6
submitted 11 months ago by Saki@monero.town to c/monero@monero.town

“Some Hackers have figured out there is no quick and easy way for a company that receives one of these EDRs (emergency data request) to know whether it is legitimate,” he said.

“The hackers will send a fake emergency data request along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.”

1
submitted 11 months ago by Saki@monero.town to c/privacy@monero.town

privacy has nothing to do with having something to hide. Instead, privacy means protecting the human being that you are, all the personal details that make you, you. What you care about, what you love, what you hate, what you are curious about, what makes you laugh, what you fear. And most importantly, choosing when you decide to share that information and who you share it with.

it is possible to build technology used by millions of people with privacy at the heart. We build technology to advance that right in order to help users reclaim their agency in digital spaces.

(But by default, Tor Browser is not shipped with uBlock Origin.)

1
submitted 11 months ago by Saki@monero.town to c/privacy@monero.town

NOTE: This is about the Fifth Amendment protection against self-incrimination after a search warrant for someone’s cell phone is procured; not about digital privacy in general at the U.S. Border (a warrantless search).

See also: https://monero.town/post/1134494 EFF to Supreme Court: Fifth Amendment Protects People from Being Forced to Enter or Hand Over Cell Phone Passcodes to the Police

1
submitted 11 months ago* (last edited 11 months ago) by Saki@monero.town to c/privacy@monero.town

Now before the House, HR 6570 proposes to reauthorize Section 702 for three years — but with reforms including requiring all US intelligence agencies to obtain a warrant before conducting a US person query.

a competing bill, the FISA Reform and Reauthorization Act of 2023 (HR 6611), doesn't include a warrant requirement — and, in fact, includes language that many worry could be used to force private US companies into assisting in government-directed surveillance

1
submitted 11 months ago by Saki@monero.town to c/privacy@monero.town

House Intelligence Committee bill would also expand the definition of an electronic communication service provider include a broader range of providers, including those who “provide hardware through which people communicate on the Internet.”

See also: Tell Congress: They Must Defeat HPSCI’s Horrific Surveillance Bill | EFF Action Center

4
submitted 11 months ago by Saki@monero.town to c/monero@monero.town

How FinCEN May Be Violating Your Rights
A call to action against FINCEN proposal 2023-0016A
Written By Preston Pysh

Eroding Anonymity Through Additional Verification: The mandate for “Additional Customer Identity Verification Measures for Transactions Involving Unhosted Wallets” is a direct affront to privacy and anonymity. This requirement transgresses on the First Amendment’s sanctuary for anonymous speech

A Direct Assault on Anonymity-Enhanced Currencies: The “Prohibition on the Use of Anonymity-Enhanced Convertible Virtual Currencies (AECVC)” is nothing short of a legislative bulldozer through the edifice of privacy.

See also: Preston Pysh says proposed FinCEN crypto rules violate US Constitution

1
submitted 11 months ago* (last edited 11 months ago) by Saki@monero.town to c/privacy@monero.town

Bis zum Jahr 2030 will die EU allen Bürger:innen eine „European Digital Identity Wallet“ (ID-Wallet) zur Verfügung stellen. Sie soll on- wie offline bei Verwaltungsgängen und Bankgeschäften, aber auch bei Arztbesuchen, Alterskontrollen oder beim Internetshopping zum Einsatz kommen.

(By 2030, the EU wants to provide all citizens with a “European Digital Identity Wallet” (ID wallet). It is intended to be used online and offline for administrative procedures and banking as well as medical visits, age verification, and internet shopping.)

The article (in German) is mostly about eIDAS 45
Cf. https://monero.town/post/1018961 Last Chance to fix eIDAS: Secret EU law threatens Internet security

(There are many English articles about it; see e.g.
https://mullvad.net/en/blog/eu-digital-identity-framework-eidas-another-kind-of-chat-control )

Though not the main topic of the article, this “ID wallet” thing sounds disturbing. (EU politicians calls a normal wallet “unhosted wallet” and don’t like it very much.)

1
submitted 11 months ago by Saki@monero.town to c/privacy@monero.town

Many countries use censorship systems to block access to human rights resources

.onion sites are particularly useful at maximizing internet users' privacy and anonymity because they never leave the Tor network.

While technically I2P might be better, it’s good news that a recognized human rights organization has adopted an onion, because that will improve the “shady” image of Tor, esp. hidden services (aka darknet), as in “privacy technology is good, not for criminals, but for you, for everyone. Using Tor is normal, and Monero is a great tool.”

[-] Saki@monero.town 10 points 1 year ago

Some of possible solutions include:

  • always use Tor 24/7, Tails or not, when possible, even when browsing normal websites, or using IRC etc.
  • use bridges
1
submitted 1 year ago* (last edited 1 year ago) by Saki@monero.town to c/privacy@monero.town

law enforcement has been using […] systems since 2015, in utmost secrecy. The software in question […] can track a person across a network of cameras, for instance, by the color of their sweater

Any policeman […] can request to use [it]

The potential use of facial recognition worries within the institution itself. […] In France, facial recognition is only authorized in rare exceptions

This massive installation was carried out outside the legal framework provided by a European directive and the French Data Protection Act

The National Commission on Informatics and Liberty (CNIL), a French administrative regulatory body, started an investigation against the French Minister of the Interior [1][2]. The Minister, Gérald Darmanin ordered an investigation [2].

La Cnil […] annonce l’ouverture d’une enquête contre le ministère de l’Intérieur. Elle soupçonne la police d’utiliser un logiciel de reconnaissance faciale, depuis 2015, en dehors de tout cadre légal. Qu’en est-il ?

(CNIL suspects the police are using facial recognition outside any legal framework. Comments? - Gérald Darmanin’s answer: The news is true. I ordered an investigation.)

1
submitted 1 year ago by Saki@monero.town to c/privacy@monero.town

the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T’s infrastructure

the program takes advantage of numerous “loopholes” in federal privacy law

the DAS program has been used to produce location information on criminal suspects and their known associates, a practice deemed unconstitutional without a warrant

(This website is a bit annoying.)

1
Cock.li is back open for public registration (Onion-capable free email provider) (rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion)
submitted 1 year ago* (last edited 1 year ago) by Saki@monero.town to c/privacy@monero.town

See https://monero.town/post/968066

Onion http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/

This free email provider is not for everyone. Sometimes a Cockmail address is not accepted to register something. Sometimes, though not often, another email provider may indiscriminately block email from Cock.li. Afaik Cock.li<->Proton, Cock.li<->Tuta work.


PS: Admin, Vincent Canfield @vc@shitposter.club

1
submitted 1 year ago by Saki@monero.town to c/privacy@monero.town

See also: Fifth Circuit says law enforcement doesn’t need warrants to search phones at the border https://monero.town/post/402125

[-] Saki@monero.town 33 points 1 year ago* (last edited 1 year ago)

The same URL now: Microsoft gives in and lets you close OneDrive on Windows without explaining yourself

Update November 10th, 4:45AM ET: Microsoft has removed the dialog forcing users to fill out a survey when quitting OneDrive, and reverted to the original prompt. In a statement sent to The Verge, Microsoft says:

Between Nov. 1 and 8, a small subset of consumer OneDrive users were presented with a dialog box when closing the OneDrive sync client, asking for feedback on the reason they chose to close the application. This type of user feedback helps inform our ongoing efforts to enhance the quality of our products.

The story below is unchanged.

[-] Saki@monero.town 43 points 1 year ago* (last edited 1 year ago)

Excuse me, do you have a moment to talk about GNU/Linux? 🙃

When I got my senior mom a computer she had never used Windows. Instead of having her learn that I installed Debian with Xfce and Firefox. Now that’s all she knows, I laugh at people who tell me Linux is too hard when my mom without any tech knowledge uses it as her daily computer. If I had to switch her to Windows or a Chrome browser she’ll make a fuss about it.

How about a live OS as a free trial? Not only free as in free beer, but free as in freedom, and always will be free. You own your OS, not vice versa.

Become a Linux user today, while keeping your precious Windows 11 or whatever. I raise you Tails if you do this at all.

  • Get an unused USB stick, download Tails and make a bootable USB. Typically this will take less than an hour.
  • Restart and boot your computer into Tails.
  • Congratulations! You’re a Debian user now, even on Tor. Meaning your real IP is hidden. Privacy strikes back!
  • Start Tor Browser and enjoy Lemmy. Libre world is usually Tor-friendly (though lemmy.world may be behind CF).

I’m not saying you should ditch Windows today, but you might want to do some experiments? There are other OSes too, if you think yours is (becoming more and more) annoying!

[PS: lemmy.world is indeed behind Cloudflare (CF). You may not be able to use it directly via Tor. I’m okay because writing/reading this from a different, privacy-friendly instance. Though CF is MitM, some people believe it’s necessary. Be careful, though: everything you send, including your password, may be visible to this MitM as plaintext.]

[-] Saki@monero.town 13 points 1 year ago* (last edited 1 year ago)

Sorry if I sounded unpleasant. I’m not holding Monero, I actually use it (just like one may use Paypal), is all. Still, as you can see I’m from Monero.town, so obviously I’m a fan. Guilty as charged!

I’ve actually been “preaching” about privacy to my friends, but they’re typically like “Google is fine. I have nothing to hide.” Or about PGP (in vain). But I wouldn’t preach about (recommend) the privacy coin to regular people. Like you pointed out, it’s controversial and risky. As a long time user, I know too well about both sides of this.

[-] Saki@monero.town 17 points 1 year ago

Exactly, except not “the entire”, but “almost entire”?

Monero has been largely detached from CEXes, no companies, no middle men… Many users still have that idealism, a cypherpunk philosophy, that which Bitcoin tried to achieve originally. It’s community-based and crowd-funded… Some of that fund was stolen, so we’ve got to admit that the Monero community was not so smart after all… Yeah, a bit embarrassing tbh. To err is human, I guess.

For example, we do have a zero-fee donation site kuno.anne.media and recently help some girl buy a laptop or doing things like that. Some of Monero users are idealists by nature, maybe silly dreamers or naive philosophers, but definitely not greedy HODLERs. Weird people, either way, haha 😅

[-] Saki@monero.town 19 points 1 year ago

I think I know what you’re trying to say, and that’s actually a difficult point. Privacy is double-edged.

By that logic, you’d have to support chat control, e2e backdoor, eIDAS 45, etc. and ban Tor, Tails, VPN, BitTorrent, or encrypted communication in general because sometimes criminals can (and do) abuse such technology too. While such logic is understandable, I’m a privacy advocate and can’t agree with that. Most libre people, EFF, FSF, etc. have been fighting against that very logic for more than 20 years. I’m one of them.

[-] Saki@monero.town 49 points 1 year ago

The linked article (and so AutoTL;DR) is not very accurate. If you’re interested in this incident, read the original post, which is short and compact. General media articles are only quoting or re-quoting this thread, typically with some misunderstanding.

Specifically (about this post): Among other things, multisig is only suggested; nothing has been decided yet.

Generally (in many similar articles): Probably a specific local machine was hacked, though no one really knows yet what happened. It’s unlikely that the Monero network itself was hacked.

Since I’m a Monero supporter, obviously I tend to say good things about it, but frankly, the ironical fact here is, Monero is so privacy-focused that when something like this happens, it’s difficult to identify the attacker—i.e. by design Monero also protects the identity of the attacker. Some Monero users are having this weird, paradoxical feeling: it would be nice if we could catch this evil attacker, but being able to catch the attacker would be in a way very bad news for Monero (if you know what I mean) 😕

[-] Saki@monero.town 11 points 1 year ago* (last edited 1 year ago)

Recently (2023), the default of GnuPG has been changed: a new key generated will be no longer RSA but ECC. Elliptic (25519) is a way to go: keys are much shorter than say RSA4096. Migrating to elliptic is convenient and perhaps safer, even though RSA may be still safe too.

Realistically 2048 is about 600-digit. Factorization of a 100-400 digit number is more or less possible now. 600 is still hard, but maybe not totally impossible in the near future.

25519 was designed by D. J. Bernstein, who tenaciously fought a long legal battle against the US cryptography export regulations. He’s also strongly criticized various sabotages (backdoor) in NIST standardized cryptography algorithms, such as the random bit generation in Dual EC. That’s why people tend to like 25519, over RSA etc.

Nerdy footnotes 😅

multiplying two different large prime numbers

Technically, the two numbers are usually not proven primes (not a big deal: they’re most probably primes, just not mathematically proven…).

brute-force cracking a strong key would require an enormous amount of time

Obviously, one wouldn’t do a naive brute-force, like trial division. There are some number theoretic, sophisticated algorithms, and they’re getting stronger and stronger, both algorithm-wise and machine power-wise… Not too long ago, people were saying RSA512 was strong enough!

[-] Saki@monero.town 9 points 1 year ago

I asked two Mastodon admins, both new to crypto, to accept crypto donations, adding “if possible Monero.” To my surprise, a few weeks later one started to accept only Monero, running a full-node, p2pool’ing, even providing xmrno.de publicly for non-full-node p2pool miners. So this privacy-oriented (no-logging) generic Mastodon instance ieji.de (also providing onion/I2P) is now Monero supporting.

[-] Saki@monero.town 17 points 1 year ago* (last edited 1 year ago)

It’s a free country, you can use whatever you like. Respect yourself and your own intuition :)

The current situation (~~summer~~ July–Sept 2023) is, you better switch to any browser that is not Chromium-based. The reason is “Web Environment Integrity” (WEI), which seems to mean, basically, Google is trying to DRM-lock the whole Internet to make sure you see their ads and they can track everyone. Freedom-loving users obviously don’t like that.

At the same time Firefox is getting more and more annoying, yet it’s better than Google. A safe bet for a general user might be LibreWolf. Another new option is Mullvad Browser.

[-] Saki@monero.town 9 points 1 year ago

While no info can't be absolute, what you're trying to do is truly appreciated. Thanks! You're also having awesome-privacy, right? That's awesome too, even though again no info can't be absolute. Keep up the great work!

[-] Saki@monero.town 9 points 1 year ago

It used to be much more decentralized, peaceful, not-for-profit. No systematic tracking (No GA.js). No affiliate/Google Ad infestation.

Individual users had their own small, cozy, hobby websites, not for monetizing - purely writing about whatever they were personally interested in, not trying to increase page views. A lot of good, pure, text-based websites, which perfectly worked without JavaScript nor cookies. Early webmasters were able to type clean HTML directly and fluently using a plain text editor, not depending on centralized platforms, so page load was super-fast, not bloated.

Individual users themselves owned the Internet, so to speak; were not owned by centralized platforms.

view more: next ›

Saki

joined 1 year ago
MODERATOR OF