🦜 Paul Moore - Security Consultant  / @Paul_Reviews
@nitter.poast.org.paul.reviews@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline!
Brought to you by the RSS Parrot.
---
Twitter feed for: @Paul_Reviews. Generated by https://nitter.poast.org
Your feed and you don't want it here? Just
e-mail the birb.
I've contacted @ReolinkTech several times about serious security flaws in their infrastructure. Every time, they refused to discuss their architecture... "for security reasons."
Here's what I found in the firmware across all modern devices, including the OMVI 3i.
With cloud/rich notifications enabled:
• No ADP: Cameras upload raw, unencrypted footage to Amazon S3. Any encryption is Amazon's default — with keys Amazon and Reolink control. You have no key.
• With ADP: The camera still sends unencrypted video. Amazon encrypts it with a key that Reolink derives and retains. Your ADP password plays no part in the encryption.
Reolink's own security page: "All of your data can only be accessed with your passcode."
That is absolutely & demonstrably false.
Reolink can always access your footage. With ADP enabled, only Amazon's access is limited.
#privacyMatters #security #historyRepeatsItself #advancedDataProtection
https://nitter.poast.org/Paul_Reviews/status/2065409467651416502#m
Published: June 12, 2026 12:22
I've contacted @ReolinkTech several times about serious security flaws in their infrastructure. Every time, they refused to discuss their architecture... "for security reasons."
Here's what I found in the firmware across all modern devices, including the…
The #onlineSafetyAct is absolutely necessary to "protect children", but we can't deport a Zimbabwean paedophile because he may face "hostility" abroad?
https://www.youtube.com/shorts/PegToAcYaRs
https://nitter.poast.org/Paul_Reviews/status/2065328662728032429#m
Published: June 12, 2026 07:01
The #onlineSafetyAct is absolutely necessary to "protect children", but we can't deport a Zimbabwean paedophile because he may face "hostility" abroad?
youtube.com/shorts/PegToAcYa…
Prince William wants to use #AI and #data analytics to combat homelessness?!
https://nitter.poast.org/Paul_Reviews/status/2064971807619223951#m
Published: June 11, 2026 07:23
Prince William wants to use #AI and #data analytics to combat homelessness?!
"UK's latest threat to #privacy"
Says it all really.
Hat tip @signalapp
https://nitter.poast.org/Paul_Reviews/status/2064326333631434804#m
Published: June 9, 2026 12:38
"UK's latest threat to #privacy"
Says it all really.
Hat tip @signalapp
Signal (@signalapp)
Our statement on the UK government’s demand that all content on all devices sold or used in the country be scanned, on the presumption of nudity, using a…
2 months later, the @intel #arc #b50Pro drivers are still broken!
Something changed from 8314 to 8515 which makes your mouse cursor disappear completely when using multiple monitors.
The 2nd/3rd display work fine, the primary loses the mouse cursor.
Please fix it Intel - it's been long enough.
https://nitter.poast.org/Paul_Reviews/status/2064230103953850732#m
Published: June 9, 2026 06:16
2 months later, the @intel #arc #b50Pro drivers are still broken!
Something changed from 8314 to 8515 which makes your mouse cursor disappear completely when using multiple monitors.
The 2nd/3rd display work fine, the primary loses the mouse cursor.
…
Debloating #Windows11 to improve #speed, #privacy and #security often involves untrusted tools, ISOs or risky Powershell commands.
Now, you can create a bootable USB using #Microsoft's official tool, debloat and force local accounts... entirely online.
https://wintrim.app
https://nitter.poast.org/Paul_Reviews/status/2063950804935918007#m
Published: June 8, 2026 11:46
Debloating #Windows11 to improve #speed, #privacy and #security often involves untrusted tools, ISOs or risky Powershell commands.
Now, you can create a bootable USB using #Microsoft's official tool, debloat and force local accounts... entirely online.…
#digitalID by the back door.
It's amazing how quickly they can push legislation through when they want it... but it's months/years of pushbacks when they dislike the public response.
It's about time democracy evolved.
https://nitter.poast.org/Paul_Reviews/status/2063202562858274850#m
Published: June 6, 2026 10:13
#digitalID by the back door.
It's amazing how quickly they can push legislation through when they want it... but it's months/years of pushbacks when they dislike the public response.
It's about time democracy evolved.
Politics UK (@PolitlcsUK)
🚨…
Had a brief look at the new @PolCyberAlarm #secureSensor
Wow. What a difference!
It's finally the product it should have been 6 years ago; clearly built by a team who understands #security and #cryptography
This isn't an incremental update; it's a complete replacement and honestly, puts the previous version to shame.
Hats off to Waterstons.
https://nitter.poast.org/Paul_Reviews/status/2062607327803351324#m
Published: June 4, 2026 18:48
Had a brief look at the new @PolCyberAlarm #secureSensor
Wow. What a difference!
It's finally the product it should have been 6 years ago; clearly built by a team who understands #security and #cryptography
This isn't an incremental update; it's a…
I hope you have deep pockets.
@elonmusk will wipe the floor with you.
https://nitter.poast.org/Paul_Reviews/status/2062548808051851538#m
Published: June 4, 2026 14:55
I hope you have deep pockets.
@elonmusk will wipe the floor with you.
Jess Asato MP (@Jess4Lowestoft)
Today, I’m launching a High Court claim against xAI, the company behind Grok.
I am just one of thousands of women and even children who have been…
#XSS flaws are everywhere.
With the unwelcome introduction of #ageVerification, now attackers can steal special category, highly-sensitive data directly from your wallet.
How?
Replace the QR code and await the inevitable.
The user has *absolutely no way* to confirm if the QR code is genuine or served by an attacker, so instead of data going to the website they trust... it's sent to the attacker.
https://nitter.poast.org/Paul_Reviews/status/2062164750503493930#m
Published: June 3, 2026 13:29
#XSS flaws are everywhere.
With the unwelcome introduction of #ageVerification, now attackers can steal special category, highly-sensitive data directly from your wallet.
How?
Replace the QR code and await the inevitable.
The user has *absolutely no…
With the #EuropeanCommission pushing ahead with their flawed #ageVerification concept... and the Danish version being published today, it's probably time to discuss the inevitable ways it will be bypassed & abused.
Here, I've created a chrome extension which forwards the QR code to one of two platforms.
1. An "age verification" marketplace which users, most likely from low-income countries, will scan to make serious money for minimal effort.
2. A "verify as a service" platform which automates the entire product. Just an API which collects QR codes and multiple genuine devices, all scanning & verifying them in milliseconds. No human intervention - just an Android app with an accessibility layer.
Both routes are easy to build with a single #AI prompt and would quickly convert into a regular income stream.
Again, these aren't implementation bugs... this is unsolvable by design.
https://nitter.poast.org/Paul_Reviews/status/2062160150245314747#m
Published: June 3, 2026 13:11
With the #EuropeanCommission pushing ahead with their flawed #ageVerification concept... and the Danish version being published today, it's probably time to discuss the inevitable ways it will be bypassed & abused.
Here, I've created a chrome extension…
Imagine building an ecosystem so utterly broken from the outset, that finally delivering what you'd expect is sold as an improvement.
Imagine logging into Gmail or Amazon from a new device and being told they have no record of you... start over.
But, you can visit two hospitals 10 miles apart and neither can see, access or even share your medical history.
... and the answer to that insanity... is a spy tech firm?!
https://nitter.poast.org/Paul_Reviews/status/2061692034369364068#m
Published: June 2, 2026 06:11
Imagine building an ecosystem so utterly broken from the outset, that finally delivering what you'd expect is sold as an improvement.
Imagine logging into Gmail or Amazon from a new device and being told they have no record of you... start over.
But, you…