After the podcast show The Privacy, Security, & OSINT Show stopped putting out episodes, I've been on the lookout for other ones. Just stumbled upon The Lockdown (Practical Privacy & Security) and it seems rather good based on the first episode I listened to so thought i'd share it. But am still looking for more as I am a big podcast listener, so please do recommend any privacy focused podcasts 🕵️

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

The wipe does not require a reboot and cannot be interrupted. It can be set up at Settings > Security > Duress Password in the owner profile. Both a duress PIN and password will need to be set to account for different profiles that may have different unlock methods.

Note that if the duress PIN/Password is the same as the actual unlock method, the actual unlock method always takes precedence, and therefore no wipe will occur.

Source: https://grapheneos.org/features#duress

Not a surprise but man

Hi all,

I haven't used Discord in a while, but it became so that now I have to use it for communication with certain people getting support for some services that I use. What I'm doing currently is:

• using a separate randomised e-mail address only for the Discord account
• using a randomly generated username
• no profile picture
• tweaking the settings as best I can for privacy

Other than these points, I'm also being wary of talking about anything personal on Discord. Would you add anything so I can be even safer when using Discord?

Email aliasing is one of the most underrated privacy techniques that has yet to go mainstream. For the privacy-conscious user, it offers a degree of separation between all your accounts, making it harder for data brokers to correlate your various accounts across different services by not using the same email address to sign up. For security, the same technique can also help defeat credential stuffing while obscuring your true email address, which is the central hub where all your identities can be managed (and the email address itself is literally half of the login information a would-be attacker would need to attempt to login). Your inbox is a critical thing to protect since a breach can offer information about additional accounts you have (via the emails already sitting in your inbox like updates, notifications, sign-in verifications, etc) as well as allowing an attacker to simply hit “reset password” on websites where you already have an account and thus take them over. As for mainstream users, the biggest advantage is probably the ability to manage spam more effectively – particularly from companies who refuse to respect opt-out links – from a single inbox, rather than having one inbox for professional use, then logging out and back into another for online shopping, then another for personal or newsletters, and so forth or simply having to give up and hope the spam filters don’t falsely flag anything important (or let junk though). Email aliasing makes effectively managing and controlling your inbox incredibly easy. With that in mind, this week, let’s examine some popular email aliasing services that the privacy community has to offer.

Hi everyone, I did stumble across adguard and was thinking about buying a family lifetime license (for the apps, not talking about adguard home here).

I really like that there is a tracking blocker included, the app looks clean and easy to use for all family members. They also have an app for android TV which might be interesting.

I trust on pihole and ublock origin, but I am unsure about aguard (in general unsure about privacy oriented companies). When it comes to privacy and security I always try to go for community-driven open source projects.

What are your opinions on adguard? You think it's safe/worth to use?

cross-posted from: https://lemmy.world/post/16102424

Hi all,

Quiblr now has personalized post feeds for Lemmy!

I haven't seen a "recommended feed" feature anywhere else in the fediverse but I thought I would take a crack at building it!

My goal was to make a privacy-focused recommendation engine that tailors your experience based on the content you interact with. None of the data leaves your device. You don't even need to log in for it to work

• You can turn it off or tune your feed in the settings
• Each post now also includes a show me more/less button

I would LOVE feedback from folks if you get a chance to try it out!

This was really fun to build so let me know if there are any questions!

PS: Let me know if someone else has built this feature for the fediverse - then I will change the title to not claim "the first" lol

Chatmail makes e-mail cheap again

new chatmail-based instant onboarding system, e-mail addresses are becoming, like in the early 2000s, cheap and virtually free. But this time around, there is no company posturing to “do no evil” luring everyone to their central “ethical” service and then drop the pretense soon after. Running a chatmail server is a cheap activity that we want people to be able to do on the side and on low-end hardware all across the world. Chatmail is best described as an ephemeral end-to-end encrypted messaging routing system running at Internet-scale.

I need my work emails on my mobile. They only work with Exchange/Activesync. IMAP is not an option. Is there a good, privacy respecting app for Android out there? I would like if I could use the same app for my other E-Mails which all use IMAP. I now use Gmail, but I hate the unnecessary connection with the big G. I'd also prefer not to use Outlook (mobile) because it (might) send your credentials to MS.

As the week draws to a close, clients of Cencora and The Lash Group have been submitting breach notifications to state attorneys general.

The Lash Group partners with pharmaceutical companies, pharmacies, and healthcare providers to facilitate access to therapies through drug distribution, patient support and services, business analytics and technology, and other services. Their substitute notice explains that based on their investigation, personal information including personal health information was affected, “including potentially first name, last name, date of birth, health diagnosis, and/or medications and prescriptions.”

With only partial numbers from some clients available, there are already 542,062 patients affected. When full numbers are revealed, the grand total for this incident will likely be significantly higher. (See UPDATE below)

Update 1: Added Johnson & Johnson entries and Abbott entry, bringing current partial total affected to 717,723 for 18 clients.

Update 2: Added Amgen, but no numbers available, so partial total remains at 717,723 but for 19 incidents.

Pretty much the title. I'm trying to find some ammunition to fight my HOA on wasting our money. They make us use an app to gain access to amenities, and I want to see what telemetry the app sends back or what it may track.

I tried TrackerControl, but the app (alarm.com) doesn't pop up in its feed.

I've long been annoyed that everyone, including myself uses Paypal/ Venmo for moving money around. What alternatives do you find useful? Here's a list (https://alternativeto.net/software/venmo/). GNU Taler looks viable (https://taler.net/en/index.html). I would love to have your thoughts!

Edit: Thanks for everyone's input. I really appreciate it. <3

Hi privacy community. I genuinely want to hear from both people who are very private and those who didn't go to such an extent.

I started my journy since high school and replaced a lot of stuff since then.

Ditched most of Google's app . Only 2~3 apps on my phone require google play store(Banking/School's app/ Train ticket).

Switched to Protonmail + Email alias, and manage my passwords with Bitwarden.

Got off social media and made sure I removed all data that can be found about me in quick Google searches.

Switched to Linux for desktop.

But

I can't get rid of gmail because I still need those apps, and some professors heavily relies on google services.

Windows ain't getting off my laptop because I need to make sure document format and software compatibility don't become reasons I fail a class.

I feel like the obstacle I hit isn't just convenience anymore, it's my life and the situations I'm in.

I wish to hear what kind of dicisions / realizations / mindsets you guys had in your journy.

Thanks in advance.

Previous post

Raivo launched another update today with the following message:

Dear users,

We apologize for the issues caused by our recent update. Please be assured that we are working around the clock to find a solution for this situation. In this version, we have implemented a temporary fix that enables the import and export feature.

If you receive a prompt asking you to choose between offline backup or iCloud, please select iCloud and enter your MASTERKEY. This will allow you to recover all of your codes.

We are still working and conducting thorough testing to determine how we can resolve this issue. We appreciate your patience.

Best regards,

Unfortunately I did not sync my app to iCloud previously due to distrust with Apple, which I acknowledge is entirely my fault. This means I was not able to recover my codes.

I suggest using 2FAS instead of Raivo. I've used it for 9 months and had no issues whatsoever.

Edit: @pr0927@lemmy.world has also recommended ente

@emptyfish@beehaw.org, luck is in your favor.

Title.

I've used it before, but I'm not really sure how I feel about it. Would you use it on a day-to-day basis?

Hello,

Suppose you have a PC with 2 separate SSDs. One is an install of Windows 11. The other is an install of a Linux distro, encrypted at time of installation (for example, with LUKS). Obviously you would only boot into one or the other at a time.

So a dual-boot, but each boot portion is on its own SSD (not sure if this matters, but its a relevant scenario).

Can the Windows 11 portion somehow get through the Linux encryption and access / read data on the Linux portion?

Sorry if this is a stupid or obvious question.

I'm looking for a way to have a private method for Tap to Pay on GrapheneOS. Ideally I would like compatibility with privacy.com, and if possible have the option for Monero. I don't mind going through an exhaustive setup process. What are my options?

Edit: The point of this is not for convenience, I am trying to avoid using my standard credit/debit card to provide privacy against my bank by using privacy.com or Monero when cash is unavailable.

Not affiliated with the author, I just really like their videos.

As the title says. I'm just curious what's triggering it. There is no MS Office installed. Happens as soon i start a windows10 pc and it's "packed" into svchost. Any idea?

https://paglen.studio/2020/04/09/autonomy-cube/

Does anyone know what the technical design model of this project might entail? Its last iteration was a tor exit node, which is straightforward enough, but how would you design a gateway router accessible via WiFi that would direct all traffic over tor? This is not idea. The client (or full OS like TAILS or Whonix) is ideal and many common sites block tor (like this one). There must be a design for combining proxies with tor to get this AP to work practically for conventional use, as it seems to be advertised. Maybe early on, before tor got blocked so much, it did work as simply as it sounds.

Has anyone read the book or theories that inspired this work? Probably perfect for this community. I want to see if I can get a hold of a copy.