cross-posted from: https://lemmy.sdf.org/post/32102322

Archived

TikTok owner ByteDance is set to be hit by a privacy fine of more than €500 million for illegally shipping European users’ data to China, adding to the growing global backlash over the video-sharing app.

Ireland’s data protection commission, the company’s main regulator in Europe, will issue the penalty against TikTok before the end of the month, according to people familiar with the matter.

The move comes after a lengthy investigation found the Chinese business fell foul of the European Union’s General Data Protection Regulation in sending the information to China to be accessed by engineers, added the people, who spoke under condition of anonymity.

[...]

As part of the decision from Ireland’s data protection commission, the regulator will order TikTok to suspend the unlawful data processing in China within a set time frame. China has long provoked the ire of privacy activists, who claim that the nation’s mass surveillance regime violates fundamental rights.

TikTok has been in the crosshairs of the Irish data protection commission before. In September 2023, it was fined €345 million for alleged lapses in the way it cares for children’s personal data. The watchdog has also sounded the alarm over Big Tech firms shipping the personal data of European citizens outside of the 27-member bloc, slapping a record €1.2 billion fine against Facebook owner Meta Platforms Inc. for failing to protect personal information from the American security services.

The Irish probe into TikTok started in 2021, when the regulator’s then head Helen Dixon claimed that EU user data could be accessed by “maintenance and AI engineers in China.”

[...]

cross-posted from: https://lemmy.sdf.org/post/31957116

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]

cross-posted from: https://lemmy.sdf.org/post/31274457

Archive

An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.

The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads.

Ordinarily, the shortcut's target and command-line arguments would be clearly visible in Windows, making suspicious commands easy to spot. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Trend reported this to Microsoft in September last year and estimates that it has been used since 2017. It said it had found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher.

"This is one of many bugs that the attackers are using, but this is one that is not patched and that's why we reported it as a zero day," Dustin Childs, head of threat awareness at the Zero Day Initiative, [said].

"We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines."

[...]

cross-posted from: https://slrpnk.net/post/19675447

Archived version

Here is an Invidious link for the video (and 'Lola' part starts at ~5 minutes)

To demonstrate this, Sadoun introduces the audience to “Lola,” a hypothetical young woman who represents the typical web user that Publicis now has data about. “At a base level, we know who she is, what she watches, what she reads, and who she lives with,” Sadoun says. “Through the power of connected identity, we also know who she follows on social media, what she buys online and offline, where she buys, when she buys, and more importantly, why she buys.”

It gets worse. “We know that Lola has two children and that her kids drink lots of premium fruit juice. We can see that the price of the SKU she buys has been steadily rising on her local retailer’s shelf. We can also see that Lola’s income has not been keeping pace with inflation. With CoreAI, we can predict that Lola has a high propensity to trade down to private label,” Sadoun says, meaning that the algorithm apprehends whether Lola is likely to start buying a cheaper brand of juice. If the software decides this is the case, the CoreAI algo can automatically start showing Lola ads for those reduced price juice brands, Sadoun says.

Firefox may be incompatible with DFSG and probably other similar principles and TOS.

From the bug report:

The new Terms of Use, from what I can see, are in violation of the DFSG points 5 and 6:

5. No discrimination against persons or groups

Rationale:

The terms of use grant Mozilla the right to terminate anyone's access:

Mozilla can suspend or end anyone’s access to Firefox at any
time for any reason

https://www.mozilla.org/en-US/about/legal/terms/firefox/#mozilla-can-update-or-terminate-this-agreement

6. No discrimination against fields of endeavor

Rationale:

The terms of use don't allow you to use Firefox to break the law. While this seems a reasonable term, it wouldn't be so reasonable for a disident in an oppressive country.

you agree that you will not use Firefox to [...] violate any
applicable laws or regulations.

...

Apart from these violations of the DFSG, Firefox has now permission to leak user data to Mozilla, and who knows who else they decide to sell it later. This is a security bug.

You give Mozilla all rights necessary to operate Firefox,
including processing data as we describe in the Firefox Privacy
Notice, as well as acting on your behalf to help you navigate
the internet.  When you upload or input information through
Firefox, you hereby grant us a nonexclusive, royalty-free,
worldwide license to use that information to [...]

cross-posted from: https://lemmy.sdf.org/post/30887912

Here is the report Security and Trust: An Unsolvable Digital Dilemma? (pdf)

Police authorities and governments are calling for digital backdoors for investigative purposes - and the EU Commission is listening. The Centre for European Policy (cep) warns against a weakening of digital encryption. The damage to cyber security, fundamental rights and trust in digital infrastructures would be enormous.

[...]

The debate has become explosive due to the current dispute between the USA and the UK. The British government is demanding that Apple provide a backdoor to the iCloud to allow investigating authorities access to encrypted data. Eckhardt sees parallels with the EU debate: "We must prevent the new security strategy from becoming a gateway for global surveillance." Technology companies such as Meta, WhatsApp and Signal are already under pressure to grant investigators access to encrypted messages.

"Once you install a backdoor, you lose control over who uses it," says Küsters. Chinese hackers were recently able to access sensitive data through a vulnerability in US telecommunications networks - a direct consequence of the infrastructure there. Instead, Küsters advocates a strategy of "security by design", i.e. designing systems securely from the outset, and the increased use of metadata analyses and platform cooperation as viable alternatives to mass surveillance.

[...]

Lessons from across the Atlantic?

A recent episode from the US provides an illustrative cautionary tale. For decades, some US law enforcement and intelligence agencies advocated “exceptional access” to encrypted communications, claiming that only criminals needed such robust privacy protections – echoing the current debate in the EU. But over the past months, a dramatic shift occurred following revelations that Chinese state-sponsored hackers had infiltrated major US telecommunications networks, gaining access to call metadata and possibly even live calls (the so-called “Salt Typhoon” hack).

Specifically, the Chinese hackers exploited systems that US telecom companies had built to comply with federal wiretapping laws such as Communications Assistance for Law Enforcement Act (CALEA), which requires telecommunications firms to enable “lawful intercepts”. In theory, these built-in channels were supposed to only give law enforcement an exclusive window into suspect communications. In practice, however, they became a universal vulnerability that hostile actors could just as easily exploit.

Suddenly, the very government voices that once dismissed end-to-end encryption began recommending that citizens use encrypted messaging apps to maintain their security.

**What can we learn from this? **

While governments often push for greater surveillance capabilities, the real and current threat of state-sponsored cyber-espionage demonstrates the indispensable value of strong encryption. As the Electronic Frontier Foundation has noted, Salt Typhoon shows once more that there is no such thing as a backdoor that only the “good guys” can use.

If the mechanism exists, a malicious party will eventually find it and weaponise it. The lesson for Europe is clear: undermining encryption to aid investigations may prove short-sighted if it also exposes citizens – and state institutions – to hostile foreign interference. Is this really what we want to do in an increasingly challenging geopolitical environment? The debate about ensuring lawful and effective access to data in the digital age will remain one of the most pressing challenges, so we need to ask whether there are alternative, viable models.

[...]

cross-posted from: https://lemmy.sdf.org/post/30804814

A former senior Facebook executive has told the BBC how the social media giant worked "hand in glove" with the Chinese government on potential ways of allowing Beijing to censor and control content in China.

Sarah Wynn-Williams - a former global public policy director - says in return for gaining access to the Chinese market of hundreds of millions of users, Facebook's founder, Mark Zuckerberg, considered agreeing to hiding posts that were going viral, until they could be checked by the Chinese authorities.

Ms Williams - who makes the claims in a new book - has also filed a whistleblower complaint with the US markets regulator, the Securities and Exchange Commission (SEC), alleging Meta misled investors. The BBC has reviewed the complaint.

Facebook's parent company Meta, says Ms Wynn-Williams had her employment terminated in 2017 "for poor performance".

It is "no secret we were once interested" in operating services in China, it adds. "We ultimately opted not to go through with the ideas we'd explored."

[...]

Ms Wynn-Williams says her allegations about the company's close relationship with China provide an insight into Facebook's decision-making at the time.

[...]

Ms Wynn-Williams claims that in the mid-2010s, as part of its negotiations with the Chinese government, Facebook considered allowing it future access to Chinese citizens' user data.

"He was working hand in glove with the Chinese Communist Party, building a censorship tool… basically working to develop sort of the antithesis of many of the principles that underpin Facebook," she told the BBC.

Ms Wynn-Williams says governments frequently asked for explanations of how aspects of Facebook's software worked, but were told it was proprietary information.

"But when it came to the Chinese, the curtain was pulled back," she says.

"Engineers were brought out. They were walked through every aspect, and Facebook was making sure these Chinese officials were upskilled enough that they could not only learn about these products, but then test Facebook on the censorship version of these products that they were building."

[...]

In her SEC complaint, Ms Wynn-Williams also alleges Mr Zuckerberg and other Meta executives had made "misleading statements… in response to Congressional inquiries" about China.

One answer given by Mr Zuckerberg to Congress in 2018 said Facebook was "not in a position to know exactly how the [Chinese] government would seek to apply its laws and regulations on content"

[...]

We're very happy to share Techlore's video review of the BusKill Kill Cord.

Can't see video above? Watch it on PeerTube at neat.tube or on YouTube at youtu.be/Zns0xObbOPM

Disclaimer: We gave Techlore a free BusKill Kit for review; we did not pay them nor restrict their impartiality and freedom to publish an independent review. For more information, please see Techlore's Review Unit Protocols policy. We did require them to make the video open-source as a condition of receiving this free review unit. The above video is licensed CC BY-SA; you are free to redistribute it. If you are a video producer and would like a free BusKill Kit for review, please contact us

To see the full discussion about this video on the Techolore forums, see:

• discuss.techlore.tech/t/buskill-secure-your-laptop-in-seconds

Support BusKill

We're looking forward to continuing to improve the BusKill software and looking for other avenues to distribute our hardware BusKill cable to make it more accessible this year.

If you want to help, please consider purchasing a BusKill cable for yourself or a loved one. It helps us fund further development, and you get your own BusKill cable to keep you or your loved ones safe.

Buy a BusKill Cable
https://buskill.in/buy

You can also buy a BusKill cable with bitcoin, monero, and other altcoins from our BusKill Store's .onion site.

Stay safe,
The BusKill Team
https://www.buskill.in/
http://www.buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/

cross-posted from: https://lemmy.sdf.org/post/30014783

U.S. Federal Trade Commission urged to investigate Google’s RTB data in first ever complaint under new national security data law.

Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by Enforce and EPIC. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.

The complaint (open pdf) targets a major part of Google’s business: Google’s Real-Time Bidding (RTB) system dominates online advertising, and operates on 33.7 million websites, 92% of Android apps, and 77% of iOS apps. Much of Google’s $237.9 billion advertising revenue is RTB.

Today’s complaint reveals that Google has known for at least a decade that its RTB technology broadcasts sensitive data without any security, according to internal Google discussions highlighted in today’s complaint.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls (example) to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. Even Google’s so called “non personalized” data contains dangerous data.

[...]

cross-posted from: https://lemmy.sdf.org/post/30014356

The General Data Protection Regulation (GDPR) was designed to put people’s rights at the centre of the digital economy, ensuring strong safeguards against data exploitation and corporate or state overreach. However, nearly six years after its enforcement, the reality falls short of the promise. Large technology companies have repeatedly delayed and obstructed procedures, while inconsistencies between -and other practices of- Data Protection Authorities (DPAs) have left individuals without effective redress.

The GDPR Procedural Regulation offers a rare opportunity to fix systemic weaknesses by streamlining cross-border enforcement, reducing delays, and ensuring consistency in cross-border cases. If done right, it could restore trust in the GDPR and reaffirm the EU’s leadership in protecting fundamental rights in the digital age. But if weakened by loopholes and inefficiencies, it risks entrenching existing problems and setting a dangerous precedent for digital rights enforcement.

Civil Society’s Call to Action

The letter (opens pdf) —signed by a broad coalition of human rights organisations—urges negotiators to ensure that the Regulation upholds the GDPR’s original vision of strong, meaningful enforcement. Key concerns include:

• Delays and procedural asymmetries: Some DPAs, particularly in jurisdictions where major tech companies are headquartered, have systematically delayed decisions, leaving individuals without redress while companies continue to profit from unlawful practices.
• Unpaid fines and ineffective deterrence: Despite high-profile GDPR fines, enforcement remains inconsistent, with some penalties going unpaid for years, eroding the credibility of the framework.
• Loopholes in early trilogue drafts: Provisions under discussion could inadvertently introduce new complexities rather than resolving existing inefficiencies, creating further barriers to enforcement.

[...]

cross-posted from: https://lemmy.dbzer0.com/post/36880616

Help Combat Internet Censorship by Running a Snowflake Proxy (Browser or Android)

Internet censorship remains a critical threat to free expression and access to information worldwide. In regions like Iran, Russia, and Belarus, journalists, activists, and ordinary citizens face severe restrictions when trying to communicate or access uncensored news. You can support their efforts by operating a Snowflake proxy—a simple, low-impact way to contribute to a freer internet. No technical expertise is required. Here’s how it works:

What Is Snowflake?

Snowflake is a privacy tool integrated with the Tor network. By running a Snowflake proxy, you temporarily route internet traffic for users in censored regions, allowing them to bypass government or institutional blocks. Unlike traditional Tor relays, Snowflake requires minimal bandwidth, no configuration, and no ongoing maintenance. Your device acts as a temporary bridge, not a permanent node, ensuring both safety and ease of use.

Is This Safe for Me?

Short answer: Yes.

Long answer: pobably. Here is why:

• Your IP address is not exposed to the websites they access. So, you don't have to worry about what they are doing either. You are not an exit node.
• No activity logs. Snowflake cannot monitor or record what users do through your connection. The only stored information is how many people have connected to your bridge. Check docs for further info on this.
• Low resource usage. The data consumed is comparable to background app activity—far less than streaming video or music.
• No direct access to your system
• No storage of sensitive data. Snowflake proxies do not store any sensitive data, such as IP addresses or browsing history, on your system.
• Encrypted communication. All communication between the Snowflake proxy and the Tor network is encrypted, making it difficult for attackers to intercept or manipulate data.

You are not hosting a VPN or a full Tor relay. Your role is limited to facilitating encrypted connections, similar to relaying a sealed envelope.

Your IP address is exposed to the user (in a P2P-like connection). Be mindful that your ISP could also potentially see the WebRTC traffic and the connections being made to it (but not the contents), so be mindful of your threat model.

For most users, it is generally safe to run Snowflake proxies. Theoretically, your ISP will be able to know that there are connections being made there, but to them it will look like you're calling someone on, say, Zoom.

Historically, as far as we know, there haven't been any cases of people getting in legal trouble for running entry relays, middle relays, or bridges. There have a been a few cases of people running exit nodes and getting in trouble with law enforcement agencies, but none of them have been arrested or prosecuted as far as I know it. If you are aware of any cases, let me know so I can update this post.

Do not hesitate to check Snowflake's official documentation for further reference and to make informed decisions.

How to Set Up a Snowflake Proxy

Option 1: Browser Extension (Brave, Firefox, or Chrome)

1. Install the Snowflake extension.
2. Click the Snowflake icon in your browser toolbar and toggle "Enable Snowflake."
3. Keep the browser open. That’s all.

Note: Brave users can enable Snowflake directly in settings. Navigate to brave://settings/privacy and activate the option under "Privacy and security."

Option 2: Android Devices via Orbot

1. Download Orbot (Tor’s official Android app).
2. Open the app’s menu, select "Snowflake Proxy," and toggle it on.
3. For continuous operation, keep your device charged and connected to Wi-Fi.

Your device will now contribute as a proxy whenever the app is active.

Addressing Common Concerns

• Battery drain: Negligible. Snowflake consumes fewer resources than typical social media or messaging apps.
• Data usage: Most users report under 1 GB per month. Adjust data limits in Orbot’s settings or restrict operation to Wi-Fi if necessary.

Why Your Participation Matters

Censorship mechanisms grow more sophisticated every year, but tools like Snowflake empower ordinary users to counteract them. Each proxy strengthens the Tor network’s resilience, making it harder for authoritarian regimes to isolate their populations. By donating a small amount of bandwidth, you provide someone with a critical connection to uncensored information, education, and global dialogue.

Recent surges in demand—particularly in Russia—highlight the urgent need for more proxies. Your contribution, however small, has an impact.

By participating, you become part of a global effort to defend digital rights and counter censorship. Please, also be mindful of your threat mode and understand the potential risks (though very little for most people). Check Snowflake's official documentation for further reference and don't make any decisions based on this post before taking your time to read through it.

Please share this post to raise awareness. The more proxies, the stronger the network.

– llama

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #009

For more information about BusKill canaries, see:

• https://buskill.in/canary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-01-14
Period: 2025-01-01 to 2025-06-01
Expiry: 2025-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is January 14, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

None.

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

14 Jan 25 01:01:33 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
A Miracle? Pope Francis Helps Transsexual Prostitutes in Rome
Boost for the Right Wing: Why Did a German Newspaper Help Elon Musk Interfere in German Politics?

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
What an Upended Mideast Means for Trump and U.S. Gulf Allies
Russia and Ukraine Battle Inside Kursk, With Waves of Tanks, Drones and North Koreans

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Gaza ceasefire deal being finalised, Palestinian official tells BBC
Watch: Moment man is saved from burning LA home

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
0000000000000000000042db9e17f012dcd01f3425aa403e29c28c0dc1d16470

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmeFuPcACgkQaLi8sMUC
OQXctQ//Zv7RZXPKMMyjMjfE2LjrL6RVESIZMT2tUO/y0wx8XTXKBpgOA7fTh2eC
BHkLajpU/S3LOb+wBniuo29tpGJHG5MBWDwyNUAWXqZfJ/A9YNikNYq9lOn6nKSH
oHyLB8h2nP9rfQ2wXUtN6lFJVKWU5Ef5pjMQb8flJO2kbou7QpgcOzxvRqrXOUcN
UumjSlDTtwIOYOX+Ee8SamI4LyApOlwxIGMbFcbRMcJNhtioS4qCGNGw1pqhvqmF
pi1kIaqd79I8y1U9ufncvC+pbCEvRdo+wb7ZsXA9ZYpYfJSQJzSkdCGgkbe0b1Tx
6CNlcgoXIVaEH6/W+C2DFlyG1u4JuH22eXIrloYnjOxlqSJCd0Dw1EeO33tg3xg3
tfeO9pGOcZPOwlBL509VlE9z6W3czyKJk7Z4RwYXCFYWWi8vlHvRQg0LNu0C4Jyw
fRV2LlMSeUgBz9xyE62jh/BUNZzXsD0ntprR1eRTkeW4kOGEc6Wql4lBKE08sajT
YdgTi4ojrcfTdS7Sgzh1Onh5h/nF7hoyCX0lINgyTrJFMynC6qadTZtiJ2yO8GT+
Ovk9ZJMggBMNr4Vbw6CyrU/4yYMyrEd5dzXYZLZ41lMMpjwM8OBJ/yp1pcGo9vk4
NTAjUQUvOj6nrA/r3j2ywFMDZtFR/jBjXULWE77ca3iJmc/FUdg=
=xahN
-----END PGP SIGNATURE-----

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

cross-posted from: https://beehaw.org/post/17950455

In the judgment C-416/23, the Austrian Data Protection Authority (DSB) received a slap in the face from the CJEU. The authority has – arbitrarily – set the number of complaints that data subjects can file at a maximum of two per month, even if one is affected by GDPR violations almost daily. The CJEU has now made it clear: as long as you do not file abusive complaints, all users have the right to have any GDPR violation remedied by the DSB. Unfortunately, Data Protection Authorities (DPAs) trying to get rid of complaints isn't just an Austrian problem. Our figures show an EU-wide problem with DPA inactivity.

cross-posted from: https://eviltoast.org/post/10253328

I could not place a call over VOIP, so I logged into my voip account on the website where my account is managed. Saw the usual tabs for checking my balance, call history, profile, etc. Plus a new tab “KYC”.

WTF people. KYC has turned my bank into a police station that pisses all over privacy. What’s going on here? Is it that no one resisted KYC in banking, so now they have decided to start deploying it in other areas?

Entering the KYC tab tells me:

“Your account is unverified. We need:

• selfie of you holding your ID card
• copy of your ID card
• utility bill or bank statement

This is so fucked up. Have any other VOIP users noticed this?

It turns out I can still make calls -- it was just a temporary glitch. But I guess I should ditch this VOIP provider.

Archived version

[...]

The inquiry will focus on whether TikTok adequately informs users about its advertising policies and provides them with the opportunity to opt in rather than opt out.

[...]

Concerns have been raised that TikTok, owned by the Chinese company ByteDance, does not fully disclose the details of its terms of service and privacy policy at the time users sign up. Under South Korean law, digital platforms are required to give users the freedom to decide if they wish to receive marketing communications, ensuring that consent is obtained clearly and transparently prior to any such communications being sent.

[...]

The [South Korean media regulator Korea Communications Commission] KCC's probe into TikTok comes amidst a broader global conversation about the responsibilities of social media platforms in protecting user data. As authorities worldwide seek to enforce stricter data protection measures, companies must navigate complex legal landscapes to maintain user trust and compliance.

[...]

I call my credit card supplier to make a payment over the phone. This is because other payment methods are a shitshow¹. The robot says it will record my voice and use it for verification purposes. I’m not okay with that so I press buttons until a human comes on. I order the payment to draw from a checking acct. Then the operator transferred me a bot that said “state your name to confirm this payment”. Now what? I was trapped.

I wonder if this is something I should be giving a shit about. My data is routinely exfiltrated by criminals. I’m not sure if voice prints are being stolen in that way or how they might be used. Perhaps voice print is even more secure for the consumer. If the voiceprint cannot be used to create a voice, only to verify it, then a voice print may even be less useful for criminals than security questions. Any thoughts on this?

¹ (billpay is outsourced likely to a privacy abuser; will not do autopay because I want control [the purpose of privacy]; mailing a paper check is best for privacy but cannot be bothered for various reasons).

One of my banks is threatening to freeze my account unless I disclose my residential address where I sleep at night (with proof! Thus all info that proof comes with). Their privacy policy starts with the standard “we take privacy seriously” then they go on to say deeper in the doc that they may share my personal info around to the full extent allowed by law (using weasel words that try to imply the contrary to sloppy/fast readers), vaguely to credit bureaus (who I have no contract with and who will share the data further, or leak it in a breach). This bank claims “regulations require…” No, they do not. The regs say they must collect residential address OR business address, or if those are not available an address to a family member. So the bank is bullshitting.

At the same time, another bank says in so many words: sorry to inform you we were breached. Cyber criminals have all your sensitive info. We take privacy and security seriously. We offer you a credit monitoring subscription to compensate you. If you are interested, you can share your sensitive info with that monitoring org, who in turn will share the info with their subcontractors. And anonymous access is blocked so you must also share your IP address.

In light of these two shitty¹ banks, I would like to give a big fuck you to those who say:

• “You don’t want your bank to know where you live? What are you hiding? What kind of dodgy shit are you into?”
• “You expect your bank to let you access your account from Tor? LOL. Why don’t you trust your bank with your IP address? Why don’t you want your ISP to know where you bank? What kind of dodgy shit are you into?”
• Bruce Schneiere: “cryptocurrency is a solution looking for a problem”
• “Cash is for tax evaders. You have no legitimate cause to demand cash payment or to pay in cash.”
• “A cashless society protects us from criminals & money launderers”

In the very least, we need a general right to be unbanked.

¹ I don’t mean two imply these to banks are exceptionally shitty. They are just like any bank. All banks, credit unions, etc, are shitty in the same way.

(edit) Bank B also waited several months after they knew of the breach to inform me. So I imagine there were months of backroom chatter: “can we hide this? Do we have to tell the press and the victims?” They must have spent those months debating about whether or not to tell victims. Makes me wonder how many other breaches I was exposed to by banks without my knowledge.

cross-posted from: https://slrpnk.net/post/13145612

(edit) Would someone please ship some counterfeit money through there and get it confiscated, so the police can then be investigated for spending counterfeit money?

Google has an automated tool to detect abusive images of children. But the system can get it wrong, and the consequences are serious.