Investigators claim that Oxbridge and other top UK universities are operating a massive, illegal surveillance dragnet aimed at students/alumni and their friends and families

An investigation by the (generally terrible) Daily Mail claims that the Russell Group, which includes top UK universities like Oxford, Cambridge, UCL, the LSE, and 20 other universities, hired "wealth screening firms" that illegally spied on students, grads and their families and friends to determine who to ask for money, and how much to ask for. Read the rest

The only known recording of Hitler's normal speaking voice

In 1942, Hitler paid a secret visit to Baron Carl Gustaf Emil Mannerheim, Marshal of Finland and Commander-in-Chief of the Finnish Defence Forces in honor of Mannerheim's 75th birthday. Read the rest

Web analytics companies offer "replay sessions" that let corporations watch every click and keystroke for individual users

The "replay sessions" captured by surveillance-oriented "analytics" companies like Fullstory allow their customers -- "Walgreens, Zocdoc, Shopify, CareerBuilder, SeatGeek, Wix.com, Digital Ocean, DonorsChoose.org, and more" -- to watch everything you do when you're on their webpages -- every move of the mouse, every keystroke (even keystrokes you delete before submitting), and more, all attached to your real name, stored indefinitely, and shared widely with many, many "partners." Read the rest

The Internet of Shit is so manifestly insecure that people are staying away from it in droves

In Deloitte's new 2017 Global Mobile Consumer Survey, the company notes that "connected home systems—a category that includes home security, thermostats, and lighting—continue to lag behind other connected devices such as entertainment systems and connected vehicles," which the report attributes to "concerns about security and privacy." Read the rest

Motherboard's excellent, accessible guide to internet security

The Motherboard Guide To Not Getting Hacked is an excellent adjunct to existing guides (I like EFF's Surveillance Self-Defense and The Cryptoparty Handbook) to defending yourself against criminals, stalkers, cops, and other potential intruders into your digital life. Read the rest

Teardown of a consumer voice/location cellular spying device that fits in the tip of a USB cable

Mich from ha.cking bought a $25 "S8 data line locator" device -- a cellular spying tool, disguised as a USB cable and marketed to the general public -- and did a teardown of the gadget, offering a glimpse into the world of "trickle down surveillance" where the kinds of surveillance tools used by the NSA are turned into products and sold to randos over the internet for $25. Read the rest

Step-by-step guide to locking down your Facebook account

If you're still using Facebook (I don't), your data is being used to profile you in seriously creepy ways; the best thing you can do is delete your Facebook account, but second-best is locking down your account, using the deliberately confusing, overly complexified privacy dashboard. Read the rest

A quantitative analysis of doxing: who gets doxed, and how can we detect doxing automatically?

A group of NYU and University of Illinois at Chicago computer scientists have presented a paper at the 2017 ACM Internet Measurement Conference in London presenting their findings in a large-scale study of online doxings, with statistics on who gets doxed (the largest cohort being Americann, male, gamers, and in their early 20s), why they get doxed ("revenge" and "justice") and whether software can detect doxing automatically, so that human moderators can take down doxing posts quickly. Read the rest

Free privacy tools

Privacytools.io showcases web platforms, utilities and services that center on maintaining online user privacy. Anonymous browsing, decentralized social media, note-taking applications, even router firmware. There's a downloadable tool to help secure Windows 10, the "privacy nightmare" of operating systems.

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." – Edward Snowden

Read the rest

Polarized political advertising led to shorter Thanksgivings in 2016

A pair of economists analyzed data aggregated from smartphone tracking apps to see how long Americans spent at Thanksgiving dinner and how far they traveled to get there, and compared it to precinct-level voting data and data on the intensity of election advertising spending targeted to the subjects, and concluded that "Cell-tracking shows that mixed-party families had shorter 2016 Thanksgivings, an effect exacerbated by political advertising." Read the rest

Facebook's "shadow profiles": the involuntary dossiers of information you never provided, and can't opt out of

Gizmodo's Kashmir Hill continues her excellent investigative work on Facebook's mysterious "People You May Know" system, which has caused consternation among users by making seemingly impossible (and often disturbing) connections, such as "A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later." Read the rest

Free keylogger: cheap keyboard records what you do and uploads it to the internet

Whatever you do, don't buy the MantisTek GK2 ($30), because it has a keylogger built in that sends data to a server in "the cloud," i.e. a computer you neither own nor control. It's hosted by retailer Alibaba, but operated by parties unknown.

The first way to stop the keyboard from sending your key presses to the Alibaba server is to ensure the MantisTek Cloud Driver software isn’t running in the background.

The second method to stop the data collection is to block the CMS.exe executable in your firewall. You could do this by adding a new firewall rule for the MantisTek Cloud Driver in the “Windows Defender Firewall With Advanced Security.”

If you want a one-click method, you can also download the free GlassWire netwo

No! Remove the malware. Throw the keyboard in the trash. Read the rest

To do in Austin: Plurality of Privacy Project in Five-Minute Plays

Austinites! You have two more nights to catch Plurality of Privacy Project in Five-Minute Plays, "an artistic and cultural dialogue around our divergent understandings of privacy." Read the rest

The DHS is buying a new database to store biometrics for 500 million people

The DHS's old "IDENT" database is full, with 240,000,000 records in a system designed to hold 200,000,000; so they're paying arms-dealers and erstwhile comic-book superheroes Northrop Grumman $93,000,000 to develop a new system called Homeland Advanced Recognition Technology (HART), which will grow to encompass biometrics for 500,000,000 people, including hundreds of millions of Americans. Read the rest

The New York Times is now a Tor onion service

The New York Times is now available as an "Onion Service" on the Tor network, at the address https://www.nytimes3xbfgragh.onion/ -- meaning that anyone with Tor access can securely and privately access the Times without giving away any information about what they're looking at, even to state-level actors who control the ISPs. Read the rest

The ultimate DMCA takedown fail

A gentleman jailed for his part in a $5.4m scam wanted Google to remove links to news stories about the wheeze. His cunning plan to get them to do it – file a DMCA takedown notice claiming copyright in his own name and criminal record – perhaps offers a clue about why he got caught in the first place.

From the FBI's press release:

According to a plea agreement filed in this case, Henrik Sardariani obtained more than $5 million in loans after, among other things, falsifying numerous documents. In order to obtain one of the loans, Henrik Sardariani fraudulently used a house as collateral and falsely claimed to be the president of the company that owned the property. To support the claim that he controlled the company, Henrik Sardariani created false corporate records that were presented to the lender.

Henrik Sardariani also admitted that he created fraudulent property records to make it appear that prior loans had been paid off and that, therefore, new loans would be fully secured by unencumbered property. The fraudulent reconveyances bore forged and fraudulent signatures of notaries public, as well as fraudulent stamps of the notaries public.

Update: Shooting the Messenger writes that there are at least three of these DMCA takedowns filed by people involved in this particular case. Read the rest

Kids' smart watches are a security/privacy dumpster-fire

The Norwegian Consumer Council hired a security firm called Mnemonic to audit the security of four popular brands of kids' smart watches and found a ghastly array of security defects: the watches allow remote parties to seize control over them in order to monitor children's movements and see where they've gone, covertly listen in on them, and steal their personal information. The data the watches gather and transmit to offshore servers is copious and sent in the clear. The watches incorporate cameras and the photos children take are also easily plundered by hackers. Read the rest

More posts