Global Privacy Control (GPC)

cross-posted from: https://piefed.world/c/tech/p/1159225/good-luck-opting-out-whitepages-meta-google-x-uber-lyft-openai-tinder-and-other-companie

Full Report (PDF).

cross-posted from: https://piefed.world/c/tech/p/1157779/us-says-troops-were-targeted-with-location-data-as-senator-warns-ad-industry-is-a-nation

TLDR: A new, widespread wave of cyberattacks is actively targeting Signal users, specifically aiming to compromise and steal account backups. Because Signal chats are end-to-end encrypted on device, hackers are shifting focus to where that data might be stored less securely (like cloud backups or via phishing/credential stuffing attacks to gain account access).

Do you people trust companies with passkeys?

I feel like big tech have started pushing for passkeys really hard lately. Microsoft has been asking me if I want to switch to passkeys pretty consistently. Google just automatically brings up the passkey registration fingerprint scan system dialogue every single time I've been signing in on Android. Without even asking if I want a passkey or not, it just does it without saying anything. I think the intention is pretty clear, an unknowing person sees the completely random fingerprint scan dialogue, doesn't think much of it, scans their fingerprint, a passkey gets created automatically.

Well, I fell for their trick. I've been avoiding the passkey dialogue pretty consistently for a while now, but just now I was signing in while distracted and accidentally tapped my finger on the scanner by reflex on the prompt. I guess I have a passkey now. Yay.

I did some digging on my Google account settings and the internet, and I couldnt find a way to completely remove the passkey. It seems you can only disable the use of passkeys, but the passkey itself remains. There is also a setting called "Skip password when possible", which is clearly what has been causing the non-stop passkey prompts. It's on by default. It's a shame I'm only aware of it now that its too late.

Theoretically, the passkey standart itself should be private and secure. Throughout the process, the biometric information used for the cryptographic challenges never leaves the device, and the server only gets access to a signature that has been signed with the client's private keys that it can use to authenticate but can't derive the private keys back from because of complicated math I didn't spend enough energy to understand. Google automatically syncs the passkeys with its private keys with E2EE in the Google Password Manager tied to the account, which is where I start to get uncomfortable because I can't bring myself to trust Google with E2EE.

What do you people think?

cross-posted from: https://lemmy.ml/post/47972724

i encountered this for the first time today while attempting to read something on archive.today.

i confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.

the old type of captcha remains available too, for now:

A bill that would allow cameras inside nursing homes is waiting for Arizona lawmakers in the senate to bring it for a debate and vote.

Android:

• BlueMoon;
• Periodical;
• Menstrudel.

iOS:

• Menstrudel;
• Drip;
• Euki;
• Apple Health.

Hi, my employer is sponsoring an academic research on parenting and flexible working. A lot of sensitive questions are asked and the university researcher has circulated these questions on Google Forms to all employees. I am really anti-Google when it comes to privacy (got rid of every Google link years ago and currently use GOS, etc.) so I raised this concern with the HR team. They were sympathetic with my view and have encouraged me to send my view to the university. However, I don't want to go down the rant, and want to provide constructive feedback. So, first thought I would to consult with privacy focused members of this list. Here are my questions:

a) are there independent research papers out there that demonstrate (rather than speculate) that Google Forms is not fully respecting privacy and is not fully GDPR compliant?

b) are there more robust, privacy and GDPR compliant alternatives I could recommend? I've done quick searches on the web and alternatives like JotForm and AidaForm seem to be more privaci and GDPR focused. Anyone used these before?

Am I being too anal about this ...?

The Google AI itself just informed me that Google can ask me for ID if it suspects that I may be under 18. Does anyone know if this has already happened to someone? I have important accounts that I need my gmail to log into. What email provider do you recommend that I use instead? I'm aware of tuta and protonmail but are they reliable that they will not one day shut down the way Skiff email did?

cross-posted from: https://lemmy.world/post/47443525

I wonder if the people at X ever read their own announcements.

Literally explaining how they sold out and enshittified the "blue checkmark".

This also seem like yet another step towards mandatory IDverification on social media! (only to protect them kids & democratize the platforms of course 😉)

On April 30th, the FCC voted that they wanted to demand KYC in order to use a phone number inside the United States. This may not end up happening, but better safe than sorry, and I'm trying to figure out ways around this problem in case they are needed.

The stated goal is to prevent spam and robo calls, and if a provider allows a robo call, it's something like a $2,500 fine per call, which means that services like Google Voice and text now and every cell phone and phone provider is going to require government ID. The provider has to keep your ID on record the entire time you have the service and then if you cancel the service they are required to keep your ID for four years after the date of cancellation. This will be a boone for hackers.

What i need help with:

1. Secondary Internet connection: It doesn't happen often, but I use my phone as a secondary internet connection if, for example, my home ISP is ever out. I am not sure yet if data only sims will be a problem since they can't make or receive telephone calls and make and receive text messages. So this may or may not be an issue. I guess if nothing else I could go to the local McDonald's or something like that and use their Wi-Fi if my ISP was ever out in order to contact the customer service of my ISP online to let them know about it.

2. Access to banking: Banks are so stupid in general, but every time I log in to my online account, it has to send me a phone call or a text message in order to verify that I am who I say I am, regardless of the fact that we all know that the telephone system is complete garbage for this use case, but they're banks, so what else can you expect, right?

3. Access to ride sharing services: I lost access to Lyft several years ago, because they no longer allowed you to book rides from their website, and I refused to install the app, and even if I wanted to install the app, it requires Google spy services, which I will not install on my device. That left me with only the option of Uber, which is fine, except that they also require a phone number, and if you don't have one, then you can't receive your text message verification codes again, and stuff like that to log in.

Without a telephone number, you can't call a taxi either. At least not that I'm aware of, because the old way of doing taxis before Uber came out was through the telephone system, and I'm not aware if taxis have evolved since then.

Hi all,

I have VPN turned on on my phone all the time.

To be able to post anything, including to comment, I need to turn off the VPN. To be honest, I'm quite conflicted by this.

Any reason why this is or what to do about it besides turning off the VPN?

I'm using Voyager as a client.

Edit: it seems like the instance is the issue. Moving here from Reddit it's not as simple as j would have thought. Also, VPNs are essential, no VPN is no go for me.

Case closed.

You know something goes too far when Google, and Meta speak out against it.

Meta has sold 7M+ Ray-Ban glasses that look identical to normal glasses but can record you silently.

NoPeek detects them using immutable BLE manufacturer company IDs signals that cannot be randomized or hidden unlike MAC addresses.

Detects: Meta Ray-Ban, Snap Spectacles, Oakley Meta, TCL RayNeo, Meta Quest, Apple Vision Pro, Pico VR and more.

No ads. No tracking. No internet permission. Fully open source. MIT license.

github.com/getnopeek/nopeek-android

Consent will no longer be required for using data for AI development and statistical analysis purposes provided that the data does not identify individuals.

Specifically, companies will no longer need consent from individuals to collect public information on social media and other platforms, or to share corporate-held data with other companies.

Please make a protest by filling in this anonymous survey (doesn't matter what country you're in) with the text below. Deadline tonight (26th).

Paste the text (or even better, slight variations of it):

REGULATE THE TECH COMPANIES, NOT THE PUBLIC. THIS IS A DEFECTIVE PRODUCT ISSUE, NOT A BAN

into every text field. N.B. many questions have a "Other (please specify)" field - that is where you enter the free text.

Reasons in the blog post.

Please share!

cross-posted from: https://lemmy.world/post/47296462

For now, your encrypted messages have a lock on them.

Only you, and the person you're talking to, hold the key. Not the app. Not the company. Not the government. You probably don't think about it. That's the whole point — it just works.

Until, possibly, the end of this summer. Every messaging app in Canada would be required to build a second key.

With Bill C-22, the government would hold the copy. The lock you trust would no longer be a lock only you can open. It would be a lock the locksmith was ordered to duplicate.

Find and email your MP here to voice your opinion.

https://dontsurveil.me/c22/mp/

The most valuable argument against privacy, is it being abused by criminals. It's foundational to the "I have nothing to hide" fallacy: waived by those, conditioned into believing, mass-surveillance being a proportional compromise; if potentially elevating their sense of "safety". What they fail to recognize however, is mass-surveillance simply being an escalation, of the fundamentally flawed enforcement model: responsible for their lack of confidence in it. Enforcement of laws should be the exception, not the rule; otherwise conflicting incentives are ought to be addressed first (primarily: large discrepancies in socio-economics, and in turn all that stems from it).

Crime prevention based on enforcement can only prove unsustainable: to be compensated for, using automated systems during technological abundance (which is now). These systems are incompatible with privacy, and more broadly speaking: tangible assurance, personal data isn't being collected without one's explicit consent (regardless of whether the "expectation of privacy" demoralization applies). My sympathy goes out to any well-intended officer, tasked with treating symptoms of an effective aristocracy: intolerant towards meaningful change, which would challenge its self-serving interests. Just a thought, which has been plaguing me for too long... :)

Is there not some setup script to apply the configuration changes? What am I missing?