Hi folks,

I'm seeing there are multiple services which externalise the task of "identity provider" (e.g. login with Facebook, google or what not).

In my case, I am curious about Tailscale, a VPN service which allows one to chose an identity provider/SSO between Google, Microsoft, Github, Apple and OIDC.

How can I find out what data is actually communicates to the identity provider? Their task should simply be to decide whether I am who I claim to be, nothing more. But I'm guessing there may be some subtleties.

In the case of Tailscale, would the identity provider know where I'm trying to connect? Or more?

Answers and insights much appreciated! The topic does not seem to have much information online.

Rather peeved about all of this. Been waiting for this game for ages and was excited about the F2P aspect then found out a lot of elements of the game are locked behind paywalls making the full game costing way over most AAA games. Ok, lets roll on anyways and see what the game has to offer. Then I get to the privacy policy and realize they're using anti-cheat services to monitor your game, I continued reading the user agreement and then had to find their actual privacy policy page because they have it listed under a different url then what they have posted. Some Highlights from the user agreement:

You may not host, provide or develop matchmaking services for the Product, or intercept, emulate or redirect the communication protocols used by Frost Giant in any way, for any purpose, including without limitation unauthorized play over the internet, network play (except as expressly authorized by Frost Giant), or as part of content aggregation networks.

You may not organize, promote or participate in an esports competition for the Product which has not been licensed by Frost Giant.

You may not play on another user's Account

In order to safeguard its licensing rights, when you are using the Product, Frost Giant may monitor your hardware random access memory (RAM)

You understand that the mere presence of unauthorized cheat software on your device, whether or not you use that unauthorized software while playing the Game, may result in Frost Giant exercising its full rights under this Agreement.

Acknowledgments. You acknowledge that:

• The Game which is the object of the Alpha or Beta Test is a work in progress and may contain bugs which may cause loss of data and/or damage to your computer system;
• You have, or will, back-up your hard drive prior to installation of the Beta;
• You have the resources necessary to easily reinstall the operating system for the computer system that you will use to take part in the Alpha or Beta Test as well as to restore any and all data that may be lost;

It just goes on and on with some really sketchy stuff, then I get to the privacy policy:

Your contact information/identifiers, such as your name, your gamer id, mailing address, email address, employer, primary language, country, social media credentials. preferred games and date of birth. If you contact us by telephone, we will also retain your telephone number.

Your geolocation data, if your device settings allow us to collect such information.

Your account preference information, such as your contact, communication and marketing preferences.

Your device and browsing information, including non-personally identifiable information about your phone, tablet, computer or device and online browsing activity, which may be automatically collected. This may include IP addresses, unique identifiers, cookie identifiers, browser language, device and browser settings and broad location-based information, and internet service provider information. It may also include information about when and how you accessed and used our Sites, how you navigated to our Sites (such as the date and time of your visit), the links you clicked, the websites you visited before and after our Sites, and what you searched for while on our Sites.

Analytics & Interest-Based Ads. We partner with third parties (like sponsors, content providers, and analytics companies) to help us improve our Services and better understand how you interact with them, as well as to support our marketing initiatives and ad campaigns. These companies may collect info from you automatically in connection with your visit.

And the really scary part

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

• A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
• A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
• Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
• Physical location or movements.

Third party service providers. - From time to time, Frost Giant may need to transmit your personal data to vendors or service providers that enable us to market, sell, or deliver our services. These service providers may require certain personal information in order to perform specific services on our behalf, such as cloud service and data storage, beta testing, tech support to enhance game operations, chat, customer support, social login, fulfillment and shipping, email and newsletter delivery, conducting surveys, payment processing, tournament operation, anti-cheat and fraud prevention, web hosting or web analytics. Such partners include:

Steam
Epic Online Services
RallyCry
Hathora
Brevo
Eventbrite
AWS
Sentry.io 
Google
Easy Anti-Cheat 
GGWP
Untapped
Kakao Games
ModSquad

I've stopped playing previous games that use these tactics and programs because there's just too many other games that don't require these that are available. This was a game I was hoping to get back into with some RTS friends I've made along the way, Is this just the way of the world or something to avoid?

I've not seen this before but it was strange.

An ad loaded at the end of a video, so I paused it. What caught my eye was the background was moving when I moved my phone, which turned out to be the room I was in. The ad was overlayed on whatever my camera was looking at, but the ad appeared stretched from a single point in the middle of the screen, which was even weirder.

Edit: The ad was using the rear camera, not the front facing one.

I've looked through my phones settings and there are no options to toggle YouTube's camera access either, so I feel like it's safe to say this is being forced on users (surprise /s).

Needless to say, that app is no longer on any of my devices :)

So I've been in the rabbit hole of android privacy for some time, last I joined the GrapheneOS community but let's just say that they doesn't have a "healthy" opinion about other projects like f-droid.

So I am looking for generic communities that focus on mobile privacy that doesn't have drama or toxicity or "extreme opinions". Any suggestions? I prefer chat based communities like matrix or simplex instead of like reddit or lemmy.

Last two weeks every time I use Piped I am getting error "Sign in to confirm you are not a bot". It happens on every instance and videos work very rarely. It seems like Google enforces you to log in if you try watch lot of videos from one IP. I hope this will not be end of Piped and there will be solution for this problem.

Upd. I got similar problem on Invidious recently

Do i need to wipe the private volume for the template vm if so how?

EDIT: I figured it out was because the template vm changes dont take effect until the template is shutdown. Took me way to long to figure that out.

A lot of services support passkeys. Microsoft even has an option to make my account "passwordless". Since they are more secure than passwords, will you be switching some / most of your accounts to passkeys any time soon? Interested to hear everyone's thoughts on passkeys. 🔑

Did you know? Despite claiming to block all cross-site cookies out of the box, Firefox automatically allows Google to use them in your browser should you log in to one of their services.

The browser only lets you know about this once it happens, and it's on you to notice the permissions icon appearing in the URL bar. There is a link to a paragraph on a help page explaining this behaviour, but it seemingly goes unmentioned pretty much everywhere else on the internet.

This surprised me, especially considering Firefox's stance on privacy. I was even more surprised that this is done without consent. If this is for usability, Firefox should at least warn the user before this happens.

https://github.com/umutcamliyurt/FaradayTester

A little old but interesting non the less

Does anyone have experience with a good privacy-focussed VPS provider? What do you recommend?

I've been using 1984 for quite a while and they have been solid but they have just put their prices up. It's still affordable but I thought it would be a good time to have another look at what else is out there.

"Signal is being blocked in Venezuela and Russia. The app is a popular choice for encrypted messaging and people trying to avoid government censorship, and the blocks appear to be part of a crackdown on internal dissent in both countries..."

"The United Nations approved its first international cybercrime treaty yesterday. The effort succeeded despite opposition from tech companies and human rights groups, who warn that the agreement will permit countries to expand invasive electronic surveillance in the name of criminal investigations. Experts from these organizations say that the treaty undermines the global human rights of freedom of speech and expression because it contains clauses that countries could interpret to internationally prosecute any perceived crime that takes place on a computer system..."

I see quite a few people claiming that Graphene OS is the only way to stay private on Android or that anything but Graphene OS is insecure. In this post, I will describe why I personally do not care for Graphene OS and some alternatives I would suggest.

First off, let's address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself. In fact, AOSP has a very good track record. If you get malware on your device, you most likely can just uninstall it. For reference, here is the Android security page: https://source.android.com/docs/security/features

There are some Graphene OS unique security features. For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven't seen a need for it much in the real world. The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP. It is also nice that device identifiers are restricted from a privacy perspective. However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.

One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn't going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn't a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.

Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn't mean it isn't private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.

I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.

One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don't like.

Here is a page that isn't written by me that sums it up: https://opinionplatform.org/grapheneos/index.html I think their take is fairly extreme, but I agree with them in many ways. I also understand how upsetting it can be to be censored.

I know the title sounds like a paradox, but let me explain:

In Feb '21 I deleted all my Meta related accounts in a first step towards moving away from big tech. Removing whatsapp was kind of a big deal over here but I managed to get close family and friends over to Telegram and Signal and resorted to text messages with other contacts. I've been enjoying the peace and quiet but it's been a hassle for everyone around me. Invites to parties, big news or announcements always had to be relayed through somebody else. Last week a dear friend passed away and because that news had to be rleayed to me too i think its time to go back again.

And now for my question: is there a way to run whatsapp on your phone while respecting privacy? I know it sounds crazy but I was thinking there might be a way to run it in a sandbox or closed environment of some sort. Im running LineageOS on my phone and I dont mind tweakin around a bit.

Because I live in the EU i was putting my money on the DMA, it was my understanding that the DMA would make it possible to send telegram messages to whatsapp, whatsapp messages to signal and in this way get in contact with anyone on any platform you'd like. When the DMA went into action in the beginning of this year it became clear pretty soon it would only be a one way street; all messenger services would be able to contact whatsapp, because that is the biggest player. Half a year down the line and I havent been seeing any news about it anymore. Does anyone have an update? Will it ever be possible to chat crossplatform?

Piped.video wants me to sign in to verify I'm not a bot, but there is no sign in button anywhere. Sad to see a good website fail so badly at the most basic thing.

I've been reading through Signal's government requests and couldn't find a similar section on Mullvad's website. I'd be curious to read about them if there are any. It would seem unlikely to me that Mullvad has never received any kind of court order for information about a user.

(Please don't downvote just because I need some help.)

I was once a privacy nut. But it's getting so hard nowadays, and there are so many more important problems -- global warming, AI, the inevitable collapse of the current world order... how does privacy improve the world? Please help remind me.

I do approve of privacy, of course. All this protect-the-children flak is bullshit. I just can't remember why I thought it was something worth fighting for and preaching about.

Hey guys, it's pretty much the tittle. I've been using Lineage with microg for a year now and despite using the majority of FOSS apps in my routine I still feel like I have to struggle to preserve my privacy and keep Google away from my data. Do you guys feel the same sometimes?

Every time I have to use a banking app is a pain ..I kept changing banks to the ones who I could use with Magisk but every app update breaks my setup and I have to find a workaround or change to another app. I just quit using banking apps and passed them all to the wife.Now even home brokers have been blocking me asking to use a "official android version"

Today even a government app we must use to get access to services and information started complaining about my play store.

I self host a nextcloud service on my old desktop that serves as a server but every now and then the updates crash something. Sharing calendar and notes is too complicated if you don't have a vps or a domain. I keep getting complains from the wife about how come I just don't use google keep and Google drive anymore.

After a year I'm starting to think that maybe my data is not worth the hassle just to keep big tech out of my digital life.. I guess Big Brother wins

What do you say? Am I too lazy or it is unpractical to stay away from big tech?

"Last month, Mozilla made a quiet change in Firefox that caused some diehard users to revolt..."

cross-posted from: https://lemmy.world/post/18385943

Not sure how long this has been a thing but I was surprised to see that you cannot view the content without either agreeing to all or paying to reject.