Privacy

Chat Control, the new EU law project to weaken messaging systems and get rid of E2E encryptions so as to scan in clients sides the content of the messages (but only for children safety, of course).

After the Tchap project based on Matrix, the French Prime Minister asks anyone in the gouvernement to use Olvid, the only app validated by the ANSSI, with metadata encryption and no centralised architecture nor contacts discovery. But only the front-ends are open source, not the back-end.

Source: https://www.politico.eu/article/france-requires-ministers-to-swap-whatsapp-signal-for-french-alternatives/

Hey everyone,

I am currently using an old(er) HYPERSECU FIDO key, USB-A with a button, and I am looking to

• secure my phone as well (NFC) and, if possible
• add biometric authentication to the mix.

Are there good alternatives or better: upgrades to the YubiKey which do support NFC as well as biometrics and come with a USB-C?

Thanks for your time 👋

cross-posted from: https://programming.dev/post/6272443

After trying different browsers on android I found Privacy Browser to be what I need. It have encrypted backups,Domain settings,jsless by default,Deleting all site data and Most usable UI. Only issue is It is based on webview and I am using system default webview as my device is nonrooted so how secure is to go this way?

cross-posted from: https://programming.dev/post/6002270

Hi,

If you don't know how work the chain of trust for the httpS

You might want to watch this video https://invidious.privacydev.net/watch?v=qXLD2UHq2vk ( if you know a better one I'm all ears )

So in my point of view this system have some huge concerns !

1. You need to relies to a preinstalled store certificate in your system or browser... Yeah but do you know those peoples ??!! it might seem weird, but actually you should TRUST people that YOU TRUST/KNOW !!

Here an extract from the certificate store om Firefox on Windows.

I do not know ( personally ) any of those COMMERCIAL company !

2. Of course we could use Self-certificate but this is not protecting against Man-in-the-middle_attack . Instead of using a chain (so few 3th party involved , so increasing the attack surface ! ) why not using something simpler !? like for example

• a DNS record that hold the HASH of the public key of the certificate of the website !
• a decentralized or federated system where the browser could check those hash ?

Really I don't understand why we are still using a chain of trust that is

1. not trusted
2. increase the surface of attack
3. super complex compare to my proposals ?

Cheers,

Why I don't use the term SSL

Because actually httpS now use TLS not anymore ssl https://en.wikipedia.org/wiki/Transport_Layer_Security

With a new open letter of specialists and engineers against that hazardous project

https://nce.mpi-sp.org/index.php/s/cG88cptFdaDNyRr

Just wanted to share kind of tutorial I wrote about flashing LineageOS on old smartphones to keen them up to date 📱

Just wanted to share an old but still relevant publication about tools to use to protect our privacy, feel free to comment and share suggestions 😁

Like Nitter and Invidious

cross-posted from: https://fedia.io/m/disabled/t/346115

Banks have started capturing customers voice prints without consent. You call the bank and the robot’s greeting contains “your voice will be saved for verification purposes”. IIUC, these voice prints can be used artificially reconstruct your voice. So they could be exfiltrated by criminals who would then impersonate you.

I could be wrong about impersonation potential.. just fragments of my memory from what I’ve read. In any case, I don’t like my biometrics being collected without my control.

The countermeasure I have in mind is to call your bank using #Teletext (TTY). This is (was?) typically a special hardware appliance. As a linux user, TTY is what the text terminal is based on. So I have questions:

1. can a linux machine with a modem be used to convert a voice conversation to text?

2. how widespread are TTY services? Do most banks support that, or is it just a few giant banks?

3. if street-wise privacy enthusiasts would theoretically start using TTY in substantial numbers, would it help the deaf community by increasing demand for TTY service, thus increasing the number of businesses that support it?

Cross post from r/privacy

From some days I have seen that piped never works and invidious works for 1/10 times.Is it due to instances are down or google is doing something.

Or is it my internet issue 🥲 Is it working for others.

Title + As I dont have a G account signed in they cant track me as a person and I also turned diagnostics data sharing off. Will it be help they might track me a as person on this device.Right?? Also as to quit google I have to quit internet so will it be advantageous to do this thing.

TL;DR

Google’s ‘ad auctions’ face a privacy challenge in the Netherlands. Google has been accused of intrusive online surveillance by more than 82,000 people who have signed up to a class action lawsuit against the tech giant in the Netherlands.

Adobe starts paying out stock contributors for helping train AI. To train Firefly, its generative AI model, the company only uses content that it has rights to through its stock image platform Adobe Stock or that is in the public domain. Adobe has now started to make good on its promise to compensate Adobe Stock creators who may lose out from the widespread adoption of AI.

UK backs down on encryption-breaking plan. The plan was to compel service providers, including messengers, to scan encrypted chats for child porn. Although the British government promised not to force companies to use unproven technology to snoop on users, it may try to enforce the so-called “spy clause” in the future if better and more secure (in the government’s eyes) technology emerges.

WhatsApp denies it will have ads. The Financial Times has reported that WhatsApp is considering inserting ads into lists of conversations with contacts in a bid to increase its revenue. A rebuttal from WhatsApp head Will Cathcart followed. “This @FT story is false. We aren’t doing this.” Still, the FT stood by their story, claiming that before it was published they had reached out to WhatsApp, and they had not denied such conversations could have taken place. Citing sources within WhatsApp, the FT then reported that another option that was being discussed is to introduce a paid ad-free version of WhatsApp.

X unveils verification system based on govt. ID. X, formerly Twitter, has begun offering its paid subscribers a new way of verification. Now, they can upload their government-issued IDs along with their selfie, and get an “ID verified” label on their profile along with “prioritized support.”

Hi I recently reviewed my Google account settings on my phone. On exploring it I found that I can Remove almost every annoying tracker,I can delete my data,Remove services,Disable Personised ads etc.After giving it 20minutes of my day I found that Google do not deserve the Hate it gets from FOSS and PRIVACY Consious people.Is there some real reason why you should not use google products for privacy or It is just everybody want to live a Hacker's life.

I know it's not exactly hot news, but I entirely missed the article, so here you go.