Tinder must hand over user data to Russian authorities

In future, Tinder will pass on user data to the Russian media authorities. The domestic intelligence service and the police will then also have access to it.

Russian authorities are demanding the release of user data from the dating app Tinder. The Russian media regulator Roskomnadzor announced in Moscow on Monday that Tinder's operators are obliged to store the information for at least six months and make it available to the authorities upon request. Among others, the Russian domestic intelligence service FSB and the Ministry of the Interior could demand the data in addition to the police.

https://www.heise.de/newsticker/meldung/Tinder-muss-Nutzerdaten-an-russische-Behoerden-abliefern-4437714.html

http://rkn.gov.ru/news/rsoc/news67394.htm

#tinder #russia #gov #surveillance #userdata
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

AVARE - Tamed Data Octopuses

The consumer, often unintentionally, becomes a data source. Researchers from Karlsruhe have developed software that gives users control over their personal data.

Download and more info:
https://avare.app/
https://projects.aifb.kit.edu/avare/Avare_App_Installation.pdf

GitHub:
https://github.com/privacy-avare/PRIVACY-AVARE

#avare #userdata #privacy #protection #android #app #opensource #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Windows 10 diagnostic data for the Full diagnostic data level

An overview of the data Microsoft collects from Windows users

1) https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data-1703

2) https://docs.microsoft.com/en-us/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903


📡 @NoGoolag
#windows #tracking #spyware #userdata #why #uselinux

Spyware company leaves private customer data on the internet

A manufacturer of consumer spyware marketed to parents and partners has published incredibly intimate user data on a server freely accessible over the Internet. Freely available for all to see and hear: photos of children, school report cards, call recordings. The companies responsible for the stalkerware are largely indifferent to what happens with the data.

A child, maybe six or seven, picks his nose with both fingers and makes silly faces for the camera. In the next picture he is eating a banana. Then we see a photo of a school report card, picture taken from a computer screen. It shows the child’s full name and the current grades in English and biology.

What looks like the digital photo album of a normal family has been freely available on the internet for more than a year – without the knowledge of the people concerned. A company that sells stalkerware – software for the secret surveillance of children and partners – has published these pictures and hundreds of intimate call recordings on the internet.

The photos not only show the child and his parents, their apartment, their bedroom, but also connect these to personal data such as names, e-mail addresses or medication prescriptions. The data has been on a server since April 2018 – without a password or other protection, freely available ot anyone with an internet connection.

For people „who are tired of being lied to“

Responsible for this privacy disaster is a company called Spyapp247. It sells an app that allows you to spy on what another person is doing on their phone. The Android app records phone calls, chat messages, browser history, photos, allows access to the address book and tracks location data – without the affected person noticing. According to the manufacturer, even the microphone can be switched on remotely: The telephone becomes a bug.

Spyapp247 markets the app on its website to people „who are tired of being lied to and cheated on,“ meaning: who want to spy on a partner. Civil rights organizations therefore call such apps stalkerware. But the company also advertises its apps as a tool for cautious parents to recognize „dangers to your children before they ever happen.“

Spyware manufacturer not reacting

It is hard to tell who installed the app in this case, and for what purpose, but it is likely that the data was obtained without the consent of the person targeted. In order to install the app, a person must have physical access to the device for at least a few minutes. Once the app is on the phone, it can collect all kinds of information in the background. The data is uploaded to a server and presented to the operator in a browser window.

👉🏼 Read more:
https://netzpolitik.org/2019/spyware-company-leaves-private-customer-data-on-the-internet/

#spyware #Spyapp247 #stalkerware #dataprotection #dataleak #userdata #surveillance #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

*URGENT* Samsung confirmed sending massive user data to china

SAMSUNG 港行 會連大陸DNS? 114.114.114.114
- 分享自 LIHKG 討論區
https://lihkg.com/thread/2228654/page/1

The original source is Chinese, but it also affects the rest of the world so i will translate that in English. In short, samsung is constantly communicating with 114 dns, hao123, taobao and qq.com, four notorious chinese companies after oneui2.5 update

1. Samsung機自Android 9/10之後隱藏114DNS做DNS3

After android 10 oneui 2.5 update, a number of samsung phones are set to use 114 dns as dns3

2. 就算set咗其他DNS，甚至set咗Private DNS (密文DNS)，電話都會用隱藏咗嘅114DNS，繞過所有DNS設定 (包括Private DNS同router DNS設定)定期用舊式明文DNS連114DNS

114 dns has been disguised, hardcoded and can override your private dns or router dns settings

3. 每逢電話著mon就會每分鐘用114DNS明文查詢www.qq.com
Samsung will make dns query via 114dns to qq.com every minute when your screen is on

4. 另外亦會以正常途經用Private DNS同router DNS設定(視何者適用)查詢m.hao123.com，taobao.com
And it will also make query to hao123 and taobao.con via your default normal dns


6. 就算電話已連接VPN，都一樣繞過VPN流量定期用舊式明文DNS被強制連接114DNS查詢www.qq.com
It overrides your vpn

7. 另外亦發現每連一次wifi，都會連接connectivity.samsung.com.cn
It connects to connectivity.samsumg.com.CN, another malicious Chinese website

8. 韓水美水越南水貨都有類似發現
Same problem spotted not just in hong kong, but also in korea, usa, vietnam version

9呢種行為算唔算全球DDoS? 而用家又在不知情下被當攻擊者，算唔算已經成為殭屍網絡(botnet)嘅一部分?
Can this be considered a global DDos by using samsung customers as part of their botnet?

👀 Shame on your samsung, i have always been a diehard samsu
ng user but this time, i am fuxking done with your crap. 👀

👀 👉🏼 https://redd.it/j8w267

#sumsum #samsung #userdata #china #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Zoom Shared US User Data With Beijing

Former Zoom executive Jin Xinjiang worked with Chinese authorities to provide data on users outside of China. Court documents say this allowed Zoom to keep market access in China.

Although Zoom is based in the United States, its software is developed in China.

When Zoom usage exploded during the pandemic, China tightened control. It ordered Zoom employees to shut down what Beijing calls “illegal” meetings and accounts within one minute. If it took more than one minute, it was rated “security non-compliant.”

Victims include activists commemorating Tiananmen Square Massacre victims and Uyghur Muslims in Xinjiang, China.

Zoom says it’s cooperating with federal investigators and has launched an internal investigation. Zoom fired Jin and placed other employees on administrative leave.

The CCP demands all communications companies censor speech it deems unacceptable. Anyone who fails to comply gets blocked from the massive Chinese market. In September last year, the CCP blocked Zoom. It allegedly told Zoom that if it wanted to get back into the Chinese market, it had to monitor user communications, censor unacceptable topics, give data on around 1 million people in the United States, and hand over special access to Zoom’s systems. Zoom got back into China’s market in November of last year.

https://www.ntd.com/zoom-shared-us-user-data-with-beijing_544087.html

http://telegra.ph/Federal-prosecutors-accuse-Zoom-executive-of-working-with-Chinese-government-to-surveil-users-and-suppress-video-calls-12-26

via www.washingtonpost.com

http://telegra.ph/China-Based-Executive-at-US-Telecommunications-Company-Charged-with-Disrupting-Video-Meetings-Commemorating-Tiananmen-Square-Mas-12-26

via www.justice.gov

#usa #zoom #userdata #china #beijing #ccp #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

NZBgeek Has Been Hacked Leaving Private User Data Exposed

Popular Usenet indexer NZBGeek has been hacked. The site's database was copied exposing the personal details of all users. The hackers also managed to install a keylogger, opening the door to further abuse. The site's operators recommend that users should secure their online accounts as well as credit cards that were used on the site recently.

Despite the growing popularity of pirate streaming sites and services, classic file-sharing tools continue to have a smaller but dedicated audience.

This is true for BitTorrent as well as Usenet. In the latter category, NZBGeek is one of the largest players as it provides an indexing service that helps users to find content.

NZBGeek is a private community to which users can sign up without any charges. However, those who donate get some extra features that will help to sift through the more than 500,000 NZBs indexed by the site.

NZBGeek Hacked
The site generally operates smoothly but last week something changed. After initially becoming unreachable, the problem was initially clear but after a while, the operators put up a message stating that there were hosting related issues. Yesterday, however, things turned from bad to worse.

“It’s with a heavy heart that we must admit that we have had a breach,” the site informed its users. “If you have recently used your card or payment with us we suggest changing your credentials and card info as soon as possible.”

https://torrentfreak.com/nzbgeek-has-been-hacked-leaving-private-user-data-exposed-201228/

#nzbgeek #hacked #userdata #exposed
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Facebook engineer abused access to user data to track down a woman who had left their hotel room after they fought on vacation, new book says

•Facebook fired 52 people from 2014 to August 2015 for abusing access to user data, a new book says.
•One person reportedly used data to track down a woman he was traveling with who had left him after a fight.
•Changes to retention of such data were “antithetical to Mark’s DNA,” one employee told the authors.

https://www.businessinsider.com.au/facebook-fired-dozens-abusing-access-user-data-an-ugly-truth-2021-7

#facebook #DeleteFacebook #userdata

India Orders VPN Companies to Collect and Hand Over User Data

A new government order will force virtual private networks to store user data for five years or longer.

In India, virtual private network companies will be required to collect extensive customer data -- and maintain it for five years or more -- under a new national directive from the country's Computer Emergency Response Team, known as CERT-in. It's a policy that will likely make life more difficult for both VPN companies and VPN users there.

The body, under the country's Ministry of Electronics and IT, announced Thursday that VPNs in the country will have to keep customer names, validated physical and IP addresses, usage patterns and other forms of personally identifiable information. As first reported by Entracker, those who don't comply could potentially face up to a year in prison under the governing law cited in the new directive.

The directive isn't limited to VPN providers. Data centers and cloud service providers are both listed under the same provision. The companies will have to keep customer information even after the customer has canceled their subscription or account. And, in all case, CERT-in will require the companies to report on their users' "unauthorized access to social media accounts."

https://www.cnet.com/news/privacy/india-orders-vpn-companies-to-collect-and-hand-over-user-data

#india #vpn #userdata #privacy