Yale Privacy Lab is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Yale Privacy Lab @privacylab@mastodon.social

Pinned toot

EVENT 11/28 at 12PM: "The Perpetual Line-Up" with @alvarombedoya and @ClareAngelyn of @GeorgetownCPT
privacylab.yale.edu/perpetual-

mastodon.social/media/NQPA7dKF

Pinned toot

"In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors... Each of them had been purchased in the previous six months as part of the same supply chain attack..." soylentnews.org/article.pl?sid

"I asked Michael Kwet and Sean O’Brien, both researchers at Yale Privacy Lab... whether we should expect more of these kinds of cases — where someone’s own phone essentially testifies against them — in the US." motherboard.vice.com/en_us/art

mastodon.social/media/tdqboZyO

.@HRW takes on the Dark Side by calling out law enforcement for hiding its use of secret NSA surveillance technolog… twitter.com/i/web/status/95126 source: twitter.com/eff/status/9512648

Dozens of members of Congress agree—any effort to extend NSA
surveillance must not infringe on our Fourth Amendment… twitter.com/i/web/status/95124 source: twitter.com/eff/status/9512446

"Kotlin is a fully-supported official programming language for Android which Google boasts contains safety features in order to make apps 'healthy by default'." zdnet.com/article/android-secu

mastodon.social/media/a2GMH8Np

"With this move, Barcelona becomes the first municipality to join the European campaign “Public Money, Public Code". It is an initiative of the @fsfe and comes after an open letter that advocates that software funded publicly should be free." itsfoss.com/barcelona-open-sou

"Open the App Store settings panel, click on the padlock to make changes, a password prompt pops up, type in any string of text, and the 'password' is accepted, unlocking the preferences panel." theregister.co.uk/2018/01/10/m

"Back in March, the police swiped the trash of fellow officer Gina Hoesly. They didn't ask permission. They didn't ask for a search warrant. They just grabbed it. Their sordid haul, which included a bloody tampon, became the basis for drug charges..." wweek.com/portland/article-161

"If WhatsApp were to comply with a government request — in the US or abroad — agents could join any private group and listen along." wired.com/story/whatsapp-secur

"But location tracking is quietly, sometimes surreptitiously, baked into the web’s modern data collection regime. According to @exodus and @privacylab more than three in four Android apps contain at least one third-party 'tracker'..." fastcompany.com/40477441/faceb

"'Didn’t we determine racial profiling was inappropriate?' one survey participant asked. 'Why is it okay for a corporation to behave in this manner?' Most web users surveyed don’t like marketing based on their household income level, either...'" slate.com/articles/technology/

"Malicious apps posing under names including Security Defender, Security Keeper, Smart Security, and Advanced Boost managed to slip past Play Store defences and onto the devices of Android users." zdnet.com/article/phony-androi

""Basic" searches, where agents simply peer into the contents of a device, including photos, texts, and contacts, can still be conducted at random without a warrant nor reasonable suspicion." theregister.co.uk/2018/01/05/u

"Unless we manage it, this electronic trail may give an uncomfortable amount of information about our activities and preferences to firms who seek to apply 'user behaviour analytics' to our private home life." raconteur.net/sustainability/s

"it’s just not clear to many consumers that an app will continue to be listening even when their phone is not being used and stowed away in their pocket." techcrunch.com/2018/01/02/some

"To hinder the attacks' efficiency, Mozilla says it will reduce the precision of Firefox's internal timer functions. This is not a full mitigation, but just an efficient and clever workaround." bleepingcomputer.com/news/secu

shout out to all our Fediverse and Federation followers! 🎉 we'll make it through the and disaster that is 2018 together mastodon.social/media/hJzA4816

it's nice to have a simple, clean FAQ from the and researchers (whatever your opinion of logos / branding for vulns is). The tech world needs direct and honest language like this: mastodon.social/media/SGfcV8YP

"The Tribune 'purchased' a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India thus far." tribuneindia.com/news/nation/r