Big Tech is more invasive than we EVER thought! - Surveillance Report 61

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everybody and welcome to surveillance report 61 where we're dedicated to keeping you private and secure with the latest news this report today is going to recap some of the most notable events in the last week including a review of the google anti-trust papers with some massive massive things that were like barely talked about you need to hear this stuff there's some good news for proton and signal there's some interesting research about browser fingerprinting and a lot more definitely kind of a fun week i am henry from techlore i am nathan from the new oil let's go ahead and plug matrix matrix is an open source federated uh chat platform but it does many other things and it's a great place to host communities and both nathan through the new oil and us through teclor have matrix communities so i'll go ahead and leave invite links down below if you want to check out like a cool open source federated platform that you can actually have multiple communities where there's communities for everything there i was just going to add to that i know yours has uh your link to your discord room or still right yeah yeah so all of yeah and you can have multiple rooms it's kind of a janky solution but we do have it set up so that people on discord can read matrix messages and people in matrix can read discord messages so you can join from anywhere and interact with anyone it's pretty cool and we're actually going to talk about matrix a little bit more later today but first we're going to start off in data breaches as usual and we're going to start off in moscow where the data of millions of drivers is available for 800 so if you've got money to burn i guess you can go get this this is 50 million records that were collected uh or the records are from between 2006 and 2019 the data is confirmed to be accurate but might be a little bit out of date in some cases you know if somebody moved and now that's an old address that was scraped up contains full names dates of birth phone numbers vehicle id numbers license plate numbers car brand model and the year of registration the source of the breach is uncertain at this time uh some people are saying it looks like an insider job while other people are saying it might may have been an attack on car insurance companies um yeah hopefully we'll find out what's up with that our next story comes from germany where the data of 400 000 german students was exposed by a bad api so there's an app called schoolio it is very popular in germany for students it helps them with time management tutoring homework planning group chats and it also allows companies to post job offers and inter internship opportunities scolio makes their money by selling targeted ad space so they do collect user data the breach was the result of a leaky api the data included user nickname so i guess if you put in your own name user and parent email addresses gps locations for when the app was last opened name of the school in class interests uuid details and personality traits such as origin religion and sexuality which seems like a lot more information than i want my school to know about me but whatever the company claims that there is no evidence this was abused but they've also lied about their user numbers they claim they have like 1.8 million users when in reality it's probably these 400 000 so you know take that claim of lack of abuse with a grain of salt up next zales.com which has to do with some jewelry companies has leaked customer datas just like the sister firms jared and kay jewelers did in 2018. the data included name billing addresses shipping addresses phone numbers email addresses items total amounts of purchase delivery dates tracking links and the last four of people's card numbers this data was obtained via a url manipulation technique which is a little bit interesting we don't see that too often now there was no evidence of abuse but this could have easily been used for fishing so those who were impacted have likely already been impacted and this would be another demonstration of a clever fishing attack that we commonly talk about some solutions when you're ordering things online you can use fake names and ship them to things like po boxes you can set up voip or fake secondary numbers you can have forwarding email addresses using something like simple login and you can also use services like privacy.com or prepaid debit cards in order to avoid giving up any real information and up next we have a third party data breach in singapore that has hit a healthcare provider so there is this vendor that was impacted for fullerton health at the time i think the biggest takeaway here is this was a third party data breach and this happens pretty frequently where let's say you buy a phone through a company let's say it's through samsung samsung didn't actually suffer the breach but samsung maybe their payment processor suffered a breach so now all samsung customers are caught in this data breach now this didn't happen i'm just making this story up but this is another example of how when you do business with a company you're often also conducting business with all the other companies that that business relies on so it's something you keep in mind every time you open a new account you should dive into their privacy policy and so you can find any information about this this specific breach included names id numbers contact details and bank account details in some cases and our last data breach this week comes from thailand where the centara hotels and resorts chain has reported a data breach the data it leaked includes names booking information phone numbers email addresses home addresses and photos of ids the attackers also claim to have reached the hotel's parent company so if they're telling the truth we could see even more data exposed in the coming weeks and months so some solutions for these kind of things you can check in under a fake name uh i know michael basil has talked about using like a a burner android with the hotel's app on it uh you can pay in cash i've done that before at a hotel uh they do ask you for a safety deposit but you know as long as you don't trash the room you get it back don't give them a real address and you know it maybe even fight back on if they try to make a copy of your id you know it's it's hard to do but it makes you look crazy but i mean you're only staying there once so you're probably never going to see the here again that's gonna wrap up data breaches for the week and now we're gonna transition over to company specific news and we're gonna start with google there's been some leaked anti-trust google court documents you have to read this yourself it is some spooky stuff that is just beyond messed up even for me and i thought google was evil but this is like a whole another level i'm going to read off some quotes there takeaways here so the first one google has a secret deal with facebook called jedi blue that they knew was so illegal that it has a whole section describing how they'll cover for each other if anyone finds out about the program second point google appears to have a team called g-trade that is wholly dedicated to ad market manipulation third google has a plan called project nera i don't know if it's nera or nera it's all caps but it's to turn the web into a walled garden they called not owned but operated a core component of this was the forced logins to the chrome browser you've probably experienced if you've used chrome before google has also worked with facebook and microsoft to discourage them from increasing user privacy again um so i'm reading off actually some a part of a massive twitter thread that someone left so i'll link the twitter thread and i'll also link the actual document so you can read both but the wild part about this is just not everything that google is doing but the fact that these big tech companies are helping each other behind the scenes i know that like it's it this is kind of obvious but actually seeing formal documents outlining how deep this could go is pretty spooky to think about and it really just shows how much these companies want to work together in order to erode the privacy of the people on these platforms this is big and i actually have not seen a single mainstream article talking about it i don't know if you have nate but this was just a tweet that i happened to come across and it was pretty spooky to see i i mean i know i've definitely seen the term jedi blue somewhere in the past couple weeks um i think i've seen maybe slashdot has run a couple headlines about this but yeah i mean i i definitely have not seen anywhere near like the the proton uh ip logging thing we covered a few weeks ago like i haven't seen anywhere near that level of discussion for sure yeah what the hell man like not to discount like the i guess the concern behind the proton stuff which we we did talk about every time we talk about proton people like are you guys just gonna ignore the ip thing and it's like look back a few weeks we covered it in the whole surveillance sport it's literally the title and thumbnail of the surveying sport but like i can't believe that people made such a big deal out of that which in our opinion was like very blown out of proportion if you actually looked into what happened and then this google thing happens and no one's talking about it also off the record is that why you texted me the other day and you were like watch surveillance report do you even remember oh no i was getting i was getting b-roll for our signal video um so i was texting all the chats that i could show in the b-roll um because i have like private chats with like clients and whatnot yeah for sure yeah if you're watching this we have a video about signal coming out on friday that you should definitely go watch it's it's completely done by myself um recorded by myself edited by myself playing by myself script by myself which i'm doing more frequently and it's actually really fun so you guys should check that out i'm just really confused because i was like i edited the last one why would i go watch it i've watched it all the time nathan goes and re-watches looking for all the little details he's looking for the easter egg exactly do you add something anyways um so we do have one more quick google story before we move on from that they're google they're gonna they're gonna make up for everything i just did just listen to this yeah okay this totally makes up for everything we just talked about uh a few weeks ago or maybe a month ago we talked about how google is rolling out a tool to help miners delete photos of themselves from google search not from the internet mind you just from being indexed by google search well it's now officially rolling out so good job google you've fixed the internet with that we'll talk about what amazon's up to so amazon is trying to bring alexa to hospitals and senior living centers next this comes after they have already targeted hotels and apartment complexes we've talked about that in the past and for senior centers they are hoping to allow residents the ability to do things like call loved ones submit maintenance requests talk to each other which i mean actually i'll accept that one because you know some seniors do have mobility issues so they'll it will allow the staff to make mass announcements check in with residents although i would hope they're doing that in person at least somewhat often for hospitals amazon has already worked with cedar sinai and rolled out alexas in their patient rooms and they will allow patients to change tv channels play music or communicate with the staff which again i get but um yeah i just i don't like amazon being involved whether you think this is a cool solution or not like i said like i i understand where they're going with it some people have mobility issues i think we can all agree that amazon's involvement in this is going to be absolutely nightmarish and all privacy is just going to be an afterthought if it's a thought at all they never delete your data man they never delete any of it and on the topic of facebook so really quick i'm sure a lot of you guys have heard the news facebook's parent company has rebranded as meta facebook has not changed their name the facebook app is still going to be facebook on people's phones it's still gonna be facebook.com and they're probably never gonna change that because then all the old people that use facebook would never be able to find it so what does this rebrand mean for viewers really nothing it's still going to be the same garbage company doing terrible things to undermine the entire human race but just know that when you hear somebody talking about meta that's what they mean it's facebook with a new mask so on to the actual story meta is developing a smartwatch it has a front-facing camera the article lists a few other features but i mean that's probably the most interesting it's got a front-facing camera and again we can safely assume that it will be a privacy nightmare and hopefully will not gain any traction so that they don't keep making more of them but this is almost certainly just another chance to try and grab your data because you know if you're wearing a facebook watch then they don't have to play by apple's rules they can just collect whatever they want and our next story comes from apple ios 15.2 beta is already starting to roll out the next release of ios is set to include app privacy reports which are supposed to let you know when apps do anything like access your location photos microphone etc this is actually already been rolled out i went and checked my phone because i was like i seem to remember this but to their defense the current iteration of this thing is really hard to read i went ahead and saved my report and looked at it i used signal a lot but uh it was very hard to read it looked a lot like an error log i think the average person wouldn't be able to make any sense of it whatsoever i mean i barely understood it so my guess is that this new update is going to make the report easier to read for the average person a lesser reported feature that nobody is talking about is that 15.2 will also enable the communication safety feature that we talked about a few months ago or a few weeks ago the feature where it uses quote-unquote on-device machine learning to identify sexually explicit messages in your imessage account and then alert your parents if you are a minor that is slowly being rolled out to us after they said they were gonna pause on everything now they're just doing it piece by piece i guarantee you the next one's going to include something else we're going to pivot over to laptop oriented things and pretty much we're going to keep this really quick microsoft is trying again to reach the k-12 market with a new low-cost surface laptop this is their attempt at going against the chromebook and the ipads of the world they've done this in the past and they always failed um so it's this is all hinted through windows 11 se which is a student or school edition designed for this initiative we're just putting it in to show that there is a market for k-12 and any company that's involved with k-12 is likely getting some layer of data on students and we like to kind of shed light on that issue because most of these big tech companies have data from literally when a student is kindergarten through 12th grade and then likely through college as well if they decide to go to college and our next story goes to proton who has wind and appeal in a swiss court okay our next story is through our proton has won an appeal in a swiss court over surveillance laws so this is kind of what like the the opposite story of what we just heard a few weeks ago which again this isn't a transparency report i don't think this is anything new the court has ruled in protons favor over an appeal about proton being required to store data and monitor email traffic the court ruled that email providers are not telecoms provided and are not telecom providers and therefore are not subject to data retention requirements um they are expecting more court cases like this in the future so be prepared that they may go either way and i think it just brings out that like this is a central company they're doing their best but they're at the end of the day they're a central company that has to respect the laws if you want to learn more about the proton case we really talked about that a lot more in a surveillance report a few weeks ago all right our next story will go to twitter where twitter is now requiring all employees to use hardware security keys to prevent future leaks google has actually been doing this exact thing for years and that's one of the reasons they've had so few data breaches at least compared to other companies twitter has also made it so that you can now use hardware keys as a user previously it was only sms or software you can now use hardware so yeah hardware keys are great on that note though speaking of yubikeys yubikey has released what is basically a yubikey lite so it is the security key it is 29 it has a usbc form factor and it has nfc capabilities so you can use it on mobile devices as well it is missing some of the major features that are present in the like original full version yuba key like for example the ability to use it for logging into your computer and also bit warden i was really sad to see that's not on there we will include the comparison page from yubico down in the show notes so that you can see exactly what it does and doesn't offer personally i love hardware keys i totally recommend them but i also say you should get two of them in case one breaks so seeing as the full version key runs minimum 50 that could be a lot of money for somebody whereas this 29 version if that does everything you need it to then you know hey that could be a good uh good compromise oh yeah that's a good idea get the cheap one for just a backup or that yeah so you get like your main one that's the main one and then you can just get a quick 29 one as backup cool all right and then our last company story a location data firm was getting gps data from apps even when people opted out so this is a company called huck i believe huq and they collect precise location data from website or apps excuse me and then they sell access to that data they have been collecting data from numerous android phones even when the location services are disabled uh it should be noted this was uh in app settings so if you went in the app and said no don't share my data it's still collected data but if you went to the device settings and turned off location services that shut it off so that is worth noting but i think this also highlights one of the issues with closed source we can't verify the apps are respecting our wishes you know i i was actually thinking about this a couple days before i saw this story is you know how do i know when i tell apple you know don't give this app access to my microphone how do i know they're actually doing it i really don't and with that we will go into research our first research story comes from tel aviv where a researcher collected a 5 000 network sample size wi-fi networks and then cracked 70 percent of them so his goal was to see uh how secure home networks are and found that they are woefully insecure and easy to hijack the article discloses the exact steps that this researcher took to do this so you can check their methodology but it seems like the vast majority of it was dictionary attacks the vast majority of the passwords were basically either the owner's phone number which i've definitely seen that before please don't do that or they were lowercase words that were found in a single dictionary list like this person didn't even build their own list they went online and found one so yeah moral of the story use good security measures on your wi-fi for example i recommend using a six word passphrase because that way when people come over it's very easy to give them the password it's not you know like lowercase s exclamation point uppercase you know it's not crazy like that it's just like boom boom boom here's six words disable roaming and wps if those are enabled on your router and then just a note personally i don't think it matters whether you broadcast your wi-fi network or not as long as it's properly secured like if somebody was really trying to find hidden networks they're going to find them not broadcasting won't really change that so personal preference yeah and also there's some people who actually say it's worse to not broadcast because it makes you even stand out a little bit more yeah like why is this guy hiding his network i could see that our final research article for the week is a demo that shows that disabling javascript won't save you from fingerprinting and just some context we actually talked about a uh fingerprinting story last week that talked about how it can happen and they can clone a fingerprint we kind of said like we don't want to give too much advice on how to prevent this because there's several techniques and it's kind of debatable which one to go with nathan said that sailing javascript might help and while it does help um this demo shows how fingerprinting can also be achieved with css and headers which are two other important ways of how the web works again i recommend looking at this demo yourself in the research but essentially the best way to prevent fingerprinting is via the tor browser which has very great mitigations against this and also using more common browsers that as out of the box as you can brave has an excellent use case for this right because brave not only randomizes every new website you go on so every new website uses a new fingerprint a new randomized fingerprint but also it's a very common fingerprint even if they didn't randomize it i feel like you as a brave user can very easily blend among other brave users because most people don't really install extensions or do anything with their brave browser firefox also has fingerprinting protection and we talked about this more in our latest video comparing brave and firefox and with that we will move into politics we will start off with um i found this story really enlightening it's the title says here's the fbi's internal guide for getting data from at t t mobile and verizon so this comes from a 139 page slide dated from 2019 from the fbi's cellular analysis survey team and was obtained i believe via freedom of information act request uh they didn't specify how they just said it was like an open records request there's kind of some some stuff here that we already know about like you know how the fbi can obtain warrants and court orders for this data but the really interesting stuff is that for the first time we have some insight into how long u.s telecommunications companies keep the data for and what data they collect so just to go over that real quick t-mobile holds onto call records cell site and tower dumps which is location data for two years verizon holds on to it for one year and a t for a whopping and completely unreasonable seven years like even one of the experts they interviewed in the article was like they have no business reason to be holding on to that data that long uh at t also retains quote cloud storage and web browsing data for one year as well as uh data from your wearables although they didn't specify how long they keep that data so i don't know if that's the one year they just mentioned or what else but moral of the story your cell phone cell phone providers keep data for quite a long time and they have no issues turning it over to the police with a warrant and on almost the same exact note in the same week that this came out there was a another paper published by the ftc that takes a look at what internet service providers know about you and examined the privacy practices of six major internet service providers these are the key findings and i'm going to quickly read these off but you should actually look into this yourself because it's only it's only more damning the more you read into it so first some isps in our study combine data across product lines three of the isps in our study reveal that they combine information they receive from consumers across their core services and at least some of their other services for example tv and video streaming services home automation and security products and connected wearables so essentially they are combining data across different services second some isps in our study collect data unnecessary for the provision of internet services this includes things like their ability to advertise like app usage history third a few isps in our study use web browsing data to target ads two of the isps in the study stated they use web browsing information to target ads to customers and another reserves the right to use such information for advertising purposes next many isps in the study group concern group consumers using sensitive characteristics to target ads many serve targeted ads across the internet on behalf of third parties in doing so they place consumers into segments that often reveal sensitive information about them allowing advertisers to target consumers by their race ethnicity sexual orientation economic status political affiliation or religious beliefs this is kind of the big gotcha the fact that normally when you buy these services you don't give them your ethnicity your sexual orientation your economic status you just buy the services so all of this is obtained via behaviors of you over time it's massively like concerning next they also study and combine personal app usage and web browsing data and finally a significant number of isps in the study share real-time location data with third parties which is not something that's new but it's just a reminder so these internet service providers literally are doing everything possible to collect everything they can about you which again is something that we already know as privacy advocates but this is a whole 76 page f 74 page ftc staff report from the government that outlines their study into this and it is beyond concerning as for what to do i really want to harp on the anti-vpn gang right now because there's a big community that goes vpns are useless if you use a vpn on a lot of your devices almost all of this web browsing the web browsing concerns would be pretty much off the grid right as long as using a browser that doesn't also allow them to track anything there if you're using a browser and a vpn that already takes care of a lot of things because they can't analyze your web traffic anymore but this won't prevent some of the other things so again vpns are just one tool so these are the kind of things that you really have to set up your browser from the ground up to be safe you want to use a vpn or tor depending on the use case and situation and you want to just avoid getting some of these devices i feel like a lot of this data comes from the video streaming tv services home automation things of that nature just get your isp for internet service and do everything you can to not let them know what you're doing on that service glad you said something about the vpn people because that was my first thought is like i never want to hear somebody tell me that a vpn is a waste ever again because like yeah i'll admit it my my isp is at t and like between the last story and this one it's like why would i be okay with them seeing my data yeah they're just they're the worst company in every way imaginable worst case scenario a vpn company is also logging your data then what you're back where you started best case scenario the vpn company is in fact not keeping logs like they say and are actually properly protecting you that's funny too because like the anti-vpn people are always like well what if the company's logging your data too it's like you you don't even have any reason to say that like you don't have a definitive like oh i can prove that company's logging your data it's just like well what if they are then they are at least at t is and i just i don't understand that sense i think that it's an important stance to have because i do think vpns are really over marketed to somehow be this anonymity tool so i think it's important to get that like that reality check but also sometimes it goes way too overboard of never use a vpn use tor for everything you're stupid and it's like no like why am i going to use tor for everything why i don't need to first off it doesn't even log into my bank on tour exactly so many things don't work on twitter they're literally blocked so like i use tor i have tor browser installed on this system i actually yeah i have the protonmail blog open on tour browser right now i was using it for some news earlier today but i also have a vpn running because like why wouldn't i i i have good faith that my vpn company is honoring my web traffic better than my isp and i don't know why you would think otherwise when we just sent a total of 139 plus 74 213 pages of proof of how much these companies invade all your information like you get a reputable vpn provider just make sure it's not one of those free ones yeah and again we host vpn tools it's all open source and we're not sponsored by any vpns check out ivpn and check out proton vpn check out movad and check out winscribe those are currently like the top four privacy respecting services that we can look at check out our open source tools there's charts and everything you can look at all this and you can make your own conclusion i don't care what vpn you use i i had to say this in a browser comparison i don't care if use browser or i don't care if you use brave or firefox i want you to use what works for you so same thing here with vpns just pick something you feel comfortable with all right that's it that's it for those stories this is a really rambly surveying support and let us know if you like that i think i'm going to keep in a lot of it just to see what you guys think about it okay uh so our next story is gonna be a quick update on one from last week so last week we talked about the uk and how there were nine schools in scotland that were rolling out facial recognition to allow kids to pay for school lunches after immense backlash the program has been halted one of the schools has completely abandoned it and the other ones have temporarily paused it that's quote unquote for listeners uh yeah so um good news just a quick update on that we'll let you know if we hear anything else but hopefully they will realize that's a terrible idea especially in uh i believe the article pointed out that some of these counties or like areas have actually banned police use of facial recognition so like if it's so bad that the law enforcement can't use it why are we cool with it on kids but anyways yeah so uh hopefully that'll just be dead in the water and they won't come back to it but if we hear anything we'll let you know of course and our last political story comes from south korea where the government has provided 170 million facial images obtained in the immigration process to private ai developers i'm going to quote the article here the south korean government handed over roughly 170 million photographs uh from incheon i'd probably mispronounce that incheon national air international airport showing the faces of south korean and foreign nationals to the private sector without their consent ostensibly for the development of an artificial intelligence system to be used for screening people entering and leaving the country unquote so the government actually mentioned this program all the way back in 2019 but they just kind of mentioned it they didn't really give any details about what data they were handing over where they were going to collect that data from or even who they would be giving it to they were just kind of like hey we're going to build this ai to help with screening people coming and going in the country and that was basically all they said i'm going to go ahead and quote the article again here it says while the immigration act does not allow the ministry of justice to collect or store biometric data such as facial images from south korean nationals during immigration screening it does store fingerprints and facial photographs from the south koreans who have applied to use the automated immigration clearance service introduced in 2008 unquote so uh i may be misunderstanding that but to me that sounds a lot like the us's equivalent of the tsa pre-check thing where like you basically give them way more information than usual and you get to skip the security line and apparently it's really fast and painless but yeah i think this is a really good example of why you shouldn't use those things because as we always say once you let go of the data you have no control over it we we can't control what they do with it and we can't get it back and they were notoriously not transparent about it so yeah just be careful traveling is such a nightmare nowadays for privacy and that's so sad and now we're going to move over to foss news free and open source we're going to try to get through this one really quickly so first the us government wants signals private user data that it simply doesn't have so the us subpoenaed signal for user data and they asked for a lot of data like everything things that signal doesn't even access like i think they even ask for things like user emails and so once again signal came forward they had almost nothing and they pretty much gave what they have which is the original account creation date and i think the last time the user logged in uh don't quote me on that but i'm fairly certain that's all they gave oh wait no i did quote it let's go back in time uh also they said that the subpoena requested um target name address correspondence contacts groups and calls yeah and so actually i've seen people say that because yeah i don't know but i've seen people who don't really know what they're talking about say that because signal asks for a phone number signal can now tie together everyone who's talking together but signal's not built in a way where that's possible and this kind of speaks to that they were subpoenaed for that information for users contacts and who they were talking to and signal can't do that they didn't give up that information this is an actual court case so if you actually believe that's happening you're actually denying like the evidence that's right in front of your face so that's something i'd have to say as well but again signal still does require a phone number so again we go back to what we always say about signal it is not an anonymity tool if you're a signal a hater because of the phone number requirement while we all including us wish it didn't exist for obvious reasons you're still kind of missing the point and the use case for signal messenger um we have a sig we have a messenger comparison video with like 10 or 11 different messengers including arguably better messengers like session and you can really look to see which ones are better or worse in certain aspects so i'll leave that in the description as well if you want to see that video up next really quickly element the same team that develops matrix that federated chat platform we talked about earlier element is a client that you can use for matrix they now have something called element one which is going to bridge matrix whatsapp signal and telegram into one place this is nothing new you could use bridges in the past with these services but they now are essentially hosting it for you via this convenient service for five dollars a month you can't use it with an encryption but it could be worthwhile for those who can't leave whatsapp and telegram um but like now they can but in their family members don't have to move over to matrix to use matrix so you can interact with them via matrix that's pretty much it our next story comes from mozilla who blocked malicious add-ons installed by 455 000 firefox users so basically there was a proxy api that was available in certain firefox add-ons and it prevented users from getting updates personally i recommend just using ublock origin to block javascript that works 99 of the time for me uh the only place it doesn't seem to work is uh wall street journal microsoft defender was actually the only anti-malware service that was finding this issue and flagging it which in my opinion is another reason not to pay for third-party uh malware protection microsoft defender is totally fine if you're a windows user and uh there was an interesting response to this after firefox you know removed this add-on for a lot of people they also responded they said starting with firefox 91.1 firefox now includes changes to fallback to direct connections when firefox makes an important quest such as those for updates via a proxy configuration that fails so if i understood that correctly that means that you should be using a vpn on the system level and not just relying on a browser proxy because otherwise that connection will go directly through your regular internet or data and you won't get the protection of a vpn and then of course always remember to be cautious with your add-ons be careful what you add all add-ons have a lot of privileges that you may or may not necessarily want to give to yeah to that developer all right up next your browser can tell websites how to treat your data but companies didn't have to listen until now so there's something called global privacy control we've talked about this in the past brave already has it and the duckduckgo add-on which is pretty new has it and firefox is about to add it and of course chrome has no plans they're like the guy in the corner who's like chrome just says lol yeah i just hello we all need that um so global privacy control will tell websites your preferences regarding cookies and data sharing so that you don't have to manually do it every time and oh my gosh for convenience sake thank you and i think nathan threw in a note here should we change our vpn servers to california so they respect it our last story is a really quick one about the hive ransomware which is now encrypting linux and freebsd systems this is just a really quick periodic reminder that nothing is bulletproof not even bsd for those of you who don't know what bsd is it's uh i guess i would say it's like linux on crack it's not linux related at all it's a completely different operating system just how like you know mac and windows are completely different operating systems but yeah a lot of people like bsd because it's more hardcore than linux and it's more secure but it is also not bulletproof so i'm not trash talking bsd i'm just reminding you nothing is perfect and with that let's move into misfits we're going to start off with iran where a cyber attack closed gas stations across the country the attack brought down government-issued electronic cards that many residents are relying on right now to be able to pay for basic things like gas and food because right now the country is kind of economically struggling under a lot of u.s sanctions or i believe it was u.s maybe it's just lots of sanctions but either way they're not in a good spot right now economically so the government's been kind of handing out these cards to everybody and a group shut down something with the cards they didn't really specify if it was like the payment system or the the back whatever the cards didn't work so nobody could buy gas and no group has taken credit for it as of yet so the lesson here just remember cash is king if you have that opportunity yeah it's always good to have some cash on reserve if that is an option for you our next story is a supply chain attack a popular npm library was hijacked to install password stealers and miners the ua parser js library infected linux and windows with crypto miners and password stealing trojans and this is a library that is used in thousands of projects like facebook microsoft instagram amazon google slack discord mozilla reddit and many more that i didn't list what this library does specifically that like so many people use it is it parses the user's browser browser it parses the browser's user agent to find information like your operating system your device info and more this has since been fixed but this is just a reminder to be wary of supply chain attacks they are incredibly hard to defend against and they can be serious our next story comes from a new ransomware gang who is selling access to victims so normally ransomware they sell the data but in this one it seems like they're compromising a company than just selling the access to the highest bidder who will actually go in and do the damage uh it's unclear why they're doing this or what they hope to achieve all right and our last story we're just gonna end on a fun note this story has absolutely no relevance to our listeners like you know there's no lesson to take away the name of this malware is just absolutely hilarious and i absolutely had to share it with you guys this malware is called squirrel waffle it's so fun to say it's so funny and you know it it does drop cobalt strike it's in the articles you can read it if you want to but like i said it's not something that really needs to be on your radar it's just funny and i wanted to share and hopefully that makes you guys smile and puts you in a good mood for the coming week all right all right i'll start the summary so um thank you for watching everybody this week had some juicy stuff honestly like it was a really juicy week and the anti-trust stuff is probably the biggest story in my opinion but there was some other massive news too like meta alone is such a big shift in the whole technology world and that was just like a minor story this week i think so just some perspective there i think it was a pretty big week so tune in next week where we get updates to these massive stories which are hopefully going to be positive directions again promo spot matrix we talked about element when element one and how you can pretty much use matrix to discuss things with people who are using whatsapp signal telegram if you wanna still have your family members who are too stubborn to move to something else if they want to stay on those platforms and at least you can still engage with them using something like matrix we have our own matrix communities i'll leave links to both of them below nathan has his own new oil community that i'm inside and then we have a technical community that nathan's inside um so that's something that you can be a part of to finish things out we want to thank you for listening to the surveying support we're happy to know you're trying to stay safe out there and the final thing we want to ask you is to share this podcast around this is all free for you so make sure you're subscribed subscribe to the rss feed if you're on the podcast and definitely give us a rating if you're listening on a platform where that's an option we want privacy to get to as many people as possible and you can directly help with that it's something that i think is important just not for us but just for the general privacy fight so thanks again for listening see you next week for sr 62.

Info

Channel: Techlore

Views: 22,184

Rating: undefined out of 5

Keywords: google antitrust, facebook antitrust, metaverse, metaverse facebook, jedi blue google facebook, protonmail case, protonmail review, Signal messenger subpoena, Signal messenger court, security news, privacy news, surveillance report, techlore, the new oil, cybersecurity news, online privacy, online security, facial recognition, cyber security, google privacy, data breaches, internet security, online privacy and security 2021, browser fingerprinting, infosecurity, explained, news

Id: zK5nCQecHIo

Channel Id: undefined

Length: 39min 21sec (2361 seconds)

Published: Mon Nov 01 2021