Search the Community

I've read something more or less related to this here and there on the Forum. Personally I've always been against the idea of using my personal mobile phone for professional pusposes. Here is why: Source : Don’t Put Your Work Email on Your Personal Phone ; OneZero; 23 July, 2019 If a company who wants me to work for her is not ready to provide a mobile phone to let me work in an efficient manner, then, imo, there is a problem...

Summary Nvidia detects LLM or generative language models, and the driver phones home about your activities. Quotes My thoughts Does anyone actually believe Nvidia when they say "for research and safety"? Do you even own the GPU you bought? How anonymous is it, if Nvidia knows your IP, and the IP can easily be geolocated? Was the use of LLMs mentioned in the EULA? Is it time to switch to Nouveau? With signed firmware blobs, is Nouveau even an option? Sources https://imgur.com/a/xdFg6SO

Peekaboo WikiLeaks releases a new batch of leaked CIA projects that target Apple products that is code named Dark Mater, The second release in the series details the techniques that WikiLeaks claims are employed by CIA assets to compromise Apple devices between the manufacturing line and the end user. The new released files contains documentation for several CIA projects that infect Apple Mac firmware Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter. Another documentation being NightSkies tool made specifically for iPhone. NightSkies version 1.2 had been out since 2008 and according to WikiLeaks was specifically designed to be installed on factory fresh iPhones. Apple later claimed that they fixed the issue ,but Wikileaks counteracted that this is not a zero day exploit & it is still vulnerable , In other note Assange offered the affected companies around 3 months (90 days) for them to provide encryption keys to WikiLeaks in order for them to communicate details of the exploits. But so far most of em contacted him via another secure channel , so far the details havent been shared unless they agree with Assanges terms of communication , Microsoft , google have made contact with him on this , But so far no real info was exchanged Source: https://wikileaks.org/vault7/darkmatter/releases/ News Sources: (details are muddy , be careful) https://9to5mac.com/2017/03/23/wikileaks-vault-7-cia-exploits-mac-iphone/ http://www.usatoday.com/story/tech/news/2017/03/23/wikileaks-claims-cia-could-bug-reset-iphones/99529206/ https://www.nytimes.com/2017/03/23/technology/cia-spying-mac-computers-wikileaks.html?_r=0

arstechnica More ways that phones can spy on you In summary, an adversary is able to obtain a detailed, comprehensive user profile by creating an ultrasonic side channel between the mobile device and an audio sender. Our case study on three commercial ultrasonic tracking technologies reveals that the outlined tracking mechanisms are not a theoretical threat, but actively deployed (e.g. Shopkick and Lisnr) or at least in the process of being deployed (e.g. SilverPush).

Hey all My sister was having bad performance on her laptop. She was running a normal hard drive, so I upgraded it to an ssd. Though the laptop kept running hot. So I decided to look at the task manager. Guess what? 40-60% CPU usage of Windows Compatibility telemetry, and this on a core i7 (2 core, 4 thread). I knew Windows telemetry was a huge issue for privacy, I didn't know it could be a bottleneck on performance... Microsoft is pushing malware-ish spying programs onto our PC's. Has anyone else had this issue and/or found a solution to this issue. I can't take Windows 10 anymore. If it continues this way, I will switch to Linux (or even OS X ).

The topic title also applies to telemetry which Microsoft collects from various other Microsoft programs and services. "It turns out that Microsoft’s operating system follows about every step you take on your computer. That results in an intrusive profile of yourself. What does that mean? Do people know about this, do they want this? Microsoft needs to give users a fair opportunity to decide about this themselves." - Wilbert Tomesen, vice-chairman of the Dutch DPA "In our full report (only available in Dutch unfortunately), we deal extensively with the points of forced install. We also explain why all the telemetry data collected by Microsoft are indeed personal data, and certainly not anonymous, regardless of the view of MS that they would only relate to the system/be 'mere' technical data." - The Dutch DPA in an email to me In the larger technical summary for the Dutch DPA's year+ long investigation into Microsoft's data collecting and privacy measures (which concluded with the Dutch DPA declaring that Windows 10 breaks EU privacy laws), the Dutch DPA investigators say that they were able to obtain a copy of Microsoft's in-house Data Viewer Tool, which allows Microsoft engineers to monitor in real-time which telemetry and data are being collected by the Windows 10 OS, and sent to Microsoft servers. Starting on page 4 of the technical summary, and continuing on till page 9, the Dutch DPA technical summary reveals that Microsoft is tagging all telemetry Windows 10 collects with various system, location, and user identifiers, and that Microsoft is not only collecting data on people's activities, but is also collecting user-generated content that is input into Microsoft apps, such as writings. Here is an overview of the system / person identifying tags that are applied to collected telemetry, and also of some of the content collected, according to Microsoft's data-collection monitoring Data Viewer Tool. Fully confirming that none of the data collected by Microsoft is anonymous and that all of it is personally-identifying, the Dutch DPA investigators also say that after they spent a week using a test machine running Windows 10 in a virtual machine, when they asked Microsoft to present all information collected from that specific Windows 10 user, Microsoft was indeed able to identify, collect, compile, and present all the data that was sent from that specific Windows 10 user: Previously, there have sometimes been assertions made that the data which Microsoft collects through Windows and other Microsoft services is anonymous. What the Dutch DPA report now makes clear, is that none of the data collected by Microsoft at any level of telemetry is anonymous, and instead all of it is personally-identifying, attaching device, network, and user account identifiers to the gathered data. The Dutch DPA's full report on their investigation is available only in the Dutch language. Related post showing that the number of data fields Microsoft is attaching these personal identifiers to exceeds 3,500:

So here is something for the group today. I found myself in a situation where I had blocked Windows 10 from getting access to me and my work using a program called Destroy Windows Spying. I happen to know for a fact that this program is not intentionally trying to hurt me but it really scorched Windows when it tried to block everything. Now this is exactly what I wanted but I need to temporarily set things so I can authenticate my new software version as I recently upgraded my version of 10 and found myself unable to connect to the authentication server in order to set things up. This PARTICULAR problem happens to be one that is hard to find information on and if I remember correctly I'm going to end up having to find the current address windows uses for authentication and punching it in to authenticate before deleting that entry again to resecure my system from that avenue of attack by Microsoft (and yes they are effectively the virus infectors that give the system I use and that is how I consider them to be these days after Windows 10). The problem here really is the details associated with the outline I gave above. Anyone willing to walk things through here please? Thank you.

I find it quite troubling to hear that a government agency traded with criminals for the data of one million people. The fact that the data of one billion users ended up in the hands of criminals and were sold, is even more troubling. I find that a huge company like Yahoo should take security a lot more serious. I hope this will give governments more incentive to make laws on cyber security more strict. Source: BloombergTechnology

So, think the electronic spying going on these days can't get any worse? (or think that it doesn't matter for you?) Guess again. "But what about my rights to privacy!?" you might be asking. How do these companies get permission to sort through your phone? Source:https://www.bloomberg.com/news/articles/2016-11-25/no-credit-history-no-problem-lenders-now-peering-at-phone-data Well now. Don't we all feel violated and spied upon? Still thinking that the whole "nothing to hide nothing to fear" argument will protect you? I know I don't. Although, I find myself wondering if people could use this knowledge against these companies to spoof their credit rating by calling and texting each other more. That would be rather hilarious in my mind. I can see a benefit of this, if you (like myself) have absolutely no credit score because you refuse to take out a loan unless absolutely necessary, and refuse to get a credit card, but it still seems like a bad idea on the part of companies as well as general consumers. Discuss.

Source: AV-Comparatives Stalkerware Test 2020 (Windows and Android), Electronic Frontier Foundation Do you think your spouse or partner already went down low to spy on you by installing malware on your phone? Good news! Major antivirus vendors has gotten better in detecting and blocking stalkerware. One of you might ask as to what's the difference between the stalkerware used by overly jealous spouses and a parent installing a parental control app or a MDM solution to track employees on the go, the answer as provided by AV-Comparatives is that stalkerware will try its best to stay under the radar to avoid detection and uninstallation, whereas parental control or corporate MDM solutions are quite explicit on what they do and its presence. Parental control apps allows parents to track the location of their kids to make sure they don't go elsewhere other than school and home. As EFF security researcher Eva Galperin said in an interview [here] [here], stalkerware potentiates domestic abuse. Just think of it this way, you're on your way to work but all of a sudden your phone's battery is draining fast even though it's fairly new and fully charged. Then you pulled your phone out of your purse or bag and you noticed that it's getting hot. Then you tried to dig into the settings and you find out that there are apps installed that you're unfamiliar of. Or better yet, you opened a browser window and you notice that in the task manager/activity monitor that network activity is a bit high on Chrome but there aren't any extensions visible in the upper right side. Little did you know, your spouse has installed a spying app to track everything you do online. Then once you got home, you are greeted by an angry spouse/partner because he/she has seen your Facebook chat with a friend. So what happened next is that both of you started raising voices until one will either verbally humiliate your or worse, physically assaults you. Or if the abuser is such a sadist, he/she will not only verbally and physically abuse you, he/she can use it for character assassination or defamation. As Eva Galperin pointed out, it all started with a tweet below in 2018 and she has received 10K retweets just a few hours ago and her inbox then became filled of abuse stories from both men and women related to stalkerware. While she made it clear that she also received stories about men being abused either by another men, women abused by women, or men abused by women, the vast majority are women being abused by men through spying. The problem however with stalkerware is that even though they are maliciously intended, they are commercially sold. Typically hackers would go to dark web forums to look for exploitable vulnerabilities or perform deep reconnaissance on an organization, jealous spouses don't need to do that. All you need to do is to Google it. It will show you list of apps for spying. Here's a popular spying program for Android named Cocospy. As you can see, it will demand you to turn off Google Play Protect and allow installation outside of the Play Store. So this prompted this lady to force the antivirus industry to take stalkerware seriously. As you have seen in the first two photos above, 2019 is where most of AV products for both Android and Windows have sloppy detection scores for stalkerware, but now in 2020 they have improved which is a plus for privacy. I can't say the same for iOS since Apple doesn't allow security products to be installed other than URL blockers. At the moment, you're best option is to turn off Find My Friends and make sure it isn't jailbroken as Apple has a strong App Store policy on tracking apps I assume. Here's her advice on stalkerware and abusive spouses: If a spouse or partner is forcing you to give him/her your passwords for various online accounts, it's already a red flag. Turn off biometrics especially fingerprint unlock so that your phone cannot be abused. If you're using Android or Windows, run a full system scan preferably with two or three vendors and compare detection results. If the antivirus detected a potentially unwanted spying program, do not quarantine or neutralize the threat yet, instead go to the authorities and report it. And here's my personal advice on failing relationships, "if you're currently unhappy with your current relationship, ask yourself if you're dating the person of your dreams or just the person within your reach". Don't be a martyr because no one will build a statue for you just because you think that person is going to change. Think about yourself and if you have kids, think about their safety.

I've found that the ActivTrak monitoring software has been installed onto my computer. The program runs via an agent which goes undetected on my system, and I have no way of removing it from my PC. Is there any way I can rid myself of this nefarious software? I'm given no clues as to how it runs as none of my tasks give any hint of it running out in the open, and I was only able to find this out via trying to install it for myself, where I was promptly greeted with the response that it had already been installed by another user.

I just stumbled upon an article from Business Insider that uncovered recent court filings from a Dallas, TX district court that alleges ZTE (which was apparently created by China's Ministry of Aerospace) of using its devices to spy on end users. Following some more research, I was also able to find an article in The Sydney Morning Herald that bring up an incident where ZTE bribed officials with literal brown paper bags filled with cash to influence prospected contracts in West Africa. I think it's also interesting to consider the recent tweet from Donald Trump that supports a ZTE expansion into the United States despite his typically hostile attitude towards global trade, specifically with China. I don't know how to express this properly but I don't think of myself as a conspiracy theorist - the allegations appear extreme and it's personally discomforting to think that this could be currently occurring. I'm not absolutely positive regarding the validity of these allegations, which is why court systems and intelligence agencies exist. I do however think that information currently accessible (that I was able to find) is enough to start a conversation regarding ZTE as a company. I especially think that this could be important regarding potential recommendations of their current and future devices that could potentially leave unsuspecting end users to be spied on. I would be really interested if anyone could find any additional information regarding the topic regardless if it supports or opposes what I've discovered thus far. Anyway, I found these articles interesting I hope you do as well.

Hey Guys! So I just watched the "WHY Buy a Chinese Phone?" and I had some concerns that, if one doesn't follow current news, on China specifically, wouldn't know this information. I'm not saying that this is true, but I have a concern, that LTT could possibly look into? China, under the CCP (Chinese Communist Party) is a Police State. Everything the Chinese Citizen does is monitored, everywhere they go, everything they do online, everything. Its Scary. One of the things that the CCP does, is control App's. When Linus brought up the Weather App, and rightly asked why the app wanted all the permissions it didn't need, it raised some red flags, and alarm bells for me, personally. LTT. One of the things you guys could do, that would be super useful is to look into the Chinese Android OS's, and if possible, look into how much personal information they are gathering, and sending back to Chinese Servers, and by extension, the Chinese Communist Party. I don't really want to get political. This is not the Political Post. The only thing I will say, is that there is a difference between the Chinese People, and China, and the Chinese Communist Party. It would be the Party that is doing this, not the People of China.

https://www.reuters.com/article/us-netherlands-referendum/dutch-say-no-in-referendum-on-spy-agency-tapping-powers-idUSKBN1GX0QU A while ago a new law was introduced in the netherlands which allowed for a lot more freedom for the security agency. They could now tap about everything they wanted. After a lot of protests a referendum was called for which was held yesterday. With almost all votes counted it seems there is a very slight inclination to "no" but the results are almost 50/50. Personally I was one of the "yes" voters while I believe a new law was needed because the last law originated from the 1980's and internet wasn't a consideration then. But the law was a bit to open on part, still personally I believe it was better then having nothing. But I can also see the reasons why people would vote "no". But it seems the results we are getting now are the best for both parties as the dutch government is considering reevaluating the law and making changes too it. This isn't 100% sure yet but it's going to be interesting to see what this will result in. And hopefully the Dutch can once again set a good example on how to balance security and privacy. Any other dutch people here who want to weigh in on the discussion or other people who want to voice their opinions?

So this guy right here demonstrates dns requests done by windows 10 vs linux system.. but needs more research to know what those addresses are exactly.. please note that the system is just sitting idle not doing anything.. so.. just watch the whole thing he explains it pretty well.. NoTrack vs Spybot Anti-Beacon - Windows 10 Spying

According to France's National Data Protection Commission (CNIL), Microsoft does not comply with the French Data Protection Act and has been given 3 months to make the necessary chances to comply. French authorities has done several investigations and found that Microsoft is failing on a number of different privacy-related aspects. In the investigation, Windows 10 was found to collect irrelevant or excessive data, lacking security, users were included in the data collection without their consent, lack of information and no option to block cookies and also transferring personal data back to the US on a "safe harbour" basis (an agreement which is not valid since October 2015). Source: CNIL Full statement: Microsoft has responded that they will work with the CNIL to solve these issues. As noted by BetaNews, Microsoft does not actually deny any of the accusations. Here is Microsoft's full statement: Source: BetaNews I am very pleased to hear this. Back when it was first discovered that Windows 10 collected a big amount of information about the user a lot of people said things along the lines of: As it turns out, we didn't hear about it back then because the investigation was still work in progress. It is now done and the French government is not happy about how Microsoft is acting. Hopefully this will lead to a positive change for users. A chance which gives users more information and control over how and what personal information Microsoft collects.

Put on your tinfoil hats boys and girls. And here's the GAO summary of the program. Why be concerned you ask? If you live in one of the following states, and have a drivers license, you are in their database: With a large number of other states currently "under negotiation for memorandum of understanding with the FBI (for access to drivers license photos)", whatever that means. Source: http://arstechnica.com/tech-policy/2016/06/smile-youre-in-the-fbi-face-recognition-database/ Personally, I find this to be quite concerning. Particularly because most of the images collected were not collected for criminal or national security purposes. We really need to start fighting back against this government attitude of "because we want it". Just for fun

So. Well there's really no nice way to say it, the FBI no longer needs a warrant to investigate people. Why? Because the NSA doesn't have to get a warrant to spy on people, and the FBI can look at anything the NSA uncovers. Without a warrant. So basically, they only need to have "national security reasons" for the initial collection of your data, after that, they can look through it for any reason, without a warrant. Source: https://www.eff.org/deeplinks/2016/04/secret-court-takes-another-bite-out-fourth-amendment

Well now, grab your tinfoil hats, or make some if you don't have one. Source: http://www.zdnet.com/article/us-spy-court-didnt-reject-a-single-secret-government-demand-for-data/ So, tell me again, you have nothing to hide? What does it matter when you don't know, and don't have any form of legal representation WHAT-SO-EVER? Discuss.

I saw a tweet this tweet at twitter today where a russian guy with translation text shows in video how windows 10 is taking screenshot every X minute and sending it to microsoft. Of course his running it from VM and he apparently decodes few screenshots that windows 10 took while he was installing and shows them. I think this would need more evidence or investigating to proof this? that's my opinion but it's certainly interesting..at least the guy presents how to do it on the video and evidence of it.. Windows 10 taking screenshots video

So, apparently this has happened. Haven't seen a thread on it yet. Not surprising to me that they would rather renew it under the patriot act, despite that having been deemed by the court system as completely illegal. .....What? I don't even...... Seriously, I'm confused at this point. Either they can violate everyone's (in the US) rights, or they can't.....this makes zero sense now. To be honest, I view this the way that Wendell views anything passed by the US government: "Take the name of the bill, and assume the exact opposite". How on earth are they going to prove a "link to terrorism" without already spying on us? and if the exact same powers remain in place....what? Source: http://www.reuters.com/article/2015/05/13/usa-security-nsa-idUSL1N0Y41R620150513

The Dutch government is ******... Plz read this... http://www.theregister.co.uk/2015/07/08/dutch_snooping_law_revamp/ Quote "The proposed update of the Intelligence & Security Act of 2002 would establish bulk interception powers for “any form of telecom or data transfer”. As well as metadata, the revamp would allow the Dutch intelligence services to compel anyone to help decrypt data, either by providing encryption keys or turning over decrypted data." Here is the explanation... https://blog.cyberwar.nl/2015/07/dutch-intelligence-bill-proposes-non-specific-bulk-interception-powers-for-any-form-of-telecom-or-data-transfer-incl-domestic/ And the original Dutch law proposal... http://www.internetconsultatie.nl/wiv What do you guys think of this?

Airtel, it seems, is doing quite well at pissing off their customers. First, there was 'Airtel Zero', that went against our will of keeping the internet free : http://linustechtips.com/main/topic/343128-double-standards-by-facbook-and-google-net-neutrality-in-india/ , and now this Here’s how this story unfolded: On 3rd June, 2015, Thejesh GN, an infoactivist and programmer from Bangalore noticed that Airtel is secretly injecting scripts into user’s web browser. The code tries to insert a toolbar into the user’s browsing session In layman’s terms, Airtel was collecting user information & trying to alter user behavior without user permission: a practice that’s as unethical as it sounds. If that wasn’t enough, Thejesh received a threatening notice (Cease & Desist notice) from an Israeli company named Flash Networks Limited.

You know how to tell you've stumbled across something very important? When it gets this kind of treatment. The FBI willing to drop charges and let someone go all in the name of not wanting to reveal even the tiniest detail about Stingray? Gotta wonder just how powerful and just how well it works that they don't want anything leaking out. Stingray is basically a very sophisticated way to get cellphones to give up their locations, its something very useful for law enforcement but can be hilariously abused if needed. Thats the fear people have and thats why some jurisdictions are trying to get the information out there, but honestly? Good luck. The FBI would sooner burn every last detail of the program than reveal anything to anyone. http://www.ksl.com/?nid=157&sid=33878539

Facebook, the company that more than any other seeks to make money off of the very fact that its users exist, has enabled support for users connecting via Tor. In the past users connecting via Tor would often be mistaken for illegitimate users, however Facebook has now said that users could access the site "without losing the cryptographic protections" of Tor. It is speculated that this will be popular among those in countries where Facebook is blocked by the government. As users are still required to comply with Facebook's real-name policy, a small bit of the anonymising effect of Tor is lost, however Facebook will still not be able to figure out your [general] location or browsing habits while you are connected via Tor. As pointed out by the first article, the support for Tor does not increase the likelihood that Facebook will be used for illegal activity, as it was already possible to log in to the service while concealing your IP address, and thus your [general] location. This news comes at the same time that the company has announced that global government data requests have risen by 24% to 35,000 in the first 6 months of this year, compared to the second half of 2013. The company also announced that the amount of restricted content (due to local laws) has risen by 19% in the same period. The increases come as Facebook continues to fight a court order to hand over data from 400 people, the largest single request by any government. The addition of Tor support could see a large increase in Facebook's user-base in countries where the service is blocked. It could also allow Facebook to throw their hands in the air to some of the ever increasing data requests as they wont be able to give any information on parties connected via tor. (other than that which is actually held in their databases... i.e photos, statuses etc.) Sources(BBC): Facebook sets up 'dark web' link to access network via Tor Facebook's government user data requests up 24%