cross-posted from: https://links.hackliberty.org/post/285 > cross-posted from: https://community.hackliberty.org/post/6684 > > > This article makes good points to consider when we think about blockchain. Blockchain can absolutely succeed if we can evaluate it objectively and keep the purpose of it in mind. The author is dead wrong when he says it's ok for governments to come in and regulate it. The whole point of this new system is to reclaim what's ours; but our job certainly isn't finished in building the blockchain that will subvert the current system.

cross-posted from: https://community.hackliberty.org/post/20301 Digital ID verification is now mandatory for tobacco purchases in the state of Nevada. The state passed bill AB 360, which came into effect on January 1, that requires all retailers selling tobacco and vape products to verify the age of buyers. The law applies to vape shops, liquor stores, grocery stores, casinos, bars, and even eCommerce stores that sell tobacco or vape products and to customers under the age of 40. Locations selling tobacco or vape products are required to use “scanning technology, or other automated, software-based system, to verify that the person is at least 18 years of age.” These locations are required to scan an identity document of anyone who looks to be under the age of 40. Non-compliance results in a civil fine of $100. AB 360 was modeled around state legislation that requires age verification for cannabis sales. Establishments have several options, including upgrading existing point-of-sale systems to scan IDs. However, the state does not have laws governing how businesses scan IDs or the information they are allowed to retain.

cross-posted from: https://community.hackliberty.org/post/20300 The UK government plans to update the 2017 Digital Economy Act to allow departments to more easily share citizens’ personal data in an attempt to support the rollout of One Login, a new digital platform for accessing public services that is expected to roll out in the next two years. The proposal was unveiled this week by the Cabinet Office, the aim being making “identity verification” a specified objective and to update the law to “enable public bodies to share a wider range of specified data than is currently possible.” The amendment would involve four agencies that the government plans “will either hold data to verify an individual’s identity and/or help to deliver the identity verification service.” These departments include the Cabinet Office, which is the home of the Government Digital Service (GDS) that is delivering One Login, the Disclosure and Barring Services (which provides background checks for citizens), the Department of Transport, mainly via its Driver and Vehicle Licensing Agency, and the Department for Environment, Food, and Rural Affairs. The personal data to be shared by the agencies include names, dates of birth, photos, income, passport and driver’s license information, contact information, and only other government-held data. “Other data items may be processed as identity verification services develop,” the proposals said. “This may include special category data.” Specific category data includes information that could reveal a person’s race, ethnicity, religious or political beliefs, sexual orientation, biometric data, and information on trade union membership. However, agencies will be required to “process the minimum number of data items… necessary for verifying the identity of an individual.” Public consultation on the proposal is open until March 1.

cross-posted from: https://community.hackliberty.org/post/20269 At a supermarket in the British seaside city of Portsmouth, on a road lined with cafes, Indian takeouts and novelty shops, customers race down aisles grabbing last-minute items before Christmas Day. Attached to the ceiling above the gray shiny floor, watching as people enter the store, is a camera. The device scans faces, matching them against a database of suspicious, potentially criminal shoppers who have been placed on a watchlist. This store on Copnor Road is part of the Southern Co-op chain, which has become embroiled in a battle with privacy rights campaigners over its use of real-time facial recognition technology. In July, civil liberties group Big Brother Watch filed a complaint to the U.K.’s Information Commissioner’s Office against Southern Co-op and Facewatch — the company providing the surveillance system. Joshua Shadbolt, a duty manager at the Copnor Road supermarket, told me that high levels of theft have forced him and his colleagues to hide, for instance, all the cleaning products behind the till. Without the technology, he fears customers would be given free range to steal. Since Covid restrictions were lifted in the U.K. in early 2021 following a third national lockdown, shoplifting has been on the rise. This is likely to have been compounded by a cost-of-living crisis. Still, even if theft has not reached pre-pandemic levels, for Shadbolt, the biometric camera has been an effective and necessary tool in tackling crime.

cross-posted from: https://community.hackliberty.org/post/20265 Forensic technology is powerful, but is it worth the privacy trade-offs?

cross-posted from: https://community.hackliberty.org/post/13219 NEW YORK -- The CIA's chief technology officer outlined the agency's endless appetite for data in a far-ranging speech on Wednesday. Speaking before a crowd of tech geeks at GigaOM's Structure:Data conference in New York City, CTO Ira "Gus" Hunt said that the world is increasingly awash in information from text messages, tweets, and videos -- and that the agency wants all of it. "The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time," Hunt said. "Since you can't connect dots you don't have, it drives us into a mode of, we fundamentally try to collect everything and hang on to it forever."

cross-posted from: https://community.hackliberty.org/post/13218 Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter. The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events. Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

cross-posted from: https://community.hackliberty.org/post/13217 DENVER — Within an hour of FOX31 Denver discovering a hidden camera, which was positioned to capture and record the license plates and facial features of customers leaving a Golden Post Office, the device was ripped from the ground and disappeared. FOX31 Denver investigative reporter Chris Halsne confirmed the hidden camera and recorder is owned and operated by the United State Postal Inspection Service, the law enforcement branch of the U.S. Postal Service. The recording device appeared to be tripped by any vehicle leaving the property on Johnson Road, but the lens was not positioned to capture images of the front door, employee entrance, or loading dock areas of the post office.

cross-posted from: https://community.hackliberty.org/post/12438 Here is a list of stuff with WiFi that leads to deanonymization and some other trivia on information/meta data leaks with this technology. No wifi hacking though.

cross-posted from: https://community.hackliberty.org/post/11934 This guide (Whonix + Anbox) also works for other apps, such as Signal, Samourai Wallet, Schildi Chat and more.

cross-posted from: https://community.hackliberty.org/post/11933 ``` MAC address randomization WiFi scanning WiFi connections Ethernet connections Mode options Setting a default configuration Per-connection overrides Seeing the randomized MAC address Remove static hostname to prevent hostname broadcast Disabling transient hostname management Disable sending hostname to DHCP server Verifying proper operation Sources ```

cross-posted from: https://community.hackliberty.org/post/11932 This guide requires you to understand various important concepts in order to truly be anonymous on the internet. There is a vast array of concepts that will need to be thoroughly understood. You’ll be able to make and choose your own model based upon this guide. - Understanding of Tor and its threats - Understanding benefits and negatives of a VPN - Understanding important privacy concepts - Understanding important security concepts - Understanding the principles of threat modeling - Understanding how the internet functions General Ideas: - Using a VPN will NOT make you anonymous - Just because you are using Tor does NOT mean you are safe - An adversary with enough time and resources will eventually find you - The best way to hide is to not use the internet - The land of compromises

cross-posted from: https://exploding-heads.com/post/62874 > > “We want to enable users to be able to communicate without being concerned about their privacy, [or] without being concerned about a data breach at Twitter causing all of their DMs to hit the web, or think that maybe someone at Twitter could be spying on their DMs,” Musk said. “That’s obviously not going to be cool and it has happened a few times before.”

cross-posted from: https://community.hackliberty.org/post/9448 Attacks on privacy by companies and governments have been going on for many years and continue to evolve. Even minor successes, such as greater adoption of end-to-end encryption following the Edward Snowden leaks, cannot hide the fact that we are on the defensive. Attacks on our devices and our infrastructure are being stepped up, and there are even calls for the criminalization of encryption. Data collection, tracking and behavioral analysis are now part of everyday life. At the moment, a generation is growing up for whom it is "normal" that their data is available to companies, and that they themselves or relatives publish it on the Internet. We consider it important to develop counter-strategies to surveillance measures. We group these strategies into three parts: - First, there must be awareness. We need to understand, at least roughly, what may follow from our actions. - What resources – technical and non-technical devices and software – are needed to meet the individual's need for protection? - What skills – self-learned or provided by others – do we need to use the assistive devices appropriately? How can we strengthen digital self-defense in these parts? Our suggestion: By building local privacy support spaces! This idea can be fully or partially integrated into existing projects or serve as a blueprint to build new places. A privacy support space should develop into a point of contact that works with existing or new structures to raise awareness of digital self-defense – e.g., through lectures and workshops, literature, and outreach. It should offer tools and help to expand one's own skills or to get to know people with the relevant skills. Depending on the concept, it may make sense for this point of contact to be open not only occasionally, but ideally half or all day at fixed times in order to serve as a point of contact for a broad spectrum of people. This costs time and – in the current form of society – unfortunately often money as well.

cross-posted from: https://community.hackliberty.org/post/9402 We investigated printouts from 101 printers for Machine Identification Codes and provide tips on how to handle metadata: https://dys2p.com/en/2022-09-print-scan-traces.html

cross-posted from: https://community.hackliberty.org/post/6687 A team of researchers has found that it’s possible to infer the locations of users of popular instant messenger apps with an accuracy that surpasses 80% by launching a specially crafted timing attack. The trick lies in measuring the time taken for the attacker to receive the message delivery status notification on a message sent to the target. Because mobile internet networks and IM app server infrastructure have specific physical characteristics that result in standard signal pathways, these notifications have predictable delays based on the user’s position. The resulting classification accuracy based on the researchers’ experiments was: - 82% for Signal targets - 80% for Threema - 74% for those using WhatsApp

cross-posted from: https://community.hackliberty.org/post/6506 This is the first report in the new Cypherpunk Transmission series.

cross-posted from: https://community.hackliberty.org/post/5481 There is no such thing as secure email. Email is an inherently insecure protocol, conceived at a time when security was an afterthought. There are fundamental flaws with email that cannot be mitigated by slapping encryption on top.

cross-posted from: https://community.hackliberty.org/post/102 San Francisco lawmakers are mulling a proposed law that would allow police to use private security cameras – think: those in residential doorbells, medical clinics, and retail shops – in real time for surveillance purposes.

cross-posted from: https://community.hackliberty.org/post/93 The California Department of Justice’s 2022 Firearms Dashboard Portal went live on Monday with publicly-accessible files that include identifying information for those who have concealed carry permits. The leaked information includes the person’s full name, race, home address, date of birth, and date their permit was issued. The data also shows the type of permit issued, indicating if the permit holder is a member of law enforcement or a judge.

cross-posted from: https://community.hackliberty.org/post/79 Twitter published an apology on Wednesday after it was caught covertly using account security data for targeted advertising. The social media giant admitted that for several years, users were asked to provide a phone number or email address to secure or authenticate their accounts. Twitter then used that information for targeted advertising, according to a complaint filed by the Department of Justice and Federal Trade Commission. In May, the company agreed to pay a $150 million fine to settle the complaint, which alleged that Twitter violated a previous order “by collecting customers’ personal information for the stated purpose of security and then exploiting it commercially.”

cross-posted from: https://community.hackliberty.org/post/77 An entity controlling MEGA’s core infrastructure can tamper with the encrypted RSA private key and deceive the client into leaking information about one of the prime factors of the RSA modulus during the session ID exchange. More specifically, the session ID that the client decrypts with the mauled private key and sends to the server will reveal whether the prime is smaller or greater than an adversarially chosen value. This information enables a binary search for the prime factor, with one comparison per client login attempt, allowing the adversary to recover the private RSA key after 1023 client logins. Using lattice cryptanalysis, the number of login attempts required for the attack can be reduced to 512.

cross-posted from: https://community.hackliberty.org/post/76 Skiff gives every user 10GB free of Skiff Drive.

cross-posted from: https://community.hackliberty.org/post/58 'We are not so naive as to think that this book will expose terrible things previously unknown, mark the border separating good from evil, or reveal some brilliant discovery…This book's objectives are modest and practical: to teach you to protect yourself from cyber espionage, get round unlawful censoring and suppressing of resources, safely protect your electronic data, and remain anonymous in the Internet." Source: https://book.cyberyozh.com/what-will-you-learn-from-this-book/ © CyberYozh security group

cross-posted from: https://community.hackliberty.org/post/55 A comprehensive list of VPS and cloud-service/hosting providers that are either: - (a) Tor-friendly ***or*** - (b) accept Monero (XMR) and are privacy-driven

cross-posted from: https://community.hackliberty.org/post/5478 Not all Linux distributions are created equal. When choosing a Linux distribution, there are several things you need to keep in mind. Table of Contents Release Cycle Traditional and Atomic updates Arch-based Distributions Kicksecure “Security-focused” Distributions Linux-libre Kernel and “Libre” Distributions Wayland Recommended Distributions Fedora Workstation Fedora Silverblue & Kinoite openSUSE Tumbleweed and MicroOS Whonix

cross-posted from: https://community.hackliberty.org/post/5477 There is a lot of misinformation being promoted in various privacy circles about Tor. This article will examine some facts about Tor and assess whether it is the infallible privacy tool it’s made out to be by some. There is a growing chorus of people who blindly recommend Tor to anyone looking for online anonymity. This recommendation often ignores mountains of evidence suggesting that Tor is not the “privacy tool” it’s made out to be. No privacy tool is above criticism or scrutiny, and each has pros and cons. Unfortunately, Tor has garnered a cult-like following in recent years among people who pretend it’s infallible. Honest criticism of Tor is often met with accusations of “FUD” and ad-hominem attacks, so as not to disrupt the collective Groupthink.

cross-posted from: https://community.hackliberty.org/post/5476