The most sophisticated cyber attacks often rely on the simplest human behaviors. 👀 The FBI’s latest flash warning regarding North Korean state-sponsored actors (Kimsuky) using malicious QR codes is a fascinating case study in behavioral engineering. A QR code is essentially a digital question mark in the physical world. It begs to be resolved. We have spent the last few years training ourselves to scan them automatically; for menus, for parking, for connectivity. Attackers are weaponizing this muscle memory. They aren't just exploiting code; they are exploiting our inherent need to know what is on the other side of that scan. In high-stakes environments like academia and think tanks, unchecked curiosity is now a critical vulnerability.

TL;DR
🧠 FBI Alert: North Korean group Kimsuky (APT43) is active.
🎯 Targets: NGOs, academia, and foreign policy experts.
⚡ Vector: Malicious QR codes bridging physical and digital gaps.
🛡️ Defense: Treat an unknown QR code like a discarded USB drive. Do not scan.

forbes.com/sites/daveywinder/2…

#CyberSecurity #HumanFactor #Infosec #HigherEd #security #privacy #cloud

Looking for some perspective on this, interested how y’all think about it and if I’m isolated in my concerns.

I’ve grown to be a bit anxious when I’m out and about in any neighborhood. The wide use of doorbell cameras that connect to the internet and save data on company servers, listen in to your conversations, and could be used for spying on you as an individual gives me a sinking feeling.

I like walking around, I walk my dogs around the neighborhood and I know my neighbors. I’ve started being so aware that it’s changing my habits. I don’t turn my face towards houses while I’m walking if I notice a doorbell camera, and I’ve put my shirt over my face when dropping off something to a neighbor who has one. I probably gave them a fright but I don’t feel like I should’ve expected to be OK with you surviving me in a way that compromises my privacy that expansively. I’m considering keeping a bandana with me to cover my face if I need to go up to a door, but of course that would make people think I’m a bad actor and just a paranoid privacy nut.

I feel a bit like Winston in the 1984 novel, always feeling watched and trying to find an isolated corner where I can’t be seen. How have y’all been feeling on this? Would love to get perspective, thanks

I have been following the talk about Chat Control in the European Union and similar regulations elsewhere. Many people are still not aware of these developments, and I believe a fiction story can reach more people than a technical explanation ever could.

This is my short story about the logical conclusion of these laws. Please let me know what you think and share it with those who might benefit from seeing where this path leads.

For the Children

I feel the cold on my face. The only part of my body that is not covered by cloth. In this temperature you need to have good insulation or you will not be able to get far. And we have to get far. The whole path is 10 miles long and we are almost halfway there. We went as far as possible with the car, but the forest here is too dense and the snow too deep. It looks beautiful. But it is hard for me to recognize this beauty for more than a few seconds.

I look behind me and see the footsteps that I am leaving behind. Around twenty meters behind me is Elena. I know she is there, but because of the snow and fog, she looks like a black dot on a white paper. I can't see her face, but from her body language she does not look tired. We are already late, so I know I have to walk in front of her to keep up the pace.

I have lived in the Union my whole life. More than thirty years. I still remember the last trip I made out of it, about five years ago. It feels like yesterday in some way. But so much has changed since then.

It happened gradually. It was supposed to be a land of freedom and liberty. We always looked at other countries and felt disdain for their political systems. In school they always taught us that we are the promised land for other people and a beacon of democracy in this world. I do believe that it was actually like this in the past. But it all started to change with the acceptance of laws that seemed very innocent at first.

The first thing the Union did was pass the so-called "Child Abuse Protection Law". It required all internet companies to scan every message passing through their platforms. Not even that much has been talked about it. They said it had to be done to catch all human traffickers. They said it was for the children.

It didn't make much of a difference for the regular person yet. Some people complained about it, and there were some protests in the larger cities. But soon after they accepted it, nobody was talking about it anymore. We thought that was the end of it.

Then, they blocked access to some of the foreign websites. Some social media platforms that were deemed to be extreme and some news websites. Most of us just installed a VPN, thinking we were smart.

Last year, all the unofficial VPNs were banned. The only one that was allowed was the official VPN of the Union. They said some hackers used connections with the outside world to share fake news about the Union. But we knew that the reason they did it was to be able to look at everything that goes in and out.

A few months ago another rule was accepted. Now, every device that can connect to the internet has to be registered with the government. The government justified this by claiming that drug dealers used old burner phones for communication. Now every phone has to have a registered user, otherwise it is denied access to the internet. This means that the authorities now monitor every conversation and post on the internet all the time. Everyone is trapped in the system, and there is no way for someone to escape it.

Well, actually, there is one way left.

The only way to communicate with the outside world now is a satellite phone. It connects directly to orbiting satellites, which grants unmonitored access to the global internet. With it, the user can communicate privately to the outside world. The only problem is that they are very hard to get.

But lucky for me, I have one. It has been in my backpack since we started walking this morning. Without stopping, I move my backpack to the front and open the zipper. I pull out a satellite phone. I can't take my gloves off because it is so cold. So I type with my bulky glove one letter after another: "All good. T-1 hour." I press send.

I look back at Elena.

"Just a little further, then we switch!" I shout through the wind.

"Okay," I hear her voice through the cloth that covers her mouth.

The phone will send a message when it connects to the satellites. It should take around a minute, and Jack will receive the message. It takes noticeably more time than a regular internet connection. He is probably already there. Waiting for us.

I have known Jack since childhood. He always challenged authority. In school he debated teachers who hated his nonconformity, and later became obsessed with privacy, warning us how online surveillance works and how our digital lives are tracked. It could be tiring to talk to him, which was why our friend group meetings became less and less common. I was never as extreme as him, but always took his side when we were debating topics among friends, though I would push back when it was just the two of us.

So when they first started talking about the messaging scanning law, he was the first one I knew to talk about it. I remember a conversation between me, Jack, and some of our other friends whom we knew from college.

"What do you hide on your phone that you are so concerned about, Jack?" Brian asked Jack in the pub.

"It's not about having secrets," Jack snapped back immediately. "It's about where this can lead. You wouldn't want a government agent sitting in the corner of this room, recording us just in case one of us mentions something illegal, would you, Brian?"

"But as long as you are not doing anything wrong, you don't have to fear it," Brian dismissed nonchalantly.

"It's about the way the system is designed if they decide at any time they want to censor you, nothing will be stopping them," said Jack.

Brian seemed unwilling to engage further. He didn't have a good reply, or at least didn't want to think of one.

"Anyway, what are you going to do about it?" he asked.

A moment of silence followed.

"I'll fight it as best I can," he said. "But if all else fails, I'll leave the Union. I tell you, this is a slippery slope. It will get much worse from here."

"If you really leave the Union just because someone might read what you write to your friends in a group chat, you're even crazier than I thought," Brian laughed. The rest of the night passed with lighter talk.

And he was really that crazy. At least it seemed crazy at the time. We had long conversations about it. He was convincing me to take Elena with me, and that we all should leave. But I couldn't at the time. Although I agreed with him, I really thought it would not be that bad. Or at least I hoped so. But soon after they accepted the law, he left abroad and never returned.

Leaving the Union is pretty much impossible now. It is not because of a heavily guarded border, but because of the immense power the Union holds over its neighbors. If a neighboring country identifies a person from the Union, they must return them or risk losing vital trade agreements. For these governments, we are not people. We are just a threat to their economy, where a fugitive is nothing more than a risk to them. Occasionally, you hear of someone who tried to escape but was handed back and no one heard from them again.

"Stop, I'm getting tired. Can you carry him?" Elena's voice cuts through the wind.

I turn around and see her walking behind me, making small steps uphill.

"Of course," I say and stop.

"He has been sleeping this whole time," she says and opens up her poncho.

His eyes squeeze as the snowy white scenery flashes before him. Our little Max, so small and vulnerable, bundled against the cold, our precious little secret. I look at Elena who has tears in her eyes. I know we could spend hours gazing at our beloved child, memorizing every tiny feature of his, if we had time. But we don't.

"Give him to me, we have to carry on," I say.

She unravels Max from the poncho with which he was attached to her. I tie him to my chest and cover him with another blanket to keep him warm. I kiss Elena on the forehead.

"You go first," I say. She nods and takes the lead.

She was so strong in the past few days. I know that these were the saddest days of her life. The same is true for me. It was a hard decision we had to make. But once we made it there was no turning back.

It all started about a year before Max was born. Elena's father was a relatively popular journalist who worked his entire life for the national program. He was always critical of the government and of the politicians, even before things began to change. So when the Union first started censoring news in the media, he was writing articles about it wherever they would let him publish them.

He talked about how the censoring is not only done by the law but also pushed through bureaucratic incentives that you have to follow. Social norms change and some things are labeled as inappropriate. He said that the problem would not be that people would be punished for speaking, but that because of fear of punishment they would never speak at all.

Shortly after he began his exposé mission, he was completely blacklisted. No outlet would touch his work. His editor refused to even discuss the facts, only muttering, "If I run this, the Union will label us a 'High-Risk Platform' we’ll lose digital banking access by morning." Overnight, his internet accounts vanished and even his bank account was frozen. The official reason was that he was "spreading hate by spreading misinformation". Almost no major media covered it. And he was not the only case, many who spoke out at that time suffered the same fate. On platforms where free speech was still possible, it was a much talked about topic and people warned about where this can lead. If you search for his name now, there is only one side of the story.

For me, this was the breaking point. Elena felt immense stress at that time. I only felt anger. Anger that we let that happen. I know we probably couldn't have done much anyway. But at least we should have tried.

"When we have a baby, he can’t have a life like this.”

When Elena said those words, it was the first time this idea was spoken out loud.

We were planning to have a baby for a while. But because of the conditions, we knew that it would not be a good life. Elena's dad getting blacklisted changed her. Ever since she said that sentence that winter afternoon, we have been talking about it almost every day. We knew we would have a child, but it became clear to us that the conditions would get a lot worse.

At that time, I still spoke to Jack through an encrypted messaging platform on the internet. Then no satellite phone was needed. I told him that we wanted to have a child completely off the grid and that we wanted him to live outside of the Union. At that time, it was already obvious to us that we would not be able to go with him. The regulation was already too strict for traveling.

Jack was not hesitant one bit when I told him we wanted him to take care of our child. During the years he lived abroad, he met a girl there, and they were both open to this "adoption".

"We have to put all our electronic devices in a box when we’re at home,” I told Elena some time before Max was born. "We can't risk the existence of Max being recorded anywhere.”

We were already very careful not to leave any trace anywhere. But him being actually present in the real world meant an even greater challenge. I was buying all the baby equipment from a black market on the other side of town, trying to buy it in bulk, so I minimized all the possibilities that someone would catch on to something. We were very precise about covering all the tracks because we knew that if anyone found out about it even years later, we could be in trouble. We did not even really know how much the authorities actually monitored our data. We burned all the trash that could have been associated with Max and padded all the walls with foam to make it impossible for anyone near the house to hear him cry. I remember one night, Max had a fever and a cough that wouldn't stop. We sat in the dark, clutching him, terrified that a neighbor might hear us. We couldn't even take him to a doctor because every clinic required an ID scan just to enter the waiting room.

"I can't believe this is the last week we three are all together," Elena sobbed.

I was crying too.

We were looking at the pictures we had taken of the three of us. The good old analog Polaroid photos would be the only physical evidence that Max had ever existed.

The forest is beginning to thin out. I increase my tempo so that I can catch up with Elena. She reaches out her hand to me. I grab it and squeeze it. She squeezes back.

"We are almost there," I say, trying to hold back tears.

Elena nods, eyes fixed ahead through the fog. "He’ll run through forests like this one day,” she whispers. "Laughing. Free. That’s all that matters.”

We walk like this for about a mile. It seems like an eternity. We know we had to do it. As parents, we have an obligation to provide the best life for the children.

A fence around two meters tall appears through the fog. The border between the Union and the outside world. We see Jack already waiting there beside the fence. He has sawed a small opening in it, just large enough for Max. We didn't want to make it visible. My dear friend, who I have not seen for so long, and we will not even have time to have a short conversation. He lifts his hand as a sign of greeting. I wave back.

Max will only remember us through stories Jack will tell him. He will only have a few analog pictures that will remind him of where he truly came from. But at least he will be able to live a free life. For us, the people in the Union, this is a long forgotten idea.

Note: I self-hosted a formatted web version and PDF of this story here for easier reading or sharing: gigaprojects.online/post/1

cross-posted from: lemmy.world/post/41387733

I used to self-host because I liked tinkering. I worked tech support for a municipal fiber network, I ran Arch, I enjoyed the control. The privacy stuff was a nice bonus but honestly it was mostly about having my own playground.
That changed this week when I watched ICE murder a woman sitting in her car.
Before you roll your eyes about this getting political - stay with me, because this is directly about the infrastructure we're all running in our homelabs.
Here's what happened: A woman was reduced to a data point in a database - threat assessment score, deportation priority level, case number - and then she was killed. Not by some rogue actor, but by a system functioning exactly as designed. And that system? Built on infrastructure provided by the same tech companies most of us used to rely on before we started self-hosting.
Every service you don't self-host is a data point feeding the machine. Google knows your location history, your contacts, your communications. Microsoft has your documents and your calendar. Apple has your photos and your biometrics. And when the government comes knocking - and they are knocking, right now, today - these companies will hand it over. They have to. It's baked into the infrastructure.
Individual privacy is a losing game. You can't opt-out of surveillance when participation in society requires using their platforms. But here's what you can do: build parallel infrastructure that doesn't feed their systems at all.
When you run Nextcloud, you're not just protecting your files from Google - you're creating a node in a network they can't access. When you run Vaultwarden, your passwords aren't sitting in a database that can be subpoenaed. When you run Jellyfin, your viewing habits aren't being sold to data brokers who sell to ICE.
I watched my local municipal fiber network get acquired by TELUS. I watched a piece of community infrastructure get absorbed into the corporate extraction machine. That's when I realized: we can't rely on existing institutions to protect us. We have to build our own.
This isn't about being a prepper or going off-grid. This is about building infrastructure that operates on fundamentally different principles:

Communication that can't be shut down: Matrix, Mastodon, email servers you control
File storage that can't be subpoenaed: Nextcloud, Syncthing
Passwords that aren't in corporate databases: Vaultwarden, KeePass
Media that doesn't feed recommendation algorithms: Jellyfin, Navidrome
Code repositories not owned by Microsoft: Forgejo, Gitea

Every service you self-host is one less data point they have. But more importantly: every service you self-host is infrastructure that can be shared, that can support others, that makes the parallel network stronger.
Where to start if you're new:

Passwords first - Vaultwarden. This is your foundation.
Files second - Nextcloud. Get your documents out of Google/Microsoft.
Communication third - Matrix server, or join an existing instance you trust.
Media fourth - Jellyfin for your music/movies, Navidrome for music.

If you're already self-hosting:

Document your setup. Write guides. Make it easier for the next person.
Run services for friends and family, not just yourself.
Contribute to projects that build this infrastructure.
Support municipal and community network alternatives.

The goal isn't purity. You're probably still going to use some corporate services. That's fine. The goal is building enough parallel infrastructure that people have actual choices, and that there's a network that can't be dismantled by a single executive order.
I'm working on consulting services to help small businesses and community organizations migrate to self-hosted alternatives. Not because I think it'll be profitable, but because I've realized this is the actual material work of resistance in 2025. Infrastructure is how you fight infrastructure.
We're not just hobbyists anymore. Whether we wanted to be or not, we're building the resistance network. Every Raspberry Pi running services, every old laptop turned into a home server, every person who learns to self-host and teaches someone else - that's a node in a system they can't control.
They want us to be data points. Let's refuse.

What are you running? What do you wish more people would self-host? What's stopping people you know from taking this step?