404 Media.

I don't understand what is the purpose of the article if it didn't have research attached. The only thing useful is that meme from Dan Guido, CEO and co-founder of cybersecurity firm Trail of Bits.

404 Media.

I don't understand what is the purpose of the article if it didn't have research attached. The only thing useful is that meme from Dan Guido, CEO and co-founder of cybersecurity firm Trail of Bits.

404 Media.

I don't understand what is the purpose of the article if it didn't have research attached. The only thing useful is that meme from Dan Guido, CEO and co-founder of cybersecurity firm Trail of Bits.

The UK government is like: "submit ID first before you use iPhone", like WTF? As apparently, they are considering on making that the default way to unlock a cellphone whilst spying on you (like they already are) keeping tabs on what apps you're currently using, have downloaded or purchases made online.

Their Online Safety Act is stupid ever since it was enforced last year as that has done nothing except for making people bypass it entirely (like there's cases of game characters used to circumvent age verification & facial scans) so I'll assume the same will happen with this (fake ID's) just to unlock iPhones.

Another Discord alternative that popped up a few months ago like the others out of no where. This one promises voice channels and is evidently entirely encrypted.

But out of the blue they “halted” service and now one again are open for registration?

Has anyone tried this yet ? Just a web app and it’s not open source.

While it sounds promising , and not everything HAS to open source. I just can’t help but feel off about something…

cross-posted from : https://lemmy.zip/post/61888435

LLM-generated passwords (generated directly by the LLM, rather than by an agent using a tool) appear strong, but are fundamentally insecure, because LLMs are designed to predict tokens – the opposite of securely and uniformly sampling random characters.

I need to encrypt my files and store them locally as well as on my phone and sometimes on the cloud as well. Currently i'm using Paranoia File Encryption https://paranoiaworks.mobi/ everywhere. Is this good or does anybody else have a better suggestion. I also saw Cryptomator popping up in few places. Is that a better option?

Google is tightening control over Android under the guise of 'security,' but this crackdown on sideloading is a direct hit to digital sovereignty and FOSS. I've written about why this matters for our privacy and the future of open platforms. What do you think—is this the end of Android's 'open' era?

cross-posted from: https://lemmy.today/post/50424637

UKHSA will explore options to work with ‘big tech’ to use live location data and artificial intelligence (AI) for a more rapid, large-scale detection and alert system during pandemics. These services will adopt a whole-of-society approach with accessible and multilingual formats, and UKHSA will work to consider and build the equivalent tools needed for digitally excluded communities.

https://www.gov.uk/government/publications/pandemic-preparedness-strategy-building-our-capabilities/uk-government-approach-to-implementing-the-strategy-england-only

I'm looking to acquire or set up a Wi-Fi only tablet that is focused on privacy. I've been starting to do some research among the potential OS options and I wanted to ask this community whether it is better to go with LineageOS or /e/ OS for it, or potentially another option. I've tried additional software on other devices that at least help make them more private, but I really want to set something up that is truly private using a tablet.

Edit: I'm also considering Pixel Tablet + GrapheneOS

monkeytype.com I don't know if this has to do anything with Louiss Rossman, But Clippy is just there to he'll, yay.

cross-posted from: https://lemmy.ml/post/45206293

Brazil's authoritarian age verification law became active this month. It won't be implemented by GrapheneOS. Complying would require integrating a mandatory process for each user where a third party service checks government identification and confirms a match using the camera.

It doesn't stop there. It would require keeping data for auditing and providing a token for connecting age verification checks by apps and websites to the data. The law is a privacy disaster and exposes minors to being exploited by leaking their age bracket to apps and websites.

GrapheneOS has no team members or operations in Brazil. São Paulo in Brazil is by far the biggest network hub within South America. Miami is also a major network hub for South America and is currently where our update server is for South America since it's dramatically cheaper.

We have a tiny VPS in São Paulo for our ns1 anycast DNS and a second for our website/network services. It probably isn't an issue and those can be removed if necessary. Santiago could be added for both instead but wouldn't work very well as a replacement for having São Paulo.

There aren't yet devices supporting GrapheneOS directly sold in South America. Brazil in particular has unusually high import duties/taxes which add up to around 100%. This has resulted in us not having a lot of users there but our Motorola partnership will start changing this.

People are going to have their personal info leaked by third party age verification services due to these laws. Children are going to be harmed by apps and websites changing their behavior to exploit them. It isn't going to stop minors finding pornography if they want to find it.

Howdy folks, I’ve been working on getting more privacy, and I want my phone to be next. I just wish that the pixels and fairphones were cheaper, especially the fair phone. I know grapheneOS can be considered one of the more secure builds, but are there other more budget friendly devices known stateside that can run alt OSs?

Paper by,

Simon Lermen, Daniel Paleka, Joshua Swanson, Michael Aerni, Nicholas Carlini, Florian Tramèr

It talks about deanonymizing those who writes under a pseudonym. Sites like reddit, lemmy would be that type.

From the paper,

Given two databases of pseudonymous individuals, each containing unstructured text written by or about that individual, we implement a scalable attack pipeline that uses LLMs to: (1) extract identity-relevant features, (2) search for candidate matches via semantic embeddings, and (3) reason over top candidates to verify matches and reduce false positives.

Our results show that the practical obscurity protecting pseudonymous users online no longer holds and that threat models for online privacy need to be reconsidered.

They can match writing styles, interests, details to infer a job or city, or other unstructured information. That allows to match unrelated pseudonyms to the same person. Like, FooFighterGroupie and Yolanda43905 are the same human, despite they never said it. It can allow also, to match a pseudonym to a real identity across sites. Like someone posted on LinkedIn with a real name. It takes less info than most people expect, to figure out Julia Greenberg of Cedarville, NH is FooFighterGroupie.

You can protect yourself by never giving away much info. But ofc sometimes that's the whole point! Think talking about specific hobbies or w/e, gives away info. Also change up writing styles + vocab use, b/c it is a unique fingerprint.

I doubt this technique is used in a dragnet way... YET! But no reason it can't scale, if the cost of resources goes low eonugh. We could eventually see it become standard, analysis to link people across sites and identities.

It worked great until yesterday, and today, I cannot get it to work. The video below illustrates the problem:

https://buzzheavier.com/3jekkdqj1fu2

I have tried:

1. Clearing the cache of both HW Fido2 Provider and IronFox
2. Rebooting
3. Installing Key Driver BT Kunizoft
4. Disabling uBlockOrigin, Cookie Banner Blocker and Enhanced Tracking Protection

Any ideas?

Does anyone have greater understanding or experience? My use cases are general use in mobile or laptop with systemwide Hagezi blocklists. Also run on laptop using Mullvad browser with wireguard, uBlock Origin and filters. Mullvad is never used for anything personally identifying.

I've been trying duckAI and its very good / balanced when I check against my professional clinical and related legal expertise. I see that FHMY is advocating BraveAI and it is as good (from my n=1) checking against what I know.

A user created a thread in this lemmy community remarking that the Tor Browser has a personally identifiable fingerprint under normal settings (the "Standard" and "Safer" modes make you fingerprintable), with several commenters doing the same test and reporting the same. The user who created this post also said that on the privacy guides forum posts about this topic are being deleted.

The poster could try to provide proof. Has at least one of these posts been archived (on archive.is or archive.org)?

Just got off the phone with my Colorado representative. I reminded him that:

• Everyone knows Meta lobbied for these laws
• Everyone knows it's not "for the children"
• My friends and neighbors care about privacy and we are watching how you vote
• A vote for age verification is a clear indicator that you work for corporations and not constituents

You don't have to live in Colorado to get involved! If your state is blue or light blue on this map, you are under threat of age verification laws!

https://en.wikipedia.org/wiki/Social_media_age_verification_laws_in_the_United_States

NOW is the time to call/email/write to your state legislators. Don't say, "Yeah, I should do that." Just do it and do it today, because they could surprise vote on it tomorrow.

I’ve been reminiscing lately about the 80s and 90s 'Pocket Novel' fever. In my part of the world, we had legendary series like The Future Files and The Impossible Man—short, cheap, 100-page Sci-Fi and Espionage thrillers that fit perfectly in your back pocket.

I realized we were essentially part of the same global culture, sharing the same 'Pulp' vibe as Mack Bolan (The Executioner), Harlequin Intrigue, or even the early Goosebumps and Fear Street books in the West.

It was a unique era. We used to wait at newsstands every month just to get the next mission. Those books didn’t just tell stories; they built our imagination. Back then, plots about AI takeovers, biological warfare, and global shifts felt like distant, exciting fiction.

Now, looking at the reality of 2026, it feels like we are actually living inside those old pages. We traded that tactile smell of cheap paper for mindless scrolling on a 5-inch screen that tracks our every move.

This nostalgia isn’t just about the past; it’s a warning. I spent years analyzing how we transitioned from that tactile privacy to the 2026 digital monitoring grid. I've put these findings into a thriller/guide called 'The Final Exodus'. Specifically, Chapter 13 focuses on how to reclaim your sovereignty before the grid closes. You can check it out here:

https://play.google.com/store/books/details?id=-0_GEQAAQBAJ

Did your country have a similar 'Pocket Novel' or 'Dime Novel' culture? What were the series you couldn't put down back then? Let’s talk about the glory days of Pulp and how they warned us about the world we live in today!

Lemmings, what are your opinions on the following?:

Mar 26, 2026 9:32 AM

Using a VPN May Subject You to NSA Spying

US lawmakers are pressing Tulsi Gabbard to reveal whether using a VPN can strip Americans of their constitutional protections against warrantless surveillance

Six Democratic lawmakers are pressing the nation's top intelligence official to publicly disclose whether Americans who use commercial VPN services risk being treated as foreigners under United States surveillance law—a classification that would strip them of constitutional protections against warrantless government spying.

In a letter sent Thursday to Director of National Intelligence Tulsi Gabbard, the lawmakers say that because VPNs obscure a user's true location, and because intelligence agencies presume that communications of unknown origin are foreign, Americans may be inadvertently waiving the privacy protections they're entitled to under the law.

Several federal agencies, including the FBI, the National Security Agency, and the Federal Trade Commission, have recommended that consumers use VPNs to protect their privacy. But following that advice may inadvertently cost Americans the very protections they're seeking.

The letter was signed by members of the Democratic Party’s progressive flank: Senators Ron Wyden, Elizabeth Warren, Edward Markey, and Alex Padilla, along with Representatives Pramila Jayapal and Sara Jacobs.

The concern centers on how intelligence agencies treat internet traffic routed through commercial VPN servers, which may be located anywhere in the world. Millions of Americans use these services routinely, whether to access region-restricted content like overseas sports broadcasts or to protect their privacy on public Wi-Fi networks. Because VPN servers commingle traffic from users in many countries, a single server—even one located in the United States—may carry communications from foreigners, potentially making it a target for surveillance under authorities that allow the government to secretly compel service from US service providers.

Under a controversial warrantless surveillance program, the US government intercepts vast quantities of electronic communications belonging to people overseas. The program also sweeps in enormous volumes of private messages belonging to Americans, which the FBI may search without a warrant, even though it is authorized to target only foreigners abroad.

The program, authorized under Section 702 of the Foreign Intelligence Surveillance Act, is set to expire next month and has become the subject of a fierce battle in Congress over whether it should be renewed without significant reforms to protect Americans' privacy.

Thursday’s letter points to declassified intelligence community guidelines that establish a default presumption at the heart of the lawmakers' concern: Under the NSA's targeting procedures, a person whose location is unknown is presumed to be a non-US person unless there is specific information to the contrary. Department of Defense procedures governing signals intelligence activities contain the same presumption.

Commercial VPN services work by routing a user's internet traffic through servers operated by the VPN company, which may be located anywhere in the world. A single server may carry traffic from thousands of users simultaneously, all of it appearing to originate from the same IP address. To an intelligence agency collecting communications in bulk, an American connected to a VPN server in, say, Amsterdam looks no different from a Dutch citizen.

The letter does not assert that Americans' VPN traffic has been collected under these authorities—that information would be classified—but asks Gabbard to publicly clarify what impact, if any, VPN use has on Americans' privacy rights.

Among those pressing the question is Wyden, who as a member of the Senate Intelligence Committee, has access to classified details about how these surveillance programs operate and has a well-documented history of using carefully worded public statements to draw attention to surveillance practices he is unable to discuss openly.

The letter also raises concerns about a second, broader surveillance authority: Executive Order 12333, a Reagan-era directive that governs much of the intelligence community's foreign surveillance operations and permits the bulk collection of foreigners' communications with even fewer constraints than Section 702.

While 702 is a statute with congressional oversight that requires approval from the Foreign Intelligence Surveillance Court, EO 12333 surveillance operates under guidelines approved by the US attorney general alone.

The letter warns that the same foreignness presumption applies under both authorities, meaning Americans on foreign VPN servers could be exposed not just to targeted collection under 702 but to what the lawmakers describe as “bulk, indiscriminate surveillance of foreigners' communications.”

Americans spend billions of dollars each year on commercial VPN services, many offered by foreign-headquartered companies that route traffic through servers located overseas. The letter notes that these services are widely advertised as privacy tools, including by elements of the US government itself.

Despite the scale of the market, the letter suggests consumers have been given no meaningful guidance on how to protect themselves.

The lawmakers urge Gabbard to “clarify what, if anything, American consumers can do to ensure they receive the privacy protections they are entitled to under the law and the US Constitution.”

Updated at 12:38 pm ET, March 26, 2026: This story has been updated with additional details to clarify the scope of the potential surveillance addressed in the letter.