Privacy News Online | Weekly Review: January 8, 2021

Privacy News Online | Weekly Review: January 8, 2021

Man sues police after incorrect facial recognition match leads to wrongful arrest.Nijeer Parks was wrongfully arrested in February, 2019 due to an incorrect facial recognition match.On their end – NeoPets has acknowledged the exposed server, removed it, and told reporters that no user or account information was accessed.

Apple Fined $12M In Italy

Apple Fined $12M In Italy

The tech giant Apple has been fined 10 million Euros ($12 million) by the Italian Competition Authority over what it says were “aggressive and misleading” advertising practices for its iPhones.

Microsoft and OpenAI partner to propose digital transformation of export controls

Microsoft and OpenAI partner to propose digital transformation of export controls

For these reasons, restricting the problematic users and uses of these technologies is the more targeted and balanced of traditional export controls approaches, as it protects national security interests while preserving beneficial uses and tech leadership.

Build Your Own Alexa With Raspberry Pi — CyberPunks.com

Build Your Own Alexa With Raspberry Pi — CyberPunks.com

The Raspberry Pi was created to run open source code on open source hardware and goddamn it, that’s what we’re going to do.For us, the easiest option was to download a customized Mycroft/Raspbian image file with the rather cute name of Picroft and flash it to the Pi’s MicroSD card.

Before you buy that managed Netgear switch, be aware you may need to create a cloud account to use its full UI

Before you buy that managed Netgear switch, be aware you may need to create a cloud account to use its full UI

“I would not have bought the switches if I had knew I needed to register them to Netgear Cloud to have access to the full functionality specified in the data sheet.”.

Rubenerd: We need physical audio kill switches

Rubenerd: We need physical audio kill switches

If there is any latency whatsoever between us hitting a mute button and the audio not cutting out, the hardware or software has failed.Well-engineered mute buttons on keyboards shouldn’t need to go to software, they should immediately send a signal to the motherboard’s DAC—ideally on a separate wire or connection—to say terminate this signal.

TikTok Reverse Engineered: What Was Discovered Will Make You Delete It ASAP

TikTok Reverse Engineered: What Was Discovered Will Make You Delete It ASAP

And here's food for thought; Bangorlol alleges that reverse engineering other popular social media apps like Facebook, Instagram and Twitter didn't find nearly as much data collection going on -- there was absolutely no comparison.

TikTok seems to be copying and pasting your clipboard with every keystroke

TikTok seems to be copying and pasting your clipboard with every keystroke

The new feature – called paste notifications – shows that TikTok is inspecting the clipboard with each new keystroke, and it’s possible that they’re also grabbing the contents and storing it for later to be sent off with the other information that TikTok phones home with.

Intel Preparing Platform Monitoring Technology

Intel Preparing Platform Monitoring Technology

Intel developers are working on a new Linux feature and technology called "Intel Platform Monitoring Technology" as amounting to a hardware telemetry framework that can also be used by other hardware vendors.

Microsoft Edge has more privacy-invading telemetry than other browsers

Microsoft Edge has more privacy-invading telemetry than other browsers

Concluding the paper, Leith writes: From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied.Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers.

I Asked Reddit’s “r/privacy” What Tools They Use to Protect Themselves— Here’s What They Said.

I Asked Reddit’s “r/privacy” What Tools They Use to Protect Themselves— Here’s What They Said.

Reddit User, rabicanwoosley suggests uMatrix, described as: “Point & click to forbid/allow any class of requests made by your browser.Do we really need 500 lists going over the same ground again and again ?And beyond some basics, much of your security and privacy is more dependent on your behavior, and that of your friends and family, than on tools.

Can hardware ever be trusted? The Betrusted project aims to find out by going back to basics

Can hardware ever be trusted? The Betrusted project aims to find out by going back to basics

Betrusted is more than just a secure CPU – it is a system complete with screen and keyboard, because privacy begins and ends with the user.” Its aim is to create a secure communication device whose hardware can be trusted, and which does protect privacy.

NitroPad: Secure Laptop With Unique Tamper Detection

NitroPad: Secure Laptop With Unique Tamper Detection

Thanks to the combination of the open source solutions Coreboot, Heads and Nitrokey USB hardware, you can verify that your laptop hardware has not been tampered with in transit or in your absence (so-called evil maid attack).

Google is buying Fitbit: now what?

Google is buying Fitbit: now what?

Rick Osterloh knows a thing or two about Google mucking up a big consumer electronics acquisition Google, like all tech giants, has bought a lot of companies.

Librem 13 – Purism

Librem 13 – Purism

The Librem 13 is the first ultra-portable laptop for the security-conscious road warrior—designed chip-by-chip, line-by-line, to respect your rights to privacy, security, and freedom.When you use a Purism computer you know you are operating the best hardware and software, while keeping your rights to privacy, security, and freedom in mind.

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft already offers Windows Secure Boot, a feature that checks for cryptographic signatures to confirm software integrity.Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way.

Here's everything Google announced at its big product event

Here's everything Google announced at its big product event

Google unveiled its newest smartphone, the Pixel 4, alongside a revamped pair of Pixel Buds and several new Nest smart home devices at its annual hardware event in New York on Tuesday.

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks.

Amazon's Favorite New Word Is 'Privacy,' But Does It Even Know the Meaning?

Amazon's Favorite New Word Is 'Privacy,' But Does It Even Know the Meaning?

New commands coming to Alexa, Amazon’s personal voice assistant, will enable users to delete recordings of their commands—a big deal given the eavesdropping debacle in which Amazon was embroiled this year.

MiFi 4G hotspots are vulnerable to hacking, use a VPN to protect yourself

MiFi 4G hotspots are vulnerable to hacking, use a VPN to protect yourself

A DEFCON 27 talk by Pen Test Partners revealed command injection and remote code execution vulnerabilities in popular 4G hotspots and MiFi routers made by ZTE, Netgear, TP-Link, and Huawei.

Librem 5 Smartphone - Final Specs Announced – Purism

Librem 5 Smartphone - Final Specs Announced – Purism

Here’s a more detailed breakdown of the Librem 5 hardware and specific components included:. 3 Hardware Kill Switches: WiFi / Bluetooth Cellular Baseband Cameras & microphone All 3 off = additionally disable IMU+compass & GNSS, ambient light.

Google wants to buy your face in return for a $5 gift card

Google wants to buy your face in return for a $5 gift card

It's been suggested that those taking part are being handed a Pixel 4 device prototype to collect the information - it's expected that the Pixel 4 will be the first device to offer Google's face unlocking.

Hardware Security Keys Keep Getting Recalled; Are They Safe?

Hardware Security Keys Keep Getting Recalled; Are They Safe?

We recommend hardware security keys like Yubico’s YubiKeys and Google’s Titan Security Key. But both manufacturers have recently recalled keys due to hardware flaws, and that sounds a little worrying. Physical security keys like Google’s Titan Security Key and Yubico’s YubiKeys use the WebAuthn standard, the successor to U2F , to help protect your accounts.

How much is good online security worth to you? How about $100,000?

How much is good online security worth to you? How about $100,000?

Because of this weakness – and those deriving from the SIM swap attack – Google recommends that “high-risk users” enrol in its Advanced Protection Program, which requires the use of hardware 2FA keys.

Comcast is working on an in-home device to track people's health

Comcast is working on an in-home device to track people's health

It will start to experiment with pilots, which are not limited to Comcast customers, by the end of 2019, with potential commercial release in 2020.Unlike most home speakers, the device won't be positioned as a communications or assistant tool, and won't be able to do things like search the web or turn lights on and off.

The Most Expensive Lesson Of My Life: Details of SIM port hack

The Most Expensive Lesson Of My Life: Details of SIM port hack

The attacker ports your SIM card to a phone that they control. Once the attacker controls your primary email account, they begin to move laterally across any lucrative online services that you manage via that email address (bank accounts, social media accounts, etc.).

Why 5G is a huge future threat to privacy

Why 5G is a huge future threat to privacy

The same news item includes details about the concerns of Christopher Krebs, director of the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency: First, Krebs said, “the quality of the engineering is not great, and so there are a number of vulnerabilities that are left open on the box, so China and other capable actors – Russia, Iran, North Korea – could exploit the vulnerabilities”.

The Best Privacy Respecting Hardware

The Best Privacy Respecting Hardware

The Intel Management Engine (IME) can over run any encryption software, and what with new flaws being discovered everyday , its good to try and have a more privacy respecting set-up. Some companies set out to be privacy respecting and turn out bad.

No, Google, Apple's privacy is not a luxury item

No, Google, Apple's privacy is not a luxury item

The crux of Google CEO Sundar Pichai’s argument against firms such as (obviously including but never named) Apple is that his company offers convenience in exchange for personal secrets, makes its services available for free, and has a “profound commitment” to protecting user privacy.

Calls for “Lightweight” Encryption are Short-Sighted and Dangerous

Calls for “Lightweight” Encryption are Short-Sighted and Dangerous

There is a NIST competition going on right now to adopt a new lightweight encryption standard that targets 112-bits of security. One is the concept of a “barely safe” margin of safety and a the second is that hardware advancements are eliminating the need for lightweight cryptography altogether.