Privacy Guides

I came across CalyxVPN while browsing through F-droid, it seems to be offered by the same people who make CalyxOS. I couldn't find much discourse about it online, is it reputable enough to use?

My use case would be to hide whatever I do online from my ISP (I'm not torrenting, just browsing).

And yes, I know free VPNs are untrustworthy in most cases but this seems to come from a somewhat privacy respecting background so I was curious.

Newb question: what does it really mean when I click "Reject Nonessential Cookies"? Am I really being any more private by rejecting these? Just feels greasy like it's a workaround for websites to get my information anyway? Should I navigate away from any sites that suggest this cookie configuration?

“If you’re someone who’s buying products on the web, we know who is buying the products where, and we can leverage the data,” Grether said in a statement to the WSJ. He also said that PayPal will receive shopping data from customers using its credit card in stores.

A PayPal spokesperson tells the WSJ that the company will collect data from customers by default while also offering the ability to opt out.

PayPal is far from the only company to sell ads based on transaction information. In January, a study from Consumer Reports revealed that Facebook gets information about users from thousands of different companies, including retailers like Walmart and Amazon. JPMorgan Chase also announced that it’s creating an ad network based on customer spending data, while Visa is making similar moves. Of course, this doesn’t include the tracking shopping apps do to log your offline purchases, too.

And when to buy xbt or xmr without kyc in EU when both localmonero and localbitcoin are closed?

Has anyone here used Revolut? How does it compare to privacy.com for EU users?.

Can you use the tap to pay on your phone without using Google Wallet?

I am searching for a job and require my phone number to be included on my resume. Is there a service available in the EU (excluding the UK) that can provide this.

Hello, with the new AI features being added into Googles services I was thinking of maybe starting a thread about how to remove data from the affected services. I feel like simply deleting my photos from Google Photos most likely wouldn't be enough of a measure to ensure my images does not get affected or used in these AI features.

Is there any way to ensure that Google properly removes your data after deleting it?

Sources: https://www.youtube.com/watch?v=iinwIYt1IzM https://www.techradar.com/computing/artificial-intelligence/google-io-showcases-new-ask-photos-tool-powered-by-ai-but-it-honestly-scares-me-a-little https://arstechnica.com/gadgets/2024/05/gmails-ai-powered-email-summaries-can-dig-through-your-inbox-for-you/

Why most services that want to protect user privacy. Also those on privacyguides, don't have anonymous payment methods like cryptocurrencies? I pay for a few such services like email or cloud etc. but I don't know if it makes sense if my bank knows I'm using it anyway so they can sell that info to advertisers, gov, etc. In EU services like mysudo or privacy.com are unavailabe so I can't use masked cards. What is then the profit of using such services if I don't pay for them with cryptocurrencies and they can be easily linked to me?

Google’s AI model will potentially listen in on all your phone calls — or at least ones it suspects are coming from a fraudster.

To protect the user’s privacy, the company says Gemini Nano operates locally, without connecting to the internet. “This protection all happens on-device, so your conversation stays private to you. We’ll share more about this opt-in feature later this year,” the company says.

“This is incredibly dangerous,” says Meredith Whittaker, the president of a foundation for the end-to-end encrypted messaging app Signal.

Whittaker —a former Google employee— argues that the entire premise of the anti-scam call feature poses a potential threat. That’s because Google could potentially program the same technology to scan for other keywords, like asking for access to abortion services.

“It lays the path for centralized, device-level client-side scanning,” she said in a post on Twitter/X. “From detecting 'scams' it's a short step to ‘detecting patterns commonly associated w/ seeking reproductive care’ or ‘commonly associated w/ providing LGBTQ resources' or ‘commonly associated with tech worker whistleblowing.’”

I've just been clued into this and I'd like to know if anyone can give me an idea of the quality of the information contained therein. Thanks in advance--I hope you're well today!

With the latest version of Firefox for U.S. desktop users, we’re introducing a new way to measure search activity broken down into high level categories. This measure is not linked with specific individuals and is further anonymized using a technology called OHTTP to ensure it can’t be connected with user IP addresses.

Let’s say you’re using Firefox to plan a trip to Spain and search for “Barcelona hotels.” Firefox infers that the search results fall under the category of “travel,” and it increments a counter to calculate the total number of searches happening at the country level.

Here’s the current list of categories we’re using: animals, arts, autos, business, career, education, fashion, finance, food, government, health, hobbies, home, inconclusive, news, real estate, society, sports, tech and travel.

Having an understanding of what types of searches happen most frequently will give us a better understanding of what’s important to our users, without giving us additional insight into individual browsing preferences. This helps us take a step forward in providing a browsing experience that is more tailored to your needs, without us stepping away from the principles that make us who we are.

We understand that any new data collection might spark some questions. Simply put, this new method only categorizes the websites that show up in your searches — not the specifics of what you’re personally looking up.

Sensitive topics, like searching for particular health care services, are categorized only under broad terms like health or society. Your search activities are handled with the same level of confidentiality as all other data regardless of any local laws surrounding certain health services.

Remember, you can always opt out of sending any technical or usage data to Firefox. Here’s a step-by-step guide on how to adjust your settings. We also don’t collect category data when you use Private Browsing mode on Firefox.

The Copy Without Site Tracking option can now remove parameters from nested URLs. It also includes expanded support for blocking over 300 tracking parameters from copied links, including those from major shopping websites. Keep those trackers away when sharing links!

• Mullvad VPN's blog post: DNS traffic can leak outside the VPN tunnel on Android

Identified scenarios where the Android OS can leak DNS traffic:

• If a VPN is active without any DNS server configured.
• For a short period of time while a VPN app is re-configuring the tunnel or is being force stopped/crashes.

The leaks seem to be limited to direct calls to the C function getaddrinfo.

The above applies regardless of whether Always-on VPN and Block connections without VPN is enabled or not, which is not expected OS behavior and should therefore be fixed upstream in the OS.

We’ve been able to confirm that these leaks occur in multiple versions of Android, including the latest version (Android 14).

We have reported the issues and suggested improvements to Google and hope that they will address this quickly.

• GrapheneOS 2024050900 release changelog announcement:

prevent app-based VPN implementations from leaking DNS requests when the VPN is down/connecting (this is a preliminary defense against this issue and more research is required, along with apps preventing the leaks on their end or they'll still have leaks outside of GrapheneOS)

The tool relies on Telegram's opt-in "Find People Nearby" feature, but allows searches for Telegram users globally.

cross-posted from: https://feddit.de/post/11733855

App can now be used to create and sign in with passkeys.

Some further context:

Right now the mobile apps are using a Framework called Xamarin which enables crossplatform mobile releases. Since it has become a roadblock for them (e.g. needed to wait for Microsoft to support passkeys in Xamarin) they are planning to switch to native apps (Swift for ios and Kotlin for android). Source

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

Hey guys, first post here and on an alt, I hope I don't get flamed. If there's not enough info I'll post another thread tomorrow.

Its been ~5-7 years since using Linux (Ubuntu/Kubuntu/Debian/Mint/Fedora/etc) as my daily driver. Windows since then for dev and games with kids,, but now I have a laptop that can run my dev env in a VM.

I'm an advocate for privacy and security, but I'm also at the "config once, mostly work for a while" camp... I don't like spending a ton of time fixing things. I don't need Whonix or QubesOS-level compartmentalization (unless it runs Barbone's now), but I tried OpenSuse Tumbleweed on a recommendation and the fine-tuning of flatpak controls seemed really nice. I'd love to be able to sandbox as much as possible without breaking things. Memory and exploit-hardened kernel/apps is a huge plus. Basically GrapheneOS as a Linux distro would be fantastic, even though it comes with its own issues.

Am I overthinking here? Should I commit to Debian, Fedora, or OpenSuse and learn to sandbox and harden properly (if so which has best docs and community)?

I forgot the copy-paste specs my laptop hardware info to my phone earlier, but its an HP Victus 15-fa0032dx

HP Victus 15.6" 144Hz FHD IPS Gaming Laptop (Intel i7-12650H 10-Core, 16GB DDR4, 512GB SSD, RTX 3050 Ti 4GB GDDR6), Backlit KYB, WiFi 6, BT 5.2, HD Webcam

I don't use the Bluetooth or webcam, so those drivers aren't necessary. Does Wayland work for this, and is that really necessary?

Sorry for the noob questions. Mid-30s guy with kids wanting to get this done this week if possible. Please excuse spelling and grammar mistakes.

SIDE NOTE: NOT AT ALL opposed to learning new systems, especially for security, as long as it doesn't require hunting down obscure undocumented commands.

Thanks all