Tag: internet

Senate Passes Kids’ “Safety” Bills Despite Privacy, Digital ID, and Censorship Concerns

Two bills combined – the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) – have passed in the US Senate in a 91-3 vote, and will now be considered by the House.

Criticism of the bills focuses mainly on the likelihood that, if and when they become law, they will help expand online digital ID verification, as well as around issues like censorship (removal and blocking of content).

The effort to make KOSA and COPA 2.0 happen was spearheaded by a parent group that was pushing lawmakers and tech companies’ executives to move in this direction, and their main demand was to enact new rules that would prevent cyberbullying and other harms.

And now the main sponsors, senators Richard Blumenthal, a Democrat, and Republican Marsha Blackburn are trying to dispel these concerns, suggesting these are not “speech bills” and do not (directly) impose age verification.

Further defending the bills, they say that the legislation does not mandate that internet platforms start collecting even more user data, and reject the notion it is invasive of people’s privacy.

But the problem is that although technically true, this interpretation of the bills’ impact is ultimately incorrect, as some of their provisions do encourage censorship, facilitate the introduction of digital ID for age verification, and leave the door open for mass collection of online users’ data – under specific circumstances – and end ending anonymity online.

Keep reading

Given anti-Russia CrowdStrike’s history, it is hard to believe the company when it claims the global chaos caused by them was just a simple ‘update’ glitch

While CrowdStrike is heavily in the news due to their “update” outage debacle, it bears noting they have been in the news before, way back during the chaos that came from the DNC server hack which CrowdStrike was immediately cited to blame Russia for embarrassing emails published by Wikileaks.

(Article by Susan Duclos republished from AllNewsPipeline.com)

Let us take a little trip down memory lane in regards to CrowdStrike, shall we?

Russia was blamed for the hack into the DNC (Democrat National Committee) and Hillary Clinton emails that were published by Wikileaks back during the 2016 campaign cycle. The DNC hack linked above is to the WayBack Machine since the original searchable database at Wikileaks leads to an error page.

There are a few moving parts to this article, so let us begin with the fact that the DNC refused to allow the FBI to inspect their hacked servers and instead went to a private company, CrowdStrike.

The FBI requested direct access to the Democratic National Committee’s (DNC) hacked computer servers but was denied, Director James Comey told lawmakers on Tuesday.

The bureau made “multiple requests at different levels,” according to Comey, but ultimately struck an agreement with the DNC that a “highly respected private company” would get access and share what it found with investigators.

“We’d always prefer to have access hands-on ourselves if that’s possible,” Comey said, noting that he didn’t know why the DNC rebuffed the FBI’s request.

“CrowdStrike, the private security firm in question, has published extensive forensic analysis backing up its assessment that the threat groups that infiltrated the DNC were associated with Russian intelligence.”

So it was CrowdStrike alone that determined that the hack to the DNC server was perpetrated by Russia.

Special Counsel Robert Mueller used the CrowdStrike findings for Report on the Investigation into Russian Interference in the 2016 Presidential Election, without any legitimate federal agency double checking their work.

Keep reading

Digital Dystopia: Lessons from the Global IT Outage on the Perils of Cashless Living

As a global IT outage wreaks havoc on digital payment systems, mainstream media finally sounds the alarm on cashless society risks – but for truth-tellers like Sayer Ji, the warning comes too late.

The Growing Threat of a Cashless Society: Lessons from the Global IT Outage

In a startling shift, major British newspapers have begun highlighting the dangers of a fully cashless society following a widespread IT outage that crippled digital payment systems across the globe. This event has brought to light the inherent fragility of our increasingly digitized financial infrastructure and serves as a stark reminder of the vital role cash still plays in our economy.

The Chaos of Digital Dependency

On July 19, 2024, a content update by cybersecurity giant CrowdStrike caused millions of Microsoft systems worldwide to crash. As reported by Nick Corbishley for Naked Capitalism, this outage had far-reaching consequences:

“When a content update by the cyber-security giant CrowdStrike caused millions of Microsoft systems around the world to crash on Friday morning, bringing the operating systems of banks, payment card firms, airlines, hospitals, NHS clinics, retailers and hospitality businesses to a standstill, businesses were faced with a stark choice: go cash-only, or close until the systems came back online.”

This incident laid bare the vulnerability of our tightly coupled IT-based societies, particularly in the realm of banking and payments. The fallout was especially severe in countries like Australia, where cashless transactions have been actively encouraged by the government.

Keep reading

The CrowdStrike global outage shows the serious dangers of a centralized, digitized world

The perils of over-reliance on digital systems have been once again highlighted by the crashing of computer systems around the world due to an update to the Falcon antivirus and security product from CrowdStrike affecting its interaction with the Windows operating systems. The update has caused chaos for banking, retail, railways, airports, healthcare and for a wide range of other businesses and infrastructure where the Falcon software runs on Windows systems. Advice for bringing affected computers back into working order has been published, but the exact mechanism by which the update caused “Blue Screen of Death” errors does not appear to have yet been reported.

(Article by Dr. R P republished from DailySceptic.org)

It appears that in many cases, while the update was distributed automatically over the internet to systems, the workaround to fix the problem requires the machines to be rebooted in Windows’ safe mode, which usually requires physical access. The person at the keyboard then needs to know the password for the computer’s administrator account, and use this level of access to delete a file within a subdirectory of Windows’ System32. This process can be more complicated where Microsoft’s BitLocker encryption is in use. In many organisations, the recovery keys for BitLocker have themselves been stored on a computer unable to start properly due to the CrowdStrike update. The quote “Men go mad in herds, while they only recover their senses slowly, one by one”, originally from Charles Mackay in 1841, seems applicable now to computers too. They crash en masse, then require individual attention before they will work again.

It should be noted that while the perils of centralisation with a physical single point of failure are obvious to all but technocratic politicians and civil servants, this massive outage shows another way in which a “single point” of failure can occur. The single point in this case is not a particular server in one building somewhere on the planet; but rather a change within a single piece of software with that change then being rolled out to many individual systems around the globe. These systems then entered a state euphemistically described as Total Inability To Support Usual Performance (acronym intentional) among the tech community. There was a reason that NASA put a fifth backup flight computer in the space shuttle, running software written entirely independently of the software on its primary four computers. A single point of failure where software is concerned doesn’t have to happen at only a single point in space.

There is a very clear lesson to be learned here. Systems which can collapse at scale, even when they are not centralised in the physical sense, eventually will collapse in such a fashion. Advocates of Central Bank Digital Currencies (CBDCs) and Digital ID systems should consider these lessons. This update ‘only’ knocked out an estimated 8.5 million computers, belonging to over 24,000 organisations that subscribed to CrowdStrike’s Falcon software. A country reliant on a CBDC instead of cash would see an end to all transactions as a consequence of a similar failure affecting a component within whatever software stack was being used to operate CBDC infrastructure. That could mean a fault within the software on physically centralised or partly centralised servers logging transactions and holding records; or a fault within the software running on masses of devices operating as payment terminals in a wide variety of locations. In that dystopian CBDC-dependent nation, one would be looking at electric vehicles (already a bad idea simply on account of the abysmal energy density of batteries compared to chemical fuels) stranded at charging stations, unable to make payments to initiate the charging procedure. Consider that the World Economic Forum once advertised with slogans on the theme of “what if extreme weather froze your bank account”, right at the time when Justin Trudeau was freezing bank accounts on account of his extreme intolerance for peaceful protest. The reality is that in the centralised totalitarian model of society the WEF hungers for, this scenario becomes more probable, not less. That is to say, that as well as increasing the opportunities for censorship-obsessed elites to deliberately interfere in people’s lives, centralisation also increases the vulnerability of a society to accidental errors. Where Governments dream of requiring digital ID or age verification for internet access, or client-side scanning to look for objectionable opinions and only allow messages to be sent when approved as sufficiently “double plus good”, one can even imagine a situation where direct messages and online posts attempting to report a fault in the software stack running the verification or approval algorithms would be blocked from being sent. This wouldn’t need to be a matter of a deliberate attempt to cover up the fault, but instead the inability to report the fault would be a natural consequence of the fault itself. A censorship apparatus built on a principle of scanning everything before it can be shared ends up censoring absolutely everything if it is unable to perform scans.

Keep reading

Another Kamala Harris Failure: After Three Years and Billions of Dollars, Rural High Speed Internet Plan Has Connected ZERO People

Border Czar Kamala Harris, who failed miserably protecting our borders, was tapped to lead another component of the Biden-Harris agenda, connecting rural Americans to high-speed internet.

The program was launched in 2021 at a cost of $42 billion to American taxpayers.

President Biden put VP Harris in charge of the effort, and after 985 days under her leadership, NOT ONE person has been connected, and zero Americans have benefitted from this boondoggle.

Brendan Carr, who serves as Commissioner of the Federal Communications Commission, shared the abject failure of the Biden-Harris plan, which broadband infrastructure builders have said is “wired to fail.”

Keep reading

The coincidences inside IT historical crash

Well, as most of you are aware, since I repeat myself occasionally, I try very hard to stick to quality, over quantity but reserve the right to publish different types of articles/e-mails. But also to increase the frequency if the necessity arises, not the case so far, but here this is a reminder of that. Also, the fog of “war” applies here.


In the rare case you live under Linux-based life or use Linux in your enterprise/workplace, or macOS, earlier today we the world suffered what is easily the biggest IT crash in history. You can grasp an idea of the extension by looking at the graph below.

Ironically enough the culprit is also in the image. CrowStrike, a cyber-security company. In fact one of the largest, and biggest single points of failure, cybersec companies on the entire planet. So what happened ?

In simple words, CrowdStrike sent an automated update to all its clients, and its client list is absurdly large. Airports, hospitals, chain stores, banks, innumerable tech companies, automation companies, automotive companies, and other fields of modern human activity in many countries – odds are they may use CrowdStrike.

Their software acts very “deep” into any system that uses it, thus this faulty software update created a loop in any system or server using Windows. Until a few hours ago, this could only be fixed physically, by an IT tech or a knowledgeable person either the faulty archive. This event will billions of dollars in economic damage, and second and third-order effects none of us can predict.

If this was just a fuck up, that is fine, disastrous of course, but “fine”, but I will assume malice. And I messaged a few experts, and read a few hundred messages from InfoSec Twitter, and the sentiment was the same. If this was done maliciously by a threat actor, this leaves us with only two options, given the absurd level of sophistication to pull this off.

Keep reading

CROWDSTRIKE GLOBAL OUTAGE: No accident

A technical breakdown of the root cause of the world’s biggest IT fuck up is out. If it’s correct, we believe no one should consider this an accident.

Here’s a short, non technical explanation.

Windows contains fundamental programs called drivers that are required for the operating system to work. They are pretty low level software that load in the boot sequence and whenever needed. Users don’t directly interact with them and they don’t appear in Task Manager’s easy view. The user is kept away from them. Drivers have powerful system privileges and access. If essential drivers don’t load, work or are corrupt, Windows can completely crash. That can look like the blue screen of death BSOD.

CrowdStrike make a security software product, Falcon, that is a Windows driver that loads during boot up. The update mechanism for Falcon is within Windows. Users don’t get a direct say. CrowdStrike released an update to the globe that contained a direct, guaranteed fatal coding error.

The coding error in C++ language is fatal because it makes the program try to access a non existent part of the machine’s memory. No machine anywhere will have this memory address. When this access attempt happens, a fatal error results that causes the program to crash. When that program crashes, Windows crashes.

CrowdStrike’s Falcon was intrinsic to Windows boot up, so once a crash happened the machine could never be booted up again until Falcon was literally deleted from the machine’s boot sequence. This requires manual access to the machine in many, many cases. Remote fixing isn’t possible, so “the fix” is very high labour and access. That’s an insanely expensive fix. Literally dudes going to each machine and manually doing the fix over and over.

The above is absolutely fucking insane.

Keep reading

FTC Opens a Backdoor Route to Age Verification on Social Media

I hadn’t heard of the app NGL until recently. But that’s not surprising. The anonymous questions app seems to be largely popular among teens.

Bark, the maker of parental content-monitoring software, calls NGL “a recipe for drama” and cyberbullying. But it seems like a fairly standard social media offering, allowing users to post questions or prompts and receive anonymous responses.

Now, the Federal Trade Commission (FTC) has ordered NGL to ban users under age 18.

The FTC and the Los Angeles District Attorney’s Office say NGL “unfairly” marketed the app to minors. “NGL marketed its app to kids and teens despite knowing that it was exposing them to cyberbullying and harassment,” FTC Chair Lina M. Khan said.

To settle the lawsuit, the agency is not only making NGL pay $5 million, it’s also requiring the app to ban those under age 18 from using it.

This seems to me like a worrying development.

An administrative agency ordering a social media app to ban minors is effectively a backdoor way to accomplish what Congress has been failing to mandate legislatively and what courts have been rejecting when state lawmakers do it.

Granted, the FTC does not seem to be requiring NGL to check IDs. It’s merely “required to implement a neutral age gate that prevents new and current users from accessing the app if they indicate that they are under 18,” per the FTC’s press release.

But this is still the FTC setting minimum age requirements for some social media use, circumventing both parental and legislative authority.

Keep reading

House Report Reveals GARM’s Role in Stifling Online Discourse

A new report from the House Judiciary Committee released on Wednesday, and confirming our previous reporting, casts the Global Alliance for Responsible Media (GARM) under scrutiny, suggesting potential violations of federal antitrust laws due to its outsized influence in the advertising sector.

We obtained a copy of the report for you here.

Established in 2019 by Rob Rakowitz and the World Federation of Advertisers, GARM has been accused of leveraging this influence to systematically restrict certain viewpoints online and sideline platforms advocating divergent views.

The organization, initially conceived to manage the surge of free speech online, is reported to coordinate with major industry players including Proctor & Gamble, Mars, Unilever, Diageo, GroupM, and others. The collaboration appears to stretch across the largest ad agency holding companies worldwide, known collectively as the Big Six. Such collaboration raises concerns about a concerted effort to police content, especially content that challenges mainstream narratives.

Keep reading

Federal Judge, ICE Agents Linked to Compromised Spyware Use

Sometimes the government spies on you. And sometimes they hire a poorly secured Eastern European firm to do it for them.

Last week, hacktivists published the customer support database for Brainstack, a Ukrainian company that runs a phone tracking service called mSpy. (It was the third mSpy security breach in a decade.) The database includes messages from Immigrations and Customs Enforcement (ICE) agents, active-duty troops, and a U.S. circuit court judge interested in using mSpy to conduct surveillance.

Employees at the U.S. State Department, the Nebraska National Guard, and two federal auditing offices reached out to mSpy about using the service in official investigations. Many more low-level officials and service members seemed to be using mSpy to monitor people in their private lives, but signed up through their government emails. In some cases, it was unclear whether government employees were using mSpy for official or personal business. 

Even if the private spying was for a legitimate purpose—such as parents monitoring their children’s internet usage—it was probably not the best idea to sign up for foreign spyware with known security issues from a government email account.

Judge Kevin Newsom, the circuit judge of the United States Court of Appeals for the 11th Circuit, used his government email address to log into an mSpy customer service chat in February 2019. “You can’t reliably monitor Snapchat, which is the only reason I got it,” he complained. He sent mSpy a follow-up email asking for a refund, signed with his official title as a judge.

“Judge Newsom’s use was entirely in his personal capacity to address a family matter,” says Kate Adams, director of workplace relations at the 11th Circuit.

MSpy has previously suffered serious security problems over the past decade. In May 2015, hackers stole data on mSpy’s targets and offered it for sale on the dark web. When cybersecurity journalist Brian Krebs broke the story, mSpy tried to claim the data was fake, then eventually admitted to the breach. In September 2018, mSpy accidentally left that same type of data on a public-facing server, then removed it when Krebs noticed.

In early June 2024, the Swiss hacktivist maia arson crimew, who had previously leaked the FBI’s No Fly List, claimed that an “anonymous source” had sent her 150 gigabytes of data from mSpy’s customer service branch. “From all the past stalkerware leaks, usually what leaks is victim data,” crimew tells Reason via encrypted voice chat. But this leak was about mSpy’s clients—essentially turning the surveillance back against the surveilers.

Last week, the leaked client data was published on DDoSecrets, a website widely considered to be WikiLeaks’ successor. (DDoSecrets is also famous for hosting BlueLeaks, a massive 2020 leak of police files.) The mSpy media team did not respond to an email asking for comment on the leak.

Keep reading