Signal finally updates public server code after months of silence

Signal finally updates public server code after months of silence

The project has released the source code for every component of Signal, including the back-end server and client applications, but the public code for the server software was left outdated for months until just today.

ACLU shares user data with Facebook and friends

ACLU shares user data with Facebook and friends

Yet, a recent update to its privacy statement reveals that they may share your personal information with Facebook if you use their website:.However, it is especially alarming when you see those tactics in use by organizations that supposedly fight for privacy.

Releases · xwiki-labs/cryptpad

Releases · xwiki-labs/cryptpad

We identified and fixed a number of issues which caused shared folders that were protected with access lists to fail to load due to race conditions between loading the document and authenticating with the server as a user or member of a team.

Apple Now Rejecting App Updates That Defy iOS 14.5 App Tracking Transparency Rules

Apple Now Rejecting App Updates That Defy iOS 14.5 App Tracking Transparency Rules

Apple has begun rejecting app updates that do not comply with the App Tracking Transparency rules that the company is enforcing starting with iOS 14.5, according to a new report from Forbes.

Best Practices for preventing IoT Security Camera Hacks

Best Practices for preventing IoT Security Camera Hacks

Botnets can include PCs with viruses or IoT (internet of things) devices like smart thermostats or security cameras that have malware or have such easy access to their administration accounts, that they can be collectively controlled by remote code execution.

Backblaze on the back foot after 'inadvertently' beaming customer data to Facebook

Backblaze on the back foot after 'inadvertently' beaming customer data to Facebook

Backup specialist Backblaze has fixed an issue where a Facebook advertising pixel was "inadvertently" included on signed-in web pages – but users are concerned private filenames and sizes were also sent to the social media giant.

The new Policing Bill fails to provide sufficient safeguards around extraction of victims' data.

The new Policing Bill fails to provide sufficient safeguards around extraction of victims' data.

Our main concerns regarding Chapter 3 of the PCSC Bill: Continued reliance on "consent" of victims and witnesses to hand over their devices Section 36 of the Bill provides that an authorised person, such as a police officer, can extract data from an electronic device if the user of a device has:.

DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS

DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS

This doesn’t stop extensions from trying of course, simply because this API is so convenient compared to secure extension APIs. In case of DuckDuckGo Privacy Essentials, the content script.While this communication is intended for the content script loaded in a frame, the web page there can see it as well.

In-kernel WireGuard is on its way to FreeBSD and the pfSense router

In-kernel WireGuard is on its way to FreeBSD and the pfSense router

Mindful of Netgate's exposed position, Donenfeld reached out to core FreeBSD developers Kyle Evans and Matt Dunwoodie, and the three dug in for a mad, week-long sprint to bring the problematic code up to par.

Privacy News Online | Weekly Review: March 5, 2021

Privacy News Online | Weekly Review: March 5, 2021

A group of researchers from universities in Germany and the United States have done a privacy study on Alexa Skills.Read more: https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/.Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

Adobe, Arm, Intel, and Microsoft form content authenticity coalition

Adobe, Arm, Intel, and Microsoft form content authenticity coalition

Member organisations will work together to develop content provenance specifications for common asset types and formats, they said in a statement, to enable publishers, creators, and consumers to trace the origin and evolution of a piece of media, including images, videos, audio, and documents.

LAUSD unveils app to coordinate coronavirus factors in step toward reopening campuses

LAUSD unveils app to coordinate coronavirus factors in step toward reopening campuses

"MERV-13 upgraded air filters in every school, COVID testing for all students and staff at least every week and now the Daily Pass -- Los Angeles Unified is proud to lead the nation in creating the safest possible school environment.''.

Federal Court Agrees: Prosecutors Can’t Keep Forensic Evidence Secret from Defendants

Federal Court Agrees: Prosecutors Can’t Keep Forensic Evidence Secret from Defendants

EFF teamed up with the ACLU of Pennsylvania to file an amicus brief arguing in favor of defendants’ rights to challenge complex DNA analysis software that implicates them in crimes.The court correctly determined that this secrecy interest could not outweigh a defendant’s rights and ordered the code disclosed to the defense team.

Chinese spyware code was copied from America's NSA: researchers

Chinese spyware code was copied from America's NSA: researchers

WASHINGTON (Reuters) - Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.

News to remerge on Facebook in Australia after deal struck with government

News to remerge on Facebook in Australia after deal struck with government

The first, they said, makes it clear that a decision to designate a platform under the code must take into account whether a digital platform has made a significant contribution to the sustainability of the Australian news industry through reaching commercial agreement with news media businesses.

New malware found on 30,000 Macs has security pros stumped

New malware found on 30,000 Macs has security pros stumped

Red Canary researchers worked with their counterparts at Malwarebytes, with the latter group finding Silver Sparrow installed on 29,139 macOS endpoints as of Wednesday.

Privacy News Online | Weekly Review: February 19, 2021

Privacy News Online | Weekly Review: February 19, 2021

New Spotify patent would use mic to infer emotional state, age, gender, and accent.New York, Washington, and Virginia are three states that are expected to pass privacy bills this coming legislative session.

Code is law: why software openness and algorithmic transparency are vital for privacy

Code is law: why software openness and algorithmic transparency are vital for privacy

The legal defense team wanted to analyze how the TrueAllele software had arrived at the conclusion that Pickett’s DNA was present in the sample.That’s true not just for specialised programs analyzing genetic material, but also for the important new class of systems that involve automated decision making (ADM).

Accused murderer wins right to check source code of DNA testing kit used by police

Accused murderer wins right to check source code of DNA testing kit used by police

A New Jersey appeals court has ruled that a man accused of murder is entitled to review proprietary genetic testing software to challenge evidence presented against him.

Barcode Scanner app on Google Play infects 10 million users with one update

Barcode Scanner app on Google Play infects 10 million users with one update

No, in the case of Barcode Scanner, malicious code had been added that was not in previous versions of the app.It is hard to tell just how long Barcode Scanner had been in the Google Play store as a legitimate app before it became malicious.

Users have privacy concerns about Microsoft’s inclusion in Raspberry Pi OS

Users have privacy concerns about Microsoft’s inclusion in Raspberry Pi OS

This “upgrade” was made as part of Raspberry Pi OS’s embracing of Microsoft’s IDE for VSCode; however, a growing amount of backlash which has been censored on the official Raspberry Pi support forums suggests that the Raspberry Pi Foundation has moved a little too fast and broken one thing they shouldn’t break: the trust of Linux users and the open source community which has long held biases against Microsoft based simply on track record.

No Secret Evidence in Our Courts

No Secret Evidence in Our Courts

In an important victory, an appeals court in New Jersey agreed with EFF and the ACLU of NJ that a defendant is entitled to see the source code of software that’s used to generate evidence against them.

The Most Popular Programming Languages

The Most Popular Programming Languages

Python is a programming language first published almost 30 years ago, in 1991.The source of the starting data is the video and the calculation made by Data is Beautiful which has realized a popularity index on GitHub and other national surveys.

SolarWinds hackers accessed Microsoft source code, the company says

SolarWinds hackers accessed Microsoft source code, the company says

It is not clear how much or what parts of Microsoft’s source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive U.S. government networks also had an interest in discovering the inner workings of Microsoft products as well.

In Celebration of Becoming Open Source, Threema Is 50% Off

In Celebration of Becoming Open Source, Threema Is 50% Off

Threema’s cryptographic procedures have been thoroughly documented from the outset, the proper application of the encryption library could always be verified independently, and external audits have repeatedly confirmed the apps’ security.

Cellebrite’s New Solution for Decrypting the Signal App

Cellebrite’s New Solution for Decrypting the Signal App

We looked again into the shared preferences file and found a value under “pref_attachment_encrypted_secret” that has “data” and “iv” fields under it.The “data” field contains an encrypted json file, that once decrypted, contains the decryption keys of the sent attachments.

Tech giants may face billions of pounds in fines from new UK watchdog

Tech giants may face billions of pounds in fines from new UK watchdog

The Competition and Markets Authority (CMA), which will host the new dedicated Digital Markets Unit (DMU), has advised the government that the new regulator must have the power to impose huge fines as a final “backstop” or it will be unable to ensure tech companies abide by the new rules, which are designed to create a fairer market for smaller rivals, newspaper and magazine publishers, and consumers.

Dahua, Amazon Partner in China, Is Making Facial-Recognition Tech to Track Uighurs

Dahua, Amazon Partner in China, Is Making Facial-Recognition Tech to Track Uighurs

In what can only be described as a massive fuck-up, someone—likely a software engineer employed by Dahua Technology, the surveillance-gear supplier—posted the company’s software development kit for video tracking tools, which are built specifically to identify Uighurs.

Proctorio used DMCA to take down a student’s critical tweets – ProWellTech

Proctorio used DMCA to take down a student’s critical tweets – ProWellTech

But six weeks later, Johnson received an email from Twitter saying that three of those tweets had been removed from his account in response to a Proctorio request filed under the Digital Millennium Copyright Act. Proctoring software isn’t new, but its use has skyrocketed due to the pandemic.

After CovidSafe, QR codes spark privacy concerns

After CovidSafe, QR codes spark privacy concerns

Graham Greenleaf, professor of law and information systems at the University of New South Wales summed up the dilemma: “We've got a genuinely voluntary CovidSafe app with Australia's strongest privacy policy protections, but it's now largely ignored because it's been shown to be ineffective.