source: https://mastodon.social/@mysk/112340023465073147
#Apple recently introduced a new URI scheme so that #iOS users in the #EU can install marketplace apps from the browser. #Safari handles the scheme insecurely leaving users exposed to tracking.
#surveillance #politics #europe #software #security #privacy #news #problem #fail #smartphone #warning
A?
New study shows that the default apps collect data even when supposedly disabled, and this is hard to switch off.
(Text continues underneath the flowchart.)
Setup process after a user has first purchased a new device. The different stages often contain hidden information that is not evident to the user. Image: Amel Bourdoucen.
‘Privacy. That's Apple,’ the slogan proclaims. New research from Aalto University begs to differ. (...)
The researchers studied eight apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps, from technical documentation to privacy policies and user manuals.
The fragility of the privacy protections surprised even the researchers.
‘Due to the way the user interface is designed, users don’t know what is going on. (...)
In practice, protecting privacy on an Apple device requires persistent and expert clicking on each app individually. Apple's help falls short.
‘The online instructions for restricting data access are very complex and confusing, and the steps required are scattered in different places. There’s no clear direction on whether to go to the app settings, the central settings – or even both,’ says Amel Bourdoucen, a doctoral researcher at Aalto.
In addition, the instructions didn’t list all the necessary steps or explain how collected data is processed. (...)
Tags: #apple #iphone #privacy #privacy_settings #data #data_mining #surveillance #safari #siri #family_sharing #imessage #facetime #location_services #find_my #touch_id
Electronic Frontier Foundation (EFF)
It’s a big year for the oozing creep of corporate paternalism and ad-tracking technology online. Google and its subsidiary companies have tightened their grips on the throat of internet innovation, all while employing the now familiar tactic of marketing these things as beneficial for users. Here we’ll review the most significant changes this year, all emphasizing the point that browser privacy tools (like Privacy Badger) are more important than ever.
(Text continues underneath the image.)
.
Chrome, the most popular web browser by all measurements, recently announced the official death date for Manifest V2, hastening the reign of its janky successor, Manifest V3. (...) [W]hat security benefits it has are bought by limiting what all extensions can do. (...) Put bluntly: Chrome, a browser built by an advertising company, has positioned itself as the gatekeeper for in-browser privacy tools, the sole arbiter of how they should be designed. (...) Google’s trackers are present on at least 85% of the top 50,000 websites. (...)
For what it's worth, Apple's Safari browser imposes similar restrictions to allegedly protect Safari users from malicious extensions. (...)
This is just another step in transforming the browser from a user agent to an advertising agent. (...)
Most recently, people with ad-blockers began to see a petulant message from Youtube when trying to watch a video. The blocking message gave users a countdown until they would no longer be able to use the site unless they disabled their ad-blockers. Privacy and security benefits be damned. YouTube, a Google owned company. (...)
Obviously this all sucks. User security shouldn’t be bought by forfeiting privacy. (...)
> Read other articles by EFF about the fight for digital rights in 2023
Tags: #internet #google #alphabet #chrome #youtube #trackers #privacy #browser #safari #apple #profile #profiling #Manifest_V3
In #Friendica we have a couple links which click event is captured by a listener.
On desktop browsers, this works as expected and the underlying href attribute is ignored (unless clicked with the middle mouse button, which is expected).
On the #iOS #Safari app, this also works as expected. However, when I add Friendica as a home screen app, a click on these links triggers both the event listener and navigates to the href URL.
Does anyone know why web views behave differently and/or how to prevent the double action specifically in this context?
Please reshare/boost for reach!
Source: https://ileakage.com
We present iLeakage, a transient execution side channel targeting the #Safari #web #browser present on Macs, iPads and iPhones. iLeakage shows that the #Spectre #attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery.
#mac #iPhone #iPad #problem #exploit #software #hack #hacker #news #security #internet
#Giannandrea had a different take, though. He was heavily involved in Apple's discussions about its future with search, and he dismissed a switch to DuckDuckGo, partly because he felt that DuckDuckGo's "marketing about privacy is somewhat incongruent with the details" because DuckDuckGo relies on #Bing in some areas. He said he would have wanted to do "a lot more due diligence with DuckDuckGo" should the switch have happened. He previously argued against switching to DuckDuckGo in an internal company email.
So an ex-Google employee talks about privacy issues and that's why you should stay with Google. If Apple is so stupid and falls for it, I wonder what they do for a living.
#news #problem #wtf #fail #omg #technology #safari #browser #internet #web #www
“The level of detail is shocking for a company like Apple,” Mysk told Gizmodo."
WTF!?
"An independent test suggests Apple collects data about you and your phone when its own settings promise to “disable the sharing of Device Analytics altogether.”"
New Research Says
"For all of Apple’s talk about how private your iPhone is, the company vacuums up a lot of data about you. iPhones do have a privacy setting that is supposed to turn off that tracking. According to a new report by independent researchers, though, Apple collects extremely detailed information on you with its own apps even when you turn off tracking, an apparent direct contradiction of Apple’s own description of how the privacy protection works."
https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558
#tracking #apple #iphone #surveillance #prism #linux #bsd #gnulinux #safari #gizmodo #security #hackernews #analytics #privacy #computer #smartphones #phones #phone #spying #backdoor
Thula Solution’s CEO, Gary Davies, told TopAuto that BRV is looking to replace its diesel bakkies with Thula’s electric powertrains to create fully electric 4x4s.
The ESV was developed to refine the game drives in South Africa, providing safari-goers with noise and vibration-free experiences.
“Stringent battery management protocols and redundancies to leading European standards are part of the design,” Thula says on its ESV webpage.
The Thula ESV can charge to full capacity in two hours, which will provide the driver with 100km of range. “Based on the average cost for electricity and diesel in 2020, you could save up to 75% of your fuel cost for your vehicles,” Thula said.
See https://mybroadband.co.za/news/motoring/432986-thula-esv-an-electric-4×4-made-in-south-africa.html
#technology #EV #southafrica #safari #environment
#Blog, ##environment, ##ev, ##safari, ##southafrica, ##technology
Admin-Rechte beim Vorbeisurfen
Über einen recht aufwändigen Hack berichtet Heise. Danach können Angreifer mit dem "DazzleSpy" genannten Schädling Macs fernsteuern und alle Daten absaugen. Bekannt wurde der Angriff auf Macs von Aktivisten in Hongkong. Durch viele Tricks kann man sich "DazzleSpy" einfach beim Surfen auf einer speziell vorbereiteten Webseite einfangen.
Die Schadsoftware erlangt dann Admin-Rechte auf dem System und enthält Keylogger, kann Screenshots erzeugen, Dateien hoch- und herunterladen, Terminal-Kommandos ausführen sowie Audioaufnahmen des Umfelds anfertigen. Was will man mehr? Damit kann man nicht nur spionieren sondern auch gleich entsprechende "Beweise" auf dem kompromittierten System hinterlassen, um seinen Besitzer auf Jahre ins Gefängnis zu bringen.
Da die Schadsoftware nicht, wie üblich, zuvor auf anfälligeren Windows Systemen beobachtet wurde, geht man von einem gezielten Angriff durch gut ausgerüstete (staatliche) Stellen aus. Nach Angaben von Apple sollen die ausgenutzten Lücken in Apples Browser-Engine WebKit gelegen haben und inzwischen gewschlossen worden sein.
Mehr dazu bei https://www.heise.de/news/Komplexe-Mac-Malware-holt-sich-per-Safari-Admin-Rechte-im-Vorbeisurfen-6339054.html
Link zu dieser Seite: https://www.aktion-freiheitstattangst.org/de/articles/7920-20220209-apples-browser-webkit-enthielt-schwere-luecke.htm
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/7920-20220209-apples-browser-webkit-enthielt-schwere-luecke.htm
Tags: #Apple #Browser #Safari #WebKit #Lücke #Hack #China #Hongkong #Cyberwar #Verbraucherdatenschutz #Datenschutz #Datensicherheit #Lauschangriff #Überwachung #Vorratsdatenspeicherung #Videoüberwachung
● NEWS ● #TheVerge #Privacy #Surveillance ☞ #Safari 15 bug can leak your recent browsing activity and personal identifiers https://www.theverge.com/2022/1/16/22886809/safari-15-bug-leak-browsing-history-personal-information
Wege aus der digitalen #Überwachung
Ob #Cyberkriminielle, #Onlineriesen oder #Nachrichtendienste – sie alle machen Jagd auf die personenbezogenen #Daten der Nutzerinnen und Nutzer. Denn die #Kontrolle über diese Informationen ist im 21. Jahrhundert ein wichtiges #Machtinstrument. Die #Doku stellt anhand konkreter Fallbeispiele Lösungsmöglichkeiten zum Schutz der #Privatsphäre im Internet vor.
Im Zeitalter der digitalen #Massenüberwachung ist der #Datenschutz im Internet ein wichtiges Thema. Trotz der – eher zaghaften – Regulierungsversuche bleibt das World Wide Web ein wahrer Datendschungel, in dem die Bürgerinnen und Bürger den Schutz ihrer Privatsphäre selbst in die Hand nehmen müssen. Allerdings gibt es kein Patentrezept, da nicht alle denselben Risiken ausgesetzt sind. Die Dokumentation "Unterm Radar - Wege aus der digitalen Überwachung" zeigt anhand konkreter Fallbeispiele Möglichkeiten zum Schutz des Privatlebens im Internet auf.
In Berlin will der junge Performer Max dem Tracking durch die „Big Five“ entgehen und Künstlerinnen und Künstler sowie Clubs eine Alternative zu #Facebook bieten.
In Casablanca sensibilisieren die Lehrkräfte am Lycée français ihre Schülerinnen und Schüler für die Gefahren des #Cybermobbings. In Hongkong lernt eine Wissenschaftlerin und potenzielle Zielscheibe der chinesischen Machthaber, wie sie online unsichtbar werden kann. Und in den USA finden investigative Journalisten vor dem Hintergrund des Auslieferungsverfahrens gegen #Wikileaks-Gründer Julian Assange Wege, sich ohne #Cyberüberwachung mit ihren Quellen auszutauschen.
Die Protagonisten und Protagonistinnen stellen praktische Lösungen vor – wie etwa Alternativen zu #WhatsApp, #Safari oder #Google_Maps – und präsentieren #Onlinestrategien wie die #Kompartimentierung der Daten. Außerdem befasst sich die #Dokumentation mit den Möglichkeiten von freier und #Open-Source-Software sowie mit #Fediverse, einem neuen #Social-Media-Netzwerk, dessen Nutzer die Kontrolle über ihre Daten behalten sollen.
Regie : Marc Meillassoux Land : Frankreich
#Apple “Privacy”. #Safari sends 32 requests to #Google and Apple servers because you typed a 5 letter word in the address bar. https://baronhk.wordpress.com/2021/11/16/apple-privacy-safari-sends-32-requests-to-google-and-apple-servers-because-you-typed-a-5-letter-word-in-the-address-bar/
● NEWS ● #HTTPToolkit #ProprietarySoftware ☞ #Apple #Safari isn't protecting the web, it's killing it https://httptoolkit.tech/blog/safari-is-killing-the-web/
Parts de marché des #navigateurs #web (avril 2021)
https://fr.wikipedia.org/wiki/Mod%C3%A8le:Parts_de_march%C3%A9_des_navigateurs_web
#Chrome #Google 65,1 %
#Safari #Apple 16,3 %
#Firefox #Mozilla 3,8 %
#Edge + #IE 5,4 %
#Opera 1,8 %
#Samsung internet 2,7 %
Autres 4,9 %
#FF etc, c'est peanut face à Google.
je ne le crois pas, d'ailleurs, qu'il y ait si peu de monde sur FF par exemple...
Et plus de 80 % rien qu'à 2 #GAFAM ...
#navigateur #navigation #connexion #réseau #Internet #privée #anonyme #adresseIP #IP #serveurs #Numérique
Meta rant: now that I'm using a Macbook every now and then and using Safari and typing text into in-browser text fields, I get annoyed by the built-in autocarrot. E.g. it replaces "green" with "free" as in "green tea" and such, seconds after I typed them.
(I'm not talking the helpful suggestions that appear below the word I mistype, those are helpful. There, it retroactively replaced "are" with "a", whatthactualfoo.)
Innocuous phrases are, when the cursor already has moved forward a few words, messed up by a replaced verb or attribute and the system is not even telling me. I mean, the speling (sic!) is not wrong in the replaced word, however the meaning is b0rked. Narf. Safari makes me re-check everything I typed, in an unpleasant way.
My tolerance is near exhaustion. This sucks balls. Is Safari always like that? Is Chrome a better choice?
Apple released today Safari Technology Preview 126, its experimental browser first introduced in 2016. With this update, users can have a sneak peek at upcoming web technologies coming to macOS and iOS.
A few things to note: You can download it directly from the 9to5Mac site, with links to versions for MacOS Monterey and Big Sur. It's new and might be buggy, so you might want to wait. The Live Text function will only work on Macs with Apple M-series chips. I think the Quick Notes feature should work on all Macs, but don't quote me on that.
#technology #tech #Apple #MacOS #MacOSMonterey #MacOSBigSur #Safari
@diaspora* HQ? @David Thiery? @Di Cleverly?
- #Safari on #macOS 10.14.6
- Whitelisted in Ghostery Lite and AdGuard
- Using @Isaac Kuo’s awesome script for multi-column pluspora with #Tampermonkey (can't be the culprit, can it?)
After logging back in I get this mail:
Hello Bonobo,
diaspora* has detected an attempt to access your session which might be unauthorised. To avoid any chance of your data being compromised, you have been signed out. Don’t worry; you can safely sign in again now.
A request has been made using a incorrect or missing CSRF token. This might be completely innocent, but it could be a cross-site request forgery (CSRF) attack.
This could have been caused by:
- An add-on manipulating the request or making requests without the token;
- A tab left open from a past session;
- Another website making requests, with or without your permission;
- Various other external tools;
- Malicious code trying to access your data.
For more information on CSRF see https://www.owasp.org/index.php/Cross-SiteRequestForgery_(CSRF).
(And that link gives me a 404 🤣)
If you see this message repeatedly, please check the points above, including any browser add-ons.
Thank you, The diaspora* email robot!
Any help is appreciated, thanks in advance!
WGT - Thursday
After arriving in Leipzig on a quite soppy Wednesday we delayed our first trip to the city to Thursday. It was quite cold so we put on our jackets and headed for the Zoo. In a great coincidence a new area was opened to the public that day, so we enjoyed a lot of new animal habitats such as the different environments of South America as well as the Himalayan Mountains. Here we discovered a sleeping snow leopard lying on his back right next to a big window. We were only two or three centimeters of glass apart, wow! I really like the new approach in designing enclosures where the natural environment of the animals is displayed and the fences are no longer made from iron rods or gratings but shaped by glass, rocks, dried or watered moats. Also the animals have lots of possibilities to hide – which apparently was no option for our leopard :)
As the evening hours started, we were drawn to the Agra – the festival-compound. All together the scene members formed a quiet and ceremonial procession, standing in line to change red tickets to rosy wristbands. And then – finally – we entered the Land of Goth and Mead, yay! The rest of the night contained lots and lots of mead, the loss of my beloved bat ring but also the cheerful meeting with friends and dancing at the Treffen-Café. Through the silent city we walked the few kilometers back to our pension - drunk on joy.
#wgt #wgt2018 #gloomyadventures #zooleipzig #snowleopard #safari #gothic #moonbag #standinline #worthit #happyus
