cross-posted from: https://lemmy.zip/post/23512234 > A new Federal Trade Commission (FTC) report confirms what EFF has been warning about for years: tech giants are widely harvesting and sharing your personal information to fuel their online behavioral advertising businesses. > > Report: https://www.ftc.gov/news-events/news/press-releases/2024/09/ftc-staff-report-finds-large-social-media-video-streaming-companies-have-engaged-vast-surveillance

>Tails will be incorporated “into the Tor Project’s structure,” which will allow for “easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats,” according to a blog post published today by the Tor Project

>LinkedIn users in the U.S. — but not the EU, EEA, or Switzerland, likely due to those regions’ data privacy rules — have an opt-out toggle in their settings screen disclosing that LinkedIn scrapes personal data to train “content creation AI models.” The toggle isn’t new. But, as first reported by 404 Media, LinkedIn initially didn’t refresh its privacy policy to reflect the data use.

>The terms of service have now been updated, but ordinarily that occurs well before a big change like using user data for a new purpose like this. The idea is it gives users an option to make account changes or leave the platform if they don’t like the changes. Not this time, it seems.

>To opt out of LinkedIn’s data scraping, head to the “Data Privacy” section of the LinkedIn settings menu on desktop, click “Data for Generative AI improvement,” then toggle off the “Use my data for training content creation AI models” option. You can also attempt to opt out more comprehensively via this form, but LinkedIn notes that any opt-out won’t affect training that’s already taken place.

>The nonprofit Open Rights Group (ORG) has called on the Information Commissioner’s Office (ICO), the U.K.’s independent regulator for data protection rights, to investigate LinkedIn and other social networks that train on user data by default.

>“LinkedIn is the latest social media company found to be processing our data without asking for consent,” Mariano delli Santi, ORG’s legal and policy officer, said in a statement. “The opt-out model proves once again to be wholly inadequate to protect our rights: the public cannot be expected to monitor and chase every single online company that decides to use our data to train AI. Opt-in consent isn’t only legally mandated, but a common-sense requirement.”

This is straightforward with browser addons like uBlock Origin where you can add and choose blocklists, but I did searches for doing so system wide and using a VPN but didn’t find clear answers. I could use a DNS service that provides blocklists but isn’t it best practice to leave DNS to the VPN provider? I looked up blocklists and VPNs but didn’t find relevant results.

On Android, I didn’t find any apps that let you filter blocklists and using your own VPN other than Rethink, but the blocklists feature requires using Rethink’s DNS.

So what’s the best way to filter ads and trackers on both 3rd party apps and on OS’s like Android (specific Samsung phones) while still using a VPN?

I've had a Galaxy S22+ for 2 years and still want to use it. When I look up how to maximize privacy on Android, many results say to install custom ROMs which I can't since its a US model and the bootloader is locked. I just want to minimize tracking and sharing of personal information. I could use a firewall app like RethinkDNS to block trackers, but could I completely block tracking from Google and Samsung? Are there any lists of packages to uninstall to improve privacy? (I've used ADB to remove a bunch of bloatware. Ex: pm uninstall -k --user 0 com.samsung.android.arzone)

Hi, my wife decided to create a new email for our newborn daughter which my wife would use to send updates to our relatives about what is going on in our daughter life. My wife is using gmail, I do use proton. She has created a new gmail account but I have asked her to reconsider and to create a new account on proton privacy wise. What arguments would you use for my case? Thanks.

> A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again.

publication croisée depuis : https://lemmy.pierre-couy.fr/post/653426

> This is a guide I wrote for Immich's documentation. It features some Immich specific parts, but should be quite easy to adapt to other use cases. > > It is also possible (and not technically hard) to self-host a protomaps release, but this would require 100GB+ of disk space (which I can't spare right now). The main advantages of this guide over hosting a full tile server are : > - it's a single nginx config file to deploy > - it saves you some storage space since you're only hosting tiles you've previously viewed. You can also tweak the maximum cache size to your needs > - it is easy to configure a trade-off between map freshness and privacy by tweaking the cache expiration delay > > If you try to follow it, please send me some feedback on the content and the wording, so I can improve it

For Android users seeking a privacy-focused browser, Privacy Guides recommends Mull: >Mull is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references.

>Mull enables many features upstreamed by the Tor uplift project using preferences from Arkenfox. Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.

cross-posted from: https://links.hackliberty.org/post/2496422

> > This survey was conducted among 5,101 U.S. adults from May 15 to 21, 2023 > > ### % say they are concerned about how ... use(s) the data they collect about them > - Companies: 81% > - The government: 71% > > ### % say they have little to no understanding about what ... do(es) with the data they collect about them > - Companies: 67% > - The government: 77% > > ### % say they have very little or no trust at all that leaders of social media companies will > - Publicly admit mistakes and take responsibility when they misuse or compromises users' personal data: 77% > - Not sell users' personal data to others without their consent: 76% > - Be held accountable by the government if they misuse or compromise users' personal data: 71% > > ### % say that as companies use AI to collect and analyze personal information, this information will be used in ways that ... > - People would not be comfortable with: 81% > - Were not originally intended: 80% > - Could make people's lives easier: 62% > > ### % say that when they think about managing their privacy online, they ... > - Trust themselves to make the right decisions about their personal information: 78% > - Feel skeptical that anything they do will make much difference: 61% > - Feel overwhelmed by figuring out what they need to do: 37% > - Feel privacy is not that big of a deal to them: 29% > - Are confident those who have access to their personal information will do what is right: 21% > > ### % say they ... agree to online privacy policies right away, without reading what the policies say > - Always, almost always or often: 56% > - Sometimes: 22% > - Rarely or never: 18% > - No answer: 4% > > Please read the report for a more in-depth look at the data and analysis!

Just wondered how others promote threat awareness for friends, family, co-workers, and clients.

Every few weeks I email a half dozen employees & family members explaining one or other phishing attempt I've seen, just to keep it in peoples minds.

I heard someone else talking about a kind of email pen-testing service you can sign up for and they send scammy emails to see if the recipient falls for it. Seems like a great idea but only viable for me if it's very cheap.

I could link to something on privacyguides.org in my email footer but I think that's just virtue signalling more than anything actually useful.

The spies in your home: How WiFi companies monitor your private life

https://proton.me/blog/wifi-surveillance

@privacyguides

More info: https://github.com/abrahamjuliot/creepjs

cross-posted from: https://lemmy.ca/post/26747543

> The post is in the link, the article with more background info is here (it cites the mastodon post): https://www.androidauthority.com/custom-roms-vs-google-3469378/ > > I originally saw the article on this post on [email protected] and went looking for links.

Like when I read 3 Billion National Public Data Records with SSNs, Addresses Dumped Online, am I supposed to access that data dump or something to see if I got pwned? Are there equivalents to haveibeenpwned.com for this type of stuff? Any guides on what to do when these happen? I feel like I'm doomscrolling or watching the news, and feeling depressed about the world as a result because I should be doing something but I can't or it seems like I can't.

Even though I know better than to put such personal info online, but that doesn't eliminate the odds of them getting into breaches like these, and having started to be careful about digital privacy has opened my eyes to the sad state of privacy.

>repeated media reports of Google’s disregard for the privacy of the general public led to a push for open source, community driven alternatives to Google Maps. The biggest contender, now used by Google’s direct competitors and open source projects alike is OpenStreetMap.

1. OsmAnd > >OsmAnd is a fantastic choice when searching for an alternative to Google Maps. It is available on both Android and iOS devices with both free and paid subscription options. Free accounts have full access to maps and navigation features, but choosing a paid subscription will allow you unlimited map downloads and increases the frequency of updates. > >All subscriptions can take advantage of turn-by-turn navigation, route planning, map markers, and all the favorite features you expect from a map and navigation app in 2024. By making the jump to a paid subscription you get some extra features like topo maps, nautical depths, and even point-of-interest data imported from Wikipedia.

2. Organic Maps > >Organic Maps is a great choice primarily because they offer support for all features of their iOS and Android apps completely offline. This means if you have an old phone laying around, you can install the app, download the maps you need and presto! You now have an indepth digital map in the palm of your hand without needing to worry about losing or damaging your primary mobile device when exploring the outdoors. > >Organic Maps tugs our heartstrings by their commitment to privacy. The app can run entirely without a network connection and comes with no ads, tracking, data collection, and best of all no registration.

3. Locus Maps > >Our third, and last recommendation today is Locus Maps. Locus Maps is built by outdoor enthusiasts for the same community. Hiking, biking, and geocaching are all mainstays of the Locus App, alongside standard street map navigation as well. > >Locus is available in its complete version for Android, and an early version is available for iOS which is continuing to be worked on. Locus Maps offers navigation, tracking and routes, and also information on points-of-interest you might visit or stumble upon during your adventures.

>Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.

>In a new malvertising campaign found by Malwarebytes, threat actors created ads that display an advertisement for Google Authenticator when users search for the software in Google search.

>What makes the ad more convincing is that it shows 'google.com' and "https://www.google.com" as the click URL, which clearly should not be allowed when a third party creates the advertisement.

>We have seen this very effective URL cloaking strategy in past malvertising campaigns, including for KeePass, Arc browser, YouTube, and Amazon. Still, Google continues to fail to detect when these imposter ads are created.

>Malwarebytes noted that the advertiser's identity is verified by Google, showing another weakness in the ad platform that threat actors abuse.

>When the download is executed, it will launch the DeerStealer information-stealing malware, which steals credentials, cookies, and other information stored in your web browser.

>Users looking to download software are recommended to avoid clicking on promoted results on Google Search, use an ad blocker, or bookmark the URLs of software projects they typically use.

>Before downloading a file, ensure that the URL you're on corresponds to the project's official domain. Also, always scan downloaded files with an up-to-date AV tool before executing.

>Filed in 2022, the Texas lawsuit said that Meta was in violation of a state law that prohibits capturing or selling a resident’s biometric information, such as their face or fingerprint, without their consent.

>The company announced in 2021 that it was shutting down its face-recognition system and delete the faceprints of more than 1 billion people amid growing concerns about the technology and its misuse by governments, police and others.

>Texas filed a similar lawsuit against Google in 2022. Paxton’s lawsuit says the search giant collected millions of biometric identifiers, including voiceprints and records of face geometry, through its products and services like Google Photos, Google Assistant, and Nest Hub Max. That lawsuit is still pending.

>The $1.4 billion is unlikely to make a dent in Meta’s business. The Menlo Park, California-based tech made a profit of $12.37 billion in the first three months of this year, Its revenue was $36.46 billion, an increase of 27% from a year earlier.

I find that I need a security camera for my back yard. Do you folks recommend any particular makes & models? It should avoid the cloud but record locally. I'm somewhat handy with Linux and a RaspberryPi, if that helps.

Thanks!

>The Kids Online Safety Act (KOSA) easily passed the Senate today despite critics' concerns that the bill may risk creating more harm than good for kids and perhaps censor speech for online users of all ages if it's signed into law.

>KOSA received broad bipartisan support in the Senate, passing with a 91–3 vote alongside the Children’s Online Privacy Protection Action (COPPA) 2.0. Both laws seek to control how much data can be collected from minors, as well as regulate the platform features that could harm children's mental health.

>However, while child safety advocates have heavily pressured lawmakers to pass KOSA, critics, including hundreds of kids, have continued to argue that it should be blocked.

>Among them is the American Civil Liberties Union (ACLU), which argues that "the House of Representatives must vote no on this dangerous legislation."

>If not, potential risks to kids include threats to privacy (by restricting access to encryption, for example), reduced access to vital resources, and reduced access to speech that impacts everyone online, the ACLU has alleged.

>The ACLU recently staged a protest of more than 300 students on Capitol Hill to oppose KOSA's passage. Attending the protest was 17-year-old Anjali Verma, who criticized lawmakers for ignoring kids who are genuinely concerned that the law would greatly limit their access to resources online.

>"We live on the Internet, and we are afraid that important information we’ve accessed all our lives will no longer be available," Verma said. "We need lawmakers to listen to young people when making decisions that affect us."

>In a new academic paper, researchers from the Belgian university KU Leuven detailed their findings when they analyzed 15 popular dating apps. Of those, Badoo, Bumble, Grindr, happn, Hinge and Hily all had the same vulnerability that could have helped a malicious user to identify the near-exact location of another user, according to the researchers.

>While neither of those apps share exact locations when displaying the distance between users on their profiles, they did use exact locations for the “filters” feature of the apps. Generally speaking, by using filters, users can tailor their search for a partner based on criteria like age, height, what type of relationship they are looking for and, crucially, distance.

>To pinpoint the exact location of a target user, the researchers used a novel technique they call “oracle trilateration.”

>The good news is that all the apps that had these issues, and that the researchers reached out to, have now changed how distance filters work and are not vulnerable to the oracle trilateration technique.

>Neither Badoo, which is owned by Bumble, nor Hinge responded to a request for comment.

>A federal district court in New York has ruled that U.S. border agents must obtain a warrant before searching the electronic devices of Americans and international travelers crossing the U.S. border.

>The ruling on July 24 is the latest court opinion to upend the U.S. government’s long-standing legal argument, which asserts that federal border agents should be allowed to access the devices of travelers at ports of entry, like airports, seaports and land borders, without a court-approved warrant.

>“The ruling makes clear that border agents need a warrant before they can access what the Supreme Court has called ‘a window into a person’s life,’” Scott Wilkens, senior counsel at the Knight First Amendment Institute, one of the groups that filed in the case, said in a press release Friday.

>The district court’s ruling takes effect across the U.S. Eastern District of New York, which includes New York City-area airports like John F. Kennedy International Airport, one of the largest transportation hubs in the United States.

>Critics have for years argued that these searches are unconstitutional and violate the Fourth Amendment, which protects against unwarranted searches and seizures of a person’s electronic devices.

>In this court ruling, the judge relied in part on an amicus brief filed on the defendant’s behalf that argued the unwarranted border searches also violate the First Amendment on grounds of presenting an “unduly high” risk of a chilling effect on press activities and journalists crossing the border.

>With several federal courts ruling on border searches in recent years, the issue of their legality is likely to end up before the Supreme Court, unless lawmakers act sooner.

cross-posted from: https://lemmy.ca/post/26065429

> Hey, all. I just bought a Samsung Galaxy Tab A7, and I would like to install a custom Android ROM on it. After a bit of research, my two options are LineageOS and Murena (aka /e/OS). > > Does one have any advantages over the other? Or is it simply a matter of preference?

1. When using Kraken to buy Monero, aren't you concerned about potential data breaches that could lead to identity theft?
2. How secure is Kraken when it comes to protecting user information?
3. If you use a no-KYC exchange like CakeWallet, aren't you worried about potential government investigations?

I'd like to get your thoughts on these options

I live in a EU member country

I tried looking for lists but didn't find any.

The Work Number is US-specific and where your employers input your salary data for future employers to see. You can opt out here: https://employees.theworknumber.com/employee-data-freeze/.

One example would be state disability programs, they already need my real name and identity to work with me. Are there any downsides to sharing a simplelogin alias containing my real name vs no containing my real name? I just think it would be easier record keeping for them.

I just tried changing my email on studentaid.gov to a simplelogin alias (using SL is a habit at this point) and I got notifications that emails from it were bounced while trying to verify the email change with sent codes. I looked it up and found a bunch of Reddit posts about issues with SL and iCloud.

I want to keep a timeline of the places I go like Google Maps can, and export it to mac for my diary*. The maps app doesn't have to be great, it just needs to keep a timeline in the background, I would still use Apple Maps as my main navigation app.

*(ideally I can automatically export it somehow, perhaps with the Shortcuts and Scriptable app but just tell me any apps with a timeline and export feature)

We're happy to announce that BusKill is presenting at DEF CON 32.

What: Open Hardware Design for BusKill Cord When: 2024-08-10 12:00 - 13:45 Where: W303 – Third Floor – LVCC West Hall

| [!BusKill goes to DEF CON 32 (Engage)](https://www.buskill.in/defcon32/) | |:--:| | BusKill is presenting at DEF CON 32 |

via @[email protected]

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

| [!What is BusKill? (Explainer Video)](https://www.buskill.in/#demo) | |:--:| | Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4 |

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

What is DEF CON?

DEF CON is a yearly hacker conference in Las Vegas, USA.

| [!DEF CON Documentary](https://www.buskill.in/defcon32/) | |:--:| | Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg |

What is BusKill presenting at DEF CON?

I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.

What: Open Hardware Design for BusKill Cord When: Sat Aug 10 12PM – 1:45PM Where: W303 – Third Floor – LVCC West Hall

Who: Melanie Allen (goldfishlaser) More info

Talk Description

BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:

1. a usb-a extension cord,
2. a usb hard drive capable of being attached to a carabiner,
3. a carabiner,
4. the plastic pieces in this file,
5. a usb female port,
6. a usb male,
7. 4 magnets,
8. 4 pogo pins,
9. 4 pogo receptors,
10. wire,
11. 8 screws,
12. and BusKill software.

| [!Image of the Golden BusKill decoupler with the case off](https://www.buskill.in/defcon32/) | |:--:| | Golden DIY BusKill Print |

Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.

Meet Me @ DEF CON

If you'd like to find me and chat, I'm also planning to attend:

• ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 \| 236),
• Hacker Kareoke (Friday and Sat 20:00-21:00 \| 222),
• Goth Night (Friday: 21:00 – 02:00 \| 322-324),
• QueerCon Mixer (Saturday: 16:00-18:00 \| Chillout 2),
• EFF Trivia (Saturday: 17:30-21:30 \| 307-308), and
• Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 \| 325-327)

I hope to print many fun trinkets for my new friends, including some BusKill keychains.

| [!Image shows a collection of 3D-printed bottle openers and whistles that say "BusKill"](https://www.buskill.in/defcon32/) | |:--:| | Come to my presentation @ DEF CON for some free BusKill swag |

By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.

That's a use case for aliases, catching if any company or service gives out your email to be abused by advertisers and whatnot. I tried looking for stories but didn't find any, I wonder if you have any to share.

I want to be logged in so I can do most things on Reddit like post and comment. I want it to be a web frontend rather than an app because I keep many tabs on Reddit open in my browser while doing research on things (like digital privacy for instance!). I did some searching and didn't find any currently working frontends with login support.

It seems like the main benefit of such frontends is the lack of trackers and fingerprinting, but what if the browser, like Firefox, already did that with UBlock Origin and fingerprinting protection?

It’s now been two weeks since I created an account and tried making a post, but immediately so I got a message saying my account is on hold. I tried emailing Jonah Aragon who’s listed on the site, and messaging the mods on the forum, but still haven’t heard back.

>After all, the privacy of our mind may be the only privacy we have left.