It’s that time of the year when people will be traveling, relaxing and generally trying to have a good time in this crazy situation. Travel and vacations have some specific privacy challenges, which we will be exploring in this Salon.
Today, the European Parliament approved the ePrivacy Derogation, allowing providers of e-mail and messaging services to automatically search all personal messages of each citizen for presumed suspect content and report suspected cases to the police.
Misused for third party attacks
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
Just another privacy nightmare
The Widespread Power of U.S. Law Enforcement to Search Mobile Phones
Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant.
“When we see new technology come out, people often think, ‘Wow, my life is going to be a lot safer‘, but we often see the opposite with survivors of domestic violence.”
Building a fenced garden, one step at a time
"In the name of security and privacy, Google is taking away the ability for users to select third-party camera apps in Android 11, forcing users to rely on the built-in camera app."
Considering that Atlassian’s policy and government affairs head, Patrick Zhang complained about the encryption laws in Australia, I'd suggest to give 0 trust to Atlassian products like jira, since most likely it contains some backdoor as required by local laws. Also isolating any email account used by its products #encryption
Grandmother Ordered To Delete Facebook Photos Under GDPR
Sequoia PGP makes final preparations for the 1.0 release
An Investigation Into PEPP-PT by Nadim Kobeissi
PEPP-PT = Pan-European Privacy-Preserving Proximity Tracing, which some governments (Hi Germany) want to make it centralized and not really privacy preserving..
The Luxembourgish prime minister reiterated that the government was against contact tracing apps unless a common solution is found on a European level.
The entire coalition government takes privacy laws extremely seriously, the prime minister underlined. "We have to know the side effects before we approve a similar measure," Bettel emphasised.