The FBI Internet Crime Complaint Center (IC3) warns of an increase in complaints reporting the use of deepfakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions.
Forbes has previously revealed a GrayKey brochure that showed it worked on older devices, and the two iPhones acquired by the FBI in the most recent Pensacola case are an iPhone 5 and an iPhone 7, which strongly suggests that investigators are already capable of unlocking them.
“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,” the agent’s affidavit reads.
然後回頭看 PureVPN 的 Privacy 條款發現他們在條款裡面寫著他們會記錄連線資訊:
Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a ‘connection’ and the total bandwidth used during this connection is called ‘bandwidth’. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better.
然後被告 Ryan S. Lin 就幹剿了:
“There is no such thing as a VPN that doesn’t keep logs,” Lin said. “If they can limit your connections or track bandwidth usage, they keep logs.”
In effect, Apple is following the lead of secure cloud services such as SpiderOak which has been offering what it calls “Zero Knowledge” cloud storage. By that, SpiderOak retains no information about whatever is stored in its cloud service, nor the means of gaining access to it.
也就是加解密都放在 client 端處理,server 端只是 storage。
這類型最大的問題是 server 端沒辦法運用資料,但 iCloud 的確可以放掉這些功能 (搜尋之類的),純粹當 storage 使用,藉以讓使用者自己裝置保護。
而蘋果在使用者的裝置上把類似於 HSM 的系統做的頗強大... 不知道 Android 有沒有機會也跟進。(雖然我自己是用 Apple 家的東西...)
Amazon.com Inc. will restore encryption as a security option on its tablets and other devices that use the Fire operating system, following a customer backlash driven by increased sensitivity about data protection as Apple Inc. grapples with the FBI over access to a terrorist’s iPhone.
預定是今年春天加回來:
Amazon reversed course late Friday night, saying in an e-mail that it would restore encryption as an option on Fire devices with a software update “this spring,“ without being more specific.
When the National Society of High School Scholars asked 18,000 Americans, ages 15 to 29, to rank their ideal future employers, the results were curious. To nobody’s surprise, Google, Apple and Facebook appeared high on the list, but so did the Central Intelligence Agency, the Federal Bureau of Investigation and the National Security Agency.
A federal judge in Washington has now confirmed what has been strongly suspected: that Carnegie Mellon University (CMU) researchers at its Software Engineering Institute were hired by the federal government to do research into breaking Tor in 2014.
The Las Vegas court frowned on the FBI's ruse of disconnecting Internet access to $25,000-per-night villas at Caesar's Palace Hotel and Casino. FBI agents posed as the cable guy and secretly searched the premises.
然後就宣稱因為這是被邀請入內,所以搜索是合法的:
The government claimed the search was legal because the suspects invited the agents into the room to fix the Internet.
不過法官顯然不買帳,引用法官的話:
Permitting the government to create the need for the occupant to invite a third party into his or her home would effectively allow the government to conduct warrantless searches of the vast majority of residents and hotel rooms in America,
