Dear Boing Boing readers -- Around 11:30 EST on January 10th, An unknown party logged into Boing Boing's CMS using the credentials of a member of the Boing Boing team. Read the rest
Dear Boing Boing readers --
Around 11:30 EST on January 10th, An unknown party logged into Boing Boing's CMS using the credentials of a member of the Boing Boing team. Read the rest
Ring's response to a group of US senators who questioned the company about its privacy practices reveals that the Amazon subsidiary has had to fire multiple employees who were caught spying on customers' surveillance doorbell cameras and other Ring surveillance footage. Read the rest
[Amazon's surveillance doorbell company Ring sells "security" -- the sense that surveilling your porch or your driveway or your home can make you safe. But when the company experienced a grotesque and completely predictable breach that saw hackers breaking into Ring cameras and spying on and tormenting their owners, Amazon blamed their customers for recycling passwords. In this outstanding Deeplinks post, my EFF colleagues, Cooper Quintin and Bill Budington explain just how odious this victim-blaming really is. -Cory]
Just a week after hackers broke into a Ring camera in a childs’ bedroom taunting the child and sparking serious concerns about the company’s security practices, Buzzfeed News is reporting that over 3,600 Ring owners’ email addresses, passwords, camera locations, and camera names were dumped online. This Includes cameras recording private spaces inside homes. Read the rest
After LifeLabs was hit by a a cyber attack in November, the Canada-based medical lab paid a ransom to recover stolen data belonging to more than 15 million of its customers. That stolen data included usernames, password, and some 80,000 or more test results. Read the rest
Facebook's decision to default to end-to-end encryption for Facebook Messenger prompted the governments of the UK, the USA and Australia to write to Mark Zuckerberg, urging him to delay implementation of the move, warning him that adding working encryption by default would make it harder for spies and cops to do their jobs. Read the rest
In a decision released late Tuesday night, a federal judge ruled that up to 29 million Facebook users whose personal info was stolen in a September 2018 data breach are not entitled to sue Facebook as a group for damages -- but the users may be entitled to demand better personal data security at Facebook. Read the rest
Ride-hailing service Uber has lost its license to operate private hire vehicles in London, after Transport For London authorities discovered that over 14,000 trips were taken with more than 40 drivers operating under fake identities on the Uber app.
The Uber cars won't disappear from London streets right away -- the company plans to appeal. Read the rest
No one knows who owns the Google Cloud drive that exposed 1.2 billion user records, seemingly merged from data-brokers like People Data Labs and Oxydata, who may have simply sold the data to a customer that performed the merge operation and then stuck the resulting files on an unprotected server, which was discovered in October by researcher Vinny Troia using Binaryedge and Shodan. Read the rest
UPDATE: Here is an email I received from Tony Robbins' representative moments after I published this blog post about the Buzzfeed News story. I have appended Mr. Robbins' full statement, and that of his representative Jennifer Connelly, below. -- Xeni Jardin
Connelly, Jennifer 11:23 AM
I represent Mr. Robbins and just saw your story which repeats the false story that BuzzFeed just published. While we appreciate you linking to Mr. Robbins’ Medium article, we respectfully ask that you also include my full media statement, or at the very least link to it.
I have to say I am confused as to why you would republish fake and false news before even reaching out to us for comment? Don’t we deserve the opportunity to comment before you just run with tabloid false news?
This is not ethical journalism and I respectfully request a response from you and your editor. Your headline does not reflect the truth and that is offensive and not credible journalism.
We respectfully request that you run my statement below in full.
Original blog post follows.
Motivational speaker Tony Robbins is accused of sexually assaulting a high schooler at a summer camp, report Buzzfeed's Katie Baker and Jane Bradley in an extensively investigated story just out today. Read the rest
[Rosemary Frei is an independent journalist who broke the story that Google's Sidewalk Labs had quietly sewn up the rights to turn most of Toronto's lakeshore into a surveilling "smart city" (Google/Sidewalk lied about this at first, were cornered, admitted it, and rolled back the plan). Now she's back with a report on last night's "Public Update on Quayside" meeting, where any hope anyone nursed that Google would be pursuing humane urbanism, rather than surveillance and extraction, were firmly dashed. -Cory]
At Waterfront Toronto’s first meeting for the public after its board of directors voted Oct. 31 to continue negotiating with Sidewalk Labs on the parameters of a 12-acre surveillance district, officials from the public agency made it clear they’re already wedded to the Google sister company.
The hundreds of attendees of last night’s ‘Public Update on Quayside’ were each given a package that included a copy of an Oct. 29 letter from Waterfront Toronto President and CEO George Zegarac to Sidewalk Labs’s Chief Development Officer Josh Sirefman. Zegarac lays out in the letter how the two bodies will work closely together -- with Waterfront Toronto taking the lead in on such things as negotiations with all three levels of government – to "develop an ‘Innovation Plan’ to advance and achieve Waterfront Toronto’s priority outcomes." Based on this newly arrived at ‘realignment of Master Innovation and Development Plan threshold issues,’ Waterfront Toronto’s final decision on whether to proceed with the plan will be taken by its board by March 31, 2020. Read the rest
An anonymous source claiming to be an Iraqi patriot sent The Intercept leaks of 900 pages' worth of spy-agency cables and memos sent by Iranian spies in Iraq; James Risen (previously) reported them out in a joint project with the New York Times that reveals how the US's post-invasion nation-building failures created a political vacuum that Iran filled, allowing it to dominate the political and tactical landscape in Iraq. Read the rest
A Pew Study found that 60% of Americans believe that they are being continuously tracked by companies and the government, 69% mistrust the companies doing the tracking, 80% believe that advertisers and social media sites are collecting worrisome data, 79% think the companies lie about breaches, and 80% believe that nothing they do will make a difference. Read the rest
[We've been covering the grimy, sleazy stalkerware industry for years, and so it's nice to see that the FTC is finally taking action against the worst of the worst actors -- pity that they're still getting it wrong, as EFF's Gennie Gephart and Eva Galperin explain in this Deeplinks post that I've mirrored below. -Cory]
The FTC recently took action against stalkerware developer Retina-X, the company behind apps Flexispy, PhoneSheriff, and Teenspy. The FTC settlement bars Retina-X from distributing its mobile apps until it can adequately secure user information and ensure its apps will only be used for “legitimate purposes.” But here’s the problem: there are simply no legitimate purposes for secret stalking apps. Read the rest
Mexican drug smugglers are using cordless reciprocating saws to cut holes in Trump's new border wall. The holes are large enough for people and drug packages to go through, reports The Washington Post.
The breaches have been made using a popular cordless household tool known as a reciprocating saw that retails at hardware stores for as little as $100. When fitted with specialized blades, the saws can slice through one of the barrier’s steel-and-concrete bollards in a matter of minutes, according to the agents, who spoke on the condition of anonymity because they were not authorized to speak publicly about the barrier-defeating techniques.
Nest is a home automation company that Google bought in 2014, turned into an independent unit of Alphabet, then re-merged with Google again in 2018 (demonstrating that the "whole independent companies under Alphabet" thing was just a flag of convenience for tax purposes); the company has always focused on "ease of use" over security and internecine warfare between different dukes and lords of Google meant that it was never properly integrated with Google's security team, which is why, over and over again, people who own Nest cameras discover strangers staring at them from their unblinking camera eyes, sometimes shouting obscenities. Read the rest