cross-posted from: https://lemmy.nz/post/24413447

Extensive passenger data has been sold to the US Government by major airline companies including Delta, United Airlines, and American Airlines, new documents reveal.

US travellers' domestic flight records, including their names, full itineraries, and financial details were sold to Customs and Border Protection (CBP).

CBP is a part of the Department of Homeland Security (DHS). They said they acquired the data to track people of interest's air travel.

The documents, obtained by 404 Media, showed that passenger information was sold through a data broker that major airlines including Delta, American Airlines and United Airlines collectively own.

Starting in Firefox 138, Mozilla started gating Firefox Labs features behind data collection.

Mozilla had announced that some new Firefox features would be released via Firefox Labs.

It is now a few hours since I posted, and there is reason to celebrate – Mozilla is updating Firefox Labs to let people access features without needing to enable data collection.

“To facilitate this vetting, all applicants for F, M and J non-immigrant visas will be asked to adjust the privacy settings on all their social media profiles to ‘public’”, the official said. “The enhanced social media vetting will ensure we are properly screening every single person attempting to visit our country.”

Most people either use google as their search engine, or one of the "privacy friendly ones" (ddg, qwant, brave, startpage, ...), or use self hosted or publicly available metasearch engines, like searxng, or whoogle, etc.

This websites lists out websites which have their own indexes, and which depend on big providers.

Why YSK?

It is good for your privacy to not use a big provider like google, which now prefers to serve you ai generated ssummaries, which are based on a few giant websites, and this is not good for a open web.

I am also a person who almost always uses "(insert query) reddit" to get better results, because I mostly do not want SEO spam, and reddit results used to be human generated content. Now even that is hit and miss. Also, reddit made a deal with google, so for newer results from reddit, you can only get them from google.

Then we have the "privacy friendly ones" which most of the time are wrappers for other bigger indexes, for example ddg famously uses bing, brave "suppliments" (read this suppliments as almost always) it's results from google, startpage is basically a google frontend, etc. Brave, qwant, and few others also claim to have their own indexes, but they are small and not rich as google and bing. Also, wwhen you think about it - what is their business model - how do they get money for the search apis - most either serve adds or have some form of tracking. Also, bing has "kinda" closed it's search api (not really clear about this), so many of these privacy friendly options will have to either switch to google, or only serve using their indexes.

Meta-search engines kinda seem like better options, as you can run searxng on your own machine, or use the public ones, but it still has problems. You are still bringing the big providers traffic, which makes their advertisement clients happier and prefer them over smaller search engines. If you use a public instance, then it is good for your privacy, but the public instance would now generate a lot traffic, and often get banned or rate limited, and hence you can not rely on them. If you use your personal instances (I did this for a long time), you will still be tracked as your IP is still visible. You avoid their annoying ui and popups but still are tracked.

So what should you use?

You can only decide this. I would prefer something which has a reasonable business model - if they do advertisement, that should ideally be non tracking. Ideally their client and server code should be foss (so you can verify their claims), or have paid plans or apis if you do not want ads.

For example, Kagi has only paid plans, but I do not prefer or use them, because they are expensive (5 dollars for 300 searches per month or something similar. I am from one of third world countries, and 5 dollars is a lot. plus 300 searches seem less to me) but that is subjective, and your privacy has a price, so this is not neccessarily a objectively bad thing. But their code is closed source, and they do not completely use their own indexes.

I have also used Mullvad's Leta search engine for about a month, and they are now effectively frontends for brave search or google (you can choose). Their business plan initially was that Leta was only available to their VPN clients, and VPN subscription would supplement the search cost. Now they have it available for free, so I do not really understand their business plan (maybe the number of clients they have is large enough, and number of leta users is small, that they can afford to run leta for loss, and maybe as possible advertisement for mullvad. Mullvad to me is a good privacy centric company. I am not their client, but they seem to be trust worthy. You can try them, but you would still support some big provider.

You can also try the independent search providers listed in the article. They are often small, serve bad (subjectively speaking; your taste regarding search engines is also heavily tuned to google like results because of years of exposure to it) results, but using them also supports open web (you would often find that these smaller providers do not have good indexes for big websites, and sometimes it is intentional, sometimes it is a byproduct of them being careful, or the websites banning/rate limiting then).

I have now started trying stract, and will try others too. You should also consider trying some independent search engines.

In my personal case - I have a offline setup where I have large sections of wikipedia and a few other websites (like programning language docs, or my favorite manga wiki, will be adding much of stack overflow soon) available offline, and I use my custon launcher to search through them (faster then searching them online). I bookmark a lot of sites (~ 2000) and do this to stop searching the same stuff over and over again. This has reduced at least 30-40% of all my searches. But I still need a search engine for anything I do not have currently, or stuff I do not/ can not get. I am trying stract, because it is open source, they seen to have some fine plans for business in future (non tracking, current search term related ads or subscription service ; currenlty they are running on previous funding from nlnet); search results are acceptable (not good, but servicable); and finally - it is written in RUST (I an a rust fan). I am not affiliated with the project, but just spreading a good word because I just found them, and could not find much online.

PS: I am not used to writing much, and not a good typist. Please forgive the brevity. Feel free to correct me, both on spellings and content

Hello everyone. I'm in the process of migrating approx 28 users to Threema. I would appreciate any spare promo codes that you might have. Many thanks!

Cock.li confirmed the validity of the breach based on sample data and column structure, stating that the exposed dataset includes roughly 1,023,800 user records. The compromised fields include email addresses, timestamps of first and last webmail logins, failed login attempt data, language preferences, and serialized Roundcube user settings such as webmail signatures and interface configurations. Additionally, approximately 93,000 contact entries associated with around 10,400 users were leaked, containing names, email addresses, comments, and vCard data.

Not sure why people ever trusted a meme email provider in the first place...

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-06-16
Period: 2025-06-01 to 2026-05-31
Expiry: 2026-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is July 16, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

1. We are changing from twice-yearly to once-yearly canaries

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

16 Jun 25 19:17:39 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
"Teacher Li": Catching Up with the Most Effective Chinese Regime Opponent
Firing at the Desperate: Palestinians Killed as They Gather to Receive Relief Supplies

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Live Updates: Israel Strikes Iranian State TV as It Expands Targets in Tehran
With No Clear Off-Ramp, Israel’s War With Iran May Last Weeks, Not Days

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
No further damage seen at Iran nuclear sites, global watchdog says
'Nowhere feels safe': Iranians on life under Israeli attacks

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
00000000000000000000f2c3a15949aac2f6d7bc153330a4fca496f68c8c4b21

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmhQbsQACgkQaLi8sMUC
OQW6Ng//aVnkEMdWFTbwBkDD5k7i1+sdoX1XwigV/hYHoTBJqeIATbw3uvdqiQfx
/VY8sCJUFyLjAqSmEb7rXMjvVy0PFWP7zS4BJgGimEkNoIYRQBfY7txK9uD7ZJ1n
02ybYu7VwEoBJPtwmP4rp6Vpb5rVXmN//ezXDHteLvLEGTKSJ6X/O7tEPtUNbJmR
37KvkKPLY4txkm0z/3ChGVCicQPO9R7d+Xh2TUo9xXPyVneYTRhjSjWfwpcg0Z58
xW5KTGDbB09HMdrmWkl2aOQrf0GgHjPUapOXy1CB3NBR84j6Nsr2Pod3dOuS7moQ
VKnokMS6/dTTvoUbjUpSizDZu+Te2RYanV2I3gt5CHKDNhyFUh4EYOMPqje1dy8j
bf5I4p0qsZkRN12IvIQzDVKKq4guD7zQuagpWvi0d7OtNldT2lu7G2uWQ55WLej0
4QbFn7WCeEWyMXhQHYVYjY8QZPSIHTLHUBTm59+/CGEXYB9WeVi3g2sbD9Aasgod
Te7pm3SC4Sg+F8v7SCoPbxY9VXdCUREOsxPybYrtbFgkdnZwsb2YlN7UDJ9Lqz7i
GYMqX7JNpt7R+Zbp4TQCy1yQY4gNR4H2E1Z2o+3cRTygbUHV58/L0IJc+lO6oHJY
Sa4k/6pswal3CYJSu+imbRmhoFnpv1pFZ1ch2b8k8K/1q727NkU=
=1XvB
-----END PGP SIGNATURE-----

What is a Warrant Canary?

The BusKill team publishes cryptographically signed warrant canaries on an annual basis.

Although security is one of our top priorities, we might not be able to inform you of of a breach if served with a State-issued, secret subpoena (gag order).

The purpose of publishing these canary statements is to indicate to our users the integrity of our systems.

For more information about BusKill canaries, see:

• https://buskill.in/canary

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

cross-posted from: https://programming.dev/post/32339919

The Nectar project offers 'advanced data analysis' using a wide range of sensitive personal information

A controversial US spy tech firm has landed a contract with UK police to develop a surveillance network that will incorporate data about citizens’ political opinions, philosophical beliefs, health records and other sensitive personal information.

Documents obtained by i and Liberty Investigates show Palantir Technologies has partnered with police forces in the East of England to establish a “real-time data-sharing network” that includes the personal details of vulnerable victims, children and witnesses alongside suspects.

Trade union membership, sexual orientation and race are among the other types of personal information being processed.

The project has sparked alarm from campaigners who fear it will trample over Britons’ human rights and “facilitate dystopian predictive policing” and indiscriminate mass surveillance.

Numerous police forces have previously refused to confirm or deny their links with Palantir, citing risks to law enforcement and national security. However, forces in Bedfordshire and Leicestershire have recently confirmed working with the firm.

Liberty Investigates and i have learned that those projects involve processing data from more than a dozen UK police forces and will serve as a pilot for a potential national rollout of the tech giant’s data mining technology — which has reportedly been used by police forces in the US to predict future crimes.

Edit: Matrix isn't going freemium, it's introducing premium accounts to fund the matrix.org homeserver. Thank you for the corrections in the comments.

~~Matrix is going freemium~~ Matrix is introducing premium accounts and WhatsApp is adding ads, which is sparking the annual "time to leave [app]" threads.

Users don't care that much about privacy, but they do care about enshittification, so XMPP not being built for it shouldn't be a problem.

Meanwhile, I've heard for years that XMPP has solved a lot of the problems that lead more popular apps to fail.

Is it really just a marketing/UX/UI problem?

If XMPP had a killer app with all the features that Signal/Whatsapp/Telegram has, would it have as many users?

If not, why does it keep getting out-adopted by new apps and protocols?

Original question by @[email protected]

I'm looking to direct people to message me on >Signal, Matrix, etc. Any suggestions? Thanks in advance

EDIT: I decided on Mailbox.org!

I'd like to use a third-party client like Thunderbird to handle my e-mails, which rules out both Tuta and Proton (I know Proton has their bridge, but I don't want to rely on it). I'm willing to compromise on my e-mails not being encrypted, as long as the e-mail provider has a reputation of caring about the customer's privacy. If I truly want to encrypt a message, I'll encrypt it myself. I've been looking at Mailbox.org, and while I've been hearing good things, people have also been complaining about their lack of support, outdated interface as well as that they don't enforce DKIM/DMARC which enables spoofing.

I would like to be able to use my own custom domain, but also to use their own domain for my e-mail aliases. EU-based only.

Any thoughts?

Some good info for those getting started and to share with those who are now taking interest.