To ask further how that might perform?
The reveal in the following article every Australian can be tracked - and identity able to be determined. Sharing data with Google and Apps likely making it easier to do so. Do we really know all of what our mobiles and other devices are passing on?
If “national security” gets the government’s attention then great but privacy is not something that should be limited to soldiers and politicians (PEPs more generally perhaps).
The Surveillance Capitalism business model needs to be smashed.
I propose: the existing “Do Not Track” mechanism be given legislation for enforcement. If you set DNT on a web request then you are indicating that the request cannot be the subject of all this data collection and data selling - and all those nasties must be disabled. (Typically, you either set DNT in your preferences or you don’t, and if you do then it is sent on every web request.)
This is the kind of thing that the EU might legislate - because they take privacy more seriously as compared with our asleep-at-the-wheel government (or maybe they are awake and just don’t care, or maybe they are awake but they are part of the problem, not part of the solution).
Right now, privacy protections are so weak that the presence or absence of DNT becomes part of your fingerprint i.e. the feature helps the Surveillance Capitalists.
The pieces are all freely available (well, the glasses cost ~$500 in Australia). All it takes is the knowledge to put them together.
A couple of worrying hacks:
“It turns out Australia has no mandatory rules for ensuring smart devices aren’t able to be hacked.”
This is more of a supply-chain hack. I’ve heard of a couple of instances involving rooftop solar panels.
“It is both surprisingly easy to do, and could be nearly impossible to detect.”
https://archive.is/tj0Yd
Telegram is going to start cooperating with Authorities over their users. They will provide IP addresses and phone numbers when they receive legal warrants to do so. Thin edge of the wedge in regards to remaining anonymous with these “secure” networks?
BBC article of the changes being made. Changes perhaps a result of the arrest of the head of the business, in France?
Signal seems so far immune, if it it is how long before it isn’t?
Is your smart TV tracking you?
Your Smart TVs Tracking Your Viewing Habits Using ACR technology | cybersecuritynews.com
A recent study has shed light on the extensive use of Automatic Content Recognition (ACR) technology by smart TVs to track users’ viewing habits.
Researchers from University College London, Universidad Carlos III de Madrid, and the University of California, Davis, conducted a comprehensive analysis of ACR tracking in smart TVs, revealing that these devices collect data on what people are watching, regardless of whether it is linear TV, streaming content, or even content from external devices connected via HDMI.
And some tips on how to avoid this:
Near certain.
However I would like a change of parsing. He was arrested in France. He is the head of the business overall. He is not the head of the business in France. 
This article has brand-specific instructions for common brands.
More about vulnerable Ecovacs robot vacuum cleaners:
These incidents may be a good thing, because at least they’re making people more aware of just how easy it is to hack these robot vacuums – and just how much access that gives the attacker to the home that the vacuum’s in.
… and as the article says … better to be yelling racial “slurs” than gaining unauthorised access to the device and then keeping it secret. Clearly this is just a bunch of yahoos rather than organised criminals, and if it gets media and manufacturer attention then so much the better.
In my opinion, this is a “major defect” and customers should have the right to ask for a full refund on these dodgy vacuum cleaners. The description of the “honour system” for the PIN is just embarrassing!
In the meantime, I am happy to push my larry-low-tech vacuum cleaner around the house.
Indeed. I do feel sorry for the poor dog that was chased around by the robovac, though. That’s just plain mean! 
Yes, is is a major defect and the company should 'fess up and pay up.
No robovacs in our house, either.
I really hope that people also “join the dots” and realise that the big picture problem goes well beyond vacuum cleaners. Yes, a robot vacuum cleaner allows more fun than the average device but … the market is awash with cute techno gadgets - and occasionally even useful ones - that have faulty security. There is no real standard for tech security and no real remedy for the customer in most cases.
Reminds me of a Big Bang Theory episode where the guys hook up the lights and sound system to the Internet. And then control those from a laptop.
Then enable public access.
Some geeks in China start turning the lights on and off. Then others find the remote control cars and take over.
Now is that what you want with a vacuum cleaner? Seriously?
One need look no farther than the fact that wifi networks have been hacked via ‘smart’ light bulbs … 
The tech seems to be added just because it can be, and without sparing a thought for security, let alone privacy. ‘Connected’ cars being a case in point.
Good example! 
Here’s another good one. I received an email advising that my passport has less than 6 months left (it does) and recommending renewal. I went directly to the gov site (not through any link) and found you could opt for ‘on line’ renewal. Sweet! I filled in all sorts then, right at the end, received this notice :
Before agreeing to these terms and conditions, you must understand that the Australian Passports Act 2005 allows the Department of Foreign Affairs and Trade to collect, use and disclose your personal information for a number of purposes… blah-blah-blah… In addition, the department may use any current and past information provided by you for testing, training, analytics and research purposes and to inform system design. This applies even if you never submit or if you withdraw your application. [emphasis added] If you object to your personal information being used for these other limited purposes, please call the Australian Passport Office Contact Centre (APOCC) on 131 232.
My issues with this are 1) this was NOT mentioned before I started filling in information and 2) it is implied that information already supplied was theirs to use as they saw fit. To add insult to injury, the renewal isn’t actually an online (I was wondering how that would work). It just pre-fills a form you need to print out and sign. I could have done that without signing up.
Yeah, that’s rubbish. You should complain to your local MP. If a company were doing that, the company would rightly be pilloried.
I guess the fun part in that case is that you can fill in a whole load of bogus passport renewal applications and never submit those applications - if they really do hoover up the information even before you submit. 
That might change – at least for new devices, once the government implements this minimum security standard for ‘smart’ devices.
What will be the ‘minimum’ security standards?
The new cyber security act provides for “mandatory security standards” for smart devices. It establishes the legal framework for enforcing these standards, but doesn’t explicitly outline the technical details smart devices must meet. In the past the Department of Home Affairs has suggested that Australia consider adopting an international security standard, such as ETSI EN 303 645.
And while we’re on the subject of security for IoT devices, let’s not forget door access systems.
It’s so convenient to have them accessible via the Internet, isn’t it? For hackers, that is …
This vulnerability was first noticed more than a decade ago. These systems are still being used, and still vulnerable.
Organizations Slow to Protect Doors Against Hackers: Researcher | www.securityweek.com
A significant percentage of organizations whose door access controllers have been analyzed by a cybersecurity researcher have failed to take any action to protect them against hacker attacks.
This is about major flaws in the “Saflok” system used by many hotels etc.
This is a general article about the security or otherwise of smart door locks, and how to reduce the risks if you decide you need such locks.
Just in case you thought what you say to / near your air fryer is between you and the air fryer only …
The organisation tested three air fryers, increasingly a staple of British kitchens, each of which requested permission to record audio on the user’s phone through a connected app.
Smart air fryers allow cooks to schedule their meal to start cooking before they get home. Not all air fryers have such functionality but those that do often use an app installed on a smartphone.
Which? found the app provided by the company Xiaomi connected to trackers for Facebook and a TikTok ad network. The Xiaomi fryer and another by Aigostar sent people’s personal data to servers in China, although this was flagged in the privacy notice, the consumer testing body found.
One thing that has been bugging me lately, tangentially related to the ongoing government mobile phone debacle, is … what happens to your 2FA codes after you terminate a mobile phone service?
There doesn’t seem to be any mechanism to sort this out. You can try to contact those providers whom you remember but you are bound to miss a few. You will also fail with a provider if you don’t want to replace the old mobile phone number with a new one and the provider insists on having a mobile phone number on file.
After that, the next person to have your mobile phone number gets your 2FA codes. If that person happens to be criminal or is tempted into becoming so, it probably wouldn’t be that difficult - based on other random texts that will show up, leaking information about you, plus a plethora of data breaches.
A phone number can go into quarantine but that need not be for very long unless there are specific circumstances under telecommunications regulation, legislation or practice (e.g. disconnected due to nuisance calls).
This is just one reason why I prefer 2FA codes via anything except SMS.
Good choices for 2FA: TOTP on the phone, code received via email, RSA or other hardware token.
