Comodo and Symantec transfer the full URL of the visited websites.
The freelance penetration tester Mike Kuketz has taken a critical look at the browser extensions of various antivirus manufacturers in recent days.
Kuketz found that the extensions:👇
❗️Avast Online Security from Avast
❗️Avira Browser Safety from Avira
❗️Bitdefender TrafficLight for Firefox by Bitdefender
❗️Online Security Pro by Comodo
❗️Norton Safe Web from Symantec
transfer the complete Internet address of the visited web pages to the server of the respective manufacturer. This is usually justified by the companies with the fact that one can recognize dangerous web pages (Phishing etc.) with it and block automatically. According to Kuketz, it would be sufficient to simply transfer the domain name. Then the manufacturers would find out far less about the surfing behaviour of their customers. The current implementation is "not particularly data protection-friendly".
⚠️Avast Online Security generates a unique user ID
Avast Online Security also assigns each user a unique user ID so that Avast can recognize them at any time. A lot of transferred data also means that in theory it would be possible to use the information as a sham. In this context, Kuketz rightly refers to the scandal when it became known that the Firefox add-on "Web of Trust" had spied on millions of users - including some members of the German Bundestag. By the end of 2016, NDR journalists had revealed how a million-dollar business had been generated from the collected data.
✅Tipp
Just check your own browser for all installed extensions, that doesn't cost us five minutes of our precious lifetime! Everything you don't use regularly should be thrown out immediately! The less extensions are installed, the better. The best data is no data. If no data is collected, no one can use it. Otherwise we will soon be "naked on the net" again, as we were in November 2016. Who wants that?
👉 https://www.kuketz-blog.de/browser-add-ons-wie-antiviren-hersteller-ihre-nutzer-ausspionieren/
👉 https://t.iss.one/cRyPtHoN_INFOSEC_DE/2021
#AntiVirus #Browser #Addons
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
According to a report by penetration tester Mike Kuketz, the browser add-ons of some antivirus vendors transfer far too much data. The extensions from Avast, Avira, Bitdefender, Comodo and Symantec transfer the full URL of the visited websites.
The freelance penetration tester Mike Kuketz has taken a critical look at the browser extensions of various antivirus manufacturers in recent days.
Kuketz found that the extensions:👇
❗️Avast Online Security from Avast
❗️Avira Browser Safety from Avira
❗️Bitdefender TrafficLight for Firefox by Bitdefender
❗️Online Security Pro by Comodo
❗️Norton Safe Web from Symantec
transfer the complete Internet address of the visited web pages to the server of the respective manufacturer. This is usually justified by the companies with the fact that one can recognize dangerous web pages (Phishing etc.) with it and block automatically. According to Kuketz, it would be sufficient to simply transfer the domain name. Then the manufacturers would find out far less about the surfing behaviour of their customers. The current implementation is "not particularly data protection-friendly".
⚠️Avast Online Security generates a unique user ID
Avast Online Security also assigns each user a unique user ID so that Avast can recognize them at any time. A lot of transferred data also means that in theory it would be possible to use the information as a sham. In this context, Kuketz rightly refers to the scandal when it became known that the Firefox add-on "Web of Trust" had spied on millions of users - including some members of the German Bundestag. By the end of 2016, NDR journalists had revealed how a million-dollar business had been generated from the collected data.
But back to the browser add-ons: Would it have to be clarified whether the users are fully informed by the manufacturers? After all, their complete surfing behavior is logged. It is also questionable what happens to all the recorded data afterwards! Are they simply deleted?✅Tipp
Just check your own browser for all installed extensions, that doesn't cost us five minutes of our precious lifetime! Everything you don't use regularly should be thrown out immediately! The less extensions are installed, the better. The best data is no data. If no data is collected, no one can use it. Otherwise we will soon be "naked on the net" again, as we were in November 2016. Who wants that?
👉 https://www.kuketz-blog.de/browser-add-ons-wie-antiviren-hersteller-ihre-nutzer-ausspionieren/
👉 https://t.iss.one/cRyPtHoN_INFOSEC_DE/2021
#AntiVirus #Browser #Addons
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Why should you be using privacy tools in the digital age? (Part 1)
With both governments and corporate entities trampling over the privacy rights of people throughout much of the world, choosing the right privacy tools is now more important than ever.
Let us answer this question by examining a few trends:
❗️Global surveillance
Mass surveillance technology continues to strengthen and expand around the world – particularly in the United States, United Kingdom, Australia, and other Western countries. (See also the Five Eyes, Nine Eyes & 14 Eyes surveillance alliances.) This trend continues on, regardless of which political party is in office.
❗️ISP Spying
Internet providers often record connection times, metadata, and DNS requests, which gives them every website you visit (unless you’re using a good VPN). In many countries, this is not only legal, but required. See for example in the United Kingdom (with the Investigatory Powers Act), United States (Senate Joint Resolution 34), and now also in Australia (mandatory data retention). A VPN is now essential protection against your internet provider if you want to retain a basic level of online privacy.
❗️Censorship
The internet is also becoming less free due to censorship efforts and content blocking. Whether it is China, Germany, or the United Kingdom, authorities are working hard to censor content online. This is particularly the case in Europe. The UK is now considering 15 year jail sentences for people who view “offensive” websites.
❗️Malicious ads & tracking
Websites are increasingly hosting invasive advertisements that also function as tracking. Pop-ups and dangerous “click-bait” ads can also deliver malware and take your device over for ransom (ransomware). Malicious ads, which are delivered through third party ad networks, can even be hosted on major websites.
✴️While the trends are alarming, there are relatively simple solutions to restore both your privacy and security.
But before we begin, one key consideration is your threat model. How much privacy and security do you need given your unique situation and the adversaries you may face?
Many people, such as every day internet surfers, are seeking protection against advanced tracking online through advertising networks as well as a higher level of online anonymity and security. Others, such as investigative journalists working with sensitive information, would likely opt for an even higher level of protection.
#privacy #tools #security #part1 #why
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
With both governments and corporate entities trampling over the privacy rights of people throughout much of the world, choosing the right privacy tools is now more important than ever.
Let us answer this question by examining a few trends:
❗️Global surveillance
Mass surveillance technology continues to strengthen and expand around the world – particularly in the United States, United Kingdom, Australia, and other Western countries. (See also the Five Eyes, Nine Eyes & 14 Eyes surveillance alliances.) This trend continues on, regardless of which political party is in office.
❗️ISP Spying
Internet providers often record connection times, metadata, and DNS requests, which gives them every website you visit (unless you’re using a good VPN). In many countries, this is not only legal, but required. See for example in the United Kingdom (with the Investigatory Powers Act), United States (Senate Joint Resolution 34), and now also in Australia (mandatory data retention). A VPN is now essential protection against your internet provider if you want to retain a basic level of online privacy.
❗️Censorship
The internet is also becoming less free due to censorship efforts and content blocking. Whether it is China, Germany, or the United Kingdom, authorities are working hard to censor content online. This is particularly the case in Europe. The UK is now considering 15 year jail sentences for people who view “offensive” websites.
❗️Malicious ads & tracking
Websites are increasingly hosting invasive advertisements that also function as tracking. Pop-ups and dangerous “click-bait” ads can also deliver malware and take your device over for ransom (ransomware). Malicious ads, which are delivered through third party ad networks, can even be hosted on major websites.
✴️While the trends are alarming, there are relatively simple solutions to restore both your privacy and security.
But before we begin, one key consideration is your threat model. How much privacy and security do you need given your unique situation and the adversaries you may face?
Many people, such as every day internet surfers, are seeking protection against advanced tracking online through advertising networks as well as a higher level of online anonymity and security. Others, such as investigative journalists working with sensitive information, would likely opt for an even higher level of protection.
Source: https://restoreprivacy.com/privacy-tools/#privacy #tools #security #part1 #why
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Why should you be using privacy tools in the digital age? (Part 2)
Secure and privacy-friendly browser
✴️ Everyone needs to be using a secure and privacy-friendly browser for three important reasons:
❗️Browsers have a large attack surface and can be compromised in many ways.
❗️By default, most browser will contain lots of private information, including your browsing history, usernames, passwords, and autofill information, such as your name, address, etc.
❗️Browsers can reveal lots of identifying information about your location, system settings, hardware, and much more, which can be used to identify you through browser fingerprinting.
✴️ Secure Browsers - Here are some great options:
✅Firefox
Firefox is a great browser for both privacy and security. It is highly customizable to give you the level of security and privacy you desire, while also being compatible with many browser extensions. https://www.mozilla.org/en-US/firefox/
✅Waterfox
Waterfox is a fork of Firefox, with telemetry and other items stripped out to give users more privacy. It is based on Firefox 56 with ESR patches. https://www.waterfoxproject.org/en-US/
✅Brave
Brave is a chromium-based browser that is very privacy-focused right out of the box, unlike Firefox, which requires some customization. By default, it will block ads and trackers, and it’s also customizable, fast, and has built-in protection against browser fingerprinting. https://brave.com/
✅Pale Moon
Like Waterfox, Pale Moon is also a fork of Firefox, but an older version (based on Firefox 38 ESR). https://www.palemoon.org/
✅Tor browser
The Tor browser is hardened version of Firefox that also utilizes the Tor network by default (but this can be disabled). It should be noted that Tor was created by the US military and continues to be funded by the US government today. https://www.torproject.org/projects/torbrowser.html.en
There are a few other browsers that may be popular, but they are not good choices for privacy reasons. Google Chrome, for example, offers security, but it is extremely invasive and collects all kinds of private data, which Google uses for targeted ads. Similarly, Opera browser also has a troubling privacy policy, which explains their data collection and data sharing practices.
✴️Browser add-ons worth considering
As discussed in the Firefox privacy guide, here are a few good browser add-ons that may be worth considering:
✅ uBlock Origin – A powerful blocker for advertisements and tracking.
✅ HTTPS Everywhere – This forces an HTTPS connection with the sites you visit.
✅ Cookie AutoDelete – Deletes those unwanted tracking cookies.
✅ Privacy Badger – Another add-on from the Electronic Frontier Foundation, Privacy Badger blocks spying ads and trackers.
✅ uMatrix – While this may be overkill for many users, this powerful add-on gives you control over requests that may be tracking you on various websites.
✅ NoScript – This is a script blocker that allows you to control which scripts run on the sites you visit.
❗️Worth mentioning: Don’t use a browser-based password manager, which will store your usernames and passwords in plaintext, thereby leaving them vulnerable to exploitation.
#privacy #tools #security #part2 #why #browsers
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Secure and privacy-friendly browser
✴️ Everyone needs to be using a secure and privacy-friendly browser for three important reasons:
❗️Browsers have a large attack surface and can be compromised in many ways.
❗️By default, most browser will contain lots of private information, including your browsing history, usernames, passwords, and autofill information, such as your name, address, etc.
❗️Browsers can reveal lots of identifying information about your location, system settings, hardware, and much more, which can be used to identify you through browser fingerprinting.
✴️ Secure Browsers - Here are some great options:
✅Firefox
Firefox is a great browser for both privacy and security. It is highly customizable to give you the level of security and privacy you desire, while also being compatible with many browser extensions. https://www.mozilla.org/en-US/firefox/
✅Waterfox
Waterfox is a fork of Firefox, with telemetry and other items stripped out to give users more privacy. It is based on Firefox 56 with ESR patches. https://www.waterfoxproject.org/en-US/
✅Brave
Brave is a chromium-based browser that is very privacy-focused right out of the box, unlike Firefox, which requires some customization. By default, it will block ads and trackers, and it’s also customizable, fast, and has built-in protection against browser fingerprinting. https://brave.com/
✅Pale Moon
Like Waterfox, Pale Moon is also a fork of Firefox, but an older version (based on Firefox 38 ESR). https://www.palemoon.org/
✅Tor browser
The Tor browser is hardened version of Firefox that also utilizes the Tor network by default (but this can be disabled). It should be noted that Tor was created by the US military and continues to be funded by the US government today. https://www.torproject.org/projects/torbrowser.html.en
There are a few other browsers that may be popular, but they are not good choices for privacy reasons. Google Chrome, for example, offers security, but it is extremely invasive and collects all kinds of private data, which Google uses for targeted ads. Similarly, Opera browser also has a troubling privacy policy, which explains their data collection and data sharing practices.
✴️Browser add-ons worth considering
As discussed in the Firefox privacy guide, here are a few good browser add-ons that may be worth considering:
✅ uBlock Origin – A powerful blocker for advertisements and tracking.
✅ HTTPS Everywhere – This forces an HTTPS connection with the sites you visit.
✅ Cookie AutoDelete – Deletes those unwanted tracking cookies.
✅ Privacy Badger – Another add-on from the Electronic Frontier Foundation, Privacy Badger blocks spying ads and trackers.
✅ uMatrix – While this may be overkill for many users, this powerful add-on gives you control over requests that may be tracking you on various websites.
✅ NoScript – This is a script blocker that allows you to control which scripts run on the sites you visit.
❗️Worth mentioning: Don’t use a browser-based password manager, which will store your usernames and passwords in plaintext, thereby leaving them vulnerable to exploitation.
Source: https://restoreprivacy.com/privacy-tools/#privacy #tools #security #part2 #why #browsers
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
UK Police stop people for covering their faces from facial recognition camera then fine man £90 after he protested
Metropolitan Police had said people declining to be scanned would 'not necessarily be viewed as suspicious'
https://www.independent.co.uk/news/uk/crime/facial-recognition-cameras-technology-london-trial-met-police-face-cover-man-fined-a8756936.html
#uk #cctv #biometric #facial #recognition #camera #why
Metropolitan Police had said people declining to be scanned would 'not necessarily be viewed as suspicious'
https://www.independent.co.uk/news/uk/crime/facial-recognition-cameras-technology-london-trial-met-police-face-cover-man-fined-a8756936.html
#uk #cctv #biometric #facial #recognition #camera #why
The Independent
Man fined £90 after covering face during facial recognition trial in London
Metropolitan Police had said people declining to be scanned would 'not necessarily be viewed as suspicious'
Free VPN Services – What You Need to Know
Many people who are new to VPN services start out by looking for a free VPN in order to save money, rather than searching for the best VPN that will keep their data safe.
The truth is that these free VPN services are actually cashing in on their user base – usually by collecting user data and then selling it to the highest bidder. When you route your traffic through a free VPN app on your device, the VPN can easily collect your online activity and sell this to third parties and advertising networks.
⚠️Free VPN malware
“Over 38% of [free VPN apps] contain some malware presence…” CSIRO study
⚠️Free VPN tracking
“We identified the presence of at least one tracking library in 75% of the free VPN apps claiming to protect users’ privacy.” CSIRO study
⚠️Third party access to your data
Once your data is collected by the free VPN, it can then be sold or transferred to third parties, for profit.
⚠️Stolen bandwidth
Some businesses are also using free VPNs to steal user bandwidth and reselling it to third parties.
⚠️Browser hijacking
Another way that free VPN services can make money off their users is through browser hijacking. This is when the VPN hijacks and redirects your browser to partnership websites without your permission.
⚠️Free VPN data leaks
A good VPN should secure and encrypt all of the traffic between your device and the VPN server.
👉In testing over 280 different free VPNs, the CSIRO study found
❗️ 84% of free VPNs expose the user’s real, globally-unique IPv6 address
❗️ 66% of free VPNs leak DNS requests, thereby exposing the user’s browsing history and location
Conclusion on free VPN services
Unfortunately, the free VPN scam does not show any signs of letting up. More people are turning to VPN services in response to censorship, content blocks, and concerns over privacy and security – and free VPNs are taking advantage of this trend.
#privacy #tools #security #freevpn #why
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Many people who are new to VPN services start out by looking for a free VPN in order to save money, rather than searching for the best VPN that will keep their data safe.
The truth is that these free VPN services are actually cashing in on their user base – usually by collecting user data and then selling it to the highest bidder. When you route your traffic through a free VPN app on your device, the VPN can easily collect your online activity and sell this to third parties and advertising networks.
⚠️Free VPN malware
“Over 38% of [free VPN apps] contain some malware presence…” CSIRO study
⚠️Free VPN tracking
“We identified the presence of at least one tracking library in 75% of the free VPN apps claiming to protect users’ privacy.” CSIRO study
⚠️Third party access to your data
Once your data is collected by the free VPN, it can then be sold or transferred to third parties, for profit.
⚠️Stolen bandwidth
Some businesses are also using free VPNs to steal user bandwidth and reselling it to third parties.
⚠️Browser hijacking
Another way that free VPN services can make money off their users is through browser hijacking. This is when the VPN hijacks and redirects your browser to partnership websites without your permission.
⚠️Free VPN data leaks
A good VPN should secure and encrypt all of the traffic between your device and the VPN server.
👉In testing over 280 different free VPNs, the CSIRO study found
❗️ 84% of free VPNs expose the user’s real, globally-unique IPv6 address
❗️ 66% of free VPNs leak DNS requests, thereby exposing the user’s browsing history and location
Conclusion on free VPN services
Unfortunately, the free VPN scam does not show any signs of letting up. More people are turning to VPN services in response to censorship, content blocks, and concerns over privacy and security – and free VPNs are taking advantage of this trend.
While awareness about these risks continues to grow, the Google Play and Apple stores are still loaded with hundreds of malicious and invasive free VPN apps – many of them with excellent ratings from naive users. Even worse, many of these VPNs are operating from dubious overseas jurisdictions, particularly China, which do not recognize Western privacy laws and regulations.Source and much more info at: https://restoreprivacy.com/free-vpn/#privacy #tools #security #freevpn #why
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
🇬🇧 Facebook and Airbus hold secretive drone tests in the Australian bush
The social network company killed its own Aquila drone programme last year. But Facebook has not quit plans to spread internet across the globe. We publish a document that shows Facebook is working with European defence giant Airbus on drone-based connectivity.
👉 https://netzpolitik.org/2019/facebook-and-airbus-hold-secretive-drone-tests-in-the-australian-bush/
🇩🇪 Facebook und Airbus führen geheime Drohnentests im australischen Busch durch.
Das Unternehmen für soziale Netzwerke hat im vergangenen Jahr sein eigenes Drohnenprogramm Aquila beendet. Aber Facebook hat die Pläne, das Internet über die ganze Welt zu verbreiten, nicht aufgegeben. Wir veröffentlichen ein Dokument, aus dem hervorgeht, dass Facebook mit dem europäischen Verteidigungsriesen Airbus an der dronengestützten Konnektivität arbeitet.
👉 https://t.iss.one/cRyPtHoN_INFOSEC_DE/2031
#Netzpolitik #Facebook #DeleteFacebook #Airbus #dronetest
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
The social network company killed its own Aquila drone programme last year. But Facebook has not quit plans to spread internet across the globe. We publish a document that shows Facebook is working with European defence giant Airbus on drone-based connectivity.
👉 https://netzpolitik.org/2019/facebook-and-airbus-hold-secretive-drone-tests-in-the-australian-bush/
🇩🇪 Facebook und Airbus führen geheime Drohnentests im australischen Busch durch.
Das Unternehmen für soziale Netzwerke hat im vergangenen Jahr sein eigenes Drohnenprogramm Aquila beendet. Aber Facebook hat die Pläne, das Internet über die ganze Welt zu verbreiten, nicht aufgegeben. Wir veröffentlichen ein Dokument, aus dem hervorgeht, dass Facebook mit dem europäischen Verteidigungsriesen Airbus an der dronengestützten Konnektivität arbeitet.
👉 https://t.iss.one/cRyPtHoN_INFOSEC_DE/2031
PDF download: https://cdn.netzpolitik.org/wp-upload/2019/01/Facebook-Airbus-Zephyr-Test-Wyndham-Australia-Meeting-documents-FOI.pdf#Netzpolitik #Facebook #DeleteFacebook #Airbus #dronetest
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
https://f-droid.org/packages/opencontacts.open.com.opencontacts
We should not be sharing our contact information online. So, keep your contacts safe in a different database. This app saves contacts in its own database separate from android contacts. This way no other app would be able to access contacts.
We should not be sharing our contact information online. So, keep your contacts safe in a different database. This app saves contacts in its own database separate from android contacts. This way no other app would be able to access contacts.
f-droid.org
OpenContacts | F-Droid - Free and Open Source Android App Repository
A different database for contacts to keep them private only to you.
AdAway-4.2.1-190203.apk
4.7 MB
Adaway update version 4.2.1
Changelog 04.02.2019
👉Add hosts source download cache
👉Add snackbar notification to update host from DNS request listing
👉Update UI from Material Design to Material Theming
👉Update gradle, plugins and dependencies
👉Fix crash parsing not defined host source last modified date
👉Fix native modules build script (required for F-Droid build server)
👉Fix Transifex issues
#adaway #adblock #update
Changelog 04.02.2019
👉Add hosts source download cache
👉Add snackbar notification to update host from DNS request listing
👉Update UI from Material Design to Material Theming
👉Update gradle, plugins and dependencies
👉Fix crash parsing not defined host source last modified date
👉Fix native modules build script (required for F-Droid build server)
👉Fix Transifex issues
#adaway #adblock #update
Facebook Struggles in Privacy Class-Action Lawsuit
Facebook's privacy disclosures "are quite vague" and should have been made more prominent, a federal judge argued.
Facebook, in the midst of a class-action privacy lawsuit, was dealt a blow last week when US District Judge Vince Chhabria argued its privacy policies and practices cause users harm.
https://www.darkreading.com/endpoint/facebook-struggles-in-privacy-class-action-lawsuit/d/d-id/1333786?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Read Via Telegram
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
Facebook's privacy disclosures "are quite vague" and should have been made more prominent, a federal judge argued.
Facebook, in the midst of a class-action privacy lawsuit, was dealt a blow last week when US District Judge Vince Chhabria argued its privacy policies and practices cause users harm.
https://www.darkreading.com/endpoint/facebook-struggles-in-privacy-class-action-lawsuit/d/d-id/1333786?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Read Via Telegram
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
Dark Reading
Facebook Struggles in Privacy Class-Action Lawsuit
Facebook's privacy disclosures are quite vague and should have been made more prominent, a federal judge argued.
Evidence and proof of concept that keweon Online Security is not as secure as claimed by its developer.
After a group of independent IT and cyber security specialists proved that keweon is not as secure as claimed by the developer, they confronted the developer with the results and reminded him of a bet. All keweon support groups on TG then were deleted by the developer personally and without further explanation on the morning of February 4, 2019.
We all know by now that the way keweon DNS works is based on users using keweon's DNS and the keweon root certificate.
What has now been proven is exactly what keweon could do with its users, but Torsten vehemently denies and claims "that's impossible" and "that doesn't work":
1. get users to use your DNS server.
2. get users to use your root certificate.
3. redirecting a page, e.g. mybank.com, to one of the keweon servers (by changing the DNS record)
4. issue your own SSL certificate for the website, users have installed your Root-CA and so this is not a "witch work"
5. read username/password from the connection (if 2FA is used, just wait until the user logs in and use the token again quickly as it is valid for 30 seconds).
We now have proof that this is possible without a doubt. In fact, this is a classic MITM attack, and anyone who denies that it is possible either has no idea (you shouldn't assume this from Torsten) or is trying to hide something from his users.
The developer of keweon has repeatedly asserted and insisted that a root certificate cannot intercept connections or collect data.
Quote from the keweon developer with his PayPal bet:
"Prove that to me. Give me any DNS and a root certificate and try to get my PayPal data.
I'll then even contact you when I sign up for PayPal. If you manage to get my PayPal data this way, you can log in and transfer 500 Euro to your account. I have made this offer very often and this is a serious offer from my side."
Unfortunately the developer of keweon didn't contribute his part to the test as he promised so often and of course he didn't log into Paypal via our provided DNS and root certificate.
The only reaction on his part was, apart from some insults, the deletion of all keweon groups on TG.
The security test of the keweon servers also revealed that under certain conditions connections are even redirected to keweon's own termination server and answered with 1x1 pixel gifs.
The fact is that the requests contain tracking IDs that can be easily managed from these servers.
So even Torsten's statement that the keweon SSL server only terminates requests with empty (0 byte) responses is wrong.
This again contradicts Torsten's own statement.
The point now is that the developer of keweon Online Security is actively trying to deny that it is possible for him to abuse the root certificate, although it has now been proven that it is actually possible for him to do exactly that with the keweon root certificate and its users.
Until the developer decides to disprove the accusations made against keweon Online Security or can prove that the accusations against him are unfounded, it is advisable for obvious reasons of security not to use keweon Online Security for the time being.
Anyone who is interested in repeating this test can do so at:
https://keweonwette.info.tm, where you will find a DNS and a root certificate, same as with keweon Online Security.
Furthermore there is a real-time log about recorded connections.
Everything else can be found there.
Please be careful not to use your correct email address or password for this test!
#keweon #test #bet #evidence #ProofOfConcept
After a group of independent IT and cyber security specialists proved that keweon is not as secure as claimed by the developer, they confronted the developer with the results and reminded him of a bet. All keweon support groups on TG then were deleted by the developer personally and without further explanation on the morning of February 4, 2019.
We all know by now that the way keweon DNS works is based on users using keweon's DNS and the keweon root certificate.
What has now been proven is exactly what keweon could do with its users, but Torsten vehemently denies and claims "that's impossible" and "that doesn't work":
1. get users to use your DNS server.
2. get users to use your root certificate.
3. redirecting a page, e.g. mybank.com, to one of the keweon servers (by changing the DNS record)
4. issue your own SSL certificate for the website, users have installed your Root-CA and so this is not a "witch work"
5. read username/password from the connection (if 2FA is used, just wait until the user logs in and use the token again quickly as it is valid for 30 seconds).
We now have proof that this is possible without a doubt. In fact, this is a classic MITM attack, and anyone who denies that it is possible either has no idea (you shouldn't assume this from Torsten) or is trying to hide something from his users.
The developer of keweon has repeatedly asserted and insisted that a root certificate cannot intercept connections or collect data.
Quote from the keweon developer with his PayPal bet:
"Prove that to me. Give me any DNS and a root certificate and try to get my PayPal data.
I'll then even contact you when I sign up for PayPal. If you manage to get my PayPal data this way, you can log in and transfer 500 Euro to your account. I have made this offer very often and this is a serious offer from my side."
Unfortunately the developer of keweon didn't contribute his part to the test as he promised so often and of course he didn't log into Paypal via our provided DNS and root certificate.
The only reaction on his part was, apart from some insults, the deletion of all keweon groups on TG.
The security test of the keweon servers also revealed that under certain conditions connections are even redirected to keweon's own termination server and answered with 1x1 pixel gifs.
The fact is that the requests contain tracking IDs that can be easily managed from these servers.
So even Torsten's statement that the keweon SSL server only terminates requests with empty (0 byte) responses is wrong.
This again contradicts Torsten's own statement.
The point now is that the developer of keweon Online Security is actively trying to deny that it is possible for him to abuse the root certificate, although it has now been proven that it is actually possible for him to do exactly that with the keweon root certificate and its users.
Until the developer decides to disprove the accusations made against keweon Online Security or can prove that the accusations against him are unfounded, it is advisable for obvious reasons of security not to use keweon Online Security for the time being.
Anyone who is interested in repeating this test can do so at:
https://keweonwette.info.tm, where you will find a DNS and a root certificate, same as with keweon Online Security.
Furthermore there is a real-time log about recorded connections.
Everything else can be found there.
Please be careful not to use your correct email address or password for this test!
#keweon #test #bet #evidence #ProofOfConcept
DNS And Root Certificates - What You Need To Know
Due to recent events we felt compelled to write an impromptu article on this matter. It's intended for all audiences so it will be kept simple - technical details may be posted later.
1. What Is DNS And Why Does It Concern You?
DNS stands for Domain Name System and you encounter it daily. Whenever your web browser or any other application connects to the internet it will most likely do so using a domain. A domain is simply the address you type: i.e. duckduckgo.com. Your computer needs to know where this leads to and will ask a DNS resolver for help. It will return an IP like
There are certain implications for both your privacy and your security as well as your liberty:
- Privacy
Since you ask the resolver for an IP for a domain name, it knows exactly which sites you're visiting and, thanks to the "Internet Of Things", often abbreviated as IoT, even which appliances you use at home.
- Security
You're trusting the resolver that the IP it returns is correct. There are certain checks to ensure it is so, under normal circumstances, that is not a common source of issues. These can be undermined though and that's why this article is important. If the IP is not correct, you can be fooled into connecting to malicious 3rd parties - even without ever noticing any difference. In this case, your privacy is in much greater danger because, not only are the sites you visit tracked, but the contents as well. 3rd parties can see exactly what you're looking at, collect personal information you enter (such as password), and a lot more. Your whole identity can be taken over with ease.
- Liberty
Censorship is commonly enforced via DNS. It's not the most effective way to do so but it is extremely widespread. Even in western countries, it's routinely used by corporations and governments. They use the same methods as potential attackers; they will not return the correct IP when you ask. They could act as if the domain doesn't exist or direct you elsewhere entirely.
2. Ways DNS lookups can happen
2.1 3rd Party DNS Resolvers Hosted By Your ISP
Most people are using 3rd party resolvers hosted by their internet service provider. When you connect your modem, they will automatically be fetched and you might never bother with it at all.
2.2 3rd Party DNS Resolver Of Your Choice
If you already knew what DNS means then you might have decided to use another DNS resolver of your choice. This might improve the situation since it makes it harder for your ISP to track you and you can avoid some forms of censorship. Both are still possible though, but the methods required are not as widely used.
2.3 Your Own (local) DNS Resolver
You can run your own and avoid some of the possible perils of using others'. If you're interested in more information drop us a line.
3. Root Certificates
3.1 What Is A Root Certificate?
Whenever you visit a website starting with
That's where the root certificate comes in. Think of it as the next higher level that makes sure the levels below are correct. It verifies that the certificate sent to you has been authorized by a certificate authority. This authority ensures that the person creating the certificate is actually the real operator.
This is also referred to as the chain of trust. Your operating system includes a set of these root certificates by default so that the chain of trust can be guaranteed.
#dns
Due to recent events we felt compelled to write an impromptu article on this matter. It's intended for all audiences so it will be kept simple - technical details may be posted later.
1. What Is DNS And Why Does It Concern You?
DNS stands for Domain Name System and you encounter it daily. Whenever your web browser or any other application connects to the internet it will most likely do so using a domain. A domain is simply the address you type: i.e. duckduckgo.com. Your computer needs to know where this leads to and will ask a DNS resolver for help. It will return an IP like
176.34.155.23; the public network address you need to know to connect. This process is called a DNS lookup.There are certain implications for both your privacy and your security as well as your liberty:
- Privacy
Since you ask the resolver for an IP for a domain name, it knows exactly which sites you're visiting and, thanks to the "Internet Of Things", often abbreviated as IoT, even which appliances you use at home.
- Security
You're trusting the resolver that the IP it returns is correct. There are certain checks to ensure it is so, under normal circumstances, that is not a common source of issues. These can be undermined though and that's why this article is important. If the IP is not correct, you can be fooled into connecting to malicious 3rd parties - even without ever noticing any difference. In this case, your privacy is in much greater danger because, not only are the sites you visit tracked, but the contents as well. 3rd parties can see exactly what you're looking at, collect personal information you enter (such as password), and a lot more. Your whole identity can be taken over with ease.
- Liberty
Censorship is commonly enforced via DNS. It's not the most effective way to do so but it is extremely widespread. Even in western countries, it's routinely used by corporations and governments. They use the same methods as potential attackers; they will not return the correct IP when you ask. They could act as if the domain doesn't exist or direct you elsewhere entirely.
2. Ways DNS lookups can happen
2.1 3rd Party DNS Resolvers Hosted By Your ISP
Most people are using 3rd party resolvers hosted by their internet service provider. When you connect your modem, they will automatically be fetched and you might never bother with it at all.
2.2 3rd Party DNS Resolver Of Your Choice
If you already knew what DNS means then you might have decided to use another DNS resolver of your choice. This might improve the situation since it makes it harder for your ISP to track you and you can avoid some forms of censorship. Both are still possible though, but the methods required are not as widely used.
2.3 Your Own (local) DNS Resolver
You can run your own and avoid some of the possible perils of using others'. If you're interested in more information drop us a line.
3. Root Certificates
3.1 What Is A Root Certificate?
Whenever you visit a website starting with
https, you communicate with it using a certificate it sends. It enables your browser to encrypt the communication and ensures that nobody listening in can snoop. That's why everybody has been told to look out for the https (rather than http) when logging into websites. The certificate itself only verifies that it has been generated for a certain domain. There's more though:That's where the root certificate comes in. Think of it as the next higher level that makes sure the levels below are correct. It verifies that the certificate sent to you has been authorized by a certificate authority. This authority ensures that the person creating the certificate is actually the real operator.
This is also referred to as the chain of trust. Your operating system includes a set of these root certificates by default so that the chain of trust can be guaranteed.
#dns
3.2 Abuse
We now know that:
- DNS resolvers send you an IP address when you send a domain name
- Certificates allow encrypting your communication and verify they have been generated for the domain you visit
- Root certificates verify that the certificate is legitimate and has been created by the real site operator
How can it be abused?
- A malicious DNS resolver can send you a wrong IP for the purpose of censorship as said before. They can also send you to a completely different site.
- This site can send you a fake certificate.
- A malicious root certificate can "verify" this fake certificate.
This site will look absolutely fine to you; it has
It now receives all the communication you intended to send to the original. This bypasses the checks created to avoid it. You won't receive error messages, your browser won't complain.
All your data is compromised!
4. Conclusion
4.1 Risks
- Using a malicious DNS resolver can always compromise your privacy but your security will be unharmed as long as you look out for the
- Using a malicious DNS resolver and a malicious root certificate, your privacy and security are fully compromised.
4.2 Actions To Take
Do not ever install a 3rd party root certificate! There are very few exceptions why you would want to do so and none of them are applicable to general end users.
Do not fall for clever marketing that ensures "ad blocking", "military grade security", or something similar. There are methods of using DNS resolvers on their own to enhance your privacy but installing a 3rd party root certificate never makes sense. You are opening yourself up to extreme abuse.
5. Seeing It Live
5.1 WARNING
A friendly sysadmin provided a live demo so you can see for yourself in realtime. This is real.
DO NOT ENTER PRIVATE DATA!
REMOVE THE CERT AND DNS AFTERWARDS
If you do not know how to, don't install it in the first place. While we trust our friend you still wouldn't want to have the root certificate of a random and unknown 3rd party installed.
5.2 Live Demo
Here is the link: https://keweonbet.info.tm/
- Set the provided DNS resolver
- Install the provided root certificate
- Visit https://paypal.com and enter random login data
- Your data will show up on the website
6. Further Information
If you are interested in more technical details, let us know. If there is enough interest, we might write an article but, for now, the important part is sharing the basics so you can make an informed decision and not fall for marketing and straight up fraud. Feel free to suggest other topics that are important to you.
All content is licensed under CC BY-NC-SA 4.0. (Attribution-NonCommercial-ShareAlike 4.0 International https://creativecommons.org/licenses/by-nc-sa/4.0/)
By @privacytoday
#dns
We now know that:
- DNS resolvers send you an IP address when you send a domain name
- Certificates allow encrypting your communication and verify they have been generated for the domain you visit
- Root certificates verify that the certificate is legitimate and has been created by the real site operator
How can it be abused?
- A malicious DNS resolver can send you a wrong IP for the purpose of censorship as said before. They can also send you to a completely different site.
- This site can send you a fake certificate.
- A malicious root certificate can "verify" this fake certificate.
This site will look absolutely fine to you; it has
https in the URL and, if you click it, it will say verified. All just like you learned, right? No!It now receives all the communication you intended to send to the original. This bypasses the checks created to avoid it. You won't receive error messages, your browser won't complain.
All your data is compromised!
4. Conclusion
4.1 Risks
- Using a malicious DNS resolver can always compromise your privacy but your security will be unharmed as long as you look out for the
https.- Using a malicious DNS resolver and a malicious root certificate, your privacy and security are fully compromised.
4.2 Actions To Take
Do not ever install a 3rd party root certificate! There are very few exceptions why you would want to do so and none of them are applicable to general end users.
Do not fall for clever marketing that ensures "ad blocking", "military grade security", or something similar. There are methods of using DNS resolvers on their own to enhance your privacy but installing a 3rd party root certificate never makes sense. You are opening yourself up to extreme abuse.
5. Seeing It Live
5.1 WARNING
A friendly sysadmin provided a live demo so you can see for yourself in realtime. This is real.
DO NOT ENTER PRIVATE DATA!
REMOVE THE CERT AND DNS AFTERWARDS
If you do not know how to, don't install it in the first place. While we trust our friend you still wouldn't want to have the root certificate of a random and unknown 3rd party installed.
5.2 Live Demo
Here is the link: https://keweonbet.info.tm/
- Set the provided DNS resolver
- Install the provided root certificate
- Visit https://paypal.com and enter random login data
- Your data will show up on the website
6. Further Information
If you are interested in more technical details, let us know. If there is enough interest, we might write an article but, for now, the important part is sharing the basics so you can make an informed decision and not fall for marketing and straight up fraud. Feel free to suggest other topics that are important to you.
All content is licensed under CC BY-NC-SA 4.0. (Attribution-NonCommercial-ShareAlike 4.0 International https://creativecommons.org/licenses/by-nc-sa/4.0/)
By @privacytoday
#dns
OpenWPM
OpenWPM is a web privacy measurement framework which makes it easy to collect data for privacy studies on a scale of thousands to millions of websites. OpenWPM is built on top of Firefox, with automation provided by Selenium. It includes several hooks for data collection. Check out the instrumentation section below for more details.
https://github.com/mozilla/OpenWPM
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
OpenWPM is a web privacy measurement framework which makes it easy to collect data for privacy studies on a scale of thousands to millions of websites. OpenWPM is built on top of Firefox, with automation provided by Selenium. It includes several hooks for data collection. Check out the instrumentation section below for more details.
https://github.com/mozilla/OpenWPM
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
GitHub
GitHub - openwpm/OpenWPM: A web privacy measurement framework
A web privacy measurement framework. Contribute to openwpm/OpenWPM development by creating an account on GitHub.
Media is too big
VIEW IN TELEGRAM
📺 Goodbye Big Five (Week 4: Microsoft)
Reporter Kashmir Hill spent six weeks blocking Amazon, Facebook, Google, Microsoft, and Apple from getting her money, data, and attention, using a custom-built VPN. Here’s what happened.
I am on a mission to live without the tech giants, to discover whether such a thing is even possible. Not just through sheer willpower but technologically, with the use of a custom-built tool that would literally prevent my devices from accessing these companies, and them from accessing me and my data.
https://gizmodo.com/i-cut-microsoft-out-of-my-life-or-so-i-thought-1830863898
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Reporter Kashmir Hill spent six weeks blocking Amazon, Facebook, Google, Microsoft, and Apple from getting her money, data, and attention, using a custom-built VPN. Here’s what happened.
I am on a mission to live without the tech giants, to discover whether such a thing is even possible. Not just through sheer willpower but technologically, with the use of a custom-built tool that would literally prevent my devices from accessing these companies, and them from accessing me and my data.
https://gizmodo.com/i-cut-microsoft-out-of-my-life-or-so-i-thought-1830863898
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Media is too big
VIEW IN TELEGRAM
📺 Goodbye Big Five (Week 5: Apple)
Reporter Kashmir Hill spent six weeks blocking Amazon, Facebook, Google, Microsoft, and Apple from getting her money, data, and attention, using a custom-built VPN. Here’s what happened.
I am on a mission to live without the tech giants, to discover whether such a thing is even possible. Not just through sheer willpower but technologically, with the use of a custom-built tool that would literally prevent my devices from accessing these companies, and them from accessing me and my data.
https://gizmodo.com/i-cut-apple-out-of-my-life-it-was-devastating-1831063868
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Reporter Kashmir Hill spent six weeks blocking Amazon, Facebook, Google, Microsoft, and Apple from getting her money, data, and attention, using a custom-built VPN. Here’s what happened.
I am on a mission to live without the tech giants, to discover whether such a thing is even possible. Not just through sheer willpower but technologically, with the use of a custom-built tool that would literally prevent my devices from accessing these companies, and them from accessing me and my data.
https://gizmodo.com/i-cut-apple-out-of-my-life-it-was-devastating-1831063868
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment
This post by a security researcher who prefers to remain anonymous will elucidate concerns about certain problematic decisions Apple has made and caution about future decisions made in the name of “security” while potentially hiding questionable motives. The content of this article represents only the opinion of the researcher. The researcher apologises if any content is seen to be inaccurate, and is open to comments or questions through PGP-encrypted mail.
⛔️iOS subliminally and constantly collects sensitive data, links it to hardware identifiers almost guaranteed to link to a real identity
⛔️iOS forces users to “activate” devices (including non-cellular) which sets up a remote UUID-linked (also collecting registration IP) database for a given device with Apple for APNS/iMessage/FaceTime/Siri, and then Apple ID, iCloud etc. Apple ought be open to users about “activation” and allow users to avoid it.
⛔️Apple Activation servers are accessed via Akamai, which means sensitive data may be cached by Akamai and its’ peering partners' which includes many global ISPs and IXPs
⛔️Risk that macOS could be iOS-ified in the near future in the name of “security” while ignoring significant flaws in iOS’ design wrt privacy, forcing users to unnecessarily trust Apple with potentially sensitive data in order to even simply use devices.
⛔️Controversial, draconian surveillance laws being implemented worldwide which could take advantage of Apple’s data collection and OS design choices, notably in, but not limited to, China, one of Apple's largest markets.
❗️If iOS is to really be considered a secure OS, and if vanilla macOS is to become more secure, independent end-user control must be considered. Increased low-level design security at the cost of control, and the ability to prevent leaking data, cannot be considered a real improvement in security.
#iOS #macOS #freedom #security #privacy
This post by a security researcher who prefers to remain anonymous will elucidate concerns about certain problematic decisions Apple has made and caution about future decisions made in the name of “security” while potentially hiding questionable motives. The content of this article represents only the opinion of the researcher. The researcher apologises if any content is seen to be inaccurate, and is open to comments or questions through PGP-encrypted mail.
⛔️iOS subliminally and constantly collects sensitive data, links it to hardware identifiers almost guaranteed to link to a real identity
⛔️iOS forces users to “activate” devices (including non-cellular) which sets up a remote UUID-linked (also collecting registration IP) database for a given device with Apple for APNS/iMessage/FaceTime/Siri, and then Apple ID, iCloud etc. Apple ought be open to users about “activation” and allow users to avoid it.
⛔️Apple Activation servers are accessed via Akamai, which means sensitive data may be cached by Akamai and its’ peering partners' which includes many global ISPs and IXPs
⛔️Risk that macOS could be iOS-ified in the near future in the name of “security” while ignoring significant flaws in iOS’ design wrt privacy, forcing users to unnecessarily trust Apple with potentially sensitive data in order to even simply use devices.
⛔️Controversial, draconian surveillance laws being implemented worldwide which could take advantage of Apple’s data collection and OS design choices, notably in, but not limited to, China, one of Apple's largest markets.
❗️If iOS is to really be considered a secure OS, and if vanilla macOS is to become more secure, independent end-user control must be considered. Increased low-level design security at the cost of control, and the ability to prevent leaking data, cannot be considered a real improvement in security.
Much more info and source: https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d#iOS #macOS #freedom #security #privacy
🇬🇧 Keweon Root Certificate Checker
Here you can check if your system is compromised by the currently most prevalent perpetrator. This check may be eventually blocked by them, don't rely on it. There is more than one person or group trying to undermine basic security, this is by no means a novel idea.
🇩🇪 Keweon Root Zertifikat Test
Hier können Sie testen ob Sie von dem aktuell prävalenten Angreifer kompromittiert wurden. Dieser Test kann früher oder später von demselben geblockt werden, also verlassen Sie sich nicht darauf. Es versuchen mehr als eine Person oder Gruppe grundlegende Internetsicherheit zu unterwandern, dies ist bei Weitem keine neuartige Idee.
✅ Test/Check at:
https://https-interception.info.tm/test.html
✅ DNS + Root Certificate Hijack Proof And Demonstration:
https://https-interception.info.tm/
#keweon #test #evidence #ProofOfConcept #dns
Here you can check if your system is compromised by the currently most prevalent perpetrator. This check may be eventually blocked by them, don't rely on it. There is more than one person or group trying to undermine basic security, this is by no means a novel idea.
🇩🇪 Keweon Root Zertifikat Test
Hier können Sie testen ob Sie von dem aktuell prävalenten Angreifer kompromittiert wurden. Dieser Test kann früher oder später von demselben geblockt werden, also verlassen Sie sich nicht darauf. Es versuchen mehr als eine Person oder Gruppe grundlegende Internetsicherheit zu unterwandern, dies ist bei Weitem keine neuartige Idee.
✅ Test/Check at:
https://https-interception.info.tm/test.html
✅ DNS + Root Certificate Hijack Proof And Demonstration:
https://https-interception.info.tm/
#keweon #test #evidence #ProofOfConcept #dns
Germany as a pioneer when it comes to limiting Facebook's data collection madness.
Will other countries now follow them restricting Facebook's data collection madness?
German Cartel Office restricts data collection from Facebook
Facebook has a dominant market position in Germany - and abuses it:
This has now been decided by the Bundeskartellamt. It prohibits the merging of data, Whatsapp and Instagram are also affected.
❗️The Bundeskartellamt has prohibited Facebook from collecting data outside the online network, for example with the Like button, because it sees unfair competition in it. Facebook has a dominant position in Germany and abuses it, the authority declared on 7 February 2019.
The Cartel Office also prohibited Facebook from merging the data collected on third-party websites with information collected from the users themselves on the platform of the online network. The authority also considers apps belonging to the group, such as Instagram and Whatsapp, to be third-party sources.
👉 https://www.golem.de/news/like-kartellamt-schraenkt-datensammelei-von-facebook-ein-1902-139243.html
👉 https://t.iss.one/cRyPtHoN_INFOSEC_DE/2087
#Facebook #Bundeskartellamt #Cookies #Datenschutz #Datensicherheit #Instagram #Messenger #SozialesNetz #Whatsapp
#Internet #DeleteFacebook #DeleteWhatsapp
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Will other countries now follow them restricting Facebook's data collection madness?
German Cartel Office restricts data collection from Facebook
Facebook has a dominant market position in Germany - and abuses it:
This has now been decided by the Bundeskartellamt. It prohibits the merging of data, Whatsapp and Instagram are also affected.
❗️The Bundeskartellamt has prohibited Facebook from collecting data outside the online network, for example with the Like button, because it sees unfair competition in it. Facebook has a dominant position in Germany and abuses it, the authority declared on 7 February 2019.
The Cartel Office also prohibited Facebook from merging the data collected on third-party websites with information collected from the users themselves on the platform of the online network. The authority also considers apps belonging to the group, such as Instagram and Whatsapp, to be third-party sources.
👉 https://www.golem.de/news/like-kartellamt-schraenkt-datensammelei-von-facebook-ein-1902-139243.html
👉 https://t.iss.one/cRyPtHoN_INFOSEC_DE/2087
#Facebook #Bundeskartellamt #Cookies #Datenschutz #Datensicherheit #Instagram #Messenger #SozialesNetz #Whatsapp
#Internet #DeleteFacebook #DeleteWhatsapp
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN
Forwarded from SyberiaOS-Announcements
Signature spoofing for MicroG fixed... Finally