📺 Goodbye Big Five (Week 4: Microsoft)

Reporter Kashmir Hill spent six weeks blocking Amazon, Facebook, Google, Microsoft, and Apple from getting her money, data, and attention, using a custom-built VPN. Here’s what happened.

I am on a mission to live without the tech giants, to discover whether such a thing is even possible. Not just through sheer willpower but technologically, with the use of a custom-built tool that would literally prevent my devices from accessing these companies, and them from accessing me and my data.
https://gizmodo.com/i-cut-microsoft-out-of-my-life-or-so-i-thought-1830863898

📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

📺 Goodbye Big Five (Week 5: Apple)

Reporter Kashmir Hill spent six weeks blocking Amazon, Facebook, Google, Microsoft, and Apple from getting her money, data, and attention, using a custom-built VPN. Here’s what happened.

I am on a mission to live without the tech giants, to discover whether such a thing is even possible. Not just through sheer willpower but technologically, with the use of a custom-built tool that would literally prevent my devices from accessing these companies, and them from accessing me and my data.
https://gizmodo.com/i-cut-apple-out-of-my-life-it-was-devastating-1831063868

📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment

This post by a security researcher who prefers to remain anonymous will elucidate concerns about certain problematic decisions Apple has made and caution about future decisions made in the name of “security” while potentially hiding questionable motives. The content of this article represents only the opinion of the researcher. The researcher apologises if any content is seen to be inaccurate, and is open to comments or questions through PGP-encrypted mail.

⛔️iOS subliminally and constantly collects sensitive data, links it to hardware identifiers almost guaranteed to link to a real identity

⛔️iOS forces users to “activate” devices (including non-cellular) which sets up a remote UUID-linked (also collecting registration IP) database for a given device with Apple for APNS/iMessage/FaceTime/Siri, and then Apple ID, iCloud etc. Apple ought be open to users about “activation” and allow users to avoid it.

⛔️Apple Activation servers are accessed via Akamai, which means sensitive data may be cached by Akamai and its’ peering partners' which includes many global ISPs and IXPs

⛔️Risk that macOS could be iOS-ified in the near future in the name of “security” while ignoring significant flaws in iOS’ design wrt privacy, forcing users to unnecessarily trust Apple with potentially sensitive data in order to even simply use devices.

⛔️Controversial, draconian surveillance laws being implemented worldwide which could take advantage of Apple’s data collection and OS design choices, notably in, but not limited to, China, one of Apple's largest markets.

❗️If iOS is to really be considered a secure OS, and if vanilla macOS is to become more secure, independent end-user control must be considered. Increased low-level design security at the cost of control, and the ability to prevent leaking data, cannot be considered a real improvement in security.

Much more info and source: https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d

#iOS #macOS #freedom #security #privacy

🇬🇧 Keweon Root Certificate Checker

Here you can check if your system is compromised by the currently most prevalent perpetrator. This check may be eventually blocked by them, don't rely on it. There is more than one person or group trying to undermine basic security, this is by no means a novel idea.

🇩🇪 Keweon Root Zertifikat Test

Hier können Sie testen ob Sie von dem aktuell prävalenten Angreifer kompromittiert wurden. Dieser Test kann früher oder später von demselben geblockt werden, also verlassen Sie sich nicht darauf. Es versuchen mehr als eine Person oder Gruppe grundlegende Internetsicherheit zu unterwandern, dies ist bei Weitem keine neuartige Idee.

✅ Test/Check at:
https://https-interception.info.tm/test.html

✅ DNS + Root Certificate Hijack Proof And Demonstration:
https://https-interception.info.tm/

#keweon #test #evidence #ProofOfConcept #dns

Germany as a pioneer when it comes to limiting Facebook's data collection madness.
Will other countries now follow them restricting Facebook's data collection madness?

German Cartel Office restricts data collection from Facebook

Facebook has a dominant market position in Germany - and abuses it:
This has now been decided by the Bundeskartellamt. It prohibits the merging of data, Whatsapp and Instagram are also affected.

❗️The Bundeskartellamt has prohibited Facebook from collecting data outside the online network, for example with the Like button, because it sees unfair competition in it. Facebook has a dominant position in Germany and abuses it, the authority declared on 7 February 2019.

The Cartel Office also prohibited Facebook from merging the data collected on third-party websites with information collected from the users themselves on the platform of the online network. The authority also considers apps belonging to the group, such as Instagram and Whatsapp, to be third-party sources.

👉 https://www.golem.de/news/like-kartellamt-schraenkt-datensammelei-von-facebook-ein-1902-139243.html
👉 https://t.iss.one/cRyPtHoN_INFOSEC_DE/2087

#Facebook #Bundeskartellamt #Cookies #Datenschutz #Datensicherheit #Instagram #Messenger #SozialesNetz #Whatsapp
#Internet #DeleteFacebook #DeleteWhatsapp
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

Signature spoofing for MicroG fixed... Finally

28 Fake Apps removed from Google Play Store post Quick Heal Security Lab reports

Quick Heal Security Lab has spotted 28 Fake Apps with over 48,000+ (all together) installations on Google Play Store. Google play has removed a total of 28 fake apps from the Play Store after reports by Quick Heal Security Lab. The apps do not have any legitimate functionality related to…

https://blogs.quickheal.com/28-fake-apps-removed-google-play-store-post-quick-heal-security-lab-reports/

#google #fake #vulnerability
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE

OpenVPN vs IPSec, WireGuard, L2TP, & IKEv2 (VPN Protocols 2019)

What are VPN protocols and why do you need to understand the different options?
— What is IPSec?
👉 https://t.iss.one/BlackBox_Archiv/66

— What is IKEv2/IPSec?
— L2TP/IPSec
👉 https://t.iss.one/BlackBox_Archiv/67

—WireGuard
— PPTP
— SSTP
👉 https://t.iss.one/BlackBox_Archiv/68

— OpenVPN UDP vs OpenVPN TCP
— What is the best VPN protocol?
— VPN protocols conclusion
👉 https://t.iss.one/BlackBox_Archiv/69

#OpenVPN #IPSec #L2TP #IKEv2 #WireGuard #guide
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

How Android Q improves Privacy and Permission Controls over Android Pie

https://www.xda-developers.com/android-q-privacy-permission-controls

#android #q #permissions

The Big DNS Privacy Debate at FOSDEM

https://blog.powerdns.com/2019/02/07/the-big-dns-privacy-debate-at-fosdem

HN comments:
https://news.ycombinator.com/item?id=19104167


#dns #doh #fosdem

🇬🇧 Surveillance — Self-Defense
Your Security Plan

Trying to protect all your data from everyone all the time is impractical and exhausting. But, have no fear! Security is a process, and through thoughtful planning, you can put together a plan that’s right for you. Security isn’t just about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.
🇬🇧👉 https://t.iss.one/BlackBox_Archiv/71

🇩🇪 Überwachung — Selbstschutzmaßnahmen
Ihr Sicherheitsplan

Der Versuch, alle Ihre Daten jederzeit vor jedem zu schützen, ist unpraktisch und anstrengend. Aber haben Sie keine Angst! Sicherheit ist ein Prozess, und durch eine durchdachte Planung können Sie einen Plan zusammenstellen, der für Sie geeignet ist.
🇩🇪👉 https://t.iss.one/BlackBox_Archiv/73

#Surveillance #SelfDefense #SecurityPlan #Security
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

Algeria Ranked ‘Least Cyber-Secure’ Country in the World, Japan ‘Most Cyber-Secure’

Which countries have the worst (and best) cybersecurity?

With so much of our information (including incredibly personal data) being found online, cybersecurity is of the utmost importance.

So just where in the world are you cyber safe – if anywhere?
https://www.comparitech.com/blog/vpn-privacy/cybersecurity-by-country/

Read Via Telegram

#vulnerability #cryptomining #hacking
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE

The truth about e-mail

A short beginner-friendly intro on e-mail ins and outs

Before reading this article, you might want to take a look at the “Threat Modeling” article:
👉 https://t.iss.one/NoGoolag/806

There are many misconceptions about e-Mail, thanks to marketing efforts of companies looking to score a quick buck off the privacy scandals. Such companies include Protonmail, Tutanota et al. This post intends to teach you some basics so you can make an educated decision, unswayed by corporate greed.

‼️ E-Mail is almost always public. E-Mails are essentially postcards. It can be encrypted in transit [1], but it will always be visible and accessable to the servers involved. There is absolutely no way to avoid this. The e-mail protocol is old and was never designed for privacy.

‼️ You need to encrypt yourself. The most common way to do so is PGP, which is supported by a wide array of clients [2] and thoroughly tested.

‼️ Even PGP is not a a perfect solution. Some of the metadata will always be unencrypted. Subject line/sender/recipient/timestamp/etc. can already be used to create detailed profiles of you. There is no way to avoid this. You might want to keep the subject line light.

‼️ Providers claiming they cannot scan/sell/analyze your data are always a scam. They can, and as stated before: there is no way around it.

‼️ A way to ensure fully private e-mail communication is to only use a single server that you trust. Internal messages stay on that server/in that network, provided you use TLS/SSL. More on selfhosting at a later point.

‼️ If you don’t pay, you are most likely the product. Unless your provider of choice is an actual non-profit organisation run by a small community of ordinary people you should stay away from free providers if you possibly can. This is a general rule. There are cheap services that you might be able to afford. While of course not being any more trustable tech-wise, there’s at least a smaller conflict of interest with them.

[1] You can check if your message was encrypted in transit with a Thunderbird addon called Paranoia.
[2] You can use Enigmail for Thunderbird to easily deploy PGP in daily life without any effort on your end.

Source (a big thanks) and more info at: https://lushka.al/truth-about-email/
🇩🇪👉 https://t.iss.one/cRyPtHoN_INFOSEC_DE/2114

#email #security #guide

🇬🇧 Google Screenwise:
An Unwise Trade of All Your Privacy for Cash

Imagine this: an enormous tech company is tracking what you do on your phone, even when you’re not using any of its services, down to the specific images that you see. It’s also tracking all of your network traffic, because you’re installing one of its specially-designed routers..(...)
🇬🇧👉 https://t.iss.one/BlackBox_Archiv/76

🇩🇪 Google im Blickfeld:
Ein unkluger Handel mit Ihrer gesamten Privatsphäre für Bargeld

Wenn Sie sich vorstellen: Ein riesiges Technologieunternehmen protokolliert, was Sie auf Ihrem Handy tun, auch wenn Sie keinen seiner Dienste nutzen, bis hin zu den spezifischen Bildern, die Sie sehen. Es verfolgt auch den gesamten Netzwerkverkehr, da Sie einen seiner speziell entwickelten Router installieren...(...)
🇩🇪👉 https://t.iss.one/BlackBox_Archiv/78

#google #privacy #panopticon
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

🇬🇧The Problem with Mobile Phones

Mobile phones have become ubiquitous and basic communications tools—now used not only for phone calls, but also for accessing the Internet, sending text messages, and documenting the world.
🇬🇧👉 https://t.iss.one/BlackBox_Archiv/92

🇩🇪 Überwachung — Selbstschutz
Das Problem mit Mobiltelefonen

Mobiltelefone sind zu allgegenwärtigen und grundlegenden Kommunikationsmitteln geworden - nicht nur für Telefonate, sondern auch für den Zugang zum Internet, das Versenden von Textnachrichten und die Dokumentation der Welt.
🇩🇪👉 https://t.iss.one/BlackBox_Archiv/85

#surveillance #selfprotection #mobilephones #selfdefense
#Überwachung #Selbstschutz #Handys
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

🇬🇧📺 I Cut the 'Big Five' Tech Giants From My Life. It Was Hell

Week 6: Blocking them all

A couple of months ago, I set out to answer the question of whether it’s possible to avoid the tech giants. Over the course of five weeks, I blocked Amazon, Facebook, Google, Microsoft, and Apple one at a time, to find out how to live in the modern age without each one.
To end my experiment, I’m going to see if I can survive blocking all five at once.

📺 https://gizmodo.com/i-cut-the-big-five-tech-giants-from-my-life-it-was-hel-1831304194

📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

🇬🇧 Open letter to Facebook

Political actors use disinformation campaigns that prey on our emotions and values to manipulate our behaviour. We have a right to know who is paying to influence our vote, and Facebook is responsible for making sure that happens on their platform. They have made many promises to European lawmakers and users to make political ads more transparent, but so far we’ve seen little action. So we decided to pen an open letter telling them to implement what they've promised in enough time to protect users during the European elections.

Dear Facebook:

We are writing you today as a group of technologists, human rights defenders, academics, journalists and Facebook users who are deeply concerned about the validity of Facebook’s promises to protect European users from targeted disinformation campaigns during the European Parliamentary elections. You have promised European lawmakers and users that you will increase the transparency of political advertising on the platform to prevent abuse during the elections. But in the very same breath, you took measures to block access to transparency tools that let your users see how they are being targeted.

In the company’s recent Wall Street Journal op-ed, Mark Zuckerberg wrote that the most important principles around data are transparency, choice and control. By restricting access to advertising transparency tools available to Facebook users, you are undermining transparency, eliminating the choice of your users to install tools that help them analyse political ads, and wielding control over good faith researchers who try to review data on the platform. Your alternative to these third party tools provides simple keyword search functionality and does not provide the level of data access necessary for meaningful transparency.

Actions speak louder than words. That’s why you must take action to meaningfully deliver on the commitments made to the EU institutions notably the increased transparency that you’ve promised. Promises and press statements aren’t enough; instead, we need to see real action over the coming months, and we will be exploring ways to hold Facebook accountable if that action isn’t sufficient.

Specifically, we ask that you implement the following measures by 1 April 2019 to give developers sufficient lead time to create transparency tools in advance of the elections:

Roll out a functional, open Ad Archive API that enables advanced research and development of tools that analyse political ads served to Facebook users in the EU.
Ensure that all political advertisements are clearly distinguished from other content and are accompanied by key targeting criteria such as sponsor identity and amount spent on the platform in all EU countries.
Cease harassment of good faith researchers who are building tools to provide greater transparency into the advertising on your platform.

We believe that Facebook and other platforms can be positive forces that enable democracy, but this vision can only be realized through true transparency and trust. Transparency cannot just be on the terms with which the world’s largest, most powerful tech companies are most comfortable.

We look forward to the swift and complete implementation of these transparency measures that you have promised to your users.

Sincerely,
Mozilla Foundation
https://foundation.mozilla.org/en/campaigns/eu-misinformation/

#DeleteFacebook #Openletter #MozillaFoundation
📡 @cRyPtHoN_INFOSEC_DE
📡 @cRyPtHoN_INFOSEC_EN

COSP ROM

Our goal is to have an Pixel-like android ROM that isn't spying on you and uses as few system space as possible. Also, we provide the option to go completely without GApps using MicroG support.

We are focusing on stability and performance, having an debloated ROM is essential for that. Also, we want Users to decide what kind of Store they want to use, either F-Droid or the Play Store.
Also, we take User requests serious. To suggest something, contact us on telegram.

https://t.iss.one/cospcommunity

https://t.iss.one/cospnews


Features:

1) All systemUI tuning elements
2) An handy Network indicator
3) Charging Information
4) Lawnchair and Quickstep as default
5) Quick Settings mods
6) Signature spoofing
7) OP gestures
8) Navbar tuner
9) Rootless Substratum (with fixes to theme system correctly)
10) Screenshot/screenrecord tile
11) Advanced power menu
12) Double tap to sleep on statusbar
13) Option to disable quick settings/power menu on secure lockscreen

OTA Updating for official devices enables Users to get the newest version with ease.

ROM Source: https://github.com/cosp-project

#cosp #rom