![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
james_davis_nicoll
![[syndicated profile]](https://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
twocents_feedIf you use WhatsApp, you may be targeted by scammers looking to take over your account by pairing their browser to your number. This scheme, dubbed GhostPairing by researchers, uses WhatsApp's device linking process to allow fraudsters to access all of your messages, impersonate you in chats, and perpetuate the scam to your contacts. Here's how threat actors are hijacking WhatsApp accounts—and how to defend yours.
WhatsApp allows users to link their desktop or browser to their account without needing to enter login credentials in one of two ways: scanning a QR code and approving the session or confirming a numeric pairing code in the mobile app. While the GhostPairing scam could theoretically manipulate users in either approach, researchers found that the latter is much more common.
The fraud begins with a short message sent from a contact with a link that purportedly goes to a Facebook photo or some type of Facebook content. If you click through, you'll be directed to a spoofed Facebook login page to enter your phone number—a familiar confirmation flow for Meta platforms. The next screen will likely show a numeric code with instructions to enter said code into WhatsApp to confirm the login (again, this may feel like a familiar two-step verification). If you're not paying attention, you may not realize that this didn't do anything on your end but instead registered the attacker's browser as a linked device to your account.
The danger in this scam is that everything will seem normal on your device and in your account, as attackers haven't hijacked your credentials to lock you out. However, they can do anything and everything in WhatsApp that you can, such as reading chats, receiving messages, viewing and downloading media, collecting information from your contacts, and forwarding the same phishing link. As they learn more about you and the people you know, they can potentially use that for ongoing scams.
As always, be wary of links received via messaging platforms, even if they seem harmless or you think you know and can trust the sender. Threat actors frequently use social media and direct messaging to spread phishing lures. If you do click a link in WhatsApp (or any other communication), read all prompts carefully before providing or verifying any information to identify scams.
To protect your WhatsApp account specifically, you can set up two-step verification, which will also prevent attackers from adding or changing a connected email address. Go to Settings > Account > Two-step verification > Turn on or Set up PIN and add an email address when prompted. You can also check to see if there are any suspicious devices paired with your account under Settings > Linked devices and remove any you don't recognize or regularly use.
Finally, if you have been targeted by this scam, let your WhatsApp contacts know, as threat actors may spread the malicious link by making it look like it came from you.
snickfic posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
yuletidebbcnewsworld_feedbbcnewsworld_feedbbcnewsworld_feedtwocents_feedWe may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.
When it comes to buying the best headphones at the best price, the Bose QuietComfort Ultra is at the top of the list for active noise-cancelling (ANC) right now, while also excelling in other important categories. Right now, the Bose QuietComfort Ultras (in the "deep plum" color) are $269.99 (originally $429), a record-low price according to price-tracking tools. The other colors are also discounted but not quite as steeply—for example, you can get "white smoke" for $299 or "Lunar Blue" for $349.
Few other brands can compete with Bose's QuietComfort Ultra lineup when it comes to ANC. Apart from the headphone model, they also make some of the best ANC earbuds, both using the same tech. PCMag's "outstanding" review goes into detail on how the headphones do the best job at dialing back low-frequency rumbles, as well as lows and mids.
Despite those plaudits, they're not perfect: Some high-frequency sounds still make it through the ANC technology (that's the case for all ANC headphones, though). But these headphones performed better at ANC than their other two main competitors at the time of their respective release, Apple AirPods Max and the Sony WH-1000XM5. Of course, the new Sony WH-1000XM6 has new ANC technology that outshines the QuietComfort Ultra, but you'd be paying a premium for those.
The Bose QuietComfort Ultra headphones launched in the fall of 2023 with many reviewers praising their overall quality, but earning complaints for their pricing, at almost half a grand. At their current discounted price, there is no better value for your money if you value top-tier ANC. Another great feature of the headphones is their transparency mode, meant to be used to allow you to better hear your surroundings (cars, bikes, or people around you) while wearing them.
You can expect about 24 hours of juice with a full charge, or about 18 hours if you're using ANC. The accompanying app has a well-designed, customizable EQ.
mrs_redboots posting in yuletidejesse_the_kSince we met in 1977, MyGuy has always eaten the spongy white stuff which dwells between an orange and its skin (whether he picks it off the whole peeled orange or nibbles it away from the cut-open peel).
Yesterday I tried it. It's delicious! Michigan State University claims it also has as much vitamin C as the fruit.
What else am I missing?
kareila
twocents_feedOne of the most annoying restrictions in Gmail is that, once you've picked an email address, you're stuck with it. There are exceptions for third-party addresses, like work emails tied to a company's domain, but for the typical @gmail.com account, no dice. Personally, I've had a number of loyalty programs and store accounts tied to an embarrassingly edgy email from high school for decades now, but finally, it seems like I'll be able to change it.
A recently updated Google support page says the company is now "gradually rolling out" the ability to change your Gmail address, with some limitations. Oddly, the page is only available in Hindi for the moment, so I've reached out to Google for clarification about where and when the feature will be available and will update when I hear back. Still, the support page does say (through a machine translation) that the feature's coming "to all users," which implies it'll see a global release at some point.
For good measure, I checked if I could change any of my personal gmail addresses, but no luck. But once the feature rolls out to you, here's how you'll be able to do it.
On a computer or mobile device, navigate to myaccount.google.com/google-account-email.
At the top of the page, click or tap "Personal Information." On mobile, this may show up as "Personal Info."
Click or Tap on "Google Account Email."
From there, click or tap on "Change Your Google Account Email Address" and enter your updated email address.
Note that these instructions were filtered through a machine translation, so exact wording may differ depending on region. I'll update with official English instructions when available, but the process does seem simple enough.
There are a couple of wrinkles, however. The big one is that emails sent to your old address will still be sent to your new one, and that your old email may still show up instead of your new one in some cases, like on Calendar events created before you changed your address. That's because your former name will be listed as an alias for the account, rather than deleted. That could be a pain if you're trying to leave old contacts behind, but it'll also ensure important contacts don't get lost in the shuffle, and it'll keep anyone else from registering a new account with that email address. You'll also still be able to use your old gmail address to sign into any accounts associated with it, and regardless of which name you sign in with, you'll still have access to all of your messages, photos, and other files.
You can also revert to your old address at any time, but as for changing it to a new address, you can only do it once a year, and only three times total. So no changing it to a wacky new address every Halloween and then back to normal come November.
Still, it should be a major quality-of-life upgrade, and should help Google's email service better catch up to more permissive email providers like Proton. No more sounding like an edgelord every time I talk to the checkout clerk at Sephora.
verushka70 posting in ds_noticeboard
twocents_feedWe may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.
Most outdoor speakers claim they can handle water. The Soundcore Boom 3i goes further: it's fully waterproof and dustproof with an IP68 rating, but it also resists saltwater, which is still rare at this size and price. That matters if your weekends involve beaches, boats, or the ocean rather than a backyard patio. Also, it floats, and more importantly, it does so facing upward, which keeps the drivers out of the water and the sound clear. That one detail makes a real difference when waves or movement would normally flip a speaker onto its side. The Boom 3i usually sells for $129.99, but it’s currently down to $79.99, its lowest price so far, according to price trackers.
It weighs a little over three pounds and comes with a shoulder strap, so carrying it to a beach or campsite doesn’t feel like a chore. And pushing up to 50 watts, the Boom 3i is loud enough to cover a small gathering of about eight people without sounding strained.
The sound quality is solid but not dramatic. You get punchy mid-bass and a warm tone, but very little deep bass, which is expected from a compact, front-facing speaker. There’s a BassUp button on top if you want more low-end emphasis, and the Soundcore app includes a nine-band equalizer for finer tuning. Battery life sits around 15 to 16 hours at moderate volume, and you can keep listening while charging over USB-C.
The Boom 3i’s interesting extras include a Buzz Clean mode, which plays a low-frequency tone to shake sand and grit out of the speaker after a beach day. It works surprisingly well, though you may still need to rinse or shake it afterward. Plus, there’s an emergency alarm and voice amplifier built in, which could be useful for kayaking or group outings, even if they’re not things you’ll use often. On the downside, the speaker reportedly down-mixes stereo audio to mono unless you pair it with a second unit, and the app doesn’t show an exact battery percentage.
All said, this isn’t the speaker for indoor listening or detailed sound. It’s for water-heavy trips where durability matters more than finesse. At this price, it’s a strong option for that specific use case.
eff_feedIt's no secret that digital surveillance and other tech-enabled oppressions are acute dangers for liberation movement workers. The rising tides of tech-fueled authoritarianism and hyper-surveillance are universal themes across the various threat models we consider. EFF's Surveillance Self-Defense project is a vital antidote to these threats, but it's not all we do to help others address these concerns. Our team often receives questions, requests for security trainings, presentations on our research, and asks for general OPSEC (operations security, or, the process of applying digital privacy and information security strategies to a current workflow or process) advising. This year stood out for the sheer number and urgency of requests we fielded.
Combining efforts across our Public Interest Technology and Activism teams, we consulted with an estimated 66 groups and organizations, with at least 2000 participants attending those sessions. These engagements typically look like OPSEC advising and training, usually merging aspects of threat modeling, cybersecurity 101, secure communications practices, doxxing self-defense, and more. The groups we work with are often focused on issue-spaces that are particularly embattled at the current moment, such as abortion access, advocacy for transgender rights, and climate justice.
Our ability to offer realistic and community-focused OPSEC advice for these liberation movement workers is something we take great pride in. These groups are often under-resourced and unable to afford typical infosec consulting. Even if they could, traditional information security firms are designed to protect corporate infrastructure, not grassroots activism. Offering this assistance also allows us to stress-test the advice given in the aforementioned Surveillance Self-Defense project with real-world experience and update it when necessary. What we learn from these sessions also informs our blog posts, such as this piece on strategies for overcoming tech-enabled violence for transgender people, and this one surveying the landscape of digital threats in the abortion access movement post-Roe.
There is still much to be done. Maintaining effective privacy and security within one's work is an ongoing process. We are grateful to be included in the OPSEC process planning for so many other human-rights defenders and activists, and we look forward to continuing this work in the coming years.
This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2025.
eff_feedEFF’s attorneys, activists, and technologists don’t just do the hard, endless work of defending our digital civil liberties — they also spend a lot of time and effort explaining that work to the public via media interviews.
EFF had thousands of media mentions in 2025, from the smallest hyperlocal outlets to international news behemoths. Our work on street-level surveillance — the technology that police use to spy on our communities — generated a great deal of press attention, particularly regarding automated license plate readers (ALPRs). But we also got a lot of ink and airtime for our three lawsuits against the federal government: one challenging the U.S. Office of Personnel Management's illegal data sharing, a second challenging the State Department's unconstitutional "catch and revoke" program, and the third demanding that the departments of State and Justice reveal what pressure they put on app stores to remove ICE-tracking apps.
Other hot media topics included how travelers can protect themselves against searches of their devices, how protestors can protect themselves from surveillance, and the misguided age-verification laws that are proliferating across the nation and around the world, which are an attack on privacy and free expression.
On national television, Matthew Guariglia spoke with NBC Nightly News to discuss how more and more police agencies are using private doorbell cameras to surveil neighborhoods. Tori Noble spoke with ABC’s Good Morning America about the dangers of digital price tags, as well as with ABC News Live Prime about privacy concerns over OpenAI’s new web browser.
In a sampling of mainstream national media, EFF was cited 33 times by the Washington Post, 16 times by CNN, 13 times by USA Today, 12 times by the Associated Press, 11 times by NBC News, 11 times by the New York Times, 10 times by Reuters, and eight times by National Public Radio. Among tech and legal media, EFF was cited 74 times by Privacy Daily, 35 times by The Verge, 32 times by 404 Media, 32 times by The Register, 26 times by Ars Technica, 25 times by WIRED, 21 times by Law360, 21 times by TechCrunch, 20 times by Gizmodo, and 14 times by Bloomberg Law.
Abroad, EFF was cited in coverage by media outlets in nations including Australia, Bangladesh, Belgium, Canada, Colombia, El Salvador, France, Germany, India, Ireland, New Zealand, Palestine, the Philippines, Slovakia, South Africa, Spain, Trinidad and Tobago, the United Arab Emirates, and the United Kingdom.
EFF staffers spoke to the masses in their own words via op-eds such as:
And we ruled the airwaves on podcasts including:
We're grateful to all the intrepid journalists who keep doing the hard work of reporting accurately on tech and privacy policy, and we encourage them to keep reaching out to us at press@eff.org.
This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2025.
eff_feedDrone as first responder (DFR) adoption really took off in 2025. Though the concept has been around since 2018, this year saw more normalization of the technology, its integration into more real-time crime center structures, and the implementation of automated deployment of drones.
A DFR program features a fleet of camera-equipped drones, which can range from just a couple to dozens or more. These are deployed from a launch pad in response to 911 calls and other calls for service, sometimes operated by a drone pilot or, increasingly, autonomously directed to the call location. The appeal is the promise of increased “situational awareness” for officers headed to a call. This video offers a short explanation of DFR, and for a list of all of the cities we know use drones, including DFR programs, check out EFF’s Atlas of Surveillance.
In order to deploy a drone beyond where it can be seen, operators need to receive a waiver from the Federal Aviation Administration (FAA), and all DFR programs require this. Police departments and technology vendors have complained that the process takes too long, and in May, FAA finalized reworked requirements, leading to a flood of waiver requests. An FAA spokesperson reported that in the first two months of the new waiver process, it had approved 410 such waivers, already accounting for almost a third of the approximately 1,400 DFR waivers that had ever been granted.
The federal government made other major moves on the drone front this year. A month after the new waivers went to effect, President Trump issued an Executive Order with aspirations for advancing the country’s drone industry. And at the end of the year, one of the largest drone manufacturers in the world and one of the biggest purveyors of law enforcement drones, DJI, will be banned from launching new products in the U.S. unless the federal government conducts a security audit that was mandated by the National Defense Authorization Act. However, at the moment, it doesn’t seem like that audit will happen, and if it doesn’t, it won’t be surprising to see other drone manufacturers leveraging the ban to boost their own products.
Early iterations of drone use required a human operator, but this year, police drone companies began releasing automated flying machines that don’t require much human intervention at all. New models can rely on AI and automated directions to launch and direct a drone.
This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2025.
This was the year we saw DFR integrated with other tools and tech companies teamed up to bring even more powerful surveillance. Flock Safety added automated license plate readers (ALPR) to their drones. Axon and Skydio built on the partnership they launched in 2024. Drone manufacturer Brinc teamed up with Motorola Solutions on a DFR program. Drone company Paladin teamed up with a company called SkyeBrowse to add 3-D mapping of the environment to their list of features.
DFR also is increasingly part of the police plans for real-time crime centers, meaning that the footage being captured by these flying cameras is being integrated into other streams and analyzed in ways that we’re still learning about.
Transparency around adoption, use, and oversight is always crucial, particularly when it comes to police surveillance, and EFF has been tracking the growth of DFR programs across the country. We encourage you to use your local public records laws to investigate them further. Examples of the kinds of requests and the responsive documents people have already received — including flight logs, policies, and other information — can be found on MuckRock.
Flying cameras are bad enough. They can see and record footage from a special vantage point, capturing video of your home, your backyard, and your movements that should require clear policies around retention, audits, and use, including when the cameras shouldn’t be recording. We’re also seeing that additional camera analysis and other physical features that can be added (so-called “payloads”) — like thermal cameras and even tear gas — can make drones even more powerful and that police technology companies are encouraging DFR as part of surveillance packages.
It's important that next year we all advocate for, and enforce, standards in adopting and using these DFRs. Check the Atlas to see if they are used where you live and learn more about drones and other surveillance tools on EFF’s Street-Level Surveillance Hub.
This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2025.
twocents_feedYou can customize more on your Mac than you might have realized, and that extends to the file management software you use to browse around your system. Take, for example, Finder: There are a good number of alternatives around that bring with them extra features and different layouts.
I've been testing out three of the most well-known and highly rated alternatives to Finder to see what I might be missing. Each one has its own appeal, but the third in the list here is so good that I might switch to it permanently for all my file and folder needs on macOS.
As soon as you load up Commander One, you'll notice it has a busier interface than Finder, which may or may not suit you, depending on your attitude toward minimalism. Its layout is based around a dual-pane interface, and you can customize it in a variety of ways—even down to the fonts and colors used, if you want something bespoke.
The software starts to show its potential when you move from just looking at your files and folders to actually doing something with them. You're able to rename files when copying and moving them; you get a dedicated file operations queue; and you can run complex searches through your system using regular expressions, too.
I like the quick toggle switches for seeing hidden files and for previewing files without any additional apps, and connecting up to network locations and cloud storage is straightforward. There's even an integrated Terminal for you to make use of. It's handy having shortcut keys on show in the interface as well, and you can customize these as needed if you don't like the defaults.
There's certainly a lot going on, and while the interface takes a little bit of getting used to, that's to be expected—and it doesn't take long to learn what's what. The Pro version of the software comes with extra features, including layout themes, and integrations for FTP, Google Drive, and Dropbox: That's yours for a one-off fee of $29.99.
QSpace Pro is the best Finder alternative I tested in terms of the interface customizations you get access to: You can tailor to a fine level of detail, though the default look isn't all that different from Finder. You can have up to four different system locations on view at once, with the panels arranged in a variety of different ways, and jumping between these layouts is easily done.
After a short while using QSpace Pro I definitely felt I was better able to get around my Mac more efficiently, and when you've got a lot to do on your system, that really helps. Copying, moving, searching, deleting, tagging, and previewing is all intuitively and simply done, and you can easily hide parts of the interface if you know you won't need them.
The wealth of settings available in QSpace Pro is a testament to how much you can do with this: Keyboard shortcuts, the context menu, new file creation, batch operations, folder syncing, iCloud links, and app launching can all be customized, and those are just some of the options available. It's like Finder, but with a lot more going on.
QSpace Pro isn't free, however: Its features cost a one-off fee of $27.99 via the Mac App Store (or $29.99 via a direct download), though at the time of writing, those prices are down to $12.99 and $13.99, respectively. If you go through the QSpace Pro website, you can test the software out for 30 days for free before buying.
Path Finder is one of the Finder alternatives that's been around the longest, and I think it's the one I'm actually going to switch to permanently. It's absolutely packed with features and options to play around with, and if you spend a little time getting it set up the way you want it, it should seriously speed up all your file operations.
There are a choice of different layouts to pick from, including a dual-pane layout that makes moving and copying more straightforward, and I very much appreciate the "stacking" approach that lets you pile up several files and folders in a temporary holding pane first, before you do anything with them.
Batch file operations are supported, as are synced folders, so you can merge and compare two folders on your system as required. There's also extensive use of bookmarks and tab presets, so that you can quickly jump to the places on your Mac system that you need to visit the most—something that isn't always simple to do in Finder.
The visual representations of how much space files and folders are taking up on disk is very handy, and so is the Dropbox integration (with Dropbox being my go-to cloud storage option). Admittedly it's not the most visually appealing of the software packages listed here, but that's not necessarily the most important thing in a file manager, and it adds all the features I didn't know I'd been missing from Finder.
Path Finder is $29.99 for the year, but there's a 30-day trial available.
universal_hub_feedAt 10:45 a.m., the MBTA reported delays of up to 30 minutes on the C Line due to "an issue with the overhead wire" at Cleveland Circle and urged riders between the circle and Dean Road to hoof it over to the D Line to get anywhere.
The issue might have stemmed from the "disabled train" the T had reported ten minutes earlier at Cleveland Circle - one of the pantographs on an inbound train broke.
james_davis_nicoll - Bundle of Holding: The Burning Wheeltwocents_feed - 'GhostPairing' Attacks Are Taking Over WhatsApp Accountssnickfic in yuletide - Yuletide recs (part 2)bbcnewsworld_feed - Ukraine denies drone attack on Putin's residencebbcnewsworld_feed - US pledges $2bn for humanitarian aid, but tells UN 'adapt or die'bbcnewsworld_feed - China holds military drills around Taiwan as warning to 'separatist forces'twocents_feed - My Favorite Amazon Deal of the Day: The Bose QuietComfort Ultra Headphonesmrs_redboots in yuletide - 8 recs in 7 fandomsprincessofgeeks - Heated Rivalry E1jesse_the_k - Pithy Realizationkareila - one last post before the new yeartwocents_feed - You Might Soon Be Able to Change Your Gmail Addressdine - Music Mondayverushka70 in ds_noticeboard - Mountie art link from Regina Keim posted to dS Trading Post FB grouptwocents_feed - This Soundcore Saltwater-Resistant Speaker Is $50 Off Right Noweff_feed - Operations Security (OPSEC) Trainings: 2025 in Revieweff_feed - EFF in the Press: 2025 in Revieweff_feed - Drone as First Responder Programs: 2025 in Reviewtwocents_feed - I Tested Three macOS Finder Alternatives, and This Is the Best Oneuniversal_hub_feed - C Line sitch is dire, due to a broken wire
