I have deployed a collection of independent smart contract protocols on Ethereum mainnet. Each one is finished infrastructure. No governance, no upgrade path, no owner. Ownership is renounced on all contracts. The contracts are deployed and the keys are gone.

This post is for the privacy angle. The full technical documentation is in the repo linked at the bottom.

Minimal data, by architecture

No protocol stores personally identifiable information. On-chain data is limited to cryptographic commitments, timestamps, addresses, and amounts. All sensitive data stays off-chain with the parties involved.

This is GDPR compliant by architecture, not by policy. There is no personal data to protect because the system is not designed to collect it. The deployer controls their own data. The user controls their own disclosure.

No operator, no capture

The contracts are deployed with renounced ownership. There is no entity that can be subpoenaed, pressured, or acquired. The privacy is structural, it holds regardless of what any individual, platform, or authority wants.

Most privacy tools rely on the trustworthiness of an operator. These protocols have no operator to make promises and no operator to break them.

Currency agnostic

Every protocol settles on Ethereum mainnet. What currency a user pays in is a platform decision. A platform can accept XMR, BTC, ETH, fiat, or any combination and convert to ETH at the platform layer before interacting with the protocol.

Combined with the atomic, hop-by-hop settlement structure, this means the payment trail fragments naturally across chains without any privacy feature being explicitly designed in. It is a structural consequence of currency agnosticism and independent atomic settlements.

Human rights and legal grounding

The right to private correspondence is not a crypto argument. It is a human rights argument.

Universal Declaration of Human Rights, Article 12 covers it. ECHR Article 8 covers it. GDPR covers it. A parcel dispatched between two parties with no central record of who sent what to whom is functionally identical to a sealed letter. The legal and moral precedent for protecting that is centuries old.

These protocols are built in that direction. Anyone arguing against this privacy model is arguing against the existing human rights framework.

Documentation, protocol repositories, template repositories, and orchestration examples:

https://github.com/pablo-chacon/substrate

cross-posted from: https://lemmy.world/post/46331006

It's ironic to see those same global elites who love partying with the likes of known & convicted child sex-trafficker Jeffrey Epstein now urging worldwide restrictions on E2E / VPN & promoting age, biometric, and identity verification online - all in the name of protecting children.

It’s also highly suspicious that so many of the world’s biggest countries are trying to implement this wider internet control at the same time.

Feels like a major push toward authoritarianism to me.

It's messed up how the people always have to fight to wrest any rights from those in power, and then fight even harder to keep them!

There is no question over the last 10 years the quality and production level of Chinese developed games has seem to sky rocket. Many of these games even being free to play. But honestly I haven’t played a single one. For the same reasons I refused to download TikTok.

China is a well known surveillance state. I worry downloading and playing these games especially on a PC or mobile phone would just be a huge privacy risk.

Am I being to paranoid ? Are there some regulations I’m not aware of that might protect me anyway ?

I feel like I’m missing out on some really high quality visually striking games because of it

cross-posted from: https://mander.xyz/post/51386289

EFF is alarmed by recent laws in several states that have blocked public access to data collected by ALPRs, including, in some cases, information derived from ALPR data. We do not support pending bills in Arizona and Connecticut that would block the public oversight capabilities that ALPR information offers.

Heads up; ads appear to be leaking into Smarttube. I just got a pop up ad (as in, an actual pop up). I'm on version 31.63.

Ad popped up in lower right hand corner while scrolling Recommended. Some kind of skin care thing.

I clicked disable - will see if that holds.

I expect this is fun and games on YTs end / will be patched out. But, if not, might be time to spin up Tube archivist.

cross-posted from: https://hexbear.net/post/8356680

cross-posted from: https://news.abolish.capital/post/45407

This story originally appeared in Common Dreams on April 27, 2026. It is shared here under a Creative Commons (CC BY-NC-ND 3.0) license.

An exchange of gunfire between an armed suspect and law enforcement outside the White House Correspondents’ Dinner on Saturday came days ahead of a deadline for extending far-reaching government surveillance powers, and President Donald Trump wasted no time in claiming that the attempted attack on the event proved that the FBI must be permitted to spy on Americans without obtaining warrants.

In an interview with Fox News Sunday, Trump repeated his previous remarks that he is “willing to give up [his] security” in favor of extending Section 702 of the Foreign Intelligence Surveillance Act (FISA), which is set to expire on Thursday—and suggested other Americans should do the same for “the safety of our nation.”

Section 702 allows US intelligence agencies to surveil the electronic communications of foreign nationals overseas without a warrant. Since some of the nearly 350,000 foreign nationals whose communications have been collected under the law are in touch with Americans, Section 702 allows for the collection of emails, text messages, and phone calls of US citizens.

Fox anchor Jacqui Heinrich emphasized that “we don’t know right now” whether the suspect in Saturday’s shooting, Cole Tomas Allen, “was radicalized” by a foreign individual or group, but asked whether the attack drove home “the importance of having these tools to protect our country from these kinds of threats.”

The president responded by complaining that former FBI Director James Comey used FISA to obtain warrants to surveil a former Trump aide as part of the agency’s investigation into the 2016 Trump presidential campaign’s communications with Russia, before saying FISA has been used in the US-Israeli war on Iran and in the US military’s invasion of Venezuela earlier this year.

“It’s really needed for national security,” said Trump. “Iran is decimated, and we got a lot of information by using FISA… I’m willing to give up my security for the military because ultimately that’s to me the highest cause is, you know, the safety of our nation.”

Pres. Trump, under prodding from Fox News, exploits White House Correspondents' Dinner shooting to push for Congress to approve FISA domestic spying program: "It's really needed for national security…"

He reiterates that he's willing to give up his liberties for safety. pic.twitter.com/tmcepp0Wgn

— Chris Menahan 🇺🇸 (@infolibnews) April 26, 2026

Jordan Liz, an associate professor of philosophy at San José State University, wrote last week in a column at Common Dreams that while Trump, Republican lawmakers, and US intelligence agencies “make sweeping claims about the terror attacks that Section 702 has prevented, there is little publicly available evidence to support this.”

“According to the Cato Institute, there is only one well-documented, independently corroborated case of Section 702 preventing a terrorist attack on American soil: the 2009 New York subway bombing plot,” wrote Liz. “In that case, Section 702 was used by the [National Security Agency] to track an exchange between an al-Qaeda courier and Najibullah Zazi, who was living in the US. The NSA passed this information to the FBI, which identified Zazi and disrupted the attack before it took place. Importantly, however, the NSA allegedly received the courier’s foreign email address from the government’s British intelligence partners. At best then, this success was a byproduct of productive intelligence sharing between allies. Rather than proving the necessity of Section 702, this incident underscores how Trump’s inane attacks against key US allies undermine our national security.”

The suspect in Saturday’s shooting is believed to have acted alone, and no evidence has been released that he was in communication with any foreign entities. A document he wrote alluded to his Christian beliefs and to reports of the administration’s abuse of immigrants in detention centers, its boat-bombing operations in the Caribbean Sea and eastern Pacific Ocean, and the bombing of an elementary school in Iran.

The president has been pushing in recent weeks for an extension of Section 702. The program was last reauthorized in 2024, and earlier this month two efforts to extend the program—one for 18 months and the other for five years—failed, with opponents objecting to a lack of privacy reforms and to a loophole allowing data brokers to sell private information about Americans to government agencies that have not obtained judicial approval to seize the data.

After those proposals failed, House Speaker Mike Johnson (R-La.) last week unveiled a new bill to extend Section 702 for three years and require the FBI to submit monthly reports on its reviews of Americans’ private data to an oversight official, as well as imposing penalties for abuse—provisions that were dismissed by privacy advocates.

The House Rules Committee was set to convene on Monday, a step toward advancing the new bill toward a vote in the House, and according to NPR, Rep. Jamie Raskin (D-Md.) circulated a memo late last week urging his colleagues to reject the Republicans’ latest proposal.

The bill, he wrote, “continues the disastrous policy of trusting the FBI to self-police and self-report its abuses of Section 702 and backdoor searches of Americans’ data… FBI agents can still collect, search, and review Americans’ communications without any review from a judge.”

Four Democrats in the House—Reps. Josh Gottheimer (D-NJ), Tom Suozzi (D-NJ), Marie Gluesencamp Perez (D-Wash.), and Jared Golden (D-Maine)—broke with the party and joined the GOP earlier this month in supporting a procedural vote to advance the reauthorization of Section 702, and privacy advocates are ramping up pressure on them to oppose the latest proposal for an extension.

“It all comes down to those four and where they are going to land,” Hajar Hammado, a senior policy adviser at Demand Progress, told The Intercept Monday, “and if they are going to continue to try to hand Trump and [White House homeland security adviser] Stephen Miller warrantless surveillance authorities without any sort of checks or reforms that make sure they’re not violating civil liberties.”

From The Real News Network via This RSS Feed.

A few questions that have been on my mind:

• How do you handle apps that refuse to run on rooted/jailbroken phones or on devices without Google Play Services? Can microG, Xposed, or other tools help in practice? (F*ck Play Integrity and "Google Play license check"). Can I bypass those restrictions without rooting?

• Have you ever rooted your phone? Any practical advice for someone considering it? I don’t have a phone I know is compatible with alternative ROMs (e.g., LineageOS), so I’m leaning toward rooting and would appreciate recommendations or warnings.

There is fact that in my country (Vietnam), banks are required to block banking apps from running on rooted or jailbroken phones. The State Bank of Vietnam introduced Circular 77/2025/TT‑NHNN, which mandates this.

Some other questions:

• How often do you need to show ID where you live (hospitals, government offices, large transactions, etc.)? For example, in my country I always have to show ID (or use face ID) at places like hospitals or when making large transactions.

• How is eID implemented in your country? Does your government require or strongly encourage using eID apps? Are they widely adopted? (I know the EU’s planned age‑verification app is a form of eID—or not really. Real examples are Germany’s AusweisApp and Vietnam’s VNeID. Anyway, that age‑verification law should not exist).

Any experiences or advice are appreciated. Thanks a lot.

(I may add more questions later. Sorry in advance if I ask too many 😶).

Hello everyone, nice to meet you all.

This question was probably asked around here but is it really possible to be your own mail provider?

I think I'm experienced enough when it comes to homelabbing that I could take on something like this.

I THINK im aware of the technicalities, I did some research but it still begs the question, is it really worth it? would it be hard to build up a reputation so that your emails don't land in spam folders?

Hello,

Im in the route of degoogling my life, just recently installed GraphaneOs. Where do you guys download apks? I need Synology apks like Synology Photos. I dont see if it is published on official website.

How you deal with that? How to avoid downloading malware by mistake?

My app suddenly said "your account expires in two days". Weekend was around the corner and there is no way that I could receive one of their refill vouchers in time (I use this method for privacy). I reached out to them, asking them to add a few more days to my account so that all my devices don't get deleted when my account expires. I also emphasized, that they can of course subtract that amount of days from my next refill. I sent them my account number, encrypted with PGP, and within 12 hours, they replied: I added three more days. It's on the house. Have a good day! :)

That was really nice of them. :)

What the actual fuck. How can we trust any third party app ever? I guess we can’t.

Let's say, I sit down in a mall, open my laptop and connect to a secured mobile hotspot. Then I do it again next week after a reboot. What information would a nearby shop or a passive malicious hacker be able to find about my device? Does my device send out identifying information before joining, like a MAC address? Is this persistent, or randomized?

I intentionally haven't specified a distro, so if something only applies to some network managers, give some details.

Bonus points: what about Android phones?

Hey everyone, Hope you all having a good day today, I apologize in advance for this long read but TLDR will be at the bottom.

There's this potential issue I'm facing right now and I need some opinions on how to go about this or maybe I'm overthinking this situation.

Context: I'm Running a google pixel phone with grapheneOS for about a month now, without any sandboxed google play services, the experience has been amazing and so freeing, this switch was overdue since all of my services are open source / privacy respecting or self hosted solutions, this was the last step to finally be "free" and I just got up one day and decided to bite the bullet, buying the phone with cash.

BUT i made the rookie mistake of not checking banking app compatibility and as luck would have it, my banking apps outright blocked GOS users and no settings would work

Luckily with some patience and a bit of RE magic, I managed to come up with bypasses for 2 local banking apps in a little over 3 hours, it was laughably easy and any user could pull it off without changing any settings or installing anything.

issue: Here's the potential problem.

Now we may all know the Privsec GOS banking app compatibility list at first I was over the moon to make a useful contribution ESPECIALLY to a list like this.

And then it dawned on me, I'll be potentially shooting myself in the foot and here's how:

1-I live in a relatively small country that isn't mentioned anywhere in this list, I'll be the first one in my nation to make a contribution, while yes we do have wiggle room for internet freedom, the local government showed that it will not tolerate moves that will encourage the masses to take privacy routes, basically "if you're gonna do it, shut up about it or we're gonna come after you" it did happen before.

2-The population pool is small, to make matters worse, Google pixel phones aren't even a thing here, I had to REALLY dig around to find someone that sold these brand new, the second hand market is just as bad, no one is selling these phones so I imagine that people who actually have these phones here can be counted on my fingers.

3-The bank I'm using most probably already logged the phone type, It wouldn't be so hard for them to connect the dots if they got alerted about my bypass solutions, The privsec fill out forum needs me to include my phone model name and build number, potentially leading to a full OPSEC compromise.

Verdict / Thoughts:

I'm split on this issue, part of me things I'm over thinking the shit out of this situation and I'm over estimating their capabilities.

The other part is telling me that I'll be destroying my opsec and I should stop.

I'm thinking of falsifying Device name / model on the forum to avoid this but I don't know if this is even enough and I don't want to mislead other users.

TLDR: Local Banking apps blocked GOS, came up with a bypass but not enough people use Google pixel phones locally and this may lead to a full OPSEC compromise if I posted about it.

cross-posted from: https://hexbear.net/post/8330182

cross-posted from: https://news.abolish.capital/post/44825

military contractor Palantir is helping the IRS analyze dozens of different data sets on Americans to investigate a broad range of financial crimes, according to records shared with The Intercept.

Since 2018, the Internal Revenue Service’s Criminal Investigation division has used Palantir’s Lead and Case Analytics platform to aggregate and analyze a sprawling list of sensitive federal databases and data sets.

Public records detailing Palantir’s IRS contract, obtained by the nonprofit watchdog group American Oversight and shared exclusively with The Intercept, reveal the immense volume of data plugged into the military contractor’s software. The LCA uses both Palantir’s Gotham and Foundry applications to facilitate “analysis of massive-scale data to find the needle in the hay stack,” the contract paperwork says.

Documents indicate the IRS has paid Palantir over $130 million for these services to date.

Palantir’s LCA is ostensibly directed toward cracking down on fraud, money laundering, and other financial crimes. According to a 2024 agency privacy impact assessment, IRS “Special agents and investigative analysts … utilize the platform to find, analyze, and visualize connections between disparate sets of data to generate leads, identify schemes, uncover tax fraud, and conduct money laundering and forfeiture investigative activities.”

[

Related

Trump Wants to Put You in a Massive, Secret Government Database](https://theintercept.com/2026/03/17/government-surveillance-centralized-database-privacy/)

The IRS use of the software, launched under Trump’s first term and expanded under Biden, is now in the hands of an IRS Criminal Investigations office that has drastically scaled back its pursuit of tax cheats and pivoted, under Trump’s direction, toward investigating “left-leaning groups,” the Wall Street Journal reported in October.

“The real concern is the consolidation of vast amounts of sensitive personal data into a single system with minimal transparency — especially one built and operated by a contractor like Palantir, whose business model is premised on integrating data and expanding surveillance capabilities,” American Oversight director Chioma Chukwu said in a statement to The Intercept. “Its platforms have been used in deeply troubling contexts, from immigration enforcement to predictive policing, with persistent concerns about overreach, bias, and weak oversight.”

Palantir did not respond to a request for comment, nor did the IRS.

“The real concern is the consolidation of vast amounts of sensitive personal data into a single system with minimal transparency — especially one built and operated by a contractor like Palantir.”

The contract documents reviewed by The Intercept reveal that these “disparate sets of data” are vast. Palantir’s LCA allows the IRS to quickly search and visualize “connections from millions of records with thousands of links” between databases maintained by the IRS and other federal agencies. According to the contract documents, this data includes individual tax form and tax returns as well as Affordable Care Act data, bank statements, and transactions, and “all available” data compiled by the Treasury Department’s Financial Crimes Enforcement Network.

Its view apparently extends to cryptocurrencies including bitcoin, Ethereum, Litecoin, and Ripple. “The application would sit on top of a singular repository of identified wallets from seized servers utilizing dark web data obtained from exchangers such as Coinbase,” the documents note.

The program places an emphasis on mapping social relationships between the targets of an investigation. That includes analyzing a “network of people and the relationships and communications between them,” such as “calls, texts, [and] emails events.” The use of “IP address analysis” within LCA allows the IRS to “Identify suspects more easily” and “Establish (new) relationships among actors.”

These investigative functions are continuously updated, the materials say, through ongoing close work between Palantir engineers and IRS personnel.

[

Related

Palantir Will No Longer Profit Off of New Yorkers’ Health Data](https://theintercept.com/2026/03/24/palantir-new-york-city-hospitals-contract/)

The intermingling of sensitive data on millions of Americans comes at a time of increased global skepticism and opposition toward Palantir, which, despite its military-intelligence origins, has a thriving business with civilian agencies like the IRS. The use of Palantir software at the U.K.’s National Health Service, for example, has created an ongoing political controversy across Britain, while a similar contract with the New York City public hospital network was recently canceled following public protest.

The contract is also active at a time when IRS Criminal Investigations has been coopted to aid in the broader Trump administration’s aggressive agenda. In July, ProPublica reported that the agency was working with U.S. Immigration and Customs Enforcement to provide “on demand” data to accelerate deportations. Last year, the New York Times reported that Palantir, founded by Trump ally Peter Thiel, was central to an administration effort to increase data-sharing across federal agencies.

“The question isn’t just what it can do — it’s who it will be used against.”

The company’s right-wing politics and eagerness to facilitate U.S. and Israeli military aggression abroad, NSA global surveillance, and ICE deportations has also made many weary of its access to incredibly sensitive personal data. A recent post on the company’s Palantir’s X account summarizing a book by CEO Alex Karp triggered an immediate backlash from those unnerved by the manifesto’s fascistic bent. The bullet points extolled the virtue of arms manufacturing, argued the Axis powers were unfairly punished after World War II, called for a reinstatement of the draft, condemned cultural pluralism, and claimed that wealthy elites are unfairly persecuted.

“When the government can map relationships, track behavior, and generate investigative leads across data sets at this scale, the question isn’t just what it can do — it’s who it will be used against,” Chukwu said. “Entrusting that infrastructure to a company known for opaque, security-state deployments only heightens those risks.”

The post Palantir Is Helping Trump’s IRS Conduct “Massive-Scale” Data Mining appeared first on The Intercept.

From The Intercept via This RSS Feed.

Hi,

I have developed a foss program that ciphers data. Target audiences are groups of non-tech savvy activists, not able or not willing to use programs such as Kleopatra or Veracrypt, that need to protect highly sensitive data that needs to be accessed after an unknown amount of time (could be weeks or months, i.e. only in case of emergency). An example are antirepressive files in case of arrest, that provide the arrestee's colleagues with instructions on the arrestee's needs (medication, pets to take care of, lawyer to contact etc.). In this example, threat actors are primarily authoritarian governments.

The program consists of a serverless HTML file intended to be used in Tails in the Tor Browser, and it offers a symmetric and an asymmetric cipher mode, and an asymmetric cipher mode that includes Shamir's secret sharing for the decipher key.

It also has some extra features such as the option to export and import data from/to QR codes, and set default text fields (among other). The collective asymmetric cipher mode (the one with Shamir's secret sharing), as you can see in the docs, is made to target the threat vector of police infiltrators or collaborators.

I have detailed the cryptographic processes as diagrams and other info in the repo:

https://0xacab.org/gilare/cinf/-/blob/no-masters/docs/asymmetric-collective.md

https://0xacab.org/gilare/cinf/-/blob/no-masters/docs/asymmetric.md

https://0xacab.org/gilare/cinf/-/blob/no-masters/docs/symmetric.md

The program is meant to be used collectively: e.g. a group of activists manage their files through a single key pair.

It would be awesome if somebody could take a look at the cryptographic processes and provide feedback, last thing I want to do is provide insecure software to my friends and other activists, and I want to make sure I have not made a mistake somewhere. This is not the first review iteration, but I just want to be completely sure before I mark my software as production ready.

If you know somebody that has the needed knowledge to review this I would greatly appreciate it if you could ask them to take a look <3

A demo: https://gilare.itcouldbewor.se/cinf/

I’d like to process some Microsoft Word documents on my android tab. Do you have any recommendations on FOSS word editors that work with .doc and .docx on android?

hello,

TLDR: just enable DoH

Today, my friend and I were talking about SNI and deep packet analysis shit done by the government. I insisted that since they do this kind of shit they can block access to certain sites like TPB and other freedom websites. he suggested that I just enable DoH in firefox and see the magic happen. I didn't believe him until I enabled DoH and magic. I can access every censored website.

so just saying that sometimes the bypass is much simpler than we think!

also I am thinking that even if the DNS request is encrypted cant they see the TLS client hello message and block it? or is it impossible?

Hard to believe it's real, but it is. Developed at MIT.

From the company's website: "Your thoughts stay private. AlterEgo only responds to intentional, silent speech. Your private thoughts stay private, and you direct every interaction."

But that assertion assumes people can fully control their thoughts.

There are "neural rights" privacy experts who are heavily debating this tech. The nation of Chile went so far as to protect neural rights in their constitution.

https://www.alterego.io/

https://www.media.mit.edu/projects/alterego/frequently-asked-questions/#faq-how-does-the-system-work