Privacy

31803 readers
251 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
101
102
 
 

For the Paris 2024 Olympics, the city got the "right" to use the AI surveillance technology in the street. As we thought, they are going to keep this as long as they can.

We need to do something against this IRL mass surveillance, going every day more into our private life

103
 
 

Verizon is stopping support for message+ and says to just use Google messenger. Fuck that I hate Google, can anyone suggest an app I can use to just text people and send pictures that works on and offline?

104
 
 

Telegram CEO Pavel Durov recently announced that Telegram would be handing over user data (such as phone numbers and IP adresses) to the authorities. Now it turns out that it has been doing so since 2018.

My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.

Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.

For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.

To reduce confusion, last week, we streamlined and unified our privacy policy across different countries.

Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.

Full text of the post.📰 My previous post may have seemed to announce a major shift in how Telegram works. But in reality, little has changed.

🌐 Since 2018, Telegram has been able to disclose IP addresses/phone numbers of criminals to authorities, according to our Privacy Policy in most countries.

⚖️ Whenever we received a properly formed legal request via relevant communication lines, we would verify it and disclose the IP addresses/phone numbers of dangerous criminals. This process had been in place long before last week.

🤖 Our @transparency bot demonstrates exactly that. This bot shows the number of processed requests for user data.

✉️ For example, in Brazil, we disclosed data for 75 legal requests in Q1 (January-March) 2024, 63 in Q2, and 65 in Q3. In India, our largest market, we satisfied 2461 legal requests in Q1, 2151 in Q2, and 2380 in Q3.

📈 In Europe, there was an uptick in the number of valid legal requests we received in Q3. This increase was caused by the fact that more EU authorities started to use the correct communication line for their requests, the one mandated by the EU DSA law. Information about this contact point has been publicly available to anyone who viewed the Telegram website or googled “Telegram EU address for law enforcement” since early 2024. 

🤝 To reduce confusion, last week, we streamlined and unified our privacy policy across different countries. But our core principles haven’t changed. We’ve always strived to comply with relevant local laws — as long as they didn’t go against our values of freedom and privacy.

🛡 Telegram was built to protect activists and ordinary people from corrupt governments and corporations — we do not allow criminals to abuse our platform or evade justice.

105
106
25
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
 
 

Ok so here is the situation:

As many here (I guess), I dont like Meta, but since I want to promote my 3D-printed stuff more, I see my self in a position where there is no way around Instagram 🤢

So my question is, if maybe someone here already uses Instagram here "privately" or if someone has ideas on how to use it but still giving Meta as few info as possible?

My idea at the moment would be to use Mullvad for every traffic going to insta. For signup I will of course use an email with a custom-domain that is never used somewhere else and if I like other posts, I will only use the account, related to my business. My personal account is just for getting in touch with real people I know and to promote my business-account. The personal account will not have my real name and uses also a different email from a custom domain.

Thanks in advance for you comments and trust my, I really hate having to submit to Meta and their stupid social media crap....

Edit: Thanks for all your great feedback. I will def. look into all of these ideas 👍

I also forgot two things:

  1. I am using Linux only for this on PC and no Windows(dont know if this changes anything)
  2. I am using LibreWolf on Linux Mint and Waterfox on Graphene OS (of course with Ublock and Privacy Badger ;) )
107
281
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
 
 

23andMe is not doing well. Its stock is on the verge of being delisted. It shut down its in-house drug-development unit last month, only the latest in several rounds of layoffs. Last week, the entire board of directors quit, save for Anne Wojcicki, a co-founder and the company’s CEO. Amid this downward spiral, Wojcicki has said she’ll consider selling 23andMe—which means the DNA of 23andMe’s 15 million customers would be up for sale, too.

23andMe’s trove of genetic data might be its most valuable asset. For about two decades now, since human-genome analysis became quick and common, the A’s, C’s, G’s, and T’s of DNA have allowed long-lost relatives to connect, revealed family secrets, and helped police catch serial killers. Some people’s genomes contain clues to what’s making them sick, or even, occasionally, how their disease should be treated. For most of us, though, consumer tests don’t have much to offer beyond a snapshot of our ancestors’ roots and confirmation of the traits we already know about. (Yes, 23andMe, my eyes are blue.) 23andMe is floundering in part because it hasn’t managed to prove the value of collecting all that sensitive, personal information. And potential buyers may have very different ideas about how to use the company’s DNA data to raise the company’s bottom line. This should concern anyone who has used the service.

DNA might contain health information, but unlike a doctor’s office, 23andMe is not bound by the health-privacy law HIPAA. And the company’s privacy policies make clear that in the event of a merger or an acquisition, customer information is a salable asset. 23andMe promises to ask its customers’ permission before using their data for research or targeted advertising, but that doesn’t mean the next boss will do the same. It says so right there in the fine print: The company reserves the right to update its policies at any time. A spokesperson acknowledged to me this week that the company can’t fully guarantee the sanctity of customer data, but said in a statement that “any scenario which impacts our customers’ data would need to be carefully considered. We take the privacy and trust of our customers very seriously, and would strive to maintain commitments outlined in our Privacy Statement.”

Certain parties might take an obvious interest in the secrets of Americans’ genomes. Insurers, for example, would probably like to know about any genetic predispositions that might make you more expensive to them. In the United States, a 2008 law called the Genetic Information Nondiscrimination Act protects against discrimination by employers and health insurers on the basis of genetic data, but gaps in it exempt providers of life, disability, and long-term-care insurance from such restrictions. That means that if you have, say, a genetic marker that can be correlated with a heart condition, a life insurer could find that out and legally deny you a policy—even if you never actually develop that condition. Law-enforcement agencies rely on DNA data to solve many difficult cases, and although 23andMe says it requires a warrant to share data, some other companies have granted broad access to police. You don’t have to commit a crime to be affected: Because we share large chunks of our genome with relatives, your DNA could be used to implicate a close family member or even a third cousin whom you’ve never met. Information about your ethnicity can also be sensitive, and that’s encoded in your genome, too. That’s all part of why, in 2020, the U.S. military advised its personnel against using consumer tests.

Spelling out all the potential consequences of an unknown party accessing your DNA is impossible, because scientists’ understanding of the genome is still evolving. Imagine drugmakers trolling your genome to find out what ailments you’re at risk for and then targeting you with ads for drugs to treat them. “There’s a lot of ways that this data might be misused or used in a way that the consumers couldn’t anticipate when they first bought 23andMe,” Suzanne Bernstein, counsel at the Electronic Privacy Information Center, told me. And unlike a password that can be changed after it leaks, once your DNA is out in the wild, it’s out there for good. Some states, such as California, give consumers additional genetic-privacy rights and might allow DNA data to be deleted ahead of a sale. The 23andMe spokesperson told me that “customers have the ability to download their data and delete their personal accounts.” Companies are also required to notify customers of any changes to terms of service and give them a chance to opt out, though typically such changes take effect automatically after a certain amount of time, whether or not you’ve read through the fine print. Consumers have assumed this risk without getting much in return. When the first draft of the human genome was unveiled, it was billed as a panacea, hiding within its code secrets that would help each and every one of us unlock a personalized health plan. But most diseases, it turns out, can’t be pinned on a single gene. And most people have a boring genome, free of red-flag mutations, which means DNA data just aren’t that useful to them—at least not in this form. And if a DNA test reveals elevated risk for a more common health condition, such as diabetes and heart disease, you probably already know the interventions: eating well, exercising often, getting a solid eight hours of sleep. (To an insurer, though, even a modicum of risk might make someone an unattractive candidate for coverage.) That’s likely a big part of why 23andMe’s sales have slipped. There are only so many people who want to know about their Swedish ancestry, and that, it turns out, is consumer DNA testing’s biggest sell.

Wojcicki has pulled 23andMe back from the brink before, after the Food and Drug Administration ordered the company to stop selling its health tests in 2013 until they could be proved safe and effective. In recent months, Wojcicki has explored a variety of options to save the company, including splitting it to separate the cash-burning drug business from the consumer side. Wojcicki has still expressed interest in trying to take the company private herself, but the board rejected her initial offer. 23andMe has until November 4 to raise its shares to at least $1, or be delisted. As that date approaches, a sale looks more and more likely—whether to Wojcicki or someone else.

The risk of DNA data being misused has existed since DNA tests first became available. When customers opt in to participate in drug-development research, third parties already get access to their de-identified DNA data, which can in some cases be linked back to people’s identities after all. Plus, 23andMe has failed to protect its customers’ information in the past—it just agreed to pay $30 million to settle a lawsuit resulting from an October 2023 data breach. But for nearly two decades, the company had an incentive to keep its customers’ data private: 23andMe is a consumer-facing business, and to sell kits, it also needed to win trust. Whoever buys the company’s data may not operate under the same constraints.

108
9
deleted (www.example.com)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
 
 

For those who are unaware: GrapheneOS is a privacy and security focused mobile operating system built on Android.

https://grapheneos.org/

Yes, the phone in the picture is running GrapheneOS.

109
110
 
 

I was trying to airplay a video to my tv, just like I did for hours last night, and YouTube kept demanding that I login to prove I’m not a bot. So I figured I would make a fake login on Proton. That worked fine, but then it wants to text me for verification and obviously I do not want to give them my number, but it’s rejecting every number I try from the temp number sites.

I am in Safari for iPad in a private window, using vinegar.

111
 
 

Hi! Thinking about registering a new domain for homelab setup. Not quite sure which registrar to go with but have heard good things about Porkbun here on lemmy. But, do people fill in their actual real name, and details for these sorta things? Geuninly curious, don't want to end up on bad terms with a company. But on the other hand im just going to use this for my homelab and dont see the "need" to give away my details for this sorta thing.

Let me know how you guys do it :)

112
 
 

A new Federal Trade Commission (FTC) report confirms what EFF has been warning about for years: tech giants are widely harvesting and sharing your personal information to fuel their online behavioral advertising businesses. This four-year investigation into the data practices of nine social media and video platforms, including Facebook, YouTube, and X (formally Twitter), demonstrates how commercial surveillance leaves consumers with little control over their privacy. While not every investigated company committed the same privacy violations, the conclusion is clear: companies prioritized profits over privacy.

While EFF has long warned about these practices, the FTC’s investigation offers detailed evidence of how widespread and invasive commercial surveillance has become. Here are key takeaways from the report

113
114
 
 

I am an EU citizen and I was informed that my EURAXESS account was breached. They informed me that while the password wasn't stolen, all of my personal data including addresses, IDs from the CV was stolen and made available on some website.

They say that they're working towards making the site secure, etc., but I know that my personal info is out there. They have even told me to watch out for scams and phishing attempts over the next few months to come.

I am a bit shaken. Please tell me what steps I can take to gain back some control over this situation?

115
 
 

cross-posted from: https://sh.itjust.works/post/25812217

cross-posted from: https://sh.itjust.works/post/25812215

Labour is to revive the hated Tory plan to force banks to carry out surveillance on claimants’ accounts and give the DWP police type power to search premises and seize possessions.

The Tory provisions were contained in the Data Protection and Digital Information Bill, but this failed to be passed into law before the general election and was therefore scrapped.

Now, however, Labour have announced that they are to include what appear to be very similar provisions in a new Fraud, Error and Debt Bill.

According to the DWP, the new law will give the DWP powers to:

  • Better investigate suspected fraud and new powers of search and seizure so DWP can take greater control investigations into criminal gangs defrauding the taxpayer.

  • Allow DWP to recover debts from individuals who can pay money back but have avoided doing so, bringing greater fairness to debt recoveries.

  • Require banks and financial institutions to share data that may show indications of potential benefit overpayments

The Tory bank surveillance provisions would have forced banks to monitor the accounts of all means-tested benefits claimants and report every time an account went over the capital limit or was used abroad for more than four weeks.

In late 2023, it was estimated that almost 9 million claimants would be caught in the Tory surveillance net, including:

  • 8 million universal credit claimants

  • 6 million employment and support allowance claimants

  • 4 million pension credit claimants

That number is likely to have increased by now, especially with the push to get more people to sign-up for pension credit.

Labour’s new bill will also give the DWP the power to search premises and seize evidence, such as documents, laptops and phones.

The Tory Bill contained similar powers.

It would have allowed designated DWP staff to arrest claimants, search premises and seize any evidence they found without needing to use the police. The DWP said this would put them on a par with HMRC and the Gangmasters and Labour Abuse Authority (GLAA).

In an attempt to reassure claimants, the DWP today claimed that:

“The Bill will also include safeguarding measures to protect vulnerable customers. Staff will be trained to the highest standards on the appropriate use of any new powers, and we will introduce new oversight and reporting mechanisms, to monitor these new powers. DWP will not have access to people’s bank accounts and will not share their personal information with third parties.”

Labour claim that these powers will only be used against criminal gangs. But, until we see the text of the bill, we will have no way of knowing whether the law will actually prevent the DWP using their new powers against individual claimants if they so choose.

The outline of the new bill was published today by the DWP to coincide with Kier Starmer’s first speech as prime minister to a Labour party conference.

In his speech, Starmer made only a brief reference to the new bill, saying, “If we want to maintain support for the welfare state, then we will legislate to stop benefit fraud and do everything we can to tackle worklessness.”

Back in April of this year the then prime minister, Rishi Sunak, outlined his plan to give the DWP police powers. He did this whilst setting out his five point plan for welfare reform in a speech at the right-wing think tank, the Centre for Social justice, founded by Iain Duncan-Smith.

Just five months later, Keir Starmer has announced similar measures, this time in a speech to the Labour party conference.

The other four Sunak points were:

  • The WCA to be made harder to pass

  • GPs no longer to issue fit notes

  • Legacy benefits claimants to move to UC sooner and work requirements to be increased

  • PIP no longer always a cash benefit and fewer people to be eligible

We will now have to wait for Labour’s welfare reform white paper to see whether any of the four remaining points will also be adopted as Labour policy.

116
 
 

Hey privacy community! A few weeks back I've seen an article posted here or in some other tech community about TSA rolling out biometric ID process in some US airports, that involved taking a face scan.

I had an international flight planned and I wouldn't want to go through biometric ID, but I was anxious of potential delay and having to explain myself to TSA agents. I also convinced my wife to opt out, which could potentially double the delay.

So for the folks who may have the same concerns, I'd like to share my experience.

I went on my flight a few days back from Newark International Airport (EWR). We went through security check in new Terminal A. At the beginning of the security line there were a few clearly visible posters about biometric ID with opt out information. To opt out you just need to tell TSA agent that you don't want your photo to be taken. The poster also says that you will not lose your place in line if you opt out. Same posters are on each agent desk.

The scanning machine is on every agent's desk, next to the opt out posters. It has a screen, about 8", with something that looks like a set of stereo lenses on top of it. The screen shows the live feed of the person in front of it during scanning process, with a template of a face that helps to properly position it. The scanning process seems to be very quick.

Now, for the opt out - it is indeed as easy and seamless as they claim. I asked the agent to not take my picture, he just said OK and asked me for my passport. The scanning machine didn't turn on. He scanned my passport and gave it back, and I was done, no questions asked.

Actually, I noticed that people who had their faces scanned also had to hand passports over. So they had to spend more time with the agent than I. I assume because it was their first time through this biometric collection and next time they just scan their face again and that's it.

And while I was pleased how easy it was for me and my family to opt out of this, in my opinion, completely unnecessary privacy invasion, I have not observed any other person (out of maybe 100 who passed before me) who did the same. Unfortunately, we know here how easily and thoughtless people give away yet another piece of their personal data. In this case, the data that can be used next time to ID people via video surveillance without any consent.

117
135
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
 
 

I made this post a few weeks ago, and I've finally been using GrapheneOS for one month. I'd like to point out things that changed, and my experiences with some of the GrapheneOS communities.

The changes

I stressed far too much about which methods to use for installing apps. In the end, it's up to you and your preference. Sure some are considered less secure than others, but it's your phone. I'll explain more about why I'm saying that later. Anyways. I get as many apps as I can via Obtainium, and install a few apps via Aurora Store.

I'd like to clarify the reason I have ProtonVPN installed via Aurora Store. App developers often develop different versions of the app depending on how you install it. Play Store versions of it might rely on Google services, whereas direct apk files may not. ProtonVPN allows you to use it as a guest, but only when you install the Play Store version. No other version of the app (e.g. installed via Obtainium) allows you to use it as a guest. Please stop commenting about this, I explained it to way too many people.

My game selection has remained the same, however Antimine is a bit of a weird one. It is still actively maintained, but the GitHub releases page is versions behind the F-Droid version, and the F-Droid version is versions behind the Play Store version. I tried installing the Play Store version, but it required Google Play Services to work (even though the app could actually run without it, it just thinks it needs it). So, unfortunately, I'll just use the outdated F-Droid version.

2048 by SecUSo actually got dark mode! Good for them for keeping things nice on the user end. Audire has been abandoned, and so I tried out Audile and it works fine.

As many users pointed out, AndBible is not abandoned. It also recently got updated. The UX is still sub par. Fossify projects are also, as many pointed out, not abandoned. Development is just slow. I'm eager to see what updates will come.

HeliBoard still has some weird autocorrect suggestions, but I made a few bug reports about it. KeePassDX no longer has the weird biometrics bug.

For eBooks, I tried out a lot of the top proprietary eBook readers:

  • Amazon Kindle was authwalled (required logging in)
  • FBReader was netwalled (required a network connection)
  • Google Play Books was playwalled (required Google Play Services)

Then, I tried Moon+ Reader. I am so sorry, but this app is honestly fantastic. I will reiterate: it is proprietary, but it has support for Apple Book's page turning animation as well as other stuff. The open source eBook readers peril in comparison. The app is perfect, I just wish it was open source.

My music player has changed to VLC Media Player, which is honestly so much better than the desktop version. It has incredible support for use as a music manager. The only annoying bug is that it will sometimes lag for a few seconds before resuming, and there's no clear "queue" section.

I got too upset with Vanadium's lack of anti-fingerprinting and privacy features, that I switched to Brave. Honestly, I'm happy with it. It's not perfect, but I can get behind it.

The new stuff

Alright, now let me mention the new things I got to try. I wanted to try out an RSS reader, so I got Feeder. It's honestly what you expect from an RSS reader. I will say: I wish there was more distinction between read and unread articles. Currently the only difference is whether or not the title is in bold. I also wish the "Show read articles" could be changed for each feed, and not globally, or have an "Unread articles" section.

I have the I2P DEBUG app in case I ever want to access I2P pages. I'm learning about what I2P is. From what I gather, it's like Tor but... not Tor.

I tried out Image Toolbox for editing images. It's very feature rich, but very unintuitive to use.

This is the biggest change: I tried out Lawnchair and Lawnicons. It is honestly so great. I wish the default launcher had that level of customization. You can customize it in 100 different ways until your heart gives out, it's honestly fantastic. There are inconsistent minor bugs and annoyances, but the benefits far outweigh those. I'm a sucker for the iOS look, and I was very pleased I was able to achieve something in between Android and iOS. I just wish they would bring dock colors back! One of my favorite features is being able to customize any icon and name for any app on the home screen. I could make a dating app look like a graphing calculator, for example...

I tried out the proprietary Pydroid 3 app as a Python IDE. I give the developers a solid pat on the back. It's a great app. It works super well, and just has the occasional "upgrade to premium" popup to remove the "ads" that it can't load because it can't touch the internet. Good job guys.

I added Shadowsocks to my censorship circumvention toolkit. I can't find any free servers, but hey it's there in a pinch.

The community

I got some time to experience the Matrix/Discord/Telegram (they're all bridged) community as well as the issue tracker for GitHub. The issue tracker closes a lot of issues that I personally think should remain open. One I made was changing one of the default pings for an (obscure) menu from Google to GrapheneOS, a very simple fix. They closed it, which I'm upset about. I get it though, they can't fix everything.

The Matrix/Discord/Telegram community is... interesting. There's 3 people: The ones who understand almost nothing and need a lot of help, the general users who are super friendly and have wholesome interactions, and the ones who know (and/or think they know) everything. That third group is quite prevalent. They will constantly push their own threat model on you as if it's the only correct answer, and will (quite often) refuse to answer questions if it goes against their threat model (e.g. questions about Aurora Store when "Play Store is the only correct answer").

It's annoying to say the least. I try to mention as much as possible that everyone has their own threat model and it's your phone so you get to choose your own preferences at the end of the day, but that never goes over well. GrapheneOS isn't always known for taking kindly to some lesser threat models, which is a double edged sword. It's good that they have such high standards, but they need to know when to relax and let other people help. It's not bad by any means, you'll get the help you need, but it's not a good look at the end of the day.

Conclusion

That's my experiences after one month. It's been nothing short of fantastic, even with some problems. I am a strong advocator for open source software, but for a couple things the proprietary alternatives are simply the best. That's the unfortunate truth for some things. This will be my last post about my experiences with GrapheneOS, but coming from iOS, it is a super fun transition.

I'd also like to mention quickly for anyone wondering: Backups for me are currently under 5GB (not including music), and in a month with all the app downloads and music transfers over LocalSend, I used about 70GB of internet. Tubular used the most internet (about 22GB in a month). For all you curious, this can give you a nice baseline.

Thanks for reading!

118
 
 

My wife bought some Govee Smart LED string lights. We have VLANs setup in our house to isolate IoT devices and setup the new lights on that WiFi. But when we use the app to control them it requires an account and precise and "while using app" location data. The app does not work at all without enabling permissions for location.

Am I being paranoid? This wasn't an initial setup thing the app is unusable without location enabled.

She really wants smart LED lights for outside the house. Is there an option anyone knows of that might be a bit more privacy oriented?

Thanks.

119
 
 

Often when I'm using it, it will spit out some random blurb about privacy in addition to the response. This time I asked something along the lines of

What did this message mean

{Quote}

It answered, and then it added this

However, the message also includes a detailed explanation about the privacy measures in place when using a specific AI language model through DuckDuckGo.

The explanation states that all user chats are completely anonymous, and DuckDuckGo does not record any user chats. Any metadata that could potentially identify the user's device is removed before sending prompts to the model provider. This means that even if the model provider stores chats, they cannot be traced back to the user.

The explanation also specifies that personal information typed directly into the chat cannot be tied back to the user, and that chats will not be used to train or improve models. Furthermore, chats are not sent to any third-party, and are only sent anonymously to the model provider.

The message ends with a reminder about the appropriate use of code blocks in markdown, emphasizing that they should only be included in programming-related contexts.

I assume they wanted their version to offer information about itself on top of the models regular output, downside being the extra hallucinations

120
141
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
 
 

TL;DR:

Incorporating Tails into the Tor Project's structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats.

121
 
 

Greetings! Recently, i have ditched Windows for Linux. Why? Well, This all started with a Windows Update. I was working on a Discord bot, until my PC decided to restart without my consent. What was it? A Windows Update. I was like: "no big deal, ill just wait". Well, it was over 100+ updates. After all the updates completed, i saw the Windows 11 setup screen. Keep in mind that I was on WIndows 10 before the updates. Now at that point i really got angry. Like, I hate Windows 11. So then i went and completed the setup, and got met with ALL THE BLOATWARE REINSTALLED. So ofcourse, since i did NOT wanna use Windows 11, i backed up my data, and switched to the Secure and Free operating System, Linux. I went with arch, since i have used Ubuntu before, and it's terrible. And since i didn't wanna use any fancy Desktop Enviroments, such as GNOME, KDE, HyprLand, XFCE. I went with dwm. It looks very mininal and customizable.

Now that brings me to the question, What apps should i get rid of?

I know i did the same post like a few weeks ago, but for the sake of Privacy, i know Some apps contain Telemetry, and some Don't. But still.

122
 
 

The researchers have discovered that automatic content recognition (ACR) tracking is active most of the time, even when TVs are used as “dumb” HDMI devices. In other words, the TV manufacturers are monitoring your private moments as well. There’s apparently no monitoring of streaming content in the UK, but there is in the US.

The only good news is that these TVs can seemingly be configured to disable ACR, provided the owners know this activity is taking place and are able to find the right settings. (I recently looked at the configuration of our TVs again, and understanding the various settings was far from easy.)

123
 
 

It's a slippery slope. I mean, I want a new job. But at the same time, I don't want all that info out there. What says you?

124
125
 
 

Heya, I found how you can digitally sign and encrypt emails! (It even gives them a cool icon for others to see!), and I haven't seen anything about it before so I thought I'd share how I did it!

Do you also want to send encrypted emails and sign them? Just follow these few steps!

But beforehand, let's define some terms :

  • Signed email : Email with a valid numerical signature. Anyone can read it and know it has not been modified since it was sent.

  • Encrypted email : Email encrypted with the recipient's public key. They can decrypt it with their private key

  • S/MIME certificate : A .p12 file containing your private key (So keep it for yourself and don't send it to anyone!!) and your public key.

Okay, now it's time to...

Start the setup (Obtain an S/MIME certificate)

  • You'll need to ask to an authority for a certificate. Personally I use Actalis because they give free certificates for multiple email addresses, valid for a year (you need to redo the setup every year). If you don't want to use Actalis, more info is avilable here.
  • Don't forget to put the website in english if you don't understand italian.
  • Go on the page to request an S/MIME certificate, create an account and follow the setup. The verification email can take a little while (~2min)
  • When the setup ends, you'll have a valid certificate in your dashboard (It can take a few minutes to appear if you just verified it) that you can download, and a password that Actalis emailed you to enable your certificate.

Install the certificate

  • Download the .p12 file, then open it, type your password, and leave the default options to install the certificate on your device (Android or PC, on Android pick "For VPN and apps"). Don't delete your old one, so you can still decrypt old messages sent on the expired certificate
  • Use an S/MIME compatible email client. On PC, there is Thunderbird, on Android, FairEmail.
  • In your email client settings, importer the S/MIME certificate pofor signing AND encrypting your messages. It changes depending on your client, so here it is for Thunderbird :
    • In the top-right menu, go to Account settings, End-to-end encryption, underS/MIME click on Manage S/MIME certificates, Import and pick your.p12 file. Then, pick Select a certificate, and pick yours from the tab "Your certificates".

An image is worth a thousand words (Sorry for the french)

Don't forget to check the box to sign and/or encrypt every message just below, if you want!

Communicate with someone

Once this is done, here is how you can communicate...

  • ...While signing your messages :

It's easy, just click on "Sign" before sending. Usually, email clients show a small medal next to your name to show the email is signed.

  • ...While encrypting your messages :

For that, you'll need your recipient's public key. They needs to send you a signed message (not encrypted, since you don't have each other's key at this point) where you can get their public key from their signature, and add it to your email client, which will allow you to encrypt messages you send to them. Then, send them a signed email (you can encrypt it) so they can get your public key and add it to their client, and then you'll be able to exchange encrypted emails!

I'm not an expert and probably made a few mistakes, if you spot any please tell me in the comments and I'll try to fix the guide!

view more: ‹ prev next ›