Privacy is not free

Privacy is not free

How Google or any company that offers free products to its users is generating revenue?You get a free product and no company is there to target you with ads or sell your data or other shenanigans.

GitHub - eldridgea/dnsonward: A CoreDNS based service that forwards traditional DNS requests to a DNS-over-TLS upstream server

GitHub - eldridgea/dnsonward: A CoreDNS based service that forwards traditional DNS requests to a DNS-over-TLS upstream server

This is CoreDNS-based service intended to be run in environments where traditional DNS requests need to be encrypted before querying an upstream server.This is intended to be run as a docker container and configured with environment variables.

Site to Site (Commercial) VPN vs Remote Access (Personal) VPN

Site to Site (Commercial) VPN vs Remote Access (Personal) VPN

A site to site VPN is usually used to connect an outside device to a network and is often used for commercial purposes.Examples of personal VPNs include Private Internet Access (a personal VPN service provider) – and Streisand VPN, a personal VPN that you can set up between two of your own devices.

GitHub - SadeghHayeri/GreenTunnel: GreenTunnel is an anti-censorship utility designed to bypass the DPI system that is put in place by various ISPs to block access to certain websites.

GitHub - SadeghHayeri/GreenTunnel: GreenTunnel is an anti-censorship utility designed to bypass the DPI system that is put in place by various ISPs to block access to certain websites.

GreenTunnel bypasses DPI (Deep Packet Inspection) systems found in many ISPs (Internet Service Providers) which block access to certain websites.For example, if the administrator chooses to block the hostname youtube using this feature, all Website access attempts over HTTPS that contain youtube like in the SNI would be blocked.

Qubes Architecture Next Steps: The GUI Domain

Qubes Architecture Next Steps: The GUI Domain

There were two big issues in the previous Qubes architecture that needed to be handled for an effective approach to a GUI domain: how the GUI protocol relied on dom0-level privileges and how managing anything in the system required dom0-level access to the hypervisor.

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

However, the way Mozilla implemented DNS-over-HTTPS in the Firefox web browser also received criticism over in past few months over favoring Cloudflare and instead of trying to upgrade to an encrypted DoH server operated by the user's existing DNS provider.

Signal Is Finally Bringing Its Secure Messaging to the Masses

Signal Is Finally Bringing Its Secure Messaging to the Masses

Another new feature it's testing, called "secure value recovery," would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone.

The perfect social network

The perfect social network

This is the Peergos list of user-focused requirements for the Perfect Social Network: Sharing media of any size with any number of people, including "the public".Many users would like more control over their data online, especially in social networks – and control comes in different flavours.

Let’s Reverse Engineer Discord

Let’s Reverse Engineer Discord

After encrypting the entire stream and sending with an RTP header, we can see this packet received and decrypted by our remote Discord client which is in a debugger.

On Privacy versus Freedom

On Privacy versus Freedom

It’s also true that decentralised systems are harder to evolve than centralised ones - you can’t just push out a given feature with a single app update, but you have to agree and publish a public spec, support incremental migration, and build governance processes and community dynamics which encourage everyone to implement and upgrade.

Signal >> Blog >> Technology Preview: Signal Private Group System

Signal >> Blog >> Technology Preview: Signal Private Group System

Each entry in the membership list is an encryption of some UID with the GroupMasterKey. To add Bob to the group, Alice must first prove to the server that she is allowed to make this change.

A Saudi Telecom Exposed a Streaming List of GPS Locations

A Saudi Telecom Exposed a Streaming List of GPS Locations

STCS, a Saudi Arabian telecom company, was running a server containing hundreds of thousands of constantly updated GPS locations before Motherboard contacted the organization about the issue.

1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook

1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook

The data within the three different PDL indexes also varied slightly, some focusing on scraped LinkedIN information, email addresses and phone numbers, while other indexes provided information on individual social media profiles such as a person’s Facebook, Twitter, and Github URLs. According to their website, the PDL application can be used to search: Over 1.5 Billion unique people, including close to 260 million in the US.

1.2 Billion Records Found Exposed Online in a Single Server

1.2 Billion Records Found Exposed Online in a Single Server

It does, though, contain profiles of hundreds of millions of people that include home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, and Github, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses.

Dnsmasq-based DNS blocking

Dnsmasq-based DNS blocking

3600 IN A 104.198.14.52 ;; Query time: 155 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 11 18:47:14 GMT 2019 ;; MSG SIZE rcvd: 56) And successfully blocks the cancer that is Google!.

Configuring DNS-Over-HTTPS on Pi-hole

Configuring DNS-Over-HTTPS on Pi-hole

This means that the connection from the device to the DNS server is secure and can not easily be snooped, monitored, tampered with or blocked.In the following sections we will be covering how to install and configure this tool on.

Dnscrypt-protocol/ANONYMIZED-DNSCRYPT.txt at master · DNSCrypt/dnscrypt-protocol · GitHub

Dnscrypt-protocol/ANONYMIZED-DNSCRYPT.txt at master · DNSCrypt/dnscrypt-protocol · GitHub

While the communications themselves are secure, and while the stateless nature of the DNSCrypt protocol helps against fingerprinting individual devices, DNS server operators can still observe client IP addresses.

P410n3 - blog: Slipping past China’s Firewall in a Trojan Horse

P410n3 - blog: Slipping past China’s Firewall in a Trojan Horse

If a normal user connects to a Trojan Server on the HTTPS port 443, he will be served a legitimate website or service.It’s worth noting that you can redirect such requests to ANY service on your server that you want to.

Data on almost every Ecuadorean citizen leaked

Data on almost every Ecuadorean citizen leaked

The pair said they had found the 18GB of data spread across a variety of files saved on an unsecured server set up and run by Novaestrat - an Ecuadorean marketing and analytics company.

GitHub - heiseonline/embetty: 🐙 Embetty displays remote content like tweets or YouTube videos without compromising your privacy.

GitHub - heiseonline/embetty: 🐙 Embetty displays remote content like tweets or YouTube videos without compromising your privacy.

Embetty displays remote content like tweets or videos without compromising your privacy.yarn add @heise/embetty.: $ git clone $ cd embetty $ yarn $ yarn build Supported embed types.The Embetty server component does not proxy video data .

Weakness in Intel chips lets researchers steal encrypted SSH keystrokes

Weakness in Intel chips lets researchers steal encrypted SSH keystrokes

Now, researchers are warning that, in certain scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers.

Monster.com says a third party exposed user data but didn’t tell anyone

Monster.com says a third party exposed user data but didn’t tell anyone

An exposed web server storing résumés of job seekers — including from recruitment site Monster — has been found online.“Because customers are the owners of this data, they are solely responsible for notifications to affected parties in the event of a breach of a customer’s database.”.

Launching SafeNotes — A Secure PDF Annotator

Launching SafeNotes — A Secure PDF Annotator

That’s exactly why SafeNotes launched a new Blockstack powered application that generates secure PDF files locally (blockchain encryption) and then uploads them to a cloud server so they can be viewed by users in a browser.

Private Internet Access users can now resolve internet names with the Handshake Naming System (HNS)

Private Internet Access users can now resolve internet names with the Handshake Naming System (HNS)

Starting since version 1.30 , the Mac, Linux, and Windows Private Internet Access (PIA) desktop clients have come with the ability to change the selected Name Server from PIA’s Domain Name System (DNS) servers to using one of PIA’s Handshake Name System (HNS) servers.

Voter records for 80% of Chile's population left exposed online

Voter records for 80% of Chile's population left exposed online

Image: ZDNet ZDNet has confirmed the validity and accuracy of this information with several of the individuals whose data was contained in the leaky database.

What Is NXDOMAIN?

What Is NXDOMAIN?

When you search for a Web site (domain) that doesn’t exist, these ISPs will hijack your session (also called as Error Redirection service), and it will show suggestions for sites that are similar to what you entered with tons of advertisements.

GitHub - encrypted-dev/proof-of-concept: A proof of concept for an end-to-end encrypted web app.

GitHub - encrypted-dev/proof-of-concept: A proof of concept for an end-to-end encrypted web app.

The point of the demo is that it should feel indistinguishable from a regular web app, despite the fact that all database queries are running over encrypted data, and in the browser.

Pale Moon forum

Pale Moon forum

A malicious party gained access to the at the time Windows-based archive server () which we've been renting from Frantech/BuyVM, and ran a script to selectively infect all archived Pale Moon .exe files stored on it (installers and portable self-extracting archives) with a variant of Win32/ClipBanker.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

On June 24th after 90 days of waiting, the last day before the public disclosure deadline, I discovered that Zoom had only implemented the ‘quick fix’ solution originally suggested.

How to enable DNS-over-HTTPS (DoH) in Firefox

How to enable DNS-over-HTTPS (DoH) in Firefox

This mode of operation bypasses the default DNS settings that exist at the OS level, which, in most cases are the ones set by local internet service providers (ISPs).This also means that apps that support DoH can effectively bypass local ISPs traffic filters and access content that may be blocked by a local telco or local government -- and a reason why DoH is currently hailed as a boon for users' privacy and security.