My personal opinion is that concealed filming in public should be illegal. Open filming should be courteous, and if someone requests they not be filmed (and they’re not a public figure/government employee), the filmer should honor that.
Otherwise, I see no problem with it, and I’ve been filmed in public a LOT.
Not to mention, SMS was removed because it’s inherently insecure at every level. Keeping it would mean there’d be an insecure side channel into the protocol. While it’s a useful onboarding mechanism, it can also be abused — and was. So eventually it got removed to prefer privacy and security over convenience.
I saw a user’s hash just this week — it was in a ransom note. They required their victims to sign up for the service and text a code to their userhash to kick off sending the attacker cryptocurrency so they’d send a decryption key and not make stolen data public.
Other than that use case, it hasn’t picked up many users that I’m aware of.
And this is why you never ever use ISP DNS, run DNS over HTTPS in the browser, and always use encrypted networking.
And use VPNs appropriate to the activity, when appropriate.
Oh, and never turn on ISP-supplied WiFi, as that gives them full access to the traffic from every device on your LAN, what physical hardware you own, and even where it is located in your home (and when it leaves and comes back to your home).
Oddly, it sounds like the facial recognition actually worked. Most such systems have a huge FP rate, so are useful for narrowing the search but not dependable for identifying that someone in footage is actually that person.
The problem here is more the intel backing it and the actions taken as a result; it sounds like the actual use of the tech is being done in an appropriate manner to account for potential FPs.
In other words, the problem is persecuting and killing Palestinians and equating alleged association with guilt, not with facial recognition tech.
My point though is that if you’re running the old device without appropriate lockdowns, it’s already leaking like a sieve. It’s been at least five years since the corporate perimeter has been considered more than a minor line of defense, specifically because there are so many pieces of equipment long out of security patch support (if they ever had it) that can’t be trusted.
And ransomware actors don’t bother with the printer; they get in via phishing emails and misconfigured routers and remote access tools — because it’s too much work to target the printer when there are juicier targets.
Although there’s been a recent push towards credential management compromise, and if you’ve got an iPad 2 connected to an Apple ID that also happens to include an iCloud keychain with your Exchange server credentials on it….
Is it a problem though? Old versions of VLC still work fine; I have it on my iPad 2 but haven’t updated it in over 5 years.
Old hardware doesn’t have to worry about security updates because it’s already insecure. So unless VLC stops working, I don’t need updates. And it’s not like my iPad is capable of playing HEVC 4k HDR video anyway, so new codec support isn’t a problem.
In a way, Instagram is a great filter for me. I tend to socialize with a lot of people from kids to the elderly. The type of Instagram-first people are exactly the ones I don’t want to spend much of my time on. People with common interests and the ability to relate to others of various generations are the type of people I want to spend time with, and they tend to show up in the same circles I hang out in.
When you’re dealing with a full set of more than 7.6 billion people, those sidelining people who don’t follow them on Instagram is a vanishingly small portion, and worth the privacy.
Not having a social life and limiting your social life aren’t the same thing.
I’ve got multiple group chats going on Signal with people I spend time with in real life. I exchange emails and texts with people all day long, and spend time with my friends locally, as well as check in regularly with friends and family that aren’t local.
My social life is rather full, in fact.
And I’ve never had an account with a Meta property.
So don’t worry about limiting your social life, when there’s more opportunities to be actually social with people than there are hours in the day.
I know for a fact that I have at least 3 different shadow profiles about me being bought and sold on the Internet. They all have different inaccurate information about me. Because I don’t have a direct relationship with the brokers, any attempt by me to correct or remove one of the profiles would just result in yet another profile.
We need global legislation to make it illegal to hold PII on an individual without notifying them of the fact annually. Failure to do so would have GDPR level consequences.
The MAC address is a code on each of your networking chips that allows it to talk with local networking equipment. This means its only legitimate use is to be broadcast on your local network (or in the local broadcasts for WiFi).
However, it is also often part of the UUID generated by some software and sent to all sorts of online places.
The good news about this is that there are other components of the UUID that are easier to change that will change that ID.
And you can always software mask your MAC IDs if you’re running Linux. This enables your device to pretend the various MACs are numbers of your choosing.
The useful guides aren’t publicly available because if they were, antivm checks would just get updated.
But using VirtualBox as your VM is the first step; you can’t easily rename the components in the closed source VMs. Then compile it yourself, but first do a search and replace through the code replacing occurrences of vbox and VirtualBox with something else.
Really? The anti-cheat is right up there with proctoring software in what it watches on your system. Much of this information is sent to an external service outside your control.
While it’s true that the company managing the anti-cheat has a vested interest in not abusing their access to private information, individual employees or external actors who have compromised their systems don’t have the same interests.
The big thing here though isn’t really privacy per-se, it’s security. The kernel drivers used by these systems are given full access to your computer, and so are often abused by third parties to uninstall security software and install malicious software and adware.
What is your goal? If it’s to have personal remote access, set up tailscale on all the devices you want to connect. If it’s self-hosting a public webserver, your options are hosting on non-standard ports, changing ISPs to one that lets you host, or tunneling to some other third party location that lets you host.
See my comment earlier; what they’ve done is split the PII so that Mozilla and Cloudflare get less of it and Fastly only gets to handle the encrypted parts. It’s a good approach to PII siloing that ensures no one player gets enough to be actionable.
That said, it still introduces yet another party/point of failure.
Good: this splits the data requests so that Mozilla and Fastly each hold only a part of the requests, and yet still stand in the way of leaking fingerprinting data from browser users to target websites.
Bad: one more organization injected into the trust chain, one more point of both security and operational failure.
I thought the legal bits were for those running the services, not those using them?
The TLDR is that when E2EE that allows the government to monitor its contents without giving up encryption for everyone else becomes technically possible, those running the services must assist the government in doing so.
Why exactly does vehicleprivacyreport want my VIN instead of year make and model? That’s me giving an unvetted third party website the unique tracking token for my car….