Hacker claims $20K in dark web sales of leaked 'World-Check' terrorism watchlist

Reuters

Ever wonder if it's really a good idea for there to be “terrorism watch lists” created by for-profit businesses, with no accountability to the privacy rights of ordinary citizens like you and me?

The best-known of these, Thomson Reuters' “World-Check,” recently leaked to the so-called dark web. The database is compiled from public sources, and is sold by Thomson Reuters to vetted clients in government, intelligence agencies, banks, law firms, and the like.

Read the rest

UK Royal Society's #1 cybersecurity recommendation: don't backdoor crypto

Royal_Society_entrance (1)

The Royal Society, once presided over by Isaac Newton, is one of Britain's most respected learned institutions: that's why it matters so much that the organisation's new report, "Progress and research in cybersecurity," begins by demanding that government "must commit to preserving the robustness of encryption, including end-to-end encryption, and promoting its widespread use. Encryption is a foundational security technology that is needed to build user trust, improve security standards and fully realise the benefits of digital systems." Read the rest

For the first time, a federal judge has thrown out police surveillance evidence from a "Stingray" device

Stingrays -- the trade name for an "IMSI catcher," a fake cellphone tower that tricks cellphones into emitting their unique ID numbers and sometimes harvests SMSes, calls, and other data -- are the most controversial and secretive law-enforcement tools in modern American policing. Harris, the company that manufactures the devices, swears police departments to silence about their use, a situation that's led to cops lying to judges and even a federal raid on a Florida police department to steal stingray records before they could be introduced in open court. Read the rest

How to kick Pokemon Go out of your Google account

mass-surveillance

A privacy trainwreck: Pokemon Go, the hit augmented reality game that's seeing kids and adults alike scouring the real world looking for monsters to nab, quietly gets "full access" to players' Google accounts. And check out the small print that goes with it. Read the rest

Pokemon Go privacy rules are terrible (just like all your other apps)

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1129

Pokemon Go wants access to your Google account (and thus your email and Google Docs) and its privacy policy is a Kafka-esque nightmare document that lets them collect every single imaginable piece of private information about your life and share it with pretty much anyone they want to, forever. Read the rest

Rebate for IoT thermostat requires that you give permission to your utility to read "all data"

ecobee31_B1.png

Aaron writes, "While filling out this seemingly great rebate for $100 for a recently purchased wifi-enabled thermostat, I happened to read the Terms and Conditions, which includes the fact that I must unwittingly agree to share all my thermostat data with my electric and gas companies (It was odd that they asked for my thermostat's MAC address). Because I have an ecobee3, this includes information on how often I'm in my bedroom, or when I'm home or out!" Read the rest

Peak indifference: privacy as a public health issue

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1129

My latest Locus column, "Peak Indifference", draws a comparison between the history of the "debate" about the harms of smoking (a debate manufactured by disinformation merchants with a stake in the controversy) and the current debate about the harms of surveillance and data-collection, whose proponents say "privacy is dead," while meaning, "I would be richer if your privacy were dead." Read the rest

Leaked FBI documents reveal secret rules for spying on journalists with National Security Letters

nsls
Today, The Intercept published leaked documents that contain the FBI’s secret rules for targeting journalists and sources with National Security Letters (NSLs)—the controversial and unconstitutional warrantless tool the FBI uses to conduct surveillance without any court supervision whatsoever.

Read the rest

Facebook: We did ‘a test’ last year using some people's location data to suggest friends

Photo: Reuters

Facebook recently told Fusion reporter Kashmir Hill that Facebook uses location data to recommend friends. People freaked out. Facebook retracted the statement. Then, the social media giant said what, that's crazy, LOL, no. No, we didn't do that at all. Now, Facebook’s communications team tells Hill the confusion arose “because there was a brief time when the social network used location for friend suggestions,” which involved a small percentage of Facebook users and stopped last year.

Read the rest

Privacy invasion? Facebook is using your phone's location data to suggest friends

REUTERS/Dado Ruvic

Well, this sounds like potentially a pretty big deal. Facebook is using smartphone location data to recommend new friends to users, which suggests many possible privacy invasions. This is also a technique NSA uses to track surveillance targets.

Read the rest

Rubber fingertips to use with fingerprint-based authentication systems

988561_2_062416-IdentityPad-Passcode_standard

Mian Wei, a Chinese student at the Rhode Island School of Design, has created an experimental series of fake fingertips with randomly generated fingerprints that work with Apple and Android fingerprint authentication schemes, as well as many others. Read the rest

Snowden publicly condemns Russia's proposed surveillance law

7944280354_2bd08c8917_b

Edward Snowden has taken to Twitter to condemn Russia's proposed "Yarovaya law," which provides prison sentences of 7 years for writing favorably about "extremism" on the Internet, criminalizes failure to report "reliable" information about planned attacks, and requires online providers to retain at least six months' worth of users' communications, 3 years' worth of "metadata" and to provide backdoors to decrypt this material. Read the rest

US Customs and Border Protection wants to ask for your "online presence" at the border

i-94

The week, the US CBP published a notice in the Federal Register proposing a change to the Form I-94 Arrival/Departure Record paperwork that visitors to the US fill out when they cross the border, in which they announce plans to ask travellers to "please enter information associated with your online presence." Read the rest

Don't let the government hack your computer. Tell Congress to stop changes to #Rule41.

Screen Shot 2016-06-21 at 4.48.28 PM
“The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack,” the EFF says. “The changes to Rule 41 would make it easier for them to break into our computers, take data, and engage in remote surveillance.

Read the rest

Russian bill mandates backdoors in all communications apps

800px-Moscow_05-2012_Kremlin_23

A pending "anti-terrorism" bill in the Duma would require all apps to contain backdoors to allow the secret police to spy on the country's messaging, in order to prevent teenagers from being "brainwashed" to "murder police officers." Read the rest

Your cable operator is spying on you and selling the data from your set-top box

TV-T&PC (1).svg

As the fight over the FCC's Unlock the Box plan heats up, the cable and satellite TV companies have pulled out all the stops in a bid to force you to continue spending more than $200/year to rent an insecure, power-hungry, badly designed set-top box, rather than introducing competition by letting you buy your cable-box on the open market. Read the rest

Young Journalist contest: win admission to the HOPE hacker conference

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1096

This summer, NYC's Pennsylvania Hotel will once again fill with joyous hackers as 2600 Magazine celebrates the 11th Hackers on Planet Earth conference (HOPE): I'm giving a keynote, and if you're a student or young journalist, you can win admission to the conference by writing an article about subjects of interest to the event. Read the rest

More posts