An initiative promoting the intersection of internet #privacy and #cybersecurity for all users.
Based in the USA.
You are more than just a data point.
Operated by: @ashwrites
Established in 2020.
Everybody is talking about E2EE but nobody is mentioning the age verification procedures that they want to put. Games like Minecraft will need ID for anyone to play on the App stores. Like what the fuck is going on.
You wanna know why this is even a possibility to use to lie? Because parents don't do shit. They give their 10 year old a tablet and fuck all. And then what happens? I have to send my credit card information to God knows where to watch kitten videos.
@regendans +1 for buttondown here.
@hemlockcookie thank you :ablobcatheart: I started a new position last month, so I think that’s a good start.
Hey, hi. I know it’s been a while. Hope you’ve been well. :ablobcatcoffee:
Where have I been?! Just let me explain.
TLDR; series of unfortunate events in my personal life, will resume the Privacy Roundup starting Oct 1 which will be the main focus.
The past 6-8 months have been a little more than just rough. I got laid off in May (fortunately saw it coming, but still), had a death in the family, lost some people I thought were friends, witnessing friends struggle, all around the same time. I didn’t mean for my impromptu break to be this long, but needed some time to decompress.
Quite frankly, I just didn’t have the bandwidth to dedicate in this space and manage the personal things going on. I should have probably announced taking a break and communicated it better to those of you kind enough to follow and engage with me, so I am sorry for that. For a hot second I considered just shuttering everything, but I have still been monitoring news and sources and na, we absolutely need #privacy awareness, tools, activists, everything.
With that said, “coming back” to avoidthehack.com (I never left, to be fair), I realized the site sprawls across too many topics and I need to focus on a handful to make it sustainable for a 1 person operation. :ablobcatdundundun:
While I figure that out, I will be focusing exclusively on the Privacy Roundup and remaining active here on Mastodon. Starting in Q4 (October 1), I will begin posting that regularly.
For privacy researchers, this thread is interesting. iOS allow apps to make network requests after push notifications.
Instagram (and others) appear to be using this to profile devices, eg retrieve device uptime without their customer opening Instagram.
This one probably needs more eyes on it. https://mastodon.social/@mysk/115204746326765802
#Privacy & #DataProtection picks (continued):
➡️ @noybeu - European group fighting privacy violations by corporations
➡️ @torproject - Non-profit network allowing anonymous internet use
➡️ @openprivacy - Canadian non-profit developing FOSS to help protect privacy
➡️ @icd@mastodon.internet-czas-dzialac.pl (main) & @icd@video.internet-czas-dzialac.pl (videos) - Polish group campaigning for privacy
➡️ @topio - German non-profit helping people de-Google phones (in German)
➡️ @d3 - Non-profit in Portugal campaigning to protect privacy (in Portuguese)
2/6
The #privacy roundup will be back next Monday. 👀
Sorry, this will be another week without the #Privacy Roundup. I’ve got some things going on in my personal life, hoping things settle down next week a bit.
Due to a life event, not sure I will be able to publish the Privacy Roundup during normal hours today. :blobawkward:
@privacy Privacy Roundup: Week 13 of Year 2025
Delivered to you (on Lemmy) from Mastodon.
Features Signalgate and the 23andMe bankruptcy with a dash of sandbox escape in Chromium/Firefox on Windows (but is fixed in latest versions).
A little late, but Week 13 of the #Privacy Roundup is here. I'm just going to blame it on this cold. :blobcatsneeze:
This edition features:
- #Signalgate #signal
- 23andMe's bankruptcy - what's it mean for user genetic data?
- A man banned for life from a venue... based on data collected about him
- Sandbox escapes for #Firefox and #Chrome exploited in the wild (updates available)
... and more!
OpenAI's move to allow generating "Ghibli stlye" images isn't just a cute PR stunt. It is an expression of dominance and the will to reject and refuse democratic values. It is a vulgar display of power.
Open letter to anyone with a protest or rights-based website:
PLEASE get rid of Facebook and Google SSO login options and analytic tracking codes from your sites.
You are literally handing over your user data to unscrupulous players that are in direct opposition to your cause. These sites can and do hand over user-specific data.
To everyone, stop using these options. Set a strong password. Use an alias email. Use a VPN.
Another Monday. Another edition of the Privacy Roundup featuring news items curated with end user #privacy and #security in mind.
This edition features:
- #Android Apps using #Bluetooth and Wi-Fi connection data to estimate and collect user location data
- #Apple Passwords app used insecure HTTP
- Video gamers beware: another game pulled from Steam for being #malware in disguise
- Free online converters adding malware to converted files
- Threat actors using #Reddit posts to push information stealing malware, primarily targeting #cryptocurrency traders/enthusiasts
- Data breaches at the largest US sperm bank and a large teacher union
… and more.
#privacymatters #databreach #cybersecurity #cybersecurity #infosec #gaming
DNA of 15 Million People for Sale in 23andMe Bankruptcy
Just call them 23andWe.
On a more serious note, this is compounding the issue of sharing immutable information (like biometric data) with others - especially those with lax security practices, blame their lax security practices on the users, shares user data, and reserves the "right" to sell/transfer this data in the event an acquisition - or bankruptcy, in this case - happens.
#privacy #privacymatters #23andme #dna
https://www.404media.co/dna-of-15-million-people-for-sale-in-23andme-bankruptcy/
Should you ever run across an article that says you don't need a VPN because most every website use HTTPS, be aware that you can not see the encryption, or the lack of it, in mobile apps. Thus, things like this happen - Apple did not bother to upgrade their own software from HTTP to HTTPS.
https://9to5mac.com/2025/03/18/apples-passwords-app-was-vulnerable-to-phishing-attacks-for-nearly-three-months-after-launch/
Apple’s Passwords app was vulnerable to phishing attacks for nearly three months after launch
#vpn #http #https #encryption
@GossiTheDog A lot of this stems from organization leaders just seeing security as a line item or a hindrance... since it is treated as either or both, there's no real security culture. Just a blaming culture when something inevitably goes wrong.
Based on how Sunday went and Monday is going, the next week (week 13) of the #Privacy Roundup is gonna be a HOOT.
So, I have a second big piece out today—this time for Cyberscoop—that examines the CVE system and how well it has weathered challenges over the past 25 years.
Many thanks to Ben Edwards of BitSight, Peter Sheingold, Alec Summers and Lisa Fasold of MITRE, Tom Pace of NetRise, Jay Jacobs and Michael Roytman of Empirical Security, and Art Manion of ANALYGENCE Labs.
Despite challenges, the CVE program is a public-private partnership that has shown resilience
https://cyberscoop.com/cve-program-history-mitre-nist-1999-2024/
