Privacy

33736 readers
462 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
1
 
 

Andisearch Writeup

A security researcher known as Brutecat discovered a vulnerability that could expose the email addresses of YouTube's 2.7 billion users by exploiting two separate Google services[^1][^2]. The attack chain involved extracting Google Account identifiers (GaiaIDs) from YouTube's block feature, then using Google's Pixel Recorder app to convert these IDs into email addresses[^1].

To prevent notification emails from alerting victims, Brutecat created recordings with 2.5 million character titles that broke the email notification system[^1]. The exploit worked by intercepting server requests when clicking the three-dot menu in YouTube live chats, revealing users' GaiaIDs without actually blocking them[^2].

Brutecat reported the vulnerability to Google on September 15, 2024[^1]. Google initially awarded $3,133, then increased the bounty to $10,633 after their product team reviewed the severity[^1]. According to Google spokesperson Kimberly Samra, there was no evidence the vulnerability had been exploited by attackers[^2].

Google patched both parts of the exploit on February 9, 2025, approximately 147 days after the initial disclosure[^1].

[^1]: Brutecat - Leaking the email of any YouTube user for $10,000 [^2]: Forbes - YouTube Bug Could Have Exposed Emails Of 2.7 Billion Users

2
 
 

I have been using Porkbun for domain name registration until now, but I wanted to move to a European registrar. When I registered a domain, I received this email. Is it normal?. If not what registrar do you use? I have filled in my name and address while registering an account and have 2fa on. It's an id verifier app.

The app https://apps.apple.com/us/app/infomaniak-kcheck/id1500022928

To infomaniaks credit they gave me a refund instantly when i asked.

3
 
 

After a recent forced update, I can no longer login to my bank account, the app brings up google play and expects me to login to gplay for what ever reason,I am not logged into that cancer on my phone, so now I am fuming and don't want to be forced to make a google account on the phone. (by the way I have been using aurora to avoid gplay)

I am hoping someone has a some trick or app to bypass this ? I have talked to the bank but there is nothing they can do for just one weird customer !

Everything is going to shit in this dystopian technocracy

4
 
 

I'm considering getting a domain with a .place TLD. Will it cause any issues like emails being blocked or something? I searched and it doesn't seem particularly notorious for spam or anything, but I wanted to find out if there are people who can tell me from experience.

Edit: This is not for running my own server - I have a provider, Disroot.

5
 
 

I have seen some people recommending windscribe VPN. So now I'm thinking about it. One thing I liked about it is you can set your own custom DNS. Which is a great plus point for me. So have any of you used it? How is it?

6
 
 

Kagi haters are in shambles

7
219
submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]
 
 

Apologies If I can't list specific 3rd Android OS here. I know you can't on some reddit privacy subs due to some beef between devs I guess. I'll take down if needed :)

Regardless, Ive been running GOS for a while and just found out theres a feature that allows you to use biometrics while still requiring your pin on the initial lock screen. One of my concerns with biometrics is that in some jurisdictions, law enforcement can force someone to open their phone through face ID or thumb print.

I've been using this feature that allows you to use biometrics but when you are on the lock screen, it still requires your pin. I thought this was really cool because it allows me to use biometrics only to unlock my apps while still adding an extra layer of protection to the unlocking of the device itself. Obviously slightly Inconvenient depending on your worries/threat level, but I just wanted to share this in case anyone else was interested and didnt know about it! Very cool!

EDIT: I just re-read my screenshot and it looks like fingerprint unlock is not correlated to using fingerprint for app unlocking. If this is the case then I'm not quite sure what the actual benefits are here. Please feel free to clarify!

11431

8
 
 

Hey Folks! Someone in my family (Person A), has talked to a guy, who is working in the tech world, about if it make sense to use Signal, over Messenger, Snap, WhatsApp, with privacy in mind. The tech guy said, there is no difference, and that its not making sense to use it and that its almost the same. I know Signal is discussed alot here, but im now looking for some arguments, and facts to tell the one from my family, that the tech guy is wrong. What arguments can i use, why is Signal better in privacy, then the other alternatives? Person A, has always been sceptical about me beeing so privacy minded, and A thinks that there is nothing to do to protect, and is one of thoese saying : I have nothing to hide.

9
 
 

streaming has a history of being data intrusive. and buying from most online stores show itemized music receipts to the credit card company (and don't typically allow giftcards). buying in person is nice, but harder to get new music.

any tips?

10
 
 

At this pace, I'll either never change my car or will never buy a car again.

11
 
 

Work uses Slack, which is quite entrenched in the organization, so trying to move all of my contacts over to something else would be nontrivial. Colleagues use it to send moderately urgent messages every now and then, so notifications on my phone would be a nice-to-have.

I haven't had much luck finding well-maintained open-source clients for Slack. I could sandbox Play Services alongside the official app or a browser, but I'd rather not make my phone run the whole Google Play stack just for those notifications. Did I miss any low-hanging fruit or is hosting a Matrix bridge the only alternative?

12
 
 

cross-posted from: https://lemm.ee/post/55331045

13
 
 

Is matrix good to use, seen a lot of drama around it. For example hackliberty.org left it because of lacking of security and moderation, do you still recommended it?

14
 
 

I ran my old 2004 Samsung television into the ground: the EL backlight was so worn out that the picture had large dark holes in it, and the TV would take 20 minutes to warm up and display something.

And today it wouldn't start at all anymore. It's deader than a dead dodo. But hey, 20 years for a modern TV ain't bad. I'm pretty pleased with that.

So I went to the supermarket to find the cheapest set I could find. I asked the salesman if they had a cheap, but most importantly NON-SMART TV - thinking non-smart TVs are probably the cheapest of them all, if they still existed at all.

The man said "We have this dumb 43" TV here, but it's the last one, and then we won't get anymore dumb TVs for 3 months."

I looked at the price and it was - gasp - $20 MORE than the cheapest Android-encumbered smart TV of the same size.

I asked the man how come and he said "Well, dumb TVs are hard to get and they sell almost immediately. So they're worth more than the smart ones."

Wow. So people actually WANT dumb TVs and are willing to pay a premium for em. It means attitudes towards the value of privacy are changing and that's great!

15
84
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
 
 

scarily... They don't need to to be this creepy, but even I'm a tad baffled by this.

Yesterday me and a few friends were at a pub quiz, of course no phones allowed, so none were used.

It came down to a tie break question of my team and another. "What is the run time of the Lord of the Rings: Fellowship of the ring" according to IMDb.

We answered and went about our day. Today my friend from my team messaged me - top post on his "today feed" is an article published 23 hours ago.....

Forgive the pointless red circle.... I didnt take the screenshot.

My friend isn't a privacy conscience person by any means, but he didnt open IMDb or google anything to do with the franchise and hasn't for many months prior. I'm aware its most likely an incredible coincidence, but when stuff like this happens I can easily understand why many people are convinced everyone's doom brick is listening to them....

16
 
 

Android's Gboard always suggests replies in chat apps that fit the context of what my contacts write.

If my previous message had been related, I would assume it predicted what my contact would say in response and make a suggestion based on that. But even if the contact changes the topic, the suggestions are appropriate.

I don't expect that the apps all share the conversation with Gboard. So how are the predictions made.

It seems unlikely that it would take screenshots and base predictions on that. But otherwise I don't know how it is possible.

17
18
78
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
 
 

I currently use KeepassXC that is synced through NextCloud. The sync isn't very elegant, especially on my phone. So I'm looking for a new password manager, which has a native server sync support that I can self host. What do y'all recommend? I need at least a phone app and a browser integration that can autofill.

19
 
 

Does anyone have tips for redirecting YouTube links on mobile android?

I tried Firefox with libredirect addon, but it doesn't want to work for some reason.

20
 
 

I apologize if this isn't the place, I'll happily repost somewhere else if someone gives any suggestions pertaining to that.

I've been using Eddie with airvpn on my PC for a little over two years. I have never been able to identify which programs are using my network with task manager, because all the traffic went through openvpn.exe.

I just switched to wireguard thinking it would help me figure out which programs are using so much data but it provides even less information. It's significantly faster, so I'll be sticking to wireguard, but I still can't tell which program is actually using the network on task manager. I've been googling all morning and can't find a proper solution to my problem. It definitely seems like others want the same thing, but I haven't found any thread where the people answering actually understood the issue.

Task manager shows all traffic is going through wireguard.exe or airvpn.exe, so how can I tell which programs are actually using data?

21
38
Um.... Wtf? (lemmy.dbzer0.com)
submitted 4 days ago* (last edited 3 days ago) by [email protected] to c/[email protected]
 
 

Using Rethink DNS app btw, I want to use a firewall and VPN at the same time on Android. Wtf?!?

So my IP has somehow just been leaking all this time...

Edit: Typo

22
 
 

I want to block ads and trackers on the whole home network. I’ve been using adblockers and trackers for years now; I currently have a Raspberry Pi. I was thinking of setting up Pi-Hole with AdGuard. Any other suggestions are welcome. (I can’t use a custom router, because my ISP doesn’t allow it)

23
24
25
 
 

What service would you recommend for receiving SMS confirmation codes etc. that is not blocked by most services (which probably only leaves the paid ones)?

view more: next ›