privacy

363 readers
1 users here now

Rules (WIP)

  1. No ad hominem allowed
  2. Attack the idea, not the poster

founded 1 year ago
MODERATORS
51
 
 

As enacted, the OSB allows the government to force companies to build technology that can scan regardless of encryption–in other words, build a backdoor.

Paradoxically, U.K. lawmakers have created these new risks in the name of online safety.

The U.K. government has made some recent statements indicating that it actually realizes that getting around end-to-end encryption isn’t compatible with protecting user privacy. But

The problem is, in the U.K. as in the U.S., people do not agree about what type of content is harmful for kids. Putting that decision in the hands of government regulators will lead to politicized censorship decisions.

The OSB will also lead to harmful age-verification systems. This violates fundamental principles about anonymous and simple access

See also: Britain Admits Defeat in Controversial Fight to Break Encryption

52
53
 
 

Although the UK government has said that it now won’t force unproven technology on tech companies, […] the controversial clauses remain within the legislation, which is still likely to pass into law.

the continued existence of the powers within the law means encryption-breaking surveillance could still be introduced in the future.

So all ‘until it’s technically feasible’ means is opening the door to scanning in future rather than scanning today. It’s not a change

The implications of the British government backing down, even partially, will reverberate far beyond the UK

“It’s huge in terms of arresting the type of permissive international precedent that this would set […]. The UK was the first jurisdiction to be pushing this kind of mass surveillance. It stops that momentum. And that’s huge for the world.”

54
 
 
55
56
 
 

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN [sécuriser et réguler l'espace numérique] Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.

--France’s browser-based website blocking proposal will set a disastrous precedent for the open internet

[Unfortunately one should no longer trust Mozilla itself as much as one did 10 years ago. If you do sign, you might want to use a fake name and a disposable email address.]

This bill is obviously disturbing. It could be that eventually they assume that .onion sites are all suspicious and block them, or something similar might happen, which would be bad news for privacy-oriented users including Monero users, for freedom of thought, and for freedom of speech itself. Note that the EU is going to ban anonymous domains too (in NIS2, Article 28).

For a regular end user, if something like this happens and if the block is domain-name-based, then one quick workaround would be using web.archive.org (or Wayback Classic), or ANONYM ÖFFNEN of metager.de (both work without JS). If this is France-specific, of course a French user could just get a clean browser from a free country too (perhaps LibreWolf or Tor Browser, or even Tails), provided that using a non-government-approved browser is not outlawed.

Mozilla, financially supported by Google, states that Google Safe Browsing is a better solution than SREN, but that too has essentially similar problems and privacy implications; especially Gmail's Enhanced Safe Browsing is yet another real-time tracking (although, those who are using Gmail have no privacy to begin with, anyway).

If it's DNS-level blocking, you can just use a better DNS rather than one provided by your local ISP, or perhaps just use Tor Browser. Even if it's browser-side, as long as it's open-source, technically you're free to modify source code and re-compile it yourself, but that may not be easy even for a programmer, since a browser is complicated, with a lot of dependencies; security- and cryptography-related minor details tend to be extremely subtle (just because it compiles doesn't mean it's safe to use), especially given that Firefox/Thunderbird themselves really love to phone home behind the user's back.

See also: Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?

57
 
 
58
59
60
 
 

In the past I’ve recommended sms-activate for easy, quick and low cost phone verification. When you want to log in, they now force you to click on a verification link send by email, meaning you are f’ed if you used a single-use email address.

Are there any alternative options that accept monero and don’t have this restriction?

61
 
 

Having free and open-source tools and a decentralized way of fighting back and reclaiming some of that power is very important. Because if we don’t resist, we’re subject to what somebody else does to us

While Tor is useful in several situations, probably we shouldn't believe in it blindly. For clearnet, LibreWolf is a great option too, and I2P might be the future.

62
 
 

Hello, fellow privacy enthusiasts!

I've been on a journey to find a VPN provider that aligns with my privacy values, and I wanted to share my experiences and concerns here, hoping for some insights and recommendations.

Primary Criteria:

  • Outside of the 14 Eyes: Ideally, I'd prefer a provider outside of the 14 Eyes intelligence-sharing countries.

  • Accepts Monero: Given its the only real privacy coin there is, I'm keen on providers that accept Monero as a payment method.

  • I need port forwarding for the services I host.

Current Options: I've considered Mullvad and IVPN, both of which I trust for their privacy focus. However, they recently disabled their port forwarding support, which I need since I host services from home. SPN by Safing sounds really interesting too but they also do not offer port forwarding sadly.

ProtonVPN seemed like a close alternative, but I've come across several red flags:

  • Logging Concerns: ProtonMail, under the same parent company, provided IP logs in response to a Swiss court order. This contradicts ProtonVPN's claim on their website that "we can’t be obligated to start logging" under Swiss law.

  • Use of Google Analytics: Despite being a privacy-focused service, ProtonMail has used Google Analytics on their website, raising questions about their commitment to user privacy.

  • No Monero Support: Proton has not added Monero as a payment option, despite numerous requests from the community over the years.

Seeking Recommendations: Given the above, I'm reaching out for advice. Are there any VPN providers you'd recommend that fit my primary criteria? Or any insights into the concerns I've raised about ProtonVPN?

Thanks in advance for your help!

63
64
 
 

The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption.

Requiring government-approved software in peoples’ messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won’t stop at the borders of the U.K.

Random thoughts...

Even if platform-assisted end-to-end encryption (pseudo e2e) is censored, perhaps we could still use true user-to-user encryption. If "end" means the messenger software itself or a platform endpoint, then the following will be true e2e - "pre-end" to "post-end" encryption:

  1. Alice and Bob exchange their public keys. While using a secure channel for this is ideal, a monitored channel (e.g. a normal message app) is okay too for the time being.
  2. Alice prepares her plain text message locally: Alice.txt
  3. She does gpg -sea -r Bob -o ascii.txt Alice.txt
  4. Alice opens ascii.txt, pastes the ascii string in it to her messenger, sends it to Bob like normally.
  5. So Bob gets this ascii-armored GPG message, and saves it as ascii.txt
  6. gpg -d -o Alice.txt ascii.txt, and he has the original Alice.txt
  7. He types his reply locally (not directly on the messenger): Bob.txt
  8. gpg -sea -r Alice -o ascii.txt Bob.txt and sends back the new ascii string
  9. Alice gets it, so she does gpg -d -o Bob.txt ascii.txt to read Bob.txt

In theory, scanning by government-approved software can't detect anything here: Alice and Bob are simply exchanging harmless ascii strings. Binary files like photos can be ascii-armored too.

Admittedly this will be inconvenient, as you'll have to call gpg manually by yourself. But this way you don't need to trust government-approved software at all, because encryption/decryption will be done by yourself, before and after the ascii string goes through the insecure (monitored) channel.

65
15
Bad Internet Bills (www.badinternetbills.com)
submitted 1 year ago by [email protected] to c/[email protected]
 
 

Congress is trying to push through a swarm of harmful internet bills that would severely impact human rights, expand surveillance, and enable censorship on the internet. On July 20, we’re launching a week of action to get loud about our opposition to legislation like KOSA and EARN IT and demanding that Congress focus on passing badly needed comprehensive privacy legislation to actually protect us from the harms of big tech companies and data brokers, instead of pushing through misguided legislation before August congressional recess.

66
67
 
 

I’m currently looking at my Venmo feed. In an ideal world, I would see only a log of private payments I’ve made and received. Instead, I see a list of my friends’ business: someone paid a friend for “drinkies,” another for “rich bitch things.”

This is so terrible, I don't even know what to say about this.

68
 
 

We're happy to announce the release of BusKill v0.7.0!

BusKill Release Announcement v0.7.0

Most importantly, this release allows you to arm the BusKill GUI app such that it shuts-down your computer when the BusKill cable's connection to the computer is severed.

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

What is BusKill? (Explainer Video)
Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Upgrading

You can upgrade your BusKill app to the latest version either by

  1. Clicking "Update" in the app or
  2. Downloading it from GitHub

Changes

This update includes many bug fixes and new features, including:

  1. Adds support for 'soft-shutdown' trigger to GUI
  2. Adds a new buskill.ini config file
  3. Adds a new "Settings" screen in GUI
  4. Merges kivy & buskill config files into one standardized location
  5. Fixes in-app updates on MacOS
  6. Fixes lockscreen trigger on Linux Mint Cinnamon
  7. Fixes background blue/red disarm/arm color to propagate to all screens
  8. Fixes --run-trigger to be executed inside usb_handler child process and communicate to root_child through the parent process

You can find our changelog here:

Documentation Improvements

We've also made many improvements to our documentation

  1. Updated the Software User Guide to include how to arm the BusKill app with the soft-shutdown trigger in the GUI
  2. Added a manpage
  3. Better documentation on how to build your own USB-C BusKill Cable
  4. Better documentation on how to test the buskill app
  5. Fixes in Release Workflow
  6. Added some additional related projects to our documentation

Soft-Shutdown Trigger

This release now allows you to choose between either [a] locking your screen or [b] shutting down your computer when you arm the BusKill app from the GUI. By default, the BusKill app will trigger the lockscreen. To choose the 'soft-shutdown' trigger, open the navigation drawer, go to the Settings Screen, click Trigger, and change the selected trigger from lock-screen to soft-shutdown. For more information, see our Software GUI User Guide.

BusKill Now in Debian!

We're also happy to announce that, with the release of Debian 12, it's now possible to install BusKill in Debian with Apt!

sudo apt-get install buskill

Testers Needed!

We do our best to test the BusKill app on Linux, Windows, and MacOS. But unfortunately it's possible that our app doesn't fully function on all versions, distributions, and flavours of these three platforms.

We could really use your help testing the BusKill app, especially if you have access to a system that's not (yet) listed in our Supported Platforms.

And in this release, we specifically would like you to help us test the new soft shutdown feature. Please let us know if it does or does not work for you.

Please contact us if you'd like to help test the BusKill app :)

69
 
 

Kown your enemy (Google)

70
71
 
 

Apple will activate the controversial image scanning feature by default & let third party apps use its scanning API.

German article