Does photo editors save pictures on their serv…

The title says it all. I read the privacy policy of Enlight app but it doesn’t mention where they store the pictures.

Found here

Can files on a USB be definitely linked to the…

Can files on a USB be definitely linked to the originating device (without the device), or to the same source as one-another, perhaps by an attribute or identifier? Can this be faked or removed?:

Can files on a USB be definitely linked to the originating device (without the device), or to the same source as one-another, perhaps by an attribute or identifier? Can this be faked or removed?

From here

Tools for group collaboration?

A group I am active in is finally looking to step away from the laughably insecure combination of Facebook forum, email and Etherpads we’ve been using so far. I was wondering what kind of tools people here use. Admins, feel free to move this post or let me know if this is the wrong subreddit for this type of question.

The features we would need:

  • Editable pads (or wikis) for minutes etc, preferably with access regulations (some would only be open to some members), à la Etherpad
  • A file repository, with possibility for all to upload files
  • A chat and/or discussion board function

Additional features that would be nice, but are not mandatory:

  • Push email notifications for new files, documents, etc
  • Polls function
  • Private messaging, preferably with an option for encrypted messages
  • A voice call/remote meeting function

We’d ideally look for a solution that is open source, obviously secure/encrypted, and preferably available on mobile.

We’ve looked at Riseup’s Crabgrass service, but it lacks several key features. We’d be open to host something ourselves, if necessary.

We’d like to retain the email list (hosted on Riseup) for non-sensitive information. I think that is unavoidable.

Found here

Missouri governor indicted for felony invasion…

Missouri governor indicted for felony invasion of privacy:

Missouri governor indicted for felony invasion of privacy

From here

Car companies are preparing to sell driver dat…

Car companies are preparing to sell driver data to the highest bidder:

Car companies are preparing to sell driver data to the highest bidder

From here

Facebook phishing how is it done?

SWIM got their Facebook compromised through a phishing attempt. What type of code does the malware use too send messages to others in that persons friends list. Do they steal an oauth token? If its a cell phone do the use client side JavaScript?

Found here

Looking for a nice country privacy laws compar…

Hello,

As the title says, I am looking for an up-to-date chart/map that would compare various countries based on their privacy, data collection and data protection laws, censorship and three-letter-agencies in countries. It should also give them a score, so they could be easier to choose.

I’ve already found https://www.dlapiperdataprotection.com/index.html , but it seems kinda weird that Russia is better than Iceland and China is better than a lot of countries.

If anyone has got anything, please let me know, thanks in advance!

Found here

Do You Trust Disconnect/Security Analysis of P…

I’ve been trusting Disconnect for some time now and I’m wondering if it works the same as services like VPNs in the sense that you are trusting them to not track you, so I took a look into their policy and broke it down.  

From Disconnect 5.18.21 Privacy Policy(firefox),

tl;dr Disconnect doesn’t collect any of your personal info, including your IP address.

This is misleading. The actual policy states in short,

Nothing in this policy **contradicts the following statements:

  1. We don’t collect…personal info…other than info you voluntarily provide

  2. We don’t sell personal info

  3. We share personal info only when legally required…to prevent harm

It goes on to clarify that

Aggregate data isn’t considered personal info.  

The document focuses on personal information and away from not whom they might be sharing/selling the aggregate data to (to powers that could use that data to map out Disconnect as a network for example).

At the end of the policy is a final misleading statement

(We) retain…Personal Info…for one month or less… **within 30 days of any request to do so.

If you can see what I’m seeing, what I see is not necessarily what they are stating, it’s what they are not. It’s that the policy comes off just as misleading as a privacy policy from Google or any shady VPN service and tells me not to trust them. At some point I plan to put together a simple article detailing how a user can get set up with a simple and effective privacy solution, I’m now not sure if I want to advise this service.

In their defense, they say they don’t collect information about your online activities over time or across (third-parties).

What do you guys think? Is using Disconnect about the same as trusting a VPN provider, or is the service in its design not capable of even doing such a thing?

This is an application for the non-technical masses, covered by large media outputs(TIMES I think covered it at one point), in other words a large project, with (I’d assume) plenty of money/influence behind it.  

edit: crossposted from /r/netsec likely getting removed from there

Found here

Glitch allowed customers to access others’ acc…

Glitch allowed customers to access others’ accounts [Financial Privacy]:

Glitch allowed customers to access others’ accounts [Financial Privacy]

From here

Hacker Strikes ‘Stalkerware’ Companies, Steali…

Hacker Strikes ‘Stalkerware’ Companies, Stealing Alleged Texts and GPS Locations of Customers: Nearly a year after Motherboard reported the data breaches of two spyware companies, another hacker has independently targeted two more.:

Hacker Strikes ‘Stalkerware’ Companies, Stealing Alleged Texts and GPS Locations of Customers: Nearly a year after Motherboard reported the data breaches of two spyware companies, another hacker has independently targeted two more.

From here