Privacy

The Trump administration is pooling data on Americans. Experts fear what comes next.

Gift article, paywall restrictions should be lifted

cross-posted from: https://lemmy.world/post/28688755

On Tuesday, the official account for the visa branch of the US Embassy in Tokyo posted an important note for those applying for a nonimmigrant visa — or DS-160 — for the States. According to the notice, applications must include accurate information regarding their SNS accounts that they have used within the last five years. Anyone who fails to comply with this request won’t be allowed to enter the country.

While the US Department of State (DOS) and the US Citizenship and Immigration Services (USCIS) have been checking the social media accounts of visa applicants and immigrants since at least 2019, Susanne Heubel, senior counsel at New York-based immigration law firm Harter Secrest & Emery LLP, told US Today that up until his last January these searches have been “almost negligible.”

cross-posted from: https://lemm.ee/post/62277390

The UN Convention on the Rights of the Child clearly expresses that minors have rights to freedom of expression and access to information online, as well as the right to privacy.

These rights would be steamrolled by age verification requirements.

I came across https://www.reflectacles.com/. I'm not sure if this type of gear is effective. Does anyone have experience or feedback on useful equipment for mitigating scanning in public spaces?

cross-posted from: https://lemmy.sdf.org/post/33178194

Online dissent is a serious crime in China. So why did a Weibo censor help me publish posts critical of the Communist party?

[...]

The Cyberspace Administration of China is the premier censorship agency in China. The newly appointed boss, Lu Wei, popularly known as the “internet tsar”, begins to implement a series of severe purges of online speech. Countless accounts are cancelled, and many people are thrown behind bars for what they wrote online. But that’s just guesswork. In China, there’s no need for a good reason to block someone’s account. A powerful government agency can simply issue an order to make a person disappear from public life.

[...]

After three years as a censor, Liu [Lipeng] detests his job. He detests the white office ceiling, the grey industrial carpet and the office that feels more like a factory. He also detests his 200-odd colleagues sitting in their cubicles, each concentrating on their mouse and keyboard as they delete or hide content.

[...]

One day, Liu sends me a direct message on X. He is excessively polite. He writes: “Mr Murong, please forgive me for presumptuously disturbing you,” before asking whether I remember the email sent via Yu Dayou with the two screenshots. My heart is pounding. I say: “Yes, I remember that. I wondered who sent that email. I am most grateful.”

We have a long phone call like long-lost friends. We describe everything we have done since leaving China. He says: “I wish to testify that although I was a Weibo censor, I am not a bad person.”

[...]

This article is in German. Link found in a popular, censored r/privacy Reddit post, a common occurrence.

Machine-translated article below:

Switzerland has an international reputation for being a safe haven for data – outside the EU, with political stability and a modernized data protection law. But this reputation is deceptive when you take a closer look at that Intelligence Act (NDG) throws. It has allowed this since 2017 Federal Intelligence Service (NDB) far-reaching interventions: cable reconnaissance, state Trojans, data retention and the exchange with foreign secret services are possible – sometimes even without concrete suspicion. Particularly explosive: In the run-up to the 2016 vote, the Federal Council assured that no nationwide surveillance was planned and that only data traffic abroad would be affected. In fact, it later became known that national traffic is also recorded. Terms such as »filtering « or »monitoring « have never been clearly defined politically – a breeding ground for lack of transparency and loss of trust.

Approval and control mechanisms exist, but their effectiveness is limited. Legally legitimized access to large amounts of data raises serious questions: How much surveillance can a democracy take? Where does security end, where does control begin? And what does this mean for companies that advertise their services based in Switzerland as particularly safe?

Also popular Swiss providers like Threema or ProtonVPN are fundamentally subject to Swiss law – and thus also to the NDG. This means that in certain cases, state access can also be legally possible here. Both companies advertise with technical end-to-end encryption or No-log policy, but technical security alone does not protect against legal access powers. Trust is good – but a critical look at the legal framework remains essential.

Yes, Swiss laws also allow official access to existing data. Switzerland is not a data protection paradise – even if it is often represented or advertised in the same way. At first glance, the location seems trustworthy, but the NDG allows extensive, sometimes suspicious monitoring. The reality of government access options contrasts sharply with the image that many providers and users paint. Those who hope for real digital sovereignty should not be blinded by the myth of the safe Swiss data port.

At the same time, in many other countries it doesn't look any better –, often even significantly worse. In the United States, for example, laws like the Patriot Act, the Cloud Act or FISA §702 (here is an overview) extensive access to data, including from providers operating outside the USA. In the United Kingdom and France there are also legal bases for tamper-free mass surveillance.

Germany does a little better in comparison –, above all thanks to the basic legal anchoring in the Basic Law, the independent case law of the Federal Constitutional Court and a lively public debate about data protection. But here, too, not everything is in the green: the use of state Trojans (Source TKÜ), the often opaque cooperation between secret services and the recurring political pressure on the long-failed Data retention show that fundamental rights are also under constant pressure in Germany. Nowhere is there absolute certainty – but how transparently and critically a society deals with surveillance makes the decisive difference.

Found on Reddit's r/privacy, where either moderators or Automod have pulled the plug on it.

[...]

The first rupture appeared on January 29 when cloud security firm Wiz stumbled upon an exposed ClickHouse database tagged “ds‑log‑prod‑001". Anyone with a browser could have accessed more than a million log lines: raw chat history, API keys, and even internal service tokens. Wiz engineers demonstrated that with two clicks they could seize “full database control", inject malicious code and pivot into the rest of DeepSeek’s infrastructure.

A week later mobile forensics specialists at NowSecure published a parallel autopsy of the iOS build. Their findings read like a checklist of everything Apple’s security team tells developers not to do: hard‑coded encryption keys, deprecated 3DES ciphers and App Transport Security switched off globally, allowing chats to travel unencrypted. The company urged enterprises to ban the app outright. However, DeepSeek’s parentage turned out to be even more troubling.

Corporate registries in Zhejiang and the Cayman Islands show the chatbot is a wholly owned offshoot of High‑Flyer Quant, a hedge fund founded in 2016 by the 38‑year‑old trader and CEO of Deepseek, Liang Wenfeng. Reuters reporting confirms that High‑Flyer pivoted from equity markets to artificial intelligence research in 2023, building two super‑computing clusters stuffed with Nvidia A100 processors before US export controls came into force.

[...]

Sources say the Computer Emergency Response Team of India (CERT‑In) is preparing a broader advisory under the new Digital Personal Data Protection Act that could push local app stores to delist the software if it fails a security audit. Other democracies have gone further: Italy, Australia and Taiwan have banned DeepSeek from public‑sector systems, with Taipei warning of “systemic espionage risk".

[...]

High‑Flyer Quant’s pitch decks boast of “harvesting alternative data at planetary scale". If every trade idea whispered into DeepSeek ends up in a Hangzhou warehouse, the company enjoys a real‑time map of market sentiment unavailable to Wall Street — and unpoliced by the Securities and Exchange Commission. For American fund managers and Indian startups alike, using the chatbot could be tantamount to CC‑ing a rival on every brainstorming session.

[...]