What your privacy settings on your smart phone should look like

The authorities/corporations want/need you to use smart phones for all internet related activities, as they collect the data you generate.

The problem there for you or rather your privacy is that this is not the best choice, as the smart phone is a device the leaks data many times a minute 24/7 compared to a personal computer not running Windows or a Macintosh. 

The leaks a even worse with closed source proprietary apps, where your face data, environment recognition, what's on your phone, contacts, voice data and photos are all accessed by the apps.

As a result, if you are truly concerned about your privacy, then you should not use Google (Samsung, Motorola, Nokia, etc) or Apple smart phones, but rather a 'de-Googled' one.

This will help keep your data on your phone, unless of course you install the various social media, games and government apps most people install.

The Advanced Privacy menu is only available on 'de-Googled' phones (Sony, Samsung, Nokia, OnePlus, etc) where an iPhone cannot be 'de-googled' as it does not run Android, but Apple's iOS.

Australia’s largest criminal organisations will now obtain your Optus data, gov decides?

At law, Australia is a colony where (penal) colony mentality of the authorities is practised across the land, e.g. the Andrews government in Victoria proposal to fine Victorian for enjoying nature too much, that being diverting from a track or VLAD law in Queensland.

Australia is not a democratic place but rather a totalitarian state.

In light of the recent Optus data breach, the (colonial) government has decided how to keep your data safe by giving it to banking and financial services institutions to allegedly help combat identity theft.

What they're planning to do is very concerning.

- Your data will be given to multinationals, to multinationals that you may not have wanted to have your private and confidential data.

- The government has also expanded that attack surface on your private and confidential data, by giving it to others, INSTEAD of containing that data.

It’s akin to an action of giving up your guns to criminals, so that they can keep you safe, which is also what happened in Victoria after an ‘incident’ in Tasmania, but that’s another story.

Banks and financial services are one of Australia’s largest while collar criminals, as exposed by the ‘Royal Commission’, where nothing of relevance for the victims has been enacted, where the Commission in reality was a farce.

Remembering it’s not a matter of IF but WHEN those institutions will be breached, and more importantly will they be diligent in reporting the breach as soon as they are aware, as required by law?

Another off-kilter action by the wise MPs (Monkeys in Parliament) in the colony of Australia.

How much battery does your phone use overnight?

Mobile phones have been giving away data to authorities since their inception, as they were never designed to be ‘secure’ in the use case for the ‘general population’ or at the ‘consumer’ level, as shown in the communications protocols.

Along come smart phones, where data collection is taken to the next level, where now there are two levels of data collection.

The first level of data collection comes from the baseband modem which contains a proprietary closed source backdoor designed by the manufacturers, not dissimilar from Intel’s ME (Management Engine) within personal computers.

The next level of data collection is at the application layer where much more data is generated nowadays by the ‘product’, i.e. you.

As time goes on smart phones get larger meaning their screen size and as a consequence the battery size, yet the phone only lasts a day or so, where anything more is a big deal.

Apple and Google’s Android loaded smart phones send data back to home base many times a minute and in Apple’s case even when the phone is off.

To make matter’s worse Google’s Pixel series of phones now monitor your speech 24/7 with Google’s  new A.I. Tensor processor.

Since 2020 a new level of data collection which goes on 24/7 occurred which locates the subject more accurately called WiFi and Bluetooth Scanning in both Apple and Google’s smartphone operating systems.

Smart phone manufacturers, e.g. LG, Motorola, Nokia,  Samsung, Sony etc (except for Huawei) load their phones up with a baseline version of Android called AOSP (Android Open Source Project), then they inject it with Google’s spyware additives.

For quite some time now in order to mitigate the spying on your phone software developers have created methods to install the baseline version of Android without the all the Google ‘goodies’.

As shown in the screenshot above, a ‘de-Googled’ phone used 2% battery in an 8hr period overnight, or approx 0.25% battery loss per hour.

Should you choose to use a de-Googled phone then AOSP developers from e foundation,  LineageOS, GrapheneOS or CalyxOS are a few you could research if it’s right for you.

The blanket data hoovering has nothing to do with terrorism (where that is the 'advertised' excuse) but rather part of the Nanny State agenda.

Disable Intel ME thanks to the NSA

Corporations lie to you, they lie to you every single day, period.

It's all in the language they use.

What's more important, is that no one really cares until you take it to court, and even then.

Over the years, Intel's "Management Engine" has been discussed to death, about it's "backdoor" capability to be exploited by others.

Intel refuted those backdoor accusations, saying, “Intel does not put backdoors in its products nor do our products give Intel control or access to computing systems without the explicit permission of the end user. In short, Intel does not participate in efforts to decrease security in technology.”

So, let's put emphasis on the word "backdoor", where we can use the words, feature or portal or let's even thrown in a few TLAs (Three Letter Acronyms) like AMT (Advanced Management Tool) or an an IMF (Integrated Management Feature).

quie simply put, Intel got caught out in with their propriatary architecture and still continued to provide false information (i.e. lie).

Intel is a term used by government 'defence' (or more accurately offence) personnel to that described intelligence gathering.

What most important with this whole fiasco is that a government 'intel' organisation requires their computer to have the ME (Management Engine) disabled.

Therefore the government does not want the government to spy on itself, which makes perfecrt sence.

See the following:

As Positive Technologies researchers Mark Ermolov and Maxim Goryachy poked into the firmware, they discovered an undocumented HAP field. HAP, which stands for the High Assurance Platform (pdf) program, was developed by the NSA. The framework was for the “development of the ‘next generation’ of secure computing platforms.”

The researchers discovered an undocumented field called “reserve-hap” and that HAP could be set to “1” for true. Apparently, the NSA wanted to ensure the agency could close off any possible security risk by disabling Intel ME. The researchers wrote, “We believe that this mechanism is designed to meet a typical requirement of government agencies, which want to reduce the possibility of side-channel leaks.”

When told about the research, Intel told Positive Technologies:

In response to requests from customers with specialized requirements, we sometimes explore the modification or disabling of certain features. In this case, the modifications were made at the request of equipment manufacturers in support of their customer’s evaluation of the U.S. government’s “High Assurance Platform” program. These modifications underwent a limited validation cycle and are not an officially supported configuration.

If you want to disable Intel ME, you should first read the in-depth technical explanation about the researchers finding “an undocumented PCH strap that can be used to switch on a special mode disabling the main Intel ME functionality at an early stage.” Positive Technologies also made its Intel ME 11.x firmware image unpacker utility available on GitHub. Use at your own risk; the methods to disable Intel ME were described as “risky and may damage or destroy your computer.”

Source: CSO Australia.

These actions of spying on the general population is deliberate by design part of the Nanny State agenda.

Optus data breach logged with OAIC after public revelation, with falsified figures?

One of the prerequisites is that corporations conducting business in Australia must inform the OAIC (Office of the Australian Information Commissioner) once a data breach has occurred.

Some CEO's chose not to inform the OAIC, where this information will be made public, in order not to lose customer's i.e. profits as a result of poor security pracitices of their corporation's I.T. infrastructure.

Some CEO's choose to wait for a ransom notice in order to pay it, hoping the problem will go away, where the outside world will be none the wiser.

These practices fall under the unconsionable conduct, which is against the law.

But at the end of the day no one (i.e. corpoation's CEO's) cares until it's taken to court.

Optus' data breach was reported by news.com.au after 2pm on Thurdsay 22/09/2022:

The Office of the Information Commissioner published Optus' data breach at approx 10pm on 22/09/2022.

When did the data breach factually occur?

When did Optus decide to infom the OAIC?

Optus has not conducted business 'honourably' in Australia, where it has been fined on occassions for false advertising.

"Profit's before People", right?

In any event, when the story broke out Optus claimed that 9 million people were affected, as seen in the  screen shot below:

Then the story was modified approximately 3 hours later

where the claim is that 7 million people:

Another Optus 'false advertising' claim?

One of the greatest problems Australians face with regards to the privacy and security of their data when dealing with corporations is that in order to save on costs, the corporations 'outsource' their I.T. services where the administration is sub par, lacking in the required skill-set to keep the data on the servers and the bad guys out.

As the saying goes: "If you pay peanuts, you get monkeys", behind the keyboards.

Once the data is out of your control you cannot catergoriaclly state that there are no victims, where the authorities or the corpoations involved, may not even know or even report to the victims or even public for quite some time of the magnitude the criminal actions of identity theft has occured from that particular data breach.

Windows 10 v Linux memory usage and privacy concerns

A personal computer installed with a current version of Windows 10, together with all the associated drivers for the personal computer to operate normally, i.e. video, audio, network, chipset etc consumes a certain amount of RAM, as indicated in the screenshot below:

The amount of RAM used by the Windows operating system is 3.2GB.

A current version of a Linux distribution that is installed on the same hardware, where all the functionality of the installed hardware is functional to the same level of the Windows equivalent yields completely differrent results, as shown in the screen capture below:

The baseline for the Linux installation is 1.4GB or 200MB less than half of what Windows requires!

What's more important is that security and privacy are at a totally differrent level to that of Microsoft's embedded spyware within its operating system.

The best way to stop Microsoft from spying on you via its Windows operating system is quite simply not to use it.

If privacy is a concern to you then products from Amazon, Apple, Google, Meta, Microsoft and others like ByteDance (TikTok) and government health realted apps, which are not 'mandatory' should be avoided.

See more information:

within: https://clario.co/blog/which-company-uses-most-data/

Windows 10 Processes Threads Handles too high!

Microsoft's Window 10 operating system from the 'factory' or OOBE (Out Of Box Experience) is plain and simple spyware which stifle's your computer's performance.

One can mitigate Microsoft's data hoovering, but ultimtely in order to stop Windows from keylogging your keyboard moves and other things one does on a PC is to not use it, period.

Depending on your hardware a 'normal' Windows 10 installation, after the operating system 'settling down' after ~10minutes may have ~120 processes, 1150 threads and 40,000 handles which is a lot of work for something that is not doing anything beneficial for the user.

While there is no silver bullet to Microsoft's telemetry, while you're using its products. there are a few good utilities that get rid of bloatware and minimise the data collection.

Some products that can be used are DISM++, W10Privacy, O&OS10, WPD in conjunction with a good hosts file (anything from 300kB - 4500kB) which lists Microsoft's telemetry servers and other nasty data gathering sources.

From a fresh installation of Windows together with the implementation of the listed and unlisted tools one should be able to cut the Processes, Threads and Handles by half where during that process one can install a distribution of Linux, learn the basics and not have to deal with Microsoft's data hoovering from the 'factory'. 

Windows 8.1 has less bloat and [maybe less embedded] spyware, where a lockdown of the operating system should yield the results of Processes, Thread and Handles to be in the magnitude of 33, 460, 10630 respectively.

Uber confirms "cybersecurity incident" and covering up 50m customer's and 7m driver's data breach in 2016

Uber confirms "cybersecurity incident" after 18-year-old claimed to be behind massive breach

It's unclear whether he accessed customer data

What just happened? Uber is investigating a cybersecurity incident that has compromised many of its internal systems, giving the hacker, who says he is just 18 years old, almost complete access to the company's network. The breach is thought to be as bad as or worse than the 2016 incident that exposed the details of 57 million customers.

The New York Times reports that the hacker used a common social engineering technique to access Uber's systems. He sent a text message to one of the ride-hailing giant's employees claiming to be a corporate IT person. The worker was persuaded to hand over their password, granting the perpetrator access to Uber's network.

The hacker provided screenshots of Uber's internal systems to the NYT as proof of his successful attack. He told the publication that he is 18 years old and had been working on his cybersecurity skills for several years, adding that Uber's weak security prompted him to compromise its network.

Once he had access, the hacker sent a Slack message to employees that read: "I announce I am a hacker and Uber has suffered a data breach." It listed several compromised databases and appeared to call for Uber drivers to receive higher pay. Uber took its internal Slack and engineering systems offline earlier today as it investigated the breach.

Sam Curry, a security engineer at Yuga Labs who corresponded with the hacker, said the person has full admin access to Uber's Amazon Web Services and Google Cloud services. "It seems like maybe they're this kid who got into Uber and doesn't know what to do with it, and is having the time of his life," Curry said.

In an official statement, Uber wrote: "We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available."

Besides his age, little is known about the hacker, though it's speculated that he is British; an employee said he used the word "wankers," and he may go by the username 'teapots2022.' He also accessed Uber's HackerOne vulnerability bug bounty account and left comments on several report tickets.

The breach is being compared to the 2016 incident in which the names, email addresses, and phone numbers of 50 million Uber customers, along with the personal details of 7 million drivers, were stolen. Uber paid the hackers responsible $100,000 to delete the data and stop the incident from becoming public knowledge, and it concealed the breach for over a year. The company had to pay a $148 million settlement for the hack and its failure to disclose what happened.

Source:techspot.com

FTC Sues Location Data Broker - Kochava

Phone app location data brokers are a growing menace to our privacy and safety. All you did was click a box while downloading an app. Now the app tracks your every move and sends it to a broker, which then sells your location data to the highest bidder.

So three cheers for the Federal Trade Commission for seeking to end this harmful marketplace! The FTC recently sued Kochava, a location data broker, alleging the company violated a federal ban on unfair business practices. The FTC’s complaint against Kochava illustrates the dangers created by this industry.

Kochava harvests and monetizes a staggering volume of location data. The company claims that on a monthly basis, it provides its customers access to 94 billion data points arising from 125 million active users. The FTC analyzed just one day of Kochava’s data, and found 300 million data points arising from 60 million devices.

Kochava’s data can easily be linked to identifiable people. According to the FTC:

The location data provided by Kochava is not anonymized. It is possible to use the geolocation data, combined with the mobile device’s MAID [that is, its “Mobile Advertising ID”], to identify the mobile device’s user or owner. For example, some data brokers advertise services to match MAIDs with ‘offline’ information, such as consumers’ names and physical addresses.

Even without such services, however, location data can be used to identify people. The location data sold by Kochava typically includes multiple timestamped signals for each MAID. By plotting each of these signals on a map, much can be inferred about the mobile device owners. For example, the location of a mobile device at night likely corresponds to the consumer’s home address. Public or other records may identify the name of the owner or resident of a particular address.

Kochava’s location data can harm people, according to the FTC:

[T]he data may be used to identify consumers who have visited an abortion clinic and, as a result, may have had or contemplated having an abortion. In fact, … it is possible to identify a mobile device that visited a women’s reproductive health clinic and trace that mobile device to a single-family residence.

Likewise, the FTC explains that the same data can be used to identify people who visit houses of worship, domestic violence shelters, homeless shelters, and addiction recovery centers. Such invasions of location privacy expose people, in the words of the FTC, to “stigma, discrimination, physical violence, emotional distress, and other harms.”

The FTC Act bans “unfair or deceptive acts or practices in or affecting commerce.” Under the Act, a practice is “unfair” if: (1) the practice “is likely to cause substantial injury to consumers”; (2) the practice “is not reasonably avoidable by consumers themselves”; and (3) the injury is “not outweighed by countervailing benefits to consumers or to competition.”

The FTC lays out a powerful case that Kochava’s brokering of location data is unfair and thus unlawful. We hope the court will rule in the FTC’s favor. Other location data brokers should take a hard look at their own business model or risk similar judicial consequences.

The FTC has recently taken many other welcome actions to protect people’s digital rights. Last month, the agency announced it is exploring new rulemaking against commercial surveillance. Earlier this year, the FTC fined Twitter for using account security data for targeted ads, brought lawsuits to protect people’s right-to-repair, and issued a policy statement against edtech surveillance.

Microsoft advertising infestation on smart phone apps

n a bit of bad news for some who use Outlook, Microsoft confirmed this week that it has started showing more ads in the Android and iOS app to non-paying customers. People without Microsoft 365 subscriptions can avoid ads to some extent by using Focused Inbox for important emails only, but ads will still be shown in the "Other" section of the app.

In related news, Microsoft has also started testing ads in the Microsoft Store. Developers can now register to start participating in this initiative by filling in a form. The way that ads will be surfaced is quite similar to other digital storefronts. For example, if you search for an app, you may see ads for other apps on the side with the "Ad" badge displayed.

When it comes to other Microsoft apps and services, Whiteboard is set to receive a slew of new features soon. This includes embedded online video support, timer, attribution, commenting, and more. Similarly, Teams has netted a bunch of new features for educators and students too. This includes a new experience called "Reflect" and a revamped home page. Finally, frontline workers utilizing Microsoft's Kaizala should know that the messaging service is being retired after one year in favor of Teams.

Source:neowin

Note: If you are concerned about security and privacy Microsoft Office/Windows products are not recommended.