cross-posted from: https://lemmy.zip/post/60387352

cross-posted from : https://lemmy.zip/post/60387297

Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.

cross-posted from: https://lemmy.world/post/44029008

From the official Dutch Intelligence and Security Service

---

information.

“Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” states Director of the MIVD, vice-admiral Peter Reesink.

Individual accounts

An interesting aspect of this Russian campaign is that it does not exploit any technical vulnerabilities of the messaging services. The attackers instead make malicious use of legitimate security features of the apps. Director-General of the AIVD Simone Smit states, “It is not the case that Signal or WhatsApp as a whole have been compromised. Individual user accounts are being targeted.”

To increase resilience against this Russian campaign, MIVD and AIVD have published a Cyber Advisory explaining how to identify and respond to attacks. The advisory also give instructions for Signal users on how to identify potentially compromised contacts.

All Signal users can personally check whether there are any potentially compromised contacts in their group chats. If you see any people who appear twice in the list of members (under the same or a slightly different name), this may be evidence of either a compromised account or a new account created by a victim.If you suspect this to be the case, report this to the information security department of your organisation. Together you can try to verify (preferably using a channel other than Signal or WhatsApp, such as an email or a telephone call) whether it is correct that the account in question appears twice in the chat group contact list. Should this not be the case, ask the group administrator to remove both accounts from the group chat, after which the legitimate account holder can request to rejoin the group. Please remain vigilant for group members who are not recognised by the rest of the group. The actor may occasionally change the display name of a compromised account to remain unnoticed in chat groups, for example to names such as 'Deleted account'. If a member’s display name changes, the group will receive a notification. When the change is the legitimate transition to 'Deleted account', no notification is sent. Actor-controlled accounts can also gain entry to the group via an obtained Group Link, of which the group always receives a notification. In all such unauthorised scenarios, ask the group administrator to remove the offending accounts from the chat.If there is any indication that the group administrator themselves may have been compromised, it is advisable to exit the group and create a new one. |

I use a VPN and/or Tor to do the majority of my websurfing/streaming/torrenting. Some programs (notably web browsers) can read your local system time to access your timezone. And, I happen to live in... let's just say a very "narrow" timezone, my country of origin can be trivially pinpointed if you take a look at the UTC offset.

I know Firefox has a setting to spoof my timezone to UTC, but chromium browsers do not have that option (at least no option i could find after a fairly extensive search), and I don't even know whether any of the other programs I've installed are reading my timezone, such as, for example, my matrix client.

So, the solution I came up with: Do a timedatectl set-timezone UTC on the device. I can separately make my desktop clock do a little timezone conversion so no worries about time disorientation. This fixes the issue with most apps not allowing timezone spoofing too.

Honestly, now that I've typed all that^^ out, this is beginning to sound like an unnecessary schizo post that goes WAY beyond my threat model XD. Still, I'd love to hear anyone else's thoughts on it. Ideas to improve upon it are appreciated too.

cross-posted from : https://lemmy.zip/post/60423023

EU rules regarding anti-money laundering, counter-terrorist financing and sanctions law (AML/CFT) have increasingly shifted responsibilities to detect crime from public entities to companies . AML/CFT law requires “obliged entities”, like banks, to collect large amounts of financial and other personal data about their customers.

The way banks implement these rules in the EU has led to a systemic negative impact on human rights, often because of over-compliance, risk-aversion and weak accountability. This has been the case in the Netherlands where, among large number of human rights breaches by banks, Dutch ING Bank has even publicly apologised for discriminating against its customers based on profiling.

https://mastodon.de/@adbenitez/116196758509784557

https://projects.propublica.org/nonprofits/organizations/824506840

go to the site, use the tool. where ever you are. Keep voicing your stance on this issue.

This isn't about protecting kids nor will it protect kids from anything. Kids will just go to darker corners of the internet where nothing is moderated

forcing everyone to dox themselves won't make anything safer. All that data in hackable databases would be ripe for the picking by any hacker or groups of hackers to sell to databrokers, who then sell it to scammers

Parental controls are very easy to set up in the modern day every commonly used OS has them built in. If you're a parent, it's YOUR responsibility to make sure your kids don't see things they're not supposed to see...don't let the government control that shit

There's also https://www.defendvpns.com/ to go to as well, sign both petitions.

the EFF has some petitions too https://www.eff.org/

I've already signed them I've already emailed all my people. Now you need to do that. For anyone who still has twitter, tweet to them with these hashtags

#crushthescreenact #crushthekosabill #stopIDagechecksUSA #saynotoappstoreaccountabilty #dontrepealsection230 #SayNotoKOSMA #NoToKIDSAct

Japan protects children online very differently to the UK. (Shout out to red rose for the heads up - it was interesting.) While the UK Online Safety Act is driving biometric age verification and platform-based ID checks, Japan has taken another route: mobile carrier filtering enabled by default for under-18s, combined with parental control and digital literacy.

There is no nationwide social media ban in Japan. Instead, age controls typically sit at the telecom/SIM registration layer rather than at individual platforms.

In this video I explain: • Japan’s 2008 Youth Internet Environment framework
• How mobile carriers determine age at SIM registration
• Why filtering is enabled by default for minors
• The parental opt-out (waiver) mechanism
• The privacy trade-offs compared to UK-style age verification
This isn’t “no regulation” — it’s a different regulatory architecture.

Sources:

Nippon.com – Overview of Japan’s youth internet law and filtering model
www.nippon.com/en/in-depth/d01099/

Children and Families Agency (Japan) – Sixth Basic Plan outline (youth internet measures)
www.cfa.go.jp/assets/contents/node/basic_page/fiel…

NTT Docomo – “Request for Not Using Filtering Services” (waiver form example)
www.docomo.ne.jp/english/binary/pdf/support/proced…

The Japan Times – Commentary on social media regulation debate
www.japantimes.co.jp/commentary/2024/11/28/japan/s…

The Japan Times – Reporting on youth victims and social media concerns
www.japantimes.co.jp/news/2026/02/27/japan/crime-l…

If you’re following UK Online Safety Act developments, this comparison shows that “protecting children online” does not automatically require biometric ID checks across platforms — but every model comes with trade-offs.

Let me know in the comments: would you prefer telecom-level filtering, or platform-based age verificatio

Hi,

I need to leave my country for a couple days, but my cellphone plan doesn't cover data oversea and I don't like to rely on WiFi. A relative suggested that I try Saily, which is an esim provider that you can load with whatever you need in the country you're visiting but I'm again reluctant to use an app when I don't know how trustworthy it is.

Has anyone ever faced the same issue? Should I simply let go of my internet connexion and enjoy a couple days off the the internet?

Cheers and thanks for your help

Anyone know of any software I can override the Google Nest Doorbell with ? One that’s maybe open source ? I know I could just buy another camera but I was hoping to keep using this one with safer software

cross-posted from: https://lemmy.dbzer0.com/post/64875667

They are currently voting on amends to the regulation. The "Chat Control" proposal would legalise scanning of all private digital communications, including encrypted messages and photos. This threatens fundamental privacy rights and digital security for all EU citizens.

https://fightchatcontrol.eu/

(Not sure if this is worldwide or only in some countries)

Updating to iOS 26.4DB2 will put your phone into a parental-restricted mode with adult websites blocked on all browsers, warning prompts every time you try to send or receive an explicit image on a messaging app, and all social media apps blocked on the App Store (in Australia)

The settings to disable this mode are locked off until you verify your age either with a credit card, photo ID, or though information Apple already has (like the age of your account).

I've been an apple user my entire adult life but this might finally be the thing that forces me off the platform. Do any other long term apple users have some tips about migrating? I've heard Ashai Linux is pretty good on mac hardware these days and I've been thinking about GrapheneOS for a while.

I just found a security breach that can leak thousands of emails on a website!!

Today, I snooped around on a website I won't mention the name of for privacy reasons, and they assign your account an user ID when you register.

Well, with a very simple trick in the console I managed to get everyone else's email and account info (for example checking if they have a paid plan or not) by just lowering the user id, with no rate-limit on the endpoint!

So a bad actor could send targetted phishing emails to people by telling them there is a problem with their payment!

It's funny because on their homepage, they state they use "Military grade encryption" (whatever that means!), and their privacy policy says "We encrypt the transmission of that information" (does that just mean they do it over https?)

So, moral of the story, don't trust companies with your personal info!

I contacted the site, we'll see if they fix it.

@privacy@lemmy.ml @privacy@lemmy.world @soatok

#cybersecurity #privacy #web #hacking

Let's say I live under an oppressive regime (don't we all?) How can I use social media anonymously, so I don't face reprisals from the government?

Mastodon, Lemmy, Reddit and other social media platforms restrict users who connect through TOR or a VPN.

Is there any way I can create an account on these services and use them anonymously?

Thanks in advance for any information and advice you can provide.

Awesome...

What a complete idiot. You create a protest email account linked to your credit card?

See title. A bit of a dumb question, but given my threat model, I'm curious if it's maybe strategically better to not rely on Proton for their VPN. If I rely too much on one provider, I think that that's not a good idea.

COPPA feels pretty outdated in today’s online world. A lot of sites now ask users to confirm their age even when it’s not really needed, sometimes using AI tools that can get things wrong or push people to share personal info. This brings up some serious worries about privacy, accuracy, and how accessible things are online. The Electronic Child Safety Initiative (ECSI) thinks that laws about online safety, like the Children's Online Privacy Protection Act, should keep kids safe without relying on unnecessary tracking or dodgy tech. If you think these laws can be better, consider joining the conversation and help push for changes by taking part in the ECSI community forums.

We built Umbra by forking, updating, and improving the ghostery browser build script, fern.js

Umbra removes all telemetry and outgoing requests except for codec requests ( netfix works!) All non-browsing features like AI, pocket, and profiles are also removed,

The idea behind umbra is usable privacy. By default RFP is off because it breaks websites.

You can build Umbra yourself but using the build script at https://github.com/openconstruct/user-agent-desktop

Or downod binaries for Linux/WIn at https://github.com/openconstruct/umbra/releases

Found out about these two open-source cloud storage providers and wanted to know what anyone thought of them.

ente.io crypt.ee