How to Send Messages in Private – use Signal

There are many times when you want to have a chat in private, such as when you have something confidential to say or you simply don’t want the world listening in. Hey, that’s what social media’s for!

-/-

Encryption is simply a means of converting text into a jumble of letters and numbers that’s unreadable to anyone without the key to unlock it. If only you and the receiver have the key, then only the two of you can get access to your private message, and not the messaging service or anyone else. This is known as ”end-to-end encryption.”

-/-

If you’d like an easy way to use secure, end-to-end encrypted messaging, we highly recommend Signal. It’s free, open source, and available from the iPhone and Android app stores. Not only that, it also allows you to make secure voice calls.

https://spreadprivacy.com/how-to-send-private-messages/

Network security monitoring vs supply chain backdoors

On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.”

Network security monitoring vs supply chain backdoors

 

Amazon, Apple Servers Completely Compromised by Chinese Hardware Backdoors

For years, security researchers have warned that unscrupulous hardware manufacturers or foreign governments could hijack the manufacturing process, installing backdoors into equipment that would be difficult to detect or stop. Now, we’ve caught the Chinese red-handed, and the fallout could be ugly.

An extensive report from Bloomberg details how Amazon’s investigation into deploying servers manufactured by Elemental Technologies led to the discovery of hardware backdoors smaller than a grain of rice. The chips had been hidden on Supermicro motherboards.

After discovering the chips in 2015, the government spent three years investigating the situation. They’ve determined that the hardware creates “a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”

Amazon, Apple Servers Completely Compromised by Chinese Hardware Backdoors

Amazons reply:
https://aws.amazon.com/blogs/security/setting-the-record-straight-on-bloomberg-businessweeks-erroneous-article/

What if the Bloomberg story is true?

Hard(ware) questions about government hacking: what if the Bloomberg story is true?

Tim Berners-Lee tells FastCompany about his radical new plan to upend the World Wide Web

This week, Tim Berners-Lee, ”inventor of the World Wide Web”, will launch Inrupt. It’s mission is to turbocharge a broader movement afoot, among developers around the world, to decentralize the web and take back power from the forces that have profited from centralizing it.

On his screen, there is a simple-looking web page with tabs across the top: Tim’s to-do list, his calendar, chats, address book. He built this app–one of the first on Solid–for his personal use. It is simple, spare. In fact, it’s so plain that, at first glance, it’s hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid’s decentralized technology, allows Berners-Lee to access all of his data seamlessly–his calendar, his music library, videos, chat, research. It’s like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp.

The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod–which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.

“We are not talking to Facebook and Google about whether or not to introduce a complete change where all their business models are completely upended overnight. We are not asking their permission.”
Game on.

https://www.fastcompany.com/90243936/exclusive-tim-berners-lee-tells-us-his-radical-new-plan-to-upend-the-world-wide-web

You Gave Facebook Your Number For Security. They Used It For Ads.

Two-Factor Authentication Is Not The Problem

First, when a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks. (This is not the first time Facebook has misused 2FA phone numbers.)

But the important message for users is: this is not a reason to turn off or avoid 2FA. The problem is not with two-factor authentication. It’s not even a problem with the inherent weaknesses of SMS-based 2FA in particular. Instead, this is a problem with how Facebook has handled users’ information and violated their reasonable security and privacy expectations.

https://www.eff.org/deeplinks/2018/09/you-gave-facebook-your-number-security-they-used-it-ads

How does DuckDuckGo know where I am?

Searching the web with DuckDuckGo is completely anonymous; we simply never collect or share any personal information, in line with our strict privacy policy. For example, we don’t store IP addresses or any other unique identifiers in our server logs. As a result, we don’t even have the ability to create search histories or sessions for any individual. It’s privacy by design.

When you hit the search button, your computer sends your search request to us. In that request, your computer embeds additional information. For example, if you opt-in to location sharing for a site, this information includes your approximate location. And even if you don’t, your request includes your IP address, and an approximate location can be inferred from it, though it isn’t always accurate.

What we do is read that embedded information, use the location contained within it to display the weather or other local information requested, and then immediately throw it away – without storing any of your personal information. In that way, we can serve localized results (weather, restaurants, maps, etc.) without tracking you. For all the nitty-gritty technical details, check out our help page

https://www.quora.com/How-does-DuckDuckGo-know-where-I-am/answer/Gabriel-Weinberg

How To Protect Your Privacy On iPhone

Follow these easy steps to protect the personal data on your iPhone or iPad. (details and how to if you follow the link in the bottom)

You might also be interested in our privacy tips for Android.

1. Lock your device with a passcode longer than 4 digits.
2. Enable “Erase Data” to delete data after 10 failed passcode attempts.
3. Don’t show notifications in the lock screen for sensitive apps.
4. Turn off “Share My Location.”
5. Turn off location services for things that don’t need them.
6. Turn off access to sensitive data for apps that don’t need it.
7. Review your installed apps.
8. Turn off read receipts so people are not notified when you see their messages.
9. Turn on “Limit ad tracking”.
10.From time-to-time, reset your advertising identifier.
11. Set DuckDuckGo as your default search engine.
12. Install the DuckDuckGo Privacy Browser.

https://spreadprivacy.com/iphone-privacy-tips/

US, UK, and other governments asks tech companies to build backdoors into encrypted devices

The US, UK, and three other governments have called on tech companies to build backdoors into their encrypted products, so that law enforcement will always be able to obtain access. If companies don’t, the governments say they “may pursue technological, enforcement, legislative, or other measures” in order to get into locked devices and services.

Tech companies have (also) been wary to comply. Adding a backdoor into their products would inherently mean that their promise of data privacy is broken. It would also open them up to similar requests from other countries, which could use the backdoor access for spying in inappropriate circumstances.

https://www.theverge.com/2018/9/3/17815196/five-eyes-encryption-backdoors-us-uk-australia-nz-canada

Google Secretly Tracks What You Buy Offline Using Mastercard Data

Over a week after Google admitted the company tracks users’ location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.

Google has paid Mastercard millions of dollars in exchange to access this information.

Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg.

https://thehackernews.com/2018/09/google-mastercard-advertising.html