Georgios Kontaxis

German court rules Meta tracking technology violates European privacy laws The court in Leipzig ruled that Meta must pay €5,000 ($5,900) to a German Facebook user who sued the platform for embedding tracking technology in third-party websites — a ruling that could open the d...

The ruling, which holds that Meta tracking tech violates GDPR, sets precedent which the court acknowledged will allow countless FB users to sue w/o “explicitly demonstrating individual damages.” Experts: Decision leaves countless websites, apps exposed to huge fines
therecord.media/german-court...

Call Center Workers Are Tired of Being Mistaken for AI As more workers are asked by strangers if they're bots, surreal conversations are prompting introspection in the industry about what it means to be human.

“In Australia, Canada, Greece and the US, call center agents say they’ve been repeatedly mistaken for AI. These people, who spend hours talking to strangers, are experiencing surreal conversations, where customers ask them to prove they are not machines.”

📅 500 days from now will mark the 30th anniversary of Aleph One’s “Smashing the Stack for Fun and Profit”.

🛡️ Today, CISA and NSA released a joint guide on reducing memory-related vulnerabilities in software. 🙏
www.cisa.gov/resources-to...

💭 How much progress can we make before this milestone?

If I were designing the Airdrop user interface I would make sure that destination devices don’t randomly slide out from under your mouse and get replaced with other devices, ever. Just saying.

Those are the buttons you press to activate the flux capacitor after you hit 88 mph.

Mullvad has partnered with Obscura VPN | Mullvad VPN Today we are announcing a partnership with Obscura VPN, a newly launched two-party VPN service that uses our WireGuard VPN servers as its “exit hop”.

Excited to see two-hop VPN architectures gaining traction in the industry! I remember pitching the idea to my colleagues at Apple and feeling super optimistic about network privacy when iCloud Relay launched. Now @obscura.net and @mullvad.bsky.social are here too. (mullvad.net/en/blog/mull...)

Introducing Defense against AI-guided Traffic Analysis (DAITA) | Mullvad VPN Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.

Someone passed this along: Mullvad is debuting a new traffic-analysis prevention service that adds generated cover traffic and uses constant packet sizes. mullvad.net/en/blog/intr...

Folks: remember that your iMessages (and text messages) are typically backed up to Apple as part of your iCloud backup. If you don’t have Advanced Data Protection turned on, those may be readable by Apple, governments with warrants, and anyone who hacks Apple.

New public statement from Apple:

“As of Friday, February 21, Apple can no longer offer Advanced Data Protection as a feature to new users in the UK.”

Keep in mind that iMessages _once backed up to iCloud_ are only encrypted if you have ADP. So that encryption is broken if/when you (or the person/people you talk to) back up to an iCloud account without ADP.

Apple yanks encrypted storage in U.K. instead of allowing backdoor access Apple disabled its most secure data storage offering for new customers in the United Kingdom on Friday rather than comply with a secret government order.

Breaking: Apple pulls end-to-end encrypted storage option from UK after secret order for a back door. www.washingtonpost.com/technology/2...

Your privacy is very important to us. This is why we're sharing your data with our 278 advertising partners, and our partners' 4,728 partners, and their partners' 87,392 partners, UNDER THE FOLLOWING TERMS

Every time there’s a data breach where the last four credit card digits are exposed people shrug it off. Data minimization works.

The one place where end-to-end encryption is “weakest”, ie where deployment rates are lowest, is *cloud backup*. This is, coincidentally, one of the best places for governments to obtain data.

AI prompt results aren’t protected by copyright, says US Copyright Office AI prompts are different from Jackson Pollock’s paintings, apparently.

AI prompt results aren’t protected by copyright, says US Copyright Office

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log str...

Chatting with A.I. can be pretty sensitive. Why was chat history stored server-side? www.wiz.io/blog/wiz-res...

Valuable lessons from the failure of OCSP. www.feistyduck.com/newsletter/i...

New attacks on load address prediction, affects Apple Silicon. predictors.fail

Our new research paper just posted! It asks whether dark patterns (manipulative online interfaces) can thwart users who are trying to make privacy-protective choices on a video streaming site. papers.ssrn.com/sol3/papers.... We find that dark patterns are very potent even when users have that goal.

Trying to get excited about making tech more secure and private while I watch Meta utterly capitulate to state power.

There's also 1700 sites among the top 1M still using DKIM Keys < 1024 bits, apparently.
dmarcchecker.app/articles/cra...

It’s fundamentally hard to calculate privacy budgets in these “we anonymize you using black box network infrastructure” settings.

If you’re part of a major company that’s advising your employees to use Signal after this Salt Typhoon thing, consider donating to Signal Foundation.

AIUI they're using a combination of perceptual hashing, homomorphic encryption and OHTTP to make this privacy-preserving. However, Apple appears to be making the same missteps that Mozilla has when rolling things like this out: they assume that everyone trusts them.

This is insane?

Let me note for the record that Apple HomeKit cameras are the only home camera option that end-to-end encrypts video so that nobody but you (including the police) can see it. They’re expensive, but that’s what you get in return.

Honestly, the Let's Encrypt folks don't get nearly enough credit for basically protecting the entire fucking internet, by making it absolute bog standard to encrypt everything. It happened so fast and so many people were skeptical.

Ok I know nobody cares about this but me, but GOD I care:

1. I have just downloaded your app.
2. You want me to make an account. I don’t want to make an account!
3. When I enter my email, you inform me that I already have an account! This seems like a good thing, but I know it means only pain. 1/2

Far From Random: Three Mistakes From Dart/Flutter's Weak PRNG | Zellic — Research A look into how an unexpectedly weak PRNG in Dart led to Zellic's discovery of multiple vulnerabilities

You wake up. It’s 2013. Some language platform has chosen to use an insecure algorithm for its random() function, and HN is blaming the numerous security flaws that resulted from this decision on individual software developers. www.zellic.io/blog/proton-...