Since academics and investigative journalists first reported last year that Facebook was using people’s two-factor authentication numbers and “shadow” contact information for targeted advertising, Facebook has shown little public interest in fixing this critical problem. Subsequent demands that Facebook stop all non-essential uses of these phone numbers, and public revelations that Facebook’s phone number abuse was even worse than initially reported, failed to move the company to action.
Yesterday, rather than face a lawsuit from FTC, Facebook agreed to stop the most egregious of these practices.
In its next release, Android plans to up its privacy game. But the operating system still caters to ad trackers at its users’ expense.
The newest release of Android, dubbed “Q,” is currently in late-stage beta testing and slated for a full release this summer. After a year defined by new privacy protections around the world and major privacy failures by Big Tech, this year, Google is trying to convince users that it is serious about “protecting their information.” The word “privacy” was mentioned 22 times during the 2019 Google I/O keynote. Keeping up that trend, Google has made—and marketed—a number of privacy-positive changes to Android for version Q.
Many of the changes in Q are significant improvements for user privacy, from giving users more granular control over location data to randomizing MAC addresses when connecting to WiFi networks by default. However, in at least one area, Q’s improvements are undermined by Android’s continued support of a feature that allows third-party advertisers, including Google itself, to track users across apps. Furthermore, Android still doesn’t let users control their apps’ access to the Internet, a basic permission that would address a wide range of privacy concerns.
Earlier this month, Mozilla announced the release of Firefox 68, which includes a curated “list of recommended extensions that have been thoroughly reviewed for security, usability and usefulness”. We are pleased to announce that both of our popular browser extensions, HTTPSEverywhere and PrivacyBadger, have been included as part of the program. Now, when you navigate to the built-in Firefox add-ons page (URL: about:addons), you’ll see a new tab: “Recommendations,” which includes HTTPS Everywhere and Privacy Badger among a list of other recommended extensions. In addition, they will be highlighted in Add-ons for Firefox and in add-on searches.
When Michael Terpin’s smartphone suddenly stopped working in June 2017, he knew it wasn’t a good sign. He called his cellular provider, AT&T, and learned that a hacker had gained control of his phone number.
The stakes were high because Terpin is a wealthy and prominent cryptocurrency investor. Terpin says the hackers gained control of his Skype account and tricked a client into sending a cryptocurrency payment to the hackers instead of to Terpin.
A security clanger has been spotted in the current beta version of iOS 13 which allows anyone to access a user’s stored web and app passwords without having to authenticate.
Affecting iOS 13 public beta 2, developer beta 3, and iPadOS 13 betas, the issue appears to have surfaced first on Reddit, complete with a brief demo video later expanded with commentary on YouTube channel iDeviceHelp.
The issue can be reproduced by repeatedly tapping on Website & App Passwords menu (Settings > Password & Accounts) which stores credentials used by the web autofill function.
Data on millions of people stolen from the Bulgarian government has already popped up on hacker trading forums.
A hacker originally stole the data from the National Revenue Agency (NRA), which is part of Bulgaria’s Ministry of Finance, sending media outlets a link to the downloadable copy last Monday, 15 July 2019. The NRA confirmed this in a statement on its website.
Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSB—Russia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing.
FSB is Russia’s primary security agency with parallels with the FBI and MI5, but its remit stretches beyond domestic intelligence to include electronic surveillance overseas and significant intelligence-gathering oversight. It is the primary successor agency to the infamous KGB, reporting directly to Russia’s president.
A week ago, on July 13, a hacking group under the name 0v1ru$ that had reportedly breached SyTech, a major FSB contractor working on a range of live and exploratory internet projects, left a smiling Yoba Face on SyTech’s homepage alongside pictures purporting to showcase the breach. 0v1ru$ had passed the data itself to the larger hacking group Digital Revolution, which shared the files with various media outlets and the headlines with Twitter—taunting FSB that the agency should maybe rename one of its breached activities “Project Collander”.