Yahoo didn't install an NSA email scanner, it was a "buggy" NSA "rootkit"

national_security_agency_headq

Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources -- at least one of whom worked on the security team -- say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool. Read the rest

Hundreds of cops misuse databases yearly, says report

alexis-dekany

An investigation by the Associated Press found 675 police officers were jailed or disciplined for misusing police databases from 2013 to 2015, and that's just the ones who were caught.

Read the rest

Yahoo says hack of 500 million users "state-sponsored," but a security firm calls bullshit

Yahoo logo at Mobile World Congress in Spain. February 24, 2016. REUTERS

So, that huge hack of 500 million Yahoo user accounts last week that Yahoo blamed on a "state-sponsored actor"? A private internet security firm is calling bullshit on the "state-sponsored" part.

Read the rest

I have found a secret tunnel that runs underneath the phone companies and emerges in paradise

netgear-fuse

Calyx is a famous, heroic, radical ISP that has been involved in groundbreaking litigation -- they were the first company to ever get a secret Patriot Act warrant unsealed, fighting for 11 years to overturn the gag order. Read the rest

Snowden on Allo: It's “Google Surveillance,” so “Don't use” messaging and personal assistant app

bn-ob928_googap_p_201605181536

Edward Snowden's take on Allo is “Nope.” Google's decision to back off a previously promised privacy feature for Allo earned it a thumbs-down from the NSA whistleblower, who received asylum from Russia after exposing the NSA's secret domestic surveillance programs. Allo, a personal messaging and assistance app which lacks previously promised security safeguards, amounts to “Google Surveillance,” Snowden tweeted Wednesday. So “Don't use Allo.”

Read the rest

Xiaomi phones are pre-backdoored; your apps can be silently overwritten

iC1yJL.kSM3w

Thijs Broenink audited the AnalyticsCore.apk app that ships pre-installed on all Xiaomi phones (Xiaomi has their own Android fork with a different set of preinstalled apps) and discovered that the app, which seemingly serves no useful purpose, allows the manufacturer to silently install other code on your phone, with unlimited privileges and access. Read the rest

Join me at EFF's 25th Pioneer Awards in San Francisco next Wednesday

pioneer-650-banner-2

Nicole from EFF writes, "The Electronic Frontier Foundation is excited to host the 2016 Pioneer Awards in San Francisco next Wednesday, September 21 at Delancey Street’s Town Hall Room." Read the rest

Edward Snowden sets out the moral case for a pardon from Obama

050 056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1184

Whistleblower Edward Snowden, exiled in Moscow, has asked the outgoing US president Barack Obama to give him an official pardon before leaving office. Read the rest

Class action suit: smart sex toys spy on their owners and transmit their masturbation habits

WeVibe_homepage-3-22307735413

An anonymous woman has filed a class action suit against Standard Innovation, a company that makes We-Vibe "smart" sex toys that record exactly how their owners masturbate and transmit detailed dossiers, along with personally identifying information, back to the company. Read the rest

Leaked Stingray manual shows how easy warrantless mass surveillance can be!

Screen-Shot-2016-09-12-at-10.16.46-AM-1000x591

The Intercept has got hold of a set of Harris's super-secretive manuals for their even-more-secret Stingray devices: fake cellular towers used to spy indiscriminately on whole populations by hacking their cellphones into giving up identifying information and more. Read the rest

Watch: leaked demo of malware offered to spying governments

1473189548637815

Someone captured and leaked a live presentation by an RCS sales tech, demonstrating his company's cyber-weapon for spying on dissidents, criminals, and whomever else the customer wanted to infect. Read the rest

How surveillance capitalism tracks you without cookies

050 056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1177

Princeton computer science researchers Steven Englehardt and Arvind Narayanan (previously) have just published a new paper, Online tracking: A 1-million-site measurement and analysis, which documents the state of online tracking beyond mere cookies -- sneaky and often illegal techniques used to "fingerprint" your browsers and devices as you move from site to site, tracking you even when you explicitly demand not to be track and take countermeasures to prevent this. Read the rest

The privacy wars have been a disaster and they're about to get a LOT worse

17389515381_6c68678603_b

In my latest Locus column, The Privacy Wars Are About to Get A Whole Lot Worse, I describe the history of the privacy wars to date, and the way that the fiction of "notice and consent" has provided cover for a reckless, deadly form of viral surveillance capitalism. Read the rest

How To Be At War Forever

A man fills barrels with rubble to make a barricade to protect shops in the rebel held Douma area of Damascus, Syria Sep. 2, 2016. REUTERS

If you were the government and wanted to maintain a state of perpetual war, how would you go about it? Read the rest

Unprotected database exposes off-grid energy users in Guatemala, South Africa

Two of the leaked identification cards -- on the left, a South African ID, and a Guatemalan ID on the right. (Image: leaked database, via ZDnet)

An unprotected Kingo Solar database with the personal data and photos for thousands of off-the-grid electricity customers was accessible for months, reports Zack Whittaker at ZDnet. “Thousands of remote villagers in Guatemala and South Africa are living off the grid, but their personal information isn't,” he writes.

Read the rest

WhatsApp wooed users with privacy promise, but will soon share data with Facebook

A Facebook logo is displayed on the side of a tour bus in New York, 2015. REUTERS

The mobile messaging app will soon begin sharing with Facebook the phone numbers and analytics data for its more than one billion users.

When messaging app WhatsApp was acquired by Facebook in 2014, WhatsApp co-founder Jan Koum promised the deal wouldn't affect users' privacy.

Read the rest

Baltimore police respond to report they secretly spied on city with aerial surveillance tech from Iraq War

surveillance-loop

A report out this week from Bloomberg says that since January, 2016, people in the city of Baltimore, Maryland have secretly and periodically been spied on by police using cameras in the sky. Authorities today effectively admitted that the report is accurate.

Read the rest

More posts