Meine Datenschutz und Privatsphäre Übersicht 2025, für die Allgemeinheit

Teilen er­be­ten

als PDF:

https://cryptpad.digitalcourage.de/file/#/2/file/NdmBgSYkRCto8B+JmJkE9mQ4/

 #DSGVO #TDDDG ( #unplugtrump )
#Datenschutz #Privatsphäre #sicherheit #Verschlüsselung
#encryption #WEtell #SoloKey #NitroKey #Email #Cybersecurity #Pixelfed #Massenűberwachung
#Google #Metadaten #WhatsApp #Threema #Cryptpad #Signal
#Hateaid #Cyberstalking #Messenger #Browser #Youtube #NewPipe #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Apple #Windows #Linux #Matrix #Mastodon #Friendica #Fediverse #Mastodir #Loops #2FA #Ransomware #Foss #VeraCrypt #HateAid #Coreboot #Volksverpetzer #Netzpolitik #Digitalisierung #FragdenStaat #Shiftphone  #OpenSource #GrapheneOS #CCC #Mail #Mullvad #PGP #GnuPG #DNS #Gaming #linuxgaming #Lutris #Protondb #eOS #Enshittification
#Bloatware #TPM #Murena  #LiberaPay #GnuTaler #Taler #PreppingforFuture
#FediLZ #BlueLZ #InstaLZ #ThreatModel
#FLOSS #UEFI #Medienkompetenz

Some of my colleagues at #AWS have created an open-source serverless #AI assisted #threatmodel solution. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.

I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a very good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.

I deployed this "Threat Designer" app. Then I took the architecture image from this blog post and dropped that picture into it. The image analysis produced some of the list of things you see attached.

This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.

I suspect this app is not cheap to run. So caveat deployor.
#cloud #cloudsecurity #appsec #threatmodeling

> When doing threat modeling from here on out, it is now unfortunately important to consider the question "Am I a moron?"

derisking morons is something i do for a living if anyone is hiring for that. i also turn software engineers into security and privacy resources. triple multiplier right here

#infosec #threatModel #morons
https://apple.news/Ay6s_pSlzRrGicmqMVSr65w

i have debilitating #imposterSyndrome 25y experience in #security, but i know for a fact that i am unusually good at facilitating a #threatmodel. you have to get people to trust you enough to tell you things they don't feel great about or would do differently after we meet but that's the thing— together we create remediation plans that let people do their best work & they weave security and privacy into their work and when you meet again you can see how much better things are, it's parade time

Fediverse. I need your magic. Please tell me your most amusing and wtf #ThreatModel fails.

Redundant systems is not waste or inefficiency. It is protection from threats known and unknown. We are now seeing this on a national and global scale.
#threatModel #infoSec
#zeroTrust?

Yesterday we got the new gate installed on our back deck. It has a key lock to keep extremely nonathletic intruders out.

that #seaArt site is starting to become a real problem. I'm seeing entirely too many prompts for Cute Things paired with age ranges and of you select the right lora or checkpoint it's very easy to generate a pile of images of all kinds including ones that would look a lot like Abuse Material and i know some legislatures have been adding laws about preventing that scenario and the irony of an AI self-policing itself is too much.

i wonder if they've been running a #threatmodel quarterly? #ai

#DuckDuckGo is now offering free, #anonymized access to a number of fast #AI #chatbots that won't train in your data. You currently don't get all the premium models and features of paid services, but you do get access to privacy-promoting, anonymized versions of smaller models like GPT-4o mini from #OpenAI and open-source #MoE (mixture of experts) models like Mixstral 8x7B.

Of course, for truly sensitive or classified data you should never use online services at all. Anything online carries heightened risks of human error; deliberate malfeasance; corporate espionage; legal, illegal, or extra-legal warrants; and network wiretapping. I personally trust DuckDuckGo's no-logging policies and presume their anonymization techniques are sound, but those of us in #cybersecurity know the practical limitations of such measures.

For any situation where those measures are insufficient, you'll need to run your own instance of a suitable model on a local AI engine. However, that's not really the #threatmodel for the average user looking to get basic things done. Great use cases include finding quick answers that traditional search engines aren't good at, or performing common AI tasks like summarizing or improving textual information.

The AI service provides the typical user with essential AI capabilities for free. It also takes steps to prevent for-profit entities with privacy-damaging #TOS from training on your data at whim. DuckDuckGo's approach seems perfectly suited to these basic use cases.

I laud DuckDuckGo for their ongoing commitment to privacy, and for offering this valuable additional to the AI ecosystem.

https://duckduckgo.com/chat

Fear and threat, conflict and surveillance have been mostly some of the key tenets of human economic activities since the beginning of the human civilization. The digital age has added large scale misinformation and bullshit which contributes to dehumanization. Anxiety, exhaustion, and emptiness have reduced our empathy and the ability to interact face to face. In the consumer space only those Internet dependent digital products which enables surveillance and dilutes the notion of privacy usually gain traction and often get accepted by the masses. Some of the reasons, for such a trend, may be as follows.

1. Perceived Better Security: Surveillance technologies are often marketed as tools to prevent crime, terrorism, and other threats to public safety.
2. Convenience and Efficiency: Facial recognition technology can be used for quick and seamless identification at airports or for unlocking smartphones.
3. Social Norms and Acceptance: When people see others accepting and using these technologies without significant backlash, they may feel more inclined to accept them as well. This leads to network effect where increased numbers of people or participants improve the value of a good or service.
4. Lack of Awareness and Understanding: Many users may not fully understand the extent of surveillance enabled by digital technologies or the potential negative consequences for decreased privacy.
5. Trade-Offs and Trade-Downs: In some cases, users may willingly trade privacy for other benefits, such as personalized services, targeted advertising, or access to certain platforms or services. Such approaches also gets influenced by the subconscious and loosely defined digital threat model of the individuals.

#Fear #Threat #Conflict #Surveillance #Dehumanization #Privacy #ThreatModel

- lock bios
- disable root account
- encrypt storages with luks2
- shutdown on unrecognized devices plugging (udev-rules)

Is there something more I can do to protect myself from an evil maid?

#linux
#cybersecurity
#threatmodel

Adding #Google as a #ThreatActor to your #ThreatModel seems like a great way to understand #CyberSecurity / #InfoSec. Look at what happened to #LTT.

Another month of OWASP Boston Chapter Meetup!

This time we have Audrey Long talk about Threat Modeling Fundamentals!

RSVP and Grab a spot on October 9th ! You can attend this in person or online (and miss the pizza:P)

https://www.meetup.com/owaspboston/events/303691545/
#owasp #owaspboston #appsec #threatmodel #security

https://reclaimyour.tech/posts/technical/privacy-modeling

In this post, I describe #privacy #threatmodeling by using the excellent https://privacyguides.org site as a primary resource.

I give an example threat model with strengths and weaknesses. I encourage readers to tweak it to better suit their needs.

Reminder: Replies to this toot will appear in the link's comment section.

Get ready for #AppSec Days #Singapore! Interested in getting more engaged? Join us as a volunteer and help make this conference unforgettable! Check out our volunteer openings NOW: https://owasp.wufoo.com/forms/z7wfrfl07e63af/ #cybersecurity #devsecops #AI #threatmodel #infosec