Android 17 Is Looking Great for Privacy & Security
Our top stories this week:
- Google has announced Android 17 which features improvements to privacy and security
- Signal adds security warnings for social engineering, and phishing attacks
- A zero-day in Windows BitLocker allows access to encrypted drives
- Google's new reCAPTCHA requires 'approved' phones locking out alternative privacy focused phone operating systems
- The Canadian government has proposed Bill C-22 a sweeping surveillance proposal that would force the collection of Canadians' private data on every digital service they use
TWIP Live 🔴
Updates from the Team
How To Run A Signal Proxy
This week we finally publicly released our video about how to setup a Signal Proxy, we hope this resource will allow for more people to setup a Signal Proxy and allow for more people to access Signal in countries that censor access to the platform.
Early Access: Naomi Brockwell Interview
This week we've been working on an interview with Naomi Brockwell, Privacy Guides members will have early access to this interview where we dive deep into Naomi's work on the Surveillance Accountability Act.
Bonus Content: Naomi Brockwell Interview
We also asked Naomi some extra questions that were less focused on privacy, if you're a Privacy Guides member you'll also have access to the bonus content that we couldn't include in the main interview video!
News
Jonah Aragon
Sources
Android 17
This week Google hosted the Android Show (Google I/O edition) and during the event they announced many new privacy and security upgrades coming to the next version of Android. While it mainly focused on Gemini and AI features, there was a section that included new privacy and security features such as:
- Automatic financial scam call detection which automatically verifies the number is actually the one from the financial institution
- Expansion and additional protections included in Advanced Protection mode
- Live Threat Detection which monitors for stalkerware which automatically analyses apps for potential risk
Eugene Liderman
Bill Toulas
Signal anti-phishing protections
Signal has introduced additional safeguards to protect users against phishing attacks, this is where an attacker disguises themselves as a trustworthy actor to exfiltrate information. This change comes after attacks targeting high profile users have escalated, attackers have been disguising themselves as "Signal Support". This change displays additional warnings when users accept chats from new users, forcing them to think twice about if the sender is legitimate.
Bill Toulas
A windows BitLocker zero-day allows for accessing encrypted drives.
BitLocker, the tool that Microsoft Windows uses for encrypting drives has been shown to be exploitable by a cyber security researcher. The exploit uses two unpatched vulnerabilities to allow for the bypass of BitLocker. Check out the write up by Bleeping Computer for the full details.
Bill Toulas
Google's new reCAPTCHA requires an 'approved' device, could lock out privacy focused devices.
Google has been introducing additional challenges in it's reCAPTCHA service to fight against AI scraping and bots, one of the new challenges requires users to scan a QR code on their mobile device. However this process can only be completed on 'approved' devices and as such GrapheneOS devices can't complete the challenge. This is due to the captcha requiring hardware attestation that is approved by Google or Apple, which GrapheneOS is not.
https://cybernews.com/privacy/google-qr-code-recaptcha-requires-approved-phone
Canada's New Sweeping Surveillance Proposal: Bill C-22
It's time for privacy activists in Canada to get to work, Bill C-22 is a new proposal that will force data collection for every service and device that Canadians use. The main purpose of the bill is to allow for lawful access by the Canadian government, this means that electronic service providers would have to maintain the technical ability to allow for government access to private communications and data. This would effectively build a backdoor that the government but also any other bad actor could exploit.
OpenMedia has started a campaign against this proposal, they have a form which Canadians can fill out to contact their elected representatives. OpenMedia has been very successful at getting the Canadian Government to withdraw previous surveillance bills, we urge any Canadian members of our community to make their opposition to Bill C-22 known to their representatives.
English
French
Forum Updates
jonah