Tag: privacy

Europol Seeks to Break Mobile Roaming Encryption

EU’s law enforcement agency Europol is another major entity that is setting its sights on breaking encryption.

This time, it’s about home routing and mobile encryption, and the justification is a well-known one: encryption supposedly stands in the way of the ability of law enforcement to investigate.

The overall rationale is that police and other agencies face serious challenges in doing their job (an argument repeatedly proven as false) and that destroying the internet’s currently best available security feature for all users – encryption – is the way to solve the problem.

Europol’s recent paper treats home routing not as a useful security feature, but, as “a serious challenge for lawful interception.” Home routing works by encrypting data from a phone through the home network while roaming.

We obtained a copy of the paper for you here.

Keep reading

Federal Judge, ICE Agents Linked to Compromised Spyware Use

Sometimes the government spies on you. And sometimes they hire a poorly secured Eastern European firm to do it for them.

Last week, hacktivists published the customer support database for Brainstack, a Ukrainian company that runs a phone tracking service called mSpy. (It was the third mSpy security breach in a decade.) The database includes messages from Immigrations and Customs Enforcement (ICE) agents, active-duty troops, and a U.S. circuit court judge interested in using mSpy to conduct surveillance.

Employees at the U.S. State Department, the Nebraska National Guard, and two federal auditing offices reached out to mSpy about using the service in official investigations. Many more low-level officials and service members seemed to be using mSpy to monitor people in their private lives, but signed up through their government emails. In some cases, it was unclear whether government employees were using mSpy for official or personal business. 

Even if the private spying was for a legitimate purpose—such as parents monitoring their children’s internet usage—it was probably not the best idea to sign up for foreign spyware with known security issues from a government email account.

Judge Kevin Newsom, the circuit judge of the United States Court of Appeals for the 11th Circuit, used his government email address to log into an mSpy customer service chat in February 2019. “You can’t reliably monitor Snapchat, which is the only reason I got it,” he complained. He sent mSpy a follow-up email asking for a refund, signed with his official title as a judge.

“Judge Newsom’s use was entirely in his personal capacity to address a family matter,” says Kate Adams, director of workplace relations at the 11th Circuit.

MSpy has previously suffered serious security problems over the past decade. In May 2015, hackers stole data on mSpy’s targets and offered it for sale on the dark web. When cybersecurity journalist Brian Krebs broke the story, mSpy tried to claim the data was fake, then eventually admitted to the breach. In September 2018, mSpy accidentally left that same type of data on a public-facing server, then removed it when Krebs noticed.

In early June 2024, the Swiss hacktivist maia arson crimew, who had previously leaked the FBI’s No Fly List, claimed that an “anonymous source” had sent her 150 gigabytes of data from mSpy’s customer service branch. “From all the past stalkerware leaks, usually what leaks is victim data,” crimew tells Reason via encrypted voice chat. But this leak was about mSpy’s clients—essentially turning the surveillance back against the surveilers.

Last week, the leaked client data was published on DDoSecrets, a website widely considered to be WikiLeaks’ successor. (DDoSecrets is also famous for hosting BlueLeaks, a massive 2020 leak of police files.) The mSpy media team did not respond to an email asking for comment on the leak.

Keep reading

NewsGuard Co-Founder Advocates Banning Anonymous Social Media Posts, Enabling Lawsuits Against Tech Firms for “False” Content

NewsGuard co-founder and co-CEO Steve Brill has published a book, “The Death of Truth” – but he’s not taking any responsibility. On the contrary.

Namely, Brill’s “apolitical (misinformation) rating system for news sites” as NewsGuard is promoted to customers, is often blasted – and currently investigated by Congress for possible First Amendment violations – as yet another tool to suppress online speech.

But corporate media sing his praises, presenting him as a “media maven.”

A censorship maven more like it, critics would say. And while getting his book promoted, Brill managed to add his name to the steadily growing list of governments, NGOs, and associated figures who are attacking online anonymity.

Keep reading

5 Devices You Can’t Hide From the Government ‘Alphabet Agencies’

I’m going to alert you to what many are considering to be on of the worst doomsday scenarios for free American patriots. One that apparently not many are prepping for, or even seem to care about.

By now everybody knows that the government ‘alphabet agencies’ including mainly the NSA have been methodically collecting data on us. Everything we do, say, buy and search on the internet will be on permanent data base file by next year. All phone calls now are computer monitored, automatically recorded and stored with certain flag/trigger words (in all languages).

As technology improves, every single phone call will be entirely recorded at meta-data bases in government computer cloud storage, when ‘They’ finish the huge NSA super spy center in Utah. Which means they will be available anytime authorities want to look them up and personally listen for any information reference to any future investigation. Super computer algorithms will pin point search extrapolations of ANY relationship to the target point.

You can rest uneasily, but assured, that in the very near future when a cop stops you and scans your driver license into his computer, he will know anything even remotely ’suspicious’ or ’questionable’ about ALL the recent activities and behavior in your life he chooses to focus upon!

This is the ‘privacy apocalypse’ coming upon us. And you need to know these five devices that you can run to protect your privacy, but you can’t hide from.

Keep reading

Windows 11’s Sneaky OneDrive Sync

Those still using Microsoft Windows (now in version 11) as their operating system in 2024 have a lot of experience being left out of the “decision-making process” concerning their own computer and their own data.

This is what closed-source, proprietary software gets you (in addition to a lack of innovation and overall technical quality); but there are even more ways to avoid transparency, and, frankly, disrespect paying customers.

And one is introducing questionable features without even announcing them.

OneDrive – Microsoft’s cloud service – is also available to back up Windows folders like Desktop, Documents, Music, Pictures, Videos… and as it turns out, users don’t even have to agree to this – or even know it’s happening.

Namely, if you are installing Windows 11 (signed into the Microsoft account, as Microsoft prefers), the default is now to upload content from those folders to Microsoft’s cloud. And Microsoft didn’t bother informing their users about this change, compared to the previous installation process, Neowin reported.

“Informing” here means, not with a press release, and not even with prompts during installation and setup.

The backup, i.e., the syncing of the files is now already ongoing or done as soon as a fresh install is finished, and users are reportedly only (slowly) becoming aware of the change because of new visual indicators on their desktop shortcuts and folder icons (showing that the backup is in progress or done).

Windows users can still be grateful there are several ways to deal with the situation. One is to go to the OneDrive settings, and then go through several steps (Sync and Backup>Manage Backup…) and uncheck whatever folders should not sync with the Microsoft cloud service.

(But there are also older versions of OneDrive, where the way is, Manage Backup>StopBackup.)

Keep reading

Adobe to start spying on all your images and videos to enforce new content censorship rules

Photoshop maker Adobe recently changed its terms of service to give itself the power to look through your files and existing projects for so-called “content moderation” purposes.

The new policy notes that they “may access your content through both automated and manual methods, such as for content review.”

They are justifying this blatant invasion of privacy by claiming their intention is to detect and remove illegal content such as child sexual abuse material as well as behavior like spam and phishing. They also say that advancements in artificial intelligence technology mean it has become easier than ever to “create realistic images and human-sounding text and audio,” so these checks are necessary for safety reasons.

The new terms will affect more than 20 million global users of Adobe Creative Cloud Site.

Adobe has also made changes to its terms of service that empower it to delete content from accounts that are inactive; they did not specify what length of inactivity would qualify an account for content deletion.

However, one of the biggest concerns is that Adobe can now access work that is generated by people using their platforms, such as Acrobat and Photoshop, and they can do this not only by claiming they’re looking for illegal content but also to train AI platforms. They say that their automated systems could analyze users’ content with machine learning with a view to improving their software, services and user experience.

Keep reading

New York’s “SAFE” Digital ID Act For Kids Threatens Online Free Speech and Privacy

Legislators in the state of New York are pushing two new bills to regulate the internet, specifically as it pertains to the way minors use social media – Assembly Bill A8148A and Senate Bill S7694A.

If it succeeds, the law would be the first of its kind in the US, and likely represent a blueprint for other states.

But both acts, dubbed Stop Addictive Feeds Exploitation (SAFE) for Kids, have drawn criticism for bringing up constitutional issues tied to First Amendment rights.

Meanwhile, Governor Kathy Hochul and state lawmakers are said to be close on agreeing on the text of the bills, which are presented as designed to prohibit tech platforms from providing addictive feeds to minors (replacing them with content shown in chronological order), and monetizing their data, among other things.

But how would these platforms ascertain if somebody’s a minor? By requiring that their parents go through the digital ID age verification before they can provide consent on behalf of their children to use a particular social network in a particular way.

And this is where the legislative intent goes against the First Amendment, critics say, as having all online activity tied to a government-issued ID chills free speech and opens data privacy issues.

Somewhat ironically, given their open disregard of the First Amendment in other scenarios, those critics include some of the biggest tech companies.

Constitution and freedom of expression aside – their bottom lines would suffer if the bills pass, and so they find themselves as (no doubt, for both parties) uneasy bedfellows with those who consistently campaign against age verification, manipulated feeds, and data harvesting.

Keep reading

Ottawa’s Hidden Agenda: Bill C-26 Aims for Secret Surveillance Backdoors

Canada’s Bill C-26, currently making its way through the country’s parliament, includes “secretive” provisions that can be used to break encryption, researchers are warning.

As far as its sponsors are concerned, Bill C-26 is cyber security legislation intended to amend the Telecommunications Act and other related acts.

But the way the Telecommunications Act will be amended is by allowing the government to force companies operating in that industry to include backdoors in networks protected by encryption, a pair of University of Toronto’s Citizen Lab researchers suggest.

In case the government decides its surveillance needs require altering “the 5G encryption standards that protect mobile communications” – then this can also be done, should C-26 become law.

This raises several important questions, such as whether the bill’s purpose might be precisely to undermine encryption, considering that the government decided not to include amendments in the text that would prevent this.

Another worrying aspect is that given the already lacking level of security in the telecommunications space, the government would be expected to try to fix the existing problems, rather than create new ones, the researchers note.

The amendment that could have rectified this situation was proposed last year by the Citizen Lab, while civil society and industry leaders and experts also participated in parliamentary hearings concerning C-26 to recommend restricting what are said to be the draft’s broad powers to prevent “technical changes from being used to compromise the ‘confidentiality, integrity, or availability’ of telecommunication services.”

However, these warnings fell on deaf ears, with the bill now progressing through parliament without the recommended changes, and despite MPs stating that facilitating and broadening mass surveillance in Canada was not the motive behind C-26.

Keep reading

Biden wants U.S. government to scan all images on your phone to comply with new AI rules

To supposedly stop people from exchanging non-consensual artificial intelligence (AI) images of a sexual nature, President Biden wants to probe everyone’s smartphones as part of a sweeping surveillance effort.

press release from the White House explains the Biden regime’s desire for the tech and financial industries to take charge in stopping the creation and spread of abusive sexual imagery created by AI robots.

According to Biden’s handlers, “mobile operating system developers could enable technical protections to better protect content stored on digital devices and to prevent image sharing without consent.”

The plan is to have mobile operating systems such as Android and iOS automatically scan and analyze people’s private photos to determine which ones are sexual or non-consensual. Users would not have the ability to keep any of their images private from government spooks.

It might sound like a good thing until you recognize the privacy implications of such an arrangement. Do we the people really want to allow the government direct access to our photos?

Beyond the search and analysis framework, the Biden regime also wants mobile app stores like Apple’s App Store and Google Play to “commit to instituting requirements for app developers to prevent the creation of non-consensual images.”

(Related: AI is just one component among many of the dystopian present.)

Keep reading

Say Goodbye to Cloud Anonymity? New US Regulations Demand User Identification

The US Department of Commerce is seeking to end the right of users of cloud services to remain anonymous.

The proposal first emerged in January, documents show, detailing new rules (National Emergency with Respect to Significant Malicious Cyber-Enabled Activities) for Infrastructure as a Service (IaaS) providers, which include Know Your Customer (KYC) regulation, which is normally used by banks and financial institutions.

But now, the US government is citing concerns over “malicious foreign actors” and their usage of these services as a reason to effectively end anonymity on the cloud, including when only signing up for a trial.

Another new proposal from the notice is to cut access to US cloud services to persons designated as “foreign adversaries.”

As is often the case, although the justification for such measures is a foreign threat, US citizens inevitably, given the nature of the infrastructure in question, get caught up as well. And, once again, to address a problem caused by a few users, everyone will be denied the right to anonymity.

That would these days be any government’s dream, it appears, while the industry itself, especially the biggest players like Amazon, can implement the identification feature with ease, at the same time gaining a valuable new source of personal data.

The only losers here appear to be users of IaaS platforms, who will have to allow tech giants yet another way of accessing their sensitive personal information and risk losing it through leaks.

Meanwhile, the actual malicious actors will hardly give up those services – leaked personal data that can be sold and bought illegally, including by those the proposal says it is targeting.

Keep reading