Really wish we could get some privacy and data security laws on the books.

149M logins exposed in unsecured database, inc 900k Apple accounts

https://9to5mac.com/2026/01/26/149m-logins-exposed-in-unsecured-database-inc-900k-apple-accounts/

#Privacy #Data #Security #Tech

Happy Data Protection Day!

20th anniversary online event: https://www.coe.int/web/data-protection/data-protection-day

#Data #DataProtection #DataPrivacy #Privacy #InfoSec #InformationSecurity #CyberSecurity #Encryption #E2EE #Security #PasswordManager #SelfHost #SelfHosted #SelfHosting #Linux #DataSovereignty #CouncilOfEurope #CoE #EDPS #EuropeanDataProtectionSupervisor #DPD #DPD2026 #OpenPGP #PGP #GnuPG #GPG #VeraCrypt #Tomb #LUKS #AES #P2P #VPN #LetsEncrypt #Argon2 #Tor #XMPP #OMEMO #TorBrowser #Tails #PrivacyBadger #JShelter

Alt...

Data Protection Day banner.

Seven people are put on trial in #France for:
- using encrypted apps like Signal
- participating in digital security training

“8 December” case: why is encryption on trial?
"On 3 October, the trial of the so-called “8 December” case began. Seven people are prosecuted for being a “terrorist group”.

The intelligence services in charge of the judicial investigation (Direction générale de la Sécurité intérieure, DGSI), the National Antiterrorist Prosecution Office (Parquet National Antiterroriste, PNAT), and the investigating judge based their case on the fact that the defendants were using different tools to protect their privacy and encrypt their communications on a daily basis.

This trial is part of an increased political push by states and law enforcement for surveillance measures and the criminalisation of encryption. That is why the trial is crucial in the battle against the state’s ongoing attempts to criminalise commonplace, secure and healthy digital practices.

EDRi member in France La Quadrature du Net has continuously defended people’s right to privacy and fought for strong protections of everyone’s digital security. Now, once again, they stand up for the last pillar of our digital #security – #encryption."
via @edri
@surveillance@a.gup.pe https://edri.org/our-work/8-december-case-why-is-encryption-on-trial/

Do Not Use Ring Cameras. Amazon’s Ring cameras are integrated into U.S. law-enforcement workflows. Police agencies can request footage directly, allowing private home surveillance video to be shared with law enforcement.

In 2025, Ring partnered with Flock Safety, further linking consumer cameras to nationwide law-enforcement #surveillance platforms.
#ICE #USPol #Security

https://wiki.icelist.is/index.php/Ring_Cameras_and_Law_Enforcement_Access

Lawsuit Claims Meta Can See WhatsApp Chats in Breach of Privacy

https://finance.yahoo.com/news/lawsuit-claims-meta-see-whatsapp-013745124.html

#security #privacy #tech #technology #news #technews

Google Gemini Prompt Injection Flaw exposed Private Calendar Data via Malicious Invites.

The vulnerability, Miggo Security's Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar's privacy controls by hiding a dormant malicious payload within a standard calendar invite.

⚠️"This bypass enabled unauthorized access to private meeting data and the creation of deceptive calendar events without any direct user interaction," Eliyahu said in a report.⚠️

https://www.miggo.io/post/weaponizing-calendar-invites-a-semantic-attack-on-google-gemini

#google #calendar #gemini #llm #ai #security #privacy #engineer #media #tech #news

Alt...

👾Although the issue has since been addressed following responsible disclosure, the findings once again illustrate that AI-native features can broaden the attack surface and inadvertently introduce new security risks as more organizations use AI tools or build their own agents internally to automate workflows.👾 ⁉️"AI applications can be manipulated through the very language they're designed to understand," Eliyahu noted. "Vulnerabilities are no longer confined to code. They now live in language, context, and AI behavior at runtime."⁉️

Alt...

[ImageSource: Miggo Security] 👾The starting point of the attack chain is a new calendar event that's crafted by the threat actor and sent to a target. The invite's description embeds a natural language prompt that's designed to do their bidding, resulting in a prompt injection.👾 The attack gets activated when a user asks Gemini a completely innocuous question about their schedule [e.g., Do I have any meetings for Tuesday?], prompting the artificial intelligence [AI] chatbot to parse the specially crafted prompt in the aforementioned event's description to summarize all of user’s meetings for a specific day, add this data to a newly created Google Calendar event, and then return a harmless response to the user. ⁉️"Behind the scenes, however, Gemini created a new calendar event and wrote a full summary of our target user's private meetings in the event's description," Miggo said. "In many enterprise calendar configurations, the new event was visible to the attacker, allowing them to read the exfiltrated private data without the target user ever taking any action."⁉️

The @w3c Security #InterestGroup proposes to make systematic use of threat modeling in W3C to identify potential #threats, vulnerabilities, and safeguards in web specifications.
This guide is designed to help standards #developers make informed decisions about #security and #privacy risks from the beginning of standard development #timetogiveinput

▶️ https://www.w3.org/TR/threat-modeling-guide/

Feedback wlc: https://github.com/w3c/threat-modeling-guide/issues

Alt...

Data Flow Diagram for Minimalist Web Threat Model with 3 entities (user, network operator, website admin), linked by 7 flows to 3 processes (DNS, browser, server), as described in section A1.3 of the guide.

🔐 Aegis Authenticator is a free, open-source 2FA app for Android focused on privacy and security.

Stores all tokens in a locally encrypted vault (AES-256-GCM), works fully offline, supports TOTP & HOTP, and lets you create encrypted backups you control.
Available on F-Droid — no cloud, no tracking.

👉 https://github.com/beemdevelopment/Aegis

🔍 Listed on https://digital-escape-tools-phi.vercel.app/

#Privacy #OpenSource #Security #2FA #Android #FOSS #DeGoogle

ICE’s Mobile Fortify facial recognition app misidentified a detained woman twice in an Oregon raid 👤
ICE still calls the app a definitive way to determine immigration status, even over documents 📱
Raises major concerns about wrongful targeting, due process, and biometric policing ⚖️

🔗 https://www.404media.co/ices-facial-recognition-app-misidentified-a-woman-twice/

#TechNews #Privacy #Surveillance #ICE #FacialRecognition #AI #CivilLiberties #HumanRights #Security #LawEnforcement #DigitalRights #USA #US #Trump #DonaldTrump #Law #Police #PoliceBrutality

Palantir is developing a mapping tool for ICE that scores targets & flags “high-density” deportation areas 📍
Internal docs show data flows from HHS into ICE systems via Palantir’s ELITE platform 🧩
Raises serious privacy, oversight & civil liberties concerns ⚖️

🔗 https://www.404media.co/elite-the-palantir-app-ice-uses-to-find-neighborhoods-to-raid/

#TechNews #Privacy #Surveillance #Palantir #ICE #AI #CivilLiberties #HumanRights #Security #LawEnforcement #Transparency #Ethics #DigitalRights #USA #US #Trump #DonaldTrump #Law #Police #Policebrutality

Microsoft gave the FBI BitLocker recovery keys to unlock encrypted Windows PCs 🔑
The company says it complies with valid warrants — but unlike Apple or Meta, it can access stored keys 🧩
Raises major privacy & trust concerns over default cloud key storage ⚖️

🔗 https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

#TechNews #Cybersecurity #Privacy #Encryption #DataSecurity #Surveillance #Microsoft #FBI #Infosec #DigitalRights #Transparency #Cloud #BigTech #Security #CivilLiberties #Windows #Bitlocker #Apple #Meta #Google

Ireland drafts new surveillance bill expanding police powers to intercept encrypted messages 🔐
Includes legal basis for spyware use & device scanning tech 🕵️‍♀️
Civil rights groups warn of normalization of extraordinary powers ⚖️

🔗 https://www.theregister.com/2026/01/21/ireland_wants_to_give_police/

#TechNews #Privacy #Surveillance #Spyware #Encryption #HumanRights #Law #Cybersecurity #PoliceTech #CivilLiberties #EU #Government #DataProtection #Security #DigitalRights #Ireland #Irish

On the run up of #DataPrivacyDay we've asked the Tuta Community about your preferred Google alternatives.

Here's what you said about your favorite browsers! 🎉

#privacy #security

Alt...

Preferred browsers of the Tuta Community: 37% Firefox, 22% Brave, 11% Librewolf, 6% Vivaldi, 6% Mullvad, 5% Tor, 3% Zen

More reasons not to use #Windows.

I know some people do not have a choice, but with #Microsoft turning over encryption keys to the fed (and that will include #ICE via #Palentir) as well as the eager cooperation of companies like #Amazon, now is the time to lock down your own data. The linked article presents the facts, but some of the comments do provides links to guides that can help you.

https://www.theregister.com/2026/01/23/surrender_as_a_service_microsoft/

#IT #security #Privacy

Anyone had much experience with Nym VPN? Any thoughts? #AskFedi #HiveMind #AskMastodon #Nym #NymTechnologies #VPN #privacy #security #FOSS

Microsoft handed the government encryption keys for customer data

https://www.theverge.com/news/867244/microsoft-bitlocker-privacy-fbi

#tech #technology #security #cybersecurity #privacy #Microsoft #FBI #bitlocker

MakeUseOf: Your Wi-Fi name can expose more information than you think . “That simple network name is actually a privacy minefield, and the information it reveals might shock you. Knowing how to identify a free Wi-Fi trap is one thing, but you should also be aware of the risks your own network can face.”

Are you aware that some popular social media apps collect your immigration status? It may seem alarming, but it's actually related to state data protection laws in the US.

Read more: https://steelefortress.com/8ubd39

#Privacy #InfoSec #Security

#Microsoft gave #FBI a set of #BitLocker encryption keys to unlock suspects’ laptops: reports
By default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension #lawenforcement — to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes. https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/
#security #privacy

@EUCommission My message to you:

#MAGA oligarch like Elon Musk will meddle in European #elections more than the Russians ever did!

We need to disconnect further from USA, and we need to do it quickly, or we might find ourselves in a Jan 6th situation, with #AfD or #NationalFront claiming elections were fraudulent, requesting military aid from the USA to help overturn the election ...

https://spectra.video/w/7x9A4cZD3QWtGFzfsQnrCY

#EU #security #sovereignty #electioninterference #USA #elonmusk

Ars Technica: Millions of people imperiled through sign-in links sent by SMS. “Websites that authenticate users through links and codes sent in text messages are imperiling the privacy of millions of people, leaving them vulnerable to scams, identity theft, and other crimes, recently published research has found.”

https://winbuzzer.com/2026/01/23/microsoft-gave-fbi-bitlocker-keys-breaking-apple-privacy-stance-xcxwbn/

Microsoft Gave FBI BitLocker Keys, Breaking from Apple Privacy Stance

#BitLocker #Microsoft #Security #Encryption #Privacy #Cybersecurity #DataPrivacy #EndToEndEncryption #Law #Windows #UserPrivacy #NationalSecurity #PrivacyProtection

Microsoft reportedly gave the FBI BitLocker recovery keys to unlock encrypted laptops in a Guam fraud probe. 🔐

I’m genuinely stunned. 🤯 Encryption should protect users — not defer to cloud-stored keys that can be handed over on demand. ⚠️

This raises deep concerns about trust, what “secure by default” means. 🧩

🔗 https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/

#TechNews #Microsoft #FBI #Privacy #Encryption #BitLocker #Cybersecurity #DataSecurity #DigitalRights #BigTech #UserControl #Cloud #Security #Surveillance

Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw

The tech giant said it receives around 20 requests for BitLocker keys a year and will provide them to governments in response to valid court orders.

https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

#Microsoft #Bitlocker #privacy #security #datasecurity #surveillance #dataleak #encryption #technology

🌀 Tor Browser 15.0.3 released with key security and privacy updates. 🔒
NoScript updates are now hosted directly on Tor’s infrastructure, improving update reliability and autonomy. 🧩
Enhanced protections reduce fingerprinting risks and tighten extension control. 🕵️

@torproject

🔗 https://blog.torproject.org/new-release-tor-browser-1503/

#TechNews #Privacy #Security #OpenSource #DataProtection #Encryption #Cybersecurity #Anonymity #Transparency #Accountability #WebSafety #Internet #Linux #Software #Mozilla #Tor #Browser #Firefox

Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw

The tech giant said it receives around 20 requests for BitLocker keys a year and will provide them to governments in response to valid court orders. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.

https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

#tech #technology #news #technews #security #privacy #microsoft

If you are using Microsoft for anything secure, it might be time to really re-evaluate some choices.

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw

https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

#Microsoft #FBI #Bitlocker #Encryption #Privacy #Security #Surveillance #Tech

Signal founder Moxie Marlinspike launches Confer, an end-to-end encrypted AI assistant. 🔒
Cloud-based models ensure only users access unscrambled data, blocking corporate surveillance of prompts and chats. ⚖️

This counters Big Tech's data extraction for ads and training, bolstering user rights. 📊

@signalapp

🔗 https://time.com/7346534/signal-confer-ai-moxie-marlinspike/

#TechNews #AI #Privacy #Encryption #Security #BigTech #Data #UserRights #AIethics #Cybersecurity #Innovation #Freedom #DigitalRights #OnlineSafety

Looking for a good book about, well(?), strategies, data-structures, algorithms for handling encrypted data. Some questions I would like to see discussed:
- user has thousands of encrypted files, must change the key.
- path names encrypted or not, when/why, how?
- access to encrypted files by many users ... key handling?
- pros/cons of encryption algorithms for the above

NOT: encryption algorithms themselves, the math, as it is covered well online.

#encryption #security #dataHandling

Hundreds of millions of Bluetooth audio devices need urgent patches ⚙️
Researchers found flaws in Google’s Fast Pair protocol letting attackers link, listen, or track users—even iPhone owners 📡
Highlights tension between seamless UX and user privacy 🔒

🔗 https://www.wired.com/story/google-fast-pair-bluetooth-audio-accessories-vulnerability-patches/

#TechNews #Privacy #CyberSecurity #DataSecurity #Bluetooth #Android #iPhone #Google #Vulnerability #Security #UserRights #Tech #OpenSource #Tracking #SoftwareUpdate #Audio #Music #Musica #Devices #Apple #iPhone

Google’s Gemini A.I. now scans your entire inbox to “help” you summarize, reply & organize. 📬
That’s not assistance — that’s surveillance wrapped in productivity branding. 🔍

If your emails need an opt‑out clause, maybe the feature shouldn’t exist by default. ⚠️

🔗 https://www.nytimes.com/2026/01/15/technology/personaltech/gmail-gemini-ai-email-inbox.html

#TechNews #Privacy #AI #Google #Gmail #Surveillance #Data #Security #UserRights #BigTech #DigitalEthics #OnlinePrivacy #TechPolicy #Accountability #AIethics #Cybersecurity #Gemini #Email

Nobody warns teams about clipboard risk — but it’s real.
Passwords, API keys, internal notes, crypto addresses, even client data often live briefly in clipboard memory, logs, or clipboard managers.
It’s a tiny surface area with real security implications.
Privacy isn’t just tools. It’s operational hygiene.
#Privacy #Security #B2B #Infosec #DigitalHygiene

My malwarebites anti-virus just detect 1malware named APP LOCK from f-droid. 🤯 Immediately removed from device. #fdroid @fdroidorg plz review this app once again #security #opensource.
https://f-droid.org/packages/dev.pranav.applock

A new EPIC report says data brokers, ad-tech surveillance, and ICE enforcement are among the factors leading to a “health privacy crisis” that is eroding trust and deterring people from seeking care.

Alt...

Surveillance and ICE Are Driving Patients Away From Medical Care, Report Warns