mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2019-11-01, 16:44   #177
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

3·1,933 Posts
Default

Quote:
Originally Posted by xilman View Post
Tor
The pings will still track your clicks. The only thing Tor adds is that the pings get routed through many servers first. So Google (and every other website) can still know what you click on, and with browser fingerprinting they can correlate that with previous captured data.

Tor doesn't prevent tracking. It is supposed to enable anonymity. They know where you go, but not who you are. Supposedly anyway. There are probably some other things that can be done to attempt deanonymisation.

Other measures along with Tor make things more anonymous. Disable JS, refuse cookies, rotate the user agent string, block iFrames, disable caching, disable browser reporting, etc.
retina is online now   Reply With Quote
Old 2019-11-01, 19:42   #178
lavalamp
 
lavalamp's Avatar
 
Oct 2007
London, UK

24348 Posts
Default

I would imagine that the TOR browser would disable pings though. I use firefox (which the TOR browswer is based on) and pings are disabled by default still (though this may change in future).
lavalamp is offline   Reply With Quote
Old 2019-11-02, 10:30   #179
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

132478 Posts
Default So you thought you were safe from Google?

https://arstechnica.com/gadgets/2019...r-2-1-billion/
Quote:
It's official: Google is buying Fitbit. The company announced the move in a blog post this morning, and reports say the deal is worth $2.1 billion.

Google's SVP of hardware, Rick Osterloh, posted an announcement of the acquisition on Google's blog, saying the move was "an opportunity to invest even more in Wear OS as well as introduce Made by Google wearable devices into the market."
So you thought that giving your data to Fitbit wasn't too bad, maybe? You decided to trust them even though sending your data to their cloud servers is mandatory and you couldn't opt out. Because after spending all that cash you wanted to be able to use the thing you paid for. You believed all the marketing about how they use state-of-the-art encryption and your data was safe from snoopers (except for the staff that work there of course, they can see whatever they want, and except for their "business partners", and except for anyone else that pays them to view the data.). At least it wasn't Google you were feeding. Or so you thought. Well you just got suckered. More data to Google.

So eventually all the sites, everywhere, that you have given personal data to, will end up in the possession of Google, Microsoft, Amazon, Apple, or Facebook (and perhaps more than one of them). And that includes this forum. Even though the people/person running this forum might might object, they will have no say in the matter. The hosting company, or the software it runs, or whatever else is involved in running this site, will be bought and your data will be exploited for as much they can get. Maybe it already happened and they kept it quiet.
retina is online now   Reply With Quote
Old 2019-11-05, 21:15   #180
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

9,791 Posts
Default

How Gaggle Surveils Every Document, Email, Chat, And Picture That Students Create | BuzzFeed News -- Reader comment:

"Horrifying destruction of constitutional rights at industrial scale. I have no doubt that most of these capabilities were developed to serve Chinese Government internal requirements and were then repackaged to peddle here 'to protect children'. Once the existence of these capabilities become normalized and the implementation bugs are worked out, it will be pointed to broader and broader constituencies."
ewmayer is offline   Reply With Quote
Old 2019-11-12, 21:01   #181
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

979110 Posts
Default

Google Collecting Medical Data on Millions Without Informing Patients or Doctors | naked capitalism
Quote:
The Wall Street Journal has broken an important story on Google’s foray into the medical arena. Without notifying patients or doctors, much the less obtaining their consent, the search giant has obtained the medical records of “tens of millions of people” in 21 states, all patients of Ascension, a St. Louis-based chain of 2600 hospitals. Moreover, you can see that the effort is aggressive, with the aim of generating patient medical histories, linking individuals to family members, and making staffing and treatment suggestions….as well as identifying opportunities for upcoding and other ways to milk patients.
...
One practical suggestion, although it will be of use only when seeing a new doctor or joining a new health care organization: when presented with HIPAA forms, strike out the sections where you consent to sharing data with undisclosed partners and initial the strikeout. And do not ever provide your SSN on a medical intake form.
ewmayer is offline   Reply With Quote
Old 2019-12-26, 16:01   #182
kriesel
 
kriesel's Avatar
 
"TF79LL86GIMPS96gpu17"
Mar 2017
US midwest

107578 Posts
Default Spying by bluetooth at Universities

Tracking student location thousands of times per day, and requiring students to configure their phones to allow it. Big brother is always watching. Why aren't you attending all lectures and going to the library more often? https://www.washingtonpost.com/techn...=pocket-newtab
kriesel is offline   Reply With Quote
Old 2019-12-28, 23:16   #183
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

2·3·5·7·17 Posts
Default

Quote:
Originally Posted by kriesel View Post
Tracking student location thousands of times per day, and requiring students to configure their phones to allow it. Big brother is always watching. Why aren't you attending all lectures and going to the library more often? https://www.washingtonpost.com/techn...=pocket-newtab
This brings to mind an old joke:
One day, the students arrive in class, but the professor is not there. The only sign of him is his hat on his desk at the front of the classroom.

They become impatient, and eventually leave.

Next class, the professor is there, and tells his students, "You should not have left last class. When my hat is there, it's the same as me being there."

The class after that, the professor walks in, and sees no students, but a hat on every student's desk.
In the present instance, the school is tracking not the students, but their phones. I see the potential for mischief analogous to the above joke. I have no idea how it might work, of course.
Dr Sardonicus is offline   Reply With Quote
Old 2020-01-10, 20:00   #184
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

9,791 Posts
Default

Unremovable malware found preinstalled on low-end smartphone sold in the US | ZDNet
Quote:
Low-end smartphones sold to Americans with low-income via a government-subsidized program contain unremovable malware, security firm Malware bytes said today in a report.

The smartphone model is Unimax (UMX) U686CL, a low-end Android-based smartphone made in China and sold by Assurance Wireless, a cell phone service provider part of the Virgin Mobile group.

The telco sells cell phones part of Lifeline, a government program that subsidizes phone service for low-income Americans.

"In late 2019, we saw several complaints in our support system from users with a government-issued phone reporting that some of its pre-installed apps were malicious," Malwarebytes said in a report published today.

The company said it purchased a UMX U686CL smartphone and analyzed it to confirm the reports it was receiving.

Adups backdoor

For starters, Malwarebytes said it found that one of the phone's components, an app named Wireless Update, contained the Adups malware.

The Adups malware was discovered in 2017 by Kryptowire, and it's a malicious firmware component created by a Chinese company of the same name.

Adups provides the component as a firmware-over-the-air (FOTA) update system to various smartphone makers and firmware vendors.

The component is supposed to allow firmware vendors a way to update their code, but in 2017 the Kryptowire team discovered that Adups (the company) also had the ability to ship updates to users' phones, bypassing smartphone vendors and users alike.

Malwarebytes says that this component was currently in use on UMX devices, and was being used to install apps without the user's knowledge. By who remains unclear.

"From the moment you log into the mobile device [the UMX U686CL], Wireless Update starts auto-installing apps," the Malwarebytes team said. "To repeat: There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own.

"While the apps it installs are initially clean and free of malware, it's
important to note that these apps are added to the device with zero notification or permission required from the user. This opens the potential for malware to unknowingly be installed in a future update to any of the apps added by Wireless Update at any time."

Dropper leads to adware

But Malwarebytes said there is a second dangerous component included on these phones. Researchers said they also found suspicious code in the phone's Settings app.

The app, Malwarebytes says, was tainted with what appeared to be a strain of heavily-obfuscated malware, believed to be of Chinese origin, due to the heavy use of Chinese characters as variable names.

Security researchers said this malware was coded to work as a dropper for a second-stage malware payload, a well-known adware strain known as HiddenAds.

"Although we have yet to reproduce the dropping of additional malware ourselves, our users have reported that indeed a variant of HiddenAds suddenly installs on their UMX mobile device," Malwarebytes said.

Unremovable

Malwarebytes researchers said they couldn't confirm that Unimax was the party that added the malware to the devices.

This might be another case where malware was added to devices by third-parties involved in a smartphone's supply chain -- while the devices travel from the phone maker to a buyer.

Malwarebytes said that while the device "is not a bad phone," the presence of the two malware-infected apps make the smartphone worthless and even dangerous to its users.

Making matters worse, the two malicious apps are unremovable.

While users could disable and uninstall the Wireless Update app, this would result in the phone missing out critical security updates for its firmware components -- which effectively makes the app unremovable, at least if you want to keep your device up to date.

On the other hand, the Settings app is unremovable in the real meaning of the word, as there is no way to remove the app, and even if you did, you wouldn't be able to manage your phone afterward.

Malwarebytes says it informed Assurance Wireless of its findings but never heard back from the company.

In a statement to ZDNet, Assurance Wireless said they "are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware."
ewmayer is offline   Reply With Quote
Old 2020-01-10, 20:32   #185
Uncwilly
6809 > 6502
 
Uncwilly's Avatar
 
"""""""""""""""""""
Aug 2003
101×103 Posts

221816 Posts
Default

Quote:
Originally Posted by ewmayer View Post
Unremovable malware found preinstalled on low-end smartphone sold in the US | ZDNet
Quote:
The telco sells cell phones part of Lifeline, a government program that subsidizes phone service for low-income Americans.
Those are commonly known as Obama-phones.
Click image for larger version

Name:	Thanks.jpg
Views:	63
Size:	316.1 KB
ID:	21597
Uncwilly is offline   Reply With Quote
Old 2020-01-10, 21:57   #186
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

263F16 Posts
Default

Quote:
Originally Posted by Uncwilly View Post
Those are commonly known as Obama-phones.
Attachment 21597
I'm not getting the visual joke in reference to a phone, and I really, really hope it's not of the Obama-as-monkey ilk.

==================

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why? | The Register
Quote:
A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough. The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records. However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it’s being served from an IP address associated with Alibaba’s web hosting wing in Hangzhou, east China, for reasons unknown.
On the plus side, said database having ecaped into the wilds of Outer Mongolia means the company that created it will hopefully suffer financially as a result of the thus-ensuing "why pay when I can search the DB myself for free?"-ness.

Last fiddled with by ewmayer on 2020-01-10 at 21:59
ewmayer is offline   Reply With Quote
Old 2020-01-10, 23:11   #187
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

DF216 Posts
Default

Quote:
Originally Posted by ewmayer View Post
I'm not getting the visual joke in reference to a phone, and I really, really hope it's not of the Obama-as-monkey ilk.
<snip>

The Internet is heavily larded with pictures of all sorts of things gone wrong, captioned "Thanks Obama." I believe the picture is of that ilk -- the thing gone wrong being, trying to peel a banana. Another such picture shows a pizza that's gone through the oven racks (except for the outer ring of crust).

The banana picture is in a post referring to "Obama-phones," which your post clearly describes as a thing gone wrong -- and more closely associated with Obama than the everyday mishaps in the Internet "meme" pictures.
Dr Sardonicus is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cause this don't belong in the milestone thread bcp19 Data 30 2012-09-08 15:09
GPU TF vs DC/LL data bcp19 GPU to 72 0 2011-12-02 16:41
Opinions/Suggestions for Data Collection thread kar_bon No Prime Left Behind 19 2008-11-27 09:27
Data available? Prime95 LMH > 100M 10 2007-06-22 23:55
Deutscher Thread (german thread) TauCeti NFSNET Discussion 0 2003-12-11 22:12

All times are UTC. The time now is 10:15.

Sat Oct 24 10:15:06 UTC 2020 up 44 days, 7:26, 0 users, load averages: 1.33, 1.37, 1.38

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.