Privacy

36501 readers
420 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
1
 
 

I'm discovering a new OS and I feel like I need to learn everything from scratch. I don't even know which ad block to use.

The first thing I did opening Safari was to search for Ublock Origin. But it is not available anymore since 2019 :-(

2
 
 

cross-posted from: https://lemm.ee/post/60408809

ProtectEU

Additionally, the Commission envisions expanding Europol's role, effectively transforming it into a European equivalent of the FBI, with enhanced operational capabilities.

Granting Europol the ability to access encrypted data can only mean one thing: Brussels is proposing some form of government-mandated backdoor for communication platforms protected by end-to-end encryption.

3
4
5
 
 

Hi all!

Newbie here on a privacy journey. My current objective is to create a cute little phone that limits tracking by surveillance capitalists, law enforcement, & the state.

That said, the stakes are not particularly high here. I just miss the world I grew up in & find the call of freedom enticing. So this is more of a hobby project for me to be able to put my main phone down and experience a world without tracking again.

So far I have installed GrapheneOS on my old phone. I'm absolutely in love with it and I'm 100% sold on one day even migrating my main phone to it. But thats not my main concern today.

For now, I have some questions related to SIM cards.

I understand that in order to avoid device number leaks (if that's something one cares about) it's important to not have a SIM card in the device and keep it on airplane mode.

However, years before privacy ever mattered to me I already had a SIM card and two eSIMs in this phone. And all of the advice I read talks about NEVER putting a SIM card in, but I have a hard time thinking critically about what that really means for those of us who ALREADY had one in.

If I remove that SIM card and eSIM and carry on using the phone, what are the privacy implications of such a choice?

Likewise, if I leave the SIM cards in but keep the phone on airplane mode is it really all that bad?

I assume at minimum this means that the IMEI number is stored somewhere in some cell tower logs. If the state were to seize my phone they could I suppose link the phone to things I did with my phone or accounts I used back before privacy mattered to me.

But are there other implications as well? Is this phone forever going to leak a connection to my old activity even if I remove the SIM cards, leave it on airplane mode, use a VPN and ensure it never falls into bad hands?

Thanks!

6
 
 

Do you recommend some or know how to find out? To be more privacy-friendly ofc

EDIT: -possibly working with addons like ublock (vern cc has ad breaks) and emote support (so chat isnt a cryptic jungle)

-Primarily on desktop, but additional app welcome

-Possibly not even communicating with Amazon (like for YT for example only psTube does to my understanding)

QUESTION: Could it possibly work to still participate in the chats (like i imagine a throwaway account for example) or does that break the whole concept of privacy? How does that work exactly.

7
8
 
 

cross-posted from: https://reddthat.com/post/38409619

Tuta is having a birthday sale, putting their highest Legend tier at the same price as their second-highest Revolutionary tier, and I'm wondering two things:

  • Is this a good deal for 36€ per year?
  • Is this a deal that comes around every year, or is this a rare sale?

I use addy.io to manage aliases, so the extra addresses are whatever. The custom domains might be nice, since I could potentially(?) use that with Addy. I've been pretty judicious with my free 1GB of space, but having 500GB would be more than comfortable (besides being overkill).

I'm not really interested in getting into self-hosting right now, but I might in the future, so I'm also curious how y'all who self-host email feel about a deal like this. Comparable to the cost of self-hosting? Similar features?

Thanks!

9
10
 
 

Joan Didion and John Gregory Dunne met in the late fifties, when she was working at Vogue and he at Time. They married in 1964, and in 1966 they adopted a baby girl, giving her a name from the Yucatán: Quintana Roo. Together, Didion and Dunne lived out one of the most collaborative literary marriages in American history. Last week, after two years of preparation, the New York Public Library opened the Didion-Dunne archive to the public. Among its three hundred and thirty-six boxes of material is a thick file of typewritten notes by Didion describing her sessions with the psychiatrist Roger MacKinnon, beginning in 1999. Addressed to Dunne, the entries are full of direct quotations and written with the immediacy of fresh recollection. Didion was concerned about Quintana and her struggles with depression and alcoholism, but she was preoccupied, too, with aging, with creative fulfillment, with the complex dynamics of their family. She recorded her thoughts with the cool, forensic clarity she was known for.

https://archive.is/Cricr

11
12
 
 

As part of its efforts, the bloc has repeatedly introduced its Chat Control legislation, aimed at weakening the encryption that protects messaging services and force providers to provide a client-side backdoor for law enforcement.

13
14
 
 

Privacy Guides is formally taking a stand against dangerous and frightening technologies.

15
 
 

I haven’t had any problems upvoting or accessing lemmy content, but yesterday, whenever I tried leaving a comment on a post, I triggered a 403 error (both from the Mlem app and my browser) which identified the use of VPN as an issue. Once I disabled my VPN, I was able to post the comment.

Now, while trying to make this post, I am experiencing errors too.

Has anyone else experienced this, and have you found work arounds?

16
 
 

A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.

Xiaofeng Wang has a long list of prestigious titles. He was the associate dean for research at Indiana University's Luddy School of Informatics, Computing and Engineering, a fellow at the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, and a tenured professor at Indiana University at Bloomington. According to his employer, he has served as principal investigator on research projects totaling nearly $23 million over his 21 years there.

He has also co-authored scores of academic papers on a diverse range of research fields, including cryptography, systems security, and data privacy, including the protection of human genomic data. I have personally spoken to him on three occasions for articles herehere, and here.

"None of this is in any way normal"

In recent weeks, Wang's email account, phone number, and profile page at the Luddy School were quietly erased by his employer. Over the same time, Indiana University also removed a profile for his wife, Nianli Ma, who was listed as a Lead Systems Analyst and Programmer at the university's Library Technologies division.

According to the Herald-Times in Bloomington, a small fleet of unmarked cars driven by government agents descended on the Bloomington home of Wang and Ma on Friday. They spent most of the day going in and out of the house and occasionally transferred boxes from their vehicles. TV station WTHR, meanwhile, reported that a second home owned by Wang and Ma and located in Carmel, Indiana, was also searched. The station said that both a resident and an attorney for the resident were on scene during at least part of the search.

Attempts to locate Wang and Ma have so far been unsuccessful. An Indiana University spokesman didn't answer emailed questions asking if the couple was still employed by the university and why their profile pages, email addresses and phone numbers had been removed. The spokesman provided the contact information for a spokeswoman at the FBI's field office in Indianapolis. In an email, the spokeswoman wrote: "The FBI conducted court authorized law enforcement activity at homes in Bloomington and Carmel Friday. We have no further comment at this time."

Searches of federal court dockets turned up no documents related to Wang, Ma, or any searches of their residences. The FBI spokeswoman didn't answer questions seeking which US district court issued the warrant and when, and whether either Wang or Ma is being detained by authorities. Justice Department representatives didn't return an email seeking the same information. An email sent to a personal email address belonging to Wang went unanswered at the time this post went live. Their resident status (e.g. US citizens or green card holders) is currently unknown.

Fellow researchers took to social media over the weekend to register their concern over the series of events.

"None of this is in any way normal," Matthew Green, a professor specializing in cryptography at Johns Hopkins University, wrote on Mastodon. He continued: "Has anyone been in contact? I hear he’s been missing for two weeks and his students can’t reach him. How does this not get noticed for two weeks???"

In the same thread, Matt Blaze, a McDevitt Professor of Computer Science and Law at Georgetown University said: "It's hard to imagine what reason there could be for the university to scrub its website as if he never worked there. And while there's a process for removing tenured faculty, it takes more than an afternoon to do it."

Local news outlets reported the agents spent several hours moving boxes in an out of the residences. WTHR provided the following details about the raid on the Carmel home:

Neighbors say the agents announced "FBI, come out!" over a megaphone.

A woman came out of the house holding a phone. A video from a neighbor shows an agent taking that phone from her. She was then questioned in the driveway before agents began searching the home, collecting evidence and taking photos.

A car was pulled out of the garage slightly to allow investigators to access the attic.

The woman left the house before 13News arrived. She returned just after noon accompanied by a lawyer. The group of ten or so investigators left a few minutes later.

The FBI would not say what they were looking for or who is under investigation. A bureau spokesperson issued a statement: “I can confirm we conducted court-authorized activity at the address in Carmel today. We have no further comment at this time.”

Investigators were at the house for about four hours before leaving with several boxes of evidence. 13News rang the doorbell when the agents were gone. A lawyer representing the family who answered the door told us they're not sure yet what the investigation is about.

This post will be updated if new details become available. Anyone with first-hand knowledge of events involving Wang, Ma, or the investigation into either is encouraged to contact me, preferably over Signal at DanArs.82. The email address is: [email protected].

17
 
 

I was using protonmail for my custom domain for work and private emails but now I think mailbox has better options, providing way more custom domain emails. Wondering what the best use case is? Thinking of using my own domains instead of proton. I have this one and my name.

Using [email protected] or [email protected] is fun and easy but is it private? These companies already know my name so is using my work website domain okay?

Current emails

18
19
 
 

Hey everyone,

last weekend at a friends house I saw the Alexa Show (I think?) in action. It was used as a digital family-calendar, weather forecast and music player. It sat there on the fridge like an old school family planer. The music-player wouldnt be relevent to me. But an digital calendar in the kitchen with weather forecast looks really appealing. Do you probably know a privacy-friendly and suitable project with the possibility to implement my CalDav-Calendar(s)? Probably open Source? And without a lot of tinkering? (:

20
 
 

Ive just startee getting into privacy, but i had a few questions.

  1. I havent switched operating system yet due to fear of losing my data. I have a lot of pictures, contacts and messages i dont want to go missing. I have a one plus and i really love it. I do not want a pixel phone. Is there a way i can maintain privacy without changing phones?
  2. If i delete google play services, will my phone not work correctly?
  3. I have been replacing my apps with open source apps, is that helpful?
  4. What vpn should i use? I have malewarebytes.
21
10
Cyber Logistics Inc (www.reddit.com)
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
 
 

I posted on my local subreddit asking about this sheisty van that I saw outside of my house.

It has the name cyber logistics inc on the side and when I looked it up online it just got weirder and weirder, but I couldn't find any real information about it.

There are similar branches in Florida (most recently), NY/NJ, IL, and South Africa. Still don't know wtf this is?

I just woke up to a post this morning letting me know it's registered to the Louisiana Secretary of State. Given the LA Governor quietly granting the National Guard authority to act during a declared state of emergency involving cyber security, I admit I'm a little on the paranoid side lately especially about things like government surveillance.

I flipped out when I saw the message bc I'm paranoid and kind of dumb like that, but a friend of mine let me know all businesses are registered with LA secretary of state.

So I definitely overreacted, and don't want to contribute to any disinformation/misinformation, but maintain:

  1. Whatever the fuck cyber logistics inc/cyber transport ltd is, it's fucking sheisty.

  2. If Landry can blame George Soros for voters in Louisiana not voting the way he wanted and still be Governor, I can at least ask questions about his power grabs and granting authority to the National Guard

Original Post: https://www.reddit.com/r/NewOrleans/comments/1jogla7/anybody_know_anything_about_cyber_logistics_inc/#lightbox

Corrected Update: https://www.reddit.com/r/NewOrleans/comments/1jovxn1/til_that_while_cyber_logistics_inc_is_registered/

Landry EO and GOHSEP State of Emergency Cyber: https://pimento-mori.ghost.io/comparing-edwards-original-state-of-emergency-cybersecurity-incident-with-landrys-renewal-2/

22
 
 

A massive thanks to @LuanRT for providing the fix regarding to the extraction of the deciphering functions. Also, big thanks to @PikachuEXE for coming up with a potential alternative solution!

https://github.com/FreeTubeApp/FreeTube/releases

23
 
 

Is there an open source solution that lets you record from your phone to an offsite location? Preferably something self hosted, but not crucial I guess.

Just thinking about scenarios where people in the US are stopped by cops and need to record their interactions, but want to make sure that the local info isn't destroyed. I've tried the Mobile Justice app for my state but it's not very reliable and I have no insight into the data after it's left my device.

24
 
 

I’m trying to move away from Telegram. I have the iOS app but don’t see any option for downloading my chats or photos and videos sent to me. Has anyone done this recently and can give some pointers?

25
 
 

I was thinking about how all of my passwords are compromised if I have malware on my system. It made me wonder, does Vaultwarden or KeePassXC/KeePassDX offer better protection on a malware infected system?

Vaultwarden

  • Only accessed locally via LAN/VPN
  • Set up for 2 factor authentication using WebAuthn (FIDO)

KeePasssXC/KeePassDX

  • Synced locally via syncthing
  • Set up for 2 factor authentication using HMAC-SHA1 Challenge-Response
  • All clients blocked from internet access

I don't use browser extensions and I manually copy/paste my passwords to fill in entries.

KeePass has good memory protection, but the 2FA can be read from USB and doesn't change every time the database is decrypted. Vaultwarden enables the more secure FIDO2 2FA, but to my knowledge has less secure memory management as the entire entire database is decrypted on unlock.

view more: next ›