I have been messing around with creating a homoglyph keyboard for Android, but I'm wondering if it's even worthwhile. Is there any benefit to masking your messages with homoglyphs? Primarily I think it could defend against an LLMs ability to easily scrape messages. In my experiments ChatGPT and DeepSeek both get confused by homoglyph messages unless you instruct it to determine the likely alphabet characters and numbers for each individual character.

For the uninitiated, Ꮋ0ᛖοԌⅼуᏢʜѕ áᚱе ᏟｈäʀɑсᎢᎬᚱႽ ｔｈàτ Ｌоοᛕ ⅼіᛕË ᏞëｔＴêᚱᏚ

What service would you recommend for receiving SMS confirmation codes etc. that is not blocked by most services (which probably only leaves the paid ones)?

Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.

The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies. Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people said, speaking under the condition of anonymity to discuss legally and politically sensitive issues.

Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.

The office of the Home Secretary has served Apple with a document called a technical capability notice, ordering it to provide access under the sweeping U.K. Investigatory Powers Act of 2016, which authorizes law enforcement to compel assistance from companies when needed to collect evidence, the people said.

The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.

Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.

In March, when the company was on notice that such a requirement might be coming, it told Parliament: “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”

The Home Office said Thursday that its policy was not to discuss any technical demands. “We do not comment on operational matters, including for example confirming or denying the existence of any such notices,” a spokesman said.

Senior national security officials in the Biden administration had been tracking the matter since the United Kingdom first told the company it might demand access and Apple said it would refuse. It could not be determined whether they raised objections to Britain. Trump White House and intelligence officials declined to comment.

One of the people briefed on the situation, a consultant advising the United States on encryption matters, said Apple would be barred from warning its users that its most advanced encryption no longer provided full security. The person deemed it shocking that the U.K. government was demanding Apple’s help to spy on non-British users without their governments’ knowledge. A former White House security adviser confirmed the existence of the British order.

At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022. It had sought to offer it several years earlier but backed off after objections from the FBI during the first term of President Donald Trump, who pilloried the company for not aiding in the arrest of “killers, drug dealers and other violent criminal elements.” The service is an available security option for Apple users in the United States and elsewhere.

While most iPhone and Mac computer users do not go through the steps to enable it, the service offers enhanced protection from hacking and shuts down a routine method law enforcement uses to access photos, messages and other material. iCloud storage and backups are favored targets for U.S. search warrants, which can be served on Apple without the user knowing.

Law enforcement authorities around the world have complained about increased use of encryption in communication modes beyond simple phone traffic, which in the United States can be monitored with a court’s permission.

The U.K. and FBI in particular have said that encryption lets terrorists and child abusers hide more easily. Tech companies have pushed back, stressing a right to privacy in personal communication and arguing that back doors for law enforcement are often exploited by criminals and can be abused by authoritarian regimes.

Most electronic communication is encrypted to some degree as it passes through privately owned systems before reaching its destination. Usually such intermediaries as email providers and internet access companies can obtain the plain text if police ask.

But an increasing number of tech offerings are encrypted end to end, meaning that no intermediary has access to the digital keys that would unlock the content. That includes Signal messages, Meta’s WhatsApp and Messenger texts, and Apple’s iMessages and FaceTime calls. Often such content loses its end-to-end protection when it is backed up for storage in the cloud. That does not happen with Apple’s Advanced Data Protection option.

Apple has made privacy a selling point for its phones for years, a stance that was enhanced in 2016 when it successfully fought a U.S. order to unlock the iPhone of a dead terrorist in San Bernardino, California. It has since sought to compromise, such as by developing a plan to scan user devices for illegal material. That initiative was shelved after heated criticism by privacy advocates and security experts, who said it would turn the technology against customers in unpredictable ways.

Google would be a bigger target for U.K. officials, because it has made the backups for Android phones encrypted by default since 2018. Google spokesman Ed Fernandez declined to say whether any government had sought a back door, but implied none have been implemented. “Google can’t access Android end-to-end encrypted backup data, even with a legal order,” he said.

Meta also offers encrypted backups for WhatsApp. A spokesperson declined to comment on government requests but pointed to a transparency statement on its website saying that no back doors or weakened architecture would be implemented.

If the U.K. secures access to the encrypted data, other countries that have allowed the encrypted storage, such as China, might be prompted to demand equal backdoor access, potentially prompting Apple to withdraw the service rather than comply.

The battle over storage privacy escalating in Britain is not entirely unexpected. In 2022 U.K. officials condemned Apple’s plans to introduce strong encryption for storage. “End-to-end encryption cannot be allowed to hamper efforts to catch perpetrators of the most serious crimes,” a government spokesperson told the Guardian newspaper, referring specifically to child safety laws.

After the Home Office gave Apple a draft of what would become the backdoor order, the company hinted to lawmakers and the public what might lie ahead.

During a debate in Parliament over amendments to the Investigatory Powers Act, Apple warned in March that the law allowed the government to demand back doors that could apply around the world. “These provisions could be used to force a company like Apple, that would never build a back door into its products, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” it said in a written submission.

Apple argued then that wielding the act against strong encryption would conflict with a ruling by the European Court of Human Rights that any law requiring companies to produce end-to-end encrypted communications “risks amounting to a requirement that providers of such services weaken the encryption mechanism for all users” and violates the European right to privacy.

In the United States, decades of complaints from law enforcement about encryption have recently been sidelined by massive hacks by suspected Chinese government agents, who breached the biggest communications companies and listened in on calls at will. In a joint December press briefing on the case with FBI leaders, a Department of Homeland Security official urged Americans not to rely on standard phone service for privacy and to use encrypted services when possible.

Also that month, the FBI, National Security Agency and the Cybersecurity and Infrastructure Security Agency joined in recommending dozens of steps to counter the Chinese hacking spree, including “Ensure that traffic is end-to-end encrypted to the maximum extent possible.”

Officials in Canada, New Zealand and Australia endorsed the recommendations. Those in the United Kingdom did not.

UK government is trying to get into iCloud end-to-end encryption. (Again?)

Makes me think about email servers too. Most of my private information is in emails, and not only I use a service where the host machines access the email, so do almost everyone I email to/from.

Hi all,

I use ublock origin in medium blocking mode which blocks a lot of urls by default, google / youtube included. For the longest time I have to unblock, google.com, googlestatic.com, youtube.com (and usually some more) every time I want to watch an embedded video.

I don't use the youtube website in general, I use freetube for all my youtube watching. Libredirect even opens direct youtube links in freetube but it can't handle embedded videos (at least not in a way without unblocking the urls before).

The best solution would be a userscript or extension that replaces all embedded youtube videos with links I can click to open them in freetube. I was surprised I couldn't find something like this. Does anybody know about a solution?

*EDIT: I found a a way to make embedded youtube videos clickable: https://xcancel.com/gorhill/status/1377613397710229506#m

This is straight from the ublock origin developers. Sadly even in this case you have to globally unblock youtube.com and google.com which is a no go for me.

Cheers

Hello! I recently tried NextDNS and noticed that is detects my current DNS resolved on the go. I just opened its website and it immediately showed my current resolver: When I tried changing private DNS to Cloudflatein settings it instantly showed my new resolver. But how exactly it works? Does the browser send used DNS server to website? Or it is done somehow via JavaScript? And also: So every website can know what I am using now? Can it be used for fingerprinting?

If you are living in a country that is not save and free from politically motivated prosecution or other dangerous pursuits, all activities, messages and so on, that are critical of that country could be seen as dangerous to said system and therefore illegal. So making them public puts you in great danger. By “public” I don’t mean publicly available, but readable for state actors.

If you are living in a currently safe system, the internet does not forget things. So when it flips to an unsafe country, all your previously save thoughts, messages and so on are now illegal and are already out in the net. That puts you in great danger if you ever in your past had interactions which are now seen as illegal. And you can never know which topics could be illegal or dangerous by then. 

Another example would be traveling to unsafe states that you were ever critical of. 

All of those (and possibly more) scenarios are dangerous for you as the actor, but for any family member of yours in the future (or past) as well. 

So would it not always be in your interest to hide as much as possible, not just depending on your current situation or the assumed threat level? I have a hard time wrapping my head around statements like securing oneself depending on one’s threat level.

I recently put together a detailed opsec guide that covers practical steps for reducing your digital footprint, securing communications, and avoiding common pitfalls people make when trying to stay private online.

The goal was to create something that's actually useful and not just the usual "use a vpn and tor" advice. I tried to break down realistic methods that can help both beginners and people already familiar with opsec.

Id love to get some feedback from the community - what's missing, what could be improved, and if there's anything you disagree with.

I entirely understand that the more secure and private a means of communication gets, the less convenient it is. That being said it seems like there should be some way to be reasonably secure while still being able to promote these types of things.

To be completely transparent I am not planning on being said organizer of protests, but recent events have simply piqued my interest in the topic. I've read certain frequently referenced materials like "What is Security Culture", "Confidence Courage Connection Trust", and "Mobile Phone Security for Activists and Agitators". I feel like the more resources I read the more it seems like there is no general consensus on the best solutions even for similar threat models.

So far the only thing I've truly gathered is that if you want the best security and privacy you should just not use online communications, which obviously is sub-optimal for gaining traction.

Some people say using Signal is the best means of communication, but that the use of phone numbers and centralization could be a concern. Some people say SimpleX, but cite concerns about notifications or how it hasn't been around long enough to be fully vetted. There's Briar which actually seems great but goodbye to every iPhone user.

Is there any completely solid answer to such a scenario where privacy and security must be upheld while maintaining outreach? I get all things will have their tradeoffs, but is the best solution really just using network communications as little as possible and being careful about your presence?

I just finished setting up a custom router with dns ad blocking. Next comes a media player so I can purge this smart TV filth from my household.

Huge shout out to Louis Rossmann and the FUTO communuty contributors, check out the wiki on self-hosted software if you haven't already.

Wiki link

I've been looking to improve the home network in my home lab. It seems that Ubiquiti has everything I could want in their various products.

However, it seems too good to be true. How much snooping does the router/firewall/APs do on my traffic? If you have a similar case, what has been your experience with Ubiquiti?

My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I'm guessing there's a better, more private, option?

I grew up in the 90s. I remember using dos commands and installing a cdrw drive in our family’s compaq pc so I could burn cds with music I found on Kazaa. Somehow, I didn’t learn what I needed to in order to set up what I’d like to have privacy wise.

Posting here before I just start getting computer science textbooks, looking for any resources to increase my knowledge and ability with computers, networking, and connectivity. Podcast, video content creators, books, anything. I’m going to make time to do some online learning for python. My current programming knowledge is limited to excel/VBA

What I want to have:

Linux mini pc connecting to tv for torrents/streaming. I’ve heard about using a mini pc before the isp modem to filter dns and tracking- I do not understand this, but I have heard of flashing routers with different os

As safe and private a phone as possible that can still be moderately convenient- probably going to get a used pixel with graphene using Wi-Fi only/no sim

Security cameras with secure, private storage- need to learn about self-hosting

Below are the topics I’d like to be able to study on my own time. I’m grateful for any advice but I’m stubbornly curious and need to understand the underlying concepts- not just a step by step.

Internet protocol; I get the gist of things like dns is a phone book for ip addresses; vpn is a not a magic bullet, it’s just a shifting of trust; cell phones are pretty much unable to be completely anonymous without tremendous work and sacrifice.

Computer/network systems; troubleshooting Linux problems, editing boot loaders defaults (I have a pc w dual boot windows and Linux, tried to remove the Linux to try another distro, couldn’t get it). Flashing Wi-Fi routers and associated troubleshooting, setting up self hosting- plex jellyfish, backup data. Performance figures for computers and what that means for various applications, like you’d need x gb for this, and an ssd of x for that

Purchasing and scrubbing used devices- I like the idea of reducing e waste and picking up a dell optiplex from a thrift store.

I’m also aware I’m in that space where I don’t know what I don’t know yet; so I’m probably missing topics.

What am I missing? Where should I look?

So...yeah. As I'm moving away from google, I'd like to store my contacts elsewhere. I have proton (I know, I know), but this is also not great, since their system isn't too android-friendly. Which system (maybe self-hosted) would you suggest to easily sync/backup your contacts?

Thanks!

Whatsapp is privacy invasive, and we likely know that even when using E2EE, this is possible due to metadata tracking.

An easy way to avoid one creepy thing, contact scanning and the creation of "who knows whom" social nets, is to not grant apps permission to your contacts!

But this is not easy, as apps often enforce this, just as they do with

• embedded cameras instead of using the system camera
• embedded galleries instead of the 2 available portals (but Google will soon forbid that)
• asking for unneeded permissions

Only GrapheneOS also allows blocking these permissions

• sensors
• internet
• loading code from memory i.e. from the internet (why would they do that? Is there something they want to hide?)
• debugging their own code to spy on the system behavior

But this app can help everyone on any Android to at least fix this :)

DAITA: Defence Against AI-guided Traffic Analysis. Which one of these would consider to be the best option for privacy? I can't have both on at the same time.

Not sure, how long Google is at it, it may just be new to me, but today the wife googled for something, and she couldn't get there as the response was "can not connect". "Fix the internet NOW!", was my order.

Analysing the link on Google's page, it displayed the link as https://www.example.com/, but it actually goes to https://googleadservices.com/?blabla, which is blocked by our DNS, therefore the error.

Displaying one link, but going to another is misleading, lying, tactics of phishers and scammers, IMO.

Is this new, or is it just me, who never clicks on the first result of a Google search?

cross-posted from: https://fed.dyne.org/post/380551

cross-posted from: https://lemmy.dbzer0.com/post/36841328

Hello, everyone! I wanted to share my experience of successfully running LLaMA on an Android device. The model that performed the best for me was llama3.2:1b on a mid-range phone with around 8 GB of RAM. I was also able to get it up and running on a lower-end phone with 4 GB RAM. However, I also tested several other models that worked quite well, including qwen2.5:0.5b , qwen2.5:1.5b , qwen2.5:3b , smallthinker , tinyllama , deepseek-r1:1.5b , and gemma2:2b. I hope this helps anyone looking to experiment with these models on mobile devices!

Step 1: Install Termux

1. Download and install Termux from the Google Play Store or F-Droid

Step 2: Set Up proot-distro and Install Debian

1. Open Termux and update the package list:

   pkg update && pkg upgrade
   

2. Install proot-distro

   pkg install proot-distro
   

3. Install Debian using proot-distro:

   proot-distro install debian
   

4. Log in to the Debian environment:

   proot-distro login debian
   

   You will need to log-in every time you want to run Ollama. You will need to repeat this step and all the steps below every time you want to run a model (excluding step 3 and the first half of step 4).

Step 3: Install Dependencies

1. Update the package list in Debian:

   apt update && apt upgrade
   

2. Install curl:

   apt install curl
   

Step 4: Install Ollama

1. Run the following command to download and install Ollama:

   curl -fsSL https://ollama.com/install.sh | sh
   

2. Start the Ollama server:

   ollama serve &
   

   After you run this command, do ctrl + c and the server will continue to run in the background.

Step 5: Download and run the Llama3.2:1B Model

1. Use the following command to download the Llama3.2:1B model:

   ollama run llama3.2:1b
   

   This step fetches and runs the lightweight 1-billion-parameter version of the Llama 3.2 model .

Running LLaMA and other similar models on Android devices is definitely achievable, even with mid-range hardware. The performance varies depending on the model size and your device's specifications, but with some experimentation, you can find a setup that works well for your needs. I’ll make sure to keep this post updated if there are any new developments or additional tips that could help improve the experience. If you have any questions or suggestions, feel free to share them below!

– llama

So, I was told to not use Signal, so all that is left is Matrix. And I am not techy enough to have my own server and neither are my relatives, so Matrix.org is the only option

I saw Nubo mentioned in a thread a while back but there were only a few comments. Does anyone use Nubo? What has your experience been like?

https://nubo.coop/en/