Privacy

So we know the UK, France, Sweden and Australia all have “pondered out loud” about getting platforms like Signal to allow backdoors into encrypted calls and messages.

This creates a sense of safety about these platforms being secure, because governments want to come after them.

Here’s a tinfoil hat take: Five Eyes is significantly reducing inter cooperation. The non-fascist parts of the alliance don’t want to share with the obvious authoritarian, but the authoritarian one used to share the fruits of their established backdoors with them, and now they don’t.

Note that the US isn’t asking signal for a backdoor. Why? Back in 2015-2016 (last years of Obama), Apple had a loud and visible feud with the FBI. Since the authoritarian came to power, this all disappeared from the media. Interestingly, 10 years have gone by since that moment, every single aspect of our lives has become more surveilled, and somehow the US govt has stopped trying to get into phones? *While the CEO is making hand deliveries of 24 karat gold bars to the Oval Office?

TLDR; I think a safe assumption that they are in our devices by now. Fundamentally people misunderstand encryption. Encryption is only as strong as the weakest link. If your signal chats are unencrypted for consumption on your device, then that’s when the unencrypted content can be captured.

For the longest time, Apple stored your iCloud backups encrypted. Looked good in marketing materials, until they casually admitted the decryption key is stored in the same cloud.

Combine this with ICE capturing citizens without due process. If you have a vanilla smart device, you’re doing the surveillance for them. /tinfoilhat

Why was I banned from GrapheneOS? That’s a good question.

Why I was banned from GrapheneOS by Daniel Micay)

cross-posted from: https://lemmy.ml/post/34907678

Hopefully ADP will be restored soon

Being pushed for a technologically illiterate ex headteacher as usual.

So I decided to use my really old pixel 3a as a test of sorts. It has calyxos, with always on VPN (surfshark). I have no accounts on it, google or anything else. I usually use it for streamio or tiktok.

But I have noticed that I am still getting video recommendations based on what my flatmate watches (we share an internet router). Or what I watch on my other non-VPNed devices.

So what gives?

I am looking for an explanation as to why its happening, not just how to fix it. Btw I also use private DNS so dns leaking is not the likely culprit.

Anyone knows how to debug this info leak?

Like, for example, what if someone doesn't like cheese on their sandwich? Or loves pineapple on ther pizza? (its honestly good when combined with ham)

That plus your height and body shape and gender (as they can hear from your voice) is gonna narrow down the possibilities.

So, I'm looking to maybe possibly use a more secure OS for my phone, and I'm torn between these two. I'm mainly looking at Privacy for my main concern, though security never hurts obviously, and also app compatibility and ease of use. I'm also considering a Fairphone for my next phone down the line, and I'd probably have to go with /e/OS for that, so would it be worth it to just go with that now? Or change later?

I usually don’t try using coupons since many of the codes shown on websites don’t work, but I feel bad for not trying hard or smart enough. I’ve heard good things about Retailmenot, I haven’t tried it yet but I wondering if there are privacy trade-offs.

Accrescent, for those who don't know, is an alternative android app store. They aim to compete directly with the play store, so unlike F-Droid they include both FOSS and proprietary apps. They are also very security focused. They're still small but I find their approach interesting and their ambition worth supporting.

Unfortunately, as with many FOSS projects, funding is a challenge. If you believe they are worth supporting, please read the linked blog post.

Disclaimer: I'm not affiliated with the project in any way, just a fan trying to raise awareness.

cross-posted from: https://programming.dev/post/35752925

GitHub Repo.

• 繁體中文;
• Deutsch;
• 日本語;
• Türkçe.

Of the largest android sellers, only samsung requires gplay. Xiaomi, vivo, oppo, realme, honor, are all chinese companies that require non-bundled google play for their domestic (and maybe other countries?) releases. Google can't alienate these sellers, and if they did, all of these companies would create their own AOSP fork (or just switch to HarmonyOS)

I recently bought a xiaomi android tablet that doesn't have google play services luckily.

Comrade dessalines, shilling chinese corpo slop instead of the standard open-source solutions.

Not very revolutionary!

While technically true, this feels malicious.

Let me swap the pedo king for shepooh!

BeaconDB has a database with the location of millions of Wi-Fi access points around the world. I worry that someone could somehow discover what my SSID is and look it up in the darabase.

Would it be possible? Could someone associate my IP address with my SSID and then find where I live?

I would like to express concern about the future of the Signal messenger. Although Signal currently has a significantly smaller audience than WhatsApp, there are existential risks associated with the messenger covering a larger number of users. Is it rational to say that the goal of this messenger is to be used by the largest number of users, so let's assume for a moment that Signal was able to achieve its mission and most WhatsApp users switched to Signal - I know this is right now unrealistic, but even 30% of users would be an enormous, huge number. Thus, what is the future of the messenger when it starts organizing communications for 1 billion users worldwide?

Would it be rational to assume that counterintelligence forces and special police will send their agents to the organization as undercover workers to sabotage the work and embed backdoors during companies in the context of company growth and staff expansion in this scenario? The question is rhetorical.

I would like to hear the response of the company's president to this existential threat, and to thank for their work.

• Spotify is now asking UK users to prove their age to access mature content
• The age verification checks have been introduced as part of the UK's Online Safety Act
• Spotify says it will present age checks if it suspects you're under 13, but many users have encountered checks despite being over 18

Spotify has become the latest app to introduce measures designed to comply with the UK's Online Safety Act, by asking users to undergo age verification checks if they want to view or listen to age-restricted content – and many users aren't happy.

The age verification requirements of the Online Safety Act came into effect from July 25, and requires all platforms that display adult content to verify that users are over 18 using age verification checks.

So far, we've seen the likes of Xbox, Discord and Reddit introduce age verification, and now Spotify has done the same.

Latest Videos From TechRadar

Like Reddit and X, Spotify has partnered with digital identification firm Yoti, a service that conducts age checks via facial scanning. For Spotify users, Yoti will use different means of age verification, from facial scanning to requesting a scan of your ID if it suspects you’re under 13 (Spotify’s minimum age requirement).

It will also use algorithmic methods to estimate a user’s age. But Spotify is taking it a step further, stating in its official outline that "your account will be deactivated and eventually deleted" if you fail to complete the age verification process.

While Yoti claims that your data will be kept safe, and eventually deleted, the new requirement has caused uproar among some Spotify users.

Some have take to forums such as Reddit to point that young people are clever enough to find ways around the checks, for example using a VPN to change their location to somewhere other than the UK – and a minority have even threatened to revert to piracy (see below). What is ‘mature content’ in Spotify?

A phone on a green background showing a Peaches album on Spotify (Image credit: Spotify)

This is the burning question among Spotify fans, considering the music streaming app doesn't host X-rated content on the same scale as Reddit or X. However, the platform does have certain features that are aimed at mature users.

In Spotify's case, you may be asked to verify your age if you try to "access some Spotify content and features, like Music videos that are labeled as 18+ by rightsholders". This could also apply to podcasts that discuss mature content and songs with explicit lyrics.

Fortunately, there is a way back if your account becomes deactivated due to an inaccurate age estimation. According to Spotify, you'll get an email that "allows you to reactivate your account within 90 days of deactivation", after which you'll need to go through age verification checks again.

So far, I haven’t been asked to verify my age in the Spotify app when trying to access mature podcasts and music videos, but a handful of users on forums like Reddit who are well over the age of 18 have have already encountered the checks. Why have VPNs become so popular?

Spotify has explained in various community posts that it isn't designed to work with VPNs, and you naturally shouldn't use one to circumvent any age verification checks.

However, this hasn't stopped free VPNs from dominating Apple's UK App Store, as internet users look to find ways of protecting their data from future breaches, or perhaps even bypass those checks completely.

VPNs work by encrypting your internet traffic, but they're not all equal – so it's important to choose the right one for your needs. Free VPNs can log an excessive amount of data, which could ultimately put your privacy at risk, and sometimes lack important security features.

I know some people might not like NPR, but the message matters and can help someone you know. In particular this story touches on women's issues.

cross-posted from: https://lemmy.ml/post/34252188

A couple of weeks ago, we made a post announcing our new privacy podcast, Signal Jam. We were surprised by the traction it gained, and are grateful for the warm reception and greetings we received.

As of today, we have our own Lemmy community, over at [email protected]. We'll post new blog entries and episodes as they become available. It will also serve as a redundancy for verification of our contact information (GPG keys, Signal, emails, etc.).

If you want to follow along and engage in some discussion over there, consider this your invite!

We don't want to clog up [email protected] with our stuff, so from now on, we will make posts exclusively on our community, though we may engage in comments here from time to time.

Thanks y'all! Looking forward to hearing from more of you in due time. 🙂