Posts by mysk@mastodon.social
(DIR) Post #AjkFlxg8KThzbYKD4q by mysk@mastodon.social
2024-07-05T19:26:39Z
0 likes, 0 repeats
…Messages were either delivered to the Mac or to the VM. The iPhone received all messages. All of the three sessions were live and valid. Signal didn't warn me of the existence of the third session [that I cloned]. Moreover, Signal on the iPhone still shows one linked device. This is particularly dangerous because any malicious script can do the same to seize a session. …🧵
(DIR) Post #AjkFlyhEXsBOlFqbQm by mysk@mastodon.social
2024-07-05T19:27:20Z
0 likes, 0 repeats
… Perhaps this flaw is what makes some users think that Signal has a "backdoor" as it is easy for sophisticated attackers to target a victim who's using the Mac app and see their chats. (The same may be also true for the Windows app)#privacy #security
(DIR) Post #Ajuqav2ORlt8k6BHvc by mysk@mastodon.social
2024-07-14T08:28:21Z
0 likes, 1 repeats
Your Phone Contacts AREN'T Private#privacy#cybersecurity#infosec https://odysee.com/@NaomiBrockwell:4/Phone-Contacts:9
(DIR) Post #Ak3Avu0T1nkJyRF6Qa by mysk@mastodon.social
2024-07-17T18:55:18Z
0 likes, 1 repeats
🔔 Soon after we published our findings about the App Store collecting exhaustive and identifiable usage data, we were approached by law enforcement in the U.S. to help them navigate through the usage data they obtained from Apple for a suspect. They presented a court order to #Apple. As we showed, there's no way to turn off sharing the App Store usage data. Apple maintains this identifiable data about every user.#iOS #Privacy #PrivacyMattersOriginal video: https://youtu.be/8JxvH80Rrcw
(DIR) Post #Ak3AvvVLSU2WcUhHCC by mysk@mastodon.social
2024-07-18T09:00:55Z
0 likes, 0 repeats
Many developers collect identifiable usage data. The list includes Amazon, Google, Meta, Microsoft, Netflix, Snapchat, Spotify, TikTok, Twitch, Zoom. Just check the apps Privacy Nutrition Labels. Given a court order, developers are obliged to hand in this data to law enforcement. #Apple #iOS #Privacy #PrivacyMatters
(DIR) Post #AlOYlhPDXyTL18A2D2 by mysk@mastodon.social
2024-08-27T11:44:59Z
0 likes, 0 repeats
🚨 Mainstream media spreads misinformation about Telegram encryption while covering the arrest of Pavel Durov in France. In this report, CNN puts #Telegram ahead of #WhatsApp in terms of strong encryption 🤯This will definitely lead many users to pick wrong #privacy options.#InfoSec #privacymatters
(DIR) Post #AlbnlAgjDMgZuf2LUe by mysk@mastodon.social
2024-09-02T22:33:53Z
0 likes, 1 repeats
Why do many websites still use reCAPTCHA?
(DIR) Post #AmStPuVX4k9kkdvBnE by mysk@mastodon.social
2024-09-27T21:27:10Z
0 likes, 1 repeats
BREAKING: Court allows #privacy lawsuit against #Apple to proceed in part. This lawsuit is based on our work. We found out that Apple apps, including the App Store app, collect detailed and identifiable analytics and there's no option to switch it offhttps://www.reuters.com/legal/apple-must-face-narrowed-privacy-lawsuit-over-its-apps-2024-09-27/#infosec #iOS #security
(DIR) Post #AmStPvHkBUilAATgwK by mysk@mastodon.social
2024-09-27T22:08:31Z
0 likes, 0 repeats
The Conclusion #privacy #Apple #infosec #iOS #security
(DIR) Post #AmStPwEaehnC6g0gfA by mysk@mastodon.social
2024-09-27T22:18:12Z
0 likes, 0 repeats
Link to the court document:https://storage.courtlistener.com/recap/gov.uscourts.cand.403685/gov.uscourts.cand.403685.138.0.pdf #privacy #Apple #infosec #iOS #security
(DIR) Post #AoKsvy8hyzp75h5pnk by mysk@mastodon.social
2024-11-22T15:12:29Z
1 likes, 1 repeats
This is an example of what the App Store app shares with #Apple when you search for an app. Everything you type in the search field is recorded as an event and associated with your Apple ID before it is sent to Apple. When I search for "Google Authenticator," events are recorded as I type character by character. The leap between rows 78 and 79 is when I picked a suggestion. The timestamp of every event is recorded, i.e. Apple can calculate my typing speed 🙃. #Privacy#infosec #privacymatters
(DIR) Post #AoKsvzyr8b8AniUziq by mysk@mastodon.social
2024-11-22T15:14:22Z
0 likes, 0 repeats
Data is sent to Apple in near real-time (the difference between the Event Time and the Post Time).There is no way you can opt out of sending such app Analytics to Apple or request it be anonymous. Visit https://privacy.apple.com and request a copy of your data to learn what identifiable data Apple collects about you. ✌️ #Apple #Privacy #infosec #privacymatters
(DIR) Post #AwBBXjv8DzSOy2X09w by mysk@mastodon.social
2025-07-15T22:58:53Z
0 likes, 0 repeats
Five years ago, during our research on link previews, we discovered that Meta servers download every shared file in Facebook Messenger and Instagram DM in full—even if it’s gigabytes in size. Now, looking back, it would be interesting to know if Meta used these files to train their AI models. Meta insisted it wasn’t a bug. When we published videos demonstrating the issue, they asked YouTube to take them down. YouTube removed one video and gave us a strike.#Privacy #LLMhttps://youtu.be/9a_5hoBL7s0?feature=shared
(DIR) Post #AyEgIUuwRHevdJ1Cka by mysk@mastodon.social
2025-09-14T21:22:03Z
0 likes, 1 repeats
🤯 Instagram is testing new iOS push notifications that include a profile photo. Each time the notification is shown on your screen, it triggers a GET request to fetch that image, letting Meta track every on-screen impression.The app still misuses push notifications to send detailed device analytics about the device (uptime, battery, volume, locale, timezone, memory, CPU, etc.)#privacy #infosec #privacymatters #Apple #iOS #metaMore 👇🧵
(DIR) Post #AyEgIaLiFB2oTma9fk by mysk@mastodon.social
2025-09-14T21:22:59Z
0 likes, 0 repeats
We detailed this last year and we checked again today. Meta collects everything it needs to track users across apps, a practice strictly prohibited by Apple.Stop using the native app. Use the web app.#privacy #fingerprinting #iOS #PWAMore 👇
(DIR) Post #AyEgIfXawQWIa5BDO4 by mysk@mastodon.social
2025-09-14T21:23:27Z
0 likes, 0 repeats
Link to our demo from last year. Apple's Required Reason API rules aren't being enforced - either they're ignoring it or they can't do it.https://youtu.be/4ZPTjGG9t7s?feature=shared
(DIR) Post #AyEgIkvAwBLxGfFcKu by mysk@mastodon.social
2025-09-14T21:23:56Z
0 likes, 0 repeats
P.S.: The data collection is massive. We can't consistently simulate accounts that aren't based in the EU. Data collection isn't as massive for EU accounts. Our entire team is currently in the EU, which makes recording a demo capturing the massive data collection difficult. Our time is limited. It would be great if researchers outside the EU investigated this. We're happy to help.
(DIR) Post #AyEgIqAbQFfFXxVVZo by mysk@mastodon.social
2025-09-14T21:39:59Z
0 likes, 0 repeats
This article by @9to5Mac is spot on 👌https://9to5mac.com/2025/08/21/meta-allegedly-bypassed-apple-privacy-measure-and-fired-employee-who-flagged-it/
(DIR) Post #AyEgIvOG0uYdjkvz3Q by mysk@mastodon.social
2025-09-14T21:58:33Z
0 likes, 0 repeats
To investigate this, You need to connect your iPhone to a network where you can capture HTTPs traffic and decrypt it.1- quit Instagram so it is not running in the background 2- Send yourself a DM or let someone comment on your posts3- You get notifications and the app should wake up in the background and send the massive data4- Capture the data, analyze it, redact it and publish itYou can do it with Proxyman.
(DIR) Post #B3HFgmUlbijJ28MqtE by mysk@mastodon.social
2026-02-13T11:09:23Z
1 likes, 0 repeats
The Messages app accessed my contacts next month 🤪. That's what the privacy report says. #Privacy