-
9 votes
-
Hyperdome - the safest place to reach out
5 votes -
Nearly two years after Europe's GDPR privacy law came into effect, supporters are frustrated by lack of enforcement, poor funding, limited staff resources and stalling tactics by the tech companies
10 votes -
Twitter removes privacy option, and shows why we need strong privacy laws
17 votes -
After 9/11, Americans gave up privacy for security. Will we make the same trade-off after COVID-19?
21 votes -
Thousands of Zoom cloud recordings have been exposed on the web because of the way Zoom names its recordings in unprotected AWS buckets
24 votes -
An examination of Zoom's encryption and potential areas of concern in their infrastructure, including the transmission of meeting encryption keys through China
6 votes -
Zoom's explosion in popularity is shining a bright spotlight on the service's privacy and data-collection practices
15 votes -
Mark Zuckerberg discovers privacy
17 votes -
Zoom iOS app sends data to Facebook even if you don’t have a Facebook account
10 votes -
Why don't we just ban targeted advertising?
27 votes -
Enhancements to tracking protection in Safari: full third-party cookie blocking, 7-day cap on script-writeable storage, and more
10 votes -
We need a massive surveillance program
7 votes -
What file access do programs have if I install them? Can they see everything?
I am thinking on installing League of Legends, but I am not sure about the privacy implications of doing so. If I install it, would it be able to read all the other files in my computer? If it...
I am thinking on installing League of Legends, but I am not sure about the privacy implications of doing so. If I install it, would it be able to read all the other files in my computer? If it can, can I avoid the problem by using a guest account on my computer to play? Riot's privacy policy seems to be standard as far data mining goes, but I would like to know how much it can see if install it. I am playing on a Mac.
6 votes -
Government of Czech Republic adopted tracking of infected individuals via cellular networks
5 votes -
Google wary of sharing user location data in pandemic fight
9 votes -
Brave has filed a formal GDPR complaint against Google for infringing the GDPR “purpose limitation” principle with an internal data free-for-all
12 votes -
Popular iPhone and iPad apps snooping on the pasteboard
6 votes -
Sharing photos has the potential to reveal a lot of personal information, even if you're careful with removing metadata
9 votes -
Sweden fines Google $8 million for right-to-be-forgotten violations – a failure to comply with Europe's GDPR after they failed to adequately remove search results
11 votes -
Secret-sharing app Whisper left hundreds of millions of users’ intimate messages, locations, and other data exposed publicly on the web
9 votes -
Google tracked his bike ride past a burglarized home. That made him a suspect.
18 votes -
EARN IT act is a direct attack on end-to-end encryption
25 votes -
Facebook files lawsuit against Namecheap
9 votes -
switching.software: Ethical, easy-to-use and privacy-conscious alternatives to well-known software
18 votes -
The case for limiting your browser extensions
9 votes -
Hidden third party telemetry found in Nokia 6.2, 7.2 smartphones
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it...
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it here.
Original article below:
I have recently purchased Nokia 6.2 and wanted to check if it sends any data somewhere, considering what happened with previous models
First, I noticed approx. daily connection to
dapi.hmdglobal.net
This is a Google Cloud that could belong to a company behind Nokia - HMD Global.
But the Privacy policy in my phone only speaks of "activation" process, not of daily diagnostics data.
So I used developer tools to remove the following packages (warning: this may break your device, I am not responsible for any consequences)com.hmdglobal.enterprise.api com.qualcomm.qti.qms.service.telemetry com.qualcomm.qti.qmmi com.qualcomm.qti.qdma
Before removing them, I used APK Extractor to save APK files just in case it breaks my phone and I may be able to attempt reinstall. This part comes into play later.
The first was my blind guess about what exactly connects todapi.hmdglobal.net
The next 3 I found mentioned in various forums for other devices as "safe to remove", however, I have not seen any telemetry sent to Qualcomm or anywhere else, except what I mention next.After removing these packages, I noticed that there are some remaining unknown connections my device attempts several times per day.
They are all done in same order, one right after the other:www.pppefa.com www.ppmxfa.com www.forcis.claro.com.co
After some investigation, I found that the first two domains point to some Microsoft Cloud servers rented in US.
The last one most probably belongs to Colombian telecom company, and this is where it becomes interesting.
After many hours of fruitless removing of different apps in my attempt so stop it, I suddenly remembered something.
When I used APK Extractor previously, there was an empty first line with some generic icon where an app icon should have been.
I went there again and indeed, this is a hidden system app, that you can not see in the list of all apps in Settings, normally. But it turns out, you can see it in Data usage (after it successfully sends some data using your mobile connection).
The name of the app is deliberately left empty to hide it, but if you click it in Data usage, you can see that this app isco.sitic.pp
, which can receive SMS, can make calls, and has access to internet.
As with all Android apps, you can reverse read the name to guess what it is.
Turns out, http://sitic.com.co is a Colombian company, who "are leaders in innovation and create mobile and WEB applications for new products and services." (credit goes to Google Translate)screenshot of the app with permissions
In other words, this app is a 3rd party telemetry, hidden from user, not mentioned in the Privacy policy, that has access to SMS.
This looks very bad and I really hope this is a malware injected by factory and not something knowingly distributed by Nokia, HMD Global, the EU company.After removing the
co.sitic.pp
app, requests to Microsoft Cloud and Columbia stopped.
I was later pointed to a German forum, where (I believe) it was first found in a Nokia 7.2 device.
So, we have it confirmed in 2 devices in 2 different countries.On German forum they contacted Nokia (I assume support) but got tired exchanging emails for weeks without any result.
On 02/03/2020 I have requested an official reply from Nokia and HMD Global via press.services@nokia.com and press@hmdglobal.com and waiting for reply.
Since I am not a journalist, I may never get one.TLDR: 3rd party telemetry is found in Nokia 6.2 and 7.2 devices, is hidden from user, has access to SMS, and sends data to Microsoft Cloud in US and a server in Columbia.
It is probably supplied by SITIC S.A.S., a Colombian company, and looks more like a malware than a telemetry.28 votes -
Firefox has started enabling DNS-over-HTTPS by default for all US-based users
33 votes -
Changing e-mail and cleaning up my Internet presence
I'm trying to clean up my internet presence and move away from at least Facebook and Google. I've come a long way with deleting my Facebook and it's now basically an empty shell for messaging....
I'm trying to clean up my internet presence and move away from at least Facebook and Google. I've come a long way with deleting my Facebook and it's now basically an empty shell for messaging. I've installed Signal and will start the grooming process with my friends and family now. If you have some solid arguments for the change regular ol' folks can understand please share them with me because as we all know "privacy" just isn't enough.
Next phase is the big one...Google or basically G-mail.
1. Is there any way to get an complete overview of where you've used your e-mail for a service online?
2. What e-mail would you recommend?
2a. I'm OK with paying a bit for overall quality, security and equally important UX!
2b. I don't use any other relevant Google products like Drive etc. It's just regular e-mail and sign in credentials for other services I basically need3. I use a Mac, iPhone and iCloud. Is iCloud a problem? IF this needs to change it HAS to be an "easy" switch and not like setting up a server for myself. Because it won't happen and I'm not skilled enough.
I would very much appreciate your input :)
EDIT: Thank you all for your thorough comments!
22 votes -
To rein in traffic-snarling new mobility modes, LA needed digital savvy. Then came a privacy uproar, a murky cast of consultants, and a legal crusade by Uber.
3 votes -
In smart apartments, is tenants’ privacy for rent?
13 votes -
Why Amazon knows so much about you
18 votes -
Prompted by Brexit, Google will move UK users' data out of Irish jurisdiction so they are no longer covered by EU privacy rules
21 votes -
I spoke out against sexual harassment at Uber. The aftermath was more terrifying than anything I faced before
16 votes -
I got a Ring doorbell camera. It scared the hell out of me.
11 votes -
The story of how Saudia Arabia influenced two well-liked Twitter employees to access thousands of users' private information and pass it to the Saudi Royal Family
10 votes -
Dis.cool is creating profiles of Discord users who have never signed up for their service and they are refusing to delete them.
22 votes -
Amazon Ring updates device security and privacy, including adding mandatory two-factor auth—but continues ignoring larger concerns
9 votes -
The Waterfox browser has been acquired by System1, the company that purchased a majority stake of Startpage in September 2019
12 votes -
Security researchers partner with Chrome to take down over 500 browser extensions in a fraud network affecting 1.7 million users
12 votes -
Watching you watch: The tracking system of over-the-top TV streaming devices
10 votes -
An algorithm was taken to court – and it lost (which is great news for the welfare state)
7 votes -
Four Chinese military personnel charged for Equifax hack
10 votes -
California’s new privacy law is off to a rocky start
12 votes -
Add-on support was just merged into Firefox Preview
@aissn: Add-on support was just merged into Firefox Preview. Thanks @gabrielluong https://t.co/cXOCB00tKk
23 votes -
Google sends a unique Chrome browser identifier through Chrome when you visit their websites
14 votes -
How Twitter's default settings enabled a security researcher to discover phone numbers for over seventeen million accounts
10 votes -
Surveillance on UK council websites - A study of private companies’ data collection on council websites across the United Kingdom
8 votes -
What to know before you buy or install an Amazon Ring camera
8 votes -
How ads follow you around the internet
8 votes