251
82
submitted 2 months ago by ForgottenFlux@lemmy.world to c/privacy@lemmy.ml
252
65
submitted 2 months ago by prousername@lemmy.ml to c/privacy@lemmy.ml

253
24

I'm planning to buy a router and modem and put OpenWrt on it for maximum control and privacy. While I could get a router with an integrated DSL modem, the previous tenants had cable internet so I'm not sure if the DSL connection even works and DSL internet is also more expensive (at least where I live). Fiber optic is not available. The problem is, there is apparently no open firmware for cable modems so I would have to buy a standalone router and a standalone cable modem. I would put OpenWrt on the router and use whatever proprietary firmware came with the modem.

So my question is:
Can a standalone modem that doesn't do routing, spy on you?
If yes a rough explanation how would be appreciated.

It seems that modem and router are used interchangeably on the internet (probably because they are mostly combined) so it is really hard to find any information on modems. Here are both Wikipedia articles for reference:
https://en.wikipedia.org/wiki/Modem
https://en.wikipedia.org/wiki/Router_(computing)

254
50
255
93

I am using a Samsung phone and even with all privileges deactivated it creates "stories". This seems illegal. What is your opinion?

I know I should use a different OS than stock or even another phone brand but this is what I currently have.

256
74
submitted 2 months ago by hector@sh.itjust.works to c/privacy@lemmy.ml

(Please when answering, assume I’m not a beginner at privacy/programming :) I know where the good stuff at)

First off, shameful confession: I’m writing this on a dying yellow iPhone XR I bought second-hand three years ago (189€). I absolutely love the look of it: the screen, build quality, are all amazing. The only problem was the locked ecosystem (sideloading Spotify/Torrent client was sooo hard).

I saw the android phone of my mother dying really fast. She currently has a Xiaomi phone that’s ridiculously big for my hands, there’s advertisements in the stocks apps (?!!), the UX is janky and everything. It looks like a bloat, privacy nightmare.

So… because it’s impossible to find a jailbreakable phone nowadays I need to buy an android and ideally I would want:

  • Good screen (vivid colors)
  • Good build quality (not shitty plastic)
  • Don’t care about the camera (I don’t want those ridiculously big cameras they make nowadays)
  • Would want to install either GrapheneOS/LineageOS

The things that scare me off:

  • I really need my bank app and I need it updated so I have to use Google Play Services but I don’t want it to plague my phone with privacy bullshit (I want to be degoogled)

The things that excite me:

  • Customization possibilities
  • Learning experience
  • Even more privacy than a de-googled IOS phone :)
  • F-Droid!! (Maybe I’ll find a beautiful IRC client)
  • More choices for Mastodon & Lemmy clients
  • Freedom of free software.
  • client for open-source git providers :)

But to get all of that, I don’t want Google, I need shitty apps (non-free software) I have to install:

  • Instagram (for non-technical friends)
  • GitHub (job & open-source)
  • No-Ad Modded Spotify from Balatan
  • Discord (gamer friends)
  • Telegram (cryptobros friends)
  • Steam (because I still love gaming)

Any advices? Phone ideas? I’m so lost in this ocean of choice (freedom ✨)

My current phone:

257
124
submitted 2 months ago by fart_pickle@lemmy.world to c/privacy@lemmy.ml

I'm following several privacy focused communities. Mostly as lurker but in few I'm more active. Every time I see a posts like "how to be more private", I wonder about the reasons behind those questions. What's the reason you want to remain private (don't confuse it with being anonymous)? Could you elaborate on your reasons?

Let me start.

I worked (and still working) in a highly regulated industry as a software/devops engineer. I've been working with banks, insurance companies, global online payment companies, major credit card vendors, few global corporations. I have seen how data is gathered and (mis)used. Every time someone tells me "I'm sorry but the system..." I know it's the data gathered by the "system" and my profile created based on that data was the reason for "but". This is why I care about the privacy, to prevent companies from taking advantage of my current situation and charge me more.

258
17
submitted 2 months ago by Dop@lemmy.world to c/privacy@lemmy.ml

Lemmy start by saying I don't trust telegram in termes of privacy (pun intended). But I still use it for specific purposes and I was wondering if there is a point in using a fork privacy-wise? I's assume not since it still uses telegram servers but still curious about an explanation as to why not! Cheers

259
16
submitted 2 months ago by CyberSanitizer@lemmy.ml to c/privacy@lemmy.ml

I'm looking for a way to dump raw data from an entire phone or at least the sda block to a PC, using a method other than adb pull.

When I run adb pull /dev/block/sda sdaDump.img, it creates a dump file. To find what I need, I have to search through this raw data using a Hex Editor. If the dump comes from a fully functioning phone, I can usually find what I’m looking for because all the data is still intact.

However, I accidentally wiped the metadata partition on my phone, so the decryption keys/files are gone. Now, because of that, some folders appear empty when checked with TWRP's File Manager, even though the actual files are still there.

If I create a dump now, the raw data in the file won't be the same as when the metadata was present, and those folders weren't showing as empty.

Running adb pull /dev/block/sda sdaDump.img now results in a dump where the Hex Editor shows zeroes (no data) where these files should be.

Is there any alternative method to create a raw data dump of the sda block or entire phone storage, that will capture that data as it is (not empty folders, but the data in them), even if it's encrypted?

I don't want to create the raw data dump onto the phone storage and then transfer it to a PC, but something that works like adb pull, in the sense that it pulls the data from the phone directly onto a PC.

Thanks a lot in advance to everyone!

260
41
submitted 2 months ago by CyberSanitizer@lemmy.ml to c/privacy@lemmy.ml

I need to ask a small favor from the good people of Lemmy.ml Community.

In short, I accidentally wiped the metadata partition on my Poco F3 and now I can't boot into the OS and access my data. I have a lot of pictures, videos and other stuff that I would hate to lose, because of a mistake. But all that is still on the phone, I just can't boot the phone to access it.

Thankfully, there is a way to fix this by creating a full backup of the phone with adb, then using a HEX Editor to manually look through that gigantic file and try to find the files that were in that metadata partition.

A huge thanks to bluet33th, a user from XDA Forums, without whom I would be helpless and couldn't do any of this. It might be a bit complicated and manual process, but it is possible. He explained everything in great detail here, so check it out, especially if you are facing the same problem, this will help you tremendously: https://xdaforums.com/t/how-to-recover-data-if-metadata-partition-was-deleted.4686789/

In order to find these files and put them back where they belong, I need your help, because I have to know their names, exact sizes and at least part of their content, so that I can search for it. Because I'm searching for a specific text in a text file that is 128 GB in size.

I have already tried this on another Xiaomi phone, to make sure this procedure works on Xiaomi phones and it does, but that phone had HyperOS with Android 14 and since every phone and android version is probably different, in order to be sure, I need this information specifically for Poco F3 with Android 13.

It doesn't take long, but if you don't have the time to look inside your metadata partition and tell me which files are inside of that partition and their sizes in bytes, you can just make a backup of the metadata partition and sent it to me, and I'll do the rest of the work.

Here are the steps on how to create a backup:

  1. Turn on your phone and boot into TWRP, then connect your phone to a PC, type cmd inside Windows search and run cmd, then position cmd into your platform-tools folder (if you flashed your ROM, you should already have the necessary drivers installed for the next steps to work). For example, if your platform-tools folder on Windows is inside C:\platform-tools, all you need to type into cmd is: cd C:\platform-tools

You can also just go inside your platform-tools folder and type cmd in the address bar and the cmd will start already positioned inside that folder.

  1. Then type adb devices and you should see your device, if you do, that means that all the drivers are successfully installed and your phone is detected.

  1. Type adb pull /dev/block/by-name/metadata

  1. After that, you should see a file named metadata inside C:\platform-tools. That is the file that I'm looking for and as you can see, it takes just a few minutes to get it.

You can skip the next steps (5 and 6), but I'll explain them, just in case someone wants to extract these files for themselves, so that you have them in case something like this happens to you. Of course, you can also proceed to extract the files and tell me their names and sizes.

Here is what you need to do:

  1. Extract the content of the metadata file, you can use a software like 7-Zip. Go inside that extracted folder, then into vold > metadata_encryption > key

  2. Inside of that key folder, you should see a few files. These are the important files and save them somewhere safe in case you ever need them. Since I don't have them anymore, in order to recreate them, I need to know their exact names and sizes in bytes. You can check the size of every individual file by right clicking on the file and choosing Properties. Then look under Size, not Size on disk, and in parenthesis, you should see the size in bytes.

Please, if you could check the size of every file and write down which file has what size. I would really appreciate it.

I'm specifically looking for someone who has a Poco F3 with Android 13 and MIUI, because I'm not sure if HyperOS changed something, so maybe the number of files or their size is different. But feel free to post the information even if you have HyperOS, but please mention that, so that I am aware of it.

Thanks a lot for your help, it really means a great deal.

261
18
submitted 2 months ago by ad_on_is@lemm.ee to c/privacy@lemmy.ml

I'm looking for a service, that replicates the functionality of email aliases, but with phone numbers.

I'd imagine having one number (99999) which I then could use with suffixes like 99999-1, 99999-2, ... etc for services like WhatsApp, telegram, 2FA, etc... if such thing even exists.

262
39

I cleared up a space on the C drive and installed Linux on that partition. Can Windows see files in my Linux partition?

When i installed Linux, i didn't encrypt it but it is password protected. Thanks

263
315
submitted 2 months ago by minnix@lemux.minnix.dev to c/privacy@lemmy.ml
264
43
submitted 2 months ago by FriedRice@lemmy.ml to c/privacy@lemmy.ml

Every time I buy something online, or make an account for an example month bus ticket, they "need" my phone number. I always use alias emails, but I don't have an alias phone number. I know, there are some online phone nr service, but they mostly dosnt work, outside of the US. So I was thinking about getting me a second nr, just for thoese cases were I have to log in. I would by the nr, in cash, and there is nothing data they have to make the nr. But what are your thoughts? What do you see as pros and cons for getting a second nr.? Does it even make sense, when the simcard is in the same phone?

265
16
submitted 2 months ago by kixik@lemmy.ml to c/privacy@lemmy.ml

Hello !

I'm wondering if there's some blogging mechanism which would allow some sort of unique digital signature (PGP perhaps) to prevent personification, but which allows non traceable and fully anonymous author. Not looking for blockchain like stuff (apart from the layer Monero adds, blockchains are totally transparent, traceable and non anonymous). Not looking for bigotry, attacking people or anything like that.

The idea is to be able to share ideas, even corporate related, without being afraid of retaliations whether at work, corporations or governments. Expressing something at pubic might bring unexpected consequences, particularly if not aligned by the corporation one works on if that's the case, or might provoke AI, bots, or paid/unpaid people looking around, to include anyone in a particular list, without even warning the writer about it.

So I was looking if such thing is possible, and if it exists. Social networks of course wouldn't be an option, they're not anonymous, and at contrary can be used to cross-reference and trace people.

If such solution doesn't exist, I'm wondering if something based on gnuNet might get close, although gnuNet is not meant to make users anonymous. Or perhaps something based on i2p.

Of course the digital signature should be used exclusively for the blog posting, and can't be associated to any real email, host, or whatever...

Feedback on the blog posts should also be allowed to anonymous people with their own unique digital signatures. But this is harder, since depending on the technology, not sure if moderation would be allowed, or even if it would make sense, in which case, no blog feedback should be allowed, though no feedback is really a down side for blog posts. Maybe allowing just the original post to remove feedback. Some other down side, but that's unavoidable, is the lack of non on thread feedback, meaning giving feedback through email or any other medium, since if that was available would make the writer non anonymous...

If such thing is not available, and eventually based on something like gnuNet or i2p, most probably clients would be needed to write blogs but another one that would offer some sort of RSS/atom functionality for the blog to be accessible from current RSS/atom readers.

266
27
submitted 2 months ago* (last edited 2 months ago) by Kualk@lemm.ee to c/privacy@lemmy.ml

I don’t want to see PGP rejection based on usability. So, to level the field at user level we take Delta Chat, which uses PGP. If I understand that correctly.

I have no knowledge of telegram security at all.

267
21
submitted 2 months ago by nutomic@lemmy.ml to c/privacy@lemmy.ml
268
846
submitted 2 months ago* (last edited 2 months ago) by uberstar@lemmy.ml to c/privacy@lemmy.ml

Some of the LinkedIn Responses are direct and on-point, and also hilariously/depressingly based depending on how you look at it:

EDIT: In hindsight, I think I should've looked into posting this in a different community.. It's closer to a silly "innovation".. soo.. is this considered FUD? I also don't support smoking or vaping, especially among kids. Original title had "privacy-violating" before the "solution".

269
295
submitted 2 months ago by grid11@lemy.nl to c/privacy@lemmy.ml
270
216
submitted 2 months ago by HailSeitan@lemmy.world to c/privacy@lemmy.ml

The cops object when their tools on turned on them

271
59

I already know that private DNS is important for privacy. I'm using Quad9 btw.

But recently I hear a lot about NextDNS and similar providers that give more advanced features such as custom filters and domain blocking. I'm getting interested in that topic now as I have to use some proprietary apps with a lot of trackers in them.

However I'm really struggling to find useful information about what domains to block, what settings to use in one or another use case etc. I don't have much experience with firewalls and server stuff either which makes it even harder.

So, could anyone share some good resources on this so I can get started? Or should I just not worry about it and use a whole other system such as firewall?

272
79
submitted 2 months ago* (last edited 2 months ago) by Kalcifer@sh.itjust.works to c/privacy@lemmy.ml

Git records the local timezone when a commit is made [1]. Knowledge of the timezone in which a commit was made could be used as a bit of identifying information to de-anonymize the committer.

Setting one's timezone to UTC can help mitigate this issue [2][3] (though, ofc, one must still be wary of time-of-day commit patterns being used to deduce a timezone).

References

  1. Git documentation. git-commit. "Date Formats: Git internal format". Accessed: 2024-08-31T07:52Z. https://git-scm.com/docs/git-commit#Documentation/git-commit.txt-Gitinternalformat.

    It is <unix-timestamp> <time-zone-offset>, where <unix-timestamp> is the number of seconds since the UNIX epoch. <time-zone-offset> is a positive or negative offset from UTC. For example CET (which is 1 hour ahead of UTC) is +0100.

  2. jthill. "How can I ignore committing timezone information in my commit?". Stack Overflow. Published: 2014-05-26T16:57:37Z. (Accessed: 2024-08-31T08:27Z). https://stackoverflow.com/questions/23874208/how-can-i-ignore-committing-timezone-information-in-my-commit#comment36750060_23874208.

    to set the timezone for a specific command, say e.g. TZ=UTC git commit

  3. Oliver. "How can I ignore committing timezone information in my commit?". Stack Overflow. Published: 2022-05-22T08:56:38Z (Accessed: 2024-08-31T08:30Z). https://stackoverflow.com/a/72336094/7934600

    each commit Git stores a author date and a commit date. So you have to omit the timezone for both dates.

    I solved this for my self with the help of the following Git alias:

    [alias]
    co = "!f() { \
        export GIT_AUTHOR_DATE=\"$(date -u +%Y-%m-%dT%H:%M:%S%z)\"; \
        export GIT_COMMITTER_DATE=\"$(date -u +%Y-%m-%dT%H:%M:%S%z)\"; \
        git commit $@; \
        git log -n 1 --pretty=\"Autor: %an <%ae> (%ai)\"; \
        git log -n 1 --pretty=\"Committer: %cn <%ce> (%ci)\"; \
    }; f"
    


Cross-posts:

273
89

This is a guide I wrote for Immich's documentation. It features some Immich specific parts, but should be quite easy to adapt to other use cases.

It is also possible (and not technically hard) to self-host a protomaps release, but this would require 100GB+ of disk space (which I can't spare right now). The main advantages of this guide over hosting a full tile server are :

  • it's a single nginx config file to deploy
  • it saves you some storage space since you're only hosting tiles you've previously viewed. You can also tweak the maximum cache size to your needs
  • it is easy to configure a trade-off between map freshness and privacy by tweaking the cache expiration delay

If you try to follow it, please send me some feedback on the content and the wording, so I can improve it

274
929
submitted 2 months ago* (last edited 2 months ago) by baxster@sopuli.xyz to c/privacy@lemmy.ml

Chat control is back on the agenda again and the works is kept in secret.

Link to document

Take Action!

Edit: More information about the meeting

275
23
submitted 2 months ago by abcd@cuddly.space to c/privacy@lemmy.ml

AOSP with MicroG vs Nextdns with good lists

How better is AOSP or Graphene OS with MicroG or Sandboxed google services compared to just using NextDNS with some good filters.
I mean microg or graphene os will still connect to internet for google stuff I use. Also I can block internet access for a domain using NextDNS which is quite similiar to cutting network access in graphene OS. So how come stock android with NextDNS is less private than MicroG/GrapheneOS.
@privacy

view more: ‹ prev next ›

Privacy

31987 readers
462 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS