Privacy

By embedding tracking code into millions of websites, Meta’s Pixel and Yandex Metrica have been able to map Android users' browsing habits with their persistent identities (that is to say, with the account holder logged in). This method bypasses privacy protections offered by Android's permission controls and even browsers' Incognito Mode, affecting all major Android browsers. The international research team has disclosed the issue to several browser vendors, who are actively working on mitigations to limit this type of abuse. For instance, Chrome's mitigation is scheduled to go into effect very soon.

These tracking companies have been doing this bypass for a long time: since 2017 in the case of Yandex, and Meta since September 2024. The number of people affected by this abuse is high, given that Meta Pixel and Yandex Metrica are estimated to be installed on 5.8 million and 3 million sites, respectively. It is also worth noting that evidence of this tracking practice has been observed only on Android.

cross-posted from: https://lemmy.ca/post/45333504

Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

The covert tracking—implemented in the Meta Pixel and Yandex Metrica trackers—allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they're off-limits for every other site.

cross-posted from: https://lemmy.sdf.org/post/35817780

Archived

TikTok has launched a High Court challenge to a €530m fine imposed on it by the Data Protection Commission (DPC).

It is the latest legal attempt by Big Tech to overturn penalties imposed by the Irish privacy regulator. Of the more than €4bn in fines levied on companies including Meta and Amazon, only €20m has been paid so far.

The other penalties are being challenged in the Irish courts. There is no date set for any of the hearings, as a decision is awaited from the European Court of Justice on a key legal point.

[...]

“TikTok failed to verify, guarantee and demonstrate that the personal data of European Economic Area (EEA) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” DPC deputy commissioner Graham Doyle said at the time.

“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”

[...]

In a further “serious development”, the DPC noted that, throughout its inquiry, TikTok had said it did not store EEA user data on servers in China. However, in April it told the regulator that, two months earlier, it discovered that “limited” data had in fact been stored on Chinese servers.

“TikTok informed the DPC that this discovery meant it had provided inaccurate information to the inquiry,” the regulator pointed out. The DPC is currently engaging with other European data regulators on that issue.

In a chilling sign of how far law enforcement surveillance has encroached on personal liberties, 404 Media recently revealed that a sheriff’s office in Texas searched data from more than 83,000 automated license plate reader (ALPR) cameras to track down a woman suspected of self-managing an abortion. The officer searched 6,809 different camera networks maintained by surveillance tech company Flock Safety, including states where abortion access is protected by law, such as Washington and Illinois. The search record listed the reason plainly: “had an abortion, search for female.”

cross-posted from: https://lemmy.ml/post/30792652

Support for Windows 10 ends on October 14, 2025. Microsoft wants you to buy a new computer. But what if you could make your current one fast and secure again?

If you bought your computer after 2010, there's most likely no reason to throw it out. By just installing an up-to-date Linux operating system you can keep using it for years to come.

Installing an operating system may sound difficult, but you don't have to do it alone. With any luck, there are people in your area ready to help!

5 Reasons to upgrade your old computer to Linux:

1. No New Hardware, No Licensing Costs
2. Enhanced Privacy
3. Good For The Planet
4. Community & Professional Support
5. Better User Control

cross-posted from: https://lemmy.bestiver.se/post/410276

Mullvad Leta

Comments

US immigration authorities are collecting and uploading the DNA information of migrants, including children, to a national criminal database, according to government documents released earlier this month.

The database includes the DNA of people who were either arrested or convicted of a crime, which law enforcement uses when seeking a match for DNA collected at a crime scene. However, most of the people whose DNA has been collected by Customs and Border Patrol (CBP), the agency that published the documents, were not listed as having been accused of any felonies. Regardless, CBP is now creating a detailed DNA profile on migrants that will be permanently searchable by law enforcement, which amounts to a “massive expansion of genetic surveillance”, one expert said.

The DNA information is stored in a database managed by the FBI called the Combined DNA Index System (Codis), which is used across the country by local, state and federal law enforcement to identify suspects of crimes using their DNA data.

Wired first reported the practice and the existence of these documents, and estimates there are more than 133,000 migrant teens and children whose DNA has been collected and uploaded to Codis. One of them was just four years old.

OC by @darkguyman@lemmy.dbzer0.com

The password managers are: KeepassDX (Far Left), KeepassXC (PC version of local), Proton Pass (Better privacy) and Bitwarden (Far Right). Please note that bitwarden does some data collection. See their privacy policy here and their privacy spy rating here.

https://archive.is/Htwxm

The EU is launching a new age verification app in July, establishing a tool that will potentially allow for tighter enforcement of rules requiring online platforms to protect minors online.

Paywall-free: https://archive.is/8wl6n

Original question by: @monovergent@lemmy.ml

In the absence of privacy-focused ROMs for my tablet, I settled on flashing an AOSP GSI without Google apps. TrebleDroid to be specific, which is essentially vanilla AOSP, but with some additional drivers to maximize compatibility. Compared to privacy-focused ROMs like GrapheneOS, what exactly does AOSP send back to Google?

cross-posted from: https://lemmy.sdf.org/post/35554000

Archived

[...]

Chinese hackers targeted the Czech Foreign Ministry in a sophisticated cyberattack that lasted more than a year, the government said Tuesday, formally blaming Beijing for infiltrating one of the country’s most sensitive communication systems.

[...]

Foreign Minister Jan Lipavský summoned the Chinese ambassador to Prague, Feng Biao, on Tuesday morning to formally protest the cyberattack. He said the ministry’s system had long suffered from outdated technology and security flaws, which made the breach possible.

[...]

This cyberattack didn’t expose personal data but shows ongoing risks to [...] security. Outdated systems leave sensitive government info vulnerable, which could affect national security and public services. Cooperation with NATO, the EU, and allies aims to prevent future attacks and protect services like passports and healthcare. While your data wasn’t at risk this time, the breach highlights the growing need for strong cybersecurity to keep information safe.

Thousands of home and small office routers manufactured by Asus are being infected with a stealthy backdoor that can survive reboots and firmware updates in an attack by a nation-state or another well-resourced threat actor, researchers said.

The unknown attackers gain access to the devices by exploiting now-patched vulnerabilities, some of which have never been tracked through the internationally recognized CVE system. After gaining unauthorized administrative control of the devices, the threat actor installs a public encryption key for access to the device through SSH. From then on, anyone with the private key can automatically log in to the device with administrative system rights.

Durable control

“‍The attacker’s access survives both reboots and firmware updates, giving them durable control over affected devices,” researchers from security firm GreyNoise reported Wednesday. “The attacker maintains long-term access without dropping malware or leaving obvious traces by chaining authentication bypasses, exploiting a known vulnerability, and abusing legitimate configuration features.”

Paywall Bypass Link: https://archive.is/PMBkE

Support for Windows 10 ends on October 14, 2025. Microsoft wants you to buy a new computer. But what if you could make your current one fast and secure again?

If you bought your computer after 2010, there's most likely no reason to throw it out. By just installing an up-to-date Linux operating system you can keep using it for years to come.

Installing an operating system may sound difficult, but you don't have to do it alone. With any luck, there are people in your area ready to help!

5 Reasons to upgrade your old computer to Linux:

1. No New Hardware, No Licensing Costs
2. Enhanced Privacy
3. Good For The Planet
4. Community & Professional Support
5. Better User Control