Glass0448, 1 day ago

Mullvad already published a blog post a day after stating they reviewed the vulnerability, and it was closed up during their process of fixing a different vulnerability. mullvad.net/…/evaluating-the-impact-of-tunnelvisi…

That we haven’t heard anything from proton regarding this vulnerability is not a good sign. Article came out on May 6th and proton has only published basic privacy guides.

Glass0448, 1 day ago

Mullvad’s response a day after the article. Come on proton, at least a “we saw the article and are looking into it”.

mullvad.net/…/evaluating-the-impact-of-tunnelvisi…

Evaluating the impact of TunnelVision

May 7, 2024 Security

We evaluated the impact of the latest TunnelVision attack (CVE-2024-3661) and have found it to be very similar to TunnelCrack LocalNet (CVE-2023-36672 and CVE-2023-35838).

We have determined that from a security and privacy standpoint in relation to the Mullvad VPN app they are virtually identical. Both attacks rely on the attacker being on the same local network as the victim, and in one way or another being able to act as the victim’s DHCP server and tell the victim that some public IP range(s) should be routed via the attacker instead of via the VPN tunnel.

The desktop versions (Windows, macOS and Linux) of Mullvad’s VPN app have firewall rules in place to block any traffic to public IPs outside the VPN tunnel. These effectively prevent both LocalNet and TunnelVision from allowing the attacker to get hold of plaintext traffic from the victim.

Android is not vulnerable to TunnelVision simply because it does not implement DHCP option 121, as explained in the original article about TunnelVision.

iOS is unfortunately vulnerable to TunnelVision, for the same reason it is vulnerable to LocalNet, as we outlined in our blog post about TunnelCrack. The fix for TunnelVision is probably the same as for LocalNet, but we have not yet been able to integrate and ship that to production.

Glass0448, 6 days ago

Creative Commons License (CC BY-NC-ND 3.0)

More States Are Allowing Child Support Payments to Reach Children

by Eli Hager

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

It is one of the enduring myths of the U.S. child support system: that payments made by fathers actually make it to their families. And yet, every year, hundreds of millions of dollars in child support is instead intercepted by federal and state governments — as reimbursement for the mother having received welfare at some point.

But that may be changing. Since a 2021 ProPublica investigation found that child support payments totaling $1.7 billion annually were taken from families and redirected into state coffers, at least six states have rewritten their laws and policies to allow the money to flow directly to kids.

New Mexico, where we focused our reporting, made such a change shortly after our story was published. From Wyoming to Illinois, Michigan to Vermont to California, more child support is now going to children. And several other states are considering similar reforms during their upcoming legislative sessions.

This July, Illinois will start “passing through” all child support paid by fathers to their families, instead of pocketing it as repayment for welfare. “The intent of this change is for more families to receive more support,” said Jamie Munks, spokesperson for the Illinois Department of Healthcare and Family Services. A state’s child support system should not be funded by withholding child support from the lowest-income families being served, she said.

“Not passing through money to a family who is already experiencing financial difficulties will likely exacerbate those difficulties and may make them more reliant on government assistance,” Munks added.

Nicole Darracq, assistant director at the California Department of Child Support Services, said that under a new state law her agency has roughly doubled the amount of child support that it is passing through to families currently receiving welfare. There was roughly a $44 million net increase in payments to families from 2019 to 2022, she said.

Darracq added that starting this week, another piece of new state legislation will allow child support that fathers pay to mothers who’ve previously received welfare to go to those moms and their kids, instead of being intercepted. This change will send an additional $160 million to families each year, she said.

According to the National Conference of State Legislatures’ most recent analysis of state laws, at least 26 states and Washington, D.C., pass through some or all child support payments made by fathers to their families that have received welfare, also known as Temporary Assistance for Needy Families. In the other states, the government takes the cash.

The practice of confiscating child support from poor families persists in part because some conservative policymakers believe that welfare provided to single mothers should be considered a loan from taxpayers, to later be repaid by the patriarch of the family.

“Legislators suggest to me that if a family gets both [welfare] and child support, they’re ‘double-dipping,’” Jim Fleming, past president of both the National Council of Child Support Directors and the National Child Support Enforcement Association, told ProPublica in 2021. “That argument is still out there,” he said, although it is “becoming more and more of a minority view.”

Glass0448, 6 days ago

Creative Commons License (CC BY-NC-ND 3.0)

Sports Team Owners Face New Scrutiny From IRS Over Tax Avoidance

by Robert Faturechi, Ellis Simani and Justin Elliott

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

The IRS has launched a campaign to examine whether wealthy taxpayers are violating the law when using their ownership of sports teams to save large amounts in taxes.

The effort will focus on sports industry entities that are reporting “significant tax losses” to “determine if the income and deductions driving the losses” are lawful, according to the IRS announcement earlier this year. That announcement, which consisted of one sentence on a webpage devoted to compliance campaigns by the IRS division that focuses on large businesses, did not specify what kinds of abuses the agency will be looking for.

The initiative comes after ProPublica, drawing on leaked IRS data, revealed how billionaire team owners frequently report incomes for their teams that are vastly lower than their real-world earnings.

When someone buys a business, they’re often able to deduct almost the entire sale price against their income during the ensuing years. That allows them to pay less in taxes. The underlying logic is that the purchase price was composed of assets — buildings, equipment, patents and more — that degrade over time and should be counted as expenses. Owners of sports franchises routinely avail themselves of such deductions, which can be worth hundreds of millions of dollars.

But in few industries is that tax treatment more detached from economic reality than in professional sports. Teams’ most valuable assets, such as TV deals and player contracts, are virtually guaranteed to regenerate because sports franchises are essentially monopolies. There’s little risk that players will stop playing for their teams or that TV stations will stop airing their games. But the team owners still get to deduct the value of those assets over time, sometimes billions of dollars’ worth, from their taxable income.

It helps billionaire sports team owners pay far lower income tax rates than the athletes they employ or even the low-wage workers who sell food or clean their stadiums.

ProPublica’s 2021 article traced how owners, starting with the late baseball showman Bill Veeck decades ago, persuaded the IRS to accept a “gimmick” that allows owners to take massive depreciation write-offs.

Among those benefiting was Steve Ballmer, the billionaire owner of the Los Angeles Clippers and former CEO of Microsoft. His tax records showed that in recent years his basketball team had reported $700 million in losses for tax purposes, despite indications that the Clippers’ real-world financial results were often profitable.

That allowed Ballmer to legally not pay tax on any real-world Clippers profits, and to offset his other income and cut his tax bill. His spokesperson said at the time that Ballmer “has always paid the taxes he owes.”

The practice helps create a counterintuitive overall tax picture that upends conventional wisdom about how taxation works in America. ProPublica found that billionaire owners like Ballmer are consistently paying lower income tax rates than their millionaire players — and often lower even than the rates paid by the concessions workers who staff their stadiums.

The IRS did not immediately respond to questions from ProPublica about what prompted the initiative and what abuses it’s investigating.

In an analysis for clients, the law firm Morgan Lewis credited the IRS campaign to several factors: an increased enforcement budget, criticism that wealthy taxpayers are not audited frequently enough and ProPublica’s reporting.

“The IRS may be acting on its promise to restore ‘fairness’ in tax compliance by taking more shots at partnerships and high-wealth individuals, including sports team owners,” the firm wrote. “With the Sports Industry Losses campaign, the sports industry looks to be the next opponent in the IRS arena.”

Clay Hodges, a tax planning specialist at the firm Moss Adams, said in an interview that the IRS usually selects areas to focus enforcement efforts based on evidence that it will find unpaid taxes. While it’s impossible to judge the IRS’ motivation based on its public announcement, he said, he noted the regular headlines of sports team owners selling teams for huge profits.

“When they announce these campaigns, the IRS is very strategic,” he said. “It’s more than just a fishing expedition. They think it will bear fruit.”

Glass0448, 7 days ago

@TheHooligan95 Lol. Torrenting is sharing. And for now you haven’t been visited, but I’m certain Hollywood will pay a visit to your local enforcer chief to explain to him the technicalities over fine wine & dinner.

The risk is still there. Keep your share ratios to 3 so you don’t look like a big problem as @Melkath put it. And when you get a letter from somebody complaining, it’s time to start looking into a VPN.

The second best thing to do is your own research into your country’s laws, and subscribing to e-mail alerts so you can know if the law will change. At least a google alert at a minimum.

Glass0448, 6 days ago

I just want a you tube channel of some guy with a spectrogram machine testing user voted products available via retail. Lets let videos go viral when they discover lead in mayo.

Glass0448, 6 days ago

Creative Commons License (CC BY-NC-ND 3.0)

EPA Proposes Ban on Pesticide Widely Used on Fruits and Vegetables

by Sharon Lerner

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

The Environmental Protection Agency unveiled a proposal this week to ban a controversial pesticide that is widely used on celery, tomatoes and other fruits and vegetables.

The EPA released its plan on Tuesday, nearly a week after a ProPublica investigation revealed the agency had laid out a justification for increasing the amount of acephate allowed on food by removing limits meant to protect children’s developing brains.

In calling for an end to all uses of the pesticide on food, the agency cited evidence that acephate harms workers who apply the chemical as well as the general public and young children, who may be exposed to the pesticide through contaminated drinking water.

Acephate, which was banned by the European Union more than 20 years ago, belongs to a class of chemicals called organophosphates. U.S. farmers have used these pesticides for decades because they efficiently kill aphids, fire ants and other pests. But what makes organophosphate pesticides good bug killers — their ability to interfere with signals sent between nerve cells — also makes them dangerous to people. Studies have linked acephate to reductions in IQ and verbal comprehension and autism with intellectual disability.

Environmental advocates, who have been pushing the agency to restrict and ban acephate for years, said they were not expecting the agency to make such a bold move.

“I’m surprised and very pleased,” said Patti Goldman, a senior attorney at Earthjustice, who has been part of a farmworker led group that expressed concerns to EPA officials over the past years about the ongoing use of acephate and other organophosphates.

As much as 12 million pounds of acephate were used on soybeans, Brussels sprouts and other crops in 2019, according to the most recent estimates from the U.S. Geological Survey. The federal agency estimates that up to 30% of celery, 35% of lettuce and 20% of cauliflower and peppers were grown with acephate.

A draft risk assessment issued in August by the EPA’s Office of Pesticide Programs found “little to no evidence” that acephate and a chemical created when it breaks down in the body harm the developing brain. The document said there was no justification to keep restrictions on the bug killer that are designed to protect children from developmental harm. Removing that layer of protection would allow 10 times more acephate on food than is acceptable under the current limits.

The draft risk assessment’s conclusion relied in large part on the results of a new battery of tests that are performed on disembodied cells rather than whole lab animals.

The tests have been in development for years, but the EPA’s review of acephate’s effects on the developing brain marked one of the first times the agency had recommended changing a legal safety threshold largely based on their results.

Multiple science groups, including panels the EPA created to help guide its work, had discouraged using the nonanimal tests to conclude a chemical is safe. A member of the Children’s Health Protection Advisory Committee, one of the panels providing guidance to EPA, described the earlier acephate proposal as “exactly what we recommended against.”

But even as it proposed a new outcome this week, the EPA did not change its stance on the use of the cell-based tests.

“Even in this good news proposal, the EPA continues to misuse the cell-based assays,” said Jennifer Sass, a senior scientist at the environmental advocacy organization Natural Resources Defense Council.

Sass said she believes that both pressure from advocates and questions from journalists helped the EPA decide to change course on acephate. ProPublica began submitting a series of detailed inquiries to the agency about the pesticide starting in January.

An EPA spokesperson said late Tuesday that the agency had been working for months on its proposal to ban acephate from food and that neither advocates nor journalists played a role in the decision.

The EPA proposal would ban acephate on all plants with the exception of trees that do not produce fruit or nuts.

While lauding the proposed ban, Nathan Donley, a scientist at the Center for Biological Diversity, expressed concern about the possibility that, after pesticide companies and agricultural groups respond to the proposal, the agency might not finalize its proposed ban. (The agency is accepting public comments through its portal until July 1.)

“The pushback on this is going to be really intense,” Donley said. “I hope they stick to their guns.”

Glass0448, 8 days ago

Well you see, those victims are just untouchables, whereas Pirates attack the property of the rich…

Glass0448, 9 days ago

This was an interesting side effect to discover about climate change. As the need for change increases, conservatives gain more power.

Glass0448, 9 days ago

Recognize him for a different OG status:

His work was so bad that all the “internet nerds” worked overnight trying to disprove him.

Glass0448, 9 days ago (edited 4 days ago)

Your complaints should be in the donation message.

Glass0448, 9 days ago

It is everybody’s job to help the poor

Glass0448, 9 days ago

Except if y’all forget about the promise, in time for us to make another 10 year goal!

Glass0448, 9 days ago

I kinda like the baseline security advantages. Not that android can’t be better in security, but none of my friends give a shit, and so my iphone friends walk around with better baseline security.

old.reddit.com/user/ghostinshell000

hello ,

ok, here is more than a few posts on this. that said: both have made alot of strides recently, basically the order of consensus is:

• a google pixel flashed with graphaneos
• iphone
• pixel
• samsung and use adb to remove everything you can.

also, how the devices are setup and used matter alot. other than a pixel + graphaneos, iphones tend to be better at privacy but the devil is in the details. iphones are also more “hygienic” in alot of ways, that you cant see. BUT android is open source for the most part, and are HGIGHLY configurable. and hardware wise has wider variety of choices.

security wise also pixel + graphaneos tends to be top shelf. but iphones, tend to have decent track record. and with proper setup and some addons, it really locks down pretty decently. for other androids, the proper addons, and adb mode to remove all the junk.

support wise? pretty much apple kills it, and everyone else is second and in some cases really distant second or even worse. also google does csam scanning and has blocked folks in false positives and the support structure does not have any way for manual review to get your account back it takes months of fighting them from the reports I have read.

this is all part of the really bad support model thats google. while, google one support of easy things is decent, when it gets real your chances get dicey…

apples support is decent on all levels, not great but decent and in almost all cases better then googles.

data protection? its an apple game now, you can enable adp and the key that encrypts your data is yours and apple documents what key encrypts what data. google, on the other hand, says they encrypt things but the dont really have any good documentation on whats encrypted and whos key encrypts what noor do they allow you to use a key you create like apple does.

backup and recover? while they both do it, apples backup and restore is light years better, googles works, but app level stuff the app devs must create a manifest which tells the backup process what to backup etc. so, over all they both work, its just that apples works better.

applepay vs googlepay, they both work and both are secure, but apples doing full tokenization and googles doing virtual credit card numbers to front for your real card, googles nebales more compatibility with banks easier, apple requires actual setup and key exchanges to onboard each bank. but in the long run while both are considered good, apples is the better way.

IOT and automation, both have a ton of automation, tho googles probably ahead here. but for the iot and home stuff a new standard “matter” will standardize it all so future state wont matter what device you have.

thats it for now.

Glass0448, 9 days ago

SCOTUS has not yet decided that a password in your brain is protected by the fifth.

Your phone is protected by the fifth.

Until SCOTUS decides that passwords are protected by the fifth, you can be held in contempt of court by a judge indefinitely because you forgot the password (theoretical scenario, has not yet happened).

Glass0448, 7 days ago

I take issue with the statement “passwords are protected by the fifth amendment”.

SCOTUS is not guaranteed to affirm that above statement.