Privacy-focused RSS feed readers to help you stay up-to-date while preserving your privacy. Get the latest news and stories without compromising your personal information.
Archiv: browser (de / en)
Five Eyes, Six Eyes, Europe’s Eyes? Europe-Five Eyes Cooperation in the Face of China
(Mar 27, 2021)
In the short term, Europe may be able to shrug off the illegality of its data-sharing practices under the GDPR, and please privacy advocates with adequacy reviews, but in the long term the violation of Europe’s own data privacy crownpiece is sure to harm its international credibility.
US-Geheimdienste: Lizenz zur weltweiten Überwachung läuft aus
Dass besagte Section 702 verlängert wird, steht kaum außer Frage.
Citing cyber investigations, officials ask Congress to renew surveillance powers
(14.06.2023)
In a joint written testimony from the Biden administration witnesses, the NSA, FBI and CIA all cited Section 702’s usefulness for cybersecurity.
US intelligence community presses for FISA Section 702 reauthorization
(13.06.2023)
Officials from U.S. intelligence agencies backed reauthorization of Section 702 of the Foreign Intelligence Surveillance Act ahead of a U.S. Senate subcommittee hearing Tuesday. One official characterized a potential lapse or „unusable“ modifications to Section 702 as „grave national security risks.“ The support for full reauthorization came as 21 advocacy groups joined on a letter urging reform of Section 702. Meanwhile, the Office of the Director of National Intelligence issued a report regarding purchases of commercially available personal information by the U.S. intelligence community.
„Albtraumszenario“: US-Dienste kaufen massenhaft Handydaten für Überwachung
„Der Regierung wäre es nie erlaubt worden, Milliarden Menschen dazu zu verpflichten, jederzeit Geräte zur Standortüberwachung bei sich zu haben, ihre sozialen Interaktionen aufzuzeichnen oder lückenlose Aufzeichnungen ihrer Lesegewohnheiten vorzuhalten“, fasst das Office of the Director of National Intelligence zusammen. Doch Smartphones, vernetzte Fahrzeugen, Webtracking, das Internet der Dinge und „andere Innovationen“ hätten die gleichen Folgen, ohne dass die Regierung etwas tun müsse.
Bestätigt: US-Geheimdienste kaufen persönliche Daten – Datenschutzbedenken wachsen
Die Art und Weise, wie US-Geheimdienste Daten aus verbundenen Fahrzeugen, Webbrowser-Aktivitäten und Smartphones sammeln und nutzen, steht zunehmend im Fokus. Dabei besteht die Gefahr, dass die unregulierte Verbreitung und der Verkauf von privaten Informationen amerikanischer Bürgerinnen und Bürger deren Privatsphäre bedroht. Der Bericht wurde vom Büro des Direktors der nationalen Geheimdienste (ODNI) veröffentlicht.
In response to my request, DNI Haines has confirmed that the government is buying Americans‘ private data with no guardrails for when and how that data is used. If this isn‘t a wake up call for Congress to stop feds from buying up Americans‘ information, I don‘t know what is.
Office of the Director of National Intelligence Senior Advisory Group Panel on Commercially Available Information
(27 January 2022, approved for release by ODNI on 5 June 2023)
(U) EXECUTIVE SUMMARY
(U) There is today a large and growing amount of what the U.S. Intelligence Community (IC) refers to as “Commercially Available Information” (CAI). As the acronym indicates, and as we use the term in this report, CAI is information that is available commercially to the general public, and as such, is a subset of publicly available information (PAI). We do not use the term CAI to include, and we do not address in this report, commercial information that is available exclusively to governments. The volume and sensitivity of CAI have expanded in recent years mainly due to the advancement of digital technology, including location-tracking and other features of smartphones and other electronic devices, and the advertising-based monetization models that underlie many commercial offerings available on the Internet. Although CAI may be “anonymized,” it is often possible (using other CAI) to deanonymize and identify individuals, including U.S. persons.
(…)
Today, in a way that far fewer Americans seem to understand, and even fewer of them can avoid, CAI includes information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained, if at all, only through targeted (and predicated) collection, and that could be used to cause harm to an individual’s reputation, emotional well-being, or physical safety.
(…)
(U) A May 2014 report from the Federal Trade Commission (FTC) provides a similar account:
(U) Data brokers collect data from commercial, government, and other publicly available sources. Data collected could include bankruptcy information, voting registration, consumer purchase data, web browsing activities, warranty registrations, and other details of consumers’ everyday interactions.
(…)
1.3. (U) Examples of CAI. We do not attempt a comprehensive description of the scope and scale of data that are available as CAI, or the relevant markets, in part because they are so large and so dynamic. However, a few examples of CAI offerings will illustrate the current nature of available offerings:
• (U) “Thomson Reuters CLEAR is powered by billions of data points and leverages cutting-edge public records technology to bring all key content together in a customizable dashboard.”
• (U) LexisNexis offers more than “84B records from 10,000+ sources, including alternative data that helps surface more of the 63M unbanked/underbanked U.S. adults.”
• (U) Exactis has “over 3.5 billion records (updated monthly)” in its “universal data warehouse.”
• (U) PeekYou “collects and combines scattered content from social sites, news sources, homepages, and blog platforms to present comprehensive online identities.”
(…)
As the FTC explained in its May 2014 report:
(U) Data brokers rely on websites with registration features and cookies to find consumers online and target Internet advertisements to them based on their offline activities. Once a data broker locates a consumer online and places a cookie on the consumer’s browser, the data broker’s client can advertise to that consumer across the Internet for as long as the cookie stays on the consumer’s browser. Consumers may not be aware that data brokers are providing companies with products to allow them to advertise to consumers online based on their offline activities. Some data brokers are using similar technology to serve targeted advertisements to consumers on mobile devices.
(…)
2.2. (U) Examples of CAI Contracts. The IC currently acquires a large amount of CAI. Unclassified IC and other contracts for CAI can be found at Sam.Gov, a U.S. government website that allows searching by agency or sub-agency and by keywords, among other things. By way of example only, this website shows that the following agencies have, have had, have considered, or are considering the following contracts or proposals related to CAI:
• (U) The Federal Bureau of Investigation (FBI) with ZeroFox for social media alerting (15F06721P0002431)
• (censored)
• U) The Defense Intelligence Agency (DIA) for social media reports on individuals who are seeking a security clearance (HHM402-16-SM-CHECKS), and with LexisNexis for “retrieval of comprehensive on-line search results related to commercial due diligence from a maximum number of sources (news, company, public records, legal, regulatory financial, and industry information),” among other things (HHM402-21-Q-0094)
• (U) The U.S. Navy with Sayari Analytics, Inc. for access to its database that “contains tens of thousands of previously-unidentified specific nodes, facilities and key people related to US sanctioned actors including ‘2+3’ threats to national security” (N0001518PR11212)
• (U) Various offices within the Treasury Department for access to Banker’s Almanac (RFQ-FIN-55100-21-0010)
• (U) The Department of Defense (DOD) for access to Jane’s online (W31P4Q17T0009)
• (U) The Coast Guard with Babel Street for “Open Source Data Collection, Translation, Analysis Application” (70Z08419QVA044).
(U) In addition, DIA has provided the following information about a CAI contract in an unclassified and publicly-available paper sent to Congress on January 15, 2021:
(U) DIA currently provides funding to another agency that purchases commercially available geolocation metadata aggregated from smartphones.
……………………………………
US intelligence agencies buy Americans’ personal data, new report says
The report was completed in January 2022 but only recently declassified. Democratic Sen. Ron Wyden of Oregon asked the ODNI for the report.
“Congress needs to pass legislation to put guardrails around government purchases, to rein in private companies that collect and sell this data, and keep Americans’ personal information out of the hands of our adversaries,” Wyden said in a statement Monday in response to the report.
A Surveillance Primer: 5 Eyes, 9 Eyes, 14 Eyes
(August 15, 2022)
The Five Eyes (FVEY) surveillance alliance includes the following countries:
– Australia
– Canada
– New Zealand
– United Kingdom
– United States
(…)
The Nine Eyes countries include:
– 5 Eyes countries +
– Denmark
– France
– Netherlands
– Norway
(…)
The 14 Eyes surveillance countries include:
– 9 Eyes countries +
– Germany
– Belgium
– Italy
– Sweden
– Spain
Five Eyes, Six Eyes, Europe’s Eyes? Europe-Five Eyes Cooperation in the Face of China
(Mar 27, 2021)
In the short term, Europe may be able to shrug off the illegality of its data-sharing practices under the GDPR, and please privacy advocates with adequacy reviews, but in the long term the violation of Europe’s own data privacy crownpiece is sure to harm its international credibility.
A Surveillance Primer: 5 Eyes, 9 Eyes, 14 Eyes
(August 15, 2022)
The Five Eyes (FVEY) surveillance alliance includes the following countries:
– Australia
– Canada
– New Zealand
– United Kingdom
– United States
(…)
The Nine Eyes countries include:
– 5 Eyes countries +
– Denmark
– France
– Netherlands
– Norway
(…)
The 14 Eyes surveillance countries include:
– 9 Eyes countries +
– Germany
– Belgium
– Italy
– Sweden
– Spain
„Verzwicktes Problem“: Europol erwägt Schwachstellennutzung, um Verschlüsselung zu brechen
Seit mindestens sieben Jahren suchen die EU-Mitgliedstaaten nach Wegen, um ihren Strafverfolgungsbehörden Zugang zu verschlüsselten Inhalten zu ermöglichen.
@Senficon erklärt euch in 7 Minuten die fünf größten Gefahren der geplanten #Chatkontrolle, u.a. #Massenüberwachung, #ChillingEffects, #Uploadfilter, #Netzsperren, #Altersverifikation.
Freiheit im digitalen Zeitalter – Chatkontrolle: Mit Grundrechten unvereinbar
Die EU-Kommission hat einen Entwurf für eine Verordnung vorgelegt, die Vorschriften zur Prävention und Bekämpfung sexueller Gewalt an Kindern (Chatkontrolle-Verordnung) festlegen soll. Die geplanten Regelungen werfen so erhebliche
grundrechtliche Bedenken auf, dass die GFF sich bereits vor einer Verabschiedung des Entwurfs in die Debatte einschaltet. Die wichtigsten Kritikpunkte
im Überblick.
In Brüssel hat das Match um Data-Mining begonnen
Alle nur denkbaren Plattformen für Möglichkeiten zur interpersonellen Kommunikation sollen verpflichtet werden, nicht nur weite Teile ihres Datenverkehrs auf Vorrat zu speichern, sondern auch Daten zu erheben – etwa von persönlichen Chats – die bisher nicht gespeichert wurden. Diese auf Vorrat gespeicherten, zu riesigen Volumina aggregierten Daten sollen dann in einem neu zu errichtenden „EU Centre“ mit Data-Mining und KI-Anwendungen – beides gehört organisch zusammen – auf sogenannte „Kinderpornographie“ durchsucht werden. Tatsächlich wird diese Centre, das obendrein auf dem Gelände von Europol in Den Haag angesiedelt werden soll, ein europäisches Kompetenzzentrum für Überwachung mit Methoden aus dem Komplex Big-Data, Data-Mining und sogenannter „Künstlicher Intelligenz“. Diese Verordnung sollt noch im Herbst im EU-Parlament auftauchen.
EU’s contempt for encryption puts all Europeans at risk
Every Internet user will find themselves more easily surveilled by the state and other actors. For Central and Eastern Europeans, where analogue surveillance and political retaliation were conducted within their lifetimes, the proposal would be a depressing rollback of the freedoms hard-won by previous generations.
Members of the LGBTQ+ community, abuse survivors, refugees, and minority groups that are the targets of discrimination or attack, will no longer find refuge on the Internet. Professions such as journalists, who depend upon encryption to keep themselves and their sources safe, will be less able to investigate corruption and criminality. The murders of Slovak journalist Ján Kuciak and Maltese journalist Daphne Caruana Galizia in recent years are a reminder of the high stakes for reporters who are exposed.
The right to privacy in the digital age – Report of the Office of the United Nations High Commissioner for Human Rights
56. With this in mind, OHCHR recommends that States:
(a) Ensure that any interference with the right to privacy, including hacking, restrictions to access and use of encryption technology and surveillance of the public, complies with international human rights law, including the principles of legality, legitimate aim, necessity and proportionality and non-discrimination, and does not impair the essence of that right;
(b) Conduct human rights due diligencesystematically, including regular
comprehensive human rights impact assessments, when designing, developing, purchasing, deploying and operating surveillance systems;
(c) Take into account, when conducting human rights due diligence and
assessing the necessity and proportionality of new surveillance systems and powers, the entire legal and technological environment in which those systems or powers are or would be embedded; States should also consider risks of abuse, function creep and repurposing, including risks as a result of future political changes;
(d) Adopt and effectively enforce, through independent, impartial and well-resourced authorities, data privacy legislation for the public and private sectors that complies with international human rights law, including safeguards, oversight and remedies to effectively protect the right to privacy;
(e) Take immediate measures to effectively increase the transparency of the use of surveillance technologies, including by appropriately informing the public and affected individuals and communities and regularly providing data relevant for the public to assess their efficacy and impact on human rights;
(f) Promote public debate of the use of surveillance technologies and ensure meaningful participation of all stakeholders in decisions on the acquisition, transfer, sale, development, deployment and use of surveillance technologies, including the elaboration of public policies and their implementation;
(g) Implement moratoriums on the domestic and transnational sale and use of surveillance systems, such as hacking tools and biometric systems that can be used for the identification or classification of individuals in public places, until adequate safeguards to protect human rights are in place; such safeguards should include domestic and export control measures, in line with the recommendations made herein
and in previous reports to the Human Rights Council;
(h) Ensure that victims of human rights violations and abuses linked to the use of surveillance systems have access to effective remedies. In relation to the specific issues raised in the present report, OHCHR
recommends that States:
Hacking
(a) Ensure that the hacking of personal devices is employed by authorities only as a last resort, used only to prevent or investigate a specific act amounting to a serious threat to national security or a specific serious crime, and narrowly targeted at the person suspected of committing those acts; such measures should be subject to strict independent oversight and should require prior approval by a judicial body;
Encryption
(b) Promote and protect strong encryption and avoid all direct, or indirect, general and indiscriminate restrictions on the use of encryption, such as prohibitions, criminalization, the imposition of weak encryption standards or requirements for mandatory general client-side scanning; interference with the encryption of private communications of individuals should only be carried out when authorized by an independent judiciary body and on a case-by-case basis, targeting individuals if strictly necessary for the investigation of serious crimes or the prevention of serious crimes or
serious threats to public safety or national security;
Surveillance of public spaces and export control of surveillance technology
(c) Adopt adequate legal frameworks to govern the collection, analysis and sharing of social media intelligence that clearly define permissible grounds, prerequisites, authorization procedures and adequate oversight mechanisms;
(d) Avoid general privacy-intrusive monitoring of public spaces and ensure that all public surveillance measures are strictly necessary and proportionate for achieving important legitimate objectives, including by strictly limiting their location and time, as well as the duration of data storage, the purpose of data use and access to data; biometric recognition systems should only be used in public spaces to prevent or
investigate serious crimes or serious public safety threats and if all requirements under international human rights law are implemented with regard to public spaces;
(e) Establish robust well-tailored export control regimes applicable to surveillance technologies, the use of which carries high risks for the enjoyment of human rights; States should require transparent human rights impact assessments that take into account the capacities of the technologies at issue as well as the situation in the recipient State, including compliance with human rights, adherence to the rule of law,
the existence and effective enforcement of applicable laws regulating surveillance activities and the existence of independent oversight mechanisms;
(f) Ensure that, in the provision and use of surveillance technologies, public-private partnerships uphold and expressly incorporate human rights standards and do not result in an abdication of governmental accountability for human rights.
Client-Side-Scanning: UN-Menschenrechtskommissar erteilt Chatkontrolle deutliche Absage
(19.09.2022)
Der UN-Menschenrechtskommissar hat sich in einem Bericht zum „Recht auf Privatsphäre im digitalen Zeitalter“ (PDF auf unserem Server), der sich mit Trojanern wie Pegasus, der Rolle von Verschlüsselung sowie der Überwachung öffentlicher Räume beschäftigt, kritisch gegenüber der Technologie des Client-Side-Scannings ausgesprochen. Diese ist im Rahmen der Einführung einer Chatkontrolle in der EU als Überwachungstechnologie im Gespräch.
SSL/TLS Client Test
The page shows the SSL/TLS capabilities of your web browser, determines supported TLS protocols and cipher suites and marks if any of them are weak or insecure, displays a list of supported TLS extensions and key exchange groups.
So deaktivieren Sie alte TLS-Protokolle in Windows und Browsern
(01.02.2022)
Es gibt Internetprotokolle die vor ein paar Jahren sehr notwendig waren, um navigieren zu können, aber mit der Zeit unsicher und obsolet geworden sind. Dies geschieht mit den Protokollen SSL 3.0, TLS 1.0 und TLS 1.1. Nach und nach haben die meisten Browser sie verworfen, aber einige sind immer noch standardmäßig in aktiviert Windows. In diesem Artikel erklären wir, wie wir sie sowohl in Browsern als auch im System selbst deaktivieren können.
Privacy Tools – Encryption Against Mass Surveillance
You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides services, tools and knowledge to protect your privacy against global mass surveillance.
Device Info
Device Type / Model:
Operating System:
True Operating System Core:
Browser:
True Browser Core:
Browser Build Number / Identifier:
IP Address (WAN)
Tor Relay IP Address:
VPN IP Address:
Proxy IP Address:
Hostname:
Location:
Country:
Region:
City:
Latitude & Longitude:
Geolocation:
……………………………
A Surveillance Primer: 5 Eyes, 9 Eyes, 14 Eyes
(August 15, 2022)
The Five Eyes (FVEY) surveillance alliance includes the following countries:
– Australia
– Canada
– New Zealand
– United Kingdom
– United States
(…)
The Nine Eyes countries include:
– 5 Eyes countries +
– Denmark
– France
– Netherlands
– Norway
(…)
The 14 Eyes surveillance countries include:
– 9 Eyes countries +
– Germany
– Belgium
– Italy
– Sweden
– Spain
Privacy Tools – Encryption Against Mass Surveillance
You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides services, tools and knowledge to protect your privacy against global mass surveillance.
Device Info
Device Type / Model:
Operating System:
True Operating System Core:
Browser:
True Browser Core:
Browser Build Number / Identifier:
IP Address (WAN)
Tor Relay IP Address:
VPN IP Address:
Proxy IP Address:
Hostname:
Location:
Country:
Region:
City:
Latitude & Longitude:
Geolocation:
……………………………
Privacy Tools – Encryption Against Mass Surveillance
You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides services, tools and knowledge to protect your privacy against global mass surveillance.
Device Info
Device Type / Model:
Operating System:
True Operating System Core:
Browser:
True Browser Core:
Browser Build Number / Identifier:
IP Address (WAN)
Tor Relay IP Address:
VPN IP Address:
Proxy IP Address:
Hostname:
Location:
Country:
Region:
City:
Latitude & Longitude:
Geolocation:
……………………………
Filterlisten für Internetseiten erstellen
Tragen Sie die Adressen der Internetseiten, deren Aufruf Sie verbieten bzw. erlauben wollen, in der jeweiligen Filterliste ein:
1. Klicken Sie in der Benutzeroberfläche der FRITZ!Box auf „Internet“.
2. Klicken Sie im Menü „Internet“ auf „Filter“.
3. Klicken Sie auf die Registerkarte „Listen“.
4. Klicken Sie neben der benötigten Liste auf den Link „bearbeiten“.
5. Tragen Sie die Internetadressen ohne Präfix wie http, https oder www in das Eingabefeld ein. Drücken Sie nach Eingabe jeder Adresse die Leertaste.
Beispiel:
poker.com xxx.com aggro.tv
Klicken Sie zum Speichern der Liste auf „Übernehmen“.
Jetzt sind die Filterlisten eingerichtet.
Millions of Secrets Exposed via Web Application Frontend – An Internet-Wide Study
(14.06.2022)
A very interesting highlight to notice here is that Google services, viz. Google reCAPTCHA, Google Cloud, and Google OAuth consumed a major portion – totaling almost 70% of the services where the secret exposure was the highest.
An eye-opening perspective regarding Phase 1 was that in spite of these domains in scope belonging to the top 1 million domains of the internet, the secret exposure was massive.
(…)
Since we majorly focused on the front-end, we anticipated that a majority of the exposures would be through the JavaScript files. Analyzing the results, we found out that almost 77% of the exposures occurred through the JavaScript files being used in the frontend code.
Since most of the JavaScript was being served through content delivery networks, we decided to map the exposures to their sources and extract out insights from our data. The highest number of exposures came from Squarespace CDN leading to over 197k exposures.
SSL/TLS Client Test
The page shows the SSL/TLS capabilities of your web browser, determines supported TLS protocols and cipher suites and marks if any of them are weak or insecure, displays a list of supported TLS extensions and key exchange groups
So deaktivieren Sie alte TLS-Protokolle in Windows und Browsern
(01.02.2022)
Es gibt Internetprotokolle die vor ein paar Jahren sehr notwendig waren, um navigieren zu können, aber mit der Zeit unsicher und obsolet geworden sind. Dies geschieht mit den Protokollen SSL 3.0, TLS 1.0 und TLS 1.1. Nach und nach haben die meisten Browser sie verworfen, aber einige sind immer noch standardmäßig in aktiviert Windows. In diesem Artikel erklären wir, wie wir sie sowohl in Browsern als auch im System selbst deaktivieren können.