Signal...WHY? - Surveillance Report 37

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to surveillance report 37 where we are dedicated to keeping you private and secure with the latest news this report is going to recap some of the most notable events in the last week including updates on the massive facebook breach a new linkedin breach with about the same size signals new cryptocurrency which is a hot topic and we have a lot more fun stuff planned for you this week i am henry from tech lore and i am nathan from the new oil and this report is brought to you by our trezor and ledger affiliate links these are two hardware cryptocurrency wallets which are considered some of the most secure ways of holding your cryptocurrencies not only can you order these and get pretty much an immediate boost in the protection of your assets but you'll also be supporting us and our mission at no additional cost to you i use a ledger and it's fantastic but we do lean people towards the trezor as it is open source but both do accomplish the root goal of keeping your assets secure on a dedicated device check out the links below to order one today and give back to our mission let's start off this week in data breaches we're gonna start off by talking about q-link wireless who is a quote provider of low-cost mobile phone and data services to two million us-based customers and unfortunately q-link had a bit of a data breach so what this was was the carrier offers an app called my mobile account that customers can use you can monitor your text your minutes you can buy more minutes things like that well the app also displays customer information when you log into it first name last name home address phone call history text message history phone carrier account number needed to port your number to someone else email address and last four digits of the associated payment card the problem with this is that this app had no form of authentication whatsoever so if you downloaded this app and you put in any valid q link wireless phone number any customer phone number it would pull up all that information with again no password or anything like that needed so at the time of the the posting of this article q-link seems to have temporarily fixed the issue by basically just turning off that feature the app doesn't do anything even if you put in a valid number it won't pull anything up hopefully they will come up with a fix because i'm sure that's a very useful feature to a lot of their customers at this time there's no indication whether or not this exploit was discovered and used by any bad actors but of course it is always safe to assume that it was our next story is just a quick update on facebook's data breach that we discovered last week so last week we mentioned this and this was literally right before we started recording so there wasn't a whole lot of information but now more information has come out over the past week basically facebook is claiming that this 500 million user data leak was old public data from 2019 let's assume they're telling the truth well partially first off even if it is old data not all of this data was public like phone numbers for example so they are definitely lying right off the bat which i know is not terribly surprising coming from facebook the second part of the claim that it's old data from 2019 that part does appear to check out people who have investigated this said that this is probably fresh data that has not been released before but based on the data they're guessing that it came from a bug that was patched in 2019 so basically this data would have had to have been scraped before that in order to be accessible there really hasn't been any speculation on why whoever stole this data sat on it for so long but it does appear to be slightly outdated but probably not by much i mean people don't change emails and phone numbers frequently well nate that changes everything it happened last year yeah that was all two years ago it's totally not a big deal silly nate a couple other interesting things happened because of the breach uh zuckerberg himself was actually caught up in this leak and a couple of enterprising people discovered this put his phone number into signal and found out he uses signal so that i think should say a lot uh number one to the security of signal which we will talk about it a little bit later and also to the uh troubling aspects of whatsapp the fact that even zuckerberg himself doesn't want to use whatsapp he would rather use signal and last but not least our latest update on that facebook has no plans to notify infected users which i know someone jokingly commented on my my news feed and said well the media already did it for him but it's still that's really crappy not to send people an email hey you've been compromised change your password on a similar note a data breach which is honestly very similar from linkedin happened affecting about half a billion people as well and this is personal data linkedin is still investigating what's happened but pretty much this is another big breach though it is less of a breach and more of a scrape i think nate actually has some things to add here from his own personal experience which we'll get to in a second but linkedin has 740 million users so this actually affects about two-thirds of the platform and the data includes account ids full names emails phone numbers workplace information genders and links to other accounts it's unclear if this is current information or information that was scraped some time ago and i would like to ask nate about his personal experience with that yeah i just i'd i kind of put it in the notes there i'm not really surprised that this data was publicly scraped because i know when i began to clean myself up off the internet and get rid of like my public records i found out that a lot of sites had scraped their information from linkedin and the reason i know that is because it was a specific piece of outdated information from a couple years prior or almost five years prior that had only stayed on linkedin because i had lost my password and i hadn't been in linkedin in five years and that specific piece of information kept popping up on a lot of people's search websites so a lot of people search sites get their information from linkedin our next story is a real quick one there was a third party security breach in singapore in a job matching service so kind of one of those like ziprecruiter you know monster.com you post your resume and they'll try to match you up with recruiters or jobs that are looking for someone like you this affected up to 30 000 individuals including names id numbers contact info education and employment history it is believed that a malware of some type infected a third-party vendor employee's email account and that was the avenue that was used to access this information so just always a good reminder that third-party stuff is risky and just because you know maybe the company you're using is doing everything right that doesn't always mean the third parties they're using are doing everything right our next story is very dystopian and weird i think those are the two best words that i can use to describe this story pretty much there used to be some kind of chat application that people used for dating if i understand that correctly or at least people would import previous messages that they that they use to discuss with their partners and relationships into this ai company that would tell you it's kind of like one of those fun quizzes on facebook like which game of thrones character are you but this is actually a little bit more sophisticated than that this ai claims to go through your messages and be able to tell you how much you love each other and and other fun things about the relationship between two people here's where things get interesting a news organization has accused this scientific ai app parent company called scatter lab of collecting these intimate conversations between lovers without informing the users and then using this data to build a conversational ai chat bot called liluta lee ludda i think it's liluta in addition to not filtering out the hate speech in the initial data set which includes some slurs and verbally abusive language it also exposed people's names at times their nicknames and their addresses and some of the responses with this chat bot the company insists that the data was removed in the training set but this is kind of like the recent breach we dealt with last week with the the indian company that that claimed oh they just uploaded their data online that's not our fault um and just pretty much dismissing that they were in the fault for anything so they kind of denied that this was a problem because they did remove it but people found it so that you didn't remove it another layer to this is the company uploaded 1700 training sentences to github which also included names locations relationship statuses and also medical information so this is just kind of a whole new level of creepy and i think the biggest takeaway from this story is and i actually really like the the article that wrote this because they mentioned that a majority of americans are not confident about how companies will behave but they don't understand what that means and what that the the the kind of issues that could come along with that and i think this is a perfect example of an issue that can realistically happen to people without them knowing and it's a reason why people should care about privacy i think it's worth noting just real quick on that this this wasn't even malicious in my opinion it doesn't seem like it was you know and a lot of people when we talk about privacy and the things that could go wrong we talk about how it could be used against you but i mean sometimes people don't even do it on purpose this was just incompetence and and you know not tightly controlling what information they uploaded so it's not always about an a dystopian government or you know somebody stalking you sometimes it's just things happen mistakes get made that's a great point to bring up because people always think it is malicious and a lot of times it's accidental that's actually something that's talked about in our who can you trust lesson and go incognito nice it's it's it's hey even if you really trust a family member or someone else you might not you might not be able to trust their practices they do they just might not treat the data as well as you might so just always think about that that nuclear story we talked about last week where we left yes computer open and the kid typed on twitter exactly i was like what are you gonna do you're gonna blame the kid for that he didn't mean harm and this is just a really quick story there's kind of a down low data breach here a security disclosure with hundreds of only fans users contents was discovered on google drive if you click the source there's a little bit more information but that's really about it you can type in your only fan username to see if you were impacted by this okay let's move into companies and we got a pretty big story this week that made some of the headlines twitch will act on so-called serious offenses that happen off platform twitch is an amazon-owned company and they announced a formal and public policy for investigating streamers serious indiscretions in real life and that's according to this article so basically a lot of their streamers are being accused of predatory behavior and just otherwise generally not okay behavior and twitch has announced that they are now going to be working with an unnamed third party law firm to not only investigate things that happen on their platform of course but also things that happen in other places like discord and twitter and even real life i understand they're coming at this from a place of good but that definitely worries me that they are now trying to reach off the borders of twitch and enforced behaviors elsewhere and it's it's definitely raises a lot of ethical questions and i will be interested to see how that shakes out in the future our next story is about a company called scenex which is trying to launch what they call i believe the name of the system is called venue and it's basically a camera that will use a sensor to count viewers and charge per ticket this company is proposing a like i said a camera that you mount to your tv or your computer or whatever and it will count the number of viewers in the room for paid streaming services and it works in a number of ways so for example it could ensure that the number of people in the room matches the number of tickets purchased it could be used as an alternative to flat pricing so for example i know disney ever since the pandemic started they've been putting movies straight on disney plus but you still have to pay like 30 bucks for them well what if it's a movie that i don't want to watch but my kids do maybe i can charge per ticket and that might be cheaper than paying the flat 30 so he's uh you know he's proposed a number of ideas for how this could be used and i get that i'm a little bit worried about this guy i'm going to go ahead and quote the article that's putting it diplomatically i'm going to go ahead and quote the article ceo and founder i'm going to screw this name up sihan foie atkin waved away questions about the potentially problematic nature of a device invading private homes to scan people sitting in front of the tv i wouldn't say monitored he said i would say headcount it doesn't do facial recognition it just makes sure that the number of people in the room matches the number of tickets okay no facial recognition that's that's i guess that's something he also claims that the data will be ephemeral as in they will be deleting it as soon as they're done with it it will be end to end encrypted and it will be entirely handled by ai so there's no humans looking at the footage the part that really got under my skin he said uh i'm gonna quote it again atkins said the p word that the entertainment business should be concerned about is not privacy but piracy oh yeah i know that oh when i read that that upset me so much i don't know i i know the guy means well and i know the entertainment industry is really struggling from the pandemic but man this is worrisome and i really hope this does not take off i'm gonna take a shower after this report our next story is a really quick one uh brave has this thing called brave today which is currently honestly kind of in my opinion it kind of sucks it's on your home screen on inbrave and you just scroll down and it just gives you news much of it i think is just click bait whatever but this is in my opinion kind of cool for those of you who don't know rss is a protocol that you can use to easily follow sources you can follow blogs you can even follow youtube channels and actually if you ever if you use a third-party client for this podcast you used an rss link to add the podcast and that's how you keep up with the feed but brave now lets you import these rss links directly into brave today so you'll be notified about new rss updates directly inside your browser which i think is really cool okay let's move into research our first story a wormable android malware has posed as a netflix app to hijack whatsapp sessions so a research company called checkpoint their pretty big research company they found a malicious app in the play store surprising that claim to offer two free months of netflix due to the pandemic so you know it would just say because of the pandemic we're offering two free months there were about 500 confirmed victims that fell victim to this that we know of basically once the app was downloaded it asked for permissions that would allow it to see notifications which then allowed it to auto respond to whatsapp messages because you know you get the little notification that says so and so send you a message and they can autorespond straight from that notification with a link to the app to lure in even more victims so that's what they mean by wormable it could spread itself the link was disguised using bitly so you know it's kind of hard to just look at it and go well well this is obviously fake and when you clicked on it it actually forwarded to a fake netflix site that looked like the real one and attempted to steal credit card information and other credentials the site was also because this was a fake site that meant that the hacker or the attackers had control over it and therefore they could have used that site to deliver even more malware if they wanted although at this time there's no indication that that was the case it was just a possibility this actually didn't compromise whatsapp so it didn't affect whatsapp itself but it allowed whatsapp to be abused because of the notifications so this is kind of a more advanced privacy thing i turn off push notifications i turn them off to the point where all they say is you got a signal message or you got a proton email i know that's not right for everybody but i think it certainly could be useful it's certainly been useful in my life and it's just important to notice that push notifications can be abused they are an attack vector so be careful of those up next this is this is a huge one major life stories here it ties into the last thing we just talked about and our next two also tie into this very big life stories that you should all really take to heart so apk pure for those who don't know is normally just a an external app store that you can use to download applications on android devices if you don't want to use google play you can just go to the ap apk pure website and download it pretty much any application you want however researchers found that apk pure this this application for installing other android apps contained adware and this came from an sdk meaning it wasn't intentionally put there which is another issue we talked about constantly but this actually had the ability to download other malware which puts you at even greater risk uh and yes it's just another reason to make sure to stay current because they pushed out an update which immediately fixed this issue so if you are using apk pure make sure you are using the latest version which i believe is 3 17 19. however the other layer to this is you are always having to trust the apk you install onto your device always so be very careful before you choose to use a third-party app store because actually this is probably one of the first times i've heard of the store itself being the problem but normally the bigger problem is the apps you install from third-party stores that's typically where issues arise either way stay up to date and really try to avoid these as much as possible and stick to trusted sources i really recommend aurora it's an open source trusted it takes apks directly from the google play store on your android devices so check out aurora and f droid and on a similar note researchers have also discovered two dozen malicious chrome extensions you can read the story if you want in the sources but that is pretty much the story and again just remember when you install an extension that extension has immense capabilities and it it can do really anything inside of your browser so when you install an extension just know you're trusting a brand new extension that can pretty much do anything within your browser okay our next story is also pretty straightforward windows and linux devices are under attack by a new crypto mining worm so again worm that means it can spread itself to other devices this is a botnet that i believe was discovered in december if i remember from the article and it scans for unprotected windows and linux devices and if it finds something it gets in and starts mining monero be sure to turn off your devices when they're not in use enable the firewall on your router believe me you will find out real quick if it's too aggressive in my opinion go full on and then dial it back until you have the functionality you need and of course last but not least use good passwords don't use the default passwords and stuff like that zoom has had another security issue another vulnerability just know about it just know this is one of many zoom vulnerabilities and zoom has not yet fixed it but the details haven't been fully made public so apparently they're in the works of fixing it just remember if you're using zoom we recommend keeping it inside a virtual machine or keeping it within your browser and using pseudonymous information when you can that's it or use jitsi and last but not least uh this is just a really interesting article we're not gonna go over here because it's a really deep dive but this article unlocking full value from data from connected cars it's a fascinating look into the potential of vehicle data the telemetry and all that and how profitable it can be so if you're unfamiliar with this definitely read this article it's very simple very well worded like it's easy to grasp but it's also very comprehensive and i think it's worth reading so now we're gonna head into our politics session we're gonna start with the uk so the data services and analytics units holds information on 650 million people and they've now been accused of creating a super database uh the more concerning things about this is that this database includes children who are under 13 and they're using these analytics to build quote decision making tools and provide data-driven insights to the rest of the home office i guess the more concerning aspects of this data would be it includes things like ethnicity immigration status nationality criminal records and biometrics and the other there's lots of layers of there's lots of layers of why i'd be concerned about this the next one would be there's little indication of where the data came from but 30 providers were listed including fraud prevention companies analytics firms and more so this just seems to actually that's why it's called a super database it seems to be just a collection of information from several different sources a big takeaway of why this is a concern is that we don't know if this is going to be used improperly and it could make issues worse like law enforcement racial bias and we just don't know what kind of oversight is happening with this kind of data and what's going to happen with it in the future this is more of an fyi that this is happening and you can make your own assessment on what that means to you a quick uh addendum that i'm gonna plug real quick at the end of that story uh netflix just this past week dropped a new documentary called coded bias and i watched it last night if you haven't seen it i highly recommend it cause it to give you the quick recap they they use real world stories they're not just talking about well here's how this data could be abused here's real stories of how algorithms have had racial bias and gender bias and at times that it has actually affected innocent people and uh it was it was really well made and i totally recommend it okay our next story is going to take us to the u.s customs and border protection paid 700 000 to encrypted app wicker this headline for for us privacy people who are always paranoid that the government has their fingers in apps this is kind of a misleading headline basically border patrol now has a wicker subscription that's basically what it means they paid 700 000 to wicker in return for services and because it's you know a classified arrangement and everything we don't know the details but we do know that much border patrol is now using wicker which is an encrypted app personally i don't use wicker uh there's another huge rockstar in the privacy community named michael basil on a couple of his podcasts i wish i could remember which ones but uh he said that he did some like wire shark analysis on wicker and he found it sending metadata back to microsoft and a couple other companies i'm not gonna claim what metadata and what other companies because i can't remember and i don't wanna spread false information but i do remember it was sending stuff to microsoft i do think this story is really ironic because you know especially under the previous administration with william barr and the fbi the government us government was really attacking end-to-end encryption and yet now they just paid almost you know a million dollars to have it for themselves so it's cool when they use it but if any of us use it we're like drug dealing pedophiles our next story is about the aclu which if you don't know is normally a how would you describe to aclu in a quick sentence american civil liberties union they're a legal group that attempts to fight for the civil rights of americans long story short there's a privacy advocate who used to be a chief technologist at the ftc and he's accusing the aclu of data sharing outside of what the privacy policy is stating and he pretty much says that they're sending a lot of user information to both google and facebook for targeted advertising and while he is under an nda which is a non-disclosure agreement meaning he can't share the specific details he does point out that public records show that there's money spent on targeted google and facebook advertising so this is seen as kind of a hypocritical thing to happen considering that aclu typically fights against many of these things that are considered invasive and i think they've even done some lawsuits which were where they actually opposed some of some of the some of these invasive technologies that they themselves might be using so this next story comes out of the u.s state of georgia where the state emission system has been shut down after a cyber attack so the state uses here in the u.s it's really common in more and more states to test vehicle emissions to basically there's a standard of they can't pollute too much and the system that the state of georgia uses has been disabled since march 31st due to a cyber attack which also appears to have hit seven other states but this article specifically focuses on georgia one shop owner said that before the attack they did over a hundred inspections per day at a hundred dollars each so you can imagine how much money they are losing and it's not just you know that there's some ceo losing money the guy they interviewed he said quote we have employees that are out of work because of this so there are real world implications to things like ransomware and cyber attacks that affect everyday people and at this point in time it is unclear if any personal information has been compromised as a result of this attack but we will keep an eye on that the next story is a really quick one we we know that google tracks android users that's just that's common knowledge at this point if you have an android device and it's google play services google is tracking you using unique identifiers there's an activist who alleges the use of these identifiers without user consent breaches eu law and that's the story we'll see what happens our next story is about the u.s criminal justice system and they claim that they are deploying mass surveillance on innocent people so the the claim is pretty straightforward basically when you get arrested in the us a lot of the time they'll they'll go ahead and book you they'll take your photo and a lot of police have what they call blotters where it's basically the small stories here's who we arrested over the weekend because of the digital age a lot of these blotters are now digital which also means that a lot of the arrest records have become digital which also means that a lot of this information is about people who have not yet been convicted of a crime and many of whom may not be who may either uh plea out or the case will get dropped or any number of possibilities so i'm just gonna quote a couple of sentences from the article over a decade 101 million arrest records and 45.7 million mugshots will be posted to the internet by police departments many of these people will be found innocent and the article goes on to say that these records often include a variety of personal information including full names birth dates home address and physical characteristics like height weight skin tone and even tattoos once released the data is mind scraped and shared with employers landlords and neighbors leaving a digital footprint nearly impossible to wipe clean so that is obviously very concerning that once the police post this information somebody else might scrape it and throw up that mug shot and now your name is tied to that even if even if the charges get dropped even if you get found innocent now that's out there for anyone to see if your name gets googled and hopefully there will be some addressing of that in the future because that is an issue our next story comes from san diego now for those who don't know san diego is kind of a hot a hot area when it comes to surveillance there's just a lot of reasons for that most of which likely have to do with immigration and the fact it's so close to the mexican border but san diego is very much known for implementing a lot of surveillance in inside of the city this is just another one pretty much chula vista which i hope i said that correctly you did but chula vista is a section of san diego and they have successfully implemented drone surveillance in the name of fighting crime uh many of those involved in the project launch have also moved into the private sector to help bring the technology to other cities so we are now seeing drones being used for surveillance which is fun and i'm sure all the kids will be safe forever now and the terrorists will be gone we recently covered not too long ago i think nate talked about this story that that signal didn't release their server code for like a year which was pretty concerning and now they just dumped all of it at once yeah so there's a lot to un unpack with this story and we are if if you don't follow us on rss we're gonna do a little mini episode as well about this so if you want the full dive be sure to check that out but basically signal has updated their server code and it seems like they were keeping it hidden in an effort to not ruin the surprise that they had par partnered with a cryptocurrency company to allow financial transfers within the app so like i could send my friends money and they can send me money pay for the pizza and all that well that's why they did it this is news that's okay that's that's the application sorry that's the accusation uh i i do have a link here which we can talk more about in the the mini episode where i'm pissed now that's the first time i heard of that theory like i said i've got a link where it seems like maybe i don't know we'll talk about that more but either way uh signal has partnered up with this this mobile coin cryptocurrency which is based on monero and just man there's a lot of conflicting opinions and um i'm sure we're gonna have at least a couple links in the show notes i really encourage you guys to go out and look at some of what some of the people are saying and make up your own minds because i mean there's definitely like there's some people that are saying this is a terrible idea and it makes signal less secure and there's also an argument that the mobile coin is majority owned by one entity but then other people are saying like you know no it's fine it's based on monero that's disinformation it's not all owned by one entity there's just man there's uh so much to unpack here they opened a can of worms i wonder yeah they are doing i know they're doing an ama on tuesday about this incident oh good on reddit i will be interested to see how that turns is that in the signal subreddit i believe so i believe that's the signal subreddit they're doing an ama on tuesday so if you have questions about this that's where you go though i'm gonna look out for that hopefully they don't have moxie responding to people and they have an actual pr department we are now going to go into the misfits section and we're going to start this is another important story life life lessons today this is sr37 should be lots of life lessons bitcoin is not private that's that's uh i can't say that enough we have a whole video talking about why bitcoin is not anonymous and why most cryptocurrencies really aren't that private so an italian man was arrested after allegedly paying a hit man in cryptocurrency and that's pretty much the story so europol got a transaction details from the unnamed exchange service they don't want to mention who it is but most exchange services ask for identification the european agency as well as various law enforcement groups use a range of tools to monitor and track cryptocurrency transactions suspected of being linked to criminal activities interpol for example uses and was involved in a development of graph sense which is a blockchain based analytics tool for cryptocurrency addresses and transfer searches people when you use bitcoin everyone can see every place that you send and use your bitcoin it's public information the blockchain is public use things like monero that's why monero is so awesome if this guy used monero and it wasn't tied to a kyc exchange he probably wouldn't have been caught in this case it's probably good that he got caught but we're here to give privacy advice not to defend people who do things that are illegal all right our next story is a just a really wild story uh a polish security researcher basically posted on his blog about a messenger called use crypt and talked about how they were using an insecure domain to handle invite links so when you invited your friends to use usecrypt the domain responsible for sending that invite was not https it was just regular http this of course opens the door for a lot of abuse because it's not protected the company quietly fixed this issue they switched to an in-house domain that is https protected and now they're basically trying to sue this guy for defamation because they're claiming that the article is fake because they don't use that domain and i i think from what i gather from the article they haven't explicitly made this claim but i think the implication is we never used that domain and therefore this is defamation or we don't use it anymore and therefore this is defamation i don't know how they think they're going to get away with this but yeah they um if the article didn't say whether or not this guy has did responsible disclosure and contacted them first i am assuming he did i hope he did because that's responsible that's just that's insane that this guy just hey here's a fact and now they're trying to sue him into shutting up that's wild our next story is ah it's really clever i love when attackers are clever um so for those who don't know ransomware is when a company gets hit and their files and and their data and sometimes oftentimes user data is is held for ransom so they can't get the data and the attackers will typically threaten to publish the data publicly and or just delete it so now some ransomware gangs are emailing the victim customers as leverage so my my guess here is ransomware is becoming less and less effective and what's happening is these gangs are now emailing the customers so let's say apple was victim to a ransomware attack rather than just waiting privately for apple to to respond or or figure things out or make a game plan they would email all apple customers who were involved inside of the ransomware so that it's now public information and they're going to pressure those people to to get apple to pay their ransom so it's just a little bit more leverage now it's pretty clever and it's it's kind of a dirty trick okay our next story technology could make fighting kovid less restrictive but privacy will take a hit this is basically an opinion piece but i thought it was really interesting and it's worth reading so the author asserts that basically there were two examples of how to handle the kovid pandemic and he points at taiwan and new zealand new zealand's approach was basically everybody stay home until there's no more cases taiwan took a much more technological approach with the contact tracing and stuff like that and the author argues that this effect was actually more effective because it gave people a lot more freedom to go about their daily lives but obviously they had to give up a lot of privacy as a result and the thing i think is really interesting is the author basically says nobody really seems to give a crap about privacy so i mean hey why not and i obviously do not agree with that author but i think this is really worth reading because it's very well worded and this is a discussion that we should be having you know at what point is the greater good more important than privacy and it's just i don't know it's just it's like i said it's an opinion piece but it's totally worth reading another article how to protect your privacy while signing up for a covet 19 vaccine online so many places i know now are offering coveted vaccines i know my state recently i think just this week opened up to everybody over the age of 18 no restrictions the drawback is a lot of these websites where you go to schedule your appointment include a ton of tracking like cookies javascript and pixels tracking pixels so this article talks about ways to reduce some of that tracking so you can have a little bit of privacy for this sensitive medical information that should not be tracked in the first place and they talk about things like you know using brave or firefox tweaking the browser settings and using plugins like ublock origin it is awesome and recommended our next story applies more so to people you know i think a lot of people who listen to these surveying supports probably used at least decent passwords but here is a quick little research uh sum up paper that talks about people are using terrible passwords and this includes things like easy to guess passwords including pets names family members names significant dates favorite sports teams or even just password and just remember that again you want unique passwords that are not the same across different websites and you want strong passwords that aren't password so oh man again you really want to share this article with people you know and make sure at the very least it doesn't i know there's a lot of criticism against like i hate lastpass i hate them with a passion i think no one should ever use lastpass because there's just better options but i'd rather people be using lastpass than using the same password across all of their websites now i would tell them to consider using bit warden but just remember that any solution is better than no solution or the worst case scenario using password as your password and our last story of the week if you've been following the surveillance supports which i hope you have the last couple reports you know that there's something called flock which is google's new advertising technology that is becoming abund abundantly clear now is is invasive people are kind of optimistic about it like hey this might be good because they're killing cookies and it's becoming more and more obvious that this is becoming invasive technology as many people suspected there is a new site on the eff's website called am i flocked and it's literally just a tool that checks to see if you've been flocked and if your browser in google chrome is using flock again last week we talked about how google silently just started using flock on their users without giving an opt-out or an opt-in so this was just randomly done with random users they didn't know it was happening so you can check if you were affected by this using google chrome ideally you're not using google chrome um use chromium or use brave or use firefox or really anything outside of chrome will probably be better so and another layer to this is duckduckgo is introducing a new extension which blocks this flock from happening within your browser and this is also a chrome extension so i think there's some discussion around whether or not google is going to block their extension which i don't think they're going to do to be honest but we'll see if they do that i could be wrong but just a quick correction i don't think it's a new extension i think it's just integrated into their current like privacy essentials extension or whatever they're going to try to block floc flock but i mean at the end of the day google has authority over whether or not that's going to be capable in in an extension so got it well thank you for thank you for specifying that that that's that makes this is actually kind of important because if google doesn't block it then that kind of gives the ability for other extensions that we recommend people use like to actually use this like exactly you block origin could integrate with this as well uh anything could so this is actually kind of important to see what happens coming out of the story this report today is brought to you by our ledger and trezor affiliate links which are two hardware cryptocurrency wallets which allow you to store your cryptocurrencies as safely as possible we'll have links to both of those down below again trezor is open source so that's kind of the more um the more woke way of going through things but either one is still accomplishing a good goal and we want to thank you for listening to the surveillance support and we're just happy to know that you're trying to be safe out there and keeping up with the latest news and updates the final thing we ask you to do is to share our podcast around make sure you're subscribed if you're on a platform that allows that and definitely give us a rating if also you're listening on a platform where that's an option i've been henry i've been nathan and thanks again for listening we'll see you next week

Info

Channel: Techlore

Views: 46,581

Rating: undefined out of 5

Keywords: signal messenger, signal cryptocurrency, mobilecoin, facebook breach, linkedIin breach, privacy, security, news, cybersecurity, infosecurity, updates, data breaches, facebook privacy, privacy news, the new oil, techlore, privacy news online, surveillance report, SR37, Google FLOC, EFF, politics, research, FOSS, open source, go incognito, security news

Id: jw1BqWbBVOU

Channel Id: undefined

Length: 38min 51sec (2331 seconds)

Published: Sun Apr 11 2021