INTERNET ENGINEERING TASK-FORCE: Reflections 10 Years Since Snowden Revelations

#News #privacy #Snowden #surveillance #spying #HumanRights #IETF #engineering #internet #security #infosec #cybersecurity #tech

https://www.ietf.org/archive/id/draft-farrell-tenyearsafter-00.html

"With #AI, they could be used for all sorts of malicious tasks, including leaking people’s private information and helping criminals phish, spam, and scam people. Experts warn we are heading toward a #security and #privacy disaster.”

https://www.technologyreview.com/2023/04/03/1070893/three-ways-ai-chatbots-are-a-security-disaster/

Three ways AI chatbots are a security disaster 

Large language models are full of security vulnerabilities, yet they’re being embedded into tech products on a vast scale.

^{Melissa Heikkilä (MIT Technology Review)}

🧬 SR134 is finally here with nearly an hour of #privacy & #security news!

- Your DNA is everywhere
- A free smart TV that's too good to be true
- A KeePass vulnerability
- More!

Tune in now: https://surveillancereport.tech
YouTube: https://youtu.be/ddMP9nI-E48

It Turns Out Your DNA is EVERYWHERE - SR134

Human DNA can be found literally everywhere, a free smart TV that’s too good to be true, a serious KeePass vulnerability, and more!Welcome to the Surveillanc...

^YouTube

Earlier this year we got into a surprising and somewhat annoying struggle with Web browser sandboxing failures related to our "web apps shared in a chat" feature. After much background work we released the hardened Delta Chat 1.36 series, also addressing a dedicated fourth independent security audit, and can finally share more of what was going on behind the scenes https://delta.chat/en/2023-05-22-webxdc-security

#chromium #deltachat #security #webxdc

Delta Chat: Bringing E2E privacy to the Web: 4th security audit 😅

Delta Chat’s “web apps shared in a chat” come with a unique privacy promise but in January it was shown to be compromised. We got into a surprising struggle with Web browser sandboxing issues that ...

^delta.chat

So far, the 5 biggest debates in the 21st century are #HumanCognition vs #ArtificialIntelligence, #RenewableEnergy vs #NonRenewableEnergy, #Veganism vs #Carnism, #Freedom vs #Security, and…
#JavaScript vs #Everything.

#WebDev #Programming #Python #Life #History

SimpleX Chat v5.1-beta.1 is released!

New in v5.1-beta.1:
- message reactions - finally! - only 6 for now: 👍👎😀😢❤️🚀
- self-destruct passcode.
- voice messages up to 5 minutes, with 2x quality and playback slider.
- custom time to disappear - can be set just for one message.
- message editing history.
- a setting to disable audio/video calls per contact.
- group welcome message visible in group profile.

Install the apps via the links here: https://github.com/simplex-chat/simplex-chat#install-the-app

#privacy #security #messenger

GitHub - simplex-chat/simplex-chat: SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released 📱!

SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released 📱! - GitHub - simplex-chat/simplex-chat: SimpleX - ...

^GitHub

Introducción a SSH

#Access #GNULinux #Remote #Security #SSH #SysAdmin #Tutorial

https://osiux.com/ssh-para-gobernar-el-mundo.html

Use FIDO U2F security keys with Fedora Linux 🔑
https://fedoramagazine.org/use-fido-u2f-security-keys-with-fedora-linux/

Hardware security keys are a form of multi-factor authentication for logging into important accounts. If you were thinking about getting a one, it's good to know Fedora supports them.

But remember to get two so you can make a backup!
#Fedora #FIDO #security #privacy

Use FIDO U2F security keys with Fedora Linux - Fedora Magazine

A FIDO U2F security key is a small USB and/or NFC based device. It is a hardware security token with modules for many security related use-cases. There are several brands of FIDO compliant keys, including NitroKey, SoloKey v2, and YubiKey.

^{Alexander Wellbrock (Fedora Project)}

Our new Contact Scopes feature is now available in the Alpha channel. It provides a way to avoid granting the Contacts permission for apps requiring it. It's similar to our Storage Scopes feature replacing needing any of the media/storage permissions.

https://grapheneos.social/@GrapheneOS/110382121185752120

#ContactScopes #StorageScopes #permissions #sandbox #android #GrapheneOS #privacy #security

Random Website: You need to set up #2FA with your phone number!

Me: Why?

Website: In case we get hacked!

Me: I don't really care, no one even knows about this account and it doesn't have my personal information.

Website: You misunderstand, it's so that in case we get hacked, we HAVE your information to leak to the hackers. They worked hard and deserve it! Also we sell your account to ad companies but they're not interested unless they can tie it to a real person.

#security #privacy #web

#YouTube blocking my #adblocker? Maybe reduce the frequency of #advertising interruptions and I’ll consider turning mine off. https://apple.news/AUR1RileFSuyKNE6wLNuKyw

Anyone notice this is happening at the same time #Google is working on the final stages of removing support for #Chrome #browser extensions that dynamically examine and modify web requests, e.g., strong #adblockers like #uBlockOrigin, in favor of their more restrictive #ManifestV3 spec? https://www.eff.org/deeplinks/2021/12/chrome-users-beware-manifest-v3-deceitful-and-threatening

#privacy #security #infosec

YouTube is going to stop you from using ad blockers — here’s how — Tom's Guide

YouTube is testing out a new feature that prevents the use of ad-blocking software — and this could make a YouTube Premium subscription practically essential.

^apple.news

Auditor app version 70 released: https://github.com/GrapheneOS/Auditor/releases/tag/70.

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/4972-auditor-app-version-70-released

See https://attestation.app/about and https://attestation.app/tutorial for info about the app and optional monitoring service.

#GrapheneOS #privacy #security #android #attestation #VerifiedBoot #MeasuredBoot #HSM #SecureElement #auditor

Release 70 · GrapheneOS/Auditor

Notable changes in version 70: add Pixel 7a support disable attest key downgrade support which was used to work around a bug discovered/reported by GrapheneOS causing attest keys becoming unusable...

^GitHub

First experimental release of GrapheneOS for Pixel 7a is available. Can be installed via our staging site web installer or downloaded from the releases page for CLI install.

https://staging.grapheneos.org/install/web
https://staging.grapheneos.org/releases

We don't have a Pixel 7a yet so it's entirely untested.

#grapheneos #privacy #security #experimental #pixel7a #7a

GrapheneOS web installer

Web-based installer for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

^GrapheneOS

We'll be heavily prioritizing adding support for the Pixel 7a, Pixel Tablet and Pixel Fold. It has been years since we supported a tablet (Nexus 9) and there will likely be additional work to support the form factor properly. Pixel Fold is a new form factor and may be difficult.

#grapheneos #privacy #security #pixel #pixel7a #pixeltablet #pixelfold

LEAVE GOOGLE NOW: (or yesterday)

"All you will have to do is verify your identity on the device using a PIN unlock code, biometrics such as a fingerprint or face scan, or a more sophisticated physical security dongle."

#passkey
#monopoly
#security
#privacy
#humanrights

https://www.aljazeera.com/news/2023/5/4/google-to-abolish-passwords-for-passkeys-heres-what-to-know

I'm excited to announce that I have successfully put together a #Signet #hardware #password manager, without any jumpers or hackery.

This means I will be making more of these so people who want to up their #security game will be able to just buy them.

I'll be honest: this one cost me over $300 in parts and many hours of labor. My goal is to get them down to about $45 each. That should allow me to break even (assuming I can produce them faster and my time is worth minimum wage). #infosec #foss

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security