Source: Home Page

There is a review here at cloudwards

Privacy International battle exposes ‘bulk’ warrants

Documents released by GCHQ to the Investigatory Powers Tribunal suggest the agency may be allowed to hack multiple computers in the UK under single “thematic” or “class” warrants.

Responding to complaints brought by Privacy International and seven global internet and communication service providers, the British spy agency told the tribunal it was applying for bulk hacking warrants from secretaries of state and then deciding internally whether it was necessary and proportionate to hack the individuals targeted.

Source: GCHQ can hack your systems at will – thanks to ‘soft touch’ oversight

Russia’s legal framework around the mass surveillance was found to be unfit because it did not limit the circumstances in which public authorities were allowed to conduct their surveillance activities, nor were there any limits on the duration of those activities.

Additionally, there was insufficient supervision of the interception and a lack of “procedures for authorising interception as well as for storing and destroying the intercepted data”.

Source: Russia’s blanket phone spying busted Europe’s human rights laws

British programmer and writer John Graham-Cumming has spotted something interesting in the opening protocol of any HTTP/2 connection: an array of explicitly formatted code which spells the word PRISM, in an apparent reference to the NSA’s primary program for mass-surveillance of the internet, as disclosed by Edward Snowden in 2013.

The HTTP/2 client connection begins its work with a 24-octet sequence which unravels to PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n. Anyone who has ever tried to make a line wrap in web server output will discount the returns and line breaks (such as ‘\r’ and ‘\n’) and see the word ‘PRISM’ stripped away from the code which it is sitting inside.

Source: Anti-NSA Easter egg in HTTP/2, it seems

Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases.

The FBI also claims authority to obtain cell-site location information with an NSL, which effectively turns a cell phone into a location tracking device. In court filings, the FBI said that at some point it stopped gathering location data as a matter of policy, but that it could secretly choose to resume the practice under existing authority.

Source: Revealed: What info the FBI can collect with a National Security Letter

That’s a hell of a lot of information they can collect without a court warrant… And they’ve been doing it for 11 years so far!

AdNauseam is a browser extension designed to obfuscate browsing data and protect users from surveillance and tracking by advertising networks. Simultaneously, AdNauseam serves as a means of amplifying users’ discontent with advertising networks that disregard privacy and facilitate bulk surveillance agendas.

Source: ADNAUSEAM – Clicking Ads So You Don’t Have To

Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.

Source: Sneaky Microsoft renamed its data slurper before sticking it back in Windows 10

Identity Mixer is designed to protect users’ privacy by focusing just on the essentials of the proof. Thanks to a set of algorithms based on cryptography work done at IBM Research, the tool allows developers to build apps that can authenticate users’ identities using what’s known as a “zero-knowledge proof” that collects no personal data.

Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. Each transaction a user makes receives a different public key and leaves no privacy “breadcrumbs.”

So, in the streaming service example, users would have both identity and subscription credentials stored in a personal Credential Wallet. To access a movie, they could use that electronic wallet to prove that they’re entitled to watch the selected content without having to expose any other details.

The result, according to IBM, is that users’ privacy is better preserved, and the service provider is spared the need to protect and secure all that extraneous data.

Source: New IBM tech lets apps authenticate you without personal data

Earlier this week the Center for Democracy and Technology (CDT) warned that an Indian firm called SilverPush has technology that allows adverts to ping inaudible commands to smartphones and tablets.

Now someone has reverse-engineered the code and published it for everyone to check.

SilverPush’s software kit can be baked into apps, and is designed to pick up near-ultrasonic sounds embedded in, say, a TV, radio or web browser advert. These signals, in the range of 18kHz to 19.95kHz, are too high pitched for most humans to hear, but can be decoded by software.

An application that uses SilverPush’s code can pick up these messages from the phone or tablet’s builtin microphone, and be directed to send information such as the handheld’s IMEI number, location, operating system version, and potentially the identity of the owner, to the application’s backend servers.

Source: How TV ads silently ping commands to phones: Sneaky SilverPush code reverse-engineered

The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014. Particularly notable within the vast trove of phone records are what appear to be at least 14,000 recor

Source: Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege

The 4th Reich is at it again!

It’s a privacy tool

Source: About me

Under the radar, Verizon, Sprint, and other carriers have partnered with firms including SAP to manage and sell data.

Source: The $24 Billion Data Business That Telcos Don’t Want to Talk About

Secret, anonymous messages aren’t just for the dastardly. Luckily, a little privacy isn’t difficult to get. With some effort and a spare phone, you’ll be whistleblowing, protecting your privacy from harassers, and staying anonymous when selling on Craigslist or looking for dates on Match. Here’s how.

Source: How to Create an Untraceable Messaging Device With an Old Phone

Basically install Hushed to generate disposable phone numbers, cyberghost / hideman for a free VPN service and someone elses WiFi.

Note – there are limitations to this project 🙂

The EU is offering a 3 month grace period before it starts to enforce the death of safe harbour. No data of EU citizens to repressive regimes!

Source: Europe’s top privacy watchdog calls on firms to curb U.S. data transfers

When companies like Ancestry.com and 23andMe first invited people to send in their DNA for genealogy tracing and medical diagnostic tests, privacy advocates warned about the creation of giant genetic databases that might one day be used against participants by law enforcement.

Source: Cops are asking Ancestry.com and 23andMe for their customers’ DNA

So, people are surprised that they are mistakenly used as suspects? And how surprised will they be when they find out that insurance companies have been dipping into these databases to find genetic defects?

We’ve all become used to the idea of ads online — it’s something that has become part and parcel of using the internet — but in Windows? If you’ve updated to build 10565 of Windows 10, you’re in for something of a surprise: the Start menu is now being used to display ads.

Source: Microsoft now uses Windows 10’s Start menu to display ads

It’s not enough that all your search data, browsing habits and file listings are sent to Microsoft, you are now pushed with ads. Please, Microsoft, just release a paid, non-invasive version of Windows 10?

Source: MPs to hold emergency debate over politicians’ communications being spied upon

hahahaha it turns out that they are not exempt from GHCQ spying after all – and now they care!

Source: Positionspapier des ULD zum Safe-Harbor-Urteil des Gerichtshofs der Europäischen Union vom 6. Oktober 2015, C-362/14 – ULD