Skip to main content

Cerca

Elementi taggati con: privacy


 
I work in mobile app development and the technology out there to spy on you is pretty insane. There is a whole industry for snooping and reselling data. Here are some examples.

There are several SDKs (software development kits) that offer fingerprinting identity services. Meaning, when someone opens your app, it checks their device ID, IP address, GPS location, email address, etc. and makes a match to an identity. You then use this SDK to track their behavior in your app, such as purchases, interests, demographics, preferences, etc. This data is stored along with all the other apps that use the SDK. Now as an upsell, I can buy all of your behavior data from every other app that uses the same service. From the moment you install the app I know everything about you.

There are SDKs that don’t even offer a service, they just straight up pay the app maker to let their agent sit and collect data and send it up to their servers. Mostly location data.

My favorite is there’s an SDK that actually records the screen while you use the app, and the video gets sent up to the server for the app maker to see how you use their app in real time. It also tracks all of your views, swipes, and button presses tied to the video for analytics.

Basically, you should assume that every moment you are using an internet connected device, you are being observed, scrutinized, and analyzed so that someone can sell you more shit.

They are really good at this, and getting better every year. You think Facebook is listening to your microphone to serve you ads at the moment you are discussing a product? They don’t need to. They know you that well.

Edit: A lot of people are asking for specific examples of this monitoring tech. There are a ton of small players. So an example of location tracking is Tamoco. An example of behavior tracking is Branch.io (they don't advertise the data mining, but it's a back-end deal). And session monitoring is AppSee or HotJar. There are many more that I haven't heard of.

There are a ton of data resellers out there. They're typically small startups who buy and sell data, and they compete on having the most comprehensive and clean data sets. We get approached by a data reseller maybe once a month, either trying to buy our data or sell us data.

Edit: A lot of people are flippant about this idea because you "don't click on ads" or you "don't buy anything". There are people who aren't interested in just selling you products. How about voting for a particular political candidate, or for/against a ballot measure? How about selling you a particular world view? Propaganda is just like advertising, they're just selling you an idea instead of a product.
#android #ios #programming #development #app #apps #phone #smartphone #sdk #hotjar #facebook #appsee #branch.io #tamoco #surveillance #privacy #encryption

 
I am adding this to block:

googleusercontent.com

Example given here.

Watch these types of links

Immagine/foto "Cyber Doc - 28 minutes ago
The Mighty James River

In an effort to be respectful to the creators/maintainers of this pod, I am trying my best to use links for my photos as opposed to directly uploading them. This was taken along the James River in Richmond, VA recently. It’s one of my many hideouts for relieving stress and getting away from humans. Happy Thursday everyone. :-)

://lh3.googleusercontent.com/V0HbnyUdYn0pjFhnhafv3Mtj8Mw-8wbQcWfhdOsYZsWuwPSEMQsCB4t4n0RyHxvg8aPi6db2Zb8yzG5LewM955xZu_GTv6u1yU8KZZPAslgkzR4UhpvwrKKtgYqHsqBbteB6byPs1XRuX1NP1oQCyt8Q9gN3jmJOQ3-T8J5T4j70A2JhUkWr7skIfFkniXLkW7Q5bDVA-5GQgHq8DxSASa04M1KAduXNTUhMmgIIX7hS9XIpKBCxDw1JKRzw_ySndkZ-s8FRzGGwPcNee_sGKEsRqnyBjD7NNVAgl994yNlnInm8gBJkh2nRv7kBO7qG8Mut21fvZuFBPejB_r-QudJD9uz8KcBOJm1OZEBLkntzJb6MoxttNw_oEHP5TNbx-442koNHXMQnIXjG3UfHS4-bnTn6RojIed5EN-uwl5eHZs4OVO3Mzz2tmlq1n1uTJHuViP8gsIzDjvf6CkbzNOu06pk_IWlU_-KhvWX9K-i3F-xHj2JHZBJeP-W_btoG7VQCfXCeH4dn6nx8moqeKJb9hvlk1k91bQ1CGAJ_xLnw_sr-X9WX-88E_I9Lt0oHFW4sVRQA_PilWmIdBcp0P2rlUh2qz5XpWToJKT67g6UmV1ZdpsakuKs8uiENfKwE=w1280-h852-no

#photography #newhere #GPlus #GPlusRefugee #RVA #Virginia #landscape"

While this user may be nobly trying to save disk space on #pluspora; what in effect is being done is to allow Google to track each and every user clicking on the link.


I'm not saying that EVERY #pluser is involved in this:

Immagine/foto

But certainly some are.

#security #bigbrother #darpa #darpa==google #privacy

 
The Call for Participation for the #Decentralized Internet & #Privacy devroom at #fosdem2019 was published 🎉 It would be great to receive proposals from a diversity of people.

Please boost widely !

https://lists.fosdem.org/pipermail/fosdem/2018q4/002769.html

 
Okay, let me explain things for all the slightly confused #newhere people.

Diaspora*


Diaspora is a open source, distributed social network developed by programmers around the world. It operates on different "pods". Where each pod is a server that holds your data. And pods communicate with each other to form the Diaspora network. This design makes Diaspora resilient to #cyberattacks and enhances #privacy. And pod taken down by hackers or governments will only effect the users on the pod. Users on other pods are still safe.

Do note that although pods are interconnected. You can only login form the pod your account it on. Logging in from other pods will result in nothing besides error messages.

thefederation


The Federation is a network formed by serval social networks.
- Diaspora - FAQ-Tutorial-Rules
- Friendica - FAQ-Support
- Hubzilla - About-Tutorial-
- Socialhome
- GangGo

They are interconnected. Posts on one network is shared with the others, but each network has different features and looks.

Hashtags and posting


Like Twitter we use #hashtags and sharing. If a stranger’s post has a #hashtag you are following, it will show up in your stream. If you are sharing with someone, you will see all of their posts.
Also, upon clicking the buttons on top of the post editor. Weird text are inserted. That is absolutely normal. Diaspora uses the Markdown format for all the post. It's ... kinda a standard for the developers working on the project.

Helping to develop diaspora


I'm getting tired (it's 1 AM when I'm writing this post) now, please refer to this post for information regarding how to contribute to the Diaspora project directly. (Technical skills needed)

Have a nice time on #Diaspora*

 
Okay, let me explain things for all the slightly confused #newhere people.

Diaspora*


Diaspora is a open source, distributed social network developed by programmers around the world. It operates on different "pods". Where each pod is a server that holds your data. And pods communicate with each other to form the Diaspora network. This design makes Diaspora resilient to #cyberattacks and enhances #privacy. And pod taken down by hackers or governments will only effect the users on the pod. Users on other pods are still safe.

Do note that although pods are interconnected. You can only login form the pod your account it on. Logging in from other pods will result in nothing besides error messages.

thefederation


The Federation is a network formed by serval social networks.
- Diaspora - FAQ-Tutorial-Rules
- Friendica - FAQ-Support
- Hubzilla - About-Tutorial-
- Socialhome
- GangGo

They are interconnected. Posts on one network is shared with the others, but each network has different features and looks.

Hashtags and posting


Like Twitter we use #hashtags and sharing. If a stranger’s post has a #hashtag you are following, it will show up in your stream. If you are sharing with someone, you will see all of their posts.
Also, upon clicking the buttons on top of the post editor. Weird text are inserted. That is absolutely normal. Diaspora uses the Markdown format for all the post. It's ... kinda a standard for the developers working on the project.

Helping to develop diaspora


I'm getting tired (it's 1 AM when I'm writing this post) now, please refer to this post for information regarding how to contribute to the Diaspora project directly. (Technical skills needed)

Have a nice time on #Diaspora*

 

Please login to continue


Imagine a book asking you to "login to continue" reading it, with the story becoming "tailored" to your "needs" when you do.

Imagine having to wear a mandatory sign with your name and give permission to monitor your "pattern of life" to be able to read a concert poster or look at a graffiti.

Imagine having everyone depend on a service of a closed cast of intermediary messengers who could transcend spacetime to deliver our words, anticipate our needs and suggest who to add to our "connectants."

#privacy #surveillance #consumerism

 

GitHub - Exodus - #Privacy / exodus-standalone: εxodus CLI #client for local #analysis


 
Proud that i was part of that project and able to build the website of #GlobalSurveySDG
https://www.globalsurvey-sdgs.com

Take part of the surcey if you like to share your opinion about topics related to sustainability.

In order to keep the privacy (no third party requests) of the users and to display images from social feeds i decided to make a proxy and cache the images. https://github.com/netzgestaltung/privacy-enhanced-social-wall (that code shows only the idea, is not ready as ist lies there)

#SDGs #GlobalGoals #Sustainability #mywork #website #wordpress #netzgestaltung #pagebuilderfree #sandboxtheme #privacy
Global Survey on Sustainability and the SDGs

 
Proud that i was part of that project and able to build the website of #GlobalSurveySDG
https://www.globalsurvey-sdgs.com

Take part of the surcey if you like to share your opinion about topics related to sustainability.

In order to keep the privacy (no third party requests) of the users and to display images from social feeds i decided to make a proxy and cache the images. https://github.com/netzgestaltung/privacy-enhanced-social-wall (that code shows only the idea, is not ready as ist lies there)

#SDGs #GlobalGoals #Sustainability #mywork #website #wordpress #netzgestaltung #pagebuilderfree #sandboxtheme #privacy
Global Survey on Sustainability and the SDGs

 

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies


The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

#privacy, #freedom, #openhardware,

 
While adjusting the system settings on macOS Sierra I stumbled over some horrific concepts.
I keep asking myself why privacy is even mentioned in the headlines. And why people agree to such a policy.
About Location Services & Privacy

(…) When you use Spotlight or Safari Suggestions in Safari, the location of your Mac at the time you submit a search query to Spotlight or Safari will be sent to Apple to make Spotlight Suggestions and Safari Suggestions more relevant and to improve other Apple products and services. If you turn off Location Services for Spotlight Suggestions and Safari Suggestions, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your internet connection to approximate your location by matching it to a geographic region. (…) Settings - Security & Pricacy
About Dictation & Privacy
(…) If you use server-based Dictation, the things you dictate will be recorded and sent to Apple to convert what you say into text and your computer will also send Apple other information, such as your name and nickname; and the names, nicknames, and relationship with you (for example, “my dad”) of your address book contacts (collectively, your “User Data”). All of this data is used to help the dictation feature understand you better and recognize what you say.(…) Settings - Keyboard
About Siri & Privacy (macOS)
(…)When you use Siri the things you say will be recorded and sent to Apple to process your requests. Your device will also send Apple other information, such as your name and nickname; the names, nicknames, and relationships (e.g., “my dad”) found in your contacts, song names in your collection, the names of your photo albums, and the names of apps installed on your device (collectively, your “User Data”). All of this data is used to help Siri understand you better and recognize what you say. It is not linked to other data that Apple may have from your use of other Apple services.(…) Settings - Siri

#Apple #Privacy #Userdata #Überwachung #Datenschuty

 
It’s possible to target ads by phone number. Including a number the user didn’t reveal.
The researchers also found that if User A, whom we’ll call Anna, shares her contacts with Facebook, including a previously unknown phone number for User B, whom we’ll call Ben, advertisers will be able to target Ben with an ad using that phone number, which I call “shadow contact information,” about a month later.
#facebook #surveillance #privacy

 

MNT Reform DIY Laptop




A free and open source modular computing platform

Goals: Security, Transparency, Hackability — All power to the user!

Thoroughly understand it on the electrical, mechanical and software levels

Take it apart, modify and upgrade it without regret

Repair it yourself with simple 3D printed parts and the hardware store

Reclaim your #privacy and #security: No microphone, camera or management engine

Specs

  • NXP i.MX6QP: 4x ARM Cortex A9 Cores at 1.2 GHz
  • NDA-Free Reference Manual
  • Vivante GC3000 GPU
  • Fully open source drivers in the Linux kernel (etnaviv) and OpenGL (mesa)
  • 4GB DDR3 RAM
  • Reprogrammable slim mechanical keyboard (Cherry ML keys)
  • Reprogrammable optical trackball
  • 5x USB2.0 (2 external, 3 internal)
  • HDMI connector
  • LVDS connector (driving 1366x768 IPS 11" panel, included)
  • Full-length MiniPCIe slot
  • Full-length mSATA slot for SSD (disk not included)
  • Full-length WWAN slot (USB2.0) and SIM-card slot
  • Gigabit Ethernet connector
  • Bootable Micro SD-Card slot
  • SPI, I2C, GPIO connectors (internal)
  • SGTL5000 soundchip with headphone connector, internal line connectors
  • LiFePo4 charger (for single 10Ah cell, included)
  • Size: 29cm x 20.3cm x 4.5cm; Weight TBA
#freesoftware #diy #hardware #libre #arm

 

MNT Reform DIY Laptop




A free and open source modular computing platform

Goals: Security, Transparency, Hackability — All power to the user!

Thoroughly understand it on the electrical, mechanical and software levels

Take it apart, modify and upgrade it without regret

Repair it yourself with simple 3D printed parts and the hardware store

Reclaim your #privacy and #security: No microphone, camera or management engine

Specs

  • NXP i.MX6QP: 4x ARM Cortex A9 Cores at 1.2 GHz
  • NDA-Free Reference Manual
  • Vivante GC3000 GPU
  • Fully open source drivers in the Linux kernel (etnaviv) and OpenGL (mesa)
  • 4GB DDR3 RAM
  • Reprogrammable slim mechanical keyboard (Cherry ML keys)
  • Reprogrammable optical trackball
  • 5x USB2.0 (2 external, 3 internal)
  • HDMI connector
  • LVDS connector (driving 1366x768 IPS 11" panel, included)
  • Full-length MiniPCIe slot
  • Full-length mSATA slot for SSD (disk not included)
  • Full-length WWAN slot (USB2.0) and SIM-card slot
  • Gigabit Ethernet connector
  • Bootable Micro SD-Card slot
  • SPI, I2C, GPIO connectors (internal)
  • SGTL5000 soundchip with headphone connector, internal line connectors
  • LiFePo4 charger (for single 10Ah cell, included)
  • Size: 29cm x 20.3cm x 4.5cm; Weight TBA
#freesoftware #diy #hardware #libre #arm

 
Back-To-School #Revolt in #Springfield? #Employees balk over using #Google #Drive as #evidence of #massive #privacy breach #mounts



Springfield Public Schools in Missouri may be in the early stages of what could become an all-out employee revolt. And if they are, some employees claim that the district has no one to blame but itself for not properly securing employee, student, and parent data even after they were warned of serious privacy breaches and data security failures.
https://www.pogowasright.org/back-to-school-revolt-in-springfield-employees-balk-over-using-google-drive-as-evidence-of-massive-privacy-breach-mounts/

 

We need to talk about **joindiaspora.com **

Flaburgan diaspora* community staff // Aug 2013
We are facing a lot of problems with joindiaspora and I think it’s time to change our strategy about it.
At the moment, we simply don’t deal with joindiaspora. But there are many downsides. They almost all come from one point: people don’t make any difference between “diaspora” and “joindiaspora”. Result: when “joindiaspora” is slow / buggy / down, it’s “diaspora” which slow / buggy / down. When “joindiaspora” doesn’t respect privacy (Amazon, Google analytics which has now be removed), it’s “diaspora*” which doesn’t respect privacy.
https://discourse.diasporafoundation.org/t/joindiaspora-crisis/237

August 2013, nothing has changed, no comment.

#joindiaspora #diaspora #diasporafoundation #federation #history #archive #privacy

 
Immagine/foto

Hello Diasporians ! Have a nice and purply bubbly day !


If you see this post, please like or reshare, I want to see how many people I am "spamming" as a user suggested.

Is freedom of expression spamming?

#linux #art #music #caturday #news #privacy #wallpaper #dandelion #twitter #facebook #anime #photo

 

New Tor Browser 8.0 No Longer Reports Every User Using Same OS

Now we no longer look the same.


Until this latest version, the Tor Browser sent headers to every site (in the GET request) that were identical for every Tor Browser user. That helped make every Tor Browser user look exactly like every other Tor Browser user. This is broken in version 8.0. Now, our OS is correctly reported.

Prove it to yourself. Load this page. https://pgl.yoyo.org/http/browser-headers.php These are the headers sent with your GET request for that page.

Here's what mine look like.

Host: pgl.yoyo.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Used to be, every Tor Browser's headers were identical, but I'll bet yours now look different from mine. The part of the useragent in parentheses very probably is different from mine.

Now look in about:config for general.useragent.override. See the value there? Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0. When I put this value into Pale Moon, this is the useragent that is sent to sites. Not so in the new Tor Browser. This, IMNAAHO, is a serious bug.

Others have noticed this too, and they're complaining to Tor. Look in the comments here. https://blog.torproject.org/new-release-tor-browser-80

#tor #tor-browser #torbrowser #privacy #surveillance #agent #user-agent #useragent #security #linux #macos #fingerprinting

 

New Tor Browser 8.0 No Longer Reports Every User Using Same OS

Now we no longer look the same.


Until this latest version, the Tor Browser sent headers to every site (in the GET request) that were identical for every Tor Browser user. That helped make every Tor Browser user look exactly like every other Tor Browser user. This is broken in version 8.0. Now, our OS is correctly reported.

Prove it to yourself. Load this page. https://pgl.yoyo.org/http/browser-headers.php These are the headers sent with your GET request for that page.

Here's what mine look like.

Host: pgl.yoyo.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Used to be, every Tor Browser's headers were identical, but I'll bet yours now look different from mine. The part of the useragent in parentheses very probably is different from mine.

Now look in about:config for general.useragent.override. See the value there? Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0. When I put this value into Pale Moon, this is the useragent that is sent to sites. Not so in the new Tor Browser. This, IMNAAHO, is a serious bug.

Others have noticed this too, and they're complaining to Tor. Look in the comments here. https://blog.torproject.org/new-release-tor-browser-80

#tor #tor-browser #torbrowser #privacy #surveillance #agent #user-agent #useragent #security #linux #macos #fingerprinting

 
It's a pity this interview with Edward #Snowden is on a site that's blocking #Tor. Luckily, the Internet Archive has [url=https://web.archive.org/web/20180730150419/https://www.icij.org/blog/2018/07/im-worried-that-we-will-run-out-of-sources-when-we-need-them-the-most/]a copy[/url].
[...]
Five years ago you went public. What has been your biggest achievement?

I have raised awareness of how the world works, and it works in a way that people previously would have regarded as a conspiracy [theory]but is now all too recognizable as reality…
#privacy #nsa
‘I’m worried that we will run out of sources when we need them the most’

 
Immagine/foto

F-DROID.ORG: Second Security Audit Results


Posted on Sep 4, 2018 by eighthave
The second full security audit of F-Droid is complete. We are satisfied with the results, which confirmed again that the core security model and standard operations are solid. The audit pointed out issues in the core build process where we currently rely on manual review by trusted contributors to protect us. This audit also did show that we still have work to do to achieve our goal of keeping the Android client secure even when connected to a malicious server, for example, if an untrusted repository is manually added that was created by its operator to exploit.

The audit was conducted by Radically Open Security, which is a natural partner for F-Droid since they share a focus on free software and open processes. Thanks to Open Tech Fund for finding the auditor and covering the costs of hiring them.

For more information about F-Droid’s security practices, see the documentation about the Security Model.
MORE: https://f-droid.org/en/2018/09/04/second-security-audit-results.html

#android #droid #f-droid #fdroid #free #app #mobile #opensource #securuty #privacy #audit

 
Immagine/foto

F-DROID.ORG: Second Security Audit Results


Posted on Sep 4, 2018 by eighthave
The second full security audit of F-Droid is complete. We are satisfied with the results, which confirmed again that the core security model and standard operations are solid. The audit pointed out issues in the core build process where we currently rely on manual review by trusted contributors to protect us. This audit also did show that we still have work to do to achieve our goal of keeping the Android client secure even when connected to a malicious server, for example, if an untrusted repository is manually added that was created by its operator to exploit.

The audit was conducted by Radically Open Security, which is a natural partner for F-Droid since they share a focus on free software and open processes. Thanks to Open Tech Fund for finding the auditor and covering the costs of hiring them.

For more information about F-Droid’s security practices, see the documentation about the Security Model.
MORE: https://f-droid.org/en/2018/09/04/second-security-audit-results.html

#android #droid #f-droid #fdroid #free #app #mobile #opensource #securuty #privacy #audit

 

Maîtriser ce qu’on peut : créer son cloud perso


https://www.champeau.info/blog/2018/08/21/maitriser-ce-quon-peut-creer-son-cloud-perso/

#CloudPerso #Gandi #Nextcloud #Privacy #SimpleHosting
Maîtriser ce qu’on peut : créer son cloud perso

 

Parola filtrata: nsfw


 

Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489]

System broadcasts by Android OS expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/

\#android #vulnerability #security #privacy

 
Somit ist Telegram entgültig nicht mehr zu empfehlen!
♲ kuketzblog@pod.geraspora.de:

Telegram: Kooperation mit den Behörden bei Terrorverdacht zugesagt

[l]
#messenger #Telegram #datenschutz #privacy #security

 
Somit ist Telegram entgültig nicht mehr zu empfehlen!
♲ kuketzblog@pod.geraspora.de:

Telegram: Kooperation mit den Behörden bei Terrorverdacht zugesagt

[l]
#messenger #Telegram #datenschutz #privacy #security

 
Someone got the old Redirect Bypasser addon for #Firefox and recreated it as an extension you can use again.

From here, thank you.

~ ~ ~ ~ ~ ~ ~

Alguien agarró el viejo addon Redirect Bypasser para Firefox y lo recreó como extensión para que lo podamos usar nuevamente.

Desde aquí, gracias.

~ ~ ~ ~ ~ ~ ~

#privacy #privacidad

 
Someone got the old Redirect Bypasser addon for #Firefox and recreated it as an extension you can use again.

From here, thank you.

~ ~ ~ ~ ~ ~ ~

Alguien agarró el viejo addon Redirect Bypasser para Firefox y lo recreó como extensión para que lo podamos usar nuevamente.

Desde aquí, gracias.

~ ~ ~ ~ ~ ~ ~

#privacy #privacidad