Firefox maker Mozilla deleted a promise to never sell its users' personal data and is trying to assure worried users that its approach to privacy hasn't fundamentally changed. Until recently, a Firefox FAQ promised that the browser maker never has and never will sell its users' personal data. An archived version from January 30 says:

Does Firefox sell your personal data?

Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That's a promise.

That promise is removed from the current version. There's also a notable change in a data privacy FAQ that used to say, "Mozilla doesn't sell data about you, and we don't buy data about you."

The data privacy FAQ now explains that Mozilla is no longer making blanket promises about not selling data because some legal jurisdictions define "sale" in a very broad way:

Mozilla doesn't sell data about you (in the way that most people think about "selling data"), and we don't buy data about you. Since we strive for transparency, and the LEGAL definition of "sale of data" is extremely broad in some places, we've had to step back from making the definitive statements you know and love. We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).

Mozilla didn't say which legal jurisdictions have these broad definitions.

Hot off the back of its recent leadership rejig, Mozilla has announced users of Firefox will soon be subject to a ‘Terms of Use’ policy — a first for the iconic open source web browser.

This official Terms of Use will, Mozilla argues, offer users ‘more transparency’ over their ‘rights and permissions’ as they use Firefox to browse the information superhighway — as well well as Mozilla’s “rights” to help them do it, as this excerpt makes clear:

You give Mozilla all rights necessary to operate Firefox, including processing data as we describe in the Firefox Privacy Notice, as well as acting on your behalf to help you navigate the internet.

When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

Also about to go into effect is an updated privacy notice (aka privacy policy). This adds a crop of cushy caveats to cover the company’s planned AI chatbot integrations, cloud-based service features, and more ads and sponsored content on Firefox New Tab page.

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.

She made the claims in an interview with Swedish media SVT Nyheter which reported the government could legislate for a so-called E2EE backdoor as soon as March 2026. It could bring all E2EE messenger apps like Signal, WhatsApp, iMessage, and others into scope.

Whittaker said there is no such thing as a backdoor for E2EE "that only the good guys can access," however.

"Either it's a vulnerability that lets everyone in, or we continue to uphold strong, robust encryption and ensure the right to privacy for everyone. It either works for everyone or it's broken for everyone, and our response is the same: We would leave the market before we would comply with something that would catastrophically undermine our ability to provide private communications."

Sweden launched an investigation into its data retention and access laws in 2021, which was finalized and published in May 2023, led by Minister of Justice Gunnar Strömmer.

Strömmer said it was vital that law enforcement and intelligence agencies were able to access encrypted messaging content to scupper serious crime – the main argument made by the UK in pursuing its long-term ambition to break E2EE.

The inquiry made several proposals to amend existing legislation, including the recommendation that encrypted messaging must store chat data for up to two years and make it available to law enforcement officials upon request.

It would essentially mirror the existing obligation for telecoms companies to provide call and SMS data to law enforcement, as is standard across many parts of the developed world, but extend it to encrypted communications providers.

Hello everyone!

I was wondering what solutions people have for Calendar syncing that are not Proton / Tuta.

Specifically, I was wondering what E2EE options are available that are ideally cross-platform as well.

The main reason why I ask is I am frankly frustrated with how both Tuta and Proton rely on their own apps, and don't necessarily integrate well with all operating systems. Especially with Proton's growing suite of apps, it feels like they are in some ways creating their own walled garden. While it is at this time a better privacy option than the conventional options, it is still a situation that feels like a vendor lock-in situation.

Any suggestions would be greatly appreciated, including those that require a self-hosted server :)

Proton: “We’re consolidating our social media presence due to limited resources and no longer posting on Mastodon. Follow us on Reddit for the latest updates”

cross-posted from: https://lemmy.ca/post/39305551

I recently transferred one of my domains over to Combell (a registrar based in Belgium), and they gave me an email inbox under my domain as part of the package. However, I’m wondering if it’s trustworthy.

If it isn’t, I can set the registrar to redirect mail to the Posteo alias I currently use for the site. However, it would be convenient to be able to use this inbox.

I would, of course, be using PGP encryption when possible (although in practice this is infrequent).

Any thoughts?

cross-posted from: https://lemmy.dbzer0.com/post/37583822

First I'm hearing of ObscuraVPN at least, but it does seem to be a very new player in the market. However from reading through their website and Github. This service does look very promising! Though it is slightly more expensive than Mullvad.

Anyone had the chance to test their service yet? Does it seem interesting to you? Let's discuss.

Does anyone know a nice iOS mail client app? Preferably open-source.

I don't really care about E2EE, PGP.., and it should have notifications. Best thing would be that I can self-host the notifications server OR have a notifications server running that's open-source (so Canary Mail it out of the question)

I want another client that isn't Apple Mail also

So far I found Preside but sadly it isn't open-source

Whatsapp is privacy invasive, and we likely know that even when using E2EE, this is possible due to metadata tracking.

An easy way to avoid one creepy thing, contact scanning and the creation of "who knows whom" social nets, is to not grant apps permission to your contacts!

But this is not easy, as apps often enforce this, just as they do with

• embedded cameras instead of using the system camera
• embedded galleries instead of the 2 available portals (but Google will soon forbid that)
• asking for unneeded permissions

Only GrapheneOS also allows blocking these permissions

• sensors
• internet
• loading code from memory i.e. from the internet (why would they do that? Is there something they want to hide?)
• debugging their own code to spy on the system behavior

But this app can help everyone on any Android to at least fix this :)

TLDR: He does not recommend CalyxOS and gave it a score of 3/10

cross-posted from: https://lemmy.dbzer0.com/post/36880616

Help Combat Internet Censorship by Running a Snowflake Proxy (Browser or Android)

Internet censorship remains a critical threat to free expression and access to information worldwide. In regions like Iran, Russia, and Belarus, journalists, activists, and ordinary citizens face severe restrictions when trying to communicate or access uncensored news. You can support their efforts by operating a Snowflake proxy—a simple, low-impact way to contribute to a freer internet. No technical expertise is required. Here’s how it works:

What Is Snowflake?

Snowflake is a privacy tool integrated with the Tor network. By running a Snowflake proxy, you temporarily route internet traffic for users in censored regions, allowing them to bypass government or institutional blocks. Unlike traditional Tor relays, Snowflake requires minimal bandwidth, no configuration, and no ongoing maintenance. Your device acts as a temporary bridge, not a permanent node, ensuring both safety and ease of use.

Is This Safe for Me?

Short answer: Yes.

Long answer: pobably. Here is why:

• Your IP address is not exposed to the websites they access. So, you don't have to worry about what they are doing either. You are not an exit node.
• No activity logs. Snowflake cannot monitor or record what users do through your connection. The only stored information is how many people have connected to your bridge. Check docs for further info on this.
• Low resource usage. The data consumed is comparable to background app activity—far less than streaming video or music.
• No direct access to your system
• No storage of sensitive data. Snowflake proxies do not store any sensitive data, such as IP addresses or browsing history, on your system.
• Encrypted communication. All communication between the Snowflake proxy and the Tor network is encrypted, making it difficult for attackers to intercept or manipulate data.

You are not hosting a VPN or a full Tor relay. Your role is limited to facilitating encrypted connections, similar to relaying a sealed envelope.

Your IP address is exposed to the user (in a P2P-like connection). Be mindful that your ISP could also potentially see the WebRTC traffic and the connections being made to it (but not the contents), so be mindful of your threat model.

For most users, it is generally safe to run Snowflake proxies. Theoretically, your ISP will be able to know that there are connections being made there, but to them it will look like you're calling someone on, say, Zoom.

Historically, as far as we know, there haven't been any cases of people getting in legal trouble for running entry relays, middle relays, or bridges. There have a been a few cases of people running exit nodes and getting in trouble with law enforcement agencies, but none of them have been arrested or prosecuted as far as I know it. If you are aware of any cases, let me know so I can update this post.

Do not hesitate to check Snowflake's official documentation for further reference and to make informed decisions.

How to Set Up a Snowflake Proxy

Option 1: Browser Extension (Brave, Firefox, or Chrome)

1. Install the Snowflake extension.
2. Click the Snowflake icon in your browser toolbar and toggle "Enable Snowflake."
3. Keep the browser open. That’s all.

Note: Brave users can enable Snowflake directly in settings. Navigate to brave://settings/privacy and activate the option under "Privacy and security."

Option 2: Android Devices via Orbot

1. Download Orbot (Tor’s official Android app).
2. Open the app’s menu, select "Snowflake Proxy," and toggle it on.
3. For continuous operation, keep your device charged and connected to Wi-Fi.

Your device will now contribute as a proxy whenever the app is active.

Addressing Common Concerns

• Battery drain: Negligible. Snowflake consumes fewer resources than typical social media or messaging apps.
• Data usage: Most users report under 1 GB per month. Adjust data limits in Orbot’s settings or restrict operation to Wi-Fi if necessary.

Why Your Participation Matters

Censorship mechanisms grow more sophisticated every year, but tools like Snowflake empower ordinary users to counteract them. Each proxy strengthens the Tor network’s resilience, making it harder for authoritarian regimes to isolate their populations. By donating a small amount of bandwidth, you provide someone with a critical connection to uncensored information, education, and global dialogue.

Recent surges in demand—particularly in Russia—highlight the urgent need for more proxies. Your contribution, however small, has an impact.

By participating, you become part of a global effort to defend digital rights and counter censorship. Please, also be mindful of your threat mode and understand the potential risks (though very little for most people). Check Snowflake's official documentation for further reference and don't make any decisions based on this post before taking your time to read through it.

Please share this post to raise awareness. The more proxies, the stronger the network.

– llama

I'm looking for a tool that can help me keep track of what subscriptions I'm paying for. I don't really need extra functionality, I'm happy to cancel them manually. As someone who listens to podcasts, I've heard about Rocket Money, and it seems like it would get the job done. The question is: can I trust them with all of that data? Are there more privacy-respecting alternatives I should be considering?

Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor.

Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I’ll say today:

Don’t use Session.

We didn't like the VPN videos out there on the internet - so we made our own! Its now available to watch on PeerTube at the link above!

cross-posted from: https://lemmy.ca/post/35853890

So, for privacy and security reasons, I use a VPN. This is normally Mullvad (with DAITA and quantum resistance enabled), but I have ProtonVPN, Windscribe, and Orbot handy in case something doesn't work.

However, lately I've noticed my connections being blocked. This is across three different ISPs: Sky, Virgin, and Wifinity. I have tried all three VPNs and Orbot, and I have tried several protocols (WireGuard, OpenVPN, IKEv2, Stealth, and of course SOCKS5) to no avail.

The logical solution would be to use a bridge in Orbot, but the button seems to have been removed. Also, by using Orbot, I will not be protected by my DNS.

I am currently using iOS, but my other machines run Linux and I will be getting a GrapheneOS phone in the near future.

Can anyone help?