Privacy

The teacher opens an app on their phone, holds it up, and takes several photos of the room. Within seconds, the images travel to a cloud server, where a facial-recognition algorithm detects each student’s face, extracts it, and compares it against a database of biometric profiles. The app LRCO Paraná returns a list of names. Students identified in the photos are marked present; those the system does not find are marked absent. For some students, a false absence is a bureaucratic irritation. For others, it could threaten their family’s access to welfare. In Brazil, eligibility for the Bolsa Família program depends in part on school attendance, and in Paraná such records are now largely generated by an algorithm.

Cross posted from: feddit.uk/post/45797826 In a sensational turn of events in the fight against Chat Control, a majority in the European Parliament voted today to end the untargeted mass scanning of private communications. In doing so, the Parliament firmly rejected the error-prone and unconstitutional surveillance practices of recent years. Pressure is now mounting on EU governments to respect the MEPs’ vote and bury untargeted mass surveillance in Europe once and for all. Amendment 5, tabled by Pirate Party MEP Markéta Gregorová (Greens/EFA group) and adopted by a narrow margin, demands that any scanning of private communications must be strictly limited to individual users or groups of users suspected by a competent judicial authority of being linked to child sexual abuse. This aligns with the European Parliament’s 2023 mandate on the permanent Chat Control regulation (CSAR). Based on today’s mandate, trilogue negotiations between the EU Parliament, the European Commission, and the Council of the EU are set to begin as early as tomorrow. Negotiations are taking place under extreme time pressure, as the current interim regulation authorizing Chat Control expires on April 6. The EU Commission and the vast majority of the EU Council—except for Italy—have so far categorically rejected any restrictions on untargeted mass scanning. Digital freedom fighter Patrick Breyer (Pirate Party) commented on the historic vote: “Today is a sensational victory for the countless citizens who made calls and sent emails to save their digital privacy of correspondence. Digital privacy is alive! Just as with our physical mail, the warrantless screening of our digital communications must remain taboo. EU governments must finally realize that true child protection requires secure apps (‘Security by Design’), the removal of illegal material at the source, and targeted investigations against suspects with a judicial warrant—not overreaching, pointless mass surveillance.” The Hard Facts: Why Chat Control has failed spectacularly Continue reading here - patrick-breyer.de/…/historic-chat-control-vote-in…

I’m a privacy focused individual, I run GrapheneOS on my phone & self-host as much of my tech stacks to avoid sharing info with. I’m looking for recommendations of smartwatches that align with the ideals of this community. What watch do you use? What do you recommend?

…by physically removing a port (who would do that) or using the software?

I have been using it for more than a week and now am worried about the consequences that I am not sure are true or not! I am worried that by allowing random users to surf using my network to prevent surveillance, someone will use my address to do malicious things, and I will get into legal consequences. Also, what if many services blacklist my IP address so eventually I get a lot of restrictions in my browing experience. Furthermore, will this extension increase my fingerprint? Are these thoughts valid, or am I just overthinking? If anyone knows, please comment.

What the title says. I’m trying to discern if using a number acquired and served through JMP for phone and text, versus a mobile carrier, provides a better data security and privacy experience. On the one hand I wouldn’t be subject to the almost yearly data breaches that a number of the carriers experience, nor their potential snooping. However on the other, I’m not sure if using JMP provides any increase in privacy or security on that front?

cross-posted from: lemmy.zip/post/60387352 cross-posted from : lemmy.zip/post/60387297 Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.

cross-posted from: lemmy.world/post/44029008 From the official Dutch Intelligence and Security Service information. “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” states Director of the MIVD, vice-admiral Peter Reesink. Individual accounts An interesting aspect of this Russian campaign is that it does not exploit any technical vulnerabilities of the messaging services. The attackers instead make malicious use of legitimate security features of the apps. Director-General of the AIVD Simone Smit states, “It is not the case that Signal or WhatsApp as a whole have been compromised. Individual user accounts are being targeted.” To increase resilience against this Russian campaign, MIVD and AIVD have published a Cyber Advisory explaining how to identify and respond to attacks. The advisory also give instructions for Signal users on how to identify potentially compromised contacts. All Signal users can personally check whether there are any potentially compromised contacts in their group chats. If you see any people who appear twice in the list of members (under the same or a slightly different name), this may be evidence of either a compromised account or a new account created by a victim.If you suspect this to be the case, report this to the information security department of your organisation. Together you can try to verify (preferably using a channel other than Signal or WhatsApp, such as an email or a telephone call) whether it is correct that the account in question appears twice in the chat group contact list. Should this not be the case, ask the group administrator to remove both accounts from the group chat, after which the legitimate account holder can request to rejoin the group. Please remain vigilant for group members who are not recognised by the rest of the group. The actor may occasionally change the display name of a compromised account to remain unnoticed in chat groups, for example to names such as ‘Deleted account’. If a member’s display name changes, the group will receive a notification. When the change is the legitimate transition to ‘Deleted account’, no notification is sent. Actor-controlled accounts can also gain entry to the group via an obtained Group Link, of which the group always receives a notification. In all such unauthorised scenarios, ask the group administrator to remove the offending accounts from the chat.If there is any indication that the group administrator themselves may have been compromised, it is advisable to exit the group and create a new one. |

I use a VPN and/or Tor to do the majority of my websurfing/streaming/torrenting. Some can (notably web browsers*) read your local system time to access your timezone. And, I happen to live in… let’s just say a very “narrow” timezone, my country of origin can be trivially pinpointed if you take a look at the UTC offset. I know Firefox has a setting to spoof my timezone to UTC, but the chromium browsers do not have that option (at least no options i could find after a fairly extensive search), and I don’t even know if all of the other programs I have are reading them or not, such as, for example, my matrix client. So, solution I came up with: do a timedatectl set-timezone UTC on the device. I can separately make my desktop clock do a little timezone conversion so no worries about time disorientation. This fixes the issue with most apps not allowing timezone spoofing too. Honestly, now that I’ve typed all that^^ out, this is beginning to sound like an unnecessary schizo post that goes WAY beyond my threat model XD. Still, I’d love to hear anyone else’s thoughts on it. Ideas to improve upon it are appreciated too.

cross-posted from : lemmy.zip/post/60423023 EU rules regarding anti-money laundering, counter-terrorist financing and sanctions law (AML/CFT) have increasingly shifted responsibilities to detect crime from public entities to companies . AML/CFT law requires “obliged entities”, like banks, to collect large amounts of financial and other personal data about their customers. The way banks implement these rules in the EU has led to a systemic negative impact on human rights, often because of over-compliance, risk-aversion and weak accountability. This has been the case in the Netherlands where, among large number of human rights breaches by banks, Dutch ING Bank has even publicly apologised for discriminating against its customers based on profiling.

go to the site, use the tool. where ever you are. Keep voicing your stance on this issue. This isn’t about protecting kids nor will it protect kids from anything. Kids will just go to darker corners of the internet where nothing is moderated forcing everyone to dox themselves won’t make anything safer. All that data in hackable databases would be ripe for the picking by any hacker or groups of hackers to sell to databrokers, who then sell it to scammers Parental controls are very easy to set up in the modern day every commonly used OS has them built in. If you’re a parent, it’s YOUR responsibility to make sure your kids don’t see things they’re not supposed to see…don’t let the government control that shit There’s also www.defendvpns.com to go to as well, sign both petitions. the EFF has some petitions too www.eff.org I’ve already signed them I’ve already emailed all my people. Now you need to do that. For anyone who still has twitter, tweet to them with these hashtags #crushthescreenact #crushthekosabill #stopIDagechecksUSA #saynotoappstoreaccountabilty #dontrepealsection230 #SayNotoKOSMA #NoToKIDSAct

Anyone know of any software I can override the Google Nest Doorbell with ? One that’s maybe open source ? I know I could just buy another camera but I was hoping to keep using this one with safer software

Hi, I need to leave my country for a couple days, but my cellphone plan doesn’t cover data oversea and I don’t like to rely on WiFi. A relative suggested that I try Saily, which is an esim provider that you can load with whatever you need in the country you’re visiting but I’m again reluctant to use an app when I don’t know how trustworthy it is. Has anyone ever faced the same issue? Should I simply let go of my internet connexion and enjoy a couple days off the the internet? Cheers and thanks for your help

Japan protects children online very differently to the UK. (Shout out to red rose for the heads up - it was interesting.) While the UK Online Safety Act is driving biometric age verification and platform-based ID checks, Japan has taken another route: mobile carrier filtering enabled by default for under-18s, combined with parental control and digital literacy. There is no nationwide social media ban in Japan. Instead, age controls typically sit at the telecom/SIM registration layer rather than at individual platforms. In this video I explain: • Japan’s 2008 Youth Internet Environment framework • How mobile carriers determine age at SIM registration • Why filtering is enabled by default for minors • The parental opt-out (waiver) mechanism • The privacy trade-offs compared to UK-style age verification This isn’t “no regulation” — it’s a different regulatory architecture. Sources: Nippon.com – Overview of Japan’s youth internet law and filtering model www.nippon.com/en/in-depth/d01099/ Children and Families Agency (Japan) – Sixth Basic Plan outline (youth internet measures) www.cfa.go.jp/assets/contents/node/basic_page/fiel… NTT Docomo – “Request for Not Using Filtering Services” (waiver form example) www.docomo.ne.jp/english/binary/pdf/support/proced… The Japan Times – Commentary on social media regulation debate www.japantimes.co.jp/commentary/2024/11/28/japan/s… The Japan Times – Reporting on youth victims and social media concerns www.japantimes.co.jp/news/2026/02/27/japan/crime-l… If you’re following UK Online Safety Act developments, this comparison shows that “protecting children online” does not automatically require biometric ID checks across platforms — but every model comes with trade-offs. Let me know in the comments: would you prefer telecom-level filtering, or platform-based age verificatio

COPPA feels pretty outdated in today’s online world. A lot of sites now ask users to confirm their age even when it’s not really needed, sometimes using AI tools that can get things wrong or push people to share personal info. This brings up some serious worries about privacy, accuracy, and how accessible things are online. The Electronic Child Safety Initiative (ECSI) thinks that laws about online safety, like the Children’s Online Privacy Protection Act, should keep kids safe without relying on unnecessary tracking or dodgy tech. If you think these laws can be better, consider joining the conversation and help push for changes by taking part in the ECSI community forums.

Hardware wallets like Trezor and Ledger are terrible choice for privacy as they’re more like hot wallets. You need to download their shitty electron app to configure your wallet and even if these apps are open-source I can’t consider them safe, because they have toooooo much features. At the same time they’re missing basic features like connecting through TOR network to them which should be must have as they rely heavily on internet features like online exchanges which can easily reveal your data. Do you have any idea how to access crypto easily while at the same keep it private and safe?

I just found a security breach that can leak thousands of emails on a website!! Today, I snooped around on a website I won't mention the name of for privacy reasons, and they assign your account an user ID when you register. Well, with a very simple trick in the console I managed to get everyone else's email and account info (for example checking if they have a paid plan or not) by just lowering the user id, with no rate-limit on the endpoint! So a bad actor could send targetted phishing emails to people by telling them there is a problem with their payment! It's funny because on their homepage, they state they use "Military grade encryption" (whatever that means!), and their privacy policy says "We encrypt the transmission of that information" (does that just mean they do it over https?) So, moral of the story, don't trust companies with your personal info! I contacted the site, we'll see if they fix it. @privacy@lemmy.ml @privacy@lemmy.world @soatok@furry.engineer #cybersecurity #privacy #web #hacking

This is a repost as, despite receiving many positive votes and comments, the original was removed under Rule 4: If you have a question, please try searching for previous discussions, maybe it has already been answered Reposts are fine However, this a guide, not a question. The moderator was notified but has failed to respond. “Sideloading” is framed as some privacy hack but it’s just double speak. App stores? They are an excuse to steal our control, spy on us, destroy our privacy, all while lying, pretending to protect us, deceiving us. F-Droid? That is a library, not a store. Stop falling for this scam. Fight fire with fire. Call app stores what they are: Cuckloading! Example Google’s forcing us into cuckloaded apps.

See title. A bit of a dumb question, but given my threat model, I’m curious if it’s maybe strategically better to not rely on Proton for their VPN. If I rely too much on one provider, I think that that’s not a good idea.

cross-posted from: lemmy.dbzer0.com/post/64875667 They are currently voting on amends to the regulation. The “Chat Control” proposal would legalise scanning of all private digital communications, including encrypted messages and photos. This threatens fundamental privacy rights and digital security for all EU citizens. fightchatcontrol.eu

Let’s say I live under an oppressive regime (don’t we all?) How can I use social media anonymously, so I don’t face reprisals from the government? Mastodon, Lemmy, Reddit and other social media platforms restrict users who connect through TOR or a VPN. Is there any way I can create an account on these services and use them anonymously? Thanks in advance for any information and advice you can provide.

(Not sure if this is worldwide or only in some countries) Updating to iOS 26.4DB2 will put your phone into a parental-restricted mode with adult websites blocked on all browsers, warning prompts every time you try to send or receive an explicit image on a messaging app, and all social media apps blocked on the App Store (in Australia) The settings to disable this mode are locked off until you verify your age either with a credit card, photo ID, or though information Apple already has (like the age of your account). I’ve been an apple user my entire adult life but this might finally be the thing that forces me off the platform. Do any other long term apple users have some tips about migrating? I’ve heard Ashai Linux is pretty good on mac hardware these days and I’ve been thinking about GrapheneOS for a while.

What a complete idiot. You create a protest email account linked to your credit card?

Awesome…

Found out about these two open-source cloud storage providers and wanted to know what anyone thought of them. ente.io crypt.ee

Hello, I’ve noticed difficulty trying to use reports.exodus-privacy.eu.org. The pages just don’t load for me on my computer or phone. iirc the last time I tried (months ago) it may not have worked then either, but I don’t know for sure. Has something happened with the service? I didn’t find anything stating as such. Thank you for your time, I hope you have a good week.

My tor guardian have been the same since 2-3 weeks I think, is always the one from USA and sometimes one from Ireland. I feel something wrong happen in my computer or directly to the entire TOR web

A friend of mine shared this link regarding Flock cameras being removed from Illinois. They’re a 2-party consent state regarding audio recordings. I figure it’s worth sharing here since I don’t have other accts

We built Umbra by forking, updating, and improving the ghostery browser build script, fern.js Umbra removes all telemetry and outgoing requests except for codec requests ( netfix works!) All non-browsing features like AI, pocket, and profiles are also removed, The idea behind umbra is usable privacy. By default RFP is off because it breaks websites. You can build Umbra yourself but using the build script at github.com/openconstruct/user-agent-desktop Or downod binaries for Linux/WIn at github.com/openconstruct/umbra/releases

I don’t know if it’s just me - I go to great lengths to keep my fedi activity separate from my other internet activity, and I get REALLY mad when I’m browsing Lemmy, click something that I assume will take me to a local discussion, and it opens some random external site - often one I’ve never even heard of - and now who knows what that site is doing, trying to do, cookies, etc., trying to link me and my referrer to my other activity (I do all my fedi stuff by VPN too, so it wouldn’t be by IP, but, they have ways) etc. etc. As I couldn’t find anything already available, I finally got off my butt and just made something to prevent it. These files can be dumped in a local folder, and then under Chrome/Opera/anything-Chromium extensions, you can ‘enable developer options’, and then ‘load unpacked’. It’s SUPER simple, and works, you just need to customize your instance hostname. I thought it might be something at least one other person in this community has thought about and fought with, so I figured I’d share it here! background.js - empty file, but required content.js - // Check if the current page is on lemmy.ml if (window.location.hostname === 'lemmy.ml') { document.querySelectorAll('a').forEach(link => { link.addEventListener('click', (event) => { const href = link.href; const currentDomain = window.location.hostname; // Check if the clicked link is not on the current domain if (new URL(href).hostname !== currentDomain) { event.preventDefault(); // Prevent default navigation const confirmation = confirm("You are about to leave lemmy.ml. Do you want to continue?"); if (confirmation) { window.open(href, '_blank'); // Open in a new tab } } }); }); } manifest.json - { "manifest_version": 3, "name": "Block External Links", "version": "1.0", "permissions": [ "tabs", "activeTab" ], "background": { "service_worker": "background.js" }, "content_scripts": [ { "matches": [""], "js": ["content.js"] } ] } Hope this is useful to someone!!

“Sideloading” is framed as some privacy hack, but it’s just double speak. App stores? They are an excuse to steal our control, spying on us, and destroying our privacy, all while deceiving us, pretending to protect us. F-Droid? That is a library, not a store. Stop falling for this scam. Call app stores what they are: Cuckloading!

I tried windscribe and proton vpn. Neither work with tailscale running on my Mac. I have to dasiable them. Does Mullvad work alongside tailscale?

I can’t believe I’ve never thought about this and that no one is really talking about it. GPS is a system that everyone uses everyday on there phone and is constantly tracking your location. Many people here (including myself) use airplane mode to block mobile data signals so that mobile data companies cannot track your location and sell it to data brokers. But airplane mode doesn’t block GPS (I just tested this now on my phone, maybe your phone works differently). Is GPS somehow designed in a way so that it’s private?

The account has been blocked years ago, to this day my informations are in posses of the platform and cannot be deleted, I can access but every setting or feature is completely inaccessible, I trid contacting them on the various forms on their help center but I just keep getting ignored.

The installation was very easy! It’s very greatful that my data doesn’t send to Google any more.

Not the biggest fan of Chromium based browsers. Thoughts on Helium ? helium.computer