Pentagon: DRTBox can usually nab phone’s crypto session keys in under a second.

Source: City cops in Disneyland’s backyard have had “stingray on steroids” for years

Military grade Dirtboxes have been flying for the police without requiring a warrant for years. The 4th Reich irrepresive surveillance machine strikes again – Anaheim won’t be the only police force using this stuff.

Without trust, Microsoft thinks, nobody is going to use any cloud services, and the Snowden revelations put the trustworthiness of all technology suppliers in the spotlight. So when a warrant arrived at Microsoft’s Dublin data centre one day in 2013, a not uncommon occurrence for a cloud host, Microsoft was ready to kick back.

What Microsoft has done is refuse to comply, putting itself voluntarily in contempt of court. At issue is a piece of legislation called the 1986 Stored Communications Act, and the software firm is challenging two key things about it. Firstly, that the act covers private data that happens to be stored on your behalf by a third party (in this case Microsoft). Microsoft argues that the personal data is not its own, much as a UGC hosted YouTube argues that it doesn’t own material that is “stored at users’ direction”
[…]
“These are the private communications of our customers. They’re not ours. We don’t have access to them. We don’t want access to them,” he told an audience this week. “That’s a very different position to saying that any data stored with a cloud provider is a business record of that cloud provider, that can then be turned over to the government. That is a very dangerous precedent.”

And an interview with The Register clarified that point further: “By design we tell customers it is yours, we’re not going to access your data.”

Source: Microsoft legal eagle explains why the Irish Warrant Fight covers your back

Per 1 januari is de naam van het College bescherming persoonsgegevens (CBP) veranderd in Autoriteit Persoonsgegevens. Voortaan kan de Autoriteit Persoonsgegevens boetes opleggen en zijn organisaties verplicht ernstige datalekken direct te melden aan de toezichthouder. Onvoldoende zorgvuldige omgang met persoonsgegevens levert voortaan dus zowel een boete als reputatieschade op. De maximale boete is 820.000 euro.

Source: Nieuwe taken voor Autoriteit Persoonsgegevens – Emerce

This might seem like a slightly strange statistic for Microsoft to keep track of, but the company knows how long, collectively, Windows 10 has been running on computers around the world. To have reached this figure (11 billion hours in December, apparently) Microsoft must have been logging individuals’ usage times

Source: Why is Microsoft monitoring how long you use Windows 10?

When a user installs AVG AntiVirus, a Chrome extension called “AVG Web TuneUp” with extension id chfdnecihphmhljaaejmgoiahnihplgn is force-installed. I can see from the webstore statistics it has nearly 9 million active Chrome users.

the attached exploit steals cookies from avg.com. It also exposes browsing history and other personal data to the internet, I wouldn’t be surprised if it’s possible to turn this into arbitrary code execution.

Source: Issue 675 – google-security-research – AVG: “Web TuneUP” extension multiple critical vulnerabilities – Google Security Research – Google Project Hosting

One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.
[…]
As Green puts it, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.”

Source: Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key

Under the original CISA legislation, companies would share their users’ information with federal government departments once it had been anonymized. The government could then analyze it for online threats, while the companies received legal immunity from prosecution for breaking existing privacy agreements.

But as the bill was amended, the privacy parts of the proposed law have been stripped away. Now companies don’t have to anonymize data before handing it over. In addition, the government can use it for surveillance and for activities outside cybercrime. And in addition, companies don’t have to report security failings even if they spot them.

Source: Congress strips out privacy protections from CISA ‘security’ bill

IAB Europe maakt zich grote zorgen over de nieuwe geharmoniseerde privacywetten die in 2018 van kracht worden in Europa. Ook Apple, Google, Microsoft en Nederland ICT zien economische hindernissen ontstaan.

Source: IAB: ‘Nieuwe privacywet maakt online branche kreupel’ – Emerce

Ted Cruz’s presidential campaign is using psychological data based on research spanning tens of millions of Facebook users, harvested largely without their permission, to boost his surging White House run and gain an edge over Donald Trump and other Republican rivals, the Guardian can reveal.

A little-known data company (Cambridge Analytica), now embedded within Cruz’s campaign and indirectly financed by his primary billionaire benefactor, paid researchers at Cambridge University to gather detailed psychological profiles about the US electorate using a massive pool of mainly unwitting US Facebook users built with an online survey.
Facebook
Twitter
Pinterest
Watch the Guardian’s sit-down interview with Ted Cruz: ‘Minorities suffer when police are vilified’

As part of an aggressive new voter-targeting operation, Cambridge Analytica – financially supported by reclusive hedge fund magnate and leading Republican donor Robert Mercer – is now using so-called “psychographic profiles” of US citizens in order to help win Cruz votes, despite earlier concerns and red flags from potential survey-takers.

Source: Ted Cruz campaign using firm that harvested data on millions of unwitting Facebook users

Source: Home Page

There is a review here at cloudwards

Privacy International battle exposes ‘bulk’ warrants

Documents released by GCHQ to the Investigatory Powers Tribunal suggest the agency may be allowed to hack multiple computers in the UK under single “thematic” or “class” warrants.

Responding to complaints brought by Privacy International and seven global internet and communication service providers, the British spy agency told the tribunal it was applying for bulk hacking warrants from secretaries of state and then deciding internally whether it was necessary and proportionate to hack the individuals targeted.

Source: GCHQ can hack your systems at will – thanks to ‘soft touch’ oversight