“It seems that in the United States, at least, app developers and advertisers who rely on targeted mobile advertising for revenue are seeing their worst fears realized: Analytics data published this week suggests that US users choose to opt out of tracking 96 percent of the time in the wake of iOS 14.5.”
Source : 96% of US users opt out of app tracking in iOS 14.5, analytics find | Ars Technica
“Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed. For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.”
Source : Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective
“Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world’s most dangerous malware: Emotet. This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Emotet was extremely destructive and wreaked havoc across the globe before eventually being brought to a halt in February.
Following the takedown, the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their accounts had been affected by Emotet. This isn’t the first time HIBP has been used by law enforcement in the wake of criminal activity with the Estonian Central Police using it for similar purposes a few years earlier. ”
Source : Troy Hunt: Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU
“The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free.The stolen data first surfaced on a hacking community in June 2020 when a member began selling the Facebook data to other members. What made this leak stand out was that it contained member information that can be scraped from public profiles and private mobile numbers associated with the accounts.”
Source : 533 million Facebook users’ phone numbers leaked on hacker forum
“Advances in aggregation, anonymization, on-device processing and other privacy-preserving technologies offer a clear path to replacing individual identifiers. In fact, our latest tests of FLoC show one way to effectively take third-party cookies out of the advertising equation and instead hide individuals within large crowds of people with common interests. Chrome intends to make FLoC-based cohorts available for public testing through origin trials with its next release this month, and we expect to begin testing FLoC-based cohorts with advertisers in Google Ads in Q2. Chrome also will offer the first iteration of new user controls in April and will expand on these controls in future releases, as more proposals reach the origin trial stage, and they receive more feedback from end users and the industry. This points to a future where there is no need to sacrifice relevant advertising and monetization in order to deliver a private and secure experience. ”
Source : Google charts a course towards a more privacy-first web
“The company won’t stop Facebook from tracking you, but it will have to ask you for permission first. Why, then, is Facebook so worried? Because it knows what everyone else already knows–that when given a choice, most people will choose to not allow Facebook to track them. If that happens to be bad for Facebook’s business, that isn’t Apple’s fault. It just means that Facebook’s business model is based on something most people would prefer it didn’t do.Except, small businesses can still advertise to their customers. They can still use all of the information Facebook knows about its users–like their gender, age, location, and interests, to show ads. If you’re a small business, none of that changes. The only person that really stands to lose seems to be Facebook. ”
Source : Facebook Just Admitted It Has Lost the Battle With Apple Over Privacy | Inc.com
“Facebook was embroiled in controversy over its data-collection practices. Mr. Cook piled on in a national television interview, saying his own company would never have found itself in such a jam. Mr. Zuckerberg shot back that Mr. Cook’s comments were “extremely glib” and “not at all aligned with the truth.”In private, Mr. Zuckerberg was even harsher. “We need to inflict pain,” he told his team, for treating the company so poorly, according to people familiar with the exchange.It wasn’t the first time—or the last—that Mr. Cook’s comments and actions would leave Mr. Zuckerberg seething and, at times, plotting to get back at Apple. The escalation of grievances erupted late last month in a rare public tit-for-tat between the two tech giants that laid bare the simmering animosity between their leaders, who exchanged jabs about privacy, app-tracking tools and, ultimately, their dueling visions about the future of the internet.”
Source : Facebook Meets Apple in Clash of the Tech Titans—‘We Need to Inflict Pain’ – WSJ
“C’est une des plus grosses fuites de l’histoire : gigantesque en volume, dangereuse dans le détail des données, très facile à se procurer. Difficile d’imaginer pire désastre. Mardi 19 janvier, l’entreprise de sécurité PSafe identifiait une fuite très inquiétante, puisqu’elle permettait d’accéder à plusieurs données critiques de plus de 220 millions de Brésiliens, soit plus que le total de la population (et pour cause : la base contient aussi des données de personnes décédées).”
Source : Au Brésil, une fuite de données critiques déballe la vie de la quasi-totalité des citoyens – Cyberguerre
“The central problem with Google’s search preference menu is that it is a pay-to-play auction in which only the highest bidders are on the menu. This auction format incentivizes bidders to bid what they can expect to profit per user selection. The long-term result is that the participating Google alternatives must give most of their preference menu profits to Google! Google’s auction further incentivizes search engines to be worse on privacy, to increase ads, and to not donate to good causes, because, if they do those things, then they could afford to bid higher. ”
Source : As Predicted, Google’s Search Preference Menu Eliminates DuckDuckGo
“In 2019, Mozilla called on Apple to increase user privacy by automatically resetting the Identifier for Advertisers (IDFA) on iPhones. The IDFA lets advertisers track the actions users take when they use apps – kind of like a salesperson that follows you from store to store while you shop, recording every item you look at. Creepy, right?
Early 2020, Apple went even further than what Mozilla supporters had asked for when it announced that it will give consumers the option to opt-out of tracking in each app, essentially turning off IDFA and giving millions of consumers more privacy online. Apple’s announcement also made a loud statement: mass data collection and invasive advertising don’t have to be the norm online.
Unfortunately, as you might imagine, a lot of advertisers, notably Facebook, were not happy with Apple. Facebook, which uses IDFA to track users’ activity across different apps and match them to advertising profiles, says that its advertising partners will be hit hard by this change.”
Source : Mozilla Foundation – Apple’s anti-tracking plans for iPhone