fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

9.8K
active users

#pii

2 posts2 participants0 posts today

#Microsoft raising #Insecurity AGAIN

TOTAL #RECALL ^2

arstechnica.com/security/2025/

#Arstechnica #DanGoodin raises a good point, it is not only YOUR computer that you need worry about but anyone else who processes your #PII or anything you send them and isnt willing or able to opt out.

Its the same crap as when Whatscrapp was all the rage and no one gave a damn about it harvesting their address books.. but on a much larger and insidous scale.

What a nightmare..

Ars Technica · That groan you hear is users’ reaction to Recall going back into WindowsBy Dan Goodin
Replied in thread

@marczz

Why you should use full-disk encryption

If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.

You will fail to delete drives properly

Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred don't work. hdparm may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.

The law demands it

#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.

Law enforcement makes "mistakes"

I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.

There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.

You already mentioned that ordinary thieves can also be a problem.

Encryption is available for free

So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.

Years ago, before the massive increase in #data harvesting of #PII I told people they need to keep a lid on their data.

I told them they don't know how it will be used in years to come, I said it could be used for profiling.

This is the same reason to not get a #DNA test

Well here it is. The worst #profiling has to offer.

This is #minorityreport level crime prediction.

You can bet this will be on the #police internal record, "Suspected likely murderer".

theguardian.com/uk-news/2025/a

The Guardian · UK creating ‘murder prediction’ tool to identify people most likely to killBy Vikram Dodd

#DOGE accesses federal #payroll system and punishes employees who objected

The system at the #Interior Department gives DOGE "visibility into sensitive employee information, such as #SocialSecurity numbers, and the ability to more easily hire and fire workers,"
#ssn #privacy #interiordepartment #pii

arstechnica.com/tech-policy/20

Elon Musk wears a shirt that says "Tech Support" as he speaks during a meeting at the White House.
Ars Technica · DOGE accesses federal payroll system and punishes employees who objectedBy Jon Brodkin

#Oracle has reportedly suffered 2 separate #breaches exposing thousands of customers‘ #PII

Oracle isn’t commenting on recent reports that it has experienced two separate data breaches that have exposed sensitive personal information belonging to thousands of its customers.
#privacy

arstechnica.com/security/2025/

Ars Technica · Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PIIBy Dan Goodin
Continued thread

In an interview Fri, Dudek argued that the judge’s ruling was *overly broad* & that a reference to “DOGE affiliates” could apply to all employees who access personally identifiable info, or #PII, because they are obligated to cooperate w/ #DOGE.

Dudek said the agency plans to file an affidavit as soon as Fri asking Hollander to clarify language in her ruling….

“Everything in this agency is PII. Unless I get clarification, I’ll just start to shut it down. I don’t have much of a choice here.”

APIs often handle vast amounts of Personally Identifiable Information (#PII), which makes them prime targets for API data exfiltration. 🎯😒 So, it's no surprise that #API-based attacks with the aim of stealing sensitive data have increased over time. Many orgs also lack visibility into which APIs are handling PII, which leaves them with massive #security blind spots. 😳

What should orgs do about this? Let's take a closer look at:
🚦 The growing risks of PII exposure in API traffic
🔓 The methods attackers use to exfiltrate data
👀 Capabilities to look for in a data exfiltration prevention solution
💥 How the new release of Graylog API Security 3.7 can help

graylog.org/post/apis-the-sile #APIsecurity #APIs #cybersecurity