Privacy

A lot of people seem to be confused so to clear up: They haven't broken encryption. They are phishing using malicious QR codes.

Russia-backed hacking groups have developed techniques to compromise encrypted messaging services, including Signal, WhatsApp and Telegram, placing journalists, politicians and activists of interest to the Russian intelligence service at potential risk.

Google Threat Intelligence Group disclosed today that Russia-backed hackers had stepped up attacks on Signal Messenger accounts to access sensitive government and military communications relating to the war in Ukraine.

Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram.

So, I want to encrypt my files with Cryptomater before they go to my cloud based backup service. Lets say I use Dropbox.

So I know I create a Cryptomater vault and give the location as a folder in Dropbox.

I can't see that Vault until I open it in Cryptomater, right? This means I can't add anything to that Vault unless its open on my machine. As its open, I'm assuming that the data I'm adding is unencrypted until I close the Vault?

Lets say I add a plain text file to an open Vault.

So, at what point does Dropbox upload that file? Is it the minute its added to the Dropbox environment? Because that would mean its unencrypted.

Or is it not uploaded until the moment the Cryptomater vault is closed? Because that would mean I'd either have to leave the Vault open the entire time I was on my device and possibly have to do one (potentially) big upload at the end of the day maybe or keep opening and closing the Vault every time I wanted to work with the Vault (edit an existing document, add a new one, delete one etc).

Or have I misunderstood the process? I hope so because it either sounds not very secure or not very usable.

Alternative article: 'Silicon Valley’s Favorite Mattress, Eight Sleep, had a backdoor to enable company engineers to SSH into any bed'

• https://www.bloomberg.com/news/newsletters/2025-02-21/silicon-valley-s-favorite-mattress-might-pose-privacy-risk

Tech group says it can no longer offer advanced protection to British users after demand for ‘back door’ to user data https://archive.is/NI01z

This simple guide explains how to identify and remove common spyware apps from your Android phone.

cross-posted from: https://lemmy.ml/post/26220818

I am shocked by this - the quote in below is very concerning:

"However, in 2024, the situation changed: balenaEtcher started sharing the file name of the image and the model of the USB stick with the Balena company and possibly with third parties."

Can't see myself using this software anymore...

https://soatok.blog/2025/02/18/reviewing-the-cryptography-used-by-signal/

A very good, extensive and interesting read on cryptography, centered around Signal (my daily driver), from the same guy who has previously analyzed Telegram and Session.

cross-posted from: https://feddit.org/post/8126174

“Today the Sheriff acknowledged that dystopian program violated the Constitution and agreed never to bring it back.”

I dunno about you guys but this case was the proverbial "straw that broke the camel's back" that made me start taking privacy seriously.

tl;dr Pasco County, FL was running a "predictive policing" program where they would use "a glorified Excel spreadsheet" to predict crimes and an algorithm would spit out "potential criminals" in the area. Most of them ended up being children. After that they would harass their families' day and night until they either committed a crime and went to jail or moved out of the county (which was the intention all along).

God Bless the IJ for taking up this cause and shutting it down, because it is honestly terrifying. It's a rare W for privacy. However I'm sure we haven't seen the last of "predictive policing" and we should remain vigilant.

and here's the video they made about it in 2022

cross-posted from: https://lemmy.dbzer0.com/post/38021492

via https://mastodon.nl/users/Jigsaw_You/statuses/114018619621784503

Obligatory BAN X in Europe!

Crossposted from https://programming.dev/post/25586546

Does anyone else here use https://cryptpad.fr/ ?

I'm loving it so far- it's probably the best privacy focused g suite alternative I've found. It's easy enough to use that even the non-technical among us can use it

by Lars Wilderang, 2025-02-11

Translation from the Swedish Origin

In a new instruction for fully encrypted applications, the Swedish Armed Forces have introduced a mandatory requirement that the Signal app be used for messages and calls with counterparts both within and outside the Armed Forces, provided they also use Signal.

The instruction FM2025-61:1, specifies that Signal should be used to defend against interception of calls and messages via the telephone network and to make phone number spoofing more difficult.

It states, among other things:

“The intelligence threat to the Armed Forces is high, and interception of phone calls and messages is a known tactic used by hostile actors. […] Use a fully encrypted application for all calls and messages to counterparts both within and outside the Armed Forces who are capable of using such an application. Designated application: The Armed Forces use Signal as the fully encrypted application.”

The choice of Signal is also justified:

“The main reason for selecting Signal is that the application has widespread use among government agencies, industry, partners, allies, and other societal actors. Contributing factors include that Signal has undergone several independent external security reviews, with significant findings addressed. The security of Signal is therefore assumed to be sufficient to complicate the interception of calls and messages.

Signal is free and open-source software, which means no investments or licensing costs for the Armed Forces.”

Signal supports both audio and video calls, group chats, direct messages, and group calls, as well as a simple, event-based social media feature.

The app is available for iPhone, iPad, Android, and at least desktop operating systems like MacOS, Windows, and Linux.

Since Signal can be used for phone calls, the instruction is essentially an order for the Armed Forces to stop using regular telephony and instead make calls via the Signal app whenever possible (e.g., not to various companies and agencies that don’t have Signal), and no SMS or other inferior messaging services should be used.

Note that classified security-protected information should not be sent via Signal; this is about regular communication, including confidential data that is not classified as security-sensitive, as stated in the instruction. The same applies to files.

The instruction is a public document and not classified.

Signal is already used by many government agencies, including the Government Offices of Sweden and the Ministry for Foreign Affairs. However, the EU, through the so-called Chat Control (2.0), aims to ban the app, and the Swedish government is also mulling a potential ban, even though the Armed Forces now consider Signal a requirement for all phone calls and direct messaging where possible.

Furthermore, it should be noted that all individuals, including family and relationships, should already use Signal for all phone-to-phone communication to ensure privacy, security, verified, and authentic communication. For example, spoofing a phone number is trivial, particularly for foreign powers with a state-run telecom operator, which can, with just a few clicks, reroute all mobile calls to your phone through a foreign country’s network or even to a phone under the control of a foreign intelligence service. There is zero security in how a phone call is routed or identified via caller ID. For instance, if a foreign power knows the phone number of the Swedish Chief of Defence’s mobile, all calls to that number could be rerouted through a Russian telecom operator. This cannot happen via Signal, which cannot be intercepted.

Signal is, by the way, blocked in a number of countries with questionable views on democracy, such as Qatar (Doha), which can be discovered when trying to change flights there. This might serve as a wake-

https://cornucopia.se/2025/02/forsvarsmakten-infor-krav-pa-signal-for-samtal-och-meddelanden/

cross-posted from: https://lemmy.ml/post/26039725

Andisearch Writeup

A security researcher known as Brutecat discovered a vulnerability that could expose the email addresses of YouTube's 2.7 billion users by exploiting two separate Google services[^1][^2]. The attack chain involved extracting Google Account identifiers (GaiaIDs) from YouTube's block feature, then using Google's Pixel Recorder app to convert these IDs into email addresses[^1].

To prevent notification emails from alerting victims, Brutecat created recordings with 2.5 million character titles that broke the email notification system[^1]. The exploit worked by intercepting server requests when clicking the three-dot menu in YouTube live chats, revealing users' GaiaIDs without actually blocking them[^2].

Brutecat reported the vulnerability to Google on September 15, 2024[^1]. Google initially awarded $3,133, then increased the bounty to $10,633 after their product team reviewed the severity[^1]. According to Google spokesperson Kimberly Samra, there was no evidence the vulnerability had been exploited by attackers[^2].

Google patched both parts of the exploit on February 9, 2025, approximately 147 days after the initial disclosure[^1].

[^1]: Brutecat - Leaking the email of any YouTube user for $10,000 [^2]: Forbes - YouTube Bug Could Have Exposed Emails Of 2.7 Billion Users

cross-posted from: https://lemmy.one/post/24631083

I am in the EU and wanted to buy my first domain here. I wanted to play around with making a website, hosting etc.

So I went to sites like Netim, namecheap, and porkbun. I found that they ask for my name, phone number, and address.

I'm not sure if I can make crap up there and register. I am using a temporary digital /virtual card, so I won't have too much trouble on that front.

cross-posted from: https://feddit.uk/post/24065032

I've seen this posted a couple of times in comments, it seems like a reasonable investigation in to the recent shit storm

I usually actively avoid engaging in anything to do with US politics as it's pointless getting depressed by an awful situation I have zero control over; this post is not about fueling arguments or making us all feel worse, just determining if a useful tech company has gone to shit (TL;DR: probably not).