"15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet." aisec.fraunhofer.de/en/stackov

Client-side scanning is a new proposal of US law enforcement to combat child porn by hashing every image sent by IM clients against a database of known CP hashes. EFF discusses how this can be abused.


"Facebook isn't neutral turf on which good ideas will naturally prevail over bad ones, John Stuart Mill-style. It's an advertising-driven business whose design deliberately promotes its own peculiar idea of "engagement." axios.com/costs-facebook-free-

Conveniently skips CA and other shenanigans but still interesting PoV:

"Why would Facebook or Google owe you anything? (...) You willfully used a service and generated data that wouldn’t otherwise exist. What you get in return is Facebook itself, for which you’ve not paid a nickel. (...) You’re an infinitesimally small part of a data cooperative whose benefits accrue to the very users that generated it." wired.com/story/no-data-is-not

Facebook, Twitter and Alphabet’s Google have failed to provide adequate transparency for global users around political advertising on their services, a privacy advocacy group said on Tuesday.


"Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador's population exposed online on an internet server." Novaestrat

asked people for their mobile numbers "only for purposes", then used them for profiling, and then leaked on the web... techcrunch.com/2019/09/04/face

"This system behind Facebook’s $50 billion business makes it a liability for any user to “friend” another. There’s simply no way to be sure which friends will agree to surrender one’s personal information." gizmodo.com/alex-stamos-ex-fac

A must see - "The Great Hack", Netflix original documentary about and Cambridge Analytica scandal

This document answers many questions about of tl;dr theoretically it's possible to determine IP watching a particular video but existing safeguards make it infeasible especially with scitech.video/about/peertube

"Brave Rewards for Android relies on SafetyNet (...) this means that Rewards only works on certain Android devices" (=devices with Google Play Services tracking enabled) github.com/brave/browser-andro

"Twitter Inc said on Tuesday that it may have used data for personalized ads without a user’s permission due to issues with the microblogging website’s settings" reuters.com/article/us-twitter

BTW OONI saw a huge spike in measurements in KZ in July explorer.ooni.io/country/KZ but show no blocking nor HTTP interception however per this article censoredplanet.org/kazakhstan it may not capture the HTTPS interception

Brave Rewards cannot on ungoogled phones I'm afraid due to heavy usage of Google proprietary SafetyNet github.com/brave/browser-andro

Hey @write_as on your Subscribe page could you use Captcha other than Google's Recaptcha? What's the point of federation if we're still feeding all our personal details to Google...

Show more
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, your contributions are tax deductible!