Privacy

833 readers
5 users here now

Privacy is the ability for an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

Rules

  1. Don't do unto others what you don't want done unto you.
  2. No Porn, Gore, or NSFW content. Instant Ban.
  3. No Spamming, Trolling or Unsolicited Ads. Instant Ban.
  4. Stay on topic in a community. Please reach out to an admin to create a new community.

founded 2 years ago
MODERATORS
1
 
 

From: https://forum.hackliberty.org/t/the-future-of-hack-liberty-and-the-death-of-federation/224

Problems with Lemmy

Data Replication, Moderation, and Abuse

All the data replication and moderation issues from Matrix also apply to Lemmy. This one of the underlying flaws of all federated services. Lemmy admins can be held liable for hosting illegal content that is being replicated over the federation. It also makes Lemmy servers easy targets to be taken down by malicious adversaries.

deFederation

Despite being "de-centralized", there is censorship in the form of "de-federation", which effectively removes "wrong-think" servers from the global audience on Lemmy. Even though there is claimed decentralization, a large majority of users congregate on the same few servers.

Censorship is hard, let the community do it!

Any posts that don't adhere to the Lemmy hive mind are immediately down voted, which is effectively a shadow ban that anyone can do by clicking the down vote button. Post that have any kind of negative score (two down votes) will be removed from the default post feed filters. (Active, Hot). This "shadowban" works to make it so 90% of the Lemmy population doesn't see your post unless they are filtered specifically for "new" posts.

Reddit and Lemmy are one big Psyop

The entire framework of both Reddit and Lemmy do nothing but help to promote group think and propaganda. Any posts that don't adhere to group think will be shunned and hidden. Post "scores" are a manipulation tactic used to influence (you) into being biased before you've even looked at the post. Manipulating upvotes and downvotes is trivially easy for really anyone, and it's abused by governments and corporations to create manufactured consensus and trick you into believing that the "herd" thinks a certain way. Of course, having a lot of upvotes appeals to the most pathetic of egos, and the psyop continues with more incentivized group-think posts in a never ending cycle of garbage user generated content.

2
3
 
 

The unwarranted surveillance policies that get enshrined into law and all the illegal snooping by the gov seems to trace to anti-terror legislation and anti-terror backroom initiatives. I have to wonder, is this all attributed to Israel? If the US and other Israel allies had quit supporting Israel during their oppression of Palestinians, would there be a notable terror threat that could then be the cause for action (for unwarranted snooping) under the anti-terror façade? Would bankers had been converted into police had it not been for Israel’s oppression of Palestine?

Is this why we will lose cash in the future?

Have any privacy orgs calculated how many terror incidents stem from a consequence of supporting Israel? This could even count the white supremacist nutters who attack mosques in retaliation.

What would be a more effective anti-terror policy?:

  • Snoop on everyone in every possible way. Wiretaps, forced banking, making bankers into cops, video surveillance everywhere with facial recognition.. etc.

or

  • Stop supporting Israel.
4
5
 
 

All links for this story are shit -- Cloudflare or paywalls. So I linked the archive and will dump the text below. Note the difference between my title and the original. I think mine is more accurate. The AG seems to view feature phones as a tool for criminals. But also says having no phone is suspect as well, so the original title is also correct.


Georgia AG claims not having a phone makes you a criminal

That’s dangerous for constitutional rights
SAMANTHA HAMILTON
FEBRUARY 12, 2024 6:52 PM

The ubiquity of smartphones is causing some to pine for simpler times, when we didn’t have the entire history of humankind’s knowledge at our fingertips on devices that tracked our every move. There’s a growing trend, particularly among young people, to use non-smartphones, or “basic phones.” The reasons range from aesthetic to financial to concern for mental health. But according to Georgia Attorney General Chris Carr, having a basic phone, or a phone with no data on it, or no phone at all in the year 2024, is evidence of criminal intent. The AG’s position poses grave dangers for all Georgians’ constitutional rights.

Last month, Deputy Attorney General John Fowler argued in state court that mere possession of a basic cellphone indicates criminal intent to commit conspiracy under Georgia’s racketeer influenced and corrupt organizations statute, better known as RICO.

His accusation was directed at 19-year-old Ayla King, one of 61 people indicted last summer on RICO charges linked to protests in the South River Forest where the $109 million Atlanta Public Safety Training Center, nicknamed “Cop City” by its opponents, is slated to be built. The RICO charges against King and the 60 other RICO defendants have been widely criticized as a political prosecution running contrary to the First Amendment. King is the first of these defendants to stand trial.

During the Jan. 8 hearing in Fulton County Superior Court, Fowler argued that a cellphone in King’s possession on the day of their arrest, which he characterized as a “burner phone,” should be admissible as evidence of wrongdoing, even though it contained no data. He went even further to suggest that not possessing a cellphone at all also indicates criminal intent. Judge Kimberly Adams agreed to admit evidence of King’s cellphone.

Civil liberty groups are decrying the AG’s argument and court’s action as violations of constitutional rights under the First Amendment and Fourth Amendment. In an open letter to Attorney General Carr, the groups wrote, “It is alarming that prosecutors sworn to uphold the Constitution would even make such arguments—let alone that a sitting judge would seriously entertain them, and allow a phone to be searched and potentially admitted into evidence without any indication that it was used for illegal purposes.”

The Supreme Court recognized in the 2014 case Riley v. California that cellphones carry enough personal information—photos, text messages, calendar entries, internet history, and more—to reconstruct a person’s life using smartphone data alone. “Prior to the digital age, people did not typically carry a cache of sensitive personal information with them as they went about their day,” the Court noted. “Now it is the person who is not carrying a cellphone, with all that it contains, who is the exception.”

On the dark side of smartphones’ interconnectivity is their susceptibility to surveillance. In 2022, it was reported that the U.S. Department of Justice had purchased for testing a version of the Phantom spyware from NSO Group, an Israeli firm which sold its surveillance technology to governments like Mexico and Saudi Arabia to spy on journalists and political dissidents. Phantom could be used to hack into the encrypted data of any smartphone located anywhere in the world, without the hacker ever touching the phone and without the phone’s user ever knowing. The U.S. federal government denied using Phantom in any criminal investigation, but concerns about surveillance in the U.S. have led some folks to obtain basic phones.

Flip phones have made a comeback, and the potential for invasion of privacy is one of the reasons why. I’m not talking about the recent wave of smartphones that flip open. I’m talking about early 2000s-era basic phones, whose smartest feature was the game Snake or, if you were lucky, the ability to set your favorite song as your ringtone.

Folks are returning to basic phones—or in the case of Gen Z, turning for the first time—out of recognition that doom scrolling on a smartphone for hours each day is not good for mental health. For some older adults, basic phones, which offer few features beyond calling and texting, are preferable to smartphones for their simplicity. There are lots of reasons why someone might have a basic phone—not to mention they’re cheaper and more durable than a lot of smartphones.

Using simple phones that have little data on them is a legitimate, and common, practice for journalists, whistleblowers, human rights activists, and other people seeking to protect their identities or those of others from surveillance by the government or malicious actors. The Committee to Protect Journalists recommends that journalists cycle through “low-cost burner phones every few months” to maintain their safety and that of their sources. Even athletes competing in the 2022 Beijing Olympics were advised to use burner phones in light of the overreaching state surveillance in China.

Using a burner phone is not evidence of criminal intent—it’s a reasonable response to the threat of surveillance and government overreach. While burner phones are not immune from location tracking via cell towers, the fact that they contain much less data than a smartphone can make them a more secure form of communication.

How deeply invasive of privacy rights will the AG’s logic extend? Will the prosecution argue that using a virtual private network (VPN) is evidence of criminal intent? What about communicating via encrypted messaging apps, like Signal? The First Amendment protects the right to anonymous speech, and the use of privacy protection measures like VPNs and Signal has become commonplace in today’s world. The AG has already asserted in the RICO indictment that anonymous speech communicated online constitutes a conspiracy, but if the AG argues that using VPNs and Signal is evidence of criminal intent, he would be going even further by claiming that the very tools which make people feel safe to communicate online are themselves evidence of criminal intent, thereby assuming criminality before the speech has even taken place.

The position the AG has taken in Ayla King’s case has the potential to make all of us suspects. If you have a smartphone with data on it, the information on the phone can be used as evidence against you. And if you have a phone with no data on it or no phone at all, that can be used as evidence against you.

The state’s use of the absence of evidence as affirmative evidence is an unsettling development, and one that seems desperate. Is it—and perhaps the RICO charges themselves—a sign of prosecutorial weakness in a case intended to silence criticism and criminalize First Amendment expression?


(update) possible awareness campaign action: Would it be worthwhile for people who do not carry a smartphone to write to the Georgia AG to say they don’t carry a smartphone? The idea being to improve the awareness of the AG.

take action

6
 
 

Image Transcription:

WHAT WILL A CASHLESS SOCIETY MEAN?

THE PROS

CONVENIENCE — THERE WILL NO LONGER BE ANY NEED TO CARRY CASH AROUND

THE CONS

EVERY TRANSACTION YOU MAKE WILL BE TRACKED YOUR SPENDING HABITS CAN BE LINKED TO YOUR CARBON FOOTPRINT

YOU WILL ONLY BE PERMITTED TO SPEND ON THINGS THE GOVERNMENT APPROVES OF. THINGS THAT ARE DEEMED TO BE LUXURIES — MEAT, FUEL, TRAVEL — CAN BE RESTRICTED

YOUR MONEY CAN BE PROGRAMMED WITH AN EXPIRY DATE — IF YOU DON’T SPEND IT BY A CERTAIN DATE, YOU'LL LOSE IT

THERE WILL BE NO ‘BLACK’ ECONOMY. IT WILL NOT BE POSSIBLE TO AVOID TAX, BUT THEN YOU WILL NOT BE ABLE TO GIVE POCKET MONEY TO CHILDREN OR GRANDCHILDREN AND NEITHER WILL YOU BE ABLE TO BORROW OR LEND MONEY TO FRIENDS WITHOUT THAT BEING TAXED BY THE GOVERNMENT

PARKING AND SPEEDING FINES WILL BE TAKEN AT SOURCE, WITHOUT THE POSSIBILITY OF CHALLENGE AND POSSIBLY EVEN WITHOUT YOUR KNOWLEDGE

IF YOU PROTEST THE ACTIONS OF THE GOVERNMENT, YOUR MONEY CAN BE SWITCHED OFF. IF YOU THINK THAT’S UNLIKELY, IT’S ALREADY HAPPENED TO TENS OF THOUSANDS OF CANADIANS WHEN THEY PROTESTED AND IT ALSO HAPPENED TO A BRITISH JOURNALIST

A CASHLESS SOCIETY MEANS THE END OF HUMAN FREEDOM

IF YOU WANT THAT, DO NOTHING

IF YOU DON'T, THE FIRST THING YOU MUST DO IS RESPOND TO THE GOVERNMENT'S PROPOSAL ON DIGITAL ID, UPON WHICH A CASHLESS SOCIETY MUST BE BASED

https://www.gov.uk/government/consultations/draft-legislation-to-help-more-people-prove-their- identity-online/consultation-on-draft-legislation-to-support-identity-verificat

Image Credit: Brett Scott

7
8
 
 

cross-posted from: https://links.hackliberty.org/post/2667522

Apparently some company I do business with shared my data with another corp without me knowing, then that corp who I did not know had my data was breached.

WTF?

Then the breached corp who could not competently secure the data in the first place offers victims a gratis credit monitoring services (read: offers to let yet another dodgy corp also have people’s sensitive info thus creating yet another breach point). Then the service they hired as a “benefit” to victims outsources to another corp and breach point: Cloudflare.

WTF?

So to be clear, the biggest privacy abuser on the web is being used to MitM a sensitive channel between a breach victim and a credit monitoring service who uses a configuration that blocks tor (thus neglecting data minimization and forcing data breach victims to reveal even more sensitive info to two more corporate actors, one of whom has proven to be untrustworthy with private info).

I am now waiting for someone to say “smile for the camera, you’ve been punk’d!”.

(update)
Then the lawyers representing data breach victims want you to give them your e-mail address so they can put Microsoft Outlook in the loop. WTF? The shit show of incompetence has no limit.

9
 
 

Are there any privacy implications of enabling it?

10
 
 

The link is Cloudflare-free, popup-free and reachable to Tor users.

(edit) Some interesting factors--

from the article:

For a period of over 2 years, Uber transferred those data to Uber's headquarters in the US, without using transfer tools. Because of this, the protection of personal data was not sufficient. The Court of Justice of the EU invalidated the EU-US Privacy Shield in 2020.

Yes but strangely & sadly the US benefits from an adequacy decision, which IIRC happened after 2020. This means the US is officially construed as having privacy protections on par with Europe. As perverse as that sounds, no doubt Uber’s lawyers will argue that point.

The Dutch DPA started the investigation on Uber after more than 170 French drivers complained to the French human rights interest group the Ligue des droits de l’Homme (LDH), which subsequently submitted a complaint to the French DPA.

Wow! I wonder what triggered so many drivers to consult a human rights group. I mean, consider that Uber users and drivers are all happy to run a closed-source Google-gated app.. this is not a demographic who cares about privacy. So what triggered 170 complaints? I wonder if the Dutch DPA would have taken any action had there not been 170 cross-border complainants.

The French DPA gives some interesting insight. Info to attempt to satisfy access requests were in English, not French, which breaks the accessibility rule. The French article gives more a feeling of not 170 proactive complaints, but maybe the human rights org complained on behalf of 170 drivers. I am quite curious from an activist point of view if 170 drivers proactively initiated a complaint.

The fourth breach is interesting:

by not explicitly mentioning the right to data portability in their privacy statement.

Is data portability even useful for Uber drivers in France? I’ve never used Uber (fuck Google), but I imagine drivers have feedback about how well they perform and maybe they want to port that data to an Uber competitor.. but there is no Uber competitor in France, is there? Is Lyft in France?

11
 
 

“Categorically unconstitutional” – that is how the US Fifth Circuit Court of Appeals has ruled about the use of geofence warrants.

The part of the Constitution that this type of warrant, that enables dragnet-style mass surveillance, violates is the Fourth Amendment, the court found.

This amendment is meant to protect citizens from unreasonable searches or seizures – but, said the court of appeals, what geofence warrants do is allow for the opposite: “General, exploratory rummaging.”

We obtained a copy of the ruling for you here.

Geofencing works by essentially treating everyone who happens to be in a geographic area during a given time as a suspect, until established otherwise.

And, the Electronic Frontier Foundation (EFF), a digital rights group, an outspoken critic that often gets involved in legal cases to argue against this method of investigation, welcomed the court’s decision, noting that people should not have to fear having their phone with them in public because that could turn them into a criminal suspect.

The Circuit Court’s stance on geofence warrants came as it deliberated the United States v. Smith case, revolving around the police in Mississippi in 2018 resorting to obtaining this type of warrant to investigate an armed robbery and assault that took place in a post office.

Google, which is who law enforcement turns to with these warrants most of the time, obliged, turning over data from the phones to the police, who then managed to produce two suspects, later defendants.

But – even though it decided not to suppress the evidence, because it found the police were acting “in good faith” while geofencing was still a new phenomenon – the Fifth Circuit Court doesn’t think the warrants are inherently lawful, i.e., in compliance with the Constitution.

One problem cited by the judges is that police access to sensitive location data collected during the process of geofencing is “highly invasive” since it can reveal a lot about a person, including their associations, and, also lets the police “‘follow’ them into private spaces,” EFF explained the court’s decision.

Another is that the warrants never specify that they apply to a particular person, as law enforcement “have no idea who they are looking for, or whether the search will even turn up a result.”

12
 
 

The Biden administration is working to expedite widespread adoption of digital IDs, including driver’s licenses, a draft executive order indicates.

Digital IDs are a contentious concept primarily because of the concentration of – eventually – the entirety of people’s sensitive private information in centralized databases controlled by the government, and on people’s phones, “client-side.”

That in turn brings up the issues of technical security, but also privacy, and the potential for dystopian-style mass surveillance.

Proponents, on the other hand, like to focus on the “convenience” that such a shift from physical to digital personal documents is promised to bring.

In the US, some states have started this process via digital driver’s licenses, and the executive order is urging (“strongly encouraging”) both federal and state authorities to accelerate this, as well as other types of digital ID.

Where this policy seems to be converging to is coming up, at long last, with a functional way to carry out online identity verification. Namely, digital ID would be combined with biometric data obtained through facial recognition, and other forms of biometrics harvesting.

Centralization of data – opponents say to better control it, even if that makes it less secure – is a key component of these schemes, and so the Biden executive order speaks about making it obligatory for federal agencies to join “a single government-run identity system, Login.gov,” reports say.

It is also noted that Biden initially mentioned such an executive order was coming during his 2022 State of the Union speech, but the wording reportedly became a cause of contention.

Now, that seems to have been resolved, and the only question for the administration is when Biden should sign the order, the same sources who saw the text, report.

At the same time, as states are launching their own (partial) digital ID programs, an increasing number are looking for ways to introduce online age verification and are enacting laws to this effect.

A federal-level digital ID scheme would help in these efforts to solve the “problem” of online anonymity – and in the process forever change the internet as we know it.

13
 
 

In Brazil, a significant upheaval in digital privacy and access to information is unfolding, as a notable number of reputable VPN services—including NordVPN, ExpressVPN, Surfshark, and VyprVPN—have vanished from the local iOS App Store. This move is widely believed to comply with Brazilian authorities’ directives, reflecting a concerning trend towards online censorship.

This development is particularly alarming in light of the recent decision X made to shutdown its operations in the country. X terminated its operations after a protracted legal confrontation with Brazilian officials, who had accused the platform of insufficient efforts to combat disinformation, specifically its failure to block accounts spreading false information and hate speech. Despite the shutdown, X’s app is still accessible in Brazil.

The closure of X’s offices and the removal of VPNs from the App Store have spurred a significant shift toward VPN usage among Brazilians, seeking to bypass increasing online restrictions. Proton VPN reported a staggering 580% surge in new registrations recently, highlighting the growing reliance on VPNs to maintain internet freedom.

Nevertheless, acquiring these tools has become challenging. Attempts to install these apps from the iOS App Store are met with no option to download, indicating a blockade rather than a mere removal.

The current scenario underscores the critical importance of VPN services in safeguarding internet freedom in Brazil. As digital platforms face governmental pressures and the landscape of internet accessibility continues to evolve, the role of VPNs as tools for ensuring unrestricted access to information becomes ever more vital.

14
 
 

California is one of the US states that have introduced digital license plates, amid opposition from a number of rights advocates.

Now, there is a legislative effort to have GPS location tracking embedded in these, to all intents and purposes, devices attached to the car.

Sponsored by Democrat Assemblywoman Lori Wilson, Bill 3138 is currently making its way through the state’s legislature. It refers to “License plates and registration cards: alternative devices,” and the bill has another sponsor – Reviver.

The company was founded by Neville Boston, formerly of the Department of Motor Vehicles (DMV), and promotes itself as the first digital license plates platform. It has made its way to both this proposal, and the law the current draft builds on – AB 984 (also sponsored by Wilson) – which was signed into law two years ago.

The problem with Reviver is that it has already had a security breach that allowed hackers to track those using the company’s digital plates in real-time. It doesn’t help, either, that the company is effectively a monopoly – the only one, the Electronic Frontier Foundation (EFF) notes, “that currently has state authorization to sell digital plates in California.”

Meanwhile, the key problem with AB 3138, warns EFF, is that it “directly undoes the deal from 2022 and explicitly calls for location tracking in digital license plates for passenger cars.”

The deal in question refers to the way AB 984 eventually managed to become law, signed by Governor Gavin Newsom: a provision that would have allowed for location tracking of private vehicles was removed at the time.

But clearly, that was just a temporary move to pacify opponents, and now Wilson – and Reviver – are back to “complete” the original effort.

EFF is urging the legislature not to approve AB 2138 and is choosing to highlight those scenarios where such GPS tracking would be detrimental to those who are ostensibly among the voters or sympathizers of Wilson and her party.

Thus, the digital rights group speaks about those seeking abortion traveling (and being tracked, unawares) from state to state, the Immigration and Customs Enforcement (ICE) using the tech, etc.

However, it’s difficult to see how adding another way for the authorities to track vehicles in real-time is not potentially detrimental to any person, as a form of invasive mass surveillance.

15
 
 

Free speech group the Foundation for Individual Rights (FIRE) has gone to court in a bid to block Texas state age verification law, Securing Children Online through Parental Empowerment Act (SCOPE Act, HB 18).

We obtained a copy of the complaint for you here.

This largely Republican-backed law will take effect on September 1, starting when online platforms will be under obligation to register and verify the age of all users.

This will apply if “more than a third” of content on the platforms is considered “harmful” or “obscene.”

But FIRE believes this is a form of pressure to make sure sites collect biometric and ID data from adults in Texas as they access what is lawful (to them) content.

Hence the case, Students Engaged in Advancing Texas v. Paxton, where FIRE is suing state Attorney General Ken Paxton on behalf of four plaintiffs that the group says would have their rights threatened by the SCOPE Act – unless the US District Court for the Western District of Texas issues declaratory and injunctive relief.

In other words, FIRE wants the judges to stop the enforcement of the law, which the filing brands as unconstitutional.

Said FIRE Chief Counsel Bob Corn-Revere: “In a misguided attempt to make the internet ‘safe’, Texas’ law treats adults like children. But even minors have First Amendment rights. Whether they’re 16 or 65, this law infringes on the rights of all Texans.”

This is by no means a sole voice expressing disagreement with the idea that more, and more invasive online censorship and surveillance will result in better protection of children.

Senator Rand Paul has penned an opinion piece where he goes after the Kids Online Safety Act (KOSA), which has raised privacy, censorship, and digital ID concerns among civil rights activists.

According to Paul, what motivated those behind the legislation to come up with it is not questionable, but the actual bill falls short to the point where it “promises to be a Pandora’s box of unintended consequences.”

The senator notes that those pushing the bill insist the goal is not to regulate content, but he believes online platforms would face unprecedented demands regarding mental health harms, like anxiety, depression, and eating disorders.

However, Paul believes – “imposing a duty of care on internet platforms associated with mental health can only lead to one outcome: the stifling of First Amendment–protected speech” while at the same time empowering “speech police” to “silence important and diverse discussions that are essential to a free society.”

Paul speaks in favor of making sure those protections continue to apply and suggests coming up with “clear” rules for platforms, allowing them to comply with the law.

But KOSA, according to him, “fails to do that in almost every respect.”

The senator sees it as (yet another) bill that is too vague for (legal) comfort, so much so that “many of its key provisions are completely undefined.”

16
 
 

Although a lower court had dismissed the case, the Court of Appeals for the Ninth Circuit has decided that Google will have to go to trial after all, for allegedly secretly collecting data from Chrome users, regardless of whether they chose to sync information from the browser with their Google account.

The class action lawsuit, Calhoun v. Google LLC., accuses the tech giant of using the browser, by far the most dominant in its market, to collect browsing history, IP addresses, unique browser identifiers, and persistent cookie identifiers – all without consent.

The case was initially filed in 2020 and then dismissed in December 2022, but now the appellate court – in a ruling signed by Judge Milan D. Smith Jr. – said that the decision failed to take into account, looking into Google’s disclosures, i.e., the privacy policy agreement, “whether a reasonable user reading them would think that he or she was consenting to the data collection.”

The plaintiffs are certain this was in fact happening without explicit permission, and consider the way Chrome was set up to work in this context is “intentional and unlawful.”

Google on the other hand defended its actions when the case was originally filed by saying that explicit permission happened when users accepted its privacy policy. The lower court judge, Yvonne Gonzalez Rogers, accepted this argument to dismiss the case, saying Google’s disclosure about the data collection was “adequate,” and therefore had the users’ consent.

According to Judge Smith, despite its general policy, Google was pushing Chrome “by suggesting that certain information would not be sent to Google unless a user turned on sync.”

Interestingly enough, Google is removing the sync option from all versions of Chrome – after iOS, this will now be the case on desktops and Android as well. All it will take is to sign into the Google account on Chrome to link the data from the browser to the account – although signing in is not mandatory, at least for now.

A Google spokesman who commented on the decision of the court of appeals – which sent the case back to a lower court – confirmed that the change “is not related to the litigation.”

As for the litigation – “We disagree with this ruling and are confident the facts of the case are on our side. Chrome Sync helps people use Chrome seamlessly across their different devices and has clear privacy controls,” claims Jose Castaneda.

17
 
 

The push to develop digital ID and expand its use in the US is receiving a boost as the country’s National Institute of Standards and Technology (NIST) is launching a new project.

NIST’s National Cybersecurity Center of Excellence (NCCoE) has teamed up with 15 large financial and state institutions, as well as tech companies, to research and develop a way of integrating Mobile Driver’s License (mDL) into financial services. But according to NIST, this is just the start and the initial focus of the program.

The agreement represents an effort to tie in yet more areas of people’s lives in their digital ID (“customer identification program requirements” is how NIST’s announcement describes the focus of this particular initiative). These schemes are often criticized by rights advocates for their potential to be used as mass surveillance tools.

Now NIST’s initiative brings together this institution and the American Association of Motor Vehicle Administrators (AAMVA), California Department of Motor Vehicles, Department of Homeland Security (DHS) – Science and Technology Directorate, New York State Department of Motor Vehicles, JP Morgan Chase, Wells Fargo, Microsoft.

Among the other participants are companies specializing in digital ID IDEMIA, MATTR Limited, iLabs, SpruceID, and the OpenID Foundation (plus US Bank, and Block Inc.)

They were chosen after submitting a response regarding their capabilities via the Federal Register, and have now received collaborative research and development agreements, known as CRADA.

Those who are now in will work within the project’s three phases, dubbed, Define, Assemble, and Build. The first will set the scope of work along with industry participants, the second should produce teams with members from the industry, government, and academia, while the “Build” phase is to focus on “creating practical modules and prototypes to address cybersecurity challenges.”

They will now collaborate with NCCoE to speed up the adoption of digital ID standards, a press release said, as well as best practices by developing “reference architectures, representative workflows, and implementation guides to address real-world cybersecurity, privacy, and usability challenges faced by the adoption of mDL in the financial sector.”

NIST’s NCCoE itself is set up as a hub dealing with cybersecurity and often works with government, industry, and academia on developing precisely this type of standards.

The call to respond to the mobile driver’s license project collaboration was first issued a year ago, in late August 2023.

18
 
 

This email provider gives onion email addresses:

pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion

Take care when creating the username to pull down the domain list and choose the onion domain. That address you get can then be used to receive messages. Unlike other onion email providers, this is possibly the only provider who offers addresses with no clearnet variations. So if a recipient figures out the clearnet domain it apparently cannot be used to reach you. This forces Google and MS out of the loop.

It’s narrowly useful for some situations where you are forced to provide an email address against your will (which is increasingly a problem with European governments). Though of course there are situations where it will not work, such as if it’s a part of a procedure that requires confirmation codes.

Warning: be wary of the fact that this ESP’s clearnet site is on Cloudflare. Just don’t use the clearnet site and keep CF out of the loop.

19
20
 
 

I have lots of whistles to blow. Things where if I expose them then the report itself will be instantly attributable to me by insiders who can correlate details. That’s often worth the risks if the corporate baddy who can ID the whistle blower is in a GDPR region (they have to keep it to themselves.. cannot doxx in the EU, Brazil, or California, IIUC).

But risk heightens when many such reports are attributable under the same handle. Defensive corps can learn more about their adversary (me) through reports against other shitty corps due to the aggregation under one handle.

So each report should really be under a unique one-time-use handle (or no handle at all). Lemmy nodes have made it increasingly painful to create burner accounts (CAPTCHA, interviews, fussy email domain criteria, waiting for approval followed by denial). It’s understandable that unpaid charitable admins need to resist abusers.

Couldn’t this be solved by allowing anonymous posts? The anonymous post would be untrusted and hidden from normal view. Something like Spamassassin could score it. If the score is favorable enough it could go to a moderation queue where a registered account (not just mods) could vote it up or down if the voting account has a certain reputation level, so that an anonymous msg could then possibly reach a stage of general publication.

It could even be someone up voting their own msg. E.g. if soloActivist is has established a history of civil conduct and thus has a reputation fit for voting, soloActivist could rightfully vote on their own anonymous posts that were submitted when logged-out. The (pseudo)anonymous posts would only be attributable to soloActivist by the admin (I think).

A spammer blasting their firehose of sewage could be mitigated by a tar pit -- one msg at a time policy, so you cannot submit an anonymous msg until SA finishes scoring the previous msg. SA could be artificially slowed down as volume increases.

As it stands, I just don’t report a lot of things because it’s not worth the effort that the current design imposes.

21
 
 

The District Court for the Eastern District of New York has ruled that the US government must reverse course on its policy of warrantless searches of US (and foreign) nationals’ electronic devices as they enter the country.

We obtained a copy of the ruling for you here.

This is not the only court decision on this issue, while this particular outcome, requiring that border agents obtain court-issued orders before performing such searches, concerns the district that is the court’s seat – therefore also a major port of entry, JFK International Airport.

It was precisely at this airport that an event unfolded which set in motion a legal case. In 2022, US citizen Kurbonali Sultanov was coerced (he was told he “had no choice”) into surrendering his phone’s passport to border officers.

Sultanov later became a defendant in a criminal case but argued that evidence from the phone should not be admitted because the device was accessed in violation of the Fourth Amendment (which protects Americans against unreasonable and warrantless searches).

Of course, all these envisaged protections refer to US citizens, and even there prove to be sketchy in many instances. Foreign travelers (even though entering the country legally) are effectively left without any protections regarding their privacy.

Sultanov’s argument was supported in an amicus brief filed the following year by the Knight First Amendment Institute and the Reporters Committee for Freedom of the Press, who said that the First Amendment is violated as well when law enforcement gains access to phones without a warrant since it invalidates constitutional protections of speech, freedom of the press, religion, and association.

The New York Eastern District Court’s decision is by and large based precisely on that amicus brief. One of the arguments from it is that journalists entering the US are often forced to hand over their devices.

The court agreed that “letting border agents freely rifle through journalists’ work product and communications whenever they cross the border would pose an intolerable risk to press freedom,” said Reporters Committee for Freedom of the Press attorney Grayson Clary in a press statement.

Meanwhile, US Customs and Border Protection (CBP) said they were reviewing this ruling – and would not comment on what the agency said are “pending criminal cases.”

22
 
 

The online digital ID age verification creep in the US continues from a number of directions, through “recommendations” and “studies” – essentially, the government is nudging the industry to move in the direction of implementing digital ID age verification tools.

At this point, it is happening via various initiatives and legislation, still, without being formally mandated.

One instance is a recommendation coming from the Biden-Harris Administration’s Kids Online Health and Safety Task Force, which is telling online service providers they should “develop and inform parents about age verification tools built into the app or available at the device level.”

The task force is led by the Department of Health and Human Services, HHS (its Substance Abuse and Mental Health Service Administration, SAMHSA,) in what is referred to in official statements as “close partnership” with the Department of Commerce.

This initiative is presented as an industry guidance that will ensure the safety of youths on the internet, as well as their health and privacy.

One of the steps presented in the fact sheet refers to age verification. This is a hot-button issue, particularly among privacy and security advocates, considering the methods that would be necessary to prove somebody’s real-life identity online, and that this would have to apply to all users of a site or app.

Yet, the current White House is now “urging” the tech industry to, among other “critical steps” inform parents about developing and building digital ID tools into either apps or devices themselves.

The setting up of the task force and its recommendations are supposed to contribute to Biden’s “Unity Agenda,” while a report released last week talks about an “unprecedented youth mental crisis” as the reason for coming up with these recommendations for families and industry.

The initiative, announced in May, bases its claims about the metal crisis of previously unwitnessed proportions on a report put together by the US surgeon-general and his advisory concerning social platforms.

In addition to “sneaking in” the mention of age verification, the report also talks about the need to enact bipartisan federal legislation aimed at protecting the health, safety, and privacy of young people online.

Another point is urging the industry to advance “action to implement age-appropriate health, safety, and privacy best practices on online platforms through federal legislation and voluntary commitments.”

The documents’ authors from the several departments behind the task force also want platform data to become available to “independent researchers.”

23
 
 

Odysee, the blockchain-based video-sharing service, has announced that it will remove all advertisements from its platform effective immediately.

The company expressed confidence in its innovative monetization programs, which are designed to support creators financially while maintaining the platform’s operational costs. “We don’t need ads to make money as a platform,” the announcement read, highlighting their commitment to creating a more open and creatively free environment.

Odysee’s move comes at a time when many media platforms increasingly rely on advertising revenue, which can lead to conflicts of interest and potential demonetization from pro-censorship activists.

By eliminating ads, Odysee aims to set a new standard for platform independence and user-centric service.

The announcement also pointed to the aggressive advertising tactics employed by platforms like YouTube and others, which Odysee believes detracts from the user experience. “Our approach may be considered niche or unconventional,” Odysee CEO Julian Chandra stated, emphasizing that their model aims to be sustainable financially and uphold an incorruptible user experience.

This strategic pivot is expected to resonate well with Odysee’s user base, who have expressed displeasure with intrusive ads on other platforms. Odysee’s leadership believes that this ad-free model will not only benefit users but also ensure the platform’s sustainability and integrity in the long run.

24
 
 

In the wake of recent riots in the UK, Tobias Ellwood, former lawmaker, British Army reservist and a senior officer in the 77th Brigade, has voiced strong opinions on the role of social media in fueling public disorder. Ellwood, known for his previous support of vaccine passports and online vaccine certificate databases, emphasized the alleged negative impacts of online anonymity in a recent interview.

The UK’s 77th Brigade, officially known as the 77th Brigade of the British Army, is a unit that focuses on non-traditional warfare, including what is known as “information warfare” or “psychological operations.” Formed in 2015, it includes personnel from various sections of the military as well as reservists with expertise in a range of disciplines such as media, marketing, and public relations.

According to Ellwood, the swift spread of misinformation and the organization of disruptive activities are significantly enhanced by social media platforms. He proposed that no one should be able to maintain a social media account without full accountability, suggesting a nominal annual fee to remove anonymity for the use of such platforms as a measure to enforce responsibility among users.

The lawmaker drew a stark contrast between the positive representation of Britain at the Paris Olympics and the destructive behavior of rioters back home, stating that the ease of rallying and mobilizing through social media platforms exacerbates such issues.

“Have we advanced the rules to keep up with how social media is now dominating our society? ” Ellwood remarked, in an interview with GB News. However, the proposal has met with criticism. Benjamin Jones, Director of Case Operations at the Free Speech Union, who also appeared on GB News, argued that such measures could inadvertently harm vulnerable individuals who rely on anonymity for safety and expression. Citing the example of a young ex-Muslim lesbian woman, Jones pointed out that stripping anonymity could sever critical lifelines for those in oppressive situations.

Jones further suggested that the focus on social media’s role in societal issues distracts from deeper, long-standing problems within the country, such as community segregation and integration challenges that predate social media.

25
 
 

The Russian government is intensifying its drive to expand the use of biometric technologies across the nation. This push comes amid growing fears over personal data security, highlighted by a surge in data breaches in recent years. In 2023 alone, RBC, a Russian research agency, reported that data breaches at Russian financial institutions escalated 3.2 times compared to 2022, with about 170 million personal records compromised.

Despite these security challenges, the Russian state has placed a significant focus on biometrics. In 2018, authorities established the Unified Biometric System (UBS), a pivotal element in Russia’s digital infrastructure which was later designated as a state information system. Maksut Shadayev, Russia’s minister of digital development, noted that biometric data submissions have been noteworthy, with figures continuously climbing. As of now, approximately 18 million Russians have comprehensive biometric profiles, with 70 million having submitted some form of biometric data to various state or private institutions, according to Riddle Russia.

However, many Russians are hesitant to embrace this technology. Concerns stem from not only frequent data leaks but also from a general lack of understanding of biometric technologies, which have been evolving in Russia for over a decade. Furthermore, a notable event in September 2023 saw a large number of citizens submitting petitions to halt further biometric data collection following widespread rumors about invasive data capture methods via ATMs and smartphones.

The historical trajectory of biometric data collection in Russia reflects a broad and deep integration of such technologies in everyday transactions and interactions.

Internationally, the government is also extending the reach of these technologies to Russians living abroad, enabling them to access financial services through biometric registration.

Amid these developments, privacy experts and concerned citizens argue for greater scrutiny and a reconsideration of the data collection process.

view more: next ›