Lytia

This feels relatively tame compared to everything else that godforsaken platform has done in the past few months.

No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit. No problem! I can just kill the process in the…shit.

That still won’t keep the phone up to date, as you have to decrypt the device for it to update.

Most (older and lower end) phones don’t do encryption in the first place, so BFU becomes barely better than an unlocked phone.

Assuming you’re on GrapheneOS: https://grapheneos.org/features#auto-reboot

I don’t think most other OEMs have an auto reboot feature

Afaik, it only disables biometrics. BFU means the entire phone (should be) encrypted. You can test this by playing media and then pressing the lockdown button. If the media continues playing, it’s not encrypted.

If you can’t shut your phone down for whatever reason, disabling biometrics would be the second best option (assuming police cannot force you to reveal your password).

I think you need to learn how cookies work. In this case it was probably a tracker appended to the link (the stuff after the question mark). If it was a cookie, they would be able to resubmit by starting a new browsing session.

P.S. why the þ’s? I see you everywhere but keep forgetting to ask.

Not a very “hidden” risk, but if you’re willing to talk to an AI about your problems, the largest warning sign won’t stop you

This kind of mindset is what make the privacy community seem like outcasts. Yes, pedophiles and other criminals would benefit from complete anonymity, but that does not mean we should draw the line at how anonymous someone gets to be because “only pedos operate at that level”.

Proton is by no means the best company when it comes to privacy, but it only benefits companies like Google and Meta if we’re constantly dragging its reputation through the mud over a bunch of misinformation. Below is taken from a response on Reddit.

Hi everyone,

No, Proton did not knowingly block journalists’ email accounts. Our support for journalists and those working in the public interest has been demonstrated time and again through actions, not just words.

In this case, we were alerted by a CERT that certain accounts were being misused by hackers in violation of Proton’s Terms of Service. This led to a cluster of accounts being disabled.

Because of our zero-access architecture, we cannot see the content of accounts and therefore cannot always know when anti-abuse measures may inadvertently affect legitimate activism.

Our team has reviewed these cases individually to determine if any can be restored. We have now reinstated 2 accounts, but there are other accounts we cannot reinstate due to clear ToS violations.

Regarding Phrack’s claim on contacting our legal team 8 times: this is not true. We have only received two emails to our legal team inbox, last one on Sep 6 with a 48-hour deadline. This is unrealistic for a company the size of Proton, especially since the message was sent to our legal team inbox on a Saturday, rather than through the proper customer support channels.

The situation has unfortunately been blown out of proportion without giving us a fair chance to respond to the initial outreach.

Here’s a post from Andy (the ceo) as well

By hosting it through tor, they’re effectively removing it from the worlds DNS providers, and limiting their users to a minority of advanced users.

Thanks for the reply. While I’m sure that the video feed wasn’t the easiest to access from an outside attackers end, the fact that it was even being sent to the cloud, unencrypted, in the first place is a little more than a “minor” controversy. A company advertising a camera that works local only, and then proceeding to quietly upload everything from the camera to their servers, servers that, mind you, cost money to operate, likely have malicious intent.

While it may have been sensationalized, given this is a privacy comm, it should at least be worth mentioning.

They keep data local by default

https://gizmodo.com/eufy-local-security-camera-cloud-unencrypted-scandal-1850059207

The original security issue was first noticed by security researcher Paul Moore, who noticed Eufy cameras were streaming recorded video to a cloud server on the site’s web portal, even though cloud storage wasn’t enabled. That data sent to the cloud remained unencrypted.

https://www.theverge.com/23573362/anker-eufy-security-camera-answers-encryption

Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted — they can and did produce unencrypted video streams for Eufy’s web portal.

The article also includes a response from Anker.

deleted by creator