The Trauma Floor
The secret lives of Facebook moderators in America

https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona


📡 @NoGoolag
#DeleteFacebook #fb

Europe's path between surveillance, capitalism and communism

Data collection, social scoring and our privacy - our guest author sees two dominant systems here, namely surveillance capitalism and communism.

When I pause for a moment and try to summarize the last ten years of digital technology history in a few sentences, the following remains: There are two dominant systems.

One is the US Facebook and Google system, which collects data from its users in order to generate revenue from its advertisers*. And secondly, the Chinese social credit system, with the help of which state power rewards desired behavior and punishes unwanted behavior.

For the US system, Harvard professor Shosanna Zuboff coined the term "surveillance capitalism. The Chinese system could therefore be characterized as "surveillance communism.

While the US-American system has already proven its worth over the past few years in the interests of Facebook and Google shareholders, the Chinese system is still on the verge of being baptized. Various systems are currently being tested in pilot regions and cities to test and optimize the algorithms. From 2020, a uniform social credit system is to be rolled out across the board as far as possible.

Read all 🇬🇧 at TG 👇
https://t.iss.one/BlackBox_Archiv/138

In 🇩🇪 (original) you find it 👇
https://t.iss.one/BlackBox_Archiv/140

#europe #surveillance #capitalism #communism #blackbox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Exploring alternative funding models for the web

The online advertising ecosystem is broken. The majority of digital advertising revenue is going to a small handful of companies, leaving other publishers with scraps. Meanwhile users are on the receiving end of terrible experiences and pervasive tracking designed to get them to click on ads or share even more personal data.

https://blog.mozilla.org/futurereleases/2019/02/25/exploring-alternative-funding-models-for-the-web/

📡 @NoGoolag
#mozilla #funding #alternatives #BigData

First monthly intermediate results of the EU Code of Practice against disinformation

Facebook & Co. must redouble efforts against disinformation.
In its monthly report on the monitoring of a code of conduct to combat "fake news", the Commission accuses Facebook in particular of not delivering.

The Commission has received monthly reports from Google, Facebook and Twitter addressing actions taken during January 2019 towards implementation of the commitments on electoral integrity.

These three online platforms are signatories of the Code of Practice against disinformation and the Commission asked them to report monthly on their actions undertaken ahead of the European Parliament elections in May 2019, in particular on the scrutiny of ad placements, political and issue-based advertising and integrity of services.

Broadly, the Commission is encouraged that the Reports provide further information on the policies the platforms have developed to meet these commitments.

Nevertheless, the Commission remains deeply concerned by the platform’s failure to provide specific benchmarks to measure progress, by the lack of detail on the actual results of the measures already taken and lack of detail showing that new policies and tools are deployed timely and with sufficient resources across all EU Member States.

https://ec.europa.eu/digital-single-market/en/news/first-monthly-intermediate-results-eu-code-practice-against-disinformation

#DeleteFacebook #fb #cop #EU #disinformation #report #FakeNews
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Mozilla publishes the largest public transcribed voice dataset.

Mozilla makes available the largest set of human voices based entirely on crowdsourcing. The data set includes 18 different languages and adds up to nearly 1,400 hours of recorded voice data from more than 42,000 contributors.

From the outset, our vision for Common Voice has been to create the world's most diverse voice dataset, optimized specifically for the development of speech. We have also promised to make the dataset freely accessible so that start-ups, researchers* and anyone else interested in speech technologies can use the high-quality transcribed speech data we have collected.

Today, we are pleased to present our first multilingual dataset, covering 18 languages - including English, French, German and Mandarin (traditional), but also Welsh and Kabyle, for example. This new dataset contains a total of approximately 1,400 hours of voice recordings from more than 42,000 people.

With this release, the Common Voice record is now the largest of its kind, thanks to the support of tens of thousands of people who have brought their voices and written sentences to the Public Domain (CC0). The complete data set is now available for download on the Common Voice page.

Web: https://voice.mozilla.org/en/datasets

📡 @NoGoolag
#mozilla #dataset #voice #crowdsourcing #multilingual #speech

Android without Google: Take back control! (Part 1)

1. android without data octopus

The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.

After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.

The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.

2nd Google has long been evil

Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.

Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.

Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:

"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."

This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
...(...)...
Regardless of these "restrictions", we want to achieve the following with our project:

✅ Complete control over your own data

✅ Independent and self-determined use of the device

✅ The decoupling from the Google eco-system

✅ The exit from the advertising machinery of the manufacturers

✅ Protection against advertising profiling

Read the full guide

🇬🇧
https://t.iss.one/BlackBox_Archiv/156

German (original)

https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/

#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Tech companies could change these things to make your life easier and protect your digital security and privacy.
Why haven’t they yet?

https://fixitalready.eff.org/#/

📡 @NoGoolag
#fixitalready #why

Android: IMSI Leaking during GPS Positioning

First of all, the basics:

Assisted GPS (abbreviated as A-GPS) is a system that usually significantly improves the time it takes to fix a satellite-based positioning system (GPS) for the first time - so GPS positioning is accelerated. How does this work? With mobile phones, the approximate location is already known from the radio cell in which your device is registered. This approximate location is then sent via the Secure User Plane Location Protocol (SUPL) to a SUPL server, which uses this information to limit the search range for the satellite signals and thus enables fast GPS positioning. Communication with the SUPL server takes place via TCP/IP or SMS.

Android systems use such a SUPL server to accelerate GPS positioning. However, the problem is that your IMSI number is also transmitted to the SUPL server when you make a request - which would not actually be necessary from a technical point of view.
The problem: The combination of the IMSI number with the radio cell ID enables the operator of a SUPL server to uniquely identify a user as soon as the smartphone locates or limits the location via a SUPL request. The SUPL protocol is therefore actually relatively sensible, but we do not know what the operators of the SUPL servers do with this information.

With my test devices I have now tried to find out when such a SUPL request is sent. Result: Whenever your GPS is activated and an app wants to query the location. It doesn't matter which mode you have chosen:

High accuracy:
Use GPS, WLAN, Bluetooth or mobile networks to determine your location.
Energy-saving mode:
Use WLAN, Bluetooth or mobile networks to determine your position.
Device only:
Use GPS to locate.

This means: Even if you have selected the mode "Device only", a request will be sent via A-GPS or SUPL-Request. The question is now which SUPL server or operator receives the radio cell information together with the IMSI number?

This is quite different - even with LineageOS. You can find out if you open the following file (root assumed) on your Android:

/etc/system/gps.conf

or

/vendor/etc/gps.conf

There you can search for the following entries:

SUPL_HOST=supl.google.com
SUPL_PORT=7275 (may vary)

Previously identified as SUPL_HOST or operator:

supl.google.com: Google
supl.sonyericsson.com: Sony
supl.qxwz.com: SUPL Server in China
supl.nokia.com: Nokia

If your GPS is activated, a SUPL request is sent to the SUPL_HOST - but this does not happen every time. You can force it after a device restart in combination with an app that wants to determine the GPS location. Sometimes it was also necessary to deactivate the WLAN interface.

Now you have to ask yourself if a quick GPS position determination via SUPL is important to you or maybe your privacy. If it's your privacy, you'll need to make the following changes to gps.conf and then restart your device:

SUPL_HOST=localhost
SUPL_PORT=7275

⚠️Note: It is not sufficient to comment out the lines. Then a fallback becomes active. Where the fallback information came from I could not find out yet.

With tcpdump you can check directly on the device if SUPL requests are still being sent:

tcpdump -i any -s0 port 7275

Unfortunately, one question remains unanswered: Does the proprietary baseband possibly send a SUPL request on its own and bypasses the Android operating system? In any case, this is indicated by the following article:
How SUPL Reveals My Identity And Location To Google When I Use GPS. If you can help to answer this question, please feel free to contact me via email or use the forum thread.

With a "toy" like the HackRF One, mobile phone traffic on this level could certainly be recorded.

Source and more info

https://www.kuketz-blog.de/android-imsi-leaking-bei-gps-positionsbestimmung/

📡 @NoGoolag
#android #IMSI #leaking #GPS #positioning #guide #kuketz

Cloudflare – The bad, the worse and the ugly?
What is Cloudflare and why not to use Cloudflare!

Cloudflare, the operator of the probably best-known content delivery network, is not only very popular with black copiers. Credit card fraudsters, phishing site operators, blackmailers and terrorists also like to use the services of the Californian company. Volker Rieck takes a closer look.

In the USA, a large technology company is about to go public. Cloudflare from San Francisco wants to collect almost 3.5 billion dollars on the stock exchange in the first half of the year with the support of the investment bank Goldman Sachs. However, there are heavy shadows over Cloudflare. The spectrum of his customers ranges from credit card fraudsters and spammers to sites that operate copyright infringement as a business model and terrorist sites. Even US embargoes are undermined.

💡 What is Cloudflare?

The service of Cloudflare is the supply of a content Delivery network (CDN) - also content distribution network called. That is simplified said a type of turbo for web pages, so that these are delivered world-wide fast and surely. Cloudflare hangs itself thereby between the web page and/or the servers of its customers and the visitor of the side and/or user of a service and provides by purposeful control and distribution of the Traffics for a correspondingly high speed. In this way Cloudflare can offer also protection against overload attacks (DDoS) in the net.

💡 However, it offers a hidden feature:
the company anonymizes its customers.

By doing so, Cloudflare will put a screen over the original website or its server, making the operator of this site almost untraceable. If, for example, you want to know where a certain website is hosted, you only receive Cloudflare data, but you can neither identify the original computer center nor the IP address, which would be necessary, among other things, for prosecuting legal violations.

Civil law inquiries are useless, because Cloudflare only provides the naming of a computer center, which is worthless without the respective IP address. This would be roughly comparable to the information of an address in a high-rise building with thousands of residents, where there are no bell signs.

Read the full article inside TG (🇬🇧)
https://t.iss.one/BlackBox_Archiv/163

Or the original (🇩🇪)
(TG) https://t.iss.one/BlackBox_Archiv/166
(Web) https://tarnkappe.info/cloudflare-the-bad-the-worse-and-the-ugly/

📡 @NoGoolag
#cloudflare #dns #truth #why

Protect freedom on radio devices: raise your voice today!

We are facing a EU regulation which may make it impossible to install a custom piece of software on most radio decives like wiki routers, smartphones and embedded devices. 

https://blog.mehl.mx/2019/protect-freedom-on-radio-devices-raise-your-voice-today

Link to provide negative feedback:
https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038_en


📡 @NoGoolag
#eu

🎧 🇬🇧 The Secrets Hidden in Our Google Location Data

This week on Decrypted, Bloomberg Technology’s Alistair Barr and Pia Gadkari explore the myriad secrets that our location data can reveal and some of the ways it can be used against us.

📻 The #secrets #hidden in Our #google #location #data #podcast

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Smart Phones for Privacy & Security

Smartphones are inherently bad for privacy. You've basically got a tracking device in your pocket, pinging off cell towers and locking onto GPS satellites. All the while, the handset's data connection ensures that tracking cookies, advertising IDs, and usage stats follow you around the internet.

So no, there's no such thing as a perfectly secure and truly private smartphone, let's get that out of the way now. But in the information age, you practically need a smartphone just to get by in society, so the question then becomes: Which phone manages to be the lesser of all the evils?

With critical vulnerabilities such as the KRACK exploit and Blueborne, not to mention the FBI attempting to find a backdoor into practically every phone, that's a hard question to answer. So to find the most security-hardened devices, we tested the top smartphones on the market, looking for key factors like encryption strength, biometrics, hardware-assisted security, VPN availability, and security patch timeframes. Our research narrowed the list down to five great phones, so let's discuss how well each of these devices protects your privacy.

Key Comparison Points

When it came to comparing our five finalist phones, these were the key differentiating factors for privacy and security:

✳️ Biometrics

✳️ Authentication Methods

✳️ Encryption

✳️ Hardware-Stored Keys

✳️ Hardware Security Modules

✳️ Sandboxed User Accounts

✳️ Restrict Ad Tracking

✳️ Always-On VPN

✳️ Block Internet Access for Apps

✳️ Data Wipe After Failed Login

✳️ DNS over TLS

✳️ Force Password to Unlock Phone

✳️ Restrict Usage of Data Port

✳️ Anti-Theft Protection

✳️ Built-in Password Manager

✳️ Password Generator

✳️ Autofill Passwords

✳️ Password Protected Apps

✳️ Password Protected Files

✳️ Stock Security Center App

✳️ Security Patch Timeframe

✳️ Bug Bounties

#tips #smartphones #security #privacy
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES

1. Social network targeted legislators around the world, promising or threatening to withhold investment
Facebook has targeted politicians around the world – including the former UK chancellor, George Osborne – promising investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed.
https://www.theguardian.com/technology/2019/mar/02/facebook-global-lobbying-campaign-against-data-privacy-laws-investment

2. German data protectors alerted about Facebook's internal spy department
Facebook's proprietary security team collected location data from ex-employees it considers a threat to the company.
Does Facebook also play private police in Germany? The Hamburg data protection commissioner demands answers from Facebook.
https://netzpolitik.org/2019/deutsche-datenschuetzer-alarmiert-wegen-facebooks-spitzelabteilung/

3. Facebook pressured Canada to ease up on data rules, U.K. reports say Social Sharing
Internal documents leaked to U.K. journalists show Facebook's global lobbying operations
Facebook promised to open a data centre in Canada to create jobs, in exchange for the federal government offering assurances that it would not impose its jurisdiction over the company's non-Canadian data.
https://www.cbc.ca/news/politics/facebook-canada-data-pressure-1.5041063

#DeleteFacebook #fb #why #leak
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES

Here are the data brokers quietly buying and selling your personal information
You’ve probably never heard of many of the data firms registered under a new law, but they’ve heard a lot about you.

It’s no secret that your personal data is routinely bought and sold by dozens, possibly hundreds, of companies. What’s less known is who those companies are, and what exactly they do.

https://www.fastcompany.com/90310803/here-are-the-data-brokers-quietly-buying-and-selling-your-personal-information

📡 @NoGoolag
#BigData #privacy #mydata #why #data #brokers

Europe dictators want to forbid the installation of third party software (like android ROMs, openwrt, iot...) in radio devices (smartphones, routers, iot...)

https://blog.mehl.mx/2019/protect-freedom-on-radio-devices-raise-your-voice-today/

You can insult them here, today is the last day:
https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6621038_en

#eu

Why Democracies Die: The Reason Privacy Is the Source of Power in the 21st Century

https://medium.com/privateid-blog/why-democracies-die-the-reason-privacy-is-the-source-of-power-in-the-21st-century-4883906d910


#why

Open source breaches up by over 70 percent

A quarter of firms confirmed or suspected a web application breach in the past 12 months.

Open source breaches have increased by 71 percent over the last five years, while 26 percent of companies reported a confirmed or suspected web application breach in the past year alone, according to a new survey.
https://www.scmagazineuk.com/open-source-breaches-70-percent/article/1577919

Read Via Telegram

#opensource #vulnerability #hacking
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES

And the mass is walking!

#Article13Demo in #Frankfurt has become so big that it has been converted into a walking demo! #SaveYourInternet #article13 #Uploadfilter

https://twitter.com/uploadfilter/status/1102997023933022208?s=09

#Uploadfilter #Artikel13 #NoUploadFilter #demo #CreateAwareness #getactive #SaveTheInternet #FreeSpeach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

🎧 🇬🇧 Silk Road [Part 1- 2 - 3]

The Silk Road was an ancient network of trade routes that started in China in the 2nd century B.C. Via a combination of roads, and sea routes, goods like silk, paper and spices were transported from the producers in Asia to markets in Europe. Eventually, it wasn’t just goods that were traded – there were also ideas, customs, religions and even diseases.
The Silk Road expanded throughout different continents and civilizations for several centuries. It connected Asia, Europe, Africa and the Middle East. A marketplace across the world.

Two major expansions can be traced back to the Silk Road. One of these was the introduction of Buddhism into China. The second was the Black Death.

📻 Part 1:
https://t.iss.one/BlackBox_Archiv/212
📻 Part 2:
https://t.iss.one/BlackBox_Archiv/213
📻 Part 3:
https://t.iss.one/BlackBox_Archiv/214

#SilkRoad #darknet #podcast #DEA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Google is working on securely storing Digital Driver's Licenses in Android

https://www.xda-developers.com/google-android-digital-drivers-license


📡 @NoGoolag
#google #driver #license #id #why