cross-posted from: https://lemmy.world/post/40009551

https://www.404media.co/man-charged-for-wiping-phone-before-cbp-could-search-it/

A man in Atlanta has been arrested and charged for allegedly deleting data from a Google Pixel phone before a member of a secretive Customs and Border Protection (CBP) unit was able to search it, according to court records and social media posts reviewed by 404 Media. The man, Samuel Tunick, is described as a local Atlanta activist in Instagram and other posts discussing the case. The exact circumstances around the search—such as why CBP wanted to search the phone in the first place—are not known. But it is uncommon to see someone charged specifically for wiping a phone, a feature that is easily accessible in some privacy and security-focused devices. 💡 Do you know anything else about this case? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co. The indictment says on January 24, Tunick “did knowingly destroy, damage, waste, dispose of, and otherwise take any action to delete the digital contents of a Google Pixel cellular phone, for the purpose of preventing and impairing the Government’s lawful authority to take said property into its custody and control.” The indictment itself was filed in mid-November. Tunick was arrested earlier this month, according to a post on a crowd-funding site and court records. “Samuel Tunick, an Atlanta-based activist, Oberlin graduate, and beloved musician, was arrested by the DHS and FBI yesterday around 6pm EST. Tunick's friends describe him as an approachable, empathetic person who is always finding ways to improve the lives of the people around him,” the site says. Various activists have since shared news of Tunick’s arrest on social media.

The indictment says the phone search was supposed to be performed by a supervisory officer from a CBP Tactical Terrorism Response Team. The American Civil Liberties Union (ACLU) wrote in 2023 these are “highly secretive units deployed at U.S. ports of entry, which target, detain, search, and interrogate innocent travelers.” “These units, which may target travelers on the basis of officer ‘instincts.’ raise the risk that CBP is engaging in unlawful profiling or interfering with the First Amendment-protected activity of travelers,” the ACLU added. The Intercept previously covered the case of a sculptor and installation artist who was detained at San Francisco International Airport and had his phone searched. The report said Gach did not know why, even years later. Court records show authorities have since released Tunick, and that he is restricted from leaving the Northern District of Georgia as the case continues. The prosecutor listed on the docket did not respond to a request for comment. The docket did not list a lawyer representing Tunick.

cross-posted from: https://programming.dev/post/41272884

Donate

Discord Server

Message Link

@everyone GrapheneOS is being heavily targeted by the French state because we provide highly secure devices and won't include backdoors for law enforcement access. Theyre conflating us with companies selling closed source products using portions of our code. Both French state media and corporate media are publishing many stories attacking the GrapheneOS project based on false and unsubstantiated claims from French law enforcement. They've made a clear threat to seize our servers and arrest our developers if we do not cooperate by adding backdoors. Due to this, we're leaving France and leaving French service providers including OVH. We need substantial help from the community to push back against this across platforms. People malicious towards us are also using it as an opportunity to spread libel/harassment conteM targeting our team, raid our chat rooms and much more. /e/ and iodéOS are both based in France, and are both actively attacking GrapheneOS. /e/ receives substantial government funding. Both are extremely non-private and secure which is why France is targeting us while those get government funding. We need a lot more help than usual and we're sending our the first ever notification to everyone on the sewer because this is a particularly bad situation. If people help us, it will enable us to focus more on development again including releasing experimental Pixel l0 releases very soon.

We're thrilled to announce that BusKill was the recipient of a $1,031 microgrant from FUTO!

Can't see video above? Watch it on PeerTube or on YouTube at youtu.be/Qr0VusrG1jE

We're elated to see BusKill join the ranks next to CryptPad, ExifTool, KeePassXC, Whonix, Wireshark, Tor Project, Calyx, and numerous other awesome projects that have received grants from FUTO.

Iterate with us!

Want to print your own BusKill cable? We'll cover your expenses for filament, magnets, and pogo pins.

We plan to use these funds to document our 3D-Printable BusKill Dead Man Switch. And we need your help!

The BusKill project is looking for a volunteer to write the documentation describing how to print and build your own BusKill cable. The documentation will be written for our Sphinx Documentation Site in reStructuredText and pushed in git.

If you have access to a 3D-Printer, please contact us to receive funds to buy the components needed to document the build of a 3D-Printed BusKill.

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info on PeerTube or youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Support BusKill

We're looking forward to continuing to improve the BusKill software and looking for other avenues to distribute our hardware BusKill cable to make it more accessible this year.

If you want to help, please consider purchasing a BusKill cable for yourself or a loved one. It helps us fund further development, and you get your own BusKill cable to keep you or your loved ones safe.

Buy a BusKill Cable
https://buskill.in/buy

You can also buy a BusKill cable with bitcoin, monero, and other altcoins from our BusKill Store's .onion site.

Stay safe,
The BusKill Team
https://www.buskill.in/
http://www.buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/

• AtlasOS: https://atlasos.net/
• Amelabs Privacy+: https://docs.amelabs.net/privacy/_plus.html

I use a Windows VM for apps not available on Linux and just want to cut out all the telemetry possible.

AtlasOS is installed as a Ameliorated Playbook and makes a ton of opinionated changes that aren’t privacy or necessarily performance related. Disabling the Windows 11 right click menus in favor of the legacy one, disabling window shadows, changing the wallpaper, etc. Privacy+ looks appealing, I wanna know if anyone has tried both and can tell me differences, like if one or the other improves privacy more.

cross-posted from: https://lemmy.world/post/37439450

  S.B. No. 2420

AN ACT relating to the regulation of platforms for the sale and distribution of software applications for mobile devices. BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: SECTION 1. Subtitle C, Title 5, Business & Commerce Code, is amended by adding Chapter 121 to read as follows: CHAPTER 121. SOFTWARE APPLICATIONS SUBCHAPTER A. GENERAL PROVISIONS Sec. 121.001. SHORT TITLE. This chapter may be cited as the App Store Accountability Act. Sec. 121.002. DEFINITIONS. In this chapter: (1) "Age category" means information collected by the owner of an app store to designate a user based on the age categories described by Section 121.021(b). (2) "App store" means a publicly available Internet website, software application, or other electronic service that distributes software applications from the owner or developer of a software application to the user of a mobile device. (3) "Minor" means a child who is younger than 18 years of age who has not had the disabilities of minority removed for general purposes. (4) "Mobile device" means a portable, wireless electronic device, including a tablet or smartphone, capable of transmitting, receiving, processing, and storing information wirelessly that runs an operating system designed to manage hardware resources and perform common services for software applications on handheld electronic devices. (5) "Personal data" means any information, including sensitive data, that is linked or reasonably linkable to an identified or identifiable individual. The term includes pseudonymous data when the data is used by a person who processes or determines the purpose and means of processing the data in conjunction with additional information that reasonably links the data to an identified or identifiable individual. The term does not include deidentified data or publicly available information. SUBCHAPTER B. DUTIES OF APP STORES Sec. 121.021. DUTY TO VERIFY AGE OF USER; AGE CATEGORIES. (a) When an individual in this state creates an account with an app store, the owner of the app store shall use a commercially reasonable method of verification to verify the individual's age category under Subsection (b). (b) The owner of an app store shall use the following age categories for assigning a designation: (1) an individual who is younger than 13 years of age is considered a "child"; (2) an individual who is at least 13 years of age but younger than 16 years of age is considered a "younger teenager"; (3) an individual who is at least 16 years of age but younger than 18 years of age is considered an "older teenager"; and (4) an individual who is at least 18 years of age is considered an "adult." Sec. 121.022. PARENTAL CONSENT REQUIRED. (a) If the owner of the app store determines under Section 121.021 that an individual is a minor who belongs to an age category that is not "adult," the owner shall require that the minor's account be affiliated with a parent account belonging to the minor's parent or guardian. (b) For an account to be affiliated with a minor's account as a parent account, the owner of an app store must use a commercially reasonable method to verify that the account belongs to an individual who: (1) the owner of the app store has verified belongs to the age category of "adult" under Section 121.021; and (2) has legal authority to make a decision on behalf of the minor with whose account the individual is seeking affiliation. (c) A parent account may be affiliated with multiple minors' accounts. (d) Except as provided by this section, the owner of an app store must obtain consent from the minor's parent or guardian through the parent account affiliated with the minor's account before allowing the minor to: (1) download a software application; (2) purchase a software application; or (3) make a purchase in or using a software application. (e) The owner of an app store must: (1) obtain consent for each individual download or purchase sought by the minor; and (2) notify the developer of each applicable software application if a minor's parent or guardian revokes consent through a parent account. (f) To obtain consent from a minor's parent or guardian under Subsection (d), the owner of an app store may use any reasonable means to: (1) disclose to the parent or guardian: (A) the specific software application or purchase for which consent is sought; (B) the rating under Section 121.052 assigned to the software application or purchase; (C) the specific content or other elements that led to the rating assigned under Section 121.052; (D) the nature of any collection, use, or distribution of personal data that would occur because of the software application or purchase; and (E) any measures taken by the developer of the software application or purchase to protect the personal data of users; (2) give the parent or guardian a clear choice to give or withhold consent for the download or purchase; and (3) ensure that the consent is given: (A) by the parent or guardian; and (B) through the account affiliated with a minor's account under Subsection (a). (g) If a software developer provides the owner of an app store with notice of a change under Section 121.053, the owner of the app store shall: (1) notify any individual who has given consent under this section for a minor's use or purchase relating to a previous version of the changed software application; and (2) obtain consent from the individual for the minor's continued use or purchase of the software application. (h) The owner of an app store is not required to obtain consent from a minor's parent or guardian for: (1) the download of a software application that: (A) provides a user with direct access to emergency services, including: (i) 9-1-1 emergency services; (ii) a crisis hotline; or (iii) an emergency assistance service that is legally available to a minor; (B) limits data collection to information: (i) collected in compliance with the Children's Online Privacy Protection Act of 1998 (15 U.S.C. Section 6501 et seq.); and (ii) necessary for the provision of emergency services; (C) allows a user to access and use the software application without requiring the user to create an account with the software application; and (D) is operated by or in partnership with: (i) a governmental entity; (ii) a nonprofit organization; or (iii) an authorized emergency service provider; or (2) the purchase or download of a software application that is operated by or in partnership with a nonprofit organization that: (A) develops, sponsors, or administers a standardized test used for purposes of admission to or class placement in a postsecondary educational institution or a program within a postsecondary educational institution; and (B) is subject to Subchapter D, Chapter 32, Education Code. Sec. 121.023. DISPLAY OF AGE RATING FOR SOFTWARE APPLICATION. (a) If the owner of an app store that operates in this state has a mechanism for displaying an age rating or other content notice, the owner shall: (1) make available to users an explanation of the mechanism; and (2) display for each software application available for download and purchase on the app store the age rating and other content notice. (b) If the owner of an app store that operates in this state does not have a mechanism for displaying an age rating or other content notice, the owner shall display for each software application available for download and purchase on the app store: (1) the rating under Section 121.052 assigned to the software application; and (2) the specific content or other elements that led to the rating assigned under Section 121.052. (c) The information displayed under this section must be clear, accurate, and conspicuous. Sec. 121.024. INFORMATION FOR SOFTWARE APPLICATION DEVELOPERS. The owner of an app store that operates in this state shall, using a commercially available method, allow the developer of a software application to access current information related to: (1) the age category assigned to each user under Section 121.021(b); and (2) whether consent has been obtained for each minor user under Section 121.022. Sec. 121.025. PROTECTION OF PERSONAL DATA. The owner of an app store that operates in this state shall protect the personal data of users by: (1) limiting the collection and processing of personal data to the minimum amount necessary for: (A) verifying the age of an individual; (B) obtaining consent under Section 121.022; and (C) maintaining compliance records; and (2) transmitting personal data using industry-standard encryption protocols that ensure data integrity and confidentiality. Sec. 121.026. VIOLATION. (a) The owner of an app store that operates in this state violates this subchapter if the owner: (1) enforces a contract or a provision of a terms of service agreement against a minor that the minor entered into or agreed to without consent under Section 121.022; (2) knowingly misrepresents information disclosed under Section 121.022(f)(1); (3) obtains a blanket consent to authorize multiple downloads or purchases; or (4) shares or discloses personal data obtained for purposes of Section 121.021, except as required by Section 121.024 or other law. (b) The owner of an app store is not liable for a violation of Section 121.021 or 121.022 if the owner of the app store: (1) uses widely adopted industry standards to: (A) verify the age of each user as required by Section 121.021; and (B) obtain parental consent as required by Section 121.022; and (2) applies those standards consistently and in good faith. Sec. 121.027. CONSTRUCTION OF SUBCHAPTER. Nothing in this subchapter may be construed to: (1) prevent the owner of an app store that operates in this state from taking reasonable measures to block, detect, or prevent the distribution of: (A) obscene material, as that term is defined by Section 43.21, Penal Code; or (B) other material that may be harmful to minors; (2) require the owner of an app store that operates in this state to disclose a user's personal data to the developer of a software application except as provided by this subchapter; (3) allow the owner of an app store that operates in this state to use a measure required by this chapter in a manner that is arbitrary, capricious, anticompetitive, or unlawful; (4) block or filter spam; (5) prevent criminal activity; or (6) protect the security of an app store or software application. SUBCHAPTER C. DUTIES OF SOFTWARE APPLICATION DEVELOPERS Sec. 121.051. APPLICABILITY OF SUBCHAPTER. This subchapter applies only to the developer of a software application that the developer makes available to users in this state through an app store. Sec. 121.052. DESIGNATION OF AGE RATING. (a) The developer of a software application shall assign to each software application and to each purchase that can be made through the software application an age rating based on the age categories described by Section 121.021(b). (b) The developer of a software application shall provide to each app store through which the developer makes the software application available: (1) each rating assigned under Subsection (a); and (2) the specific content or other elements that led to each rating provided under Subdivision (1). Sec. 121.053. CHANGES TO SOFTWARE APPLICATIONS. (a) The developer of a software application shall provide notice to each app store through which the developer makes the software application available before making any significant change to the terms of service or privacy policy of the software application. (b) For purposes of this section, a change is significant if it: (1) changes the type or category of personal data collected, stored, or shared by the developer; (2) affects or changes the rating assigned to the software application under Section 121.052 or the content or elements that led to that rating; (3) adds new monetization features to the software application, including: (A) new opportunities to make a purchase in or using the software application; or (B) new advertisements in the software application; or (4) materially changes the functionality or user experience of the software application. Sec. 121.054. AGE VERIFICATION. (a) The developer of a software application shall create and implement a system to use information received under Section 121.024 to verify: (1) for each user of the software application, the age category assigned to that user under Section 121.021(b); and (2) for each minor user of the software application, whether consent has been obtained under Section 121.022. (b) The developer of a software application shall use information received from the owner of an app store under Section 121.024 to perform the verification required by this section. Sec. 121.055. USE OF PERSONAL DATA. (a) The developer of a software application may use personal data provided to the developer under Section 121.024 only to: (1) enforce restrictions and protections on the software application related to age; (2) ensure compliance with applicable laws and regulations; and (3) implement safety-related features and default settings. (b) The developer of a software application shall delete personal data provided by the owner of an app store under Section 121.024 on completion of the verification required by Section 121.054. (c) Notwithstanding Subsection (a), nothing in this chapter relieves a social media platform from doing age verification as required by law. Sec. 121.056. VIOLATION. (a) Except as provided by this section, the developer of a software application violates this subchapter if the developer: (1) enforces a contract or a provision of a terms of service agreement against a minor that the minor entered into or agreed to without consent under Section 121.054; (2) knowingly misrepresents an age rating or reason for that rating under Section 121.052; or (3) shares or discloses the personal data of a user that was acquired under this subchapter. (b) The developer of a software application is not liable for a violation of Section 121.052 if the software developer: (1) uses widely adopted industry standards to determine the rating and specific content required by this section; and (2) applies those standards consistently and in good faith. (c) The developer of a software application is not liable for a violation of Section 121.054 if the software developer: (1) relied in good faith on age category and consent information received from the owner of an app store; and (2) otherwise complied with the requirements of this section. SUBCHAPTER D. ENFORCEMENT Sec. 121.101. DECEPTIVE TRADE PRACTICE. A violation of this chapter constitutes a deceptive trade practice in addition to the practices described by Subchapter E, Chapter 17, and is actionable under that subchapter. Sec. 121.102. CUMULATIVE REMEDIES. The remedies provided by this chapter are not exclusive and are in addition to any other action or remedy provided by law. SECTION 2. It is the intent of the legislature that every provision, section, subsection, sentence, clause, phrase, or word in this Act, and every application of the provisions in this Act to every person, group of persons, or circumstances, is severable from each other. If any application of any provision in this Act to any person, group of persons, or circumstances is found by a court to be invalid for any reason, the remaining applications of that provision to all other persons and circumstances shall be severed and may not be affected. SECTION 3. This Act takes effect January 1, 2026.

  ______________________________ 	______________________________
     President of the Senate 	Speaker of the House     

         I hereby certify that S.B. No. 2420 passed the Senate on
  April 16, 2025, by the following vote: Yeas 30, Nays 1; and that
  the Senate concurred in House amendments on May 14, 2025, by the
  following vote: Yeas 30, Nays 1.
  

  ______________________________
  Secretary of the Senate    

         I hereby certify that S.B. No. 2420 passed the House, with
  amendments, on May 9, 2025, by the following vote: Yeas 120,
  Nays 9, three present not voting.
  

  ______________________________
  Chief Clerk of the House   

  

  Approved:
  
  ______________________________ 
              Date
  
  
  ______________________________ 
            Governor

cross-posted from: https://lemmy.sdf.org/post/43766742

cross-posted from: https://lemmy.sdf.org/post/43756522

[...]

Federal privacy commissioner Philippe Dufresne and commissioners in Alberta, British Columbia and Quebec found TikTok failed to keep Canadian children off its platform and collected vast amounts of personal information, including information considered sensitive.

“The investigation uncovered that TikTok removes approximately 500,000 underage users from the platform each year,” said the report. “Where these children were engaging with the platform before being removed, TikTok was already collecting, inferring and using information about them to serve them targeted ads and recommend tailored content to them.”

Face, voice recognition

TikTok was caught using biometric information via facial and vocal analytics. It did not adequately explain to users that their data would be used to infer age and gender for the delivery of tailored ads and recommended content.

[...]

The investigation also found the company’s privacy policy was deficient.

“While TikTok requires users to expressly accept its terms and conditions and privacy policy during account sign-up, we found that such consent — vis-à-vis TikTok’s practices related to tracking, profiling, targeting and content personalization — was not valid or meaningful.”

[...]

In November 2024, the federal cabinet ordered TikTok to wind-up Canadian operations for national security reasons. However, the app was not banned from Canada and TikTok has applied for a judicial review in Federal Court.

cross-posted from: https://lemmy.world/post/37009566

European SMEs have united to direct a strong open letter to urge ministers of EU member states to oppose Chat Control and to defend privacy and a strong European tech industry.

cross-posted from: https://lemmy.world/post/36982928

Tyler Robinson, the suspect of the Charlie Kirk's assassination, almost got away with it all. This is how the FBI really caught him. Support my independent work: / thehatedone

The FBI is telling you that the manhunt for the suspect of Charlie Kirk's assassination was a result of a historic investigation with the use of the most advanced intelligence techniques available to law enforcement.

But the reality will tell you a different story. A story that is now very well reported and reveals how the suspect was actually caught. In what's about to follow, I'll explain to you every detail of the surveillance and intelligence behind the manhunt for Tyler Robinson, the alleged shooter at Utah Valley. In reality, it is not clear whether anything the FBI did actually helped track down the suspect.

The most damning admission of this fact is that after a full day of endless investigation, full 24 hours after Charlie Kirk was shot, the FBI, Kash Patel and local law enforcement were so confused they had “no idea where” the suspect was and they weren’t even sure whether he still was in Utah or not.

By the time the police did finally catch Tyler Robinson, he was so far away from the scene of the shooting that had he simply kept running, he probably would’ve gone away with it. He was arrested 250 miles away, in his parental home in St. George, Utah, whole 33 hours after the shooting.

SOURCES [References available in the transcript: / how-they-really-140361439 ] [0] • Kash Patel discusses investigation into Ch...
[1] https://www.nytimes.com/2025/09/12/us... [2] https://www.nytimes.com/live/2025/09/... [3] https://www.tmz.com/2025/09/13/tyler-... [4] • Chilling Emergency Dispatch Audio Captured...
[5] https://news.sky.com/story/charlie-ki... [6] https://www.nytimes.com/interactive/2... [7] https://archive.is/K6rQw [8] https://archive.today/01VkR [9] https://www.nbcnews.com/news/us-news/... [10] https://archive.today/4BcVY [11] https://www.nytimes.com/2025/09/11/us... [12] https://x.com/UtahDPS/status/19662919... [13] https://www.economist.com/science-and... [14] https://www.technologyreview.com/2025... [15] • Tyler Robinson, suspect in fatal shooting ...
[16] • You Can Run but Not Hide: Improving Gait R...
[17] https://ieeexplore.ieee.org/abstract/... [18] https://arxiv.org/abs/2306.17206 [19] • Suspected Charlie Kirk shooter seen in sur...
[20] https://innovationcenter.msu.edu/who-... [21] https://www.tmz.com/2025/09/13/tyler-... [22] https://x.com/TMZ/status/196627181449... [23] https://marketplace.fedramp.gov/produ... [24] https://arxiv.org/abs/2505.04616 [25] https://arxiv.org/pdf/2310.15946 [26] https://openaccess.thecvf.com/content... [27] • Raw Video: Charlie Kirk shooting suspect a...
[28] https://www.bbc.com/news/articles/c20... [29] https://www.newsweek.com/tyler-robins...

cross-posted from: https://lemmy.ca/post/51890071

cross-posted from: https://lemmy.world/post/36145028

A nonprofit organization dedicated to advancing human rights in digital spaces across West Asia and North Africa — is warning that Israeli-linked software secretly embedded in Samsung phones across the MENA region poses a serious surveillance threat.

According to SMEX, Samsung’s A and M series devices either come preloaded with the app “Aura” or install it automatically through system updates, without the user’s consent. The application reportedly collects a wide range of personal and device-specific data, including IP addresses, device fingerprints, hardware details, and network information.

​​In 2022, Samsung MENA partnered with Israeli tech company IronSource, integrating its Aura software into Galaxy A and M series phones across the region. The partnership was publicly marketed as a way to “enhance user experience” with AI-powered apps and content suggestions.

Apparently someone made another Privacy-respecting internet "Protocol" called BetaNet & is seeking help. I don't know know what to make of it when:

• DAT protocol (It's a Web3 protocol)
• GNUnet
• FreeNet
• ZeroNet
• Gemini
• Gopher (Although not maintained)

Were & ARE a thing. Also check this cool website out; it's called SmolNet-Portal

UPDATE: Here's their Repository & looks like Hostinger censored him

Archived

Here is the original report (pdf).

Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones, allowing them to obtain text messages — including from chat apps such as Signal — images, location histories, audio recordings, contacts, and more.

In a report [...] mobile cybersecurity company Lookout detailed the hacking tool called Massistant, which the company said was developed by Chinese tech giant Xiamen Meiya Pico.

Massistant, according to Lookout, is Android software used for the forensic extraction of data from mobile phones, meaning the authorities using it need to have physical access to those devices. While Lookout doesn’t know for sure which Chinese police agencies are using the tool, its use is assumed widespread, which means Chinese residents, as well as travelers to China, should be aware of the tool’s existence and the risks it poses.

“It’s a big concern. I think anybody who’s traveling in the region needs to be aware that the device that they bring into the country could very well be confiscated and anything that’s on it could be collected,” Kristina Balaam, a researcher at Lookout who analyzed the malware, told TechCrunch ahead of the report’s release. “I think it’s something everybody should be aware of if they’re traveling in the region.”

Balaam found several posts on local Chinese forums where people complained about finding the malware installed on their devices after interactions with the police.

“It seems to be pretty broadly used, especially from what I’ve seen in the rumblings on these Chinese forums,” said Balaam.

[...]

cross-posted from: https://lemmy.sdf.org/post/38682823

Ireland's Data Protection Commission (DPC) has announced that it has opened an inquiry into TikTok Technology Limited’s (TikTok) transfers of EEA users’ personal data to servers located in China.

[...]

In April 2025, TikTok informed the DPC of an issue that it had discovered in February 2025, namely that limited EEA user data had in fact been stored on servers in China, contrary to TikTok’s evidence to the previous inquiry.

[...]

The DPC’s decision, which issued following the inquiry cooperation procedure with peer EU regulators under the GDPR One Stop Shop mechanism, expressed its deep concern that TikTok had submitted inaccurate information to that inquiry. In its press release issued at the time of the conclusion of that inquiry, the DPC stated that it was taking those developments “very seriously” and was “considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities”. As a result of that consideration, the DPC has now decided to open this new inquiry into TikTok.

[...]

cross-posted from: https://lemmy.sdf.org/post/38550444

The Chinese artificial intelligence (AI) application DeepSeek is set to be removed from app stores in Germany at the behest of the federal data protection officer, Louisa Specht-Riemenschneider, due to violations of European law.

"China does not have a level of data protection that corresponds to our General Data Protection Regulation," she told the newspapers of the Funke media group. Data transfers to China are "extremely critical," she said.

[...]

Specht-Riemenschneider said she supports the initiative of the Berlin data protection officer and did not accept criticism that data protection is a hindrance to innovation.

"Data protection is a guarantee of trust. It can even be a competitive advantage," said Specht-Riemenschneider. "What hinders innovation is legal uncertainty in the market. And this also stems from a proliferation of digital legislation."

She said that digital legislation in Europe must be better coordinated, with clear rules including for data protection.

Authorities in South Korea, Italy, Taiwan and Australia have already taken action against DeepSeek.

[...]

cross-posted from: https://lemmy.sdf.org/post/38321143

TikTok was fined 530 million euros ($620 million) in May by the Data Protection Commission over European data transfers to China, though the Chinese social media giant had insisted this data was only accessed remotely.

The DPC on Thursday said it had been informed by TikTok in April that "limited EEA user data had in fact been stored on servers in China," contrary to evidence presented by the company.

The regulator said it had expressed "deep concern" in its previous investigation that "TikTok had submitted inaccurate information".

[...]

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

Archived

Pros:

• Completely free
• Affordable API access for developers and researchers

Cons:

• Doesn’t keep your data safe
• Occasionally incorrect
• No deep research, image generation, or voice mode features
• Slow responses
• Obvious censorship

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-06-16
Period: 2025-06-01 to 2026-05-31
Expiry: 2026-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is July 16, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

1. We are changing from twice-yearly to once-yearly canaries

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

16 Jun 25 19:17:39 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
"Teacher Li": Catching Up with the Most Effective Chinese Regime Opponent
Firing at the Desperate: Palestinians Killed as They Gather to Receive Relief Supplies

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Live Updates: Israel Strikes Iranian State TV as It Expands Targets in Tehran
With No Clear Off-Ramp, Israel’s War With Iran May Last Weeks, Not Days

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
No further damage seen at Iran nuclear sites, global watchdog says
'Nowhere feels safe': Iranians on life under Israeli attacks

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
00000000000000000000f2c3a15949aac2f6d7bc153330a4fca496f68c8c4b21

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmhQbsQACgkQaLi8sMUC
OQW6Ng//aVnkEMdWFTbwBkDD5k7i1+sdoX1XwigV/hYHoTBJqeIATbw3uvdqiQfx
/VY8sCJUFyLjAqSmEb7rXMjvVy0PFWP7zS4BJgGimEkNoIYRQBfY7txK9uD7ZJ1n
02ybYu7VwEoBJPtwmP4rp6Vpb5rVXmN//ezXDHteLvLEGTKSJ6X/O7tEPtUNbJmR
37KvkKPLY4txkm0z/3ChGVCicQPO9R7d+Xh2TUo9xXPyVneYTRhjSjWfwpcg0Z58
xW5KTGDbB09HMdrmWkl2aOQrf0GgHjPUapOXy1CB3NBR84j6Nsr2Pod3dOuS7moQ
VKnokMS6/dTTvoUbjUpSizDZu+Te2RYanV2I3gt5CHKDNhyFUh4EYOMPqje1dy8j
bf5I4p0qsZkRN12IvIQzDVKKq4guD7zQuagpWvi0d7OtNldT2lu7G2uWQ55WLej0
4QbFn7WCeEWyMXhQHYVYjY8QZPSIHTLHUBTm59+/CGEXYB9WeVi3g2sbD9Aasgod
Te7pm3SC4Sg+F8v7SCoPbxY9VXdCUREOsxPybYrtbFgkdnZwsb2YlN7UDJ9Lqz7i
GYMqX7JNpt7R+Zbp4TQCy1yQY4gNR4H2E1Z2o+3cRTygbUHV58/L0IJc+lO6oHJY
Sa4k/6pswal3CYJSu+imbRmhoFnpv1pFZ1ch2b8k8K/1q727NkU=
=1XvB
-----END PGP SIGNATURE-----

What is a Warrant Canary?

The BusKill team publishes cryptographically signed warrant canaries on an annual basis.

Although security is one of our top priorities, we might not be able to inform you of of a breach if served with a State-issued, secret subpoena (gag order).

The purpose of publishing these canary statements is to indicate to our users the integrity of our systems.

For more information about BusKill canaries, see:

• https://buskill.in/canary

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

cross-posted from: https://lemmy.sdf.org/post/36376926

Archived

On June 4, during a meeting with government officials, Vladimir Putin stated that all public services must be moved to the national messenger app called Max. According to Minister of Digital Development Maksut Shadayev, the multiplatform system is already operational.

[...]

The Max app — a Russian equivalent of China’s WeChat — was unveiled by the tech giant VK in late March. At present, it features a messenger, a chatbot builder, a payment system, and mini-apps. On June 5, VTB’s digital bank launched on the platform.

To register, a Belarusian or Russian SIM card is required — which, as The Insider noted, foreigners can no longer obtain without submitting biometric data.

As stated in the Max app’s privacy policy, the platform will collect data on:

• user devices
• IP address
• operating system
• browser
• location
• internet provider
• contacts from the address book
• all user activity within the service
• information obtained through the camera or microphone, if the user grants the app access (most users will, for example, in order to record voice messages)

Other messaging apps collect such data as well, but there's a catch. The Max app's privacy policy explicitly states that it may share this data with the “company's partners” as well as with “any government or local authority.”

[...]

Archived

A newly emerged threat actor, going by the alias “Often9,” has posted on a prominent cybercrime and database trading forum, claiming to possess 428 million unique TikTok user records. The post is titled “TikTok 2025 Breach – 428M Unique Lines.”

The seller’s post, which appeared on the forum [on May 29, 2025], promises a dataset containing detailed user information such as:

• Email addresses
• Mobile phone numbers
• Biography, avatar URLs, and profile links
• TikTok user IDs, usernames, and nicknames
• Account flags like private_account, secret, verified, and ttSeller status.
• Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts.

[...]

crosspostato da: https://lemmy.sdf.org/post/36242205

Archived

• Hundreds of millions of users are likely exposed.
• Data leak contained billions of documents with financial data, WeChat and Alipay details.
• The Cybernews research team believes the dataset was meticulously gathered and maintained for building comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen.

The supermassive data leak likely exposed hundreds of millions of users, primarily from China, the Cybernews research team’s latest findings reveal. A humungous, 631 gigabytes-strong database was left without a password, publicizing mind-boggling 4 billion records.

Bob Dyachenko, cybersecurity researcher and owner at SecurityDiscovery.com, together with the Cybernews team, discovered billions upon billions of exposed records on an open instance.

[...]

The database consisted of numerous collections, containing from half a million to over 800 million records from various sources. The Cybernews research team believes the dataset was meticulously gathered and maintained for building comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen.

“The sheer volume and diversity of data types in this leak suggests that this was likely a centralized aggregation point, potentially maintained for surveillance, profiling, or data enrichment purposes,” the team observed.

There’s no shortage of ways threat actors or nation states could exploit the data. With a data set of that magnitude, everything from large-scale phishing, blackmail, and fraud to state-sponsored intelligence gathering and disinformation campaigns is on the table.

[...]

The team managed to see sixteen data collections, likely named after the type of data they included.

The largest collection, with over 805 million records, was named “wechatid_db,” which most likely points to the data coming from the Baidu-owned super-app WeChat.

[...]

The second largest collection, “address_db,” had over 780 million records containing residential data with geographic identifiers. The third largest collection, simply named “bank,” had over 630 million records of financial data, including payment card numbers, dates of birth, names, and phone numbers.

Possessing only these three collections would enable skilled attackers to correlate different data points to find out where certain users live and what their spending habits, debts, and savings are.

Another major collection in the dataset was named in Mandarin, which roughly translates to “three-factor checks.” With over 610 million records, the collection most likely contained IDs, phone numbers, and usernames.

[...]

"Individuals who may be affected by this leak have no direct recourse due to the anonymity of the owner and lack of notification channels,” the team noted.

China-based data leaks are hardly new. We [Cybernews] ourselves have previously written about a data leak that exposed 1.5 billion Weibo, DiDi, Shanghai Communist Party, and others’ records, or a mysterious actor spilling over 1.2 billion records on Chinese users. More recently, attackers leaked 62 million iPhone users’ records online.

[...]

cross-posted from: https://lemmy.sdf.org/post/36106116

Archived

[...]

According to the measures, introduced by the Ministry of Public Security (MPS), each internet user in China will be issued with a unique “web number,” or wanghao (网号), that is linked to their personal information. While these IDs are, according to the MPS notice, to be issued on a strictly voluntary basis through public service platforms, the government appears to have been working on this system for quite some time — and state media are strongly promoting it as a means of guaranteeing personal “information security” (信息安全). With big plans afoot for how these IDs will be deployed, one obvious question is whether these measures will remain voluntary.

[...]

The measures bring China one step closer to centralized control over how Chinese citizens access the internet. The Cybersecurity Law of 2017 merely stipulated that when registering an account on, say, social media, netizens must register their “personal information” (个人信息), also called “identifying information” (身份信息). That led to uneven interpretations by private companies of what information was required. Whereas some sites merely ask for your name and phone number, others also ask for your ID number — while still others, like Huawei’s cloud software, want your facial biometrics on top of it.

[...]

Beyond the key question of personal data security, there is the risk that the cyber ID system could work as an internet kill switch on each and every citizen. It might grant the central government the power to bar citizens from accessing the internet, simply by blocking their cyber ID. “The real purpose is to control people’s behavior on the Internet,” Lao Dongyan cautioned last year.

[...]

Take a closer look at state media coverage of the evolving cyber ID system and the expansion of its application seems a foregone conclusion — even extending to the offline world. Coverage by CCTV reported last month that it would make ID verification easier in many contexts. “In the future, it can be used in all the places where you need to show your ID card,” a professor at Tsinghua’s AI Institute said of the cyber ID. Imagine using your cyber ID in the future to board the train or access the expressway.

[...]

While Chinese state media emphasize the increased ease and security cyber IDs will bring, the underlying reality is more troubling. Chinese citizens may soon find themselves dependent on government-issued digital credentials for even the most basic freedoms — online and off.

cross-posted from: https://lemmy.sdf.org/post/35993881

[...]

Under draft legislation that the State Duma approvedat first reading on May 22, 2025, a bill will require banks and merchants to facilitate digital ruble transactions and a universal QR payment code for purchases. Beginning October 1, 2025, the digital ruble will be used for a limited range of federal budget expenditures, transitioning on January 1, 2026, to full, unrestricted use for all federal outlays.

[...]

Kremlin financiers will track every digital ruble transaction in real time, granting authorities the power to block citizens’ accounts without a court order and automatically deduct taxes, fines, and other charges. Social benefits payable in digital rubles will be usable only for government‐approved categories of goods and services, and spending may be restrictedbased on a citizen’s place of residence or product type.

[...]

Critics—from human rights groups to economic analysts—argue the digital ruble will entrench state surveillance. According to The Cryptonomist, Russia’s CBDC may replicate China’s model of monitoring every transaction, but with even tighter Kremlin oversight. Ukrainian intelligence observers highlight the risk of a “behavioral loyalty” system, where digital currency access depends on citizens’ political and social “reliability.”

Previously, it was reported that Latvia’s Defense Intelligence and Security Service released a 48-page public handbook designed to help civilians identify and report suspected Russian operatives. The guide details indicators such as ragged appearance and suspicious behavior, offers safe reporting practices, and includes case studies illustrating espionage tactics in both urban and rural settings.

[...]