TumbleView

Your personal Tumblr library awaits

Information Security - Blog Posts

andrea-biraghi
5 years ago

Andrea Biraghi | Cyber e Information security

Andrea Biraghi | Cyber E Information Security

Andrea Biraghi, ex capo della Divisione Cyber Security di Finmecannica e CEO del Gruppo Comdata e, è stato speaker d’eccezione per numerosi congressi internazionali in tema di Security Information. Tra i tanti interventi vi sono stati quelli al Cybertech Europe e al Cybertech Global Event in Asia insieme ai leader più famosi del settore cibernetico, responsabili decisionali del governo e dirigenti: un evento che copre gli argomenti più di tendenza nel settore della cyber e dell'innovazione.

Rassegna stampa al seguente link: Andrea Biraghi

Tags
cyber security andrea biraghi information security
0 notes View Post
eternaljourneytmbr
6 months ago
Inside the U.S. Government-Bought Tool That Can Track Phones at Abortion Clinics
404 Media
Inside the U.S. Government-Bought Tool That Can Track Phones at Abortion Clinics
Privacy advocates gained access to a powerful tool bought by U.S. law enforcement agencies that can track smartphone locations around the wo
The tool, called Locate X and made by a company called Babel Street, then narrows down to the movements of a specific device which had visited the clinic. This phone started at a residence in Alabama in mid-June. It then went by a Lowe’s Home Improvement store, traveled along a highway, went past a gas station, visited a church, crossed over into Florida, and then stopped at the abortion clinic for approximately two hours. They had only been to the clinic once, according to the data. 
In other words, someone had traveled from Alabama, where abortion is illegal after the June 2022 overturning of Roe v. Wade, to an abortion clinic in Florida, where abortion is limited but still available early in a pregnancy. Based on the data alone, it is unclear who exactly this person is or what they were doing, whether they were receiving an abortion themselves, assisting someone seeking one, or going to the clinic for another reason. But it would be trivial for U.S. authorities, some of which already have access to this tool, to go one step further and unmask this or other abortion clinic visitors. 
This sort of surveillance is only possible because of the mobile advertising ecosystem. Location data is sometimes used to build profiles on device users and better target advertisements to them. Much of that advertising relies on a MAID, the unique advertising ID, on a phone. The MAID acts as the digital glue between a device and its associated data.

anyway yeah DELETE YOUR FUCKING ADVERTISING IDS

Android:

Settings ➡️ Google ➡️ all services ➡️ Ads ➡️ Delete advertising ID

(may differ slightly depending on android version and manufacturer firmware. you can't just search settings for "advertising ID" of course 🔪)

iOS:

Settings ➡️ privacy ➡️ tracking ➡️ toggle "allow apps to request to track" to OFF

and ALSO settings ➡️ privacy ➡️ Apple advertising ➡️ toggle "personalized ads" to OFF

more details about the process here via the EFF

Tags
signal boost location tracking information security electronic security and how to mitigate it
43K notes View Post
eternaljourneytmbr
7 months ago

I'm seeing a lot of posts on my dash today encouraging folks to start archiving their favorite online resources, in case they might be at risk of disappearing in the near future. Since privacy and data ownership are major interests of mine, it seems like a good time to share a bit of what I know! I hope that some of this might be helpful--please feel free to reach out if there's a specific question that comes to mind! 💕

(My bona fides, in case anyone wants to know: I do work in tech, with over fifteen years of experience in the same. Linux systems administration is a hobby of mine, and privacy, particularly as it relates to tech, is very near and dear to my heart. That said, I am not an infosec professional, so you may want to supplement this guidance with your own research, depending on your threat model.)

General advice

If you rely heavily on traditional cloud storage providers, like Google Drive and Dropbox, now is the time to start exporting your important files to a more secure location. Data stored with most online platforms is encrypted at rest, but the encryption keys are stored on the server's side, meaning that the contents of your files can still be accessed by the service providers themselves. This also means that your files and their contents are vulnerable to data breaches, DMCA takedown requests, subpoenas, and the oh-so-popular AI scraping that has wormed its way into nearly every tech product of note. (Including Tumblr! Lucky us!) Saving files on your own computer is one option, but if you want something closer to the Google Drive experience, Proton Drive is my recommendation. Free accounts get 5 GB of storage, and all data is end-to-end encrypted, which means even Proton can't read the contents of your files. A suite of document features were rolled out earlier this year, including rich text editing, collaboration, and sharing, so if you use Google Docs for writing, you can use Proton in pretty much the same way. I also use Proton for my email, and I'm happy to vouch for them--they are nonprofit-backed, EU-based, and all of their products are built on privacy from the ground up. If you have an Apple device, you can also turn on Advanced Data Protection for your iCloud account, which will enable end-to-end encryption for most services. (Notably, mail, contacts, and calendars will remain unchanged, to ensure compatibility with standard protocols.) This might be a good option for folks who already have iCloud services and who don't want to set up anything new. You can learn more about how to enable this feature here.

Archiving websites

There are a number of ways to archive specific webpages, depending on how much content you want to preserve and how tech-y of a solution you're willing to tolerate. A web clipper is probably the most straightforward option: install one of the listed notes apps, install the web clipper browser extension, open the page you want to save, and clip clip clip. The images and text (with formatting) will be stripped from the page and saved to a note in your app. Both Joplin and Obsidian's apps are available cross-platform:

Joplin + Joplin Web Clipper

Obsidian + Obsidian Web Clipper

Notes you create in Joplin are encrypted before being saved to your device, while Obsidian's notes are saved to a location of your choosing in plain-text Markdown format. If you aren't sure which to choose, choose Obsidian--it's a little easier to use right out of the box.

If you want to preserve the full context of the webpages you save, similar to what you'd see on archive.org, SingleFile is a browser extension that lets you save complete web pages as a single HTML file. You'll find links to the various browser extensions, as well as documentation, on the project's GitHub page:

GitHub - gildas-lormeau/SingleFile: Web Extension for saving a faithful copy of a complete web page in a single HTML file
GitHub
GitHub - gildas-lormeau/SingleFile: Web Extension for saving a faithful copy of a complete web page in a single HTML file
Web Extension for saving a faithful copy of a complete web page in a single HTML file - gildas-lormeau/SingleFile

Note that these files can get pretty big. In general, I'd recommend a web clipper for most cases, but it's good to have multiple options on hand!

Other tips

Even in the absence of major geopolitical events, it's worth remembering that anything you see online can change or be removed at any time. Keep backups of anything that's important to you. (And make sure you back up your computer, too!) Have an alternate contact method for your online friends, in case one platform goes down or otherwise becomes inaccessible.

Consider signing up for a Signal account, if you haven't already, and recommend that your friends and family do the same. It's a free end-to-end encrypted chat platform, and unlike some privacy-focused chat protocols (looking at you, Matrix), it's easily accessible to non-techies. Don't use email, DMs, Discord, Slack, etc. for any communication that you expect to keep private. Any platform that can access your messages will give them up to authorities if compelled to do so by a court order or subpoena. This is not a theoretical risk. It is happening to people in the US right now. I am being so, so serious about this.

If you're looking for a new creative hobby, why not teach yourself a little HTML and CSS? Neocities is a great place to build your own website, and it's free. And it's fun! (If you make something, please drop the link, because I want to see.)

Breathe. We have to survive this, somehow. Log off for today, if you have to. Drink some water. Pet a cat. Sit outside and watch the birds, just for a few minutes. Believe that we will be okay, however you can. ❤️

Tags
us politics ao3 don't give up cybersecurity data security data privacy cyberwarfare information security archive everything hostile internet environment
44 notes View Post
Loading...
End of content
No more pages to load
Explore Tumblr Blog
Search Through Tumblr Tags