I only have warehouse mgmt work experience(which means all IT responsibilities fall on me), but I can't keep away from various programming projects.

I've only dipped into the privacy-sphere of software in the last 2 years, but I've found a earnest passion in my pursuits. My obsessiveness has bled into most friends asking why I haven't pivoted my career, and I don't have a good answer other than I assumed there's no money to be made in it since I never finished my college CS degree.

I will code and continue my projects regardless, but was hoping this community could offer some advice or there experiences with similar endeavors. Thanks

Isn't the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don't many two factor auth apps seem to support syncing? If it's fine to do so, are there any open source cross platform apps that sync keys?

Not sure if this is the right mag, but m/proton has very few members. lmk if i should move/delete this, thanks

I'm on proton unlimited and I turned on Dark Web Monitoring. I figure since i use bitwarden for my password manager, i need to manually sync my passwords so proton can monitor for them. what about more important stuff like adresses, DOB, SSN, etc? proton says here that they can monitor for all that stuff, but how, if they dont have it?

cross-posted from: https://feddit.org/post/317047

in February 2024, the EU Parliament adopted the eIDAS regulation, creating the framework for a "European Digital Identity Wallet". This digital Wallet will enable citizens to identify themselves in a legally binding manner, both online and offline, sign documents, login into websites and share personal data about them with others. Recently, the European Commission published the Architectural Reference Framework (ARF) 1.4 for the technical implementation of the Wallet.

The success of the EU Digital Identity Wallet depends on its ability to gain citizens' trust and establish a resilient infrastructure in our current data-driven economy.

"However, after our analysis, we believe that this goal has been missed," says the digital rights group Epicenter Works.

"We see severe shortcomings in the ARF that either contradict the regulation or ignore important elements of it. These issues, if left unaddressed, could significantly undermine user rights and privacy."

Hello, I wrote a mail template which I send to websites that don't have an easy process of deleting an account.

Maybe it helps you, maybe you will use it too for when you want to delete your unused accounts and maybe you can contribute to it. The better the message gets and the more websites offer an easy way to delete accounts, the safer we'll be online.

If you can influence the deletion policy, please read on. Otherwise, please forward this to someone that can influence this process.

It's better for the business to offer an easy way to delete an account. Ideally, it would be good to delete accounts which weren't active for more than say 5 years, with a mail notification beforehand. Why? Here are the main reasons:

• There are higher operation and maintenance costs because you have unused accounts in your databases.
• The services load slower, with a performance penalty, because each user-related query has to go through many unused users.
• The people opinion of your services decreases, because you don't offer an easy way to delete accounts
• People might change their mail to a throw-away address and leave the account open, thus producing more waste than necessary.
• In case of a security breach, the amount of compromised data is higher than in case you regularly delete accounts, which might lead to financial penalties.
• The information you get out of a database with active accounts is much more precious than the information from a stale database, or one with obsolete data.

I hope this information helps and that you will change your policy of deleting accounts. Each website that does this, contributes to a better, safer ecosystem.

All I found was this comment about the difference.

Premium domain is only available when you have premium, because fewer people pay and fewer people use it, so there is less abuse and the domain name has better reputation, so when you public domain is not working, using the premium domain may be able to register.-

Hello! what is the best setup for creating content without compromising my privacy? i am aware of most opsec stuff but i have some questions:

• how do i use 2FA without giving YouTube my phone number?
• how big of an identifier is my voice? should i use a voice filter?

thanks.

https://reddit.com/r/privacy/comments/v624di/apple_tracks_you_even_if_you_dont_have_apple/

We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

So in the new upcoming major feature update for IOS, Apple is adding RCS support in there messaging app. What are the privacy implications of adopting RCS?

Is there any other apps that have RCS support on Android other than Google's own messaging app?

The reason for my asking is because I was considering migrating my relatives' messaging app to a RCS supported one because they will probably most likely enjoy the extra bandwidth of RCS.

Note, they're already using Signal, Telegram, and WhatsApp for most of their conversations.

Hello, making this post to get some honest, and technical opinions about GrapheneOS. Please do not be bother by this question. No drama here pls 🙏. I've heard that there is some of the google code into the "sandbox" feature. Say your opinion below! 👇👇

cross-posted from: https://lemmy.sdf.org/post/18833721

I hate that groups like the ACLU have to defend nazi scum to protect my liberties. Better that the government not violate our rights in the first place, but in lieu of that, even nazi scum is subject to the same rights and due process as any other citizen. However, I wouldn’t mind if they got pantsed a couple of times by their lawyers.

Is there a WiFi camera with an app for viewing when away from home, that has decent privacy? Plug and play would be nice. Limited time to do major setup as in 2 hours tops. Cost is fine nothing into 4 digits. Recording not neccesary. No storage is needed. Simple live viewing is all.

Fingerprinting works by collecting bits of information about the browser and device to identify users. Couldn't browsers see when a website gets such info with JS and either prevent or ask permission from the user for the website to make HTTP requests to upload such information to the website. Idk if they do something like this already.

iOS is very good about sandboxing and only letting apps run things while the app is open and focused on. It shows green and orange dots when the camera or mic is being used, and none of my use them without saying so and they only do so when they actually need them. If that is the case, are there any potential privacy issues with it?

Hi,

A friend wants to degoogle his phone, so I suggested the OS I'm currently using. The one we can't talk about... He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I'm afraid that planned obsolescence may kill the phone rather soon. What's your opinion?

Cheers and thank you for your help,

I've been looking at using email aliases services, and right now I'm thinking of using Simplelogin for all my online accounts and accounts where I can change my email easily, and getting my own domain to share with people and where I can't easily update my email. It seems like I shouldn't use my own domain for online services because it would be unique and can be tracked.

I did lots of reading about this and am still wondering why someone would want to opt for catch-all domains over aliases. Catch-alls seem highly susceptible to spam and while I haven't actually done any email aliasing yet, it doesn't seem to take much effort to make a new alias if you have a plan with unlimited aliases.