Hasta La Gadget!

How many times have you experienced this scenario? You go shopping online for a new shirt, speaker or other item. You click on the same one a few times and then decide against it. Suddenly every website you visit has an ad featuring that item, imploring you to reconsider. In an effort to create greater privacy online, Mozilla is now rolling out Total Cookie Protection (TCP) as the default setting on the Firefox app for Android after initially making it available for Firefox users on Windows, Mac, and Linux. 

So, what does TCP do? TCP ensures that your cookies aren’t being shared across sites. Typically, third-party cookies collect information about you from across the internet to build your virtual identity. Data brokers then sell your information to businesses that will provide you with targeted ads.

Instead, with TCP, the cookies you create while browsing only belong to the site you’re on. This feature limits companies from learning any information you enter or behavior you exhibit anywhere else on the internet. So, a store may know you looked for a blue laptop case in their online shop, but they won’t know you also searched for size 11 shoes in another one. 

As part of today’s Android update, Mozilla says it’s also promoting its Firefox Relay protection to become a dedicated part of the app. Relay, which initially launched as an addon and provides users with email and phone number masks for online signups, comes with a limited free tier but requires a subscription to get the most from the service.

This article originally appeared on Engadget at https://www.engadget.com/mozilla-cookie-protection-tool-firefox-android-130003579.html?src=rss

Evidence of Silicon Valley Bank’s “wokeness” remains thin as the GOP tries to ignore the role of deregulation in the bank’s failure.

In 30 minutes or less, TikToker and Chicago-based server Kristen Sotakoun can probably find your birth date. She’s not a cybersecurity expert, despite what some of her followers suspect, but has found a hobby in what she calls “consensual doxxing.”

“My first thing is to be entertaining. My second thing is to show you cracks in your social media, which was the totally accidental thing that I became on TikTok,” Sotakoun, who goes by @notkahnjunior, told me.

It’s not quite doxxing, which usually refers to making private information publicly available with malicious intent. Instead, it’s known in the cybersecurity field as open-source intelligence, or OSINT. People unknowingly spell out private details about their lives as a bread crumb trail across social media platforms that, when gathered together, paint a picture of their age, families, embarrassing childhood memories and more. In malicious cases, hackers gather information based on what you or your loved ones have published on the web to get into your accounts, commit fraud, or even socially engineer a user to fall for a scam.

Sotakoun mostly just tracks down an anonymous volunteer’s birth date. She doesn’t have malicious intent or interest in a security career, she said she just likes to solve logic puzzles. Before TikTok, that was spending a ride home from a friend’s birthday dinner at Medieval Times discovering the day job of their “knight.” Sotakoun just happened to eventually go viral for her skills.

So, to show me her process, I let Sotakoun “consensually doxx” me. She found my Twitter pretty quickly, but because I keep it pretty locked down, it wasn’t super helpful. Information in author bios from my past jobs, however, helped her figure out where I went to college.

My name plus where I studied led her to my Facebook account, another profile that didn’t reveal much. It did, however, lead her to my sister, who had commented on my cover photo nine years ago. She figured out it was my sister because we shared a last name, and we’re listed as sisters on her Facebook. That’s important to note because I don’t actually share a last name with most of my other siblings, which could’ve been an additional roadblock.

My sister and I have pretty common names though, so Sotakoun also found my stepmom on my sister’s profile. By searching my stepmom’s much more unique name on Instagram, it helped lead Sotakoun to mine and my sister’s Instagram accounts, as opposed to one of the many other Malones online.

Still, my Instagram account is private. So, it was my sister’s Instagram account – that she took off “private” for a Wawa giveaway that ultimately won her a t-shirt – featuring years-old birthday posts that led Sotakoun to the day I was born. That took a ton of scrolling and, to correct for the fact that a birthday post could come a day late or early, Sotakoun relied on the fact that my sister once shared that my birthday coincided with World Penguin Day, April 25.

Then, to find the year, she cross-referenced the year I started college, which was 2016 according to my public LinkedIn, with information in my high school newspaper. My senior year of high school, I won a scholarship only available to seniors, Sotakoun discovered, revealing that I graduated high school in 2016. From there, she counted back 18 years, and told me that I was born on April 25, 1998. She was right.

“My goal is always to find context clues, or find people who care less about their online presence than you do,” Sotakoun said.

Many people will push back on the idea that having personal information online is harmful, according to Matt Edmondson, an OSINT instructor at cybersecurity training organization SANS Institute. While there are obvious repercussions to having your social security number blasted online, people may wonder what the harm is in seemingly trivial information like having your pet’s name easily available on social media. But if that also happens to be the answer to a security question, an attacker may be able to use that to get into your Twitter account or email.

In my case, I’ve always carefully tailored my digital footprint to keep my information hidden. My accounts are private and I don’t share a lot of personal information. Still, Sotakoun’s OSINT methods found plenty to work with.

Facebook and Instagram are Sotakoun’s biggest help for finding information, but she said she has also used Twitter, and even Venmo to confirm relationships. She specifically avoids resources like records databases that could easily give away information.

That means that there’s still a lot of data out there on each of us that Sotakoun isn’t looking for. Especially if you’re in the US, data like your date of birth, home address and more are likely already out there in some form, according to Steven Harris, an OSINT specialist that teaches at SANS.

“Once the data is out there, it’s very hard to take back,” Harris said. “What protects people is not that the information is securely locked away, it’s that most people don’t have the knowledge or inclination to go and find out.”

There are simple things you can do to keep attackers from using these details against you. Complex passwords and multi-factor authentication make it harder for unauthorized users to get into your account, even if they know the answers to your security questions.

That gets a bit more complicated, though, when we think about how much our friends and family post for us. In fact, Sotakoun said she noticed that even if a person takes many measures to hide themselves online, the lack of control over their social circle can help her discover their birth date.

“You have basically no control on your immediate social circle, or even your slightly extended social circle and how they present themselves online,” she said.

This article originally appeared on Engadget at https://www.engadget.com/it-took-a-tiktoker-barely-30-minutes-to-doxx-me-120022880.html?src=rss

So this is apparently what the Google Pixel 7a will look like. Vietnamese website Zing News (via The Verge) has shared photos of what it says is a prototype of the upcoming midrange phone that programmers were using as a test device. After its owner leaked photos of it online, Google reportedly locked the phone remotely, but not before they were able to check that it was running Android 13 and had a 90 Hz screen option in the Settings app. They were also able to confirm that the device has 8 GB of RAM and 128GB of internal storage.

As you can see, the phone comes with a camera bar like its predecessors, but it’s metal with a matte finish unlike the Pixel 6a’s glass bar and the Pixel 7’s polished aluminum one. It seems to have two 12-megapixel cameras — one standard and one super wide angle — like the Pixel 6a, as well.

The case itself is composed of two glass sides with a metal frame that has cutouts for the speakers and the USB-C charging port at the bottom. Along its edges, there’s a slot for the SIM tray that can accommodate a single physical SIM card. The owner, who reportedly purchased the device from an acquaintance, wasn’t able to confirm whether it has eSIM support. On the front with with its screen switched on, it’s easy to see that it still has the 6a’s thick bezel and a rather large front cam cutout. 

These new images and details confirm information from previous leaks, which included renders that showed a phone that looks similar to the Pixel 6a. Older photos also showed a device with a “Smooth Display” capability, allowing users to adjust its refresh rate from 60Hz to 90Hz, which is a first for the A-series line.

Google has yet to announce the Pixel 7a, but it has historically introduced its Pixel A devices at its annual I/O event. This year, the keynote for the developer conference will take place on May 10th. 

This article originally appeared on Engadget at https://www.engadget.com/google-upcoming-pixel-7a-vietnam-110549442.html?src=rss

With its durable design and high-end features, the Apple Watch Ultra is is one of the best wearables for sports and outdoors enthusiasts — but at $800, it’s not cheap. If you’ve been waiting for a deal, it’s now on sale at Amazon for just $730 with an instant rebate, or $70 (9 percent) off, matching the best deal we’ve seen to date. 

The Apple Watch Ultra is truly built for outdoor activity. It offers refined navigation and compass-based features, like the ability to set waypoints and ability to retrace your steps if you get lost. For scuba enthusiasts and others, there’s a depth gauge and dive computer too. As such, it’s the ideal wearable for hikers and divers.

Other features are geared toward endurance athletes, like the accurate route tracking and pace calculations that make use of a dual-frequency GPS. And Apple still includes the health features found in other Watch models too, like sleep tracking, temperature sensing and electrocardiogram readings, along with messaging, audio playback and Apple Pay. It offers a stellar 36 hours of battery life as well and up to 60 hours in low-power mode.

On the downside, the Apple Watch Ultra has a chunky (though rugged) case that you may not find comfortable to wear to bed. Moreover, the positioning of the action button is a little awkward, because it’s right where many people will go to steady the Apple Watch Ultra with one finger while they press the digital crown or side button. Still, it garnered an excellent score of 85 in our review.

That $730 sum is still a lot, but Amazon has some other deals too. If you need a solid smartwatch that’s only missing a few features, the Watch SE is still on sale at an all-time low price of $219. Plus, Apple’s mainstream Watch Series 8 continues to have a nice 18 percent discount, letting you pick one up for $329. 

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.

This article originally appeared on Engadget at https://www.engadget.com/the-apple-watch-ultra-is-70-off-right-now-095545262.html?src=rss