#opened up my activity and it was just that person SPAM REPLYING THE SAME ANTI ARWEN STUFF ON MY POST?? like be REAL RN
Explore tagged Tumblr posts
Note
only gonna ask once......... whats merlincersei...........................
some freak in the fandom who keeps bothering people idk 😭 they sent me an ask/messaged me to reblog one of their posts but i got off vibes so i never did LMAO
#je réponds#la poste#ask#warrenthird#opened up my activity and it was just that person SPAM REPLYING THE SAME ANTI ARWEN STUFF ON MY POST?? like be REAL RN
2 notes
·
View notes
Text
PRIDEFALL UPDATE: real or fake?
What is Pridefall?
Operation Pridefall, also known as Project Pridefall or simply Pridefall, refers to an attack planned by /pol/ (a political discussion board on the anonymous website 4chan) for all of June, AKA Pride month. The original 4chan thread, which has since been deleted, was primarily focused on “redpilling,” i.e. spreading queerphobic propaganda to make people question the LGBTQ+ community. However, now that it has spread outside 4chan, there are threats of harassing, doxxing, and outing queer people (especially minors) on social media, spamming gore and rape videos in private messages and Pride tags, and even kidnapping, assaulting, or killing queer people in real life.
Specific targets include Twitter, Instagram, TikTok, and dating apps. The goal is to go after smaller accounts so the queerphobia isn’t lost in the comments.
Is Pridefall real?
Yes and no.
I searched “pridefall” on 4chan last night. Apparently any new threads on it are being deleted, and anytime someone mentions it, everyone calls them slurs and says no one is doing it.
However, Pridefall is gaining some traction on Instagram--I have seen it for myself. I don’t have TikTok or any dating apps, but I’ve heard that some people are spamming homophobia on TikTok. As for Twitter, I only looked briefly, but I saw some Pridefall accounts there, as well as a lot of warnings and blocklists from people who are worried about it.
I’ve also heard that there have been a few Reddit and Discord raids, and that there is an Operation Pridefall Discord server (someone who spied on them says they have been banned on Discord as well as a platform called Riot before, so very few people are left on the Discord server now).
What do you think, Lia?
This is not coming from 4chan. No one on 4chan is interested anymore.
Most likely, people outside of 4chan heard about it and decided to take matters into their own hands.
The original 4chan thread wanted to make Pridefall “normie-palatable” by avoiding Nazi imagery or other overt unpleasantness, but I have seen a LOT of both on Instagram. This reinforces my belief that 4chan isn’t doing this.
A lot of the people behind this are young, or at least unsophisticated. Most of the Pridefall accounts on Instagram engage in very childish trolling, and one of them said they were a minor. Some of the threats I’ve seen are so outlandish that I can only imagine they came from a fairly young person.
My guess? Most of these people are around 13-19.
There are also very few of them and some of them probably have multiple accounts. Anti-Pridefall accounts outnumber them by far.
However, on Instagram I’ve seen Pridefall accounts following each other and commenting on each other’s posts, so there may be a few groups working together.
A lot of this shit is going to get deleted. I know Instagram is working through reports very slowly right now because they have fewer people available due to COVID-19, but most of the worst accounts I saw last night were deleted by this morning. I saw some more accounts deleted today.
Most, if not all, of these Pridefallers are just trying to scare us. Because they’re probably quite young, there’s very few of them, their accounts keep getting deleted, and law enforcement can track online activity, there is no way they have the balls or resources needed to coordinate major attacks.
There is a very, very slight chance this could spill over into real life, but as long as you practice basic online safety, you will be fine.
That being said, if you are threatened or doxxed by a Pridefall account, PLEASE contact the police. Better safe than sorry.
I do think that the threat of being doxxed or outed is more real than the threat of being attacked. I have already seen one Pridefall account who posted a trans boy’s address on Instagram (he is okay, he posted recently) and another who posted someone else’s address.
There is little chance this will last throughout Pride month. Apparently the goal is for Pridefall to worsen until the end of June, but given that this is most likely just some vastly outnumbered teenage trolls who are bored in quarantine, I seriously doubt they’ll be able to stay interested for a whole month.
This might not be as big on Tumblr. Tumblr is a lot more anonymous than, say, Instagram, which will hopefully deter would-be doxxers. It’s also known to be a highly liberal and queer-friendly site, so any Pridefaller with half a brain cell should know that A) their content is sure to be outnumbered and reported (only us Tumblr users know how bad staff is at deleting questionable stuff), and B) anyone with the original goal of “redpilling” is sure to fail here. Plus, I only remember seeing few, if any, mentions of Tumblr on Pridefall planning threads.
Still, expect to see some Pridefall activity here. Unsurprisingly, not all of these Pridefallers have half a brain cell. Some of them will definitely be unable to resist the lure of a community as openly queer as Tumblr, and we’ve all seen or heard about doxxing, harassment, gore, Nazis, and queerphobes on here. Also, 4chan has historically had some beef with Tumblr, so young teenage boys who idolize 4chan may target us for that reason.
How can I stay safe?
If you have any social media accounts where you A) have posted identifying personal information, and B) are openly supportive of the LGBTQ+ community (especially if you’re queer yourself), put them on private for June. Any other accounts are probably fine to stay public.
If you need a private Tumblr, you can make a password-protected secondary account and only share the password with mutuals you trust.
It is probably okay to be openly queer on a private account (e.g. have pronouns/rainbow emojis in your Instagram bio), since a private account is not likely to be doxxed. But if you want to be extra careful, remove queer identifiers from anything that is publicly visible.
Use Pridefall blocklists. They’re all over Instagram and Twitter. I may repost some here.
Report any Pridefall accounts you see. This is VERY important because this is how we can actually get rid of Pridefall content.
DON’T RESPOND TO ANY PRIDEFALLERS WHO PERSONALLY INTERACT WITH YOU. I know it’s tempting to give a snarky reply, but if they message you, comment on your post, etc, just block them. Seriously, don’t feed the trolls. It's exactly what they want.
Make sure your password game is strong. Use a different password for every site (I know, I know, it sucks), and use passwordmeter.com to test their strength. Write them all down on a piece of paper.
Make sure your username game is strong. Don’t use the same username for multiple sites, and avoid putting personal information in your username, such as your name or birthday.
Do NOT open random links!! Pridefallers could message you links that will give you viruses or track your IP address.
Don’t accept DMs or follows from people you don’t know. Pridefall accounts don’t always look like Pridefall accounts. Some of them are undercover.
Use a VPN. This is probably a little overkill unless you’re particularly at risk of being doxxed, but it will hide your IP address.
Be careful who you interact with. A lot of queer people on Instagram are DMing Pridefall accounts or commenting on their posts, but this could make you a target. As helpful as anti-Pridefall accounts are, you might even be targeted for following those.
Be wary of Pride tags. Unfortunately, a lot of Pridefall accounts plan to infiltrate tags commonly used by queer creators during Pride month. Use discretion when looking for queer content.
Be safe IRL. Lock your doors, lock your windows, be aware of your surroundings, don’t walk alone in poorly lit places, know basic self-defense, etc. Again, I absolutely do not think people will be attacked in real life, but you should be doing this shit all the time, not just in June. Thanks to COVID-19, you’re safer inside anyway!!
Make yourself hard to dox. Even though I have a very unusual first name (it's not really Lia), I am extremely hard to find online. I just went into an incognito browser window and searched my first and last name in quotation marks, but I didn’t find myself until page 4 of Google (and that result wasn’t even posted by me). I’m only half as careful as I could be, but here’s some of the things I do:
-I never use a picture of myself as my profile pic, except for Facebook and Instagram, which are both on the highest privacy settings possible.
-If I post identifying information on a public account (my college, my age, etc), I use a pseudonym or my first name only.
-On Instagram, I only use my first name, and I used special characters to type it, so you won’t find me if you search my name.
-On Facebook, I only accept friend requests from people I know. Most, if not all, of my Instagram followers are IRL friends, friends of IRL friends, and trusted Internet friends.
-If I’m really being paranoid, I’ll make a brand-new email account to sign up for a site. That way, my accounts aren’t all linked through one email address.
-Before I post a picture online, I delete the EXIF data with verexif.com, since EXIF data can hold GPS coordinates.
🌈 Stay safe, everyone.
You will not be harmed. You will be okay. Like cockroaches, we are survivors, and we will get through this!! ❤️🧡💛💚💙💜
-Mod Lia
#mod lia#og post#og post cmf#pridefall#operation pridefall#pride fall#pride#pride month#lgbt#lgbtq#gay#safety#psa#please reblog#pride 2020#lgbtqia#lgbt pride
2K notes
·
View notes
Text
Indefinite hiatus & archiving this account
I’m going to be taking an indefinite hiatus from this account. I’m not sure for how long, and I may or may not return in the future. But for now, I need a break from fandom discourse.
----------
I initially got involved in fandom “discourse” because I wanted to complain about self-named anti-Otayuris spamming the ship tag and generally being annoying and harassing shippers who were minding their own business. So I made a side account on Tumblr to vent about that. There were other accounts talking about these recent developments in fandom too, and I wanted an account to interact with them on. People started reblogging my posts, and others started to share their experiences of being harassed over ships or fanart or fanfic in their fandoms too in my replies and inbox. I made a Twitter account at some point also. I always just wanted a place to vent with others. I never imagined or expected that my accounts would garner this much attention or would blow up to the level that they’re at now.
As a result, honestly, as my follower numbers have grown and as I’ve gotten more involved in fandom discourse, it’s made me more and more anxious. This account has been making me feel like a nervous wreck the past year or so.
I also just don't have the spoons for much of it anymore. Some days, discourse makes me feel stressed or anxious. Most days, I'm apathetic to it, like it's the same old recycled nonsense. I've done this for a long while now and I feel like I need a nice, long break from it, probably a permanent break.
I believe that the topics involved in fandom discourse, the issue of fantis harassing people and making fandom toxic, etc. are still important to talk about and bring awareness to. But at the same time, I feel like I've done and said all that I can, and I'm feeling burnt out. I’m also feeling like I’m repeating myself at this point. There are only so many times that I can say some variation of “don’t harass people over fanart or fanfic, block artists/writers and leave them alone.” And I know many others are saying this as well. The harassers in fandom definitely do seem like a majority with how loud they are and how they so often get away with what they do. And while it may not seem like it, I do believe that more and more people in fandom are fed up with the harassment and starting to push back, starting to voice their annoyance with fandom harassers, and starting to stand up against it and support each other.
There are definitely more topics related to fandom discourse too, beyond this, of course. Some very serious and important topics to discuss, such as when there is bigotry in fandom spaces. Genuine criticism of various media (minus the harassment) is always good and healthy to have too. And I hope people will continue to talk about these topics and have these meaningful discussions.
I will no longer be active on Twitter or Tumblr, but I may continue making videos on my Youtube channel. I don’t make videos often but I’ve been enjoying it, and I think it’s a better outlet for me to focus my energy on. Creating videos on these topics at my own pace is definitely less stressful than being an active participant on Twitter.
My Twitter DMs will remain closed to new messages, just so if/when I do return, I won’t have a ton of new DMs. But I will leave my Tumblr inbox and curiouscat open for anonymous venting if you need it! Anonymous venting is one reason why I initially made my tumblr account after all, so I want to leave it like that.
I’ve kind of been using my second Twitter account (catharsiscourse) as a makeshift personal account, so if you would like to keep in touch with me, you can follow me there! I’ll only be somewhat active there but that’s where I retweet fanart and such.
You can find links to all of these accounts in my carrd here: https://lizcourserants.carrd.co/#links
Lastly, thank you all so much for the support over the years. I know I’m not perfect and I’ve made some mistakes. My intentions have always been good but I know I would sometimes get caught up in the discourse and miss the mark. So if I’ve ever hurt you in any way or said or did anything wrong, I’m sorry. My goal has always been to vent about and bring awareness to the toxicity that’s been rearing its ugly head in fandom spaces as of late. And even though I’ve messed up at times, I hope I brought more good than bad to the table.
I know fandom’s been a bit hellish to navigate lately and things seem grim at times. But if we keep speaking up like we have been and continue supporting each other and keeping to our groups of trusted fandom friends, I think we’ll be okay.
Remember to be kind and support your friends in fandom. Take care, everyone 🤍
----------
Also I'm not deactivating. I've worked too hard on my Tumblr blog and Twitter account and such and I couldn't bring myself to delete them lol. So I’ll leave my accounts up as an archive of sorts. But please feel free to bookmark, screenshot, or archive whatever you want or need, just in case my accounts get suspended or something.
Thank you all so much for the support throughout the years! I’m grateful for all of the lovely people I’ve met because of this. I hope you all continue to look out for yourselves and for each other both inside and outside of fandom. Stay safe and take care.❤️
I want to end this with something productive and helpful, so here are links to two organizations dedicated to eliminating child sexual abuse: ECPAT and Thorn. Please help however you can, whether that’s by donating or just sharing these organizations’ donation pages:
https://www.ecpat.org/donate/
https://www.thorn.org/donate/
42 notes
·
View notes
Note
You know what, I was one of the anons from earlier and I sent you one By/ler-related ask, and except for some idiot accusing you of sexualizing Mileven no one was fucking attacking you for you and your followers to act like it was some terrible ordeal. If even a slightly different opinion is too much to handle for you, great, not gonna ask you anything ever again.
With all due respect, you literally have no idea what kinds of message come into my inbox so… what gives? Me asking ‘those anons’ – meaning the ones sending asks relating to something I’m honestly just sick of talking about (By*ler/Will stans, etc.) – wasn’t me having a go at anyone in particular, but I’m assuming you felt like it was? It wasn’t, I can assure you.
I enjoy replying to people about this kinda thing, honestly, but it’s starting to take a toll and I’d like it if my blog could go back to being mostly gifsets and nice essays and just overall chill posts, with the occasional long rant thrown in every now and again. I don’t like leaving asks unanswered, but there are hundreds in this inbox alone on here, and I’ve gotta riffle through the good ones with the bad ones and the somewhere-in-the-middle ones, and it’s tiring. (Not to mention I’ve got other blogs and one of them is about to get pretty active again soon, so…)
Because I replied to a couple of messages a few months back – and I’m not making myself out to be some sort of martyr here; I just literally haven’t seen anyone else receive this number of messages about the same topic – I just feel like I’ve become the sounding board for all anti-By*lers to flock to. And that’s fine, it is. I get that people like to air their frustrations and want to vent to somebody. I like doing it myself. And maybe it’s my fault for having replied to so many people over the past few weeks in the first place, but there are so many asks in my inbox all relating to the same thing and it’s getting boring just replying the same thing over and over again. These are just some that I’ve gotten over the last couple days/maybe a week:
That’s not factoring in everything that came in a couple weeks (hell, even months) back when I first (I think?) replied to someone about it. I know this is a blog and it’s fandom, but I’ve also gotta do a little damage control here because I don’t wanna keep spamming my followers’ dashboards with long replies that are basically just repetitions of themselves. That’s why I have friends and followers who maybe ‘act like it was some terrible ordeal’: not because it was, but because they know being overrun with questions and such can be tiresome, and for me personally it hasn’t exactly ever stopped since the third season came out for some reason. Maybe I shouldn’t have ever said anything in the first place, you know, because now it looks like I’m just inviting negativity into my inbox.
And the majority of the “hate” I was getting wasn’t on here anyway – you’re right in saying it was essentially just that one anon that I responded to. It was on Twitter. I’d shared that one particularly long-winded Finn post there because people had asked me to reply to the anon that sent in the ask. And then it blew up, and I was getting shat on from every angle so that wasn’t fun. And then I come back on here the following day, and people were sending in more asks about the same thing and like… Jesus, I need a break.
I know that when you post an opinion online, people are either going to take to it or they’re going to disagree with it; but at some point, I need to not have to reply to every single thing that flitters into my inbox. Repeating yourself, and trying to word things differently so that they don’t not match up with your words but also don’t alienate people who needn’t feel targetted is taxing. I literally dread when a little ‘1′ shows up on that mail icon because, fuck, am I gonna have to draft another 500-word essay on the topic.
I wasn’t saying I don’t ever want to reply to people about this sorta thing again; just that I’ve grown tired of doing it on here. I like doing it, to a certain extent. And I don’t know which ask you sent it (if it was one I answered or if it’s one of those posted above), but I wasn’t meaning to offend you either way – and I don’t know if you were agreeing or disagreeing with what I might have said so I’m a little in the dark here… Differing opinions have never been too much for me to handle because that’s literally what this is all about, I think that’s pretty clear. I’ve never once shied away from responding to someone whose opinions differ from my own so I’m not entirely sure where you got that argument from. I’m just sick of having to feel like I have to because there are so many (different) asks in my inbox just sitting there and staring at me.
I’m just asking that if people want to talk about certain things (ie. By*ler, etc.) then can we please do it on my https://curiouscat.me/elizabthturner from now on because I’m sick of having to draft up long ass rants on here and A) spam people’s dashes, B) clog up my own blog when it should be a space for me to talk and post about things that I like and enjoy, C) it’s an open invite for antis- to come and send me hate, and D) it’s like, no different than sending me anons on here.. only fewer people will read them and, in return, I won’t have a giant target on my back for the people who disagree with what I have to say just for the sake of disagreeing with it – which is what happened yesterday/the other night. I’m not saying don’t send me stuff; rather just send me it over there and I’ll happily reply. There’s no sweeter relief for me on here than when I open my inbox and it’s someone wanting to talk fic, or music, or they’re requesting something. This can’t be a space for constant negativity. And I’m not saying all of (you guys’) asks are negative; just that me feeling like I have to reply is.
2 notes
·
View notes
Note
whoa wtf someone faked their own death just to get you to lose followers? why??? like???
***This post is cutting off halfway through on mobile. You need the full explanation so please view on desktop***
Yeah dude… it was this summer. Basically, as it became clear that Jonerys was in fact canon, some of the antis that had been extremely sure of themselves sort of… snapped. And as a big Jonerys blog, I received a lot of their ensuing tantrums. I’ll tell the story under the cut, or you can see the whole crazy history of what happened here since I tagged it all lol.
So around that time, one person in particular sent me this ask from her fashion sideblog. It’s what started the whole mess. Ten days later, she got on that sideblog to see that I had answered it and gotten over 250 notes on it, and it really upset her that so many people agreed with me that Dany is not, in fact, the Mad Queen. She reblogged it from a sideblog cursing me out, so I blocked that sideblog, not at that moment realizing that the sideblog and the fashion blog were the same person since ten days had gone by since I received the ask. So then she started getting on other side blogs. At first it was just a handful. It was obvious they were all her, though, because they had almost identical content. Just enough posts to keep the URL safe from staff deletion due to inactivity, but nothing more. On these sideblogs she would reblog my content with hateful and harassing captions. Each time she did, I would block the blog, but she would reappear with another one. When I was blocking faster than she could log onto new blogs, she got frustrated and started spamming my notes by tagging me dozens and dozens of times in replies to her posts. She also made a bunch of callout posts about me and reblogged them on all these sideblogs. I also received an anon during this–presumably from her–telling me to kill myself. I blocked the anon (which blocks an IP address) and the attacks from her stopped for a few hours. I’m guessing she went to another internet connection or switched to phone data, and then started doing it all again, but without sending me inbox messages this time so I couldn’t block her other IP.
I was meanwhile sending her DMs on all these blogs begging her to leave me alone and warning her that I would report her and share her URLs with my followers (so they could also report) if she didn’t. After a day went by and she didn’t heed my warnings, I did those things. That’s what finally stopped it all. Most of her sideblogs were deactivated.
There was literally nothing I could do to make this stop and I counted over 25 blogs from her before I had reported her enough to make her stop. I shared her URLs for these blogs with my followers to get help reporting her.
About a week went by and I thought that it was finally over. But then she made a post on that original fashion side blog (the first time she had used this blog since the original ask was sent, so I didn’t connect the dots and hadn’t blocked the fashion blog). She made a post there telling a fake story in which I was apparently the one bullying her and sicking my followers on her, and she claimed we told her to kill herself. This is an outright lie. She tagged me in this post, citing me as the reason for her own apparent suicide, and then left the blog (that wasn’t very active anyway), trying to make the last post there look like a suicide note.
This got a lot of attention, because she reblogged it on her slew of sideblogs. Lots of people tagged staff and I’m guessing she got in trouble since I had also reported her before that for harassing me from all of her blogs. While this supposed suicide note got widespread attention, I got dozens and dozens of messages from people imploring me to reach out to her and save her life, or shaming me for “pushing her to suicide.” It’s the reason why to this day I have my IM function shut off for anyone I don’t follow. It was insane how many messages I got. I treated her suicide note as serious and half believed it at the time. I apologized to her (though I’d done nothing wrong) just in case and joined others in tagging staff and trying to talk her down on the post.
A day later I received the asks below from a blog with no content at all (hmmmm. suspicious, no?). These screenshots are actually from that sideblog that sent them because when I didn’t publish them, they just reposted what they sent me on the sideblog so it could still get out somehow.
You can connect the dots here–clearly this is the original person who was harassing me, posing as their own “friend” to try and guilt and manipulate me (I would ask anyone reading this not to contact this person and start shit again, please. I never want to talk to them again). Obviously I didn’t publish it, which is why she reposted them on the sideblog. I responded privately telling the person that I was the one who had been bullied and that I absolutely would not be making the post she requested guilting my own followers for something they didn’t do.
So at that point she had failed at chasing me off tumblr and getting me to post any more about her and give her any more attention or make myself look bad on her behalf. Two days went by and I’m guessing she regretted ruining her fashion blog over her random and inexplicable hatred of me and Daenerys Targaryen. A new post appeared on the fashion blog (the whole blog is deleted now, probably by staff and not of her own volition). This time she claimed to be her own cousin who had inherited her blog after her suicide. It was an obvious ruse and her own followers turned on her then and scolded her for faking her suicide. Many of the people who had messaged me asking me to help her or fussing at me before reached out to me to apologize, seeing her “cousin” post and realizing their mistake. When she saw that, she said (still pretending to be the cousin) that she would have to delete the blog because her parents found it. That was the last I heard from her for a little while. She thinks I don’t know her main blog, but I do. It’s only out of a strong aversion to confrontation that I don’t share her main. She slipped up and liked two of the posts she made on her obscure sideblogs that had no content or posts other than the hate she was posting at me. So for those random empty sideblogs to have any followers is very suspicious, and her “likes” were the only notes these posts got. And the likes came from a prominent (at that time) GoT blog that had a lot of the same views that she shared in her hate posts to me, and I quickly realized that GoT blog was her main blog, and the only one she didn’t outright attack me from–she just used it to “like” her deranged posts to make it look like someone was supporting what she was doing to me. The last time she contacted me was through about 50, yes 50, anons she sent me while the GoT s7 finale was airing a couple weeks later. She had gone through my personal tag and looked up everything about me she could find, and then sent me extremely personal and specific hate asks about everything. She knew I’d be watching the finale so I wouldn’t be able to block her quickly, giving her plenty time to send me a shitload of stuff. It’s my own fault for being open and honest on this blog and literally showing my face, but what can I say? I love my life and am happy to share it on my blog. Anyway, the stuff she said was pretty disturbing. I think if I had been an even slightly less stable person, such cruelty could have driven me off of tumblr altogether or maybe even to self-harm. But as it is I remembered that she’s an insignificant and hateful person and brushed it off. I just blocked her IP and it deleted them all at once. And that’s the whole crazy story .
25 notes
·
View notes
Text
TikTok and 53 other iOS apps still snoop your sensitive clipboard data
In March, researchers uncovered a troubling privacy grab by more than four dozen iOS apps including TikTok, the Chinese-owned social media and video-sharing phenomenon that has taken the Internet by storm. Despite TikTok vowing to curb the practice, it continues to access some of Apple users’ most sensitive data, which can include passwords, cryptocurrency wallet addresses, account-reset links, and personal messages. Another 53 apps identified in March haven’t stopped either.
The privacy invasion is the result of the apps repeatedly reading any text that happens to reside in clipboards, which computers and other devices use to store data that has been cut or copied from things like password managers and email programs. With no clear reason for doing so, researchers Talal Haj Bakry and Tommy Mysk found, the apps deliberately called an iOS programming interface that retrieves text from users’ clipboards.
Universal snooping
In many cases, the covert reading isn’t limited to data stored on the local device. In the event the iPhone or iPad uses the same Apple ID as other Apple devices and are within roughly 10 feet of each other, all of them share a universal clipboard, meaning contents can be copied from the app of one device and pasted into an app running on a separate device.
That leaves open the possibility that an app on an iPhone will read sensitive data on the clipboards of other connected devices. This could include bitcoin addresses, passwords, or email messages that are temporarily stored on the clipboard of a nearby Mac or iPad. Despite running on a separate device, the iOS apps can easily read the sensitive data stored on the other machines.
“It’s very, very dangerous,” Mysk said in an interview on Friday, referring to the apps’ indiscriminate reading of clipboard data. “These apps are reading clipboards, and there’s no reason to do this. An app that doest have a text field to enter text has no reason to read clipboard text.”
The video below demonstrates universal clipboard reading:
youtube
KlipboardSpy: How malicious apps on iPhone and iPad abuse the Universal Clipboard on your Mac.
Back in the news
While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a banner warning every time an app reads clipboard contents. As large numbers of people began testing the beta release, they quickly came to appreciate just how many apps engage in the practice and just how often they do it.
This YouTube video, which has racked up more than 87,000 views since it was posted on Tuesday, shows a small sample of the apps triggering the new warning
youtube
iOS14 Catches Apps Spying on Your Clipboard
TikTok in the spotlight
Recent headlines have focused particular attention on TikTok, in large part because of its massive base of active users (reported to be 800 million, with an estimated 104 million iOS installs in the first half of 2018 alone, making it the most downloaded app for that period).
TikTok’s continued snooping has gotten extra scrutiny for other reasons. When called out in March, the video-sharing provider told UK publication The Telegraph it would end the practice in the coming weeks. Mysk said that the app never stopped the monitoring. What’s more, a Wednesday Twitter thread revealed that the clipboard reading occurred each time a user entered a punctuation mark or tapped the space bar while composing a comment. That means the clipboard reading can happen every second or so, a much more aggressive pace than documented in the March research, which found monitoring happened when the app was opened or reopened.
To reproduce: 1. Have something on your clipboard. Eg copy some text from Notes or a website 2. Open TikTok and start typing in any text field 3. You learn from iOS 14 beta each time an app “pastes” – but in this instance I didn’t request it, and none of that text appears in UI
— Jeremy Burge (@jeremyburge) June 24, 2020
In a statement, TikTok representatives wrote:
Following the beta release of iOS14 on June 22, users saw notifications while using a number of popular apps. For TikTok, this was triggered by a feature designed to identify repetitive, spammy behavior. We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.
TikTok is committed to protecting users’ privacy and being transparent about how our app works. We look forward to welcoming outside experts to our Transparency Center later this year.
On background, a spokesperson said that TikTok for Android never implemented the anti-spam feature.
I sent follow-up questions asking (1) if the TikTok version for Android monitored clipboards for any other reason, (2) if any clipboard text was uploaded from the device, and (3) why TikTok didn’t remove the monitoring as promised in March. The spokesperson has yet to respond. This post will be updated if a reply comes later.
Not just TikTok
In all, the researchers found the following iOS apps were reading users’ clipboard data every time the app was opened with no clear reason for doing so:
News
ABC News — com.abcnews.ABCNews
Al Jazeera English — ajenglishiphone
CBC News — ca.cbc.CBCNews
CBS News — com.H443NM7F8H.CBSNews
CNBC — com.nbcuni.cnbc.cnbcrtipad
Fox News — com.foxnews.foxnews
News Break — com.particlenews.newsbreak
New York Times — com.nytimes.NYTimes
NPR — org.npr.nprnews
ntv Nachrichten — de.n-tv.n-tvmobil
Reuters — com.thomsonreuters.Reuters
Russia Today — com.rt.RTNewsEnglish
Stern Nachrichten — de.grunerundjahr.sternneu
The Economist — com.economist.lamarr
The Huffington Post — com.huffingtonpost.HuffingtonPost
The Wall Street Journal — com.dowjones.WSJ.ipad
Vice News — com.vice.news.VICE-News
Games
8 Ball Pool
— com.miniclip.8ballpoolmult
AMAZE!!! — com.amaze.game
Bejeweled — com.ea.ios.bejeweledskies
Block Puzzle —Game.BlockPuzzle
Classic Bejeweled — com.popcap.ios.Bej3
Classic Bejeweled HD —com.popcap.ios.Bej3HD
FlipTheGun — com.playgendary.flipgun
Fruit Ninja — com.halfbrick.FruitNinjaLite
Golfmasters — com.playgendary.sportmasterstwo
Letter Soup — com.candywriter.apollo7
Love Nikki — com.elex.nikki
My Emma — com.crazylabs.myemma
Plants vs. Zombies
Heroes — com.ea.ios.pvzheroes
Pooking – Billiards City — com.pool.club.billiards.city
PUBG Mobile — com.tencent.ig
Tomb of the Mask — com.happymagenta.fromcore
Tomb of the Mask: Color — com.happymagenta.totm2
Total Party Kill — com.adventureislands.totalpartykill
Watermarbling — com.hydro.dipping
Social Networking
TikTok — com.zhiliaoapp.musically
ToTalk — totalk.gofeiyu.com
Tok — com.SimpleDate.Tok
Truecaller — com.truesoftware.TrueCallerOther
Viber — com.viber
Weibo — com.sina.weibo
Zoosk — com.zoosk.Zoosk
Other
10% Happier: Meditation —com.changecollective.tenpercenthappier
5-0 Radio Police Scanner — com.smartestapple.50radiofree
Accuweather — com.yourcompany.TestWithCustomTabs
AliExpress Shopping App — com.alibaba.iAliexpress
Bed Bath & Beyond — com.digby.bedbathbeyond
Dazn — com.dazn.theApp
Hotels.com — com.hotels.HotelsNearMe
Hotel Tonight — com.hoteltonight.prod
Overstock — com.overstock.app
Pigment – Adult Coloring Book — com.pixite.pigment
Recolor Coloring Book to Color — com.sumoing.ReColor
Sky Ticket — de.sky.skyonline
The Weather Network — com.theweathernetwork.weathereyeiphone
Shortly after the report was published, 10% Happier: Meditation and Hotel Tonight promised to stop the behavior and quickly followed through. TikTik also promised to stop but has never done so, Mysk said. None of the other apps has stopped either, he said.
Clipboard reading done right
In some cases, clipboard reading can make apps much more useful. The UPS iPhone app, for instance, pulls text from the clipboard and in the event the text matches the characteristics of a tracking number, the app prompts the user to track the corresponding package. Google Chrome also pulls text and, in the event it’s a URL, will prompt the user to browse to it. The Pixelmator photo editor reads data only if it’s an image. If it is, Pixelmator will prompt the user to open it for editing. In all three cases, the data reading has a clear use case and is transparent.
TikTok and the other offending apps, by contrast, access the clipboard for no clear reason and with no indication they are doing so. For many apps, it’s hard to see any legitimate performance or usability reason for the access. Mysk said that Apple plans to credit his and Haj Bakry’s research as a catalyst for the new clipboard notification put into iOS 14.
The clipboard reading Haj Bakry and Mysk reported raises concerns that likely extend to those using Android and possibly other operating systems. Mysk said that clipboard reading in Android apps is “even worse” than iOS because the OS APIs are so much more lenient. Until version 10, for instance, Android allowed apps running in the background to read the clipboard. iOS apps, by contrast, can read or query clipboards only when active (that is, running in the foreground).
Mysk said that Apple’s notification feature is a good start but, ultimately, Apple and Google should do more. One possibility is to make clipboard access a standard permission, just as access to a mic or camera is now. Another possibility is to require app developers to disclose precisely what clipboard data is accessed and what the app does with it.
For now, users should remain aware that any data stored in the clipboard—despite it being inconspicuous to the naked eye—can be regularly accessed by apps that in many cases aren’t even installed locally on the device. When in doubt, flush the clipboard data by copying a character, word, or other piece of innocuous data.
Source link
قالب وردپرس
from World Wide News https://ift.tt/3g9sran
0 notes