No, Google does not offer 2FA for the safety of its users but for themselves to keep what they know about them

In a blog post, Google promotes two-factor authentication (2FA). In fact, they are right – passwords can be made strong, but with another way to confirm their identity when logging in, the strength increases many times over.

However, we need to be clear about why Google advocates 2FA. They do it not to increase your security but to keep the information they have about you to themselves.

You have of course heard that “if something is free you are the product” and this also applies to everything that Google offers us. No company could afford to offer users something for free if it were not for the fact that they get paid by others.

Google makes a living selling information about us to its advertising buyers and we find it problematic that we as users of their services do not know to whom they sell information about us. In addition, we do not know what information Google has about us and thus can resell, the only thing we can be sure of is that they know much more about us than we can ever imagine.

You can do a lot to not leave so many traces behind when you are online:

  1. You can use different search engines to not put all the eggs in one basket and only use Google’s search engine
  2. Turn off the GPS in your phone when you do not need to have it activated
  3. Use a VPN service in laptop, tablet and mobile phone so that your IP address does not reveal exactly where you are and who you have in your vicinity

As for alternatives to Google’s services, we can, for example, recommend OpenStreetMap and DuckDuckGo. If you need a cloud service, NextCloud may be an option.

If you search for “Best VPN service” on any search engine, you will get a lot of links to sites that may seem serious but which all have in common that the more kick-back VPN service pays to the site, the better “rating” gets those of the site. Our tip is that you use Mullvad VPN!

Signal is experiencing technical difficulties

Update #1

Update #2

Update #3

Update #4

Update #5

Update #6

Update #7

Thoughts about Best Cyber Monday VPN offers

We at Privacy Now 2.0 finds a lot of articles about Best Cyber Monday VPN deals.

Disclosure: BleepingComputer has partnered with this vendor to promote special offers and discounts to our visitors. If a visitor purchases a product through a link in this article, BleepingComputer.com will earn a commission.

Bleeping Computer

Our conclusion

Please remember that all those articles are paid for by the VPN providers. Why does providers have to pay to get attention? Because they are not “best”? Yest, because they are not best!

Our recommendation

We recommend mullvad.net a VPN provider!

WordPress 5.4.2 released

It is time to update WordPress to version 5.4.2 released on June 10th, 2020.

Five security issues are fixed in the new version together with twenty-two bug and regression fixes.

The security issues affect WordPress versions 5.4 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation
  • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

More info

Thunderbird 68.7 is available!

Thunderbird version 68.7.0, first offered to channel users on April 8, 2020 is now available to Ubuntu users.

In the release notes we can read what is new, changed and fixed.

Below is the Ubuntu Security Notice USN-4328-1

A security issue affects these releases of Ubuntu and
its derivatives:

- Ubuntu 19.10
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup
  client

Details:

It was discovered that Message ID calculation was
based on uninitialized data. An attacker could
potentially exploit this to obtain sensitive
information. (CVE-2020-6792)

Mutiple security issues were discovered in
Thunderbird. If a user were tricked in to opening
a specially crafted message, an attacker could
potentially exploit these to cause a denial of
service, obtain sensitive information, or execute
arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)

It was discovered that if a user saved passwords
before Thunderbird 60 and then later set a master
password, an unencrypted copy of these passwords
would still be accessible. A local user could
exploit this to obtain sensitive information.
(CVE-2020-6794)

Multiple security issues were discovered in
Thunderbird. If a user were tricked in to opening a
specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a
denial of service, conduct cross-site scripting (XSS)
attacks, obtain sensitive information, or execute
arbitrary code. (CVE-2019-20503, CVE-2020-6798,
CVE-2020-6800, CVE-2020-6805, CVE-2020-6806,
CVE-2020-6807, CVE-2020-6812, CVE-2020-6814,
CVE-2020-6819, CVE-2020-6820, CVE-2020-6821,
CVE-2020-6825)

It was discovered that the Devtools’ ‘Copy as cURL’
feature did not fully escape website-controlled data.
If a user were tricked in to using the ‘Copy as cURL’
feature to copy and paste a command with specially
crafted data in to a terminal, an attacker could
potentially exploit this to execute arbitrary
commands via command injection. (CVE-2020-6811)

Update instructions:

The problem can be corrected by updating your system
to the followingpackage versions:

Ubuntu 19.10:
  thunderbird        1:68.7.0+build1-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
  thunderbird        1:68.7.0+build1-0ubuntu0.18.04.1

After a standard system update you need to restart
Thunderbird to make all the necessary changes.

References:
  https://usn.ubuntu.com/4328-1
  CVE-2019-20503, CVE-2020-6792, CVE-2020-6793,
  CVE-2020-6794, CVE-2020-6795, CVE-2020-6798,
  CVE-2020-6800, CVE-2020-6805, CVE-2020-6806,
  CVE-2020-6807, CVE-2020-6811, CVE-2020-6812,
  CVE-2020-6814, CVE-2020-6819, CVE-2020-6820,
  CVE-2020-6821, CVE-2020-6822, CVE-2020-6825

Package Information:

1:68.7.0+build1-0ubuntu0.19.10.1

1:68.7.0+build1-0ubuntu0.18.04.1

Welcome

We are so sorry for the inconvenience but during the last few days we had an issue with the WordPress installation we made about two weeks ago.

Not due to security reasons but to scalability we had to make it all over again.

Stay tuned for blog posts and pages to help you keep your privacy and integrity while being online.