cross-posted from: https://lemux.minnix.dev/post/426028

https://archive.is/tc2xB

• Google no longer plans to banish third-party cookies from Chrome.
• The company will instead let users opt into having the trackers in their browser.
• Google wrote in a blog post that it's still discussing the plan with regulators.

Abandoned luggage and unexpected crowds - real-time cameras will use artificial intelligence (AI) to detect suspicious activity on the streets of Paris during next summer's Olympics. But civil rights groups say the technology is a threat to civil liberties, as the BBC's Hugh Schofield reports.

"We are not China; we do not want to be Big Brother," says François Mattens, whose Paris-based AI company is bidding for part of the Olympics video surveillance contract.

Under a recent law, police will be able to use CCTV algorithms to pick up anomalies such as crowd rushes, fights or unattended bags.

The law explicitly rules out using facial recognition technology, as adopted by China, for example, in order to trace "suspicious" individuals.

But opponents say it is a thin end of the wedge. Even though the experimental period allowed by the law ends in March 2025, they fear the French government's real aim is to make the new security provisions permanent.

One Monday morning in May, I woke up and grabbed my cell phone to read the news and scroll through memes. But it was out of cell service. I couldn’t make calls or texts.

That, though, turned out to be the least of my problems.

Using my home Wi-Fi connection, I checked my email and discovered a notification that $20,000 was being transferred from my credit card to an unfamiliar Discover Bank account.

I thwarted that transfer and reported the cell phone issues, but my nightmare was just starting. Days later, someone managed to transfer $19,000 from my credit card to the same strange bank account.

I was the victim of a type of fraud known as port-out hijacking, also called SIM-swapping. It’s a less-common form of identity theft. New federal regulations aimed at preventing port-out hijacking are under review, but it’s not clear how far they will go in stopping the crime.

Italy’s competition and consumer watchdog has announced an investigation into how Google gets users’ consent in order to link their activity across different services for ad profiling, saying it suspects the adtech giant of “unfair commercial practices.”

At issue here is how Google obtains consent from users in the European Union to link their activity across its apps and services — like Google Search, YouTube, Chrome and Maps. Linking user activity lets it profile them for ad targeting, the company’s main source of revenue.

cross-posted from: https://lemmy.smeargle.fans/post/200646

HN Discussion

We're happy to announce that BusKill is presenting at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: 2024-08-10 12:00 - 13:45
Where: W303 – Third Floor – LVCC West Hall

BusKill is presenting at DEF CON 32

via @Goldfishlaser@lemmy.ml

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

What is DEF CON?

DEF CON is a yearly hacker conference in Las Vegas, USA.

Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg

What is BusKill presenting at DEF CON?

I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: Sat Aug 10 12PM – 1:45PM
Where: W303 – Third Floor – LVCC West Hall

Who: Melanie Allen (goldfishlaser) More info

Talk Description

BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:

1. a usb-a extension cord,
2. a usb hard drive capable of being attached to a carabiner,
3. a carabiner,
4. the plastic pieces in this file,
5. a usb female port,
6. a usb male,
7. 4 magnets,
8. 4 pogo pins,
9. 4 pogo receptors,
10. wire,
11. 8 screws,
12. and BusKill software.

Golden DIY BusKill Print

Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.

Meet Me @ DEF CON

If you'd like to find me and chat, I'm also planning to attend:

• ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 | 236),
• Hacker Kareoke (Friday and Sat 20:00-21:00 | 222),
• Goth Night (Friday: 21:00 – 02:00 | 322-324),
• QueerCon Mixer (Saturday: 16:00-18:00 | Chillout 2),
• EFF Trivia (Saturday: 17:30-21:30 | 307-308), and
• Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 | 325-327)

I hope to print many fun trinkets for my new friends, including some BusKill keychains.

Come to my presentation @ DEF CON for some free BusKill swag

By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.

Google’s Gemini AI has been accused of scanning PDF files hosted on Google Drive without active permission or initiation, sparking yet another discussion around AI safety and privacy concerns.

Senior Advisor on AI Governance Kevin Bankson took to X to share concerns over an automatically generated AI summary in a private and confidential tax return.

Bankston’s thread detailed his experience with Gemini AI reading private documents without consent and the subsequent troubles in disabling the functionality on the cloud storage platform.

Pakistan has authorised its powerful spy agency to tap phone calls and messages, tightening the army’s grip on the South Asian nation.

Citizens and human rights advocates have criticised the move amid fears it could be weaponised to suppress political opponents and throttle dissent.

The ISI, which is run by the military, will be able to legally intercept and trace phone calls and messages in the interest of "national security".

Federal law minister Azam Nazeer Tarar told the parliament that the Ministry of Information Technology and Telecommunications has been advised of the authorisation in an 8 July notice.

”Anyone who misuses the law will face action," he said on Tuesday while claiming that the authorisation is limited to tracking criminal and terrorist activities and that the government will ensure it doesn’t infringe people's lives and privacy.

The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Some banks – and even governments – have begun requiring live images over Zoom or similar in order to participate in the modern economy. The question must be asked, though: is it cyber smart?

Just last Monday the Southeast Asian nation of Vietnam began requiring face scans on phone banking apps as proof of identity for all digital transactions of around $400 and above.

The nation's residents are not able to opt out of the banking rules, despite Vietnam regularly finding itself ranked poorly when it comes to internet privacy or cyber security.

Local media has weighed in to suggest that selfies will not improve security. And just days into the new regime, some apps have already been called out for accepting still photos instead of a live image of the individual.

Brazil’s data protection authority (ANPD) has banned Meta from training its artificial intelligence models on Brazilian personal data, citing the “risks of serious damage and difficulty to users.” The decision follows an update to Meta’s privacy policy in May in which the social media giant granted itself permission to use public Facebook, Messenger, and Instagram data from Brazil — including posts, images, and captions — for AI training.

The decision follows a report published by Human Rights Watch last month which found that LAION-5B — one of the largest image-caption datasets used to train AI models — contains personal, identifiable photos of Brazilian children, placing them at risk of deepfakes and other exploitation.

cross-posted from: https://links.hackliberty.org/post/2005038

I know this is an outrageously bad idea, I don't need convincing. I am just looking for some more information and discussion on what exactly the exposure and surveillance risk is.

I'm asking both for my own education (I am still very green to networking), and to better explain to people in my life if and why they should care.

1. Is it true that traffic can be tracked and logged by ISP through DNS lookups, as these routers are preconfigured to use their internal dns service?

2. If this is changed (like base.dns.mullvad.net), how much does this actually mitigate the risk here?

3. What about when a VPN (mullvad) is also being used at all times? Would it then be "overly paranoid" to fear this untrusted box all the traffic goes through?

I personally take a conservative approach to things like this and assume it's an unacceptable risk, but I don't really understand what the truth is.

Thank you in advance for your time and thoughts.

EDIT: I'm asking about US and US adjacent areas