Privacy

IronFox is Firefox ESR-based, completely de-Googled, has zero telemetry, and comes pre-hardened for privacy.

IronFox is a fork of Divested Computing Group's Mull Browser, based on Mozilla Firefox. Our goal is to continue the legacy of Mull by providing a free and open source, privacy and security-oriented web browser for daily use.

Version IronFox v140.0.4 released, .apk available for download here.

More discussion about the browser here.

Unfortunately, not available in FDroid yet.

A very detailed guide on the privacy implications of Mastodon (how it's better and what to look out for)

cross-posted from: https://lemmy.dbzer0.com/post/49033194

Sorry if this is not the high brow discussion this com is for.

I travel a lot between different countries in the Middle East which have restrictive laws, and I live in one that is slowly becoming more competent technologically. I have to stay for an extended time in different places, so I’ve been connecting through always-on VPN out of the same place and it’s been working fine for now. But Digital ID laws are quickly going to close things off from me.

My risks that I’m trying to avoid are as follows:

I’ve just been permanently using a single reputable VPN and single exit city for all of my traffic for the past while. Digital ID laws in the UK and EU will make this increasingly infeasible and I will probably have to exit out of somewhere new like Switzerland. I don’t know if those servers might be more trouble due to increased abuse for example.

Just want to know how others are dealing with this. Is just stomaching the wave of verifications after logging into all my emails from a new country the only price to pay? Is the world going to shit and should I rethink “just” using a VPN? Is it VPS time now that more and more things are being blocked from VPN access? Do I give up on the internet a decade ahead of schedule and chop wood in the woods until Israel’s AI mistakes my shack for a children’s hospital and drops heavy munitions on me?

I’m really hesitant to start using two sets of devices, some for insecure local traffic and some for encrypted traffic. I don’t think carrying like four laptops through airport security would keep eyes off of me.

While most of the technical solutions suggested by the replies in my original thread are probably good for different use cases, I'm just chasing the original high of the anonymous internet of my childhood, I just want to blanket route all my traffic through one place and not have to think much about it. Too naive? I'm sure. But I have no big threat to worry about in my scenario, at least now. This is just basic I-want-to-network-out-of-view-of-ISPs.

My main exit nodes have been in the UK, since that was a good compromise between the US's wild west privacy/surveillance and not being blocked by US stuff that wasn't GDPR compliant. I know the UK was never the bastion of internet freedom, but it was a practical option. Especially getting English-as-default for everything, which is something I missed. When the internet went hyper-mainstream in the 2010s, I was no longer getting a standardized English internet like everyone else, I got a localized badly-Arabic-translated version that assumed I want the strictest filtering on everything. Moving over to always-on VPN has made me feel like I got something back. Especially now that ISPs around me are no longer as careless as they once were.

Now the UK is introducing digital ID, and services have started to comply. I'm not a regular Reddit user, but I still would like to access the site without sending them a selfie (or my ID, of course). Nexus mods is enforcing this now as well, and while I haven't used it in ages, it's still a big public repository of stuff I'd want to go through at some point. Digital ID really goes against everything I believe about the internet, this concept of me being on the same anonymous playing field is directly under attack from laws like this, and it is fueling a lot of tech doomerism thinking inside of me. The last thing I want is for an any account of mine, regardless of how infrequently I use it, to be permanently blocked for lack of ID. I know we love our piracy here, but I am a Steam user as well, and with the amount of money I've put into their service (and how much I use it), I would have no choice there. But that's the only one, I think.

Someone in the thread suggested Singapore, I was thinking Ireland or Switzerland, as good exit node countries. Ireland has only two Mullvad servers (which is a problem). Switzerland I'd think would be very popular with scammers. And Singapore would, if nothing else, make my terrible ping even worse.

There's also the fact that a lot of things are now getting blocked more often from VPN servers and it is pretty annoying. Random Imgur links and so on.

I know this is more of a meandering rant than a pointed question, but I just want to hear some of your thoughts on this.

Cross-posted from "Reddit’s UK users must now prove they’re 18 to view many types of content" by @[email protected] in [email protected]

cross-posted from: https://lemmy.zip/post/43948771

Reddit hires company to verify user age with selfie or photo of government ID.

Axon Enterprise’s Draft One — a generative artificial intelligence product that writes police reports based on audio from officers’ body-worn cameras — seems deliberately designed to avoid audits that could provide any accountability to the public, an EFF investigation has found.

TLDR: Drug dealers in Catalonia have started to adopt GrapheneOS en masse leading to Catalan police suspecting anyone with a Google Pixel is a drug dealer

[email protected]

Or what do you use them for? Isn't it now quite easy for websites to track outside of just cookies?

OC by @[email protected]

I know there are plenty of software missing from here. This is just a fun infographic I made, no need to take it seriously :)

An arson attack in Colorado had detectives stumped. The way they solved the case could put everyone at risk.

• https://web.archive.org/save/https%3A%2F%2Fwww.wired.com%2Fstory%2Ffind-my-iphone-arson-case%2F
• https://ghostarchive.org/search?term=https%3A%2F%2Fwww.wired.com%2Fstory%2Ffind-my-iphone-arson-case%2F
• https://archive.today/?run=1&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Ffind-my-iphone-arson-case%2F

According to court documents, the company uses a staged process when responding to reverse keyword warrants to protect user privacy: First, it provides an anonymized list of matching searches, and if law enforcement concludes that any of those results are relevant, Google will identify the users’ IP addresses if prompted by the warrant to do so. DPD’s warrant had gone too far in asking for protected user information right away, and it took another failed warrant 20 days later and two calls with Google’s outside legal counsel before the detectives came up with language the search giant would accept.

Finally, the day before Thanksgiving 2020, Sonnendecker received a list of 61 devices and associated IP addresses that had searched for the house in the weeks before the fire. Five of those IP addresses were in Colorado, and three of them had searched for the Truckee Street house multiple times, including for details of its interior.

In early December, DPD served another warrant to Google for those five users’ subscriber information, including their names and email addresses. One turned out to be a relative of the Diols; another belonged to a delivery service. But there was one surname they recognized—a name that also appeared on the list of 33 T-Mobile subscribers they’d identified earlier in the investigation as being in the vicinity of the fire.

Another warrant to Google yielded the three teens’ search histories since early July. In the days before the fire, Siebert searched for retailer “Party City.” On Party City’s website, Baker spotted masks similar to those worn by the three perpetrators.

In June 2022, just when it seemed like the prosecution could finally proceed, Seymour’s lawyers dropped a bombshell. They filed a motion to suppress all evidence arising from the reverse keyword search warrant that DPD had served to Google—the key piece of information that had led detectives to Bui and his friends.

After a five-month wait that Sandoval remembers as “gut-wrenching,” the court finally ruled in October 2023. In a majority verdict, four judges decided the reverse keyword search warrant was legal—potentially opening the door to wider use in Colorado and beyond.

Developer @[email protected]

I just released the first version of Gosuki, a multi-browser real time bookmark manager I have been writing on and off for the past few years. It aggregates your bookmarks in real time across all browsers and even external APIs such as Reddit and Github.

• Github: https://github.com/blob42/gosuki
• Documentation: https://gosuki.net/
• Video Demo

I was always annoyed by the existing bookmark management solutions and wanted a tool that just works without relying on browser extensions, self-hosted servers or cloud services. As a developer and Linux user I also find myself using multiple browsers simultaneously depending on the needs so I needed something that works with any browser and can handle multiple profiles per browser.

The few solutions that exist require manual management of bookmarks. Gosuki automatically catches any new bookmark in real time so no need to manually export and synchronize your bookmarks. It allows a tag based bookmarking experience even if the native browser does not support tags. You just hit ctrl+d and write your tags in the title.

Feature Highlights:

• A single binary with no dependencies or browser extensions necessary. It just work right out of the box.
• Use the universal ctrl+d shortcut to add bookmarks and call custom commands.
• Tag with #hashtags even if your browser does not support it. You can even add tags in the Title. If you are used to organize your bookmarks in folders, they become tags
• Real time tracking of bookmark changes
• Builtin, local Web UI which also works without Javascript (w3m friendly)
• suki cli command for a dmenu/rofi compatible output
• Modular and extensible: Run custom scripts and actions per tags and folders when particular bookmarks are detected
• Browser Agnostic: Detects which browsers you have installed and watch changes across all of them
• Also handles multiple profiles per browser
• Stores bookmarks in a portable sqlite database compatible with the Buku. You can use any program that was made for buku.
• Can fetch your bookmarks from external APIs (Reddit and Github for now).
• Easily extensible to handle any browser or API

It's open source with an AGPLv3 license, Checkout the README and website docs for more details.

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

On the internet, it’s easy to feel anonymous. If you don’t log in, no one can see who you are; you can even switch to incognito mode. The more savvy user would say that’s not really enough. To be anonymous, you need to clear your cookies and use a privacy-oriented browser.

But new research shows even that doesn’t work anymore. Websites are still tracking you — silently, persistently, and without your consent — by reading your browser’s unique “fingerprint.”

Interesting counterpoint to the stuff we sometimes talk about here. It's more for public chat rooms though. MLS (RFC 9240) still interests me and I've been wanting to try coding it.

United States Customs and Border Protection (CBP) is asking tech companies to pitch digital forensics tools that are designed to process and analyze text messages, pictures, videos, and contacts from seized phones, laptops, and other devices at the United States border, according to documents reviewed by WIRED.

The agency said in a federal registry listing that the tools it’s seeking must have very specific capabilities, such as the ability to find a “hidden language” in a person’s text messages; identify specific objects, “like a red tricycle,” across different videos; access chats in encrypted messaging apps; and “find patterns” in large datasets for “intel generation.” The listing was first posted on June 20 and updated on July 1.

CBP has been using Cellebrite to extract and analyze data from devices since 2008. But the agency said that it wants to “expand” and modernize its digital forensics program. Last year, CBP claims, it did searches on more than 47,000 electronic devices—which is slightly higher than the approximately 41,500 devices it searched in 2023 but a dramatic rise from 2015, when it searched just more than 8,500 devices.