social.sokoll.com

Search

Items tagged with: Privacy

Librem 5 Mass Production Phone Has Begun Shipping | Purism

Purism, a Social Purpose Company (SPC) focusing on security and privacy with its hardware and software, has begun shipping its mass-produced Librem 5 phone to customers.
The Librem 5 is a one-of-a-kind general-purpose computer in a phone form-factor that Purism has designed and built from scratch following a successful crowdfunding campaign that raised over $2.2 million. Both the hardware and software design is focused on respecting the end user’s freedom and giving them control over their privacy and security. The Librem 5 doesn’t run Android nor iOS but instead runs the same PureOS operating system as Purism’s laptops and mini PC.
#technology #tech #security #privacy #cellphone #mobile #Purism #Librem
 

Librem 5 Mass Production Phone Has Begun Shipping | Purism

Purism, a Social Purpose Company (SPC) focusing on security and privacy with its hardware and software, has begun shipping its mass-produced Librem 5 phone to customers.
The Librem 5 is a one-of-a-kind general-purpose computer in a phone form-factor that Purism has designed and built from scratch following a successful crowdfunding campaign that raised over $2.2 million. Both the hardware and software design is focused on respecting the end user’s freedom and giving them control over their privacy and security. The Librem 5 doesn’t run Android nor iOS but instead runs the same PureOS operating system as Purism’s laptops and mini PC.
#technology #tech #security #privacy #cellphone #mobile #Purism #Librem
 

macOS Leaks Application Usage, Forces Apple to Make Hard Decisions


#technicalanalysis #security #privacy #securityeducation #electronicfrontierfoundation #eff #digitalrights #digitalprivacy
posted by pod_feeder_v2
 

macOS Leaks Application Usage, Forces Apple to Make Hard Decisions


#technicalanalysis #security #privacy #securityeducation #electronicfrontierfoundation #eff #digitalrights #digitalprivacy
posted by pod_feeder_v2
 

Max Schrems files complaints against Apple’s tracking tool


Complain against Apple’s use of a tracking code that is automatically generated on every iPhone when set up, the so-called Identifier for Advertisers (IDFA).

The code, stored on the device, allows Apple and third parties to track a user’s online behaviour and consumption preferences – vital for the likes of Facebook to be able to send targeted ads that will interest the user.

#Apple #Privacy #GDPR
European activist files complaints against Apple’s tracking tool
 

Max Schrems files complaints against Apple’s tracking tool


Complain against Apple’s use of a tracking code that is automatically generated on every iPhone when set up, the so-called Identifier for Advertisers (IDFA).

The code, stored on the device, allows Apple and third parties to track a user’s online behaviour and consumption preferences – vital for the likes of Facebook to be able to send targeted ads that will interest the user.

#Apple #Privacy #GDPR
European activist files complaints against Apple’s tracking tool
 

Don’t Blame Section 230 for Big Tech’s Failures. Blame Big Tech.


#commentary #freespeech #section230ofthecommunicationsdecencyact #privacy #competition #creativityinnovation #electronicfrontierfoundation #eff #digitalrights #digitalprivacy
posted by pod_feeder_v2
 

patrick wardle sur Twitter : "In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐 Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔 A: Apparently yes, and trivially so 😬😱😭 https://t.co/CCNcnGPFIB" / Twitter


#apple #security #privacy

https://twitter.com/patrickwardle/status/1327726496203476992
 

patrick wardle sur Twitter : "In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐 Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔 A: Apparently yes, and trivially so 😬😱😭 https://t.co/CCNcnGPFIB" / Twitter


#apple #security #privacy

https://twitter.com/patrickwardle/status/1327726496203476992
 

youtube-dl Is Not Gone


This headline had me really worried.

https://torrentfreak.com/riaa-takes-down-popular-open-source-youtube-dl-software-201024/

However, youtube-dl is not gone. It's only gone from GitHub, which all right-thinking projects have already left, anyway. (Check out https://codeberg.org/).

We can install youtube-dl now the way we always have.
sudo curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o /usr/local/bin/youtube-dl 
sudo chmod a+rx /usr/local/bin/youtube-dl

As someone pointed out to me a while back, you can also install it in distros where ~/bin is in PATH like this.
curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o ~/bin/youtube-dl 
chmod 755 ~/bin/youtube-dl

This allows you to update youtube-dl without using sudo. We update youtube-dl with youtube-dl -U. It's necessary to update youtube-dl often.

See https://yt-dl.org/ for more info about youtube-dl.

#privacy #surveillance #freedom #youtube #youtube-dl #download #downloads #video #videos #invidious
RIAA Takes Down Popular Open Source YouTube-DL Software
 

youtube-dl Is Not Gone


This headline had me really worried.

https://torrentfreak.com/riaa-takes-down-popular-open-source-youtube-dl-software-201024/

However, youtube-dl is not gone. It's only gone from GitHub, which all right-thinking projects have already left, anyway. (Check out https://codeberg.org/).

We can install youtube-dl now the way we always have.
sudo curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o /usr/local/bin/youtube-dl 
sudo chmod a+rx /usr/local/bin/youtube-dl

As someone pointed out to me a while back, you can also install it in distros where ~/bin is in PATH like this.
curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o ~/bin/youtube-dl 
chmod 755 ~/bin/youtube-dl

This allows you to update youtube-dl without using sudo. We update youtube-dl with youtube-dl -U. It's necessary to update youtube-dl often.

See https://yt-dl.org/ for more info about youtube-dl.

#privacy #surveillance #freedom #youtube #youtube-dl #download #downloads #video #videos #invidious
RIAA Takes Down Popular Open Source YouTube-DL Software
 

ESP8266 Turned Secretive WiFi Probe Request Sniffer


#securityhacks #wirelesshacks #macaddress #privacy #proberequests #wifi #hackaday
posted by pod_feeder_v2
ESP8266 Turned Secretive WiFi Probe Request Sniffer
 

ESP8266 Turned Secretive WiFi Probe Request Sniffer


#securityhacks #wirelesshacks #macaddress #privacy #proberequests #wifi #hackaday
posted by pod_feeder_v2
ESP8266 Turned Secretive WiFi Probe Request Sniffer
 

This ‘Cloaking’ Algorithm Breaks Facial Recognition by Making Tiny Edits








A team of researchers at the University of Chicago have developed an algorithm that makes tiny, imperceptible edits to your images in order to mask you from facial recognition technology. Their invention is called Fawkes, and anybody can use it on their own images for free.

The algorithm was created by researchers in the SAND Lab at the University of Chicago, and the open-source software tool that they built is free to download and use on your computer at home.

The program works by making "tiny, pixel-level changes that are invisible to the human eye," but that nevertheless prevent facial recognition algorithms from categorizing you correctly. It's not so much that it makes you impossible to categorize; it's that the algorithm will categorize you as a different person entirely. The team calls the result "cloaked" photos, and they can be used like any other:
You can then use these "cloaked" photos as you normally would, sharing them on social media, sending them to friends, printing them or displaying them on digital devices, the same way you would any other photo.
The only difference is that a company like the infamous startup Clearview AI can't use them to build an accurate database that will make you trackable.

Here's a before-and-after that the team created to show the cloaking at work. On the left is the original image, on the right a "cloaked" version. The differences are noticeable if you look closely, but they look like the result of dodging and burning rather than actual alterations that might change the way you look:




You can watch an explanation and demonstration of Fawkes by co-lead authors Emily Wenger and Shawn Shan below:

According to the team, Fawkes has proven 100% effective against state-of-the-art facial recognition models. Of course, this won't make facial recognition models obsolete overnight, byt if technology like this caught on as "standard" when, say, uploading an image to social media, it would make maintaining accurate models much more cumbersome and expensive.

"Fawkes is designed to significantly raise the costs of building and maintaining accurate models for large-scale facial recognition," explains the team. "If we can reduce the accuracy of these models to make them untrustable, or force the model's owners to pay significant per-person costs to maintain accuracy, then we would have largely succeeded."

To learn more about this technology, or if you want to download Version 0.3 and try it on your own photos, head over to the Fawkes webpage. The team will be (virtually) presenting their technical paper at the upcoming USENIX Security Symposium running from August 12th to the 14th.

(via Fstoppers via Gizmodo)

Bild/Foto Bild/Foto Bild/Foto Bild/Foto Bild/Foto Bild/Foto

Bild/Foto

#finds #software #technology #ai #algorithm #artificialintelligence #clearview #clearviewai #cloaking #face #facialrecognition #fawkes #photoediting #privacy #security
posted by pod_feeder_v2
This ‘Cloaking’ Algorithm Breaks Facial Recognition by Making Tiny Edits

PetaPixel: This 'Cloaking' Algorithm Breaks Facial Recognition by Making Tiny Edits (DL Cade)

 

This ‘Cloaking’ Algorithm Breaks Facial Recognition by Making Tiny Edits








A team of researchers at the University of Chicago have developed an algorithm that makes tiny, imperceptible edits to your images in order to mask you from facial recognition technology. Their invention is called Fawkes, and anybody can use it on their own images for free.

The algorithm was created by researchers in the SAND Lab at the University of Chicago, and the open-source software tool that they built is free to download and use on your computer at home.

The program works by making "tiny, pixel-level changes that are invisible to the human eye," but that nevertheless prevent facial recognition algorithms from categorizing you correctly. It's not so much that it makes you impossible to categorize; it's that the algorithm will categorize you as a different person entirely. The team calls the result "cloaked" photos, and they can be used like any other:
You can then use these "cloaked" photos as you normally would, sharing them on social media, sending them to friends, printing them or displaying them on digital devices, the same way you would any other photo.
The only difference is that a company like the infamous startup Clearview AI can't use them to build an accurate database that will make you trackable.

Here's a before-and-after that the team created to show the cloaking at work. On the left is the original image, on the right a "cloaked" version. The differences are noticeable if you look closely, but they look like the result of dodging and burning rather than actual alterations that might change the way you look:




You can watch an explanation and demonstration of Fawkes by co-lead authors Emily Wenger and Shawn Shan below:

According to the team, Fawkes has proven 100% effective against state-of-the-art facial recognition models. Of course, this won't make facial recognition models obsolete overnight, byt if technology like this caught on as "standard" when, say, uploading an image to social media, it would make maintaining accurate models much more cumbersome and expensive.

"Fawkes is designed to significantly raise the costs of building and maintaining accurate models for large-scale facial recognition," explains the team. "If we can reduce the accuracy of these models to make them untrustable, or force the model's owners to pay significant per-person costs to maintain accuracy, then we would have largely succeeded."

To learn more about this technology, or if you want to download Version 0.3 and try it on your own photos, head over to the Fawkes webpage. The team will be (virtually) presenting their technical paper at the upcoming USENIX Security Symposium running from August 12th to the 14th.

(via Fstoppers via Gizmodo)

Bild/Foto Bild/Foto Bild/Foto Bild/Foto Bild/Foto Bild/Foto

Bild/Foto

#finds #software #technology #ai #algorithm #artificialintelligence #clearview #clearviewai #cloaking #face #facialrecognition #fawkes #photoediting #privacy #security
posted by pod_feeder_v2
This ‘Cloaking’ Algorithm Breaks Facial Recognition by Making Tiny Edits

PetaPixel: This 'Cloaking' Algorithm Breaks Facial Recognition by Making Tiny Edits (DL Cade)

 
Erhalten die Clans die Daten ihrer Konkurrenten durch Handy-Shops?
Letzteres beunruhigt Ermittler. Üblich ist, dass Mobilfunkanbieter zahlreiche Einzelunternehmer lizenzieren, die dort Handy-Verträge abschließen und Smartphones verkaufen. Dabei haben die Betreiber unvermeidbar Zugriff auf Namen, Telefonnummern, Adressen ihrer Kunden. Befürchtet wird in Björns Fall, dass das Milieu so an die Daten unliebsamer Kritiker, Beamter und Konkurrenten gelangen kann.
(Tagesspiegel)

Aus diesem Grund sollte das Recht auf anonyme Prepaid-SIM-Karten wieder eingeführt werden. Anonyme SIM-Karten schützen Journalist/innen, Dissident/innen aus der OK, Clan-Kritiker/innen, von Stalker/innen verfolgte und sogar Beamte und Polizist/innen!

#privacy #datenschutz #handy #sim #mobiltelefonie #kriminalität #clans #clankriminalität #polizei #ok #anonymität #simkarten
 
now he knows how old we are. :) do we care? does he? #privacy
 
Bild/Foto

INFOSEC: FUCK YOUR '"BLACK/WHITE NEUTRALITY"!

By Catalin Cimpanu for Zero Day | July 4, 2020

The information security (infosec) community has angrily reacted today to calls to abandon the use of the 'black hat' and 'white hat' terms, citing that the two, and especially 'black hat,' have nothing to do with racial stereotyping.



Discussions about the topic started late last night after David Kleidermacher, VP of Engineering at Google, and in charge of Android Security and the Google Play Store, withdrew from a scheduled talk he was set to give in August at the Black Hat USA 2020 security conference.

In his withdrawal announcement, Kleidermacher asked the infosec industry to consider replacing terms like black hat, white hat, and man-in-the-middle with neutral alternatives.

These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias. Not everyone agrees which terms to change, but I feel strongly our language needs to (this one in particular).

— David Kleidermacher (@DaveKSecure) July 3, 2020

While Kleidermacher only asked the industry to consider changing these terms, several members mistook his statement as a direct request to the Black Hat conference to change its name.

With Black Hat being the biggest event in cyber-security, online discussions on the topic quickly became widespread among cyber-security experts, dominating the July 4th weekend.

While a part of the infosec community agreed with Kledermacher, the vast majority did not, and called it virtue signaling taken to the extreme.

Most security researchers pointed to the fact that the terms had nothing to do with racism or skin color, and had their origins in classic western movies, where the villain usually wore a black hat, while the good guy wore a white hat.

Others pointed to the dualism between black and white as representing evil and good, concepts that have been around since the dawn of civilizations, long before racial divides even existed between humans.

Right now, the infosec community doesn't seem to be willing to abandon the two terms, which they don't see as a problem when used in infosec-related writings.
MORE COMMENTS: https://www.zdnet.com/article/infosec-community-disagrees-with-changing-black-hat-term-due-to-racial-stereotyping/

#programming #computer #science #software #development #infosec #black hat #resistance #goggle #hackers #internet #censorship #freedom #sexism #social #web #human rights #sanctimony #activism #activist #correctness #meetoo #blacklivesmatter #racism #racist #USA #research #cyber-security #security #privacy
 
Bild/Foto

INFOSEC: FUCK YOUR '"BLACK/WHITE NEUTRALITY"!

By Catalin Cimpanu for Zero Day | July 4, 2020

The information security (infosec) community has angrily reacted today to calls to abandon the use of the 'black hat' and 'white hat' terms, citing that the two, and especially 'black hat,' have nothing to do with racial stereotyping.



Discussions about the topic started late last night after David Kleidermacher, VP of Engineering at Google, and in charge of Android Security and the Google Play Store, withdrew from a scheduled talk he was set to give in August at the Black Hat USA 2020 security conference.

In his withdrawal announcement, Kleidermacher asked the infosec industry to consider replacing terms like black hat, white hat, and man-in-the-middle with neutral alternatives.

These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias. Not everyone agrees which terms to change, but I feel strongly our language needs to (this one in particular).

— David Kleidermacher (@DaveKSecure) July 3, 2020

While Kleidermacher only asked the industry to consider changing these terms, several members mistook his statement as a direct request to the Black Hat conference to change its name.

With Black Hat being the biggest event in cyber-security, online discussions on the topic quickly became widespread among cyber-security experts, dominating the July 4th weekend.

While a part of the infosec community agreed with Kledermacher, the vast majority did not, and called it virtue signaling taken to the extreme.

Most security researchers pointed to the fact that the terms had nothing to do with racism or skin color, and had their origins in classic western movies, where the villain usually wore a black hat, while the good guy wore a white hat.

Others pointed to the dualism between black and white as representing evil and good, concepts that have been around since the dawn of civilizations, long before racial divides even existed between humans.

Right now, the infosec community doesn't seem to be willing to abandon the two terms, which they don't see as a problem when used in infosec-related writings.
MORE COMMENTS: https://www.zdnet.com/article/infosec-community-disagrees-with-changing-black-hat-term-due-to-racial-stereotyping/

#programming #computer #science #software #development #infosec #black hat #resistance #goggle #hackers #internet #censorship #freedom #sexism #social #web #human rights #sanctimony #activism #activist #correctness #meetoo #blacklivesmatter #racism #racist #USA #research #cyber-security #security #privacy
 

Victory! German Mass Surveillance Abroad is Ruled Unconstitutional


#commentary #privacy #electronicfrontierfoundation #eff #digitalrights #digitalprivacy
posted by pod_feeder_v2
 

Victory! German Mass Surveillance Abroad is Ruled Unconstitutional


#commentary #privacy #electronicfrontierfoundation #eff #digitalrights #digitalprivacy
posted by pod_feeder_v2
 
The Original Cookie specification from 1997 was GDPR compliant (2019) The Original Cookie specification from 1997 was GDPR compliant (2019) - https://baekdal.com/thoughts/the-original-cookie-specification-from-1997-was-gdpr-compliant/
Tags: #privacy #GDPR #BeforeAllThisNonsense
 
The Original Cookie specification from 1997 was GDPR compliant (2019) The Original Cookie specification from 1997 was GDPR compliant (2019) - https://baekdal.com/thoughts/the-original-cookie-specification-from-1997-was-gdpr-compliant/
Tags: #privacy #GDPR #BeforeAllThisNonsense
 
[Privacy Issue] RAW recordings are created and stored, even if the meeting isn't recorded #9202 – https://github.com/bigbluebutton/bigbluebutton/issues/9202
#BigBlueButton #Datenschutz #Privacy
 
[Privacy Issue] RAW recordings are created and stored, even if the meeting isn't recorded #9202 – https://github.com/bigbluebutton/bigbluebutton/issues/9202
#BigBlueButton #Datenschutz #Privacy
 
(German translation below.)

If you're stuck at home and use Zoom as a video conferencing solution that works for you, that's fine. Keep using it. Here are some options you might want to check to enhance the overall security of your and your guests.

First, log in at https://zoom.us/signin and head to your settings at https://zoom.us/profile/setting.

* In the "Meeting" tab:
1. Set "Audio Type" to "Computer Audio". This will block people from using their phone to join a meeting - but that's required if you want to use End-to-End encryption all the time. Phones can't do encryption.
1. Make sure "Use Personal Meeting ID (PMI) when scheduling a meeting" is disabled. The PMI is a meeting ID that never changes, so don't use it. It should be disabled by default, but make sure.
1. Enable "Require a password for Personal Meeting ID (PMI)", so people can't join via your PMI even if you accidentally share it.
1. Make sure "Join before host" is disabled. If enabled, people can join your meetings before a host is there - meaning there won't be moderation.
1. Enable "Play sound when participants join or leave". That's useful, as everyone will be aware when someone joins unexpectedly.
1. Enable "Require Encryption for 3rd Party Endpoints (H323/SIP)".
* In the "Recording" tab:
1. Disable "Cloud recording". You can still record meetings to your local disk, but there is no need to store potentially private conversations on Zoom's servers.

If you have a more "presentation"-like format scheduled, where only you or a small number of presenters will be speaking to a high number of consuming participants, there are a couple of additional tips in addition to the settings above:

* Before the meeting: Require people to sign-up and collect their eMail addresses. Do not share the join-link publicly, and only send the credentials via eMail to the people who signed up.
* In the "Meeting" tab:
1. Enable "Mute participants upon entry" - this will force-mute everyone joining. You will have the option to decide whether people can speak or not.
1. Enable "Co-host" and promote someone you trust as Co-host to assist with muting/unmuting people as needed.
1. Set "Screen sharing" to "Host-Only" to avoid random people sharing their screens, which can be used for abuse. Promote people who need to share as Co-hosts, if you trust them.
1. Enable "Nonverbal feedback". This is useful if you have force-muted everyone. People can raise their hands if they want to say something, allowing you to unmute people for a short period.
1. Enable "Waiting room" for all participants if the nature of the call is sensitive/private. This means that people will not be able to join your meeting directly, but will be placed in a virtual waiting room, waiting for you to approve them to join the meeting. If you enable this, make sure to keep an eye on the participant list to avoid missing someone.
1. Make sure "Allow removed participants to rejoin" is disabled. This means that people that got kicked out of the meeting will not be able to rejoin, even if they know the credentials.
Wenn du zuhause festsitzt und Zoom als das Tool deiner Wahl für Videokonferenzen und Videotelefonate entdeckt hast, mach dir nicht zu viel Sorgen und bleibe dabei. Es ist wichtiger, ein Tool zu haben, dass stressfrei und problemlos die Aufgabe erledigt, als sich stundenlang mit Alternativen zu schlagen. Hier sind einige Tipps, wie du deine Meetings für dich und deine Teilnehmerinnen sicherer gestalten kannst.

Als Erstes, melde dich auf https://zoom.us/signin an und rufe deine Einstellungen unter https://zoom.us/profile/setting auf.

* Im "Meeting"-Tab:
1. Setze "Audiotyp" auf "Computeraudio". Damit deaktivierst du zwar die Möglichkeit, über ein Telefon am Meeting teilzunehmen, aber das ist wichtig, wenn du Ende-zu-Ende-Verschlüsselung verwenden willst. Telefone verstehen keine Verschlüsselung.
1. Stelle sicher, dass "Beim Planen eines Meetings die persönliche Meeting-ID (PMI) verwenden" nicht aktiv ist. Deine PMI ist eine Meeting-ID, die sich nie ändert, also sollte man davon besser die Finger lassen.
1. Schalte "Bei Personal-Meeting-ID (PMI) Kennwort verlangen" an, falls man doch mal versehentlich die fixe PMI weitergibt. Mit Kennwort kann dann trotzdem niemand das Meeting betreten.
1. Deaktiviere "Beitritt vor Moderator", dann können deine Gäste das Meeting erst betreten, wenn du da bist. Ist diese Option deaktiviert, können Leute ohne Moderation das Meeting betreten.
1. Aktiviere "Sound wiedergeben, wenn Teilnehmer teilnehmen oder verlassen". Dann wird immer, wenn eine Teilnehmerin beitritt, ein Ton für alle abgespielt. Damit wissen alle, wenn unerwartet jemand dazu kommt.
1. Aktiviere "Verschlüsselung für Endpunkte von Drittanbietern erforderlich (H323/SIP)".
* Im "Aufzeichnung"-Tab:
1. "Cloud-Aufzeichnung" ausschalten. Du kannst das Meeting immernoch auf deine Festplatte aufnehmen, aber es gibt keinen Grund, potenziell private Gespräche auf Zoom's Servern zu speichern.

Wenn man ein "vortragsähliches" Ding geplant hat, also ein Format in dem eine kleine Gruppe an Leuten aktiv zu einer großen, ggf. öffentlichen Gruppe spricht, gibt es zu den Einstellungen oben noch ein paar weitere Tipps:

* Vor dem Meeting: Stelle sicher, dass sich alle Teilnehmerinnen vor der Veranstaltung anmelden und sammle eMail-Adressen. Verteile den Zoom-Link oder die Meetingdaten dann nicht öffentlich, sondern nur per eMail an angemeldete Personen.
* Im "Meeting"-Tab:
1. Aktiviere "Teilnehmer beim Beitritt stumm schalten". Du hast dann bei jedem Meeting die Option, zu entscheiden, ob sich Teilnehmerinnen entstummen dürfen oder ob du das Sprechrecht einzeln vergeben willst.
1. Schalte "Co-Moderator" ein und befördere einer Person, der du vertraust, als Co-Moderator. Diese Person hat dann ebenfalls das Recht, Leute stummzuschalten oder zu kicken, und kann dir arbeit abnehmen.
1. Setze "Bildschirmübertragung" so, dass nur der Host den Bildschirm freigeben darf. Das verhindert, dass Leute ihren Bildschirm freigeben, um "Inhalte" zu präsentieren. Leute, die Vortragen müssen, können zum Co-Moderator befördert werden.
1. Aktiviere "Feedback ohne Worte". Das ist nützlich, damit Leute "die Hand heben können" wenn sie etwas sagen wollen - und dann kannst du als Host sie Entstummschalten und sie können reden.
1. Schalte den "Warteraum" für alle Teilnehmerinnen an, wenn das Gespräch persönlich ist. Das bedeutet, dass alle neuen Teilnehmerinnen in einen virtuellen Warteraum gesetzt werden, und die Moderatoren haben die Möglichkeit, diese Leute dann in das Meeting zu holen. Wenn du diese Option aktivierst, achte darauf, die Teilnehmerliste im Blick zu halten, damit du niemanden übersiehst.
1. Stelle sicher, dass "Entfernten Teilnehmern den erneuten Beitritt erlauben" deaktiviert ist. Das bedeutet, dass Leute, die aus dem Meeting geworfen wurden, nicht wieder beitreten können, auch wenn sie die Zugangsdaten kennen.
#zoom #privacy #security
 
(German translation below.)

If you're stuck at home and use Zoom as a video conferencing solution that works for you, that's fine. Keep using it. Here are some options you might want to check to enhance the overall security of your and your guests.

First, log in at https://zoom.us/signin and head to your settings at https://zoom.us/profile/setting.

* In the "Meeting" tab:
1. Set "Audio Type" to "Computer Audio". This will block people from using their phone to join a meeting - but that's required if you want to use End-to-End encryption all the time. Phones can't do encryption.
1. Make sure "Use Personal Meeting ID (PMI) when scheduling a meeting" is disabled. The PMI is a meeting ID that never changes, so don't use it. It should be disabled by default, but make sure.
1. Enable "Require a password for Personal Meeting ID (PMI)", so people can't join via your PMI even if you accidentally share it.
1. Make sure "Join before host" is disabled. If enabled, people can join your meetings before a host is there - meaning there won't be moderation.
1. Enable "Play sound when participants join or leave". That's useful, as everyone will be aware when someone joins unexpectedly.
1. Enable "Require Encryption for 3rd Party Endpoints (H323/SIP)".
* In the "Recording" tab:
1. Disable "Cloud recording". You can still record meetings to your local disk, but there is no need to store potentially private conversations on Zoom's servers.

If you have a more "presentation"-like format scheduled, where only you or a small number of presenters will be speaking to a high number of consuming participants, there are a couple of additional tips in addition to the settings above:

* Before the meeting: Require people to sign-up and collect their eMail addresses. Do not share the join-link publicly, and only send the credentials via eMail to the people who signed up.
* In the "Meeting" tab:
1. Enable "Mute participants upon entry" - this will force-mute everyone joining. You will have the option to decide whether people can speak or not.
1. Enable "Co-host" and promote someone you trust as Co-host to assist with muting/unmuting people as needed.
1. Set "Screen sharing" to "Host-Only" to avoid random people sharing their screens, which can be used for abuse. Promote people who need to share as Co-hosts, if you trust them.
1. Enable "Nonverbal feedback". This is useful if you have force-muted everyone. People can raise their hands if they want to say something, allowing you to unmute people for a short period.
1. Enable "Waiting room" for all participants if the nature of the call is sensitive/private. This means that people will not be able to join your meeting directly, but will be placed in a virtual waiting room, waiting for you to approve them to join the meeting. If you enable this, make sure to keep an eye on the participant list to avoid missing someone.
1. Make sure "Allow removed participants to rejoin" is disabled. This means that people that got kicked out of the meeting will not be able to rejoin, even if they know the credentials.
Wenn du zuhause festsitzt und Zoom als das Tool deiner Wahl für Videokonferenzen und Videotelefonate entdeckt hast, mach dir nicht zu viel Sorgen und bleibe dabei. Es ist wichtiger, ein Tool zu haben, dass stressfrei und problemlos die Aufgabe erledigt, als sich stundenlang mit Alternativen zu schlagen. Hier sind einige Tipps, wie du deine Meetings für dich und deine Teilnehmerinnen sicherer gestalten kannst.

Als Erstes, melde dich auf https://zoom.us/signin an und rufe deine Einstellungen unter https://zoom.us/profile/setting auf.

* Im "Meeting"-Tab:
1. Setze "Audiotyp" auf "Computeraudio". Damit deaktivierst du zwar die Möglichkeit, über ein Telefon am Meeting teilzunehmen, aber das ist wichtig, wenn du Ende-zu-Ende-Verschlüsselung verwenden willst. Telefone verstehen keine Verschlüsselung.
1. Stelle sicher, dass "Beim Planen eines Meetings die persönliche Meeting-ID (PMI) verwenden" nicht aktiv ist. Deine PMI ist eine Meeting-ID, die sich nie ändert, also sollte man davon besser die Finger lassen.
1. Schalte "Bei Personal-Meeting-ID (PMI) Kennwort verlangen" an, falls man doch mal versehentlich die fixe PMI weitergibt. Mit Kennwort kann dann trotzdem niemand das Meeting betreten.
1. Deaktiviere "Beitritt vor Moderator", dann können deine Gäste das Meeting erst betreten, wenn du da bist. Ist diese Option deaktiviert, können Leute ohne Moderation das Meeting betreten.
1. Aktiviere "Sound wiedergeben, wenn Teilnehmer teilnehmen oder verlassen". Dann wird immer, wenn eine Teilnehmerin beitritt, ein Ton für alle abgespielt. Damit wissen alle, wenn unerwartet jemand dazu kommt.
1. Aktiviere "Verschlüsselung für Endpunkte von Drittanbietern erforderlich (H323/SIP)".
* Im "Aufzeichnung"-Tab:
1. "Cloud-Aufzeichnung" ausschalten. Du kannst das Meeting immernoch auf deine Festplatte aufnehmen, aber es gibt keinen Grund, potenziell private Gespräche auf Zoom's Servern zu speichern.

Wenn man ein "vortragsähliches" Ding geplant hat, also ein Format in dem eine kleine Gruppe an Leuten aktiv zu einer großen, ggf. öffentlichen Gruppe spricht, gibt es zu den Einstellungen oben noch ein paar weitere Tipps:

* Vor dem Meeting: Stelle sicher, dass sich alle Teilnehmerinnen vor der Veranstaltung anmelden und sammle eMail-Adressen. Verteile den Zoom-Link oder die Meetingdaten dann nicht öffentlich, sondern nur per eMail an angemeldete Personen.
* Im "Meeting"-Tab:
1. Aktiviere "Teilnehmer beim Beitritt stumm schalten". Du hast dann bei jedem Meeting die Option, zu entscheiden, ob sich Teilnehmerinnen entstummen dürfen oder ob du das Sprechrecht einzeln vergeben willst.
1. Schalte "Co-Moderator" ein und befördere einer Person, der du vertraust, als Co-Moderator. Diese Person hat dann ebenfalls das Recht, Leute stummzuschalten oder zu kicken, und kann dir arbeit abnehmen.
1. Setze "Bildschirmübertragung" so, dass nur der Host den Bildschirm freigeben darf. Das verhindert, dass Leute ihren Bildschirm freigeben, um "Inhalte" zu präsentieren. Leute, die Vortragen müssen, können zum Co-Moderator befördert werden.
1. Aktiviere "Feedback ohne Worte". Das ist nützlich, damit Leute "die Hand heben können" wenn sie etwas sagen wollen - und dann kannst du als Host sie Entstummschalten und sie können reden.
1. Schalte den "Warteraum" für alle Teilnehmerinnen an, wenn das Gespräch persönlich ist. Das bedeutet, dass alle neuen Teilnehmerinnen in einen virtuellen Warteraum gesetzt werden, und die Moderatoren haben die Möglichkeit, diese Leute dann in das Meeting zu holen. Wenn du diese Option aktivierst, achte darauf, die Teilnehmerliste im Blick zu halten, damit du niemanden übersiehst.
1. Stelle sicher, dass "Entfernten Teilnehmern den erneuten Beitritt erlauben" deaktiviert ist. Das bedeutet, dass Leute, die aus dem Meeting geworfen wurden, nicht wieder beitreten können, auch wenn sie die Zugangsdaten kennen.
#zoom #privacy #security
 

Snowden warns: The surveillance states we’re creating now will outlast the coronavirus


Temporary security measures can soon become permanent

https://thenextweb.com/neural/2020/03/25/snowden-warns-the-surveillance-states-were-creating-now-will-outlast-the-coronavirus/

#coronavirus #covid19 #surveillance #privacy #permanent #snowden
 

Snowden warns: The surveillance states we’re creating now will outlast the coronavirus


Temporary security measures can soon become permanent

https://thenextweb.com/neural/2020/03/25/snowden-warns-the-surveillance-states-were-creating-now-will-outlast-the-coronavirus/

#coronavirus #covid19 #surveillance #privacy #permanent #snowden
 

Bruce Schneier: Emergency Surveillance During COVID-19 Crisis:

[A]ny data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles:
  • Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
  • Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for improper government containment efforts driven by bias based on nationality, ethnicity, religion, and race­ -- rather than facts about a particular individual's actual likelihood of contracting the virus...
  • Expiration. ... The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.
  • Transparency. Any government use of \"big data\" to track virus spread must be clearly and quickly explained to the public....
  • Due Process. If the government seeks to limit a person's rights based on this \"big data\" surveillance ... then the person must have the opportunity to timely and fairly challenge these conclusions and limits.
Abridged from original, well worth reading in full.

https://www.schneier.com/blog/archives/2020/03/emergency_surve.html

#covid19 #privacy #surveillance #surveillanceState #surveillanceCapitalism #BruceSchneier
 

Bruce Schneier: Emergency Surveillance During COVID-19 Crisis:

[A]ny data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles:
  • Privacy intrusions must be necessary and proportionate. A program that collects, en masse, identifiable information about people must be scientifically justified and deemed necessary by public health experts for the purpose of containment. And that data processing must be proportionate to the need. For example, maintenance of 10 years of travel history of all people would not be proportionate to the need to contain a disease like COVID-19, which has a two-week incubation period.
  • Data collection based on science, not bias. Given the global scope of communicable diseases, there is historical precedent for improper government containment efforts driven by bias based on nationality, ethnicity, religion, and race­ -- rather than facts about a particular individual's actual likelihood of contracting the virus...
  • Expiration. ... The government and its corporate cooperators must roll back any invasive programs created in the name of public health after crisis has been contained.
  • Transparency. Any government use of \"big data\" to track virus spread must be clearly and quickly explained to the public....
  • Due Process. If the government seeks to limit a person's rights based on this \"big data\" surveillance ... then the person must have the opportunity to timely and fairly challenge these conclusions and limits.
Abridged from original, well worth reading in full.

https://www.schneier.com/blog/archives/2020/03/emergency_surve.html

#covid19 #privacy #surveillance #surveillanceState #surveillanceCapitalism #BruceSchneier
 

For years, @Google used flutrends as a justification for their retention policies for search arguing that the social benefit from 'big data' offsets the privacy invasions.

Which was later mostly disproved...

As the pandemic gets worse, we're going to see increased pressure by all governments to access #private consumer data to identify:

1) who is infected \
2) who they've been in contact with ("contact tracing")

This is going to be an incredibly slippery slope if we're not careful.
https://threadreaderapp.com/thread/1240320586535931906.html

#covid19 #coronavirus #privacy #Google #surveillanceCapitalis #surveillanceState
 

For years, @Google used flutrends as a justification for their retention policies for search arguing that the social benefit from 'big data' offsets the privacy invasions.

Which was later mostly disproved...

As the pandemic gets worse, we're going to see increased pressure by all governments to access #private consumer data to identify:

1) who is infected \
2) who they've been in contact with ("contact tracing")

This is going to be an incredibly slippery slope if we're not careful.
https://threadreaderapp.com/thread/1240320586535931906.html

#covid19 #coronavirus #privacy #Google #surveillanceCapitalis #surveillanceState
 
Bild/Foto

Private WhatsApp groups visible in Google searches

Your #WhatsApp groups may not be as secure as you think they are


Google is indexing invite links to private WhatsApp group chats. This means with a simple search anyone can discover and join these groups including ones the administrator may want to keep private.

Does #Google care about your privacy and security? No.

Does #Facebook honestly care about your privacy and security? No.

https://www.dw.com/en/private-whatsapp-groups-visible-in-google-searches/a-52468603

#Facebook #chat #apps #privacy #security #surveillance #messaging #im
 
Bild/Foto

Private WhatsApp groups visible in Google searches

Your #WhatsApp groups may not be as secure as you think they are


Google is indexing invite links to private WhatsApp group chats. This means with a simple search anyone can discover and join these groups including ones the administrator may want to keep private.

Does #Google care about your privacy and security? No.

Does #Facebook honestly care about your privacy and security? No.

https://www.dw.com/en/private-whatsapp-groups-visible-in-google-searches/a-52468603

#Facebook #chat #apps #privacy #security #surveillance #messaging #im
 
Bild/Foto

Private WhatsApp groups visible in Google searches

Your #WhatsApp groups may not be as secure as you think they are


Google is indexing invite links to private WhatsApp group chats. This means with a simple search anyone can discover and join these groups including ones the administrator may want to keep private.

Does #Google care about your privacy and security? No.

Does #Facebook honestly care about your privacy and security? No.

https://www.dw.com/en/private-whatsapp-groups-visible-in-google-searches/a-52468603

#Facebook #chat #apps #privacy #security #surveillance #messaging #im
 
Why Amazon Knows So Much About You

…One database contains transcriptions of all 31,082 interactions my family has had with the virtual assistant Alexa. Audio clips of the recordings are also provided. The 48 requests to play Let It Go, flag my daughter’s infatuation with Disney’s Frozen.
Other late-night music requests to the bedroom Echo, might provide a clue to a more adult activity…

https://www.bbc.co.uk/news/extra/CLQYZENMBI/amazon-data

#amazon #surveillanceCapitalism #dataAreLiability #privacy #bbc
 
Later posts Earlier posts