WhatsApp, maxi–fuga di dati: 3,5 miliardi di numeri “rubati” dai ricercatori dell’Università di Vienna
La portata della fuga di notizie, descritta da un team dell’Università di Vienna, dimostra quanto possa essere pericolosa la familiare funzione di ricerca contatti delle app di messaggistica più diffuse.
WhatsApp ha sempre enfatizzato la facilità di aggiunta di nuove persone: basta inserire un numero di telefono nella propria rubrica e il servizio rivela immediatamente se la persona è registrata sull’app, rivelandone nome, foto e profilo parziale. Tuttavia, questa semplicità è diventata la base per una delle più grandi raccolte di dati utente della storia, e tutto ciò è avvenuto senza hackeraggi o aggirando barriere tecniche.
Ricercatori austriaci hanno deciso di testare se la ricerca automatizzata di numeri di telefono potesse rivelare esattamente chi stava usando WhatsApp. Hanno avviato il processo e, nel giro di poche ore, è diventato chiaro che non c’erano praticamente limiti. Il servizio consentiva un numero illimitato di richieste tramite la versione web e, di conseguenza, il team è stato in grado di creare un database di 3,5 miliardi di numeri, raccogliendo essenzialmente informazioni su ogni utente WhatsApp del pianeta. Per quasi il 57% dei record, sono stati in grado di ottenere foto del profilo e per quasi un terzo, stati testuali, che molte persone usano come breve presentazione di sé.
Secondo gli stessi ricercatori, questa sarebbe stata la più grande fuga di dati di numeri di telefono ed elementi di profili pubblici mai registrata se i dati non fossero stati raccolti esclusivamente per scopi accademici. Hanno segnalato la scoperta in primavera e cancellato l’intero set di dati, ma il sistema è rimasto completamente vulnerabile fino a ottobre, il che significa che un’operazione simile avrebbe potuto essere eseguita da chiunque, dagli spammer alle agenzie governative che monitorano le attività indesiderate sui propri cittadini.
Nonostante le rassicurazioni di Meta sull’implementazione di misure di sicurezza sempre più efficaci contro la raccolta massiva di dati, il team di Vienna afferma di non aver effettivamente riscontrato alcuna limitazione. Hanno sottolineato che WhatsApp aveva segnalato un problema simile già nel 2017: il ricercatore olandese Laurent Kloese aveva descritto un sistema per la verifica massiva dei numeri e aveva dimostrato che poteva raccogliere non solo le informazioni del profilo, ma anche il tempo trascorso online. Anche allora, l’azienda aveva affermato che tutto funzionava nel rispetto delle impostazioni di privacy standard .
Confrontando i risultati attuali con quelli di otto anni fa, si nota quanto sia aumentato il rischio. Mentre in precedenza c’erano decine di milioni di record potenzialmente accessibili, ora più di un terzo della popolazione mondiale utilizza il servizio e il numero stesso ha da tempo cessato di essere casuale. I ricercatori sottolineano che un numero di telefono non può fungere da identificatore segreto: gli intervalli di numeri sono limitati, il che significa che gli attacchi brute-force sono sempre possibili, a meno che non vi siano limiti rigorosi al numero di richieste.
Il team ha anche studiato le caratteristiche dei profili per Paese. Negli Stati Uniti, dei 137 milioni di numeri raccolti, il 44% degli utenti aveva foto pubbliche, mentre circa un terzo aveva stati testuali. In India, dove WhatsApp è significativamente più utilizzato, il 62% dei profili su 750 milioni era pubblico. In Brasile, la cifra era quasi la stessa: il 61% su 206 milioni. Più il servizio è popolare, meno persone modificano le proprie impostazioni sulla privacy e più ampia è la cerchia di coloro che rendono pubbliche le proprie immagini e descrizioni.
Di particolare preoccupazione è stata la scoperta di milioni di numeri di telefono in Paesi in cui WhatsApp è ufficialmente bloccato. I ricercatori hanno trovato 2,3 milioni di tali record in Cina e 1,6 milioni in Myanmar. Queste informazioni consentono alle autorità locali di rintracciare le persone che aggirano i divieti e, in alcuni casi, di utilizzarle come base per un’azione penale. Ci sono segnalazioni di persone detenute in Cina semplicemente per aver utilizzato l’app.
Durante l’analisi delle chiavi utilizzate nel protocollo di crittografia end-to-end per recuperare i messaggi, il team ha notato un’altra anomalia: un numero significativo di valori duplicati. Alcune chiavi sono state utilizzate centinaia di volte e circa due dozzine di numeri di telefono americani erano associati a una chiave nulla. I ricercatori sospettano che si tratti di client WhatsApp di terze parti non ufficiali, utilizzati attivamente da gruppi di truffatori. Ciò è indicato anche dal comportamento di alcuni account con chiavi duplicate: sembravano chiaramente strumenti per frodi o messaggi di massa.
L'articolo WhatsApp, maxi–fuga di dati: 3,5 miliardi di numeri “rubati” dai ricercatori dell’Università di Vienna proviene da Red Hot Cyber.
La polizia olandese smantella servizio di hosting ‘a prova di bomba’ per cybercriminali
La polizia olandese ha riferito di aver condotto un’operazione su larga scala contro un servizio di hosting “a prova di bomba” non meglio identificato, confiscando circa 250 server fisici nei data center dell’Aia e di Zoetermeer.
Migliaia di server virtuali sono stati successivamente disattivati. I media ritengono che si tratti di hosting CrazyRDP. Le forze dell’ordine non hanno rivelato il nome del servizio, ma è operativo dal 2022 ed è stato coinvolto in oltre 80 indagini sulla criminalità informatica, sia nei Paesi Bassi che all’estero.
Secondo gli investigatori, la società di hosting offriva ai propri clienti l’anonimato e garantiva la non collaborazione con la polizia. Le sue risorse ospitavano ransomware, botnet, campagne di phishing e persino contenuti relativi ad abusi sessuali su minori.
Gli investigatori stanno attualmente conducendo un’analisi forense delle apparecchiature sequestrate per identificare gli operatori e i clienti del servizio.
Questo servizio offriva ai clienti servizi VPS e RDP senza KYC o registri, e la registrazione richiedeva solo nome utente e password. La pubblicazione sottolinea che veniva spesso raccomandato come affidabile sul darknet.
Il 12 novembre, tutti i post sul canale Telegram ufficiale di CrazyRDP sono stati cancellati e gli iscritti sono stati reindirizzati a un nuovo canale che discuteva dell’improvvisa chiusura del servizio. I clienti hanno segnalato che alcuni di loro avevano oltre 30 server ospitati sulla piattaforma.
Molti hanno sospettato un exit scam: il supporto tecnico di CrazyRDP ha inizialmente segnalato problemi al data center, ma poi ha semplicemente smesso di rispondere.
L'articolo La polizia olandese smantella servizio di hosting ‘a prova di bomba’ per cybercriminali proviene da Red Hot Cyber.
DK 10x11 - Fermate Idiocracy, voglio scendere!
Difficile mantenere la sanità mentale con tutto quello che succede in giro...
spreaker.com/episode/dk-10x11-…
freezonemagazine.com/articoli/…
Un EP di duetti che è anche una confessione intima C’è qualcosa di profondamente umano nel modo in cui Margaret Glaspy affronta la voce altrui. In The Golden Heart Protector, la cantautrice californiana trapiantata a New York trasforma l’idea del duetto in un gesto di ascolto, più che di esposizione. Non cerca la fusione spettacolare, […]
L'articolo Margaret Glaspy –
ho smesso di avere rispetto per...
ho smesso di avere rispetto per un intellettuale/editore con cui dialogavo fino...
n. non c'entra, o non del tutto, ma - a proposito di cani (del sinai) - ecco: https://t.ly/YiBWu (bisogna leggere, attenzione, tutti i riquadri ai quali il post rinvia). differx & slowforward (entropia gratis) + ko-fi (help, support!)...differx
reshared this
Apple, i dark pattern e la difficile battaglia contro il tracciamento
@Informatica (Italy e non Italy 😁)
ATT, la funzione di iOS che blocca la raccolta dei dati sullo smartphone, è amatissima dagli utenti e odiata dall’industria pubblicitaria. Ora rischia di sparire: l’autorità italiana deciderà entro il 16 dicembre.
L'articolo Apple, i dark pattern e la difficile battaglia contro
Informatica (Italy e non Italy 😁) reshared this.
La differenza fondamentale di Luciano Floridi
@Politica interna, europea e internazionale
L’intelligenza artificiale non è soltanto una nuova tecnologia: è la forza che sta ridefinendo il nostro presente. Capace di apprendere, adattarsi e decidere in autonomia, l’IA sta già trasformando in profondità la nostra vita quotidiana, l’economia, le imprese, il lavoro, l’istruzione, la politica, la cultura e
Politica interna, europea e internazionale reshared this.
seguendo il link https://t.ly/YiBWu si trova un riferimento alle pratiche di #tortura messe in atto dallo stato sionista contro #prigionieri palestinesi. tra queste pratiche ce n'è una, particolarmente atroce e umiliante, che ha una terribile consonanza con quell'espressione fortiniana.
reshared this
reshared this
ilgiorno.it/milano/cronaca/stu…
quello che io chiamo un classico involucro vuoto che parla, mangia ma che non ha un'anima o niente dentro. una specie di macchina assassina. che poi è a quanto pare è lo stato finale dell'umanità. anche chi non andrebbe a uccidere la gente per strada, è infatti spesso non in grado di esprimere un pensiero coerente e logico, e tutto sommato diventa difficile da definire una piena persona. che questo coincida con il 60% di definiti analfabeti funzionali?
Studente bocconiano massacrato per 50 euro, il branco dei ‘bravi ragazzi’ dopo il raid: “Speriamo che muoia. Bro, facciamoci una storia su Instagram”
Milano, le frasi choc intercettate al commissariato: “Magari quel c... è ancora in coma, domani schiatta e ti danno omicidio”. “Ma speriamo bro, almeno non parla! Gli stacco tutti i cavi”.MARIANNA VAZZANA (Il Giorno)
Perché l’alleanza tra Nvidia, Microsoft e Anthropic non convince i mercati
L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
Nvidia e Microsoft investiranno 10 e 5 miliardi di dollari in Anthropic. La startup di intelligenza artificiale fondata dai fratelli Amodei vuole accrescere ancora la sua capacità di calcolo, dopo il recente accordo con
Informatica (Italy e non Italy 😁) reshared this.
La Francia in rivolta sui pesticidi riscrive il rapporto tra scienza e potere
@Notizie dall'Italia e dal mondo
Il 7 agosto 2025, il Consiglio costituzionale francese ha dichiarato incostituzionale la cosiddetta legge Duplomb, approvata dal Parlamento un mese prima. La norma prevedeva la reintroduzione dell’acetamiprid, pesticida vietato dal 2018 per la sua comprovata
Notizie dall'Italia e dal mondo reshared this.
è sbagliato mettere sempre di mezzo la chiesa... ci fosse solo e soltanto unico cattivo... sarebbe bello. di certo gli italiani non sono estranei a questa cultura maschilista e patriarcale, di bullismo e di machismo.
credo che il primo passo per liberarsi della chiesa sia liberarsi dall'ossessione e smettere di parlarne. dopotutto qualcuno diceva che va bene che si parli di qualcuno, anche male, purché se ne parli... parlarne così è dare e sopratutto riconoscere (molto peggio) potere. è un palloncino che va lasciaro sgonfiare naturalmente, senza pestarlo continuamente. da ignorare.
dopotutto i grandi mangiatori di preti, la cosiddetta sinistra "vera", quella che oggi difende un fascista come putin, ha prodotto una cultura altrettanto tossica...
sarà pur vero che la sinistra, sempre quella "vera", non ha mai mangiato bambini, ma è pur vero che sostiene putin che lo fa, con quelli ucraini. si dice attorno ai 35'000 bambini. che oggi combattono in ucraina a fianco dei russi, con il cervello lavato, e più sfortunati dei russi.
La Francia in rivolta sui pesticidi riscrive il rapporto tra scienza e potere
@Notizie dall'Italia e dal mondo
Il 7 agosto 2025, il Consiglio costituzionale francese ha dichiarato incostituzionale la cosiddetta legge Duplomb, approvata dal Parlamento un mese prima. La norma prevedeva la reintroduzione dell’acetamiprid, pesticida vietato dal 2018 per la sua comprovata
Notizie dall'Italia e dal mondo reshared this.
Cloudflare blackout globale: si è trattato di un errore tecnico interno. Scopriamo la causa
Il 18 novembre 2025, alle 11:20 UTC, una parte significativa dell’infrastruttura globale di Cloudflare ha improvvisamente cessato di instradare correttamente il traffico Internet, mostrando a milioni di utenti di tutto il mondo una pagina di errore HTTP che riportava un malfunzionamento interno della rete dell’azienda.
L’interruzione ha colpito una vasta gamma di servizi – dal CDN ai sistemi di autenticazione Access – generando un’ondata anomala di errori 5xx. Secondo quanto riportato da Cloudflare che lo riporta con estrema trasparenza, la causa non è stata un attacco informatico ma un errore tecnico interno, scatenato da una modifica alle autorizzazioni di un cluster database.
Cloudflare ha precisato fin da subito che nessuna attività malevola, diretta o indiretta, è stata responsabile dell’incidente. L’interruzione, come riporta il comunicato di post mortem, è stata innescata da un cambiamento a un sistema di permessi di un database ClickHouse che, per un effetto collaterale non previsto, ha generato un file di configurazione anomalo utilizzato dal sistema di Bot Management.
Tale “feature file”, contenente le caratteristiche su cui si basa il modello di machine learning anti-bot dell’azienda, ha improvvisamente raddoppiato le sue dimensioni a causa della presenza di numerose righe duplicate.
Questo file, aggiornato automaticamente ogni pochi minuti e propagato rapidamente a tutta la rete globale di Cloudflare, ha superato il limite previsto dal software del core proxy, causando un errore critico.
Il sistema che esegue l’instradamento del traffico – noto internamente come FL e nella sua nuova versione FL2 – utilizza infatti limiti rigidi per la preallocazione di memoria, con un massimo fissato a 200 feature. Il file corrotto ne conteneva più del doppio, facendo scattare un “panic” del modulo Bot Management e interrompendo l’elaborazione delle richieste.
Nei primi minuti dell’incidente, l’andamento irregolare degli errori ha portato i team di Cloudflare a sospettare inizialmente un massiccio attacco DDoS: il sistema sembrava infatti riprendersi spontaneamente per poi ricadere nel guasto, un comportamento insolito per un errore interno.
Questa fluttuazione era dovuta alla natura distribuita dei database coinvolti. Il file veniva generato ogni cinque minuti e, poiché solo alcune parti del cluster erano state aggiornate, il sistema produceva alternativamente file “buoni” e file “difettosi”, propagandoli istantaneamente a tutti i server.
Nell blog si legge :
“Ci scusiamo per l’impatto sui nostri clienti e su Internet in generale. Data l’importanza di Cloudflare nell’ecosistema Internet, qualsiasi interruzione di uno qualsiasi dei nostri sistemi è inaccettabile. Il fatto che ci sia stato un periodo di tempo in cui la nostra rete non è stata in grado di instradare il traffico è profondamente doloroso per ogni membro del nostro team. Sappiamo di avervi deluso oggi“.
Con il passare del tempo, l’intero cluster è stato aggiornato e le generazioni di file “buoni” sono cessate, stabilizzando il sistema nello stato di errore totale. A complicare ulteriormente la diagnosi è intervenuta una coincidenza inaspettata: il sito di stato di Cloudflare, ospitato esternamente e quindi indipendente dall’infrastruttura dell’azienda, è risultato irraggiungibile nello stesso momento, alimentando il timore di un attacco coordinato su più fronti.
La situazione ha iniziato a normalizzarsi alle 14:30 UTC, quando gli ingegneri hanno individuato la radice del problema e interrotto la propagazione del file corrotto. È stato quindi distribuito manualmente un file di configurazione corretto e forzato un riavvio del core proxy. La piena stabilità dell’infrastruttura è stata ripristinata alle 17:06 UTC, dopo un lavoro di recupero dei servizi che avevano accumulato code, latenze e stati incoerenti.
Diversi servizi chiave hanno subito impatti significativi: il CDN ha risposto con errori 5xx, il sistema di autenticazione Turnstile non riusciva a caricarsi, Workers KV restituiva errori elevati e l’accesso alla dashboard risultava bloccato per la maggior parte degli utenti. Anche il servizio Email Security ha visto diminuire temporaneamente la propria capacità di rilevare lo spam a causa della perdita di accesso a una fonte IP reputazionale. Il sistema di Access ha registrato un’ondata di fallimenti di autenticazione, impedendo a molti utenti di raggiungere le applicazioni protette.
L’interruzione ha evidenziato vulnerabilità legate alla gestione distribuita della configurazione e alla dipendenza da file generati automaticamente con aggiornamenti rapidi. Cloudflare ha ammesso che una parte delle deduzioni del suo team durante i primi minuti dell’incidente si è basata su segnali fuorvianti – come il down del sito di stato – che hanno ritardato la corretta diagnosi del guasto. L’azienda ha promesso un piano di intervento strutturato per evitare che un singolo file di configurazione possa nuovamente bloccare segmenti così ampi della sua rete globale.
Cloudflare ha riconosciuto con grande trasparenza la gravità dell’incidente, sottolineando come ogni minuto di interruzione abbia un impatto significativo sull’intero ecosistema Internet, dato il ruolo centrale che la sua rete svolge.
L’azienda ha annunciato che questo primo resoconto sarà seguito da ulteriori aggiornamenti e da una revisione completa dei processi interni di generazione delle configurazioni e gestione degli errori di memoria, con l’obiettivo dichiarato di evitare che un evento simile possa ripetersi.
L'articolo Cloudflare blackout globale: si è trattato di un errore tecnico interno. Scopriamo la causa proviene da Red Hot Cyber.
Radio Dreyeckland: Hausdurchsuchung wegen eines Links war verfassungswidrig
netzpolitik.org/2025/radio-dre…
Dalla scrivania alla scuola
pnlug.it/2025/11/19/donazione-…
Segnalato dal Grupo Linux di #Pordenone e pubblicato sulla comunità Lemmy @GNU/Linux Italia
PNLUG e Electrolux danno nuova vita alla tecnologia e all'apprendimento a Pordenone donando 50 pc all’Istituto Comprensivo Pordenone Centro
GNU/Linux Italia reshared this.
Kissing is ubiquitous among many animals, especially primates, suggesting deep evolutionary roots of the behavior.#TheAbstract
Scientists Discover the Origin of Kissing — And It’s Not Human
🌘
Subscribe to 404 Media to get The Abstract, our newsletter about the most exciting and mind-boggling science news and studies of the week.Kissing is one of humanity’s most cherished rituals—just think of the sheer variety of smooches, from the “wedding kiss” to the “kiss of death.” Now, scientists have discovered that the origins of this behavior, which is widespread among many primates, likely dates back at least 21 million years, according to a study published on Tuesday in the journal Evolution and Human Behavior.
In other words, our early primate relatives were sitting in a tree, K-I-S-S-I-N-G, in the early Miocene period. Moreover, the deep evolutionary roots of kissing suggest that Neanderthals likely smooched each other, and probably our human ancestors as well. The new study is the first attempt to reconstruct the evolutionary timeline of kissing by analyzing a wealth of observations about this behavior in modern primates and other animals.
“It is kind of baffling to me that people haven't looked at this from an evolutionary perspective before,” said Matilda Brindle, an evolutionary biologist at the University of Oxford who led the study, in a call with 404 Media. “There have been some people who have put ideas out there, but no one's done it in a systematic way.”
“Kissing doesn't occur in all human cultures, but in those that it does, it's really important,” she added. “That's why we thought it was really exciting to study.”
A collage of mouth-to-mouth contact across species. Image: Brindle, Matilda et al.
The ritual of the “first kiss” is a common romantic trope, but tracking down the “first kiss” in an evolutionary sense is no easy feat. For starters, the adaptive benefits of kissing have long eluded researchers. Mouth-to-mouth contact raises the odds of oral disease transfer, and it’s not at all clear what advantages puckering up confers to make it worth the trouble.“Kissing is kind of risky,” Brindle said. “You're getting very close to another animal's face. There could be diseases. To me, that suggests that it is important. There must be some benefits to this behavior.”
Some common explanations for sex-related kissing include mate evaluation—bad breath or other red flags during a smoochfest might affect the decision to move on to copulation. Kissing may also stimulate sexual receptiveness and perhaps boost the odds of fertilization. In platonic contexts, kissing could serve a social purpose, similar to grooming, of solidifying bonds between parents and offspring, or even to smooth over conflicts between group members.
“We know that chimpanzees, when they've had a bit of a bust up, will often go and kiss each other and make up,” Brindle said. “That might be really useful for navigating social relationships. Primates are obviously an incredibly social group of animals, and so this could be just a social lubricant for them.”
Though most of us have probably never considered the question, Brindle and her colleagues first had to ask: what is a kiss? They made a point to exclude forms of oral contact that don’t fall into the traditional idea of kissing as a prosocial behavior. For example, lots of animals share food directly through mouth-to-mouth contact, such as regurgitation from a parent to offspring. In addition, some animals display antagonistic behavior through mouth-to-mouth contact, such as “kiss-fighting” behavior seen in some fish.
The team ultimately defined kissing as “a non-agonistic interaction involving directed, intraspecific, oral-oral contact with some movement of the lips/mouthparts and no food transfer.” Many animals engage in kissing under these terms—from insects, to birds, to mammals—but the researchers were most interested in primates.
To that end, they gathered observations of kissing across primate species and fed the data into models that analyzed the timeline of the behavior through the evolutionary relationships between species. The basic idea is that if humans, bonobos, and chimpanzees all kiss (which they do) then the common ancestor of these species likely kissed as well.
The results revealed that the evolutionary “first kiss” likely occurred among primates at least 21 million years ago. Since Neanderthals and our own species, Homo sapiens, are known to have interbred—plus they also shared oral microbes—the team speculates that Neanderthals and our own human ancestors might have kissed as well.
While the study provides a foundation for the origins of kissing, Brindle said there is not yet enough empirical data to test out different hypotheses about its benefits—or to explain why it is important in some species and cultures, but not others. To that end, she hopes other scientists will be inspired to report more observations about kissing in wild and captive animal populations.
“I was actually surprised that there were so few data out there,” Brindle said. “I thought that this would be way better documented when I started this study. What I would really love is, for people who see this behavior, to note it down, report it, so that we can actually start collecting more contextual information: Is this a romantic or a platonic kiss? Who were the actors in it? Was it an adult male and an adult female, or a mother and offspring? Were they eating at the time? Was there copulation before or after the kiss?”
“These sorts of questions will enable us to pick apart these potential adaptive hypotheses,” she concluded.
🌘
Subscribe to 404 Media to get The Abstract, our newsletter about the most exciting and mind-boggling science news and studies of the week.
HOPE Hacking Conference Banned From University Venue Over Apparent ‘Anti-Police Agenda’#News #HOPE
HOPE Hacking Conference Banned From University Venue Over Apparent ‘Anti-Police Agenda’
The legendary hacker conference Hackers on Planet Earth (HOPE) says that it has been “banned” from St. John’s University, the venue where it has held the last several HOPE conferences, because someone told the university the conference had an “anti-police agenda.”HOPE was held at St. John’s University in 2022, 2024, and 2025, and was going to be held there in 2026, as well. The conference has been running at various venues over the last 31 years, and has become well-known as one of the better hacking and security research conferences in the world. Tuesday, the conference told members of its mailing list that it had “received some disturbing news,” and that “we have been told that ‘materials and messaging’ at our most recent conference ‘were not in alignment with the mission, values, and reputation of St. John’s University’ and that we would no longer be able to host our events there.”
The conference said that after this year’s conference, they had received “universal praise” from St. John’s staff, and said they were “caught by surprise” by the announcement.
“What we're told - and what we find rather hard to believe - is that all of this came about because a single person thought we were promoting an anti-police agenda,” the email said. “They had spotted pamphlets on a table which an attendee had apparently brought to HOPE that espoused that view. Instead of bringing this to our attention, they went to the president's office at St. John's after the conference had ended. That office held an investigation which we had no knowledge of and reached its decision earlier this month. The lack of due process on its own is extremely disturbing.”
“The intent of the person behind this appears clear: shut down events like ours and make no attempt to actually communicate or resolve the issue,” the email continued. “If it wasn't this pamphlet, it would have been something else. In this day and age where academic institutions live in fear of offending the same authorities we've been challenging for decades, this isn't entirely surprising. It is, however, greatly disappointing.”
St. John’s University did not immediately respond to a request for comment. Hacking and security conferences in general have a long history of being surveilled by or losing their venues. For example, attendees of the DEF CON hacking conference have reported being surveilled and having their rooms searched; last year, some casinos in Las Vegas made it clear that DEF CON attendees were not welcome. And academic institutions have been vigorously attacked by the Trump administration over the last few months over the courses they teach, the research they fund, and the events they hold, though we currently do not know the specifics of why St. John’s made this decision.
It is not clear what pamphlets HOPE is referencing, and the conference did not immediately respond to a request for comment, but the conference noted that St. Johns could have made up any pretext for banning them. It is worth mentioning that Joshua Aaron, the creator of the ICEBlock ICE tracking app, presented at HOPE this year. ICEBlock has since been deleted by the Apple App Store and the Google Play store after being pressured by the Trump administration.
“Our content has always been somewhat edgy and we take pride in challenging policies we see as unfair, exposing security weaknesses, standing up for individual privacy rights, and defending freedom of speech,” HOPE wrote in the email. The conference said that it has not yet decided what it will do next year, but that it may look for another venue, or that it might “take a year off and try to build something bigger.”
“There will be many people who will say this is what we get for being too outspoken and for giving a platform to controversial people and ideas. But it's this spirit that defines who we are; it's driven all 16 of our past conferences. There are also those who thought it was foolish to ever expect a religious institution to understand and work with us,” the conference added. “We are not changing who we are and what we stand for any more than we'd expect others to. We have high standards for our speakers, presenters, and staff. We value inclusivity and we have never tolerated hate, abuse, or harassment towards anyone. This should not be news, as HOPE has been around for a while and is well known for its uniqueness, spirit, and positivity.”
The Golden Age of Hackers in Vegas Is Over
After ransomware struck the strip, Vegas is more cautious and paranoid about hackers than ever, with businesses and casinos sending a clear message: hackers are not welcome here.Joseph Cox (404 Media)
“Most drivers are unaware that San Jose’s Police Department is tracking their locations and do not know all that their saved location data can reveal about their private lives and activities."#Flock
ACLU and EFF Sue a City Blanketed With Flock Surveillance Cameras
Lawyers from the American Civil Liberties Union (ACLU) and Electronic Frontier Foundation (EFF) sued the city of San Jose, California over its deployment of Flock’s license plate-reading surveillance cameras, claiming that the city’s nearly 500 cameras create a pervasive database of residents movements in a surveillance network that is essentially impossible to avoid.The lawsuit was filed on behalf of the Services, Immigrant Rights & Education Network and Council on American-Islamic Relations, California, and claims that the surveillance is a violation of California’s constitution and its privacy laws. The lawsuit seeks to require police to get a warrant in order to search Flock’s license plate system. The lawsuit is one of the highest profile cases challenging Flock; a similar lawsuit in Norfolk, Virginia seeks to get Flock’s network shut down in that city altogether.
“San Jose’s ALPR [automatic license plate reader] program stands apart in its invasiveness,” ACLU of Northern California and EFF lawyers wrote in the lawsuit. “While many California agencies run ALPR systems, few retain the locations of drivers for an entire year like San Jose. Further, it is difficult for most residents of San Jose to get to work, pick up their kids, or obtain medical care without driving, and the City has blanketed its roads with nearly 500 ALPRs.”
The lawsuit argues that San Jose’s Flock cameras “are an invasive mass surveillance technology” that “collect[s] driver locations en masse.”
“Most drivers are unaware that San Jose’s Police Department is tracking their locations and do not know all that their saved location data can reveal about their private lives and activities,” it adds. The city of San Jose currently has at least 474 ALPR cameras, up from 149 at the end of 2023; according to data from the city, more than 2.6 million vehicles were tracked using Flock in the month of October alone. The lawsuit states that Flock ALPRs are stationed all over the city, including “around highly sensitive locations including clinics, immigration centers, and places of worship. For example, three ALPR cameras are positioned on the roads directly outside an immigration law firm.”
Andrew Crocker, surveillance litigation director for the EFF, told 404 Media in a phone call that “it’s fair to say that anyone driving in San Jose is likely to have their license plates captured many times a day. That pervasiveness is important.”
DeFlock's map of San Jose's ALPRs
A zoomed in look at San Jose
A search of DeFlock, a crowdsourced map of ALPR deployments around the country, shows hundreds of cameras in San Jose spaced essentially every few blocks around the city. The map is not exhaustive.The lawsuit argues that warrantless searches of these cameras are illegal under the California constitution’s search and seizure clause, which Crocker said “has been interpreted to be even stronger than the Fourth Amendment,” as well as other California privacy laws. The case is part of a broader backlash against Flock as it expands around the United States. 404 Media’s reporting has shown that the company collects millions of records from around the country, and that it has made its national database of car locations available to local cops who have in turn worked with ICE. Some of those searches have violated California and Illinois law, and have led to reforms from the company. Crocker said that many of these problems will be solved if police simply need to get a warrant to search the system.
“Our legal theory and the remedy we’re seeking is quite simple. We think they need a warrant to search these databases,” he said. “The warrant requirement is massive and should help in terms of preventing these searches because they will have to be approved by a judge.” The case in Norfolk is ongoing. San Jose Police Department and Flock did not immediately respond to a request for comment.
Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed
Following 404 Media’s reporting and in light of new legislation, automatic license plate reader (ALPR) company Flock has stopped agencies reaching into cameras in California, Illinois, and Virginia.Joseph Cox (404 Media)
The move comes after intense pressure from lawmakers and 404 Media’s months-long reporting about the airline industry's data selling practices.
The move comes after intense pressure from lawmakers and 404 Media’s months-long reporting about the airline industryx27;s data selling practices.#Impact
Airlines Will Shut Down Program That Sold Your Flights Records to Government
Airlines Reporting Corporation (ARC), a data broker owned by the U.S.’s major airlines, will shut down a program in which it sold access to hundreds of millions of flight records to the government and let agencies track peoples’ movements without a warrant, according to a letter from ARC shared with 404 Media.ARC says it informed lawmakers and customers about the decision earlier this month. The move comes after intense pressure from lawmakers and 404 Media’s months-long reporting about ARC’s data selling practices. The news also comes after 404 Media reported on Tuesday that the IRS had searched the massive database of Americans flight data without a warrant.
“As part of ARC’s programmatic review of its commercial portfolio, we have previously determined that TIP is no longer aligned with ARC’s core goals of serving the travel industry,” the letter, written by ARC President and CEO Lauri Reishus, reads. TIP is the Travel Intelligence Program. As part of that, ARC sold access to a massive database of peoples’ flights, showing who travelled where, and when, and what credit card they used.
The ARC letter.
“All TIP customers, including the government agencies referenced in your letter, were notified on November 12, 2025, that TIP is sunsetting this year,” Reishus continued. Reishus was responding to a letter sent to airline executives earlier on Tuesday by Senator Ron Wyden, Congressman Andy Biggs, Chair of the Congressional Hispanic Caucus Adriano Espaillat, and Senator Cynthia Lummis. That letter revealed the IRS’s warrantless use of ARC’s data and urged the airlines to stop the ARC program. ARC says it notified Espaillat's office on November 14.ARC is co-owned by United, American, Delta, Southwest, JetBlue, Alaska, Lufthansa, Air France, and Air Canada. The data broker acts as a bridge between airlines and travel agencies. Whenever someone books a flight through one of more than 12,800 travel agencies, such as Expedia, Kayak, or Priceline, ARC receives information about that booking. It then packages much of that data and sells it to the government, which can search it by name, credit card, and more. 404 Media has reported that ARC’s customers include the FBI, multiple components of the Department of Homeland Security, ATF, the SEC, TSA, and the State Department.
Espaillat told 404 Media in a statement “this is what we do. This is how we’re fighting back. Other industry groups in the private sector should follow suit. They should not be in cahoots with ICE, especially in ways may be illegal.”
Wyden said in a statement “it shouldn't have taken pressure from Congress for the airlines to finally shut down the sale of their customers’ travel data to government agencies by ARC, but better late than never. I hope other industries will see that selling off their customers' data to the government and anyone with a checkbook is bad for business and follow suit.”
“Because ARC only has data on tickets booked through travel agencies, government agencies seeking information about Americans who book tickets directly with an airline must issue a subpoena or obtain a court order to obtain those records. But ARC’s data sales still enable government agencies to search through a database containing 50% of all tickets booked without seeking approval from a judge,” the letter from the lawmakers reads.
Update: this piece has been updated to include statements from CHC Chair Espaillat and Senator Wyden.
Airline-Owned Data Broker Selling Your Flight Info to DHS Finally Registers as a Data Broker
It’s a legal requirement for data brokers to register in the state of California. ARC, the airlines-owned data broker that has been selling your flight information to the government for years, only just registered after being contacted by the office …Joseph Cox (404 Media)
A bipartisan letter reveals the IRS searched a database of hundreds of millions of travel records without first conducting a legal review. Airlines like Delta, United, American, and Southwest are selling these records to the government through a co-owned data broker.#arc #Privacy
IRS Accessed Massive Database of Americans Flights Without a Warrant
The IRS accessed a database of hundreds of millions of travel records, which show when and where a specific person flew and the credit card they used, without obtaining a warrant, according to a letter signed by a bipartisan group of lawmakers and shared with 404 Media. The country’s major airlines, including Delta, United Airlines, American Airlines, and Southwest, funnel customer records to a data broker they co-own called the Airlines Reporting Corporation (ARC), which then sells access to peoples’ travel data to government agencies.The IRS case in the letter is the clearest example yet of how agencies are searching the massive trove of travel data without a search warrant, court order, or similar legal mechanism. Instead, because the data is being sold commercially, agencies are able to simply buy access. In the letter addressed to nine major airlines, the lawmakers urge them to shut down the data selling program. Update: after this piece was published, ARC said it already planned to shut down the program. You can read more here.
This post is for subscribers only
Become a member to get access to all content
Subscribe now
Ministero dell'Istruzione
Dalle ore 12.00 di domani, mercoledì #19novembre, la piattaforma #CartadelDocente sarà accessibile per gli insegnanti che dispongano di eventuali residui dell’Anno Scolastico 2024/2025 e per i beneficiari di sentenze a cui è stata data esecuzione.Telegram
Roberto Rossetti reshared this.
Gipfel zur Europäischen Digitalen Souveränität: Kehrtwende für die „Innovationsführerschaft“
netzpolitik.org/2025/gipfel-zu…
Ministero dell'Istruzione
La XXIV edizione del #concorso nazionale “I giovani ricordano la #Shoah” per l’anno scolastico 2025/2026 è promossa dal #MIM, in collaborazione con l’Unione delle Comunità Ebraiche Italiane.Telegram
Interne Dokumente: EU-Staaten einigen sich auf freiwillige Chatkontrolle
netzpolitik.org/2025/interne-d…
Journalists’ cameras become targets at Oregon protests
You’ve probably seen the inflatable frogs, the dance parties, the naked bike ride. Maybe you’ve also seen the darker images: a federal officer aiming a weapon at protesters, or federal agents hurling tear gas and flash bangs into peaceful demonstrations at a Portland, Oregon, immigration facility.
Local journalists have been attacked for bringing images like these to the world. They’re being tear-gassed and shot with crowd-control munitions by federal agents simply for doing their jobs.
Photojournalist John Rudoff is among them. He’s been covering these protests since June, photographing both peaceful marches and violent responses from federal officers that often follow.
On Oct. 11, while documenting a protest, Rudoff was struck by a stinger grenade, even though he was clearly identifiable as press. He was bruised, but not deterred.
“If you cover protests, you’re going to have discomfort and hazard. Period. That’s just the way it is,” Rudoff told us. “They shoot 20-year-old girls, and they shoot 70-year-old men, and they shoot people in wheelchairs, and they shoot blind people,” he added, referring to federal agents using crowd-control munitions. “The word impunity seems to be coined for them.”
Despite the danger, Rudoff refuses to stop documenting. “The entire media ecosystem has been covered with the administration’s rantings about the war-ravaged hellscape of Portland, and the city is burning down, and ICE officers are being attacked, and on and on and on,” he said. “I feel some obligation to try and counter this frankly preposterous narrative that the city’s burning down. It isn’t.”
Independent journalist Kevin Foster, who has also been covering the Portland protests, shares that sense of duty and outrage. “It’s clear the Trump administration wants to paint Portland as a war zone to seize more control, but it’s a lot harder to do that when I’m showing you all the dancing inflatable frogs,” he told us. “At the end of the day, someone needs to be there to document abuses of power.”
Foster has felt the danger up close while reporting from protests. “I’ve seen other press members shot with pepper balls, I’ve had flash bangs go off at my feet, and tear gas canisters explode above my head,” he said. But he continues to work to keep the public informed, reporting on federal agents’ heavy use of force and escalatory tactics at the protests.
For Foster, the concerns go beyond federal agents at protests. “Right-wing influencers and agitators have reportedly doxxed people,” Foster said. “With the state of the presidency and the history of authoritarianism, I do sometimes worry about persecution as well, especially given that a lot of my coverage subverts the narrative produced by right-wing media.”
The incident in Portland that got the most attention involved Katie Daviscourt, a reporter for the conservative news site The Post Millennial. She reported being hit in the face by someone swinging a flagpole at a protest, blackening her eye. Police let the suspect go, prompting feigned outrage from the White House.
Holding federal agents accountable
Violence against the press, from any direction, is an attack on the First Amendment itself, especially when enabled by law enforcement. Unfortunately, those purportedly appalled by the Daviscourt incident have not shown similar concern over federal law enforcement attacks on journalists who don’t further their preferred political narratives.
Since the Portland protests began in June, for instance, photojournalist Mason Lake has been struck by crowd-control munitions twice, pepper-sprayed, and had a rifle aimed at him. Yet federal officials haven’t condemned these attacks, or the attack on Rudoff.
“It’s very disconcerting to see how free press has been trampled,” Lake told the U.S. Press Freedom Tracker, a project of Freedom of the Press Foundation (FPF). “The best we can do is push back and make sure the truth isn’t run over.”
In other cities, like Chicago, Illinois, and Los Angeles, California, federal court orders protect journalists from such assaults. But Portland currently has no such order. Legal precedent from 2020 protests in Portland recognized reporters’ First Amendment right to cover protests and shielded them from dispersal orders. But it has done little to rein in federal agents today.
“They have to be sued, and they have to be enjoined, and they have to be criminally prosecuted until they stop doing it,” suggested Rudoff.
Until that happens, however, journalists must keep speaking up, not just about what they see, but also for being attacked for witnessing it. “Most attacks on journalists aren’t reported,” explained Rudoff. But, he added, “I don’t know a single journalist out there who hasn’t been shot or hit or knocked over or tear-gassed or pepper-sprayed. It’s everybody.”
Foster put it even more bluntly: “Many Americans seem to have this impression that brutalizing protesters and targeting the press only happens in other countries. If that notion hasn’t shattered for you yet, wait until your ears are ringing from flash bangs and you’re enveloped in a cloud of tear gas so thick you can’t see 15 feet.”
This isn’t some distant dictatorship. It’s the city of Portland. And the First Amendment is under siege.
EU ‘Chat Control’ Proposal Still Poses ‘High Risks’ Despite Removal of Mandatory Scanning, Experts Warn
Following a major public outcry, a clarification in the EU’s controversial “Chat Control” law appeared to secure a victory for privacy advocates. However, a group of 18 of Europe’s top cybersecurity and privacy academics has now issued a stark warning that the latest proposal still contains “high risks to society without clear benefits for children.”
Their open letter arrives just before the EU Council’s ambassadors are set to endorse the proposal on November 19. An endorsement would lock in the EU governments’ position, likely leading to a formal adoption in December and setting the stage for tense negotiations with the European Parliament in the new year.
The controversy centers on the Child Sexual Abuse Regulation (CSAR). After widespread protests, mandatory scanning of private communications was removed from the EU Council’s draft. A further clarification on November 13 confirmed that “Nothing in this Regulation should be understood as imposing any detection obligations on providers.”
This led privacy advocates like former Pirate Party MEP Patrick Breyer to declare a partial victory: “We’ve prevented mandatory Chat Control through the back door. But anonymity-breaking age checks and ‘voluntary’ mass scanning are still planned. The fight continues next year!”
Now, cybersecurity experts from institutions including ETH Zurich, KU Leuven, and the Max Planck Institute are amplifying that warning, arguing that two core elements of the revised Council proposal create new, unacceptable dangers.
Key Concerns Raised by Experts:
1. Flawed ‘voluntary’ AI Chat Control Creates Dangerous False Positives
The experts warn that unlike the previous Council’s proposal, the new text expands scanning of private communications to include automated text analysis, using AI to identify ambiguous “grooming” behaviours. They argue this will create a dragnet that ensnares innocent people. “Current AI technology is far from being precise enough to undertake these tasks with guarantees for the necessary level of accuracy.”
The letter states that this expanded scope “only opens the door to surveil and examine a larger part of conversations, without any guarantee of better protection.” It warns of a “high risk of diminishing overall protection by flooding investigators with false accusations that prevent them from investigating the real cases.”
2. Mandatory Age Verification Systems That Discriminate and Invade Privacy
The Council’s proposal would mandate age verification and assessment for app stores and private messaging services, promising that such measures “should preserve privacy”. The academics describe this as dangerous and unworkable: “Age assessment cannot be performed in a privacy-preserving way with current technology due to reliance on biometric, behavioural or contextual information… In fact, it incentivizes (children’s) data collection and exploitation. We conclude that age assessment presents an inherent disproportionate risk of serious privacy violation and discrimination, without guarantees of effectiveness.”
The alternative approach of requiring official documents for age verification would cut off a “substantial fraction of the population” from essential online services, including vulnerable individuals who may not have easy access to digital IDs.
Perhaps most concerning, the experts warn that age verification measures are easily circumvented and could push children toward more dangerous platforms: “Age verification controls can be easily evaded, by using providers outside the EU or VPNs to avoid geolocation checks… Both cases can result in higher risks for children because these alternate services are likely to present security risks (weak or absent encryption) and extensive tracking practices, sometimes for malicious purposes.”
Outlook:
If the Council does not heed the academics’ warnings, age checks and ‘voluntary’ mass scanning are set to become a central battleground in next year’s negotiations with the European Parliament, whose mandate seeks to remove mandatory age checks and limit scanning to the communications of criminal suspects only.
According to a leaked government memo, Italy also raised concerns last week, questioning whether voluntary chat surveillance can adequately safeguard user privacy. The Italian government fears the tool could be expanded to cover other crimes, which makes it difficult for them to support the proposal. Poland, too, reserved further examination.
About the Signatories:
The letter is signed by 18 distinguished professors and researchers in cybersecurity, cryptography, and data privacy from leading universities and research centers across Europe, including Aarhus University (Denmark), École Polytechnique (France), CISPA Helmholtz Center for Information Security (Germany), ETH Zurich (Switzerland), and KU Leuven (Belgium).
Read the scientists’ open letter: csa-scientist-open-letter.org/…
See also Patrick Breyer’s assessment
reshared this
#Ucraina: l'utopia e la realtà
Ucraina: l’utopia e la realtà
La realtà dei fatti, da una parte, e il comportamento del regime ucraino e dei suoi sponsor europei, dall’altra, continuano a muoversi su strade totalmente divergenti, con decisioni, prese da parte di questi ultimi, che non hanno nessuna giustificazi…www.altrenotizie.org
Paolo Berizzi: “Vi racconto misteri e legami di CasaPound”
@Giornalismo e disordine informativo
articolo21.org/2025/11/paolo-b…
Da poco in libreria con un testo che sta facendo particolarmente discutere (“Il libro segreto di CasaPound”, Fuoriscena editore), Paolo Berizzi ha deciso di devolvere alla nostra associazione una parte
Giornalismo e disordine informativo reshared this.
"I.A. BASTA!”: l’appello dei docenti contro l’intelligenza artificiale a scuola - L'INDIPENDENTE
lindipendente.online/2025/11/1…
Un appello, una mozione e un questionario per dire “basta” all’intelligenza artificiale nella scuola. È questo il cuore della mobilitazione lanciata dal gruppo auto-organizzato di lavoratrici e lavoratori della scuola, che vede la partecipazione di docenti, personale ATA, rappresentanti del sindacal
La militarizzazione dell’AI è già iniziata. Ma dove arriverà?
@Notizie dall'Italia e dal mondo
Molti analisti parlano ormai dell’uso bellico dell’Intelligenza Artificiale in guerra come del vero “momento Oppenheimer” della nostra epoca. Un termine che indica l’idea che, come accadde con il nucleare a metà Novecento, stiamo varcando una soglia dalla quale sarà difficile tornare indietro. Un
Notizie dall'Italia e dal mondo reshared this.
Perché la Commissione Ue indaga sul cloud di Amazon e Microsoft
L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
La Commissione europea sta indagando su Amazon Web Service e Microsoft Azure per stabilire se le due società vadano considerate delle "gatekeeper" nel mercato del cloud. Nuove tensioni in vista tra Bruxelles e
Nicola Pizzamiglio likes this.
reshared this
Pare 🚲 🌞
in reply to differx • • •Dico solo che se io vedo un indirizzo ofuscato per il quale non ho neppure una vaga indicazione che mi anticipi dove porta, senza uno straccio di descrizione che mi spieghi di cosa si tratta, posso solo pensare allo SPAM; non lo seguitò mai.
Se chi pubblica pensa che non valga la pena spendere due minuti per spiegare perché il riferimento proposto può essere interessante, perché mai dovrei dedicare tempo a guardarlo?
Preferisco spenderlo per dire: rispettate chi vi legge.
@differx @poliversity
differx
in reply to Pare 🚲 🌞 • •ti ringrazio della critica, che trovo giusta: ho corretto e ampliato il post!
differx
in reply to Pare 🚲 🌞 • •@Pare 🚲 🌞 @Poliversity - Università ricerca e giornalismo
ecco il post corretto: poliverso.org/display/0477a01e…
differx
2025-11-19 10:52:13