Bruce Schneier talks about how security companies sat on knowledge and research data about military-grade Regin malware for at least six years. They only decided to share their knowledge because the Intercept was about to publish an article about it. Their arguments for why they withheld their knowledge until now range from “our customers asked us not to disclose what had been found in their networks” to “we didn’t want to interfere with NSA/GHCQ operations”. :/ It’s safe to say that they sit on a bunch more.
Links
Edja Snodow
Die Geschichten um diesen Edja Snodow sind wie das Spiegelbild einer Welt, die man nicht haben will.
https://twitter.com/riyadpr/status/543043457766653952
They Don’t Care About Your “Online” Privacy
Messenger apps show your friends’ online status. Anytime you open the app, they’ll notify the service that you’re “online” at the moment. Now everybody else can see it in their contact lists.
And with everybody I mean anybody! If you have a phone number you can check that person’s online status as often as you want from wherever you want (no need to be friends or anything).
So did a group of researchers at the Friedrich-Alexander-Universität Erlangen-Nürnberg. They used this “feature” to “find out how frequently and how long users spent with their popular messenger” on a random sample of 1000 people in different countries for over eight months.
Looking through the project’s website should make it clear how little the creators of those apps care …
Moreover, we were able to run our monitoring solution against the WhatsApp services from July 2013 to April 2014 without any interruption. Although we monitored personal information of thousands of users for several months — and thus strongly deviated from normal user behaviour — our monitoring efforts were not inhibited in any way.
… and that they don’t want you to be able to care.
Unfortunately, affected messenger services (like WhatsApp, Telegram, etc.) currently provide no option for disabling access to a user’s “online” status. Even WhatsApp’s newly introduced privacy controls fail to prevent online status tracking, as users still cannot opt-out of disclosing their availability to anonymous parties.
Data protection via company policy is broken
Short reminder, it’s effectively only company policy that’s protecting your data’s privacy in corporate hands.
Update:
Apple’s Spotlight Search Phones Home
OS X Yosemite seems to have gained the feature to “phone home” when you do spotlight searches. It’ll send search terms and your location data to Apple’s servers. Of course it’s perfectly in line with Apple’s recent “trust us, we won’t collect unnecessary data” rhetoric.
[…] Ashkan Soltani, an independent researcher and consultant, confirmed the behavior, labeling it “probably the worst example of ‘privacy by design’ I’ve seen yet.” Users don’t even have to search to give up their privacy. Apple immediately sends the user’s location to the company, according to Soltani.
You can turn it off, but it’s on by default.
Atlas by Facebook
All the joy of online advertising will now also be available to you offline! Thank you Facebook.
Limits to Growth
In 1972 the Club of Rome commissioned a study on growth trends in world population, industrialisation, pollution, food production, and resource depletion which was eventually published as a book called “The Limits to Growth.” They simulated different scenarios predicting what would happen until 2100 depending on whether humanity takes decisive action on environmental and resource issues. 40 years later the world pretty much matches the worst prediction.
Monitor Activity in your OS X Dock
Just found a nice trick on TUAW on how to make the OS X Activity Monitor show graphs in place of its app icon.
Passwörter und Fingerabdrücke mittels Smartphone abfilmen
Forscher der TU Berlin haben herausgefunden, dass die Frontkameras von Smartphones so gut auflösen, dass man an den Reflexionen in den Augen oder Brillen Passwörter auslesen kann.
Außerdem gelang es auch Fingerabdrücke mittels Rückkamera beim Greifen nach dem Gerät abzufilmen.
… man kann es auch als Nachtrag zu diesem Paper sehen.
Jodorowsky’s Dune
Watch Jodorowsky’s Dune! You’re mind will be blown!
… almost as bad as with Room 237.