I want to share some more details about what we found in our investigation into gambling data that are highly relevant to GDPR enforcement and privacy regulation at large. For example, this is how companies share personal data with each other during a bunch of 'cookie syncs'.

A guide to carrying out perhaps the most politically impactful cyber operation of all time? 😂👇 Source: docs.publishing.service.gov.uk/manual/governm… H/T Peter Wells via Leighton Andrews also on Bluesky🏴󠁧󠁢󠁷󠁬󠁳󠁿🇺🇦

Very excited for this event next week! Still time to register for the panel sessions and Jen Easterly🛡️'s keynote

Damning how the EU is trying to quietly pass a bill TOMORROW that would mandate all private communications can be monitored under the pretext of child safety. This would mean forcing backdoors into eg WhatsApp, Signal: or banning those services. Nuts that it is even considered.

People think ChatControl is about specific crimes. No, that’s not what’s at stake. What’s being made is an architecture decision for how private messaging systems work : if it passes, by law these systems will be wired for mass surveillance. This can be used for any purpose.

Just saw Tadayoshi (Yoshi) Kohno give a super inspiring talk about trolly problems (moral philosophy) in cybersecurity. For instance, would you publicly disclose an unfixable vulnerability in a pacemaker that *everyone* uses, but likely no other pacemakers are avail. for a long time? 1/

Respectfully, your proposal does break encryption. I am happy to spend as much time as you need reviewing in as much detail as you are comfortable with exactly how it breaks encryption, and why this is so dangerous.

I feel like so much security improvement can be driven by just repeatedly asking, "... and then what happens when an attacker gets admin access on that?" Exploits are just a shortcut to admin access. If a human has creds, malicious admin access should already be in threat model.

Europe’s #spyware problem is alarming. Despite regulations, export licenses continue to be granted to repressive governments. It's time for stricter enforcement. Read more from Mailyn Fidler on Binding Hook. bindinghook.com/articles-bindi…

Ron Wyden 6/ I hope coverage of the AT&T collectively recognizes: Metadata matters. Enough to kill people in wartime without knowing their names or seeing their faces. It tells comprehensive stories about who people are, what they are doing, and what their secrets are.

One of the things policymakers refuse to understand is that securing large amounts of customer data, particularly data that needs to be “hot” and continually queried (eg by law enforcement) is just beyond the means of most US companies.

I’m mostly blaming law enforcement access for the existence of this data, but I also suspect that marketing and data sales revenue streams played a role in its insecure storage. Making that business illegal should be a national security priority.

Huge data broker story around detailed German location data for sale by Netzpolitik netzpolitik.org/2024/data-brok…

Okay, I'm just going to throw this out there, but maybe - just maybe - a vendor having the ability to change every one of their kernel drivers in the field at the same time without any approval from IT/end users is a model we need to reconsider... CrowdStrike.

The 3rd 🔶Privacy Threat Modeling Workshop (WPTM) 🔶 will be fully remote and free to attend! 🙌 The program will be a mix of research presentations 🎓, a panel session 💬, updates on the latest developments 💡 in the privacy threat modeling world. And I get to do the keynote 🤩

"Data At Work" is a research project from Cracked Labs that dives deep into the use of surveillance and control technology in a variety of workplaces - including workers' own cars and homes: crackedlabs.org/en/data-work 9/

Lots of people have the impression that the EU’s AI regulation is reducing innovation. Read the details: it does this: in *critical areas* at a societal level where an AI system hallucinating would have major implications. Law enforcement, employment decisions , border control.

Reading through the French prosecutor's press release re: Pavel Durov and Telegram, it's still not clear what is going on, but the last three items are a big red flag.

This strong analysis by Stoller. “It was as if every night Google could break into the offices of WSJ and take its subscriber list, and then go to its own advertising clients and tell them that it could sell them access to Wall Street Journal readers for much cheaper rates.”

"The reason we don’t see exploding battery attacks more often is not because it’s technically hard, it’s because the erosion of public trust in everyday things isn’t worth it." bunniestudios.com/blog/2024/turn…