Privacy

Ron Deibert, the director of Citizen Lab, one of the most prominent organizations investigating government spyware abuses, is sounding the alarm to the cybersecurity community and asking them to step up and join the fight against authoritarianism.

On Wednesday, Deibert will deliver a keynote at the Black Hat cybersecurity conference in Las Vegas, one of the largest gatherings of information security professionals of the year.

Ahead of his talk, Deibert told TechCrunch that he plans to speak about what he describes as a “descent into a kind of fusion of tech and fascism,” and the role that the Big Tech platforms are playing, and “propelling forward a really frightening type of collective insecurity that isn’t typically addressed by this crowd, this community, as a cybersecurity problem.”

Deibert described the recent political events in the United States as a “dramatic descent into authoritarianism,” but one that the cybersecurity community can help defend against.

One afternoon in late 2021, Microsoft’s chief executive, Satya Nadella, met with the commander of Israel’s military surveillance agency, Unit 8200. On the spy chief’s agenda: moving vast amounts of top secret intelligence material into the US company’s cloud.

Meeting at Microsoft’s headquarters near Seattle, a former chicken farm turned hi-tech campus, the spymaster, Yossi Sariel, won Nadella’s support for a plan that would grant Unit 8200 access to a customised and segregated area within Microsoft’s Azure cloud platform.

Armed with Azure’s near-limitless storage capacity, Unit 8200 began building a powerful new mass surveillance tool: a sweeping and intrusive system that collects and stores recordings of millions of mobile phone calls made each day by Palestinians in Gaza and the West Bank.

A jury has unanimously found Meta guilty of violating the California Invasion of Privacy Act by using data from menstruation and fertility app Flo to sell advertising to the social network.

"This is a landmark moment in the effort to safeguard digital privacy rights," said Michael Canty, lead trial attorney at Labaton Keller Sucharow LLP, representing the plaintiffs, in an emailed statement to The Register.

"Our clients entrusted their most sensitive information to a health app, only to have it exploited by one of the world’s most powerful tech companies. This verdict is a wake-up call to companies that view consent as a formality and transparency as optional."

Founded in 2015, Flo Health makes an iOS and Android app that about 70 million people use each month, according to the company. It can track not only period cycles and ovulation, but also sexual activity and health issues, should the user add in that data.

However, in 2019, the Wall Street Journal reported Flo was sharing health events with Meta.

OQB: @spinning_disk_engineer@lemmy.ca

I'm looking into getting some domains for email, so I don't need to use the same few addresses for everything. In doing this, the domain name itself becomes the identity, but it's also entirely arbitrary.

What is a good method to choose domain names so that they look more or less normal? Catch all addresses can of course be detected in SMTP, but the idea is just to not look suspicious. Would anyone be comfortable sharing the constructions they use? (though not the domains themselves, for obvious reasons) Should I use subdomains for the things that can safely be correlated, (as spam defense) or is it better to only use different mailboxes on one domain?