Experience of the day: #ibisAcademic spammer writes to me, I reply with a reference to #GDPR and that I never wanted their rubbish, they should stop it.

They reply with a screenshot of a software that contains a data record about me, in which a checkbox can be seen that says that I will no longer receive mails from them in the future.

I reply with a reference to Article 17 and demand that all my data be deleted immediately.

They reply by saying that they always comply with GDPR, but that the software does not allow the data record to be deleted.

I am now eagerly awaiting a reply from the data protection officer.

Experience of the day: #ibisAcademic spammer writes to me, I reply with a reference to #GDPR and that I never wanted their rubbish, they should stop it.

They reply with a screenshot of a software that contains a data record about me, in which a checkbox can be seen that says that I will no longer receive mails from them in the future.

I reply with a reference to Article 17 and demand that all my data be deleted immediately.

They reply by saying that they always comply with GDPR, but that the software does not allow the data record to be deleted.

I am now eagerly awaiting a reply from the data protection officer.

Sooo … @OH3CUF reported a GDPR violation of the #Meshtastic iOS app to the developers only to have the ticket not only closed but full-on deleted.

I could not let that stand, and opened another ticket roughly the same arguments. https://github.com/meshtastic/Meshtastic-Apple/issues/1456

EDIT: linking to a thread with a screengrab because my ticket got deleted immediately: https://fosstodon.org/@cos/115338400707385891

#GDPR #datadog #telemetry

lol I didn't even finish the toot and my ticket got deleted as well. #meshtastic #gdpr

Sooo … @OH3CUF reported a GDPR violation of the #Meshtastic iOS app to the developers only to have the ticket not only closed but full-on deleted.

I could not let that stand, and opened another ticket roughly the same arguments. https://github.com/meshtastic/Meshtastic-Apple/issues/1456

EDIT: linking to a thread with a screengrab because my ticket got deleted immediately: https://fosstodon.org/@cos/115338400707385891

#GDPR #datadog #telemetry

Meshtastic iOS app breaks EU law with sending lots of telemetry (logs, usage) to DataDog in US wthout user consent and without any kind of notification of the app doing so.

I reported this as issue and it got immediately closed without any explanation: https://github.com/meshtastic/Meshtastic-Apple/issues/1449

#meshtastic #gdpr #datadog

Meshtastic iOS app breaks EU law with sending lots of telemetry (logs, usage) to DataDog in US wthout user consent and without any kind of notification of the app doing so.

I reported this as issue and it got immediately closed without any explanation: https://github.com/meshtastic/Meshtastic-Apple/issues/1449

#meshtastic #gdpr #datadog

☁️ The cloud isn’t your legal department.

AWS, Azure & GCP give you tools—not immunity. Under GDPR, you stay the controller.

Encryption helps, but misconfigured buckets, cross-region backups, and forgotten logs can still cause nightmares.

Encrypt. Document. Repeat.

#GDPR #CloudPrivacy #Infosec #DataGovernance #B2B

#GDPR question (maybe for @aeris?):

I'm renting some web hosting (the German Netcup), and it turns out that nginx/apache logs include the IPs of the incoming accesses.
As is, it is really wrong, but would it be right if I have a very periodic cron job that strips the last segment of the IP address?

I would see the forest, but not the trees, which would help quite a bit for monitoring potential attacks, or general service usage.

🍔 Just collabed with @BobTheShoplifter on a MASSIVE SECURITY BREACH: We exposed how Restaurant Brands International (Burger King, Tim Hortons, Popeyes) left their drive-thru systems etc completely vulnerable.

🎯 What we found:
• Unauthenticated API access to ALL drive-thru locations globally
• Drive-thru voice recordings of customers accessible
• Employee PII exposed.
• Bathroom feedback systems with zero auth
• Hardcoded passwords in client-side code

The scope was insane - we could access any drive-thru system globally. Even listen to your actual drive-thru orders 👂

Credit to RBI for lightning-fast response once disclosed, but the privacy implications were staggering.

Full technical breakdown: https://bobdahacker.com/blog/rbi-hacked-drive-thrus

#InfoSec#CyberSecurity#ResponsibleDisclosure#Privacy#GDPR#API#GraphQL#SecurityResearch#VulnDisclosure#RestaurantBrands#BurgerKing#TimHortons#Popeyes #vulnerability

🍔 Just collabed with @BobTheShoplifter on a MASSIVE SECURITY BREACH: We exposed how Restaurant Brands International (Burger King, Tim Hortons, Popeyes) left their drive-thru systems etc completely vulnerable.

🎯 What we found:
• Unauthenticated API access to ALL drive-thru locations globally
• Drive-thru voice recordings of customers accessible
• Employee PII exposed.
• Bathroom feedback systems with zero auth
• Hardcoded passwords in client-side code

The scope was insane - we could access any drive-thru system globally. Even listen to your actual drive-thru orders 👂

Credit to RBI for lightning-fast response once disclosed, but the privacy implications were staggering.

Full technical breakdown: https://bobdahacker.com/blog/rbi-hacked-drive-thrus

#InfoSec#CyberSecurity#ResponsibleDisclosure#Privacy#GDPR#API#GraphQL#SecurityResearch#VulnDisclosure#RestaurantBrands#BurgerKing#TimHortons#Popeyes #vulnerability

Does anyone have any recommendations for an external EUROPEAN DDoS protection service, like Cloudflare? 🤔

(I'm not asking for recommendations for a CDN, thanks.)

#ddos #cybersec #cybersecuriy #cloudflare #alternatives #gdpr #privacy

"The centerpiece of the Thunderbird Pro offering is Thundermail, Thunderbird’s first official email hosting service. Built to support IMAP, SMTP, and JMAP protocols from day one, Thundermail will work seamlessly with the Thunderbird client and other standards-based email apps. Notably, the initial infrastructure will be based in Germany, a jurisdiction known for its robust data protection laws under the GDPR framework and a long-standing culture of digital privacy.

Locating Thundermail’s infrastructure in Germany positions the service as a privacy-focused alternative to US-based providers, many of which are subject to surveillance regimes like the CLOUD Act. Users will be able to bring their own custom domain or choose a Thunderbird-provided address with @thundermail.com or @tb.pro suffixes.

Thunderbird describes this move as part of its broader mission to reinforce support for open standards and provide users with a cohesive, privacy-conscious email experience, entirely within its own ecosystem."

https://cyberinsider.com/thunderbird-to-launch-encrypted-email-service-hosted-in-germany/

#EU#Germany#CyberSecurity#Thunderbird#GDPR#DataProtection#Email #Encryption#Privacy#OpenStandards

"The centerpiece of the Thunderbird Pro offering is Thundermail, Thunderbird’s first official email hosting service. Built to support IMAP, SMTP, and JMAP protocols from day one, Thundermail will work seamlessly with the Thunderbird client and other standards-based email apps. Notably, the initial infrastructure will be based in Germany, a jurisdiction known for its robust data protection laws under the GDPR framework and a long-standing culture of digital privacy.

Locating Thundermail’s infrastructure in Germany positions the service as a privacy-focused alternative to US-based providers, many of which are subject to surveillance regimes like the CLOUD Act. Users will be able to bring their own custom domain or choose a Thunderbird-provided address with @thundermail.com or @tb.pro suffixes.

Thunderbird describes this move as part of its broader mission to reinforce support for open standards and provide users with a cohesive, privacy-conscious email experience, entirely within its own ecosystem."

https://cyberinsider.com/thunderbird-to-launch-encrypted-email-service-hosted-in-germany/

#EU#Germany#CyberSecurity#Thunderbird#GDPR#DataProtection#Email #Encryption#Privacy#OpenStandards

Please fellow EU's folks, join the @chatcontrol campaign:

https://fightchatcontrol.eu/#contact-tool

#fightchatcontrol#ChatControl #privacyrightsarehumanrights #privacyright #privacyrights #privacy#GDPR #europeanunion #europe #humanrights #democracy #democracynow#Surveillancesystem #masssurveillance #massurveillance #MassSurveilance

Repeat after me: The Linux Foundation are a bunch of Big Tech bellends. Don’t listen to a single thing they say.

https://social.lfx.dev/@linuxfoundation/114993371357953940

#FOSS #openSource #BigTech #LinuxFoundation #TheLinuxFoundation #linux #SiliconValley #Orwellian #bellends #GDPR #privacy #humanRights #democracy

The framing the report and the criticisms of the post about it are really missing is this:

Data protection in general and #GDPR in particular requires stating a reason for collecting data, and getting consent for that reason, prior to collecting it.

Done right, this prevents data from sitting around where it gets breached, from being used for unaccountable surveillance, from being sold and stored indefinitely. It does not prevent sharing data responsibly collected, esp with open uses in mind.

NL. Horrible data breach.

The data of 485,000 women who participated in the population screening for cervical cancer has been stolen via a hack. Not just personal information, such as name and address, was involved. Official identification numbers and test results were also captured.

https://www.rtl.nl/nieuws/binnenland/artikel/5522737/bevolkingsonderzoek-baarmoederhalskanker-data-gehackt-vrouwen

#privacy #security #cybersecurity #gdpr#tech