#infosec

Also From Microsoft’s own FAQ: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. 🤡

Over a year ago, National Public Data (NPD), a search site for people, earned a place in privacy infamy for a security breach that revealed the personal data of 3 billion individuals (that's billion with a "b"). Now, after disappearing, NPD is back. As ZDNET sister publication PCMag reported, NPD is open for snooping again under a new owner, the rather mysterious-sounding Perfect Privacy LLC.

Oh boy. Better head over to nationalpublicdata.com and see if your profile is there. Then follow the handy instructions in the ZDNET article to have yourself removed:

How to remove your information from NPD

Search your name on nationalpublicdata.com.

When you find your profile, click "View Full Profile."

Copy its URL.

Go to nationalpublicdata.com/optout.html.

Drop the URL into the "Your Profile Link" field and click "Request Removal."

Enter an email address, and the site will send you an email requesting that you click to confirm deletion. 

Ever wondered how KineMaster stopped some modded clients from accessing their asset market?

Angelenos! I’ll be at the Los Angeles Festival of Books TOMORROW (Apr 19) for a panel called “Nature or Nurture: How Humans and AI Are Changing Each Other” with Adam Becker, Joanne McNeil, and Lucas Cantor Santiago.

Nearly 25 years ago, in the aftermath of Bush v Gore, I got involved in a bunch of ugly tech policy fights over voting machines. The hanging chad debacle in Florida prompted Congress to appropriate funds for states to purchase new touchscreen voting machines based on a robust, open standard. The problem was, those machines didn't exist.

The voting machine industry in those days was already very consolidated (it's far more consolidated today). They went shopping for a standards body that would publish a spec for a "standard" voting machine that could soak up those federal dollars in time for the 2004 election. The only taker was the IEEE, who unwisely offered to serve as host for this impossible rush job.

Once the voting machine reps were around a table at IEEE – largely sheltered from antitrust scrutiny thanks to the broad latitude enjoyed by firms engaged in standardization, which is otherwise uncomfortably close to collusion – they admitted what everyone already knew: there was zero chance they were going to develop a new standard in time for the election.

Instead, they decided they were going to publish a "descriptive standard." Rather than designing a new standard, they'd write down the specs of their own products – the same products that were considered so defective they needed to be replaced before the election – and call that the standard.

That was my first encounter with this issue as an activist. I had just started at EFF and a lot of our supporters were IEEE members, who were appalled to see their professional association being used to launder this incredibly politically salient, technically incoherent scam. We got a ton of IEEE members to write to the board, who shut down the standards committee and kicked the voting machine companies to the curb.

The voting machine companies weren't done, though. Diebold – one of the leaders in the cartel – knew that its voting machines were defective. They'd crash, lose their vote-counts and malfunction in other ways that were equally damaging to election integrity.

This was an alarming piece of news, but perhaps just as alarming is the way it came to light. A Diebold employee described this situation in a memo that was subsequently hacked and dumped by parties unknown. That memo, along with the accompanying tranche of extremely alarming revelations about Diebold's voting machine division, was the subject of one of the first mass-censorship copyright campaigns in internet history.

Diebold didn't dispute the veracity of these damning revelations: rather, it claimed that since the memos detailing its gross democracy-endangering misconduct had been prepared by an employee, that they were therefore works-made-for-hire whose copyright was held by Diebold, and thus anyone who reproduced the memo was infringing on the company's copyright.

Under Section 512 of the then-new Digital Millennium Copyright Act, Diebold was empowered to send "takedown notices" to the web hosting providers whose users had posted the memos, and if the web hosts didn't remove the content "expeditiously," they would be jointly liable for any eventual copyright damages, which are statutorily set at $150,000 per infringement.

Every web host folded. No one wanted to take the risk of tens of millions of dollars in statutory damages.

(Incidentally: anyone who tells you that "online safety" requires us to make online platforms liable for their users' speech needs to explain how this wouldn't empower every crooked company whose dirty laundry had ended up online wouldn't just do what Diebold did. It's not technically insanity to do the same thing over again in expectation of a different outcome, but it is awfully stupid and reckless.)

Been awhile since I've had one of these posts part deus: but I figure with all that's going on in the world it's time to make another one and get some stuff out there for people. A lot of the information I'm going to go over you can find here:

https://www.privacyguides.org/en/tools/

So if you'd like to just click the link and ignore the rest of the post that's fine, I strongly recommend checking out the Privacy Guides. Browsers: There's a number to go with but for this post going forward I'm going to recommend Firefox. I know that the Privacy Guides lists Brave and Safari as possible options but Brave is Chrome based now and Safari has ties to Apple. Mullvad is also an option but that's for your more experienced users so I'll leave that up to them to work out. Browser Extensions:

uBlock Origin: content blocker that blocks ads, trackers, and fingerprinting scripts. Notable for being the only ad blocker that still works on Youtube.

Privacy Badger: Content blocker that specifically blocks trackers and fingerprinting scripts. This one will catch things that uBlock doesn't catch but does not work for ads.

Facebook Container: "but I don't have facebook" you might say. Doesn't matter, Meta/Facebook still has trackers out there in EVERYTHING and this containerizes them off away from everything else.

Bitwarden: Password vaulting software, don't trust the password saving features of your browsers, this has multiple layers of security to prevent your passwords from being stolen.

ClearURLs: Allows you to copy and paste URL's without any trackers attached to them.

VPN: Note: VPN software doesn't make you anonymous, no matter what your favorite youtuber tells you, but it does make it harder for your data to be tracked and it makes it less open for whatever public network you're presently connected to.

Mozilla VPN: If you get the annual subscription it's ~$60/year and it comes with an extension that you can install into Firefox.

Mullvad VPN: Is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.

Email Provider: Note: By now you've probably realized that Gmail, Outlook, and basically all of the major "free" e-mail service providers are scraping your e-mail data to use for ad data. There are more secure services that can get you away from that but if you'd like the same storage levels you have on Gmail/Ol utlook.com you'll need to pay.

Tuta: Secure, end-to-end encrypted, been around a very long time, and offers a free option up to 1gb.

Mailbox.org: Is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.

Email Client:

Thunderbird: a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Matrix) client developed by the Thunderbird community, and previously by the Mozilla Foundation.

FairMail (Android Only): minimal, open-source email app which uses open standards (IMAP, SMTP, OpenPGP), has several out of the box privacy features, and minimizes data and battery usage.

Cloud Storage:

Tresorit: Encrypted cloud storage owned by the national postal service of Switzerland. Received MULTIPLE awards for their security stats.

Peergos: decentralized and open-source, allows for you to set up your own cloud storage, but will require a certain level of expertise.

Microsoft Office Replacements:

LibreOffice: free and open-source, updates regularly, and has the majority of the same functions as base level Microsoft Office.

OnlyOffice: cloud-based, free

FreeOffice: Personal licenses are free, probably the closest to a fully office suite replacement.

Chat Clients: Note: As you've heard SMS and even WhatsApp and some other popular chat clients are basically open season right now. These are a couple of options to replace those. Note2: Signal has had some reports of security flaws, the service it was built on was originally built for the US Government, and it is based within the CONUS thus is susceptible to US subpoenas. Take that as you will.

Signal: Provides IM and calling securely and encrypted, has multiple layers of data hardening to prevent intrusion and exfil of data.

Molly (Android OS only): Alternative client to Signal. Routes communications through the TOR Network.

Briar: Encrypted IM client that connects to other clients through the TOR Network, can also chat via wifi or bluetooth.

SimpleX: Truly anonymous account creation, fully encrypted end to end, available for Android and iOS.

Now for the last bit, I know that the majority of people are on Windows or macOS, but if you can get on Linux I would strongly recommend it. pop_OS, Ubuntu, and Mint are super easy distros to use and install. They all have very easy to follow instructions on how to install them on your PC and if you'd like to just test them out all you need is a thumb drive to boot off of to run in demo mode. For more secure distributions for the more advanced users the options are: Whonix, Tails (Live USB only), and Qubes OS.

On a personal note I use Arch Linux, but I WOULD NOT recommend this be anyone's first distro as it requires at least a base level understanding of Linux and liberal use of the Arch Linux Wiki. If you game through Steam their Proton emulator in compatibility mode works wonders, I'm presently playing a major studio game that released in 2024 with no Linux support on it and once I got my drivers installed it's looked great. There are some learning curves to get around, but the benefit of the Linux community is that there's always people out there willing to help. I hope some of this information helps you and look out for yourself, it's starting to look scarier than normal out there.

hello, thanks for visiting my blog

I'm Max/mel/Nova

I'm 15'

i go by any pronouns, use whatever you'd like

likes: my partners, photography, cooking, gaming, music, and anything technology related.

DNI if you're like, fucking creepy

I saw someone say that it's suspicious for people to move to Signal because it's the app used by "drug dealers and the military"