Privacy

30088 readers
1038 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
1
2
3
 
 

Im considering buying a new phone and i don't really consider a Pixel. I really like Fairphones approach, with the self repairable stuff. Even though they don‘t have a headphone jack. But well… I can’t change it. I’ll definitely go with the adapter over wireless headphones.

But to my question: What private OSes are there? Fairphone sells FP4s with eOS, how is that? And does it work on the FP5? GrapheneOS only works on Google Pixels right?

4
 
 

Tips to keeping your identity secure, and protecting other members of your community from being accidentally doxxed or forced offline.

Extremely useful, especially for people who coordinate larger protests or online communities.

5
 
 

I want to keep a timeline of the places I go like Google Maps can, and export it to mac for my diary*. The maps app doesn't have to be great, it just needs to keep a timeline in the background, I would still use Apple Maps as my main navigation app.

*(ideally I can automatically export it somehow, perhaps with the Shortcuts and Scriptable app but just tell me any apps with a timeline and export feature)

6
65
A tip for Android users. (sh.itjust.works)
submitted 23 hours ago* (last edited 23 hours ago) by [email protected] to c/[email protected]
 
 

I just wanted to share that you can disable google play store on stock Android and not lose that much functionality, if for any reason you use an app that require Google play store or you want to make a play store purchase, you can enable it again.

I personally disabled it and I get my apps from Aurora Store, ApkPure and Droidify.

It decreased my phone battery usage by a lot and I am less dependent on google overall.

7
 
 

I just tried changing my email on studentaid.gov to a simplelogin alias (using SL is a habit at this point) and I got notifications that emails from it were bounced while trying to verify the email change with sent codes. I looked it up and found a bunch of Reddit posts about issues with SL and iCloud.

8
 
 

What is the general consensus on trusting data removal services with the data you provide them?

I’ve spent 5 years telling myself I’ll go through the long lists of data aggregators and one by one manually send removal requests. But it’s such a massive undertaking. I’d like to finally get it done through one of these services, but my gut tells me it feels wrong.

Has anybody used them and how do you feel about it? Is DeleteMe a good choice?

9
 
 

Hi! 2 and 4 months ago @Hellfire103 and @Charger8232 made a post about their privacy setup. So I though I would also share mine.

Remember these rules:

  • Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.

  • Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!

-** Don’t focus solely on me!** I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.

  • Be polite! This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

  • I use Librewolf for almost everything.
  • For 3D stuff (games, 3d modelling) I use Brave.
  • On mobile I use Vanadium.
  • My preferred search engine is Kagi.
  • Most if the time I have MullvadVPN enabled.

Desktop and laptop

  • I have self-build Ryzen + Radeon PC and Ideapad with Ryzen CPU.
  • I use Arch Linux BTW!
  • I have disk encryption and Nitrokey as a decryption key (or a long password of course).
  • I have secure boot with locked BIOS.
  • I'm running self-compiled linux-hardened kernel.
  • I'm using Gnome (Wayland).
  • I have only open-source apps installed.

Mobile

  • I have Google Pixel 7a with GrapheneOS.
  • I have different 5 profiles: main, google, school, finance, anonymous.
  • I have PIN on every profile and also fingerprint for main and school profiles.
  • I always use VPN, either Mullvad or self-hosted Wireguard.
  • I don’t use a privacy screen protector (for now).

Messenger

  • Signal for my family.
  • Viber for my schoolmates.
  • MS Teams for school.
  • Matrix for help with some open-source projects.
  • Discord for voice chat and local scouts group. I have Aliucord on mobile and Armcord on desktop.

Online accounts

  • Passwords are safe in self-hosted Bitwarden (Vaultwarden).
  • I use 2FA if I can. Either hardware 2FA - Nitrokey, or TOTP with Aegis.
  • I use SimpleLogin for email aliases and randomly generated usernames and passwords.

Video streaming

  • I watch only Youtube. Newpipe on mobile and Invidious on desktop.

AI

  • I do not use AI a lot, but if I do I use locally running LLama3 8B or Duckduckgo's LLama3 70B

Social Media

  • I had Instagram, Snapchat and Viber accounts, but I've deleted them.
  • I use only Lemmy on clearweb and Dread on darkweb.
  • I have Mastodon account, but I don't use it.

Email

  • I use ProtonMail.
  • One of the best privacy things you can do is use SimpleLogin (or other email alias service).

Shopping/Finance

  • IRL I use cash most of the time.
  • Online I use Monero if I can, otherwise just my credit card.
  • Cashew app for helping managing my purchases.

Music streaming

  • I use only RiMusic on my phone, that's it.

TV shows

  • I use a VPN, that's all I'm gonna say...

Gaming

  • Minecraft, Veloren, SuperTuxKart, and some Steam games.

Programming

  • I forgot how to code in Python, because Rust is so much better.
  • VS Codium.

Productivity

  • LibreOffice for simple stuff.
  • Typst for proper documents.

Paid services

  • ProtonMail - 4$ per month
  • SimpleLogin - 30$ per year
  • MullvadVPN - 5$ per month
  • Kagi - 10$ per month. For 5$ you get 300 searches, I use ~350 searches so I will try to lower my searches.
  • Domain - 13$ per year

Self-hosted

  • Everything runs on Raspberry Pi 4 with encrypted micro SD card.
  • Pi-Hole for blocking ads on network level.
  • Bitwarden (Vaultwarden) for storing all my passwords.
  • Wireguard server (with pihole as DNS) for connecting back home from anywhere.
  • Ntfy for self-hosted push notifications.
  • MollySocket for Signal push notifications.
  • FindMyDevice if I lost my phone.
  • Cloudflare DDNS, because I don't have static IP.
  • Nginx Proxy Manager.
  • Watchtower automatically updates docker containers.
  • My website.

Misc

  • I have Samsung Galaxy Watch 4 classic. I'm trying to do something about it...
  • I'm using Syncthing to sync documents and pictures between my devices.
  • I don't have a car (because I can't - I'm 17) and I won't have one for quite some time. I have a bicycle and my parents have 2 (smart/spy) cars.
  • I'm into crypto (mostly XMR) and I'm trading a little (making a trading bot) on MEXC. I also have Ledger Nano S Plus.
  • I have a 3d printer and it's fun and usefull :)

TODO

  • self-host Git repos for my projects.
  • Buy a privacy screen protector when I break my current one.
  • Buy a faraday bag, just in case.
  • Do something about my spywatch (maybe sell).
  • Make backups... Yep, I don't have any yet.
  • Monitor and harden all my devices.
  • Memorize cryptowallet's private key in case it gets lost.

Thanks for reading!

10
 
 

After their shameless Synology shilling a couple of weeks ago, today Techlore is trying to sell me Proton Pass.

Is Proton Pass a bad password manager? I don't know. It seems okay, but I have no opinion.

What I do know is that Techlore is affiliated with Proton, which makes their newest 10-minute video - in which they reveal the affiliation only at the last minute - 10 minutes of my life I'll never get back.

Unfortunately, In the business they're in, the merest hint of a bias kind of invalidates any advice they give. As the saying goes, when you point out other people's body odor, you'd better make sure you took a shower yourself.

Unsubscribe...

11
 
 

Fuck this shit, why does every fucking thing need an LLM?

12
 
 

I've just been playing around with https://browserleaks.com/fonts . It seems no web browser provides adequate protection for this method of fingerprinting -- in both brave and librewolf the tool detects rather unique fonts that I have installed on my system, such as "IBM Plex" and "UD Digi Kyokasho" -- almost certainly a unique fingerprint. Tor browser does slightly better as it does not divulge these "weird" fonts. However, it still reveals that the google Noto fonts are installed, which is by far not universal -- on a different machine, where no Noto fonts are installed, the tool does not report them.

For extra context: I've tested under Linux with native tor browser and flatpak'd Brave and Librewolf.

What can we do to protect ourselves from this method of fingerprinting? And why are all of these privacy-focused browsers vulnerable to it? Is work being done to mitigate this?

13
 
 

cross-posted from: https://lemmy.world/post/17746311

This release, I2P 2.6.0, continues our work by fixing bugs, adding features, and improving the network's reliability.

Newer routers will be favored when selecting floodfill routers. I2PSnark received features which improve the performance of PeX(Peer Exchange), in addition to bug fixes. Legacy transport protocols are being removed, simplifying the code in the UDP transports. Locally-hosted destination will be reachable by local clients without requesting their LeaseSet, improving performance and testability. Additional tweaks were made to peer selection strategies.

I2P no longer allows I2P-over-Tor, connections from Tor exit IP addresses are now blocked. We discourage this because it degrades the performance of I2P and uses up the resources of Tor exits for no benefit. If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each. Non-exit relays and Tor clients are unaffected by this and do not need to change anything.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS Changes

  • Router: Increase minimum version for floodfill routers

  • Router: Disable I2P over Tor

  • Address Book: Cache locally hosted destinations

Bug Fixes

  • I2PSnark: Peer Exchange Tweaks

  • I2PSnark: Bugfixes

  • Router: Peer Selection Tweaks

Other

  • Translation updates
14
15
16
 
 

i want to understand more about WebRTC security when using vpn. id like to know if it is more secure with VPN than without… or even if its recommended to use WebRTC with VPN.

i created a webrtc demo: https://chat.positive-intentions.com/#/webrtc (the corresponding code its created with: https://github.com/positive-intentions/chat/blob/staging/src/components/pages/webrtc/WebRTC.jsx)

if i generate a “WebRTC offer” then i see a bunch of information including my IP address.

if i do the same with VPN, i see that my ip address isnt in that payload.

following the information here: https://thehackernews.com/2015/02/webrtc-leaks-vpn-ip-address.html?m=1

and using the demo here: https://ipleak.net/

it seems even with vpn, the local ISP ip seems detected.

a recurring concern ive had on reddit about the security of my app is that webrtc exposes ip addresses. im investigating using the app with vpn. it seems to work like normal.

in the example details given above, i see while the local ISP IP is exposed, the personal ip address is still hidden. im sure what is exposed there is not worthless, but it could help users with privacy and security.

on the back of this investigation id like to see if i can add something like a toggle in my app called “enforce VPN” which will first check to see if you are on a vpn, and if you are, open the rest of the app.

my app is using peerjs-server as the connection broker. this is a third party i have no contractual agreement to provide me with a service. it could help to hide your IP from this service.

17
 
 

I have Galaxy Watch 4 and Pixel with GrapheneOS. Currently I have second profile with galaxy wearable and google play services for connecting to the watch. Before I've installed graphene I was using my watch as any other person, for notifications, sports, etc. Now I use it only for checking what time is it and developing apps. I can see my sports activity only for a week back, because samsung health only works on main profile.

Is there a way for me to use my watch on main profile without google and samsung apps? Maybe with some alternative app? Or should I sold my watch and buy a new one? I've heard good things about garmin and polaris? I would love option to develop my own apps on them.

18
81
submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]
 
 

Anyone have any experience with this app? Could it be malware? Are there other Foss or FLOSS alternatives?

19
 
 

Digital privacy seems quite straightforward, because your digital devices are environments you more or less can have complete control over if you want to. But when you're out and about, it's a much more uncontrolled environment. There are cameras everywhere.

I wear face masks everywhere for a combo of protecting myself from illness and privacy. But the limitation is social acceptability. If anything good came out of covid it's the normalisation of face masks, but you are far from unidentifiable if your only face covering is a covid mask. We're lucky that sunglasses and hoodies on their own are fairly normal, but all of the above in combination would draw attention to you. And it's definitely not socially acceptable to walk around in a balaclava.

The other thing is forensic data. If you don't wear gloves, you'll leave fingerprints everywhere, and hair too. I suppose wearing gloves is not particularly seen as weird or suspicious, but it just seems like there are a lot of considerations and challenges with preventing the state from knowing your every move when you leave the house.

What considerations do you make for IRL privacy, if any?

(Not particularly interested in "I don't care about IRL privacy so I don't do anything"—that's fine and your choice, but ofc this question is aimed towards those who do care)

20
 
 

If I log in to my account that includes my name, will my previously anonymous device now be associated with my account? What if I do the same in TailsOS?

21
 
 

Basically title. Recently I saw a new option in Chromium website permission settings called "allow access to local network" or something like that and I know some antiviruses on Windows that can list all devices connected to the same WiFi network. I'm usually using Firefox based browsers that obviously don't have the option to disable or enable that access. So can some really invasive websites mine data about my local network, connected devices etc? And if so, what can I do to prevent it except for just disconnecting everything else when visiting such websites?

22
 
 

I switched over since I heard it was more privacy friendly than YouTube and have been using the platform for a while without issues, but this cookie banner just popped up. You can opt-out of things like "Access precise geolocation data" but a lot of other information is still shared by third parties and not opt-outable.

It seems "Reject All" is the correct choice here, but I'm not sure if it is the best choice for browser users who have to constantly log back into their accounts.

23
92
submitted 3 days ago* (last edited 3 days ago) by [email protected] to c/[email protected]
 
 

cross-posted from: https://infosec.pub/post/14981035

But as I and others looked closer, and thought about it more deeply, things became concerning.

These logs include:

Your precise GPS locations (which are also sent to their servers).
Your WiFi network name.
The IDs of nearby cell towers (even with no SIM card inserted, also sent to their servers).
Your internet-facing IP address.
The user token used by the device to authenticate with Rabbit's back-end API.
Base64-encoded MP3s of everything the Rabbit has ever spoken to you (and the text transcript thereof).
24
30
submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]
 
 

I'm one of those oddballs who's never joined, but I'm in the market for a new to me bike, and it seems like all the action is on marketplace. Am I screwed, or is there an effective workaround ?

Edit: Not US. There are local alternatives that I know about, but they are worse, please answer question as asked ! Basically I'm thinking of alternative software ala FreeTube, or a way of spoofing facebook to make a dummy account only to be used for this and if so what precautions to take...

25
 
 

Yes, you can use Signal without sharing your personal phone number. Here’s how I did it.

view more: next ›