Let’s take the case of Google Assistant on Android. The Assistant is always listening to what the user is saying and waiting for the phrase “Ok, Google” to respond to the user.
If we suppose that the Google Assistant app is (or wants to be) recording all the speech data of the user, then from a technical point of view, i.e. considering the way the data is stored in the databases on their servers, or considering the most optimal way of storage of data, is it possible (in terms of monetary cost and physical storage space) to store the all the speech data of billions of people? (by speech data I mean the recording of every second of every user who is using the Google Assistant app)
I assume that by saying “spy apps” you are talking about a specific type of paid apps.
Well even those non-paid apps or even self-developed ones can spy on your phone due to the fact that your phone is generally not protected by Anti-virus solutions, so any amateur can create a remote access trojan (RAT) and spy on you.
Now, how can someone install this rat on your phone?
Physically: in 2 minutes he can disable Google Play Protect, and download and install his rat
Remotely: via social engineering techniques (such as spear phishing)
or via an advanced technique called Zero-click attack
Logs are provided below. Questions: “Do these router logs indicate I was hacked or being spied on? If so can I report it to IC3/police as legitimate evidence?”
Hello, I hope I am in the right place. I have been paranoid the past year that a specific person is spying/hacking me.
Unfortunately I have no idea how computers/internet work, so it took a while to find out that I could actually access logs via my router. I had no idea the login-username combo for routers are easily accessible.
My logs are provided in this picture. I checked the IP geolocation for all of them. Some I recognized (like companies that were helping with my internet), but some of them were from China/Romania/UK/Netherlands/Germany/India. But I don’t know if any of this is ‘normal’
I assume the logs indicate someone using a VPN/TOR to spy on me, but I wanted to ask you all first. After all I don’t know how to read these and it might be normal. I also would like to know if this is legitimate evidence I could report to IC3/police.
I just want to gather information about methods to spy someone’s device(capture screen data on every opened app and a keylogger). can you name some of them for example exploits, tools, etc so that I can go and look further into them? It does not matter if they are no longer available or patched.
My android phone is installed with spyware (spying app) android rooted. This can be a breach for my business leaking out passwords. How to clean wipe android OS and freshly install Android OS again cleanly.
Why is it a big deal here on this website and on the internet about the “ISP spying on people’s browsing activities”?
Because in the end, ISPs are going to delete all User data as per their own data retention policies. If in the end everything is going to get deleted, what’s the danger to anyone? Why is it a big deal? I don’t understand.
I’ve had constant freezes of LibreOffice Writer (every single day, multiple times). I’ve tried asking about it to deaf ears, and looked through all the program options. While scanning through the preferences, I nearly got a heart attack when I saw that these are ENABLED by default, not mentioned whatsoever in the installer (if they were, I would have disabled them like I always do):
(X) Collect usage data and send it to The Document Foundation
(X) Send crash reports to The Document Foundation
Even sketchy, closed source, commercial software always has this in their installer, more or less clearly communicated to the user. Not LibreOffice. I had to find this out by chance, months after using the software to write important documents.
Now, for all I know, all my “private” information is one some random server out there, as “crash report data”.
I’ve read their (outdated) webpages talking about these options, and they are very vague on what exact data is sent, as always is the case since if they were clear, nobody in their right mind would ever enable or keep these options enabled.
It really bothers me that there is such a blatant disregard for privacy these days. How many users of this crash-prone junkware have any idea that these options are enabled by default? I only know from stumbling upon them, never thinking in a million years that an open source project would include spying.
Every single time I hear that data has been “anonymized”, the exact opposite is the case: it’s not anonymized at all, and logically cannot be. I did not consent to send any kind of data anywhere, even if we assume the best possible scenario and they really don’t send any “personal” information with these crash reports… but we all know that it’s a lie.
If it weren’t for the fact that there is no alternative, this would be the final straw for me. Constant freezing was bad enough, but spying enabled by default and not mentioned in the installer?! There really are no good guys left at this point.
Before some days, a dude did backward engineering to tiktok and he found something weird, he found out that when a user downloads tiktok, tiktok downloads a zip file and extracts it, then excute a script that’s inside the zip file. What’s more suspicious is that the official website of tiktok had no ssl certificate, and got it only recently. Nothing is confirmed yet, but do you think that tiktok is spying on users ? especially that it has access to your images and pictures .
Here is what I understand about how clients trust the tcp channels they are connected to.
Alice asks Bob for his certificate, signed by a CA’s private key
Bob sends the certificate, which includes his common name (domain or ip) and an attached signed version of it.
Alice uses her local public key from the CA to decrypt the signed version and compares it to the certificate to verify Bob’s claims.
If it checks out, if it’s equal, the tcp layer she is connected to does indeed have Bob at the other end.
Now that the connection has been verified, both can agree on keys to encrypt their communications.
But couldn’t an ISP easily intercept and alter all communications to Bob through a proxy setup just for him inside a network switch? Including sending and receiving the certificate to Alice? Bob’s communications already go through network switches, that’s where his IP actually lives. An ISP could just inject software right in there to do whatever, as if it was Bob, and no one would know.
Furthermore, the whole process can be compromised at every stage, from the moment Bob sends a CSR to a CA.