Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'privacy'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 421 results

  1. Anonymous to Donald Trump: We Know What You Did Last Summer Hackers threaten to leak Donald Trump’s Russian ties The messages were published by Anonymous after Donald Trump took to Twitter to suggest that outgoing CIA head John Brennan might be involved in the spreading of fake news that made the headlines in the past few weeks, including “Syria, Crimea, Ukraine and the build-up of Russian nukes.” The @YourAnonCentral Twitter handle, which has some 150,000 followers, was one of the first to reply to Donald Trump’s tweet, accusing the President-elect of being directly involved in some pretty shady activities in Russia. “.@realDonaldTrump you have financial and personal ties with Russian mobsters, child traffickers, and money launderers,” Anonymous said in their first message. “This isn't the 80's any longer, information doesn't vanish, it is all out there. You are going to regret the next 4 years. We could care less about Democrats attacking you @realDonaldTrump, the fact of the matter is, you are implicated in some really heavy s**t. Roy Cohen and your daddy aren't here to protect you anymore. Oh and please tell your interns not to waste money hitting us with your Moldavian bot farm, stay frosty @realDonaldTrump.” Donald Trump tight-lipped on Anonymous’ accusations It goes without saying that Donald Trump didn’t response to Anonymous’ tweets, and there’s absolutely no chance he didn’t notice them since he’s such a big Twitter fan. In other news, Donald Trump said he would keep his personal Twitter account in the next four years, so expect similar messages to be posted occasionally during his tenure at the White House. As far as Anonymous is concerned, the hacking group hasn’t said anything about when and how it could leak the information about the new President of the United States. They did say, however, that the next four years will be very difficult for Donald Trump, so if the hackers do have evidence regarding the new President’s involvement in shady Russian activities, expect them to go online sometime in the coming years. Source
  2. This is Firefox’s Upcoming Permissions System Mozilla is working on a new permissions frontend for Firefox currently that improves user interaction with permission requests significantly. Back in mid-2016 we gave you a glimpse of the new permissions system that Mozilla was working on at the time for its Firefox web browser. Mozilla worked on it a bit more in the meantime, and plans to launch an updated version of it soon that improves the user interaction with permissions in several ways. While there has always been permissions in web browsers, think of allowing or disallowing cookies or JavaScript for instance, recent advanced in web technologies brought along with them new ways for sites and services to interact with the browser. Non-default permissions, those that require access to a system's web cam, microphone or other sensors for instance, require elevation in Firefox. This means that Firefox will prompt the user when a site requests access to these features, and it is up to the user to grant or deny the request. Firefox Permissions The old system that Firefox uses right now in the stable version of the browser has its usability flaws. It is for instance easy enough to dismiss prompts by clicking elsewhere, and users appear to have troubles bringing the prompt back up when that happens. It is also difficult to manage individual permissions for sites according to surveys and tests that Mozilla conducted in the past to analyze the current system. The new permissions system, which is activate in Nightly versions of Firefox already, improves user interactions with site permissions significantly. We talked about the new sticky permissions prompt already that is displayed when a site requests a permission. Options are clearer in the prompt, and it is not possible anymore to accidentally dismiss it without making a selection. The icon the prompt uses indicates the permission request. A new feature that makes things even easier is that Firefox highlights permissions that you declined in the address bar next to the "information" icon. The icon indicates if special permissions have been granted, and opens the permissions dialog. Blocked permission requests are highlighted in the address bar to indicate that to the user, and give users a chance to activate them quickly if the need arises. A click on the icon, or the information icon, opens the new permissions dialog of Firefox. This dialog shows permissions directly, allowing you to remove them with a click, or allow or block permissions directly from there without having to go anywhere else in Firefox for that. If you see a small dot in the top right corner of the i-icon, it means that the site has been granted elevated privileges. You can still open Page Info from that dialog though to open the full permissions listing for the site, and make changes to it. WebRTC Audio, video and screen sharing permissions are improved as well. Screen sharing for one does not require sites to be added to a whitelist anymore. All sites may use WebRTC screen sharing in Firefox when the change lands. Firefox users have to select the window they want to share from a list -- the default is no window -- and a preview of that window is displayed for verification purposes. Firefox will ask the user if the entire screen or other important screens are to be shared. Mozilla introduced a permissions manager back in 2011 in Firefox that gave you control over site permissions, but removed it later on. Additional information on the permission system changes are available here. Now You: What's your opinion on the new permissions system? Source
  3. Steganos Online Shield VPN - 1 Year[365 Days] 2GB / 5GB / Unlimited* Per Month Promo by Auslogics Pals, this is not a new product from Steganos. It is the same old Online Shield 365. Now, it is just re-launched as Online Shield VPN. Actual Cost of OnlineShield VPN - 1 Year - $49.95. With Discount - $24.97 or $14.97. Now, you can get this for FREE - No Ads. NOTE: Limited Bandwidth - 2GB / 5GB / Unlimited* Per Month; 3 Devices; No Support; Personal Use Only. *Update: Some users are able to get Unlimited Bandwidth on at-least 1 key while using different browsers for 2 or multiple requests with different emails. Encryption Comparison between Steganos VPN Products: OkayFreedom VPN - 128-bit blowfish OnlineShield VPN - 256-bit AES More Info from TorrentFreak: https://torrentfreak.com/anonymous-vpn-providers-2016-edition2#steganos Links: Offer: https://www.steganos.com/specials/?m=auslogics0117&p=sos or https://www.steganos.com/specials/auslogics0117/sos Steps: Just click on any of the above links and enter your email. If you don't want to receive newsletters from Steganos Team, Uncheck the option. Now. Click on "Seriennummer anfordern". Check your mail and store the key. Tip: Note: Limited Period Offer. Current Status: Expired. However, alternate promo links working. Please read above spoiler. Downloads: Online Installer - Size: 2.6MB: https://file.steganos.com/software/downloader/steganos/sosintdle.exe Full Installer[Latest version]: https://file.steganos.com/software/sosint.exe - Size: 37.2MB (or) https://file.steganos.com/update/sosint.exe - Size: 37.2MB (or) https://file.steganos.com/software/wrappers/auslogics0117/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/pcformatpl0217/sosintwr.exe - Size: 35.4MB - Link not working. Use any of the above/below links (or) https://file.steganos.com/software/wrappers/downloadmixcom1216/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/pcgo0117/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/chip1116/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/chip/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/steganos/sosintwr.exe - Size: 35.4MB - Link not working. Use any of the above links Other Downloads: Android App iOS App Support/FAQ: https://www.steganos.com/service
  4. Gmail Users Under Attack As Hackers Develop Sophisticated Phishing Technique New phishing attack launched against Gmail users Specifically, attackers are now sending emails to Gmail users with embedded attachments that look like images and which require just a click to launch what is supposed to be a preview of the picture. Instead, the attachment opens a new tab in your browser that requires a re-login. When inspecting the typical elements that could point to a phishing scam, such as the address bar, everything looks legit, as in this case the URL is the following: “data:text/html,https://accounts/google.com.” So naturally, most users would provide their Gmail credentials, but as WordFence reports, once you do that, the account is compromised. Surprisingly, the hacked Gmail account is almost instantly accessed in order to retrieve the contacts and then uses the same phishing email to spread the attack. Using email addresses from a person’s contacts can make emails look even more legitimate, thus helping compromise a bigger number of accounts. Most likely, the access is automatically performed by a bot, but there’s also a chance for attackers to do the whole thing manually in order to collect email addresses. How to detect the phishing attack The easiest way to determine that a message is a phishing attack or not is by looking in the address bar. As we’ve told you before, attackers were particularly focused on ways to make the URL look more legitimate, but in reality, there are a lot of white spaces that you can remove to check out the end of the address. If you do that, you can notice that the URL ends with a script that’s supposed to launch the new tab and point the browser to the phishing page used to steal login credentials. Google has already offered a response, according to the aforementioned source, but it’s not what you think, as the company doesn’t seem to be too keen on blocking the attacks. “The address bar remains one of the few trusted UI components of the browsers and is the only one that can be relied upon as to what origin are the users currently visiting. If the users pay no attention to the address bar, phishing and spoofing attack are - obviously - trivial. Unfortunately that’s how the web works, and any fix that would to try to e.g. detect phishing pages based on their look would be easily bypassable in hundreds of ways. The data: URL part here is not that important as you could have a phishing on any http(s) page just as well,” the firm said. The easiest way to keep your account secure, even if you fall for this phishing attack, is to enable two-factor authentication for Gmail, which means that in case you do provide your login credentials on the phishing website, the attacker shouldn’t be able to access your account anyway. Source Alternate Source - Don't Fall For This Dangerously Convincing Ongoing Phishing Attack
  5. Canonical to Remove Old Unity 7 Scopes from Ubuntu Because They're Not Secure These won't be supported by Unity 8 anyway April will see the release of Ubuntu 17.04 (Zesty Zapus) operating system, but it also marks the fifth year of Unity user interface's implementation, which was first introduced as part of the Ubuntu 11.04 (Natty Narwhal) release. While Canonical's engineers are concentrating all of their efforts on bringing us the next-generation Unity 8 user interface, current Ubuntu Linux releases are still successfully using Unity 7, and so will Ubuntu 17.04. Old, unmaintained Unity 7 Scopes are still out there However, it would appear that the Ubuntu repositories still include some old, unmaintained Scopes that have security issues open, posing a threat to the entire system if installed and used. Most of these are related to some popular music playback apps and include unity-scope-audacious, unity-scope-clementine, unity-scope-gmusicbrowser, unity-scope-guayadeque, unity-scope-musique, and unity-scope-gourmet. Because of that, Canonical is planning on removing these and many other unmaintained Unity 7 Scopes from the official repositories, if their maintainers don't step up to patch any of the existing security issues, and also because Unity 8 won't support them. "Couple this with the decision to turn off online searches by default and I think it's time to consider dropping these Scopes from the archive. Plus of course, the fact that they won't work in Unity 8 in the future anyway," said Will Cooke, Ubuntu Desktop Manager at Canonical. If you submitted a Unity 7 Scope in the past, and no longer offer security fixes for it, please do everyone a favor and remove it from the repositories as soon as possible. Unity 7 will be supported for a few more years, but it doesn't have to be insecure. Source
  6. Microsoft Reduces the Amount of Telemetry Data Collected from Windows 10 PCs Other privacy changes implemented for Microsoft users First and foremost, Microsoft is introducing a new privacy dashboard on the web that lets users see and manage privacy data, including search history, location activity, and Cortana’s Notebook - information that the digital assistant requires to provide a more personal experience. In order to access this dashboard, you need to sign in with your Microsoft account and connect to account.microsoft.com/privacy, with Redmond promising to add more functionality and categories over time. Windows 10 changes As far as Windows 10 is concerned, Microsoft is announcing a new setup experience for users who install the new OS. The new option replaces the previous Express settings presented during the Windows 10 install, Microsoft says. Those upgrading from Windows 7, Windows 8 or performing a new clean install should be able to see what Microsoft describes as “simple but important settings,” while those who are already on Windows 10 will be asked to update privacy settings with a notification. These new settings will make their debut with the Creators Update, and will be integrated into an insider build shipping soon. The telemetry settings in Windows 10 will be simplified from three different levels to just two, namely Basic and Full. The Enhanced level will no longer be offered, and users who picked this one will be prompted to switch to Basic or Full after installing the Creators Update. But what’s more important is that the Basic level will collect a reduced amount of telemetry data from Windows 10 computers, according to Microsoft. “This includes data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft,” the firm says. Users will be given full control over their privacy settings and will obviously be allowed to change them at a later time from the Settings app in Windows 10. Source
  7. Chinese Citizens Can Be Tracked In Real Time A group of researchers have revealed that the Chinese government is collecting data on its citizens to an extent where their movements can even be tracked in real-time using their mobile devices. This discovery was made by The Citizen Lab at the University of Toronto's Munk School of Global Affairs who specialize in studying the ways in which information technology affects both personal and human rights worldwide. It has been known for some time that the Chinese government employs a number of invasive tactics to be fully aware of the lives of its citizens. Though Citizen Lab was able to discover that the government has begun to monitor its populace using apps and services designed and run by the private sector. The discovery was made when the researchers began exploring Tencent's popular chat app WeChat that is installed on the devices of almost every Chinese citizen with 800 million active users each month. Citizen Lab found that not only does the app help the government censor chats between users but that it is also being used as a state surveillance tool. WeChat's restrictions even remain active for Chinese students studying abroad. Ronald Deibert, a researcher at Citizen Lab, offered further insight on the team's discovery, saying: "What the government has managed to do, I think quite successfully, is download the controls to the private sector, to make it incumbent upon them to police their own networks". To make matters worse, the data collected by WeChat and other Chinese apps and services is currently being sold online. The Guangzhou Southern Metropolis Daily led an investigation that found that large amounts of personal data on nearly anyone could be purchased online for a little over a hundred US dollars. The newspaper also found another service that offered the ability to track users in real-time via their mobile devices. Users traveling to China anytime soon should be extra cautious as to their activities online and should think twice before installing WeChat during their stay. Published under license from ITProPortal.com, a Future plc Publication. All rights reserved. Source
  8. Explained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug! What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are always invited What's the Issue: The vulnerability relies on the way WhatsApp behaves when an end user's encryption key changes. WhatsApp, by default, trusts new encryption key broadcasted by a contact and uses it to re-encrypt undelivered messages and send them without informing the sender of the change. In my previous article, I have elaborated this vulnerability with an easy example, so you can head on to read that article for better understanding. Facebook itself admitted to this WhatsApp issue reported by Boelter, saying that "we were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." What Experts argued: According to some security experts — "It's not a backdoor, rather it’s a feature to avoid unnecessarily re-verification of encryption keys upon automatic regeneration." Open Whisper Systems says — "There is no WhatsApp backdoor," "it is how cryptography works," and the MITM attack "is endemic to public key cryptography, not just WhatsApp." A spokesperson from WhatsApp, acquired by Facebook in 2014 for $16 Billion, says — "The Guardian's story on an alleged backdoor in WhatsApp is false. WhatsApp does not give governments a backdoor into its systems. WhatsApp would fight any government request to create a backdoor." What's the fact: Notably, none of the security experts or the company has denied the fact that, if required, WhatsApp, on government request, or state-sponsored hackers can intercept your chats. What all they have to say is — WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. Open Whisper Systems (OWS) criticized the Guardian reporting in a blog post saying, "Even though we are the creators of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment." What? "...encryption protocol supposedly "backdoored" by WhatsApp…" NO! No one has said it's an "encryption backdoor;" instead this backdoor resides in the way how end-to-end encryption has been implemented by WhatsApp, which eventually allows interception of messages without breaking the encryption. As I mentioned in my previous story, this backdoor has nothing to do with the security of Signal encryption protocol created by Open Whisper Systems. It's one of the most secure encryption protocols if implemented correctly. Then Why Signal is more Secure than WhatsApp? You might be wondering why Signal private messenger is more secure than Whatsapp, while both use the same end-to-end encryption protocol, and even recommended by the same group of security experts who are arguing — "WhatsApp has no backdoor." It's because there is always room for improvement. The signal messaging app, by default, allows a sender to verify a new key before using it. Whereas, WhatsApp, by default, automatically trusts the new key of the recipient with no notification to the sender. And even if the sender has turned on the security notifications, the app notifies the sender of the change only after the message is delivered. So, here WhatsApp chose usability over security and privacy. It’s not about 'Do We Trust WhatsApp/Facebook?': WhatsApp says it does not give governments a "backdoor" into its systems. No doubt, the company would definitely fight the government if it receives any such court orders and currently, is doing its best to protect the privacy of its one-billion-plus users. But what about state-sponsored hackers? Because, technically, there is no such 'reserved' backdoor that only the company can access. Why 'Verifying Keys' Feature Can't Protect You? WhatsApp also offers a third security layer using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code or by comparing a 60-digit number. But here’s the catch: This feature ensure that no one is intercepting your messages or calls at the time you are verifying the keys, but it does not ensure that no one, in the past had intercepted or in future will intercept your encrypted communication, and there is no way, currently, that would help you identify this. WhatsApp Prevention against such MITM Attacks are Incomplete WhatsApp is already offering a "security notifications" feature that notifies users whenever a contact's security code changes, which you need to turn on manually from app settings. But this feature is not enough to protect your communication without the use of another ultimate tool, which is — Common Sense. Have you received a notification indicating that your contact's security code has changed? Instead of offering 'Security by Design,' WhatsApp wants its users to use their common sense not to communicate with the contact whose security key has been changed recently, without verifying the key manually. The fact that WhatsApp automatically changes your security key so frequently (for some reasons) that one would start ignoring such notifications, making it practically impossible for users to actively looking each time for verifying the authenticity of session keys. What WhatsApp should do? Without panicking all one-billion-plus users, WhatsApp can, at least: Stop regenerating users' encryption keys so frequently (I clearly don't know why the company does so). Give an option in the settings for privacy-conscious people, which if turned on, would not automatically trust new encryption key and send messages until manually accepted or verified by users. ...because just like others, I also hate using two apps for communicating with my friends and work colleagues i.e. Signal for privacy and WhatsApp because everyone uses it. Source
  9. WhatsApp Security: Make This Change Right Now! Security researchers found a backdoor in the popular messaging application WhatsApp recently that could allow WhatsApp to intercept and read user messages. Facebook, the owner of WhatsApp, claims that it is impossible to intercept messages on WhatsApp thanks to the services end-to-end encryption. The company states that no one, not even itself, can read what is sent when both sender and recipient use the latest version of the application. It turns out however that there is a way for WhatsApp to read user messages, as security researcher Tobias Boelter (via The Guardian) found out. Update: In a statement sent to Ghacks, a WhatsApp spokesperson provided the following insight on the claim: WhatsApp has the power to generate new encryption keys for users who are not online. Both the sender and the recipient of messages are not made aware of that, and the sender would send any message not yet delivered again by using the new encryption key to protect the messages from third-party access. The recipient of the message is not made aware of that. The sender, only if Whatsapp is configured to display security notifications. This option is however not enabled by default. While WhatsApp users cannot block the company -- or any state actors requesting data -- from taking advantage of the loophole, they can at least activate security notifications in the application. The security researcher reported the vulnerability to Facebook in April 2016 according to The Guardian. Facebook's response was that it was "intended behavior" according to the newspaper. Activate security notifications in WhatsApp To enable security notifications in WhatsApp, do the following: Open WhatsApp on the device you are using. Tap on menu, and select Settings. Select Account on the Settings page. Select Security on the page that opens. Enable "show security notifications" on the Security page. You will receive notifications when a contact's security code has changed. While this won't prevent misuse of the backdoor, it will at least inform you about its potential use. Source Alternate Source - 1: WhatsApp Encryption Has Backdoor, Facebook Says It's "Expected Behaviour" Alternate Source - 2: WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages Alternate Source - 3: Oh, for F...acebook: Critics bash WhatsApp encryption 'backdoor' Alternate Source - 4: Your encrypted WhatsApp messages can be read by anyone Alternate Source - 5: How to protect yourself from the WhatsApp 'backdoor' Alternate Source - 6: 'Backdoor' in WhatsApp's end-to-end encryption leaves messages open to interception [Updated] Detailed Explanation of the Issue and Prevention/Alternatives:
  10. It’s Time to Ditch Skype and TeamSpeak, Discord Launches Its App for Linux Users The app is now available for Ubuntu Linux and other distros Linux was the missing piece for them to achieve full status and offer their services across all major platforms, both on desktop and mobile. Discord is currently available for Android, iOS, Mac, and Windows, but you can also use it directly from the Web, using a compatible web browser. The app appears to be a direct competitor to Microsoft's Skype VoIP client, as well as the well-known TeamSpeak voice communication platform. It offers a wide range of features, including IP and DDoS protection, in-game overlay, smart push notifications, individual volume control, support for multiple channels, and a modern text chat. Other noteworthy features of Discord include support for codecs, permissions, and custom keyboard shortcuts, a direct messaging system and friends list. It also promises to keep the CPU usage as minimal as possible, offering low latency support for audio and automatic failover functionality. Install Discord on Ubuntu now The first stable release of the official Discord app for Linux systems, versioned 0.0.1, is currently available for download as a binary package for Debian and Ubuntu-based distributions, such as Ubuntu, Debian, Linux Mint, etc. However, to install it, you'll need to have a 64-bit installation. There's also a source tarball available for download in case you're not running an operating system based on Debian or Ubuntu, but you'll have to compile it. It appears that Discord 0.0.1 already made its way into the Arch Linux AUR repositories, and it's coming soon to Solus, too. Other distros may add Discord to their repositories in the coming weeks. Stoked to announce our super sick app for LINUX. Chris was massaging this for ages but it's like super sick now https://t.co/hQtQpZO95c pic.twitter.com/lVyDkBD3cN — Discord (@discordapp) January 11, 2017 Source
  11. Windows 10 Share “Soon With” Ads Microsoft plans to roll out the upcoming Windows 10 feature update Creators Update with a new Share UI, and will push ads in that UI. Microsoft is working on the next feature update for Windows 10 called the Creators Update. The new version of Windows 10 will be made available in April 2017 according to latest projections, and it will introduce a series of new features and changes to the operating system. The built-in Share functionality of Windows 10 will be updated in the Creators Update as well. We talked about this when the first screenshots of the new user interface leaked. The core change is that the Share user interface will open up in the center of the screen instead of the sidebar. Along with the change come ads. If you take a look at the following screenshot, courtesy of Twitter user Vitor Mikaelson (via Winaero), you see the Box application listed as one of the available share options even though it is not installed on the device (and never was according to Vitor). The suggested app is listed right in the middle of the share interface, and not at the bottom. Microsoft uses the Share UI to promote Windows Store applications. This is one of the ways for Microsoft to increase the visibility of the operating system's built-in Store. The Share UI is not the first, and likely not the last, location to receive ads on Windows 10. Ads are shown on Windows 10's lockscreen, and in the Windows 10 start menu for instance. While it is possible to disable the functionality, it is turned on by default. Ads in the Share UI will likely be powered by the same system which means that you will be able to turn these ads off in the Settings. Microsoft is not the only company that uses recommendations in their products to get users to install other products. I'm not fond of this as I don't like it that these suggestions take away space. While I don't use the Share UI at all, I do use the Start Menu. The recommendations there take away space from programs and applications that I have installed or am using. Yes, it is easy enough to turn these off, and that's what I did as I have no need for them. Should I ever run into a situation where I require functionality, say sharing to Box, I'd search for a solution and find it. I can see these recommendations being useful to inexperienced users however who may appreciate the recommendations. There is a debate going on currently whether to call these promotions advertisement, or recommendations / suggestions. Now You: What's your take on these? How do you call them? Source
  12. Browser Autofill Data May Be Phished Data that you have saved as so-called Autofill data in your web browser of choice may be phished by sites using hidden form fields. Most modern web browsers support comfortable features like auto-filling forms on sites using data that you have entered in the past. Instead of having to enter your name, email address or street address whenever you sign up for a new account for instance, you'd fill out the data once only and have the browser fill out the fields for you any time they are requested afterwards. But autofill can also be a privacy issue. Imagine a site requesting that you enter your name and email address on a page. You would probably assume that this is the only data it requests, and that your browser will only fill out those fields and nothing else. Watch what happens when the developer of a site adds hidden fields to a page. Note that hidden in this regard means visible but drawn outside the visible screen. The browser may fill out fields that you don't see but are there. As you can see, this may include personal data without you being aware that the data is submitted to the site. While you could analyze any page's source code before submitting anything, doing so is highly impracticable. You can download the example index.html file from GitHub. Please note that this appears to work in Chrome but not in Firefox at the time of writing. It is likely that Chrome-based browsers will behave the same. Chrome will only fill out the following information by default: name, organization, street address, state, province, zip, country, phone number and email address. Note that you may add other date, credit cards for instance, to autofill. Since there is no way of stopping this from the user's end, it is best right now to disable autofill until the issue gets fixed. It is interesting to note that this is not a new issue, but one that has been mentioned since at least 2010. A Chromium bug was reported in mid 2012, but it has not found any love yet. Disable autofill in Chrome You can disable Google Chrome's autofill functionality in the following way: Load chrome://settings/ in the web browser's address bar. Click on "show advanced settings" at the end of the page. Scroll down to the "passwords and forms" section. Remove the checkmark from "Enable Autofill to fill out web forms in a single click". Mozilla Firefox does not seem to be affected by this. You can find out about disabling autofill in Firefox on Mozilla's Support website. Closing Words There is the question whether browser add-ons that support automatic form filling may leak data to sites that use hidden form fields as well. I did not test this, but it would be interesting to find out. Source
  13. Steganos Online Shield VPN - 1 Year[365 Days] 2GB / 5GB / Unlimited* Per Month Promo by PCFormat Pals, this is not a new product from Steganos. It is the same old Online Shield 365. Now, it is just re-launched as Online Shield VPN. Actual Cost of OnlineShield VPN - 1 Year - $49.95. With Discount - $24.97 or $14.97. Now, you can get this for FREE - No Ads. NOTE: Limited Bandwidth - 2GB / 5GB / Unlimited* Per Month; 3 Devices; No Support; Personal Use Only. *Update: Some users are able to get Unlimited Bandwidth on at-least 1 key while using different browsers for 2 or multiple requests with different emails. Encryption Comparison between Steganos VPN Products: OkayFreedom VPN - 128-bit blowfish OnlineShield VPN - 256-bit AES More Info from TorrentFreak: https://torrentfreak.com/anonymous-vpn-providers-2016-edition2#steganos Links: Offer: https://www.steganos.com/specials/?m=pcformat0217&p=sos or https://www.steganos.com/specials/pcformat0217/sos Steps: Just click on any of the above links and enter your email. If you don't want to receive newsletters from Steganos Team, Uncheck the option. Now. Click on "Seriennummer anfordern". Check your mail and store the key. Tip: Note: Limited Period Offer. Current Status: Open. Downloads: Online Installer - Size: 2.6MB: https://file.steganos.com/software/downloader/steganos/sosintdle.exe Full Installer[Latest version]: https://file.steganos.com/software/sosint.exe - Size: 35.2MB (or) https://file.steganos.com/update/sosint.exe - Size: 35.2MB (or) https://file.steganos.com/software/wrappers/pcformatpl0217/sosintwr.exe - Size: 35.4MB - Link not working. Use any of the above/below links (or) https://file.steganos.com/software/wrappers/downloadmixcom1216/sosintwr.exe - Size: 37.4MB (or) https://file.steganos.com/software/wrappers/pcgo0117/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/chip1116/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/chip/sosintwr.exe - Size: 35.4MB (or) https://file.steganos.com/software/wrappers/steganos/sosintwr.exe - Size: 35.4MB - Link not working. Use any of the above links Other Downloads: Android App iOS App Support/FAQ: https://www.steganos.com/service
  14. Firefox 52: Better Font Fingerprinting Protection Mozilla plans to integrate better font fingerprinting protection in Firefox 52; the new version of the web browser is scheduled for a March 7, 2017 release. The changes are already live in pre-release versions of the web browser. Font fingerprinting refers to one of the many fingerprinting options that websites and services have when users connect to them. The web browser reveals information during connect which the site or service may record. The core idea behind browser fingerprinting is to create a unique profile of a browser by using one, some or many parameters that are retrievable publicly. Tip: You can run browser fingerprinting tests like Browserprint or Panopticlick to find out about what your browser reveals on connect. Firefox 52: Better Font Fingerprinting Protection If you check for system fonts using a service like Panopticlick, you will get the list of supported fonts returned. This test requires only JavaScript to function, and has nothing to do with Adobe Flash's method of returning fonts as well. The screenshot above confirms that system fonts are revealed to sites using JavaScript currently. This is true for all Firefox channels, even development channels. The new change that will launch with Firefox 52 is an optional parameter that you can configure to restrict font access. So, instead of returning all fonts installed on the operating system, Firefox would only return the fonts that you have whitelisted. Side note: one could say that restricting fonts might make you even more unique, considering that the vast majority of browsers won't return only some or even no fonts at all. Also, being too restrictive may change fonts that the browser uses as well. Finally, some fonts appear to be added regardless of your choice currently. Adding only Helvetica to the whitelist for instance returned Courier, MS Sans Serif, Sans Serif and Times as well. It would obviously be better if Firefox would return only a standard set of fonts if the whitelist is activated. You need to do the following to use a system font whitelist in Firefox: Type about:config in the browser's address bar and hit the Enter-key afterwards. Confirm that you will be careful if the warning prompt is displayed. Right-click in the main pane listing all preferences, and select New > String from the context menu. Name the new parameter font.system.whitelist. Now add fonts to the whitelist separated by comma: Helvetica, Courier, Verdana is a valid value for instance. The change takes effect immediately. You may notice that fonts change in the browser UI or on websites as a response You can follow the feature's progress on Bugzilla. (via Sören Hentzschel) Source
  15. Hello Everyone!, So today I found a new Windows Privacy Tool called Win.Privacy. After some research about it I finally decided to actually test it. Everything seem alright till now. However, the reason I am here is to collect some more opinions about this program. Thanks for your time!
  16. The Music Industry Shouldn't Be Able To Cut Off Your Internet Access EFF, Public Knowledge, and the Center for Democracy and Technology Urge The United States Court of Appeals for the Fourth Circuit to Protect Internet Subscribers in BMG v. Cox. No one should have to fear losing their internet connection because of unfounded accusations. But some rights holders want to use copyright law to force your Internet service provider (ISP) to cut off your access whenever they say so, and in a case the Washington Post called “the copyright case that should worry all Internet providers,” they’re hoping the courts will help them. We first wrote about this case—BMG v. Cox Communications—when it was filed back in 2014, and last month, EFF, Public Knowledge (PK) , and the Center for Democracy and Technology (CDT) urged the Court of Appeals for the Fourth Circuit to overturn a ruling that ISP Cox Communications was liable for copyright infringement. EFF, PK and CDT advised the court to consider the importance of Internet access in daily life in determining when copyright law requires an ISP to cut off someone’s Internet subscription. The case turns in part on a provision in copyright law that gives internet intermediaries a safe harbor—legal protection against some copyright infringement lawsuits — provided they follow certain procedures. Online platforms like Facebook and YouTube, along with other internet intermediaries, have to “reasonably implement” a policy for terminating “subscribers and account holders” that are “repeat infringers” in “appropriate circumstances.” But given the importance of Internet access, the circumstances where it’s appropriate to cut off a home Internet subscription entirely are few and far between. The law as written is flexible enough that providers can design and implement policies that make sense for the nature of their service and their subscribers’ circumstances. A repeat infringer policy for the company that provides your link to the Internet as a whole should take into account the essential nature of internet access and the severe harm caused by disconnection. But music publisher BMG wants to use this provision to force ISPs to become tougher enforcers of copyright law. According to BMG, ISPs should be required both to forward rights holders’ threatening demand letters to their subscribers and terminate a subscriber’s Internet access whenever rights holders allege that person has repeatedly violated copyright law. A subscriber is a “repeat infringer” and subject to termination, they argue, whenever they say so. Unfortunately, the district court agreed with the music publisher, ruling that notices of copyright infringement sent by copyright troll Rightscorp were enough for Cox to know that a subscriber was repeatedly using its network to infringe copyright. Because Cox failed to terminate enough of those subscribers on the basis of Rightscorps’ accusations, Judge Liam O’Grady of U.S. District Court for the Eastern District of Virginia ruled that Cox was ineligible for the safe harbor and liable for millions of dollars in damages for contributory copyright infringement. Cox’s appeal of the ruling raises two very important issues: (1) Who should be considered a “repeat infringer” who should be cut off from the Internet, and (2) whether ISPs must either cede to rights holders’ demands or monitor their subscribers’ internet habits to avoid liability. Who should determine when someone is a “repeat infringer”? The law as it’s written doesn’t require ISPs to terminate their subscribers whenever repeated accusations of infringement are made. Elsewhere in copyright law, terms like “alleged” or “claimed” infringement indicate that allegations are relevant. The “repeat infringer” provision leaves them out. The law only requires ISPs to have a policy for termination of actual “repeat infringers,” not “alleged” or “claimed” repeat infringers. In giving rightsholders the ability to determine for themselves who counts as a “repeat infringer,” Judge O’Grady created a powerful tool they can use to pressure ISPs to comply with their copyright enforcement schemes. And they get an extra boon as well — they can shake down Internet subscribers for settlement fees with threats that they’ll lose their internet access. This is especially worrisome in light of the frequency of false or erroneous allegations of infringement–-on Cox’s network alone, for example, Rightscorp misidentified hundreds of files as infringing. In one case, for example, Rightscorp identified “a Grateful Dead song that was actually an article about a Grateful Dead performance.” Faced with a dubious notice, ISPs are ill-suited to investigate whether the allegations it contains are true. Because Cox doesn’t host subscribers’ content but only provides the network through which their data travels, to examine whether that data infringes copyright, Cox would need to use deep-packet inspection to investigate every packet that subscriber sends and receives. That level of monitoring is frighteningly privacy-invasive and clearly not contemplated by the law. Even if ISPs did examine their subscribers’ traffic, determining whether a particular file is infringing (rather than in the public domain, licensed, or a fair use) is a difficult call even for courts and copyright lawyers, and even for the rightsholders themselves. Where an Internet subscriber’s very connection to the larger world is at risk, courts should hesitate before asking ISPs to make that call on their own. IP Addresses are "Unreliable Informants.” Your ISP can see only the Internet Protocol (IP) address associated with your account, not who is using that address at any one time. This means that infringement notices that identify an IP address only cannot show whether the subscriber or a different person was using that connection at the time. Any one IP address can provide Internet access to any number of people; many people share their Internet connections within their household or with their community, and they generally aren’t able to control what others do online. In this case, many of Rightscorp’s notices identified infringement carried out by third parties, and not the subscriber themselves. Terminating that subscriber’s account would be unfair to that subscriber, and would cut-off Internet access to everyone else sharing that connection. A court, not a rights holder or ISP should make the call. The only way to reliably determine when a subscriber is a repeat infringer is when that person has been found by a court of law to have repeatedly committed copyright infringement. The law should allow ISPs to insist on an adjudication of infringement before terminating someone’s Internet account. Holding ISPs like Cox liable for contributory infringement opens the door to widespread monitoring and filtering. Even without protection of the safe harbor, ISPs like Cox aren’t necessarily liable merely because they provide Internet service to someone who infringed a copyright. Two landmark Supreme Court cases, Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., and Sony Corp. of America v. Universal Studios made clear that if a service is capable of significant lawful uses, and the provider doesn’t actively encourage users to commit copyright infringement, the provider shouldn’t be held responsible when someone nonetheless uses the service unlawfully. And, a provider’s mere failure to act doesn’t qualify as active encouragement. In ignoring this important rule and holding Cox liable for contributory copyright infringement, the district court created the risk that providers like Cox may have to choose between complying with rightsholders’ termination demands or monitoring and filtering their subscribers’ online activities if they want to avoid liability. Like “cutting off someone’s water”, terminating someone’s internet connection should be, at least, a measure of last resort. As Cox’s appeal continues, we hope this time the court gets it right. Source
  17. ISPs: Blocking The Pirate Bay is Dangerous Censorship Two major Swedish ISPs are warning that a possible court-ordered Pirate Bay blockade will introduce a dangerous and unwarranted form of censorship. Instead, they encourage copyright holders to collaborate with them to find better solutions to the piracy problem. The Pirate Bay is without doubt the most censored website on the Internet. Countries all around the world have ordered Internet providers to block subscriber access to the torrent site, with Europe being at the forefront. This week copyright holders and ISPs went to court in Sweden, as part of a prolonged legal battle to have the site blocked on its home turf. Two years ago Universal Music, Sony Music, Warner Music, Nordisk Film and the Swedish Film Industry filed a lawsuit to force Swedish ISP Bredbandsbolaget to block access to The Pirate Bay and Swefilmer. The rightsholders argued that the ISP is liable for the copyright infringements of its customers if it fails to implement a blockade. However, the Stockholm District Court disagreed and sided with the Internet provider in its ruling late last year. Now, both parties have argued their case before the Appeals Court. A final decision will be issued at a later date, but Bredbandsbolaget and fellow ISP Telenor warn that a blocking requirement will have serious implications. “It is a dangerous path to go down, which forces Internet providers to monitor and evaluate content on the Internet and block websites with illegal content in order to avoid becoming accomplices,” the companies write in a joint statement. Copyright holders have pointed out that similar orders were issued in neighboring countries, but the ISPs stress that a mandatory block will be an unprecedented form of censorship under Swedish law. “The copyright holders argue that the blockades they request are similar to those in neighboring Nordic countries. But with the legislation we have in Sweden, it means rightsholders’ demands require a form of censorship that has no equivalent in any other EU country.” The ISPs hope that the Court of Appeal will come to the same conclusion as the District Court; that ISPs which merely provide access to the Internet are not complicit in crimes that are committed by their customers. While Bredbandsbolaget and Telenor don’t expect that the case will go to the Supreme Court, they believe that the rightsholders will try to convince lawmakers to make blocking requests easier. This is not the right way to go, they say. “We don’t think that tougher legislation and blocking requirements are an effective way to stop the illegal distribution of copyrighted works on the Internet,” the ISPs note. Instead, they urge media companies and Internet providers to start collaborating to come to effective and mutually agreeable solutions. Thus far, they have shown little interest in doing that, the ISPs note. “We hope that the rightholders will be more open to dialogue when this lawsuit is over,” they conclude. Source
  18. Anti-Tracking Extension Privacy Badger 2.0 Is Out The Electronic Frontier Foundation released their anti-tracking extension Privacy Badger 2.0 for Firefox, Chrome and Opera yesterday. The extension is designed to prevent online tracking which is fundamentally different from how ad blockers operate. Instead of blocking scripts outright, Privacy Badger 2.0 will only block trackers. This means that ads may still be displayed, but that the extension puts an end to techniques that sites use to "follow" users around the web. The add-on places an icon in the browser's main toolbar that you interact with. It highlights the number of trackers that it blocked on a site, and displays options to allow individual trackers, or block domains that the extension did not detect as trackers. Privacy Badger 2.0 You are probably wondering how Privacy Badger 2.0 differs from the initial Privacy Badger released in 2014, and Privacy Badger 1.0 released in 2015. To find out, we have to dig deep as the EFF's own press release does not shed details on that. We have to look at the add-on stores to find out about the changes. Support for Firefox's multi-process architecture E10s is probably the biggest improvement over previous versions. Mozilla is still rolling out the feature to devices running the stable version of the Firefox web browser. Compatibility means that you can run Privacy Badger 2.0 alongside multi-process Firefox without major issues. Privacy Badger 2.0 may also be installed on Firefox Mobile for Android. This goes hand in hand with Privacy Badger sharing a code base now. Existing users of the extension may also notice performance improvements, the EFF refers to them as "huge", but mileage may vary. At least on my system, it is still not super fast. But there is more. Privacy Badget 2.0 may block WebRTC from leaking local IP addresses. Please note that this feature appears to be only available in the Chrome / Opera version of Privacy Badget 2.0, and not in the Firefox version. You find the option under "general settings" in the Privacy Badger options. You find the new "manage data" option in the settings as well. This enables you to import or export user data that includes whitelisted domains and filter settings. Privacy Badger 2.0 blocks so-called HTML5 pings as well in the new version, and will break fewer sites according to the EFF. Last but not least, it will also forget data when private browsing mode or incognito mode are used by the user. Firefox users reported that the extension breaks Google Docs for them, and there specifically Google Sheets. Closing Words Privacy Badger 2.0 is a major release, but it has its issues right now on Firefox. Google Sheets crashing, and WebRTC missing are just two of the reported issues right now that plague the Firefox version of the privacy add-on. If you do use it on Firefox, you better wait until those issues are sorted out before you upgrade to the new version. Source Changelog: New features with 2.0 & 2.0.1: Version 2.0.1 - Firefox Extension: Sanitize origin and action in popup Version 2.0 of Privacy Badger includes many improvements for users and developers, including: Support for “incognito” or “private” browsing Import/export capabilities, so you can export a backup of what Privacy Badger has learned about your tracker-blocking needs and import that into another browser Fixes to “break” fewer websites, ensuring that you can both block trackers and enjoy rich content Improved user interface translation for non-English-speaking users Blocks to prevent WebRTC from leaking your IP address Blocks to prevent HTMLl5 "ping" tracking Notable speed improvements (Firefox only) Multiprocess Compatibility (E10S) (Firefox only) A single code base for both the Firefox and Chrome versions Downloads: Details & FAQ: https://www.eff.org/privacybadger Firefox: https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/ Firefox[Optional Direct]: https://www.eff.org/files/privacy-badger-latest.xpi Opera: https://addons.opera.com/en/extensions/details/privacy-badger/?display=ru or https://addons.opera.com/extensions/download/privacy-badger/ Chrome: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp Chromium browsers[Optional Direct]: https://www.eff.org/files/privacy_badger-chrome.crx
  19. First Version of Sandboxed Tor Browser Available Developers at the Tor Project have started working on a sandboxed version of the Tor Browser, currently available as an early alpha version for Linux systems. Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system. This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS. Lack of sandboxing exposed Tor Browser users Most modern browsers use sandboxed environments to run code their receive from websites. Chrome, Firefox, and Edge all use sandboxes to separate themselves from the OS. Despite being based on Firefox, the Tor Browser did not use this technique, meaning it was far less secure, even if it provided more features to protect user privacy. In recent years, the FBI has developed and deployed Tor exploits in order to identify and catch crooks hiding their identity using Tor. While the FBI's intentions appear to be good, the Tor Project knows that this type of exploits can be used for other actions besides catching pedophiles and drug dealers. An exploit that unmasks Tor users can be very easily used to identify political dissidents or journalists investigating cases of corrupt politicians. As such, protecting the Tor Browser against exploits and vulnerabilities that can expose the identity of its users is crucial. The easiest way to do this is to support a sandboxing feature that isolates the Tor Browser from other OS processes and limits its ability to interact and query low-level operating system APIs that can expose MAC addresses, IP addresses, computer name, and more. Work on sandboxed Tor Browser started in September The Tor Project started working on a sandboxed version of the Tor Browser in September 2016. Over the weekend, Tor developers have released the first version of this new & improved Tor Browser. As you can imagine, this is a very rough version. One of the Tor developers working on the project describes the browser as a "Gtk+3 based UI for downloading/installing/updating Tor Browser, configuring [T]or, and launching the sandboxed browser. Think `tor-browser-launcher`, that happens to run Tor Browser in a bunch of containers." Currently, this version is in an early alpha stage, and only available for Linux. There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here. Source
  20. Zemana AntiLogger Premium 2.70 - 1 Year[365 Days] Promo by GOTD Overview: Zemana AntiLogger recognizes, prevents and blocks any kind of online identity theft and financial deception. Zemana AntiLogger is a powerful, efficient, and user friendly app that keeps track of who is doing what on your PC. It monitors your PC against the bad guys and prevents any kind of attempts to record or steal your private data and blocks any kind of suspicious activity. Included Advanced Features: Secure SSL Ransomware Protection Cloud Scanning Keystroke Logging Protection Browser Cleanup Pandors Sandbox Real-time Protection More Info: Product Homepage, PDF brochure on Zemana AntiLogger Links: Offer: https://www.giveawayoftheday.com/zemana-antilogger-2/ Shared Key: Note: Limited Period Offer. Expires in 24 hours. Activate the license within the giveaway period to avoid activation issues. The program is available for $29.95, but it will be free as a time-limited offer. Current Status: Open. Downloads: Offline Installer v2.70.2.118[Size: 5.2 MB]: https://zemana.com/en-US/Download/AntiLogger/Setup/Zemana.AntiLogger.Setup.exe
  21. Windscribe VPN 1.61 Build 9 Stable Internet As It Should Be Windscribe is a desktop application and browser extension that work together to block ads and trackers, restore access to blocked content and help you safeguard your privacy online. Learn More. What's New: https://blog.windscribe.com/windscribe-1-61-changelog-bc07800beb5b#.3mn4dhu3l Changelog: Added ability to select connection port Added LAN proxy support Added speed ratings Added ability to add openvpn params externally Added using custom DNS while disconnected to prevent DNS poisoning Added custom API resolution field to combat advanced DNS poisoning Added “Best Location” to the location list Added connection testing after tunnel initiation Added tooltip for “no p2p” icon Fixed crashing in macOS Sierra Fixed LAN traffic bypass to work with UPnP devices Fixed debug log sender Fixed backup API usage logic Fixed CPU and energy usage Fixed multiple accounts info message Fixed multi-monitor menu placement in macOS Fixed Windows taskbar icon in collapsed mode Enable Base Filtering Engine if its disabled in Windows 7 Changed openvpn config location to a permanent one Changed server list scrollbar to be more visible Changed XPC to sockets in macOS Changed TAP adapter metric on Windows 10 Various stability fixes Downloads: Windscribe for Your Computer: Windscribe for Your Browser: Windscribe for Your Phone: Windscribe for Your Router:
  22. After Spying Webcams, Welcome the Spy Toys “My Friend Cayla and I-Que” Privacy advocates claim both toys pose security and privacy threat for children and parents. Internet-connected toys are currently a rage among parents and kids alike but what we are not aware of are the associated security dangers of using Smart toys. It is a fact that has been acknowledged by the Center for Digital Democracy that smart toys pose grave privacy, security and similar other risks to children. There are certain privacy and security flaws in a pair of smart toys that have been designed to engage with kids. Last year, we reported how “Hello Barbie” toy spies on kids by talking to them, recording their conversations and send them to company’s servers which are then analyzed and stored in another cloud server. Now, the dolls My Friend Cayla and I-Que Intelligent Robot that are being marketed for both male and female kids are the objects of security concern. In fact the Federal Trade Commission’s child advocacy, consumer and privacy groups have filed a complaint [PDF] against these dolls. It is being suspected that these dolls are violating the Children’s Online Privacy Protection Act (COPPA) as well as the FTC rules because these collect and use personal data via communicating with kids. This feature of the dolls is being termed as a deceptive practice by the makers. The FTC has been asked in the complaint to investigate the matter and take action against the manufacturer of the dolls Genesis Toys as well as the provider of third-party voice recognition software for My Friend Cayla and I-Que, Nuance Communications. The complaints have been filed by these groups: the Campaign for a Commercial-Free Childhood (CCFC), Consumers Union, Center for Digital Democracy (CDD) and the Electronic Privacy Information Center (EPIC). According to complainers, these dolls are already creepy looking and the fact that these gather information makes them even creepier. Both these toys use voice recognition technology coupled with internet connectivity and Bluetooth to engage with the kids through answering questions and making up conversations. However, according to the CDD, this is done in a very insecure and invasive manner. The Genesis Toys claims on its website that while “most of Cayla’s conversational features can be accessed offline,” but searching for information would require internet connectivity. The promotional video for Cayla doll also focuses upon the toy’s ability to communicate with the kid as it stated: “ask Cayla almost anything.” To work, these dolls require mobile apps but some questions might be asked directly. The toys keep a Bluetooth connection enabled constantly so that the dolls could reach to the actions in the app and identify the objects when the kid taps on the screen. Some of the asked questions are recorded and sent to Nuance’s servers for parsing but it is yet unclear how much of the information is kept private. The toys’ manufacturer maintains that complete anonymity is observed. The toys were released in late 2015 but still these are selling like hot cakes. As per researchers’ statement in the FTC complaint, “by connecting one phone to the doll through the insecure Bluetooth connection and calling that phone with a second phone, they were able to both converse with and covertly listen to conversations collected through the My Friend Cayla and i-Que toys.” This means anyone can use their smartphone to communicate with the child using the doll as the gateway. Watch this add to see how Cayla works Watch this video to understand how anyone can spy on your child with Cayla and i-Que If you own a smart toy, keep an eye on the conversation between you and your kid. Courtesy: CDD Source
  23. How To Hide Files & Folders Inside Calculator On Android We are going to share the trick on how to hide important files and folders inside calculator app on Android device. Go through the post to know about it. We all know that there are billions of users who are using Android right now. Android is the platform which implements more features than any other operating system. We have already shared few tricks on how to hide Files & Folders in Android as we all need privacy in our contents. Today we are going to share another trick that will let you hide your files and folders in Android. We are going to use “Smart Hide Calculator” which is a fully functional calculator app but with a little twist. This app is actually a vault where you can store pictures, videos, and documents. You need to setup a password and then press the “=” button then you will get to see the files inside the app. How To Hide Files & Folders Inside Calculator On Android “Smart Hide Calculator” is a fully functional calculator app but with a little twist. Once you enter the password (You get to set it on the first start of app and can also be changed in future) and press the ‘=’ button then boom you are presented with an interface where you can hide, unhide pictures, videos, documents or files with any file extension placed in a folder on SD card, and if your device have root, you can also hide (freeze) and unhide (un-freeze) apps. Step 1. First of all, you need to download and install the app Smart Hide calculator on your Android device. Step 2. Now open the app and you need to set a password for using this app. This is the password that you will use to unlock your hidden files. Step 3. After you confirmed the password, you will see the fully functional calculator app on your screen. Step 4. You just need to enter the password and tap on “=” button to access the vault. Step 5. Once you entered the password and tapped on ‘=’ button you will get to see the options likes “Hide Files”, “Unhide Files” etc. That’s it! You can now select the files that you want to hide. If you want to unhide the files then simply go to the vault and select the option “Unhide Files” and from there you can unhide files. So, above is all about how to hide important files and folders inside calculator app. This is the most effective hiding tools you can have in your device because everyone will think it as a simple calculator. Hope you like the post, share it with your friends too. Source
  24. The Justice Department plans to submit a "legislative fix" aimed at allowing it to demand data stored on foreign soil, an official said Thursday. The fix is meant to counter a recent ruling by the Second Circuit Court of Appeals, which the Justice Department is challenging, that determined U.S. officials need international agreements to demand data stored on foreign soil. Assistant Attorney General Leslie Caldwell explained that officials felt hamstrung by the recent Microsoft decision that U.S. officials could not require the company to turn over emails stored in Ireland using the same process as emails stored in the U.S. Internet-based companies routinely place data centers in other countries. Prosecutors are traditionally required to use “mutual legal assistance treaties” (MLATs) to request foreign governments provide physical evidence residing on their own soil. “We have mutual legal assistance treaties with less than half the countries in the world,” Caldwell said during a talk at the Center for Strategic and International Studies. “Some of those countries put very strict assistance on what kind of assistance they will provide. Some of those countries we have treaties with, but as a practical matter they don’t provide evidence to us," she said. Even in Ireland, the site of the Microsoft case and what Caldwell referred to as the best of circumstances for MLATs, "it takes them 15 to 18 months to execute a request for assistance from a foreign country." Caldwell provided no other details on a potential legislative fix. Source