Tag: surveillance

Google ordered to pay over $425 million in damages for smartphone privacy violations

Tech giant Google has been ordered to pay over $425 million for improperly snooping on the data of smartphone users and invading users’ privacy from 2016-2024.

It’s a violation of public trust,” said attorney & political analyst Madeline Summerville.

The class action lawsuit, initially filed in 2020, accused the company of collecting data from 98 million devices that had turned off a tracking feature in their Google account.

Even though I’ve shutoff all the different apparatuses that would keep Google from monitoring me, they’re still doing it because they were doing it through third party apps,” Summerville said.

The jury found Google spied on users and was in violation of California privacy laws. But Google denied it was improperly accessing devices. A Google spokesperson told Reuters, this decision misunderstands how its products work and it plans to file an appeal. “Our privacy tools give people control over their data, and when they turn off personalization, we honor that choice.”

Keep reading

Navy SEALs Reportedly Killed North Korean Fishermen and Mutilated Their Bodies To Hide a Failed Mission

You are a fisherman in one of the poorest, most repressed countries in the world. About 20 years ago, your country was suffering from a famine that is still forbidden to discuss frankly. The streets are filled with living reminders of starvation, people whose bodies are marked by childhood malnutrition. Food is precious to you.

So today, as other days, you woke up before dawn with your companions to go diving in the freezing cold ocean, in hopes of putting some mussels on your family’s table. But suddenly, you die. A man you have never met and whose presence you did not know about has shot you with his rifle. His companions stab your lungs so that your body will sink to the bottom of the sea. Your family will likely never know what happened to you.

That is what happened to a group of unnamed North Korean fishermen who accidentally stumbled upon a detachment of U.S. Navy SEALs in 2019, according to a Friday report by The New York Times. The commandos had set out to install a surveillance device to wiretap government communications in North Korea. When they stumbled upon an unexpected group of divers on a boat, the SEALs killed everyone on board and retreated.

The U.S. government concluded that the victims were “civilians diving for shellfish,” sources told the Times. Officials didn’t even know how many, telling the Times that it was “two or three people,” even though the SEALs had searched the boat and disposed of the bodies. The mission wasn’t just an intelligence failure. It was a failure that killed real people through no fault of their own.

The mission was carried out during the first Trump administration. The U.S. government wanted insight into North Korean leader Kim Jong Un during his high-stakes nuclear negotiations with President Donald Trump. Matthew Cole, one of the reporters who broke the story, wrote on his Substack that he first caught wind of the story in 2023 from a source who wanted him to know “how the SEALs involved in the mission had avoided any accountability because of how secret the mission was.”

The broader point of the story, according to the Times, was that the U.S. government “often” hides the failures of special operations from policymakers. Seth Harp, author of The Fort Bragg Cartel, roughly estimates that Joint Special Operations Command killed 100,000 people during the Iraq War “surge” from 2007 to 2009. The secrecy around America’s spying-and-assassination complex makes it impossible to know how many of those people were simply in the wrong place at the wrong time.

Keep reading

NYT: Seal Team 6 Killed Civilians During Mission In North Korea

Today the New York Times revealed U.S. Navy SEALs killed North Korean civilians during a failed covert operation in 2019.

In 2019, U.S. Navy SEALs embarked on a clandestine mission to install a listening device inside North Korea, at a time when then-President Trump was engaged in landmark discussions with Kim Jong Un. 

The operation was reportedly green-lit by Trump.

The mission went awry when the SEALs encountered civilians fishing or diving for shellfish at night. The Americans opened fire, resulting in the deaths of all aboard the fishing vessel.

A subsequent classified Pentagon review deemed the killings justified under the established rules of engagement.  

The disclosure is significant as many have wondered how President Trump got the reclusive and belligerent North Korean leader to be so docile in the public face of the peace negotiations at the time.

There has also been rumors that Trump threatened Kim with assassination via SEAL Team 6.

The origin of those rumors now seems more clear.

Keep reading

New ‘Sextortion’ Spyware Snaps Webcam Photos Of People Watching Porn

If you’re indulging in adult content online, you might want to slap some electrical tape over your webcam pronto, according to a new report from WIRED. Cybersecurity experts at Proofpoint, a battle-tested firm, just dropped a bombshell detailing a nasty new strain of “infostealer” malware called Stealerium. This open-source digital menace can hijack your webcam to snap photos, snoop on your browser for NSFW keywords, and capture screenshots of anything spicy – all of which could be weaponized for blackmail and extortion schemes that’ll leave victims reeling.

When it comes to infostealers, they typically are looking for whatever they can grab,” Proofpoint researcher Selena Larson told WIRED, exposing the chilling reality of this cyberthreat. “This adds another layer of privacy invasion and sensitive information that you definitely wouldn’t want in the hands of a particular hacker.”“It’s gross,” Larson fumed. “I hate it.”

WIRED has more:

More hands-on sextortion methods are a common blackmail tactic among cybercriminals, and scam campaigns in which hackers claim to have obtained webcam pics of victims looking at pornography have also plagued inboxes in recent years—including some that even try to bolster their credibility with pictures of the victim’s home pulled from Google Maps. But actual, automated webcam pics of users browsing porn is “pretty much unheard of,” says Proofpoint researcher Kyle Cucci. The only similar known example, he says, was a malware campaign that targeted French speaking users in 2019, discovered by the Slovakian cybersecurity firm ESET.

Larson laid bare the sinister tactics of sextortion spyware, which preys on individuals for profit while flying under the radar. “For a hacker, it’s not like you’re taking down a multimillion-dollar company that is going to make waves and have a lot of follow-on impacts,” she said. “They’re trying to monetize people one at a time. And maybe people who might be ashamed about reporting something like this.”

The malware’s creator, known as witchfindertr, identifies as a “malware analyst” based in London. To top it all off, Stealerium is freely available as an open-source tool on GitHub.

Keep reading

Microsoft Word To Save New Files to the Cloud by Default

Microsoft is preparing to change how documents are saved in Word for Windows, shifting new file storage to the cloud by default.

Instead of asking users to activate AutoSave or select a cloud location manually, Word will now store all newly created documents directly in OneDrive or another designated cloud service automatically.

Raul Munoz, a product manager on Microsoft’s Office shared services and experiences team, described the change by saying, “We are modernizing the way files are created and stored in Word for Windows. Now you don’t have to worry about saving your documents: Anything new you create will be saved automatically to OneDrive or your preferred cloud destination.”

Currently being rolled out to Microsoft 365 Insiders, this new setup is presented as a way to prevent lost work and provide immediate access to files across mobile platforms and browsers.

However, for anyone working outside Microsoft’s cloud ecosystem, this change introduces additional steps to avoid online storage.

The update also comes with adjustments to how documents are named. Rather than appending sequential numbers to new files, Word will now assign file names based on the date of creation.

Users will have the option to set a preferred default save location or opt out of automatic cloud saves entirely, though doing so requires manual reconfiguration.

Microsoft has been steadily nudging its user base toward cloud reliance. AutoSave already defaults to cloud storage, and persistent prompts in Windows have encouraged, or pressured, users to turn on OneDrive backups.

These reminders have drawn complaints, especially from those who feel Microsoft is eroding straightforward local file access.

Keep reading

Is your baby, doorbell or security cam spying for China? Florida’s top cop wants to know

Florida’s top law enforcement official has issued a subpoena to Lorex Corp., a top maker of baby monitors, security and doorbell cameras, demanding documents and information about its corporate structure, whether it has any ties to Chinese Communist firms and whether Americans’ data or privacy can be breached. Those documents could provide evidence of illegal activity.

Attorney General James Uthmeier’s office told Just the News he believes Lorex, though North American-based, has imported large swaths of equipment from a Chinese manufacturer banned from the United States over alleged human rights abuses and national security risks.

A spokesperson for Lorex did not immediately respond to a written request for comment sent via email to its corporate public relations account.

Probe into whether products are relabeled from black-listed maker

“Lorex Corporation is importing millions of devices from CCP-controlled Dahua, which has been banned in the United States for human rights abuses and national security risks,” the office said in a statement to Just the News. “AG Uthmeier must discover whether Lorex is selling re-labeled Dahua products which would introduce a range of cybersecurity vulnerabilities that would give the CCP a direct line into the homes and private lives of millions of Floridians.”

Dahua, a Chinese technology company, acquired the Canadian-based Lorex in 2018 but sold it to Taiwan-based Skywatch nearly three years ago after Dahua was blacklisted in the United States.

The Pentagon in 2022 listed Dahua as one of 13 companies doing business with the Chinese military and banned its products in the United States. Earlier, the Commerce Department in 2020 identified Dahua as one of several Chinese firms involved in human rights abuses with alleged slave labor involving Uighur minorities.

In 2023, the Australian government expressed alarm when it found about 1,000 security cameras in its various offices tied to Dahua and another Chinese-tied firm, ordering a sweeping review of all security equipment in its government facilities.

The Florida attorney general’s subpoena was issued Friday, and shortly afterwards, Uthmeier put out a statement on X advising Florida consumers about his actions and possible vulnerabilities in Lorex products they may own.

“What consumers do not know is that data might be shared with the Chinese military,” he said. “Imagine that. Footage of your baby in a crib going to the Chinese government. This is unacceptable. It is a national security issue, and it will not be tolerated.”

Keep reading

University of Melbourne Broke Victoria’s Privacy Law by Using Wi-Fi to Monitor Protesters on Campus

The University of Melbourne’s covert surveillance tactics during a campus protest have been declared unlawful, following a ruling by Victoria’s deputy information commissioner that the institution broke the state’s privacy laws.

The decision condemns the university’s quiet use of digital tracking tools against students and staff involved in a pro-Palestine demonstration, raising serious concerns about the growing use of surveillance technologies in academic settings.

We obtained a copy of the decision for you here.

Prompted by media attention earlier this year, the investigation focused on how the university responded to a May protest held inside the Arts West building.

Rather than relying on open dialogue or standard disciplinary processes, university officials resorted to monitoring individuals through the campus Wi-Fi network, matching connection data with student ID photos and security camera recordings.

A total of 22 students were identified through this process, all without prior warning or a clear legal basis. Staff were surveilled as well, with the contents of ten employees’ email accounts examined to uncover involvement in the demonstration. Three of them later received formal warnings.

Although the commissioner’s office accepted that CCTV footage was used within legal boundaries, it found the use of Wi-Fi tracking in disciplinary investigations to be unjustified.

The monitoring of staff emails was also flagged for breaching expected privacy norms.

Keep reading

Chrome VPN Extension With 100k Installs Screenshots All Sites Users Visit

FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge on the Chrome Web Store, is exposed by researchers for taking screenshots of users’ screens and exfiltrating them to remote servers.

A Koi Security investigation of the VPN tool reveals that it has been capturing full-page screenshots from users’ browsers, logging sensitive visual data like personal messages, financial dashboards, and private photos, and uploading it to aitd[.]one, a domain registered by the extension’s developer.

Koi Security’s forensic analysis showed that the surveillance mechanism is triggered automatically, within seconds of loading any web page. Using Chrome’s privileged chrome.tabs.captureVisibleTab() API, screenshots are silently taken in the background and bundled with metadata including page URLs, tab IDs, and unique user identifiers. This data is then transmitted to the attacker-controlled server aitd.one/brange.php, without user interaction or visible indication.

The spying behavior is powered by a two-stage architecture:

  1. A content script injected into every visited site using matches (http:///, https:///).
  2. A background service worker that listens for an internal captureViewport message and initiates the screenshot capture.

The extension also promotes an “AI Threat Detection” feature which, when clicked, captures another screenshot and sends it to aitd.one/analyze.php. However, the real issue lies in the fact that screenshots are being taken long before users ever interact with this feature, making the user interface a decoy.

Koi Security further explains that the latest version of the extension, v3.1.4, introduced AES-256-GCM encryption with RSA key wrapping to obfuscate the exfiltrated data, making it harder to detect or analyze with network monitoring tools.

Keep reading

Big Tech Could Soon Use Brain Chips To Read Your Innermost Thoughts: Study

A new study out of Stanford University reveals that neural implants, also known as brain-computer interfaces (BCIs), might not just help paralyzed individuals communicate – they could potentially lay bare your innermost thoughts to Big Tech.

Published in the medical journal Cell, the research shows these devices can decode brain signals to produce synthesized speech faster and with less effort.

BCIs work by using tiny electrode arrays to monitor activity in the brain’s motor cortex, the region controlling speech-related muscles. Until now, the tech relied on signals from paralyzed individuals actively trying to speak. The Stanford team, however, discovered that even imagined speech generates similar, though weaker, signals in the motor cortex. With the help of artificial intelligence, they translated those faint signals into words with up to 74% accuracy from a 125,000-word vocabulary.

“We’re recording the signals as they’re attempting to speak and translating those neural signals into the words that they’re trying to say,” said Erin Kunz, a postdoctoral researcher at Stanford’s Neural Prosthetics Translational Laboratory.

But this technological leap has raised red flags among critics who warn of a dystopian future where your private thoughts could be exposed.

Nita Farahany, a Duke University law and philosophy professor and author of The Battle for Your Brain, sounded the alarm telling NPR, “The more we push this research forward, the more transparent our brains become.”

Farahany expressed concern that tech giants like Apple, Google, and Meta could exploit BCIs to access consumers’ minds without consent, urging safeguards like passwords to protect thoughts meant to stay private.

We have to recognize that this new era of brain transparency really is an entirely new frontier for us,” Farahany said.

While the world fixates on artificial intelligence, some of the tech industry’s heaviest hitters are pouring billions into BCIs. Elon Musk, the world’s richest man, has raised $1.2 billion for his Neuralink venture, which is now conducting clinical trials with top institutions like the Barrow Neurological Institute, The Miami Project to Cure Paralysis, and the Cleveland Clinic Abu Dhabi.

Now, another tech titan is entering the fray.

Keep reading

Thousands Of Grok chats Now Searchable On Google

Hundreds of thousands of conversations that users had with Elon Musk’s xAI chatbot Grok are easily accessible through Google Search, reports Forbes.

Whenever a Grok user clicks the “share” button on a conversation with the chatbot, it creates a unique URL that the user can use to share the conversation via email, text, or on social media. According to Forbes, those URLs are being indexed by search engines like Google, Bing, and DuckDuckGo, which in turn lets anyone look up those conversations on the web. 

Users of Meta‘s and OpenAI‘s chatbots were recently affected by a similar problem, and like those cases, the chats leaked by Grok give us a glimpse into users’ less-than-respectable desires — questions about how to hack crypto wallets; dirty chats with an explicit AI persona; and asking for instructions on cooking meth. 

xAI’s rules prohibit the use of its bot to “promote critically harming human life” or developing “bioweapons, chemical weapons, or weapons of mass destruction,” though that obviously hasn’t stopped users from asking Grok for help with such things anyway.

According to conversations made accessible by Google, Grok gave users instructions on making fentanyl, listed various suicide methods, handed out bomb construction tips, and even provided a detailed plan for the assassination of Elon Musk.

xAI did not immediately respond to a request for comment. We’ve also asked when xAI began indexing Grok conversations.

Late last month, ChatGPT users sounded the alarm that their chats were being indexed on Google, which OpenAI described as a “short-lived experiment.” In a post Musk quote-tweeted with the words “Grok ftw,” Grok explained that it had “no such sharing feature” and “prioritize[s] privacy.”

Keep reading