So. I’ve been using startpage for a while and was wondering if it were better over DuckDuckGo ?

Due to Apple pulling ADP from uk consumers I think it would be fitting for us to discuss and suggest alternatives that our uk members could use and switch to.

BBC News - Apple pulls data protection tool after UK government security row

• "In a statement Apple said it was "gravely disappointed" that the security feature would no longer be available to British customers."

Washington post - Apple yanks encrypted storage in U.K. instead of allowing backdoor access

I guess removing access for the uk is better than backdooring it in silence. But still, not great.

Also, it is interesting comparing compliance on this with complying with the EU on sideloading apps.

Original title: 'Apple caved and pulled end-to-end encrypted backups in the uk' - record of bad take title

cross-posted from: https://lemmy.dbzer0.com/post/38292767

for English i use heliboard. but i type in other languages also, and there are no practical choices in foss keyboards for those specific languages which also have the mainstream IME/key layout for my language (not qwerty).

fcitx provides some hope for the future but for now, it also doesn't have the IME/key layout for my language (only has qwerty). hopefully it can also have handwriting in the future somehow (if only via user-installed model/blob similar to heliboard glide typing).

anyway, I'm on Graphene OS. so i wondered if revoking network permission and setting gboard permanently to incognito (is permanent possible?) would suffice to cut off data collection?

Hi guys just wanted to know in your opinion which one of the Android yt clients have integrated dearrow and SponsorBlock extensions features in the most complete way (like the desktop extension). Edit: Thank you all amazing people for the feedback. I gonna use pipepipe (which doesn't have dearrow) for now since Freetube android seems like needs more polishing for now and LibreTube doesn't work for me (both of these have implemented SponsorBlock and dearrow)

Is it a good idea to share files between two Android phones anonymously thru the SimpleX Chat transfer protocol? Or are there easier/better ways?

I am shocked by this - the quote in below is very concerning:

"However, in 2024, the situation changed: balenaEtcher started sharing the file name of the image and the model of the USB stick with the Balena company and possibly with third parties."

Can't see myself using this software anymore...

from the zero-accountability dept

I‘m looking into getting some very basic machine on which I would run tails to access the internet privately.

I’m mainly wondering if Tails runs on ARM machines already or if I need to get a regular Intel/AMD machine.

I’m also planning to physically disconnect the WiFi/bluetooth card and connect a mobile router via cable, that should work out of the box with tails no?

Came across this article and it got me thinking, are there any simple ways to defeat advanced tracking methods (fingerprinting, tracking pixels, etc.)?

Obviously you could go the Tor on a virtual machine route, or a non persistent set up like TAILS, but what about a browser that's able to give say, a 80% solution?

I work in the security industry and am always looking for the solution that is simple enough that its palatable to a client (not asking to change your whole lifestyle, just push this button) but also relatively effective.

from the be-the-stasi-you-wish-to-see-in-the-world dept

Please suggest a good and relatively affordable private email provider. I am considering tuta, mailbox right now. I know proton has gone rogue.

I cannot self host one and the email provider must be somewhat reputable as I will be using this for my work portfolio. Anything with €1-€3 per month is encouraged.

Police in the United Kingdom are using online content, referrals (prevent), and mass surveillance to identify people who may commit crime in the future.

I recently transferred one of my domains over to Combell (a registrar based in Belgium), and they gave me an email inbox under my domain as part of the package. However, I’m wondering if it’s trustworthy.

If it isn’t, I can set the registrar to redirect mail to the Posteo alias I currently use for the site. However, it would be convenient to be able to use this inbox.

I would, of course, be using PGP encryption when possible (although in practice this is infrequent).

Any thoughts?

My friend just sent this to me after seeing it at a Whole Foods in California:

With how easy it already is to tap a card, why would anybody sign up to use this for payment? It's mind boggling to me.

Screw just your finger prints, Amazon already has access to that database thanks to the 5-0, so they now want to know every line on your hand! Best at least give people palm readings after the sign up! /s

Hi yall, I have been receiving these email for a while now. The email address is no-reply@notify.proton.me but I’m pretty sure this is a phishing attack because not the first email (the one in blue) or the second account name (the one in red) are my proton account.

Someone knows these 2 gmail accounts and knows I have a proton one but doesn’t know the correct proton account name. Ofc my proton account is not linked these emails, not even for recovery situations.

Just heads up, this was not easy to spot.

Some of you may know that some specific instances have continued working for a while now (e.g. nitter.poast.org) thanks to them using account tokens.

Well - now the official instance also seems to be back online and using that method too. Haven't seen many people talk about this so I figured I should post it :).

https://github.com/zedeus/nitter

Andisearch Writeup

A security researcher known as Brutecat discovered a vulnerability that could expose the email addresses of YouTube's 2.7 billion users by exploiting two separate Google services[^1][^2]. The attack chain involved extracting Google Account identifiers (GaiaIDs) from YouTube's block feature, then using Google's Pixel Recorder app to convert these IDs into email addresses[^1].

To prevent notification emails from alerting victims, Brutecat created recordings with 2.5 million character titles that broke the email notification system[^1]. The exploit worked by intercepting server requests when clicking the three-dot menu in YouTube live chats, revealing users' GaiaIDs without actually blocking them[^2].

Brutecat reported the vulnerability to Google on September 15, 2024[^1]. Google initially awarded $3,133, then increased the bounty to $10,633 after their product team reviewed the severity[^1]. According to Google spokesperson Kimberly Samra, there was no evidence the vulnerability had been exploited by attackers[^2].

Google patched both parts of the exploit on February 9, 2025, approximately 147 days after the initial disclosure[^1].

[^1]: Brutecat - Leaking the email of any YouTube user for $10,000 [^2]: Forbes - YouTube Bug Could Have Exposed Emails Of 2.7 Billion Users

After a recent forced update, I can no longer login to my bank account, the app brings up google play and expects me to login to gplay for what ever reason,I am not logged into that cancer on my phone, so now I am fuming and don't want to be forced to make a google account on the phone. (by the way I have been using aurora to avoid gplay)

I am hoping someone has a some trick or app to bypass this ? I have talked to the bank but there is nothing they can do for just one weird customer !

Everything is going to shit in this dystopian technocracy