Privacy

Someone made a compilation of academic reviews and blogposts here: https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 but none of them seem to be real security audit reports, ex. compare with real security audits to Delta Chat: https://delta.chat/en/help#security-audits

Privacy rights groups have called on Apple’s legal challenge to a secret U.K. government order asking it to backdoor an end-to-end encrypted (E2EE) version of its iCloud storage service to be heard in public, rather than behind closed doors.

Unpaywalled: https://archive.is/7yc9S

cross-posted from: https://lemmy.sdf.org/post/30887912

Here is the report Security and Trust: An Unsolvable Digital Dilemma? (pdf)

Police authorities and governments are calling for digital backdoors for investigative purposes - and the EU Commission is listening. The Centre for European Policy (cep) warns against a weakening of digital encryption. The damage to cyber security, fundamental rights and trust in digital infrastructures would be enormous.

[...]

The debate has become explosive due to the current dispute between the USA and the UK. The British government is demanding that Apple provide a backdoor to the iCloud to allow investigating authorities access to encrypted data. Eckhardt sees parallels with the EU debate: "We must prevent the new security strategy from becoming a gateway for global surveillance." Technology companies such as Meta, WhatsApp and Signal are already under pressure to grant investigators access to encrypted messages.

"Once you install a backdoor, you lose control over who uses it," says Küsters. Chinese hackers were recently able to access sensitive data through a vulnerability in US telecommunications networks - a direct consequence of the infrastructure there. Instead, Küsters advocates a strategy of "security by design", i.e. designing systems securely from the outset, and the increased use of metadata analyses and platform cooperation as viable alternatives to mass surveillance.

[...]

Lessons from across the Atlantic?

A recent episode from the US provides an illustrative cautionary tale. For decades, some US law enforcement and intelligence agencies advocated “exceptional access” to encrypted communications, claiming that only criminals needed such robust privacy protections – echoing the current debate in the EU. But over the past months, a dramatic shift occurred following revelations that Chinese state-sponsored hackers had infiltrated major US telecommunications networks, gaining access to call metadata and possibly even live calls (the so-called “Salt Typhoon” hack).

Specifically, the Chinese hackers exploited systems that US telecom companies had built to comply with federal wiretapping laws such as Communications Assistance for Law Enforcement Act (CALEA), which requires telecommunications firms to enable “lawful intercepts”. In theory, these built-in channels were supposed to only give law enforcement an exclusive window into suspect communications. In practice, however, they became a universal vulnerability that hostile actors could just as easily exploit.

Suddenly, the very government voices that once dismissed end-to-end encryption began recommending that citizens use encrypted messaging apps to maintain their security.

**What can we learn from this? **

While governments often push for greater surveillance capabilities, the real and current threat of state-sponsored cyber-espionage demonstrates the indispensable value of strong encryption. As the Electronic Frontier Foundation has noted, Salt Typhoon shows once more that there is no such thing as a backdoor that only the “good guys” can use.

If the mechanism exists, a malicious party will eventually find it and weaponise it. The lesson for Europe is clear: undermining encryption to aid investigations may prove short-sighted if it also exposes citizens – and state institutions – to hostile foreign interference. Is this really what we want to do in an increasingly challenging geopolitical environment? The debate about ensuring lawful and effective access to data in the digital age will remain one of the most pressing challenges, so we need to ask whether there are alternative, viable models.

[...]

cross-posted from: https://lemmy.sdf.org/post/30867694

Here you can download the report, Cybersecurity with Chinese Characteristics (pdf)

Archived

Through its Digital Silk Road, China is not only developing digital infrastructure, but also aggressively promoting its own norms for governing these technologies. One area where this is most pronounced is in the promotion of cybersecurity norms, says the NGO Article19 in a new report.

"The success of China’s digital norms-setting in this critical realm of internet governance risks supercharging digital authoritarianism regionally – and normalising Beijing’s model internationally – at the expense of human rights, internet freedom, and democracy," the organization finds.

Cybersecurity with Chinese Characteristics establishes a baseline understanding of China’s repressive cybersecurity norms and reveals how it is smuggling them, via the Trojan Horse of digital development, into 3 Indo-Pacific countries: Indonesia, Pakistan, and Vietnam. It also presents a compelling alternative model of cybersecurity governance: Taiwan’s transparent, rights-based, multi-stakeholder approach.

Michael Caster, Head of the Global China Programme at ARTICLE 19, said:

China’s aggressive promotion of authoritarian cybersecurity norms in the Indo-Pacific is a canary in the coalmine for the international community. Because make no mistake: Xi Jinping’s ambitions do not end there. We have it in their own words: China’s ambition is to lead the world in digital infrastructure, and with it, to set the rules for a new digital authoritarian future of its own design.

Few countries are as well-versed in responding to China’s cyberattacks and resisting its cyber norms as Taiwan. As our report argues, if the international community is serious about resisting China’s repressive global ambitions, it must urgently increase its engagement with Taiwan.

Through in-depth case studies, the report examines how countries in the Indo-Pacific region have adopted China’s norms in law, policy, and practice – from Indonesia’s embrace of ‘cyber sovereignty’ to Pakistan’s China-style firewall to Vietnam’s repressive content moderation – with catastrophic consequences for people’s right to free expression and access to information.

Faced with these threats, alternative norms for digital governance are urgently needed. As the report shows, Taiwan’s alternative, which seeks to balance the threats emanating from Beijing with efforts to avoid infringing on people’s human rights and fundamental freedoms, has much to offer global advocates engaged in developing these norms.

[...]

I haven't played Minecraft since 2015, but I get the feeling I might again in the new few years as I wanna find new hobbies. I know that game has changed a whole lot but I don't have any official online data on it.

I've had this Microsoft account for over a decade and its probably full of personal information that I wanna let go of, I've already exported all my data. I would need to pay $30 for another copy of Minecraft, same price I paid in 2013. I just did a bunch of searching and its not possible to transfer my Minecraft license to another account.

cross-posted from: https://lemmy.sdf.org/post/30804814

A former senior Facebook executive has told the BBC how the social media giant worked "hand in glove" with the Chinese government on potential ways of allowing Beijing to censor and control content in China.

Sarah Wynn-Williams - a former global public policy director - says in return for gaining access to the Chinese market of hundreds of millions of users, Facebook's founder, Mark Zuckerberg, considered agreeing to hiding posts that were going viral, until they could be checked by the Chinese authorities.

Ms Williams - who makes the claims in a new book - has also filed a whistleblower complaint with the US markets regulator, the Securities and Exchange Commission (SEC), alleging Meta misled investors. The BBC has reviewed the complaint.

Facebook's parent company Meta, says Ms Wynn-Williams had her employment terminated in 2017 "for poor performance".

It is "no secret we were once interested" in operating services in China, it adds. "We ultimately opted not to go through with the ideas we'd explored."

[...]

Ms Wynn-Williams says her allegations about the company's close relationship with China provide an insight into Facebook's decision-making at the time.

[...]

Ms Wynn-Williams claims that in the mid-2010s, as part of its negotiations with the Chinese government, Facebook considered allowing it future access to Chinese citizens' user data.

"He was working hand in glove with the Chinese Communist Party, building a censorship tool… basically working to develop sort of the antithesis of many of the principles that underpin Facebook," she told the BBC.

Ms Wynn-Williams says governments frequently asked for explanations of how aspects of Facebook's software worked, but were told it was proprietary information.

"But when it came to the Chinese, the curtain was pulled back," she says.

"Engineers were brought out. They were walked through every aspect, and Facebook was making sure these Chinese officials were upskilled enough that they could not only learn about these products, but then test Facebook on the censorship version of these products that they were building."

[...]

In her SEC complaint, Ms Wynn-Williams also alleges Mr Zuckerberg and other Meta executives had made "misleading statements… in response to Congressional inquiries" about China.

One answer given by Mr Zuckerberg to Congress in 2018 said Facebook was "not in a position to know exactly how the [Chinese] government would seek to apply its laws and regulations on content"

[...]

@privacy Week 10 of the Privacy Roundup

https://avoidthehack.com/privacy-week10-2025

Sharing on Lemmy from Mastodon!

Counter article: https://news.ycombinator.com/item?id=43301369

cross-posted from: https://lemmy.sdf.org/post/30749052

Gee, it's almost as if Zuck has zero morals...

I want to delete my Disney plus account but their app and website force some ad for their latest subscription deal. My account settings are not accessible anywhere. When I am logged in and refresh the page, I can briefly see my avatar in the top right corner before the ad comes up. According to Disney's instructions, I need to use that to access my account configuration and delete it.

Is this a denial of my right to erasure granted by the GDPR? Should I report this to some authority? If yes, who is that authority?

cross-posted from: https://lemm.ee/post/57611481

Just in time for 10 years of Tuta/Tutanota, we are launching the most significant security upgrade of Tuta Mail with TutaCrypt. This groundbreaking post-quantum encryption protocol will secure emails with a hybrid protocol combining state-of-the-art quantum-safe algorithms with traditional algorithms (AES/ECC) making Tuta Mail the world's first email provider that can protect emails from quantum computer attacks.