Do you prefer XMPP or Matrix, or are you using something else entirely?

World's most secure P2P messenger. End-to-end encrypted, zero-server architecture, quantum-resistant roadmap. WebRTC direct connections, advanced ECDH + DTLS + SAS verification, full ASN.1 validation. FOSS

https://github.com/Secureremovedat/securebit-chat

Surveillance strategies in the UK and Israel often go global

Android users have a tonne of options, but is there anything an iOS user can do to make their phones more private. It was not my choice to get an iPhone but it’s what was provided to me so I’m rolling with it.

I am trying to get better with my privacy, and I specifically want to try and avoid big US tech where possible. I know they there are many people saying you should use multiple browsers for better privacy and all that stuff, but I’m also being realistic with myself - I just want a solid browser experience that has decent privacy and i can live with that for the most part. Not opposed to maybe 2 browsers, but I’d like one daily driver, especially for work.

I do a lot of social media management and am using the Steam backend daily as I work for a game studio. I need to use YouTube and Bluesky and all those things, so it needs to handle media.

I’m running Vivaldi at the moment after jumping off Chrome. I don’t need to use Chromium. I was trialing Orion on my Mac but I use a Linux machine at home, a windows PC sometimes at work, having something across all would be nice and once again I know that is not 100% privacy, but it’s better than the average user.

Advice would be super appreciate.

Hi. I just got a new phone (Motorola) and spent a bunch of time manually removing access to location etc. I hate Google so much, "don't do evil" my ass. I'm just looking for my blindspots. Im not in tech so, what should be disabled to keep my phone private?

Hello all! I've been making the switch from American to European tech, and was wondering your thoughts on Vivaldi browser and Qwant search engine.

Vivaldi is based on Chromium and iirc not fully open source, but is still suggested in European tech spaces, and has a pretty good privacy policy.

Qwant is not open source, though claims to not to sell personal data or store searches.

What are your thoughts and perhaps suggestions for alternatives?

Lately I've been trying to degoogle/decorp my life in an effort to increase my privacy. So far I'm running GrapheneOS, using open-source software/apps (VPN, email, cloud storage etc), switched to Linux, switched browsers/search engines, and even switched from smart devices to analog ones. The only thing I have left that I can reasonably give up is a google home router. However, new routers are quite expensive for me. Is it worth buying a new one or does it even matter?

cross-posted from : https://lemmy.zip/post/59424100

German Chancellor Friedrich Merz has called for an end to widespread anonymity on the internet, saying users should post under their real names.

Many of us know how bad modern cars are for privacy. Yet many of our friends and neighbors do not realize how intrusive it really is. I linked a blog entry from Mozilla's investigation about car privacy. In that blog is a link to their make-by-make analysis. The amount of very intimate information a modern car collects is honestly appalling. It includes health data, real time mood information, weight gain or loss, and so on. And it does so even for passengers.

The web has many resources talking about this problem, but almost no resources on what to do about it. I know the simple thing is to say, "just drive an old car bro!" That's fine if you can, but not everyone can. Also it has drawbacks like more maintenance. Sometimes less safety if it's older than certain safety features. For the purpose of this thread, it is more interesting to focus on newer, surveillance enabled cars which are the majority of what people drive on the road today.

Some people have figured out how to bypass the surveillance package on some cars. One way is to uncouple the antenna it uses to phone home. Other times you can bypass the telematics module or remove a fuse that powers it. I feel like we really need a central model by model repository of information.

Past that, how do we prove it has worked, if we do it? Has anyone reading this tried to use an RF detector to see if their car is still trying to phone home, after they have bypassed telematics? What are your experiences? I want to buy one and use it to test my own car, but the info on the web seems sketch.

I hear it’s the first browser in a long while to come with a new engine. Completely independent and no revenue model. To me that would work well for privacy but I see no mention of privacy as any benefit. In fact I don’t see a privacy policy anywhere !

Is a goal of the browser to be telemetry free ? Should I as a person who cares about privacy be showing any interest?

This app gets suggested as reddit/discord alternative that's privacy-conscious but like wtf it says I've been blocked ever since I got it. It's probably because I'm in a conservative 3rd world country but wtf?

Can't use VPNs to bypass it either. Anyone who's used it, is there a workaround, or do I just have to ditch the app?

Like many here, I don't use google services and I disable everything i possibly can that's related to it.

However, I realized if I lose my phone, I'm boned. And whoever has it could probably bypass my lock.

I found FMD on f droid. Any other good programs out there?

Phone is an s23 (unfortunately)

I think most of us are aware of the shady history of Reddit when it comes to respecting privacy (and if not, here is but one example: https://techcrunch.com/2023/09/28/reddit-is-removing-ability-to-opt-out-of-ad-personalization-based-on-your-activity-on-the-platform/)

I'm wondering what you feel are the pros and cons of Lemmy in this regard?

On the one hand, Lemmy is structurally very different. There’s no single corporate entity building detailed behavioural ad profiles, most instances run minimal (or no) tracking, and you can choose an operator whose logging, retention, and analytics policies align with your risk tolerance.

Hell you can roll your own (yes, with black jack and hookers).

In theory, that alone removes a huge chunk of the surveillance-capitalism model that platforms like Reddit depend on.

On the other hand, your posts, comments, and votes are not confined to one database - they propagate across multiple servers, each with their own admins, logs, and retention practices.

Deletion is best-effort, not guaranteed. You’re effectively trusting a network of operators, not just one. I dunno whether that makes it better or worse.

Any deep thoughts on this conundrum?

PS: I'm leaning towards "don't say anything you wouldn't in a court of law" model these days. If its online - and you don't own the infra - there's always a risk.

Proton VPN/mail. It's often recommended as being safe, but I'm not so sure.

It has servers in Israel. Ties to Israel are never a good thing. Palantir, Epstein, etc are tied to Israel, and Israel also is known for its surveillance. It is also true that it's completely legal there for them to access and monitor any and all information that passes through VPNs or networks there.

I'm looking for a safe alternative that's privacy-conscious and isn't linked to Israel. Both mail and vpn (it's fine if they're separate). Please let me know if you guys know.

Israeli companies have developed and are selling advanced cyber tools that can hack into the tech of your car and use it to collect intelligence on you.

Three years ago, Haaretz revealed the existence of the offensive cyber intelligence company Toka, which was co-founded by former Prime Minister Ehud Barak and a former Israel Defense Forces cyber chief, Brig. Gen. (ret.) Yaron Rosen. The firm specialized in hacking into security cameras, but as documents obtained by Haaretz at the time revealed, Toka also had a product called CARINT that fused camera data with data linked to cars.

At the time, the industry was in its infancy. But industry sources say that Toka has since expanded its offering on cars. It has developed and even sold a product capable of hacking into a specific vehicle's multimedia systems, pinpointing its location and tracking its movements; that is, a specific model by a specific manufacturer. The technology can even remotely access the microphone of the vehicle's hands-free system, allowing eavesdropping on the driver, and even tap into cameras installed on the dashboard or around the car.

Wanted to share something I’ve been trying for the last few months on my Samsung phone (I know, I know) to cut down ads, tracking, and random background noise. Perhaps it is of use to others.

It’s a bit more manual than most setups, so YMMV. Also, my device doesn’t have reliable custom firmware that keeps VoLTE working (which I need here), so this is the “no-root, stock OS” route.

TL;DR: I’m running a layered setup. DuckDuckGo App Protection (local VPN), Private DNS (Mullvad adblock), Karma Firewall to sandbox network access, plus ADB to disable stubborn background/analytics apps. All free tools.

What each layer actually does:

1. DuckDuckGo “VPN” (App Protection) - this is a local/on-device VPN, not a traditional “change your IP” VPN. It routes app traffic through Android’s VPN interface so it can block trackers and hidden connections system-wide. It’s more of a privacy filter than an anonymity tool, but it still reduces data leakage.

2. DDG Browser - lightweight, minimal background noise, and pairs nicely with the tracker blocking above. I know DDG has some controversy attached to it but it works for me / is somewhat faster on my device than alternatives (eg: Fennec). YMMV.

3. Mullvad Private DNS (adblock) - filters at the DNS level, so many ad/tracking/malicious domains never resolve in the first place. Works across the whole device without root. Free to use with ZDR policy.

4. Karma Firewall - lets me block apps from accessing the network unless I explicitly allow them. Stops a lot of “phone home” behavior from random apps. Testing between this and DDG as only 1 VPN slot.

5. ADB cleanup - disables leftover bloat/analytics services that keep waking the phone (Samsung, M$oft etc) that otherwise can't be killed.

My approach is basically: filter first, restrict second, minimize trust, sleep the rest.

Results so far:

• On a 2019 Galaxy A20 (3 GB RAM), I’m getting ~2 days of usable battery. Thats a 6yr old phone.
• UI feels noticeably snappier (setting animations to 0.5x in Developer Options helps too).
• Less background traffic, less tracking/metadata leakage, built-in ad filtering (no root).
• Lower data usage → cheaper mobile plan is now viable (I switched to a $120 for 365 days unlimited SMS and calls with 120GB data)

Fair warning: because multiple layers are filtering traffic, some people may see:

• Apps/login flows breaking
• Slower connections
• Certain services (banking/streaming/region-sensitive apps) acting weird

In my case it’s been stable, but layered setups always depend on your exact app mix and network.

Anyway, just sharing my “no-root privacy stack” setup. YMMV.

Karma FW: https://f-droid.org/packages/net.stargw.fok/

DDG: https://f-droid.org/packages/com.duckduckgo.mobile.android/

DNS: adblock.dns.mullvad.net

Note: Private DNS can run alongside a VPN-based tracker blocker just fine, but Android typically allows only one VPN-based firewall/tracker-blocker per profile at a time.

So DDG App Tracking Protection and a VPN-style firewall may conflict unless you separate them by profile or choose one.

The work around is: Settings → Connections → Data usage → Data saver Enable Data Saver Only allow a short whitelist of apps as “Unrestricted”.

There is no truer adage to me than nothings is perfect. And when it comes to anything related to Discord it’s no different.

Discord itself to me has been an issue for years. Its use of data collection, the obsession of companies trying to buy it all were concerning. For me the latest age verification just further reinforces my beliefs. That being said the majority of users who ignored all this and kept going, really nothing would change. Most people I know use Discord lightly and aren’t in large chats that use hentai gifs. I still would tell anyone who would listen to get out of dodge. But if you never cared about data usage then you’re probably not going to start now.

For all the alternatives out there truth is, none are really anywhere near perfect. Matrix and most of its clients while encrypted don’t offer true jump in /jump out game chat. More a kin to Skype really. Foss Discord implementations like Spacebar are to all over the place and for me are not really functional. Stoat while probably my favorite is still really small and not holding up to the stress of the user influx. And of course it’s missing “discord features” and the new kid Fluxer while appealing is still to new and it’s monetization model a little to concerning. 300 bucks as a backer for unproven project ? And of course with the exception of Matrix none of the other projects currently offer encryption.

Truth is no option really is ideal. Truth is all the options have some pretty serious flaws. And truth is getting your large swaths of friends to move might be close to impossible.

So if you are looking to move please do some digging. Ask people who use the apps their opinions. Try to as a group of friends chose to make a move.

And the final truth is it’s a really good thing we finally have some options. No matter the flaws having competition brings innovation.

I hope this posts helps clear up some things for people who might be confused or concerned.

I'm currently using Librewolf primarily, as it has good out of the box privacy settings. I really just added Ublock Origin on top of it. I've recently seen another uptick in Zen recommendations though, and I must admit that I like the UI. I'm sure it has worse defaults than Librewolf, so what are the things I should probably apply and what extensions should I download for some extra privacy?

And is the browser even any good beyond the initial impression?

Hey all -

Just curious if anyone has seen a notice related to the news below. Reporting says hundreds sent out and that in most cases the tech companies have to notify the person and give time to contest it. So it would be good to get a clear example of these admin subpoena notices so we can all be on the lookout:

https://www.rawstory.com/ice-2675268854/

Or maybe this is some huge bullshit scare tactic.

Thank you!

cross-posted from: https://infosec.pub/post/42164102

Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…