We're private previewing a feature in GitHub Actions: a network firewall.

At the end of your workflow run, we'll upload an Actions workflow artifact with the IPs and URLs from the run. It uses TLS interception to record the URLs, but the cert is per-run and thrown away after the run to preserve privacy.

If you're interested, send me a private message with the GitHub org(s) and username(s) to add to the feature flag, as well as our early access repository where you can give feedback.

I've worn a Garmin for 10+ years and logged thousands of runs, rides, hikes...you name it. That data can also tell you where I live, where I've traveled, and when I've been under stress.

After reading @zackwhittaker 's recent story on Oura ring's lack of transparency reporting, I was curious about the current state of other wearables.

I looked at 12 major wearable brands to see who publishes transparency reports (aka the documents that tell you how often a company hands your data to the government).

2 out of 12 do: Apple and Google/Fitbit.

https://whyli.me/blog/wearable-transparency/

https://emilyaustin.github.io/wearable-tracker/

#infosec #privacy #running

All my attempts to communicate a vulnerability in #Signalapp have failed - I have not received any response to my multiple messages to them. Good people have tried to forward my concern to them (and I am thankful for your efforts and help), yet this has been to no avail.

I am disappointed in the lack of communication from Signal. I will be disclosing the full details of the issue later today (with end-user mitigations), after the six-month anniversary of the initial report.

RE: https://eupolicy.social/@hpod16/116538344713848285

We love to see it <3

mr president a third lpe has hit the kernel

https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo

Setting up age verification for my BBS

It's simple: if you know what a BBS is and manage to connect to it, you're clearly over 18.