What it's like to be spied on by Android stalkerware marketed to suspicious spouses

For $170, Motherboard's Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target's phone (the software's manufacturer sells passcode-defeating apps that help you do this); once it's loaded, you activate it with an SMS and then you can covertly operate the phone's mic, steal its photos, and track its location. Read the rest

Human rights coalition to DHS: don't demand social media passwords from people entering the USA

A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly's remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America to divulge their social media logins as a condition of entry. Read the rest

How to legally cross a US (or other) border without surrendering your data and passwords

The combination of 2014's Supreme Court decision not to hear Cotterman (where the 9th Circuit held that the data on your devices was subject to suspicionless border-searches, and suggested that you simply not bring any data you don't want stored and shared by US government agencies with you when you cross the border) and Trump's announcement that people entering the USA will be required to give border officers their social media passwords means that a wealth of sensitive data on our devices and in the cloud is now liable to search and retention when we cross into the USA. Read the rest

Have your devices and social media been invasively searched at the US border? EFF wants to know about it

After the chaos of the Muslim ban, EFF activists are worried that the TSA's existing policy of invasive data-collection at the border may be getting even worse. They're looking for stories from everyone, but especially citizens and green card holders. Read the rest

The Cyborg Bill of Rights v1.0

Our civil liberties, protections, and rights need to be revised periodically if they are to accompany us as we cross new frontiers. A new frontier looms ahead. More accurately, the new frontier looms within. And it is within our bodies and upon this battlefield that the next electronic rights war will be fought.

Sex club for bi women, some closeted, put all their risqué full-body "audition" photos in a publicly accessible folder

Skirt Club, a sex club "for girls who play with girls," required prospective members to upload "full body" photos with their applications; these photos were stored in world-readable folders with easily guessable names. When the site's owners were contacted about this, they promised action but did nothing for three weeks, and then made an incomplete job of it. They have not notified their users about the breach. Read the rest

After shutting down to protect user privacy, Lavabit rises from the dead

In 2013, Lavabit -- famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA -- shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses. Read the rest

A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages -- UPDATED

Update: Be sure to read the followup discussion, which explains Facebook's point of view, that this is a deliberate compromise, and not a defect, that makes the app more usable for a wide variety of users, while putting them to little additional risk (namely, that Facebook might change its mind; or be forced to spy on its users; or suffer a security breach or internal rogue employee).

When Facebook implemented Open Whisper Systems' end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook's implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past.. Read the rest

Trump's NSA will be able to share its firehose of surveillance data with 16 government agencies (Thanks, Obama)

The new data-sharing rules enacted by the Obama administration will allow the NSA to lawfully share the unredacted, full take of its surveillance databases with sixteen other US government agencies -- meaning that, for example, Trump's door-to-door deportation squads could use that data to figure out who's doors to break down, and his Muslim surveillance database could bootstrap itself with NSA data. Read the rest

Why the Trump era is the perfect time to go long on freedom and short on surveillance

My new Locus column is "It’s Time to Short Surveillance and Go Long on Freedom," which starts by observing that Barack Obama's legacy includes a beautifully operationalized, professional and terrifying surveillance apparatus, which Donald Trump inherits as he assumes office and makes ready to make good on his promise to deport millions of Americans and place Muslims under continuous surveillance. Read the rest

Germany, France and the UK are moving the EU to continuous, unaccountable, warrantless mass surveillance

Recent surveillance laws in Germany, France and the UK require online service providers to store (undoubtedly leaky and infinitely toxic) databases of everything you do online, and allow government agencies to raid these databases without accountability or meaningful oversight). Read the rest

Liberty is crowdfunding a lawsuit to challenge the Snoopers Charter

Liberty UK and The Civil Liberties Trust are raising funds online to fund high-stakes litigation against the UK government over the Snoopers Charter, a mass-surveillance law that requires tech companies and telcos to retain everything you do online and hand it over to government, law enforcement, and private contractors without warrants or even minimal record-keeping. Read the rest

Apple Store employees fired after accusations of snooping on customers' devices for sexual selfies and sharing them

Last October, an Apple Store in Brisbane, Australia terminated some of its employees after they were accused of searching customers' devices for sexually explicit selfies and sharing them with colleagues, rating them on a scale of 1-10. Read the rest

Court rules against UK government's surveillance legislation

A European court has ruled that the UK cannot subject its citizens to indiscriminate data collection unless the data retained is being used solely to fight serious crime, reports the BBC.

The verdict concerns an earlier incarnation of Britain's blanket domestic surveillance plans brought to court by opponensts. It does not specifically address the recently-passed "Snooper's Charter," though experts say it will lead directly to a legal challenge against it. The charter, officially known as the Investigatory Powers Act, requires phone companies and internet providers to maintain records of users' online activity for a year.

One irony of it is that an original champion of the challenge, David Davis, is now Britain's Brexit chief: he left the case after a change of personal circumstances led to a sharp change in his principles regarding privacy.

Mr Davis, who had long campaigned on civil liberties issues, left the case after Theresa May appointed him to her cabinet in July.

Tom Watson, Labour's deputy leader, who is one of those bringing the case, said: "This ruling shows it's counter-productive to rush new laws through Parliament without a proper scrutiny."

The Home Office said it would be putting forward "robust arguments" to the Court of Appeal.

Read the rest

Trump's policies on net neutrality, free speech, press freedom, surveillance, encryption and cybersecurity

Three posts from the Electronic Frontier Foundation dispassionately recount the on-the-record policies of Trump and his advisors on issues that matter to a free, fair and open internet: net neutrality; surveillance, encryption and cybersecurity; free speech and freedom of the press. Read the rest

What every website knows about you

This website shows you all the data any website you visit can find out about you: your location, operating system, browser plugins, previously visited web page, local and public IP, service provider, social media networks you are logged into, devices on your local network, and more. The site also shows you how to hide any of this information that you don't want to reveal. Read the rest

Bruce Schneier's four-year plan for the Trump years

1. Fight the fights (against more government and commercial surveillance; backdoors, government hacking); 2. Prepare for those fights (push companies to delete those logs; remind everyone that security and privacy can peacefully co-exist); 3. Lay the groundword for a better future (figure out non-surveillance internet business models, privacy-respecting law enforcement, and limits on corporate surveillance); 4. Continue to solve the actual problems (cybercrime, cyber-espionage, cyberwar, the Internet of Things, algorithmic decision making, foreign interference in our elections). Read the rest

More posts