Joseph Cox

NSA statement on its site http://captcha.nsa.gov pic.twitter.com/Asw3Sw8GML

The human infrastructure that carries your conveniently ordered takeout food isn't given anywhere to pee https://www.vice.com/en_us/article/884xyp/gig-workers-have-nowhere-to-pee …pic.twitter.com/SfcTM4uVOl

Updated with Wyden statement on FCC determining that at least one telecom company broke the law by selling phone location data https://www.vice.com/en_us/article/m7qb8n/fcc-confirms-one-or-more-carriers-broke-the-law-selling-location-data …pic.twitter.com/t6iaUAqwK1

"I feel like my story needs to get out in case it could help someone else in the future" the Iranian-born, American soldier told us https://www.vice.com/en_us/article/wxejvy/american-citizen-soldier-phone-taken-at-border-iranian-family …pic.twitter.com/GnAbF2rYyL

This soldier was on military business, according to docs obtained. Border patrol still stopped them, questioned them, took their phone. This comes after CBP originally denied wasn't stopping people based on heritage, and then CNN got memo saying otherwise https://www.vice.com/en_us/article/wxejvy/american-citizen-soldier-phone-taken-at-border-iranian-family …pic.twitter.com/VhnoKEibIN

New: the FCC has concluded its investigation into the sale of phone location data, and has found that one or more telecom companies broke federal law. Doesn't name the companies yet, but FCC likely to recommend fines in the coming days (we found telecos selling to bounty hunters)pic.twitter.com/ymJmH5iovh

Updated our piece with new statement from Senator Wyden on Avast antivirus stopping its data selling business. "The decision today to shutter its data broker subsidiary is a model for how companies should respond to criticism of privacy abuses." https://www.vice.com/en_us/article/wxejbb/avast-antivirus-is-shutting-down-jumpshot-data-collection-arm-effective-immediately …pic.twitter.com/biYzrPTSDl

Update: Avast is stopping this data collection and closing its data selling company with immediate effect. Original investigation updated with this note https://www.vice.com/en_us/article/wxejbb/avast-antivirus-is-shutting-down-jumpshot-data-collection-arm-effective-immediately …pic.twitter.com/SmwGi6IiQZ

To do this, Avast bought back a 35 percent stake in Jumpshot. In July that stake was worth over $60 million https://www.vice.com/en_us/article/wxejbb/avast-antivirus-is-shutting-down-jumpshot-data-collection-arm-effective-immediately …pic.twitter.com/LGdNbI0klM

Here is a section of the announcement from Avast's CEO. Not just stopping data collection, but shutting down the data broker subsidiary altogether https://www.vice.com/en_us/article/wxejbb/avast-antivirus-is-shutting-down-jumpshot-data-collection-arm-effective-immediately …pic.twitter.com/r102UdfkHw

reminder possible to see airdrop transfer in a document's metadatapic.twitter.com/CABx2FShKB

As I was talking to SIM swappers, Verizon employees about SIM swappers phishing, a company that tracks phishing emails independently reached out to me mentioning they've seen similar. Seems there's a trend here with SIM swappers upping their approach https://www.vice.com/en_us/article/v74b4d/sim-swappers-phishing-verizon-sprint-tmobile-to-access-internal-tools …pic.twitter.com/ipTYQZLskF

There can be 2FA on these remote worker login panels, but there are workarounds. Some employees use a workaround themselves by logging into another, already auth-ed machine. In other cases, swappers just get employees to give them 2FA token https://www.vice.com/en_us/article/v74b4d/sim-swappers-phishing-verizon-sprint-tmobile-to-access-internal-tools …pic.twitter.com/lFx94abuPA

One tool of particular interest to SIM swappers is Verizon's internal Omni tool. Confirmed with Verizon sources that this can be used for SIM swapping. One source with access to Verizon systems said "I can SIM swap anyone on Omni" https://www.vice.com/en_us/article/v74b4d/sim-swappers-phishing-verizon-sprint-tmobile-to-access-internal-tools …pic.twitter.com/8ch3FiqwyY

The phishing is for login panels like ones used by T-Mobile, Sprint, and Verizon for remote workers. Employees log into these Citrix VPNs to access internal telecom tools. But SIM swappers are abusing that access to get in themselves https://www.vice.com/en_us/article/v74b4d/sim-swappers-phishing-verizon-sprint-tmobile-to-access-internal-tools …pic.twitter.com/y1weUlH1B1

After our investigation Avast has published a blog post defending its sale of users’ browsing data, but adds it will “continue to consider how a trends analytics service aligns with our values as a cybersecurity and privacy company.” https://blog.avast.com/our-commitment-to-responsible-data-use …pic.twitter.com/CBe5lNL9yj

Updated from FTC on Avast selling its antivirus users' browsing data: "We are very familiar with how these markets for data operate, and will not hesitate to take appropriate action as necessary where we find conduct that violates the laws we enforce." https://www.vice.com/en_us/article/7kzxzy/senator-mark-warner-ftc-not-doing-enough-on-browsing-data-avast-antivirus …pic.twitter.com/Ex6qm4FsfN

This is the new opt-in message that should be popping up on more Avast antivirus users' screens soon. It arguably isn't clear on what Jumpshot really does with this data: collect browsing history which can see what site you were on at what time, sells it https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation …pic.twitter.com/caL71F9fJm

This piece on Avast browsing data selling was a collaboration between Motherboard and PCMag. In their own piece, PCMag goes more into how the data could be de-anonymized. The outlet has now also pulled Avast from its recommendations of free antivirus https://www.pcmag.com/news/the-cost-of-avasts-free-antivirus-companies-can-spy-on-your-clicks …pic.twitter.com/3uauOev24I