Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.comp.issues.privacy > #47
| From | Nomen Nescio <nobody@dizum.com> |
|---|---|
| Subject | Re: The FBI's new tactic: Catching suspects with push alerts |
| References | <556b7a391a93c2be263011b866748e2e@dizum.com> <5e4d1b49c7dedf51a47a920f6958a324@dizum.com> |
| Message-ID | <83cb084b6aee36bf0d8c0cc006ee3da6@dizum.com> (permalink) |
| Date | 2024-03-11 01:43 +0100 |
| Newsgroups | alt.comp.issues.privacy, alt.privacy, alt.privacy.anon-server |
| Organization | dizum.com - The Internet Problem Provider |
Cross-posted to 3 groups.
On Sun, 10 Mar 2024 21:51:53 +0100 (CET), Nomen Nescio <nobody@dizum.com>
said:
> Nomen Nescio <nobody@dizum.com> wrote:
>
>>https://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/
>>
>> The alleged pedophile "LuvEmYoung" had worked to stay anonymous in
>> the chatrooms where he bragged about sexually abusing children. A
>> criminal affidavit said he covered his tracks by using TeleGuard, an
>> encrypted Swiss messaging app, to share a video of himself last month
>> with a sleeping 4-year-old boy.
>
> The hard way to learn, that encryption doesn't implicate anonymity.
Not only that, but it should also inspire significant skepticism with regard
to any provider's claims about generation and retention of any data that
could potentially identity you. Case in point:
Privacy protection on TeleGuard
TeleGuard uses HTTPS and end-to-end encryption to protect its users'
privacy. No user data, including IP address, metadata, etc., is
collected or stored. The messages are stored only until they are
delivered. After delivery, they are deleted immediately. Thus, if
no backup has been created, there is no possibility of recovery.
The language used here is absolute, not only implying, but outright /stating/
that no data is generated/stored by anyone that could identify a user.
Their privacy policy page makes similar claims:
What do these guidelines cover?
This data protection declaration ("data protection") sets out the data
protection declaration of Swisscows AG (hereinafter referred to as
"Swisscows") and applies to users ("user" or "you") of Swisscows
products, currently known as "TeleGuard" ("TeleGuard").
This declaration applies to all products and services that we offer
across our entire website, and also applies to the website and your
use of TeleGuard ("services"). THIS POLICY DOES NOT APPLY TO THIRD
PARTY WEBSITES, PRODUCTS OR SERVICES, EVEN IF THEIR WEBSITE IS LINKED
TO OUR WEBSITE. PLEASE ALWAYS CHECK A THIRD PARTY'S PRIVACY PRACTICES
BEFORE DECIDING WHETHER TO SUBMIT INFORMATION. By using our website
or services, you accept the practices described in this policy. If
you do not agree to this policy, please do not visit or use our
website or our services. Your continued use of our website or
services means that you accept this policy.
[Emphasis added]
What data do we collect?
IP addresses
IP address is NOT saved.
Nice weasel-wording -- TeleGuard don't collect your IP address, but third-
parties can, and they're off the hook for that one.
Data acquisition
We do not collect personal information from our visitors.
When using TeleGuard, your IP address is not recorded, nor do we
record which browser you are using (Internet Explorer, Safari,
Firefox, Chrome, etc.). It is not recorded which operating system
you are using (Windows, Mac, Linux etc.), and your search queries
are not recorded. The only information we store is the sum of the
search queries entered daily on our website (a measure of the total
traffic on our site), a breakdown of this traffic by language and
pure overall statistics.
Our strict policy of not collecting any data protects your privacy.
Which is apparently entirely negated by third parties doing so.
Your IP address and information about the browser and operating
system could be used together with other data to clearly identify
your computer, your place of residence and you. It is also important
not to save any search terms, as these can also contain personal data.
(Just think of someone who enters their own name and / or insurance
number in the search box.)
The story outlined in the Washington Post puts the lie to their bullshit.
Lessons to be learned here:
1) Don't enable push-notifications, EVER.
2) Make sure that if you connect an email address to a TeleGuard account,
that it is a secure one, i.e. created/accessed via Tor /exclusively/.
3) Take any 'secure' service provider's promises and statements with not
just a pinch of salt, but rather a carload.
4) Remember the lessons of history -- Hushmail made similar promises, and we
all know how /that/ turned out -- 12 CDs of *decrypted* email turned over
to the Drug Enforcement Administration (DEA).
Back to alt.comp.issues.privacy | Previous | Next — Previous in thread | Next in thread | Find similar
The FBI's new tactic: Catching suspects with push alerts Nomen Nescio <nobody@dizum.com> - 2024-03-10 11:29 +0100
Re: The FBI's new tactic: Catching suspects with push alerts Nomen Nescio <nobody@dizum.com> - 2024-03-10 21:51 +0100
Re: The FBI's new tactic: Catching suspects with push alerts Nomen Nescio <nobody@dizum.com> - 2024-03-11 01:43 +0100
Re: The FBI's new tactic: Catching suspects with push alerts Nomen Nescio <nobody@dizum.com> - 2024-03-11 11:45 +0100
Re: The FBI's new tactic: Catching suspects with push alerts Nomen Nescio <nobody@dizum.com> - 2024-03-12 01:33 +0100
Re: The FBI's new tactic: Catching suspects with push alerts Nomen Nescio <nobody@dizum.com> - 2024-03-12 01:23 +0100
Re: The FBI's new tactic: Catching suspects with push alerts Stainless Steel Rat <Use-Author-Supplied-Address-Header@[127.1]> - 2024-03-12 10:32 +0000
csiph-web