Privacy

31748 readers
605 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
26
82
submitted 1 week ago* (last edited 1 week ago) by czim@feddit.nl to c/privacy@lemmy.ml
 
 

I'm considering buying a new TV. There's plenty of posts about trying to find dumb TVs, comments like 'just don't connect it to the internet/network'.

What surprises me is that there isn't a good overview of (popular) TVs or brands with basic information, answering for each TV:

  • Can you use it as a basic TV by choosing not to enable smart features during setup?
  • Can you opt out by just not accepting a bunch of agreements?
  • Does it have a camera and/or microphone? Where in the device are these? Is there a physical disable switch for microphone?
  • Does it nag when not connected to any network?
  • Does it have higher than normal power usage when not able to phone home?
  • Has it been discovered to connect to public WiFi networks? Does it have the (theoretical) ability to connect to 5G mobile networks?

And similar.

There are extensive lists with a lot of detail about VPN services but nothing like that for TVs. Am I ignorant of a good source, or does this just not exist (yet)?

27
116
submitted 1 week ago* (last edited 1 week ago) by arscynic@slrpnk.net to c/privacy@lemmy.ml
 
 

If one chats/mails with a person using Windows, despite using secure private protocols, every message will be stored by Microsoft's Windoze Recall. Either I'm missing something but this feature seems like the most grotesque breach in online privacy/security.

What are ways to avoid this except for using obfuscated text?

28
 
 

This has to be against some kind of law right?

29
 
 

Swedish author and famous pro-Ukraine blogger Lars Wilderäng (Cornucopia) reports today that the Swedish security expert Karl Emil Nikka has revealed that Kagi is using the Kremlin propaganda tool Yandex as a backend for searches.

Wilderäng speculates this might mean search terms are leaking to Russia, while others worry about how Kremlin thus can get their talking points into western search results.

Security expert Karl Emil Nikka tells us that the search engine Kagi, popular among tech geeks, uses Russian Yandex, which was introduced after the full-scale invasion. This, of course, gives Russia the opportunity to look at what is searched for via Kagi.

Link (in Swedish), see 11:22 update: https://cornucopia.se/2024/10/uppdateras-ryssland-medger-bruk-av-c-stridsmedel-mot-ukraina-rysk-pilot-som-mordade-68-ukrainare-ihjalslagen-med-hammare-bland-de-allra-storsta-ryska-forlusterna-under-kriget-igar/

30
 
 

I saw a few VPN extensions on Mozilla's addon store but they require full access and is closed source . Foxy proxy seems open source and doesn't seem to be collecting any data for themselves and I'm hopping that combined with https sites only give the proxies which sites im visiting even if they wanted to sell me out CORRECT ME IF I'M WRONG THO . and i don't trust my isp much so it doesn't matter to me if they are selling that only but those vpn extensions will have acess to everything on every site . so yea feel free to correct me on anything and reccomend any .

edit : I don't want recommendations for vpn or any other way like changing dns etc . I just want to change the location on only firefox for android to get past some censorship and geo blocking . if you have any other way to achieve that or better extension than froxy proxy feel free to recommend .

edit : is there anyway to configure proxies on android firefox without using an extension ? i have access to about:config as i use fennec from fdroid .

31
 
 

Anyone try out these hotspots? Any opinions? The cost is comparable or cheaper to buying directly from a phone provider. Are the hotspot devices decent? Customizable?

The non profit itself seems interesting and privacy focused. Their OS seems well maintained and it "just works".

32
 
 

Hi guys, as title suggests how can i extract desired apk file (that is armv8a and En) from app bundles (apkm and apks) ?

33
 
 

We’ve been anticipating it for years,1 and it’s finally happening. Google is finally killing uBlock Origin – with a note on their web store stating that the ...

34
 
 

For example, on WhatsApp, use the whole 25 character limit for profile name. Examples:

Bob Moved To Signal.org

Alice MovedTo Signal.org

CharlieMovedTo Signal.org

Say Signal.org, not Signal, because they won't know it's an app.

Use your about section too. Same on Discord, Steam, Instagram, etc.

35
 
 

I download the apk file from Whatsapp website to install in GrapheneOS, and I've noticed that notifications for messages are very delayed from 15 minutes to no notifications at all until I turn on phone screen and then all of the messages come through. Is there other Whatsapp users with similar issues with functionality?

Signal functions good but there have been times of small delays with messages coming through to get a notification.

36
3
submitted 1 week ago* (last edited 1 week ago) by Tender@lemmy.dbzer0.com to c/privacy@lemmy.ml
 
 

hi guys!! ( linux users don't jump on me pls i only use windows for some apps) so i was noticing that my windows os is full with microsoft garbage that consumes my ram and network speed for nothing!! like shitty edge!! and looked for a solution and i found debloating. but i need to make a backup first in case something goes wrong . local disk is : 237gb - used 133gb = 103gb free i have a 64gb usb i want to make a high compressed backup for everything including my windows 11 is it possible with that 64gb usb? and what software to use pls? pls don’t tell using a cloud !! 😓i have a slow internet cuz i live in a rural area. thanks in advance to anyone!

37
 
 

With the looming presidential election, a United States Supreme Court majority that is hostile to civil rights, and a conservative effort to rollback AI safeguards, strong state privacy laws have never been more important.

But late last month, efforts to pass a federal comprehensive privacy law died in committee, leaving the future of privacy in the US unclear. Who that future serves largely rests on one crucial issue: the preemption of state law.

On one side, the biggest names in technology are trying to use their might to force Congress to override crucial state-level privacy laws that have protected people for years.

On the other side is the American Civil Liberties Union and 55 other organizations. We explained in our own letter to Congress how a federal bill that preempts state law would leave millions with fewer rights than they had before. It would also forbid state legislatures from passing stronger protections in the future, smothering progress for generations to come.

Preemption has long been the tech industry’s holy grail. But few know its history. It turns out, Big Tech is pulling straight from the toxic strategy that Big Tobacco used in the 1990s...

38
39
40
 
 

I've looked through Obtainium source code a while back and there seems to be no hash verification whatsoever. Looks too susceptible to supply chain attacks to me.

I don't like that Aurora Store sends a list of installed applications to Google and the only way to stop it is to blacklist.

Is there an option that combines multiple sources together like Obtainium but contains automatic hash verification for added security (I am aware updates are protected by Android)? Something I can use to download non-FOSS apps from a mirror but make sure it's the APK from the Play Store?

41
 
 

I'd bet you can guess why

42
 
 

I'd like to get back to using Google as my search engine. I tried DDG, Startpage, Qwant, even Searx and while they're all pretty decent they all have their flaws, and unfortunaltely Google is still the most reliable. I use Firefox (Floorp) and i've found out an extension called Google Container. I have my VPN always on and Google always slaps me with that fucking captcha when i start a new session (i reset cookies and stuff on closing). Does keeping Google in the exceptions on closing (keeping data and stuff) and opening it in a container make sense?

43
 
 

I’ve recently been working on de-Googling and part of that has been setting up an email with my custom domain. This mostly works great, but one issue I’ve noticed is email validation on some websites detect this email address as invalid. For instance, if I have the domain [name].rocks with the email [name]@[name].rocks (with [name] being a placeholder for my name) my email cannot be used to register with the Ventra app (for getting mobile train tickets) I believe because any site that has an extension with more than four characters is detected as invalid.

I understand this is a validation issue on the end of the app dev / website, but I was wondering if people had suggestions for workarounds when they encounter this? Setting up other custom emails with forwarding? Thanks!

44
45
 
 

Anyone know if em client has any privacy pitfalls?

46
 
 

Looks like a huge amount of security vendors are working to have a secure and open standard for passkey portability between platforms.

It is always good to see major collaboration in the security space like this considering the harsh opinions that users of some of these vendors have toward many of the others. I just wish apps and sites would stop making me login with username and password if passkeys are meant to replace that lol.

47
48
 
 

I am looking for a laptop (or a tablet with attachable keyboard) that does not come with or allows for physically removing/disabling/destroying of all wireless connectivity hardware. Something cheap, around 200€ would be nice. I would only use this device for word processing, file management, and creating backups on LUKS encrypted drives. Should be able to run gnu-linux.

The closest thing I was able to find was the pinebook by pine64.org, which has killswitches for wifi and bluetooth. Sadly, these are controlled through software and not through a hardware switch.

Does anyone know of a cheap device with hardware killswitches, or a device that allows removing/destroying wifi and bluetooth components on the motherboard (without breaking)?

EDIT 1:

I am looking to buy a new device, not used, and with good enough performance to run a modern desktop environment such as gnome, kde, or cinnamon.

EDIT 2:

Following the advice of some commenters here, I have looked for models that I like, and tried to find a image/video of the motherboard. So far, every motherboard that I could get an image/video of, had the wifi/bluetooth chip soldered onto the motherboard. If anyone knows a brand that offers cheap laptop with modular mainboards, please let me know.

EDIT 3:

Some people here suggested buying an old ThinkPad. I checked for newer models made by the same company ("Lenovo"), and according to their hardware manual, the "IdeaPad" model also allows removing the wifi card, just like the ThinkPad did.

Here is a link to the manual for anyone who is interested (see page 43): https://download.lenovo.com/consumer/mobiles_pub/ideapad_1_hmm.pdf

This solution will work well for my use case and budget. Thanks you all for the advice.

49
 
 

Edit: Here is the verdict: https://lemmy.ml/post/21887275

I am currently doing a deep dive into whether or not Chromium is more secure than Firefox, and I will make a very long and comprehensive Lemmy post outlining my findings with specific sources. I expected this to take a few days, maybe a week, but after finding out many of the claims for both sides give no real sources, I expect this to take a month or longer. I will be reaching out to multiple first-party sources (Mozilla, GrapheneOS, etc.) to get their detailed statements on the matter. I want to provide something that actually covers the full picture of the issue with up to date sources, to hopefully put this to rest for anyone who doesn't want to do the research.

I'm making this post in case anyone wants to provide any extra resources they have about the issue. Do not fight about this issue in the comments, save that until after I am able to release my work. I'm tired of the constant back and forth about this with little to no direct sources. This means that my other project, Open Source Everything, will be put on pause. The FAQ section of that very project is what sparked this, because I realized the issue was far more complex than I outlined in there. (Don't trust the information in the FAQ just yet: it is still in the works.)

As always, don't just give blind support to this just because I am making promises, but if you feel your support is needed then by all means go for it.

If any of you want me to turn this post into an update log, let me know and I will.

DISCLAIMER: These update logs are NOT meant to be taken as a source. I am generalizing a lot of things here for simplicity and brevity, so do not try to pick it apart. Anything I say here is likely a summary of something that will be talked about in fine detail in the article, and so it may contain mistakes.

Update 1

I need to stop posting before bed, since I end up not being able to respond to drama quickly and it grows out of proportion. Anyways, I want to answer a few questions that keep popping up (maybe I'm obsessed with writing FAQs, I don't know) and then talk about my research process.

Google Chrome is NOT the same as Chromium

This is something I already have a draft to write about in my article, because a lot of people mess up the distinction. Google Chrome is Google's proprietary "en-Googled" browser. That browser obviously has numerous privacy issues. What I am referring to in the article is what Google Chrome was built off of: Chromium. Chromium is open source (or source available, or something like that. Please stop trying to remind me of the difference, "open source" gets the point across). Many browsers such as Brave were built on top of Chromium. Many users in the privacy community use Chromium-based browsers. Chromium is mainly maintained by Google, but I will not be focusing on that since I am taking a look at the actual software and not any future problems that may arise.

I'm summarizing things here, but I will go in depth in a section of my article about this, since a lot of people are still stuck on the mindset that Google is always evil. It is true that Google is bad with privacy, but they are good when it comes to security. They have to be, given that Chromium-based browsers and Android are the most used in their respective fields. Any privacy issues can be nullified with some projects like ungoogled-chromium or GrapheneOS which remove any privacy invasive Google components. Anything Google tries to sneak in doesn't get past those projects, like a safety net, because they take very close inspection of the code.

Security vs. Privacy

Security and privacy are two distinct topics with some overlap. As I mentioned above, any privacy issues can be dealt with by using some variants of the software. Because of this, my article will focus primarily on how secure these browsers are. I do understand that security and privacy can go hand in hand: Without security there is little privacy, and without privacy there is little security. However, that is all out of the scope of what I am researching here. The reason a lot of projects such as GrapheneOS recommend against Firefox browsers (especially on Android) is because they claim Firefox has weak site isolation. That is the main point of research for my article. If I can prove that those claims are true, I can demonstrate why it is such an issue. If I can prove that those claims are false, I can try to see if Firefox is more private than Chromium, and is therefor a better option. There will be other related ideas that will crop up that will be covered in the article, that I will research about. The broad hypothesis is "Chromium is more secure than Firefox" and it is my job to find out why people say that and investigate it.

Also, many users talked about ad blocking and the recent removal of Manifest V2, which killed a lot of Chromium ad blockers. This is not the focus of the article, but let me remind you that using a browser such as Brave lets you block ads entirely. Brave is the only other browser recommended by the GrapheneOS project for its security, besides Vanadium. Yes, Brave has some bloat that can infringe on privacy, but those can be disabled. Don't forget that Brave is open source, so you are free to make a fork of it and remove whatever you'd like. The point is this: Both Chromium and Firefox both still have ad blocking, so this is a non-issue.

Who am I?

@dingdongitsabear@lemmy.ml

https://lemmy.ml/post/21367269/14283651

first off, I have serious doubts that any one dude - or even a group of those for that matter - can ascertain the security of such a complex system; a browser is essentially an operating system, with all the layers and complexities that entails.

even if you're somewhat successful in such an endeavor, I don't really care if it potentially is. chromium comes from those shitmakers and I'm not willingly using anything they had their nasty fingers in. they threw one shovel of shit too many on the heap and they are now forever on my ignore list. if that means that I don't get to access certain domains, sites, and/or apps - so be it, I'll make do without.

@echolalia@lemmy.ml

https://lemmy.ml/post/21367269/14283932

Are you a single person or a group of people? Do you have any credentials that you'd like to share that might give some context to your research?

Where is the quote in your bio from?

I could leave some cryptic retrospective answer here, and I would love to, but as fun as that would be it may cause more harm than good. I am an independent, singular person. If I were in your shoes, I too would doubt that any one person could research the intricacies of the matter. However, I don't need to look over every piece of code to make a conclusion. The main focus of the article, as I said, is site isolation. This is what most people reference when they talk about Chromium being "more secure" than Firefox. I already addressed the other argument about Chromium being "evil," as there are other projects that aim to remove some of the damage that has been done. Readers of my article will need to let down their precedent of Chromium being as bad as Google, and realize that Google is bad for privacy but good for security.

If by "credentials" you mean actual identification, no. Even if I told you exactly who I was, you still would have no idea who I am. However, I can give you some of my background: I am advanced in the privacy field, proof of this can be seen with my other project. I used to work as a penetration tester for a low ranking government branch, focusing on network and website security. I am fluent in Python and C++, so I can understand a lot of the code that has been written. I hope that gives you context into who I am and what I do. I guess I could also mention I like to keep high standards, I'm a bit of a perfectionist. I want the article to be nothing short of extremely thorough and comprehensive.

The quote in my bio “Unjust laws only burden the just, as the lawless will not heed them.” is my own (hence why I put "- 8232" there). I have other quotes, but that one is my favorite.

How is the research going?

I didn't quite know where to start, but eventually I settled for this: I have three notes. One is for questions I have (e.g. "What is site isolation?") that I put answers under as I find them. This means I will never be trying to fill in the gaps without sources in the article. I'll have a well informed knowledge of everything. The next note is for all the sources about the issue, categorized into "Primary," "Secondary," and "Unverified" (when there is no source listed for the claim). The last notebook is people. This one contains people and groups who know about the issue that I may get statements or help from for the article. That is all I have right now, because I needed some sleep. I plan to add a "To-Do" note, some various drafts, and a list of documents about the issue. I'll keep this updated.

50
35
submitted 2 weeks ago* (last edited 2 weeks ago) by geography082@lemm.ee to c/privacy@lemmy.ml
 
 

When the iPhone 15 came out, I felt the pressure to upgrade, so I bought the standard model with 128 GB. I'm now experiencing the limitations of their ecosystem, which closed as dolls ass. I'm looking to sell my iPhone 15 and buy two Android phones for myself and my wife. If I could get some extra cash out of it, that would be a nice bonus. I'm not concerned with the fancy cameras or features. I just want something I can manipulate to be private and also install whatever I want, use the common apps everyone uses with no issues, stream movies and TV shows. My main concern is that most phonew from well-known brands, their Android OS are almost as disappointing as Apple products. I think it would be better to get a phone with hardware that is well-suited to a custom Android OS that is well-maintained and known for being reliable, and with a focus on privacy and not bloated. Thank you in advance for your help.

view more: ‹ prev next ›