Items tagged with: privacy

Конфиденциальность интернет серфинга под угрозой

Kazakhstan: MITM on all HTTPS traffic!

Bugzilla (MoFo):
Eugene 20 hours ago

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Since today all Internet providers in Kazakhstan started MITM on all encrypted HTTPS traffic.

They asked end-users to install government-issued certificate authority on all devices in every browser:

Actual results:

MITM attack:

Message from Internet provider, requires to install this CA:


Official site with root CA:

Links to certificates:

Expected results:

I think this CA should be blacklisted by Mozilla and Firefox should not accept it at all even user installed it manually.

This will save privacy of all Internet users in Kazakhstan.

I think both Mozilla and Google should intervene into this situation because it can create a dangerous precedent, nullifying all the efforts of encofcing HTTPS.

If Kazakhstan will succeed, more and more governments (eg. Russian Federation, Iran, etc.) will start global MITM attacks on their citizens and this is not good.

I think all CAs used for MITM attacks should be explicitly blacklisted both by Mozilla and Google to exclude even possibility of such attacks.

#security #privacy #freedom #mitm #https #spying #firefox #mozilla #browser #web #net #www #Kazakhstan #certificate #ca

MORE discussion:
With the rise of #SocialMedia and the willingness of large parts of our society to don't give much thought on #privacy any more: Wouldn't it be likely that #cloud companies like #facebook or #Apple start offering services for criminal #prosecution in cases of #murder and similar? 🤔

They have the full picture of victim and criminal.

Yet again (terrorism!) nobody can't be against getting the bad guys, hm? 🙄😒
FaceApp denies storing users' photographs without permission #Apps #Worldnews #Russia #Technology #Europe #Privacy #Dataprotection
Am interessantesten finde ich aber:

4. Im Hörsaal, in der Mensa, im Zug / Bus, und an anderen öffentlichen Plätzen, wo Leute um einen herum sind, die man nicht einmal kennt. Was macht man da?

... Denn bei sich oder bei anderen zu Hause oder im Büro kennt man die Leute zumindestens mehr oder weniger gut (hoffentlich)

#privacy #alexa #siri #cortana #analytics #surveilance

Open-Source Peer-To-Peer File Synchronization Tool Syncthing 1.2.0 Released

#Linux #opensource #FOSS #sync #privacy
- #unitoodailynews, #tor, #privacy, #humanrights, #anonymity New Release: Tor Browser 8.5.4 | Tor Blog -<br>
- #Unitoo - Where #human #creativity plots the #possibilities of #technology -<br>
- #UnitooInc #News #Worldnews #tech #bot

Twitter: Unitoo on Twitter (Unitoo)

#unitoodailynews, #tor, #privacy, #humanrights, #anonymity New Release: Tor Browser 8.5.4 | Tor Blog

Avoid Intel and AMD Universal Backdoors

Only use computers certified to Respect Your Freedom (RYF)

The #Intel #Management #Engine is present on all Intel #desktop, #mobile ( #laptop ), and #server #systems since mid 2006. It consists of an #ARC #processor core (replaced with other processor cores in later generations of the ME), #code and #data #caches, a #timer, and a secure #internal #bus to which additional #devices are connected, including a #cryptography engine, internal #ROM and #RAM, #memory #controllers, and a direct memory access ( #DMA ) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has #network access with its own #MAC #address through an Intel #Gigabit #Ethernet #Controller. Its #boot program, stored on the internal ROM, loads a #firmware “manifest” from the PC’s SPI #flash #chip. This manifest is signed with a strong #cryptographic #key, which differs between versions of the ME firmware. If the manifest isn’t signed by a specific Intel key, the boot ROM won’t load and execute the firmware and the ME processor core will be halted.

The Active Management Technology ( #AMT ) application, part of the Intel “vPro” brand, is a #Web server and application code that enables #remote #users to #power on, power off, view information about, and otherwise manage the #PC. It can be used remotely even while the PC is powered off ( via #Wake-on-Lan ). Traffic is encrypted using #SSL / #TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT application itself has known #vulnerabilities, which have been #exploited to develop #rootkits and #keyloggers and #covertly gain #encrypted #access to the management features of a PC. Remember that the ME has full access to the PC’s RAM. This means that an #attacker exploiting any of these vulnerabilities may gain access to everything on the PC as it runs: all open #files, all running #applications, all #keys pressed, and more.

ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called “Protected Audio Video Path” (PAVP). The ME receives from the #host operating system an encrypted #media #stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the #GPU, which then #decrypts the media. PAVP is also used by another ME application to draw an #authentication PIN pad directly onto the screen. In this usage, the PAVP application directly controls the graphics that appear on the PC’s screen in a way that the host #OS cannot detect. ME firmware version 7.0 on PCHs with 2nd Generation Intel Core #i3 / #i5 / #i7 (Sandy Bridge) CPUs replaces PAVP with a similar DRM application called “Intel Insider”. Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the #omnipotent #capabilities of the ME: this #hardware and its proprietary firmware can access and #control everything that is in RAM and even everything that is shown on the #screen.

The Intel Management Engine with its #proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and #mouse movements, and even #capture or #display #images on the screen. And it has a network interface that is demonstrably #insecure, which can allow an attacker on the network to #inject #rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a #threat to #freedom, #security, and #privacy that can’t be ignored.

Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be #removed entirely from the flash memory space. Libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel #Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware #initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

Due to the signature verification, developing free #replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. As previously stated, the ME firmware includes proprietary code licensed from third parties, so Intel couldn’t release the source code even if they wanted to. And even if they developed completely new ME firmware without third-party proprietary code and released its source code, the ME’s boot ROM would reject any modified firmware that isn’t signed by Intel. Thus, the ME firmware is both hopelessly proprietary and #tivoized.

For years, #coreboot has been #struggling against Intel. Intel has been shown to be extremely uncooperative in general. Many coreboot #developers, and #companies, have tried to get Intel to #cooperate; namely, releasing source code for the firmware components. Even #Google, which sells millions of #Chromebooks (coreboot preinstalled) have been #unable to #persuade them.

Even when Intel does cooperate, they still don’t provide source code. They might provide limited #information (datasheets) under #strict #corporate #NDA ( #non-disclosure #agreement ), but even that is not guaranteed. Even ODMs and IBVs can’t get source code from Intel, in most cases (they will just integrate the blobs that Intel provides).

In summary, the Intel #Management #Engine and its applications are a #backdoor with #total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the Libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all #recent #generations of Intel hardware.

Recent Intel graphics chipsets also require firmware blobs

Intel is only going to get #worse when it comes to user freedom. Libreboot has no support recent Intel platforms, precisely because of the problems described above. The only way to solve this is to get Intel to #change their #policies and to be more #friendly to the free software #community. Reverse engineering won’t solve anything long-term, unfortunately, but we need to keep doing it anyway. Moving forward, Intel hardware is a non-option unless a #radical change happens within Intel.

Basically, all Intel hardware from year 2010 and beyond will never be supported by Libreboot. The Libreboot project is actively #ignoring all modern Intel hardware at this point, and focusing on #alternative platforms.

Why is the latest AMD hardware unsupported in Libreboot?

It is extremely unlikely that any post-2013 #AMD hardware will ever be supported in Libreboot, due to severe security and freedom #issues; so #severe, that the Libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the #problems described below, then you should get rid of it as soon as possible.

AMD Platform Security Processor (PSP)

This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the #implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main #x86 core #startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the #x86 cores will not be #released from #reset, rendering the system #inoperable.

The PSP is an ARM core with TrustZone #technology, built onto the main CPU die. As such, it has the ability to #hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, #login data, #browsing #history, #keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the #network controllers and any other PCI/PCIe peripherals installed on the #system.

In theory any #malicious entity with access to the AMD signing key would be able to install persistent #malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD #firmware in the #past, and there is every #reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to #remotely #monitor and control any PSP enabled machine completely outside of the user’s #knowledge.

A reliable way to avoid Intel and AMD’s universal backdoors is to use computers with such spyware effectively removed or disabled like the ones certified to Respect Your Freedom (RYF).

#NSA #spyware #spy #mass #surveillance #FSF #GNU #GNULinux #RYF #technology #laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7
Bericht: #China späht Reisende per App aus
Falls das stimmt, sind die Chinesen bald so schlimm wie die Amerikaner, die das schon viele Jahre so machen ... 😒
#surveillance #USA #privacy

Please STOP, stop, stop using #Google #reCaptcha on your websites!
You are giving away your visitors' #privacy and they cannot even opt-out and avoid it if they want to reach your contents.
#privacyMatters #webdevelopment
Hong Kong or Sweden 
- #unitoodailynews, #tor, #privacy, #humanrights, #anonymity Tor's New Anti-Censorship Team: Defending The Open Internet | Tor Blog -<br>
- #Unitoo - Where #human #creativity plots the #possibilities of #technology -<br>
- #UnitooInc #News #Worldnews #tech #bot

Twitter: Unitoo on Twitter (Unitoo)

#unitoodailynews, #tor, #privacy, #humanrights, #anonymity New alpha release: Tor | Tor Blog
- #unitoodailynews, #tor, #privacy, #humanrights, #anonymity New Release: Tor Browser 8.5.3 | Tor Blog -<br>
- #Unitoo - Where #human #creativity plots the #possibilities of #technology -<br>
- #News #Worldnews #tech #bot

Twitter: Unitoo on Twitter (Unitoo)

#unitoodailynews, #tor, #privacy, #humanrights, #anonymity New Release: Tor Browser 8.5.3 | Tor Blog

Photos of travellers who entered and exited the U.S. were stolen in a data breach - If it were a private company who'd be held liable?

Photos of travelers collected by U.S. Customs and Border Protection (CBP) have been compromised in a data breach, the agency revealed on Monday. "The subcontractor’s network was subsequently compromised by a malicious cyber-attack. No CBP systems were compromised."

Irrespective of who was finally at fault, citizens trust an agency (or do not trust, but are forced to trust) to collect private data and they expect that agency to take all measures to safeguard it. Here in South Africa, we have the POPI Act which can hold CEO's of companies privately liable and could result in jail terms. All these laws though are not worth the paper they are written on until someone really does go to jail. So what happens with government agencies? Does someone really get ultimately held liable and get sent to jail? If so, we can expect serious changes to the protection of data with "trust no-one" policies in place.

It's also yet another wakeup call why backdoors cannot be trusted. They always get found out and the humans in the chain are the weak links - then all your backdoors are out there and exposed...

You either have security or you don't have security.... there is no half security.


#security #privacy #POPI
Photos of travelers who entered and exited the U.S. were stolen in a data breach

It comes after CBP said it'd look to expand facial recognition at airports.
#unitoodailynews, #tor, #privacy, #humanrights, #anonymity New alpha release: Tor | Tor Blog
For a #visa for the #USA you have to give them your email address and your #socialmedia accounts 😲

Luckily, #ESTA countries are not affected. If they change that, USA is done for me. 😞
#privacy #surveillance #privacyterrorism

Kuidas guugel luurab ja mismoodi seda takistada

#turvalisus #privacy
Serious question: Are there any multiroom audio systems that won't spy on me? It seems that everything has Alexa integrated and/or requires an online account and access.

#AskFediverse #AskTheFediverse #Multiroom #Audio #NoAlexa #Privacy

Turvalised lahendused. Privaatsus on väärtus.

#turvalisus #privacy
"Cars not only know how much we weigh but also track how much weight we gain. They know how fast we drive, where we live, how many children we have — even financial information. Connect a phone to a #car, and it knows who we call and who we text."
#privacy #automotive #surveillance

Leaving Apple & Google: /e/ smartphones, /e/ app store and a Pie – /e/

the latest /e/ newsletter- 1300 phones sold + a new app store launched. Become part of the movement now!!!! #eelo #privacy #android @/e/ Foundation @Gaël Duval
Leaving Apple & Google: /e/ smartphones, /e/ app store and a Pie
#unitoodailynews, #tor, #privacy, #humanrights, #anonymity New alpha release: Tor | Tor Blog

Küberpätid võtsid terve USA linna pantvangi


#privacy #eriik

Anonymize Your Android Browsing with Tor's New App

After several months of testing, the first stable, public build of a Tor browser for Android is finally available on the Google Play Store.

For those who don’t have much experience with the open-source browser, Tor is built around privacy and autonomy.

Tor is often cited as an important tool for those with a public online presence, such as journalists or activists, but any privacy-minded user can benefit from Tor. The browser has become popular enough that even Mozilla is interested in making use of Tor’s technology in Firefox.


#tor #privacy

Irish statutory inquiry to investigate if Google flouted privacy laws #Ireland #Google #Europe #Technology #Worldnews #Privacy #Dataprotection #EuropeanUnion
#unitoodailynews, #tor, #privacy, #humanrights, #anonymity New Release: Tor Browser 9.0a1 | Tor Blog
"In einem heute publizierten Urteil setzt der Europäische Gerichtshof für Menschenrechte (EGMR) ein wichtiges Zeichen für die Medienfreiheit. Die Richter erachteten es als legitim, dass Medien verdeckte Aufnahmen machen können."
#Strachevideo #schwarzblau #privacy

Google has been tracking nearly everything you buy online — see for yourself with this tool - The "Transparency" is Great but why are they tracking my non-Google purchases?

Google has been quietly keeping track of nearly every single online purchase you’ve ever made, thanks to purchase receipts sent to your personal Gmail account, according to a new report today from CNBC. Even stranger: this information is made available to you via a private web tool that’s been active for an indeterminate amount of time.

“To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you,” Google told The Verge in a statement.

Why would a company spend money doing something I don't think any of us asked for, and only we see it? You mean Google really can't see it?

You can go view it here from a link at

#privacy #google


Differential Privacy

Comparing Truncation to Differential Privacy

Traditional methods of data de-identification obscure data values. For
example, you might truncate a date to just the year.

Differential privacy obscures query values by injecting enough noise
to keep from revealing information on an individual.

Let’s compare two approaches for de-identifying a person’s age:
truncation and differential privacy.


First consider truncating birth date to year. For example, anyone born
between January 1, 1955 and December 31, 1955 would be recorded as being
born in 1955. This effectively produces a 100% confidence interval that
is one year wide.

Next we’ll compare this to a 95% confidence interval using
ε-differential privacy.

Differential privacy

Differential privacy adds noise in proportion to the sensitivity Δ of a
query. Here sensitivity means the maximum impact that one record could
have on the result. For example, a query that counts records has
sensitivity 1.

Suppose people live to a maximum of 120 years. Then in a database with
n records [1], one person’s presence in or absence from the database
would make a difference of no more than 120/n years, the worst case
corresponding to the extremely unlikely event of a database of n-1
newborns and one person 120 year old.

The Laplace mechanism implements ε-differential privacy by adding noise
with a Laplace(Δ/ε) distribution, which in our example means

A 95% confidence interval for a Laplace distribution with scale b
centered at 0 is

[b log 0.05, –b log 0.05]

which is very nearly

[-3b, 3b].

In our case b = 120/nε, and so a 95% confidence interval for the
noise we add would be [-360/nε, 360/nε].

When n = 1000 and ε = 1, this means we’re adding noise that’s usually
between -0.36 and 0.36, i.e. we know the average age to within about 4
months. But if n = 1, our confidence interval is the true age ± 360.
Since this is wider than the a priori bounds of [0, 120], we’d
truncate our answer to be between 0 and 120. So we could query for the
age of an individual, but we’d learn nothing.

The width of our confidence interval is 720/ε, and so to get a
confidence interval one year wide, as we get with truncation, we would
set ε = 720. Ordinarily ε is much smaller than 720 in application, say
between 1 and 10, which means differential privacy reveals far less
information than truncation does.

Even if you truncate age to decade rather than year, this still
reveals more information than differential privacy provided ε < 72.

Related posts

[1]Ordinarily even the number of records in the database is kept
private, but we’ll assume here that for some reason we know the number
of rows a priori.

#johndcook #Math #Privacy #ProbabilityandStatistics
Comparing Truncation to Differential Privacy

John D. Cook: Comparing Truncation to Differential Privacy

"In our demo, we show how an attacker can monitor the websites the victim is visiting despite using the #privacy-protecting #Tor browser in a #virtualmachine."
#ZombieLoad #intel #security
Holy moly: A truly monstrous async web chat using no #JavaScript whatsoever on the front-end:

This is some terrible news for #privacy-aware people: You'd have to disable #CSS somehow and not only install #NoScript 😲
#unitoodailynews, #tor, #privacy, #humanrights, #anonymity Mozilla Research Call: Tune up Tor for Integration and Scale | Tor Blog
#unitoodailynews, #tor, #privacy, #humanrights, #anonymity New Release: Tor Browser 8.5a12 | Tor Blog
I ❤️ #ÖAMTC #autotouring Magazin.

Themen der Maiausgabe:
S.12: potentielle/mutige Maßnahmen gegen #Klimawandel (aber #Hofer ist sicher zu feige)
S.14: Kreditkarte ab 13,80€/Jahr? Notiert! 💳
S.16: 🇪🇺 #EUWahl Kandidaten befragt zu #Umwelt #Datenschutz #Privacy #Verkehr
S.20: Kredit vs. Leasing 💶
S.30: #Microlino, die neue #Isetta als e-Auto
S.34: #eAuto Batterieentwicklungen 🔋

👍 🚗
#unitoodailynews, #tor, #privacy, #humanrights, #anonymity NoScript Temporarily Disabled in Tor Browser | Tor Blog
As a late birthday gift to myself, my #FreedomBox #Olimex server was delivered 😎
#decentralization #privacy

Purism, the privacy-orientated Linux device company (Librem range of laptops), has launched a “bundle” of mobile apps and services for Android and iOS

Purism’s Librem range of laptops are considered the best, ‘most-free’ laptops that money can buy, giving Linux enthusiasts as much control over their hardware as possible via a combination of signed software, hardware kill switches, and open firmware.

And with the upcoming Librem 5 Linux phone, Purism is also catering to mobile users who desire the same broad level of control over hardware in their pocket.

Okay, here’s the big rub: some of the apps and services offered in the Librem One suite are not free to use. But that’s kind of the whole point.

Your data isn’t currency when you use these apps; your privacy not bartered in exchange for access. Hence the costs; you pay with money, not your data.

Those who don’t want to pay anything are catered for too. Both the Librem Chat and Librem Social apps can be downloaded and used for free, gratis, no catch, on Android and iOS using a Librem One Basic account.


#privacy #librem

Later posts Earlier posts