Billboard JAPAN|Daily NePii(Awesome City ClubのPORIN)、新曲「街角ジオメトリー;」配信リリース
https://www.billboard-japan.com/d_news/detail/152507
#billboardjapan #Billboard_JAPAN_音楽ニュース #ビルボードジャパン #Billboard_JAPAN #Pii #チャート #音楽 #洋楽 #邦楽 #ミュージック #アーティスト #ランキング #ニュース
Pusher of PixelsSearched myself and yowza that's a lot of data.
https://www.pcmag.com/news/site-behind-major-ssn-leak-returns-with-detailed-data-on-millions-how-to
Remove it from their site
https://nationalpublicdata.com/optout.html
adison verliceadd to the fact that #kyc was involved, due to the fact you have to give #pii information to signal (phone number) to signal, that puts peersonell in danger.
also, i highly doubt it was on classified military phones, as i think you can't have signal on classified mobile devices.
especially since i see signal noware on the nsa commercial solutions for classified list. in fact, the NSA *requires* everything to be controlled. signal does not operate a private network on the premus that you can connect to a VPN server directly controlled by signal. yes, it operates tls/srtp which is a layer, but the NSA mobile capability package (yes i read the complex termonology i almost fell asleep doing so) requires 2layers inteernally, a VPN client to initiate an encrypted connection, and another VPN or tls/srtp for the outer layer. signal only has one of these layers. and even then, even if signal is encrypted, signal has information such as your phone number, the time you sent certain messages, the usernames of the users on signal, and that alone puts people in danger
also, i highly doubt it was on classified military phones, as i think you can't have signal on classified mobile devices.
especially since i see signal noware on the nsa commercial solutions for classified list. in fact, the NSA *requires* everything to be controlled. signal does not operate a private network on the premus that you can connect to a VPN server directly controlled by signal. yes, it operates tls/srtp which is a layer, but the NSA mobile capability package (yes i read the complex termonology i almost fell asleep doing so) requires 2layers inteernally, a VPN client to initiate an encrypted connection, and another VPN or tls/srtp for the outer layer. signal only has one of these layers. and even then, even if signal is encrypted, signal has information such as your phone number, the time you sent certain messages, the usernames of the users on signal, and that alone puts people in danger
knizerUnexpected weekend thread derailment - I discovered a (kinda cool looking) event to promote which I found only on one of my sources - but when I looked further, I realized that their registration page also included a link to all the responses set to public - everyone's PII - names, emails, socials, home address, phone.
Initially: Homer backs into the hedges.gif, then I emailed the organizer so they hopefully fix it.
#Security #PII #events #Notion #BostonWeekend #sigh
Kevin Karhan 
@adisonverlice even if an #MVNO isn't demanding any #KYC whatsoever (i.e. #prepaid are offered OTC in most juristictions) it's NOT "#Anonymous" but merely #pseudonymous as it's trivial for governments to utilize existing and mandtory "#LawfulInterception" appliances to create that #PII chain.
#PhoneNumber <=> #ICCID (#SIMcard) <=> #IMSI (SIM profile) <=> #IMEI (Phone/...).
So if #Anonymity is important, NONE of these details have to be linked somehow even circumstantial.
Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.
Use the SIM in any device? Consider them circumstantially connected forever: #ICCID <=> #IMEI.
Add to the fact that most places have #CCTV, and assume that they'll keep recordings for the maximum permissible duration if not longer and oftentimes even use questionable cloud services and you get the picture.
- I.e. in Germany the maximum permissible storage duration is 72 hours (if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing
*104*1234567890123456#)...
So any #privacy-based service should never ever & under no circumstances demand a Phone Number!
Instead any privacy-focussed service should use #OnionServices, host their own #OnionService or at least #DontBlockTor and allow users to use it via @torproject / #Tor to use and signup. (But don't forget circumstantial connections there either!)
Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.
Aljoscha Rittner (beandev)Forscher finden private Daten in einem der größten öffentlichen KI-Trainingsets – warum das ein großes Problem ist | t3n
https://t3n.de/news/forscher-private-daten-ki-trainingsset-problem-1699517/
> Im DataComp CommonPool, einem der größten Open-Source-Datensätze für das Training von Bildgeneratoren, wurden sensible personenbezogene Informationen gefunden. Doch wie bekommt man sie da wieder heraus? Millionen von Bildern von Reisepässen und Ausweisen, Kreditkarten, Geburtsurkunden und anderen Dokumenten, die personenbezogene Daten enthalten, stecken Forschenden zufolge in einem der größten Open-Source-Trainingsdatensätze für KI-Bildgeneratoren.
Forscher finden private Daten in einem der größten öffentlichen KI-Trainingsets – warum das ein großes Problem ist | t3n
Im DataComp CommonPool, einem der größten Open-Source-Datensätze für das Training von Bildgeneratoren, wurden sensible personenbezogene Informationen gefunden. Doch wie bekommt man sie da wieder heraus? Millionen von Bildern von Reisepässen und Ausweisen, Kreditkarten, Geburtsurkunden und anderen Dokumenten, die personenbezogene Daten enthalten, stecken Forschenden zufolge in einem der größten Open-Source-Trainingsdatensätze für KI-Bildgeneratoren. Bereits jetzt wurden tausende […]
Dissent Doe 
Promises, promises.
Exclusive: Brosix and Chatox promised to keep your chats secured. They didn’t.
A researcher found a misconfigured backup with -- yes, you guessed it -- everything in plaintext instead of encrypted.
Some entities that used the service are medical entities that were actually mentioning protected health information or attaching files with #PHI in the chat.
There were almost 5k Allstate employees using the service and sharing customer #PII in files.
And oh yeah, I found one company gossiping about me and plotting against me after I notified them they were leaking tons of #PHI. I've done them a favor by not publishing all their chat logs about me. :)
There also appeared to be some "dodgy" stuff on the backup, too.
Read the details about the exposed backup in my post at https://databreaches.net/2025/08/05/exclusive-brosix-and-chatox-promised-to-keep-your-chats-secured-they-didnt/
#infosec #encryption #databreach #incidentresponse #chatox #brosix #dataleak
@aetus @monocles well, #monoclesXhat is an #XMPP+#OMEMO #chat client.
#PII = Personally Identifyable Information
#KYC = Know Your Customer
#E2EE = End-to-End - Encryption
#SelfCustody = You (and only you) as a user hold all the keys.
#PII = Personally Identifyable Information
#KYC = Know Your Customer
#E2EE = End-to-End - Encryption
#SelfCustody = You (and only you) as a user hold all the keys.
@aetus so basicaly like @monocles / #monoclesChat but.demanding #PII (#PhoneNumber) for #KYC and not providing actual #E2EE with real #SelfCustody of all the keys!
AmiHere's another major problem with #age #verification that nobody is talking about.
It will circumvent anti #fingerprinting measures.
When you change the way your device appears, your user-agent, canvas api etc you will need to re-verify as the site doesn't recognise you anymore. This occurs with #cloudflare and #recaptcha already.
This will enable every device online to be identified. This is the wet dream of #authoritarian govts.