So, I found some Firefox forks. Those would be: floorp, zen browser, tor browser and librewolf. Could anyone help me decide which one to use?

In the absence of privacy-focused ROMs for my tablet, I settled on flashing an AOSP GSI without Google apps. TrebleDroid to be specific, which is essentially vanilla AOSP, but with some additional drivers to maximize compatibility. Compared to privacy-focused ROMs like GrapheneOS, what exactly does AOSP send back to Google?

before buying expensive routers check OpenWRT's table of hardware and buy one that is supported by the current OpenWRT release and has decent specs. There is a detailed installation guide for each supported device in the wiki too so there are no excuses it's dead simple. Free yourself from stupid hardware manufacturers and their planed obsolescence products.

• Edit: also here is the new version of the table of hardware with more details They seem to have buyers guide too in the wiki.
• Edit2: seems like GL.iNet devices ship with OpenWRT out of the box with their GUI on top and you still have access to openwrt under the hood if you need it which sounds awesome so look into them if you're interested. Thanks you guys who brought them up.
• Edit3: there is firewall sulotion called OPNSense which is not limited to commercial routers like OpenWRT and can be run on any x86 hardware of your choice (like N100 mini pcs) so look into it if you're interested. Many thanks to the guys who contributed in the comments
• Edit4: Sorry for the multiple edits but some of you guys suggest some fantastic insights that I had to add. Anyways here is a list of good candidate devices for hassle free installation and yet powerful enough hardware from OpenWRT's Forum
• I promise it's gonna be the last Edit. OpenWRT has a official device they made themselves called OpenWRT ONE (I think the second one is also in the works). It hase good specs for home network and you support the project too. Here is the link to official Retailers

Has anyone tried Saily? (https://saily.com/) It claims to be an app to easily setup international eSIMs.

I am curious about its setup process and the information they collect. Can you sign up without the app? How about the app on a separate user profile (android)? Do they require ID to signup (or similar)?

It is a part of NordVPN, which gives some confidence that it is not a scam, however Nord doesn't have a good reputation for privacy, but neither do SIM's in general.

Is it worth bothering with anything like Saily for travel, or does the tried and true pre-paid SIM's?

I realized I was at risk by having smart devices on my normal network, so decided to move them to my guest network.

I don't like my smart tv, but it's all I have to work with for now. I want to keep it on my guest network, but still stream using jellyfin. I see on my netgear router there is an option to "let devices on guest network see other devices and access local network" which would probably allow it to see my jellyfin server, but then doesn't that defeat the point of a guest network? Maybe I need to learn what a reverse proxy is...jellyfin server is currently on windows (not my pc) but could move it to my linux pc if needed.

And yes, I plan to get a media center linux box in the future so I don't have to deal with the garbage smart tv os!

cross-posted from: https://lemmy.ml/post/30846701

The question is simple. I wanted to get a general consensus on if people actually audit the code that they use from FOSS or open source software or apps.

Do you blindly trust the FOSS community? I am trying to get a rough idea here. Sometimes audit the code? Only on mission critical apps? Not at all?

Let's hear it!

cross-posted from: https://rss.ponder.cat/post/193175

Thousands of home and small office routers manufactured by Asus are being infected with a stealthy backdoor that can survive reboots and firmware updates in an attack by a nation-state or another well-resourced threat actor, researchers said.

The unknown attackers gain access to the devices by exploiting now-patched vulnerabilities, some of which have never been tracked through the internationally recognized CVE system. After gaining unauthorized administrative control of the devices, the threat actor installs a public encryption key for access to the device through SSH. From then on, anyone with the private key can automatically log in to the device with administrative system rights.

Durable control

“‍The attacker’s access survives both reboots and firmware updates, giving them durable control over affected devices,” researchers from security firm GreyNoise reported Wednesday. “The attacker maintains long-term access without dropping malware or leaving obvious traces by chaining authentication bypasses, exploiting a known vulnerability, and abusing legitimate configuration features.”

Read full article

Comments

From Ars Technica - All content via this RSS feed

LLMs can be very useful for my personal life. How can I deal with this in the future?

• the quality highly depends on model, size, internet access, etc.
• They get seemingly more accurate over time

Personally, I can find information within a second. I can ask it which philosopher wrote about "free will" and it'll provide me a good chunk of information that sounds very plausible. Gemini is very impressive from a layman's perspective. llama is worse in this regard but still ok. It may only be good on the surface but I can ask it for the book as well and it'll provide me information. It will get better over time.

Google already knows a lot of stuff and now it will collect even more information about people. I caught myself asking it a philosophical thought of myself.

I was asking the computer. I was not judging an output of it. I was asking to judge my output.

I was asking the computer a philosophical question that has no clear answer. I evaluated the computer's output and was happy it told me that I was right.

I also do maths with a computer. I trust it, it is usually deterministic.

I've also asked it about medical advice, which sounded good.

Today, I wanted to ask it something else, and I was observing that I ask a computer a question. I'd need many minutes, many difficult minutes to think about it. I'd need to research more information, talk to people. But I chose to prompt it.

I realised that I would need to think about this and prompt a community to think about it to exchange information by (hopefully) humans.

Using llms, especially online llms, e.g. google, yield higher quality output than local llms in my experience, hence I'd like to use online llms. But I do not want to give every question I have to google. I do not want all of us giving everything to google. Am I overreacting? Fear of new technology?

It can save me a lot of time. "I could achieve more" by using it. could I really? wouldn't the ai achieve it for me? do i want the achievement anyway? Do I want to get a headstart with ai? I write code for a living. is there a huge difference in writing deterministic code and the probabilistic llm output?

Fear of missing out is kicking in.

I do not want to get left behind but I also do not want to give up my free will.

I do not want to lose my privacy (to google).

I do not want to lose my philosophical maturity, or at least what's left of it.

Fear of missing out is kicking in.

geteilt von: https://europe.pub/post/958415

cross-posted from: https://lemm.ee/post/65253750

Full text to avoid paywall

---

If you’ve left a comment on a YouTube video, a new website claims it might be able to find every comment you’ve ever left on any video you’ve ever watched. Then an AI can build a profile of the commenter and guess where you live, what languages you speak, and what your politics might be.

The service is called YouTube-Tools and is just the latest in a suite of web-based tools that started life as a site to investigate League of Legends usernames. Now it uses a modified large language model created by the company Mistral to generate a background report on YouTube commenters based on their conversations. Its developer claims it's meant to be used by the cops, but anyone can sign up. It costs about $20 a month to use and all you need to get started is a credit card and an email address.

The tool presents a significant privacy risk, and shows that people may not be as anonymous in the YouTube comments sections as they may think. The site’s report is ready in seconds and provides enough data for an AI to flag identifying details about a commenter. The tool could be a boon for harassers attempting to build profiles of their targets, and 404 Media has seen evidence that harassment-focused communities have used the developers' other tools.

YouTube-Tools also appears to be a violation of YouTube’s privacy policies, and raises questions about what YouTube is doing to stop the scraping and repurposing of peoples’ data like this. “Public search engines may scrape data only in accordance with YouTube's robots.txt file or with YouTube's prior written permission,” it says.

To test the service, I plugged a random YouTube commenter into the system and within seconds the site found dozens of comments on multiple videos and produced an AI-generated paragraph about them. “Possible Location/Region: The presence of Italian language comments and references to ‘X Factor Italia’ and Italian cooking suggest an association with Italy,” the report said.

“Political/Social/Cultural Views: Some comments reflect a level of criticism towards interviewers and societal norms (e.g., comments on masculinity), indicating an engagement with contemporary cultural discussions. However, there is no overtly political stance expressed,” it continued.

According to the site, it has access to “1.4 billion users & 20 billion comments.” The dataset is not complete; YouTube has more than 2.5 billion users.

Youtube-Tools launched about a week ago and is an outgrowth of LoL-Archiver. There’s also nHentai-Archiver, which can give you a comprehensive comment history of a user on the popular adult manga sharing site. Kick-Tools can produce the chat history or ban history of a user on the streaming site Kick. Twitch-Tools can give you the chat history for an account sorted by timestamp and sortable by all the channels they interact on.

Twitch-Tools only monitors a channel that users have specifically requested it to monitor. As of this writing, the website says it is monitoring 39,057 Twitch channels. For example, I was able to pull a username from a popular Twitch stream, plug it into the tool and then track every time that user had made a comment on another one of the tracked channels.

Reached for comment, the developer of these tools didn’t dance around the reason they built them. “The end goal of people tracking Twitch channels would certainly be to gather information on specific users,” they said.

Twitch did not respond to 404 Media’s request for comment, and YouTube acknowledged a request but did not provide a statement in time for publication. But I spoke with someone in control of a contact email address listed on the LoL-Archiver’s “about” page. They said they’re based in Europe, have a background in OSINT, and often partnered with law enforcement in their country. “I decided I launched [sic] these tools in the first place as a project to build the tool that could be use by LEAs [law enforcement agencies] and PIs [private investigators.]”

According to the developer, they’ve provided the tool to cops in Portugal, Belgium, and “other countries in Europe.” They told 404 Media that the website is meant for private investigators, journalists, and cops.

“To prevent abuses [sic] we only allow the website to people with legitimate purposes,” they said. I asked how the site vets users. “We ask the users to accept our Terms of Use and do targeted KYC [know your customer] requests to people we estimate have an illegitimate reason to use our website. If we find that a user doesn't have a legitimate purpose to use our service according to our terms of use, we reserve the right to terminate that user's access to our website.”

The site’s Terms of Service makes this explicit in the first paragraph. “The Service is distributed only to licensed professional investigators and law enforcement. Non-professional individuals are not allowed to subscribe to the Service,” it says.

But YouTube-Tools is a “grant access first ask for proof later” kind of website. 404 Media was able to set up an account and begin browsing information in minutes after paying for a month of the service with a credit card. It didn’t ask me any questions about how I planned to use the service nor did it need any other information about me.

I asked the developer for an example of a time they had removed someone from the platform. They said they’d removed a client a few weeks ago after they realized the email the client used to obtain their license was “temporary.” The developer said they reached out to the client to ask why they wanted the tool and didn’t get a response. “They ignored us, and we therefore reported the issue to Stripe and terminated their access.”

The AI summaries are new and only exist for the YouTube tools. “The AI summary is to provide points of interest, so that an investigator doesn't have to go through the (potentially) thousand [sic] of comments,” the developer said. “This summary is not to replace the research and investigation process of the investigator, but to give clues on where they can start looking at first.”

I asked them about the possible privacy violations the tool presents and the developer acknowledged that they’re real. “But we try to limit them during [our] vetting process,” they said. Again, I was able to sign up for the site with a credit card and an email. I was not vetted.

“I also believe that the tool can be a very valuable source of information for professionals such as police agencies, private investigators, journalists,” the developer said. “That is why we currently offer free access to police agencies requesting it, and have offered [it] to several agencies already. If someone wants to remove any information that the tools has archived they can make a formal request to us, to which we will comply, as we've always done.”

Scraping public data is a big problem. Last month, researchers in Brazil published a dataset built from 2 billion Discord messages they’d pulled from publicly available servers. Last year, Discord shut down a service called Spy Pet that’s similar to YouTube-Tools.

cross-posted from: https://lemmy.bestiver.se/post/410276

Mullvad Leta

Comments

I have an older Sony TV which has (what I can only guess to be) Google's Android TV app installed on it. I'm sick of getting new recommendations from Amazon and Disney+ and all those services. Is there a way to strip it down bare bones and get everything I need from another app repo - kinda like with Graphene vs Android?

cross-posted from: https://lemmy.ml/post/30792652

Support for Windows 10 ends on October 14, 2025. Microsoft wants you to buy a new computer. But what if you could make your current one fast and secure again?

If you bought your computer after 2010, there's most likely no reason to throw it out. By just installing an up-to-date Linux operating system you can keep using it for years to come.

Installing an operating system may sound difficult, but you don't have to do it alone. With any luck, there are people in your area ready to help!

5 Reasons to upgrade your old computer to Linux:

1. No New Hardware, No Licensing Costs
2. Enhanced Privacy
3. Good For The Planet
4. Community & Professional Support
5. Better User Control

cross-posted from: https://lemmy.ml/post/30717996

Amazon and PayPal being out of the running of course. FWIW, I think Mullvad uses Stripe . . . 🤔

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

The European Comission is looking for feedback on forcing retention of metadata from all communication services for "a reasonable period of time", for purposes of criminal investigation!

Which means encrypted messaging without a backdoor would be illegal if this passes! That's a slippery slope!

That basically means an attacker with some skill could read any data from anyone (correct me if I'm wrong but I think you can infer the content from the metadata in 90% of cases)

For more detail on why it's bad, click the link below and read literally any feedback comment.

Go ahead and give some feedback! You can do so even if you are not an EU citizen!

https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14680-Impact-assessment-on-retention-of-data-by-service-providers-for-criminal-proceedings-/_en
@soatok @echo_pbreyer @privacy @technology
#Europe #privacy #encryption

If I should, are there ways I could install such apps with a spoofed Device ID or something like that?

I'm finding alternatives for Discord/Twitter/Reddit very easily but still on the search for a Facebook alternative, anyone who didn't quit Facebook yet know how shitty their feed is now bloated with things not related to your friends but it was good before, it wasn't just about "posting", things like being able to create pages, join communities/groups (private and public), events calendar, optional geotagging, tagging people on photos

geteilt von: https://feddit.org/post/13109300

via @[email protected]:

The #UnplugTrump series is now in English – spread the word and let it roll like a wave across the Fediverse! 🌊 👇

https://www.kuketz-blog.de/unplugtrump-free-yourself-digitally-from-trump-and-big-tech/

#UnplugTrump #privacy #security #GAFAM"

https://social.tchncs.de/@kuketzblog/114572938988438124

When i was considerong buying a fairphone, fairphones with e/os came up and wondered if it was a good option for privacy.

I do not like pixels, and would love nothing to do with that phone. I prefer my one plus and if i can keep that still have my privacy, that would be nice.

E/os can be put on different android phones my one plus included.

Hello, I have a Pixel 8A GrapheneOs phone. I Want to make this a Safe phone. A privacy friendly phone. Basically I want to strip any/all tracking features of this phone, whilst making it hard against any adversaries to monitor me/track me, or watch my phone or its activities.

Not doing anything wrong, just want to know what are my best moves with this phone.

What VPN should I use on this phone?

The threat actor is mostly local feds, and doing what's necessary to stop them getting grips of surveillance.

Thank you.

Archived URL (Wayback Machine) - Original URL (in case of Wayback Machine downtime)

A small portion of the article:

At the end of May, Meta will start using Europeans’ data to train its AI. Here is how you can exercise your rights and prevent it.

Instagram and Facebook users in Europe will soon have their data and posts used by parent company Meta to train its artificial intelligence (AI) models.

Europeans have until May 27 to restrict Meta from using their data, the date when the company will start using Europe’s data.

It's no secret that we trade our information for access to the Internet. So what do you prefer a subscription based Internet with privacy protection or a free internet with companies allowed to take and sell your data