I never heard of SS7 and have actually no idea how the whole phone system communication works but that’s kinda scary…

SS7 and 1ESS are terribly insecure and were even before CALEA compliance was required. Folks compromising telephony routing systems was a thing back in the early 1990’s.

Story time. I worked as a telecom engineer for a while. One of ourasks was, whenever the telco would get a warrant a small team of us at the office were tasked with turning up the surveillance features of our infra (dupe all CDR logs off to another system for chain of custody, log all of the SIP traffic from the specified subscribers to a separate set of logs on the same box for the same reason, basically trap-and-trace and pen register functionality updated for the early 00’s (we had the capability of tapping and recording RTP traffic in realtime by abusing three way calling but were not asked to do it while I worked there)). About half the time we’d go into our back-end, and find taps already in place. A few times we took it to management, who kicked it up the food chain and were told flat out “Shut up, write up how you would have done it yourself, and just copy the data coming from what you found.” So, we did. Never did find out who did it and why.

OPM is already completely compromised, so it seems likely that they’re going through JPAS to find folks who came out during their background investigations. Expect another round of purges.

It will not hurt your chances.

Sure there is: Don’t store everything in a database.

AI acceleration ASICs are already in a lot of hardware these days. It doesn’t take a whole lot anymore for it to be both cheap and feasible.

It would be pretty easy to test, too.

Get a pre-paid phone. Set up a brand-new Google or Apple account. Activate phone using the new account. Put it through its paces for a few hours and note the ads you get.

Shoot the shit with your friends and family with the phone on the table for a few hours.

Put the phone through its paces again and note the ads you get.

They admitted it back then, too.

https://temp-mail.org/

https://harakirimail.com/

https://10minutemail.net/

https://www.startmail.com/ (7 day free accounts)

https://mailfence.com/ (free personal accounts)

Don’t pay for it, get a free account.

When you get right down to it, it’s all risk management.

https://elblogdelnarco.com/ is the one everybody seems to go to first. Be careful, there’s some pretty fucking horrifying stuff in there.

Look at how Mexican narcobloggers do it. Many of their sites are hosted at places like Blogger. They keep backups of everything they write (those sites let you download site archives from your control panel). They access everything over Tor using TAILS. They delay what they post compared to what happened, to make it more difficult to correlate who was within range of an event (i.e., witnesses) and when they posted it. They don’t post from home but go elsewhere.

They don’t tell anybody they’re narcobloggers. At all.

Thing is, then you stand out as one of the very few people using that alternative.

Probably. Very little will stop a mega from making money. Fines are budgeted as the cost of doing business.

Supposedly. Whether or not it actually works is a different matter.

Outlier profiles don’t get discarded. They get run through another statistical filtering step to smooth them out by eliminating the weird data points so that they’re less than a couple of standard deviations away from the core aggregate.

They can, and they do. That kind of filtering is a grad school homework project.

I used to work for a company that did the kind of data analysis AdNauseam is meant to foil. It doesn’t. If anything, it was kind of a joke around the office because the kind of junk that it throws out is easy to remove with a little statistical filtering. Just one more step in the processing pipeline.

Stick to just entering fake data when you have to enter data.

What’s the difference anymore?

They genuinely do not care anymore. We lost, just like the cypherpunks lost.

The last three or four companies I’ve worked for did. Usually a month or so in HR would want to know why I didn’t tell them about my birbsite account. They also usually asked why I didn’t update my LinkedIn page to say I was working there now.

You mean, there are places that don’t monitor their employees’ social media accounts to compare against?

They said straight up, “I googled you and couldn’t find a Twitter or Facebook account. What are you hiding?” I had to teach them who Armand Jean du Plessis was.

Opting out of social media these days is considered inherently suspicious. It definitely came up the last time I had to undergo a background check for work.

This is a thing that folks have done in the past:

• http://kacangbawang.com/encrypting-stored-email-with-postfix/
• https://www.grepular.com/Automatically_Encrypting_all_Incoming_Email and https://www.grepular.com/Automatically_Encrypting_all_Incoming_Email_Part_2
• https://jnphilipp.org/posts/auto-encrypt-all-incoming-email-with-postfix/
• https://www.mydreams.cz/en/hosting-wiki/9663-configuring-automatic-email-encryption-in-postfix-on-centos-7-using-gpg.html

It’s pretty nice. The REST API for running searches makes running SearxNG worth it, if nothing else.

I’ve tested wifi calling on AT&T, Verizon, and T-Mobile. How well it works (call quality, whether or not the call gets dropped, how often it gets dropped) has always been a crapshoot. Using a real VoIP client to connect to my Asterisk box? Significantly more stable and usable.

No. There are easier and more reliable ways to backdoor stuff that don’t run the risk of somebody’s fuzzer stumbling across it. Which, I hasten to add, can be installed in such a way that disabling it bricks the device (which means that nobody will bother).

I usually don’t take the rewards - I like to pay it forward for the few times I really needed them.

I usually just say “Nah, no time, just ring me up.”

Grocery stores. Picking up prescriptions at the pharmacy (there have been a couple of months where I couldn’t have afforded the cost if there weren’t discount points on 510-867-5309). Stuff at the hardware store. Target, occasionally.

Thank you - I’ve added them to my list.

The best way is to use comms channels that avoid their Windows install entirely. If Recall never sees it, it never gets recorded.

Can you tell us some of the things to search for so we can find those?

Yes, and yes.

Unable to decrypt message.

Unable to decrypt message.

Unable to decrypt message.

Unable to decrypt message.

Unable to decrypt message.

But hardly practical.

Disclaimer: I am not a lawyer.

I don’t know.

If a company is dissolved before lawsuits or charges are filed, the argument could be made that the entity in question no longer exists and the filings are invalid. Just like you can’t sue somebody who’s dead. It might not hold up in court but I wouldn’t put it past some very expensive lawyers to try it anyway because it might work.

This article says that “it depends.” There might be a period of time after a company dissolves that it can still be sued, namely, if the legal process to go about it wasn’t followed precisely. If there are no assets remaining sometimes the former owners can be sued. There is also the question of whether or not you’ll spend more on a lawsuit than you’ll get from the settlement.

I just realized something: Most of the time when talking about stuff like this, people seem to implicitly be talking about getting some money out of it (as punishment, maybe). Rarely do folks ever talk about suing for the express purpose of preventing the thing (in this case, selling customers’ genomic information to third parties) from ever happening.

This article talks about suing for undistributed assets. Suing to get your genomic data back and verifying that it’s been destroyed before it could be sold to anyone else is a possibility. It also talks about suing shareholders; if 23andMe is being delisted that seems like a legal gray area to be exploited: If a company is delisted are there still shareholders? Logically, yes (people hold worthless shares of stock in a company that doesn’t exist anymore) but legally? It might be state-dependent as this article suggests (per Favila v. Katten Muchin Rosenman LLP (2010) 188 Cal.App.4th 189, 213).

Maybe under a quiet title action to get the genomic data back?

I’ve had bots scouting for such a thing for a couple of years. So far, we haven’t found any that aren’t way sketchy. Your best bet might be to social engineer the folks at a cellular biology lab at a big college or something, get them to sequence your DNA, and have them copy the data onto a flash drive or something. Then the trick is finding somebody who can analyze the data and make sense of it all.

Let’s break this down a bit:

There is a service that people are likely to use only once. Send them a DNA sample, they sequence it and send you a report. It is highly unlikely that customers are going to have their DNA sequenced repeatedly. The company fails to introduce any other services that lead to customers sending them more money.

This means a revenue curve that goes up, plateaus, and then drops back down.

It was all right there to begin with. The “good while it lasted” curve doesn’t take a lot of imagination.