Good shortread by Goodin on the clandestine tracking platform Location X. Sold to government agencies, it supposedly exploits the unique 'advertising ID' accessible to the app layer on all Android phones, and (with optional user input) on iOS. The article has a brief mitigation walkthrough for phone owners.

https://arstechnica.com/information-technology/2024/10/phone-tracking-tool-lets-government-agencies-follow-your-every-move/

Thanks to @Christina for the share

The craziness about private businesses collecting biometric data very unnecessarily for basic identification purposes needs to stop.

Say NO to biometrics collection everywhere you can đźš«âś‹

Privacy is a human right.

NEW: More than 4 million people have been using explicit deepfake bots on Telegram, a WIRED review has found.

We identified more than 50 Telegram bots built to create nude images and video. After sending questions to Telegram about their harm, the company removed the bots

There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a "backdoor for good guys" is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There's no safe way to create a backdoor that can't be exploited by malicious actors.

The rise of Mastodon has made me so much more aware of government services requiring us to use private companies’ systems to communicate with them and access services.

Sitting on a Dutch train just now I was shown on a screen “feeling unsafe in the train? Contact us via WhatsApp”.

What if I don’t use WhatsApp? (I do, but I wish I didn’t have to) I’m forced to share my data with Meta to use it.

Public systems should not require use of private services.

"How do you train the medical AI? You could ask patients’ consent for their data — or you could violate all medical confidentiality rules and just take it."

In shock news, LinkedIn uses your data to train Microsoft (who own it, remember) and its own AI models. And of course that's turned on by default without asking your permission first.

To refuse permission on the LinkedIn website:

Me > Settings & Privacy > Data Privacy > Data for Generative AI Improvement

🇬🇧Leak on latest #ChatControl attempt (in German): https://netzpolitik.org/2024/interne-dokumente-sperrminoritaet-gegen-chatkontrolle-wackelt/ +++ Only AUT, DEU, EST, LUX, POL, SVN were critical – no blocking minority! +++ BEL, CZE, FIN, ITA, NLD, PRT, SWE undecided +++ EU legal experts confirm violation of our fundamental rights +++ Only 5 days to next discussion +++

Help pressure our governments into defending our #privacy of correspondence and secure #encryption now:

Really looking forward to explaining to my kid that his PII has been compromised for basically his entire life because he had the audacity to be born at a time when the positive incentives for computer security were nearly nonexistent and the regulatory penalties favored doing the bare minimum you can get away with.

Seriously though, take a minute trying to grasp how rich a company like Facebook (Meta) really is. Think, truly think, about how much money it makes every year.

Now, think about HOW it makes this money:
Does it sell a lot of expensive cars? No.
Does it sell computers around the world? No.
Does it sell oil? Nope.

It. Sells. YOU.

And how much do YOU get in exchange for producing these billions of dollars for it each year?

NEW: Details of people's therapy sessions—including reports, video and audio recordings—have been exposed by a healthcare company.

These included people mentioning sexual abuse and highly sensitive subjects. The exposed database has now been closed down

@hvlint

Ik snap niet dat DNB, AFM en de Autoriteit Persoonsgegevens dit allemaal maar goed vinden. Google krijgt zo weer een monopolie in the handenschudden een heel veel gegevens over ons.

Verkoop je zo als ING je ziel ook niet aan de duivel? Google krijgt een voet tussen de deur en heeft binnenkort ING niet meer nodig.

Zeer zorgelijke ontwikkeling.

@FTM_nl
@avhuffelen

Setting up the new computer: I made a new Microsoft account with a masked Fastmail email. Started a note in obsidian to record all the fake info I feed it. As far as Microsoft knows, they think my name is Akira

Happy "Open Firefox's preferences to review everything shady that they might have changed and enabled by default" Day!

Question! Why should local governments use taxpayers’ money to buy proprietary, closed software from a single vendor? And what happens to citizens' data? A solution is to move to free and open source software like #Linux and #LibreOffice – which is exactly what Schleswig-Holstein is doing:

If you're pissed off about this AT&T data breach (and you should be), then you're probably asking why the hell AT&T would even keep this kind of data around to begin with. The answer is probably "because the US Government required them to" along with "because your Congressional representative and Senator sold you out." Details are limited so far, and I'm just speculating based on public reporting, but it's starting to smell like a breach of back end systems supporting law enforcement access.

We don't demand privacy just because we question the motives and trustworthiness of our law enforcement officers and government officials, but also because we can't trust that the panopticon systems they demand can be kept secure. A surveillance state makes us all vulnerable when it is inevitably breached. We're doing all the hard work for the spies and criminals that mean us harm.

And if you think AT&T or any service provider can operate a surveillance system that can securely authenticate not just their own people, but also any of the approximately 900k law enforcement agents from any of the approximately 18k law enforcement agencies scattered across the US, then I've got a bridge to sell you. Yes, AT&T and Snowflake deserve to get their asses handed to them for their likely abject failures (or more likely, delivering settlement checks of $0.37 to each of their customers along with a subscription to a useless identity protection service), but securing this kind of system is close to impossible.

Reporting from @zackwhittaker:
https://techcrunch.com/2024/07/12/att-phone-records-stolen-data-breach/

Stats from:
https://en.wikipedia.org/wiki/Law_enforcement_in_the_United_States

(UPDATE: Per @briankrebs AT&T is apparently denying this was a breach of a law enforcement portal, but the scope of the denial is unclear to me. Maybe it's misleading spin, and they're only denying that the law enforcement-facing portal itself was breached, but leaving open the possibility that the adversaries bypassed the portal and went straight for a Snowflake-hosted backend supporting it. Or maybe the compromised Snowflake account was used for some other purpose entirely that had nothing to do with current or anticipated future government and law enforcement demands: https://infosec.exchange/@briankrebs/112774877396175475)