The Privacy, Security, & OSINT Show – Episode 109

EPISODE 109: Privacy News & Buscador 2.0 Release

This week I talk about the latest privacy news and David Westcott joins me to announce the official release of the free Buscador OSINT Virtual Machine.

SHOW NOTES:

SPONSORS:

Silent Pocket: https://silent-pocket.com/discount/totalprivacy
Authentic8: https://info.authentic8.com/

PRIVACY/SECURITY:

Latest Breach Discussion:
https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/

Chrome Proposes to Eliminate Script Blockers:
https://www.theregister.co.uk/2019/01/22/google_chrome_browser_ad_content_block_change/

Archive.org Ignoring Robots.txt:

User-agent:ia_archiver
Disallow: /
User-agent: archive.org_bot
Disallow: /

MyLife Removal Update:
https://www.bbb.org/consumer-complaints/file-a-complaint/get-started

"Dumb" Blu Ray Players:
Magnavox 4K blu day player

A.I. is Now Watching Us:
https://www.cbsnews.com/news/60-minutes-ai-facial-and-emotional-recognition-how-one-man-is-advancing-artificial-intelligence/

China Crowdsourcing Debt Shaming:
https://www.dailymail.co.uk/news/article-6620879/China-launches-app-tells-500-yards-debt.html?ito=social-facebook

OSINT:  Buscador 2.0 Release:

David Westcott:
https://twitter.com/ninjininji

Buscador 2.0:
https://inteltechniques.com/buscador/index.html

LISTENER QUESTIONS:

Q: When I was in grade school, my parents signed a release allowing the school to publish my full name, school assignments/awards, and picture on their website. Since then, the websites been archived and cannot be removed. Besides that, the school says they wouldn’t remove it anyway since they have a valid release signed. Now, when I search my true name, pictures of me and the school I went to and my hometown and old friends and such are all readily available. Is this something I should be concerned about? Is there anything that can be done to remove it or bury it under disinformation or something?

Q: I've been using Lastpass for a few years and have recently started looking into non-cloud options like KeePassXC. I just came across a few services, like LessPass, MasterPassword, and getVau.lt, which take contextual data like the site and your login ID along with a master password to calculate passwords for services. Because of this there is no need to store passwords and you can even generate a password directly from the websites by entering the site, login, and your master password. What are your thoughts on something like this?

Data Removal Workbook:
https://inteltechniques.com/data/workbook.pdf

Please submit your listener questions at https://inteltechniques.com/podcast.html