URGENT! Stop KOSA!

Hey all, this is BáiYù and Sauce here with something that isn't necessarily SnaccPop related, but it's important nonetheless. For those of you who follow US politics, The Kids Online Safety Act passed the Senate yesterday and is moving forward.

This is bad news for everyone on the internet, even outside of the USA.

What is KOSA?

While it's officially known as "The Kids Online Safety Act," KOSA is an internet censorship masquerading as another "protect the children" bill, much in the same way SESTA/FOSTA claimed that it would stop illegal sex trafficking but instead hurt sex workers and their safety. KOSA was originally introduced by Sen. Edward Markey, D-Mass. and Bill Cassidy, R-La. as a way to update the 1998 Children’s Online Privacy Act, raising the age of consent for data collection to 16 among other things. You can read the original press release of KOSA here, while you can read the full updated text of the bill on the official USA Congress website.

You can read the following articles about KOSA here:

EFF: The Kids Online Safety Act is Still A Huge Danger to Our Rights Online

CyberScoop: Children’s online safety bills clear Senate hurdle despite strong civil liberties pushback

TeenVogue: The Kids Online Safety Act Would Harm LGBTQ+ Youth, Restrict Access to Information and Community

The quick TL;DR:

KOSA authorizes an individual state attorneys general to decide what might harm minors

Websites will likely preemptively remove and ban content to avoid upsetting state attorneys generals (this will likely be topics such as abortion, queerness, feminism, sexual content, and others)

In order for a platform to know which users are minors, they'll require a more invasive age and personal data verification method

Parents will be granted more surveillance tools to see what their children are doing on the web

KOSA is supported by Christofascists and those seeking to harm the LGBTQ+ community

If a website holding personally identifying information and government documents is hacked, that's a major cybersecurity breach waiting to happen

What Does This Mean?

You don't have to look far to see or hear about the violence being done to the neurodivergent and LGBTQ+ communities worldwide, who are oftentimes one and the same. Social media sites censoring discussion of these topics would stand to do even further harm to folks who lack access to local resources to understand themselves and the hardships they face; in addition, the fact that websites would likely store personally identifying information and government documents means the death of any notion of privacy.

Sex workers and those living in certain countries already are at risk of losing their ways of life, living in a reality where their online activities are closely surveilled; if KOSA officially becomes law, this will become a reality for many more people and endanger those at the fringes of society even worse than it already is.

Why This Matters Outside of The USA

I previously mentioned SESTA/FOSTA, which passed and became US law in 2018. This bill enabled many of the anti-adult content attitudes that many popular websites are taking these days as well as the tightening of restrictions laid down by payment processors. Companies and sites hosted in the USA have to follow US laws even if they're accessible worldwide, meaning that folks overseas suffer as well.

What Can You Do?

If you're a US citizen, contact your Senators and tell them that you oppose KOSA. This can be as an email, letter, or phone call that you make to your state Senator.

For resources on how to do so, view the following links:

https://www.badinternetbills.com/#kosa

https://www.stopkosa.com/

https://linktr.ee/stopkosa

If you live outside of the US or cannot vote, the best thing you can do is sign the petition at the Stop KOSA website, alert your US friends about what's happening, and raise some noise.

Above all else, don’t panic. By staying informed by what’s going on, you can prepare for the legal battles ahead.

The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered.

Like thousands of others, security researcher Grant Smith got a USPS package message. Many of his friends had received similar texts. A couple of days earlier, he says, his wife called him and said she’d inadvertently entered her credit card details. With little going on after the holidays, Smith began a mission: Hunt down the scammers.

Over the course of a few weeks, Smith tracked down the Chinese-language group behind the mass-smishing campaign, hacked into their systems, collected evidence of their activities, and started a months-long process of gathering victim data and handing it to USPS investigators and a US bank, allowing people’s cards to be protected from fraudulent activity.

In total, people entered 438,669 unique credit cards into 1,133 domains used by the scammers, says Smith, a red team engineer and the founder of offensive cybersecurity firm Phantom Security. Many people entered multiple cards each, he says. More than 50,000 email addresses were logged, including hundreds of university email addresses and 20 military or government email domains. The victims were spread across the United States—California, the state with the most, had 141,000 entries—with more than 1.2 million pieces of information being entered in total.

“This shows the mass scale of the problem,” says Smith, who is presenting his findings at the Defcon security conference this weekend and previously published some details of the work. But the scale of the scamming is likely to be much larger, Smith says, as he didn't manage to track down all of the fraudulent USPS websites, and the group behind the efforts have been linked to similar scams in at least half a dozen other countries.

Gone Phishing

Chasing down the group didn’t take long. Smith started investigating the smishing text message he received by the dodgy domain and intercepting traffic from the website. A path traversal vulnerability, coupled with a SQL injection, he says, allowed him to grab files from the website’s server and read data from the database being used.

“I thought there was just one standard site that they all were using,” Smith says. Diving into the data from that initial website, he found the name of a Chinese-language Telegram account and channel, which appeared to be selling a smishing kit scammers could use to easily create the fake websites.

Details of the Telegram username were previously published by cybersecurity company Resecurity, which calls the scammers the “Smishing Triad.” The company had previously found a separate SQL injection in the group’s smishing kits and provided Smith with a copy of the tool. (The Smishing Triad had fixed the previous flaw and started encrypting data, Smith says.)

“I started reverse engineering it, figured out how everything was being encrypted, how I could decrypt it, and figured out a more efficient way of grabbing the data,” Smith says. From there, he says, he was able to break administrator passwords on the websites—many had not been changed from the default “admin” username and “123456” password—and began pulling victim data from the network of smishing websites in a faster, automated way.

Smith trawled Reddit and other online sources to find people reporting the scam and the URLs being used, which he subsequently published. Some of the websites running the Smishing Triad’s tools were collecting thousands of people’s personal information per day, Smith says. Among other details, the websites would request people’s names, addresses, payment card numbers and security codes, phone numbers, dates of birth, and bank websites. This level of information can allow a scammer to make purchases online with the credit cards. Smith says his wife quickly canceled her card, but noticed that the scammers still tried to use it, for instance, with Uber. The researcher says he would collect data from a website and return to it a few hours later, only to find hundreds of new records.

The researcher provided the details to a bank that had contacted him after seeing his initial blog posts. Smith declined to name the bank. He also reported the incidents to the FBI and later provided information to the United States Postal Inspection Service (USPIS).

Michael Martel, a national public information officer at USPIS, says the information provided by Smith is being used as part of an ongoing USPIS investigation and that the agency cannot comment on specific details. “USPIS is already actively pursuing this type of information to protect the American people, identify victims, and serve justice to the malicious actors behind it all,” Martel says, pointing to advice on spotting and reporting USPS package delivery scams.

Initially, Smith says, he was wary about going public with his research, as this kind of “hacking back” falls into a “gray area”: It may be breaking the Computer Fraud and Abuse Act, a sweeping US computer-crimes law, but he’s doing it against foreign-based criminals. Something he is definitely not the first, or last, to do.

Multiple Prongs

The Smishing Triad is prolific. In addition to using postal services as lures for their scams, the Chinese-speaking group has targeted online banking, ecommerce, and payment systems in the US, Europe, India, Pakistan, and the United Arab Emirates, according to Shawn Loveland, the chief operating officer of Resecurity, which has consistently tracked the group.

The Smishing Triad sends between 50,000 and 100,000 messages daily, according to Resecurity’s research. Its scam messages are sent using SMS or Apple’s iMessage, the latter being encrypted. Loveland says the Triad is made up of two distinct groups—a small team led by one Chinese hacker that creates, sells, and maintains the smishing kit, and a second group of people who buy the scamming tool. (A backdoor in the kit allows the creator to access details of administrators using the kit, Smith says in a blog post.)

“It’s very mature,” Loveland says of the operation. The group sells the scamming kit on Telegram for a $200-per month subscription, and this can be customized to show the organization the scammers are trying to impersonate. “The main actor is Chinese communicating in the Chinese language,” Loveland says. “They do not appear to be hacking Chinese language websites or users.” (In communications with the main contact on Telegram, the individual claimed to Smith that they were a computer science student.)

The relatively low monthly subscription cost for the smishing kit means it’s highly likely, with the number of credit card details scammers are collecting, that those using it are making significant profits. Loveland says using text messages that immediately send people a notification is a more direct and more successful way of phishing, compared to sending emails with malicious links included.

As a result, smishing has been on the rise in recent years. But there are some tell-tale signs: If you receive a message from a number or email you don't recognize, if it contains a link to click on, or if it wants you to do something urgently, you should be suspicious.

"Just weeks before the implosion of AllHere, an education technology company that had been showered with cash from venture capitalists and featured in glowing profiles by the business press, America’s second-largest school district was warned about problems with AllHere’s product.

As the eight-year-old startup rolled out Los Angeles Unified School District’s flashy new AI-driven chatbot — an animated sun named “Ed” that AllHere was hired to build for $6 million — a former company executive was sending emails to the district and others that Ed’s workings violated bedrock student data privacy principles.

Those emails were sent shortly before The 74 first reported last week that AllHere, with $12 million in investor capital, was in serious straits. A June 14 statement on the company’s website revealed a majority of its employees had been furloughed due to its “current financial position.” Company founder and CEO Joanna Smith-Griffin, a spokesperson for the Los Angeles district said, was no longer on the job.

Smith-Griffin and L.A. Superintendent Alberto Carvalho went on the road together this spring to unveil Ed at a series of high-profile ed tech conferences, with the schools chief dubbing it the nation’s first “personal assistant” for students and leaning hard into LAUSD’s place in the K-12 AI vanguard. He called Ed’s ability to know students “unprecedented in American public education” at the ASU+GSV conference in April.

Through an algorithm that analyzes troves of student information from multiple sources, the chatbot was designed to offer tailored responses to questions like “what grade does my child have in math?” The tool relies on vast amounts of students’ data, including their academic performance and special education accommodations, to function.

Meanwhile, Chris Whiteley, a former senior director of software engineering at AllHere who was laid off in April, had become a whistleblower. He told district officials, its independent inspector general’s office and state education officials that the tool processed student records in ways that likely ran afoul of L.A. Unified’s own data privacy rules and put sensitive information at risk of getting hacked. None of the agencies ever responded, Whiteley told The 74.

...

In order to provide individualized prompts on details like student attendance and demographics, the tool connects to several data sources, according to the contract, including Welligent, an online tool used to track students’ special education services. The document notes that Ed also interfaces with the Whole Child Integrated Data stored on Snowflake, a cloud storage company. Launched in 2019, the Whole Child platform serves as a central repository for LAUSD student data designed to streamline data analysis to help educators monitor students’ progress and personalize instruction.

Whiteley told officials the app included students’ personally identifiable information in all chatbot prompts, even in those where the data weren’t relevant. Prompts containing students’ personal information were also shared with other third-party companies unnecessarily, Whiteley alleges, and were processed on offshore servers. Seven out of eight Ed chatbot requests, he said, are sent to places like Japan, Sweden, the United Kingdom, France, Switzerland, Australia and Canada.

Taken together, he argued the company’s practices ran afoul of data minimization principles, a standard cybersecurity practice that maintains that apps should collect and process the least amount of personal information necessary to accomplish a specific task. Playing fast and loose with the data, he said, unnecessarily exposed students’ information to potential cyberattacks and data breaches and, in cases where the data were processed overseas, could subject it to foreign governments’ data access and surveillance rules.

Chatbot source code that Whiteley shared with The 74 outlines how prompts are processed on foreign servers by a Microsoft AI service that integrates with ChatGPT. The LAUSD chatbot is directed to serve as a “friendly, concise customer support agent” that replies “using simple language a third grader could understand.” When querying the simple prompt “Hello,” the chatbot provided the student’s grades, progress toward graduation and other personal information.

AllHere’s critical flaw, Whiteley said, is that senior executives “didn’t understand how to protect data.”

...

Earlier in the month, a second threat actor known as Satanic Cloud claimed it had access to tens of thousands of L.A. students’ sensitive information and had posted it for sale on Breach Forums for $1,000. In 2022, the district was victim to a massive ransomware attack that exposed reams of sensitive data, including thousands of students’ psychological evaluations, to the dark web.

With AllHere’s fate uncertain, Whiteley blasted the company’s leadership and protocols.

“Personally identifiable information should be considered acid in a company and you should only touch it if you have to because acid is dangerous,” he told The 74. “The errors that were made were so egregious around PII, you should not be in education if you don’t think PII is acid.”

Read the full article here:

https://www.the74million.org/article/whistleblower-l-a-schools-chatbot-misused-student-data-as-tech-co-crumbled/

Turns out Gary Bowser was a cocky idiot and I can't say I feel all that bad for what happened to him.

Yes, both legality and morality should be considered when sentencing someone fairly for their crimes, but I firmly believe so should stupidity. As in, "oh my god you were LITERALLY asking for it."

As for what I'm talking about, if you do some minor crime that doesn't really hurt anyone, I'm gonna look the other way. If you film yourself doing so for TikTok with your legal name and face fully visible, I'm getting out the lawn chair and popcorn when the cops come around. And generally, the people dumb enough to do the second rarely ever stop at the 'minor' part.

So for now I'm gonna disregard the fact that Bowser spent almost three decades of his life making a living off of scamming people (mostly via never delivering on the computer parts that people paid him for) and pirating (remember, you can pirate, but you can't PROFIT off of it), and being arrested multiple times for other crimes at that point. Nintendo was coming after him for selling hacked Switches with ransomware in them (so if you didn't keep paying, the Switch would eventually brick, also wouldn't be surprised if he majorly contributed to early Covid scalping considering how much he was making for Team Xecuter) as well as piracy tools (again, you CAN'T PROFIT off of piracy, and his emails made it clear that his stuff was meant for piracy first and foremost. Other online emulator/piracy groups hated Team Xecuter for good reason). He got caught, plead guilty, and got slapped on the wrist. Then he turned around and immediately continued doing the thing he plead guilty for, while also openly bragging online how he was gonna move out of the country so that the feds wouldn't be able to do anything to him.

Moron should've waited until he was actually out of the country before doing all that. That was when he got hit with the 14 million because obviously wrist-slapping wasn't doing anything and he was a flight risk. Sure, he's never gonna pay it off in his life, but they only take a cut of his wages after he pays for his bills and necessities. He'll live, he just can't save enough capital to start scamming people again.

So yeah, Nintendo isn't perfect, but holy hell Gary Bowser doesn't deserve much sympathy because he couldn't keep his mouth shut and head down for five goddamn minutes.

Scams and you - Part 2

Here are a few more scarms I forgot to mention in my previous post.

Anyone who offers you a job saying all you need to do is:

Rate products by clicking a button and you'll get paid.

Buy products which you'll be 'reimbursed' for buying.

Have packages sent to you and all you have to do is ship them.

Is trying to scam you and/or get you to participate in illegal activities.

Another scam I've seen recently on Tumblr is the 'I Want to Use Your Photos for Mural or Painting' Scam and the follow up to that, the Recovery Scam.

Also known as the 'Instagram Scam', scammers will message you saying they want to use your photos/art in their use in a collage or mural and then telling you (the victim) that they will pay you huge amounts of money via check. They will tell you that you will get large amount of, lets say, $2000 dollars, that you are to keep $500, and that you have to send the rest back to them/their 'client.'

This money is not real. The check is fake.

You will be sending your money to the scammer, with no way of getting it back.

Part 2 of this - The Recovery Scam.

On any post involving you or another person being scammed, you will typically find and see people trying to pull off this scam. This person will say that they 'lost money but <name> on <social media> helped them get it back. All you have to do is contact <name> here <phone/insta/etc> and they'll 100% make sure you get your money back.'

When contacting these scammers, they will boast they've helped dozens/hundreds of people get money back, and will even show fake screenshots of people they've 'helped'. These scammers sometimes even claim they have access to things like twitter/insta/facebook where they'll have their 'certified team' investigate the person who scammed you.

All you have to do is pay them a small amount of money for their time and the use of their.. 'tools' and/or give them your bank details so they can get you your money back.

They will not recover your money. They will not 'ban the scammer' or get them 'arrested'. It's all a lie and a ruse in their scheme to get more money out of you.

In some cases they may even ask for your name/password so they can 'hack' into the system to get your money back from the bank, to unban your account, etc.

It's all a lie. Block and report their account/messages immediately.

If you fell for a scam, talk to your bank or paypal and dispute the charge.

--------------------

It should go without saying, NEVER give out your username or password to ANYONE you talk to online. Especially when sensitive information like your name, address, and bank details are at risk.

And never change your email on any social media or messenger platform 'because some guy told me he would help me.' You will get locked out of your account and there will be no getting it back.

Please stay vigilant folks.

---

If you think you're being scammed, reach out. My inbox is open for stuff like this. I'm not a professional but I know a lot about these things and would be more than happy to help people out who really need it.

Cyber Crime

Introduction

Crime and wrongdoing have been connected to people since ancient times. Even as societies develop, crime tries to hide itself. Different countries deal with crime in various ways, depending on their situation. It’s clear that a country with a lot of crime can’t grow or progress because crime goes against development. It has bad effects on society and the economy.

Cybercrime is when people commit crimes on the internet using computers. It’s hard to put crimes into specific groups since new ones come up often. In the real world, crimes like rape, murder, or theft can sometimes overlap. Cybercrimes involve both the computer and the person using it as victims. For example, hacking attacks a computer’s information and resources.

Computer as a Tool

When cybercriminals target individuals, the computer becomes a tool rather than the main goal. These crimes exploit human weaknesses and often cause psychological harm. Legal action against these crimes is challenging due to their intangible nature. Similar crimes have existed offline for centuries, but technology has given criminals new tools to reach more victims and evade capture.

Computer as a Target

Only a particular group of individuals carry out these actions. Unlike crimes where computers are merely tools, these activities demand the technical expertise of those involved. These kinds of crimes are relatively recent, coming into existence as long as computers have been around. This explains the lack of readiness in society and the world at large to combat these offenses. Such occurrences take place on the internet frequently. However, it’s worth noting that Africans and Nigerians, in particular, have not yet developed the technical knowledge required to engage in this type of activity.

Conventional Crime

Crime has been a part of human society for a long time and affects both society and the economy. It’s a term defined by the law and is subject to legal punishment. Crime is essentially a legal wrongdoing that can lead to criminal proceedings and penalties. The key aspect of a crime is that it breaks the criminal law. According to Lord Atkin, the determining factor for whether an act is criminal is whether it’s prohibited with penalties attached. A crime can be seen as any action or lack of action that goes against the law and results in legal penalties.

Cyber Crime

Cybercrime is the newest and most complex issue in the digital world. It can be understood as a type of crime where computers are either used as tools or are the focus of the criminal activity. Any illegal action that involves a computer as a means, target, or tool to commit further crimes falls under the category of cybercrime. A simple definition of cybercrime is “illegal activities where computers are involved as tools, targets, or both.” Computers can be tools in various activities like financial crimes, selling illegal items, pornography, online gambling, intellectual property theft, email deception, forgery, cyberbullying, and cyber harassment. On the other hand, computers can also be the target in cases like unauthorized access, stealing electronic information, email attacks, data manipulation, fraudulent actions, and physical harm to computer systems.

Distinction Between Conventional and Cyber Crime

Distinguishing between conventional and cybercrime might not seem obvious, but a closer look reveals an appreciable difference. The key distinction lies in the use of technology in cybercrime cases. The essential factor for cybercrime is the involvement of the virtual cyber medium at some point. In other words, cybercrime requires the use of digital platforms or the internet in its commission.

Russia is already spreading disinformation in advance of the 2024 election, using fake online accounts and bots to damage President Joe Biden and his fellow Democrats, according to former U.S. officials and cyber experts.

The dissemination of attacks on Biden is part of a continuing effort by Moscow to undercut American military aid to Ukraine and U.S. support for and solidarity with NATO, experts said.

A similar effort is underway in Europe. France, Germany and Poland said this month that Russia has launched a barrage of propaganda to try to influence European parliamentary elections in June.

With Donald Trump opposing U.S. aid to Ukraine and claiming that he once warned a NATO leader that he would "encourage" Russia to attack a NATO ally if it didn't pay its share in defense spending, the potential rewards for Russian President Vladimir Putin are high, according to Bret Schafer, a senior fellow at the Alliance for Securing Democracy of the German Marshall Fund.

“Not that they didn’t have an incentive to interfere in the last two presidential elections,” said Schafer, who tracks disinformation efforts by Russia and other regimes. “But I would say that the incentive to interfere is heightened right now.”

Biden’s national security adviser, Jake Sullivan, said Sunday on NBC News’ “Meet the Press” that there’s “plenty of reason to be concerned” about Russia’s trying to interfere in the 2024 election but that he couldn’t discuss evidence related to it. He added: “We’re going to be vigilant about that.”

U.S. officials and experts are most concerned that Russia could try to interfere in the election through a “deepfake” audio or video using artificial intelligence tools or through a “hack and leak,” such as the politically damaging theft of internal Democratic Party emails by Russian military intelligence operatives in 2016.

The type of pro-Russia online propaganda campaigns that thrived on Twitter and Facebook ahead of the 2016 U.S. presidential election is now routine on every major social media platform, though it’s rare for individual accounts to go as viral now as they once did.

Those influence operations often create matching accounts on multiple sites, which vary drastically in their moderation policies. Accounts from one pro-Russia campaign that Meta, the owner of Facebook, cracked down on late last year, an English-language news influencer persona called “People Say,” are still live on other platforms, though some are dormant.

A “People Say” account on X is still visible, but it has only 51 followers and hasn’t posted in almost a year. Its counterpart on Telegram, which has become a home for some Americans on the far right, is still actively posting divisive content and has almost 5,000 subscribers.

A perfect storm

Moscow and its proxies have long sought to exploit divisions in American society. But experts and former U.S. officials said Trump’s false claims that the 2020 election was stolen, the country's deepening political polarization and sharp cuts in disinformation and election integrity teams at X and other platforms provide fertile ground to spread confusion, division and chaos.

“In many ways it’s a perfect storm of opportunity for them,” said Paul Kolbe, who worked for 25 years in the CIA’s Directorate of Operations and is now a fellow at Harvard’s Belfer Center for Science and International Affairs. “I think, for a lot of reasons, we will see the same approach, but amplified and, I think, with some of the constraints that you might have seen taken off."

In the 2022 midterm elections, Russia primarily targeted the Democratic Party to weaken U.S. support for Ukraine, as it most likely blames Biden for forging a unified Western alliance backing Kyiv, according to a recently released U.S. intelligence assessment.

In what appears to be an effort to deepen divisions, Russia has amplified the political dispute between the Biden administration and Texas Gov. Greg Abbott over security at the Texas border over the past month. Russian politicians, bloggers, state media and bots have promoted the idea that America is headed to a new “civil war.”

It was a quintessential move by a Russian regime with a long tradition of trying to manipulate existing political rifts, like immigration, to its advantage, experts said.

But there’s so far no sign that Russia’s disinformation operation in Texas has had any significant impact, said Emerson Brooking, a senior fellow at the Digital Forensic Research Lab at the Atlantic Council.

“So far, Russian operations targeting the U.S. have been opportunistic. They see whatever narrative is rising to the top, and they try to push it,” Brooking said. “Disinformation isn’t created in a vacuum. The more polarized a country is, the easier it is for foreign actors to infiltrate and hijack its political processes.”

The artificial intelligence threat

The bigger Russian threat to the 2024 election, Brooking and other experts said, could prove to be artificial intelligence-created fake audio.

An orchestrated deepfake or leak may not unfold on the national stage; instead, it could target a particularly crucial swing state or district, experts said. It might aim to discourage some voters from going to the polls or sow distrust about the accuracy of ballot counting.

The most likely disinformation scenario will be “hyper-personalized, localized attacks,” said Miles Taylor, a senior Trump administration homeland security official who has warned of the risks of another Trump presidency.

Deepfake audio, which is easy to create and difficult to detect, has been used in recent elections in multiple countries. In the U.S. last month, a fake Joe Biden robocall told New Hampshire Democrats not to vote in the state's primary. In the United Kingdom in November, a fake audio of London Mayor Sadiq Khan called for pro-Palestinian marches.

And two days before Slovakia’s parliamentary elections in September, a fake audio clip purported to show the leader of a pro-Western political party discussing how to rig the election. The audio was eventually debunked, and it’s unclear what effect it had on the election. But a pro-Russia party opposing aid to Ukraine won the most votes.

While an emerging cottage industry claims that software can identify whether audio or video is authentic or a deepfake, such programs are often wrong.

Past Russian efforts

Alleged Russian information operations against Ukraine over the past two years open a window into some of the Kremlin’s tactics.

A study published Wednesday by the Slovakian cybersecurity company ESET found that a pro-Russia campaign has been spamming Ukrainians with false and dispiriting emails about the war with claims of heating and food shortages.

In a coordinated effort near the start of Russia’s invasion in 2022, cyberattacks temporarily knocked key Ukrainian websites offline, while residents received spam texts telling them that ATMs in the country were down.

Other apparent Russian efforts to sow division are much simpler.

Last year, celebrities who sell personalized videos on the website Cameo, including Priscilla Presley, Mike Tyson and Elijah Wood, were tricked into inadvertently recording messages that denigrated two major enemies of the Kremlin, Ukrainian President Volodymyr Zelenskyy and Moldovan President Maia Sandu.

The messages were overlaid with text falsely claiming that the celebrities were calling for those leaders to step down. Representatives for Wood and Presley said the celebrities recorded the videos thinking they were helping a fan with addiction. A representative for Tyson said the videos of him were fake.

In the American mainstream

In the U.S., though, Russia’s propaganda themes are now often echoed in comments from some Republican lawmakers and pro-Trump commentators, including the portrayal of Ukraine’s government as deeply corrupt.

The adoption of Russian state rhetoric in America’s political debate is a victory for Moscow, experts said. Putin’s goal is to spread doubt and division among Americans.

“An equally nice outcome for them is just what we had last time, where a third of the country doesn’t believe the vote,” Schafer said. “Democracy is questioned; the system gets questioned. So they don’t necessarily need to see their guy win to have it be a good outcome for them.”

It remains extraordinarily difficult for a remote cyberattack to take over voting systems in the U.S. and change vote counts. The American intelligence assessment of the 2022 midterms found no indication that Russia had tried to hack into election systems or ballot counting that year.

But Kolbe, the former CIA directorate of operations official, said the Kremlin would most likely see trying to penetrate U.S. voting systems as a low-risk undertaking.

“I don’t see any reason why they wouldn’t,” he said. “You’d be hard-pressed to find where they would see the risk part of the equation. It gets close to zero.”

Such interference could come with plausible deniability. On the day of the 2022 midterm elections, the Mississippi secretary of state’s website, which hosts the official polling place finder for voters in Mississippi, was knocked offline most of the day after pro-Kremlin hacktivists on Telegram called for supporters to join in a low-level cyberattack against it.

Still, U.S. officials and disinformation analysts say Russia’s ability to manipulate voters shouldn’t be overstated. When it comes to spreading disinformation and fueling distrust in election authorities and election results, the biggest threat comes from within America’s fractured, polarized society, not from the outside.

“I am very skeptical, whether it’s 2016 or 2024, that the United States political and media culture needs any push from Russia,” said Gavin Wilde, a senior fellow at the Carnegie Endowment for International Peace, who specializes in Russia and information warfare.

“The Kremlin has every interest in seeing an American public, or American leadership, that’s less inclined to support Ukraine, that’s less inclined to punish Russia. Those incentives are certainly there,” he said. “But we’re already doing a pretty good job of that at home. I don’t know how much of a nudge the Kremlin thinks it needs to lend it.”

6 Digital Privacy Myths Debunked: How to Really Stay Safe Online - Technology Org

New Post has been published on https://thedigitalinsider.com/6-digital-privacy-myths-debunked-how-to-really-stay-safe-online-technology-org/

6 Digital Privacy Myths Debunked: How to Really Stay Safe Online - Technology Org

The internet is evolving every day, even in ways that we can’t see. This is because global communities of hackers are making greater advancements in the world of malware. International cybersecurity firms and government agencies do their best to detect and respond to cyberattacks, but it’s up to individuals to protect themselves as well.

Image credit: Fábio Lucas via Unsplash, free license

The best place to start is by ensuring you’re operating with all the right information. But there are a lot of dangerous myths and misconceptions out there about cybersecurity. If you’re building your digital privacy strategy on a foundation of fallacies, then you could be vulnerable to hacking activity without even knowing it. 

That’s why we’ll be debunking six of the most common digital privacy myths today. 

1. Using a private browser provides a private connection

Just because you’re using incognito mode doesn’t mean you’re really incognito. Contrary to popular belief, private browsers can still maintain details of your browsing history. How so? Although a private browser doesn’t save cookies or your browser history, it does maintain DNS data storage. This means that hackers may still be able to tap into your DNS storage to see what sites you visited. Yes, even on a private browser.

The most secure way to ensure you’re not being tracked is to use a tracker blocker. This is a nifty digital tool that helps prevent third-party web trackers from following you from page session to page session. Alongside bolstering your digital security, tracker blockers can also reduce the number of targeted ads you see online. This is ideal for anybody looking to browse with zero distractions and greater peace of mind.

2. Investing in just one cybersecurity measure will keep you safe

Does your front door have one or two locks? Chances are that many of us have both a key-access lock as well as a deadlock. Yes, that deadlock may not be necessary 99% of the time, but it sure does provide peace of mind. Cybersecurity measures work the same way.

Only relying on one cybersecurity measure is the same as putting all your hopes into one lock. But with enough determination, any lockpicker can surpass one security measure. So make sure there’s another barrier or two in place to ensure they don’t get to experience that instant gratification.

It’s recommended that you invest in at least 2-3 of the following digital security measures:

Antivirus software

VPN

Firewall (for your home/office network)

Password manager

Alongside these cybersecurity measures, it’s also imperative that you set up multi-factor authentication (MFA) on all your digital accounts. This ensures that hackers will need more than just your password to access your accounts. They will also need access to your email address or mobile phone number. And they’re less likely to have access to your inbox or SMS text messages.

3. Public WiFi networks are secure if they’re password-protected

Accessing the web while you’re travelling can always feel tricky. Even if you’ve invested in an international or local SIM, it’s still not ideal to rely on hotspotting everywhere you go. You just won’t have enough mobile battery to last you across the day. And whilst it may be tempting to connect to your hotel WiFi, sadly, there’s still no guarantee that it’s safe to do so, even if it is password-protected.

This is because hackers can do clever things like set up duplicate networks with the same credentials nearby. If you log into the wrong network, you could risk all of your user and device data falling into the wrong hands.

Similarly, some hackers may even be monitoring genuine hotel or restaurant/cafe WiFi networks. All they need is to have booked a room or a table once to gain access to the network password. Simply put, the network may be password-protected, but you don’t know who can access those credentials.

When in doubt, just rely on your hotspot connection. Or better still – use a VPN to make sure that your network connection stays encrypted and secure. That way, you can access the internet while on the go without sacrificing your digital safety or your phone’s battery life.

4. Only IT professionals are responsible for maintaining cybersecurity measures

Did you ever hear the story of a corporation brought to its knees by an administrative worker bringing in a USB she found in a car park? The simple act of plugging in this USB (which turned out to be a rubber ducky) allowed hackers to gain front-door access to that company’s data. It’s much harder to stop a cyberattack when you’ve welcomed it into the building.

Because of this, IT professionals have been encouraged to spearhead cybersecurity education initiatives in businesses. Yes, your IT team is responsible in that they have information to share. But once that information is shared and you’re well aware of your company’s cybersecurity policies, it’s up to you to do your part. Cybersecurity is a shared effort, and without every user and device on board, there will be cracks in your home or office network that opportunistic hackers can take advantage of.

5. Devices are safe from cyberattacks when they’re offline

As we mentioned above, even plugging in connected hardware can invite malware onto your devices. So, do away with this myth entirely because it’s been busted long ago! Hackers can upload malicious software and spyware onto a range of connected devices. This includes external storage drives (i.e. USB sticks and hard drives) and CDs. 

Even if your device is offline, hackers can still find ways to expose your devices to spyware that allows for remote monitoring. If their monitoring systems don’t work online, they can lay in wait until your device does connect to the web again. At that point, your hacker can take total remote control over your device.

So keep an eye out for any suspicious hardware or even software packages that look like they may be plagiarised or pirated. These hardware and software offerings can mask viruses like Trojan Horses, which can wreak havoc on your devices, whether they’re online or offline. It all depends on what code they’re programmed to run.

6. Hackers only target big companies

Lastly, if you believe that cybercriminals only go after whales, then you’re sorely mistaken. Although there are hackers out there who focus on hunting ‘whales,’ there are still tens of thousands more out there who go after little fish. Think about it – by widening your net, you can ensnare more victims. Securing financial or other valuable personal data from 200 people could likely provide a similar profit to securing data from a big company.

This is especially true if those 200 people haven’t invested in their cybersecurity measures. So don’t make yourself an easy target! With just a few dynamic security measures in place (i.e. a VPN and 2FA or MFA), you can make your accounts ‘not worth the hassle’ and prompt hackers to look for lower-hanging fruit.

A Few Final Words

How many of these digital privacy myths have you known to be debunked yourself? And are there any that took you by surprise? If so, then now is the perfect time to assess your cybersecurity measures and see how you can improve your digital safety.

PHONE HACKER, FOR REMOTELY ACCESSING SMARTPHONES > FOLKWIN EXPERT RECOVERY.

You can be very sure to reach Folkwin Expert Recovery and contact them through this Email: FOLKWINEXPERTRECOVERY { @ } TECH-CENTER { dot } COM Or WhatsApp: +1 {769} - 280 - 0965 Telegram: @Folkwin_expert_recovery. ln a world where technology plays a significant role in our lives, the discovery of infidelity through digital means has become  increasingly common. With the emergence of advanced tools and techniques, one such solution that has gained attention is Folkwin Expert Recovery. This article aims to introduce you to the capabilities of Folkwin Expert Recovery and how it claims to expose a cheating spouse by hacking their phone to gain access to messages. A leading-edge program called Folkwin Expert Recovery can assist you in revealing the truth that may be hiding in the shadows of your online life. It's similar to having a Folkwin at your side who is prepared to perform magic and divulge previously unknown information. Using advanced techniques and algorithms, Folkwin Expert Recovery  can access and retrieve data from various sources, including smartphones. It delves into the labyrinth of technology, navigating through firewalls and encryption to uncover messages and information that may have been hidden or deleted. Phone hacking might sound like something out of a Hollywood movie, but it's a real phenomenon that has become more prevalent in our digital age. It involves gaining unauthorized access to someone's device to retrieve or manipulate data, such as messages, photos, or call logs. When it comes to choosing a tech team to help you gather evidence of your suspicions, doing your research is crucial. Start by looking into the team's track record and client testimonials. Have they successfully assisted others in similar situations? Do their clients speak highly of their work? Reading reviews and testimonials can give you valuable insights into their reputation and expertise. Certifications and industry recognition are important indicators of a tech team's expertise and professionalism. Look for teams that have relevant certifications and memberships in professional organizations. These credentials demonstrate that they have met certain standards and are committed to staying up-to-date with the latest industry practices. A reputable team will proudly display their certifications and any industry awards they have received. Their proficiency in digital forensics allows them to navigate through complex digital footprints, ensuring no stone is left unturned. Moreover, working with a specialized team like Folkwin Expert Recovery means you're partnering with experts who understand the nuances of relationship investigations. Their experience and knowledge in this specialized field give you an added advantage in gathering the evidence you need. Remember, the journey of uncovering infidelity is not an easy one, but with the right team by your side, you can gain the clarity and evidence you seek. Folkwin Expert Recovery is here to provide an unmatched level of expertise and support to help you through this challenging time. I send my regards, Sophia Taylor.

If you live in Russia, there’s no avoiding Yandex. The tech giant—often referred to as “Russia’s Google”—is part of daily life for millions of people. It dominates online search, ride-hailing, and music streaming, while its maps, payment, email, and scores of other services are popular. But as with all tech giants, there’s a downside of Yandex being everywhere: It can gobble up huge amounts of data.

In January, Yandex suffered the unthinkable. It became the latest in a short list of high-profile firms to have its source code leaked. An anonymous user of the hacking site BreachForums publicly shared a downloadable 45-gigabyte cache of Yandex’s code. The trove, which is said to have come from a disgruntled employee, doesn’t include any user data but provides an unparalleled view into the operation of its apps and services. Yandex’s search engine, maps, AI voice assistant, taxi service, email app, and cloud services were all laid bare.

The leak also included code from two of Yandex’s key systems: its web analytics service, which captures details about how people browse, and its powerful behavioral analytics tool, which helps run its ad service that makes millions of dollars. This kind of advertising system underpins much of the modern web’s economy, with Google, Facebook, and thousands of advertisers relying on similar technologies. But the systems are largely black holes.

Now, an in-depth analysis of the source code belonging to these two services, by Kaileigh McCrea, a privacy engineer at cybersecurity firm Confiant, is shedding light on how the systems work. Yandex’s technologies collect huge volumes of data about people, and this can be used to reveal their interests when it is “matched and analyzed” with all of the information the company holds, Confiant’s findings say.

McCrea says the Yandex code shows how the company creates household profiles for people who live together and predicts people's specific interests. From a privacy perspective, she says, what she found is “deeply unsettling.” “There are a lot of creepy layers to this onion,” she says. The findings also reveal that Yandex has one technology in place to share some limited information with Rostelecom, the Russian-government-backed telecoms company.

Yandex’s chief privacy officer, Ivan Cherevko, in detailed written answers to WIRED’s questions, says the “fragments of code” are outdated, are different from the versions currently used, and that some of the source code was “never actually used” in its operations. “Yandex uses user data only to create new services and improve existing ones,” and it “never sells user data or discloses data to third parties without user consent,” he says.

However, the analysis comes as Russia’s tech giant is going through significant changes. Following Russia’s full-scale invasion of Ukraine in February 2022, Yandex is splitting its parent company, based in the Netherlands, from its Russian operations. Analysts believe the move could see Yandex in Russia become more closely connected to the Kremlin, with data being put at risk.

“They have been trying to maintain this image of a more independent and Western-oriented company that from time to time protested some repressive laws and orders, helping attract foreign investments and business deals,” says Natalia Krapiva, tech-legal counsel at digital rights nonprofit Access Now. “But in practice, Yandex has been losing its independence and caving in to the Russian government demands. The future of the company is uncertain, but it’s likely that the Russia-based part of the company will lose the remaining shreds of independence.”

Data Harvesting

The Yandex leak is huge. The 45 GB of source code covers almost all of Yandex’s major services, offering a glimpse into the work of its thousands of software engineers. The code appears to date from around July 2022, according to timestamps included within the data, and it mostly uses popular programming languages. It is written in English and Russian, but also includes racist slurs. (When it was leaked in January, Yandex said this was “deeply offensive and completely unacceptable,” and it detailed some ways that parts of the code broke its own company policies.)

McCrea manually inspected two parts of the code: Yandex Metrica and Crypta. Metrica is the firm’s equivalent of Google Analytics, software that places code on participating websites and in apps, through AppMetrica, that can track visitors, including down to every mouse movement. Last year, AppMetrica, which is embedded in more than 40,000 apps in 50 countries, caused national security concerns with US lawmakers after the Financial Times reported the scale of data it was sending back to Russia.

This data, McCrea says, is pulled into Crypta. The tool analyzes people’s online behavior to ultimately show them ads for things they’re interested in. More than 300 “factors” are analyzed, according to the company’s website, and machine learning algorithms group people based on their interests. “Every app or service that Yandex has, which is supposed to be over 90, is funneling data into Crypta for these advertising segments in one form or another,” McCrea says.

Some data collected by Yandex is handed over when people use its services, such as sharing their location to show where they are on a map. Other information is gathered automatically. Broadly, the company can gather information about someone’s device, location, search history, home location, work location, music listening and movie viewing history, email data, and more.

The source code shows AppMetrica collecting data on people’s precise location, including their altitude, direction, and the speed they may be traveling. McCrea questions how useful this is for advertising. It also grabs the names of the Wi-Fi networks people are connecting to. This is fed into Crypta, with the Wi-Fi network name being linked to a person’s overall Yandex ID, the researcher says. At times, its systems attempt to link multiple different IDs together.

“The amount of data that Yandex has through the Metrica is so huge, it's just impossible to even imagine it,” says Grigory Bakunov, a former Yandex engineer and deputy CTO who left the company in 2019. “It's enough to build any grouping, or segmentation of the audience.” The segments created by Crypta appear to be highly specific and show how powerful data about our online lives is when it is aggregated. There are advertising segments for people who use Yandex’s Alice smart speaker, “film lovers” can be grouped by their favorite genre, there are laptop users, people who “searched Radisson on maps,” and mobile gamers who show a long-term interest.

McCrea says some categories stand out more than others. She says a “smokers” segment appears to track people who purchase smoking-related items, like e-cigarettes. While “summer residents” may indicate people who have holiday homes and uses location data to determine this. There is also a “travelers” section that can use location data to track whether they have traveled from their normal location to another—it includes international and domestic fields. One part of the code looked to pull data from the Mail app and included fields about “boarding passes” and “hotels.”

Some of this information “doesn’t sound that unusual” for online advertising, McCrea says. But the big question for her is whether creating personalized adverting is a good enough reason to collect “this invasive level of information.” Behavioral advertising has long followed people around the web, with companies hoovering up people’s data in creepy ways. Regulators have failed to get a grip on the issue, while others have suggested it should be banned. “When you think about what else you could do, if you can make that kind of calculation, it's kind of creepy, especially in Russia,” McCrea says. She suggests it is not implausible to create segments for military-aged men who are looking to leave Russia.

Yandex’s Cherevko says that grouping users by interests is an “industry standard practice” and that it isn’t possible for advertisers to identify specific people. Cherevko says the collection of information allows people to be shown specific ads: “gardening products to a segment of users who are interested in summer houses and car equipment to those who visit gas stations.” Crypta analyzes a person’s online behavior, Cherevko says, and “calculates the probability” they belong to a specific group.

“For Crypta, each user is represented as a set of identifiers, and the system cannot associate them with a natural person in the real world,” Cherevko claims. “This kind of set is probabilistic only.” He adds that Crypta doesn’t have access to people’s emails and says the Mail data in the code about boarding passes and hotels was an “experiment.” Crypta “received only de-identified information about the category from Mail,” and the method has not been used since 2019, Cherevko says. He adds that Yandex deletes “user geolocation” collected by AppMetrica after 14 days.

While the leaked source code offers a detailed view of how Yandex’s systems may operate, it is not the full picture. Artur Hachuyan, a data scientist and AI researcher in Russia who started his own firm doing analytics similar to Crypta, says he did not find any pretrained machine learning models when he inspected the code or references to data sources or external databases of Yandex’s partners. It’s also not clear, for instance, which parts of the code were not used.

McCrea’s analysis says Yandex assigns people household IDs. Details in the code, the researcher says, include the number of people in a household, the gender of people, and if they are any elderly people or children. People’s location data is used to group them into households, and they can be included if their IP addresses have “intersected,” Cherevko says. The groupings are used for advertising, he says. “If we assume that there are elderly people in the household, then we can invite advertisers to show them residential complexes with an accessible environment.”

The code also shows how Yandex can combine data from multiple services. McCrea says in one complex process, an adult’s search data may be pulled from the Yandex search tool, AppMetrica, and the company’s taxi app to predict whether they have children in their household. Some of the code categorizes whether children may be over or under 13. (Yandex’s Cherevko says people can order taxis with children’s seats, which is a sign they may be “interested in specific content that might be interesting for someone with a child.”)

One element within the Crypta code indicates just how all of this data can be pulled together. A user interface exists that acts as a profile about someone: It shows marital status, their predicted income, whether they have children, and three interests—which include broad topics such as appliances, food, clothes, and rest. Cherevko says this is an “internal Yandex tool” where employees can see how Crypta’s algorithms classify them, and they can only access their own information. “We have not encountered any incidents related to access abuse,” he says.

Government Influence

Yandex is going through a breakup. In November 2022, the company’s Netherlands-based parent organization, Yandex NV, announced it will separate itself from the Russian business, following Russia’s invasion of Ukraine. Internationally, the company, which will change its name, is planning to develop self-driving technologies and cloud computing, while divesting itself from search, advertising, and other services in Russia. Various Russian businessmen have been linked to the potential sale. (At the end of July, Yandex NV said it plans to propose its restructuring to shareholders later this year.)

While the uncoupling is being worked out, Russia has been trying to consolidate its control of the internet and increasing censorship. A slew of new laws requires more companies and government services in the country to use home-grown tech. For instance, this week, Finland and Norway’s data regulators blocked Yandex’s international taxi app from sending data back to Russia due to a new law, which comes into force in September, that will allow the Federal Security Service (FSB) access to taxi data.

These nationalization efforts coupled with the planned ownership change at Yandex are creating concerns that the Kremlin may soon be able to use data gathered by the company. Stanislav Shakirov, the CTO of Russian digital rights group Roskomsvoboda and founder of tech development organization Privacy Accelerator, says historically Yandex has tried to resist government demands for data and has proved better than other firms. (In June, it was fined 2 million rubles ($24,000) for not handing data to Russian security services.) However, Shakirov says he thinks things are changing. “I am inclined to believe that Yandex will be attempted to be nationalized and, as a consequence, management and policy will change,” Shakirov says. “And as a consequence, user data will be under much greater threat than it is now.”

Bakunov, the former Yandex engineer, who reviewed some of McCrea’s findings at WIRED’s request, says he is scared by the potential for the misuse of data going forward. He says it looks like Russia is a “new generation” of a “failed state,” highlighting how it may use technology. “Yandex here is the big part of these technologies,” he says. “When we built this company, many years ago, nobody thought that.” The company’s head of privacy, Cherevko, says that within the restructuring process, “control of the company will remain in the hands of management.” And its management makes decisions based on its “core principles.”

But the leaked code shows, in one small instance, that Yandex may already share limited information with one Russian government-linked company. Within Crypta are five “matchers” that sync fingerprinting events with telecoms firms—including the state-backed Rostelecom. McCrea says this indicates that the fingerprinting events could be accessible to parts of the Russian state. “The shocking thing is that it exists,” McCrea says. “There's nothing terribly shocking within it.” (Cherevko says the tool is used for improving the quality of advertising, helping it to improve its accuracy, and also identifying scammers attempting to conduct fraud.)

Overall, McCrea says that whatever happens with the company, there are lessons about collecting too much data and what can happen to it over time when circumstances change. “Nothing stays harmless forever,” she says.

This day in history

Today (May 7), I’m in Berkeley at the Bay Area Book Festival for an 11AM event with Wendy Liu for my book Chokepoint Capitalism.

Weds (May 10), I’m in Vancouver for a keynote at the Open Source Summit and a book event for Red Team Blues at Heritage Hall and Thu (May 11), I’m in Calgary for Wordfest.

#20yrsago Future of Music coalition open letter on media consolidation https://web.archive.org/web/20030504023803/http://www.futureofmusic.org/news/fccmusicianletter.cfm

#20yrsago The Web makes writing better https://web.archive.org/web/20030509221227/http://www.guardian.co.uk/online/story/0,3605,950915,00.html

#20yrsago A (dangerous) primer on hardware hacking https://hackingthexbox.com

#15yrsago House passes bill that will let the RIAA take away your home for downloading music https://www.govinfo.gov/content/pkg/BILLS-110hr4279rh/pdf/BILLS-110hr4279rh.pdf

#15yrsago Using a record-cutter to turn old CDs into 45RPM singles https://web.archive.org/web/20080502021126/http://www.futuresonic.com/08/art/cdrecycled/

#15yrsago BBC sends legal threat over fan’s Dr Who knitting patterns https://www.openrightsgroup.org/blog/bbc-removes-doctor-who-fans-knitting-patterns-from-the-web/

#15yrsago Band “shoots” video by sending Data Protection Act requests to CCTVs that caught them performing https://web.archive.org/web/20080510192510/http://www.telegraph.co.uk/news/newstopics/howaboutthat/1938076/The-Get-Out-Clause%2C-Manchester's-stars-of-CCTV-cameras.html

#15yrsago RIAA says DRM is coming back — in the future, you won’t own music https://arstechnica.com/tech-policy/2008/05/if-music-drm-is-dead-the-riaa-expects-its-resurrection/

#15yrsago UK blacklist of “suspicious” store clerks includes people never charged or convicted https://news.bbc.co.uk/2/hi/uk_news/magazine/7389547.stm

#15yrsago HOWTO detect hidden video cameras https://www.instructables.com/How-to-locate-pinhole-cameras

#10yrsago Hedge fund managers suck at making money (for you) https://www.cnbc.com/id/100718881

#10yrsago HOWTO build a working digital computer out of paperclips (and stuff) https://memex.craphound.com/2013/05/08/howto-build-a-working-digital-computer-out-of-paperclips-and-stuff/

#10yrsago Disney files trademark application for “Dia de Los Muertos” https://web.archive.org/web/20130508212616/http://www.stitchkingdom.com/disney-dia-de-los-muertos-trademark-62484/

#10yrsago Faced with excommunication threat, Irish PM explains separation of church and state to Cardinal https://www.irishtimes.com/news/politicians-have-responsibility-to-legislate-on-abortion-issue-1.1383262

#5yrsago Georgia’s governor has vetoed SB 315, the state’s catastrophically stupid cybersecurity law https://www.eff.org/deeplinks/2018/05/victory-georgia-governor-vetoes-short-sighted-computer-crime-law

#5yrsago Equifax finally publishes a tally of what got breached when it left 146.6 million credit files unsecured https://arstechnica.com/information-technology/2018/05/equifax-breach-exposed-millions-of-drivers-licenses-phone-numbers-emails/

#5yrsago Over 55,000 security camera DVRs are vulnerable to an exploit so simple it fits in a tweet https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/

#5yrsago Jeff Sessions tells border guards to separate children from their parents https://www.alternet.org/2018/05/jeff-sessions-says-border-agents-will-separate-undocumented-kids-their-families

#5yrsago An upcoming Supreme Court ruling could force all workers into forced arbitration, deprived of the right to class lawsuits https://www.epi.org/blog/the-supreme-court-is-poised-to-make-forced-arbitration-nearly-inescapable/

#5yrsago Welsh police deployed facial recognition tech with a 92% false positive rate, but they’re sure it’s fine https://arstechnica.com/tech-policy/2018/05/uk-police-say-92-percent-false-positive-facial-recognition-is-no-big-deal/

#5yrsago Should I use an algorithm here? EFF’s 5-point checklist https://www.eff.org/deeplinks/2018/05/math-cant-solve-everything-questions-we-need-be-asking-deciding-algorithm-answer

#5yrsago Google announces ad-ban for sleazy bail-bonds companies https://arstechnica.com/tech-policy/2018/05/first-google-banned-payday-loan-ads-now-it-will-ban-bail-bond-ads/

#5yrsago AT&T to the Supreme Court: “Fuck the FTC” https://arstechnica.com/tech-policy/2018/05/att-will-ask-supreme-court-to-cripple-the-ftcs-authority-over-broadband/

#5yrsago Here’s why everyone in the world just emailed you a new privacy policy https://www.eff.org/deeplinks/2018/05/why-am-i-getting-all-these-terms-service-update-emails

Catch me on tour with Red Team Blues in Berkeley, Vancouver, Calgary, Toronto, DC, Gaithersburg, Oxford, Hay, Manchester, Nottingham, London, and Berlin!

What is Jailbreaking : Pros and Cons

Jailbreaking lets you install non-official software on a locked device. By jailbreaking, the device owner can access the OS root and all features. It’s called jailbreaking because it removes perceived restrictions.

What is jailbreaking? Most people refer to jailbreaking the iPhone, the most “locked down” mobile device. Early iPhones had no app store and fewer iOS options. The first iPhone was only available on AT&T in the US, so users needed a jailbroken iPhone for other carriers.

Learn if iPhone jailbreaking is worth it and how to fix a jailbroken iPhone in this video:

Apple’s ‘walled garden’ software has always contrasted with Android’s customization. Many jailbreakers want Android-like iOS. Jailbreaking lets users install unapproved apps and customize the interface.

Since its inception, jailbreaking has involved adapting phone and game console codes. It can mean installing custom mobile software or removing movie DRM. It usually refers to Apple products. The iPad and iPod Touch can be jailbroken.

Jailbreaking is sometimes confused with “cracking” (software) and “rooting” (phones). Rooting removes manufacturer protections to install alternative mobile operating systems, like a jailbreak. Many people jailbreak Amazon Firesticks, Roku streaming boxes, and Nintendo Switches to run media software and emulated games instead of the built-in apps.

A jailbroken iPhone or iPad can use the App Store without affecting its core features. Jailbroken devices download apps Apple rejected or use jailbreaking features from independent app stores. After jailbreaking iOS devices, Cydia, a storefront, is most popular.

Hacking forums and sites offer free jailbreak codes to promote unrestricted device use. Although technical knowledge is helpful, most jailbreaks include full instructions and desktop tools to apply the new code.

Sometimes jailbreaking is “tethered” or “untethered”:

Tethered jailbreaks require an on iOS device and computer. Jailbreaking the iPhone requires a computer and software. Untethered jailbreaks : Jailbreaks without computers. Everything needed to jailbreak iPhone is on it. Booting off a computer doesn’t jailbreak it. Since iPhone apps have OS access, jailbreaking is less popular. Apple publicly opposes jailbreaking, so it has fixed jailbreak vulnerabilities in hardware and software, making many iOS versions hard to jailbreak.

Is jailbreaking safe? Phone jailbreaking is legal but risky. Online criminals can hack jailbroken phones.

Jailbreaking your phone abandons Apple security. Side-loaded apps are unsafe in Apple’s App Store because it doesn’t screen them. Jailbreaking your phone disables iOS updates, including security updates, leaving you vulnerable to new threats.

Apple prohibits jailbreaking iOS and warns users of risks, including:

Security holes Stability issues Possible freezes, crashes Shorter battery life Apple discourages iPhone and iOS device jailbreaking. iPhone viruses are rare and usually caused by jailbreaking. Jailbreaking voids your warranty, so fix phone issues.

You should also consider phone ownership and content. Does your boss own the phone? Your work email linked? Your data and company are at risk from malware. Your company is vulnerable to cyberattacks from jailbroken phones.

Companies that give employees mobile devices usually protect company data. Locking down phones to allow certain features, updating devices and apps, and installing a mobile device agent to detect jailbroken phones are examples.

Pros and cons of jailbreaking Jailbreak benefits Increased device control Apple aims for a unified design. If that’s too restrictive, jailbreak your phone to add icons, wallpapers, and menus. Instead of Apple or anyone else, you become full device administrator. Install screensavers or icons on your iPhone home screen. Jailbreaking allows you to connect your iPad to your PC and control what you see and do by allowing file system access and device communication.

Install and use unauthorized apps Apple removes App Store apps for security. Jailbreaking installs non-App Store apps. The most popular jailbroken phone storefront, Cydia, lets you install games and networking apps. Also banned from Apple’s app store are retro gaming emulators, which let you play older computer games for free. However, Cydia provides them free.

Remove pre-installed apps You can’t change or delete iOS’s default apps like Apple Watch, Weather, Games Center, etc. Non-users dislike these apps’ memory usage. Replace Apple’s default apps with third-party ones with jailbreaking. Siri can use Google Maps instead of Apple Maps for directions.

Extra anti-theft features Some jailbreakers say it boosts anti-theft. Find My iPhone doesn’t work in airplane mode, off, or offline. The jailbreak app iCaughtU claims to outperform Find My iPhone. The front-facing camera emails the owner a photo of a thief who enters the wrong passcode.

Cons of jailbreaking Stop auto-updates Apple will stop automatic updates. Each iOS version requires the jailbreaking community’s hack. Since jailbreaking each iOS version takes time, you can’t update your jailbroken phone until the latest update is jailbroken. Major updates may make jailbreaking difficult.

Problem updating software Several unauthorized modifications have rendered iPhones inoperable after iOS updates.

Voiding phone warranty The iOS end-user software license agreement prohibits unauthorized iOS modifications. Unauthorized software may prevent Apple from servicing an iPhone, iPad, or iPod touch. If your jailbroken device breaks, Apple may deny repairs.

Shorter battery life Hacked software drains iPhone, iPad, and iPod touch batteries faster.

Your phone could brick Bricked phones cannot boot, respond to input, or make calls. Jailbreaking does not brick the phone, but it poses risks.

Content or services may disappear Due to the loss of iCloud, iMessage, FaceTime, Apple Pay, Weather, and Stocks, jailbreaking a phone for more content can backfire. Third-party apps using Apple Push Notification Service have had trouble receiving notifications or received notifications from hacked devices. Push services like iCloud and Exchange have server synchronization issues. Third-party providers may block jailbroken devices.

Your phone may crash more Your jailbroken iPhone or iPad may crash more. Jailbroken apps can access features and APIs Apple-approved apps cannot, so they may not be tested. The device may crash frequently, freeze built-in and third-party apps, and lose data.

Unreliable voice and data Jailbreaking can cause dropped calls, unreliable data, and inaccurate location data.

Data breaches Hackers accessed 225,000 jailbreakers’ iCloud accounts. Security vulnerabilities in jailbreaking allowed hackers to hack devices.

Security can be compromised iOS is one of the most secure mobile operating systems because it’s closed to protect your data and system. Jailbreaking your phone increases hackers’ chances of stealing data, damaging it, attacking your network, or installing malware, spyware, or viruses.

Security risks of jailbreaking Security risks arise from jailbreaking phones. Jailbreak gives you more device control, but apps get more control. These apps requesting root access pose the greatest security risks. Malware can gain root access to all data.

Jailbreaking bypasses Apple’s “walled garden”. Because jailbroken phones bypass Apple’s app vetting, viruses and malware are more likely. Jailbreaking allows free app and game piracy. This means you trust app developers over Apple.

Jailbroken iPhones can compromise bank account, password, and social media data. This risk was highlighted by KeyRaider, which stole 225,000 Apple IDs and thousands of certificates, private keys, and purchasing receipts. The victims reported abnormal app purchases and ransomware-locked phones.

Jailbroken Malware and bugs can crash iPhones and disable important features. Smartphones raise mobile crime risk. You must monitor new threats and scams and install comprehensive mobile security.

Read more on Govindhtech.com

Marketing in the Margins: Hidden Hacks for Maximum Impact

In the fast-paced digital age, standing out from the crowd can feel insurmountable, especially for small businesses with limited resources. However, by strategically marketing in the margins – leveraging unconventional, often overlooked tactics – you can penetrate niche markets and make a significant impact. Let’s explore some of these hidden hacks tailored to small businesses unique needs and strengths.

Harnessing the Power of Micro-Influencers

Influencer marketing isn’t only for big brands with deep pockets. Micro-influencers, those with a following of 1,000 to 50,000, can offer small businesses a cost-effective way to reach potential customers. Despite their smaller audiences, micro-influencers often have a dedicated community of followers who trust their opinions. Establishing partnerships with these influencers can foster authentic connections with audiences you might not otherwise reach.

Leveraging User-Generated Content (UGC)

User-generated content (UGC), created and shared by consumers about a brand or product, is often a valuable resource for small businesses. UGC provides free marketing content, builds brand credibility, and fosters community. Consumers tend to trust UGC more than traditional advertising, as it comes from real users and their genuine experiences. Here are some technical strategies to effectively leverage UGC:

UGC Campaigns on Social Media: Encourage your customers to share their experiences with your products or services on social media using a unique branded hashtag. Monitor this hashtag regularly and share select posts on your business account, making sure to credit the original poster. This not only generates content for your brand but also incentivizes other customers to share their own experiences.

UGC in Email Marketing: Incorporate UGC into your email marketing campaigns. For example, your newsletters could feature customer reviews, photos, or stories. This makes your emails more engaging and authentic, increasing the chances of clicks and conversions.

UGC on Product Pages: Consider featuring user reviews, ratings, or even user-submitted photos or videos on your product pages. This can reassure potential customers about the quality of your product and help them visualize how they might use or enjoy the product themselves.

UGC Contests: Running a UGC contest is a great way to quickly generate a large content volume. For example, you could ask customers to share photos of them using your product and offer a prize for the most creative or popular post. Not only does this generate content, but it also boosts customer engagement with your brand.

UGC Analytics: Use social listening tools to track the reach and engagement of your UGC. This can give you valuable insights into what type of content resonates most with your audience, what products or features they love, and any areas for improvement they might suggest.

Remember, obtaining the proper permissions before using UGC in your marketing materials is crucial. Always respect the rights of the content creators and adhere to the terms of service of each platform.

By leveraging these technical UGC strategies, you can create a more authentic and engaging brand presence, build stronger relationships with your customers, and gain valuable insights into their preferences and behavior.

Making the Most of SEO ‘Long-Tail’ Keywords

For small businesses, search engine optimization (SEO) is a crucial aspect of online visibility. However, competing for popular, broad keywords can be challenging, especially with a limited budget. Instead, focusing on long-tail keywords—specific, less common phrases—can attract customers further along the buying cycle and make them more likely to convert. Here’s how to make the most of long-tail keywords:

Long-Tail Keyword Research: Use tools like Google’s Keyword Planner, Moz’s Keyword Explorer, or SEMrush to research long-tail keywords relevant to your business. Look for phrases with lower competition but reasonable search volume. These keywords may not bring massive traffic, but they’ll likely attract more qualified leads.

Understand User Intent: Different keywords reflect different user intents. Some people may be looking for information (“how to train a puppy”), while others are ready to purchase (“buy puppy training kit online”). Understand the intent behind the keywords you target and ensure your content aligns with it.

Content Creation: Create high-quality content around these long-tail keywords. This could be in the form of blog posts, guides, tutorials, product descriptions, or FAQ pages. Remember, content quality is crucial for SEO, so focus on providing real value to your readers, not just keyword stuffing.

On-Page SEO: Incorporate long-tail keywords into the title, meta description, headings, and body content of your page. Also, use these keywords in the alt text for images. However, maintain a natural flow; forced or excessive use of keywords can harm your SEO and user experience.

Monitor Performance: Use an SEO analytics tool to track how your pages are ranking for the targeted long-tail keywords. If a page isn’t performing as well as you’d like, you may need to optimize the content further or address other potential SEO issues like loading speed or mobile compatibility.

By focusing on long-tail keywords, you can create a more targeted and effective SEO strategy. Though it may take time and patience, this approach can lead to higher conversion rates and a better return on your marketing investment.

Local Search Marketing

For many small businesses, the local community is the lifeblood of their operation. This is where local search marketing shines. Ensuring your business appears in local search results, including on platforms like Google My Business and Nextdoor, can significantly increase your visibility among the customers most likely to use your services or buy your products.

Nextdoor, a social networking service for neighborhoods, allows businesses to reach local customers directly within their community. On Nextdoor, you can create a business page, respond to recommendations from neighbors, and even advertise your services.

Additionally, claiming your business on Google My Business and keeping your listings consistent and updated across platforms can significantly improve your local search rankings. Encouraging customers to leave reviews can also bolster your visibility and credibility.

By leveraging these local search marketing strategies, you can connect with your local community more effectively, fostering relationships and trust that contribute to the long-term success of your business.

Utilizing Reddit for Niche Market Penetration

Reddit, a platform with a lot of user-generated content and discussions, can be a goldmine for marketing if leveraged correctly. This social media platform, often referred to as ‘the front page of the internet’, boasts a variety of niche communities (known as subreddits) where users share insights, ask questions, and engage in discussions on topics ranging from the mainstream to the obscure.

For small businesses, Reddit can provide a unique opportunity to engage directly with potential customers, gain insights into their needs and preferences, and enhance brand visibility. However, the key to Reddit marketing is authenticity and value contribution – overt self-promotion is often frowned upon. Here’s how you can use Reddit effectively:

Find Relevant Subreddits: Start by identifying subreddits that align with your business. These can be industry-specific, related to your product or service, or aligned with your target customer’s interests.

Become an Active Member: Don’t just dive in and start promoting your business. Instead, become a genuine member of the community. Engage in discussions, answer questions, provide helpful information, and establish your credibility. This builds trust and brand recognition over time.

Share Valuable Content: Once you’re an active, respected community member, you can start sharing your content – but ensure it’s valuable to the community. This could be a blog post that answers common questions, a tutorial, or even an infographic. Remember, the focus should be on providing value, not on selling.

Sponsored Posts and Ads: Reddit offers paid advertising options, including sponsored posts and display ads. These can be targeted based on user interests, location, and other factors to reach a highly relevant audience.

AMA (Ask Me Anything) Sessions: Hosting an AMA can be a great way to engage with your audience and increase brand visibility. These sessions allow Redditors to ask questions about your business, industry, or other relevant topics. AMAs require careful planning and moderation but can offer valuable engagement.

Monitor and Respond: Be sure to monitor the discussions related to your business or industry and respond promptly and professionally to comments or questions. Reddit users appreciate engaged and responsive businesses.

Remember, Reddit is a community-based platform where respect and authenticity rule. While it may take time to establish a presence, the insights, connections, and brand visibility you gain can be well worth the effort. It is a marketing hack in the margins that can significantly impact.

Retargeting Shopping Cart Abandoners

A common challenge for e-commerce businesses of all sizes is shopping cart abandonment, with research indicating that nearly 70% of online shopping carts are abandoned before the purchase is completed. Rather than viewing this as a loss, you can see it as an opportunity to re-engage potential customers and encourage them to complete their purchases. Here are some key retargeting strategies you can use:

Email Retargeting: If you have the customer’s information, an effective strategy is to send a friendly reminder email about the items left in their cart. Timing is crucial here; consider sending the first email within a few hours of abandonment and then a couple more over the next few days if they still haven’t completed their purchase.

Personalized Offers: In your retargeting emails or site banners, consider including a customized offer, such as a discount or free shipping, to incentivize the customer to complete the purchase. Use your customer data to tailor these offers based on individual shopping habits and preferences.

Retargeting Ads: Platforms like Google Ads and Facebook offer retargeting (or remarketing) services that allow you to display targeted ads to users who have visited your website or added items to their cart without completing the purchase. These ads, which can follow the user as they browse other websites or social media platforms, can be a subtle, constant reminder of the products they’ve shown interest in.

Cart Abandonment Analytics: Use analytics to understand why users abandon their carts. This could include website funnel design, the checkout process, shipping costs, or a lack of payment options. Comprehending the reasons behind cart abandonment can inform your retargeting strategies and help you address any issues on your site.

Exit-Intent Popups: Use exit-intent popups – messages that appear when a user is about to leave your site – to provide a final engagement opportunity. This could be a reminder of the items in their cart, a discount offer, or a prompt to save their cart for later.

By implementing these retargeting strategies, you can reconnect with potential customers, provide incentives to complete their purchases and recover lost sales. Be sure to test different methods and measure their effectiveness to find the best approach for your business.

Marketing in the margins entails strategic innovation beyond traditional approaches. By employing these hidden hacks tailored to small businesses, you can maximize your reach, penetrate niche markets, and realize substantial growth, all while ensuring your marketing budget is used effectively and efficiently.

A Maverick Marketer’s Arsenal: Ten (10) Affiliate Hacks for Unstoppable Success.

Hacks That Give You A Competitive Edge.

With the rising popularity of affiliate marketing, gaining a competitive edge within the market has always been a crucial goal every marketer aspires to achieve.

To become a successful affiliate marketer, separating yourself and standing out from your competitors is the most popular tactic when trying to achieve success online.

With the busy internet teeming with affiliate marketers constantly vying for the attention spans of potential customers, it’s essential to implement strategic marketing methods that provide you with an unfair advantage in the bustling marketing arena.

In this article, we’ll explore ten (10) supreme marketing hacks that can propel your affiliate efforts to new heights, eventually leading to increased success online.

The listed hacks are supported by solid proof, demonstrating their validity and influence on your marketing campaigns.

Whether you’re a seasoned affiliate marketer or a complete novice, these ten (10) hacks will create a clear path for improved conversions, increased earnings, and prolonged sustainability. With that said, let’s begin with:

Hack 1: Niche Authority: Become An Expert Within Your Field.

Recommendation: Share case studies of successful affiliates who established themselves as authorities within their niche and witnessed exponential growth in their sales. Implementation: Create high-quality, informative content that addresses your audience’s struggles, and establish a reputation as a credible source in your field of work.

Hack 2: Content Diversification: Go Beyond Blogging.

Recommendation: Showcase real examples of affiliates who diversified their content to include videos, podcasts, and social media posts, leading to a broader reach and increased engagement. Implementation: Incorporate various content formats into your strategy to cater to different audience preferences and expand your brand’s visibility.

Hack 3: Email Marketing Automation: Nurture and Convert Leads.

Recommendation: Present statistics that reveal the impact of email marketing automation on lead nurturing and conversion rates. Implementation: Use email marketing tools to create automated campaigns that engage, educate, and encourage customers to purchase.

Hack 4: Influencer Partnerships: Take Advantage or Utilize the Power of Social Proof.

Recommendation: Highlight successful business collaborations between yourself and influencers, proving the power of social proof to drive sales. Implementation: Search for influencers within your field of work and establish meaningful partnerships to connect with their loyal fan base and expand your reach.

Hack 5: SEO Optimization: Rank Higher, Earn More.

Recommendation: Cite examples of affiliates who optimized their content for search engines and experienced significant organic traffic growth. Implementation: Conduct keyword research, optimize on-page SEO elements, and build quality backlinks to enhance your search rankings.

Hack 6: Webinar Marketing: Educate and Convert.

Recommendation: Share success stories of affiliates that utilized webinars to educate their audience and boost affiliate product sales. Implementation: Host webinars that provide valuable insights and demonstrate how your promoted products can solve customer problems effectively.

Hack 7: A/B Testing: Refine Your Strategies.

Recommendation: Provide data on how A/B testing improved conversion rates for various affiliates. Implementation: Continuously test different elements of your marketing campaigns, such as headlines, CTAs, and design, to optimize for better advertising results.

Hack 8: Exit-Intent Popups: Capture Leaving Visitors.

Recommendation: Present case studies showing how exit-intent popup windows help decrease bounce rates and increase lead generation. Implementation: Use exit-intent popup windows strategically to present compelling offers and incentives that encourage visitors to stay or convert.

Hack 9: Limited-Time Offers: Create Urgency.

Recommendation:

Showcase examples of affiliates employing limited-time offers and witnessing a surge in sales during the promotional period. Implementation: Run time-sensitive promotions that drive a fear of missing out (FOMO) to encourage quick action from potential buyers.

Hack 10: Personalization: Tailor Offers to Your Audience.

Recommendation: Share data indicating how personalization improved conversion rates for affiliate marketing campaigns. Implementation: Utilize customer data to segment your audience and deliver personalized content and product recommendations that resonate with their preferences.

To Conclude:

You should be totally aware that the digital affiliate marketing arena is highly competitive within the online business landscape, and gaining an unfair advantage over competitors grants you that extra boost that is essential for success.

By integrating these ten (10) ultimate affiliate marketing hacks, you can differentiate yourself from others, increase your advertising conversions, and achieve prolonged profitability.

As you utilize these ten (10) hacks, you must continue analyzing and refining your affiliate advertising strategies to effectively boost your efforts and stay ahead in the dynamic digital marketing game.

Always embrace innovation, experiment with different methods, and establish yourself as an affiliate marketer with an honorable reputation within your niche.

I’m Akeba C. Walcott, a Blogger, Affiliate Marketer, and Entrepreneur from Trinidad and Tobago. WI. I produce original written content centered around Blogging, Entrepreneurship, and Digital Affiliate Marketing.

Please Note:

You’ve come to the end of this article. If you gained value after reading, please share your thoughts via a comment. I would love to hear your feedback.

Unsolicited Rec: My webhost of 20 years — I owe them my soul

Hey if anyone is looking for a webhost for their websites, blogs, a shop front, public or password-protected file storage, mailing lists, or would just like to have their email in reasonable privacy where Google can't scrape it, I just noticed my old webhost ICDSoft is having a 75% off sale so your first year is $2/mo, renewing at $80/year, + (last time I checked?) $5 for domain name registration.  I think they were $60 per year when I started 20 years ago, and they just keep adding more storage space and tools (eg social media backup & sync)

Their dashboard has oodles of tools for setting up various types of websites and things with acronyms somebody more techy than me would appreciate, Their online documentation and tips blog and 24/7 tech support are great and — no really, they are GOOD. I foisted my mom on them decades ago after she asked me about starting her business website, and they've been her tech support ever since.

Which is where the soul-iou comes in.

ANYWAY, ICDsoft has never let me down in 20+ years, they protect their servers from attacks so I've never been hacked or had downtime that I know of (knock wood), and they are literally the only company I trust.

[Above: screencap of the top of their order page listing some features of basic account.]

This is not a paid shill. I've just been thinking about renovating my old websites and dormant blogs because of recent Tumblr posts talking about the good old days when the web wasn't consolidated, owned, sandboxed and mined by social media companies and Google.

Think of it as a community garden, where you pay a fee for your plot and do the gardening yourself, but there's a couple on-duty gardeners to keep out pests, maintain the hoses and fences, and advise you on projects or even help you set up your beds.

CYBER WELLNESS PROMOTION

In today's world, we rely heavily on the internet and technology to accomplish a variety of tasks. Whether it's checking our emails, ordering food online, or connecting with friends on social media, the digital world has become an integral part of our lives. However, the convenience and easy accessibility come with risks, and we need to be aware of them to stay safe and secure online.

To promote cyber wellness, there are several steps that we can take. First of all, we need to create awareness about the potential risks associated with the excessive use of technology and social media platforms. We can achieve this by conducting seminars, webinars, and workshops in schools, colleges, and workplaces to make people aware of the dangers.

The next step is to draft guidelines that individuals, educational institutions, and workplaces should follow to ensure internet safety. We can also work with parents and teachers to provide them with information on how to protect their children from online threats and harmful content through parental controls and filters.

One of the crucial steps is to integrate the cyber wellness program into educational curriculums, enabling students to learn about responsible digital citizenship, online etiquette, cyberbullying, and critical thinking. It is also important to provide comprehensive resources and training materials to schools to ensure that they can deliver cyber wellness lessons effectively.

To monitor online activities and identify any suspicious behaviour, such as cyberbullying, inappropriate content consumption, or sharing, and hacking attempts, we can use software and other tools. Additionally, we can provide clear guidelines for reporting incidents of cyberbullying or other online attacks to appropriate authorities.

Finally, we need to regularly review and improve our cyber wellness promotion activities by taking feedback into consideration and making necessary modifications. Cyber wellness promotion is an ongoing concern that requires continuous education and engagement from parents, teachers, authorities, and individuals.

By implementing the comprehensive plan for promoting cyber wellness, we can ensure a safer and healthier online community. It is essential to create awareness about potential risks, draft guidelines, integrate the initiative into educational curriculums, monitor online activities, and regularly review and improve the program to enable students to stay safe and responsible online.