Search the Community

http://www.tomshardware.com/news/canada-software-encryption-backdoors-feedback,33131.html In the wake of both the U.S and the U.K expanding their surveillance powers, Canada is asking feedback from their citizens on expanding their surveillance powers to include mandatory decryption, software backdoors, and access to basic subscriber information without a warrant. I feel that personally, as an American, that mandatory decryption is going too far, as well as instituting backdoors. However, I do like the fact that the Canadian goverment has allowed its citizens to comment on these important issues.

http://www.ibtimes.com/fbi-nsa-rule-41-changes-federal-rules-expand-governments-hacking-capabilities-2453034 Similar to the newly enacted UK legislation, Investigatory Powers Act, Rule 41 seeks to further expand the surveillance powers of intelligence agencies. The rule would further erode Fourth Amendment protections as warrants can be applied to large swaths of devices rather than a targeted device. This would also allow the NSA and FBI to deploy large botnets. What could possibly go wrong? As more of these draconian laws are enacted, the prospect of freedom and democracy seems to be a paper tiger.

I couldn't tell if this for sure belonged here, in general discussion or tech news & with LTT loading so unusually slowly lately too I had to settle. Anyway, it seems Microsoft is now forcing unwanted apps & potentially bloatware down our throats too. I'm so happy I don't have Windows 10 right now although I probably will on my first build ever early next year so I am very concerned. As if the excessive telemetry data farming wasn't enough, now we've gotta guard ourselves against this. P.S: Yes I always clear my browser cookies, history, offline data & my 1.5Mbps down connection is normally more than enough for these forums. So it must just be my ISP's connection to Canada or a problem with the forum itself, maybe via Firefox who knows.

Various cities in California have already banned the use of facial recognition by law enforcement, but the California State Senate has passed a new law that will ban the use of this technology by local law enforcement across the state. This bill also targets other forms of biometric technologies that have been abused by police. Technologies such as: This bill bans California law enforcement agencies from deploying these technologies and prevents out of state actors from setting up these technologies for their behalf. The bill still has to be signed into law by Gavin Newson, the Governor of California. If the bill is signed into law, (it mostly likely will be) California will be the first state in the Union to ban the use of these technologies by law enforcement. The authors of the Bill claim their intent behind the bill is as follows: Source: https://www.techdirt.com/articles/20190913/12354542986/california-senate-passes-statewide-ban-facial-recognition-tech-use-law-enforcement.shtml My comments are in the spoilers below:

Hi everyone, I just got a new Google Pixel 3a, and I've been fooling around with it and getting to know it's ins and outs. As I was setting up the Google Assistant for the first time, I was reading through the kind of information it wanted to collect and started to get a little worried. Why would google need to know my activity on their sites just so I can use it to set a call? It's not that they're asking for permission to use the apps on my phone, it wants to log all the information on all Google apps, something I turned off the moment I found out I could. Anyway, the point is that I just don't know how comfortable I am letting Google save this info just so I can save some time or use my device hands-free. So I was wondering, what's your take on this? Am I over stressing this? Or should I just accept that Google is our new overlord and every detail of my life will be collected and stored on a server somewhere?

Finally with iOS13 the HomePod can identify who is speaking to it, eliminating those embarrassing moments when your 12 year old or family friend can have it read out all your saucy messages or stop your drunk friends sending dirty messages to you mum. This has been a missing feature that competitors have had for an age, so it's good to finally see this come to one of the most competent integrated smart speakers. Now to see if the HomePod can handle multiple Apple IDs as the next step! Edit: as an exciting side bit HomePod can now analyse and store (iCloud 10 days for free) security camera footage as part of Homekit! https://www.theverge.com/2019/6/3/18646067/apple-homepod-ios-13-update-handoff-personalization-features-wwdc-2019

Yes, yet another one of these topics. Like all the other tech giants, Facebook apparently hired third-party contractors to transcribe audio recordings. These recordings included plenty of random stuff, arguments etc. The difference with the others is that this are Messenger conversations, so the people actively recorded the audio instead of a device randomly picking it up. Still, I'm pretty sure that most of the users had no idea that anyone apart from the recipient would hear the audio. Facebook has already stopped doing this after the others came under fire for it. They also claim that the users whose voice chats were transcribed chose that option in Facebook's Messenger app. I don't use Facebook so I can not verify the default position of this option, but I wouldn't be surprised if it's on by default and people simply weren't aware what it actually did. Much like the others, they were deliberately vague about everything. Source : Bloomberg Another day, another data scandal. Or is it "Another day, another Facebook scandal"? I guess nobody is surprised at this anymore. Everyone is doing whatever the hell they want with your data and you have almost no say in it. The only thing you as the user can do is not to use these companies' products and make it as hard as possible for them to create a shadow profile on you too.

Great work google! My 2 month old and 3 year old need an LED shining in their face at night when they try to sleep. Burglers need to know when a security camera is recording their activities. AND Users need to have functionality removed from their hardware without their consent! Recently, we shared our commitment to privacy to outline how our products work in your home. As part of that commitment, we explained that you will always see a clear visual indicator when your Nest cameras are on and sending video and audio to Nest. So we’re changing how the status lights function on Nest cameras, Dropcam, and Nest Hello. You will be able to dim the light on your camera, but it will always be on when the camera is on. We’re doing this to make sure you, and those around your camera, are aware when the camera is on and recording. Starting today, we’re rolling out the following changes: • In Settings for all Nest cameras and Nest Hello, the ability to turn off the status light will be removed. Instead, you’ll be able to dim the status light. When the camera is on, the status light will glow green. • For Dropcam, the setting to turn off the status light will be removed. When the camera is on, the status light will glow blue. • On Nest Cam, Dropcam, and Nest Hello, the status light will blink when the camera’s live video is streamed from the Nest app. The setting to turn this off will be removed. We’re making these changes for greater transparency and privacy in your home. You can learn more about the status light updates here. If you have questions or need additional details, please contact support. - The Google Nest team

There you go! It is starting... What was it again in another thread? He just throws words around to make people react? I've been waiting for this since his last speech! And here it is... Who would have thought that ZDNet would post about this when all the other Medias don't pip a word about it! I'm so glad I'm not on Facebook, except a very OLD alt which has only been used for testing. HOW is this not a violation of privacy and HOW can non.US users not be impacted by this? https://www.zdnet.com/article/fbi-seeks-to-monitor-facebook-oversee-mass-social-media-data-collection/

Having tried OpenVPN on both Linux and Windows for a bit, I am rather disappointed of its apparent lack of a killswitch or auto-connect feature. Often, when using OpenVPN, I just get disconnected from the VPN server without warning so my browsing traffic is suddenly unencrypted and it becomes a guessing game of which server to connect to instead. However, I am planning to switch to an Arch-based Linux distro that doesn't support the app for my VPN (which is only installed from a .deb file). So I wonder if anybody has ever found a way to get around the problems I mentioned - maybe program a custom killswitch or auto-connect script or something. Anyone? Thanks.

In the aftermath of the Amazon Alexa news from a couple of months ago, VRT NWS (the news site of Belgium's largest television station) ended up talking to someone who works for one of Google's subcontractors. Turns out things are done pretty much the same way there. Google employees are systematically listening to audio files recorded by Google Home devices and Google's smartphone app. VRT NWS was able to listen to more than a thousand recordings, several of which were private conversations, arguments etc, so not intended for the device and often containing personal information. The terms and conditions mention that the audio is being recorded and stored. But they don't mention that Google employees listen to excerpts of these recordings. Google has even claimed it doesn't do this ... or atleast implied it through the clever use of language. Some of the recordings involved violence and/or people in distress. Just like at Amazon, Google's guidelines seem to be nonexistant when it comes to these cases. Employees simply need to write down every word and every cough. In a response to the article, Google claims that these audio files are marked for manual checking "by language experts worldwide" to improve their speech technology. Even though the recordings may not be linked to identifiable information (assuming Google is telling the truth), they still contain exactly that kind of information. No prizes for guessing what happened next ... Source : VRT NWS' article (from the English section of their site) So basically whenever you say something that your home assistant doesn't understand because it wasn't meant for said assistant, it'll be flagged for manual review. No real surprises there. If you get/have one of these devices, always keep in mind that anything you say in their vicinity may be heard by complete strangers. But hey, at least there's no signs of evil intent. UPDATE : Google US responded in a blogpost. They defend the collecting of audio and are going after the person who leaked the audio excerpts. https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/ UPDATE 2 : (2019-08-02) The Data Protection Authority in Hamburg (Germany) launched a deep investigation into Google's practices and started a procedure to forbid them from listening to recordings. Google decided not to wait for a verdict and has announced that they will stop manually reviewing recordings made in the EU for the next 3 months. https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf

So people, I need your input. I currently have a 100/100 Mbit internet connection through a Netgear Nighthawk R700 and I'm running Private Interenss Access as my VPN of choice on my devices. But I'm having some issues. 1) my Samsung Galaxy Note 9 won't play nice with my smart home devices and my Google Chromecast when I run my VPN on it. 2) I reasently bought a laptop with a Ryzen 2300 CPU and a dedikated vega 5 graphic card - I thought this would be more then enought power to run photoshop, lightroom and adope premiere (1080P and 4K photages) - but wow I was wrong, there is great latency that I cant deal with. So my plan is to use my VPN to be able to connect my laptop to my much faster stationair PC at home. 3) I want to be able to run higher protection on my connection, without losing to much power (AES 256 / SHA256 + handshake RSA-4096). It seems that my older NightHawk, is not up for that task, so I'm thinking of making my own router / NAS server. Now this is very new to me, but I kniow that I need enought power to be able to run my encryptions and to do in real time transcoding of videos for plex in 1080P. This while trying to keep power consumption and heat to a minumum, while also keeping it cheap. So I'm currently looking at a second hand parts and thinking of going with a dell precision T1700 xeon e3-1246V3 with: CPU: - Intel Xeon E3 - 1225V3 @ 3.20GHz RAM: 8 GB DDR 4 HDD 1TB (gonna upgrate with 2 X wd red 2 tb in raid zero. Software: linux with freenas, plex and PIA installed. Do you think it will be a great setup that can handle, and will fit my needs? I've build PCs before but never a server.

#rant #awareness #computers #windows #linux #mac #privacy #longone read this if you respect your own privacy and want to make an informed decision about your data and who see's what you do on your PC Before reading this in case you don't know what open source means: https://opensource.org/osd A few weeks ago I switched to Ubuntu for my daily desktop and laptop OS and I'm very happy with it, does what I need it to do and is very snappy and responsive, I realise that other closed source options have been doing some questionable things to their users privacy and therefore has made me look for an alternative. Windows (10 anyway) All Windows 10 devices report back to Microsoft things like Internet history (Via DNS lookups so incognito does nothing), pointer location, what you click on, what you're watching, what you're reading, what file types you store on your PC, what apps you download (from Microsoft Store only AFAIK), not to mention what you look like in the dark with the use of windows hello and this is sometimes in 3D; the list goes on and is quite frankly troublesome to stop, not impossible but why is it so difficult to stop a 3rd party from having access to your data? The sneaky side of this is that even if you manage to disable all of the snooping telemetry it gets re-enabled after a major Windows update which now thanks to WaaS (Windows as a Service) you can't disable unless you employ a DNS blocking strategy, similar to an adblocker but for the Windows Update servers, or buying an Enterprise/Education license which need volume licensing (non-retail). This is also the ONLY PAID RETAIL OS NOW, Mac stopped charging for their OS's with the release of OS X Mavericks back in 2013 and Linux (With the exception of a few enterprise distrobutions like red hat). Now, don't get me wrong, the data points that are collected are anonymized and not linked to your identity in anyway but with a little digging and enough research into the target I believe this would be possible to link data points and habits to an ID, needless to say I would prefer to have the option to disable ALL tracking with a simple tickbox and for it not to reset when MS decide to roll out a biannual often untested update which in some cases has deleted users files. Needless to say I'm subjective AF on the matter it's really rubbed me up the wrong way. OS X OS X ( pronounced OS Ten incase you didn't know *mindblown*) is "Exclusive" to Apple Mac devices through licensing and installation restriction, it is TECHNICALLY piracy in most parts of the world to install OS X on anything but an authorised Apple device such as a Macbook normal/air/pro, Mac Pro/Mini or an iMac normal/pro all of which are really nicely made machines with gorgeous looks, build quality and functionality (purely subjective ofc) the downside of this is that although mac has a specialplace in my heart they typically have terrible specs when it comes to gpu's and if you want one with a half decent GPU it'll cost you an arm and a leg, this should be improving in the coming years as Apple has started adding eGPU access to it's thunderbolt equiped devices and has also started equiping their high end machines like the mac pro with AMD GPU's as they slowly venture into gaming territory with thier upcoming gaming platform that keeps on being rumoured, their privacy options are great letting you opt out of data collection as part of the setup wizard when you first start a new mac/fresh install of OS X. Long and short OS X is like a controlled linux distrobution with currated apps from a company that has enough shift in the market to get developers on board and paid. Linux, time to spot the difference... Free, Open Source, Doesn't spy on you, if you don't like it... uninstall it INCLUDING THE DEFAULT BROWSER AND EVEN THE DESKTOP, ability to store ANY FOLDER ON THE OS ON A DIFFERENT DRIVE AS PART OF THE INSTALLATION PROCESS!!!, download a pre-made distrobution or if you have the know-how "roll-your-own" (actual terminology from one of the distrobutions) i've seen!, pain in the ass when you aren't used to the command line... oh yeh theres that, because of the variety in the distrobutions there is no clear winner on this front, Ubuntu/Mint great for new users that want a simple and friendly experience Arch/Manjaro great for developers and powerusers Debian great for a coffee machine if you really wanted to make one, along with ANYTHING ELSE YOU WANTED TO DO CAUSE IT'S BASIC AF (minimal install size of debian 9 is ~500Mb) Kali/Parrot Security Industry standard penetration testing tools for hacking testing the security of WiFi/Bluetooth/Storage/WebServers/Routers the list goes on. Basically if you need it there is a distro for it, my partner Kirsty was complaining about not having [ctrl+alt+delete] to close a crashed app I had to explain to her that it's only the app that has crashed so she can just open system monitor from the "start menu" (as to not to confuse her with the lingo, am I right sysadmins?) and I just said linux is open enough that if she just googles the issue or if she wanted to she could just setup her own [ctrl+alt+delete] or whatever key combo she wanted to open the app Just like Windows™. I've lost steam over this now so just to get somebody to try it out, here is acouple of links to get you in the experimenting mood... Virtualbox allows you to make virtual PC's on your PC! - All OS's: https://www.virtualbox.org Ubuntu free secure OS for humans, based off debian Ive included 2 links for different flavours that will make the learning curve a little less steep... - Windows users: https://kubuntu.org - Mac users: https://ubuntu.com Debian great little OS for pretty much anything or if you like to craft your own https://www.debian.org POP! OS For the gamers that can't live without steam, based off debian https://system76.com/pop Manjaro still linux but based off of arch, a different type of linux https://manjaro.org Arch Not recomended for beginers but to quote Kanye West "That that don't kill me, can only make me stronger" https://www.archlinux.org Kali Linux Penetration testing and advanced hardened security. AS SEEN ON TV ? "Bonsoir, Elliot." https://www.kali.org/ Parrot Security More friendly version of penetration testing with all the tools to "test" wifi security. https://parrotlinux.org/ Qubes OS Recommended by Ben Snowden and the Guardian project for anonimity while online and is arguably the safest way for journalists and informants to communicate to MI5 and/or to news sources from within unsafe/censored countries suchas communist china, russia, north korea and palestine. https://www.qubes-os.org/ The Guardian Project Highly recomended even just for a read "Guardian Project creates easy to use secure apps, open-source software libraries, and customized solutions that can be used around the world by any person looking to protect their communications and personal data from unjust intrusion, interception and monitoring. Whether your are an average person looking to affirm your rights or an activist, journalist or humanitarian organization looking to safeguard your work in this age of perilous global communication, we can help address the threats you face." -taken from the about page at the time of writting (20/09/2019). https://guardianproject.info PS did you notice I forgot the most popular Linux OS of them all? made by Google (we won't go there today...) Android https://www.android.com free, open source, auditable, securable and customisable. FOSS FTW!

A user on twitter has posted about a "feature" of the Facebook app for Android that reportedly scans, compresses and then uploads Android users entire system library. There appears to be no way to opt out and no indication to exactly why Facebook would need to do this or what they achieve by doing it. Jane Wong (@wongmjane on twitter) the person who appears to have been the first person to publically find and expose this "feature" notes: "the files are uploaded to a specific collection that’s related to my phone" which begs the question if this might violate Europe's GDPR laws on storing Personally Identifiable information. This might prove to be another big blow to Facebook's already heavily tarnished reputation for breaching user's perceived privacy. Twitter thread: https://twitter.com/wongmjane/status/1167463054709334017?s=21

Don't be evil Google has agreed to pay 170 million dollars to settle a lawsuit regarding their illegal collection and sale of children's data. They knowingly collected the data and allowed advertisers to specifically target those young children even though the Childrens Online Privacy Protection Act doesn't allow them to collect data on anyone under 13 years of age. Source : https://www.cnbc.com/2019/09/04/youtube-to-pay-170-million-in-ftc-child-privacy-settlement.html Attorney General James really shouldn't be touting this like a major victory just because it's "one of the largest settlements for a privacy matter in U.S. history". $170M is chump change for such companies, they only start to pay attention once you start fining them billions. They're probably laughing about how cheaply they got away with the whole thing. Alphabet's shares went up 0.4% after the announcement, so that fine probably paid for itself.

Source: ZDNet Several major American phone companies have written a joint letter to the FCC stating that they're no longer going to be opening new third-party sharing agreements and are terminating existing ones. From ZDnet: AT&T claims they are only sharing customer location data with E911 services and service such as ride sharing applications but that this, according to the article are limited to "legal and highly controlled cases". So, then -- what's my take on this? If this is really happening, then I think there might be a net good that comes of it from the perspective of control of personally identifiable information and the like -- especially given how cheap and easy it is to track someone if you know their phone number as it stands today, but on the other hand we're trusting the telcos to not be lying through their teeth to the FCC (and, by extension, the public) and not simultaneously also handing all this information to insert your favorite intelligence agency here. Because of course, they wouldn't do that, would they? I doubt there will be any accountability for any of this, and that's my big concern here.

TechCrunch The Guardian Australia privacy watchdog is suing facebook over the over the Cambridge Analytica data breach Yeah look id doubt it would be that much Who would've guessed Who would've guessed if true, WHO WOULD'VE GUESSED All I have to say to Facebook is ouch. Though surely we can guess whats actually gonna be paid right?

I have a question on Facebook post/timeline privacy and none of their help topics (or Google) have shown me quite what I am looking to answer. I change my post privacy as custom when posting things to my timeline. Yesterday, I put a post on my own timeline with an individual or two set as the only ones who could see the post. I did not share the post with the individuals, tag them in the post, or post to their timelines— I posted only to my timeline with the special custom privacy. However, said individuals received a direct notification saying that I shared something with them, when I hadn’t. Is this a feature of Facebook or a bug? It doesn’t seem quite right to send notices of sharing with people when that hasn’t been done, when a post was simply made on your own profile with specific privacy settings so that only a select few would be able to see it when/if they look at your profile. Any help on answering this would be nice, since Facebook help section, Google, and contacting Facebook directly have all cane up empty for me so far. Thanks.

Some parts of the video are hard to follow, but they make good points. Even with a vpn your isp can track you. It’s a shame that there is no true way to be free anymore.

Another day, another Facebook privacy issue. Earlier this month there was a topic about how people signing up for a Facebook account were asked to enter their email passwords. It turns out that when people actually gave Facebook access to their mailbox, Facebook "unintentionally" uploaded their contact lists to their servers without even asking for their consent. This info was then used to let Facebook find out your social connections and recommend more friends to add. It is unclear if the data was also used for advertising purposes. Source : Business Insider https://www.businessinsider.com/facebook-uploaded-1-5-million-users-email-contacts-without-permission-2019-4?r=US&IR=T I'm honestly not even surprised anymore. I also have some serious doubts about this being unintentional. At least now that they got caught they will be deleting the info ... or so they say. Good luck finding out if they actually did.

Sources: Techcrunch, Tweakers Google is going to give Chrome users in 60 countries the option to choose duckduckgo as their default search engine, replacing vinden.nl for the Netherlands and Belgium. the change will be made in chrome 73. Techcrunch:

How are people's opinions on dark patterns and large companies tricking you? P.S. the video shows you how to delete your Amazon account Also, I just requested Google to email me all the data they have on me, so this is gonna be exciting

Source: The Verge Summary: By exploiting a feature meant for Enterprise BYOD, Facebook has been collecting full phone activity and paying teens up to $20 a month. Quotes/Excerpts: My Thoughts: While this isn't the first app to pay you for giving up details about your life, such as Google Play Rewards. This is the first app I'm aware of that documents all your phone's data using Root CA. It will be interesting to see any outrage, if any, that occurs.

Seriously people's privacy is only worth $20 a month! Is this a joke or do people really not care about their security and privacy. 2+ years of this that's absolutely insane. Only Facebook can in the same sentence say "There are no known risk associated with the project" and "The inherent nature of this project involves tracking of person information via your child's use of apps". The icing on the cake, targeting minors with this crap. Can Facebook get any worse and people any less caring about their personal info? Seriously selling out kids info for $20! Source: https://www.engadget.com/2019/01/29/facebook-project-atlas/

This is potentially a very bad and embarrassing bug. Imagine your boss calling you, and before you answer you tell your friends, "ugh, my POS boss is calling." Among many other possibilities. But it even gets worse. So if you don't pick up, it will still share video. Here is how to do it: More and more bugs in iOS, this one Apple will fix by the end of the week. -------------------------------------------- You should most certainly disable FaceTime for the time being if you are concerned with privacy (my wife is literally the only person who would video chat me). Instruction to do so can be found here: Disable FaceTime https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/ https://www.theverge.com/2019/1/28/18201383/apple-facetime-bug-iphone-eavesdrop-listen-in-remote-call-security-issue