Hi, my post is focusing specifically on YouTube since I observed the following categories have less intrusive solutions or privacy focused solutions, even if they are paid:

• Operating Systems (Linux, for example)
• Instant Messaging (Element, for example)
• Community Messaging (Revolt, for example)
• E-Mail (Proton, for example)
• Office (libreoffice, for example)
• Password Managers (Bitwarden, for example)

However, how do we distribute videos and watch them without data collection? I am NOT asking how do I use a privacy-focused front-end for YouTube, by the way, I am aware they exist.

I am wondering how we obtain a FOSS solution to something super critical such as YouTube. It is critical since it contains a lot of educational content (I'd wager more than any other platform), and arguably the most informative platform, despite having to filter through a lot of trash. During COVID, we even saw lecturers from universities upload their content on YouTube and telling students to watch those lectures. (I have first-hand experience with this at a respectable university).

I refuse to accept that there is nothing we can do about it.

Been stuck in this place for a while now. I checked for Windows updates and installed the Android LeMobile driver a few minutes ago. Should I wait until the bootloader interface appears or do I press “reboot system / reboot to bootloader interface”?

Take action

I tried Startpage and Searx but when I search things celebrity info or health conditions, the kind of searches where Google and other 1st party search engines would show info cards on the right, they show them on the left above all the search results rather than on the right side like Google search does. Its bad design because I have to scroll down to see the results when I wouldn't have to otherwise, and I'm used to the Google search layout, it probably takes some getting used to for other people as well. Its a waste of screen real estate on wide screens, it looks like the UI was made for mobile only.

Howdy privacy experts,

I'm trying to de-google myself, what are your thoughts on HERE We Go? I have OsmAnd which I love for hiking and so on but it doesn't offer traffic altered directions since it can't look at overlays for routing.

I know HERE We Go is owned by car companies but it seems to be the best I can do, thoughts?

I'm eligible for the US Lifeline program to get a phone number for free. I would use it on websites that require a phone number, like Discord, which doesn't accept numbers on services like Google Voice, and replace my personal phone number with it wherever necessary. And I would start using my personal phone number only with friends and family. I would NOT be using a provided lifeline phone, but rather a sim on my iPhone.

SimpleLogin doesn't allow too many aliases for a given site like Reddit, even with a custom domain. I get that services don't want to ruin their own email domains, but I should be allowed to do whatever I want with my own domain.

I don't know if there are other ways to use Reddit without using its own client, but I wanted to inform you.

cross-posted from: https://beehaw.org/post/14909762

It seems YT started another attempt at blocking alternative clients. They changed something in their API and both SmartTube and Tubular (NewPipe fork) are completely broken. Apparently it started happening this past week, but we personally just felt it today.

Edit: SmartTube already has an update but still not working for 4K videos it seems. Tubular still not working but it might be due to the upstream (NewPipe) is still working on a fix.

I want to use Telegram on the web without needing to have a desktop or mobile app installed. I only rarely use Telegram.

I've gotten prepaid sims for things but obviously that's not really a feasible method for your main life phone.

A U.S. government agency tasked with supporting the nation’s nuclear deterrence capability has bought access to a data tool that claims to cover more than 90 percent of the world’s internet traffic, and can in some cases let users trace activity through virtual private networks, according to documents obtained by 404 Media.

If you quit YouTube then you also quit all the content on YouTube that isn't elsewhere. The best solution if you still want to use it is to use 3rd party apps. Personally I would actually count that as having no reliance on Google in particular anymore. If a video platform owned by Google wasn't the most popular then it would be another platform. I don't think you should think of 3rd party apps as YouTube frontends, but rather, apps that scrape videos hosted on Google's servers.

cross-posted from: https://programming.dev/post/16595505

• Home routing and encryption technologies are making lawful interception harder for Europol
• PET-enabled home routing allows for secure communication, hindering law enforcement's ability to intercept and monitor communications
• Europol suggests solutions such as disabling PET technologies and implementing cross-border interception standards to address the issue.

I'm asking for existing tools/systems that let me programmatically say: "here is my public key, BUT if each of these 5 other public keys all send a signed message saying that my public key has been compromised, then you should mark my public key as compromised, and use the new one they provide". (This is not for a particular task, I'm just curious if any existing auth systems are capable of this)

I call the idea "guardian keys" because it could be friends' public keys or or just more-securely-stored less-frequently-used keys that you control.

NOTE: I know this would not work for data encryption. Encrypted data is simply gone if a key is lost. But, for proving an identity, like a login, there could be a system like this but I don't know of any

A while ago I reached a point in my privacy journey where I simply felt bored. It's not a result of going too far in privacy, but simply my threat model has caused me to let go of a lot of things that used to entertain me (games, movie streaming, short form video, etc.) The entertainment landscape in privacy seems pretty bleak, since you no longer own the movies you watch, the games you play, and lots of proprietary software along the way. I entertain myself through FreeTube, physical copies of movies, and offline installations of games like Minecraft, but it's still a step down from how it used to be.

What do you do to keep yourselves entertained in a privacy conscious way?

I rarely use my smartphone and find it a bit annoying to have to use it for 2FA through apps. I wish to get physical passkeys that will allow me to login to my laptop.

I have heard of YubiKey although I haven't given it any serious consideration since it is closed source. (My super-tin-foiled friend who introduced me to this world of privacy taught me to never trust a closed-source solution... _long _ story).

Are there any FLOSS versions of Yubikey? Can they be used to log into a Linux machine? Or for banking?

On P2P payments from their FAQ: "While the payment appears to be directly between wallets, technically the operation is intermediated by the payment service provider which will typically be legally required to identify the recipient of the funds before allowing the transaction to complete."

How about, no? How about me paying €50 to my friend for fixing my bike doesn’t need to be intermediated, KYCed, and blocked if they don't approve of it or know who the recipient is? How about it’s none of the government’s business how I split the bill at dinner with friends? This level of surveillance is madness, especially coming from an app that touts "privacy" as a feature.

GNU Taler is a trojan horse to enable CBDC adoption. They are the friendly face to an absolutely terrifying level of government control in our lives funded by the same government that tries every year to implement chat control. Imagine your least favourite political party gaining power. Now imagine they can see and control every transaction you make. No thanks.

Hey guys, I have been seeing a lot of people talking good things about noscript, I have a few questions about it:

• Why isn't it open source? Is there a open source alternative? To me this kinda feels suspicious, installing an extension that can affect all tabs from outside the Mozzila store, while not even open source...
• How to minimize damage? After briefly trying it on, I couldn't interact with lemmy anymore, many websites lost their dark mode, youtube wasn't pausing the video, nor was the like button working...
• Is it really needed? What kind of threat model makes something like that needed? Wouldn't it be possible to just add other sources for uBlock to block tracking scripts or something?

Cross-posted from: https://lemmy.zip/post/18686329 (the first OPSEC community on Lemmy, feel free to join us)

Guide to Determining Your Threat Model

Creating a solid threat model is an essential step in improving your operations security (OPSEC). It helps you identify potential threats, assess their impact, and prioritize your defenses. Here’s a step-by-step guide to help you develop your own threat model.

1. Define Your Assets

First, list the things you want to protect. These might include:

• Personal Information: Name, address, phone number, Social Security number, etc.
• Financial Information: Bank account details, credit card numbers, financial records.
• Digital Assets: Emails, social media accounts, documents, photos.
• Physical Assets: Home, devices (computers, smartphones, etc.).

2. Identify Potential Threats

Next, think about who or what could pose a threat to your assets. Possible threats include:

• Hackers: Individuals or groups looking to steal data or money.
• Government Agencies: Law enforcement or intelligence agencies conducting surveillance.
• Corporations: Companies collecting data for marketing or other purposes.
• Insiders: Employees or contractors who might misuse their access.
• Physical Threats: Burglars or thieves aiming to physically access your assets.

3. Assess Your Vulnerabilities

Identify weaknesses that these threats could exploit. Consider:

• Technical Vulnerabilities: Unpatched software, weak passwords, outdated systems.
• Behavioral Vulnerabilities: Poor security habits, lack of awareness.
• Physical Vulnerabilities: Insecure physical locations, lack of physical security measures.

4. Determine the Potential Impact

Think about the consequences if your assets were compromised. Ask yourself:

• How critical is the asset?
• What would happen if it were accessed, stolen, or damaged?
• Could compromising this asset lead to further vulnerabilities?

5. Prioritize Your Risks

Based on your assessment, rank your risks by considering:

• Likelihood: How probable is it that a specific threat will exploit a particular vulnerability?
• Impact: How severe would the consequences be if the threat succeeded?

6. Develop Mitigation Strategies

Create a plan to address the most critical risks. Strategies might include:

• Technical Measures:

  • Use strong, unique passwords and enable two-factor authentication.
  • Keep your software and systems up to date with the latest security patches.
  • Use encryption to protect sensitive data.

• Behavioral Measures:

  • Be cautious with sharing personal information online.
  • Stay informed about common scams and phishing tactics.
  • Regularly review your privacy settings on social media and other platforms.

• Physical Measures:

  • Secure your devices with locks and use physical security measures for your home or office.
  • Store sensitive documents in a safe place.
  • Be mindful of your surroundings and use privacy screens in public places.

7. Continuously Review and Update

Your threat model isn’t a one-time project. Review and update it regularly as your situation changes or new threats emerge.

Example Threat Model

1. Assets:

   • Personal Information (e.g., SSN, address)
   • Financial Information (e.g., bank accounts)
   • Digital Assets (e.g., emails, social media)
   • Physical Assets (e.g., laptop, phone)

2. Threats:

   • Hackers (e.g., phishing attacks)
   • Government Agencies (e.g., surveillance)
   • Corporations (e.g., data collection)
   • Insiders (e.g., disgruntled employees)
   • Physical Threats (e.g., theft)

3. Vulnerabilities:

   • Weak passwords
   • Outdated software
   • Sharing too much information online
   • Insecure physical locations

4. Potential Impact:

   • Identity theft
   • Financial loss
   • Loss of privacy
   • Compromise of additional accounts

5. Prioritize Risks:

   • High Likelihood/High Impact: Weak passwords leading to account compromise.
   • Low Likelihood/High Impact: Government surveillance leading to loss of privacy.

6. Mitigation Strategies:

   • Use a password manager and enable two-factor authentication.
   • Regularly update all software and devices.
   • Limit the amount of personal information shared online.
   • Use a home security system and lock devices.