Privacy

(Not sure if this is worldwide or only in some countries) Updating to iOS 26.4DB2 will put your phone into a parental-restricted mode with adult websites blocked on all browsers, warning prompts every time you try to send or receive an explicit image on a messaging app, and all social media apps blocked on the App Store (in Australia) The settings to disable this mode are locked off until you verify your age either with a credit card, photo ID, or though information Apple already has (like the age of your account). I’ve been an apple user my entire adult life but this might finally be the thing that forces me off the platform. Do any other long term apple users have some tips about migrating? I’ve heard Ashai Linux is pretty good on mac hardware these days and I’ve been thinking about GrapheneOS for a while.

What the title says. I’m trying to discern if using a number acquired and served through JMP for phone and text, versus a mobile carrier, provides a better data security and privacy experience. On the one hand I wouldn’t be subject to the almost yearly data breaches that a number of the carriers experience, nor their potential snooping. However on the other, I’m not sure if using JMP provides any increase in privacy or security on that front?

cross-posted from: lemmy.zip/post/60387352 cross-posted from : lemmy.zip/post/60387297 Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.

Let’s say I live under an oppressive regime (don’t we all?) How can I use social media anonymously, so I don’t face reprisals from the government? Mastodon, Lemmy, Reddit and other social media platforms restrict users who connect through TOR or a VPN. Is there any way I can create an account on these services and use them anonymously? Thanks in advance for any information and advice you can provide.

What a complete idiot. You create a protest email account linked to your credit card?

cross-posted from: lemmy.dbzer0.com/post/64875667 They are currently voting on amends to the regulation. The “Chat Control” proposal would legalise scanning of all private digital communications, including encrypted messages and photos. This threatens fundamental privacy rights and digital security for all EU citizens. fightchatcontrol.eu

Awesome…

I’m sorry, this topic is kinda USA centric. At least the details. Maybe not the core idea though. For the non-USA readers, KYC = know your customer.

I am soon to move to a new home for a job xfer. I wish I could do it privately. I had a stalker who broke into my home. I am still apprehensive and tense even though it was years ago. It feels impossible to move privately 😠

I know about Michael Bazzel’s Privacy books, and I have read over them. They are good and I follow his advize for some things. I still feel overwhelmed and don’t think I can manage it by myself. One problem is, the last edition of the Privacy book was years ago. KYC is in many more places now. Like utilities and services you need when moving to a new home. I run into more things that demand a copy of a gov photo ID or they will not give you a service. This data makes toward the credit bureaus, they always learn. It used to be you could pay for utilities from an LLC, but that often triggers a KYC check now and sometimes they want to copy your ID.

I already try to fight my addy appearing in people search sites but that is hard. There are so many of them. Some outside the USA and do not follow takedown requests.

There must be ways to do this! Maybe they are only available to the rich and famous? I am not rich or famous, lol. But I am middle class and would spend a moderate sum for a service to handle this. I do not feel I can do it on my own. Maybe I could years ago before so many attacks on privacy, but no more.

Has anyone successfully moved AND kept a new home addy private from data brokers? Did you use a service or company to help?

Hardware wallets like Trezor and Ledger are terrible choice for privacy as they’re more like hot wallets. You need to download their shitty electron app to configure your wallet and even if these apps are open-source I can’t consider them safe, because they have toooooo much features. At the same time they’re missing basic features like connecting through TOR network to them which should be must have as they rely heavily on internet features like online exchanges which can easily reveal your data. Do you have any idea how to access crypto easily while at the same keep it private and safe?

cross-posted from : lemmy.zip/post/60423023 EU rules regarding anti-money laundering, counter-terrorist financing and sanctions law (AML/CFT) have increasingly shifted responsibilities to detect crime from public entities to companies . AML/CFT law requires “obliged entities”, like banks, to collect large amounts of financial and other personal data about their customers. The way banks implement these rules in the EU has led to a systemic negative impact on human rights, often because of over-compliance, risk-aversion and weak accountability. This has been the case in the Netherlands where, among large number of human rights breaches by banks, Dutch ING Bank has even publicly apologised for discriminating against its customers based on profiling.

It has been a long journey.

I have been gradually convincing my family, close relatives and friends to make the switch to Signal for over two years. I am already the “tech support guy” in all my circles so most didn’t really question it. Most of my friends are quite tech-savvy, and some even did use Signal before I talked to them about it.

This also filtered out some “friends” who were never that close to me to begin with. So, that’s a bonus, I guess.

Overall, my recommendation to others interested would be to tell people how much you don’t like Meta’s business model instead of the privacy aspect. I already ditched Facebook and Instagram many years ago, and this helped defend my point a bit better.

I’m a privacy focused individual, I run GrapheneOS on my phone & self-host as much of my tech stacks to avoid sharing info with. I’m looking for recommendations of smartwatches that align with the ideals of this community. What watch do you use? What do you recommend?

cross-posted from: lemmus.org/post/20954019

Reddit.

Source: Intelligence Committee’s annual Worldwide Threats hearing, question by Senator Ron Wyden.

Clip by Headquarters News.

I use a VPN and/or Tor to do the majority of my websurfing/streaming/torrenting. Some can (notably web browsers*) read your local system time to access your timezone. And, I happen to live in… let’s just say a very “narrow” timezone, my country of origin can be trivially pinpointed if you take a look at the UTC offset. I know Firefox has a setting to spoof my timezone to UTC, but the chromium browsers do not have that option (at least no options i could find after a fairly extensive search), and I don’t even know if all of the other programs I have are reading them or not, such as, for example, my matrix client. So, solution I came up with: do a timedatectl set-timezone UTC on the device. I can separately make my desktop clock do a little timezone conversion so no worries about time disorientation. This fixes the issue with most apps not allowing timezone spoofing too. Honestly, now that I’ve typed all that^^ out, this is beginning to sound like an unnecessary schizo post that goes WAY beyond my threat model XD. Still, I’d love to hear anyone else’s thoughts on it. Ideas to improve upon it are appreciated too.

…by physically removing a port (who would do that) or using the software?

i’ve just seen a comment in a post, in this very community, saying people trust signal because of missinformation (from what i could undertand).

if this is true, then i have a few questions:

-what menssaging app should i use for secure communications? i need an app that balances simplicity and security.

-how to explain it to my friends who use signal because i recomended?

-what this means for other apps in general?

Japan protects children online very differently to the UK. (Shout out to red rose for the heads up - it was interesting.) While the UK Online Safety Act is driving biometric age verification and platform-based ID checks, Japan has taken another route: mobile carrier filtering enabled by default for under-18s, combined with parental control and digital literacy. There is no nationwide social media ban in Japan. Instead, age controls typically sit at the telecom/SIM registration layer rather than at individual platforms. In this video I explain: • Japan’s 2008 Youth Internet Environment framework • How mobile carriers determine age at SIM registration • Why filtering is enabled by default for minors • The parental opt-out (waiver) mechanism • The privacy trade-offs compared to UK-style age verification This isn’t “no regulation” — it’s a different regulatory architecture. Sources: Nippon.com – Overview of Japan’s youth internet law and filtering model www.nippon.com/en/in-depth/d01099/ Children and Families Agency (Japan) – Sixth Basic Plan outline (youth internet measures) www.cfa.go.jp/assets/contents/node/basic_page/fiel… NTT Docomo – “Request for Not Using Filtering Services” (waiver form example) www.docomo.ne.jp/english/binary/pdf/support/proced… The Japan Times – Commentary on social media regulation debate www.japantimes.co.jp/commentary/2024/11/28/japan/s… The Japan Times – Reporting on youth victims and social media concerns www.japantimes.co.jp/news/2026/02/27/japan/crime-l… If you’re following UK Online Safety Act developments, this comparison shows that “protecting children online” does not automatically require biometric ID checks across platforms — but every model comes with trade-offs. Let me know in the comments: would you prefer telecom-level filtering, or platform-based age verificatio

I have been using it for more than a week and now am worried about the consequences that I am not sure are true or not! I am worried that by allowing random users to surf using my network to prevent surveillance, someone will use my address to do malicious things, and I will get into legal consequences. Also, what if many services blacklist my IP address so eventually I get a lot of restrictions in my browing experience. Furthermore, will this extension increase my fingerprint? Are these thoughts valid, or am I just overthinking? If anyone knows, please comment.

Found out about these two open-source cloud storage providers and wanted to know what anyone thought of them. ente.io crypt.ee

cross-posted from: lemmy.ml/post/44781501

GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can’t be sold in a region due to their regulations, so be it.

cross-posted from: lemmy.today/post/49749386

If the video isn’t working, try these links:

• cdn.videy.co/8f2f25e11.mp4
• streamable.com/0xj1ni (slightly better quality but only up for 2 days)

Clipped from full hour long video (around 49 minutes in): https://wwwremovedute.com/video/jmhFAjqbxnQ

Europol report: …europa.eu/…/The-Unmanned-Future-Report.pdf

I just found a security breach that can leak thousands of emails on a website!! Today, I snooped around on a website I won't mention the name of for privacy reasons, and they assign your account an user ID when you register. Well, with a very simple trick in the console I managed to get everyone else's email and account info (for example checking if they have a paid plan or not) by just lowering the user id, with no rate-limit on the endpoint! So a bad actor could send targetted phishing emails to people by telling them there is a problem with their payment! It's funny because on their homepage, they state they use "Military grade encryption" (whatever that means!), and their privacy policy says "We encrypt the transmission of that information" (does that just mean they do it over https?) So, moral of the story, don't trust companies with your personal info! I contacted the site, we'll see if they fix it. @privacy@lemmy.ml @privacy@lemmy.world @soatok@furry.engineer #cybersecurity #privacy #web #hacking

The teacher opens an app on their phone, holds it up, and takes several photos of the room. Within seconds, the images travel to a cloud server, where a facial-recognition algorithm detects each student’s face, extracts it, and compares it against a database of biometric profiles. The app LRCO Paraná returns a list of names. Students identified in the photos are marked present; those the system does not find are marked absent. For some students, a false absence is a bureaucratic irritation. For others, it could threaten their family’s access to welfare. In Brazil, eligibility for the Bolsa Família program depends in part on school attendance, and in Paraná such records are now largely generated by an algorithm.

Hello,

I use Freetube for youtube and redlib and caprine. Is there a front end for whatsapp?

Hi, I need to leave my country for a couple days, but my cellphone plan doesn’t cover data oversea and I don’t like to rely on WiFi. A relative suggested that I try Saily, which is an esim provider that you can load with whatever you need in the country you’re visiting but I’m again reluctant to use an app when I don’t know how trustworthy it is. Has anyone ever faced the same issue? Should I simply let go of my internet connexion and enjoy a couple days off the the internet? Cheers and thanks for your help

Anyone know of any software I can override the Google Nest Doorbell with ? One that’s maybe open source ? I know I could just buy another camera but I was hoping to keep using this one with safer software

cross-posted from: lemmy.world/post/44029008 From the official Dutch Intelligence and Security Service information. “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” states Director of the MIVD, vice-admiral Peter Reesink. Individual accounts An interesting aspect of this Russian campaign is that it does not exploit any technical vulnerabilities of the messaging services. The attackers instead make malicious use of legitimate security features of the apps. Director-General of the AIVD Simone Smit states, “It is not the case that Signal or WhatsApp as a whole have been compromised. Individual user accounts are being targeted.” To increase resilience against this Russian campaign, MIVD and AIVD have published a Cyber Advisory explaining how to identify and respond to attacks. The advisory also give instructions for Signal users on how to identify potentially compromised contacts. All Signal users can personally check whether there are any potentially compromised contacts in their group chats. If you see any people who appear twice in the list of members (under the same or a slightly different name), this may be evidence of either a compromised account or a new account created by a victim.If you suspect this to be the case, report this to the information security department of your organisation. Together you can try to verify (preferably using a channel other than Signal or WhatsApp, such as an email or a telephone call) whether it is correct that the account in question appears twice in the chat group contact list. Should this not be the case, ask the group administrator to remove both accounts from the group chat, after which the legitimate account holder can request to rejoin the group. Please remain vigilant for group members who are not recognised by the rest of the group. The actor may occasionally change the display name of a compromised account to remain unnoticed in chat groups, for example to names such as ‘Deleted account’. If a member’s display name changes, the group will receive a notification. When the change is the legitimate transition to ‘Deleted account’, no notification is sent. Actor-controlled accounts can also gain entry to the group via an obtained Group Link, of which the group always receives a notification. In all such unauthorised scenarios, ask the group administrator to remove the offending accounts from the chat.If there is any indication that the group administrator themselves may have been compromised, it is advisable to exit the group and create a new one. |

See title. A bit of a dumb question, but given my threat model, I’m curious if it’s maybe strategically better to not rely on Proton for their VPN. If I rely too much on one provider, I think that that’s not a good idea.

Even State Department-funded Human Rights Watch admits that authorities combine legal and illegal methods to obtain convictions: text.hrw.org/…/secret-origins-evidence-us-crimina…

Combining dragnet surveillance with device hacking is intended in the design of both tools. Hence, State Department-funded Signal dupes you into handing over your identity as part of the population-centric mapping. In custody, your phone will be hacked when it is taken away if it’s important.

xcancel.com/hannahcrileyy/…/2034273723667161480#m

Source: lists.debian.org/debian-devel/…/msg00199.html

:::spoiler msg extract:

I want to share a public project I created in response to the ongoing discussions around OS-level age verification, age signaling, and related mechanisms in free software distributions:

github.com/AntiSurv/oss-anti-surveillance

The project exists to document, track, oppose, and prepare the removal of OS-level surveillance, classification, and policy-enforcement mechanisms in free software distributions.

This is not limited to one patch or one component. A visible implementation path is now emerging across multiple layers of the Linux stack, including provisioning flows, account metadata services, user records, and application-facing interfaces.

[…] The project’s position is explicit:

• no OS-level age verification
• no age signaling or age-bracket APIs
• no client-side scanning or device-side inspection primitives
• no passive downstream inheritance of such mechanisms
• no geo-fencing users out of free software as a substitute for refusal

[…] The repository is intended as a public dossier and working reference point. It includes:

• a front page and project statement
• a manifesto
• a tracker of issues, PRs, and MRs
• a policy and law background file
• a technical architecture map
• a component-by-component target list
• a downstream stripping and reversal strategy

The immediate goal is to keep the implementation path visible, linkable, and auditable so that these changes can be challenged upstream and, if they are merged anyway, stripped downstream rather than quietly inherited.

If useful, I would welcome corrections, additional evidence, and links to relevant upstream or downstream work that should be tracked.

Free software was written for users, not for surveillance.

- Martinx - ジェームズ

---

:::

• See: github.com/AntiSurv/…/TRACKER.md#current-evidence… for current packages, distributions… discussing implementing age verification.

• Disclaimer: I’m not the author.

Hello, I’ve noticed difficulty trying to use reports.exodus-privacy.eu.org. The pages just don’t load for me on my computer or phone. iirc the last time I tried (months ago) it may not have worked then either, but I don’t know for sure. Has something happened with the service? I didn’t find anything stating as such. Thank you for your time, I hope you have a good week.

Cross posted from: feddit.uk/post/45797826 In a sensational turn of events in the fight against Chat Control, a majority in the European Parliament voted today to end the untargeted mass scanning of private communications. In doing so, the Parliament firmly rejected the error-prone and unconstitutional surveillance practices of recent years. Pressure is now mounting on EU governments to respect the MEPs’ vote and bury untargeted mass surveillance in Europe once and for all. Amendment 5, tabled by Pirate Party MEP Markéta Gregorová (Greens/EFA group) and adopted by a narrow margin, demands that any scanning of private communications must be strictly limited to individual users or groups of users suspected by a competent judicial authority of being linked to child sexual abuse. This aligns with the European Parliament’s 2023 mandate on the permanent Chat Control regulation (CSAR). Based on today’s mandate, trilogue negotiations between the EU Parliament, the European Commission, and the Council of the EU are set to begin as early as tomorrow. Negotiations are taking place under extreme time pressure, as the current interim regulation authorizing Chat Control expires on April 6. The EU Commission and the vast majority of the EU Council—except for Italy—have so far categorically rejected any restrictions on untargeted mass scanning. Digital freedom fighter Patrick Breyer (Pirate Party) commented on the historic vote: “Today is a sensational victory for the countless citizens who made calls and sent emails to save their digital privacy of correspondence. Digital privacy is alive! Just as with our physical mail, the warrantless screening of our digital communications must remain taboo. EU governments must finally realize that true child protection requires secure apps (‘Security by Design’), the removal of illegal material at the source, and targeted investigations against suspects with a judicial warrant—not overreaching, pointless mass surveillance.” The Hard Facts: Why Chat Control has failed spectacularly Continue reading here - patrick-breyer.de/…/historic-chat-control-vote-in…

Master Browser Fingerprint Spoofing with Expert Techniques

COPPA feels pretty outdated in today’s online world. A lot of sites now ask users to confirm their age even when it’s not really needed, sometimes using AI tools that can get things wrong or push people to share personal info. This brings up some serious worries about privacy, accuracy, and how accessible things are online. The Electronic Child Safety Initiative (ECSI) thinks that laws about online safety, like the Children’s Online Privacy Protection Act, should keep kids safe without relying on unnecessary tracking or dodgy tech. If you think these laws can be better, consider joining the conversation and help push for changes by taking part in the ECSI community forums.

Like, we all know they’re listening , but can we provide proof?

My friend was complaining about all the new super surveillance that will be government required in cars after 2027, and I said to him dude you have a stock android, you use every AI slop feature, you use a smart TV on your unsecured network, and uses x every day. They have everything they could possibly need on him. Oh and he posts questionable things to fb daily under his real name.

i want to make this post so we can discuss the actual law text of the new “ECA digital” (basically a law that requires plataforms to have more responsibility in securing a safe youth on the internet)

There are dishonest arguments o both sides “you should’nt trust people who opose this law” “this law was made from moral panic”

while yes, the legal document requires “mechanisms that enable age apropriate experiences” (Art. 10. Os fornecedores de produtos ou serviços de tecnologia da informação direcionados a crianças e a adolescentes ou de acesso provável por eles deverão adotar mecanismos para proporcionar experiências adequadas à idade, nos termos deste Capítulo, respeitadas a autonomia progressiva e a diversidade de contextos socioeconômicos brasileiros.)

it also has some safeguards, like:

privacy by default “Art. 7º Os fornecedores de produtos ou serviços de tecnologia da informação direcionados a crianças e a adolescentes ou de acesso provável por eles deverão, desde a concepção de seus produtos e serviços, garantir, por padrão, a configuração no modelo mais protetivo disponível em relação à privacidade e à proteção de dados pessoais, considerados a autonomia e o desenvolvimento progressivo do indivíduo e justificado o melhor interesse da criança e do adolescente.” no mass surveilance:

“§ 1º A regulamentação não poderá, em nenhuma hipótese, autorizar ou resultar na implantação de mecanismos de vigilância massiva, genérica ou indiscriminada, vedadas práticas contra os direitos fundamentais à liberdade de expressão, à privacidade, à proteção integral e ao tratamento diferenciado dos dados pessoais de crianças e de adolescentes, nos termos da Constituição Federal e das Leis nºs 8.069, de 13 de julho de 1990 (Estatuto da Criança e do Adolescente), e 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais).”

actual legal document (so we can have a informed discussion): www.planalto.gov.br/ccivil_03/…/L15211.htm

It’s me. But what do I have to do to post? Looks like it needs a Community. I suppose I need to find one. Eventually create one.

go to the site, use the tool. where ever you are. Keep voicing your stance on this issue. This isn’t about protecting kids nor will it protect kids from anything. Kids will just go to darker corners of the internet where nothing is moderated forcing everyone to dox themselves won’t make anything safer. All that data in hackable databases would be ripe for the picking by any hacker or groups of hackers to sell to databrokers, who then sell it to scammers Parental controls are very easy to set up in the modern day every commonly used OS has them built in. If you’re a parent, it’s YOUR responsibility to make sure your kids don’t see things they’re not supposed to see…don’t let the government control that shit There’s also www.defendvpns.com to go to as well, sign both petitions. the EFF has some petitions too www.eff.org I’ve already signed them I’ve already emailed all my people. Now you need to do that. For anyone who still has twitter, tweet to them with these hashtags #crushthescreenact #crushthekosabill #stopIDagechecksUSA #saynotoappstoreaccountabilty #dontrepealsection230 #SayNotoKOSMA #NoToKIDSAct

This is a repost as, despite receiving many positive votes and comments, the original was removed under Rule 4: If you have a question, please try searching for previous discussions, maybe it has already been answered Reposts are fine However, this a guide, not a question. The moderator was notified but has failed to respond. “Sideloading” is framed as some privacy hack but it’s just double speak. App stores? They are an excuse to steal our control, spy on us, destroy our privacy, all while lying, pretending to protect us, deceiving us. F-Droid? That is a library, not a store. Stop falling for this scam. Fight fire with fire. Call app stores what they are: Cuckloading! Example Google’s forcing us into cuckloaded apps.