The year that brought out the best and worst in technology

And in every crisis lies opportunity

author image
Dec 4, 2020

Welcome to the 12th edition of the CurePrivacy newsletter (and the first edition on the new domain 😎)

The past year was a real "stress-tester" for technology and our interaction with it. Sadly, it took a global pandemic to highlight the fact that the increasing power and influence of big tech companies is a threat to society, that social media is doing the world more harm than good, and online privacy is more important than ever.

Thanks to the huge work-from-home push in the early pandemic days, the surveillance economy boomed (for the wrong reasons). A lot of companies capitalized on the insecurities of employers and at the expense of employees.

But, there were also positive events. The antitrust hearings (in the US) took place and the US government is finally taking Google to court. It will be interesting to see what happens with this case in the coming year.

One company that experienced severe stress-testing this year is Zoom. But, their flaws also present opportunities to other companies looking to improve the security and privacy of video conferencing software.

As the year draws to an end it's clear that the pandemic brought out the best and worst that the tech world has to offer. When you reflect on the year, spare a thought for the companies that, despite the pandemic and other challenges, kept delivering solid products and great service (they are often forgotten).

In this final edition of 2020 you will find software products that tackle security and privacy issues as well as news that might influence you, as a tech user, directly.

I'm taking a break and will be back in 2021 with more news, interesting products, opinions and a little bit of sarcasm 😀

Thanks for reading this newsletter! Please share it with anyone that might find it valuable. If you have any feedback or questions you can contact me at cureprivacy@pm.me.

Till 2021.

- Nico


Privacy-focused products


SimpleLogin - Create email aliases to protect your real email address

Don't lose your email to spammers. Use an email alias instead and protect yourself from spam, phishing and other unwanted emails. With SimpleLogin you can create multiple email aliases linked to a single mailbox. Ideal for individuals and one-person businesses.


EteSync - Secure, end-to-end encrypted contacts, calendars, tasks and notes

EteSync is an open-source, end-to-end encrypted solution to securely store your contacts, calendars, tasks and notes. With easy to use apps for all major platforms, EteSync integrates seamlessly with your existing apps. A full history of your data is also saved in an encrypted tamper-proof journal which means you can review, replay and revert any changes you made at any point in time.


Etebase by EteSync - An end-to-end encrypted backend for your application

Etebase, built by the creators of EteSync, is a platform that simplifies building end-to-end encrypted applications. Think Firebase, but encrypted in a way that only end-users can access their data. With an integrated billing feature, Etebase is the ideal platform to use as the backend for your E2EE app.


In the news...


GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

A number of GoDaddy employees have been socially engineered and transferred control of multiple domains to criminals. One of the domains affected is a popular cryptocurrency trading platform, liquid.com. With control of the account, criminals could change the domain's DNS records and took control of some internal email accounts. Liquid's document storage and infrastructure were also partially compromised. According to GoDaddy, the affected accounts were locked when the issue was discovered and all the "changes" that occurred had been rectified.

How does it affect you?

If you are using GoDaddy or any of these crypto trading platforms - Liquid.com, Bibox.com, Celsius.network, Wirex.app - it's a good idea to reset your password and enable multi-factor authentication for extra security. Read the full article here.


Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices

Critical backdoors that can be (and probably already are) exploited by various parties have been found in Wavlink and Jetstream routers. The routers are being marketed as "super affordable" and have been bought by a significant amount of people (mainly in the US). Security researchers discovered multiple vulnerabilities in these routers that can be used to intercept all the traffic to and from the router, gain control of the router and all devices connected to the network.

How does it affect you?

If you have a Wavlink or Jetstream router, it's a good idea to buy a new router (preferably from non-Chinese origin). Read more details here.


Microsoft files patent to record and score meetings on body language

Microsoft is stepping up their game in the surveillance economy. Recently, the company announced that they filed a patent for a system to monitor the body language and facial expressions of meeting attendees to calculate a "quality score". The software could be used by managers to monitor individual workers' use of Microsoft Office 365 software. It is astonishing to see that Microsoft wants to normalize privacy invasion to this extent, all in pursuit of the "productive meeting". Read the full article here.

How does it affect you?

Fortunately, this software is still being developed and not used commercially yet (hopefully, it will never be).


Malicious npm packages caught installing remote access trojans

Two NPM packages have been removed from the NPM repository after it was discovered that it contains malicious code that installs a remote access trojan (RAT) during the package installation. The compromised packages are jdb.js and db-json.js. The packages were downloaded roughly 100 times before the malicious behaviour was discovered by Sonatype. According to the NPM security team, any computer that had this package installed should be considered fully compromised. Unfortunately, there is no guarantee that removing the NPM packages will also remove the malicious software. Read the full article here.

How does it affect you?

If you installed any of these packages consider your computer fully compromised. According to the official NPM advisory, all keys and secrets stored on your computer should be rotated immediately from a different computer. And maybe buy a new computer.