"Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session."

What encrypted messenger do you use most that isn't Zucking Meta's Whatsapp and Signal?

Edit Also, besides iMessage and RCS. Sorry thanks

/* */

Full text to bypass paywall:

A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details.

CBP, a part of the Department of Homeland Security (DHS), says it needs this data to support state and local police to track people of interest’s air travel across the country, in a purchase that has alarmed civil liberties experts.

The documents reveal for the first time in detail why at least one part of DHS purchased such information, and comes after Immigration and Customs Enforcement (ICE) detailed its own purchase of the data. The documents also show for the first time that the data broker, called the Airlines Reporting Corporation (ARC), tells government agencies not to mention where it sourced the flight data from.

“The big airlines—through a shady data broker that they own called ARC—are selling the government bulk access to Americans' sensitive information, revealing where they fly and the credit card they used,” Senator Ron Wyden said in a statement.

ARC is owned and operated by at least eight major U.S. airlines, other publicly released documents show. The company’s board of directors include representatives from Delta, Southwest, United, American Airlines, Alaska Airlines, JetBlue, and European airlines Lufthansa and Air France, and Canada’s Air Canada. More than 240 airlines depend on ARC for ticket settlement services.

Do you work at ARC or an agency that uses ARC data? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

ARC’s other lines of business include being the conduit between airlines and travel agencies, finding travel trends in data with other firms like Expedia, and fraud prevention, according to material on ARC’s YouTube channel and website. The sale of U.S. flyers’ travel information to the government is part of ARC’s Travel Intelligence Program (TIP).

A Statement of Work included in the newly obtained documents, which describes why an agency is buying a particular tool or capability, says CBP needs access to ARC’s TIP product “to support federal, state, and local law enforcement agencies to identify persons of interest’s U.S. domestic air travel ticketing information.” 404 Media obtained the documents through a Freedom of Information Act (FOIA) request.

A screenshot of the Statement of Work. Image: 404 Media.

The new documents obtained by 404 Media also show ARC asking CBP to “not publicly identify vendor, or its employees, individually or collectively, as the source of the Reports unless the Customer is compelled to do so by a valid court order or subpoena and gives ARC immediate notice of same.”

The Statement of Work says that TIP can show a person’s paid intent to travel and tickets purchased through travel agencies in the U.S. and its territories. The data from the Travel Intelligence Program (TIP) will provide “visibility on a subject’s or person of interest’s domestic air travel ticketing information as well as tickets acquired through travel agencies in the U.S. and its territories,” the documents say. They add this data will be “crucial” in both administrative and criminal cases.

A DHS Privacy Impact Assessment (PIA) available online says that TIP data is updated daily with the previous day’s ticket sales, and contains more than one billion records spanning 39 months of past and future travel. The document says TIP can be searched by name, credit card, or airline, but ARC contains data from ARC-accredited travel agencies, such as Expedia, and not flights booked directly with an airline. “[I]f the passenger buys a ticket directly from the airline, then the search done by ICE will not show up in an ARC report,” that PIA says. The PIA notes the data impacts both U.S. and non-U.S. persons, meaning it does include information on U.S. citizens.

“While obtaining domestic airline data—like many other transaction and purchase records—generally doesn't require a warrant, there's still supposed to go through a legal process that ensures independent oversight and limits data collection to records that will support an investigation,” Jake Laperruque, deputy director of the Center for Democracy & Technology's Security and Surveillance Project, told 404 Media in an email. “As with many other types of sensitive and revealing data, the government seems intent on using data brokers to buy their way around important guardrails and limits.”

CBP’s contract with ARC started in June 2024 and may extend to 2029, according to the documents. The CBP contract 404 Media obtained documents for was an $11,025 transaction. Last Tuesday, a public procurement database added a $6,847.50 update to that contract, which said it was exercising “Option Year 1,” meaning it was extending the contract. The documents are redacted but briefly mention CBP’s OPR, or Office of Professional Responsibility, which in part investigates corruption by CBP employees.

“CBP is committed to protecting individuals’ privacy during the execution of its mission to protect the American people, safeguard our borders, and enhance the nation’s economic prosperity. CBP follows a robust privacy policy as we protect the homeland through the air, land and maritime environments against illegal entry, illicit activity or other threats to national sovereignty and economic security,” a CBP spokesperson said in a statement. CBP added that the data is only used when an OPR investigation is open and the agency needs to locate someone related to that investigation. The agency said the data can act as a good starting point to identify a relevant flight record before then getting more information through legal processes.

On May 1, ICE published details about its own ARC data purchase. In response, on May 2, 404 Media filed FOIA requests with ICE and a range of other agencies that 404 Media found had bought ARC’s services, including CBP, the Secret Service, SEC, DEA, the Air Force, U.S. Marshals Service, TSA, and ATF. 404 Media found these by searching U.S. procurement databases. Around a week later, The Lever covered the ICE contract.

A screenshot of the Statement of Work. Image: 404 Media.

Airlines contacted by 404 Media declined to comment, didn’t respond, or deferred to either ARC or DHS instead. ARC declined to comment. The company previously told The Lever that TIP “was established after the Sept. 11 terrorist attacks to provide certain data to law enforcement… for the purpose of national security matters” and criminal investigations.

“ARC has refused to answer oversight questions from Congress, so I have already contacted the major airlines that own ARC—like Delta, American Airlines and United—to find out why they gave the green light to sell their customers' data to the government,” Wyden’s statement added.

U.S. law enforcement agencies have repeatedly turned to private companies to buy data rather than obtain it through legal processes such as search warrants or subpoenas. That includes location data harvested from smartphones, utility data, and internet backbone data.

“Overall it strikes me as yet another alarming example of how the ‘Big Data Surveillance Complex’ is becoming the digital age version of the Military-Industrial Complex,” Laperruque says, referring to the purchase of airline data.

“It's clear the Data Broker Loophole is pushing the government back towards a pernicious ‘collect it all’ mentality, gobbling up as much sensitive data as it can about all Americans by default. A decade ago the public rejected that approach, and Congress passed surveillance reform legislation that banned domestic bulk collection. Clearly it's time for Congress to step in again, and stop the Data Broker Loophole from being used to circumvent that ban,” he added.

According to ARC’s website, the company only introduced multifactor authentication on May 15.

turns out durov's bullshit is bullshit. huh.

this happens on a samsung galaxy android device. i have a foss keyboard set up and never use the samsung keyboard app.

whenever i copy text, the toast message flashes that samsung keyboard has pasted from my clipboard.

i cant find any option to control clipboard access. how does one turn this off altogether?

cross-posted from: https://lemmy.ml/post/31440973

The tool Lynis is an auditing tool used to audit Unix systems. Is it still relevant? Worth using?

It used to be fairly widely used years ago. Is it still worth its salt or are there other better options? Do you guys think it's needed at all with common sense now days.

I am currently using Obsidian. I like it; it is great. The graph is a bit of a gimmick but very rewarding. The formatting is easy. The search can be great and powerful, but Markdown can also be a letdown sometimes; it is just so limiting sometimes.

I think Obsidian is almost boring. It works, and my main gripe is syncing it to my phone. I have tried using Syncthing, but I often get clashes with versions of notes or even lose notes, even when using Syncthing versioning.

But then there is Notion. Let me first say, I have not used Notion at all. I made an account, saw all the great stuff, especially the database feature and all the APIs, but something felt off.

Of course, I researched the privacy of Notion and realised it is a complete dumpster fire.

My work is confidential; I really can't use something like Notion. But then, for my personal stuff, I also don't want AI to be trained on it or used for marketing to me or on me.

Are there alternatives to Notion that someone can recommend to me?

I've been interested in switching over to a phone that isn't a gold mine of my data for random companies etc. I've seen stuff for calyx, fair phone, graphene, and Linux phones. I'm curious as to how I would go about switching over. As of right now I use Android and mostly message through signal unless it's for work and I'm unfortunately on Verizon. Which privacy first smartphones would people recommend for US users and how does it work putting it on a network? Do they go on the regular networks like at&t, sprint, Verizon etc? Or do they have their own or privacy first networks? Sorry if these are dumb questions I'm just interested in switching and figured this would be a good place to find info.

Hey.

My phone is a Pixel 8A Graphene OS Phone. I Want to make this phone a Hardended phone. A safe phone. Privacy friendly phone. Not a Watched or tapped into phone. Basically limit the spying and intercepting and get control of the spying mechanisms that may be at play.

The phone has Sandboxed google.play services.

(grapheneos) and 1 profile (owner)

The phone has a kyc sim card. ( currently no way out)

Thanks.

Mullvad gives you a discount if you pay with crypto, and monero is supposed to be the private crypto. What is the best way to get Monero? I'm in Canada

https://mullvad.net/en/pricing

cross-posted from: https://lemmy.world/post/30825750

Skip Timestamp and Generated Summary below:

Video Description:

Award-winning investigative journalist Max Blumenthal, who has long spoken out against Israel’s genocidal war crimes in occupied Palestine, was recently detained by Customs and Border Protection officials at Washington Dulles International Airport after returning from a personal trip to Nicaragua.

The agent who stopped him mentioned catching a recent Blumenthal appearance on former judge Andrew Napolitano’s TV show.

Guest hosts Russell Dobular and Keaton Weiss discuss the experience with Blumenthal, and expand the conversation to address the harassment many others — some of whom are not even politically active — have faced when returning to the country from abroad.

Read Max's work at The Grayzone here: http://thegrayzone.com/

Follow Max on Twitter: / maxblumenthal

Follow Russell Dobular on Twitter: / russelldobular

Follow Keaton Weiss on Twitter: / thatkeaton

Due Dissidence on Substack: https://substack.com/@duedissidence

Skip Timestamp:

1. 28:47.000 - 28:59.549 Unpaid/Self Promotion

Generated Summary:

Main Topic: Increased scrutiny and harassment of travelers, particularly journalists and activists, by US Customs and Border Protection (CBP), especially those returning from countries deemed "high-risk" or with dissenting political views.

Key Points:

• Max Blumenthal's Experience: Blumenthal recounts being questioned by CBP upon returning from Nicaragua and anticipating similar or worse treatment upon returning from Iran. His contacts were more concerned about his treatment by the US government upon return than about Iran itself.
• Increased Border Scrutiny: The discussion highlights a trend of CBP targeting individuals for questioning, device seizure, and intelligence gathering, even without warrants, based on their travel history, political affiliations, or even their names.
• Erosion of Constitutional Rights at the Border: The video emphasizes that constitutional rights are diminished at international borders and airports, allowing CBP greater latitude in questioning and searching travelers.
• FBI Harassment: The FBI has been approaching journalists and scholars who have traveled to Iran for interviews without warrants.
• Advice for Travelers: The video advises travelers, especially those politically active or with perceived risk factors (e.g., Arab names, travel to certain countries), to prepare for potential device seizure and questioning. Suggestions include using burner phones, backing up data to the cloud, and understanding their rights (e.g., the right to remain silent without a warrant or lawyer).
• Israeli Influence: The discussion touches on the influence of Israeli security practices and training on US border security, leading to a perception of all citizens as potential threats.
• Immigration as a Pretext: The speakers argue that the focus on immigration is being used as a pretext to expand the security state and mass surveillance capabilities, even though deportation numbers are not necessarily increasing.
• Shock and Awe Deterrence: The detention and questioning of travelers, including international students, is seen as a "shock and awe" tactic intended to deter dissent and discourage travel to or from certain countries.
• Political Motivations: The Trump administration's actions are attributed to a desire to satiate its base's desire for revenge against foreigners and to create a political power base from anti-communist expats.

Highlights:

• Blumenthal's description of the CBP agent referencing his appearance on Judge Napolitano's show, suggesting political targeting.
• The anecdote about an activist declining an award in Canada due to fear of being unable to re-enter the US.
• The recommendation to use Graphine OS for enhanced phone security.
• The discussion of the Israeli security consultant training Boston's Logan Airport staff to profile travelers.
• The argument that the focus on immigration is a pretext for building a police state.

About Channel:

"I don't criticize Democrats cuz I side with Republicans, I criticize Democrats Cuz THEY side with Republicans.

Our fight is not Left/Right anymore, it is Us vs.Them.

We have 2 corporate party's that serve Wall St/War Machine/Corporations & crush everyone else. #UniParty @0rf"^[[1] https://twitter.com/jimmy_dore/status/1559374176904814594]

#TheJimmyDoreShow is a hilarious and irreverent take on news, politics and culture featuring Jimmy Dore, a professional stand up comedian, author and podcaster. The show is also broadcast on Pacifica Radio Network stations throughout the country.

“Jimmy Dore is outrageous and outraged, bothersome and bothered. A crucial, profane, passionate voice for progressives and free-thinkers in 21st century America. Jimmy will anger you if you’re a conservative and enrage you if you’re a liberal.”—Patton Oswalt

Edit:

1. Fixed Title, From "Is What Terrified People About My Trip to Iran!" To "This Is What Terrified People About My Trip to Iran!"

Receiving a spam call puts you in a bit of a dilemma, or at least it does for me: How do I deal with this call that doesn't alert the spammers that this is an active number that they can call again? Answering the call is obviously the wrong choice, but I always assume that rejecting the call outright will also be detected as a deliberate action and therefore a person is on the other side. Some people have suggested answering the phone but not talking, so they think it's a dead number, but I want something more definitive.

My idea is to have a "spam" button on the incoming call screen, that answers the call but doesn't connect the microphone. Instead it plays either the standard "the number you're dialing is not assigned, please check your number and try your call again" recording, or a fax/modem sound to make them think the phone number belongs to a machine and not a human.

Would this work? Or would they still be able to determine that the recording is spoofed by the phone itself? Does anything like this already exist?

cross-posted from: https://feddit.org/post/13725656

I'm getting a 403 error on Kagi when using Mullvad VPN. Can anyone confirm they're blocking VPN users now? I'll immediately cancel my Kagi subscription if this turns out to be the case.

An Italian parliamentary committee has confirmed that the government used the Israeli-made spyware Graphite, developed by the offensive cyber company Paragon, to hack the smartphones of several activists working with migrants.

The committee confirmed that Paragon provided Graphite to two Italian agencies, including the country's external intelligence service, starting in 2023. The version of Graphite provided did not include the ability to activate the phone's microphone or camera, the report said. Instead, it only enabled its operators access to encrypted communications on the hacked devices.

The report also confirmed that Graphite exploited a vulnerability in WhatsApp that Meta identified and patched in December 2024, one month before the spyware's activity was publicly disclosed. The vulnerability's discovery also caused "panic" at Israel's military intelligence Unit 8200, according to the recent Israeli television report.

I have 2nd hand pixel 8a with grapheneos and i havent putted sim card in it since i have it, in my country i have to have registered sim card, iam afraid of IMEI be linked with sim card and once i put it in im f**ked, the reason i need to put card is to verify bank which need sim card being in device.

I did some research but became dumb from too much information

(sorry for my english :D)

Edit: also i want to be private because of my feature, idk if i wont live in country where propaganda is normal

What is DNS4EU? DNS4EU is an initiative by the European Commission that aims to offer an alternative to the public DNS resolvers currently dominating the market. Supported by the European Union Agency for Cybersecurity (ENISA), the European Union's DNS4EU secure-infrastructure project provides a protective, privacy-compliant, and resilient DNS service to strengthen the EU’s digital sovereignty and enhance digital security for European Union citizens, governments, and institutions.

The program provides robust DNS security for public institutions and their employees, ministries, local governments or municipalities, healthcare, education, and other critical services such as telecommunications providers. By working with the latter, for example, it ensures DNS resolution service for all of a telco’s customers, with minimum manual overhead for their teams.

Additionally, the DNS4EU solutions aid organizations in complying with regulatory requirements (such as GDPR) to keep data within European borders.

As these organizations often face challenges to independently developing and maintaining high-level cybersecurity measures (such as election cycles or funding), the DNS4EU project solves these challenges by providing a Europe-based, centralized, scalable solution to ensure the highest standards of security and privacy, compliant with EU regulations.

I'm looking to get a card for general spending that's not tied to any account. Is a gift card the way to go? Are these reloadable?

Don't say cash - lots of places don't take cash any more.

If you were running a LLM locally on android through llama.cpp for use as a private personal assistant. What model would you use?

Thanks for any recommendations in advance.

A translation of this article with a few (minor additions). I could not find an English-language article. The original article has informative illustrations.

“Archive.Today” is a popular website for access to paid media content. Well-known domain names for the website are archive.is and archive.ph (and archive.md, archive.fo, archive.li, archive.vn).

What many users do not know: The website provides users' data to Russia.

The data goes to Mail.ru and thus to the Russian Internet company VK. A look at the website with Webbkoll shows the following Russian domain names:

• privacy-cs.mail.ru
• r.mradx.net
• rs.mail.ru
• top-fwz1.mail.ru

First and foremost, top-fwz1.mail.ru/js/code.js is integrated. Further code from Russia is then loaded.

The following applies to Russian Internet companies:

“Russia demands unconditional cooperation and extensive control options from its flourishing IT economy. It is not just about the full possession of the largest social network (VK) and the largest payment service (Mail.ru), but in the case of Yandex also to influence the entire output of Yandex News.

The data collected show which Paywall content is particularly popular in western media, but could also provide insight about their users. One can speculate about the importance of such data in the hybrid Russian war against Europe and the rest of the West.

(the following part is about the most common originating news sites in Switzerland that are to be archived. It refers to the above mentioned paywall content)

Incidentally (and in addition), anyone who pays for the paid media content must (also) expect for user data to go to Russia:

«Until recently, Ringier sent - thanks to these cookies - the IP addresses of "Blick" readers to the Russian tech company Yandex. […] Yandex is also listed at «20 Minuten». The free news portsal of the TX Group also works with the platform of the Interactive Advertising Bureau. […] The NZZ also sent data to the east. The traditional company on Falkenstrasse has integrated dozens of trackers, including from Yandex and also from Rutarget, an advertising company that belongs to the Russian Sberbank, is fully controlled by the state and is on the sanction list of the United States. »

The operators of «Archive.Today» do not open their identity. Neither an impressum nor a data protection declaration can be found on the website.

“Liberapay” in France should be able to say who operates “archive.today”. If you click on the "Donate" button at "Archive.Today", you will be forwarded to the donation platform "Liberapay".

A (more) reputable alternative is the Internet Archive at Archive.org, best known for the archiving of websites at web.archive.org.

Posted to privacy@lemmy.ml, privacy@lemmy.dbzer0.com and privacy@lemmy.world

edit 2 days later:

I'm aware this isn't the biggest smoking gun ever. But this particular service is in such widespread use that I feel it's important to shine a light on it.

Of course any post with certain keywords in the title will attract weird commentary, but I think you'll find that even the most contrary ones do not dispute the facts outlined in the article - just try to play them down, or ridicule them.

It's free, it has fast servers, it doesn't ask questions of you. It's a godsent!