Privacy Guides

I have a device that reached end-of-life support and I'm burned out loading ROMs to extend it's support. Upon from my return from the trip I plan on purchasing a new device anyway, so buying one while traveling is also an option.

I'm traveling to a European Market that has stronger privacy rules GDPR and their devices must have lower SAR (regarding phone RF emissions).

Regarding RF and SAR

My carrier frequency bands in my home country are supported by European phones I'm looking at (Android and Apple). But do the phones dynamically manage the RF emission based on locale or are the limited at hardware or software?

Would purchasing the device abroad have an effect I think it does when I bring it home?

Regarding Privacy

This one is tricky, typically the account (gmail or Apple ID) is associated with the locale. If I were to create a new account and set up my device while abroad, will this have lasting effects? I have a friend who have immigrated and set their devices up abroad and their locale is still their OG country. One of them changed locales (for android) because spotify (app) wasnt available in their home country locale. So I speculate this is a solid approach if I were to do so.

I know I might have issues with availability of content (downloading from app stores). But as far as accounts go, my Spotify (and netflix if i stil had it) account is associated with my home country so I will still be able to watch shows in my locale. Being able to download the app is the limiting factor but there are ways to get around that with side loading.

So yeah, if anyone has experience with this and could call out some things I didn't consider or validate my expectations, would be appretiated.

Visit our site: https://purplix.io

Support us on Github: https://github.com/WardPearce/Purplix.io

What is Purplix Survey?

Purplix Survey is a free & open source survey tool what can't read your questions & answers.

With traditional surveys you are one data breach, one rouge employee or one government warrant away from all your user's data being exposed. Purplix uses modern encryption techniques to keep your user's data away from any actors.

How does it work?

Questions, Descriptions & Title encryption

When you create a survey, we encrypt your title, descriptions & questions with a secret key. This key is then stored encrypted in your keychain. When you share your survey with others using a link, the key is stored in the link for your participants. This ensures that your survey questions can only be read by your participants.

Answers encryption

Every survey has its own unique key pair. The private key is securely stored in your keychain, while the public key is used by users to encrypt their answers. Only you have the means to decrypt the answers once they are submitted. When you share a survey, we include a hash of the public key in the URL to prevent main-in-the-middle attacks.

Preventing spam & multiple submissions

Survey creators can opt-in to use VPN blocking, requiring a Purplix account or IP blocking. IP blocking works by storing a hash of the IP salted with a key not stored by Purplix, minimizing the attack surface of tracking submission locations, these IP hashes are only stored for 7 days or until the survey closes. Users will always be informed when any of these features are enabled.

Fill out a survey!

https://purplix.io/s/651e32f0ab4897a99d28ea0e/CCpu5Nd8guMbuEw-jIEv10l6ICSvdCr84AtRYf9fPWk#905wt-r_OcvYfhQKhdS2Cjc1HXm7Vw6W_sm--9GkaOw

----

Quick question about DNS and DoH that I thought about after reading this post:

https://packmates.org/@[email protected]/111176886781705659

Wouldn't it make sense for Firefox or another third party to bundle and transparently forward all DoH requests to cloudflare so that:

A) Cloudflare doesn't know who made what request due to not knowing the origin

B) Firefox doesn't know who made what request due to TLS

#Infosec #Privacy
CC: @privacyguides

Archive

https://archive.ph/p6jcc

Looking to set up a basic static website. What domain registrar should I go with? Would prefer something that has more privacy obviously. Any recommendations on hosting services (cannot host on own hardware right now)?

I would need something that has reasonable security, can work with LetsEncrypt SSL certs, and preferably has either privacy respecting analytics or no analytics. Don't want google to bother me or my website visitors.

cross-posted from: https://lemmy.world/post/6214098

I want to follow some people on tiktok, for the content they put out. I am, however, a somewhat privacy-minded person. Any suggestion on how to make TikTok less privacy-invasive? Some DNS app?

I am on Android, not rooted.

Hello everyone,

I've been using Standard Notes on the recommendation of Privacy Guides since the beginning of this year, I believe, and it has truly been a fantastic experience. It serves my purpose perfectly, is truly cross-platform, open source, and lightweight. It was a real find, and I couldn't be happier to have it installed. However, it seems that they are planning to change the licensing to one that restricts companies from abusing their code (which makes sense), but I wanted to know if this goes against the guidelines in terms of considering it recommendable.

I don't really understand licenses, so correct me if I'm wrong, but with this change if the project becomes private, a fork couldn't be created for all users who want to continue having the software format but not the backend... Is that correct?

Thanks

I wanted to try out the desktop version of the Brave browser. Its setup according to the privacy guide directions and I have sendoff usage data disabled, but if I open the browser sitting on the home page, windows is reporting 100KB ofdataa going out every 5 or so seconds.

Running the same test with Edge, no network usage is reported.

The only extention on Brave is bitwarden, which is also installed on edge.

Any thoughts? This is the IP it is sending to: 104.18.12.33

Edit: on reboot of process, I see the hostname: ec2-35-163-26-5.us-west-2.compute.amazonaws.com

Reddit rolled out some changes this week as its continues its push for revenue and profitability jumpstarted by its API rule changes in July. Among the most controversial, the company will no longer allow users to opt out of ad personalization based on their Reddit activity and started a program that lets users exchange virtual rewards for their posts for real money.

On Wednesday, Reddit announced plans to "improve ad performance," including by preventing users from opting out of personalized ads except for in "select countries." Reddit didn't specify which countries are excluded, but the exceptions could include countries falling under the European Union's General Data Protection Regulation. Reddit spokesperson Sierra Gamelgaard declined to provide further clarification when reached by Ars Technica for comment.

Reddit's announcement, authored by Reddit's head of privacy, going by "snoo-tuh" on the platform (Reddit has refused to confirm the identity of admins representing Reddit on the site), said that its advertisers look at "what communities you join, leave, upvotes, downvotes, and other signals" to gauge your interests.

Snoo-tuh wrote:

For users who previously opted out of personalization based on Reddit activity, this change will not result in seeing more ads or sharing on-platform activity with advertisers. It does enable our models to better predict which ad may be most relevant to you.

Still, Reddit users have expressed concern over suddenly losing a privacy control they've long had. Meanwhile, Reddit's policy update aligns with its outspoken goals to become profitable and its plans to eventually go public. Reddit has already sacrificed other aspects of the user experience, as well as some community trust, in an effort to drive revenue. Reddit declined to provide comment regarding privacy concerns related to this latest update.

Other privacy policy changes announced Wednesday include allowing users to choose to see "fewer" ads regarding alcohol, dating, gambling, pregnancy and parenting, and weight loss. Reddit didn't commit to all ads being removed initially since its system of "manual tagging and machine learning to classify the ads" may not be totally accurate at first. Snoo-tuh said things should get more accurate "over time," though. Reddit’s Contributor Program

Also this week, Reddit announced its Contributor Program, launching in the US only for now. Reddit users with 100–4,999 karma can earn $0.90 per gold received. Users with over 5,000 karma can get $1 per gold received. Users can pay for gold to award to other users.

The scheme is reminiscent of the Creator Ads Revenue Sharing program by X, formerly Twitter, where premium subscription members can get a portion of ad revenue generated from their posts. Elon Musk announced the program in February, and it launched in July.

X's program has been criticized for potentially encouraging spam-y, bait-y posts and posts that are controversial and offensive, just for the sake of generating reactions and comments that will lead to the user making money. But that hasn't stopped Reddit from enacting a user payment scheme of its own (after all, Huffman has said Musk's X is an example for Reddit.)

However, clickbait and shock value posts are a strong deviation from what people tend to treasure most about Reddit: real human advice, discussions, and insight.

In an interview with BBC, social media analyst and consultant Matt Navarra noted that Reddit was incentivizing and providing opportunity for its top users but that it could also jeopardize Reddit's content quality.

Navarra told BBC:

[X's ad sharing program] incentives X users to post content that sparks the most replies, and the characteristics of content that typically generates the most replies is content that is divisive, polarizing, provocative, and controversial... exactly the sort of content that brands do not want to have their ads placed amongst. This has been problematic for Elon Musk, and it could become a new problem for Reddit's founders too.

When I reached out to Reddit about these concerns, spokesperson Tim Rathschmidt pointed me to Reddit's blog post about the program. It says that users have to be at least 18 years old and verified by Reddit to participate and that:

All monetizable contributions are subject to Reddit’s User Agreement and Content Policy. In addition, Reddit will take the same enforcement actions against contributions breaking Reddit’s rules and withhold any earnings on content that violates the Content Policy or the new Contributor Monetization Policy and Contributor Terms for the program.

A support page says Reddit's Contributor Program will avoid "fraud, spam, bad actors, and illegal activities" by putting users through Persona's Know Your Customer screening. It also points to "Reddit internal safety signals," "new monetization policies with enforcement and repercussions," "daily gold purchase limits," "automated detection and monitoring via Reddit’s safety tools and systems," "user reporting," and "admin auditing."

Ok, so every now and then I read about using TOR over VPN or VPN over TOR. Everyone seems to have different ideas, but I never really get the setting.

Instinctively, when mixing TOR and VPN, I think of launching the TOR Browser on a computer which is connected to a VPN.

If I understand things properly, when using a VPN with a regular browser, the data leaves the browser, goes to the VPN server, then to the server of the website I connect to. So my guess is that, using TOR Browser instead of a regular browser, the data leaves the browser, goes first to the VPN servers, and then to the TOR nodes, and on to the website. Is that right? Now, which one is that: TOR over VPN or VPN over TOR?

And finally, whichever one that is, how would one do the alternative option? By configure, for instance, the TOR Browser to connect via a VPN in its settings? I’m confused about that.

Thanks!

If I sign up using phony info and use a new email which is only for fb, always use a vpn and a browser (chromium) that I only use for fb can I be anonymous? I ask because there a couple groups that I'd like to join that only use fb. Thanks.

cross-posted from: https://sh.itjust.works/post/5572424

This might have been discussed to death by now, unfortunately I couldn't find any discussion on it on Lemmy. Though I would love to be corrected on that!

---

How does an always on incognito Chromium with uBlock Origin on medium mode (and other hardening/privacy settings enabled) compare to Brave (with e.g. Privacy Guides' recommended settings) with respect to security and privacy on Linux^[1]^?

Commonly heard whataboutisms:

• "With the looming advent of Manifest v3, this discussion might not be very relevant for long." I'm aware.
• "Just use Firefox/Librewolf or any other privacy-conscious browser that isn't Chromium-based." I already do, but some websites/platforms don't play nice on non-Chromium-based browsers due to Google's monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.
• "Brave's [insert controversy] makes them unreliable to take services from." Honestly, I think that if both solutions are as effective that a reason like this might be sufficient to tip the balance in favor of one. Because ultimately this all comes down to trust.
• "Just use Ungoogled Chromium." Some more knowledgeable people than me advice against it. Though, I'd say I'm open to hear different opinions on this as long as they're somewhat sophisticated.
• "Just use [insert another Chromium-based browser]." If it has merits beyond Brave and Chromium with respect to security and privacy, I'll consider it.

Thanks in advance!

---

1. I can be more specific about which distro I prefer using, but I don't think it matters. I might be wrong though*.

TL;DR

Google’s ‘ad auctions’ face a privacy challenge in the Netherlands. Google has been accused of intrusive online surveillance by more than 82,000 people who have signed up to a class action lawsuit against the tech giant in the Netherlands.

Adobe starts paying out stock contributors for helping train AI. To train Firefly, its generative AI model, the company only uses content that it has rights to through its stock image platform Adobe Stock or that is in the public domain. Adobe has now started to make good on its promise to compensate Adobe Stock creators who may lose out from the widespread adoption of AI.

UK backs down on encryption-breaking plan. The plan was to compel service providers, including messengers, to scan encrypted chats for child porn. Although the British government promised not to force companies to use unproven technology to snoop on users, it may try to enforce the so-called “spy clause” in the future if better and more secure (in the government’s eyes) technology emerges.

WhatsApp denies it will have ads. The Financial Times has reported that WhatsApp is considering inserting ads into lists of conversations with contacts in a bid to increase its revenue. A rebuttal from WhatsApp head Will Cathcart followed. “This @FT story is false. We aren’t doing this.” Still, the FT stood by their story, claiming that before it was published they had reached out to WhatsApp, and they had not denied such conversations could have taken place. Citing sources within WhatsApp, the FT then reported that another option that was being discussed is to introduce a paid ad-free version of WhatsApp.

X unveils verification system based on govt. ID. X, formerly Twitter, has begun offering its paid subscribers a new way of verification. Now, they can upload their government-issued IDs along with their selfie, and get an “ID verified” label on their profile along with “prioritized support.”