I understand that it may be problematic sometimes but this was very smooth. I didn't even say anything.

A: what's your number for the whatsapp group Me: I don't have whatsapp because of facebook. B: ok, we have to use signal then A: ok

And that was it. Life can be very easy sometimes

I was listening to a Bazzell podcast where he mentions his company self hosting and maintaining a database of personal data and credentials for use in OSINT investigations. Some acquired through public sources but others acquired through leaks. Then of course there are data aggregate companies that do the same but are going on to sell this data for a profit.

What is the legality of this? Obviously acquiring publicly available data is legal, but how are these companies able to hold on to leaked usernames, passwords, and other confidential personal information. Especially those that were initially acquired through illegal means?

Neither newpipe nor libretube work for me anymore for a while now. Is there an alternative?

Edit: when using my vpn it is blocked. Without von it works fine

I was bored, so I compiled a list of 77 of my favorite open-source privacy-focused software. This ranges from Android apps to desktop apps to websites to operating systems. I scraped the programming languages used for each one from their respective repositories, and created a simple scoring system to score each programming language.

Obviously there is some bias, since Kotlin is very popular for Android apps and not much else, and it's not an exhaustive list, so some data might be off, but it was still fun to make! Just wanted to share it with all of you, in case anyone else finds it interesting.

The full ranking

Scores for each programming language

The original data

(NOTE: I am NOT looking for criticism on any choices made here)

I have been using Firefox with Ublock Origin as my main browser for a long while. Usually when I get a privacy prompt, I reject cookies, or maybe some sites that are more difficult take me a to a panel that wants me to switch off loads of individual trackers.

How does Ublock handle the cookies? Obviously some are required for site functionality, such as being logged in here, but if I accept cookies (or can't reject them) then presumably they are still accepted? Or does it accept the essential ones and delete third-party trackers?

I am a Tasker enthusiast and when I can automate something simple on my phone I like to. I set a simple task to turn off WiFi when my home network is not detected so my phone doesn't scan and report my location to businesses. However, this functionality is now nonexistent and the developer has to ask people not to one-star their app because it doesn't work. My phone is my phone and killing my ability to use it as such for whatever security theater Google is playing at is why I root my device. Anyone else still rooting for similar reasons?

Try the interactive demo.

I recently discovered a company called Flock which apparently is building a massive surveillance network. I came across a reddit post on r/sysadmin where an admin received a request to install a black box device so that law enforcement could access cameras.

https://en.m.wikipedia.org/wiki/Flock_Safety

https://www.aclu.org/news/privacy-technology/how-to-pump-the-brakes-on-your-police-departments-use-of-flocks-mass-surveillance-license-plate-readers (disclaimer: I don't support the political views of ACLU)

https://www.reddit.com/r/sysadmin/comments/1eu0fje/local_police_want_permanent_access_to_our_cameras/

I'm aware of what constitutes a decent password, but typing in 15-30 random characters each time I lock my computer screen is starting to get a bit taxing.

How secure does my user password really need to be and what are the threats to it? Does the same apply to a root-enabled user as a "regular" user when it comes to password security?

For context, my threat model doesn't need to account for real people breaking in and accessing my computer, the damage would be very contained.

Bonus question - what are the risks of having a weak password on a root user on a spare laptop on the same network as my main device that is used exclusively for web browsing? Thanks.

Hi, title's rather explanatory I think but I was considering getting a pair of TWS buds for convenience sake since cables are sometimes not an option for me. But I know a lot of modern buds make you get apps that request a large amount of questionable permissions(even if you deny them, the requests in and of itself feels like a red flag) and likely send your data away. So I was wondering if there were any options that were cleaner. Thanks for the help!

After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don't even notice there's hardening underneath. Also it protects from Google's evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don't understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven't tried GrapheneOS, try it. You won't go back to regular Android.

Not sure if true, but someone raised an issue when this was first announced. That you can no longer refuse to unlock your phone when stopped, since you'll have to unlock it to show your digital driver's license.

You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.

The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of "USDoD" stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).

Based on this class action complaint, NPD's conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.

Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).

So, yeah. I am very concerned. I'll have to figure out how to defend against this identity theft. Overall, I'm new to the privacy community, but I'm feeling like "privacy" in the United States is an absolute mess. If your data wasn't somewhere on the dark web, it might be now. Protect your data. Stay safe.

repost from: https://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux

Google's campaign against ad blockers across its services just got more aggressive. According to a report by PC World, the company has made some alterations to its extension support on Google Chrome.

Google Chrome recently changed its extension support from the Manifest V2 framework to the new Manifest V3 framework. The browser policy changes will impact one of the most popular adblockers (arguably), uBlock Origin.

The transition to the Manifest V3 framework means extensions like uBlock Origin can't use remotely hosted code. According to Google, it "presents security risks by allowing unreviewed code to be executed in extensions." The new policy changes will only allow an extension to execute JavaScript as part of its package.

Over 30 million Google Chrome users use uBlock Origin, but the tool will be automatically disabled soon via an update. Google will let users enable the feature via the settings for a limited period before it's completely scrapped. From this point, users will be forced to switch to another browser or choose another ad blocker.

Archive link

It is truly upsetting to see how few people use password managers. I have witnessed people who always use the same password (and even tell me what it is), people who try to login to accounts but constantly can't remember which credentials they used, people who store all of their passwords on a text file on their desktop, people who use a password manager but store the master password on Discord, entire tech sectors in companies locked to LastPass, and so much more. One person even told me they were upset that websites wouldn't tell you password requirements after you create your account, and so they screenshot the requirements every time so they could remember which characters to add to their reused password.

Use a password manager. Whatever solution you think you can come up with is most likely not secure. Computers store a lot of temporary files in places you might not even know how to check, so don't just stick it in a text file. Use a properly made password manager, such as Bitwarden or KeePassXC. They're not going to steal your passwords. Store your master password in a safe place or use a passphrase that you can remember. Even using your browser's password storage is better than nothing. Don't reuse passwords, use long randomly generated ones.

It's free, it's convenient, it takes a few minutes to set up, and its a massive boost in security. No needing to remember passwords. No needing to come up with new passwords. No manually typing passwords. I know I'm preaching to the choir, but if even one of you decides to use a password manager after this then it's an easy win.

Please, don't wait. If you aren't using a password manager right now, take a few minutes. You'll thank yourself later.

I am looking for an auto toggle feature for the swipe down menu. Sometimes I forget to turn off Bluetooth, location, or other toggles on the drop down menu. Is there such a way to have Bluetooth shutoff after 15 mins of inactivity? Or say Mic, camera toggle off after X time of no use, location toggle, etc. Pixel 6 Pro.

I began using invidious after every piped instances refused to play videos lately. But what I read from their docs is that my IP might get exposed to google servers while loading videos from invidious. I use rethink DNS app and in that I can see all the domains that are getting called by my browser.

I tested about five instances and none are calling googlevideo domain as mentioned in the doc. Are they proxying my requests by default or am I missing something?

No, I don't have the option proxy video turned on. I use yewtu.be as my main invidious instance.

A cookie notice that seeks permission to share your details with "848 of our partners" and "actively scan device details for identification".