Privacy

Since 2022, with Android 11, Google removed this access from app developers. Under their new package visibility policy, apps should only see other installed apps if it’s essential to their core functionality. Developers must also explicitly declare these apps in the AndroidManifest.xml file - a required configuration file for all Android apps.

For extremely specific use cases such as file managers, browsers or antivirus apps, Google grants an exception by allowing QUERY_ALL_PACKAGES permission, which provides full visibility into installed apps.

I don’t use Android as my primary phone, but I have a spare one and I was really curious to find out which apps from Indian companies had checks to see what other apps I had installed.

So I downloaded a few dozen Indian apps I could think of on top of my head and started reading their manifest files. Surely they will be respectful of my privacy and will only query apps essential to their app's core functionality? 🙃

cross-posted from: https://lemmy.blahaj.zone/post/23777198

especially estonians

Original question by @[email protected]

Looking for the most privacy respecting baby monitor available. Doesn't have to be overly complicated, just the ability to watch a video feed from an app on my phone. It's a must have from the wife, so trying to find the best option and accepting some losses in privacy is likely necessary.

https://www.theguardian.com/uk-news/2025/mar/24/german-blacklisted-and-unable-to-get-job-after-london-criminal-steals-id

I have been looking into data removal tools like Mozilla Monitor and Incogni, which charge a monthly price to remove your data from data broker sites. According to Mozilla, all they need is your name, bday, and address. I know doing this myself would be more efficient, but I don't have that much free time on my hands.

I already take source preventative measures like using alternative OSes, always on VPN, using foss/privacy friendly apps and software etc. so all that is really out there is likely to be just government or job related information. If my threat model is simply anti-corporate data harvesting, security against convenience crimes, and basic privacy, how valuable are services like this? Are they worth just paying 1 month for and then cancelling?

cross-posted from: https://lemmy.world/post/27420305

Encryption can’t protect you from adding the wrong person to a group chat. But there is also a setting to make sure you don’t.

You can add your own nickname to a Signal contact by clicking on the person’s profile picture in a chat with them then clicking “Nickname.” Signal says “Nicknames & notes are stored with Signal and end-to-end encrypted. They are only visible to you.” So, you can add a nickname to a Jason saying “co-founder,” or maybe “national security adviser,” and no one else is going to see it. Just you. When you’re trying to make a group chat, perhaps.

Signal could improve its user interface around groups and people with duplicate display names.

My router was playing up, initially I couldn't get my phone to connect, which I thought was my fault - since I started running grapheneOS but then other devices stop connecting and then those that were connected couldn't access certain sites etc.

I still live at home, so my mum who isn't technologically literate phoned the ISP, and attempted to fix it. Turns out it just needed a reset, as the last time it had been reset was 8 years ago.

What was a surprise was that the ISP guy told my mum how many devices were connected to the internet. She found that immensely creepy.

I doubt there's anything I can do to reduce the trust burden with an ISP, beyond telling my mum to use a VPN. My threat model always had ISPs as a risk that had to be taken, however I am curious as to if there is anything at all that can be done! That's also not immensely impractical?

There are so many great reasons to be on Signal. Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations. Don’t sleep on this opportunity…

Editing to add the link to the messages: https://archive.is/2025.03.26-131842/https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegseth-goldberg/682176

Original post text

Given the recent detainment of a French person who got detained because he said something bad about the current administration in his WhatsApp messages. It makes me wonder if WhatsApp is truly end to end encrypted as they claimed. How did they even single him out?

As a corollary question, if I were to pass Customs, and if I delete WhatsApp , Reddit etc just before I reach the counter, will they be able to find out that I just deleted the apps minutes ago? I’ll be deleting them from my phone but keep them on the cloud.

cross-posted from: https://lemmy.sdf.org/post/31583546

Archived

Security researcher Tenable successfully used DeepSeek to create a keylogger that could hide an encrypted log file on disk as well as develop a simple ransomware executable.

At its core, DeepSeek can create the basic structure for malware. However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features. For instance, DeepSeek struggled with implementing process hiding. "We got the DLL injection code it had generated working, but it required lots of manual intervention," Tenable writes in its report.

"Nonetheless, DeepSeek provides a useful compilation of techniques and search terms that can help someone with no prior experience in writing malicious code the ability to quickly familiarize themselves with the relevant concepts."

"Based on this analysis, we believe that DeepSeek is likely to fuel further development of malicious AI-generated code by cybercriminals in the near future."