Notices tagged with privacy, page 13

Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Sunday, 05-Apr-2020 00:37:55 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
Oligarchy Press on #privacy violation that piggybacks public "health" https://www.bloomberg.com/news/articles/2020-04-04/how-europe-is-bumping-against-privacy-laws-in-coronavirus-battle #bloomberg

In conversation Sunday, 05-Apr-2020 00:37:55 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 04-Apr-2020 02:58:26 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #vox #zoom #surveillance ☞ Zoom’s sudden spike in popularity is revealing its #privacy (and porn) problems https://www.vox.com/recode/2020/3/31/21201019/zoom-coronavirus-privacy-hacks
In conversation Saturday, 04-Apr-2020 02:58:26 EDT from pleroma.site permalink
Attachments
1. Zoom responds to its privacy (and porn) problems
  
  from Vox
  
  The coronavirus pandemic made Zoom the most popular app, and that came with consequences.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 03-Apr-2020 07:03:27 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #projectcensored #wikileaks ☞ #Assange ’s #Privacy Breached During 24/7 #Surveillance of Ecuadorian Embassy https://www.projectcensored.org/assanges-privacy-breached-during-24-7-surveillance-of-ecuadorian-embassy/
In conversation Friday, 03-Apr-2020 07:03:27 EDT from pleroma.site permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  Assange’s Privacy Breached During 24/7 Surveillance of Ecuadorian Embassy - Validated Independent News
  
  from Project Censored
  
  Assange’s Privacy Breached During 24/7 Surveillance of Ecuadorian Embassy
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 03-Apr-2020 04:10:59 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
"But Roy, how can you live without a mobile phone and how can you contact people on the go?

Me: On the what?

#coronavirus #lockdown #privacy

In conversation Friday, 03-Apr-2020 04:10:59 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 03-Apr-2020 00:51:03 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #torrentfreak #google #copyright #privacy ☞ ‘YouTube is Not Required to Share Email and IP-Addresses of Movie Pirates’ https://torrentfreak.com/youtube-is-not-required-to-share-email-and-ip-addresses-of-movie-pirates-200402/
In conversation Friday, 03-Apr-2020 00:51:03 EDT from pleroma.site permalink
Attachments
1. ‘YouTube is Not Required to Share Email and IP-Addresses of Movie Pirates’
  
  By Ernesto from TorrentFreak
  
  ‘YouTube is Not Required to Share Email and IP-Addresses of Movie Pirates’
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Thursday, 02-Apr-2020 10:16:47 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #techdirt #remotework ☞ #Security And #Privacy In A Brave New Work From Home World https://www.techdirt.com/articles/20200401/09114844211/security-privacy-brave-new-work-home-world.shtml
In conversation Thursday, 02-Apr-2020 10:16:47 EDT from pleroma.site permalink
Attachments
1. Security And Privacy In A Brave New Work From Home World
  
  from Techdirt.
  
  We have moved to a radically remote posture, leaving a lot of empty real-estate in corporate offices and abandoning the final protections of the digital perimeter. For years, we’ve heard that the perimeter is dead and there are no borders in...
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Thursday, 02-Apr-2020 04:22:32 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #privateinternetaccess #surveillance ☞ How can we protect #privacy during a crisis like #Covid19, when "health surveillance" is on the rise around the world? https://www.privateinternetaccess.com/blog/how-can-we-protect-privacy-during-a-crisis-like-covid-19-when-health-surveillance-is-on-the-rise-around-the-world/
In conversation Thursday, 02-Apr-2020 04:22:32 EDT from pleroma.site permalink
Attachments
1. How can we protect privacy during a crisis like Covid-19, when “health surveillance” is on the rise around the world?
  
  from Private Internet Access Blog
  
  How can we protect privacy during a crisis like Covid-19, when “health surveillance” is on the rise around the world?
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Thursday, 02-Apr-2020 03:55:21 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #eff #encryption #privacy ☞ The #EARNIT Act Violates the Constitution https://www.eff.org/deeplinks/2020/03/earn-it-act-violates-constitution
In conversation Thursday, 02-Apr-2020 03:55:21 EDT from pleroma.site permalink
Attachments
1. The EARN IT Act Violates the Constitution
  
  from Electronic Frontier Foundation
  
  Since senators introduced the EARN IT Act (S. 3398) in early March, EFF has called attention to the many ways in which the bill would be a disaster for Internet users’ free speech and security. We’ve explained how the EARN IT Act could be used to drastically undermine encryption. Although the bill...
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 31-Mar-2020 12:50:50 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #techdirt #police ☞ Court To Cops: No Expectation Of #Privacy In A 'Beer-Drinking, Nap-Taking Hideout' https://www.techdirt.com/articles/20200323/11502944151/court-to-cops-no-expectation-privacy-beer-drinking-nap-taking-hideout.shtml
In conversation Tuesday, 31-Mar-2020 12:50:50 EDT from pleroma.site permalink
Attachments
1. Court To Cops: No Expectation Of Privacy In A 'Beer-Drinking, Nap-Taking Hideout'
  
  from Techdirt.
  
  Everyone has rights, even the people who often disrespect the rights of others. But those rights can only be violated in certain, specific ways and the two cops, who sued over alleged rights violations, didn't actually have their rights...
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 31-Mar-2020 12:36:45 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #techdirt #surveillance #privacy ☞ Researchers Say Kids' #Android Apps Are Still Riddled With Malware https://www.techdirt.com/articles/20200324/09004444158/researchers-say-kids-android-apps-are-still-riddled-with-malware.shtml
In conversation Tuesday, 31-Mar-2020 12:36:45 EDT from pleroma.site permalink
Attachments
1. Researchers Say Kids' Android Apps Are Still Riddled With Malware
  
  from Techdirt.
  
  While numerous vendors and tech giants have cooked up lower-cost Android phones with marketing focused on helping the poor, a recent study by advocacy group Privacy International found that the privacy trade offs of these devices are... potent. Not...
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Tuesday, 31-Mar-2020 07:36:58 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #eff #privacy #surveillance ☞ #Vallejo Must Suspend Cell-Site Simulator Purchase https://www.eff.org/deeplinks/2020/03/vallejo-must-suspend-cell-site-simulator-purchase
In conversation Tuesday, 31-Mar-2020 07:36:58 EDT from pleroma.site permalink
Attachments
1. Vallejo Must Suspend Cell-Site Simulator Purchase
  
  from Electronic Frontier Foundation
  
  As Bay Area residents sheltered at home due to the COVID-19 pandemic, the Vallejo City Council assembled via teleconference last week to vote on the purchase of one of the most controversial pieces of surveillance equipment—a cell-site simulator. What’s worse is that the city council approved the...
Strypey (strypey@mastodon.nzoss.nz)'s status on Tuesday, 31-Mar-2020 02:47:09 EDT Strypey

"#SurveillanceGiants lays out how the surveillance-based business model of #Facebook and #Google is inherently incompatible with the right to #privacy and poses a systemic threat to a range of other rights including #freedom of opinion and expression, freedom of thought, and the right to #equality and non-discrimination."
https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/
In conversation Tuesday, 31-Mar-2020 02:47:09 EDT from mastodon.nzoss.nz permalink
Attachments
1. Facebook and Google’s pervasive surveillance of billions of people is a systemic threat to human rights
  
  There needs to be a radical transformation of Facebook and Google's surveillance business model as it poses a systemic threat to human rights,
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Monday, 30-Mar-2020 15:27:56 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#Telegram Desktop App Update Adds Chat Folders, New Sidebar
http://www.tuxmachines.org/node/135805 when will they add >real< #privacy ?

In conversation Monday, 30-Mar-2020 15:27:56 EDT from pleroma.site permalink
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Sunday, 29-Mar-2020 09:01:12 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
#surveillance #privacy #education #indoctrination #consumerism
https://www.washingtonpost.com/education/2020/03/20/schooling-rapidly-moves-online-across-country-concerns-rise-about-student-data-privacy/
In conversation Sunday, 29-Mar-2020 09:01:12 EDT from pleroma.site permalink
Attachments
1. Perspective | As schooling rapidly moves online across the country, concerns rise about student data privacy
  
  from Washington Post
  
  Online technologies undoubtedly have the capacity to perform useful services. But an easy-to-use interface shouldn’t give companies free reign to take as much data as they wish, especially when users are not allowed options to opt out.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Sunday, 29-Mar-2020 05:17:57 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #morningconsult #privacy ☞ Video Calling Prompts #Privacy Concerns as #Pandemic Drives Work, #Education Online https://morningconsult.com/2020/03/17/remote-work-video-conference-data-privacy/
In conversation Sunday, 29-Mar-2020 05:17:57 EDT from pleroma.site permalink
Attachments
1. Video Calling Prompts Privacy Concerns as Pandemic Drives Work, Education Online
  
  By Sam Sabin from Morning Consult
  
  As more employers and educators scramble to take their day-to-day lives online due to the spread of the coronavirus, privacy concerns surrounding Zoom Video Communications Inc.’s data collection and storage policies are receiving renewed attention from privacy advocates and experts — especially as educators contend with how to comply with standing student privacy laws and employees deal with a lack of data privacy protections.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 28-Mar-2020 10:49:38 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #eff #privacy #surveillance ☞ @EFF Asks #California AG to Close Loopholes, Respect "Do Not Track" With Regulations https://www.eff.org/deeplinks/2020/03/eff-asks-california-ag-close-loopholes-respect-do-not-track-regulations
In conversation Saturday, 28-Mar-2020 10:49:38 EDT from pleroma.site permalink
Attachments
1. EFF Asks California AG to Close Loopholes, Respect "Do Not Track" With Regulations
  
  from Electronic Frontier Foundation
  
  Today, EFF once again joined a coalition of privacy advocates filing comments with the California Attorney General (AG) on the latest proposed regulations for the California Consumer Privacy Act (CCPA). The CCPA was passed in June 2018 and took effect on January 1, 2020. Later this year, the AG...
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 28-Mar-2020 07:29:41 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #internetsociety #isoc #privacy ☞ Truth Matters: Why #Journalists Need #Encryption Now More Than Ever https://www.internetsociety.org/blog/2020/03/truth-matters-why-journalists-need-encryption-now-more-than-ever/
In conversation Saturday, 28-Mar-2020 07:29:41 EDT from pleroma.site permalink
Attachments
1. Truth Matters: Why Journalists Need Encryption Now More Than Ever
  
  By Anna Higgins from Internet Society
  
  As COVID-19 spreads around the globe, so has misinformation about the virus. Log into any social media account and it’s easy to get confused by friends and family sharing contradictory messages on anything from infection rates, to local preventative measures, and what to do if we feel a dreaded cough coming on. Truth matters – …
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 28-Mar-2020 06:38:07 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #natlawreview #covid19 #coronavirus #surveillance ☞ Business in the time of COVID-19: US Cybersecurity and #Privacy Issues for You to Consider https://www.natlawreview.com/article/business-time-covid-19-us-cybersecurity-and-privacy-issues-you-to-consider
In conversation Saturday, 28-Mar-2020 06:38:07 EDT from pleroma.site permalink
Attachments
1. Business in the time of COVID-19: US Cybersecurity and Privacy Issues for You to Consider
  
  from The National Law Review
  
  The current COVID-19 pandemic raises some significant issues and risks relating to cybersecurity and data privacy in the US that should be considered carefully and addressed appropriately. Concerns ra
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Saturday, 28-Mar-2020 06:29:30 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #adtechmadness #eff #privacy ☞ Detecting #PrivacyBadger ’s Canvas FP detection https://adtechmadness.wordpress.com/2020/03/27/detecting-privacy-badgers-canvas-fp-detection/
In conversation Saturday, 28-Mar-2020 06:29:30 EDT from pleroma.site permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  Detecting Privacy Badger’s Canvas FP detection
  
  By adtechmadness from madtech
  Hello readers! As promised in previous blog post, today I’ll write (a bit more technically) about third party JS security, but from a different angle.
  
  Privacy Badger
  
  Privacy Badger is a privacy focused browser extension by EFF, that detects and blocks third party trackers. Unlike other extensions, it does it by analyzing the tracking behaviors, rather than relaying on domains blacklist.
  
  Canvas fingerprinting
  
  On of these tracking behaviors is canvas fingerprinting, which I briefly mentioned in previous blog posts. Generally speaking, canvas fingerprinting is a method to generate stateless, consistent, high entropy identifier from the HTML5 canvas element, by drawing several graphics primitives into it and then serialize its pixels. Different browsers and devices produce slightly different pixels due to differences in their graphics rendering stack. You can read the paper “Pixel Perfect: Fingerprinting Canvas in HTML5” for more info.
  
  Privacy Badger Canvas fingerprinting detection
  
  From Privacy Badger website:
  
  Does Privacy Badger prevent fingerprinting?
  
  Browser fingerprinting is an extremely subtle and problematic method of tracking, which we documented with the Panopticlick project. Privacy Badger 1.0 can detect canvas based fingerprinting, and will block third party domains that use it. Detection of other forms of fingerprinting and protections against first-party fingerprinting are ongoing projects. Of course, once a domain is blocked by Privacy Badger, it will no longer be able to fingerprint you.
  
  How Privacy Badger detect canvas fingerprinting
  
  Privacy badger injects fingerprinting.js, along with several other context scripts, as specified in its manifest.json, to all the frames (“all_frames“: true) of all the pages (“matches”: [ “<all_urls>” ]) visited by the user, before any other script in the page has executed (“run_at“: “document_start“).
  
  Content script have access to their frame DOM, but a separate JavaScript context. Because the goal of the script requires to monitors things that happen in the page JS context (canvas manipulation and serialization), this content script injects another, self removing script into the frame DOM, which executes in its JS context.
  
  This script hooks into several canvas related APIs, including fillText (manipulation) and toDataURL (serialization). I wrote about JS hooking before, in the context of spoofing viewabiliy measurements. Whenever once of these APIs gets called, Privacy Badger hook is figuring out the caller script URL form within the call stack.
  
  Threat Model
  
  When designing and implementing fingerprinting countermeasures, there are two significant concerns:
  
  Observability: which means trackers can fingerprint the presence of the fingerprinting countermeasure itself and using it as another data point in the fingerprint.
  
  Bypassability: which means tracker can evade the fingerprinting countermeasure or rendering it useless, thus getting access to the desired fingerprinted feature.
  
  Vulnerabilities in Privacy Badger canvas fingerprinting detection
  
  Observability of the canvas API hooking:
  
  as I wrote previously in depth at “JavaScript tampering – detection and stealth” (my most visited blog post so far!), there are several methods to detect that a native function was tampered with. Privacy Badger recognized this threat and tries to hide the tampering by setting the length, name, and toString properties of the hooked functions to match those of the original, but without referring to the native Function.protype.toString, a tracker can write:
  
  Function.prototype.toString.call(HTMLCanvasElement.prototype.toDataURL);
  
  And get:
  
  "function wrapped() { var args = arguments; ...
  
  Of course, it also won’t pass the prototype and hasOwnProperty test (detailed explanation here).
  
  Bypassability of the APIs hooking
  
  Privacy Badger recognized this threat site code tampering with its own code, and tries to prevent this by copying the objects it uses into its own function scope. However, it still relies on prototype inherited methods inside the hook code itself, and these methods can be abused to steal the reference to the original API. Let’s look closely on the hook code itself, which gets called whenever a consumer calls one of the hooked canvas APIs:
  
  function wrapped() { var args = arguments; if (is_canvas_write) { // to avoid false positives, // bail if the text being written is too short if (!args[0] || args[0].length < 5) { return orig.apply(this, args); } } var script_url = ( V8_STACK_TRACE_API ? getOriginatingScriptUrl() : getOriginatingScriptUrlFirefox() ), msg = { obj: item.objName, prop: item.propName, scriptUrl: script_url }; if (item.hasOwnProperty('extra')) { msg.extra = item.extra.apply(this, args); } send(msg); if (is_canvas_write) { // optimization: one canvas write is enough, // restore original write method // to this CanvasRenderingContext2D object instance this[item.propName] = orig; } return orig.apply(this, args); }
  
  As we can see, there’s an interesting exception: if is_canvas_write is true and the length of the first arg is shorter then 5, the original function gets called, using the prototype inherited apply method, and returns before send(msg) is called, so Privacy Badger won’t be considering it as a fingerprinting attempt, to avoid false positives.
  
  We can look few lines up and see that is_canvas_write is computed as:
  
  var is_canvas_write = ( item.propName == 'fillText' || item.propName == 'strokeText' );
  
  So, our attack will look like this:
  
  Hook the apply method
  
  Call the hooked fillText or strokeText
  
  Steal the reference to the original fillText or strokeText
  
  Write to the canvas text with length > 5 using the original function
  
  Let’s implement a PoC:
  
  let _apply = Function.prototype.apply; let original; Function.prototype.apply = function () { // `this` is the function if (this.name === 'fillText' || this.name === 'strokeText') { original = this; } // restore the original apply Function.prototype.apply = _apply; };
  
  Then, we call the function:
  
  var canvas = document.createElement('canvas'); var ctx = canvas.getContext('2d'); ctx.fillText('a');
  
  And now we have the original fillText:
  
  original ƒ fillText() { [native code] }
  
  Viola!
  
  The same technique can be used to extract the original serialization method, toDataURL. Notice the call to getOriginatingScriptUrl which is also using prototype inherited methods that can be tampered with.
  
  Another bypass method is to obtain a references to the original APIs by using the iframe sandbox attribute. This attribute allows us to specify permissions for the content inside the iframe, and if we specify the allow-same-origin permission and don’t specify the allow-scripts permission, the script injected by the context script won’t execute, according the the sandbox policy[1], but the embedding page will be able to access the iframe’s contentWindow and obtain an unhooked canvas from it.
  
  That’s it for today! Although this topic could be expanded even more, I’ll save something for next time 🙂
  
  Hope you enjoyed, and feel free to contact me to discuss any of it!
  
  [1] This is currently true in Firefox, but not in Chrome. In the past I observed the same behavior in Chrome, but from my test it seems like now DOM script that was added from content script will execute inside sandboxed iframes. I’m not sure if that’s intentional.
Dr. Roy Schestowitz (罗伊) (schestowitz@pleroma.site)'s status on Friday, 27-Mar-2020 12:57:29 EDT Dr. Roy Schestowitz (罗伊)
- Dr. Roy Schestowitz (罗伊)
● NEWS ● #privateinternetaccess #covid19 ☞ #Coronavirus delays the passage of the world's most important new #privacy #law https://www.privateinternetaccess.com/blog/coronavirus-delays-the-passage-of-the-worlds-most-important-new-privacy-law/
In conversation Friday, 27-Mar-2020 12:57:29 EDT from pleroma.site permalink
Attachments
1. Coronavirus delays the passage of the world’s most important new privacy law
  
  from Private Internet Access Blog
  
  Coronavirus delays the passage of the world’s most important new privacy law

After
Before

Public

Notices tagged with privacy, page 13