I like Techlore (https://www.techlore.tech if you don't know) and I usually regard them as one of the most impartial and most trustworthy Youtubers out there. But for the past few months, I couldn't help noticing their somewhat heavy bias towards some of their video sponsors. Still, everybody has to eat right?

This time though, it looks like Synology flew them over to Taiwan, and if you watch their video at the event, it's wall-to-wall Synology shilling. I'm really disappointed.

So many people here will go though great lengths to protect themselves from fingerprinting and snooping. However, one thing tends to get overlooked is DHCP and other layer 3 holes. When your device requests an IP it sends over a significant amount of data. DHCP fingerprinting is very similar to browser fingerprinting but unlike the browser there does not seem to be a lot of resources to defend against it. You would need to make changes to the underlying OS components to spoof it.

What are everyone's thoughts on this? Did we miss the obvious?

https://www.arubanetworks.com/vrd/AOSDHCPFPAppNote/wwhelp/wwhimpl/common/html/wwhelp.htm#href=Chap2.html&single=true

I only have warehouse mgmt work experience(which means all IT responsibilities fall on me), but I can't keep away from various programming projects.

I've only dipped into the privacy-sphere of software in the last 2 years, but I've found a earnest passion in my pursuits. My obsessiveness has bled into most friends asking why I haven't pivoted my career, and I don't have a good answer other than I assumed there's no money to be made in it since I never finished my college CS degree.

I will code and continue my projects regardless, but was hoping this community could offer some advice or there experiences with similar endeavors. Thanks

So I have recently found out about forward email just a few months ago.

I am currently using tuta as my email provider, and I have been doing so for the last three years. But I am not very happy with the closed ecosystem and locking of basic features behind paywalls.

So I decided to give forwardemail a go after reading about it on free software foundation's webmail systems (this is a web archive link, more on that later)

Now the thing is, the service works. But things don't really feel legit. They claim to have thousands of users but there's surprisingly little information about them other than their own website. The branding seems completely generic and pretty much all of their code seems to be coming from one single account with no real information.

There's a couple reviews about them on trust pilot but the positive ones mostly come from accounts where the only review is for forwardmail.net

I've read some discussion about them getting recommended on privacy guides, they sounded very professional and mentioned even wanting to get auditioned, but to the best of my knowledge that has not happened yet (please correct me if I am wrong). Worse than that they seemed to stop replying to the thread a couple months ago.

Finally, I realized today that FSF has removed their recommendation for forwardemail from their website

In conclusion, I have tested and the service does work, but I can't tell if there is something shady happening. What do you all think?

Not sure if this is the right mag, but m/proton has very few members. lmk if i should move/delete this, thanks

I'm on proton unlimited and I turned on Dark Web Monitoring. I figure since i use bitwarden for my password manager, i need to manually sync my passwords so proton can monitor for them. what about more important stuff like adresses, DOB, SSN, etc? proton says here that they can monitor for all that stuff, but how, if they dont have it?

cross-posted from: https://feddit.org/post/317047

in February 2024, the EU Parliament adopted the eIDAS regulation, creating the framework for a "European Digital Identity Wallet". This digital Wallet will enable citizens to identify themselves in a legally binding manner, both online and offline, sign documents, login into websites and share personal data about them with others. Recently, the European Commission published the Architectural Reference Framework (ARF) 1.4 for the technical implementation of the Wallet.

The success of the EU Digital Identity Wallet depends on its ability to gain citizens' trust and establish a resilient infrastructure in our current data-driven economy.

"However, after our analysis, we believe that this goal has been missed," says the digital rights group Epicenter Works.

"We see severe shortcomings in the ARF that either contradict the regulation or ignore important elements of it. These issues, if left unaddressed, could significantly undermine user rights and privacy."

Isn't the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don't many two factor auth apps seem to support syncing? If it's fine to do so, are there any open source cross platform apps that sync keys?

Curious What folks think about Banks Bill Pay feature?

My thoughts, some Banks use third parties to service bill payments, and request ebills. Seems like end user would be opening themselves to data harvesting by third party. Additionally, in my experience when one disables ebill requests, there is no confirmation sent from ebill payee that data is no longer shared with the third party.

Hello, I wrote a mail template which I send to websites that don't have an easy process of deleting an account.

Maybe it helps you, maybe you will use it too for when you want to delete your unused accounts and maybe you can contribute to it. The better the message gets and the more websites offer an easy way to delete accounts, the safer we'll be online.

If you can influence the deletion policy, please read on. Otherwise, please forward this to someone that can influence this process.

It's better for the business to offer an easy way to delete an account. Ideally, it would be good to delete accounts which weren't active for more than say 5 years, with a mail notification beforehand. Why? Here are the main reasons:

• There are higher operation and maintenance costs because you have unused accounts in your databases.
• The services load slower, with a performance penalty, because each user-related query has to go through many unused users.
• The people opinion of your services decreases, because you don't offer an easy way to delete accounts
• People might change their mail to a throw-away address and leave the account open, thus producing more waste than necessary.
• In case of a security breach, the amount of compromised data is higher than in case you regularly delete accounts, which might lead to financial penalties.
• The information you get out of a database with active accounts is much more precious than the information from a stale database, or one with obsolete data.

I hope this information helps and that you will change your policy of deleting accounts. Each website that does this, contributes to a better, safer ecosystem.

All I found was this comment about the difference.

Premium domain is only available when you have premium, because fewer people pay and fewer people use it, so there is less abuse and the domain name has better reputation, so when you public domain is not working, using the premium domain may be able to register.-

Hello! what is the best setup for creating content without compromising my privacy? i am aware of most opsec stuff but i have some questions:

• how do i use 2FA without giving YouTube my phone number?
• how big of an identifier is my voice? should i use a voice filter?

thanks.

https://reddit.com/r/privacy/comments/v624di/apple_tracks_you_even_if_you_dont_have_apple/

We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

So in the new upcoming major feature update for IOS, Apple is adding RCS support in there messaging app. What are the privacy implications of adopting RCS?

Is there any other apps that have RCS support on Android other than Google's own messaging app?

The reason for my asking is because I was considering migrating my relatives' messaging app to a RCS supported one because they will probably most likely enjoy the extra bandwidth of RCS.

Note, they're already using Signal, Telegram, and WhatsApp for most of their conversations.

Hello, making this post to get some honest, and technical opinions about GrapheneOS. Please do not be bother by this question. No drama here pls 🙏. I've heard that there is some of the google code into the "sandbox" feature. Say your opinion below! 👇👇

cross-posted from: https://lemmy.sdf.org/post/18833721

I hate that groups like the ACLU have to defend nazi scum to protect my liberties. Better that the government not violate our rights in the first place, but in lieu of that, even nazi scum is subject to the same rights and due process as any other citizen. However, I wouldn’t mind if they got pantsed a couple of times by their lawyers.

Is there a WiFi camera with an app for viewing when away from home, that has decent privacy? Plug and play would be nice. Limited time to do major setup as in 2 hours tops. Cost is fine nothing into 4 digits. Recording not neccesary. No storage is needed. Simple live viewing is all.

Fingerprinting works by collecting bits of information about the browser and device to identify users. Couldn't browsers see when a website gets such info with JS and either prevent or ask permission from the user for the website to make HTTP requests to upload such information to the website. Idk if they do something like this already.

iOS is very good about sandboxing and only letting apps run things while the app is open and focused on. It shows green and orange dots when the camera or mic is being used, and none of my use them without saying so and they only do so when they actually need them. If that is the case, are there any potential privacy issues with it?

Hi,

A friend wants to degoogle his phone, so I suggested the OS I'm currently using. The one we can't talk about... He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I'm afraid that planned obsolescence may kill the phone rather soon. What's your opinion?

Cheers and thank you for your help,