thenexusofprivacy

threlm4280, 3 months ago to random

Absolutely mind blown today. Found a website that summarizes terms of service for lots of services out there such as Facebook, Reddit, Amazon and others; ranking them from grade A, very good, to grade E, awful. Take a look and you might be shocked by some of the stuff we all miss because we don't read TOS. Needless to say, this is going in my important sites list. https://tosdr.org

privacyint, 3 months ago to random

Do your children know if they're being listened to in the school toilet?

This weeks Schools Week revealed that some schools have installed sensors that "actively listens" to children in the school toilets.

https://schoolsweek.co.uk/schools-install-toilet-sensors-that-actively-listen-to-pupils/

18+ dsalo, 3 months ago to random

What Do We Say to Emily? The Human Cost Of Advertising Data Abuse | AdExchanger https://www.adexchanger.com/data-driven-thinking/what-do-we-say-to-emily-the-human-cost-of-advertising-data-abuse/?ref=404media.co

thenexusofprivacy, 3 months ago (edited 3 months ago) to microsoft

Business is business: Snap, Microsoft, and X endorse the anti-LGBTQ+, pro-censorship KOSA bill

https://privacy.thenexus.today/kosa-snap-x-microsoft/

Why would pro-LGBTQ+ companies like Snap and #Microsoft endorse #KOSA? Business is business! What's important is looking like they're trying to protect children -- even though KOSA would actually harm kids.

Politically, KOSA's anti-LGBTQ+ aspects gives Republicans (and anti-LGBTQ+ tech companies) a reason to get on board. If some of the Democrats who say they're pro-LGBTQ+ Democrats "reluctantly" decide to support it then it's got the votes to pass. On the other hand, if pro-LGBTQ+ Democrats and legislators of both parties who really do want to help kids stick to their guns, then Congress is a lot more likely to do something that actually helps kids.

With quotes from @evangreer of @fight, @melissagira, @zephoria @juliaserano, and @charliejane and links to actions like https://stopkosa.com

kitoconnell, 3 months ago to internet

I won't go into details because they aren't mine to share, but a fash publication dropped dox (real name, location, years of internet history) on an antifascist member of the #fediverse today, based in large part on their activity on @kolektiva dot social and elsewhere on #Mastodon.

Just a reminder that the enemy is aware that we are gathered here and is watching us, and as we head into these dangerous times it's important to remember that. Think twice before posting anything here you wouldn't want linked to you in a court of law, for example. #SocialMedia #fascism #antifa #SecurityCulture #feditips

CoolerPseudonym, 3 months ago to random

Absolutely. Do not use, do not support BetterHelp.

They took patients’ intake questionnaires and sold them to Facebook.

BetterHelp itself is not a ‘covered provider’ under HIPAA. But they heavily implied any data you gave them was HIPAA covered, and would not be shared.

They have been slapped with an $8 million fine by the FTC.

(I think they should be a HIPAA-covered provider, and they should be prosecuted.)

BetterHelp cannot be trusted. Stay away!

https://weirder.earth/@dessertgeek/111854230732895093

hacks4pancakes, 3 months ago to random

Let us have a little chat about the person who accused @brysonbort of gaming RSA talk submissions by submitting a talk with me by "playing the diversity card" to get accepted. And all the people thinking it and simmering.

Thank you kindly for completely devaluing my expertise in my field, which I have worked in daily for over a decade and a half, served as a senior NCO in the military doing, teach, and speak on globally. Whether you consciously intended it or not, you implied I am a diversity token and not an expert in cybersecurity incident response.

It's actually good to purposefully share the stage with underrepresented voices in technology, because we still routinely have entire tech conferences that are 100% white and male speakers because of bad CFP boards and management. That was RSA keynotes, within my professional lifetime. It cost me and my colleagues a lot of goodwill calling them out at the time.

When I am "handed" a speaking slot explicitly because I am not a straight white man, it's usually on a droll topic I am totally unqualified to speak on, like "TeLL uS abOUT beINg a WomAN in TEch" that also devalues my expertise. Side note - this has turned out to be a huge red flag. Often done by people who go on to do Bad Stuff to women.

You, yes you are a prime reason women and nonbinary people don't want to submit to conferences.

Reference (in image):
https://x.com/brysonbort/status/1752474954975637699?s=20

ryanc, 3 months ago (edited 3 months ago) to random

It's been ten years, so a short story about the "gotofail" bug.

Someone came to me about a catastrophic vulnerability in Apple's TLS implementation.

I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.

They didn't know exactly what it was, just some vague details and the key point that it allowed use of the real certificate.

This was enough for me to find the bug (yay open source), which would go on to be known as "gotofail", and produce a working exploit in less than a day.

The details were anonymously back channelled to Apple, who released a fix.

@matthew_d_green posted on Twitter about it, concerned by Apple's vague release notes.

I used a burner phone to share the details with him anonymously.

Then everyone forgot about the whole thing because heartbleed.

¯_(ツ)_/¯

eff, 3 months ago to random

EFF and the ACLU today urged CA’s Attorney General to crack down on police who are still violating state law and Californians’ privacy by sharing automated license plate reader info with out-of-state agencies, putting abortion seekers and providers at risk.

https://www.eff.org/press/releases/dozens-rogue-california-police-agencies-still-sharing-driver-locations-anti-abortion

KOSA isn’t designed to help kids. (zephoria.medium.com)

An excellent article by danah boyd – about bad internet bills in general, not just KOSA. Some of danah’s key points:...

ryansteed, 3 months ago to random

Excited to share a new paper with @abebab, Victor Ojewale, Briana Vecchione & Deb Raji

We surveyed 300+ AI audit studies from academia, civil society, govt etc. to understand what work is being done + how it relates to impact & accountability.

https://arxiv.org/abs/2401.14462

sarahjamielewis, 3 months ago to random

On another fun note regarding clone sites: If you search for the Cwtch messenger on Bing or Duckduckgo the top results for some searches will provide you with clone sites that are not run by the @cwtch team or Open Privacy.

In fact neither cwtch.im nor openprivacy.ca appear to surface in Bing or DDG at all (despite exact clones of the official cwtch site surfacing high up)

The reasons are unclear, but it is deeply concerning that people are being directed to potential malware sites.

mattblaze, 3 months ago to random

Pleased to report that our* new paper, "Bugs In Our Pockets: The Risks of Client-Side Scanning", has been published by the Oxford Journal of Cybersecurity. In it, we examine the folly of using client-side software to detect and report CSAM images.

https://academic.oup.com/cybersecurity/article/10/1/tyad020/7590463

• Harold Abelson, Ross Anderson, Steven M Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G Neumann, Ronald L Rivest, Jeffrey I Schiller, Bruce Schneier, Vanessa Teague, Carmela Troncoso

thomasfuchs, 4 months ago to random

And this, children, is why we never use any Google products https://www.forbes.com/sites/zakdoffman/2024/01/27/new-details-free-ai-upgrade-for-google-and-samsung-android-users-leaks/?sh=26cbdeb68eaf

jvagle, 4 months ago to random

The warrantless purchase of U.S. citizens’ data by intelligence agencies and LEOs raises serious questions our current legal frameworks are not capable of addressing well.

https://www.nytimes.com/2024/01/25/us/politics/nsa-internet-privacy-warrant.html?smid=nytcore-ios-share&referringSource=articleShare

evacide, 4 months ago to random

Every time I post about a victory, some helpful soul feels the need to explain to me why it is hollow or incomplete or they just don’t trust it and surely it will come to nothing.

Thank you, kind sir, for saving me from the moments of joy that I need in order to keep fighting.

thenexusofprivacy, 4 months ago (edited 4 months ago) to random

Steps towards a safer fediverse (DRAFT)

https://privacy.thenexus.today/steps-towards-a-safer-fediverse-draft/

Feedback welcome!

There are some straightforward opportunities for short-term safety improvements, but this is only the start of what's needed to change the dynamic more completely.

#fediverse

evangreer, 4 months ago to random

This is a huge victory for the racial justice and human rights groups that have been working for years to shut down Amazon's surveillance partnerships with police. It doesn't solve all the problems, but we have to take this momentum and keep on fighting https://www.cnn.com/2024/01/24/tech/amazons-ring-video-sharing-with-police/index.html

torproject, 4 months ago to random

It's #DataPrivacyWeek: join us this Thursday for a virtual live event where we discuss the challenges and opportunities of digital rights advocacy in 2024 with a panel of experts. 📺 Set a reminder here: https://www.youtube.com/watch?v=-K8ki7zBArs

gleemie, 4 months ago to sandiego

#SanDiego needs its strong #surveillance ordinance to prevent personal data from ending up in the wrong hands. We must stop SD Mayor #ToddGloria's plan to weaken it.

My op ed about the City Council hearing on Tuesday.

https://www.sandiegouniontribune.com/opinion/commentary/story/2024-01-17/opinion-mayors-effort-to-weaken-surveillance-oversight-threatens-privacy-and-california-values

berniethewordsmith, 4 months ago to mastodon

It is about time for #Mastodon and @Gargron to implement local-only functions. Instance admins need to protect their users properly before a behemoth of hundreds of millions of users like #Meta lands here

zackwhittaker, 4 months ago to random

Powerful testimony by @Tarah to the Senate Homeland Security Committee about the Cyber Safety Review Board, set up by DHS to learn lessons from past cyber incidents.

Wheeler said CSRB members "do not have the time, freedom or authority to conduct independent, thorough investigations" of cybersecurity incidents. In written testimony, Wheeler added: "Depoliticize the CSRB by funding it, giving it subpoena power, and make it an independent civil agency instead of involving political appointees."

404mediaco, 4 months ago to random

New: We've obtained a scraped list of every town and city in the US that is using FUSUS, which are networked, AI-powered surveillance cameras. Have mapped them here:

https://www.404media.co/fusus-ai-cameras-map-local-police/

privacyint, 4 months ago to random

It's not everyday a Big Tech company explicitly shows their users how it shares their personal data across service for targeted advertising. Even less often that it gives them the option to opt-out.

So why is this happening? 🤔

https://www.theverge.com/2024/1/12/24036312/google-digital-markets-act-services-user-data-opt-out

hacks4pancakes, 4 months ago to random

None of us actually enjoy having to call out tech conferences for still in our year 2024 having zero speakers who aren’t white men. Getting lots of comment abuse, legal threats, guilt trips, and being known for that instead of our jobs isn’t like great or fun, actually.