Kazani

Kazani's avatar
Kazani
πŸ›‘οΈ kazani@primal.net
npub1vm68...srrc
Beloved Bitcoin. Promo code: KAZANI ➑️ https://foundation.xyz/passport-prime
A programmer has revealed that his side project is β€œgoing for Satoshi’s wallet." He has shared a post on Substack outlining plans to use group-theory math and optimized elliptic-curve code to try to crack the Bitcoin founder’s keys.
If you're smart why are you poor? Elliptic Curve Edition
Using Group Theory to Speed up an Elliptic Curve Library from 352 million CPU years to 12 million CPU years
 https://www.reddit.com/r/hacking/comments/1nyr4x0/i_used_all_the_math_i_know_to_go_from_352_miilion/
🧊 Hidden Firefox AI process consuming CPU resources? Firefox browser users have encountered serious performance issues after the release of version 141. Initially, suspicion fell on the new "Smart Tab Grouping" feature using AI, but an official Mozilla investigation (Bug 1982278) showed that the abnormally high CPU load is caused by another component, namely the hidden pilot experiment "Semantic Search in History" (places.semanticHistory). The "Smart Tab Grouping" has nothing to do with this. Everything was fine just yesterday. Today I opened Firefox, and as a result, there were sharp spikes in CPU load and power consumption. My fans shouldn't be this loud if I don't have more than 15 tabs open. After unsuccessfully restarting Firefox, I opened the task manager and found that a process called "Inference" fluctuates from 0.05% to 130% CPU usage, which explains the spikes in CPU load and power consumption. Killing the process solves the fluctuation problem but causes Firefox to crash, requiring a restart. What is going on? This problem never existed until today. β€” users complain on Reddit. 😱 Official Mozilla representatives have acknowledged the issue. The fix will be included in Firefox 143 (ctodea writes Target Milestone: β†’ 143 Branch). πŸ’‘For full control and disabling of all local AI services, advanced users should experiment with some settings: In about:config the parameter browser.ml.enable is set to false. *The browser.ml.enable parameter is the main, kind of master key to all under-the-hood machine learning in Firefox. Setting this value to false completely deactivates the local AI engine (Inference process), making it impossible for any dependent features to work, including smart tab groups and the chatbot. In about:config the parameter browser.tabs.groups.smart.enabled is set to false. *Disables only the smart tab grouping feature. This step is not a guaranteed solution to the CPU overload problem, as the main source of the error lies in another component. Meanwhile, the AI engine itself (Inference process) remains active for other potential tasks. In about:config the parameter browser.ml.chat.enabled is set to false. *The browser.ml.chat.enabled parameter is a direct system switch that controls the activation and visibility of the AI chat integrated into Firefox. Source: Telegram | Russian OSINT image
EU age verification app to ban any Android system not licensed by Google Reddit: https://www.reddit.com/r/BuyFromEU/comments/1mah79o/eu_age_verification_app_to_ban_any_android_system/ The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here:
GitHub
GitHub - eu-digital-identity-wallet/av-app-android-wallet-ui
Contribute to eu-digital-identity-wallet/av-app-android-wallet-ui development by creating an account on GitHub.
. Problem is, the app is planning to include remote attestation feature to verify the integrity of the app:
GitHub
GitHub - eu-digital-identity-wallet/av-app-android-wallet-ui
Contribute to eu-digital-identity-wallet/av-app-android-wallet-ui development by creating an account on GitHub.
. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means: β€’ The operating system was licensed by Google β€’ The app was downloaded from the Play Store (thus requiring a Google account) β€’ Device security checks have passed While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems. This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it. The issue has been raised here
GitHub
Do not add Google Play Integrity integration Β· Issue #18 Β· eu-digital-identity-wallet/av-doc-technical-specification
In the README, the following is listed: App and device verification based on Google Play Integrity API and Apple App Attestation I would like to st...
 but no response from team members as of now. In short: You can only be a full citizen of the EU if you accept the ToS from Google.
Another Linux Smartphone Enters The Market. Meet Liberux NEXX Liberux NEXX is a phone built on LiberuxOS, based on Debian 13 Linux Distro. Liberux NEXX will never track your activity, collect your data or compromise your privacy. All source code will be available for you to further customize your system or even build alternative versions. NEXX grants you a full ARM Linux system, including Android OS, which would allow you to install applications for this environment without compromising your privacy. CPU: Rockchip RK3588S β€’ 8-cores, 64-bit β€’ 4Γ—Cortex-A76 (upto 2.4GHz) β€’ 4Γ—Cortex-A55 Manufactured by TSMC on 8nm process GPU: ARM Mali-G610 β€’ 4-cores MP4 (450 GFLOPS) Modem: Snapdragon X62 5G RAM: upto 32GB LPDDR4X ROM: upto 512GB emmC upto 2TB SD Card support β€’ 6.34-inch (2400x1080 px) FHD+ OLED Display β€’ Gorilla Glass protection β€’ 32MP Single rear camera β€’ 13MP Front camera β€’ 5300mAh battery β€’ Rear fingerprint sensor β€’ 3.5mm headphone jack β€’ 2x USB-C 3.1 port Audio Codec: ALC5640-VB-CG Amplifier: AW8737SCSR Wi-Fi/BT: AW-CM256SM (BT 5.0) 5 years of Upgrades NEXX also supports GNOME Shell Mobile and contains 3 KILL SWITCHES β€” for Microphone/ camera, Wi-Fi/BT and Signal. When all 3 switches are flipped down, they also disable additional components like the GNSS unit (GPS + satellite systems), the IMU (accelerometer, gyroscope, magnetometer), and ambient & proximity sensors. Liberux Team is also developing a gadget that, when connected to a monitor, keyboard, and mouse, will enable "wireless" connectivity to them. The smartphone is still under crowdfunding and will start shipping worldwide in July 2026. https://www.indiegogo.com/projects/liberux-nexx--3#/ The base model comes with 8GB+128GB+LTE and costs 790€. Since Liberux NEXX has been designed with a modular architecture, you can upgrade the RAM, storage & modem. Storage: 256β€―GB (+45 €); 512β€―GB (+150 €) RAM: 16β€―GB (+100 €); 32β€―GB (+250 €) 5G Modem: +120 € Liberux 2TB MicroSD Card: +250€
OSINT via Bluetooth: how Android devices give away the owner For reasons unknown to me, Bluetooth is still considered a purely local protocol: file transfer, connection to headsets, operation of a fitness bracelet. In practice, it gives a lot more. With proper processing of advertising packages and service information of Bluetooth devices, it is possible to determine the approximate location, type and model of the device, restore movement routes, and in some cases, identify the owner. All this happens without physical access to a smartphone or wearable devices. Bluetooth-OSINT is used at the information collection stage, during technical support of events, during investigations and during movement monitoring. It is effective both in urban environments and in confined spaces: at train stations, business centers, hotels, and conference halls. Android devices remain particularly vulnerable. Even with an inactive connection, they continue to send advertising packets. Advertising packets in the context of Bluetooth, especially Bluetooth Low Energy (BLE), are special short packets of data that a device periodically transmits over the air to inform other devices about its presence. These packets do not require a connection β€” they are transmitted "blindly" and are received by all devices within range. It is thanks to these advertising packages, for example, that headphones appear in the list of available Bluetooth devices on your phone. Many models transmit the device name in clear text β€” for example, Pixel 8a Alex or Galaxy S22 Masha. This field often contains the user's name or nickname. Such data can be compared with search results in social networks, leaks, and databases. Even if the name is hidden, there are still values in the packages that can be used to set the model, chip type, and manufacturer's version. If you collect data about such devices from different points, you can build a graph of movements and identify whether the devices belong to the same user. What is visible via Bluetooth – Device name – Signal strength (RSSI) β€” allows you to estimate the distance to the source – Manufacturer-specific data β€” additional fields specified by the manufacturer – Advertising UUID β€” often static for specific models – Frequency of broadcasting and interaction with services The combination of smartphone, watch and headset is already a unique set. It is easily tracked by its characteristic behavior on the air. Why Android makes more noise than other OS – The MAC address may not be randomized until Bluetooth is manually rebooted - Built–in BLE Privacy protection is either missing or partially implemented – Device names are often transmitted in clear text – System services are running in the background: Nearby, Fast Pair, geolocation, Smart Lock This creates a permanent presence of the device on the radio. Even without connecting to other devices, the smartphone remains visible. How to reduce visibility 1. Disable Bluetooth if it is not necessary to operate it 2. Disable background scanning: Β Β  Settings β†’ Geolocation β†’ Scan β†’ Bluetooth Scan β†’ Off 3. Change the device name: Β Β  Settings β†’ About the phone β†’ Device Name 4. Disable Nearby Share, Fast Pair, Smart Lock and other Bluetooth-enabled services 5. If root access is available, use additional utilities: – Magisk BLE Privacy Module Β Β  – XPrivacyLua Β Β  – Bluetooth MAC Spoofer Tools for analysis – nRF Connect β€” displays BLE packets transmitted over the air - Beacon Scanner / BLE Hero – detection and tracking of surrounding devices β€” btmon with ADB – allows you to view HCI logs, including BLE, without root access - Kismet is a powerful framework for monitoring wireless interfaces (Wi-Fi, BLE) Even if the device is not connected to anything and is in your pocket, it can transmit this data, depending on the firmware, settings, and model. This creates a digital "fingerprint" on the airwaves.