This is a genius phishing method—HTML injection to serve you malicious links inside a legitimate Robinhood email.
Even authentic emails can be phishing. Head on a swivel.
New Robinhood phishing chain that's kinda beautiful:
1. Attacker creates an RH account using the Gmail dot trick of your email (same inbox, different address)
2. Sets device name to HTML
3. RH's "unrecognized activity" email renders the device name unsanitized (html injection)
The result is a real email from [email protected], DKIM pass, SPF pass, DMARC pass, with a phishing CTA
Just because it's real, doesn't mean it's safe... $HOOD
Your smart TV is taking screenshots of your screen every 15 seconds.
Not a guess. Not a theory.
A peer-reviewed study by researchers at UC Davis, UCL, and UC3M tested it.
Samsung TVs: every minute.
LG TVs: every 15 seconds.
Even when you're just using it as a monitor.
Here's how to turn it off for every brand:
@vxdb I don’t understand the value proposition? Does this imply Brave includes things that compromise privacy?? This seems like a huge mistake to release
One of the most underappreciated services in the privacy space is Apple iCloud+ with advanced data protection turned on.
In the game of optimizing for privacy and convenience, it is far and away the gold standard. Irreplaceable aspect of my current stack.
@naomibrockwell But if they can’t relate it to someone…then it’s kind of data without meaning? From a privacy standpoint at least.
I think as VPN users we accept that the traffic itself is visible; the critical thing is that it cannot be tied to us. It seems like that link remains severed here
@naomibrockwell It’s a weird legal loophole and I think tying in Wyden’s comments is really insightful but I’m not seeing the main risk vector to individual users? If you use a VPN maybe that technically allows them to *try* to track you, but would a good VPN not make it impossible to succeed?
@naomibrockwell Very interesting. I do wonder though what value VPN traffic would even be to the government? Maybe they have legal standing to track it but if it’s a good no-log VPN…how would the govt even “realize” that data?
@SpazmaticBanana Google is such an awful company. Everyone should be extricating themselves from Google ecosystem as soon as possible possible (before it is too late)
There is no more reactionary and less informed demographic than privacy-centric audiences. It has to be so exhausting for companies in this space to deal with.
Proton did nothing wrong here. They did not hand over any data, they were compelled to provide the payment method used on an account. It’s the user’s fault for using one that traced back to his real name.
This is an individual opsec issue, not a Proton issue.
In light of Proton recently handing over user payment data (and backup emails) to Swiss authorities in response to FBI request, this is your friendly reminder Proton is privacy larping and evidence hilariously suggests giving them any money actually makes you less private
1/n
Your regular reminder: don't use your index finger to unlock your laptop with Touch ID. The government cannot compel you to disclose your password, but they can compel you to touch the Touch ID sensor.
They can't compel you to tell them the correct finger. And after too many guesses with the wrong finger, your laptop locks and requires a password.