Jump to content

Search the Community

Showing results for tags 'privacy'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 20 results

  1. In cazul in care doreste cineva sa ramana cat mai anonim (sa stearga mai toate datele cu caracter personal pe care le gasesti usor prin Google), acest link va poate ajuta: https://support.google.com/legal/contact/lr_eudpa?product=websearch&hl=ro Aici puteti face o cerere catre Google pentru a sterge link-urile nedorite din cautarile Google daca se cauta numele vostru si sunt gasite prea multe date personale, spre exemplu (puteti pune oricate link-uri care ofera prea multe date cu caracter personal la cautarea pe Google). Exemplu: In cazul meu am pornit de la emailul personal, si am gasit si telefonul personal, ce proiect de practica am avut, ce note am luat la facultate la proiectul de practica respectiv, cand am facut facultatea, cand am facut practica, ce cont de student am avut la facultate, aproape ca puteam ghici de pe Google si ce grupa eram (colegii de facultate oricum ii gasisem cu toate informatiile si pe ei). Daca cineva afla prea multe informatii despre tine poate chiar sa obtina acces la contul de mail (depinde de cat de mult ai tinut la securizarea email-ului sau conturilor respective, dar oricum ai atatea informatii de pe Google). Stiu ca aceasta decizie legata de datele personale si motoarele de cautare e din 2014, dar nu am gasit pe forum nimic de genul ( am cautat link-ul, cuvinte cheie, etc). Cu asta puteti face curat, sa ramaneti cat mai anonimi, sa nu se faca prea multe legaturi intre conturi si date personale confidentiale care ajuta la accesarea conturilor! Edit: Rog un moderator sa mute threadul daca gaseste un loc mai potrivit in care sa fie postat. Eu am postat aici deoarece e cel mai apropiat de tema SEO (cu motoare de cautare).
  2. DoNotSpy10 is the world’s first antispy tool for Windows 10 Its straight-forward user interface allows you to manage how Windows 10 respects their privacy Microsoft introduces many new “diagnostic” features with Windows 10 These services help Microsoft collect usage data and thus to provide a better service However, collecting and sharing your data with one of the world’s leading technology companies puts your privacy at risk OfficialWebsite pxc-coding.com Download vers. (.//DoNotSpy10-1.0.0.1)
  3. ICANN proposes websites associated to "commercial activity" will no longer be able to use WHOIS protection services. Under new guidelines proposed by MarkMonitor and others who represent the same industries that backed SOPA, domain holders with sites associated to "commercial activity" will no longer be able to protect their private information with WHOIS protection services. "Commercial activity" casts a wide net, which means that a vast number of domain holders will be affected. Your privacy provider could be forced to publish your contact data in WHOIS or even give it out to anyone who complains about your website, without due process. Why should a small business owner have to publicize her home address just to have a website? We think your privacy should be protected, regardless of whether your website is personal or commercial, and your confidential info should not be revealed without due process. If you agree, it’s time to tell ICANN. To view the new proposed rules, visit: Privacy & Proxy Services Accreditation Issues Policy. Source: https://www.respectourprivacy.com/
  4. Facebook is being taken to court by the Belgian privacy commissioner over claims it tracks people across the web. The country's Privacy Protection Commission (CPP) also accused Facebook of tracking the browsing habits of non-users, as well as its own members. The action follows criticism of Facebook by the same body in May. Facebook said it was surprised that the CPP had taken the "theatrical action" because it was due to meet the watchdog this week to discuss its concerns. The CPP said it took the decision because Facebook did not provide "satisfactory answers" to the questions it raised last month, according to a spokeswoman. The commission, which is working with German, Dutch, French and Spanish counterparts, accused Facebook of trampling on European privacy laws. A Facebook spokesman said: "We were surprised and disappointed that, after the [CPP] had already agreed to meet with us on 19 June to discuss their recommendations, they took the theatrical action of bringing Facebook Belgium to court on the day beforehand. "Although we are confident that there is no merit to the [CPP]'s case, we remain happy to work with them in an effort to resolve their concerns, through a dialogue with us at Facebook Ireland and with our regulator, the Irish Data Protection Commissioner." The commission has asked the court for an immediate order banning Facebook from monitoring non-users in particular, which it may do via plug-ins or cookies. In the past, Facebook has claimed that the Belgian commission's jurisdiction is "unclear" because the American firm is regulated in Europe by the Irish Data Protection Commissioner. It also defended its actions when the Belgian commission released its report last month, saying that most websites used cookies, which it said has been an "industry standard for more than 15 years". Source
  5. Apple chief Tim Cook has made a thinly veiled attack on Facebook and Google for "gobbling up" users' personal data. In a speech, he said people should not have to "make trade-offs between privacy and security". While not naming Facebook and Google explicitly, he attacked companies that "built their businesses by lulling their customers into complacency". Rights activists Privacy International told the BBC it had some scepticism about Mr Cook's comments. "It is encouraging to see Apple making the claim that they collect less information on us than their competitors," Privacy International's technologist Dr Richard Tynan said. "However, we have yet to see verifiable evidence of the implementation of these claims with regard to their hardware, firmware, software or online services. "It is crucial that our devices do not betray us." 'We think that's wrong' Addressing an audience in Washington DC, Mr Cook said: "I'm speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. "They're gobbling up everything they can learn about you and trying to monetise it. We think that's wrong. And it's not the kind of company that Apple wants to be." Mr Cook had been given a corporate leadership award by the Electronic Privacy Information Centre, a US-based research group. According to TechCrunch, he later added that Apple "doesn't want your data". Google has not commented on Mr Cook's comments specifically, but a spokeswoman referred the BBC to the privacy section of its website, which the company has recently updated. "Ads are what enable us to make our services like Search, Gmail, and Maps free for everyone," one page reads. "We do not share information with advertisers in a way that personally identifies you, unless you gave us permission." Facebook suggested this page outlining how it collects user data. While Apple does not hold the same wealth of data looked after by Google and Facebook, it does use personal information to target advertising. A page for marketers on Apple's website offers "400 targeting options" for reaching users. It reads: "Whether you're looking for moms or business travellers or groups of your own customers, we've got you covered." Apple's lack of data, when compared with some of its rivals, could be a disadvantage for future devices. Services such as Google Now, which use stored data to predict what information users may need, require vast amounts of personal data to be effective. Advertising Mr Cook also spoke at length about encryption. His company introduced encryption measures by default to its devices late last year, a move heralded by privacy campaigners but heavily criticised by several governments. Mr Cook hit out at governments that had pressured technology companies to allow for so-called "backdoors" to aid with counter-terrorism and other enforcement. "There's another attack on our civil liberties that we see heating up every day," Mr Cook said. "It's the battle over encryption. Some in Washington are hoping to undermine the ability of ordinary citizens to encrypt their data." He added: "If you put a key under the mat for the cops, a burglar can find it too." Source
  6. In this era of Global surveillance, we all are worried about the privacy of our communication and sensitive data. There is no guarantee that our data is not being snooped on, but there is a solution — PGP (Pretty Good Privacy). PGP (Pretty Good Privacy) is more than 20 years old technology but is yet not widely adopted. PGP is an open source end-to-end encryption standard to encrypt e-mails, protecting you against companies, governments, or criminals spying on your Internet connection. But... ...the tool is too complicated for most of the people to implement and use. However, Facebook is now encouraging its users to use PGP and communicate by sending encrypted emails, adding the popular OpenPGP email encryption standard as an extra layer of security for the cautious. According to the latest announcement, you can now upload your Public PGP key to your Facebook profile so that anyone with your public key can send you encrypted emails. By giving such option to users, Facebook could really help rapid adoption of PGP encryption standard worldwide. The Social Networking Giant has plans to encrypt all its notification emails to users who use PGP or GPG (GNU Privacy Guard), as Facebook currently sends you emails alerts for private messages, password changes, and other account notifications that may be sensitive. All the emails you receive from Facebook will be protected with encryption, ensuring that no one — even NSA or any other spy agency — can read the content of the messages without the access to your private key. Articolul complet aici: New Facebook feature Encourages users to use PGP for Encrypted Communications Anuntul Facebook: https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302
  7. Change your virtual location to the other side of the world. Useful when you want to get the best connection possible, add an extra layer of privacy, or use your favorite services when you’re away from home. Either let Freedome connect to your closest F-Secure Cloud, or select a virtual location from a set of countries. Handy if you’re traveling but want to follow a series on a streaming service (most block foreign IPs). Today’s world looks very different than it did 25 years ago when we started working with Internet security. Privacy issues and fundamental questions about our online freedom are now on everyone’s lips. F?Secure Freedome VPN (100% Discount)
  8. Here's an outline: 1. Anonymizing Your Internet Usage 2. Securing Your Browser 3. PGP Encryption 4. Changing Your Mac Address 5. Anonymous IM 6. Anti-virus 1. Anonymizing Your Internet Usage The easiest way to anonymize your internet usage is to use TOR or a VPN RELIGIOUSLY. NON-STOP 24/7 FUCKING TOR ACTION NOT EVEN A SINGLE GOOGLE OUTSIDE TOR/VPN VPN A Virtual Private Network helps to ensure privacy by creating an encrypted tunnel between your computer and a remote VPN server. Example setup without VPN: Home PC -> ISP -> Internet Example setup with VPN: Home PC => ISP => VPN server -> Internet Once data has entered the VPN tunnel (=…=) it is hidden from view by encryption protocols so that no-one, not even your Internet Service Provider (ISP), can ‘see’ it. The only computers that can see the data are the ones at each end of the VPN tunnel. Because the VPN server can see all data going into and out-of the tunnel (and trace it back to you), it is vital to choose a VPN provider you trust, and who keeps no logs of your internet activity. If you are concerned about privacy then you should never pick a VPN provider who keeps logs, and the comments below assume a no logs service. Providers we particularly like that are good for keeping no logs are Mullvad, AirVPN and Private Internet Access (although the fact that PIA is US based has introduced considerable uncertainty to this recommendation). Pros: As long as your VPN provider is trustworthy and keeps no logs, VPN is a very secure and anonymous means of surfing the internet It is also good for securing connections at public WiFi hotspots, and for evading firewalls used to censor the internet It is a lot faster than Tor (although there will be a small hit to your internet speeds) It is very good for P2P filesharing, and ‘spoofing’ IPs in order to stream geo-restricted media content (e.g. Hulu). Cons: It relies on trusting your VPN provider, and is therefore not as secure as Tor It costs money (typically between $7 to $10 per month, with substantial discounts for bulk purchases). Many VPN providers accept Bitcoin payments. It is obvious to observers that you are using VPN. TOR (You should be familiar with TOR, but I'll throw it in here for educational purposes.) Tor is an anonymity network that supplies free software which lets you use the internet anonymously. Basically you connect though a number of randomly selected nodes (at least three), with the data being re-encrypted each time. This means that although each node knows who is connecting to it, and who it connects to, no node knows the whole route (circuit). The final link in the chain, the one that connects you to the internet, is known as an exit node, and is one of the biggest weaknesses of the system. See a Sybil attack for more information on this. My favorite motto is: "You're only as safe as the exit node you're connected to." Also, don't run exist nodes because if anyone watches CP through it, you're responsible and they will take you down. This has led to a fairly small number of public exit nodes being available, and has meant that restrictive governments such as China, who monitor these nodes, have been able to block access to many of them. There are still plenty of nodes around however, but it does mean that Tor users in some countries my need to reconnect to a number of different nodes before they find one that has not been blocked. Pros: Very secure and anonymous (in fact it is generally considered the most secure and anonymous way to access the internet available, and is therefore suitable for political dissidents and the like) It is also good for securing connections at public WiFi hotspots and for evading firewalls used to censor the internet (although see comments blocked exit nodes above) Free Cons: Slow (often very) Restrictive countries can make finding unblocked public exit nodes a pain Not good for P2P downloading and streaming from spoofed IPs – not only are network speeds too slow for this to be practical, but doing so slows down the system even more for other users. In addition to this, volunteers running the exit nodes may be held accountable for your copyright violations, so it is considered very rude It is obvious to observers that you are using Tor, and some websites (such as PayPal) may refuse to play ball Other services which may be of interest include JonDonym, Lahana, I2P and Psiphon. === 2. Securing Your Browser By now you're probably using the Tor Browser Bundle or TBB for short. This is the easiest way to go about things. a. Ensure NoScript is disabling scripts globally. b. Click the 3 bars/settings menu, then click HTTPS and finally enable "Block All HTTP Requests". This makes it so that you can't get ARP poisoned for cleartext passwords. Never hurts to make all your connections HTTPS, right? c. Click again on the 3 bars. Now select 'Options' and navigate to the Privacy tab. Select 'Do not tell sites...' and under "History" choose 'Never Remember History'. FLUSH YER DNS! Computers automatically cache the hostname of the websites you have visited to make reloading the pages faster than if there was no cache. This is clearly not wanted. ipconfig /flushdns CCleaner CLEARNET LINK: https://www.piriform.com/ccleaner CCleaner cleans out pesky Flash cookies and also a host other rubbish that is slowing your computer down and leaving traces of your internet activity behind. Flash cookies or ‘zombie cookies’ are bits of persistent Flash code which respawn regular cookies when they are modified or deleted. To configure CCleaner to work properly and delete these, 1. Open CCleaner, then navigating to Options -> Include -> Add: C:\ -> Users -> User name -> AppData -> Roaming > Macromedia > Flash Player -> #SharedObjects and C:\ ->Users -> User name -> AppData -> Roaming -> Macromedia -> Flash Player > macromedia.com -> support -> flashplayer -> sys 2. Then go to ‘Exclude’ and ‘Add’: C:\ -> Users -> User name -> AppData -> Roaming -> Macromedia -> Flash Player -> macromedia.com -> support -> flashplayer -> sys -> settings.sol Windows XP users should: 1. Include: C\: -> Documents and Settings -> User name -> Application Data -> Roaming -> Macromedia -> Flash Player -> macromedia.com -> support -> flashplayer -> sys and C -> Documents and Settings -> User name -> Application Data -> Roaming -> Macromedia -> Flash Player -> #SharedObjects 2. Exclude: C\: -> Documents and Settings -> User name -> Application Data -> Roaming -> Macromedia -> Flash Player -> macromedia.com -> support -> flashplayer -> sys -> settings.sol HTML web storage CLEARNET LINK: https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/ This extension is said to remove web storage automatically on a regular basis. Privacy Badger CLEARNET LINK: https://www.eff.org/privacybadger Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it's like you suddenly disappeared. Red means Privacy Badger believes this domain is a tracker, and has blocked it. Yellow means the domain is believed to be both a tracker and necessary for the functioning of the page, so Privacy Badger is allowing it but blocking its cookies. Green means that Privacy Badger believes this is not tracker. Other very useful Browser Extensions are: Lastly use Duck Duck Go or Startpage INSTEAD of Google. Google = bad bad bad! === 3. PGP Encryption If you aren't using PGP Encryption when sending messages you might as well off yourself right now. It is extremely vital to use it. As Ping once said 'The longer the better '. Download GPG4Win Here: CLEARNET LINK: Gpg4win - Secure email and file encryption with GnuPG for Windows Run the downloaded file and select to install only Kleopatra and GPA. Open GPA Keys > New Key Fill in the information with whatever you want people to see your public key as. NOTE: DO NOT USE YOUR REAL NAME! After selecting your alias it asks for an e-mail adress. This e-mail should be non existent, and be linked to a website that also doesn’t exist. Take the example below: Then make a backup of your key. Find where you put the back up of your key. It will be an .asc file. Open it with Notepad. When sharing your key with others, you wan’t to copy and paste from the beginning dashes to the end dashes. To import other people's keys into GPA, create a blank text document. Paste their key in. Open GPA. Import Keys. Select File. Confirm. Done. SENDING AN ENCRYPTED MESSAGE: 1. Open GPA. 2. Open up clipboard. 3. Write your message. 4. Encrypt. Choose the receiver's key. 5. You'll now have an encrypted message. 6. Just email/message that to them. To decrypt a message sent to you: 1. Open GPA. 2. Open Clipboard. 3. Paste funky looking message. 4. Decrypt - enter password. === 4. Changing Your Mac Address CLEARNET LINK: http://devices.natetrue.com/macshift/ Very easy. Download, open cmd, run macshift -r -i "Wireless" #If you're using Wireless macshift -r -i "Ethernet" #If you're using Ethernet 5. Anonymous IM CLEARNET LINKS: https://www.pidgin.im/ + https://otr.cypherpunks.ca/ Run both installers - pidgin with the default settings. Set it up how you want, currently I only have it set up for Google Hangouts which kind of defeats the purpose. If I can get it set up later, I'll edit this. ONLY USE XMPP If you want to connect to a hidden service, for example the jabber.ccc.de hidden service I use the following configuration: 6. Anti-virus 10/10 would recommend the AVG + Malwarebytes combo. If someone lands malware on your machine, you're 110% fucked. Nuff said. === Lastly, if you want to be the safest, run it in a virtual machine. To Hackerjon - I wrote this following your restrictions (no VM, no Tails, no Linux). Having all three of those is by far your safest bet, but whatever. === Source: hell
  9. Facebook is in violation of EU data laws owing to its overly complex privacy policies and persistent tracking of users, even if they have opted out of such systems. This was the key claim in a report by researchers at the University of Leuven and the Free University of Brussels on behalf of the Belgian Privacy Commission. “Our analysis indicates [that] Facebook is acting in violation of European law,” the report said. Specifically, the researchers are concerned that almost all data tracking and monitoring done by Facebook, such as for advertising purposes or gathering location data, is done without giving users adequate control over their privacy. “Its current default settings with regards to behavioural profiling and advertising (essentially 'opt-out') remain problematic,” the report said. “According to the Article 29 Working Party, consent cannot be inferred from the data subject’s inaction with regard to behavioural marketing. “As a result, Facebook’s opt-out system for advertising does not meet the requirements for legally valid consent. In addition, opt-outs for 'Sponsored Stories' or collection of location data are simply not provided.” The way Facebook combines data from its other services, specifically Instagram and WhatsApp, to build a more complete picture of a user was also cited as another way in which Facebook does not adhere to EU privacy and data laws. “Facebook only offers an opt-out system for its users in relation to profiling for third-party advertising purposes. The current practice does not meet the requirements for legally valid consent,” the report said. The report also criticised Facebook for “leveraging its dominant position” in the social networking market to effectively force users to accept its conditions. “The choices Facebook offers to its users are limited. For many data uses, the only choice for users is to simply 'take it or leave it'. If they do not accept, they can no longer use Facebook and may miss out on content exclusively shared on this platform,” the researchers said. Another interesting area raised in the report relates to the rights, or lack of, that Facebook provides to delete an account and have all data removed from the firm's databases. "Facebook fails to provide (sufficient) granularity in exercising data subject’s rights. For example, the right to erasure can only be exercised with regard to the user’s profile and only relates to self-posted content," it said. V3 contacted Facebook for its response to the report but had received no reply at the time of publication. The damning allegations come just a few months after Facebook updated its terms and conditions in an effort to make it easier for people to "take charge" of how their data is used on the site. Source
  10. While some lawmakers claim that a threat information-sharing bill, called CISA, was amended with substantial privacy provisions – privacy experts worry that that the bill still lacks enough protections. Last Thursday, the Senate Intelligence Committee approved the Cybersecurity Information Sharing Act (CISA) in a 14 to 1 vote (that followed a closed door session where several amendments were added to the bill). The legislation, which is said to advocate information-sharing between private companies and government to thwart cyberattacks like the one's striking Sony and Anthem, was strongly contested by the American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and other privacy rights groups and security experts earlier this month, who said that the bill lacked ample privacy protections in its drafted form. Now that the text of the newly amended bill is available (PDF), grievances remain for some concerning the process through which companies would share information with the government. In a Thursday interview, Gabe Rottman, legislative counsel for the ACLU, told SCMagazine.com that “it's not clear that there would be adequate privacy protections on the front-end when the information is shared with the government.” “Once that information is shared, it can flow through the government, including to the Department of Defense, which includes the NSA,” he explained. Notably, Sen. Ron Wyden, the sole lawmaker to vote against the bill last week, said in a statement that, “If information-sharing legislation does not include adequate privacy protections then that's not a cybersecurity bill – it's a surveillance bill by another name.” In his interview with SCMagazine, ACLU's Rottman added that the scope of surveillance programs revealed by Edward Snowden have shown the government's “tendency to stretch the law as far as it will go,” to further surveillance. “Here, the information would go to DHS, but it could be shared it in real-time without a privacy sweep, including with the National Security Agency,” Rottman said. Source
  11. Salutare, M? joc 10-15 minute, m? uit la film 10-15 minute ?i mi se d? restart la calculator, dar înainte s? se dea restart la calculator se aude "bzzzzzzzzzzzzz" dup? se d?. Când se deschide calculatorul primesc notificare ca bluescreen. De la ce ar putea fi, l-am dus de vreo 4-5 ori la reparat ?i mi-au spus c? nu are nici o problem? calculatorul. * Uneori mi se d? restart, alteori nu mi se d?... ** Eroare când se deschide pc-ul: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 1033 Additional information about the problem: BCCode: 116 BCP1: FFFFFA8009E5F4E0 BCP2: FFFFF8800FA3D7A0 BCP3: FFFFFFFFC000009A BCP4: 0000000000000004 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\030815-31715-01.dmp C:\Users\x\AppData\Local\Temp\WER-161570-0.sysdata.xml Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt Câteva informa?ii ale calculatorului meu, poate v? ajut? cu ceva... Procesor: Intel® Core™ i3-3250 CPU @ 3.50GHz (4CPUs), ~3.5GHz RAM: 8.00 GB System type: 64-bit Operating System Operatin System: Windows 7 Ultimate 64-bit (6.1, Build 7601) Card name: NVIDIA GeForce GT 630
  12. Privacy activists are urging Mattel to axe its Hello Barbie doll, which sends recordings of children's voices across the internet for voice-recognition analysis. The improbably proportioned doll is fitted with a small embedded computer, a microphone, a speaker and a Wi-Fi interface. When the toy's belt buckle is pressed, Barbie asks a question, and records what the child answers. This reply is encoded and encrypted, and sent over the internet to servers to be processed by voice-recognition software. That software then sends back a command to the doll to playback a reply stored in the toy. Barbie is programmed with various questions, jokes and quips, which are picked by the backend software in response to whatever the kid wants to talk about. This is supposed to convince youngsters that Barbie is a kind and thoughtful miniature friend. Meanwhile, the backend systems can email reports to parents on what their tykes are nattering about. Mattel and San Francisco-based startup ToyTalk developed Hello Barbie, and showed it off last month at the Toy Fair 2015 convention in New York City. At the time, El Reg drilled into the news, and highlighted privacy concerns surrounding the toy. For one thing, recordings of children's voices are stored on remote computers so ToyTalk can apparently improve its voice-recognition engine. Now the Campaign for a Commercial-Free Childhood (CCFC) has fired up a petition against Hello Barbie, citing The Register's coverage. The group is upset that the doll will collect a child's private thoughts, and store them on Mattel's systems. This could be used for marketing purposes, and doesn't encourage creative play, the campaigners fear. "If I had a young child, I would be very concerned that my child's intimate conversations with her doll were being recorded and analyzed," said Georgetown University Law Professor Angela Campbell, a faculty advisor to the school's Center on Privacy and Technology. "In Mattel's demo, Barbie asks many questions that would elicit a great deal of information about a child, her interests, and her family. This information could be of great value to advertisers and be used to market unfairly to children." Er, advertising? "Computer algorithms can't replace — and should not displace—the nuanced responsiveness of caring people interacting with one another," said pediatrician and CCFC Board member Dr Dipesh Navsaria, assistant professor at the University of Wisconsin School of Medicine and Public Health. "Children's well-being and healthy development demand relationships and conversations with real people and real friends. Children do not need commercially manufactured messages – artificially created after listening in on anyone within range of Mattel's microphones." Although the group cites our story, the activists may want to read it again. Mattel's servers don't hold the conversations Hello Barbie records, ToyTalk does, and the startup has stated explicitly that the audio will never be used for advertising purposes. The SF upstart says it has its eyes on a larger prize: developing an accurate voice recognition system for children. The lion's share of voice-recognition programming has been developed with adult's voices, but kids use a different voice cadences, sentence structures and verbiage. Hello Barbie is just a prototype at the moment, and is expected to go on sale for Christmas. While it's true that the firm's privacy policy may change by the time the toy hits the shelves, based on our conversations with ToyTalk, it seems set on avoiding Barbie becoming an advertising channel. Worrying about ads is missing the real issues, we think, which are security and privacy. So far the group has collected 1,738 signatures for its petition. "All of ToyTalk’s products in market have been designed to meet or exceed the Children’s Online Privacy Protection Act (COPPA) and have also been independently verified as such by KidSAFE+," Oren Jacob, CEO of ToyTalk, told The Register today. "While the underlying technology of our products works much like Siri, Google Now, and Cortana, ToyTalk products never search the open web for answers. Responses are carefully crafted by our own writing team, and conversations recorded through our products are never used to advertise or market to children or anyone." Source
  13. GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. Changes: Multiple bug fixes. Translation updates. Download Home Page
  14. A privacy hole in WhatsApp allowed anyone to view someone else's profile photo – even if a user had configured the mobile messenger app to only show their pic to their contacts. The privacy slip-up, which came with the debut of WhatsApp’s newly-introduced web interface at web.whatsapp.com, was discovered by 17-year-old security researcher Indrajeet Bhuyan. The service was designed to allow users to chat with WhatsApp contacts through a browser, potentially on a PC or laptop. Privacy settings applied on the mobile app were apparently not carried over onto the browser-based version of the technology, launched just days ago and only available through Google's Chrome browser. On the smartphone side, you can only use the functionality on Android, BlackBerry and Windows Mobile since there's no iOS version at this nascent stage. There's no suggestion that messages themselves were exposed. Only profile pictures were viewable to world+dog. A second issue, also discovered by the enterprisingly precocious Bhuyan, means that deleted photos are still viewable through the web client even though they appeared as blurred if deleted when accessed though mobile versions of the software. In both case you'd need to be logged in to see pictures in the trash, blurred or otherwise. This issue apparently stems from glitches in syncing functionality. It's unclear if and when the web version of WhatsApp will be updated to iron out these security glitches. WhatsApp recently introduced end-to-end encryption to better secure users’ messages, much to the chagrin of UK politicians such as David Cameron. Bhuyan, who had previously discovered a way to crash WhatsApp on users’ phones simply by sending a specially crafted message, has put together videos illustrating the ?WhatsApp web photo privacy bug? (here) and photo synch bug (here). Security veteran Graham Cluley said even though no sensitive data had actually been exposed, the teenager was right to call WhatsApp out on the latest issues he's managed to uncover. "Sure, it’s not the most serious privacy breach that has ever occurred, but that’s missing the point," Cluley explained in a blog post. "The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved." Source
  15. Last week, the most popular mobile messaging application WhatsApp finally arrived on the web — dubbed WhatsApp Web, but unfortunately it needs some improvements in its web version. An independent 17-year-old security researcher Indrajeet Bhuyan reported two security holes in the WhatsApp web client that in some way exposes its users’ privacy. Bhuyan called the first hole, WhatsApp photo privacy bug and the other WhatsApp Web Photo Sync Bug. Bhuyan is the same security researcher who reported us the vulnerability in the widely popular mobile messaging app which allowed anyone to remotely crash WhatsApp by sending a specially crafted message of just 2kb in size, resulting in the loss of conversations. Whatsapp Photo Privacy Bug According to him, the new version of WhatsApp Web allows us to view a user’s profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to "Contacts Only," the profile picture can be viewed by out of contacts people as well. Basically, if we set the profile image privacy to Contacts Only, only the people in our contact list are able to view our profile picture, and nobody else. But, this is not in the case of WhatsApp Web. You can watch how this works in the video demonstration below: WhatsApp Web Photo Sync Bug The second security hole points out the WhatsApp Web Photo Syncing functionality. Bhuyan noticed that whenever a user deletes a photo that was sent via the mobile version of WhatsApp application, the photo appears blurred and can’t be viewed. However, the same photo, which has already been deleted by the user from mobile WhatsApp version, can be accessible by Whatsapp Web as the photo does not get deleted from its web client, revealing the fact that mobile and web clients of the service are not synced properly. You can also watch the video demonstration on this as well: This is no surprise, as WhatsApp Web introduced just a couple of days before and these small security and implementation flaws could be expected at this time, as well as some other bugs could also be revealed in the near future. However, the company will surely fix the issues and will definitely make its users’ messaging experience secure. As partnered with Open Whisper Systems, WhatsApp recently made end-to-end encryption a default feature on Android platform, stepping a way forward for the online privacy of its users around the world. -> Source: 17-Year-Old Found Bugs in WhatsApp Web and Mobile App - Hacker News
  16. PARIS - France's data protection watchdog on Wednesday fined Google 150,000 euros ($205,000) -- the maximum possible -- for failing to comply with its privacy guidelines for personal data. The watchdog, the CNIL, also ordered the US Internet giant to publish a statement relating to its decision on its French homepage for at least 48 hours within the next eight days. Google was informed of the decision on January 3, the CNIL said in a statement. France's move follows Google's introduction in 2012 of a new privacy policy which enables it to track user activity across its search engine, Gmail, the Google+ social networking platform and other services it owns, which include YouTube. The changes make it easier for Google to collect and process data that could be used by advertisers to target individuals with tailored offers, thereby increasing the company's revenue potential. The CNIL had asked Google to inform web users in France on how it processes their personal data and to define exactly how long they can store the information. It had also requested that the US giant obtain user permission before storing cookies on their computers, referring to files that track web surfers and allow companies to target them with tailored commercials. Google has always maintained that its treatment of data gathered from users is in line with European law and has previously refused to get into an argument about the specific French requirements. The issue of data protection has gathered steam worldwide following revelations by Edward Snowden, a former contractor with the National Security Agency, that the US had a vast, secret program called PRISM to monitor Internet users. Google has defended the changes it made last year on the ground that they simplify and standardize its approach across its various services. But critics argue that the policy, which offers no ability to opt out aside from refraining from signing into Google services, gives the operator of the world's largest search engine unprecedented ability to monitor its users' tastes and purchasing patterns. Source: France Fines Google Maximum Penalty in Data Privacy Row | SecurityWeek.Com
  17. Buna ziua RST, Am o intrebare pentru voi. Algoritmul Gutmann-35 este un algoritm facut de catre Peter Gutmann si Colin. Acest algoritm sterge datele folosind 35 pasi diferiti (mai multe info aici: Gutmann method - Wikipedia, the free encyclopedia). Recent am citit un articol ca metoda Gutmann-35 este total inutila. Caci chiar daca re-scris peste acea zona unde se afla un fisier de 35x, aceasta poate fi totusi recuperata folosind magnetii speciali de care numai CIA sau FBI-ul il detine. Intrebarea mea este, daca intr-adevar exista o astfel de tehnologie care sa ajuta la recuperarea fisierelor chiar daca ai folosit inclusiv metoda Gutmann-35. Inseamna ca nu exista absolut nici o metoda care sa fie datele tale 100% sterse? Totusi, ce am prezentat mai sus am vorbit pentru un simplu Hard-Disk care foloseste platane. Cum ar functiona in cazul unui SSD? Se sterg mai usor si mai sigur datele de pe un SSD decat de pe un HDD? cum sta treaba? Multumesc! EDIT: Am uitat sa precizez, O metoda 100% de a sterge datele asta inseamnand Fara distrugerea fizica a HDD-ului/SSD-ului. Si ca sa fie clar, nu am intentii rele. Nu am de ce sa ma tem, sunt doar curios. Cu bine!
  18. Salutare, Din plictiseala astazi am inceput sa caut aplicatii de securitate. Am dat peste o aplicatie interesanta numita Safe&Secret. https://play.google.com/store/apps/details?id=com.safensecret.android&hl=ro Am testat aceasta aplicatie folosind telefonul meu Android cu un telefon simplu (caramida), In caz de acea aplicatie nu e chiar asa "buna" cum s-ar zice. Ei bine, se pare ca chiar asa e. Aplicatia foloseste un algoritm de criptare AES-256. Am trimis un SMS criptat catre celalalt telefon, si asa cum speram, celalalt telefon primeste un SMS cu o amestecatura de litere (criptat). Am trimis acelasi SMS criptat de pe "caramida" si cand am primit acel SMS, am aflat ca nu numai ma anunta ca am primit acel SMS criptat, ci si il separa de mesageria normala. Bineinteles, cand primesc un SMS criptat, suna cu o alta melodie (cea din acel soft). Daca vreau sa deschid acel SMS trebuie sa bag doua parole. 1. Main Key al soft-ului, 2. Parola acelui text criptat. Am ramas cu o impresie placuta legata de acest soft, desi mai au nevoie de mici imbunatatiri. Acum, Poate ca eu ma bucur ca am gasit acest soft, ma intreb daca exista pe Market Android alte aplicatii similare si de ce nu, mai bune. Daca cineva foloseste un astfel de soft, sa il imi spuna si mie care este acela ---- Algoritmul AES-256 este ok, as prefera un algoritm "mixed" gen AES+BASE64+ROT13+Serpent+Caesar Shift de exemplu.
  19. Skype privacy bug that can Send Messages To The Wrong Contacts Posted On 7/18/2012 01:02:00 AM By THN Security Analyst What if when you sent a message to someone, it had a very good chance of going to someone else in your contact list? That would be pretty scary right? That what some Skype users are reporting. The bug was first discussed in Skype’s user forums, and seems to have followed a June 2012 update of the Skype software. Skype has confirmed the bug existence and that a fix is in the works. However, the company characterizes the bug as “rare.” Purchased by Microsoft last year for $8.5 billion, the Luxemburg company which has as many as 40 million people using its service at a time during peak periods, explained that messages sent between two users were in limited cases being copied to a third party, but did not elaborate further on the matter. Five other individuals of the Microsoft-owned program confirmed they were also seeing instant messages being sent to the wrong person from their contact list. Sometimes it's just a few messages, while other times it's a whole conversation. Skype has, on its blog, confirmed the issue of a bug sending instant messages to wrong contacts and has promised a fix. Addressing the issue, Skype wrote, "Based on recent Skype customer forum posts and our own investigation over the past couple of days, we have identified a bug that we are working hard to fix." Skype privacy bug that can Send Messages To The Wrong Contacts : The Hacker News ~ http://thehackernews.com/2012/07/skype-privacy-bug-that-can-send.html
  20. Nu mai mira pe nimeni, nu? Dupa ce in ultima perioada de timp au fost scoase la iveala numeroase bug-uri de securitate, deficiente in setarile de confidentialitate, inca o stire legata de vanzarea datelor unor useri de catre o aplicatie de top de pe Facebook a aparut. Facebook zice ca n-are nimic, nu-s mai mult de o duzina de aplicatii autorizate de ei si considerate a fi de top, care fac asta in mod curent. Facebook App Developers Sold User Data…Shock! An Update on Facebook UIDs - Facebook Developers
×
×
  • Create New...