39C3 watchlist

Even if I can’t be there in person checking out all those great talks from the CCC over at media.ccc.de is always a end-of-the-year highlight for me. Here’s some talks I recommend plus some listening notes.

watched

Live, Die, Repeat. The fight against data retention and boundless access to data

{by Klaus Langefeld} | video

• data retention = Vorratsdatenspeicherung, i.e. anslasslose Speicherung von Nutzungs-/Komminukationsdaten durch Kommunikationsdienste

• lots of jurisdictions pushing towards data rentention again

• in 2001, 90+ % of communication was access-provider-based, while in 2024, 97% of all Interpersonal Communication was through over-the-top services (satellite and cable are almost meaningless)

• in several non-EU jurisdictions there is no time limit for data retained, when it’s claimed to be »for business purposes«

• national data retention laws sometimes overrule GPDR rules

• EU E-Evidence

  • communication providers, internet infrastructure providers and information society service providers (i.e. webshops, cloud services, gaming services etc.) have to implement »EU E-Evidence« by August 2026

• EU Cybercrime Convention - aka. Budapest Convention - estimated to be implemented in 2027 - several EU and non-EU countries would gain access to data from service providers (even financial and administrative services) of several other countries

• no safe way yet for monitoring and managing access to data (no database of what person should be able to access what data) - any compromised law enforcement account can request all subscriber data from any service provider within the EU

• IP data retention
  • users should be identifiable by IP (CNAT, port numbers etc. also stored)
  • however, flow data not stored proactively
  • access to retained IP data can now be requested for all sorts of criminal offences, not only serious crime
• the necessity of retention periods for more than 4 weeks has never been demonstrated
• at the moment, it’s still mandatory that usage data from all sorts of services used by individuals should not allow conclusions about the private life of those IP address holders

selbstverständlich antifaschistisch! Aktuelle Informationen zu den Verfahren im Budapest-Komplex

{family & friends Hamburg} | video

• Spendenkonto
• Plakatreihe
• Petition I - Eltern gegen Auslieferung
• Petition II - Eltern gegen Auslieferung
• Solidaritäts-Webseite BASC
• Webseite der Eltern

From Silicon to Darude Sand-storm: breaking famous synthesizer DSPs

{giulioz}| video

I ain’t much of a hardware guy and I have basically no idea how chips and semiconductors work. Still, that talk had me on the edge of my seat. Not only because I’m a big fan of the Osirus/OsTIrus plugin that The Usual Suspects released before. The whole process of reverse-engineering the DSP chip of a synthesizer without a manual or data sheet for the chip is so fascinating and it’s great to see how they broke down all obstacles.

• dsp56300.com / ./je8086

• github.com/dsp56300/gearmulator

You will need a firmware for the JE8086 plugin (as a *.bin or as *.mid files), which you can find on the Roland support pages.

And so it begins - Wie unser Rechtsstaat auf dem Highway Richtung Trumpismus rast – und warum afghanische Kläger*innen für uns die Notbremse ziehen

{Eva and Elaha} | video

Alongside Sea-Watch and Deutsche Wohnen & Co enteignen, Kabul Luftbrücke is another NGO that impressively demonstrates to me how much change can actually be brought about through civil society engagement and it gives me hope that there’s still ways to change society and the state for the better somehow.

Wer liegt hier wem auf der Tasche? Genug mit dem Bürgergeld-Fetisch. Stürmt die Paläste!

{Helena Steinhaus} | video

AI-generated content in Wikipedia - a tale of caution

{Mathias Schindler} | video

Die Känguru-Rebellion: Digital Independence Day

{Marc-Uwe Kling & Linus Neumann} | video

Unnecessarily Complicated Kitchen – Die Wissenschaft des guten Geschmacks

{LukasQ} | video

yet unwatched

• A Quick Stop at the HostileShop | video
• To sign or not to sign: Practical vulnerabilities in GPG & friends | video
• All my Deutschlandtickets gone: Fraud at an industrial scale | video
• A Tale of Two Leaks: How Hackers Breached the Great Firewall of China | video
• A post-American, enshittification-resistant internet | video
• Building hardware - easier than ever - harder than it should be | video
• Neuroexploitation by Design: Wie Algorithmen in Glücksspielprodukten sich Wirkweisen des Reinforcement Learning und dopaminergen Belohnungssystems zunutze machen | video
• All Sorted by Machines of Loving Grace? “AI”, Cybernetics, and Fascism and how to Intervene | video
• Chatkontrolle - Ctrl+Alt+Delete | video
• Bluetooth Headphone Jacking: A Key to Your Phone | video
• Coding Dissent: Art, Technology, and Tactical Media | video
• “They Talk Tech” live mit Anne Roth | video
• freiheit.exe - Utopien als Malware | video
• Doomsday-Porn, Schäferhunde und die „niedliche Abschiebung“ von nebenan: Wie autoritäre Akteure KI-generierte Inhalte für Social Media nutzen | video
• Prometheus: Reverse-Engineering Overwatch | video
• Wer hat Angst vor dem Neutralitätsgebot? | video
• Programmierte Kriegsverbrechen? Über KI-Systeme im Kriegseinsatz in Gaza und warum IT-Fachleute sich dazu äußern müssen | video
• Variable Fonts — It Was Never About File Size | video
• a media-almost-archaeology on data that is too dirty for “AI” | video
• Denkangebot: Rainer Mühlhoff über KI und autoritäre Sehnsüchte im Silicon Valley | video
• Light in the Dark(net) | video
• 10 years of Dieselgate | video