Privacy

cross-posted from: https://feddit.org/post/8126174

“Today the Sheriff acknowledged that dystopian program violated the Constitution and agreed never to bring it back.”

I dunno about you guys but this case was the proverbial "straw that broke the camel's back" that made me start taking privacy seriously.

tl;dr Pasco County, FL was running a "predictive policing" program where they would use "a glorified Excel spreadsheet" to predict crimes and an algorithm would spit out "potential criminals" in the area. Most of them ended up being children. After that they would harass their families' day and night until they either committed a crime and went to jail or moved out of the county (which was the intention all along).

God Bless the IJ for taking up this cause and shutting it down, because it is honestly terrifying. It's a rare W for privacy. However I'm sure we haven't seen the last of "predictive policing" and we should remain vigilant.

and here's the video they made about it in 2022

cross-posted from: https://lemmy.dbzer0.com/post/38021492

via https://mastodon.nl/users/Jigsaw_You/statuses/114018619621784503

Obligatory BAN X in Europe!

Crossposted from https://programming.dev/post/25586546

Does anyone else here use https://cryptpad.fr/ ?

I'm loving it so far- it's probably the best privacy focused g suite alternative I've found. It's easy enough to use that even the non-technical among us can use it

by Lars Wilderang, 2025-02-11

Translation from the Swedish Origin

In a new instruction for fully encrypted applications, the Swedish Armed Forces have introduced a mandatory requirement that the Signal app be used for messages and calls with counterparts both within and outside the Armed Forces, provided they also use Signal.

The instruction FM2025-61:1, specifies that Signal should be used to defend against interception of calls and messages via the telephone network and to make phone number spoofing more difficult.

It states, among other things:

“The intelligence threat to the Armed Forces is high, and interception of phone calls and messages is a known tactic used by hostile actors. […] Use a fully encrypted application for all calls and messages to counterparts both within and outside the Armed Forces who are capable of using such an application. Designated application: The Armed Forces use Signal as the fully encrypted application.”

The choice of Signal is also justified:

“The main reason for selecting Signal is that the application has widespread use among government agencies, industry, partners, allies, and other societal actors. Contributing factors include that Signal has undergone several independent external security reviews, with significant findings addressed. The security of Signal is therefore assumed to be sufficient to complicate the interception of calls and messages.

Signal is free and open-source software, which means no investments or licensing costs for the Armed Forces.”

Signal supports both audio and video calls, group chats, direct messages, and group calls, as well as a simple, event-based social media feature.

The app is available for iPhone, iPad, Android, and at least desktop operating systems like MacOS, Windows, and Linux.

Since Signal can be used for phone calls, the instruction is essentially an order for the Armed Forces to stop using regular telephony and instead make calls via the Signal app whenever possible (e.g., not to various companies and agencies that don’t have Signal), and no SMS or other inferior messaging services should be used.

Note that classified security-protected information should not be sent via Signal; this is about regular communication, including confidential data that is not classified as security-sensitive, as stated in the instruction. The same applies to files.

The instruction is a public document and not classified.

Signal is already used by many government agencies, including the Government Offices of Sweden and the Ministry for Foreign Affairs. However, the EU, through the so-called Chat Control (2.0), aims to ban the app, and the Swedish government is also mulling a potential ban, even though the Armed Forces now consider Signal a requirement for all phone calls and direct messaging where possible.

Furthermore, it should be noted that all individuals, including family and relationships, should already use Signal for all phone-to-phone communication to ensure privacy, security, verified, and authentic communication. For example, spoofing a phone number is trivial, particularly for foreign powers with a state-run telecom operator, which can, with just a few clicks, reroute all mobile calls to your phone through a foreign country’s network or even to a phone under the control of a foreign intelligence service. There is zero security in how a phone call is routed or identified via caller ID. For instance, if a foreign power knows the phone number of the Swedish Chief of Defence’s mobile, all calls to that number could be rerouted through a Russian telecom operator. This cannot happen via Signal, which cannot be intercepted.

Signal is, by the way, blocked in a number of countries with questionable views on democracy, such as Qatar (Doha), which can be discovered when trying to change flights there. This might serve as a wake-

https://cornucopia.se/2025/02/forsvarsmakten-infor-krav-pa-signal-for-samtal-och-meddelanden/

cross-posted from: https://lemmy.ml/post/26039725

Andisearch Writeup

A security researcher known as Brutecat discovered a vulnerability that could expose the email addresses of YouTube's 2.7 billion users by exploiting two separate Google services[^1][^2]. The attack chain involved extracting Google Account identifiers (GaiaIDs) from YouTube's block feature, then using Google's Pixel Recorder app to convert these IDs into email addresses[^1].

To prevent notification emails from alerting victims, Brutecat created recordings with 2.5 million character titles that broke the email notification system[^1]. The exploit worked by intercepting server requests when clicking the three-dot menu in YouTube live chats, revealing users' GaiaIDs without actually blocking them[^2].

Brutecat reported the vulnerability to Google on September 15, 2024[^1]. Google initially awarded $3,133, then increased the bounty to $10,633 after their product team reviewed the severity[^1]. According to Google spokesperson Kimberly Samra, there was no evidence the vulnerability had been exploited by attackers[^2].

Google patched both parts of the exploit on February 9, 2025, approximately 147 days after the initial disclosure[^1].

[^1]: Brutecat - Leaking the email of any YouTube user for $10,000 [^2]: Forbes - YouTube Bug Could Have Exposed Emails Of 2.7 Billion Users

cross-posted from: https://lemmy.one/post/24631083

I am in the EU and wanted to buy my first domain here. I wanted to play around with making a website, hosting etc.

So I went to sites like Netim, namecheap, and porkbun. I found that they ask for my name, phone number, and address.

I'm not sure if I can make crap up there and register. I am using a temporary digital /virtual card, so I won't have too much trouble on that front.

cross-posted from: https://feddit.uk/post/24065032

I've seen this posted a couple of times in comments, it seems like a reasonable investigation in to the recent shit storm

I usually actively avoid engaging in anything to do with US politics as it's pointless getting depressed by an awful situation I have zero control over; this post is not about fueling arguments or making us all feel worse, just determining if a useful tech company has gone to shit (TL;DR: probably not).

First I'm hearing of ObscuraVPN at least, but it does seem to be a very new player in the market. However from reading through their website and Github. This service does look very promising! Though it is slightly more expensive than Mullvad.

Anyone had the chance to test their service yet? Does it seem interesting to you? Let's discuss.

cross-posted from: https://lemmy.ml/post/25882429

scarily... They don't need to to be this creepy, but even I'm a tad baffled by this.

Yesterday me and a few friends were at a pub quiz, of course no phones allowed, so none were used.

It came down to a tie break question of my team and another. "What is the run time of the Lord of the Rings: Fellowship of the ring" according to IMDb.

We answered and went about our day. Today my friend from my team messaged me - top post on his "today feed" is an article published 23 hours ago.....

Forgive the pointless red circle.... I didnt take the screenshot.

My friend isn't a privacy conscience person by any means, but he didnt open IMDb or google anything to do with the franchise and hasn't for many months prior. I'm aware its most likely an incredible coincidence, but when stuff like this happens I can easily understand why many people are convinced everyone's doom brick is listening to them....

crossposted from : https://jlai.lu/post/15113385

Does anyone know a nice iOS mail client app? Preferably open-source.

I don't really care about E2EE, PGP.., and it should have notifications. Best thing would be that I can self-host the notifications server OR have a notifications server running that's open-source (so Canary Mail it out of the question)

I want another client that isn't Apple Mail also

So far I found Preside but sadly it isn't open-source

I've been trying to figure out how to use AI in a meaningful way. There's a number of cases where it makes sense, but the way companies like to scrape and collect data is abusive in my opinion.

I am a believer that if it's free, you're the product, so I would expect any AI that has a semblance of privacy included would be a paid service.

As I investigate new tools and services, I spend/waste a lot of time reading privacy policies and TOS. What's your take on something like privacy-protector.cc? Has anyone used this, it seems straight forward, and while they do collect some identifying information, it seems reasonable.

Their privacy policy which is one of the cleanest, most straight-forward, I've seen in a while.
[https://www.privacy-protector.cc/privacy_policy](Privacy Policy)

cross-posted from: https://lemmy.ml/post/25679666

I recently put together a detailed opsec guide that covers practical steps for reducing your digital footprint, securing communications, and avoiding common pitfalls people make when trying to stay private online.

The goal was to create something that's actually useful and not just the usual "use a vpn and tor" advice. I tried to break down realistic methods that can help both beginners and people already familiar with opsec.

Id love to get some feedback from the community - what's missing, what could be improved, and if there's anything you disagree with.

Given the recent Proton controversy, I imagine quite a few people are trying to jump ship on their services. I myself was already in the process of something similar for different reasons, and looking over the services I believe addy.io to be a better fit for me than simplelogin (or Eforw, which I haven't heard much about in general, but I have a membership with) And so I would like to ask the community here about their thoughts and experiences of and with addy.io

If you're able to explain their ownership structure and the like too, that would be appreciated, given that proton is a non-profit, which is an upside for it.

Just got a darknet alert that once again OPM info was leaked...