Privacy
- Do you fill in real name + info when registering for a domain?
Hi! Thinking about registering a new domain for homelab setup. Not quite sure which registrar to go with but have heard good things about Porkbun here on lemmy. But, do people fill in their actual real name, and details for these sorta things? Geuninly curious, don't want to end up on bad terms with a company. But on the other hand im just going to use this for my homelab and dont see the "need" to give away my details for this sorta thing.
Let me know how you guys do it :)
- Introducing Proof-of-Work Defense for Onion Services | The Tor Projectblog.torproject.org Introducing Proof-of-Work Defense for Onion Services | Tor Project
Today, we are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterrent against denial of service (DoS) attacks with the release of Tor 0.4.8.
- GrapheneOS after one month
I made this post a few weeks ago, and I've finally been using GrapheneOS for one month. I'd like to point out things that changed, and my experiences with some of the GrapheneOS communities.
The changes
I stressed far too much about which methods to use for installing apps. In the end, it's up to you and your preference. Sure some are considered less secure than others, but it's your phone. I'll explain more about why I'm saying that later. Anyways. I get as many apps as I can via Obtainium, and install a few apps via Aurora Store.
I'd like to clarify the reason I have ProtonVPN installed via Aurora Store. App developers often develop different versions of the app depending on how you install it. Play Store versions of it might rely on Google services, whereas direct apk files may not. ProtonVPN allows you to use it as a guest, but only when you install the Play Store version. No other version of the app (e.g. installed via Obtainium) allows you to use it as a guest. Please stop commenting about this, I explained it to way too many people.
My game selection has remained the same, however Antimine is a bit of a weird one. It is still actively maintained, but the GitHub releases page is versions behind the F-Droid version, and the F-Droid version is versions behind the Play Store version. I tried installing the Play Store version, but it required Google Play Services to work (even though the app could actually run without it, it just thinks it needs it). So, unfortunately, I'll just use the outdated F-Droid version.
2048 by SecUSo actually got dark mode! Good for them for keeping things nice on the user end. Audire has been abandoned, and so I tried out Audile and it works fine.
As many users pointed out, AndBible is not abandoned. It also recently got updated. The UX is still sub par. Fossify projects are also, as many pointed out, not abandoned. Development is just slow. I'm eager to see what updates will come.
HeliBoard still has some weird autocorrect suggestions, but I made a few bug reports about it. KeePassDX no longer has the weird biometrics bug.
For eBooks, I tried out a lot of the top proprietary eBook readers:
- Amazon Kindle was authwalled (required logging in)
- FBReader was netwalled (required a network connection)
- Google Play Books was playwalled (required Google Play Services)
Then, I tried Moon+ Reader. I am so sorry, but this app is honestly fantastic. I will reiterate: it is proprietary, but it has support for Apple Book's page turning animation as well as other stuff. The open source eBook readers peril in comparison. The app is perfect, I just wish it was open source.
My music player has changed to VLC Media Player, which is honestly so much better than the desktop version. It has incredible support for use as a music manager. The only annoying bug is that it will sometimes lag for a few seconds before resuming, and there's no clear "queue" section.
I got too upset with Vanadium's lack of anti-fingerprinting and privacy features, that I switched to Brave. Honestly, I'm happy with it. It's not perfect, but I can get behind it.
The new stuff
Alright, now let me mention the new things I got to try. I wanted to try out an RSS reader, so I got Feeder. It's honestly what you expect from an RSS reader. I will say: I wish there was more distinction between read and unread articles. Currently the only difference is whether or not the title is in bold. I also wish the "Show read articles" could be changed for each feed, and not globally, or have an "Unread articles" section.
I have the I2P DEBUG app in case I ever want to access I2P pages. I'm learning about what I2P is. From what I gather, it's like Tor but... not Tor.
I tried out Image Toolbox for editing images. It's very feature rich, but very unintuitive to use.
This is the biggest change: I tried out Lawnchair and Lawnicons. It is honestly so great. I wish the default launcher had that level of customization. You can customize it in 100 different ways until your heart gives out, it's honestly fantastic. There are inconsistent minor bugs and annoyances, but the benefits far outweigh those. I'm a sucker for the iOS look, and I was very pleased I was able to achieve something in between Android and iOS. I just wish they would bring dock colors back! One of my favorite features is being able to customize any icon and name for any app on the home screen. I could make a dating app look like a graphing calculator, for example...
I tried out the proprietary Pydroid 3 app as a Python IDE. I give the developers a solid pat on the back. It's a great app. It works super well, and just has the occasional "upgrade to premium" popup to remove the "ads" that it can't load because it can't touch the internet. Good job guys.
I added Shadowsocks to my censorship circumvention toolkit. I can't find any free servers, but hey it's there in a pinch.
The community
I got some time to experience the Matrix/Discord/Telegram (they're all bridged) community as well as the issue tracker for GitHub. The issue tracker closes a lot of issues that I personally think should remain open. One I made was changing one of the default pings for an (obscure) menu from Google to GrapheneOS, a very simple fix. They closed it, which I'm upset about. I get it though, they can't fix everything.
The Matrix/Discord/Telegram community is... interesting. There's 3 people: The ones who understand almost nothing and need a lot of help, the general users who are super friendly and have wholesome interactions, and the ones who know (and/or think they know) everything. That third group is quite prevalent. They will constantly push their own threat model on you as if it's the only correct answer, and will (quite often) refuse to answer questions if it goes against their threat model (e.g. questions about Aurora Store when "Play Store is the only correct answer").
It's annoying to say the least. I try to mention as much as possible that everyone has their own threat model and it's your phone so you get to choose your own preferences at the end of the day, but that never goes over well. GrapheneOS isn't always known for taking kindly to some lesser threat models, which is a double edged sword. It's good that they have such high standards, but they need to know when to relax and let other people help. It's not bad by any means, you'll get the help you need, but it's not a good look at the end of the day.
Conclusion
That's my experiences after one month. It's been nothing short of fantastic, even with some problems. I am a strong advocator for open source software, but for a couple things the proprietary alternatives are simply the best. That's the unfortunate truth for some things. This will be my last post about my experiences with GrapheneOS, but coming from iOS, it is a super fun transition.
I'd also like to mention quickly for anyone wondering: Backups for me are currently under 5GB (not including music), and in a month with all the app downloads and music transfers over LocalSend, I used about 70GB of internet. Tubular used the most internet (about 22GB in a month). For all you curious, this can give you a nice baseline.
Thanks for reading!
- First hand experience with TSA biometric collection in airport
Hey privacy community! A few weeks back I've seen an article posted here or in some other tech community about TSA rolling out biometric ID process in some US airports, that involved taking a face scan.
I had an international flight planned and I wouldn't want to go through biometric ID, but I was anxious of potential delay and having to explain myself to TSA agents. I also convinced my wife to opt out, which could potentially double the delay.
So for the folks who may have the same concerns, I'd like to share my experience.
I went on my flight a few days back from Newark International Airport (EWR). We went through security check in new Terminal A. At the beginning of the security line there were a few clearly visible posters about biometric ID with opt out information. To opt out you just need to tell TSA agent that you don't want your photo to be taken. The poster also says that you will not lose your place in line if you opt out. Same posters are on each agent desk.
The scanning machine is on every agent's desk, next to the opt out posters. It has a screen, about 8", with something that looks like a set of stereo lenses on top of it. The screen shows the live feed of the person in front of it during scanning process, with a template of a face that helps to properly position it. The scanning process seems to be very quick.
Now, for the opt out - it is indeed as easy and seamless as they claim. I asked the agent to not take my picture, he just said OK and asked me for my passport. The scanning machine didn't turn on. He scanned my passport and gave it back, and I was done, no questions asked.
Actually, I noticed that people who had their faces scanned also had to hand passports over. So they had to spend more time with the agent than I. I assume because it was their first time through this biometric collection and next time they just scan their face again and that's it.
And while I was pleased how easy it was for me and my family to opt out of this, in my opinion, completely unnecessary privacy invasion, I have not observed any other person (out of maybe 100 who passed before me) who did the same. Unfortunately, we know here how easily and thoughtless people give away yet another piece of their personal data. In this case, the data that can be used next time to ID people via video surveillance without any consent.
- I have ditched Windows and went with Linux: My Story with Windows, What apps should i get rid of.
Greetings! Recently, i have ditched Windows for Linux. Why? Well, This all started with a Windows Update. I was working on a Discord bot, until my PC decided to restart without my consent. What was it? A Windows Update. I was like: "no big deal, ill just wait". Well, it was over 100+ updates. After all the updates completed, i saw the Windows 11 setup screen. Keep in mind that I was on WIndows 10 before the updates. Now at that point i really got angry. Like, I hate Windows 11. So then i went and completed the setup, and got met with ALL THE BLOATWARE REINSTALLED. So ofcourse, since i did NOT wanna use Windows 11, i backed up my data, and switched to the Secure and Free operating System, Linux. I went with arch, since i have used Ubuntu before, and it's terrible. And since i didn't wanna use any fancy Desktop Enviroments, such as GNOME, KDE, HyprLand, XFCE. I went with dwm. It looks very mininal and customizable.
Now that brings me to the question, What apps should i get rid of?
I know i did the same post like a few weeks ago, but for the sake of Privacy, i know Some apps contain Telemetry, and some Don't. But still.
- All Proton Drive apps are now open sourceproton.me All Proton Drive apps are now open source | Proton
Proton Driveâs desktop apps are open source, meaning you can review the code of any Proton Drive app for yourself.
- Smart TVs Are Watching You | Feisty Duck
> > > The researchers have discovered that automatic content recognition (ACR) tracking is active most of the time, even when TVs are used as âdumbâ HDMI devices. In other words, the TV manufacturers are monitoring your private moments as well. Thereâs apparently no monitoring of streaming content in the UK, but there is in the US. > >
> > > The only good news is that these TVs can seemingly be configured to disable ACR, provided the owners know this activity is taking place and are able to find the right settings. (I recently looked at the configuration of our TVs again, and understanding the various settings was far from easy.) > >
- FTC Report Confirms: Commercial Surveillance is Out of Controlwww.eff.org FTC Report Confirms: Commercial Surveillance is Out of Control
A new Federal Trade Commission (FTC) report confirms what EFF has been warning about for years: tech giants are widely harvesting and sharing your personal information to fuel their online behavioral advertising businesses.
>A new Federal Trade Commission (FTC) report confirms what EFF has been warning about for years: tech giants are widely harvesting and sharing your personal information to fuel their online behavioral advertising businesses. This four-year investigation into the data practices of nine social media and video platforms, including Facebook, YouTube, and X (formally Twitter), demonstrates how commercial surveillance leaves consumers with little control over their privacy. While not every investigated company committed the same privacy violations, the conclusion is clear: companies prioritized profits over privacy. > >While EFF has long warned about these practices, the FTCâs investigation offers detailed evidence of how widespread and invasive commercial surveillance has become. Here are key takeaways from the report
- I am a victim of a data breach, what do I do?
I am an EU citizen and I was informed that my EURAXESS account was breached. They informed me that while the password wasn't stolen, all of my personal data including addresses, IDs from the CV was stolen and made available on some website.
They say that they're working towards making the site secure, etc., but I know that my personal info is out there. They have even told me to watch out for scams and phishing attempts over the next few months to come.
I am a bit shaken. Please tell me what steps I can take to gain back some control over this situation?
- Govee Smart Lights
My wife bought some Govee Smart LED string lights. We have VLANs setup in our house to isolate IoT devices and setup the new lights on that WiFi. But when we use the app to control them it requires an account and precise and "while using app" location data. The app does not work at all without enabling permissions for location.
Am I being paranoid? This wasn't an initial setup thing the app is unusable without location enabled.
She really wants smart LED lights for outside the house. Is there an option anyone knows of that might be a bit more privacy oriented?
Thanks.
- Uniting for Internet Freedom: Tor Project & Tails Join Forcesblog.torproject.org The Tor Project merges with Tails, a Linux-based portable OS focused on privacy | TechCrunch
The Tor Project is merging operations with Tails, a portable Linux-based operating system focused on preserving user privacy and anonymity.
TL;DR:
> Incorporating Tails into the Tor Project's structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats.
- Labour adopts hated Tory bank surveillance and DWP search and seize powerswww.benefitsandwork.co.uk Labour adopts hated Tory bank surveillance and DWP search and seize powers
Get the benefits you're entitled to: help with personal independence payment (PIP), universal credit (UC), employment and support allowance (ESA),disability living allowance (DLA). Claims, assessments, reviews, appeals.
cross-posted from: https://sh.itjust.works/post/25812217
> cross-posted from: https://sh.itjust.works/post/25812215 > > > Labour is to revive the hated Tory plan to force banks to carry out surveillance on claimantsâ accounts and give the DWP police type power to search premises and seize possessions. > > > > The Tory provisions were contained in the Data Protection and Digital Information Bill, but this failed to be passed into law before the general election and was therefore scrapped. > > > > Now, however, Labour have announced that they are to include what appear to be very similar provisions in a new Fraud, Error and Debt Bill. > > > > According to the DWP, the new law will give the DWP powers to: > > > > - Better investigate suspected fraud and new powers of search and seizure so DWP can take greater control investigations into criminal gangs defrauding the taxpayer. > > > > - Allow DWP to recover debts from individuals who can pay money back but have avoided doing so, bringing greater fairness to debt recoveries. > > > > - Require banks and financial institutions to share data that may show indications of potential benefit overpayments > > > > The Tory bank surveillance provisions would have forced banks to monitor the accounts of all means-tested benefits claimants and report every time an account went over the capital limit or was used abroad for more than four weeks. > > > > In late 2023, it was estimated that almost 9 million claimants would be caught in the Tory surveillance net, including: > > > > - 8 million universal credit claimants > > > > - 6 million employment and support allowance claimants > > > > - 4 million pension credit claimants > > > > That number is likely to have increased by now, especially with the push to get more people to sign-up for pension credit. > > > > Labourâs new bill will also give the DWP the power to search premises and seize evidence, such as documents, laptops and phones. > > > > The Tory Bill contained similar powers. > > > > It would have allowed designated DWP staff to arrest claimants, search premises and seize any evidence they found without needing to use the police. The DWP said this would put them on a par with HMRC and the Gangmasters and Labour Abuse Authority (GLAA). > > > > In an attempt to reassure claimants, the DWP today claimed that: > > > > âThe Bill will also include safeguarding measures to protect vulnerable customers. Staff will be trained to the highest standards on the appropriate use of any new powers, and we will introduce new oversight and reporting mechanisms, to monitor these new powers. DWP will not have access to peopleâs bank accounts and will not share their personal information with third parties.â > > > > Labour claim that these powers will only be used against criminal gangs. But, until we see the text of the bill, we will have no way of knowing whether the law will actually prevent the DWP using their new powers against individual claimants if they so choose. > > > > The outline of the new bill was published today by the DWP to coincide with Kier Starmerâs first speech as prime minister to a Labour party conference. > > > > In his speech, Starmer made only a brief reference to the new bill, saying, âIf we want to maintain support for the welfare state, then we will legislate to stop benefit fraud and do everything we can to tackle worklessness.â > > > > Back in April of this year the then prime minister, Rishi Sunak, outlined his plan to give the DWP police powers. He did this whilst setting out his five point plan for welfare reform in a speech at the right-wing think tank, the Centre for Social justice, founded by Iain Duncan-Smith. > > > > Just five months later, Keir Starmer has announced similar measures, this time in a speech to the Labour party conference. > > > > The other four Sunak points were: > > > > - The WCA to be made harder to pass > > > > - GPs no longer to issue fit notes > > > > - Legacy benefits claimants to move to UC sooner and work requirements to be increased > > > > - PIP no longer always a cash benefit and fewer people to be eligible > > > > We will now have to wait for Labourâs welfare reform white paper to see whether any of the four remaining points will also be adopted as Labour policy.
- Where do you draw the line between privacy and having a presence on <insert job site> ?
It's a slippery slope. I mean, I want a new job. But at the same time, I don't want all that info out there. What says you?
- Any e2ee app for group chat with a web interface?
Hi,
Trying to move group chat from telegram to a more private option, but the key feature is its web interface which is so convenient...
I've checked SimpleX, Session, Briar & Element-Matrix, but the first 3 do not have a web version and the latest only has a free version for self-hosting and I haven't looked into self-hosting yet.
I'd completely understand if what I'm looking for doesn't exist for free, but if anyone has a suggestion here, I'm interested!
Cheers
- Does duck.ai append some extra text to every message?
Often when I'm using it, it will spit out some random blurb about privacy in addition to the response. This time I asked something along the lines of
> What did this message mean > > {Quote}
It answered, and then it added this
> However, the message also includes a detailed explanation about the privacy measures in place when using a specific AI language model through DuckDuckGo. > > The explanation states that all user chats are completely anonymous, and DuckDuckGo does not record any user chats. Any metadata that could potentially identify the user's device is removed before sending prompts to the model provider. This means that even if the model provider stores chats, they cannot be traced back to the user. > > The explanation also specifies that personal information typed directly into the chat cannot be tied back to the user, and that chats will not be used to train or improve models. Furthermore, chats are not sent to any third-party, and are only sent anonymously to the model provider. > > The message ends with a reminder about the appropriate use of code blocks in markdown, emphasizing that they should only be included in programming-related contexts.
I assume they wanted their version to offer information about itself on top of the models regular output, downside being the extra hallucinations
- Telegram will disclose users' IP adresses and phone numbers to authorities, Durov sayst.me Du Rove's Channel
đ Search on Telegram is more powerful than in other messaging apps because it allows users to find public channels and bots. Unfortunately, this feature has been abused by people who violated our Terms of Service to sell illegal goods. đȘ Over the last few weeks, a dedicated team of moderators, le...
> Search on Telegram is more powerful than in other messaging apps because it allows users to find public channels and bots. Unfortunately, this feature has been abused by people who violated our Terms of Service to sell illegal goods.
> To further deter criminals from abusing Telegram Search, we have updated our Terms of Service and Privacy Policy, ensuring they are consistent across the world. Weâve made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests.
- Is using Android with GApps as bad as running Windows on your PC?
In regards to privacy... even when trying to use FOSS-alternatives and F-Droid on Android?
- Looking for an Android app that serves as both a vault and a PDF reader
Hello there, are there any FOSS Android apps out there that serve as both a reader and a vault for PDFs? I want to be able to encrypt the PDF files and decrypt+read them with a single vault password.
I could just encrypt PDF files separately using the same password, but it's not really that convenient having to go through several PDFs tbh.
I want to store the PDFs on the storage of my phone.
UPDATE: Safe Space is exactly what I needed, ty @chemicalwonka@discuss.tchncs.de, will provide a review of the app later
- What's inside the QR code menu at this cafe?peabee.substack.com What's inside the QR code menu at this cafe?
Let me scan it, what could possibly go wrong?
- [Guide] đ Digitally sign and send encrypted emails with S/MIME
Heya, I found how you can digitally sign and encrypt emails! (It even gives them a cool icon for others to see!), and I haven't seen anything about it before so I thought I'd share how I did it!
Do you also want to send encrypted emails and sign them? Just follow these few steps!
But beforehand, let's define some terms :
-
Signed email : Email with a valid numerical signature. Anyone can read it and know it has not been modified since it was sent.
-
Encrypted email : Email encrypted with the recipient's public key. They can decrypt it with their private key
-
S/MIME certificate : A
.p12
file containing your private key (So keep it for yourself and don't send it to anyone!!) and your public key.
Okay, now it's time to...
Start the setup (Obtain an S/MIME certificate)
- You'll need to ask to an authority for a certificate. Personally I use Actalis because they give free certificates for multiple email addresses, valid for a year (you need to redo the setup every year). If you don't want to use Actalis, more info is avilable here.
- Don't forget to put the website in english if you don't understand italian.
- Go on the page to request an S/MIME certificate, create an account and follow the setup. The verification email can take a little while (~2min)
- When the setup ends, you'll have a valid certificate in your dashboard (It can take a few minutes to appear if you just verified it) that you can download, and a password that Actalis emailed you to enable your certificate.
Install the certificate
- Download the .p12 file, then open it, type your password, and leave the default options to install the certificate on your device (Android or PC, on Android pick "For VPN and apps"). Also delete your expired certificate if you have one (for example after a year)
- Use an S/MIME compatible email client. On PC, there is Thunderbird, on Android, FairEmail.
- In your email client settings, importer the S/MIME certificate pofor signing AND encrypting your messages. It changes depending on your client, so here it is for Thunderbird :
- In the top-right menu, go to
Account settings
,End-to-end encryption
, underS/MIME
click onManage S/MIME certificates
,Import
and pick your.p12
file. Then, pickSelect a certificate
, and pick yours from the tab "Your certificates".
- In the top-right menu, go to
An image is worth a thousand words (Sorry for the french)
Don't forget to check the box to sign and/or encrypt every message just below, if you want!
Communicate with someone
Once this is done, here is how you can communicate...
-
...While signing your messages : > It's easy, just click on "Sign" before sending. Usually, email clients show a small medal next to your name to show the email is signed.
-
...While encrypting your messages : > For that, you'll need your recipient's public key. They needs to send you a signed message (not encrypted, since you don't have each other's key at this point) where you can get their public key from their signature, and add it to your email client, which will allow you to encrypt messages you send to them. Then, send them a signed email (you can encrypt it) so they can get your public key and add it to their client, and then you'll be able to exchange encrypted emails!
I'm not an expert and probably made a few mistakes, if you spot any please tell me in the comments and I'll try to fix the guide!
-
- Hybrid watch for notifications
Iâm moving from iPhone to a pixel/graphene. I currently have an Apple Watch and got into the habit of leaving my phone on my desk (WfH) and relying on the watch to let me know if I get a notification. I donât really want/care about fitness tracking or even responding to messages and calls. Is there a watch/bracelet that will just alert me to a notification?
- can I opt out of credit agencies?
I never asked for a credit score. I don't use credit. They have made it very clear breach sfter breach that I don't want them to have my data. How do I remove myself from credit data agencies?
- Mass surveillance is not normal
My threat model is against mass surveillance. This is one of the hardest threat models to defend against and to justify, because (at least here in the US), mass surveillance has become normalized. I've heard people directly tell me that "privacy is weird." I'm not here to shoot down the Nothing to hide argument literally labelled on Wikipedia as "a logical fallacy," instead, I want to take my own approach to show just how unnatural mass surveillance is.
Picture this: Your best friend tells you that he heard rumors that someone put cameras in your house and was actively spying on you. That is super creepy, but you brush it off and say that nobody would do that, because who would care that much about you? However, when you get home, you look around and find multiple dozen hidden cameras everywhere. Think about how you're feeling right now, knowing that you're being watched. Even though you know that you're being watched, but have no idea who has been watching you, what they have seen, or how long they've been watching you, it's disillusioning and creepy to find out that what your friend said was true.
Then, you do some digging online and find out that everyone in your neighborhood is also being watched. Oh, it's fine then, right? Suddenly it's much better that you're not alone. No! More surveillance is not a good thing. People fall into the false belief that as long as it's not targeted surveillance or a personal attack that it's suddenly fine, that you will just blend in with the noise. Your data is valuable, and spying in any capacity is NOT normal. Remember: The situation never changed, you are still being watched, you just found out that not only you, but everyone around you is also being spied on.
You still have no idea who is watching you, and it's even worse to find out that it might not just be one person, that anyone can buy this data for cheap. Data like this can be used to stalk you, drain your bank account, read intimate personal texts, rig elections, manipulate you into buying things you never intended to buy, and so much more. This is the state of mass surveillance and it needs to stop. It's not a conspiracy, the dystopia is today.
Mass surveillance is not normal. Privacy also isn't normal: it's a right, instead.
- Cash into Monero?
I am new to using Monero. What are the rules to moving anon. and safe with Monero. Safest exchanges, Wallets, and sources to spend online would be ideal. How does one turn cash into crypto. Debit cards possible or surrogate spenders?
- Tails was started more than 767,542 times this month
how do they know?
- The United States Should Steer Toward Better Automotive Data Privacy.www.cfr.org The United States Should Steer Toward Better Automotive Data Privacy
New proposed rules on connected vehicles would keep China and Russia out of key parts of the automotive supply chain. But vulnerabilities in national security will remain until the U.S. establishes sâŠ
- Are there any de-googled/maintained operating systems I can use with a Moto G Stylus 5G 2021?
I'm in the US and poor (shocker) and cannot afford a new phone. Are there any alternatives to base Android that I'm unaware of? There's an article on how to switch it to LineageOS, but I feel like that is a brick waiting to happen since I've been to LineageOS' page and they mention nothing about support for my device. Am I just SOL until I can manage to get a new phone?
- Exposing The Flaw In Our Phone System - YouTube
YouTube Video
Click to view this content.
SS7 is vulnerable to attack. However, the types off attacks on the video don't affect Signal as it requires a pin. (Make sure you set your pin to something strong and secure)
- Unauthenticated RCE vs all GNU/Linux systems to be fully disclosed in 2 weeks with no working fix yet
EDIT: Original post seems to have been removed, try this Nitter mirror instead.
- WebUSB. Could websites know what's connected to my computer?
Was browsing on the GrapheneOS website and came across a new thing called WebUSB, which is essentially a JS API through which GrapheneOS web installer worked.
This got me wondering, if website could read what's plugged into my computer like my phone or disks, isn't that a huge risk to privacy? I don't know how this works (haven't used it) so I would like to know about its privacy.
AFAIK Firefox doesn't allow this API, so that's a relief (I use librefox), but what about other browsers? I am getting a bit paranoid.
[Also, are there other APIs like these; which are a privacy nightmare that websites could use?]
- How did they get my data? I uncovered the hidden web of networks behind telemarketers.theconversation.com How did they get my data? I uncovered the hidden web of networks behind telemarketers
After receiving dozens of unwanted calls from telemarketers, I started to investigate.
- âIt scared them offâ, Kansas City shoppers report less crime thanks to security robot patrolling strip mallwww.kctv5.com âIt scared them offâ, Kansas City shoppers report less crime thanks to security robot patrolling strip mall
A sight previously thought to be science fiction is very real at a southeast Kansas City shopping center. Instead of a police officer, a security robot has been patrolling sidewalks and shoppers are taking notice.
cross-posted from: https://lemmy.world/post/19944734
> KANSAS CITY, Mo. (KCTV) - A sight previously thought to be science fiction is very real at a southeast Kansas City shopping center. Instead of a police officer, a security robot has been patrolling sidewalks and shoppers are taking notice. > > Since Marshall the robot has been on the job, shoppers say the experiences have completely changed when they come to these stores. The robot can spend 23 hours a day monitoring the parking lot from all angles which gives people a new sense of protection and ease they donât always have when out. > > Marshall took over security at Brywood Centre in April. Before that, Karen White noticed a lot of trouble outside the shopping center. > > âSometimes itâd be concerning for your car like someone could take it or something,â White said. > > Knowing now that Marshall is always watching, the risk of crime does not worry her or others as much. > > âIt made it very better, like you canât be in the parking lot without seeing the robot,â White continued. âSo, I think it scared them off.â
- How good you feel good about your privacy using apps such as Signal?
Convincing people to use apps such as Signal is hard work and most can't be convinced. But with those you manage to convince, do you feel happy to talk to them on Signal?
The problem is these people use Signal on Android/IOS which can't be trusted and IOS has recently been in the news for having a backdoor. And it has also been revealed that american feds are able to read everyone's push notifications and they do this as mass surveillance.
So not only do you have to convince people to use Signal which is an incredibly difficult challenge. You also have to convince them to go into settings to disable message and sender being included in the push notifications. And then there's the big question is the Android and IOS operating systems are doing mass surveillance anyway. And many people find it taking a lot of effort to type on the phone so they install Signal on the computer which is a mac or Windows OS.
So I don't think I feel comfortable sending messages in Signal but it's better than Whatsapp.
These were some thoughts to get the discussion started and set the context.
- Suggestions for privacy and security blog
I'm entertaining the idea of starting a digital privacy and security blog. As a matter of fact, I am self hosting it right now, but mainly for friends, family and acquaintances. It's super basic, more rants than articles honestly, đ€Ł
Since the only 2 social networks I have are Lemmy and Mastodon, I've been avoiding allowing sharing to Facebook, Twitter and other mainstream SNs.
My wife thinks I should just host it on a cloud and share it everywhere with the argument of, and I quote, "the platforms you use are already full of people as paranoid as you. If you really want to bring your knowledge and experience to others, you should allow us to share to the platforms full of people oblivious to the dangers you constantly slam us with" (which is absolutely true. I'm a thorn on their side, lol.
What do you guys think? Should I add features to share to those places? Would you if it was you? Under no circumstances will I post on any of them, and if I allow to share from my blog, my inner circle would be the one doing the sharing.
I do want to help spread our gospel, but I think that most people in those platforms are just to far gone to even care. I don't even know what to think anymore. I've only written 2 articles so far anyway, so it's not like I'd be the New York Times of privacy or anything.
- Question: Random Browsing Tools (Dilute and Confuse)
Fingerprinting isn't always possible to defeat, and its not always possible to avoid making accounts (work and school accounts)
However, it should be possible to fill up tracked data with meaningless garbage and reduce the signal-to-noise ratio. Ex: a bot that browses random products on amazon to reduce profiling accuracy.
Do you guys know of any tools that do this? Anything from browser extensions to command line scripts, to anonymous group-accounts.
- Filen cloud
Hi guys I was looking for an E2EE cloud storage with reasonable pricing (I need nothing special just for personal use) and found filen.io pretty compelling. Does anyone here use filen? How is your experience with it?
- Question for those knowledgeable about alternative web protocols (gopher, gemini, etc): Would it be possible to create a tool that translates http sites to those formats, on demand?
We all know how awful most modern websites are in terms of bloat, javascript and tracking. Not only that, but designing and maintaining web-browsers has become such a gigantic undertaking (almost the size of an operating system), that only a few companies have the resources to do it (google and mozilla, and mozilla might not hold on for much longer).
These alternative protocols offer a minimal set of features, and are trying to get back to what the web should've been: static content with images, text, and links, with local applications filling the void for anything more complicated than that.
Lets say I wanted a privacy-friendly way to view a page on a news site. I could:
- Copy the URL of the page
- Open some tool, (or website, anything), paste that url.
- It converts the content in the url to the necessary privacy-friendly alternative format, and I can view it with my gopher/gemini browser (or even maybe a markdown viewer).
I know there are a few html -> markdown converters that can do the last step.
Does anyone know if this would work?
- simplex chat for linux arm64github.com Build software better, together
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.