.

Hiya, so been on the lookout for different services that I could help host for others to benefit from. I think TOR is a great project, and I'd like to contribute. So been thinking about hosting a TOR relay lately, and wondering how people's experience is with running one? Please correct me if I'm wrong - but as far as I know, it only becomes "scary" to host, if you were to host an exit node? And the only real requirement to host a relay is to have a good internet speed? Mainly wondering people's experiences with running a relay.

Edit: Very well-timed and relevant upload from Techlore, on how to use Tor just dropped: https://youtu.be/K3wmLvny5tg

The EU's Data Protection Board (EDPB) has told large online platforms they should not offer users a binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising.

In October last year, the social media giant said it would be possible to pay Meta to stop Instagram or Facebook feeds of personalized ads and prevent it from using personal data for marketing for users in the EU, EEA, or Switzerland. Meta then announced a subscription model of €9.99/month on the web or €12.99/month on iOS and Android for users who did not want their personal data used for targeted advertising.

At the time, Felix Mikolasch, data protection lawyer at noyb, said: "EU law requires that consent is the genuine free will of the user. Contrary to this law, Meta charges a 'privacy fee' of up to €250 per year if anyone dares to exercise their fundamental right to data protection."

cross-posted from: https://thelemmy.club/post/11226460

This post is going to be a bit personal (and maybe a little bit out of context, it's not just Google software I want to remove) but I'm tired of not knowing what to do about it. I want and have wanted to get rid of a bunch of proprietary software in my life, including but not limited to Google's software, for quite a while now, and I even got a Pixel 7A with hopes of installing GrapheneOS. But there are a few problems. First, my parents are understandably concerned and need me to use Google Maps' location sharing whenever I go to school. All my classmates use Instagram and we have that as our only messaging platform. I currently use DFInstagram, but I feel that it is not free from spyware. Finally, I also own a DJI Mini 3 Pro, and the associated DJI Fly app just refuses to work under GrapheneOS (I tested). Is there anything I can do to replace or limit the access of these aforementioned proprietary apps?

**The purpose of this post is not to endorse the use of Reddit (), but rather to inform users of a privacy-friendly approach in case they need to utilize the platform.**

Redlib is a private front-end like Invidious but for Reddit.

• 🚀 Fast: written in Rust for blazing-fast speeds and memory safety
• ☁️ Light: no JavaScript, no ads, no tracking, no bloat
• 🕵 Private: all requests are proxied through the server, including media
• 🔒 Secure: strong Content Security Policy prevents browser requests to Reddit
• Self-hostable

Redlib currently implements most of Reddit's (signed-out) functionalities but still lacks a few features.

Redlib Instances

(If a particular instance doesn't work, try others to see if they work)

Comparison

This section outlines how Redlib compares to Reddit in terms of speed and privacy.

Speed

Last tested on January 12, 2024.

Results from Google PageSpeed Insights (Redlib Report, Reddit Report).

Privacy

Reddit

Logging: According to Reddit's privacy policy, they "may [automatically] log information" including:

• IP address
• User-agent string
• Browser type
• Operating system
• Referral URLs
• Device information (e.g., device IDs)
• Device settings
• Pages visited
• Links clicked
• The requested URL
• Search terms

Location: The same privacy policy goes on to describe that location data may be collected through the use of:

• GPS (consensual)
• Bluetooth (consensual)
• Content associated with a location (consensual)
• Your IP Address

Cookies: Reddit's cookie notice documents the array of cookies used by Reddit including/regarding:

• Authentication
• Functionality
• Analytics and Performance
• Advertising
• Third-Party Cookies
• Third-Party Site

Redlib

Server

• Logging: In production (when running the binary, hosting with docker, or using the official instances), Redlib logs nothing. When debugging (running from source without --release), Redlib logs post IDs fetched to aid with troubleshooting.

• Cookies: Redlib uses optional cookies to store any configured settings in the settings menu. These are not cross-site cookies and the cookies hold no personal data.

Settings and subscriptions are saved in browser cookies. Clearing your cookies will reset them. You can restore your current settings and subscriptions after clearing your cookies using the link given in the settings menu.

[TIP] 🔗 Want to automatically redirect Reddit links to Redlib? Use LibRedirect or Privacy Redirect!

Note: The above text presents an abridged and modified version of information found in the developer's documentation. Some context has been removed or altered for brevity. For the full and unmodified documentation, please see the original source.

Additional Information on Frontends from Privacy Guides

Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. Frontends can allow you to get around these restrictions.

If you choose to self-host these frontends, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting, as other peoples' usage will be linked to your hosting.

When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance. They can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.

If the owner of the standard notes will now be a proton, doesn't that contradict this principle? I have a proton email account but I don't want it linked to my standard notes account. I don't strongly trust companies that offer packaged services like google or Microsoft. I prefer to have one service from one company. I am afraid that now I will have to change where I save my notes. What do you guys think about this?

cross-posted from: https://sh.itjust.works/post/17506000

I am not satisfied with Linux's security and have been researching alternative open source OS for privacy and security So far only thing that's ready to use is GrapheneOS (Based on Android) but that's not available on desktop (Though when Android release Desktop mode it may become viable)

Qubes OS is wrapper around underlying operating systems, so it doesn’t really fix for example Linux’s security holes it just kinda sandbox/virtualize them

OpenBSD is more secure than Linux on a base level but lack mitigations and patches that are added to linux overtime and it's security practices while good for it's time is outdated now

RedoxOS (Written in Rust) got some nice ideas but sticks to same outdated practices and doesn't break the wheel too much, and security doesn't seems to be main focus of OS

Haiku and Serenity are outright worse than Linux, especially Haiku as it's single user only

Serenity adopted Pledge and Unveil from OpenBSD but otherwise lacks basic security features

All new security paradigms seems to be happening in microkernels and these are the ones that caught my eyes

None of these are ready to be used as daily driver OS but in future (hopefully) it may change

Genode seems to be far ahead of game than everything else

Ironclad Written in ADA

Atmosphere And Mesosphere Open Source Re-implementation of Nintendo Switch's Horizon OS, I didn't expected this to be security-oriented but seems like Nintendo has done a very solid job

Then there are Managarm, HelenOS, Theseus but I couldn't figure out how secure they are

Finally there is Kicksecure from creators of Whonix, Kicksecure is a linux distro that plans to fix Linux's security problems

if you know of any other OS please share it here

For the last month I've been working on a modern, material you interface for Invidious.

Github (Leave a star if you want)

Hosted instance

Features

• Sponsorblock built-in.
• Return YouTube dislikes built-in.
• Video progress tracking & resuming.
• No ads.
• No tracking.
• Light/Dark themes.
• Custom colour themes.
• Integrates with Invidious subscriptions, watch history & more.
• Live stream support.
• Dash support.
• Chapters.
• Audio only mode.
• Playlists.
• PWA support.

If the linked article has a paywall, you can access this archived version instead: https://archive.ph/zyhax

The court orders show the government telling Google to provide the names, addresses, telephone numbers and user activity for all Google account users who accessed the YouTube videos between January 1 and January 8, 2023. The government also wanted the IP addresses of non-Google account owners who viewed the videos.

“This is the latest chapter in a disturbing trend where we see government agencies increasingly transforming search warrants into digital dragnets. It’s unconstitutional, it’s terrifying and it’s happening every day,” said Albert Fox-Cahn, executive director at the Surveillance Technology Oversight Project. “No one should fear a knock at the door from police simply because of what the YouTube algorithm serves up. I’m horrified that the courts are allowing this.” He said the orders were “just as chilling” as geofence warrants, where Google has been ordered to provide data on all users in the vicinity of a crime.

Cars collect a lot of our personal data, and car companies disclose a lot of that data to third parties. It’s often unclear what’s being collected, and what's being shared and with whom. A recent New York Times article highlighted how data is shared by G.M. with insurance companies, sometimes without clear knowledge from the driver. If you're curious about what your car knows about you, you might be able to find out. In some cases, you may even be able to opt out of some of that sharing of data.

I started fiddling with my alias service and started wondering what approach other people might take.
Not necessarily the best option but what do you prefer? What are the pros and cons you see with each option?

Currently I'm using anonaddy and proton, so I have a few options to create aliases.

• The limited shared domain aliases (from my current subscription level)
  Probably the only option to not be tracked if it would be unlimited, I'd just have to pay more for the service.
• Unlimited aliases with a subdomain of the shared domain
  For example: baked6863.addy.io
• Unlimited aliases with custom domain.
• Unlimited aliases with subdomain in custom domain.
  This is different from the one above since the domain could be used for different things, not dedicated to email.
• Catch-all with addy.
  The downside I've read is people could spam any random word, and if then disabled the people that had an incorrect alias wouldn't be able to communicate anymore.
• Catch-all with proton.
  Since proton has a limit on how many email addresses you actually have, so when you receive an email to an alias and want to replay to it you'll be doing it from the catch-all address instead of the alias.

What do you think?
What option would you choose?

cross-posted from: https://lemdro.id/post/7007064

I'm looking to use JMP.chat as my main number along as my work number.

Bitwarden rolls out highly-requested autofill feature inside form fields

https://alternativeto.net/news/2024/2/bitwarden-rolls-out-highly-requested-autofill-feature-inside-form-fields/

@privacyguides

Here is the github page. The option for different « optics » is neat, and the inclusion of DDG bangs style syntax is also appreciated.

What is this thing, an app or codes? https://www.reddit.com/r/AndroidQuestions/comments/15yotxd/what_is_google_partner_setup/ https://eu.community.samsung.com/t5/galaxy-z-fold-z-flip/quot-google-partner-setup-quot-app/td-p/8026228 https://techwiti.com/google-partner-setup/ https://support.google.com/android/thread/205176241/what-is-the-app-google-partner-set-up-for-and-is-it-something-standard-for-my-galaxy-a-13-5g?hl=en

TL;DR version:

• Mobile carriers collect and sell customer data for profit.

• Carriers use various methods to collect data, including default settings that enroll customers in data collection programs without their knowledge or consent, and opt-in programs that require explicit consent but may use misleading language or design to trick users into agreeing.

• Major mobile carriers, such as AT&T, Verizon, and T-Mobile, collect customer data through their privacy policies, which often go unread by consumers.

• Carriers collect various data, including web browsing history, app usage, device location, demographic information, and more. Carriers also combine data collected from customers with information from external sources, such as credit reports, marketing mailing lists, and social media posts.

• They use this data to create models and inferences about customers' interests and buying intentions, which they then share with advertisers for targeted advertising.

• Individuals can choose to opt out of data collection initiatives, utilize Virtual Private Networks (VPNs) to limit data accessibility, and change to alternate Domain Name System (DNS) servers to reduce the amount of data gathered.

cross-posted from: https://links.hackliberty.org/post/897256

The NSA’s long history of often legally sketchy mass surveillance continues, despite some of the agency’s activities getting exposed more than a decade ago by whistleblower Edward Snowden.

Now, the National Security Agency has had to reveal, in response to a senator’s questions, that it is, as one report put it, “sidestepping” obtaining warrants first before it buys people’s information, put on sale by data brokers.

This came to light in an exchange of letters between Senator Ron Wyden and several top security officials.

And this time – because of NSA’s own interest being at stake – he has been able to reveal the information he obtained.

Wyden’s January 25 letter to Director of National Intelligence Avril Haines contained a fairly straight-forward request: US intelligence agencies should only buy American’s data “that has been obtained in a lawful manner.”

We obtained a copy of the letter for you here.

With the implication that something entirely different is happening, the senator went on to explain what: if these agencies went to communications companies themselves for the data, that would require a court order.

Instead, Wyden continued, they go the roundabout way to get information (like location data) taken from people’s phones – collected via apps, and finally ending up with commercial brokers, who sell it to the likes of the NSA. And, this particular agency is also buying “Americans’ domestic internet metadata.”

In other words, a comprehensive, yet legally questionable mass surveillance scheme.

Wyden “reinforced” his letter to Haines by attaching NSA Director General Paul Nakasone’s December response to one of his earlier queries – a back-and-forth that has been going on for almost three years, he says, and concerned other agencies as well and their practice of data acquisition.

But now that he said he would block the Senate confirmation of Nakasone’s successor – the information he received finally “got cleared” for release and pretty quickly.

Nakasone confirmed the practice, and then went on to justify it by saying it only pertains to “records” of online traffic, rather than “emails and documents.” He said what the NSA purchases is “netflow data” that comes from devices where “one or both” ends of the connection is in the US.

And why? It is “critical,” wrote Nakasone, in “protecting US defense contractors from cyber threats.”