treasure

Usually I just send an email template asking them to delete my data per the GDPR (I'm an EU citizen). I'm not sure if you can force them to delete anything if they don't have to by law, but I guess asking is free.

I went through some old accounts when I migrated from KeePass to Vaultwarden. From start to finish, it roughly took five weeks for all ~25 inquiries to be completed. I check on my accounts every few moons.

Giving a ballpark estimate, 30% of services offer a (semi-) automated delete function in the account setting, 60% comply to emails within a few days and 10% are absolute pains.

*** RANT INTERMISSION ***

One of those 10% is Twilio (This expressly doesn't apply if you only use Authy, their 2FA service). They don't have an automated delete possibility, which is already a huge ick for a company of their size. But it got infinitely worse.

THEY DON'T LET YOU CREATE TICKETS WHEN YOU'RE A FREE CUSTOMER AND FORCE YOU TO USE THEIR AI BOT WHICH CAN'T DO SHIT AND WILL HALLUCINATE A WAY TO DELETE YOUR ACCOUNT BY YOURSELF. Their FAQs have conflicting information which some showing options that don't even exist (anymore). And you have to dig through a lot of policy pages to even find an email address to contact that THEY DON'T WANT YOU TO CONTACT BECAUSE THEY "cannot delete data on your behalf because we cannot authenticate your request by email" (quote of one of their FAQ pages).

When I finally found an email address (that was for reporting data of minors being processed, but I didn't care at that point) and pointed out to them that this is likely illegal, it was processed like a normal ticket and my account got deleted within a few days. I wonder why their legal department followed up a few days after that, apologizing for my "experience" and telling me that they would "review their processes"?

Anyway, that is that. If you want to use SendGrid or any other Twilio service except for Authy, save yourself the pain and just email privacy@twilio.com instead of trying to follow their processes which even they themselves don't seem to know.

*** INTERMISSION END ***

So far, every account I deleted, I couldn't log into after deletion. I can't really check if they deleted the rest without breaking into their data centers.

And I'm not very strict with creating accounts nowadays but I'm much stricter with documenting them to my password manager now so I know that they exist. If I don't need them anymore, they'll get caught in the next rotation.

Noch scheint der Antrag nicht auf der Tagesordnung des Bundestags zu stehen:

Fragt man bei der Bundestagsverwaltung nach, klingt das allerdings anders: "Noch steht dieser Punkt nicht auf der Tagesordnung", sagt eine Pressesprecherin dem ZDF. "Aber kommenden Dienstag sitzen die Parlamentarischen Geschäftsführer der Bundestagsfraktionen zusammen und beraten über die Tagesordnung. Dann kann die Debatte natürlich noch aufgesetzt werden."

Quelle

Da man bei keinem der beiden Bilder die Hand sieht, die es hält, ist keines wirklich transparent 🤔

I am a Patreon supporter of Jim Browning. Incidentally, I got this email today:

At last, I can reveal something I've been working on in conjunction with a major UK cellphone operator, O2. Meet dAIsy. Daisy is an AI bot who answers scam phone calls. Thanks to the mobile operator who can fingerprint scam phone calls via the calling pattern, source, sequence of calls and other markers, scam calls are being diverted to an AI bot who has been trained to keep the scammers on the phone as long as possible.

This is my recording of a Zoom interview I had today with Channel 5 news in the UK where you can see dAIsy in action.

I will continue to train dAIsy with real scam phone calls. When we perfect her, the aim is to work with other cell and landline operators to divert scam calls to thousands of instances of dAIsy. [...]

So you're not wrong about this being a project of some anti-scam YouTuber, you just guessed the wrong one. ^^

Yeah, what a disappointment. This guy brought shame to the security community because he was salty that his vulnerability didn't get the attention it "deserved".

Copying my reply from another thread:

This link should be working.

Quoting from the OP tweet:

* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and others have confirmed the severity, a 9.9, check screenshot.
* Devs are still arguing about whether or not some of the issues have a security impact.

I've spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can't accept that their code is crap - responsible disclosure: no more.

This link should be working.

Quoting from the OP tweet:

* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and others have confirmed the severity, a 9.9, check screenshot.
* Devs are still arguing about whether or not some of the issues have a security impact.

I've spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can't accept that their code is crap - responsible disclosure: no more.

Me too, I'm looking forward to the writeup.

Unpaywalled link

85°C is still fine. You wouldn't want your system running at those temps all the time but if those are only spikes during intensive tasks, you're good.

If you want your PC to run a bit cooler, check your airflow, set manual fan curves, or try out a mild undervolt.

Cannot complain.

Spotted the German.