Hey all, so I randomly decided to check over Windscribe's VPN relationship chart again to look over some stuff on various providers. I always make sure to check the sources rather than just taking what it says and I already use Mullvad so it was really just mindless reading more than anything.

But going through Surfshark's entry, there was this

[3] SurfShark's TrustDNS app is used to collect data on the user for advertising and marketing purposes.

Advertising. We may receive certain information about you (cookie id, mobile device id, when you use our Trust DNS app – advertising IDs, in app events, such as in-app purchase or amount and type of ads watched, information about what browser, network, or device is used to access and use Trust DNS) from certain advertisers and advertising partners for advertising purposes. Our advertising partners help us deliver more relevant ads and promotional messages to you, which may include interest-based advertising and account-based advertising." Legal basis for the processing of personal information is our legitimate interest to deliver relevant ads and promotional messages to you." 

The source they provided to find the privacy policy was: https://surfshark.com/trust-dns

Obviously a VPN company ever making something that does all this is... Pretty bad? From what I can tell looking up stuff it was launched in September 2019. For how long it lasted I have no real clue. Best I can find was this Github repo developed by someone who has like no other commit or repository history that only hosts DNS servers and was last updated in 2020??? Archive.org and other sites on cachedvuew provide nothing when I use the URL above, and it just goes to the normal Surfshark homepage now.

https://github.com/TrustDNS https://github.com/SharonBarcia

This whole thing just feels very strange overall. So if someone could shed some light on this I'd be pleased!

A massive thanks to @LuanRT for providing the fix regarding to the extraction of the deciphering functions. Also, big thanks to @PikachuEXE for coming up with a potential alternative solution!

https://github.com/FreeTubeApp/FreeTube/releases

I keep thinking about this.

1. Most retro handhelds do not have cellular network chips, gps, or even built it microphones or cameras in many cases. But many do still support wifi and Bluetooth.

2. The vast majority of them do support either Linux, Android, or both. This is the area that needs the most work, since the Linux distros on these devices are so stripped down that they can't do much more than run emulators and a few bespoke game engine compilations. And for the Android-supporting devices, there would be a need to build more privacy-respecting roms. But that's the thing - many of these devices openly support that, it's just not something the communities have gotten around to creating.

3. While this would become less useful with popularity, this kind of approach would be a form of steganography. If you're in an extreme situation where you or your belongings are being searched, how many people are going to suspect that the little Retroid Pocket gaming handheld is even something you can or might be storing your private info on?

Edit: Judging by the comments so far, I underestimated how unknown these devices must be still. While they do technically include handhelds like the PSP/Vita, 3/DS, etc; these days when people use the term "retro handheld" they're usually referring to a veritable cornucopia of gaming devices that come in a wide variety of hardware configurations and form factors. They are most often ARM-based devices, though there are even a couple that are pocketable fpga devices. Some of them are even small enough to be keychains.

Right now some of the most popular companies in this category include Retroid, Anbernic, Ayn, and Ayaneo. There is also a large selection of 3rd party custom firmwares out for many of these devices. But again, most of these are just very stripped down versions of Linux. Instead of full fledged desktop environments, they normally have media center style frontends like Emulation Station. And as far as I know, none of them have bothered to port any of the conventional Linux package managers.

As far as I understand, there is no technical reason why PostmarketOS, Mobian, or LineageOS for MicroG couldn't be ported to at least some of these devices, as some examples.

Hopefully that is enough resources for anyone to start to get up to speed. It should be apparent that full, unbroken system experiences with up-to-date software is possible on at least some of these devices, even including apps like Signal.

So I have a young teen entering 7th grade and so they're about to receive their first phone. With that, it opens a lot of doors to all the big tech social media apps and privacy invasive services.

I'm not sure how to approach this. My parents probably want tracking features so it'll probably be Find My or a 3rd party app like life360 depending on if we choose iphone or degoogled pixel.

Social media I'm not sure if fediverse stuff is the right path especially for lemmy, since it's just tech nerd stuff and politics which isn't interesting really unless they go out of their way to find smaller communities. Their friends will probably force them onto Instagram or some shit and I don't really want them doomscolling on reels, that shit algorithm, and the malicious messaging app built in to it.

It's just kinda hard trying to blend being a functional member of society and maintain your mental well being and privacy.

• I tried to copy the text. Couldn't.
• I tried to use Reader Mode. Couldn't.
• I tried to use Firefox's webpage screenshot feature. Couldn't.
• I tried to scrape it with a home-made script. Couldn't.
• I tried to scrape it with an online LLM. Couldn't.
• I tried to find the text in Archive.org. Couldn't.

They want you to see that they ticked the boxes as a responsible company ("Ah, yes. A formal privacy policy. Ooh. Such a responsible company."), but they don't want you to hold them accountable for their words, because they want no registry of what they've promised!

I've used Graphene OS for years, but only recently started taking advantage of the profiles feature.

Currently the Owner profile that you log into on first boot is my main profile, and I have a secondary decoy profile that I can switch to. Is this the best way to do this, or should it be the other way around so that on first boot you go into the decoy, which also allows you to end the session of the main profile?

I've been thinking about this for a bit but I couldn't come up with anything.

The idea is that you have a VOIP number and some self-hosted VOIP infrastructure connected to a landline phone. WhatsApp, Signal and voice traffic from other apps would be redirected to this landline phone instead of your mobile phone.

Is there a way to do this? How do I get started?

Reasoning: I can now keep my phone isolated, wrapped in a thick towel and inside a solid box to prevent it from eavesdropping on me inside my own house.

Please do not respond with messages like "you're too paranoid", it doesn't help.

Thanks

Just wanted to share my setup and see if anyone has suggestions or feedback. Also share yours.

Phone : GrapheneOS(pixel 7a)

1. No google play service on my main profile. Rethink DNS (NextDNS DoH) blocks ads, trackers, and all Google & Facebook DNS (except WhatsApp).

2. Some FOSS apps like Aurora Store & NewPipe need Google servers, so I have excluded them in rethink dns.

3. Work Profile (with Island) with GrapheneOS’ sandboxed Play Services, but I use it maybe once or twice a month only for apps that absolutely need it. It stays turned off most of the time. If an app works on main profile without any issues, will use it. If not, will try to use it in firefox (as lack of play services doesn't matter). If only app is available (and not web version) and it doesn't work on main profile, will use it in work profile.

4. Hardened Firefox fork(Ironfox) for private browsing. Main Firefox for a few services where I have to stay logged in and don't have apps or want to use their apps.

5. Network & Sensor Restrictions: If an app works offline, I block its internet access. Also, disabled sensors for apps that don’t need them.

6. Mostly use foss apps from f-droid(droidify).

7. Email: moved from gmail to protonmail

PC/laptop: Arch linux kde on pc and fedora kde on laptop.

1. Not much to say. Most used apps are firefox and Zed. I allow data collection on kde as I want them to improve it.

Home Server: Raspberry Pi 4B

1. SSH hardening: Non standard ssh port(yes, I opened the port externally because I depend on my home server and need to access it remotely). SSH keys or password+totp, Fail2Ban, ufw.
2. Services running: Arr setup(jellyfin, prowlarr, radarr,sonarr, qbittorrent), pihole, Immich, Authelia(for now). All data sensitive services behind authelia with totp.
3. Nginx Geo-blocking: Only allows access from my country IPs
4. Weekly backups because data loss sucks.

Network & Router: OpenWRT (TP-Link)

1. Not much to say: Running default firewall rules with network-wide ad/tracker blocking via pihole and some ports opened.

Looking for the most privacy respecting baby monitor available. Doesn't have to be overly complicated, just the ability to watch a video feed from an app on my phone. It's a must have from the wife, so trying to find the best option and accepting some losses in privacy is likely necessary.

Does anyone know of any resources regarding threat modeling worksheets? Specifically for individuals (as opposed to a corporation)

I am resharing it to benefit the highest amount of people.

I wanted to list and ask for platforms that can substitute YouTube.

Here it's:

• NASA+, Space and Astronomy Videos.
• Vimeo, Professional Videos and Documentaries.
• TED, Talks and presentations.
• PeerTube, there is not a lot of videos, but some creators upload there.
• ARTE, Euro documantries and analysis.
• RedBull TV, Sports related videos.
• RTE Player, Journalism.
• BBC videos, diverse topics.
• NFB Films, Canadian Films.

cross-posted from: https://sopuli.xyz/post/24530208

ROME - For nearly two months, the Italian government has evaded questions, dismissed allegations, and shifted its narrative in the face of mounting pressure from opposition parties and activists.

Now, a turning point: Undersecretary Alfredo Mantovano has reportedly admitted that Italy’s intelligence services authorised spyware surveillance on members of the NGO Mediterranea Saving Humans. Yet, a crucial mystery remains - who was behind the surveillance of Fanpage.it director Francesco Cancellato?

The parliamentary intelligence oversight committee (Copasir) is investigating whether the use of the Israeli spyware complied with Italian law and whether intelligence services acted within their mandate in authorizing preventive wiretaps.

While the hearings remain classified, leaks from Tuesday’s session published by La Repubblicasuggest that Mantovano - who oversees intelligence agencies - acknowledged that the government had approved surveillance on certain activists. However, he maintained that Cancellato was never among the targets.

Hej,

Tractive is a service to track dogs and cats, via a GPS tag attached to their collar.

I'm more than aware this isn't a privacy conscious service, but from what research I did it was by far the most "effective" service and easily accessible.

I paid a full year subscription for this service during January. But now two months later they have changed their terms. They do not list what these changes are.

My Questions are:

1. What's the best way to find the differences in the old vs. new terms?

2. I bought the product before these changes were made, does that somehow give me a right to continue using them under the old terms?

3. Considering I bought this before the changes, and if I don't agree with new terms, do I have the right to a refund?

Appricate any suggestions!

Hi,

The general consensus amongst the Android community is that rooting is detrimental to privacy. In a sense, I agree with them since privilege escalation because of human error becomes a much bigger threat if the user has root access.

Android has a big privacy problem encapsulated in one word: "baseband". Your modem and other hardware running in your device don't run FOSS firmware and are likely actively malicious towards your privacy.

I am a Linux user, and I understand that concepts do not necessarily transfer well between the two. With that in mind:

1. If I wanted to be absolutely certain that sensistive hardware like Camera, Microphone and Modem were truly off, would shutting them off as root hold any real significance?
   • I do not know what the equivalent of Intel ME is called in the Android space, but I doubt that a highly complex OS is running beneath general Android as we know it. I think it's just the firmware of the individual device that we need to worry about.
2. Is it possible to replace the bootloader on some Android devices/prevent it from loading unwanted firmware?

With Google taking Android behind closed doors, I suspect we will start seeing some suspicious snippets of code here and there with questionable purpose, but which might be missed by FOSS volunteers because of the sheer volume of work that is. I'm thinking of ways we can try to evade this blatant grab of our personal data.

It is fascinating that the search engine changes domains every single time you use it. While I'm big into privacy, I don't understand all these intricate details, but it seems cool and has yielded pinpoint results so far.

I just learned about the vast network of https://trom.tf/ through... hmm, I can't remember any more, haha! But it was either somewhere in the Lemmyverse or on Reddit, perhaps in a comment on a post in /r/privacy.

This TROM endeavor looks incredibly ambitious, so while FOSS is always welcome, I'm not sure about how long they'll be able to last running so many different projects. It feels like it's trying to be an immediate Google replacement and I fear that those who run it may be biting off more than they can chew... so I'm just trying the search engine for now.

Hello, do you know any place to buy Monero for online payment ? It seems that LocalMonero is winding down and I don't want to use some big exchanges like Coinbase for obvious reasons. Thank you very much!

Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS) around the world.

I got a new phone about a month ago bc I was having what seemed like malware issues on my old phone.

Not having the same issues but have had some odd things with the new phone, like unlocking my phone and seeing the green camera icon running for some reason then disappearing.

I also leave my VPN always on but my phone started doing this auto update thing around 1 am for the last 2 nights that turns off my phone for the update.

I forgot about it both times bc I was half asleep when it happened, but as a result completely forgot it reset my phone and turned off my VPN.

About a week ago I woke up after not using my phone all night and had a notification that glance App was running in the background on my phone.

I didn't know what that was, but from what I can tell it's not supposed to be an actual app you have the option to install right? But my phone is showing it as an app that was installed under a Gmail account I had on my phone, but had never logged into Googleplay with to accept terms and conditions beforehand.

The link is a screenshot of the app.

Asking because USPS's frequently doesn't work.

I opened a few accounts out of curiosity and didn't personally would not like to see it again. Cleared cache and reset settings from settings and re installed the app. But everytime I type a letter in the search bar it suggests the same accounts. I've tried clicking on accounts with similar spellings for the suggestions to go away but so far nothing works. Help would be appreciated

I have a friend who uses an electronic key fob to enter and exit his apartment building. The fob isn't metal, but it grants access electronically.

He occasionally engages in private activities.

My question is: Does this key fob log every entry/exit? He's cautious with cell phones and leaves them at home, but wonders if the key fob could potentially cause problems.