Skip Navigation
privacy

Privacy

  • getpocket.com As the Internet Gets Scarier, More Parents Keep Their Kids’ Photos Offline

    Parents are increasingly rethinking what it means to create an online footprint their child can’t actively consent to.

    Here's a non-paywalled link to an article published in the Washington Post a few days ago. It's great to see this kind of thing getting some mainstream attention. Young children have not made an informed decision about whether they want their photos posted online.

    40
  • www.ftc.gov Alcohol Addiction Treatment Firm will be Banned from Disclosing Health Data for Advertising to Settle FTC Charges that It Shared Data Without Consent

    The Federal Trade Commission has taken action against an alcohol addiction treatment service for allegedly disclosing users’ personal health data to third-party advertising platforms, including Met

    According to the complaint, the company contradicted its privacy promises. From 2020-2022, the company allegedly disclosed users’ personal information, including their health information, to numerous third-party advertising platforms via tracking technologies, known as pixels and application programming interfaces (APIs), which Monument integrated into its website. Monument used the information to target ads for its services to both current users who subscribe to the lowest cost memberships and to target new consumers, according to the complaint.

    Monument used these pixels and APIs to track “standard” and “custom events,” meaning instances in which consumers interacted with Monument’s website. The FTC says that Monument gave the custom events descriptive titles that revealed details about its users such as “Paid: Weekly Therapy” or “Paid: Med Management,” when a user signed up for a service. Monument disclosed this custom events information to advertising platforms along with users’ email addresses, IP addresses, and other identifiers, which enabled third parties to identify the users and associate the custom events with specific individuals, according to the complaint.

    4
  • 100%
    www.wired.com House Votes to Extend—and Expand—a Major US Spy Program

    The US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.

    6
  • security.googleblog.com How we built the new Find My Device network with user security and privacy in mind

    Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Keeping people safe and their data secure and private is a t...

    I saw this on infinity for Reddit earlier, I don't know if there's a workaround for this or not.

    90
  • www.theregister.com Hospital websites share visitors' data with Google, Meta

    Could have been worse – last time researchers checked it was 98.6%

    • Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals – essentially traditional hospitals with emergency departments – and their findings were that 96 percent of their websites transmitted user data to third parties.
    • Not all sites had privacy policies and of those that did, only 56% disclosed specific third parties receiving data.
    • Google and Meta (through Facebook Pixel) were on nearly every site and received the most data. Adobe, Verizon, Oracle, Microsoft, Amazon also received data.
    • Common data shared included IP addresses, browser info, pages visited, referring site.
    • Sharing data poses privacy risks for visitors and legal/regulatory risks for hospitals if policies don't comply with laws.
    • A class action lawsuit against Mass General Brigham and Dana-Farber resulted in an $18.4M settlement over sharing patient data.
    • Researcher calls for hospitals to collaborate with computer science departments to design more private websites. Also recommends privacy tools to block third party tracking.

    >But in the meantime, and in lieu of any federal data privacy law in the US, protecting personal information falls to the individual. And for that, Friedman recommends browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains. "It impacts your browsing experience almost none," he explained. "It's free. And you will be shocked at how much tracking is actually happening, and how much data is actually flowing to third parties."

    Note: Although Friedman recommends Ghostery and Privacy Badger, uBlock Origin is generally considered a better privacy-enhancing browser extension. Additionally, there exist multiple approaches for adblocking and tracker blocking beyond the browser extension model.

    10
  • proton.me Proton and Standard Notes are joining forces | Proton

    Proton and the end-to-end encrypted note-taking app Standard Notes are joining forces. We’ve long been admirers and are excited to welcome Mo and his team.

    Unfortunately for now there are not usable for me.

    • The 100MB storage limit feels ridiculous. ProtonMail offers 500MB basic with 1GB free upgrade, and ProtonDrive starts at 2GB up to 5GB free. It’s unclear why Standard Notes storage isn’t shared like these other Proton products.
    • Basic formatting tools like bold and italics are absent on free plan. What makes it different from notes in Proton Pass?
    • Jurisdictional troubles. It is not Swiss as Proton or SimpleLogin P.S: Their app looks like PWA (progressive web application) not as standalone app.
    9
  • www.bleepingcomputer.com OpenTable is adding your first name to previously anonymous reviews

    Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names.

    > Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names.

    > OpenTable notified members of this new policy change today in emails to members who had previously left a review on the platform, stating the change was made to provide more transparency.

    > "At OpenTable, we strive to build a community in which diners can help other diners discover new restaurants, and reviews are a big part of that," reads the OpenTable email seen by BleepingComputer.

    > "We've heard from you, our diners, that trust and transparency are important when looking at reviews."

    > "To build on the credibility of our review program, starting May 22, 2024, OpenTable will begin displaying diner first names and profile photos on all diner reviews. This update will also apply to past reviews.

    > When leaving reviews on OpenTable, members specify a "Review display name" that will be shown in the review, allowing feedback to be left anonymously.

    > Under this new policy change, a member's first name and profile picture will now be displayed in new and past reviews.

    9
  • I have some concerns about this app and I'm asking if it's useful or not, not the app itself but more the 3 protocols included in it. I2P, DNSCrypt and TOR. What is you opinion?

    7
  • If the owner of the standard notes will now be a proton, doesn't that contradict this principle? I have a proton email account but I don't want it linked to my standard notes account. I don't strongly trust companies that offer packaged services like google or Microsoft. I prefer to have one service from one company. I am afraid that now I will have to change where I save my notes. What do you guys think about this?

    51
  • www.wired.com DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

    Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

    Curious about everyone's thoughts on this.

    Archive link : https://archive.is/Ql81V

    19
  • I know the prevailing sentiment for a long time in the privacy community has been "DAE Youtube bad?" though I have always thought that it is kinda overblown. Besides, I am using Firefox which is supposed to isolate tabs so they can't speak to each other, so I felt a small amount safer using Youtube.

    You can take my post with a grain of salt since all I have are anecdotes, but can anyone else confirm encountering creepiness similar to my experiences:

    -Typing anything in another window that is not my browser, sometimes these words seem like they get picked up by the Youtube suggestion algo and then boom, I get suggested videos based off of those keywords. Recent example, I was copypasting the words "trans" and "talking" over and over for some nerd spreadsheet I am making (read: not transgender purposes) and what do you know, transgender videos about "How to change your voice" start popping up in my feed. Please know I have zero interest in transgender politics/culture/anything, it is not something I have ever searched for or engaged in online. Possible that Youtube is reading my clipboard? Reading my keystrokes?

    -Listening to an album via VLC, while Youtube is open in my browser. Suddenly, more tracks from that album start showing up in my suggested feed. Possible Youtube is reading the titles of other apps current open on my machine? (VLC changes its active title to the name of whatever file is currently open)

    -Have a Discord channel open in another tab, people there start posting things I am uninterested in and don't click on, but lo and behold, videos related to those things start appearing my feed. Tbh, I am the most jaded about Discord's privacy security because there is probably a direct communications pipeline between the Discord and Youtube where they link accounts to each other, even creating shadow accounts similar to how Facebook does. So while not surprising... still at least a little bit creepy, yes?

    edit: let me add a small bit of context. I use Youtube all the time as my personal version of Spotify. Adblock+Youtube still works for me and is very nice. So all of my Youtube video suggestions are always music related. If anything weird shows up in that feed (you know, not music-related stuff) it sticks out to me immediately.

    edit2: thanks for the replies, even if you are disagreeing with me. I promise you I am not the person downvoting everyone lol.

    18
  • safereddit.com popular

    View on Redlib, an alternative private front-end to Reddit.

    The purpose of this post is not to endorse the use of Reddit ([!](https://tosdr.org/en/service/194)), but rather to inform users of a privacy-friendly approach in case they need to utilize the platform.

    Redlib is a private front-end like Invidious but for Reddit.

    • 🚀 Fast: written in Rust for blazing-fast speeds and memory safety
    • ☁️ Light: no JavaScript, no ads, no tracking, no bloat
    • 🕵 Private: all requests are proxied through the server, including media
    • 🔒 Secure: strong Content Security Policy prevents browser requests to Reddit
    • Self-hostable

    Redlib currently implements most of Reddit's (signed-out) functionalities but still lacks a few features.

    Redlib Instances

    (If a particular instance doesn't work, try others to see if they work)

    |URL|Network|Version|Location|Behind Cloudflare?|Comment| |-|-|-|-|-|-| |https://safereddit.com|WWW|v0.31.0|🇺🇸 US||SFW only| |https://l.opnxng.com|WWW|v0.31.0|🇸🇬 SG||| |https://libreddit.projectsegfau.lt|WWW|v0.31.0|🇱🇺 LU||| |https://libreddit.bus-hit.me|WWW|v0.31.0|🇨🇦 CA||| |https://reddit.invak.id|WWW|v0.31.0|🇧🇬 BG||| |https://redlib.catsarch.com|WWW|v0.31.2|🇺🇸 US||| |https://reddit.idevicehacked.com|WWW|v0.31.0|🇺🇸 US||| |https://redlib.freedit.eu|WWW|v0.31.2|🇺🇸 US||| |https://redlib.perennialte.ch|WWW|v0.31.0|🇦🇺 AU|✅|| |https://redlib.tux.pizza|WWW|v0.31.0|🇺🇸 US||| |https://redlib.vimmer.dev|WWW|v0.31.2|🇵🇱 PL||| |https://libreddit.privacydev.net|WWW|v0.31.0|🇫🇷 FR||| |https://lr.n8pjl.ca|WWW|v0.31.2|🇨🇦 CA||| |https://reddit.owo.si|WWW|v0.31.0|🇩🇪 DE||| |https://redlib.ducks.party|WWW|v0.31.0|🇳🇱 NL||| |https://red.ngn.tf|WWW|v0.31.0|🇹🇷 TR||| |https://red.artemislena.eu|WWW|v0.31.0|🇩🇪 DE||Be crime do gay| |https://redlib.dnfetheus.xyz|WWW|v0.31.0|🇧🇷 BR|✅|| |https://redlib.cow.rip|WWW|v0.31.0|🇮🇳 IN|✅|| |https://libreddit.eu.org|WWW|v0.31.0|🇩🇪 DE||| |https://r.darrennathanael.com|WWW|v0.31.0|🇺🇸 US||contact noc at darrennathanael.com| |https://redlib.kittywi.re|WWW|v0.31.0|🇫🇷 FR||| |https://redlib.privacyredirect.com|WWW|v0.31.0|🇫🇮 FI||| |http://redlib.r4focoma7gu2zdwwcjjad47ysxt634lg73sxmdbkdozanwqslho5ohyd.onion|Tor|v0.31.0|🇩🇪 DE|✅|| |http://redlib.catsarchywsyuss6jdxlypsw5dc7owd5u5tr6bujxb7o6xw2hipqehyd.onion|Tor|v0.31.2|🇺🇸 US||| |http://libreddit.g4c3eya4clenolymqbpgwz3q3tawoxw56yhzk4vugqrl6dtu3ejvhjid.onion|Tor|v0.31.0|🇫🇷 FR||| |http://reddit.pk47sgwhncn5cgidm7bofngmh7lc7ukjdpk5bjwfemmyp27ovl25ikyd.onion/|Tor|v0.31.0|🇩🇪 DE||| |http://red.lpoaj7z2zkajuhgnlltpeqh3zyq7wk2iyeggqaduhgxhyajtdt2j7wad.onion|Tor|v0.31.0|🇩🇪 DE||Onion of red.artemislena.eu| For information on instance uptime, see the Uptime Robot status page.

    Comparison

    This section outlines how Redlib compares to Reddit in terms of speed and privacy.

    Speed

    Last tested on January 12, 2024.

    Results from Google PageSpeed Insights (Redlib Report, Reddit Report).

    | Performance metric | Redlib | Reddit | | ------------------- | -------- | --------- | | Speed Index | 0.6s | 1.9s | | Performance Score | 100% | 64% | | Time to Interactive | 2.8s | 12.4s |

    Privacy

    Reddit

    Logging: According to Reddit's privacy policy, they "may [automatically] log information" including:

    • IP address
    • User-agent string
    • Browser type
    • Operating system
    • Referral URLs
    • Device information (e.g., device IDs)
    • Device settings
    • Pages visited
    • Links clicked
    • The requested URL
    • Search terms

    Location: The same privacy policy goes on to describe that location data may be collected through the use of:

    • GPS (consensual)
    • Bluetooth (consensual)
    • Content associated with a location (consensual)
    • Your IP Address

    Cookies: Reddit's cookie notice documents the array of cookies used by Reddit including/regarding:

    • Authentication
    • Functionality
    • Analytics and Performance
    • Advertising
    • Third-Party Cookies
    • Third-Party Site

    Redlib

    Server

    • Logging: In production (when running the binary, hosting with docker, or using the official instances), Redlib logs nothing. When debugging (running from source without --release), Redlib logs post IDs fetched to aid with troubleshooting.

    • Cookies: Redlib uses optional cookies to store any configured settings in the settings menu. These are not cross-site cookies and the cookies hold no personal data.

    Settings and subscriptions are saved in browser cookies. Clearing your cookies will reset them. You can restore your current settings and subscriptions after clearing your cookies using the link given in the settings menu.

    [TIP] 🔗 Want to automatically redirect Reddit links to Redlib? Use LibRedirect or Privacy Redirect!

    Note: The above text presents an abridged and modified version of information found in the developer's documentation. Some context has been removed or altered for brevity. For the full and unmodified documentation, please see the original source.

    Additional Information on Frontends from Privacy Guides

    >Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. Frontends can allow you to get around these restrictions.

    >If you choose to self-host these frontends, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting, as other peoples' usage will be linked to your hosting.

    >When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance. They can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.

    14
  • www.bleepingcomputer.com New Windows driver blocks software from changing default web browser

    Microsoft is now using a Windows driver to prevent users from changing the configured Windows 10 and Windows 11 default browser through software or by manually modifying the Registry.

    31
  • techcrunch.com WordPress.com owner Automattic acquires multiservice messaging app Beeper for $125M | TechCrunch

    The deal, which was for $125 million according to sources close to the matter, is Automattic's second acquisition of a cross-platform messaging solution.

    Curious how none of the coverage of this launch mention that the app isn't actually open-source (though they pretend to be an open-source project), which makes all of their claims of "end-to-end encryption" worthless

    WordPress.com owner Automattic acquires multiservice messaging app Beeper for $125M

    By Sarah Perez (@sarahpereztc) 2024-04-09

    WordPress.com owner Automattic is acquiring Beeper, the company behind the iMessage-on-Android solution that was referenced by the Department of Justice in its antitrust lawsuit against Apple. The deal, which was for \$125 million according to sources close to the matter, is Automattic's second acquisition of a cross-platform messaging solution after buying Texts.com last October.

    | [!Screenshot of the Beeper app](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |

    That acquisition made Texts.com founder Kishan Bagaria Automattic's new head of Messaging, a role that will now be held by Beeper founder Eric Migicovsky, previously the founder of the Pebble smartwatch and a Y Combinator partner.

    Reached for comment, Automattic said it has started the process of onboarding the Beeper team and is "excited about the progress made" so far but couldn't yet share more about its organizational updates, or what Bagaria's new title would be. However, we're told he is staying to work on Beeper as well.

    | [!Screenshot of the Beeper app](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |

    Beeper and Texts.com's teams of 25 and 15, respectively, will join together to take the best of each company's product and merge it into one platform, according to Migicovsky.

    "\[Texts.com\] built an amazing app that's more desktop-centric and iOS-centric," he said. "So we'll be folding the best parts of those into our app. But going forward, the Beeper brand will apply to all of the messaging efforts at Automattic," he said, adding, "Kishan ... I've known him for years now --- there's not too many other people in the world that are doing what we do --- and it was great to be able to combine forces with them."

    The deal, which closed on April 1, represents a big bet from Automattic: that the future of messaging will be open source and will work across services, instead of being tied up in proprietary platforms, like Meta's WhatsApp or Apple's iMessage. In fact, Migicovsky says, the eventual plan after shifting people to the Beeper cross-platform app for managing their messages is to move them to Beeper's own chat protocol --- an open source protocol called Matrix --- under the hood.

    | [!Screenshot of the Beeper app](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |

    Automattic had previously made a strategic investment of \$4.6 million), another company building on Matrix, and it contributes annually to Matrix.org.

    Matrix, a sort of "spiritual successor" to XMPP, as Migicovsky describes it, offers an open source, end-to-end encrypted client and server communications system, where servers can federate with one another, similar to open source Twitter/X alternative Mastodon. However, instead of focusing on social networking, like Mastodon, it focuses on messaging.

    Migicovsky said the acquisition came about because running Beeper costs quite a bit of money and it was either time to raise more funding or find a buyer. To date, Beeper had raised \$16 million in outside funding, including an \$8 million Series A from Initialized. Other investors include YC, Samsung Next and Liquid2 Ventures, and angels Garry Tan, Kevin Mahaffey and Niv Dror, and the group SV Angel.

    "I've known Matt \[Mullenweg, Automattic founder and CEO\] for years now," Migicovsky said, adding that the WordPress.com founder had shown commitment to open source technology, like Beeper, where about half its product is already open source. "We were looking to find a partner that could financially support this. One of the reasons why there are no other people building this type of app is it costs a surprisingly large amount of money to build a damn good chat app," Migicovsky noted.

    As for Beeper's products, the company has now briefed the DOJ on what happened when Apple blocked its newer app, Beeper Mini, which aimed to bring iMessage to Android. That solution is no longer being updated as a result of Apple's moves.

    | [!Screenshot of the Beeper website](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |

    Beeper on Android launches to all

    The company is instead releasing an updated version of its core app, Beeper, on Android. Unlike Beeper Mini, which focuses only on iMessage, the main app connects with 14 services, including Messenger, WhatsApp, Telegram, Signal, Instagram DM, LinkedIn, Twitter/X, Discord, Google Messages and others. Android is its biggest platform by users, as 70% are on Google's smartphone OS.

    In this rewritten version of Beeper, the company is starting to roll out fully end-to-end encrypted messages across Signal. That will be soon followed by WhatsApp, Messenger and Google Messages.

    Because of Apple's restrictions, iMessage only works if you have an iPhone in the mix, Migicovsky says, and will not be a focus for Beeper, given the complications it saw with Apple's shutdown of Beeper Mini. However, Beeper is hopeful regulations could change things, pointing to the DOJ lawsuit and FCC investigation. In the meantime, Beeper supports RCS, which solves iMessage to Android problems like low-res images and videos, lack of typing indicators and encryption.

    With the launch out of beta, the new app includes a new icon, updated design, instant chat opens and sends, the ability to add and modify chat networks directly on Android (no desktop app needed), local caching of all chats on the device and full message search.

    The 10,000 Android beta testers already on Beeper will need to download the new app manually from Google Play --- it won't automatically update.

    | [!Screenshot of the Beeper website](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |

    In addition, the 466,000 or so people on Beeper's waitlist will now be able to try the product. They'll join over 115,000 users who have already downloaded the app, which is now used by tens of thousands daily. The app runs on Android, iPhone, iPad, ChromeOS, macOS, Windows and Linux.

    The team expects to have feature parity across platforms in a matter of months as they overhaul the iOS and desktop apps.

    In time, they plan to add other services to Beeper as well, including Google Voice, Snapchat and Microsoft Teams. Beeper also offers a widget API so developers can build on top of Beeper. Plus, since Matrix is an open standard, developers will be able to build alternative clients for Beeper, as well.

    The app will generate revenue via a premium subscription, where the final price may be a couple of dollars per month, but pricing decisions haven't yet been fully nailed down. Beeper is currently free to use.

    Like Automattic, Beeper's team is remotely distributed, with employees in Brazil, the U.K., Germany and the U.S. At present, Texts.com will continue to operate as the teams begin to integrate the two messaging apps.

    47
  • Screenshots:

    ! ! ! ! ! ! ! !

    Breezy Weather is a free and open-source Android weather app, forked from Geometric Weather, adding new features, sources, modernizing code, fixing bugs, updating dependencies for security reasons, etc., while keep having a smooth user and developer experience in mind.

    Features

    • Weather data

      • Daily and hourly forecasts up to 16 days
        • Temperature
        • Air quality
        • Wind
        • UV index
        • Precipitation
        • Feels like temperature
      • Hourly forecasts
        • Humidity / Dew point
        • Pressure
        • Cloud cover
        • Visibility
      • Precipitation in the next hour
      • Air quality
      • Pollen & Mold
      • Ephemeris (Sun & Moon)
      • Severe weather and precipitation alerts
      • Real-time weather conditions
        • Temperature
        • Feels like
        • Wind
        • UV index
        • Humidity
        • Dew point
        • Atmospheric pressure
        • Visibility
        • Cloud cover
        • Ceiling
    • Multiple weather sources

    • Large selection of home screen widgets for at-a-glance information

    • Live wallpaper

    • Custom icon packs

      • Geometric Weather icon packs
      • Chronus Weather icon packs
    • Automatic dark mode

    • Looking for radar? Check out this document

    • Free and Open Source

      • No proprietary blobs/dependencies (versions 5.0.0-alpha and later)
      • Releases generated by GitHub actions, guaranteeing it matches the source code
      • Fully works with Open-Meteo (FOSS source)
    • Privacy-friendly

      • No personal data collected by the app (link to app privacy policy)
      • Multiple sources are available, with links to their privacy policies for transparency
      • Current location is optional and not added by default
      • If using current location, an IP location service can be used instead of GPS to send less accurate coordinates to weather source
      • No trackers/automatic crash reporters

    Note: If the link isn’t working for you or if you can’t find the app, update the default F-Droid repository in your F-Droid client.

    25
  • restoreprivacy.com Google Agrees to Delete Billions of Files Collected in Chrome Incognito

    Google has agreed to wipe billions of records it collected from over 136 million Americans, users of its Chrome browser, as part of a settlement for a 2020 lawsuit.

    58
  • edit: please see comments for more informed insights.

    I am currently investigating and reverse engineering free VPNs for a master thesis, and just came across something I thought I'd share. VPN in this case is 1clickvpn.net, not .com!

    I'm sharing this as a warning as to never use free vpns! They are most often the opposite of what they promise to be. (by free I do not mean the free versions of premium services). But either way; be careful about your VPN choice, as they have access to a lot of sensitive data. I'm sure most peeps here know of this already, but next time you hear someone using a free vpn, let them know...

    This first image/code was sitting inside a file called NetworkModule, with some hella weird external links.

    1. addrDOTcx, seems to have been linked to malware? Comes up flagged as malicious a few times on VirusTotal.
    2. freevpnDOTzone, seems to be another free possible malicious VPN service, might investigate this one later.
    3. bigbrolookDOTcom, seems to longer be a registered domain. But wtf? Was this VPN service linked to p*rn??
    IMAGE HERE; Don't visit these links unless you know what you're doing.

    !

    Furthermore, there is this interesting find; Now I am no expert coder, frankly quite the amateur. But does the below code really mean what I think it does? Seems like it could be creating a fake connection?. This is more-less normal behaviour it seems, considering it is a local address it is probably used for testing purposes or making the app not crash if a connection cant be established. ! Is used once here; !

    Stay safe 🌻

    18
  • I feel like this may be a bit of a counterintuitive question considering Graphene's privacy features but, is there a way to remote erase or find my phone with GrapheneOS in the event the phone is lost?

    7
  • cdt.org Wolf In Sheep’s Clothing: A Planned Amendment to This Week’s Vote Would Be the Largest Expansion of FISA in Over 15 Years

    This week the House is set to vote on legislation to renew Section 702 of the Foreign Intelligence Surveillance Act (“FISA 702”), along with a set of amendments. One of these amendments — put forward by House Intelligence Committee leads Mike Turner and Jim Himes — would expand warrantless FISA surv...

    That's not good.

    > This week the House is set to vote on legislation to renew Section 702 of the Foreign Intelligence Surveillance Act (“FISA 702”), along with a set of amendments. One of these amendments — put forward by House Intelligence Committee leads Mike Turner and Jim Himes — would expand warrantless FISA surveillance dramatically: While falsely billing itself as a minor definitional tweak, in reality the amendment would be the largest expansion of FISA since Section 702 was created in 2008. It could be used to enlist an array of sensitive facilities — such as offices for nonprofits, political campaigns, and news organizations — to serve as hubs for warrantless surveillance.

    If you’re in the US, now’s a great time to contact Congress. You can either call the Congressional switchboard at (202) 224-3121 or use the House directory to look up your legislators’ contact info.

    > “Stop the FBI from expanding warrantless surveillance of innocent Americans. OPPOSE the FISA amendment from Reps. Turner and Himes, which would be the largest expansion of FISA since Section 702 was created in 2008. And please oppose any attempt to reauthorize FISA Section 702 that doesn’t include warrant requirements, both for Section 702 data and for our sensitive, personal information sold to the government by data brokers.”

    3
  • 97%
    www.aalto.fi Keeping your data from Apple is harder than expected | Aalto University

    New study shows that the default apps collect data even when supposedly disabled, and this is hard to switch off

    19
  • cross-posted from: https://lemmy.world/post/14131393

    Recently discovered the following two addresses in my DNS-filter, 26.26.26.1 and 26.26.26.2. How can I confirm that these belong to? These are both public-ip addresses but seems to be owned by the US Military?

    If I look at https://www.abuseipdb.com/check/26.26.26.2, it says it belongs to:

    • ISP: DoD Network Information Center
    • Type: Military
    • Country: US.

    What does this mean? As far as I've researched, its got something to do with Socks protocol? This Github repo I found seems to be using it too, but why is it used? If anyone knows, id very much appreciate your help.

    https://github.com/PeterCxy/SocksDroid/blob/master/app/src/main/groovy/net/typeblog/socks/SocksVpnService.groovy

    edit1: formatting

    edit2: Found an additional GH Repo that use the same IP addresses for something called V2RayVPNService: https://github.com/2dust/v2rayNG/blob/master/V2rayNG/app/src/main/kotlin/com/v2ray/ang/service/V2RayVpnService.kt

    edit3: This blogpost explains it quite well. https://blog.erratasec.com/2013/12/dod-address-space-its-not-conspiracy.html > The reason all these address spaces are DoD is because that's really the only source of unused IPv4 addresses left. All IPv4 address ranges have been assigned. But, the DoD has been assigned 20% of the IPv4 address space, but most of it is used within the DoD, on their own private networks, and is not routable to the outside world. Thus, if you are looking for a large chunk of "private" addresses that won't suddenly one day be assigned to Akamai or Amazon (and thus, explode in your face), then DoD addresses are the way to go.

    7
  • Recently stumbled upon this note-taking app called SiYuan, but it honestly looks a bit too good to be true(?). Has anyone here used it or got any experience with it? Trying to replace Obsidian is a difficult task, and I've been through almost all note-taking apps there are out there, however this one looks fairly similar.

    Link to Repo;

    https://github.com/siyuan-note/siyuan

    Link to project;

    https://b3log.org/siyuan/en/

    42
  • HeliBoard keyboard is an improved fork of the now-unmaintained OpenBoard keyboard. It does not require internet permission, allowing it to be used 100% offline.

    Features

    • Add dictionaries for suggestions and spell check

      • Build your own, or access them here, or in the experimental section (quality may vary)
      • Additional dictionaries for emojis or scientific symbols can be used to provide suggestions (similar to "emoji search")
      • Note that for Korean layouts, suggestions only work using this dictionary; the tools in the dictionary repository cannot create working dictionaries
    • Customize keyboard themes (style, colors, and background image)

      • Can follow the system's day/night setting on Android 10+ (and on some versions of Android 9)
      • Can follow dynamic colors for Android 12+
    • Customize keyboard layouts (only available when disabling system languages)

    • Multilingual typing

    • Glide typing (only with closed-source library ☹️)

      • Library not included in the app, as there is no compatible open-source library available
      • Can be extracted from GApps packages ("swypelibs"), or downloaded here
    • Clipboard history

    • One-handed mode

    • Split keyboard (only available if the screen is large enough)

    • Number pad

    • Backup and restore your learned word/history data

    Hidden Functionality

    Features that may go unnoticed, and further potentially useful information

    • Long-pressing the Clipboard Key (the optional one in the suggestion strip) pastes system clipboard contents.
    • Long-pressing keys in the suggestion strip toolbar pins them to the suggestion strip.
    • Long-press the Comma-key to access Clipboard View, Emoji View, One-handed Mode, Settings, or Switch Language:
      • Emoji View and Language Switch will disappear if you have the corresponding key enabled;
      • For some layouts, it's not the Comma-key, but the key at the same position (e.g. it's q for Dvorak layout).
    • When incognito mode is enabled, no words will be learned, and no emojis will be added to recents.
    • Sliding key input: Swipe from shift or symbol key to another key. This will enter a single uppercase key or symbol and return to the previous keyboard.
    • Hold shift or symbol key, press one or more keys, and then release shift or symbol key to return to the previous keyboard.
    • Long-press a suggestion in the suggestion strip to show more suggestions, and a delete button to remove this suggestion.
    • Swipe up from a suggestion to open more suggestions, and release on the suggestion to select it.
    • Long-press an entry in the clipboard history to pin it (keep it in clipboard until you unpin).
    • Swipe left in clipboard view to remove an entry (except when it's pinned)
    • Select text and press shift to switch between uppercase, lowercase, and capitalize words
    • You can add dictionaries by opening the file
      • This only works with content-uris and not with file-uris, meaning that it may not work with some file explorers.
    • Debug mode / debug APK
      • Long-press a suggestion in the suggestion strip twice to show the source dictionary.
      • When using debug APK, you can find Debug Settings within the Advanced Preferences, though the usefulness is limited except for dumping dictionaries into the log.
        • For a release APK, you need to tap the version in About several times, then you can find debug settings in Advanced Preferences.
        • When enabling Show suggestion infos, suggestions will have some tiny numbers on top showing some internal score and source dictionary.
      • In the event of an application crash, you will be prompted whether you want the crash logs when you open the Settings.
      • When using multilingual typing, the space bar will show a confidence value used for determining the currently used language.
    • For users doing manual backups with root access: Starting at Android 7, some files and the main shared preferences file are not in the default location because the app is using device-protected storage. This is necessary so the settings and layout files can be read before the device is unlocked, e.g., at boot. The files are usually located in /data/user_de/0/<package_id>/, though the location may depend on the device and Android version.

    Planned features and improvements:

    • Customizable functional key layout
      • Will likely result in having the same functional key layout for alphabet and symbols layouts
    • Support for alt, ctrl, meta and fn (#479)
    • Less complicated addition of new keyboard languages (e.g. #519)
    • Additional and customizable key swipe functionality
      • Some functionality will not be possible when using glide typing
    • Ability to enter all emojis independent of Android version (optional, #297)
    • (limited) support for customizing all internally used colors
    • Add and enable emoji dictionaries by default (if available for language)
    • Clearer / more intuitive arrangement of settings
      • Maybe hide some less used settings by default (similar to color customization)
    • Customizable currency keys
    • Customizable clipboard toolbar keys (#513, #403)
    • Ability to export/import (share) custom colors
    • Make use of the .com key in URL fields (currently only available for tablets)
      • With language-dependent TLDs
    • Internal cleanup (a lot of over-complicated and convoluted code)
    • (optionally?) move toolbar key pinning to a setting, so long press actions on unpinned toolbar keys are available
    • Bug fixes

    What will not be added:

    • Material 3 (not worth adding 1.5 MB to app size)
    • Dictionaries for more languages (you can still download them)
    • Anything that requires additional permissions
    35
  • Apparently Apple can end-to-end encrypt your iCloud, but it’s opt in because they still want to profit off your data >_<

    To enable this, go to Settings -> iCloud -> Advanced Data Protection

    You need to have all the devices under your apple account to be fully updated, and you’ll need to remember a 28-key passphrase for recovery

    I hate how big tech treats privacy as an afterthought. This should have been the default. But oh well. Spread the world people.

    19
  • My main laptop is dead, so I'm on a potato laptop with a 6th gen Intel i3 processor and 4GB of RAM. I have IceCat installed, but I really don't like the defaults it provides.

    Maybe I am in the wrong here, but from the Arkenfox page, I've read that having way too many extension is bad - there's an unbelievable amount of these plugins. IceCat being on the older ESR version is a big no when it comes to security. Last but not the least, I want to create a separate, non-secure profile to use normal pages, but IceCat has hard-coded blocks on several websites.

    And that is exactly why I'm looking to move to LibreWolf. But the issue is that there is no pre-built binaries available for my distro. I've waited the entire day for this browser, and I'm tired of having to come back to a frozen desktop, or build fails while waking from sleep.

    I'm trying the build once again, and I just wanted to know how long it takes to build, so that I can leave it uninterrupted.

    24
  • I am not satisfied with Linux's security and have been researching alternative open source OS for privacy and security So far only thing that's ready to use is GrapheneOS (Based on Android) but that's not available on desktop (Though when Android release Desktop mode it may become viable)

    Qubes OS is wrapper around underlying operating systems, so it doesn’t really fix for example Linux’s security holes it just kinda sandbox/virtualize them

    OpenBSD is more secure than Linux on a base level but lack mitigations and patches that are added to linux overtime and it's security practices while good for it's time is outdated now

    RedoxOS (Written in Rust) got some nice ideas but sticks to same outdated practices and doesn't break the wheel too much, and security doesn't seems to be main focus of OS

    Haiku and Serenity are outright worse than Linux, especially Haiku as it's single user only

    Serenity adopted Pledge and Unveil from OpenBSD but otherwise lacks basic security features

    All new security paradigms seems to be happening in microkernels and these are the ones that caught my eyes

    None of these are ready to be used as daily driver OS but in future (hopefully) it may change

    Genode seems to be far ahead of game than everything else

    Ironclad Written in ADA

    Atmosphere And Mesosphere Open Source Re-implementation of Nintendo Switch's Horizon OS, I didn't expected this to be security-oriented but seems like Nintendo has done a very solid job

    Then there are Managarm, HelenOS, Theseus but I couldn't figure out how secure they are

    Finally there is Kicksecure from creators of Whonix, Kicksecure is a linux distro that plans to fix Linux's security problems

    if you know of any other OS please share it here

    56
  • Idk if this is the right instance for this, but how fucking tired of these forced ads at gas pumps is everyone else?

    I'm paying 4 bucks a gallon to have you shove advertising down my throat like an erect cock?

    What the actual fuck

    Anyone have any good ad blocking practices for this?

    I've seen duct or painters tape covering the speakers...

    You can press a button next to the screen to mute it, but this doesn't work at all gas stations. (Usually its the 2nd from the top on the right side)

    I guess its just time to gettoblast music every time I pump gas like back when I was 19....

    327
  • Are comments no longer visible for anyone else using the youtube frontends? I can no longer see comments with either invidious, piped, or viewtube, and I've tried several instances of each. With invidious there's just nothing there below the video description. With viewtube I get an error message. And with piped I see placeholder text "Avatar, null, -1 replies" in place of every comment. The last one is kind of funny actually, and better than most comments anyway.

    I'm assuming youtube/google did something fucky again to try to dissuade people from doing what they can to escape their bullshit and hopefully viewing the comments on videos will be back to normal when the frontend devs make it work again in a couple days. But I figured it would be worth checking here to make sure it's not just on my end. Then again, it will probably be better for my sanity and my struggle not to descend into sheer misanthropic hatred if I just never read youtube comments again.

    24
  • Is it possivle to debloat a fire tv stick? I.e. remove all amazon related apps and replace the launcher. The info I find online is scattered around and depends on the version.

    24
  • !

    For some years I have been using several of these apps, and just (re)discovered that they have plenty more than the 5 or 6 I use. Wanted to share. This webpage is in German, but apps description in F-droid are in English.

    2
  • cross-posted from: https://lemmy.blahaj.zone/post/10889989

    Big news in DC: a new bipartisan, bicameral proposal for a "compromise" federal privacy bill, the American Privacy Rights Act (APRA). At this point, take it all with a grain of salt; in 2022, the initial draft of the bill was promising, but it got weakened substantially by the subcommittee and then weakened further by the committee. I haven't read the discussion draft yet so don't have any strong opinions on it.

    6
  • simplex.chat SimpleX Chat: private and secure messenger without any user IDs (not even random)

    SimpleX Chat - a private and encrypted messenger without any user IDs (not even random ones)! Make a private connection via link / QR code to send messages and make calls.

    >SimpleX Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations.

    -privacyguides.org

    It's clearly proving to be the most innovative technology when it comes to decentralized communication, in my opinion.

    126
1171 Active users