Show newer

People often ask me why do you trash devs? Weren't you dev yourself? Yes, but I don't trash them and here is why: I've lived in dev through a shortage of devs and every young person dreamed of building stuff, so I taught them that they have to be diligent in their deeds and think out of the box, instead of repeating other ppl mistakes. Now it was time to move to cybersecurity with the same purpose - I want to make profession better and as a result things to become more secure for our own sake.

Profit is a sole driver for any for profit corporation, so when you see some companies claim that they are solving your problem, improving your quality of life, making something convenient for you and all of that for free, beware they might be misleading you. Some might be playing long game, using that feature as bait, but the ultimate goal is to sell your attention to advertisers. This feature won't see daylight unless it can show ROI. Now, think about smart cars and other smart devices.

My friends in cybersecurity community, here is interesting challenge for you. I grabbed swag data blocker from one of the vendors at cybersecurity conference, tested at home using OMG malicious cable detector, by plugging security key into data blocker and then into OMG tool. OMG light up, as seen in the picture, I popped data blocker open and data pins are not soldered on one side. How? Any ideas. Here is the image, vendor name blocked, it's not their fault.

"Data is the new oil" has become a cliche, but the surveillance economy is no trivial topic.

For this edition of the #ProtonPrivacyReadingList, we're sharing a comprehensive study into big data by Wolfie Christl and Sarah Spiekermann.

The book is "Networks of Control," you can find it here:

For a quick introduction to Christl's work, check out his seminar on the consequences of the commercial use of consumer data:

Did that occur to you that girl who talks to a bunch of other people in marketing materials for Apples Vision Pro(probably other VR headset as well) the only one wearing a headset, so that she can clearly see other people's faces. But what about other people? Didn't they want to see her face too? It's all the same when they portray people taking calls and the caller on the other side never wears a headset. So what's the point of face to face call when face is actually obstructed by VR headset.

DEF CON was canceled.

After a great 25 year relationship Caesars abruptly terminated their contract with #DEFCON, leaving us with no venue for DC 32, and just about seven months to Con!

We don’t know why Caesars canceled us, they won’t say beyond it being a strategy change unrelated to anything that DEF CON or our community has done. The parting is confusing, but amicable.

We immediately scrambled a venue strike team to Las Vegas. Floors were walked. Meetings were held. Hands were shook and options weighed. When the smoke cleared, the field narrowed to one obvious choice.


DEF CON 32 will still be August 8-11 2024, but now held at the Las Vegas Convention Center (LVCC) with workshops and training at the Sahara.

We started a live FAQ section on the Forums where we will be updating as we get info. The FAQ’s here:, and DT’s full post is here:

P.S. We made shirts and stickers:

Let's talk about deepfakes, those are alteration of media files, most common videos, with the goal to alter person's identify. I recently came across a really good article summarizing state of deepfakes back in 2022, fast forward 2 years of development in AI industry and now it's even scarier how those could be used to deceive people. Rise of deepfakes poses significant threat to our personal privacy, that's why it's important to protect our

Developers on GitHub, man in the middle is a serious threat, but servers are being updated regularly too. So if you received warning message telling you that remote host identification has changed when you trying to connect to GitHub, please don't just blindly follow tutorials that guiding you to delete offending host from known_hosts file, verify authenticity of that fingerprint here

If you look at legal landscape of privacy you'll find that there is a significant misunderstanding of what privacy is and confusion of privacy with anonymity. Most privacy laws cover your personal information while do not protect tidbits of information about what you were doing online. Simple example streaming providers recommend movies based on what you watched or opened, that information might tell a lot about your interests/hobbies and won't be protected by laws on the books.

Well apparently OpenAI stated that without copyrighted materials they won't be able to train their ChatGPT models, or as they say those models won't meet needs of today's citizens. Looks like a hypocrisy to me, large company with lot's of money in the bank, wants creators to forfeit their rights and then charge them for use of their models. No comments ...

Google continues to build its massive surveillance empire under the sinister guise of “privacy.” In its latest iteration on #Android, Google
lets you opt into their “Ad Topics,” which roughly translated means, “Let Google be the gatekeeper of all your data.” (1/4)

Everyone, I'd like to share some exciting news. Since grownups don't typically have advent calendars I've tasked my team at IonTec Software LLC to create one with lot's of activities targeted to help people protect their privacy in a fight against surveillance capitalism. It's bite size chunks of activities which will open on designated day for next 12 days until Christmas, why wait take an action: Merry Christmas

Tusky is looking for contributors!

The #Tusky team has lost a few contributors this year for various reasons, and we need your help building a kick-ass Mastodon app!

While we would also appreciate more technical contributors, we are specifically looking for:
- a person who can manage or help with our social account
- a project manager who can help us draft a Code of Conduct

Please help us spread the word 😊

You car might be spying on you! Biggest problem with privacy laws in US is that plaintiffs have to prove damage from sale of information, that they deemed private, like SMS messages(they are not, don't make that mistake). Essentially extortion that happens 5 years down the road after some threat actor connected dots from sets of data they purchased legally or stole from tech company can't be proved as it has not happened yet. Surveillance capitalism in action.

Hey folks, it looks like AI buzzword is back into fashion. Today Whitehouse released a fact sheet about AI executive order. I am no lawyer do not take any advice from me, and this is not a legal advice. What is interesting is approach to privacy in that EO, statements looks good from marketing standpoint, but do nothing. You can track individuals from anonymized datasets, no PII needed thus you can build model of a person without need to name them.

@phil looks like you are giving some advice from ISC2 Cybersecurity Congress stage, nice!

We thought Google hit rock bottom with #privacy.

Its new beta feature on Google Files for #Android called “Smart Search" is the trap door.

This creepy new feature on by default & scans every file on your phone. Why is this bad? Because it could potentially ruin your life. (1/3)

Show older

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!