Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "data protection"
"We are looking for a GDPR expert to be hired in our company"
"I am an experienced data protection manager"
"Oh, fine! May you give us your phone number?"
"Your email address?"
So, as everyone knows on here by now (or, a lot of ranters), I am a fervid privacy person.
Appearantly a new surveillance law in my country is about to extend mass surveillance/hacking a lot. So here a rundown of what they are about to be allowed to do (stuff that is not okay imo and this is the reason I am so pro-privacy):
- Mass Data Gathering: The intelligence agency over here (lets call it IA from now) can pretty much record everything send through the country.
- Extra Protection: If they want to conduct surveillance on journalists/lawyers, they have to go through extra channels first at least.
- Data/survaillance sharing: The IA is allowed to share their raw/filtered data with foreign intelligence agencies without limits. Also, they're allowed to conduct surveillance based on foreign requests.
- Secret DNA database: A secret DNA database will be created which can store the DNA profiles of any person who has commited any kind of crime. These profiles are allowed to be stored for a maximum of 30 years. This database is allowed to be shared with any foreign intelligence agency.
- Hacking: Unlimited power to hack any device deemed neccesary to hack in relation to crime. From computers to smartphones and so on. Also, it's allowed to use zero-days without reporting them to the vendor (we have seen what can go wrong with that through the ShadowBrokers scandal).
- Automatic Database Collection: They are allowed to directly tap into any database they see required (banks, healthcare, messaging services and so on). Practically this can lead to backdoors being build in because if you don't cooperate, you can go to prison. (mother of god I am not using anything closed source anymore if possible).
So yeah, this is pretty much the reason why I am so privacy consious. This country is fucked.57
So I heard (a while ago) from one of my teachers at my previous study that they're waiting for the new european data protection laws to kick in so that they'll be able to start using Google for everything.
That would mean that every student is required to have a (school/school domain though) Google account.
"The data will remain in this country"
Yeah fuck off I'm not going to believe google on it's 'blue eyes'.
It's sad how an educational institution can force their students into a mass surveillance network. Really makes me angry as hell.
Luckily I got out before they're going to implement this.27
Me : *Logs in to Microsoft account to delete account*
MS: Eeeeeeeee, Add a recovery email or a number!!
Me: Wth! I want to delete my account, why would I give details of one more account.
*sees there is no skip button*
*Opens temp mail and gives temp email*
MS: Eeeeee, Now add recovery phone number!!!
Me: What the actual fuck!! No!
*Refreshes and its gone*
Me : *clicks on delete account*
MS: Eeeeee, we are sad , you will loose all data. also your synced device won't start unless you set 'reset protection' to 'disable'.
Me: Hmmmm, deceptive, how do I disable this reset protection.
MS: click here : link
Me: *Clicks to open devices, there is no fucking option called reset protection*
*Dafuq!! You wanna get complicated? Ok! Fine!! Get this now!
*Removes the account from every fucking thing from my system, one drive, store and what not*
*Disable this shit now*
MS: ok, disabling, please check the security code on your temp email!
Me: Glad I didn't close the temp email tab, here, do your shit now!
MS: Are you sure?
MS: Really sure?
Me: ..... Yes
MS: We have flagged for deletion, but if you want to activate back click on the only button we show you on the entire screen.
Me: I know these games of yours. They stand no chance in front of my awareness!!
Hahaha, the DPC (Data Protection Commission) has asked Facebook in a letter to stop transferring Europeans' data to the US.
Since the Privacy Shield agreement is off the table, it's illegal regardless to send any kind of PII data from the EU to the US.
How about we stop nicely asking and start giving fines in the form of millions every time PII data is transferred from the EU to the US by Facebook?
If the EU could grow some balls, that'd be fucking great.19
Although it might not get much follow up stuffs (probably a few fines but that will be about it), I still find this awesome.
The part of the Dutch government which keeps an eye on data leaks, how companies handle personal data, if companies comply with data protection/privacy laws etc (referring to it as AP from now on) finished their investigation into Windows 10. They started it because of privacy concerns from a few people about the data collection Microsoft does through Windows 10.
It's funny that whenever operating systems are brought up (or privacy/security) and we get to why I don't 'just' use windows 10 (that's actually something I'm asked sometimes), when I tell that it's for a big part due to privacy reasons, people always go into 'it's not that bad', 'oh well as long as it's lawful', 'but it isn't illegal, right!'.
Well, that changed today (for the netherlands).
AP has concluded that Windows 10 is not complying with the dutch privacy and personal data protection law.
I'm going to quote this one (trying my best to translate):
"It appears that Microsofts operating system follows every step you take on your computer. That gives a very invasive image of you", "What does that mean? do people know that, do they want that? Microsoft should give people a fair chance for deciding this by themselves".
They also say that unless explicit lawful consent is given (with enough information on what is collected, for what reasons and what it can be used for), Microsoft is, according to law, not allowed to collect their telemetrics through windows 10.
"But you can turn it off yourself!" - True, but as the paragraph above said, the dutch law requires that people are given more than enough information to decide what happens to their data, and, collection is now allowed until explicitly/lawfully ok'd where the person consenting has had enough information in order to make a well educated decision.
I'm really happy about this!
Source (dutch, sorry, only found it on a dutch (well respected) security site): https://security.nl/posting/534981/...7
@JoshBent suggested that I'd make a blog about security.
Nice idea, fair enough!
*registers domain at provider with discounts at the moment*
*tries to find whois protection option*
"You can add WHOIS protection to your account as an upgrade"
*requests authorization token*
*logs into usual domain name provider account*
*transfers domain name*
*anonymizes WHOIS details within two seconds*
I could've stayed and ask them about the cost etc but the fact that they even HAVE a price for protecting WHOIS data is a no-go for me.
Fuck domain name resellers which ask money for protecting ones WHOIS information (where possible).35
Just read that EU may planning regulating Algorithms...
What the fuck? WHAT THE FUCK?
They want that programmers make their Algorithms public accessible for transparency and say what algorithms are allowed to do, because people are scared of them?!
MY BRAIN HURTS AFTER THAT FUCKING GENERAL DATA PROTECTION BULLSHIT THEY WANT TO REGULATE HOW OUR PROGRAMS SHOULD WORK?!
AHDHSHSJSDHJABDJS SHDNSBDBSNSN *RAGEQUIT*28
"The customers of our webshop are able to change their billing address... We don't want our customers to be able to do that."
(in a few months with the new general European data protection regulation I need to code it in again, so I just removed the html...)5
Somewhat unpopular opinion time. I don’t 100% hate Facebook.
I do not support their data collection, but my biggest problem with FB is the users. My connections are inherently idiots because I’m in high school with people who are way too narcissistic and full of drama. I left FB because of the toxicity, and the data protection as a result was a bonus.
I support the original mission of Facebook, to connect people. I just wish it was still about that.5
And the deadline.
And I have no idea what to do.
What does it mean for one-man indie projects? Data protection officers? Companies? Controllers? Processors? EU employees? Argh.
Look, please, EU. Not everyone can afford to hire an entire team for this, when their current team is literally one person.
Yes, the GDPR is probably a step in the right direction, but I think I'll just stop collecting the data altogether.
(All data I collect is just user settings stored in a database, nothing more.)
Can someone point me in the right direction?8
It's very functional while providing great data protection/privacy features at the same time.
And it's free by default! (although I do pay for a premium account)7
He's making a list 🌲
He's checking it twice 🎅
He's gonna find out who's naughty or nice 🎁
Santa Claus is in contravention of article 4 of the General Data Protection Regulation (EU) 2016/6791
So... Intense pillowtalk with the wife the other night regarding the coming enforcement of the new General Data Protection Regulation (GDPR) law in the EU after a while turns into nerdy dirty talk.
Me: *Whisper in a sleazy voice like the dirty malware that I am*: So... Why don't you just open up all your inbound firewall ports for me...
Her: Hell no... But I might just make an exception in the private domain just for you...4
The German constitutional court (BverfG) declared many part of the law regulating the German secret agency "Bundesnachrichtendienst" (Federal Intelligence Service; BND) for unlawful and unconstitutional.
The key points:
- The freedom of press and the right for privacy are human rights, not just for Germans
- Uncontrolled and targetless, without protection for e.g. foreign journalists
- No independent control institution
- Lawmakers completely did not mention why they see a reason why human rights can be restricted, but intentionally did not respect them
- There must be specific reasons to give data to other countries' secret agencies
Sources (in German):
Talk about data protection, I am fucking furious!! A hotel i stayed in recently has sent an email with a scan of my passport and credit card. Do I have any legal rights to fuck them up the arse? The hotel is in france.1
Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide.
According to report of ZDNet: The CCPA (America's privacy legislation) came into effect on January 1, 2020, offering Californian users data-protection rules. Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it. While the law technically only applies to data processed about residents in California, US. But Mozilla notes it was one of the few companies to endorse CCPA from the outset. Mozilla has now outlined the key change it's made to Firefox, which will ensure CCPA regulations benefit all its users worldwide. The main change it's introducing is allowing users to request that Mozilla deletes Firefox telemetry data stored on its servers. That data doesn't include web history, which Mozilla doesn't collect anyway, but it does include data about how many tabs were opened and browser session lengths. The new control will ship in the next version of Firefox on January 7, which will include a feature to request desktop telemetry data be deleted directly from the browser.6
Uhm... am I the only one who thinks this is a vague as fuck answer and should've taken more than one sentence to properly inform users of their data protection methods? It can't be just me...2
Encryption, Data, Servers, Protection, Certificate
oOOO WEE, I use big ear old words so I must be a hacker.3
New DPO (Data protection officer): "Everybody must have an antivirus installed. You have an antivirus"
Me:"No, at the moment. I use Linux. I could install one to detect Windows virus"6
Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.
A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.
My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.
Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!
I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?
But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.
I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.
And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.
It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?
It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?
By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.2
So it's required by law to chip and register your dog. I just got a puppy so I had to change the owner of the dog from the kennel to me. And the only thing I needed was my chipvalue and the registration number.
So all I have to do is scan the dog and try the registration numbers and then I can change the owner. Like wtf. And it does not even send a confirmation email. I checked by changing owner and email again.
My registration number is only in the 600K so other registered pets should be easy enough to bruteforce.
Or am I missing something?7
Why does Google FRP even exist?!
For everyone who doesn't know what FRP is: FRP (Factory Reset Protection) is a partition on an Android device that stores data about the last used Google account on the device. It "protects" the device to be used by a second person (or a thief) even AFTER a factory reset when executed via bootloader.
Last week I bought a HTC One A9 second-hand w/o any documents. I ensured it has been reset, so I took it home... I then wanted to set it up, as following message appeared on the screen: "This device has been reset. Please login using a Google account that has been synced with this device before."
I checked the IMEI for being blacklisted, but it wasn't. Unlocking the bootloader and erasing the frp partition is not an option, because on HTC devices you have to enable OEM unlocking in the settings first. Someone stated on a forum, that you can bypass the bootloader lock with a "RUU Image" (I'm not familiar with this so pls don't blame me for that statement). But since the phone has a branding from Vodafone Germany, I can't find a RUU Image that would flash the device without a CID mismatch...
Why the f*** does Google have to implement a feature that prevents to use the phone when bought from another person that you don't know?10
According to the report of Reuters : Brazil's Ministry of Justice said on Monday it has fined U.S. tech giant Facebook 6.6 million reais ($1.6 million) for improperly sharing user data. The ministry's department of consumer protection said it had found that data from 443,000 Facebook users was made improperly available to developers of an App called 'thisisyourdigitallife.' The data was being shared for "questionable" purposes, the ministry said in a statement.7
So I went for a "special" interview to a company whose slogan is "experience certainty" (fresher, was hoping to get a role in cyber security/Linux sysadmin). Got shown what the "real" hiring process of an indian consultancy company is...
We were called because we cleared a rank of the coding competition which the company holds on a yearly basis, so its understood that we know how to code.
3 rounds; technical, managerial and HR...
Technical is where I knew that I was signing up for complete bullshit. The interviewer asks me to write and algo to generate a "number pyramid". Finished it in 7 minutes, 6-ish lines of (pseudo) code (which resembled python). As I explained the logic to the guy, he kept giving me this bewildered look, so I asked him what happened. He asks me about the simplest part of the logic, and proceeds to ask even dumber questions...
Ultimately I managed to get through his thick skull and answer some other nontechnical questions. He then asks if I have anything to ask him...
I ask him about what he does.
Him - " I am currently working on a project wherein the client is a big American bank as the technical lead "
Me (interest is cybersec) - "oh, then you must be knowing about the data protection and other security mechanisms (encryption, SSL, etc.)"
Him (bewildered look on face) - "no, I mostly handle the connectivity between the portal and data and the interface."
Me (disappointed) - "so, mostly DB, stuff?"
Him (smug and proud) - "yeup"
Gave him a link to my Github repo. Left the cabin. Proceeded to managerial interview (the stereotypical PM asshats)
Never did I think I'd be happy to not get a job offer...1
I feel for you guys,
My inbox is bombarded with emails asking me to give my permission for saving my data again, thanks to the new European data protection laws, which will go live the day after tomorrow.
Which means a lot of you guys are doing overtime today and tomorrow to work towards this deadline. Not me, though. Still. I want to share two sentiments with you:
1. Whatever management just decided at the last minute that they need that done before Friday, fuck them.
2. I repeat my initial words, I feel for you.
I work full time in the data protection field for healthcare whilst investing all my free time into coding as a career change.
I've discovered that despite people telling you how much you need to spend every hour you get free to learn to code, you also need to consider the people closest to you. I was ignoring my partner who I live with because I thought this was more important and that she should be able to see that. But what's the point in being in a relationship if you aren't making an effort with each other?
It's OK to slow down and invest time into the people you have in your life. Give yourself a break.
What's your favorite vps hoster?
I'm currently using scaleway and love it, but recently learned that they offer no protection against data loss.
So I'm looking for an alternative for a project in production that has automatic backups as well as unmetered bandwidth.7
So I get this email from google for my development account about these new general data protection regulations and what they're doing with admob and all that good stuff.
I didn't dive too deep and there's nothing crazy in it but it definitely feels like it's spawned on by this "selling you data to advertisers thing."
We live in such a weird society where it's like outrage after outrage. I've never known anybody who has NOT known that their statistics and data was sold to third party for marketing for EVERYTHING they do on the computer or phone. For a DECADE or longer. It always seemed to be such a second hand thought but now out of nowhere everyone has their panties in a wad for something they ALREADY knew.
Are we like that miserable/bored/no hobbies/unsatisfied with our first world life that we have to just flip out about dumb crap all the time?
I fucking hate bereaucrats, those stupid fucking losers with a bus driver complex have nothing better to do than to make life miserable for everyone else.
You regulate when I'm allowed to work, open business, what I'm allowed to eat, drink, do in my own house. If I don't read you're senseless 300 page data protection acts, I'm going to jail for a 1k side project. If I visit a website, I have to fight through another 300 pages of cookie-red-tape.
I just want to 3D print a gun and start shooting (hi NSA)1
Three Layers of Security
As InfoWorld notes, all smartphones have three basic
elements of security. Your first major task as a mobile
user is to become aware of these layers and enable them
in your devices:
1. Device Protection: Allowing remote data "wiping" if your
device is ever lost or stolen.
2. Data Protection: Preventing corporate data from being
transferred to personal apps running on the same device
or personal network
3. App-Management Security: Protecting your in-app
information from becoming compromised.6
The new UK law for data sharing with the governments is crazy with making it law for service providers to hold data of browsing history and big sites like google, facebook so on to retain human readable access to there data is they offer a service to the UK, what steps do we take to protect the data, service but also follow this law I can't see anything that would make any sense to be able to follow this law.
What are your views and ideas going forward, at the moment the UK as made it law even tho the EU said stop this madness, so lets take it as red its there, is there sense-able way to do this or are we going to have to provide UK users data a means to be back doored?11
tldr: I am looking for recommendations for a basic website for my parents. GOTO question;
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.
Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.
Thanks for reading :)19
Hey all, I'm curious for your opinion on this one. I've got some smart home devices (e.g. Hue lights, Nest Protect) and lately I started to think of the best way to protect them. Now I did see this project on Kickstarter (https://kickstarter.com/projects/...) and it seems to be a nice and easy way. But still, you don't know what they'll do with your data.
Would MAC address filtering in my router / modem not suffice for protection?
Let me know what you think :)5
Looks like the EU is about to do another healthy push towards data privacy. What do you guys think? Is this the real deal, or is there something hidden underneath?
I hate how I have battery issues with every smartphone/tablet I buy. They do well for 1 week and then I have to buy an additional charger for work because after 5 hours of only lying there it only has 50% which wouldnt be sufficient for 30 minutes car drive (Maps, Spotify, Bluetooth, GPS and mobile data)... Fml. I am tired of batteries. My next phone is going to be a huawei mate 10. Maybe I habe more luck with this one. I dont believe im Samsung anymore.
And anyway why the fuck do they introduce better CPUs more sensors etc whilst Keeping the battery capacity the same.. Instead they introduce fast charge etc. Another reason for me to go away from samsung is the fact they bloat each firmware up, my battery got worst after each system update (even the security ones) and also doing 14 factory resets didnt work. Support is shit. They also integrated Clean Master into the system and an "Antivirus Protection"... Can't get worst.
firstname.lastname@example.org # > submit && exit