> When I announced I would be closing my communities earlier this year, a curious thing happened: a surprising number of regulars replied with some variation of “I think this is my exit.” While some were specifically talking about Matrix, claiming that mine was the only room they were really active in and therefore they saw no point to having a Matrix account anymore, at least one specifically announced they would be quitting privacy entirely, save for a few basic techniques like using a password manager and being mindful of what to post online. While I didn’t expect the number of people responding that way, I was expecting that response from one or two people. If you check any given privacy forum – especially the ones with a heavy overlap of mainstream users such as Reddit – you’ll find no shortage of people asking “is all this work worth it?” and/or announcing that they’re giving up privacy because it’s too much work. So what gives? Is privacy worth the work?

cross-posted from: https://lemmy.ca/post/21465918

> iOS 17.5 Bug May Also Resurface Deleted Photos on Wiped, Sold Devices > > https://forums.macrumors.com/threads/ios-17-5-bug-may-also-resurface-deleted-photos-on-wiped-sold-devices.2426698/

I didn't know my city was cool enough to put signal flyers.

>Firefox’s Enhanced Tracking Protection (Strict Mode) is known to cause issues on x.com

There were no "issues"; everything was working completely fine. This is a deliberate decision to force people to turn off tracking protection.

I saw a recommendation to use Firefox's container extension https://support.mozilla.org/en-US/kb/containers, but it's disabled in private browsing windows, and I always use private browsing windows.

Visa is rolling out new technology that will allow the payments giant to share more information about customers' preferences [non-paywalled source] based on their shopping history with retailers as it seeks to remain a top player in the competitive e-commerce space. From a report:

> The data will be shared via the payments giant's proprietary "tokens," which provide an added layer of security between a consumer's bank information and a merchant. Shopping inclinations and other information based on past transactions -- such as preferred categories, like movies or golf -- will be shared via token with retailers with the consent of consumers.

> "It's almost entirely blind to almost all consumers," Visa Chief Executive Officer Ryan McInerney said in an interview of the company's token technology. "They just know their payments work better." The sharing of shopping data via token is one of a handful of innovations Visa unveiled at a conference in San Francisco, where it's based. Visa, one of the largest e-commerce technology companies in the world, is finding itself increasingly fending off competitors seeking larger slices of the fees merchants must pay to carry out consumer transactions.

Abstract credit: https://slashdot.org/story/428471

hey mah doods

what happens if the instanc im using in invidious shuts down? all my playlists will be gone? bruh........

It has finally happened...not surprised though.

It's not quite enough for me, personally, but this is a small step in the right direction.

I think that the real "down near the metal" solution is to own a dumb car, but those are getting thin on the ground . . .

I miss the days of VHS and DVD shelfs in homes, for example. If you bought the tapes and had them in your home, no corporate entity could alter those tapes without your consent, monitor how many times you watch them, sell your data to whomever they please without your knowledge, roll out new mandatory conditions to a 'user agreement,' or remove them from your library if/when they like.

I noticed some dumb change in how Dictionary definitions are shown in the Spotlight (ie, overall search my computer function) in MacOS this week. I've turned off all auto-updates, and I didn't make that change or consent to it. But despite paying the full price all by myself for this machine, I clearly don't have 100% control over it. It seems very clearly to me that consumers having control and privacy over their Internet-connected devices is a bygone era.

After Blizzard, the video game company, replaced copies of Warcraft 3 that I and others had paid for in full and installed on our computers that we could play without connecting to the Internet with a lower-quality copy that prohibited offline play - I swore I'd never pay for a video game again*, and 3 years later I haven't backslid on that. I felt so angry, cheated, and robbed by that. (*Edit: my criticism and frustration is really more with larger developers/companies/creators - I appreciate and am happy to support smaller, more independent and libre ones.)

Many people probably won't be bothered by these things, but I am. I don't want to pay full price for something that I don't truly own. I miss the familiarity. I miss the reliability. I miss feeling like it's mine. Dependable. Trustworthy.

Picking my old guitar up again has never looked so appealing. I think I want to go back to investing more time, money, and energy into things that aren't connected to the internet

cross-posted from: https://lemy.lol/post/25062075

Why most services that want to protect user privacy. Also those on privacyguides, don't have anonymous payment methods like cryptocurrencies? I pay for a few such services like email or cloud etc. but I don't know if it makes sense if my bank knows I'm using it anyway so they can sell that info to advertisers, gov, etc. In EU services like mysudo or privacy.com are unavailabe so I can't use masked cards. What is then the profit of using such services if I don't pay for them with cryptocurrencies and they can be easily linked to me?

I have my personal blog, made with Hugo and hosted on GitHub pages. Initially I did not turn on any kind of web tracking / web analytics, because I do not like tracking at all. But I want to make my blog better and to achieve it, I need a feedback loop about traffic. For example, what are the most popular publications, or how many people view my blog from mobile devices, etc.

So, my question is, what is the most appropriate (ot the less evil) way to track a web traffic?

An answer "there is no good way to do it without breaking user's privacy" is acceptable too, I did not decide yet turning on the analytics. Instead I'm interested in an opinion of the community.

Thanks in advance!

I discovered this recently, I think it's a fork of Lineage? Some stuff they list is already part of Lineage but some seems extra

• Desktop Mode (is this in Lineage?)
• Implements Work profiles natively without Shelter
• Gesture Typing
• UI for Game Mode API
• Per App Volume
• Equalizer
• Auto Reboot
• Global VPN (use vpn for both personal and work profiles)
• Panic Button
• Native App Lock for any device

Overall this looks really amazing for anyone wanting more security and customization features than Lineage offers.

I'm thinking of switching to it. Can anyone give their experiences with it? Sadly they dont seem to have an in-depth document detailing the differences with Lineage or details of the features that are specific to them

I'd especially enjoy knowing how privacy preserving they are compared to Lineage, connections to google and all that. or if anyone can show me an in-depth review of LMO Droid.

This is probably not the right community but I haven't found a better one.

So I watched a video from Seytonic where he mentiond that some malware creates a windows link with the name of the usb on a usb. So I checked my usb because I remembered that I had to click 2 times on my usb to opened it. I found a link that contained cmd.exe and a name of a file next to it. Upload to the virustotal showed Raspberry Roblin worm.

I use Linux but my familly uses windows so I will have to go through all familly computers and remove the worm. Where can I find info how to remove this specific worm - Raspberry Roblin? On google I found a description about how the worm works but not specific files it creates and how to remove it.

The first page that shows up is microsoft.com and it says that windows defender detects the worm, but clearly it doesnt.

Edit: The worm was on one computer and it did not have windows defender installed. Seems like malware removed it and also disabled automatic updates. I installed MalwareBytes and sucessfully removed the worm :)

I have been pro privacy and anti data harvesting for many years now, however it is becoming increasingly more difficult staying off some platforms. Mostly Meta.

Over the years I have convinced most of my friends and family to use Signal instead of WhatsApp. However, there are still chat groups that I am missing from, and trying to keep up to date with local events seems next to impossible without Facebook or Instagram.

Additionally, I am finding it more and more tiring to have the awkward "No I don't have WhatsApp. No I don't have Facebook either. Or Instagram, sorry. Do you want to try an app that you've never heard of to stay in contact with me?" every time I meet someone new.

I saddens me that it feels like the multi-billion dollar data harvesting companies are winning, but I no longer know if this is a hill that I'm willing to die on.

What are your thoughts on what we have to give up in our lives just to stay in control of our personal information?

Title says it all--a fellow bricoleur just turned me on to the No Trace Project and I'm curious to know if anyone else here has looked into it and the quality of the information therein. Thanks in advance!

cross-posted from: https://beehaw.org/post/13793778

> Fake WhatsApp and Instagram apps that can steal personal data

Please write the 3 phone brands (in order please) which you think they bring the least number of third-party apps.

Notes:

• 1- PrivacyGuides recommends Google Pixel. But it is not selling on my country. I can not bring it from other countries because it will not have warrant.

• 2- We also don't have fair-phone and nothing-phone (i can not bring it from another country).

• 3- we only have: general-mobile, huawei, samsung, asus, tcl, htc, xiaomi, vivo, infinix, oneplus.

• 4- please dont recomend custom ROM. Its technically difficult for me. Also I will recommend the device to my friend (they don't have even an idead what is custom-rom)

I've been feeling uneasy about the privacy implications of using Lemmy and similar platforms. The ability for anyone to view your entire posting history feels to me like publicly sharing my browser history. In contrast, most other social media platforms allow you to limit your feed visibility to just friends or followers.

I'm curious to hear from the community - what are the most private social media platforms you've come across? I vaguely remember stumbling upon one that automatically removed content after six months and had some other interesting privacy features. Can anyone refresh my memory or recommend some other private alternatives?

Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn't pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn't find anything. Haven't found any recommendations on the privacyguides website either. Any help would be appreciated!

Thanks

Is it just me or do Instagram videos loaded via Pixwox always buffer for you too?

Happy Net Box is an experimental internet social experience based on the arcane and near-forgotten retro internet protocol known as FINGER.

Finger is a command line tool that comes pre-installed on Macs and Windows and most Unix systems. It allows you to retrieve information about a "user" on "the internet" -- but it doesn't use the web!

hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhv

Welp I guess this is the perfect example of companies not deleting your credentials and account info when asking for it... I deleted my Notion account several years ago. And completely randomly today got an email from them about data retention, assuming this is one of those "important" emails they have to send out. Sadly, years ago I wasnt using email-aliases like I am today, so still stuck with them having my email. Fuck I hate this so much. Thought I'd just share this lesson, use alises my friends!

I wanted to degoogle since Google has been most annoying so far with S21FE. Was thinking of getting Pixel 8a but due to mixed reivews I was looking for other phones. Thoughts on this? Would be also nice if I can get some opinions from people who have the phone as well.

I've been a social media hermit for the past 3 years but recently I've given up and created a few accounts across different apps again. It's unreal how strict the requirements are now.

1. Give e-mail (ok)
2. Give phone number (.... eeh, ok)
3. Use the new account for a while
4. Account suspended, please upload selfie to continue (no thanks xi). There are also some verification promps where you have to record a video and rotate your face left to right

If this isn't a message to move to indie web I don't know what is

I've been seeing a lot of confusion around the TunnelVision vulnerability. While I'm no expert, I've done a fair share of research and I'll edit this post with corrections if needed. The goal of this post is to answer the question: does this affect me?

Two sentence summary of the vulnerability

When you use a commercial VPN like Mullvad or NordVPN, the VPN client tells your system to redirect all traffic through the VPN. This recent vulnerability shows that a malicious device on the network can trick your system into redirecting traffic to their device instead.

Claim: just don't connect to hostile networks!

This is hard in practice. For most people, the only "trusted" networks are your home network and your workplace. So you still have to worry about coffee shops, airports, hotels, restaurants, etc. And if you are using cellular data, the cellular tower can perform this attack to snoop on your traffic.

Claim: but I trust the hotel owner, restaurant owner, etc

This attack allows any device on the network to impersonate a DHCP server and attack your system, not just the router. And while there are router settings that can prevent devices on the network from talking to each other, afaik they are rarely used. So even if you trust the owner of the cafe, you have to also trust everybody else in the cafe.

Claim: if you use HTTPS you are safe!

If the attacker redirects traffic to their machine, then even if you use HTTPS, the attacker can still see what websites you connect to, they just can't see what you are sending or receiving. So basically they can steal your browsing history, which defeats the purpose of a commercial VPN for many users.

Claim: Linux users are safe!

Not quite. The report says that Linux has a feature that is able to fully defend against this vulnerability, called network namespaces. So if your VPN uses that, congratulations. Afaik most VPNs do not use this, and instead use a kill-switch or a firewall. In which case Linux, Mac, and Windows users are all affected the same way, and I go into it more in the next claim.

Claim: if you use a kill-switch you are safe!

The term "kill switch" gets thrown around a lot but there's actually two major ways that a kill-switch can be implemented. The first way is a more literal "kill switch" - when the VPN connection drops, the kill switch is triggered and blocks leaks. The other way is a persistent firewall, which blocks leaks all the time.

If your VPN client uses the first kind, then bad news, it won't protect you against this attack. This is because the VPN connection is never dropped, so the kill switch is never triggered. NordVPN was caught using this poor practice, to nobody's surprise (more info here).

If your VPN uses the second kind, then you should be safe. For example, Mullvad published a statement about how they are not vulnerable here. I would hope that any competent VPN would also use a persistent firewall, but if your VPN provider hasn't published a statement yet, unfortunately your only other option is to inspect the VPN client yourself.

That being said, even if your VPN uses a persistent firewall, you may have read in the report that there's a "side-channel" attack still possible...

Claim: even if you use a firewall, there's a side-channel attack

This is true, but from what I read the side-channel is actually very hard to pull off and gain any useful information from. You can read some discussion about it here. My takeaway is that if you're a regular user, you don't have to worry about it. But we should still push VPN providers and network engineers to use network namespaces in their applications, since they are more resistant to these kinds of attacks.

Claim: you shouldn't trust commercial VPN providers anyways

This is not really about the vulnerability but I've seen it a lot in the discussions. I think it's a mischaracterization of why people use VPNs. If you are using the internet, somebody has to send that traffic to your destination. The three major options are your ISP, a VPN provider, or Tor. Depending on your location and your circumstances, you will trust these three differently. In the EU, ISPs are not allowed to sell data. In the US, ISPs are allowed to, and have been caught doing so. VPNs can sell data too but they risk losing their entire business. Tor is much harder to judge, but the bigger issue with Tor is that many websites block it.

Further reading:

• Official Report
• Official TLDR and FAQ
• Arstechnica article
• Hacker News discussion
  • one of the original researchers is active in this discussion, see comments by @morattisec

Hey all,

I've been using a commercial VPN for years on my mobile devices and home PCs. Recently I've started to use Tailscale and realized I can easily create a self-hosted VPN on a cheap VPS with unlimited traffic.

But I'm not really sure if that's what I need. BTW, I'm not doing anything dangerous, no torrents, no illegal stuff, no journalism or whistleblowing, not even looking up abortion clinics. I just hate mass surveillance and I don't want to be constantly profiled.

Commercial VPN allows to "hide in a crowd" by sharing IP with thousands of other clients. But there are a few issues:

1. Often sites blacklist VPN IPs, so I can't get in or pass captcha
2. Performance is not very good
3. I have to trust VPN to not keep the logs and not sell data. I used Mullvad and they are considered reliable, but you never know until it's too late

With self-hosted VPN, I'm losing benefit of "hiding in crowd" as my VPN will be used only by me and maybe a couple of other people. My understanding is that my VPS outgoing traffic is from static server IP. So if I login to Facebook once, the address is associated with me. I'll also have to trust VPS provider to not analyze my traffic and sell it. On other hand, I'm still protected from my ISP spying, from exposing my real IP address to web sites, from dangers of public WiFi networks. And I might get better performance for about the same price.

What's your take on VPNs? Tell me if you are using self-hosted VPN and why.

cross-posted from: https://leminal.space/post/6433881

By the way, the earlier posted article https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain had an update starting at the paragraph with title Update: Statement from Proton and additional commentary

I have a LinkedIn account which is

• 5 years old.
• both SMS and Gmail verified (via code).
• all information filled (experience, personal, jobs, profile photo etc).
• all information are real.
• I logged-in million times to account from my home (without virtual-private-network).
• My account is cached by Google.

The Gmail account which verified by LinkedIn:

• I also have buy with my personal credit card a google-service (its not important which service).
• my phone number and Gmail is already verified by my government's national-digital-system (I am legally the responsible of this gmail and mobile number).

Depending on the above information

• A- I think my account is already linked with me by big-brothers.
• B- If something bad happens legally, I can never say that "this account does not belong to me". I already talked this topic with different lawyers.

Therefore I don't see any reason to do not verify the account.

My questions

I would like to hear your thoughts about below questions:

• 1- should I have privacy concerns if I verify my account via national-identity card?
• 2- should I have privacy concerns if I verify only "workplace verification". Because it only sends a code to my company email. No identity card needed. No additional steps.