earthworm

If you VPN into the UK or Australia, you’ll run into the same restrictions.

As more countries pass this kind of legislation, VPNs become less and less of a solution, and they were only ever a solution for people who can afford them.

TL;Dr: Browser extensions are malware sleeper agents.

The systemic problem isn’t just one malicious actor. It’s that the security model incentivizes this behavior:

1. Build something legitimate
2. Pass review and gain trust signals (installs, reviews, verified badges)
3. Collect large user base
4. Weaponize via update
5. Profit before detection

ShadyPanda proved this works. And now every sophisticated threat actor knows the playbook.

The app is mainly designed to help users block and track lost or stolen smartphones across all telecom networks, using a central registry. It also lets them identify, and disconnect, fraudulent mobile connections.

With more than 5 million downloads since its launch, the app has helped block more than 3.7 million stolen or lost mobile phones, while more than 30 million fraudulent connections have also been terminated.

The government says it helps prevent cyber threats and assists tracking and blocking of lost or stolen phones, helping police to trace devices, while keeping counterfeits out of the black market.

There has to be a way to do all of this without installing something on your phone that you didn’t ask for.

Something weird about corporations spending billions on “the Comic Sans of technology”

If you downloaded a malware-infected version, it shouldn’t be able to access your accounts.

It remains unknown what the malware that found its way into the official SmartTube APK files can actually do. Thankfully, SmartTube is programmed to only request minimal account permissions and does not ask for any login information directly. Even if you granted the app access to your Google Drive for backup purposes, your Google account and general Google Drive files remain out of the app’s scope of permissions. Permissions regarding control of your YouTube account seem like the only thing that could have easily been exposed to the malware, as far as account access is concerned.

To be safe, factory reset anything you installed it on and double check for Google/YouTube account activity and permissions.

That said, since very little is know about the malware, you should assume the worst. If you use SmartTube and are concerned about your exposure to this malware, you should factory reset any device that had the app installed, especially if you installed or updated the app in November. It would also be a good idea to audit your Google account permissions and your YouTube account activity for anything unusual. Once your devices and account are in order, if you wish to reinstall SmartTube, be sure to only install the latest version through the codes/links above.

The link just brings me to the front page of a web app. Is there a direct link to the original article ?

You might not understand :

• their explanation for what happens to users who’ve paid
• what I mean by “soften the landing”
• what I mean by “what that really meant”
• what I mean by “I wouldn’t be surprised”

I’m not a mind reader, mate. Even less so on the internet. I could be ESL, or from a different part of the world. Whatever’s obvious in your head isn’t going to be obvious in mine.

So, if you want me to tell you what “this” means, you’ve got to tell me what “this” is.

Schrödinger’s Surety

I saw the furry art and that’s how I knew they were a pro*.

Which part?

Not for users who paid the mobile unlock fee.

What if I’ve already paid the one-time mobile app activation fee?
For users who have already paid a one-time, in-app activation for either our mobile Android or iOS app, an extended trial for the new Remote Watch Pass subscription is available.
(Source: Plex)

They soften the landing with the “extended trial”, but anyone who paid the “one-time fee” is finding out what that really meant.

I wouldn’t be surprised if a year from now there’s an announcement for Plex 2.0 and my lifetime account only applies to legacy Plex.

I don’t think that’s it.

There were complaints when Netflix started enforcing password sharing rules.

I think the main driver of complaints is “you promised the thing I’m paying for would be X, and now you’re changing the deal.”

“No Way To Prevent This” Says Only Package Manager Where This Regularly Happens*

Most activism groups aren’t really screening for membership.

Usually it’s, “you want to join ? Cool, I’ll add you.”

Edit: Just read the article. They went out of their way to try to make it sound like this group was up to something other than legally show up to immigrant court and keep watch for heinous police behavior.

The memo did not provide any further details about the individual or their alleged past calls for violence and offered no specifics or evidence to explain why the FBI characterized them as “anarchist violent extremists”. The courtwatch efforts have been non-violent, and the FBI did not respond to an inquiry seeking specific examples of violence and did not answer questions about whether law enforcement had ongoing access to the private group.

What’s really weird is that the byline(?) says this article was published “today”, when I saw this exact same headline more than a week ago.

Forepend.