Privacy

What is DNS4EU? DNS4EU is an initiative by the European Commission that aims to offer an alternative to the public DNS resolvers currently dominating the market. Supported by the European Union Agency for Cybersecurity (ENISA), the European Union's DNS4EU secure-infrastructure project provides a protective, privacy-compliant, and resilient DNS service to strengthen the EU’s digital sovereignty and enhance digital security for European Union citizens, governments, and institutions.

The program provides robust DNS security for public institutions and their employees, ministries, local governments or municipalities, healthcare, education, and other critical services such as telecommunications providers. By working with the latter, for example, it ensures DNS resolution service for all of a telco’s customers, with minimum manual overhead for their teams.

Additionally, the DNS4EU solutions aid organizations in complying with regulatory requirements (such as GDPR) to keep data within European borders.

As these organizations often face challenges to independently developing and maintaining high-level cybersecurity measures (such as election cycles or funding), the DNS4EU project solves these challenges by providing a Europe-based, centralized, scalable solution to ensure the highest standards of security and privacy, compliant with EU regulations.

Push notification data can sometimes include the unencrypted content of notifications. Requests include from the U.S., U.K., Germany, and Israel.

Apple provided governments around the world with data related to thousands of push notifications sent to its devices, which can identify a target’s specific device or in some cases include unencrypted content like the actual text displayed in the notification, according to data published by Apple. In one case, that Apple did not ultimately provide data for, Israel demanded data related to nearly 700 push notifications as part of a single request.

The data for the first time puts a concrete figure on how many requests governments around the world are making, and sometimes receiving, for push notification data from Apple.

The practice first came to light in 2023 when Senator Ron Wyden sent a letter to the U.S. Department of Justice revealing the practice, which also applied to Google. As the letter said, “the data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification.”

The published data relates to blocks of six month periods, starting in July 2022 to June 2024. Andre Meister from German media outlet Netzpolitik posted a link to the transparency data to Mastodon on Tuesday.

For example, according to the data, the U.S. made 99 requests for push token data related to 345 different push tokens, and received data in response to 65 of the requests between July and December 2023. The U.K. made 123 requests, about 128 tokens, and received data in response to 111 requests in the same time period. Germany was the only other country to receive data, which was in response to 5 of the country’s requests. The Netherlands and France also requested data but did not receive any.

Israel made a single push notification data request in that time period, but it related to 694 push tokens, according to the data. Representatives of the Israeli government did not respond to a request for comment, and neither did Apple.

In another stretch of time, from January to June 2024, the U.K. received data in response to 127 requests, and the U.S. got data from 36. Germany did successfully receive some data during that period. Singapore has also made requests for data but has not received any, according to the transparency report.

Along with the data Apple published the following description: “Push Token requests are based on an Apple Push Notification service token identifier. When users allow a currently installed application to receive notifications, a push token is generated and registered to that developer and device. Push Token requests generally seek identifying details of the Apple Account associated with the device’s push token, such as name, physical address and email address.”

404 Media previously published a U.S. court record which sought access to push notification data.

In December 2023, Apple said it started to require a judge’s order to hand over push notification data. Before that, it was available with a subpoena.

About the author

Joseph is an award-winning investigative journalist focused on generating impact. His work has triggered hundreds of millions of dollars worth of fines, shut down tech companies, and much more.

I hate everything about this

cross-posted from: https://lemmy.sdf.org/post/35993881

[...]

Under draft legislation that the State Duma approvedat first reading on May 22, 2025, a bill will require banks and merchants to facilitate digital ruble transactions and a universal QR payment code for purchases. Beginning October 1, 2025, the digital ruble will be used for a limited range of federal budget expenditures, transitioning on January 1, 2026, to full, unrestricted use for all federal outlays.

[...]

Kremlin financiers will track every digital ruble transaction in real time, granting authorities the power to block citizens’ accounts without a court order and automatically deduct taxes, fines, and other charges. Social benefits payable in digital rubles will be usable only for government‐approved categories of goods and services, and spending may be restrictedbased on a citizen’s place of residence or product type.

[...]

Critics—from human rights groups to economic analysts—argue the digital ruble will entrench state surveillance. According to The Cryptonomist, Russia’s CBDC may replicate China’s model of monitoring every transaction, but with even tighter Kremlin oversight. Ukrainian intelligence observers highlight the risk of a “behavioral loyalty” system, where digital currency access depends on citizens’ political and social “reliability.”

Previously, it was reported that Latvia’s Defense Intelligence and Security Service released a 48-page public handbook designed to help civilians identify and report suspected Russian operatives. The guide details indicators such as ragged appearance and suspicious behavior, offers safe reporting practices, and includes case studies illustrating espionage tactics in both urban and rural settings.

[...]

cross-posted from: https://lemmy.sdf.org/post/35972832

Native Android apps – including Facebook, Instagram, and several Yandex apps such as Maps, Navi, Browser, and Search – silently listen on fixed local ports on mobile devices to de-anonymize users’ browsing habits without consent, says a report published by a team of researchers from Spain-based IMDEA Networks Internet Analytics Group, and Dutch Radboud University.

Here is the technical report: https://localmess.github.io/

By embedding tracking code into millions of websites, Meta’s Pixel and Yandex Metrica have been able to map Android users’ browsing habits with their persistent identities (that is to say, with the account holder logged in). This method bypasses privacy protections offered by Android’s permission controls and even browsers’ Incognito Mode, affecting all major Android browsers. The international research team has disclosed the issue to several browser vendors, who are actively working on mitigations to limit this type of abuse. For instance, Chrome’s mitigation is scheduled to go into effect very soon.

These tracking companies have been doing this bypass for a long time: since 2017 in the case of Yandex, and Meta since September 2024. The number of people affected by this abuse is high, given that Meta Pixel and Yandex Metrica are estimated to be installed on 5.8 million and 3 million sites, respectively. It is also worth noting that evidence of this tracking practice has been observed only on Android.

[...]

Police and federal agencies have found a controversial new way to skirt the growing patchwork of laws that curb how they use facial recognition: an AI model that can track people using attributes like body size, gender, hair color and style, clothing, and accessories.

Archived

TikTok introduced a slew of new advertiser tools at the company’s annual advertiser summit on June 3rd. The new products range from AI-powered ad tools to new features connecting creators and brands, but the overall picture is clear: advertiser content on TikTok is about to become much more tailored and specific.

The company will give brands precise details about how their target audience is using the platform — including AI-generated suggestions on ads to run. Using a tool called Insight Spotlight, advertisers will be able to sort by user demographics and industry to see what videos users in the target group are watching and what keywords are associated with popular content. In an example provided by TikTok, an AI-generated suggestion recommends that a brand “produce video content focused on ‘hormonal health’ for female, English-speaking users” and to include a specific keyword. Another feature in Insight Spotlight analyzes users’ viewing history to identify types of content that are bubbling up.

[...]

A translation of this article with a few (minor additions). I could not find an English-language article. The original article has informative illustrations.

“Archive.Today” is a popular website for access to paid media content. Well-known domain names for the website are archive.is and archive.ph (and archive.md, archive.fo, archive.li, archive.vn).

What many users do not know: The website provides users' data to Russia.

The data goes to Mail.ru and thus to the Russian Internet company VK. A look at the website with Webbkoll shows the following Russian domain names:

• privacy-cs.mail.ru
• r.mradx.net
• rs.mail.ru
• top-fwz1.mail.ru

First and foremost, top-fwz1.mail.ru/js/code.js is integrated. Further code from Russia is then loaded.

The following applies to Russian Internet companies:

“Russia demands unconditional cooperation and extensive control options from its flourishing IT economy. It is not just about the full possession of the largest social network (VK) and the largest payment service (Mail.ru), but in the case of Yandex also to influence the entire output of Yandex News.

The data collected show which Paywall content is particularly popular in western media, but could also provide insight about their users. One can speculate about the importance of such data in the hybrid Russian war against Europe and the rest of the West.

(the following part is about the most common originating news sites in Switzerland that are to be archived. It refers to the above mentioned paywall content)

Incidentally (and in addition), anyone who pays for the paid media content must (also) expect for user data to go to Russia:

«Until recently, Ringier sent - thanks to these cookies - the IP addresses of "Blick" readers to the Russian tech company Yandex. […] Yandex is also listed at «20 Minuten». The free news portsal of the TX Group also works with the platform of the Interactive Advertising Bureau. […] The NZZ also sent data to the east. The traditional company on Falkenstrasse has integrated dozens of trackers, including from Yandex and also from Rutarget, an advertising company that belongs to the Russian Sberbank, is fully controlled by the state and is on the sanction list of the United States. »

The operators of «Archive.Today» do not open their identity. Neither an impressum nor a data protection declaration can be found on the website.

“Liberapay” in France should be able to say who operates “archive.today”. If you click on the "Donate" button at "Archive.Today", you will be forwarded to the donation platform "Liberapay".

A (more) reputable alternative is the Internet Archive at Archive.org, best known for the archiving of websites at web.archive.org.

Posted to [email protected], [email protected] and [email protected]

edit 2 days later:

I'm aware this isn't the biggest smoking gun ever. But this particular service is in such widespread use that I feel it's important to shine a light on it.

Of course any post with certain keywords in the title will attract weird commentary, but I think you'll find that even the most contrary ones do not dispute the facts outlined in the article - just try to play them down, or ridicule them.

It's free, it has fast servers, it doesn't ask questions of you. It's a godsent!

By embedding tracking code into millions of websites, Meta’s Pixel and Yandex Metrica have been able to map Android users' browsing habits with their persistent identities (that is to say, with the account holder logged in). This method bypasses privacy protections offered by Android's permission controls and even browsers' Incognito Mode, affecting all major Android browsers. The international research team has disclosed the issue to several browser vendors, who are actively working on mitigations to limit this type of abuse. For instance, Chrome's mitigation is scheduled to go into effect very soon.

These tracking companies have been doing this bypass for a long time: since 2017 in the case of Yandex, and Meta since September 2024. The number of people affected by this abuse is high, given that Meta Pixel and Yandex Metrica are estimated to be installed on 5.8 million and 3 million sites, respectively. It is also worth noting that evidence of this tracking practice has been observed only on Android.

cross-posted from: https://lemmy.sdf.org/post/35817780

Archived

TikTok has launched a High Court challenge to a €530m fine imposed on it by the Data Protection Commission (DPC).

It is the latest legal attempt by Big Tech to overturn penalties imposed by the Irish privacy regulator. Of the more than €4bn in fines levied on companies including Meta and Amazon, only €20m has been paid so far.

The other penalties are being challenged in the Irish courts. There is no date set for any of the hearings, as a decision is awaited from the European Court of Justice on a key legal point.

[...]

“TikTok failed to verify, guarantee and demonstrate that the personal data of European Economic Area (EEA) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” DPC deputy commissioner Graham Doyle said at the time.

“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”

[...]

In a further “serious development”, the DPC noted that, throughout its inquiry, TikTok had said it did not store EEA user data on servers in China. However, in April it told the regulator that, two months earlier, it discovered that “limited” data had in fact been stored on Chinese servers.

“TikTok informed the DPC that this discovery meant it had provided inaccurate information to the inquiry,” the regulator pointed out. The DPC is currently engaging with other European data regulators on that issue.

In a chilling sign of how far law enforcement surveillance has encroached on personal liberties, 404 Media recently revealed that a sheriff’s office in Texas searched data from more than 83,000 automated license plate reader (ALPR) cameras to track down a woman suspected of self-managing an abortion. The officer searched 6,809 different camera networks maintained by surveillance tech company Flock Safety, including states where abortion access is protected by law, such as Washington and Illinois. The search record listed the reason plainly: “had an abortion, search for female.”

cross-posted from: https://lemmy.ml/post/30792652

Support for Windows 10 ends on October 14, 2025. Microsoft wants you to buy a new computer. But what if you could make your current one fast and secure again?

If you bought your computer after 2010, there's most likely no reason to throw it out. By just installing an up-to-date Linux operating system you can keep using it for years to come.

Installing an operating system may sound difficult, but you don't have to do it alone. With any luck, there are people in your area ready to help!

5 Reasons to upgrade your old computer to Linux:

1. No New Hardware, No Licensing Costs
2. Enhanced Privacy
3. Good For The Planet
4. Community & Professional Support
5. Better User Control

cross-posted from: https://lemmy.bestiver.se/post/410276

Mullvad Leta

Comments

US immigration authorities are collecting and uploading the DNA information of migrants, including children, to a national criminal database, according to government documents released earlier this month.

The database includes the DNA of people who were either arrested or convicted of a crime, which law enforcement uses when seeking a match for DNA collected at a crime scene. However, most of the people whose DNA has been collected by Customs and Border Patrol (CBP), the agency that published the documents, were not listed as having been accused of any felonies. Regardless, CBP is now creating a detailed DNA profile on migrants that will be permanently searchable by law enforcement, which amounts to a “massive expansion of genetic surveillance”, one expert said.

The DNA information is stored in a database managed by the FBI called the Combined DNA Index System (Codis), which is used across the country by local, state and federal law enforcement to identify suspects of crimes using their DNA data.

Wired first reported the practice and the existence of these documents, and estimates there are more than 133,000 migrant teens and children whose DNA has been collected and uploaded to Codis. One of them was just four years old.

OC by @[email protected]

The password managers are: KeepassDX (Far Left), KeepassXC (PC version of local), Proton Pass (Better privacy) and Bitwarden (Far Right). Please note that bitwarden does some data collection. See their privacy policy here and their privacy spy rating here.