Privacy Guides

https://nlnet.nl/taler/

Hello privacyguides. I have a question:

Talking strictly about security, how would you rate multi-account-containers for compartmentalizing internet activity? By compartmentalizing, I mean if, for example, I click on link "xyz" on container "a", and this link is somehow capable of accessing account "b" and compromise it. Except I have this account "b" logged in another container. Would the website be able to compromise the account? I know zero-days exist, but in a typical situation, would this extension improve security in this example or not?

Thanks in advance for your time and any answers!

cross-posted from: https://links.hackliberty.org/post/897256

The NSA’s long history of often legally sketchy mass surveillance continues, despite some of the agency’s activities getting exposed more than a decade ago by whistleblower Edward Snowden.

Now, the National Security Agency has had to reveal, in response to a senator’s questions, that it is, as one report put it, “sidestepping” obtaining warrants first before it buys people’s information, put on sale by data brokers.

This came to light in an exchange of letters between Senator Ron Wyden and several top security officials.

And this time – because of NSA’s own interest being at stake – he has been able to reveal the information he obtained.

Wyden’s January 25 letter to Director of National Intelligence Avril Haines contained a fairly straight-forward request: US intelligence agencies should only buy American’s data “that has been obtained in a lawful manner.”

We obtained a copy of the letter for you here.

With the implication that something entirely different is happening, the senator went on to explain what: if these agencies went to communications companies themselves for the data, that would require a court order.

Instead, Wyden continued, they go the roundabout way to get information (like location data) taken from people’s phones – collected via apps, and finally ending up with commercial brokers, who sell it to the likes of the NSA. And, this particular agency is also buying “Americans’ domestic internet metadata.”

In other words, a comprehensive, yet legally questionable mass surveillance scheme.

Wyden “reinforced” his letter to Haines by attaching NSA Director General Paul Nakasone’s December response to one of his earlier queries – a back-and-forth that has been going on for almost three years, he says, and concerned other agencies as well and their practice of data acquisition.

But now that he said he would block the Senate confirmation of Nakasone’s successor – the information he received finally “got cleared” for release and pretty quickly.

Nakasone confirmed the practice, and then went on to justify it by saying it only pertains to “records” of online traffic, rather than “emails and documents.” He said what the NSA purchases is “netflow data” that comes from devices where “one or both” ends of the connection is in the US.

And why? It is “critical,” wrote Nakasone, in “protecting US defense contractors from cyber threats.”

The video discusses the privacy concerns associated with SIM cards in mobile phones, highlighting three main reasons to be cautious. First, it explains how SIM cards enable constant location tracking through communication with cell towers. Second, it delves into the autonomy of SIM cards, particularly proactive SIMs that can send hidden messages to the cell network without the user's knowledge. Lastly, it explores the potential risks of having too much control centralized on a single device, particularly in terms of split tunneling with VPNs.

Then Naomi shares personal reasons for not using a SIM card in her phone, emphasizing alternatives such as relying on WiFi, using an anonymous Calyx hotspot, or considering mobile hotspots. The benefits of these alternatives include increased privacy, the ability to control VPN usage, and reduced exposure to potential hidden messages sent by SIM cards. The video also touches on potential downsides, such as the need to carry multiple devices and potential connectivity issues when using hotspots.

ill intall graphene os, i just need my carrier to unlock it first. for now though, what can i do to make it as private as i can?

cross-posted from: https://lemmy.world/post/11003492

Excerpts from the article and another article by the Electronic Frontier Foundation (EFF) :

While Meta won’t collect messages themselves, there is nothing stopping them from collecting metadata on those very messages.

By design, Meta has access to a lot of unencrypted metadata, such as who sends messages to whom, when those messages were sent, and data about you, your account, and your social contacts. None of that will change with the introduction of default encryption.

Meta has a reputation for collecting its users’ data: a key part of its lucrative advertising business. In fact, last year, the company earned a US $1.3 billion fine from European Union regulators for transferring EU citizens’ Facebook data to the United States.

Meta’s documentation indicates the company will continue to process messages’ metadata: what time a message was sent, for example, and who sent it to whom. The company says it will use metadata to help identify bad actors. Privacy advocates see this use case as evidence metadata can make a double-edged sword.

“This also demonstrates how much can be inferred from behaviors and metadata without needing access to the actual contents of messages themselves,” says Geraghty. “So we have to ask: What could Meta be using this data for additionally? It’s likely this metadata will be used to continuously enrich user profiles for targeted advertising purposes.”

Hi, I'm on Windows 10 at home and Windows 11 at work. I'm going to migrate to Linux for my next PC (might eventually do it on this one, though I've currently done so many tweaks that I intend to keep this for gaming for now). Our two laptops and mini-PC already run Linux Mint, but I digress... (I just don't want anyone to think I'm totally unaware of the problems with Windows and Microsoft.)

My uses for a webcam are:

• Streaming with friends (sharing games and video feed, playing Jackbox games, chatting, etc.)

• Playing Magic the Gathering via Spelltable (so it needs to be able to be positioned facing my playmat and good enough quality to detect the cards)

• Video call with family and friends

• Occasional use for presenting professional webinars (during occasions when I have to work from home)

• Occasionally pre-recording work-related content that will be publicly viewable

• Use with OBS virtual camera

At work, I use a Logitech camera that my employer provided me with OBS software. It's an older model, but I'm not sure of model number or anything off the top of my head. It's not the best, and I'd like something a bit better at home.

At home, I was using a similar Logitech camera, but a year ago I decided to upgrade and purchased the Razer Kiyo Pro. What a mistake! Every time this camera gets plugged in, it prompts me to install Razer Synapse. It even puts the installer directly on my hard drive without my permission!

I've saved up a bit, and I'd like to try again with a different camera, one that doesn't push its proprietary software on me. I was considering Logitech, but iirc Logi's newer models also do the same thing. Or is this wrong?

Either way, I'd be so grateful if someone could recommend a reasonably high quality budget camera in the ~$100 range. I could go up to maybe $125, but after that it would start to really hurt.

I've done a lot of searching myself, but it turns out it's pretty hard to find a camera that doesn't either require or constantly push its proprietary software, and apparently some people [checks notes] like the proprietary software being shoved at them???

Anyway, I'd be so thankful if you could help. This community helped me so much before when I needed a modem and router to escape the clutches of my IP, so I thought maybe someone would have some advice.

I have a google pixel, and I know I could install grapheneOS on it. But I'm very, very hesitant, since I depend so much on my phone.

This isn't like distro hopping, where I feel more comfortable hot swapping ssds, or making partitions, or using my desktop while I tinker with my laptop. My phone has a SIM and the service I depend on can't be emulated off this phone.

So what do you recommend I do? Should I move my SIM (my phone service, really) to a new phone while I tinker with this one? Can I just blow up the current OS and wing it? Or maybe theres another option that would allow me to bail back to stock android in case something goes wrong. What do you think?

EDIT: how I use my phone: about everything I use is from fdroid, with the occassional app from aurora. I do use my banking app to cash checks, but I don't use whatsapp, google pay, which I know arent compatible. So as far as app compatibility I dont think it'll be a problem, Im mostly worried about my phone number not working. I dont know how SIMs work like I should, I just know Ive had the strangest issues in the past with it, so Im hesitant. Thanks for the replies so far.

cross-posted from: https://lemmy.world/post/10958052

Vanguard, the controversial anti-cheat software initially attached to Valorant, is now also coming to League of Legends.

Summary:

The article discusses Riot Games' requirement for players to install their Vanguard anti-cheat software, which runs at the kernel level, in order to play their games such as League of Legends and Valorant. The software aims to combat cheating by scanning for known vulnerabilities and blocking them, as well as monitoring for suspicious activity while the game is being played. However, the use of kernel-level software raises concerns about privacy and security, as it grants the company complete access to users' devices.

The article highlights that Riot Games is owned by Tencent, a Chinese tech giant that has been involved in censorship and surveillance activities in China. This raises concerns that Vanguard could potentially be used for similar purposes, such as monitoring players' activity and restricting free speech in-game.

Ultimately, the decision to install Vanguard rests with players, but the article urges caution and encourages players to consider the potential risks and implications before doing so.

We can also break down users by country. The largest contingent of Snowflake users are in Iran, which has been the case since the Mahsa Amini protests in 2022 1. The graph shows also a large number of users apparently from the United States, but we believe that may be partly the result of geolocation errors, and many of them are actually from Iran. After Iran, the countries with the most Snowflake users are Russia and China.

I want to set up a RSS feed for me to subscribe to some websites. I am a newbie and never used RSS before. I found Raven Reader, which is open source. But I don't know of it's trustworthy, too.

I would also be grateful for information on how safe it is to use RSS in general concerning privacy, e.g. can my feed be tracked from websites?

cross-posted from: https://sopuli.xyz/post/8117983

I have a pair of Bluetooth headphones, which I have been using since 2022. Today, I was sitting on the bus when some random person connected to them and started playing Free Bird.

It was a bit funny, but I don't want this to become a regular thing. Is there a way of locking the headphones to certain Bluetooth addresses? Or a way of making it not show up automatically on phones (similar to a hidden WiFi network)?

The headphones in question are the JBL Tune 510, which have a USB-C port. However, I don't know if this can be used to flash firmware.

If there's already a comment telling me to "just use wired" or something, please don't tell me again. It's the best solution, but my phone doesn't have a headphone jack (fuck you, Apple).

Thanks!

GNU Taler (Taxable Anonymous Libre Electronic Resources) is a new secure electronic payment system based on open standards, free software, and advanced cryptography. GNU Taler provides privacy guarantees to the buyer while offering the possibility to audit merchants, making sale incomes transparent and fraud difficult. To online merchants and retailers, GNU Taler offers instant transaction clearance without risks of fake payment methods. Computations needed to clear the payments are efficient and scalable so that banks can pass on lower transaction costs to consumers and merchants.