Windscribe VPN Servers Seized?! - Surveillance Report 49

hello everyone and welcome to our second

week back for

surveillance report 49 where we are

dedicated to keeping you private and

secure and

up to date with the latest news in the

world

this report is going to recap some of

the most notable events in the last week

including some new pegasus updates which

we already started talking about last

week

um the very much uh hyped up windscribe

vpn incident which we will talk about

some new interesting research and a lot

more i'm henry from techlore

i am nathan from the new oil and today

you know what like

i feel like we don't give the monero

community enough love both nathan

on on the new oil and we at teclor

accept monero and we very much accept

donations and we enjoy that kind of

stuff so if you're

someone who likes monero and you want to

spare us some donations to keep this

show going for free that would be

awesome um just wanted to let you guys

know like we we like monero

monero's monero's life monero is love i

think i did that backwards i think it's

love life

live laugh love not even where i was

going but we'll take it we'll go ahead

and start with the data breaches let's

get into it so our first data breach

comes from estonia a cyber criminal has

downloaded close to 300 000 personal id

photos i mean that's pretty much all

there is to this story an estonian cyber

criminal stole 286

438 government id photos so you know

like driver's licenses and stuff like

that

along with names and id codes a suspect

has been arrested and at this time

there's really no

motive seems like he just did it because

he could if we learn anything else we'll

keep you updated

the 2020 olympics in tokyo have been hit

by a data breach

and information was leaked online this

came from fujitsu

and information included login details

and passwords of ticket holders which

in and of itself is not necessarily a

problem i mean you know it's a problem

but it's not like a huge thing

however those accounts can now be logged

into to obtain other sensitive

information like names addresses and

bank account numbers

the number of affected records was not

disclosed but it was described as quote

not substantial

university of california san diego

health has disclosed a data breach after

a phishing attack

this affected patients employees and

students between december 2nd 2020 and

april 8

2021. they haven't really commented too

much so we don't know for sure but

potential information that could have

been disclosed

includes full name dates of birth email

address fax number insurance information

lab results health information

social security numbers government id

numbers student id numbers payment or

financial information

and username and password ucsd is one of

the nation's best hospitals and has a

capacity of 808 beds we're talking like

a

four or five month period probably a

pretty significant number of people

caught up in this

we're gonna go to canada where calgary's

parking authority has exposed drivers

personal

data and tickets calgary has a lot of

pay for parking in their town

and the parking authority charges

directly for about 14 of those paid

spots it's not like a third party thing

unfortunately they were storing payment

information on an unencrypted server no

password no nothing just log on and

browse it and

the data that you could have accessed

includes full names dates of birth phone

numbers

email and postal address information

about any parking tickets or offenses

in which case would also be included

license plates and vehicle data and

in some cases location data as well as

partial card numbers and expiration

dates so

lots of information they don't know if

this information has been accessed yet

or you know what it was used for but as

always you should assume that if it was

open

somebody probably found it an unknown

number of british columbians personal

information has been found for sale

after homewood health was extorted

homewood health is a mental health

services provider and they were quote

unquote hacked earlier this year that's

all they said they didn't say if it was

like ransomware or what

once again they did not comment on the

number of records

or the information itself actually but

it appears to impact both employees and

patients and the attack

actually trickled down to other agencies

that work with homewood health like

bc housing translink and the provincial

health services authority

northern ireland's covid certification

service was suspended after a data leak

northern ireland's department of health

they had an online portal where you

could apply for a digital certification

proving that you've been vaccinated it's

not really a breach because this is

again kind of like the unsecured server

thing from calgary we don't really know

if anyone took advantage of this but

basically there was a glitch

where certain users were able to view

the information of other users

in theory a malicious actor could have

found that and decided to take advantage

of it the article doesn't really give a

lot of details but it said that the

systems were temporarily taken offline

so the problem could be fixed our last

article from data breaches

isn't really a data breach but it's just

something worth knowing it says

enterprise data breach costs reach

record high during the pandemic

basically the average cost of a data

breach is now 4.24 million dollars

according to ibm

which is up 10 from 2020 so this stuff

is just getting more and more expensive

the amount of time to detect and contain

a data breach is also

up to 287 days on average and even

using solutions like ai and machine

learning and encryption companies still

only saved about 1.5 million dollars so

personal opinion i think most companies

are willing to take the gamble until

regulations start finding them and

making them hurt and then they'll start

paying attention now we're going to move

on

to companies and we're going to kick

right off with the windscribe

incident so windscribe is a vpn provider

the headline is vpn servers seized by

ukrainian authorities weren't encrypted

i'm going to start off by saying the

headlines a little bit misleading

winscribe had two servers in ukraine

that were confiscated by authorities in

regards to an investigation

the servers were running openvpn but

they used outdated settings

from 2018 which was tied to a

vulnerability that could decrypt the

data

this wasn't actually like oh these are

just unencrypted servers for anyone to

just go access when scribe did address

this

very quickly within a couple weeks it

was discovered they have now patched the

issue

but the authorities were able to seize

and decrypt the data this was a big

oversight by them

it was a vulnerability it was disclosed

three years ago and they haven't updated

so it's the kind of thing that they

should be defending against they

published a blog post covering like what

they did and what they hope to do to

address this issue in the future couple

things here

one this is why like we always say even

if you use vpns you should always be

careful with them it doesn't mean

they're terrible tools and you should

never use vpns

it just means that there are very valid

concerns and you should understand that

when you're using a vpn provider

two this didn't just impact winscribe

the winscribe ceo

actually dumped some server certificates

from other vpn providers

nordvpn could have been hit by this

expressvpn

tour guard and perfect privacy the one

provider that was specifically mentioned

by the windscrap ceo for doing things

properly was ivpn

so this story i think overall is very

much blown out of proportion at least

people misunderstood what it meant and

like the actual error that was done

it's good in my opinion that when skype

seemed to respond really well to this

they didn't try to like throw this under

the rug and they said hey like we

as always you're placing a lot of trust

in a vpn provider up next we're gonna go

over to google news google they have

that google flock technology that we've

been talking about

for a while now luckily it's been very

unpopular it's essentially a privacy

sandbox that's trying to replace cookies

so that google essentially has more

first party control of what to do with

people's data

they have updated the schedule for this

privacy sandbox flock technology

for phasing out cookies the new timeline

split the bundle technologies

into five phases which they hope to

integrate into chrome by 2023.

the next google news is just quick it's

almost a research article but it's just

a new android malware that records

smartphones via vnc to steal their

passwords

it's just a new malware called vulture

it's also a banking trojan

but it can record your smartphone via

remote visual desktop software it also

requires you to fall for it

so beware of phishing scams and also be

aware of shady apps and try to get your

apps from trusted sources

okay this week we just have one apple

story apple has fixed a zero day

affecting iphones and macs exploited in

the wild it was known as cve 2021

30807 it was a memory corruption issue

on the

i o mobile frame buffer kernel extension

i don't know what that means but i'm

sure some of you out there do

it was reported by an anonymous

researcher and patches have been

released

for those of you who are wondering this

does not involve pegasus in any way

shape or form we'll talk about that a

little more in a minute

minute even still it fixes a zero day so

you should definitely take advantage of

that and update if you are an apple user

up next we're gonna go over to instagram

who's released a new

feature nathan wrote in the notes here

we still think instagram is trash and

you shouldn't use it but this is a good

example of privacy by default

because instagram is now defaulting

users under 16 into private accounts so

that their information by default won't

be visible to the world

we need to see more things like this in

our opinion instagram is still privacy

invasive themselves we know this

and there's still security issues and

it's still facebook we know we're not

saying it's a good service he should be

using we

we applaud some good moves that were

made disclaimer is unclear downloaded

instagram now we're gonna move on to the

app

citizen which is pretty controversial

citizen is now hiring

new yorkers at 25 an hour to live stream

crimes

the weird thing about this is this seems

to have been going on for quite a while

this hiring people

and they're doing it really in secret

like in the name of shell corporations

they're framing it in the context of

like filming it for journalism purposes

the whole thing is just really shady and

and being kept on the down low and

they're kind of distancing themselves

from it

this next story is a quick update to a

story we've covered some time ago

i believe it was last year there was

this couple in natick massachusetts

who ran their own little independent

newsletter

they may have said some critical things

about ebay maybe they didn't but for

whatever reason

some of the supervisors at ebay took

this newsletter really personally and

started cyber stalking this couple

at one point they sent him the pig mask

from the saw franchise and another time

they sent a book that was like

how to deal with the loss of a loved one

basically kind of implying like we're

gonna kill you

this is one of the supervisors i guess

the rest are still pending has been

sentenced to 18 months in prison

one year of home detention concurrent

with three years of supervised release

ebay is of course distancing themselves

from this and saying this was not

officially sanctioned behavior they were

rogue employees

stuff like that is why i really

encourage people to use po boxes and

fake names and stuff

because you never know who's just gonna

take something the wrong way and go off

the deep end

our last company story is just a real

quick update the

ransomware gang doppelpaymer has

rebranded as

grief in the future expect us to hear us

talking about them and know that they

used to be doppelpammer

next let's move into research so our

first research story a

researcher just out of sheer boredom did

a google search for php

mysql email register and found

a whole ton of tutorials and code

snippets the issue is he found that a

lot of these tutorials and examples

had vulnerabilities to sql injection

attacks basically meaning they shouldn't

be shared they were

inherently unsafe the moral of the story

here just be aware of copying pasting

things without understanding what you're

doing i run my own next cloud server i

use linux it is

fairly common for me to have to look up

you know okay what is what does this

code mean how do i do this

make sure you're not just copy paste

make sure you're actually understanding

what is the code i'm putting in doing

what is the command

doing and what does the error mean

because otherwise you run the risk of

copying and pasting

something malicious like that or

something unintentionally vulnerable up

next

there was a new report published by

blackberry's research and intelligence

team

that pretty much says that malware

developers are turning to more exotic

programming languages to help

in their quest of thwarting the

researchers they're essentially using

these less popular and unusual coding

languages

and that's making it harder for them to

detect the languages and what they're

doing

the main languages that seem to be used

are go like golang d delaying nim and

rust

which are the most commonly done to try

to evade detection by the security

community

up next this one's pretty cool there's

something called the fg01

which is the first tool that is aimed to

defeat gate recognition now for those

who don't know gate recognition would go

under like biometric surveillance where

you can identify someone by the way they

walk their gate so someone has released

a 3d printable shoe extension that can

change your step length and foot tilt

angle

when this is used in conjunction with

baggy clothes they claim that this

should help you defeat most gait

recognition systems in a healthier way

than like a rock in your shoe the author

notes that they have not had a chance to

actually test this against a real-world

known gate recognition system so it's

not necessarily like a recommended

solution yet but

it seems to in theory work then last but

not least we have a

another slightly misleading headline the

title says you really shouldn't roll

your own crypto an empirical study of

vulnerabilities in cryptographic

libraries

basically researchers examined eight

existing open source cryptographic

libraries which were open ssl

gnu tls mozilla nss wolf ssl botan

lib gcrypt libra ssl and boring ssl it's

a pretty short article it's only 15

pages

feel free to go read it the main

takeaway for me basically they found

that the more

bloated a code was like the more code

there was the more complex it was

the more vulnerabilities they found

which is probably not surprising i think

the reason they chose that headline you

really shouldn't roll your own crypto

was just kind of to say this stuff is

really hard

and even stuff that has been around for

a long time is not necessarily perfect

and so by going it alone you really run

the risk of making it worse or making

really big mistakes

let's move into politics we'll start

with an update on

pegasus first off somebody in the cyber

security subreddit has shared what they

claim is a document dump regarding

pegasus like manuals and memos and stuff

that kind of better explains how it

works and what it does they also claim

to have an android variant of pegasus if

any of you are code savvy

and want to run it or examine it in a

controlled environment like a virtualbox

it should be noted do so at your own

risk this is a random stranger on reddit

if you like getting your information

straight from the source

this could potentially be a good source

run it at your own risk

meanwhile israel has opened an official

investigation into the nso group on

wednesday

unidentified israeli government groups

visited the offices nso is cooperating

at this point in time

based on other journalistic reports in

the recent past like the past week or so

the groups involved are believed to be

the foreign ministry the justice

ministry

military intelligence and mossad we will

let you know

what they say when they say something

our next update is about the kessia

ransomware we talked about how

our evil had disappeared and also

darkseid who was responsible for like

the colonial pipeline and the jbs

ransomware attack both of those kind of

disappeared and they seemed to have

resurfaced as

black matter and heron researchers are

saying they're showing a lot of the same

behavior

same code same tactics so they're

probably rebrands kind of like earlier

we talked about uh grief and

doppelpayment it's just one of those

things worth having on your radar

our next story is going to be about

unemployment benefits

you may have to submit to facial

recognition first

colorado the state of colorado now

requires facial recognition verification

from a service called

id dot me to claim unemployment benefits

so that's pretty much the main story

we're starting to see this increase in

rise in privacy invasive tech in the

world

where even getting things like

unemployment are going to require

handing over facial recognition first

um unemployment agencies in 25 states

with two more underway have already

teamed up with id dot me

the next one i thought was pretty fun

i'll tell you why at the end fresno in

california wants to watch you as you

park

at the park fresno city council has

anonymously approved the use of

automated license plate readers at two

of the city's largest parks

which i believe is woodward park and

roading

at this time it seems like a fairly

decent system so when a car enters the

park they have 30 minutes to pay via a

kiosk or mobile app or

leave and if they don't the system will

summon a nearby officer

the database is cleared daily and not

open to police keywords

at this time so we'll see if that opens

up why this is funny is i was at

woodward park last weekend

our next story i thought that this was

like somehow an exaggerated or

misleading headline but

nope so the headline says police are

telling shot spotter to alter evidence

from gunshot detecting ai police around

the country are using an audio

surveillance technology called shot

spotter

which is basically a whole bunch of

microphones that are designed to detect

and know

any gunshots that they pick up and to

note the timing location there's also

human analysts who work there so if shot

spotter hears something and

it's not totally sure if it was a

gunshot or not then a human can listen

to it and say like oh no that was a

firework or like yes that was a gunshot

or whatever

long story short the police have an

unarguable

proven record of asking shotspotter

basically like hey can you take another

look at this are you sure that that

wasn't a gunshot

are you sure that that wasn't at this

time in this place and basically they're

altering evidence to fit

their stories they're basically planning

evidence this is one of the reasons that

we don't like this ai stuff it's only as

good as the information that's put into

it

especially when it can be altered after

the fact i don't know what could have

been done to prevent this other than

just not using it all together which is

fine with me our next story is a piece

of good news

president biden here in the u.s has

issued a national security memorandum

ordering a baseline performance goal to

be set for critical infrastructure

operators so in other words

cisa and nist now have to get together

and develop minimum cyber security

standards for

high-level companies to follow

personally i think this is a really good

thing bruce schneier in one of his books

makes the argument

that when the government sets this kind

of baseline manufacturers will start

producing that for the public sector too

because now that's a marketing thing

they can stick that on the box and be

like

we meet cisa standards we me nist stand

it's kind of like how you see everybody

saying

military-grade encryption which assuming

that they're actually meeting that

standard if one company starts doing it

everybody else has to do it to keep up

which makes everybody

safer by default there was an older

story where the u.s postal service was

secretly monitoring american social

media accounts

to look for any indication of an

upcoming crime which is super creepy by

the way and it's just one more reason to

avoid social media you should join detox

day august 2nd check out our earliest

videos cool yeah

do all that there's an update to that

now the efs electronic frontier

foundation they have now sued the us

postal service

claiming that it violates the first

amendment rights to protest and free

speech we'll see what happens

on a similar note relating to the eff if

you live in america this week the us

congress will be voting on

among other things section 702 of the

foreign intelligence surveillance act

known as fisa this is a major way that

the us government is allowed to access

emails and other communications quote to

aid in national security investigations

basically this is what authorizes the

nsa to just collect everything

indiscriminately and then for the police

to go in after the fact and be like well

since you have these communications

we'll go ahead and look through them

this year four representatives have put

forward an amendment that would severely

limit the legality of mass surveillance

if you are an american voter you may

want to call your politicians

and voice your opinion about that up

next 48 advocacy groups have called on

the ftc

to ban amazon surveillance these 48

civil rights and advocacy groups are

organized by

athena which asks the ftc to exercise

rulemaking authority by banning this

technology

banning continuous corporate

surveillance of public spaces and

protecting the public from data abuse

it's important to note they aren't just

necessarily targeting amazon

specifically

they're kind of a textbook example of

what the problem is which is things like

the ring the alexa and sidewalk

which all together pretty much see

everything going on 24 7.

we'll see if anything happens with this

our next story is going to go to brazil

this is just a real quick one

brazil has created a cyber attack

response network i think we covered

something similar in new york a couple

weeks ago

gonna quote the article brazil has

created a cyber attack response network

aimed at promoting faster response to

cyber threats and vulnerabilities

through coordination between federal

government bodies we're starting to see

more and more countries create these

organizations and these agencies to take

the digital world more seriously and

start responding faster next

headline is space the final frontier of

europe's migrant surveillance

quotes a new industry is offering border

agencies around the world access to

advanced space-based surveillance

capabilities once reserved for the most

advanced intelligence agencies

they're using satellites able to track

signals from satellite phones and other

emitters

these companies are then selling access

to the data obtained to anyone willing

to pay

including uk and eu border agencies

space is kind of a creepy new era

of like tracking capabilities that we

already kind of know of but it looks

like it's just leaking more into the

real world and it's becoming more

accessible our next couple of stories

come from australia so the first one

covetsafe uploaded 1.65 million

handshakes and was only used by new

south wales and victoria

the coveted safe app identified 2 827

potential close contacts from 37

668 encounters in new south wales

victoria here's the interesting part to

me

only 17 cases were identified separately

to manual contact tracing efforts not to

be political but

in my opinion this is a lot like

surveillance in general where we see

that

it's it doesn't really do much that we

haven't already been doing other ways

maybe that was because of bad

implementation or maybe just the wrong

technology it seems to me like we've

covered a lot more data breaches

than the 17 cases that this app found

this is why we're like so hesitant of

these

apps it's starting to seem like the

research is saying that the efficacy

isn't really there again maybe that's

because not everybody's using it i don't

know maybe we're part of the problem our

next story from australia is

also about covid and contact racing i

don't know how to pronounce that quantus

contest is working with the

international air transport association

to make covet 19 safe travel happen once

the australia's borders are reopened

we've talked about this we're starting

to see more and more places

are wanting you to publicly disclose

your vaccination status which kind of

like we talked about earlier with

ireland and their data breach

this may result in some sort of

centralized database that you have to

access

it's something to be aware of and we'll

see how it unfolds our final

political news taiwan probes reports of

officials messaging accounts being

hacked

line is a messaging app in east asia

which is kind of like whatsapp except

it's not even

end to encrypted they've been in trouble

for the past for employee snooping as

well in messages which is not fun

more than 100 accounts belonging to

officials displayed quote abnormal

activities

and authorities are now investigating

this the moral of the story is

use safe messengers that are ideally

open source and have end-to-end

encryption

we're not going to move over to our foss

section free and open source our first

story relates to brave with help from

google an impersonatedbrave.com phishing

site

has now pushed malware some attackers

created brave within

accentede.com as a spoof of brave.com

they purchased and ran google ads to

steer traffic to this website

so the moral here check the website try

to use the official source whenever

possible

avoid ads so i guess this is another

perk of ad blockers you would have

avoided this situation there's not much

to do

once you're on the site unless you're

actively checking the url and trying to

catch that it's more about prevention

here

before you download a program maybe i

would double check a url i've never

thought about that before

but maybe it'd be good to recommend

every time you download something

you should just check the url real quick

normally i'll do it when i'm logging

into a sensitive account but maybe i

should start also adding that for when i

download things

now we're gonna talk about firefox

firefox vpn is now available in seven

more countries austria belgium france

germany italy spain and switzerland

and they have added split tunneling

which is an amazing feature

additionally they have now changed their

pricing to offer

annual semi-annual and monthly

subscriptions at five dollars eight

dollars and ten dollars a month

respectively it will stay

five dollars a month for customers who

already signed up

just so you guys know it mozilla vpn is

just molved vpn with their own little

mozilla branded stuff generally speaking

we just recommend all that and now that

molvet is monthly

at half the cost pretty much you should

just go with molvet up next we're gonna

move over to signal the messenger

they have fixed the bug that sent random

images to the wrong contact this was a

very serious bug

but it was very hard for them to catch

someone reported this issue and they

were trying really hard to reproduce it

and they just couldn't reproduce it and

they finally were able to figure out

what happened this month

and they finally got it patched moral

story don't keep anything sensitive on

your phone it's kind of an unrealistic

moral just be cautious when you're

sending images and always double check

the thing that sucked about it is if you

look at the article and the screenshots

you wouldn't know that it sent

additional pictures

it looks like it just pulled random

photos from the user's camera roll

you're right sometimes that's not

feasible but if you can

try not to keep i've got memes and stuff

on my phone that would certainly be

weird if i sent my co-worker like a

random

meme that didn't make sense in context

but it's not like they're gonna get a

naked picture

or something and that's what i mean when

i say like sensitive with that bug you

wouldn't have even known if it sent that

they would just be like uh why'd you

send me this also if you're an android

user go ahead and patch that

i think my moral of the story here is

just be so weird

that it doesn't even seem like out of

the ordinary if you send like a random

friend a nude or something

just start doing that now and then when

something like this happens it's like oh

that's just them being done just ignore

it our next story is about the matrix

chat

element they have raised 30 million

dollars to boost matrix i'm gonna quote

the article here element the startup

founded by the team who created matrix

just raised 30 million dollars of series

b

funding in order to further accelerate

matrix development and improve element

the flagship matrix app the round is led

by protocol labs and metaplanet the fund

established by jan

talon co-founder of skype and kazaa

personally i'm not exactly reassured by

those names but we'll see what they do

so far in my opinion they haven't given

us a reason to distrust them so

give them the benefit of the doubt with

the funding they have said that they

plan to complete peer-to-peer matrix

implementations they plan to implement a

native decentralized end-to-end

voice-over ip or video conferencing and

build a

quote relative decentralized reputation

system in order to combat abuse

unquote this one is kind of unfortunate

so there's a

app called barinsta which is a facebook

front end kind of like tedit

or knitter knitter is the twitter front

end just like ted it for

reddit these are all just like front

ends for you to visit these sites

without having to access the site but

barrista was

served a cease and desist order from

facebook which is very sad

are they complying with the cease and

desist order as far as i know yeah

they've gone ahead and stopped

development and basically shut down

that's terrible i know facebook yep our

last

fosstory software downloaded 30 000

times from

i'm not even going to try to pronounce

that p-y-p-l-p-i

pi pi sure ransack developer's machine

so basically from what i can tell

reading this article

this is another example of an open

source publicly available repo

that somebody co-opted and planted

malicious code which was then downloaded

by anybody who

accessed that repo you know who

downloaded the code from it this is just

our periodic reminder

open source is always preferable but it

does not automatically mean that it's

perfect it does not automatically mean

that it's safer you still have to use

your best judgment and caution when

accessing open source

anything we are now gonna move over into

the misfits to finish out the news this

week

the first one an italian tv announcer

at the olympics did not realize he was

on air when he asked the password for

his computer he then proceeded to claim

that the password

booth.03 was too difficult to type

and said it should have been something

like mickey mouse goofy or pluto he then

complains they didn't need the dot

because they're not quote

nasa there's a bit to break down here

one i don't ever say passwords out loud

to people

if someone asks me for a password or

something i'll text it to them through

signal or something like that

i normally have disappearing messages on

signal so i don't mind too much for

unimportant things

for me his attitude towards it is the

most interesting thing he's like that's

so complicated we're not nasa

like why does it matter so i think

that's kind of the most interesting

thing for me people don't really see the

importance of just basic security for

their computers

that's a hard issue to deal with because

that's very ingrained in our society our

next story

a teenager on an airplane sent a photo

of a replica gun via airdrop to everyone

who had their settings configured to

receive unsolicited photo from strangers

this caused a three-hour delay as the

plane still at the gate was evacuated

and searched the teen was not allowed to

report whatever camp you fall in whether

this was overreaction or whether this

was

some teen making a bad joke the moral

here for the rest of us is

turn off the features that you aren't

using on your devices like bluetooth

and just try and secure your devices in

my opinion these people are lucky that

he didn't try to drop in some kind of

malware or something that would have

been like

actually visually disturbing like gore

pictures or porn turn off things you're

not using

our final story of the week this is good

for parents out there who are listening

to this future ai toys could be smarter

than parents but a lot less protective

i actually want to start off by reading

what some of these are because i was

just going through this and it's like oh

i've never seen this before

there's a roi by robot which creates

personalized lessons to teach kids

educational subjects like science

languages and math

it has a camera and microphone to detect

facial and emotional reactions from kids

and all the information is collected and

controlled through a parent or

guardian's account

i do believe that's one of the good

examples but even then that's an example

of how these toys are looking nowadays

between 2014 2017 a toy company called

genesis toys sold

my friend kayla which was an interactive

doll that could listen to

and respond to kids but it was recording

its conversations with kids as well as

conversations with parents

siblings and anyone else around the doll

they also said that they were able to

share this data with third-party

companies there's a lot of stories you

can check them out in the sources as

always

this is basically just a warning to

parents and would-be parents

that smart toys are coming you do need

to be concerned about the data policies

and

you're literally trusting your kids with

these toys well that was

all the news for the week it was a

pretty fun week we covered a lot of

big stories and some of them are still

ongoing we will see if

fresno does in fact add the license

plate trackers to their parks that

should be fun but that's it so again our

promo spot this week is for the monero

community and we do support monero both

nathan and i do

we want to thank you for listening to

the surveillance support we're happy to

know that you're keeping up to date with

the newest news

and of course the final thing we always

ask you is to share the podcast around

because the more people who are educated

on this stuff and hear about it

the more effective we're all going to be

against all these issues thanks again

for listening

thank you nate and see everyone next

week