The European Parliament is voting again THURSDAY 26th at 11:00 on Chat Control. The Commission, Council, multiple tech giants, the Conservatives (EPP), and several MEPs from S&D and Renew stand united in favouring indiscriminate mass surveillance.
Tell them NO: https://fightchatcontrol.eu/
Hi @GrapheneOS, Can I ask a question?
I know that at the privacy and security communities, many people recommends to stay of off Firefox because it lacks site isolation (also saw the statement at your usage page under web browsing). In my understanding, last year Mozilla rolled out their fission feature, which introduce said site isolation, for their android version. I noticed for example that IronFox ships with it turned on by default. So, based on this, in your opinion are Firefox based browsers now as usable as a chromium based browser security wise?
Thanks.
By the way, bought a Pixel 10 pro specifically to use GrapheneOS. It's been great so far. Thanks for your hard work; it's nice to see people as passionate about their line of work as you!
This is insane! A few researchers from UCSD and UMCP scanned bunch of satellite links, found much of the traffic is not encrypted, and went on to decode them. It's amazing what came out.
- T-Mobile backhaul: Users' SMS, voice call contents and internet traffic content in plain text.
- AT&T Mexico cellular backhaul: Raw user internet traffic
- TelMex VOIP on satellite backhaul: Plaintext voice calls
- U.S. military: SIP traffic exposing ship names
- Mexico government and military: Unencrypted intra-government traffic
- Walmart Mexico: Unencrypted corporate emails, plaintext credentials to inventory management systems, inventory records transferred and updated using FTP
While it is important to work on futuristic threats such as Quantum cryptanalysis, backdoors in standardized cryptographic protocols, etc. - the unfortunate reality is that the vast majority of real-world attacks happen because basic protection is not enabled. Lets not take our eyes off the basics.
Great work, Wenyi Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger and Aaron Schulman!
https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf
@grote @fdroidorg Missing option, though that would probably be unrealistic: "Only if signed by F-Droid".
Why? When Google signs, it adds proprietary BLOBs to the APK as well (keyword: DEPENDENCY_INFO_BLOCK, FROSTING_BLOCK). So the APK as it would then be distributed via PlayStore would no longer be fully FOSS.
Why unrealistic? As for new apps, Google no longer accepts APKs signed by their devs.
The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank's network to bypass security defenses in a newly discovered attack.
YouTube doesn't like self-hosting content.
We’ve said it before, and we’ll say it again: Lawmakers who support reproductive rights must recognize that abortion access and mass surveillance are incompatible. The systems built to track stolen cars and issue parking tickets have become tools to enforce the most personal and politically charged laws in the country.
Fight Chat Control
Vinoth (Datacenter security)
Paul Asadoorian
Izzy
BleepingComputer
m3t00🌎🇺🇦
It's FOSS
Electronic Frontier Foundation