If you are having issues with extensions in your Firefox getting disabled, there was an issue with the signing certificate of Mozilla. They have already sent out a patch for that, but it requires you to enable Studies (privacy issue!!).
To bypass that, you can install the patch directly from the link below
https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
——————
Sources
[0] https://news.ycombinator.com/item?id=19826903
[1] https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/comment-page-6/#comment-226171
[2] https://normandy.cdn.mozilla.net/api/v1/recipe/
To bypass that, you can install the patch directly from the link below
https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
——————
Sources
[0] https://news.ycombinator.com/item?id=19826903
[1] https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/comment-page-6/#comment-226171
[2] https://normandy.cdn.mozilla.net/api/v1/recipe/
Mozilla Add-ons Blog
Add-ons disabled or failing to install in Firefox
Incident summary Updates - Last updated 14:35 PST May 14, 2019. We expect this to be our final update. If you are running ...
Forwarded from BlackBox (Security) Archiv
Google's short-lived data-advantage
There's a lot of ways to think about the movement to tame Big Tech, but one of the more useful divisions to explore is the "Night of the Comet" people versus the "Don't Believe the Criti-Hype" people.
This is a division over the value of the data that Google, Facebook and other large tech firms have amassed over the years – data on their users, sure, but also data on the advertisers and publishers they serve with their ad-tech platforms.
Big Tech companies and their investors are really bullish on the value of this commercial data-advantage: they say that spying on us – the users – lets them manipulate our opinions and activities so that we buy or believe the things their advertisers pay them to push.
More quietly, their investors believe that the data-advantage extends to publishers and advertisers, a deep storehouse of data that makes it effectively impossible for anyone else to do the precision targeted that Big Tech manages, which is why they have such fat margins.
https://pluralistic.net/2021/04/11/halflife/#minatory-legend
#google #DeleteGoogle #facebook #DeleteFacebook #BigData #BigTech #AdTech #thinkabout #comment
📡 @nogoolag 📡 @blackbox_archiv
There's a lot of ways to think about the movement to tame Big Tech, but one of the more useful divisions to explore is the "Night of the Comet" people versus the "Don't Believe the Criti-Hype" people.
This is a division over the value of the data that Google, Facebook and other large tech firms have amassed over the years – data on their users, sure, but also data on the advertisers and publishers they serve with their ad-tech platforms.
Big Tech companies and their investors are really bullish on the value of this commercial data-advantage: they say that spying on us – the users – lets them manipulate our opinions and activities so that we buy or believe the things their advertisers pay them to push.
More quietly, their investors believe that the data-advantage extends to publishers and advertisers, a deep storehouse of data that makes it effectively impossible for anyone else to do the precision targeted that Big Tech manages, which is why they have such fat margins.
https://pluralistic.net/2021/04/11/halflife/#minatory-legend
#google #DeleteGoogle #facebook #DeleteFacebook #BigData #BigTech #AdTech #thinkabout #comment
📡 @nogoolag 📡 @blackbox_archiv
Forwarded from BlackBox (Security) Archiv
Another huge data breach, another stony silence from Facebook
The social media giant is still a law unto itself. Can anybody hold it to account?
Half a billion Facebook users’ accounts stolen. Personal information compromised. Telephone numbers and birth dates drifting across the internet being used for God knows what. And for four days, from Facebook’s corporate headquarters, nothing but silence.
If this sounds familiar, it’s because it is. This week saw reports of a massive new Facebook breach and everything about it, from Facebook’s denials of the words “data” and “breach” to its repeated refusal to answer journalists’ questions, has been uncannily reminiscent of the Cambridge Analytica scandal.
Three years on, “Cambridge Analytica” is a byword for mass-data abuse, Facebook has been fined billions of dollars for failing to protect users’ data and... not a thing has changed. If ever there were a moment to understand how profoundly all systems of accountability have failed, and continued to fail, it is this.
Last week Nick Clegg, vice president of global affairs at Facebook, admitted on The Verge website that the Cambridge Analytica scandal had “rocked Facebook right down to its foundations”. And yet it has learned nothing. It has paid no real price (the record $5 billion fine it paid to the Federal Trade Commission (FTC) is literally no price at all to Facebook), suffered no real consequences, and failed to answer any questions over the involvement of its executives.
https://www.theguardian.com/technology/2021/apr/11/another-huge-data-breach-another-stony-silence-from-facebook
#facebook #DeleteFacebook #data #breach #comment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
The social media giant is still a law unto itself. Can anybody hold it to account?
Half a billion Facebook users’ accounts stolen. Personal information compromised. Telephone numbers and birth dates drifting across the internet being used for God knows what. And for four days, from Facebook’s corporate headquarters, nothing but silence.
If this sounds familiar, it’s because it is. This week saw reports of a massive new Facebook breach and everything about it, from Facebook’s denials of the words “data” and “breach” to its repeated refusal to answer journalists’ questions, has been uncannily reminiscent of the Cambridge Analytica scandal.
Three years on, “Cambridge Analytica” is a byword for mass-data abuse, Facebook has been fined billions of dollars for failing to protect users’ data and... not a thing has changed. If ever there were a moment to understand how profoundly all systems of accountability have failed, and continued to fail, it is this.
Last week Nick Clegg, vice president of global affairs at Facebook, admitted on The Verge website that the Cambridge Analytica scandal had “rocked Facebook right down to its foundations”. And yet it has learned nothing. It has paid no real price (the record $5 billion fine it paid to the Federal Trade Commission (FTC) is literally no price at all to Facebook), suffered no real consequences, and failed to answer any questions over the involvement of its executives.
https://www.theguardian.com/technology/2021/apr/11/another-huge-data-breach-another-stony-silence-from-facebook
#facebook #DeleteFacebook #data #breach #comment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
the Guardian
Another huge data breach, another stony silence from Facebook | Carole Cadwalladr
The social media giant is still a law unto itself. Can anybody hold it to account?
Forwarded from BlackBox (Security) Archiv
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (Interesting quotes and conclusion)
💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.me/BlackBox_Archiv/2042
Both WhatsApp and Telegram transmit the contacts of users in clear text to their servers (but encrypted during transit), where they are stored to allow the services to push updates (such as newly registered contacts) to the clients. WhatsApp stores phone numbers of its users in clear text on the server, while phone numbers not registered with WhatsApp are MD5-hashed with the country prefix prepended (according to court documents from 2014 [2]).
Signal does not store contacts on the server. Instead, each client periodically sends hashes of the phone numbers stored in the address book to the service, which matches them against the list of registered users and responds with the intersection. The different procedures illustrate a trade-off between usability and privacy: the approach of WhatsApp and Telegram can provide faster updates to the user with less communication overhead, but needs to store sensitive data on the servers.
💡Signal:
Our script for Signal uses 100 accounts over 25 daysto check all 505 million mobile phone numbers in the US. Our results show that Signal currently has 2.5 million users registered in the US, of which 82.3 % have set an encrypted user name, and 47.8 % use an encrypted profile picture. We also cross-checked with WhatsApp to see if Signal users differ in their use of public profile pictures, and found that 42.3 % of Signal users are also registered on WhatsApp (cf. Tab. IV), and 46.3 % of them have a public profile picture there. While this is slightly lower than the average for WhatsApp users (49.6 %), it is not sufficient to indicate an increased privacy-awareness of Signal’s users, at least for profile pictures.
💡Telegram:
For Telegram we use 20 accounts running for 20 days on random US mobile phone numbers. Since Telegram’s rate limits are very strict, only 100,000 numbers were checked during that time: 0.9 % of those are registered and 41.9 % have a non-zero importer_count. These numbers have a higher probability than random ones to be present on other messengers, with 20.2 % of the numbers being registered with WhatsApp and 1.1 % registered with Signal, compared to the average success rates of 9.8 % and 0.9 %, respectively. Of the discovered Telegram users, 44 % of the crawled users have at least one public profile picture, with 2 % of users having more than 10 pictures available.
💡 Comparison WhatsApp | Signal | Telegram:
With its focus on privacy, Signal excels in exposing almost no information about registered users, apart from their phone number. In contrast, WhatsApp exposes profile pictures and the About text for registered numbers, and requires users to opt-out of sharing this data by changing the default settings. Our results show that only half of all US users prevent such sharing by either not uploading an image or changing the settings. Telegram behaves even worse: it allows crawling multiple images and also additional information for each user. The importer_count offered by its API even provides information about users not registered with the service. This can help attackers to acquire likely active numbers, which can be searched on other platforms.
💡 Conclusion:
Mobile contact discovery is a challenging topic for privacy researchers in many aspects. In this paper, we took an attacker’s perspective and scrutinized currently deployed contact discovery services of three popular mobile messengers: WhatsApp, Signal, and Telegram. We revisited known attacks and using novel techniques we quantified the efforts required for curious serv[...]
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #comment #conclusion
📡 @nogoolag 📡 @blackbox_archiv
💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.me/BlackBox_Archiv/2042
Both WhatsApp and Telegram transmit the contacts of users in clear text to their servers (but encrypted during transit), where they are stored to allow the services to push updates (such as newly registered contacts) to the clients. WhatsApp stores phone numbers of its users in clear text on the server, while phone numbers not registered with WhatsApp are MD5-hashed with the country prefix prepended (according to court documents from 2014 [2]).
Signal does not store contacts on the server. Instead, each client periodically sends hashes of the phone numbers stored in the address book to the service, which matches them against the list of registered users and responds with the intersection. The different procedures illustrate a trade-off between usability and privacy: the approach of WhatsApp and Telegram can provide faster updates to the user with less communication overhead, but needs to store sensitive data on the servers.
💡Signal:
Our script for Signal uses 100 accounts over 25 daysto check all 505 million mobile phone numbers in the US. Our results show that Signal currently has 2.5 million users registered in the US, of which 82.3 % have set an encrypted user name, and 47.8 % use an encrypted profile picture. We also cross-checked with WhatsApp to see if Signal users differ in their use of public profile pictures, and found that 42.3 % of Signal users are also registered on WhatsApp (cf. Tab. IV), and 46.3 % of them have a public profile picture there. While this is slightly lower than the average for WhatsApp users (49.6 %), it is not sufficient to indicate an increased privacy-awareness of Signal’s users, at least for profile pictures.
💡Telegram:
For Telegram we use 20 accounts running for 20 days on random US mobile phone numbers. Since Telegram’s rate limits are very strict, only 100,000 numbers were checked during that time: 0.9 % of those are registered and 41.9 % have a non-zero importer_count. These numbers have a higher probability than random ones to be present on other messengers, with 20.2 % of the numbers being registered with WhatsApp and 1.1 % registered with Signal, compared to the average success rates of 9.8 % and 0.9 %, respectively. Of the discovered Telegram users, 44 % of the crawled users have at least one public profile picture, with 2 % of users having more than 10 pictures available.
💡 Comparison WhatsApp | Signal | Telegram:
With its focus on privacy, Signal excels in exposing almost no information about registered users, apart from their phone number. In contrast, WhatsApp exposes profile pictures and the About text for registered numbers, and requires users to opt-out of sharing this data by changing the default settings. Our results show that only half of all US users prevent such sharing by either not uploading an image or changing the settings. Telegram behaves even worse: it allows crawling multiple images and also additional information for each user. The importer_count offered by its API even provides information about users not registered with the service. This can help attackers to acquire likely active numbers, which can be searched on other platforms.
💡 Conclusion:
Mobile contact discovery is a challenging topic for privacy researchers in many aspects. In this paper, we took an attacker’s perspective and scrutinized currently deployed contact discovery services of three popular mobile messengers: WhatsApp, Signal, and Telegram. We revisited known attacks and using novel techniques we quantified the efforts required for curious serv[...]
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #comment #conclusion
📡 @nogoolag 📡 @blackbox_archiv
Telegram
BlackBox (Security) Archiv
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist…
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist…
Forwarded from BlackBox (Security) Archiv
Why is Telegram no longer updated in the Play store?
All third party clients will be removed from play.
As you know, Telegram Android's code is full of coupling, complexity, and shit. They compress a month's worth of shit into one commit at a time and release it, then close the issue section. But is there more?
Last year, the Play store required all apps to update their target API to 29 (Android Pie).
One year later, what has Telegram changed? Just a requestLegacyExternalStorage cheat symbol.
Back to the question, why is Telegram no longer updated in the play store? Because they don't want to modify their shit mountain for their users; to avoid being unexplainable, they stop updating a month in advance, and once they are taken down by Google, it can be attributed to censorship.
Oppose censorship, but don't support being fed shit.
If this happens, please don't support Telegram, for the sake of true freedom.
https://telegra.ph/Why-is-Telegram-no-longer-updated-in-the-Play-store-04-26
#telegram #google #playstore #updates #censorship #comment
📡 @nogoolag 📡 @blackbox_archiv
All third party clients will be removed from play.
As you know, Telegram Android's code is full of coupling, complexity, and shit. They compress a month's worth of shit into one commit at a time and release it, then close the issue section. But is there more?
Last year, the Play store required all apps to update their target API to 29 (Android Pie).
One year later, what has Telegram changed? Just a requestLegacyExternalStorage cheat symbol.
Back to the question, why is Telegram no longer updated in the play store? Because they don't want to modify their shit mountain for their users; to avoid being unexplainable, they stop updating a month in advance, and once they are taken down by Google, it can be attributed to censorship.
Oppose censorship, but don't support being fed shit.
If this happens, please don't support Telegram, for the sake of true freedom.
https://telegra.ph/Why-is-Telegram-no-longer-updated-in-the-Play-store-04-26
#telegram #google #playstore #updates #censorship #comment
📡 @nogoolag 📡 @blackbox_archiv
Telegraph
Why is Telegram no longer updated in the Play store?
As you know, Telegram Android's code is full of coupling, complexity, and shit. They compress a month's worth of shit into one commit at a time and release it, then close the issue section. But is there more?