At EFF we’ve long noted that you cannot build a backdoor that only lets in good guys and not bad guys. Over the weekend, we saw another example of this: The Wall Street Journal reported on a major breach of U.S. telecom systems attributed to a sophisticated Chinese-government backed hacking group dubbed Salt Typhoon.

According to reports, the hack took advantage of systems built by ISPs like Verizon, AT&T, and Lumen Technologies (formerly CenturyLink) to give law enforcement and intelligence agencies access to the ISPs’ user data. This gave China unprecedented access to data related to U.S. government requests to these major telecommunications companies. It’s still unclear how much communication and internet traffic, and related to whom, Salt Typhoon accessed.

That’s right: the path for [U.S.] law enforcement access set up by these companies was apparently compromised and used by China-backed hackers.

[...]

Internet Wiretaps Have Always Been A Bad Idea

Passed in 1994, CALEA requires that makers of telecommunications equipment provide the ability for government eavesdropping. In 2004, the government dramatically expanded this wiretap mandate to include internet access providers. EFF opposed this expansion and explained the perils of wiretapping the internet.

The internet is different from the phone system in critical ways, making it more vulnerable. The internet is open and ever-changing. “Many of the technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information,” EFF wrote, nearly 20 years ago.

[...]

cross-posted from: https://feddit.org/post/3630808

Archived link

Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors.

Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the intent of influencing the outcome of the upcoming fall elections and national referendum.

Following the start of the Russian-Ukrainian war, Moldova, a former Soviet republic, was granted EU candidate status in 2022. A nationwide referendum will be held on October 20, 2024, simultaneously with the presidential election, to determine whether the constitution should be amended to reflect the citizens’ desire for EU membership. Incumbent president Maia Sandu is actively campaigning for EU membership.

Check Point Research analyzed the techniques used by the threat actors, whom we track as Lying Pigeon, in their disinformation campaign in Moldova and provide an overview of their different activity clusters in other parts of Europe in the last few years.

Operation MiddleFloor is an ongoing disinformation campaign against Moldovan targets that began in early August. It uses emails as the primary distribution method instead of more common methods such as social networks or fake websites.

• While the campaign disseminates fake emails and documents, it also aims to gather information on the victims’ environments, likely to set the stage for targeted malware attacks.
• The threat actors use spoofed email accounts to disseminate content allegedly originating from European Union institutions, Moldavian ministries, or political figures.
• This campaign exploits multiple sensitive topics and fears related to the current pro-European government and Moldova’s potential EU membership. These include concerns about gas supply and fuel prices ahead of winter, LGBT, potential stringent anti-corruption measures, changes in the education system, immigration from the Middle East, and general labor market shifts across Moldova and EU countries.
• The actors behind this campaign are Russian-speaking and not fully proficient in English. Based on the Tactics, Techniques, and Procedures (TTPs), targeting, and distributed messages, Lying Pigeon appears to be aligned with Russian interests.
• Check Point Research linked Lying Pigeon to previously unattributed clusters of activity across Europe. Since early 2023, Lying Pigeon activity has been observed in several European locations related to the following themes:

Archived version

President Ferdinand Marcos Jr. signed into law a measure imposing the 12% value-added tax (VAT) on nonresident digital service providers, such as Netflix, Amazon, and Shein.

“With this law, we say that ‘if your presence in the Philippine market is as real as your profits, then your tax responsibilities should also be equally tangible,'” Marcos said during the ceremonial signing of the law on Wednesday, October 2.

Marcos also clarified that this was not an imposition of a new tax, but just a way to streamline the BIR’s ability to collect VAT from digital services.

[...]

Republic Act 12023 extends VAT to all digital services consumed in the Philippines, even if provided by companies without a physical presence in the country. This includes purchases from popular electronic marketplaces like Amazon, Shein, and Temu, and subscriptions to streaming services like Netflix and Disney+, which were previously not subject to VAT.

[...]

The VAT imposed will be equal to 12% of gross receipts derived from the sale or exchange of services, including digital services, and the use or lease of properties.

[...]

“This means our artists, filmmakers, musicians, the very people who fill our platform with stories and with content, will directly benefit. It ensures that our creative talents are not just surviving in a competitive digital market, but will be allowed to prosper,” Marcos said.

The company still isn’t profitable on an annual basis, and declined to say how much revenue has grown since it was reported to be a modest $9 million in 2022. But Substack has added more than a million paid subscribers over the last year. News content continues to account for the company’s largest segment of subscribers, and it has more in the pipeline.

To avoid fizzling the way competitors like Medium have, Substack is trying to become less a journalism platform and more a payment system for creators.

In recent months, the company has been reaching out to influencers, video creators and podcasters to convince them to join the platform. It doesn’t need beauty influencers, say, to all of a sudden become bloggers. But it does want to be the primary vehicle for paying creators regardless of medium.

Archived version

[...]

The inquiry will focus on whether TikTok adequately informs users about its advertising policies and provides them with the opportunity to opt in rather than opt out.

[...]

Concerns have been raised that TikTok, owned by the Chinese company ByteDance, does not fully disclose the details of its terms of service and privacy policy at the time users sign up. Under South Korean law, digital platforms are required to give users the freedom to decide if they wish to receive marketing communications, ensuring that consent is obtained clearly and transparently prior to any such communications being sent.

[...]

The [South Korean media regulator Korea Communications Commission] KCC's probe into TikTok comes amidst a broader global conversation about the responsibilities of social media platforms in protecting user data. As authorities worldwide seek to enforce stricter data protection measures, companies must navigate complex legal landscapes to maintain user trust and compliance.

[...]

Please consider helping a friend by helping them migrate off of Chrome and towards something like:

• Firefox [Desktop, Mobile]
• Librewolf [Desktop]
• Waterfox [Desktop, Mobile]
• Falkon [Desktop]

Google's beginning to roll out the deprecation of Manifest V2 extensions which includes ad blockers. Extensions are still manually installable but the process is no longer accessible for non-power users.

In addition to the continued enshitification of Chrome it seems that Google is also kneecapping people's privacy and security:

“You can’t say no to Google’s surveillance,”

• Cybernews research team

Who owns your shiny new Pixel 9 phone? You can’t say no to Google’s surveillance

Google Will Track Your Location ‘Every 15 Minutes’—‘Even With GPS Disabled’

A bipartisan group of 14 attorneys general from across the country allege that the company uses addictive features to hook children to the app and that it has intentionally misled the public about the safety of prolonged use.

[...]

New York Attorney General Letitia James said young people across the country had died or been injured doing TikTok "challenges" and many others were feeling "more sad, anxious and depressed because of TikTok's addictive features".

She cited a 15-year-old boy, who died in Manhattan while “subway surfing” - riding on top of a moving subway car. His mother later found TikTok videos of such activity on his phone, she said.

[...]

Regulators have launched similar cases against Facebook and Instagram for their impact on young people's mental health.

[...]

The Federal Trade Commission, a government watchdog, accused TikTok in August of violating child privacy laws.

Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.

Refering to a story published by the Wall Street Journal, security expert Bruce Schneier writes "that the attack wasn’t against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers".

"For years, the security community has pushed back against these backdoors, pointing out that the technical capability cannot differentiate between good guys and bad guys. And here is one more example of a backdoor access mechanism being targeted by the “wrong” eavesdroppers."

cross-posted from: https://feddit.org/post/3569181

Archived link

"China’s strategy involves decentralizing tasks horizontally across various security agencies, and vertically by incorporating civilian involvement," says Minxin Pei, a Chinese-American political scientist and author, currently serving as a professor of government at Claremont McKenna College, and an expert on Chinese governance, US-East Asia relations, mass surveillance in China, and the democratization of developing nations.

"These civilians, while formally part of the security apparatus, take on key surveillance functions. This creates a unique system where surveillance is distributed and multifaceted, allowing the government to maintain control without the vulnerabilities that come with a single, centralized authority."

[...]

"Official Chinese media don’t play a significant role. Their primary function is to disseminate government-sanctioned messaging. I think that social media is the main target for surveillance because the government has a very sophisticated and effective way of monitoring what’s happening on social media. If a particular topic starts trending, they swiftly intervene to suppress it."

[...]

"This system [of China's control of people] was developed in the aftermath of Tiananmen Square. This taught the Chinese Communist Party a very important lesson: they needed to be aware of what was happening in society. Like other dictatorships, the Chinese Communist Party is very fearful of dissenting voices, especially activists, because they need to deter the population from engaging in protests, in anti-regime activities. Most of the time, these activities can be led by a small number of activists. Because they set an example, they show the rest of the population that they are not afraid. To make sure this does not happen, the government relies heavily on surveillance. If somebody dares to challenge the Party’s authority openly, that person will be discovered and punished.

[...]

"By introducing something like a cyber ID, the Party hopes to enhance self-censorship, as people will be afraid to express their dissatisfaction online. However, this approach might backfire. If individuals feel they can’t voice their frustrations online without repercussions, they may resort to more destructive means of expression. That’s why I believe this strategy may not be beneficial. Over time, this will also depend largely on the economy, as the Chinese security apparatus is primarily funded by local governments."

[...]

"If the economy breaks down, it will be the first sign of trouble. You’ll likely see a degradation of the security system and a rise in public discontent. Another concern is the potential for corruption within the system itself. Those in charge of security wield significant power and have access to resources. Instead of using funds for informants or upgrading the system, they might enrich themselves."

[...]

cross-posted from: https://awful.systems/post/2556883

cross-posted from: https://lemmy.ml/post/20858435

Will AI soon surpass the human brain? If you ask employees at OpenAI, Google DeepMind and other large tech companies, it is inevitable. However, researchers at Radboud University and other institutes show new proof that those claims are overblown and unlikely to ever come to fruition. Their findings are published in Computational Brain & Behavior today.

A detailed three hour video essay by Tantacrul on the rise, and soon after numerous privacy and foreign influence scandals, within one of the largest tech companies in the world, and how a website where you could talk with old classmates brought about everything from a vast decline in mental health to ethnic cleansing.

In this case, Facebook's 99-page user policy. The results, embedded in the story, are worth a listen. This is is some serious sci-fi shit compared to ChatGPT.

Archive link ... unfortunately, as I feared, the audio didn't work for me. Here is the direct link to the clip.

I edited the title because people thought this was about actual podcasts. It just generates conversational audio about the content.

Been working on a cyberdeck project for a few days, using it to learn woodworking and wiring. Currently have the front and rear panels cut and attach-able, and the PSU wired up to supply enough power for the rPi 5.

Still have to finish the handle and side panels, and wire up the second PSU for supplying the fans, screen, and temp sensor. Also have to plan, assemble, and install the keyboard. Lastly, I'll paint and lacquer the case panels.

I'm trying to hew more closely to a Shadowrun-esque deck design, rather than the clamshell designs that are more popular now.

Gallery

Guessing they don't pray. Star Wars reference aside, learning about rampant Android piracy really made be rethink the pay devs receive for their effort. Per Business of Apps:

• Consumers spent $47 billion on Google Play apps and games in 2023
• Over 113 billion apps and games were downloaded on Google Play last year
• 2.61 billion apps and games are available to download on Google Play
• The top grossing app on Google Play in 2023 was Google One, a cloud storage service Instagram was the most downloaded app on Google Play last year, with 521 million downloads

The rest of the report is paywalled, so the number I was curious about -- MAUs (ideally DAUs, but that's a lot of time in Calc) for paid apps with at most 10,000 downloads -- is probably out there, but it's a Beehaw post. That report was the only result on DDG's first page relevant to the query "google play store apps by downloads."

All this to say, Apple's 30% and, well, walled garden that covers piracy to a sufficient extent is starting to look like the better choice for my next phone. And I have been an ardent avoider of Apple products since college.

I buil(t) my rigs, with every component suited to my needs (or budget; YMMV -- winning an i7-8086K gave me a lot of breathing room on the GPU side), but my life on a 24VDC electrical system has convinced me that a laptop need to replace my rig, and Apple seems to have my needed "lots of power with incredible battery life" nailed. But I now have to pick a final product that I didn't build and thus have no idea how to troubleshoot a hardware problem.

Except, I'm a light gamer, building factories and such. Being on ARM doesn't work.

I don't want to be in the iPhone-x86 crowd. Most things are doable, but hardly seamless. But giving up Factorio is a bridge too far.

I'm no longer seduced by Google's lie that app makers are rolling in the dough when it's actually slave wages supporting freeloaders. Sure, this is only one example, but as the issue is with Google policy, it's likely representative. That's why I wanted to see the figures.

Part of me thinks this rant could have also worked in Politics. 🤣

cross-posted from: https://lemmy.zip/post/23941424

Blue ticks, but for business web links.