Tag Archives: privacy

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

An overview of Yandex identifier sharing An overview of Yandex identifier sharing A timeline of web history tracking by Meta and Yandex A timeline of web history tracking by Meta and Yandex Some browsers for Android have blocked the abusive JavaScript in trackers. DuckDuckGo, for instance, was already blocking domains and IP addresses associated with… Read More: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers »

“Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall

But the changes go only so far in limiting the risks Recall poses. As I pointed out, when Recall is turned on, it indexes Zoom meetings, emails, photos, medical conditions, and—yes—Signal conversations, not just with the user, but anyone interacting with that user, without their knowledge or consent. Researcher Kevin Beaumont performed his own deep-dive… Read More: “Microsoft has simply given us no other option,” Signal says… »

WhatsApp provides no cryptographic management for group messages

The flow of adding new members to a WhatsApp group message is: A group member sends an unsigned message to the WhatsApp server that designates which users are group members, for instance, Alice, Bob, and Charlie The server informs all existing group members that Alice, Bob, and Charlie have been added The existing members have… Read More: WhatsApp provides no cryptographic management for group messages »

That groan you hear is users’ reaction to Recall going back into Windows

Security and privacy advocates are girding themselves for another uphill battle against Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store everything a user does every three seconds. When Recall was first introduced in May 2024, security practitioners roundly castigated it for creating a gold mine for malicious insiders,… Read More: That groan you hear is users’ reaction to Recall going… »

DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers

Thomas Reed, staff product manager for Mac endpoint detection and response at security firm Huntress, and an expert in iOS security, said he found NowSecure’s findings concerning. “ATS being disabled is generally a bad idea,” he wrote in an online interview. “That essentially allows the app to communicate via insecure protocols, like HTTP. Apple does… Read More: DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers »

Time to check if you ran any of these 33 malicious Chrome extensions

Screenshot showing the phishing email sent to Cyberhaven extension developers. Credit: Amit Assaraf A link in the email led to a Google consent screen requesting access permission for an OAuth application named Privacy Policy Extension. A Cyberhaven developer granted the permission and, in the process, unknowingly gave the attacker the ability to upload new versions… Read More: Time to check if you ran any of these 33… »

Location tracking of phones is out of control. Here’s how to fight back.

Both operating systems will display a list of apps and whether they are permitted access always, never, only while the app is in use, or to prompt for permission each time. Both also allow users to choose whether the app sees precise locations down to a few feet or only a coarse-grained location. For most… Read More: Location tracking of phones is out of control. Here’s how… »

Neo-Nazis head to encrypted SimpleX Chat app, bail on Telegram

“SimpleX, at its core, is designed to be truly distributed with no central server. This allows for enormous scalability at low cost, and also makes it virtually impossible to snoop on the network graph,” Poberezkin wrote in a company blog post published in 2022. SimpleX’s policies expressly prohibit “sending illegal communications” and outline how SimpleX… Read More: Neo-Nazis head to encrypted SimpleX Chat app, bail on Telegram »

Meta pays the price for storing hundreds of millions of passwords in plaintext

Getty Images reader comments 90 Officials in Ireland have fined Meta $101 million for storing hundreds of millions of user passwords in plaintext and making them broadly available to company employees. Meta disclosed the lapse in early 2019. The company said that apps for connecting to various Meta-owned social networks had logged user passwords in… Read More: Meta pays the price for storing hundreds of millions of… »

Tails OS joins forces with Tor Project in merger

The Tor Project reader comments 27 The Tor Project, the nonprofit that maintains software for the Tor anonymity network, is joining forces with Tails, the maker of a portable operating system that uses Tor. Both organizations seek to pool resources, lower overhead, and collaborate more closely on their mission of online anonymity. Tails and the… Read More: Tails OS joins forces with Tor Project in merger »