Privacy Roundup: Week 1 of Year 2025: This is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 - 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed. Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories. TABLE OF CONTENTS * Privacy Tools and Services * * Privacy Tools * Vulnerabilities and Malware * * Vulnerabilities * Malware * Service Providers' Privacy Practices * * Negative changes * Legislation/Lawsuits/Regulations * * Lawsuits * Legislation * Data Breaches and Leaks * * Data breaches * Data leaks Privacy Tools and Services Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com Privacy Tools DivestOS, Mull, Mulch, and Hypatia discontinued DivestOS Mobile The developer behind DivestOS (a privacy-oriented Android operating system forked from LineageOS), Mull (a privacy browser for Android), Mulch (security-oriented webview for Android), and Hypatia (an open source virus scanner for Android) has announced these projects will no longer be supported/updated as of December 2024. For years DivestOS was a recommended alternative privacy-oriented Android operating system on avoidthehack. In a future site update, I will regretfully remove it as an official recommendation due to its EOL status. Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users. Vulnerabilities Hackers exploit Four-Faith router flaw to open reverse shells Bleeping Computer Attackers are exploiting an OS command injection vulnerability, tracked as CVE-2024-12856, to open reverse shells, which can be used for further exploitation of… #dataprotection #dataprivacy #privacy
