Sergey Shkundaleu @archit3ct@social.ssbx.dev

Another data broker exposed the data of millions people, that's why this whole industry is very dangerous. Ultimately data brokers won't apply necessary controls to personal data.
Link:https://techcrunch.com/2025/01/13/gravy-analytics-data-broker-breach-trove-of-location-data-threatens-privacy-millions/
#privacy

So it's inauguration day, how about article with some analysis on what to expect from incoming administration with regards to cyber warfare. What do you think?

Link:https://techletters.substack.com/p/techletters-insights-trumps-plans

Face recognition can be misused. This article has few stories providing examples and highlighting how dangerous it could be.
Link:https://www.eff.org/deeplinks/2025/01/police-use-face-recognition-continues-wrack-real-world-harms

This is quite concerning that AI chatbots are increasingly integrating advertisements. Companies like Microsoft are embedding sponsored content into chatbot conversations, utilizing personal data shared during interactions to target ads. This practice underscores the urgent need for robust data protection measures to safeguard user privacy.
Link:https://privacyinternational.org/long-read/5472/chatbots-adbots-sharing-your-thoughts-advertisers
#privacy #DataProtection

OS installation on a brand new hardware 2000 vs 2024:
2000:
- Windows - you spend 30 min going through setup wizard
- Linux - you spend a day looking for drivers and compiling kernel and eventually quit and install Windows
2024:
- Windows - you spend a day looking for proper NVME drivers and eventually quit and install Linux
- Linux - you spend 15 min going through setup wizard

Attack on privacy is often hidden behind some noble purpose, some purpose where public, in theory, would "buy-in" on being tracked. So here is an example where data broker touting themselves as helping law enforcement to collate information they collect off of mobile phones, but all in all what that is if not a surveillance. #privacy https://arstechnica.com/information-technology/2024/10/phone-tracking-tool-lets-government-agencies-follow-your-every-move/

Are you still pixelating your images? Please don't! This is a reminder why! Post has been written in 2022 and "old news", however think about how far technology has gone in last 2 years. #cybersecurity https://thehackernews.com/2022/02/this-new-tool-can-retrieve-pixelated.html

That's a really awesome development, It looks like Swiss folks understand that open source would better fit governmental needs, at the end of the day when code is out there you at least can inspect it and take countermeasures if necessary. #OpenSource https://www.zdnet.com/article/switzerland-now-requires-all-government-software-to-be-open-source/

I had been saying that listening to the microphone on your phone is not practical or scalable from a marketing point of view(while 100 % possible). My recommendation though has always been removal of social media apps from your phone. #punkprivacy However looks like at least one player brags about it, so maybe they were able to implement a process that yields good ROI and proves me wrong. Please remove unnecessary apps from your phone. https://futurism.com/the-byte/facebook-partner-phones-listening-microphone #privacy

Just remember when product is free and distributed by for profit commercial entity, they have to have a way to recoup their losses. In many cases you are the product, in some cases your data is the product that they sell, and in some cases they are straight out fraudsters.
https://www.bleepingcomputer.com/news/security/free-vpn-apps-on-google-play-turned-android-phones-into-proxies/

This is a good reminder of how important is real time continuous monitoring in a whole cybersecurity puzzle. It took 22 min after vulnerability was published for the bad guys to start exploiting it. #cybersecurity https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/

Here is another example of vendor abandoning patching. From time to time businesses around the world would have to make those decisions based on simple economy, however I think it would have been honest from their perspective is to open source their code, so that community could fix it. Unfortunately that's not the case for any of the vendors, luckily people have choices there is OpenWRT which is an open source ecosystem for routers, and that model is supported.
https://www.howtogeek.com/d-link-dir-856-router-exposed-to-hackers/

While progress and shift to software defined everything is generally great, people need to be ready for that shift and be able to understand how to protect themselves from threat vectors associated with such shift. #cybersecurity
https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/

As I previously said any company, no mater how noble their intentions could have been, would have to follow procedures of the country where they have been incorporated, that's why I think the future of privacy is for people to be able to manage their own data . #ethiork #privacy
https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/

That is good to see that SEC charging bunch of players on the market for failures to follow their own incident report procedures. That's just another highlight of the value of cybersecurity in today's work, because that is what could move the market. #cybersecurity #SEC
https://www.sec.gov/newsroom/press-releases/2024-63

Another breach from a couple of months ago, and it's coming from effective monopolist in ticket sales, if you tried to buy tickets recently then mos likely you had to deal with enormous "fees" imposed by that player, so what do you think how much of those went into cybersecurity spending, probably not much if anything . #databreach #cybersecurity
https://www.abc.net.au/news/2024-05-30/ticketmaster-data-breach-how-to-check-if-you-have-been-hacked/103912494