The Electronic Frontier Foundation's Director of Activism Jason Kelley said Insanet's use of advertising technology to infect devices and spy on clients' targets makes it especially worrisome. Dodgy online ads don't just provide a potential vehicle for delivering malware, such as via carefully crafted images or JavaScript in the ads that exploit vulnerabilities in browsers and OSes, they can be used to go after specific groups of people – such as those who are interested in open source code, or who frequently travel to Asia – that someone might be interested in snooping on.

"This method of surveillance and targeting uses commercially available data that's very difficult to erase from the internet," Kelley told The Register. "Most people have no idea how much of their information has been compiled or shared by data brokers and ad tech companies, and have little ability to erase it."

It's an interesting twist. Sherlock seems designed to use legal data collection and digital advertising technologies — beloved by Big Tech and online media — to target people for government-level espionage.

"Since these ads are being served using known advertisement networks, anti-adware technologies such as not loading JavaScript, using ad blockers or privacy-aware browsers, and not clicking on advertisements should act as a guardrail against this attack," Dani suggested.

I suppose this gives additional impetus for many wanting to block ads... But if this one was previously secret, how many more are there that no-one knows about? Supposedly, the Wester will use this to spy on the East? We actually don't know what the East already has, because for some unknown reason we are always discovering what the West is up to in regard to alleged spying (even on their own allies). And as we saw this month, data privacy laws mean absolutely nothing to some major Western powers, as they just get a 3rd party country to do the spying on their behalf, and then pass the data back, or they buy the data from Facebook.

More and more, reading all of this, I can see why so many private citizens are insisting on having E2EE without any backdoors. Unfortunately, a citizen can no longer just trust their own government, and it is mostly lip service that is paid to privacy laws. So laws and political assurances mean very little in reality.

See https://www.theregister.com/2023/09/16/insanet_spyware/

#technology #spying #Israel #privacy

The Electronic Frontier Foundation's Director of Activism Jason Kelley said Insanet's use of advertising technology to infect devices and spy on clients' targets makes it especially worrisome. Dodgy online ads don't just provide a potential vehicle for delivering malware, such as via carefully crafted images or JavaScript in the ads that exploit vulnerabilities in browsers and OSes, they can be used to go after specific groups of people – such as those who are interested in open source code, or who frequently travel to Asia – that someone might be interested in snooping on.

"This method of surveillance and targeting uses commercially available data that's very difficult to erase from the internet," Kelley told The Register. "Most people have no idea how much of their information has been compiled or shared by data brokers and ad tech companies, and have little ability to erase it."

It's an interesting twist. Sherlock seems designed to use legal data collection and digital advertising technologies — beloved by Big Tech and online media — to target people for government-level espionage.

"Since these ads are being served using known advertisement networks, anti-adware technologies such as not loading JavaScript, using ad blockers or privacy-aware browsers, and not clicking on advertisements should act as a guardrail against this attack," Dani suggested.

I suppose this gives additional impetus for many wanting to block ads... But if this one was previously secret, how many more are there that no-one knows about? Supposedly, the Wester will use this to spy on the East? We actually don't know what the East already has, because for some unknown reason we are always discovering what the West is up to in regard to alleged spying (even on their own allies). And as we saw this month, data privacy laws mean absolutely nothing to some major Western powers, as they just get a 3rd party country to do the spying on their behalf, and then pass the data back, or they buy the data from Facebook.

More and more, reading all of this, I can see why so many private citizens are insisting on having E2EE without any backdoors. Unfortunately, a citizen can no longer just trust their own government, and it is mostly lip service that is paid to privacy laws. So laws and political assurances mean very little in reality.

See https://www.theregister.com/2023/09/16/insanet_spyware/

#technology #spying #Israel #privacy

The Electronic Frontier Foundation's Director of Activism Jason Kelley said Insanet's use of advertising technology to infect devices and spy on clients' targets makes it especially worrisome. Dodgy online ads don't just provide a potential vehicle for delivering malware, such as via carefully crafted images or JavaScript in the ads that exploit vulnerabilities in browsers and OSes, they can be used to go after specific groups of people – such as those who are interested in open source code, or who frequently travel to Asia – that someone might be interested in snooping on.

"This method of surveillance and targeting uses commercially available data that's very difficult to erase from the internet," Kelley told The Register. "Most people have no idea how much of their information has been compiled or shared by data brokers and ad tech companies, and have little ability to erase it."

It's an interesting twist. Sherlock seems designed to use legal data collection and digital advertising technologies — beloved by Big Tech and online media — to target people for government-level espionage.

"Since these ads are being served using known advertisement networks, anti-adware technologies such as not loading JavaScript, using ad blockers or privacy-aware browsers, and not clicking on advertisements should act as a guardrail against this attack," Dani suggested.

I suppose this gives additional impetus for many wanting to block ads... But if this one was previously secret, how many more are there that no-one knows about? Supposedly, the Wester will use this to spy on the East? We actually don't know what the East already has, because for some unknown reason we are always discovering what the West is up to in regard to alleged spying (even on their own allies). And as we saw this month, data privacy laws mean absolutely nothing to some major Western powers, as they just get a 3rd party country to do the spying on their behalf, and then pass the data back, or they buy the data from Facebook.

More and more, reading all of this, I can see why so many private citizens are insisting on having E2EE without any backdoors. Unfortunately, a citizen can no longer just trust their own government, and it is mostly lip service that is paid to privacy laws. So laws and political assurances mean very little in reality.

See https://www.theregister.com/2023/09/16/insanet_spyware/

#technology #spying #Israel #privacy

Many are looking for alternatives to Google Photos, and this comparison table does an excellent job of comparing the most obvious features side by side. Make sure to expand the table for a complete view.

I'm still using Piwigo as it did an automated import of all my photos from Flickr, and although it is packed with features, many of its plugins are no longer supported. It works well still for me, but I've been thinking about alternatives.

Immich was one that looked really slick, and the closest I've seen to Google Photos, but one big weakness is there is no easy ability to import my existing Piwigo photos (over 10,000 of them). And it does not yet have any editing functionality.

But looking at this table shows me that in fact that Nextcloud Memories seems to tick all the boxes, including some edit functionality, and the ability to point to existing photo folders. Memories is based on Nexcloud's own Photos app but has some slight improvements. Its appearance is maybe just not as slick as Immich, but it seems very responsive otherwise.

All, but one, apps have demo sites that you can log into and have a good look at.

See https://meichthys.github.io/foss_photo_libraries/

#technology #opensource #alternativesto #photos

Many are looking for alternatives to Google Photos, and this comparison table does an excellent job of comparing the most obvious features side by side. Make sure to expand the table for a complete view.

I'm still using Piwigo as it did an automated import of all my photos from Flickr, and although it is packed with features, many of its plugins are no longer supported. It works well still for me, but I've been thinking about alternatives.

Immich was one that looked really slick, and the closest I've seen to Google Photos, but one big weakness is there is no easy ability to import my existing Piwigo photos (over 10,000 of them). And it does not yet have any editing functionality.

But looking at this table shows me that in fact that Nextcloud Memories seems to tick all the boxes, including some edit functionality, and the ability to point to existing photo folders. Memories is based on Nexcloud's own Photos app but has some slight improvements. Its appearance is maybe just not as slick as Immich, but it seems very responsive otherwise.

All, but one, apps have demo sites that you can log into and have a good look at.

See https://meichthys.github.io/foss_photo_libraries/

#technology #opensource #alternativesto #photos

Many are looking for alternatives to Google Photos, and this comparison table does an excellent job of comparing the most obvious features side by side. Make sure to expand the table for a complete view.

I'm still using Piwigo as it did an automated import of all my photos from Flickr, and although it is packed with features, many of its plugins are no longer supported. It works well still for me, but I've been thinking about alternatives.

Immich was one that looked really slick, and the closest I've seen to Google Photos, but one big weakness is there is no easy ability to import my existing Piwigo photos (over 10,000 of them). And it does not yet have any editing functionality.

But looking at this table shows me that in fact that Nextcloud Memories seems to tick all the boxes, including some edit functionality, and the ability to point to existing photo folders. Memories is based on Nexcloud's own Photos app but has some slight improvements. Its appearance is maybe just not as slick as Immich, but it seems very responsive otherwise.

All, but one, apps have demo sites that you can log into and have a good look at.

See https://meichthys.github.io/foss_photo_libraries/

#technology #opensource #alternativesto #photos

The world already has quite a few good open-source, E2EE and secure messaging protocols like XMPP, Signal, MTProto, Wickr, Wire, and more. But none have ended up dominating across messaging apps. Also, there is no defined W3C open standard for messaging, like there is ActivityPub for social networking interoperability.

We now have the situation (a good one actually) that the EU is forcing WhatsApp to interoperate with other messaging platforms. That means WhatsApp must offer interconnectivity using some protocol. But that protocol was not defined by the EU, and there is no open standard recommended by a standards body yet (seems W3C is still busy developing its recommendation for WebRTC as a messaging API [which Facebook Messenger and Google Hangouts use] but that was not really created for this type of purpose, as I gather it was more intended for web applications).

In summary on the 'Why', WhatsApp can't be expected to create a separate protocol API for every messenger out there, so they must choose one that others can also adopt and use. In the absence of an international standard, WhatsApp must make a choice, and because WhatsApp is by far the biggest messaging platform on this planet, what they decide to use will be adopted by many other messaging platforms as either their primary or secondary protocol as well. That in turn (should) allows them to interoperate with each other too, thereby effectively creating a common messaging standard through popular usage.

So, 'What' could WhatsApp decide on? Well, I'm speculating that as they already built WhatsApp using the modified Signal protocol, that it would make the most sense for them to actually adopt that. The API they expose would just have to be a standard Signal protocol. The Signal protocol would likely mean the least effort for WhatsApp, and it is very well established as a secure E2EE messaging protocol already.

Of course, WhatsApp may also take the low road approach out of spite, and just for compliance purposes, adopt something that uses plain open text like SMS, and limit it to the EU region only.

Neither iMessage nor RCS really qualify for use, as they are both limited to separate OS ecosystems. Although an approach taken like Beeper did, with transparently using Matrix rooms and bridges could work, I don't think WhatsApp will follow that approach as it is more complex than just exposing a standard messaging API, for others to do the work on connecting to. There is nothing wrong with XMPP and the other protocols, but I'm still thinking WhatsApp will stick to what they are more familiar with, and has the least effort involved.

If Apple had adopted RCS, then it may have been a different story, as RCS may have then made sense as it is designed for secure E2EE instant messaging with presence indication, etc. Or if Apple had opened iMessage up to Android, but now I'm just dreaming...

I am eager to witness WhatsApp's next move, as it will usher in a new age of cross-platform communication for everyone. Currently, most 'open' messaging platforms remain isolated, because they have not gained widespread adoption by other parties, despite being open. WhatsApp has an opportunity to change that, thanks to the European Union.

The world already has quite a few good open-source, E2EE and secure messaging protocols like XMPP, Signal, MTProto, Wickr, Wire, and more. But none have ended up dominating across messaging apps. Also, there is no defined W3C open standard for messaging, like there is ActivityPub for social networking interoperability.

We now have the situation (a good one actually) that the EU is forcing WhatsApp to interoperate with other messaging platforms. That means WhatsApp must offer interconnectivity using some protocol. But that protocol was not defined by the EU, and there is no open standard recommended by a standards body yet (seems W3C is still busy developing its recommendation for WebRTC as a messaging API [which Facebook Messenger and Google Hangouts use] but that was not really created for this type of purpose, as I gather it was more intended for web applications).

In summary on the 'Why', WhatsApp can't be expected to create a separate protocol API for every messenger out there, so they must choose one that others can also adopt and use. In the absence of an international standard, WhatsApp must make a choice, and because WhatsApp is by far the biggest messaging platform on this planet, what they decide to use will be adopted by many other messaging platforms as either their primary or secondary protocol as well. That in turn (should) allows them to interoperate with each other too, thereby effectively creating a common messaging standard through popular usage.

So, 'What' could WhatsApp decide on? Well, I'm speculating that as they already built WhatsApp using the modified Signal protocol, that it would make the most sense for them to actually adopt that. The API they expose would just have to be a standard Signal protocol. The Signal protocol would likely mean the least effort for WhatsApp, and it is very well established as a secure E2EE messaging protocol already.

Of course, WhatsApp may also take the low road approach out of spite, and just for compliance purposes, adopt something that uses plain open text like SMS, and limit it to the EU region only.

Neither iMessage nor RCS really qualify for use, as they are both limited to separate OS ecosystems. Although an approach taken like Beeper did, with transparently using Matrix rooms and bridges could work, I don't think WhatsApp will follow that approach as it is more complex than just exposing a standard messaging API, for others to do the work on connecting to. There is nothing wrong with XMPP and the other protocols, but I'm still thinking WhatsApp will stick to what they are more familiar with, and has the least effort involved.

If Apple had adopted RCS, then it may have been a different story, as RCS may have then made sense as it is designed for secure E2EE instant messaging with presence indication, etc. Or if Apple had opened iMessage up to Android, but now I'm just dreaming...

I am eager to witness WhatsApp's next move, as it will usher in a new age of cross-platform communication for everyone. Currently, most 'open' messaging platforms remain isolated, because they have not gained widespread adoption by other parties, despite being open. WhatsApp has an opportunity to change that, thanks to the European Union.

The world already has quite a few good open-source, E2EE and secure messaging protocols like XMPP, Signal, MTProto, Wickr, Wire, and more. But none have ended up dominating across messaging apps. Also, there is no defined W3C open standard for messaging, like there is ActivityPub for social networking interoperability.

We now have the situation (a good one actually) that the EU is forcing WhatsApp to interoperate with other messaging platforms. That means WhatsApp must offer interconnectivity using some protocol. But that protocol was not defined by the EU, and there is no open standard recommended by a standards body yet (seems W3C is still busy developing its recommendation for WebRTC as a messaging API [which Facebook Messenger and Google Hangouts use] but that was not really created for this type of purpose, as I gather it was more intended for web applications).

In summary on the 'Why', WhatsApp can't be expected to create a separate protocol API for every messenger out there, so they must choose one that others can also adopt and use. In the absence of an international standard, WhatsApp must make a choice, and because WhatsApp is by far the biggest messaging platform on this planet, what they decide to use will be adopted by many other messaging platforms as either their primary or secondary protocol as well. That in turn (should) allows them to interoperate with each other too, thereby effectively creating a common messaging standard through popular usage.

So, 'What' could WhatsApp decide on? Well, I'm speculating that as they already built WhatsApp using the modified Signal protocol, that it would make the most sense for them to actually adopt that. The API they expose would just have to be a standard Signal protocol. The Signal protocol would likely mean the least effort for WhatsApp, and it is very well established as a secure E2EE messaging protocol already.

Of course, WhatsApp may also take the low road approach out of spite, and just for compliance purposes, adopt something that uses plain open text like SMS, and limit it to the EU region only.

Neither iMessage nor RCS really qualify for use, as they are both limited to separate OS ecosystems. Although an approach taken like Beeper did, with transparently using Matrix rooms and bridges could work, I don't think WhatsApp will follow that approach as it is more complex than just exposing a standard messaging API, for others to do the work on connecting to. There is nothing wrong with XMPP and the other protocols, but I'm still thinking WhatsApp will stick to what they are more familiar with, and has the least effort involved.

If Apple had adopted RCS, then it may have been a different story, as RCS may have then made sense as it is designed for secure E2EE instant messaging with presence indication, etc. Or if Apple had opened iMessage up to Android, but now I'm just dreaming...

I am eager to witness WhatsApp's next move, as it will usher in a new age of cross-platform communication for everyone. Currently, most 'open' messaging platforms remain isolated, because they have not gained widespread adoption by other parties, despite being open. WhatsApp has an opportunity to change that, thanks to the European Union.