🍔 Just collabed with @BobTheShoplifter on a MASSIVE SECURITY BREACH: We exposed how Restaurant Brands International (Burger King, Tim Hortons, Popeyes) left their drive-thru systems etc completely vulnerable.

🎯 What we found:
• Unauthenticated API access to ALL drive-thru locations globally
• Drive-thru voice recordings of customers accessible
• Employee PII exposed.
• Bathroom feedback systems with zero auth
• Hardcoded passwords in client-side code

The scope was insane - we could access any drive-thru system globally. Even listen to your actual drive-thru orders 👂

Credit to RBI for lightning-fast response once disclosed, but the privacy implications were staggering.

Full technical breakdown: https://bobdahacker.com/blog/rbi-hacked-drive-thrus

#InfoSec#CyberSecurity#ResponsibleDisclosure#Privacy#GDPR#API#GraphQL#SecurityResearch#VulnDisclosure#RestaurantBrands#BurgerKing#TimHortons#Popeyes #vulnerability

🍔 Just collabed with @BobTheShoplifter on a MASSIVE SECURITY BREACH: We exposed how Restaurant Brands International (Burger King, Tim Hortons, Popeyes) left their drive-thru systems etc completely vulnerable.

🎯 What we found:
• Unauthenticated API access to ALL drive-thru locations globally
• Drive-thru voice recordings of customers accessible
• Employee PII exposed.
• Bathroom feedback systems with zero auth
• Hardcoded passwords in client-side code

The scope was insane - we could access any drive-thru system globally. Even listen to your actual drive-thru orders 👂

Credit to RBI for lightning-fast response once disclosed, but the privacy implications were staggering.

Full technical breakdown: https://bobdahacker.com/blog/rbi-hacked-drive-thrus

#InfoSec#CyberSecurity#ResponsibleDisclosure#Privacy#GDPR#API#GraphQL#SecurityResearch#VulnDisclosure#RestaurantBrands#BurgerKing#TimHortons#Popeyes #vulnerability

Does anyone have any recommendations for an external EUROPEAN DDoS protection service, like Cloudflare? 🤔

(I'm not asking for recommendations for a CDN, thanks.)

#ddos #cybersec #cybersecuriy #cloudflare #alternatives #gdpr #privacy

"The centerpiece of the Thunderbird Pro offering is Thundermail, Thunderbird’s first official email hosting service. Built to support IMAP, SMTP, and JMAP protocols from day one, Thundermail will work seamlessly with the Thunderbird client and other standards-based email apps. Notably, the initial infrastructure will be based in Germany, a jurisdiction known for its robust data protection laws under the GDPR framework and a long-standing culture of digital privacy.

Locating Thundermail’s infrastructure in Germany positions the service as a privacy-focused alternative to US-based providers, many of which are subject to surveillance regimes like the CLOUD Act. Users will be able to bring their own custom domain or choose a Thunderbird-provided address with @thundermail.com or @tb.pro suffixes.

Thunderbird describes this move as part of its broader mission to reinforce support for open standards and provide users with a cohesive, privacy-conscious email experience, entirely within its own ecosystem."

https://cyberinsider.com/thunderbird-to-launch-encrypted-email-service-hosted-in-germany/

#EU#Germany#CyberSecurity#Thunderbird#GDPR#DataProtection#Email #Encryption#Privacy#OpenStandards

"The centerpiece of the Thunderbird Pro offering is Thundermail, Thunderbird’s first official email hosting service. Built to support IMAP, SMTP, and JMAP protocols from day one, Thundermail will work seamlessly with the Thunderbird client and other standards-based email apps. Notably, the initial infrastructure will be based in Germany, a jurisdiction known for its robust data protection laws under the GDPR framework and a long-standing culture of digital privacy.

Locating Thundermail’s infrastructure in Germany positions the service as a privacy-focused alternative to US-based providers, many of which are subject to surveillance regimes like the CLOUD Act. Users will be able to bring their own custom domain or choose a Thunderbird-provided address with @thundermail.com or @tb.pro suffixes.

Thunderbird describes this move as part of its broader mission to reinforce support for open standards and provide users with a cohesive, privacy-conscious email experience, entirely within its own ecosystem."

https://cyberinsider.com/thunderbird-to-launch-encrypted-email-service-hosted-in-germany/

#EU#Germany#CyberSecurity#Thunderbird#GDPR#DataProtection#Email #Encryption#Privacy#OpenStandards

Please fellow EU's folks, join the @chatcontrol campaign:

https://fightchatcontrol.eu/#contact-tool

#fightchatcontrol#ChatControl #privacyrightsarehumanrights #privacyright #privacyrights #privacy#GDPR #europeanunion #europe #humanrights #democracy #democracynow#Surveillancesystem #masssurveillance #massurveillance #MassSurveilance

Repeat after me: The Linux Foundation are a bunch of Big Tech bellends. Don’t listen to a single thing they say.

https://social.lfx.dev/@linuxfoundation/114993371357953940

#FOSS #openSource #BigTech #LinuxFoundation #TheLinuxFoundation #linux #SiliconValley #Orwellian #bellends #GDPR #privacy #humanRights #democracy

The framing the report and the criticisms of the post about it are really missing is this:

Data protection in general and #GDPR in particular requires stating a reason for collecting data, and getting consent for that reason, prior to collecting it.

Done right, this prevents data from sitting around where it gets breached, from being used for unaccountable surveillance, from being sold and stored indefinitely. It does not prevent sharing data responsibly collected, esp with open uses in mind.

NL. Horrible data breach.

The data of 485,000 women who participated in the population screening for cervical cancer has been stolen via a hack. Not just personal information, such as name and address, was involved. Official identification numbers and test results were also captured.

https://www.rtl.nl/nieuws/binnenland/artikel/5522737/bevolkingsonderzoek-baarmoederhalskanker-data-gehackt-vrouwen

#privacy #security #cybersecurity #gdpr#tech

NL. Horrible data breach.

The data of 485,000 women who participated in the population screening for cervical cancer has been stolen via a hack. Not just personal information, such as name and address, was involved. Official identification numbers and test results were also captured.

https://www.rtl.nl/nieuws/binnenland/artikel/5522737/bevolkingsonderzoek-baarmoederhalskanker-data-gehackt-vrouwen

#privacy #security #cybersecurity #gdpr#tech

‘How Should Private-Sector GDPR Data Controllers and Processors Address Security Threats from State Actors?’, by Douwe Korff & Ian Brown https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5363593#privacy #gdpr #surveillance#police

‘How Should Private-Sector GDPR Data Controllers and Processors Address Security Threats from State Actors?’, by Douwe Korff & Ian Brown https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5363593#privacy #gdpr #surveillance#police

are you German?
do you browse the web?
are you interested in €5000?
then consider suing Facebook for violating your privacy.

"The ruling in favor of the plaintiff sets a precedent which the court acknowledged will allow countless other users to sue without 'explicitly demonstrating individual damages'."
German court rules Meta tracking technology violates European privacy laws | The Record from Recorded Future News
https://therecord.media/german-court-meta-tracking-tech

#privacy#GDPR#Facebook#Meta#Germany

German court rules Meta tracking technology violates European privacy laws
https://therecord.media/german-court-meta-tracking-tech

A German court has ruled that Meta must pay €5,000 ($5,900) to a German Facebook user who sued the platform for embedding tracking technology in third-party websites — a ruling that could open the door to large fines down the road over data privacy violations relating to pixels and similar tools.

The Regional Court of Leipzig in Germany ruled Friday that #Meta tracking pixels and software development kits embedded in countless websites and apps collect users’ data without their consent and violate the continent’s General Data Protection Regulation #GDPR.

New[ish] Privacy Guides article 🪪🚫
by me:

Age verification laws have been multiplying in recent years. This is extremely bad news for your privacy rights.

While framed as a measure to
protect the children, collecting more data on every users of the internet endangers everyone, including the children.

This isn't a protective measure,
this is authoritarian policies normalizing mass surveillance and silencing dissidents.

It could very much become
the end of pseudonymity online,
if we do not push back against it.

https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/

#PrivacyGuides#Privacy#AgeVerification#GDPR#Biometrics#MassSurveillance

I personally have moved to a #cloud provider in the #EU. The #GDPR is your friend. I am using #Nextcloud, which gives one a wide choice of ISPs in different countries, or one can self-host, as it is all open-source.

I have also downloaded "Organic Maps" which works offline and doesn't track you.

@focusedoninfinity

What does the Digital Services Act (DSA) mean for online advertising and adtech?

New blog post by Pieter Wolters and me.

Our most controversial claim is that ad networks and some other adtech companies must be considered ‘platforms’ in the sense of the DSA.

Hence, they must comply with the DSA’s general rules for platforms.

https://dsa-observatory.eu/2025/08/01/what-does-the-dsa-mean-for-online-advertising-and-adtech/

#law #politics #economy#tech #ai #platforms #advertising #marketing #dsa#privacy #gdpr