Digital ID verification is now mandatory for tobacco purchases in the state of Nevada. The state passed bill AB 360, which came into effect on January 1, that requires all retailers selling tobacco and vape products to verify the age of buyers. The law applies to vape shops, liquor stores, grocery stores, casinos, bars, and even eCommerce stores that sell tobacco or vape products and to customers under the age of 40. Locations selling tobacco or vape products are required to use “scanning technology, or other automated, software-based system, to verify that the person is at least 18 years of age.” These locations are required to scan an identity document of anyone who looks to be under the age of 40. Non-compliance results in a civil fine of $100. AB 360 was modeled around state legislation that requires age verification for cannabis sales. Establishments have several options, including upgrading existing point-of-sale systems to scan IDs. However, the state does not have laws governing how businesses scan IDs or the information they are allowed to retain.

The UK government plans to update the 2017 Digital Economy Act to allow departments to more easily share citizens’ personal data in an attempt to support the rollout of One Login, a new digital platform for accessing public services that is expected to roll out in the next two years. The proposal was unveiled this week by the Cabinet Office, the aim being making “identity verification” a specified objective and to update the law to “enable public bodies to share a wider range of specified data than is currently possible.” The amendment would involve four agencies that the government plans “will either hold data to verify an individual’s identity and/or help to deliver the identity verification service.” These departments include the Cabinet Office, which is the home of the Government Digital Service (GDS) that is delivering One Login, the Disclosure and Barring Services (which provides background checks for citizens), the Department of Transport, mainly via its Driver and Vehicle Licensing Agency, and the Department for Environment, Food, and Rural Affairs. The personal data to be shared by the agencies include names, dates of birth, photos, income, passport and driver’s license information, contact information, and only other government-held data. “Other data items may be processed as identity verification services develop,” the proposals said. “This may include special category data.” Specific category data includes information that could reveal a person’s race, ethnicity, religious or political beliefs, sexual orientation, biometric data, and information on trade union membership. However, agencies will be required to “process the minimum number of data items… necessary for verifying the identity of an individual.” Public consultation on the proposal is open until March 1.

At a supermarket in the British seaside city of Portsmouth, on a road lined with cafes, Indian takeouts and novelty shops, customers race down aisles grabbing last-minute items before Christmas Day. Attached to the ceiling above the gray shiny floor, watching as people enter the store, is a camera. The device scans faces, matching them against a database of suspicious, potentially criminal shoppers who have been placed on a watchlist. This store on Copnor Road is part of the Southern Co-op chain, which has become embroiled in a battle with privacy rights campaigners over its use of real-time facial recognition technology. In July, civil liberties group Big Brother Watch filed a complaint to the U.K.’s Information Commissioner’s Office against Southern Co-op and Facewatch — the company providing the surveillance system. Joshua Shadbolt, a duty manager at the Copnor Road supermarket, told me that high levels of theft have forced him and his colleagues to hide, for instance, all the cleaning products behind the till. Without the technology, he fears customers would be given free range to steal. Since Covid restrictions were lifted in the U.K. in early 2021 following a third national lockdown, shoplifting has been on the rise. This is likely to have been compounded by a cost-of-living crisis. Still, even if theft has not reached pre-pandemic levels, for Shadbolt, the biometric camera has been an effective and necessary tool in tackling crime.

Forensic technology is powerful, but is it worth the privacy trade-offs?

NEW YORK -- The CIA's chief technology officer outlined the agency's endless appetite for data in a far-ranging speech on Wednesday. Speaking before a crowd of tech geeks at GigaOM's Structure:Data conference in New York City, CTO Ira "Gus" Hunt said that the world is increasingly awash in information from text messages, tweets, and videos -- and that the agency wants all of it. "The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time," Hunt said. "Since you can't connect dots you don't have, it drives us into a mode of, we fundamentally try to collect everything and hang on to it forever."

Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter. The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events. Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

DENVER — Within an hour of FOX31 Denver discovering a hidden camera, which was positioned to capture and record the license plates and facial features of customers leaving a Golden Post Office, the device was ripped from the ground and disappeared. FOX31 Denver investigative reporter Chris Halsne confirmed the hidden camera and recorder is owned and operated by the United State Postal Inspection Service, the law enforcement branch of the U.S. Postal Service. The recording device appeared to be tripped by any vehicle leaving the property on Johnson Road, but the lens was not positioned to capture images of the front door, employee entrance, or loading dock areas of the post office.

cross-posted from: https://community.hackliberty.org/post/13195 > In 2001, NSA published the secret "Transition 2001" report defining our strategy for the 21st century. No longer could we simply access analog communications using conventional means, the new digital world of globally-networked encrypted communications required a dramatic change to our surveillance strategy: NSA would need to "live on the network". > > We've turned our nation's Internet and telecommunications companies into collection partners by installing filters in their facilities, serving them with secret court orders, building back doors into their software and acquiring keys to break their encryption.

Here is a list of stuff with WiFi that leads to deanonymization and some other trivia on information/meta data leaks with this technology. No wifi hacking though.

This guide (Whonix + Anbox) also works for other apps, such as Signal, Samourai Wallet, Schildi Chat and more.

``` MAC address randomization WiFi scanning WiFi connections Ethernet connections Mode options Setting a default configuration Per-connection overrides Seeing the randomized MAC address Remove static hostname to prevent hostname broadcast Disabling transient hostname management Disable sending hostname to DHCP server Verifying proper operation Sources ```

This guide requires you to understand various important concepts in order to truly be anonymous on the internet. There is a vast array of concepts that will need to be thoroughly understood. You’ll be able to make and choose your own model based upon this guide. - Understanding of Tor and its threats - Understanding benefits and negatives of a VPN - Understanding important privacy concepts - Understanding important security concepts - Understanding the principles of threat modeling - Understanding how the internet functions General Ideas: - Using a VPN will NOT make you anonymous - Just because you are using Tor does NOT mean you are safe - An adversary with enough time and resources will eventually find you - The best way to hide is to not use the internet - The land of compromises

cross-posted from: https://exploding-heads.com/post/62870 > “We want to enable users to be able to communicate without being concerned about their privacy, [or] without being concerned about a data breach at Twitter causing all of their DMs to hit the web, or think that maybe someone at Twitter could be spying on their DMs,” Musk said. “That’s obviously not going to be cool and it has happened a few times before.”

Attacks on privacy by companies and governments have been going on for many years and continue to evolve. Even minor successes, such as greater adoption of end-to-end encryption following the Edward Snowden leaks, cannot hide the fact that we are on the defensive. Attacks on our devices and our infrastructure are being stepped up, and there are even calls for the criminalization of encryption. Data collection, tracking and behavioral analysis are now part of everyday life. At the moment, a generation is growing up for whom it is "normal" that their data is available to companies, and that they themselves or relatives publish it on the Internet. We consider it important to develop counter-strategies to surveillance measures. We group these strategies into three parts: - First, there must be awareness. We need to understand, at least roughly, what may follow from our actions. - What resources – technical and non-technical devices and software – are needed to meet the individual's need for protection? - What skills – self-learned or provided by others – do we need to use the assistive devices appropriately? How can we strengthen digital self-defense in these parts? Our suggestion: By building local privacy support spaces! This idea can be fully or partially integrated into existing projects or serve as a blueprint to build new places. A privacy support space should develop into a point of contact that works with existing or new structures to raise awareness of digital self-defense – e.g., through lectures and workshops, literature, and outreach. It should offer tools and help to expand one's own skills or to get to know people with the relevant skills. Depending on the concept, it may make sense for this point of contact to be open not only occasionally, but ideally half or all day at fixed times in order to serve as a point of contact for a broad spectrum of people. This costs time and – in the current form of society – unfortunately often money as well.

We investigated printouts from 101 printers for Machine Identification Codes and provide tips on how to handle metadata: https://dys2p.com/en/2022-09-print-scan-traces.html

New regulations to make privacy harder with cryptocurrency

A team of researchers has found that it’s possible to infer the locations of users of popular instant messenger apps with an accuracy that surpasses 80% by launching a specially crafted timing attack. The trick lies in measuring the time taken for the attacker to receive the message delivery status notification on a message sent to the target. Because mobile internet networks and IM app server infrastructure have specific physical characteristics that result in standard signal pathways, these notifications have predictable delays based on the user’s position. The resulting classification accuracy based on the researchers’ experiments was: - 82% for Signal targets - 80% for Threema - 74% for those using WhatsApp

Ever since 1970, the federal government has had it's hands on your financial data. It should leave well enough alone.

This is the first report in the new Cypherpunk Transmission series.

- Guides - Android - Desktop - Tor and VPNs - General - Fingerprinting Articles - Fingerprinting Tests