Hello,

I'm trying to decide whether I should upgrade to a Z790-P with Dasahro firmware. The motherboard with Dasharo firmware is about 50% free currently (not sure if it can entirely be freed, IME is also still present and can't be fully removed like the older boards). I'm only thinking about getting this board so that I can run larger LLMs locally. My OS environment is 100% FOSS, I put anything non-free into a virtual machine and use it in there.

I'm planning on adding Libreboot support for the Intel DX38BT 82X38 and the Gigabyte GA-P43T-ES3G. Both boards can be freed entirely, IME isn't present on either of these boards. The Intel board is capable of utilizing up to 8GB DDR3 ECC memory, so I can use it as my server board. The Gigabyte board can use up to 16GB DDR3 and can use CPUs like the QX9650 or even the QX9770, I plan to use it as my main desktop. I do light gaming, I already have a 7900 XTX, so I'm just going to plop it into this board once I get support added.

I already use LibreCMC and an OpenWRT network switch. I'm nearly complete, but man, I don't think I can give up using LLMs. I'm afraid of being left behind in my field. I just started working in IT and I am a bit worried if I were to restrict myself from using it. I definitely don't want to stick with using ChatGPT, hence the reason why I'm thinking about running one locally and putting it on a VPS so I can access it while away from home. Even then, I understand I would have to trust the VPS provider not to do anything bad.

I don't have a crazy threat model or anything, I'm just a nerd that likes to have control over my tech. What are your thoughts? Should I give up my FOSS environment or no?

Edit: I have a cellphone with GrapheneOS and don't use any proprietary apps. I plan on throwing it in a Faraday bag when I leave work. Every call/text would get forwarded to my laptop thats connected to my Quactel AF25 modem on the road.

The thing is, my family already has a bunch of other devices on the main network that is proprietary. So, not sure what to do really. I'm not going out of my way to convince them to switch over to FOSS lol

Cross-posted from: https://lemmy.zip/post/18686329 (the first OPSEC community on Lemmy, feel free to join us)

Guide to Determining Your Threat Model

Creating a solid threat model is an essential step in improving your operations security (OPSEC). It helps you identify potential threats, assess their impact, and prioritize your defenses. Here’s a step-by-step guide to help you develop your own threat model.

1. Define Your Assets

First, list the things you want to protect. These might include:

• Personal Information: Name, address, phone number, Social Security number, etc.
• Financial Information: Bank account details, credit card numbers, financial records.
• Digital Assets: Emails, social media accounts, documents, photos.
• Physical Assets: Home, devices (computers, smartphones, etc.).

2. Identify Potential Threats

Next, think about who or what could pose a threat to your assets. Possible threats include:

• Hackers: Individuals or groups looking to steal data or money.
• Government Agencies: Law enforcement or intelligence agencies conducting surveillance.
• Corporations: Companies collecting data for marketing or other purposes.
• Insiders: Employees or contractors who might misuse their access.
• Physical Threats: Burglars or thieves aiming to physically access your assets.

3. Assess Your Vulnerabilities

Identify weaknesses that these threats could exploit. Consider:

• Technical Vulnerabilities: Unpatched software, weak passwords, outdated systems.
• Behavioral Vulnerabilities: Poor security habits, lack of awareness.
• Physical Vulnerabilities: Insecure physical locations, lack of physical security measures.

4. Determine the Potential Impact

Think about the consequences if your assets were compromised. Ask yourself:

• How critical is the asset?
• What would happen if it were accessed, stolen, or damaged?
• Could compromising this asset lead to further vulnerabilities?

5. Prioritize Your Risks

Based on your assessment, rank your risks by considering:

• Likelihood: How probable is it that a specific threat will exploit a particular vulnerability?
• Impact: How severe would the consequences be if the threat succeeded?

6. Develop Mitigation Strategies

Create a plan to address the most critical risks. Strategies might include:

• Technical Measures:

  • Use strong, unique passwords and enable two-factor authentication.
  • Keep your software and systems up to date with the latest security patches.
  • Use encryption to protect sensitive data.

• Behavioral Measures:

  • Be cautious with sharing personal information online.
  • Stay informed about common scams and phishing tactics.
  • Regularly review your privacy settings on social media and other platforms.

• Physical Measures:

  • Secure your devices with locks and use physical security measures for your home or office.
  • Store sensitive documents in a safe place.
  • Be mindful of your surroundings and use privacy screens in public places.

7. Continuously Review and Update

Your threat model isn’t a one-time project. Review and update it regularly as your situation changes or new threats emerge.

Example Threat Model

1. Assets:

   • Personal Information (e.g., SSN, address)
   • Financial Information (e.g., bank accounts)
   • Digital Assets (e.g., emails, social media)
   • Physical Assets (e.g., laptop, phone)

2. Threats:

   • Hackers (e.g., phishing attacks)
   • Government Agencies (e.g., surveillance)
   • Corporations (e.g., data collection)
   • Insiders (e.g., disgruntled employees)
   • Physical Threats (e.g., theft)

3. Vulnerabilities:

   • Weak passwords
   • Outdated software
   • Sharing too much information online
   • Insecure physical locations

4. Potential Impact:

   • Identity theft
   • Financial loss
   • Loss of privacy
   • Compromise of additional accounts

5. Prioritize Risks:

   • High Likelihood/High Impact: Weak passwords leading to account compromise.
   • Low Likelihood/High Impact: Government surveillance leading to loss of privacy.

6. Mitigation Strategies:

   • Use a password manager and enable two-factor authentication.
   • Regularly update all software and devices.
   • Limit the amount of personal information shared online.
   • Use a home security system and lock devices.

It all comes from Arizona. Ive never been to Arizona. My phone number isnt anywhere near Arizona. One year, I replied STOP to every text. Nothing stopped. Now I just cuss them out and block them, but it still persists. I wrote an email to the Arizona Republican's main office and demanded my number be removed from thier canvassing. Crickets. More spam. 3 today alone. I am so tired of this shit. It doesnt help that I think conservatives are pieces of shit and I am a member of a marginalized community that they are targeting with hate and discriminative laws.

In the browser, i didn't login in the google account, and I didn't accept the cookies on that site. Using privacybadger that supposedly should block the 3rd party spyware like that

I only just thought of this. I have the same cartoon-y profile pic from a foreign TV show on a bunch of my accounts, I wonder if its unique enough and worth tracking.

The Spanish government has a plan to prevent kids from watching porn online: Meet the porn passport.

Officially (and drily) called the Digital Wallet Beta (Cartera Digital Beta), the app Madrid unveiled on Monday would allow internet platforms to check whether a prospective smut-watcher is over 18. Porn-viewers will be asked to use the app to verify their age. Once verified, they'll receive 30 generated “porn credits” with a one-month validity granting them access to adult content. Enthusiasts will be able to request extra credits.

You have to request more porn credits from the government if you need more? Don't want the government to be tracking this data of you. This is a privacy issue

cross-posted from: https://lemmy.zip/post/18581354

Privacy measures apparently helping criminals evade capture

Mainstream platforms such as Meta and X have accumulated a near-universal audience that is the root of all their evil. From sentiment analysis mass experiments to propagandistic political advertising. Things are worse in third countries where they are even less moderated. So I was thinking that as long as FOSS/Privacy is just geeky and elitist they just keep doing business as usual, from enshitification to fascism. Additionally, people have moved their political posting, scheduling, discussion online, so this gives them more power. Like seeing anarchist groups on Facebook is cringe, but some insist that "that is where the mass is, perhaps we move to Instagram to get to more Zedders". Whaaaat? Questions: What tactics could be used to move people en masse away from mainstream platforms, and more generally, do you think there is a point in it?

Couple of months prior, I read an article on Mozilla, where they did a research on automakers and found none comply to good privacy measures. I am planning to buy a used car. I want to know how the data is collected and transmitted.

The car comes with a connected app though I am not planning to use it. It also has apple car play and android auto. Should I use those? The article states some manufacturers even records sexual activities. How are they transmitting these informations? Through connected phones?

My use is fairly basic, I want to use the Bluetooth audio system in the car for listening to music on my phone. I use maps on my phone.

What about car servicing? Can they access stored information?

I can't find any articles or posts talking about this anywhere, so I just wanted to share a post about it. I received an email on July 2 from Afterpay about an upcoming change to the privacy policy which will take affect on August 1, 2024. I used a website to compare the text of the old policy with the text of the new, and found that they are now introducing targeted advertising. They harvest personal information about you and share them with third-parties and partners in order to serve you with personalized ads within the Afterpay app. They track information such as your spending habits and how you interact with their marketing messages, and they now also combine all of your personal information they have collected about you to profile you, they also get information about you from third-parties. Quoted from the updated policy:

Information from third parties about you, such as identity, preferences and inferences about you...

Just wanted to share this, since I can't find any discussion of it online. Here's a link to the policies if you want to check it out. These are Wayback Machine links.

Current Policy (As of April 2, 2024)

Upcoming Policy (Effective Aug 1, 2024)

By data I mean anything / everything: telemetry, contents in emails and files, and other user data. My school uses Google Workspace and I don't like the idea of having to depend on it but I can't change that. Give me tips and advice.

https://github.com/umutcamliyurt/TimeLockCrypt

I'd like to track hurricanes. All the apps I see collect all kinds of personal data. I just go to NOAA to see the advisories, but wondering if there is something better.

Edit: OS is Android 14 Edit: looking for radar (probably) or some other feature to track hurricanes (I don't know what tools there are besides radar, but if there's something else I'm interested).

So, Telegram has launched horrible ads that look a lot like spam to me. At least in my channels it's typically some crypto bullshit. So, I wonder if people know about alternatives to the subscription service for blocking them? Sadly, Forkgram won't offer that option and it doesn't seem to be allowed. However, I wonder if there are still forks out there which block the ads? Or do people know of alternative options?

Some talk about the privacy of the digital euro has been made. Some people said that your transactions are going to be tracked. Should an european worry about it? Would GNU Taler be a possible solution?

And it's not like the digital euro is some dream, it will become reality soon.