Lemmy is not going to be Reddit. It will not inherit the reactionary behaviours. Ensure civillity and disengage if uncomfortable. Have a good time!

I miss the days of VHS and DVD shelfs in homes, for example. If you bought the tapes and had them in your home, no corporate entity could alter those tapes without your consent, monitor how many times you watch them, sell your data to whomever they please without your knowledge, roll out new mandatory conditions to a 'user agreement,' or remove them from your library if/when they like. I noticed some dumb change in how Dictionary definitions are shown in the Spotlight (ie, overall search my computer function) in MacOS this week. I've turned off all auto-updates, and I didn't make that change or consent to it. But despite paying the full price all by myself for this machine, I clearly don't have 100% control over it. It seems very clearly to me that consumers having control and privacy over their Internet-connected devices is a bygone era. After Blizzard, the video game company, replaced copies of Warcraft 3 that I and others had paid for in full and installed on our computers that we could play without connecting to the Internet with a lower-quality copy that prohibited offline play - I swore I'd never pay for a video game again, and 3 years later I haven't backslid on that. I felt so angry, cheated, and robbed by that. Many people probably won't be bothered by these things, but I am. I don't want to pay full price for something that I don't truly own. I miss the familiarity. I miss the reliability. I miss feeling like it's mine. Dependable. Trustworthy. Picking my old guitar up again has never looked so appealing. I think I want to go back to investing more time, money, and energy into things that aren't connected to the internet

>The Federal Trade Commission's Office of Technology has issued a warning to automakers that sell connected cars. Companies that offer such products "do not have the free license to monetize people’s information beyond purposes needed to provide their requested product or service," it wrote in a blog post on Tuesday. Just because executives and investors want recurring revenue streams, that does not "outweigh the need for meaningful privacy safeguards," the FTC wrote. >In 2023, the Mozilla Foundation published an extensive report examining the various automakers' policies regarding the use of data from connected cars; the report concluded that "cars are the worst product category we have ever reviewed for privacy." >The FTC is not taking specific action against any automaker at this point. Instead, the blog post is meant to be a warning to the industry. It says that "connected cars have been on the FTC's radar for years," although the agency appears to have done very little other than hold workshops in 2013 and 2018, as well as publishing guidance for consumers reminding them to wipe the data from their cars before selling them. >The FTC says the easiest way to comply is to not collect the data in the first place.

This is probably not the right community but I haven't found a better one. So I watched a video from Seytonic where he mentiond that some malware creates a windows link with the name of the usb on a usb. So I checked my usb because I remembered that I had to click 2 times on my usb to opened it. I found a link that contained cmd.exe and a name of a file next to it. Upload to the virustotal showed Raspberry Roblin worm. I use Linux but my familly uses windows so I will have to go through all familly computers and remove the worm. Where can I find info how to remove this specific worm - Raspberry Roblin? On google I found a description about how the worm works but not specific files it creates and how to remove it. The first page that shows up is microsoft.com and it says that windows defender detects the worm, but clearly it doesnt. Edit: The worm was on one computer and it did not have windows defender installed. Seems like malware removed it and also disabled automatic updates. I installed MalwareBytes and sucessfully removed the worm :)

>With the latest version of Firefox for U.S. desktop users, we’re introducing a new way to measure search activity broken down into high level categories. This measure is not linked with specific individuals and is further anonymized using a technology called OHTTP to ensure it can’t be connected with user IP addresses. > >Let’s say you’re using Firefox to plan a trip to Spain and search for “Barcelona hotels.” Firefox infers that the search results fall under the category of “travel,” and it increments a counter to calculate the total number of searches happening at the country level. > >Here’s the current list of categories we’re using: animals, arts, autos, business, career, education, fashion, finance, food, government, health, hobbies, home, inconclusive, news, real estate, society, sports, tech and travel. > >Having an understanding of what types of searches happen most frequently will give us a better understanding of what’s important to our users, without giving us additional insight into individual browsing preferences. This helps us take a step forward in providing a browsing experience that is more tailored to your needs, without us stepping away from the principles that make us who we are. > >We understand that any new data collection might spark some questions. Simply put, this new method only categorizes the websites that show up in your searches — not the specifics of what you’re personally looking up. > >Sensitive topics, like searching for particular health care services, are categorized only under broad terms like health or society. Your search activities are handled with the same level of confidentiality as all other data regardless of any local laws surrounding certain health services. > >Remember, you can always opt out of sending any technical or usage data to Firefox. Here’s a step-by-step guide on how to adjust your settings. We also don’t collect category data when you use Private Browsing mode on Firefox. >The Copy Without Site Tracking option can now remove parameters from nested URLs. It also includes expanded support for blocking over 300 tracking parameters from copied links, including those from major shopping websites. Keep those trackers away when sharing links!

Title says it all--a fellow bricoleur just turned me on to the No Trace Project and I'm curious to know if anyone else here has looked into it and the quality of the information therein. Thanks in advance!

Is it just me or do Instagram videos loaded via Pixwox always buffer for you too?

I have been pro privacy and anti data harvesting for many years now, however it is becoming increasingly more difficult staying off some platforms. Mostly Meta. Over the years I have convinced most of my friends and family to use Signal instead of WhatsApp. However, there are still chat groups that I am missing from, and trying to keep up to date with local events seems next to impossible without Facebook or Instagram. Additionally, I am finding it more and more tiring to have the awkward "No I don't have WhatsApp. No I don't have Facebook either. Or Instagram, sorry. Do you want to try an app that you've never heard of to stay in contact with me?" every time I meet someone new. I saddens me that it feels like the multi-billion dollar data harvesting companies are winning, but I no longer know if this is a hill that I'm willing to die on. What are your thoughts on what we have to give up in our lives just to stay in control of our personal information?

I'm using multiple browsers, so for each browser I use different VPN connection, but mullvad doesn't let me.

Requirements: - free - will not delete my account due to inactivity - privacy focused (doesn't have to be crazy private, just decent) - doesn't require my phone number - doesn't require an invitation (like riseup mail) Additionally it would be cool if it allowed me to have few email addresses in 1 account (skiff lets you have 4 addresses you can send emails from, but they are shutting down their service).

cross-posted from: https://beehaw.org/post/13793778 > Fake WhatsApp and Instagram apps that can steal personal data

I've been feeling uneasy about the privacy implications of using Lemmy and similar platforms. The ability for anyone to view your entire posting history feels to me like publicly sharing my browser history. In contrast, most other social media platforms allow you to limit your feed visibility to just friends or followers. I'm curious to hear from the community - what are the most private social media platforms you've come across? I vaguely remember stumbling upon one that automatically removed content after six months and had some other interesting privacy features. Can anyone refresh my memory or recommend some other private alternatives?

Please write the 3 phone brands (in order please) which you think they bring the least number of third-party apps. Notes: - 1- PrivacyGuides recommends Google Pixel. But it is not selling on my country. I can not bring it from other countries because it will not have warrant. - 2- We also don't have __fair-phone__ and __nothing-phone__ (i can not bring it from another country). - 3- we only have: general-mobile, huawei, samsung, asus, tcl, htc, xiaomi, vivo, infinix, oneplus. - 4- please dont recomend custom ROM. Its technically difficult for me. Also I will recommend the device to my friend (they don't have even an idead what is custom-rom)

Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn't pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn't find anything. Haven't found any recommendations on the privacyguides website either. Any help would be appreciated! Thanks

Does 4chan respects user privacy? How much data are they collecting? Are they selling/sharing it with 3rd parties? I'm asking because it's not possible to post anonymously (each individual post being anonymous without your username visible) on lemmy, and users here told me I could check out 4chan for this feature. I would like to post freely about my hobbies and such without worrying about AI fingerprinting me from all my posts, and we know in the future AI will be very good at this.

Happy Net Box is an experimental internet social experience based on the arcane and near-forgotten retro internet protocol known as [FINGER](https://en.wikipedia.org/wiki/Finger_(protocol)). Finger is a command line tool that comes pre-installed on Macs and Windows and most Unix systems. It allows you to retrieve information about a "user" on "the internet" -- but it doesn't use the web!

Welp I guess this is the perfect example of companies not deleting your credentials and account info when asking for it... I deleted my Notion account several years ago. And completely randomly today got an email from them about data retention, assuming this is one of those "important" emails they have to send out. Sadly, years ago I wasnt using email-aliases like I am today, so still stuck with them having my email. Fuck I hate this so much. Thought I'd just share this lesson, use alises my friends!

Hey all, I've been using a commercial VPN for years on my mobile devices and home PCs. Recently I've started to use Tailscale and realized I can easily create a self-hosted VPN on a cheap VPS with unlimited traffic. But I'm not really sure if that's what I need. BTW, I'm not doing anything dangerous, no torrents, no illegal stuff, no journalism or whistleblowing, not even looking up abortion clinics. I just hate mass surveillance and I don't want to be constantly profiled. Commercial VPN allows to "hide in a crowd" by sharing IP with thousands of other clients. But there are a few issues: 1. Often sites blacklist VPN IPs, so I can't get in or pass captcha 2. Performance is not very good 3. I have to trust VPN to not keep the logs and not sell data. I used Mullvad and they are considered reliable, but you never know until it's too late With self-hosted VPN, I'm losing benefit of "hiding in crowd" as my VPN will be used only by me and maybe a couple of other people. My understanding is that my VPS outgoing traffic is from static server IP. So if I login to Facebook once, the address is associated with me. I'll also have to trust VPS provider to not analyze my traffic and sell it. On other hand, I'm still protected from my ISP spying, from exposing my real IP address to web sites, from dangers of public WiFi networks. And I might get better performance for about the same price. What's your take on VPNs? Tell me if you are using self-hosted VPN and why.

cross-posted from: https://leminal.space/post/6433881

I've been a social media hermit for the past 3 years but recently I've given up and created a few accounts across different apps again. It's unreal how strict the requirements are now. 1. Give e-mail (ok) 2. Give phone number (.... eeh, ok) 3. Use the new account for a while 4. Account suspended, please upload selfie to continue (no thanks xi). There are also some verification promps where you have to record a video and rotate your face left to right If this isn't a message to move to indie web I don't know what is

I've been seeing a lot of confusion around the TunnelVision vulnerability. While I'm no expert, I've done a fair share of research and I'll edit this post with corrections if needed. The goal of this post is to answer the question: does this affect me? **Two sentence summary of the vulnerability** When you use a commercial VPN like Mullvad or NordVPN, the VPN client tells your system to redirect all traffic through the VPN. This recent vulnerability shows that a malicious device on the network can trick your system into redirecting traffic to _their_ device instead. **Claim: just don't connect to hostile networks!** This is hard in practice. For most people, the only "trusted" networks are your home network and your workplace. So you still have to worry about coffee shops, airports, hotels, restaurants, etc. And if you are using cellular data, the cellular tower can perform this attack to snoop on your traffic. **Claim: but I trust the hotel owner, restaurant owner, etc** This attack allows _any_ device on the network to impersonate a DHCP server and attack your system, not just the router. And while there are router settings that can prevent devices on the network from talking to each other, afaik they are rarely used. So even if you trust the owner of the cafe, you have to also trust everybody else in the cafe. **Claim: if you use HTTPS you are safe!** If the attacker redirects traffic to their machine, then even if you use HTTPS, the attacker can still see what websites you connect to, they just can't see what you are sending or receiving. So basically they can steal your browsing history, which defeats the purpose of a commercial VPN for many users. **Claim: Linux users are safe!** Not quite. The report says that Linux has a feature that is able to fully defend against this vulnerability, called network namespaces. So if your VPN uses that, congratulations. Afaik most VPNs do not use this, and instead use a kill-switch or a firewall. In which case Linux, Mac, and Windows users are all affected the same way, and I go into it more in the next claim. **Claim: if you use a kill-switch you are safe!** The term "kill switch" gets thrown around a lot but there's actually two major ways that a kill-switch can be implemented. The first way is a more literal "kill switch" - when the VPN connection drops, the kill switch is triggered and blocks leaks. The other way is a persistent firewall, which blocks leaks all the time. If your VPN client uses the first kind, then bad news, it won't protect you against this attack. This is because the VPN connection is never dropped, so the kill switch is never triggered. NordVPN was caught using this poor practice, to nobody's surprise (more info [here](https://news.ycombinator.com/item?id=40280496)). If your VPN uses the second kind, then you should be safe. For example, Mullvad published a statement about how they are not vulnerable [here](https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision). I would hope that any competent VPN would also use a persistent firewall, but if your VPN provider hasn't published a statement yet, unfortunately your only other option is to inspect the VPN client yourself. That being said, even if your VPN uses a persistent firewall, you may have read in the report that there's a "side-channel" attack still possible... **Claim: even if you use a firewall, there's a side-channel attack** This is true, but from what I read the side-channel is actually very hard to pull off and gain any useful information from. You can read some discussion about it [here](https://news.ycombinator.com/item?id=40280296). My takeaway is that if you're a regular user, you don't have to worry about it. But we should still push VPN providers and network engineers to use network namespaces in their applications, since they are more resistant to these kinds of attacks. **Claim: you shouldn't trust commercial VPN providers anyways** This is not really about the vulnerability but I've seen it a lot in the discussions. I think it's a mischaracterization of why people use VPNs. If you are using the internet, _somebody_ has to send that traffic to your destination. The three major options are your ISP, a VPN provider, or Tor. Depending on your location and your circumstances, you will trust these three differently. In the EU, ISPs are not allowed to sell data. In the US, ISPs are allowed to, and have been caught doing so. VPNs can sell data too but they risk losing their entire business. Tor is much harder to judge, but the bigger issue with Tor is that many websites block it. **Further reading:** - [Official Report](https://www.leviathansecurity.com/blog/tunnelvision) - [Official TLDR and FAQ](https://tunnelvisionbug.com/) - [Arstechnica article](https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/) - [Hacker News discussion](https://news.ycombinator.com/item?id=40279632) - one of the original researchers is active in this discussion, see comments by @morattisec

I wanted to degoogle since Google has been most annoying so far with S21FE. Was thinking of getting Pixel 8a but due to mixed reivews I was looking for other phones. Thoughts on this? Would be also nice if I can get some opinions from people who have the phone as well.

ordered a new phone so I wanted a new SIM for a clean slate. My country require KYC for SIM cards. So i ordered this https://www.ebay.com/itm/295938085941 I see now that the card is being shipped from Israel. (I'm in another EU country) Cloning, swapping etc , how bad idea was this on a scale from 1-10? Even if the package is unbroken , I assume someone with physical access (and resources) can do a lot of stuff? Miss being able to go get one from the corner store. But idea was to load it up by cash bought giftcards. Also played with the idea of getting a gl-inet portable router and skip SIM card in phone but it is quite a bit of hassle to have another device to maintain and carry...

Received notice of a change to the service in my inbox today. Seems icky to me. > Devices in the network use Bluetooth to scan for nearby items. If other devices detect your items, they’ll securely send the locations where the items were detected to Find My Device. Your Android devices will do the same to help others find their offline items when detected nearby > Your devices’ locations will be encrypted using the PIN, pattern, or password for your Android devices. They can only be seen by you and those you share your devices with in Find My Device. They will not be visible to Google or used for other purposes. ETA: here's the link to opt out: [opt out of the network](https://www.google.com/android/find/settings/fmdn)

Here's what he said in a post on his telegram channel: > 🤫 A story [shared](https://x.com/jack/status/1787895769183268948) by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, [are activists used by the US state department](https://www.city-journal.org/article/signals-katherine-maher-problem) for regime change abroad 🥷 > 🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕‍🦺 > 🕵️‍♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡 > 🕵️‍♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal [refused to add reproducible builds for iOS](https://github.com/signalapp/Signal-iOS/issues/641), closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤 > 🛡 Telegram is the only massively popular messaging service that [allows everyone to make sure](https://core.telegram.org/reproducible-builds) that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪 Original post: https://t.me/durov/274

By the way, the earlier posted article https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain had an update starting at the paragraph with title *Update: Statement from Proton and additional commentary*

- Make a screen shot of your desktop - Check with a viewer and see no EXIF data - Load it in gThumb to use its crop feature, crop and save - Check again with a viewer and see that gThumb added EXIF data including the gThumb version In the mean time I've started to use other software to crop screen shots but I am still puzzled why gThumb always adds EXIF data ?

cross-posted from: https://lemmings.world/post/8926396 > In light of the recent [TunnelVision vulnerability](https://tunnelvisionbug.com/) I wanted to share a simple firewall that I wrote for wireguard VPNs. > > https://codeberg.org/xabadak/wg-lockdown > > If you use a fancy official VPN client from Mullvad, PIA, etc, you won't need this since most clients already have a kill switch built in (also called Lockdown Mode in Mullvad). This is if you use a barebones wireguard VPN like me, or if your VPN client has a poorly-designed kill switch (like NordVPN, more info [here](https://news.ycombinator.com/item?id=40280496)). > > A firewall *should* mitigate the vulnerability, though it does create a side-channel that can be exploited in extremely unlikely circumstances, so a better solution would be to use network namespaces (more info [here](https://news.ycombinator.com/item?id=40280296)). Unfortunately I'm a noob and I couldn't find any scripts or tools to do it that way.

# I have a LinkedIn account which is * 5 years old. * both SMS and Gmail verified (via code). * all information filled (experience, personal, jobs, profile photo etc). * all information are real. * I logged-in million times to account from my home (without virtual-private-network). * My account is cached by Google. The Gmail account which verified by LinkedIn: * I also have buy with my personal credit card a google-service (its not important which service). * my phone number and Gmail is already verified by my government's national-digital-system (I am legally the responsible of this gmail and mobile number). # Depending on the above information * A- I think my account is already linked with me by big-brothers. * B- If something bad happens legally, I can never say that "this account does not belong to me". I already talked this topic with different lawyers. Therefore I don't see any reason to do not verify the account. # My questions I would like to hear your thoughts about below questions: * 1- should I have privacy concerns if I verify my account via national-identity card? * 2- should I have privacy concerns if I verify only "workplace verification". Because it only sends a code to my company email. No identity card needed. No additional steps.

Recently I just hit by stolen card detail and makes me searching a virtual card service. Anyone knows any works in the UK and EU region? Apparently Privacy.com needs SSN to work now. Thanks.

I used to use Protonmail, however the verification steps become tedious when creating unique emails for sign ups. I've switched to Tutanota despite it contravening their one account policy. What do you all use for one off emails (for sign ups etc )? Or do you prefer one of those 10 minute email sites?

12ft ladder doesnt seem to work anymore, on major sites at least. Does anyone have an alternative? Gracias