It deeply satisfies me to see search requests like “is miui spyware” in my logs. So people actually want to know, and they find my article. I hope that quite a few choose not to buy #Xiaomi hardware then. #privacy
Older research by @email@example.com: so Canvas Defender was adding constant noise to the canvas data, and that noise vector could be easily extracted. Not only did this allow removing the noise, it was also an additional #fingerprinting attribute! #privacy
Those browser extensions with anti-fingerprinting functionality? The sad truth is, they usually make matters worse. Not only do they fail to remove fingerprinting data reliably, they give websites additional data to work with. #privacy #fingerprinting
Hey #Feedly, don’t you want to start using Referrer Policy on your website? Currently, when your users click a link you will typically leak their user ID and some info about how they organize their feeds via the Referer header. #privacy
The data collected by the Microsoft Bing mobile app was apparently exposed to anybody looking. And while this is bad enough by itself, the question to ask is always: why was it necessary to collect such detailed data? #privacy #Microsoft #Bing #infosec
I've published an update on the #Xiaomi #privacy situation (no technical details this time). Yes, a change has been implemented. The default behavior is nothing short of horrifying however. If you use a Xiaomi browser, you should ditch it ASAP.
I investigated the inner workings of #Xiaomi's Mint Browser and summarized it in a blog article. In short: it's as bad as the Forbes article suggests, and even worse. That browser is spyware, exfiltrating an enormous amount of data.
Whisper app: yet another company which had no qualms about collecting as much data of their presumably anonymous users as possible. And then they carelessly exposed the dirty secrets to the public, along with identifying metadata. #privacy
I got my hands on a sample of Jumpshot data. My analysis confirms what everybody already suspected: Avast failed anonymizing the data they sold, leaving plenty of personal data untouched. #Avast #Jumpshot #privacy
I'm rather late to the party but the Avast story took the not quite unexpected turn. I wonder whether this investigation will really conclude that Avast's practices were all GDPR-compliant. #Avast #privacy
#Avast keeps stating that any data shared with #Jumpshot was "de-identified." Experts have been skeptical (in fact, I found a four years old quote from @gcluley on the matter) and I now found quite a bit of info suggesting that they were right. #privacy
I finished analyzing updates to Avast Online Security extension. It is indeed far more privacy friendly now and properly respecting user's choices. Quite surprising development given how they denied anything being wrong with it. #avast #privacy #spyware
Did you expect "Avira Browser Safety" to offer you shopping deals? Me neither, and I also didn't expect this to be implemented by running remote code in the context of the extension or any website. #Avira #infosec #privacy @Avira
Software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
A Mastodon instance for info/cyber security-minded people.