"We are looking for a GDPR expert to be hired in our company"

"I am an experienced data protection manager"

"Oh, fine! May you give us your phone number?"

"No"

"Your email address?"

"No"

"You're hired"

So, as everyone knows on here by now (or, a lot of ranters), I am a fervid privacy person.

Appearantly a new surveillance law in my country is about to extend mass surveillance/hacking a lot. So here a rundown of what they are about to be allowed to do (stuff that is not okay imo and this is the reason I am so pro-privacy):

- Mass Data Gathering: The intelligence agency over here (lets call it IA from now) can pretty much record everything send through the country.

- Extra Protection: If they want to conduct surveillance on journalists/lawyers, they have to go through extra channels first at least.

- Data/survaillance sharing: The IA is allowed to share their raw/filtered data with foreign intelligence agencies without limits. Also, they're allowed to conduct surveillance based on foreign requests.

- Secret DNA database: A secret DNA database will be created which can store the DNA profiles of any person who has commited any kind of crime. These profiles are allowed to be stored for a maximum of 30 years. This database is allowed to be shared with any foreign intelligence agency.

- Hacking: Unlimited power to hack any device deemed neccesary to hack in relation to crime. From computers to smartphones and so on. Also, it's allowed to use zero-days without reporting them to the vendor (we have seen what can go wrong with that through the ShadowBrokers scandal).

- Automatic Database Collection: They are allowed to directly tap into any database they see required (banks, healthcare, messaging services and so on). Practically this can lead to backdoors being build in because if you don't cooperate, you can go to prison. (mother of god I am not using anything closed source anymore if possible).

So yeah, this is pretty much the reason why I am so privacy consious. This country is fucked.

So I heard (a while ago) from one of my teachers at my previous study that they're waiting for the new european data protection laws to kick in so that they'll be able to start using Google for everything.

That would mean that every student is required to have a (school/school domain though) Google account.

"The data will remain in this country"

Yeah fuck off I'm not going to believe google on it's 'blue eyes'.

It's sad how an educational institution can force their students into a mass surveillance network. Really makes me angry as hell.

Luckily I got out before they're going to implement this.

Hahaha, the DPC (Data Protection Commission) has asked Facebook in a letter to stop transferring Europeans' data to the US.

Since the Privacy Shield agreement is off the table, it's illegal regardless to send any kind of PII data from the EU to the US.

How about we stop nicely asking and start giving fines in the form of millions every time PII data is transferred from the EU to the US by Facebook?

If the EU could grow some balls, that'd be fucking great.

@JoshBent suggested that I'd make a blog about security.

Nice idea, fair enough!

*registers domain at provider with discounts at the moment*
*tries to find whois protection option*

"You can add WHOIS protection to your account as an upgrade"

*requests authorization token*

*logs into usual domain name provider account*

*transfers domain name*

*anonymizes WHOIS details within two seconds*

I could've stayed and ask them about the cost etc but the fact that they even HAVE a price for protecting WHOIS data is a no-go for me.

Fuck domain name resellers which ask money for protecting ones WHOIS information (where possible).

Just read that EU may planning regulating Algorithms...

What the fuck? WHAT THE FUCK?

They want that programmers make their Algorithms public accessible for transparency and say what algorithms are allowed to do, because people are scared of them?!

MY BRAIN HURTS AFTER THAT FUCKING GENERAL DATA PROTECTION BULLSHIT THEY WANT TO REGULATE HOW OUR PROGRAMS SHOULD WORK?!

AHDHSHSJSDHJABDJS SHDNSBDBSNSN *RAGEQUIT*

"The customers of our webshop are able to change their billing address... We don't want our customers to be able to do that."

(in a few months with the new general European data protection regulation I need to code it in again, so I just removed the html...)

A lot of people ranting about GDPR emails, but it's cool when you receive them by letter 😆

Story time...of how HR actually did its job of taking care of employees.

So, I started at this new gig on December, the boss was all sunshine and promise (big red flag now to think back). Then as time passed, he started seeming...off. To a point I considered quitting my boss just after 2 months of working for him.

Then one morning we had a project meeting. He started verbally abusing me, calling me incompetent, bashing my work (of which he knew ~nothing, his experience 30 years back). Earlier in the week he demanded me to make a presentation which he in this meeting told is complete bullshit without actually reading any of it. He told me 'I am your boss, you do exactly as I say' when I told him something is technologically impossible in the situation we're in. He *actually* told me to break the law with data protection...

This was like wtf dude. That's not how you manage people. So, I made an HR ticket about his behaviour. They were *shocked* and escalated the matter.

Long story short: he was a bully, he's getting fired, my team has a new manager. My workplace actually appreciates my expertise.

Bad thing in this is, now I actually need to continue doing my job. ;_;

Somewhat unpopular opinion time. I don’t 100% hate Facebook.

I do not support their data collection, but my biggest problem with FB is the users. My connections are inherently idiots because I’m in high school with people who are way too narcissistic and full of drama. I left FB because of the toxicity, and the data protection as a result was a bonus.

I support the original mission of Facebook, to connect people. I just wish it was still about that.

Tutanota.

It's very functional while providing great data protection/privacy features at the same time.

And it's free by default! (although I do pay for a premium account)

So... GDPR.
And the deadline.
And I have no idea what to do.

What does it mean for one-man indie projects? Data protection officers? Companies? Controllers? Processors? EU employees? Argh.

Look, please, EU. Not everyone can afford to hire an entire team for this, when their current team is literally one person.

Yes, the GDPR is probably a step in the right direction, but I think I'll just stop collecting the data altogether.

(All data I collect is just user settings stored in a database, nothing more.)

Can someone point me in the right direction?

My car stopped working.
I thought of having a look. Opened the bonnet.

"GDPR"

He's making a list 🌲

He's checking it twice 🎅

He's gonna find out who's naughty or nice 🎁

Santa Claus is in contravention of article 4 of the General Data Protection Regulation (EU) 2016/679

So... Intense pillowtalk with the wife the other night regarding the coming enforcement of the new General Data Protection Regulation (GDPR) law in the EU after a while turns into nerdy dirty talk.

Me: *Whisper in a sleazy voice like the dirty malware that I am*: So... Why don't you just open up all your inbound firewall ports for me...
Her: Hell no... But I might just make an exception in the private domain just for you...

Talk about data protection, I am fucking furious!! A hotel i stayed in recently has sent an email with a scan of my passport and credit card. Do I have any legal rights to fuck them up the arse? The hotel is in france.

Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide.

According to report of ZDNet: The CCPA (America's privacy legislation) came into effect on January 1, 2020, offering Californian users data-protection rules. Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it. While the law technically only applies to data processed about residents in California, US. But Mozilla notes it was one of the few companies to endorse CCPA from the outset. Mozilla has now outlined the key change it's made to Firefox, which will ensure CCPA regulations benefit all its users worldwide. The main change it's introducing is allowing users to request that Mozilla deletes Firefox telemetry data stored on its servers. That data doesn't include web history, which Mozilla doesn't collect anyway, but it does include data about how many tabs were opened and browser session lengths. The new control will ship in the next version of Firefox on January 7, which will include a feature to request desktop telemetry data be deleted directly from the browser.

Uhm... am I the only one who thinks this is a vague as fuck answer and should've taken more than one sentence to properly inform users of their data protection methods? It can't be just me...

"All of InfoSec right now" #WannaCrypt

Twitter knows all the solutions for data protection.

Encryption, Data, Servers, Protection, Certificate

oOOO WEE, I use big ear old words so I must be a hacker.

I just found a vulnerability in my companies software.
Anyone who can edit a specific config file could implant some SQL there, which would later be executed by another (unknowing) user from within the software.

The software in question is B2B and has a server-client model, but with the client directly connecting to the database for most operations - but what you can do should be regulated by the software. With this cute little exploit I managed to drop a table from my test environment - or worse: I could manipulate data, so when you realize it it's too late to simply restore a DB backup because there might have been small changes for who knows how long. If someone was to use this maliciously the damages could be easily several million Euros for some of our customers (think about a few hundred thousand orders per day being deleted/changed).

It could also potentially be used for data exfiltration by changing protection flags, though if we're talking industry espionage they would probably find other ways and exploit the OS or DB directly, given that this attack requires specific knowledge of the software. Also we don't promise to safely store your crabby patty recipe (or other super secret secrets).

The good thing is that an attack would only possible for someone with both write access to that file and insider knowledge (though that can be gained by user of the software fairly easily with some knowledge of SQL).

Well, so much for logging off early on Friday.

Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.

A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.

My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.

Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!

I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?

But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.

I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.

And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.

It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?

It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?

By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.

New DPO (Data protection officer): "Everybody must have an antivirus installed. You have an antivirus"
Me:"No, at the moment. I use Linux. I could install one to detect Windows virus"

So it's required by law to chip and register your dog. I just got a puppy so I had to change the owner of the dog from the kennel to me. And the only thing I needed was my chipvalue and the registration number.

So all I have to do is scan the dog and try the registration numbers and then I can change the owner. Like wtf. And it does not even send a confirmation email. I checked by changing owner and email again.

My registration number is only in the 600K so other registered pets should be easy enough to bruteforce.

Or am I missing something?

You all know that these AI dev tools are reading your code right?

It is sending it back to a data center and doing evaluations on the code. This is like handing your code to an unknown entity with no guarantees for privacy or copyright protection.

This concept bothers me and I would have to consult with my employer to even determine if we wanted to take that risk. I think it is just a matter of time before a bad actor takes advantage of this and rips off a company somewhere.

Why does Google FRP even exist?!

For everyone who doesn't know what FRP is: FRP (Factory Reset Protection) is a partition on an Android device that stores data about the last used Google account on the device. It "protects" the device to be used by a second person (or a thief) even AFTER a factory reset when executed via bootloader.

Last week I bought a HTC One A9 second-hand w/o any documents. I ensured it has been reset, so I took it home... I then wanted to set it up, as following message appeared on the screen: "This device has been reset. Please login using a Google account that has been synced with this device before."
I checked the IMEI for being blacklisted, but it wasn't. Unlocking the bootloader and erasing the frp partition is not an option, because on HTC devices you have to enable OEM unlocking in the settings first. Someone stated on a forum, that you can bypass the bootloader lock with a "RUU Image" (I'm not familiar with this so pls don't blame me for that statement). But since the phone has a branding from Vodafone Germany, I can't find a RUU Image that would flash the device without a CID mismatch...

Why the f*** does Google have to implement a feature that prevents to use the phone when bought from another person that you don't know?

According to the report of Reuters : Brazil's Ministry of Justice said on Monday it has fined U.S. tech giant Facebook 6.6 million reais ($1.6 million) for improperly sharing user data. The ministry's department of consumer protection said it had found that data from 443,000 Facebook users was made improperly available to developers of an App called 'thisisyourdigitallife.' The data was being shared for "questionable" purposes, the ministry said in a statement.

I work full time in the data protection field for healthcare whilst investing all my free time into coding as a career change.

I've discovered that despite people telling you how much you need to spend every hour you get free to learn to code, you also need to consider the people closest to you. I was ignoring my partner who I live with because I thought this was more important and that she should be able to see that. But what's the point in being in a relationship if you aren't making an effort with each other?

It's OK to slow down and invest time into the people you have in your life. Give yourself a break.

Tonight I will delete the data of 10M of records of personal data after the inspection of the Data Protection Authority.

So I went for a "special" interview to a company whose slogan is "experience certainty" (fresher, was hoping to get a role in cyber security/Linux sysadmin). Got shown what the "real" hiring process of an indian consultancy company is...

We were called because we cleared a rank of the coding competition which the company holds on a yearly basis, so its understood that we know how to code.
3 rounds; technical, managerial and HR...

Technical is where I knew that I was signing up for complete bullshit. The interviewer asks me to write and algo to generate a "number pyramid". Finished it in 7 minutes, 6-ish lines of (pseudo) code (which resembled python). As I explained the logic to the guy, he kept giving me this bewildered look, so I asked him what happened. He asks me about the simplest part of the logic, and proceeds to ask even dumber questions...
Ultimately I managed to get through his thick skull and answer some other nontechnical questions. He then asks if I have anything to ask him...
I ask him about what he does.
Him - " I am currently working on a project wherein the client is a big American bank as the technical lead "

Me (interest is cybersec) - "oh, then you must be knowing about the data protection and other security mechanisms (encryption, SSL, etc.)"

Him (bewildered look on face) - "no, I mostly handle the connectivity between the portal and data and the interface."

Me (disappointed) - "so, mostly DB, stuff?"

Him (smug and proud) - "yeup"

Gave him a link to my Github repo. Left the cabin. Proceeded to managerial interview (the stereotypical PM asshats)

Never did I think I'd be happy to not get a job offer...

What's your favorite vps hoster?
I'm currently using scaleway and love it, but recently learned that they offer no protection against data loss.
So I'm looking for an alternative for a project in production that has automatic backups as well as unmetered bandwidth.

So I get this email from google for my development account about these new general data protection regulations and what they're doing with admob and all that good stuff.

I didn't dive too deep and there's nothing crazy in it but it definitely feels like it's spawned on by this "selling you data to advertisers thing."

We live in such a weird society where it's like outrage after outrage. I've never known anybody who has NOT known that their statistics and data was sold to third party for marketing for EVERYTHING they do on the computer or phone. For a DECADE or longer. It always seemed to be such a second hand thought but now out of nowhere everyone has their panties in a wad for something they ALREADY knew.

Are we like that miserable/bored/no hobbies/unsatisfied with our first world life that we have to just flip out about dumb crap all the time?

It's 2022 and people still believe USB sticks and external card readers are a replacement for memory card slots.

They're not. SD cards have a standardized form factor and do not protrude from memory card slots, but external card readers and USB sticks do.

Just like smartphones, laptops are increasingly ditching the SD card slot or replacing it with microSD, which has less capacity, lower life expectancy and data retention span due to smaller memory transistors, worse handling, and no write-protection switch.

Not only should full-sized SD cards be brought back to laptops, but also brought to smartphones. There might soon be 2 TB SD cards, meaning not one second of worrying about running out of space for years. That would be wonderful.

The new UK law for data sharing with the governments is crazy with making it law for service providers to hold data of browsing history and big sites like google, facebook so on to retain human readable access to there data is they offer a service to the UK, what steps do we take to protect the data, service but also follow this law I can't see anything that would make any sense to be able to follow this law.

What are your views and ideas going forward, at the moment the UK as made it law even tho the EU said stop this madness, so lets take it as red its there, is there sense-able way to do this or are we going to have to provide UK users data a means to be back doored?

CREA DDF (Canada Real state listings API) is what you get when government fucks with technology.

Holy shit! So f*cking inefficient to use it, test it and get data.

I get the protection behind sensitive data but fuck me if there is not a lot of waiting behind their fucking application process just to fetch some testing data.

Three Layers of Security
As InfoWorld notes, all smartphones have three basic
elements of security. Your first major task as a mobile
user is to become aware of these layers and enable them
in your devices:
1. Device Protection: Allowing remote data "wiping" if your
device is ever lost or stolen.
2. Data Protection: Preventing corporate data from being
transferred to personal apps running on the same device
or personal network
3. App-Management Security: Protecting your in-app
information from becoming compromised.

tldr: I am looking for recommendations for a basic website for my parents. GOTO question;

Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.

Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.

Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.

Thanks for reading :)

I hate how I have battery issues with every smartphone/tablet I buy. They do well for 1 week and then I have to buy an additional charger for work because after 5 hours of only lying there it only has 50% which wouldnt be sufficient for 30 minutes car drive (Maps, Spotify, Bluetooth, GPS and mobile data)... Fml. I am tired of batteries. My next phone is going to be a huawei mate 10. Maybe I habe more luck with this one. I dont believe im Samsung anymore.

And anyway why the fuck do they introduce better CPUs more sensors etc whilst Keeping the battery capacity the same.. Instead they introduce fast charge etc. Another reason for me to go away from samsung is the fact they bloat each firmware up, my battery got worst after each system update (even the security ones) and also doing 14 factory resets didnt work. Support is shit. They also integrated Clean Master into the system and an "Antivirus Protection"... Can't get worst.

samsungrant@devrant.com # > submit && exit