Android phones are tracking your location even if you actively turn off location services, haven't used any apps, and haven't even inserted a carrier SIM card.

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

Targeted advertising is at the heart of the largest technology companies today, and is becoming increasingly precise. Simultaneously, users generate more and more personal data that is shared with advertisers as more and more of daily life becomes intertwined with networked technology. There are many studies about how users are tracked and what kinds of data are gathered. The sheer scale and precision of individual data that is collected can be concerning. However, in the broader public debate about these practices this concern is often tempered by the understanding that all this potentially sensitive data is only accessed by large corporations; these corporations are profit-motivated and could be held to account for misusing the personal data they have collected. In this work we examine the capability of a different actor -- an individual with a modest budget -- to access the data collected by the advertising ecosystem. Specifically, we find that an individual can use the targeted advertising system to conduct physical and digital surveillance on targets that use smartphone apps with ads.

The social network allowed advertisers to buy ads specifically targeting "Jew haters" and people who were "interested in" other anti-Semitic topics, according to a new report from ProPublica.

The publication found that Facebook's advertising portal contained a number of anti-Semitic categories ad-buyers could use to help target their ads on Facebook. These categories, which have since been removed, included "Jew haters," "How to burn Jews,” and “History of ‘why jews ruin the world," and "Hitler did nothing wrong."

These repugnant "categories" were apparently created automatically because a small number of Facebook users listed them on their profiles under "interests" or "fields of study." Facebook's advertising tools automatically generate ad categories based on these fields.

In a recently published paper, researchers at the University of Washington demonstrate that practically anyone can spend a little cash and track, in relatively real time, the location of a human target. That's digital surveillance, made available to any and all with money on hand, brought to the masses by your friendly neighborhood Silicon Valley disrupters.

The idea is straightforward: Associate a series of ads with a specific individual as well as predetermined GPS coordinates. When those ads are served to a smartphone app, you know where that individual has been.

"The first step to enable location tracking using ads is to obtain the target’s MAID [Mobile Advertising ID] by sniffing their network traffic (see below), which allows us to specify ads to only be served to the target device," explain the study authors. "Then we create a series of ads, each targeted at that MAID, but each also targeted at a different GPS location. This creates a geographical grid-like pattern of ads. Then we can observe which of these ads gets served, and this indicates where the target actually was."

When MicroG stopped working for you, Signal complained because it thought that you were still a GCM user. You can reset that by following these steps to re-register:

Tap on the Menu.
Choose Settings.
Choose Advanced.
Tap 'Signal' to slide the indicator (from blue to off).
Choose 'OK' in the 'Disable Signal Messages' pop up.
Tap 'Signal' a second time to re-register.
Enter or Edit your phone number.
Tap Register.
Complete the registration process.
Send messages on Signal.

If your device does not include Google Play Services (or microG or OpenGApps) when you re-register, the app will fall back to using WebSockets to keep a connection open to the Signal server. New information that's queued on the Signal server (such as encrypted messages or tokens that are used to set up calls) will automatically be pushed to your phone as soon as it arrives on the server. The app just needs to check at an interval to make sure that the connection hasn't died.

If you're using an Android phone that includes Google Play Services (or microG or OpenGApps), your phone will have an open GCM connection. Signal will automatically detect this when you register (or re-register) and use that existing connection in order to preserve battery life. It's worth noting here that any information that's pushed through GCM will be visible to Google. That's why Signal is designed so that no information is ever transmitted through GCM. If there's new information queued on the Signal server and your app isn't connected to the service, an empty notification is pushed to your device through GCM. The notification wakes up the app, it automatically recognizes the empty notification as meaning that it needs to connect to the Signal server, and then it fetches the queued information through a separate encrypted channel. This way, Google does not have access to metadata about who Signal users communicate with. (Other apps that use GCM may or may not have implemented this workaround.)

Moxie Marlinspike has said that both the Play Store build and the website build are reproducible, so I assume that means they are both compiled from the same branch on GitHub. In other words, it should be one and the same APK whichever way you choose to install it. Here's a blog post explaining how you can verify that.

Advanced users with special needs can download the Signal APK directly. Most users should not do this under normal circumstances.

Radio-Canada a découvert un important réseau de faux profils et de sextorsion sur Facebook. Voici comment.

A new study out from health startup Cardiogram and the University of California San Francisco (UCSF) suggests wearables like the Apple Watch, Fitbit and others are able to accurately detect common but serious conditions like hypertension and sleep apnea.

Cardiogram and UCSF previously demonstrated the ability for the Apple Watch to detect abnormal heart rhythm with a 97 percent accuracy. This new study shows the Watch can detect sleep apnea with a 90 percent accuracy and hypertension with an 82 percent accuracy.

In May 2017, Google announced that there are over two billion active Android devices. If we look at the latest stats (the far right edge), we can see that nearly half of these devices are two years out of date. At this point, we should expect that there are more than one billion devices that are two years out of date! Given Android’s update model, we should expect approximately 0% of those devices to ever get updated to a modern version of Android.

« Des développeurs codent imprudemment leurs codes d’accès dans des applications mobiles qui utilisent l’API [connecteur logiciel, ndlr] ou le SDK [kit de développement] Twilio Rest », a expliqué Appthority dans une contribution blog datée du 9 novembre.

Cette vulnérabilité offre la possibilité à des pirate d’accéder aux méta-données de leurs comptes Twilio (fournisseur de modules d’outils de communication pour apps mobiles), incluant les SMS, les informations portant sur les appels téléphoniques et les enregistrements des échanges vocaux.

Selon Appthority, au moins 685 applications d’entreprise sont concernées (44% Android, 56% iOS), dont 170 étaient encore proposées dans les app stores d’Apple et Google fin août.

À elles seules, les applications Android rendues vulnérables par cette faille auraient été téléchargées plus de 180 millions de fois, évoque l’éditeur dans un billet de blog.

I have some news: the Internet of Things is a mess. A hacked refrigerator sounds slightly scary, but a vibrator-controlling app that records all your sex sounds and stores them on your phone...

Last weekend, in the hours after a deadly Texas church shooting, Google search promoted false reports about the suspect, suggesting that he was a radical communist affiliated with the antifa...

Criteo built itself into one of the star performers in the ad tech sector by using a technique called “retargeting”--serving ads to people who have already visited a website to remind them to return.

Retargeting relies heavily on dropping cookies to track users as they leave one website and continue browsing elsewhere on the web.