Sergey Shkundaleu @archit3ct@social.ssbx.dev
- WebSite
- https://sergey.iontec.co/
- GitHub
- https://github.com/sergshk
Admin
Experienced technology entrepreneur on the quest for ethics and privacy. Follow #punkprivacy tag to get regular privacy tips. You can also follow @ethiork account to get information about progress of Ethiork project that enables people to own their data and protect their privacy.
Joined Nov 2020
My friends in cybersecurity community, here is interesting challenge for you. I grabbed swag data blocker from one of the vendors at cybersecurity conference, tested at home using OMG malicious cable detector, by plugging security key into data blocker and then into OMG tool. OMG light up, as seen in the picture, I popped data blocker open and data pins are not soldered on one side. How? Any ideas. Here is the image, vendor name blocked, it's not their fault.
Sergey Shkundaleu
boosted
"Data is the new oil" has become a cliche, but the surveillance economy is no trivial topic.
For this edition of the #ProtonPrivacyReadingList, we're sharing a comprehensive study into big data by Wolfie Christl and Sarah Spiekermann.
The book is "Networks of Control," you can find it here: https://www.facultas.at/verlag/rws/networks_of_control
For a quick introduction to Christl's work, check out his seminar on the consequences of the commercial use of consumer data: https://www.youtube.com/watch?v=nn2vP2j8Wao
Did that occur to you that girl who talks to a bunch of other people in marketing materials for Apples Vision Pro(probably other VR headset as well) the only one wearing a headset, so that she can clearly see other people's faces. But what about other people? Didn't they want to see her face too? It's all the same when they portray people taking calls and the caller on the other side never wears a headset. So what's the point of face to face call when face is actually obstructed by VR headset.
Sergey Shkundaleu
boosted
Privacy Isn't Dead. Far From It. https://www.eff.org/deeplinks/2024/02/privacy-isnt-dead-far-it
Sergey Shkundaleu
boosted
iPhone apps are collecting quite some A LOT OF user private data. Extremely verbose, allowing to fingerprint, perhaps even track users.
Context from my works. About privacy risks of light data: https://blog.lukaszolejnik.com/ambient-light-sensor-privacy-constraints-gdpr-data-protection-by-design-gdpr-state-of-the-art/
Risks of battery information: https://blog.lukaszolejnik.com/battery-status-not-included-assessing-privacy-in-w3c-web-standards/
Data source: https://twitter.com/mysk_co/status/1753960043450356137
Sergey Shkundaleu
boosted
DEF CON was canceled.
After a great 25 year relationship Caesars abruptly terminated their contract with #DEFCON, leaving us with no venue for DC 32, and just about seven months to Con!
We don’t know why Caesars canceled us, they won’t say beyond it being a strategy change unrelated to anything that DEF CON or our community has done. The parting is confusing, but amicable.
We immediately scrambled a venue strike team to Las Vegas. Floors were walked. Meetings were held. Hands were shook and options weighed. When the smoke cleared, the field narrowed to one obvious choice.
W00T! DEF CON Is UN-CANCELED!
DEF CON 32 will still be August 8-11 2024, but now held at the Las Vegas Convention Center (LVCC) with workshops and training at the Sahara.
We started a live FAQ section on the Forums where we will be updating as we get info. The FAQ’s here: https://forum.defcon.org/node/248358, and DT’s full post is here: https://forum.defcon.org/node/248360
P.S. We made shirts and stickers: https://shop.defcon.org
Let's talk about deepfakes, those are alteration of media files, most common videos, with the goal to alter person's identify. I recently came across a really good article summarizing state of deepfakes back in 2022, fast forward 2 years of development in AI industry and now it's even scarier how those could be used to deceive people. Rise of deepfakes poses significant threat to our personal privacy, that's why it's important to protect our #privacy https://insights.sei.cmu.edu/blog/how-easy-is-it-to-make-and-detect-a-deepfake/
Developers on GitHub, man in the middle is a serious threat, but servers are being updated regularly too. So if you received warning message telling you that remote host identification has changed when you trying to connect to GitHub, please don't just blindly follow tutorials that guiding you to delete offending host from known_hosts file, verify authenticity of that fingerprint here https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
If you look at legal landscape of privacy you'll find that there is a significant misunderstanding of what privacy is and confusion of privacy with anonymity. Most privacy laws cover your personal information while do not protect tidbits of information about what you were doing online. Simple example streaming providers recommend movies based on what you watched or opened, that information might tell a lot about your interests/hobbies and won't be protected by laws on the books. #punkprivacy
Well apparently OpenAI stated that without copyrighted materials they won't be able to train their ChatGPT models, or as they say those models won't meet needs of today's citizens. Looks like a hypocrisy to me, large company with lot's of money in the bank, wants creators to forfeit their rights and then charge them for use of their models. No comments ... https://www.theguardian.com/technology/2024/jan/08/ai-tools-chatgpt-copyrighted-material-openai
Sergey Shkundaleu
boosted
Google continues to build its massive surveillance empire under the sinister guise of “privacy.” In its latest iteration on #Android, Google
lets you opt into their “Ad Topics,” which roughly translated means, “Let Google be the gatekeeper of all your data.” (1/4)
Everyone, I'd like to share some exciting news. Since grownups don't typically have advent calendars I've tasked my team at IonTec Software LLC to create one with lot's of activities targeted to help people protect their privacy in a fight against surveillance capitalism. It's bite size chunks of activities which will open on designated day for next 12 days until Christmas, why wait take an action: https://punkprivacy.com/ Merry Christmas #privacy #punkprivacy
Sergey Shkundaleu
boosted
Tusky is looking for contributors!
The #Tusky team has lost a few contributors this year for various reasons, and we need your help building a kick-ass Mastodon app!
While we would also appreciate more technical contributors, we are specifically looking for:
- a person who can manage or help with our social account
- a project manager who can help us draft a Code of Conduct
Please help us spread the word 😊
You car might be spying on you! Biggest problem with privacy laws in US is that plaintiffs have to prove damage from sale of information, that they deemed private, like SMS messages(they are not, don't make that mistake). Essentially extortion that happens 5 years down the road after some threat actor connected dots from sets of data they purchased legally or stole from tech company can't be proved as it has not happened yet. Surveillance capitalism in action. #privacy https://therecord.media/class-action-lawsuit-cars-text-messages-privacy
Hey folks, it looks like AI buzzword is back into fashion. Today Whitehouse released a fact sheet about AI executive order. I am no lawyer do not take any advice from me, and this is not a legal advice. What is interesting is approach to privacy in that EO, statements looks good from marketing standpoint, but do nothing. You can track individuals from anonymized datasets, no PII needed thus you can build model of a person without need to name them. https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/
@phil looks like you are giving some advice from ISC2 Cybersecurity Congress stage, nice!
Sergey Shkundaleu
boosted
Sergey Shkundaleu
boosted
How I made a heap overflow in #curl
Let me talk CVE-2023-38545 a bit
https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/
Sergey Shkundaleu
boosted
A new low, even for #Google. Giving Google permission to share information about you with third-party websites is being falsely advertised as an "ad privacy feature". This is privacy washing at its most extreme. But it gets even worse.
There is a dark pattern on the second screenshot. It isn't just informing you about the fake privacy features. Clicking on "Got it" actually turns on these features that allow Google to use your recent browsing history for ads on third-party websites:
If you are using Android phone then you could have noticed recent update from Google which allowed you to "personalize your ad experience" and those settings apparently were on by default. So you have to actually do work to opt out. Here is how you can turn it off: Settings->Security&Privacy->More privacy settings->Ads->Ad privacy. It will take you to the screen in picture, go ahead and turn off all of these settings and definitely delete your advertising ID. #punkprivacy
- WebSite
- https://sergey.iontec.co/
- GitHub
- https://github.com/sergshk
Admin
Experienced technology entrepreneur on the quest for ethics and privacy. Follow #punkprivacy tag to get regular privacy tips. You can also follow @ethiork account to get information about progress of Ethiork project that enables people to own their data and protect their privacy.
Joined Nov 2020
