Privacy

3385 readers
57 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 8 months ago
MODERATORS
301
 
 

I know I could and should encrypt whole drives but I want another layer of protect specific folders when my devices are unlocked, a password. I want the folders to behave like regular folders where I can add or remove files as usual, without a clunky UX like password protected zips. I looked it up and didn't find any straightforward solutions.

302
303
304
 
 

Redact is a relatively popular tool for cleaning up people's post or message history on platforms like Slack or Discord. Recently I found out about some questionable statements made by Dan Saltman, better known as Redact's creator.

Most recent behavior

From two censored r/privacy posts, where we find the CEO pretending to know which tweets a customer deleted

The Redact dev recently recontextualized tweets of a streamer hasan. but then walked it back stating he wasnt a customer like the first tweet appeared. I didnt see that before, and the op really concerned me. I don't know if I could trust them to reccomend, like have they been trustworthy in the past? And are there any alternatives that are just-work in the least?

3 months ago

From this r/privacy comment

I don't trust that platform or the guy who runs it, Dan Saltman. He recently had multiple public meltdowns. At one point, he threatened to dox Twitch employees until he could get the CEO's attention. Then he doxxed someone's name and location on a public stream, and posted a picture of them as a minor.

4 months ago

From this r/privacy post

In what appears to be a now-deleted stream, Saltman threatens to dox people multiple times. He mentions Dan Clancy, the CEO of Twitch, and threatened to dox Clancy's employees.

Did you know that they hide, by the way? Because I have a list of all the employees in Trust and Safety, and half of them hide. Sometimes... there are people... and you can't get to them. no matter what level of insane targeting you do to them. Then you have to start going to the people that they care about, and then they start caring. but I'm guessing that Dan Clancy will care if his employees that are involved with trust and safety start getting named for being antisemitic people... they are responsible. I will set up a fucking website for every single one of these motherfuckers. And that's how you make change... you make change by making the person feel the pressure of what they've done. Not the company, but the man. That's how you make change. That's how we will make change.

He also seems he threatened doxxing if they delete messages in a particular Slack channel (one he wasn't a part of.)

This guy in red. I'm not going to identify him by name. and again, if anything happens to that Slack [chat], I will identify people.

This is especially notable because Slack is one of the services Saltman's app supports.

Based on this behavior, I feel very uncomfortable using or recommending Redact.

305
 
 

(This article should be fully accessible if you have a free account. Otherwise, https://archive.is/AM0Th)

306
307
308
 
 

Archived

Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.

As China continues its digital gambit around the world, researchers are warning that hacking activity from long-tracked groups is evolving and blending together. On top of that, attackers are hiding their campaigns more effectively and blurring the lines between cybercriminals and state-backed hacking.

Last year, revelations rocked the United States federal government that the Chinese hacking group known as “Salt Typhoon” had breached at least nine major US telecoms. And the group’s rampage even continued into this year in the US and other countries around the world. Meanwhile, the Beijing-linked hacking group “Volt Typhoon” has continued to lurk in US critical infrastructure and utilities around the world. Meanwhile, the notoriously versatile syndicate known as Brass Typhoon—also called APT 41 or Barium—has been operating in the shadows.

[...]

Brass Typhoon is known for having carried out a notable string of software supply chain attacks in the late 2010s and for brazen attacks on telecoms around the same time in which the group specifically targeted call record data. The gang is also known for its hybrid activity, carrying out hacks that align with Chinese state-sponsored espionage by the Chinese Ministry of State Security, but also moonlighting on seemingly cybercriminal projects, particularly focused on the video game industry and in-game currency scams.

Research indicates that Brass Typhoon has continued to be active in recent months with financial crimes targeting online gambling platforms as well as espionage targeting manufacturing and energy firms. Its sustained activity has run in parallel to Salt and Volt Typhoon’s recent, attention-grabbing campaigns, and analysis increasingly shows that China’s state-backed hacking operations must be viewed comprehensively, not just in terms of individual actors.

[...]

309
310
 
 

cross-posted from: https://lemmy.sdf.org/post/32830658

[This is an op-ed by Valentin Weber, senior research fellow with the German Council on Foreign Relations. He is the author of the International Forum for Democratic Studies report “Data-Centric Authoritarianism: How China’s Development of Frontier Technologies Could Globalize Repression.” His research covers the intersection of cybersecurity, artificial intelligence, quantum technologies, and technological spheres of influence.]

[...]

While the financial, economic, technological, and national-security implications of DeepSeek’s achievement have been widely covered, there has been little discussion of its significance for authoritarian governance. DeepSeek has massive potential to enhance China’s already pervasive surveillance state, and it will bring the Chinese Communist Party (CCP) closer than ever to its goal of possessing an automated, autonomous, and scientific tool for repressing its people.

[...]

With the world’s largest public AI-surveillance networks — “smart cities” — Chinese police started to amass vast amounts of data. But some Chinese experts lamented that smart cities were not actually that smart: They could track and find pedestrians and vehicles but could not offer concrete guidance to authorities — such as providing police officers with different options for handling specific situations.

[...]

China’s surveillance-industrial complex took a big leap in the mid-2010s. Now, AI-powered surveillance networks could do more than help the CCP to track the whereabouts of citizens (the chess pawns). It could also suggest to the party which moves to make, which figures to use, and what strategies to take.

[...]

Inside China, such a network of large-scale AGI [Artificial General Intelligence] systems could autonomously improve repression in real time, rooting out the possibility of civic action in urban metropolises. Outside the country, if cities such as Kuala Lumpur, Malaysia — where China first exported Alibaba’s City Brain system in 2018 — were either run by a Chinese-developed city brain that had reached AGI or plugged into a Chinese city-brain network, they would quietly lose their governance autonomy to these highly complex systems that were devised to achieve CCP urban-governance goals.

[...]

As China’s surveillance state begins its third evolution, the technology is beginning to shift from merely providing decision-making support to actually acting on the CCP’s behalf.

[...]

The next step in the evolution of China’s surveillance state will be to integrate generative-AI models like DeepSeek into urban surveillance infrastructures. Lenovo, a Hong Kong corporation with headquarters in Beijing, is already rolling out programs that fuse LLMs with public-surveillance systems. In [the Spanish city of] Barcelona, the company is administering its Visual Insights Network for AI (VINA), which allows law enforcement and city-management personnel to search and summarize large amounts of video footage instantaneously.

[...]

The CCP, with its vast access to the data of China-based companies, could use DeepSeek to enforce laws and intimidate adversaries in myriad ways — for example, deploying AI police agents to cancel a Lunar New Year holiday trip planned by someone required by the state to stay within a geofenced area; or telephoning activists after a protest to warn of the consequences of joining future demonstrations. It could also save police officers’ time. Rather than issuing “invitations to tea” (a euphemism for questioning), AI agents could conduct phone interviews and analyze suspects’ voices and emotional cues for signs of repentance. Police operators would, however, still need to confirm any action taken by AI agents.

[...]

DeepSeek and similar generative-AI tools make surveillance technology smarter and cheaper. This will likely allow the CCP to stay in power longer, and propel the export of Chinese AI surveillance systems across the world — to the detriment of global freedom.

[Edit typo.]

311
312
313
 
 
314
33
submitted 3 months ago by db0 to c/privacy
315
 
 

Industry groups have submitted deregulatory wishlists for the Federal Communications Commission's "Delete, Delete, Delete" initiative that aims to eliminate as many regulations as possible.

Broadband providers that want fewer telecom regulations and debt collectors opposed to robocall rules were among those submitting comments to the FCC in response to Chairman Brendan Carr's request for public input. The Carr-led FCC last month issued a public notice asking for help with "identifying FCC rules for the purpose of alleviating unnecessary regulatory burdens."

The FCC said it opened the official proceeding—which is titled "Delete, Delete, Delete"—because "President Trump has called on administrative agencies to unleash prosperity through deregulation and ensure that they are efficiently delivering great results for the American people." Initial comments were due on Friday, and there is an April 28 deadline for reply comments.

The docket has comments submitted by AT&T, Verizon, and the top lobbying groups for the cable, telecom, and mobile broadband industries. Starlink-owner SpaceX and Amazon's Kuiper submitted wishlists for satellite deregulation. The FCC also received deregulatory requests from prison phone company Securus, TV broadcasters, and multiple groups that want less strict robocall rules.

316
 
 

Your location data isn't just a pin on a map—it's a powerful tool that reveals far more than most people realize....

317
 
 

Privacy gives you the freedom to live your life in a way that best suits your personal goals and needs, without having to constantly balance every action between "the private game" (your own needs) and "the public game" (how all kinds of other people, intermediated by all kinds of mechanisms including social media cascades, commercial incentives, politics, institutions, etc, will perceive and respond to your behavior)

Without privacy, everything becomes a constant battle of "what will other people (and bots) think of what I'm doing" - powerful people, companies, and peers, people today and in the future. With privacy, we can preserve a balance.

318
 
 

A chart titled "What Kind of Data Do AI Chatbots Collect?" lists and compares seven AI chatbots—Gemini, Claude, CoPilot, Deepseek, ChatGPT, Perplexity, and Grok—based on the types and number of data points they collect as of February 2025. The categories of data include: Contact Info, Location, Contacts, User Content, History, Identifiers, Diagnostics, Usage Data, Purchases, Other Data.

  • Gemini: Collects all 10 data types; highest total at 22 data points
  • Claude: Collects 7 types; 13 data points
  • CoPilot: Collects 7 types; 12 data points
  • Deepseek: Collects 6 types; 11 data points
  • ChatGPT: Collects 6 types; 10 data points
  • Perplexity: Collects 6 types; 10 data points
  • Grok: Collects 4 types; 7 data points
319
14
Smartwatch (self.privacy)
submitted 3 months ago by yoru77 to c/privacy
 
 

I would like to know if there is a smartwatch focused on privacy. I don't want to sell my data to any company

320
 
 

cross-posted from: https://lemmy.sdf.org/post/32709886

Big Tech have mastered the art of delay and deflection. Under the GDPR’s ‘one-stop-shop’ mechanism, cases are often handled by regulators in the country where a company is based, rather than where harm occurs. This means that when someone in France, Poland, or Spain suffers from unlawful data misuse by a company based in Ireland or Luxembourg, their complaint can get stuck in an enforcement black hole.

[...]

Right now, EU policymakers have a chance to fix this. The GDPR Procedural Regulation—currently in negotiations—could finally close these enforcement loopholes. It could ensure faster, more efficient investigations, remove barriers to redress, and empower DPAs to take meaningful action. The regulation is not just about bureaucratic processes; it is about making GDPR enforcement a reality, ensuring that cross-border cases are handled fairly and efficiently, rather than getting lost in the complexity of the one-stop-shop mechanism.

Yet, despite its significance, this file has not received the attention it deserves. Too often, procedural law is dismissed as ‘boring’ or ‘too technical’—just another set of legal rules that seem far removed from everyday life. But this perception is dangerously misguided. In reality, this regulation underpins the very foundation of human rights online. It determines whether people [...] can seek justice when their data is misused, whether harmful algorithmic profiling can be stopped, and whether the EU’s much-celebrated digital rights framework has real teeth. Many of the harms EU institutions claim to be concerned about – from misinformation to AI-driven discrimination – are exacerbated by the enforcement failures this regulation seeks to address.

Data protection is not just about privacy—it’s about power, and about many other fundamental rights. If we allow enforcement failures to persist, we allow gigantic corporations and other bad actors to control, distort, and weaponise our identities and deepen vulnerabilities. The EU must act now to ensure that GDPR enforcement becomes a reality, not just a promise.

[...]

321
322
 
 

Found through, and title from, Nullagent. The thread is definitely worth checking out.

https://partyon.xyz/@nullagent/114332265416001848

323
 
 

The best way to install them is through the F-Droid store, which is a catalogue of FOSS software for Android. It's installable by downloading the .apk file linked on the front page of the F-Droid projec'ts website. The mentioned apps from the Karlsruhe Institute of Technology can then be found by searching for "SECUSO", which is the name of the research project behind them all. Alternatively, you can also get them through the Google Play Store under this link or again by searching for "SECUSO". In particular, I recommend getting the QR code reader, because many of the free-to-use scanners route everything you scan through their servers, so they're obviously collecting your data.

324
325
view more: ‹ prev next ›