This is pretty scary: > Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, > Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), Meta AI. > > For each platform, the extension includes a dedicated “executor” script > designed to intercept and capture conversations. The harvesting is enabled by > default through hardcoded flags in the extension’s configuration. > > There is no user-facing toggle to disable this. The only way to stop the data > collection is to uninstall the extension entirely. > > […] > > The data collection operates independently of the VPN functionality. Whether > the VPN is connected or not, the harvesting runs continuously in the > background...

Here’s the summary: > We pointed a commercial-off-the-shelf satellite dish at the sky and carried > out the most comprehensive public study to date of geostationary satellite > communication. A shockingly large amount of sensitive traffic is being > broadcast unencrypted, including critical infrastructure, internal corporate > and government communications, private citizens’ voice calls and SMS, and > consumer Internet traffic from in-flight wifi and mobile networks. This data > can be passively observed by anyone with a few hundred dollars of > consumer-grade hardware. There are thousands of geostationary satellite > transponders globally, and data from a single transponder may be visible from > an area as large as 40% of the surface of the earth...

Researchers have managed to eavesdrop on cell phone voice conversations by using radar to detect vibrations. It’s more a proof of concept than anything else. The radar detector is only ten feet away, the setup is stylized, and accuracy is poor. But it’s a start.

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: > In other words, while the legally-mandated CALEA capability requirements have > changed little over the last three decades, the infrastructure that must > implement and protect it has changed radically. This has greatly expanded the > “attack surface” that must be defended to prevent unauthorized wiretaps, > especially at scale. The job of the illegal eavesdropper has gotten > significantly easier, with many more options and opportunities for them to > exploit. Compromising our telecommunications infrastructure is now little > different from performing any other kind of computer intrusion or data breach, > a well-known and endemic cybersecurity problem. To put it bluntly, something > like Salt Typhoon was inevitable, and will likely happen again unless > significant changes are made...