There was another thread with a paywalled article, but here's the actual study that found that smart TVs use "automatic content recognition" to build an ad profile for you based on what's on your screen... including HDMI content streamed from a laptop, game console, etc. Yikes.

> At a high level, ACR works by periodically capturing the content displayed on a TV’s screen and matching it against a content library to detect the content being viewed on the TV. It is essentially a Shazam-like technology for audio/video content on the smart TV [38]. ACR is implemented by all major smart TV manufacturers, including Samsung [9] and LG [55 ].

> Our findings indicate that (1) ACR operates even when it is used as a “dumb” display via HDMI; (2) opt-out mecha- nisms stop ACR traffic; (3) ACR works differently in the UK as com- pared to the US.

So it seems like you're opted-in by default, but you can stop ACR traffic by simply configuring six different options on Samsung, or eleven different options on LG.

Oh, and this doesn't seem to happen when you're using native streaming apps like Netflix or Disney+, because hey, they wouldn't want to infringe on those companies' rights by spying on them, right?

So here is the thing. Given the Eqifax breach I kinda feel like giving yet another agency to much information for them to monitor your credit is just another source of a possible future data breach.

cross-posted from: https://lemm.ee/post/42694373 >Leak on latest #ChatControl attempt (in German): https://netzpolitik.org/2024/interne-dokumente-sperrminoritaet-gegen-chatkontrolle-wackelt/ +++ Only AUT, DEU, EST, LUX, POL, SVN were critical – no blocking minority! +++ BEL, CZE, FIN, ITA, NLD, PRT, SWE undecided +++ EU legal experts confirm violation of our fundamental rights +++ Only 5 days to next discussion +++ > > Help pressure our governments into defending our #privacy of correspondence and secure #encryption now: https://www.patrick-breyer.de/en/take-action-to-stop-chat-control-now/

This is straightforward with browser addons like uBlock Origin where you can add and choose blocklists, but I did searches for doing so system wide and using a VPN but didn’t find clear answers. I could use a DNS service that provides blocklists but isn’t it best practice to leave DNS to the VPN provider? I looked up blocklists and VPNs but didn’t find relevant results.

On Android, I didn’t find any apps that let you filter blocklists and using your own VPN other than Rethink, but the blocklists feature requires using Rethink’s DNS.

So what’s the best way to filter ads and trackers on both 3rd party apps and on OS’s like Android (specific Samsung phones) while still using a VPN?

New EU #ChatControl proposal leaked +++ Governments to position themselves by 23 September, will be very tight... +++ Will messenger services be blocked in Europe? https://www.patrick-breyer.de/en/new-eu-push-for-chat-control-will-messenger-services-be-blocked-in-europe/

Help pressure your government now to defend privacy and secure encryption: https://www.patrick-breyer.de/en/take-action-to-stop-chat-control-now/

🇬🇧🚨#ChatControl is back on the agenda: As soon as next Wednesday representatives of EU governments will resume work based on a secret document. https://www.consilium.europa.eu/en/documents-publications/public-register/public-register-search/?DocumentNumber=12319%2F24

This is what you can do now to help: https://www.patrick-breyer.de/en/take-action-to-stop-chat-control-now/

#ALTtext: A screenshot capture shows the cookies settings popup window of a current website. The first sentence of the popup starts: "We and our 843 partners store and access personal data..." The screenshot is annotated. "843 partners" is highlighted with "Is that all?" written beside it

The original article is in Russian, so here is the translation from Firefox's built-in translator:

> In Kazakhstan, users will be required to provide biometric data, such as images of individuals to connect to cellular services and access to the Internet. This data must be provided by every subscriber who wishes to conclude a contract for the provision of cellular services. The changes governing the provision of communication services are posted on the "Open NPA" portal.

> #### How it will work > * Connecting to services: to conclude a contract with the operator, users will have to provide their biometric data (for example, a photo of the person). > * Termination of the contract: If you decide to stop using the services, you will need to send the operator a statement with biometric data. The termination of the services will occur from the date specified in the application, but not before its submission. > * Transfer number: when transferring the number to the new operator will also need to provide biometric data. The services of the old operator will stop when the new operator begins to provide its own.

> #### Access to the Internet in public areas > To access the Internet through public points (for example, at a cafe or airport), users will enter disposable passwords that they will receive by SMS or call. It will also be possible to log in to the network using identity documents scanned by the operator's application.

> The amendments to the order "On approval of the rules for the provision of communication services" as additional authorization methods are indicated: > * communication with the eGov; > * the biometrics; > * confirmation through the bank card number; >* scanning the document through the operator's application; > * accounts of social networks; > * e-mail with its confirmation.

> These measures are aimed at enhancing security and simplifying the user identification process. However, it should be borne in mind that with the expansion of the collection of biometric data, the need to protect personal information is also increasing.

> #### Why do you need it? > The explanatory note to the changes indicates that confirmation of the identity by biometrics is necessary to combat fraudsters. The project was agreed by the Ministry of National Economy, the National Economy, the National Security Service and the Ministry of Internal Affairs of the Republic of Kazakhstan. The public discussion will last until 10 September 2024.

Some significant news for Telegram users!

See this article for some interesting backstory context on Pavel Durov and Telegram: https://www.spiegel.de/international/world/the-telegram-billionaire-and-his-dark-empire-a-f27cb79f-86ae-48de-bdbd-8df604d07cc8

Since the post article is in French, here's an auto-translation:

>Pavel Durov, the founder and CEO of the encrypted messaging service Telegram, was arrested around 8 p.m. on Saturday evening as he got off his private jet on the tarmac of Le Bourget airport. The 39-year-old Franco-Russian was accompanied by his bodyguard and a woman. > >The arrest was carried out by the gendarmes of the GTA (Air Transport Gendarmerie). Registered in the RPF (wanted persons file), Pavel Durov came straight from Azerbaijan. He had over his head a French search warrant issued by the OFMIN of the National Directorate of the French Judicial Police, issued on the basis of a preliminary investigation. > >Why was he under threat of a search warrant? > >The Justice considers that the lack of moderation, cooperation with the police and the tools offered by Telegram (disposable number, cryptocurrencies, etc.) makes it complicit in drug trafficking, paedophile offences and fraud. > >This search warrant ran if, and only if, Pavel Durov was on national territory. "He made a mistake tonight. We don't know why... Was this flight just a step? In any case, he's locked up!" a source close to the investigation told TF1/LCI. Since he knew he was persona non grata in France, Pavel Durov used to travel to the Emirates, the countries of the former USSR, South America... He travelled very little in Europe and avoided countries where Telegram is under surveillance. > >And now? > >Investigators from the ONAF (National Anti-Fraud Office attached to the Customs Directorate) notified him and placed him in police custody. He is expected to be presented to an investigating judge this Saturday evening before a possible indictment on Sunday for a multitude of offences: terrorism, drugs, complicity, fraud, money laundering, concealment, paedophile content... > >"Pavel Durov will end up in pre-trial detention, that's for sure," comments an investigator to TF1/LCI. "On his platform, he allowed an incalculable number of misdemeanours and crimes to be committed for which he does nothing to moderate or cooperate," said a source close to the case. > >His pre-trial detention at the end of his indictment is indeed in no doubt. Pavel Durov, a billionaire, has substantial means to flee and his guarantees of representation will hardly convince the judges. > >A net with international resonance > >For the investigators, this international sweep has various objectives. First, it makes it possible to kick the anthill, impress and deter the perpetrators of crimes and offences who exchange, until now, freely on Telegram. Secondly, they aim to put pressure on European countries to step up joint work to make secure messaging on terrorist cases bend. > >Indeed, Telegram is a hive of criminal content. At the moment, the platform is in the news with the illegal broadcasting of Ligue 1 matches. But on this encrypted messaging service, many accounts are used by organized crime. Beyond terrorism, the most dangerous pedophiles communicate on Telegram to exchange content. "It has become for years THE number 1 platform for organized crime," comments an investigator.

Google representatives gave ad buyers tips on how they could reach teens, even though the company bars targeted advertisements to users under the age of 18 based on their demographics, according to a report from Adweek.

Three unnamed ad buyers told Adweek that Google sales reps suggested they might be able to reach teens by targeting a group of “unknown” users, whose “age, gender, parental status, or household income” Google doesn’t know. Adweek said it also reviewed written documents backing up the sources’ claims. A Google spokesperson told Adweek that the unknown category can include users who aren’t signed in to their accounts or who’ve turned off personalized ad targeting.

Google’s stated policy is to “block ad targeting based on the age, gender, or interests of people under 18.” The Adweek story is yet another example of Google reportedly helping ad buyers target teens through the use of its unknown user category, after the Financial Times recently reported on a similar situation.

Recently links shared to me from IOS users using the google app have been obfuscated with search.app/SOMEUNIQUECODE where the app redirects to the originally intended website, but, of course, the person clicking the link is revealed to the owners of search.app.

Does anyone have IOS + google and can confirm this behavior? search.app has no home page and no documentation or reporting about it that I could find (other than that it's a firebase app). The domain was registered to MarkMonitor Inc. in September of last year. But It's not clear to me what MarkMonitor's business actually is–it seems like they could just have registered it on behalf of someone.

cross-posted from: https://lemmy.world/post/18532772

> https://github.com/umutcamliyurt/FaradayTester

The post is in the link, the article with more background info is here (it cites the mastodon post): https://www.androidauthority.com/custom-roms-vs-google-3469378/

I originally saw the article on this post on !android@lemdro.id and went looking for links.

Like when I read 3 Billion National Public Data Records with SSNs, Addresses Dumped Online, am I supposed to access that data dump or something to see if I got pwned? Are there equivalents to haveibeenpwned.com for this type of stuff? Any guides on what to do when these happen? I feel like I'm doomscrolling or watching the news, and feeling depressed about the world as a result because I should be doing something but I can't or it seems like I can't.

Even though I know better than to put such personal info online, but that doesn't eliminate the odds of them getting into breaches like these, and having started to be careful about digital privacy has opened my eyes to the sad state of privacy.

cross-posted from: https://lemux.minnix.dev/post/426028

> https://archive.is/tc2xB

• Google no longer plans to banish third-party cookies from Chrome.
• The company will instead let users opt into having the trackers in their browser.
• Google wrote in a blog post that it's still discussing the plan with regulators.

Abandoned luggage and unexpected crowds - real-time cameras will use artificial intelligence (AI) to detect suspicious activity on the streets of Paris during next summer's Olympics. But civil rights groups say the technology is a threat to civil liberties, as the BBC's Hugh Schofield reports.

"We are not China; we do not want to be Big Brother," says François Mattens, whose Paris-based AI company is bidding for part of the Olympics video surveillance contract.

Under a recent law, police will be able to use CCTV algorithms to pick up anomalies such as crowd rushes, fights or unattended bags.

The law explicitly rules out using facial recognition technology, as adopted by China, for example, in order to trace "suspicious" individuals.

But opponents say it is a thin end of the wedge. Even though the experimental period allowed by the law ends in March 2025, they fear the French government's real aim is to make the new security provisions permanent.

One Monday morning in May, I woke up and grabbed my cell phone to read the news and scroll through memes. But it was out of cell service. I couldn’t make calls or texts.

That, though, turned out to be the least of my problems.

Using my home Wi-Fi connection, I checked my email and discovered a notification that $20,000 was being transferred from my credit card to an unfamiliar Discover Bank account.

I thwarted that transfer and reported the cell phone issues, but my nightmare was just starting. Days later, someone managed to transfer $19,000 from my credit card to the same strange bank account.

I was the victim of a type of fraud known as port-out hijacking, also called SIM-swapping. It’s a less-common form of identity theft. New federal regulations aimed at preventing port-out hijacking are under review, but it’s not clear how far they will go in stopping the crime.

Italy’s competition and consumer watchdog has announced an investigation into how Google gets users’ consent in order to link their activity across different services for ad profiling, saying it suspects the adtech giant of “unfair commercial practices.”

At issue here is how Google obtains consent from users in the European Union to link their activity across its apps and services — like Google Search, YouTube, Chrome and Maps. Linking user activity lets it profile them for ad targeting, the company’s main source of revenue.

cross-posted from: https://lemmy.smeargle.fans/post/200646

> HN Discussion

We're happy to announce that BusKill is presenting at DEF CON 32.

What: Open Hardware Design for BusKill Cord When: 2024-08-10 12:00 - 13:45 Where: W303 – Third Floor – LVCC West Hall

| [!BusKill goes to DEF CON 32 (Engage)](https://www.buskill.in/defcon32/) | |:--:| | BusKill is presenting at DEF CON 32 |

via @Goldfishlaser@lemmy.ml

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

| [!What is BusKill? (Explainer Video)](https://www.buskill.in/#demo) | |:--:| | Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4 |

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

What is DEF CON?

DEF CON is a yearly hacker conference in Las Vegas, USA.

| [!DEF CON Documentary](https://www.buskill.in/defcon32/) | |:--:| | Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg |

What is BusKill presenting at DEF CON?

I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.

What: Open Hardware Design for BusKill Cord When: Sat Aug 10 12PM – 1:45PM Where: W303 – Third Floor – LVCC West Hall

Who: Melanie Allen (goldfishlaser) More info

Talk Description

BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:

1. a usb-a extension cord,
2. a usb hard drive capable of being attached to a carabiner,
3. a carabiner,
4. the plastic pieces in this file,
5. a usb female port,
6. a usb male,
7. 4 magnets,
8. 4 pogo pins,
9. 4 pogo receptors,
10. wire,
11. 8 screws,
12. and BusKill software.

| [!Image of the Golden BusKill decoupler with the case off](https://www.buskill.in/defcon32/) | |:--:| | Golden DIY BusKill Print |

Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.

Meet Me @ DEF CON

If you'd like to find me and chat, I'm also planning to attend:

• ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 \| 236),
• Hacker Kareoke (Friday and Sat 20:00-21:00 \| 222),
• Goth Night (Friday: 21:00 – 02:00 \| 322-324),
• QueerCon Mixer (Saturday: 16:00-18:00 \| Chillout 2),
• EFF Trivia (Saturday: 17:30-21:30 \| 307-308), and
• Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 \| 325-327)

I hope to print many fun trinkets for my new friends, including some BusKill keychains.

| [!Image shows a collection of 3D-printed bottle openers and whistles that say "BusKill"](https://www.buskill.in/defcon32/) | |:--:| | Come to my presentation @ DEF CON for some free BusKill swag |

By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.

Google’s Gemini AI has been accused of scanning PDF files hosted on Google Drive without active permission or initiation, sparking yet another discussion around AI safety and privacy concerns.

Senior Advisor on AI Governance Kevin Bankson took to X to share concerns over an automatically generated AI summary in a private and confidential tax return.

Bankston’s thread detailed his experience with Gemini AI reading private documents without consent and the subsequent troubles in disabling the functionality on the cloud storage platform.

Pakistan has authorised its powerful spy agency to tap phone calls and messages, tightening the army’s grip on the South Asian nation.

Citizens and human rights advocates have criticised the move amid fears it could be weaponised to suppress political opponents and throttle dissent.

The ISI, which is run by the military, will be able to legally intercept and trace phone calls and messages in the interest of "national security".

Federal law minister Azam Nazeer Tarar told the parliament that the Ministry of Information Technology and Telecommunications has been advised of the authorisation in an 8 July notice.

”Anyone who misuses the law will face action," he said on Tuesday while claiming that the authorisation is limited to tracking criminal and terrorist activities and that the government will ensure it doesn’t infringe people's lives and privacy.

The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Some banks – and even governments – have begun requiring live images over Zoom or similar in order to participate in the modern economy. The question must be asked, though: is it cyber smart?

Just last Monday the Southeast Asian nation of Vietnam began requiring face scans on phone banking apps as proof of identity for all digital transactions of around $400 and above.

The nation's residents are not able to opt out of the banking rules, despite Vietnam regularly finding itself ranked poorly when it comes to internet privacy or cyber security.

Local media has weighed in to suggest that selfies will not improve security. And just days into the new regime, some apps have already been called out for accepting still photos instead of a live image of the individual.