I have not any prior experience with installing custom ROMs, but after trying it out (and getting stuck, and googling and finding answers) I successfully did it. Below is my home screen if anybody is curious:

I use OpenBoard for my keyboard. Unfortunately I am still dependent on Play Store since some of the apps I need can only be found there. Sometimes it feels meaningless committing to this whole thing because I'm not perfectly private; then I think this is better than using a regular iPhone or Android phone.

So far I'm liking it. I am naturally inclined to feel hesitant about using this as my main phone and plugging in a SIM since it's custom, but I'm slowly making the transition.

Feel free to share any beginners advice or your own experience using GOS for the first time. Cheers!

I'm looking for ones that ideally don't log IP. Is there a guide somewhere that looks into each of these instances and whether or not they fulfill the privacy promise?

I'm most interested in Invidious.

TL;DR I am looking for confidential genetic testing, as I am concerned about potential misuse of my genetic information could lead to a conservatorship or loss of autonomy. I am willing to travel, and I would like all records destroyed after testing. I am also open to international options to ensure my privacy.

I'm seeking a confidential method for genetic testing, as I have concerns about my privacy. I reside in the USA and suspect I might have a mosaic genetic condition based on certain phenotype traits I observe. I'm not comfortable with my genetic information being stored in databases or shared, and I'd prefer the lab records, testing data, and results all be destroyed after completion. I'm open to traveling for this testing if necessary, especially since I do not trust US laws to provide adequate privacy protection or the right to delete medical records.

I've had experiences that have shaken my trust in institutions and governments handling sensitive information ethically, including having medical information shared without my consent by a hospital and it later being legally determined they did not violate my HIPPA rights in the process. I'm worried that my genetic information could be used against me, potentially leading to conservatorship or loss of financial autonomy. I'd like to avoid providing any legal documentation for the testing, if possible.

I'm also concerned about the security of genetic databases and the potential for breaches. Ideally, I'd like all records of the testing and medical records to be destroyed after completion to prevent unauthorized access.

Is there a way to ensure my privacy while getting the genetic testing I need? I'm open to exploring options in other countries, as long as I can ensure my privacy is protected. Please address only my privacy concerns related to genetic testing. I'm not interested in suggestions about mental health support or therapy at this time.

I do not authorize or approve of any unauthorized data scraping or AI training using this post; such actions would be unethical and without my permission.

I want to be logged in so I can do most things on Reddit like post and comment. I want it to be a web frontend rather than an app because I keep many tabs on Reddit open in my browser while doing research on things (like digital privacy for instance!). I did some searching and didn't find any currently working frontends with login support.

It seems like the main benefit of such frontends is the lack of trackers and fingerprinting, but what if the browser, like Firefox, already did that with UBlock Origin and fingerprinting protection?

I am wondering if an ISP or network admin on my network would be able to change where a DNS server is located at (ex: if a DNS server is located at 132.192.175.210, the ISP/netadmin can redirect it to their own server at 11.29.102.201 to change where the DNS records point to). Does DNSSEC and DoH/DoT combat this, and how? Why is it safe to use a domain for DoH/DoT if it requires going through insecure DNS to get to a secure DNS?

https://github.com/umutcamliyurt/I2Proxy

It’s been a while since I last downloaded anaconda. But I remember when clicking on the download page, it would show the usual “choose your OS > download binary” (eg this archived version in 2019).

Recently I helped someone else set it up and it showed a form to put on email, with smaller gray text near the bottom of the form about skipping it.

Does this count as a dark pattern?

Hi, my post is focusing specifically on YouTube since I observed the following categories have less intrusive solutions or privacy focused solutions, even if they are paid:

• Operating Systems (Linux, for example)
• Instant Messaging (Element, for example)
• Community Messaging (Revolt, for example)
• E-Mail (Proton, for example)
• Office (libreoffice, for example)
• Password Managers (Bitwarden, for example)

However, how do we distribute videos and watch them without data collection? I am NOT asking how do I use a privacy-focused front-end for YouTube, by the way, I am aware they exist.

I am wondering how we obtain a FOSS solution to something super critical such as YouTube. It is critical since it contains a lot of educational content (I'd wager more than any other platform), and arguably the most informative platform, despite having to filter through a lot of trash. During COVID, we even saw lecturers from universities upload their content on YouTube and telling students to watch those lectures. (I have first-hand experience with this at a respectable university).

I refuse to accept that there is nothing we can do about it.

Take action

I'm eligible for the US Lifeline program to get a phone number for free. I would use it on websites that require a phone number, like Discord, which doesn't accept numbers on services like Google Voice, and replace my personal phone number with it wherever necessary. And I would start using my personal phone number only with friends and family. I would NOT be using a provided lifeline phone, but rather a sim on my iPhone.

cross-posted from: https://beehaw.org/post/14909762

It seems YT started another attempt at blocking alternative clients. They changed something in their API and both SmartTube and Tubular (NewPipe fork) are completely broken. Apparently it started happening this past week, but we personally just felt it today.

Edit: SmartTube already has an update but still not working for 4K videos it seems. Tubular still not working but it might be due to the upstream (NewPipe) is still working on a fix.

A while ago I reached a point in my privacy journey where I simply felt bored. It's not a result of going too far in privacy, but simply my threat model has caused me to let go of a lot of things that used to entertain me (games, movie streaming, short form video, etc.) The entertainment landscape in privacy seems pretty bleak, since you no longer own the movies you watch, the games you play, and lots of proprietary software along the way. I entertain myself through FreeTube, physical copies of movies, and offline installations of games like Minecraft, but it's still a step down from how it used to be.

What do you do to keep yourselves entertained in a privacy conscious way?

On P2P payments from their FAQ: "While the payment appears to be directly between wallets, technically the operation is intermediated by the payment service provider which will typically be legally required to identify the recipient of the funds before allowing the transaction to complete."

How about, no? How about me paying €50 to my friend for fixing my bike doesn’t need to be intermediated, KYCed, and blocked if they don't approve of it or know who the recipient is? How about it’s none of the government’s business how I split the bill at dinner with friends? This level of surveillance is madness, especially coming from an app that touts "privacy" as a feature.

GNU Taler is a trojan horse to enable CBDC adoption. They are the friendly face to an absolutely terrifying level of government control in our lives funded by the same government that tries every year to implement chat control. Imagine your least favourite political party gaining power. Now imagine they can see and control every transaction you make. No thanks.

Cross-posted from: https://lemmy.zip/post/18686329 (the first OPSEC community on Lemmy, feel free to join us)

Guide to Determining Your Threat Model

Creating a solid threat model is an essential step in improving your operations security (OPSEC). It helps you identify potential threats, assess their impact, and prioritize your defenses. Here’s a step-by-step guide to help you develop your own threat model.

1. Define Your Assets

First, list the things you want to protect. These might include:

• Personal Information: Name, address, phone number, Social Security number, etc.
• Financial Information: Bank account details, credit card numbers, financial records.
• Digital Assets: Emails, social media accounts, documents, photos.
• Physical Assets: Home, devices (computers, smartphones, etc.).

2. Identify Potential Threats

Next, think about who or what could pose a threat to your assets. Possible threats include:

• Hackers: Individuals or groups looking to steal data or money.
• Government Agencies: Law enforcement or intelligence agencies conducting surveillance.
• Corporations: Companies collecting data for marketing or other purposes.
• Insiders: Employees or contractors who might misuse their access.
• Physical Threats: Burglars or thieves aiming to physically access your assets.

3. Assess Your Vulnerabilities

Identify weaknesses that these threats could exploit. Consider:

• Technical Vulnerabilities: Unpatched software, weak passwords, outdated systems.
• Behavioral Vulnerabilities: Poor security habits, lack of awareness.
• Physical Vulnerabilities: Insecure physical locations, lack of physical security measures.

4. Determine the Potential Impact

Think about the consequences if your assets were compromised. Ask yourself:

• How critical is the asset?
• What would happen if it were accessed, stolen, or damaged?
• Could compromising this asset lead to further vulnerabilities?

5. Prioritize Your Risks

Based on your assessment, rank your risks by considering:

• Likelihood: How probable is it that a specific threat will exploit a particular vulnerability?
• Impact: How severe would the consequences be if the threat succeeded?

6. Develop Mitigation Strategies

Create a plan to address the most critical risks. Strategies might include:

• Technical Measures:

  • Use strong, unique passwords and enable two-factor authentication.
  • Keep your software and systems up to date with the latest security patches.
  • Use encryption to protect sensitive data.

• Behavioral Measures:

  • Be cautious with sharing personal information online.
  • Stay informed about common scams and phishing tactics.
  • Regularly review your privacy settings on social media and other platforms.

• Physical Measures:

  • Secure your devices with locks and use physical security measures for your home or office.
  • Store sensitive documents in a safe place.
  • Be mindful of your surroundings and use privacy screens in public places.

7. Continuously Review and Update

Your threat model isn’t a one-time project. Review and update it regularly as your situation changes or new threats emerge.

Example Threat Model

1. Assets:

   • Personal Information (e.g., SSN, address)
   • Financial Information (e.g., bank accounts)
   • Digital Assets (e.g., emails, social media)
   • Physical Assets (e.g., laptop, phone)

2. Threats:

   • Hackers (e.g., phishing attacks)
   • Government Agencies (e.g., surveillance)
   • Corporations (e.g., data collection)
   • Insiders (e.g., disgruntled employees)
   • Physical Threats (e.g., theft)

3. Vulnerabilities:

   • Weak passwords
   • Outdated software
   • Sharing too much information online
   • Insecure physical locations

4. Potential Impact:

   • Identity theft
   • Financial loss
   • Loss of privacy
   • Compromise of additional accounts

5. Prioritize Risks:

   • High Likelihood/High Impact: Weak passwords leading to account compromise.
   • Low Likelihood/High Impact: Government surveillance leading to loss of privacy.

6. Mitigation Strategies:

   • Use a password manager and enable two-factor authentication.
   • Regularly update all software and devices.
   • Limit the amount of personal information shared online.
   • Use a home security system and lock devices.

In the browser, i didn't login in the google account, and I didn't accept the cookies on that site. Using privacybadger that supposedly should block the 3rd party spyware like that

The Spanish government has a plan to prevent kids from watching porn online: Meet the porn passport.

Officially (and drily) called the Digital Wallet Beta (Cartera Digital Beta), the app Madrid unveiled on Monday would allow internet platforms to check whether a prospective smut-watcher is over 18. Porn-viewers will be asked to use the app to verify their age. Once verified, they'll receive 30 generated “porn credits” with a one-month validity granting them access to adult content. Enthusiasts will be able to request extra credits.

You have to request more porn credits from the government if you need more? Don't want the government to be tracking this data of you. This is a privacy issue

Couple of months prior, I read an article on Mozilla, where they did a research on automakers and found none comply to good privacy measures. I am planning to buy a used car. I want to know how the data is collected and transmitted.

The car comes with a connected app though I am not planning to use it. It also has apple car play and android auto. Should I use those? The article states some manufacturers even records sexual activities. How are they transmitting these informations? Through connected phones?

My use is fairly basic, I want to use the Bluetooth audio system in the car for listening to music on my phone. I use maps on my phone.

What about car servicing? Can they access stored information?

By data I mean anything / everything: telemetry, contents in emails and files, and other user data. My school uses Google Workspace and I don't like the idea of having to depend on it but I can't change that. Give me tips and advice.

I can't find any articles or posts talking about this anywhere, so I just wanted to share a post about it. I received an email on July 2 from Afterpay about an upcoming change to the privacy policy which will take affect on August 1, 2024. I used a website to compare the text of the old policy with the text of the new, and found that they are now introducing targeted advertising. They harvest personal information about you and share them with third-parties and partners in order to serve you with personalized ads within the Afterpay app. They track information such as your spending habits and how you interact with their marketing messages, and they now also combine all of your personal information they have collected about you to profile you, they also get information about you from third-parties. Quoted from the updated policy:

Information from third parties about you, such as identity, preferences and inferences about you...

Just wanted to share this, since I can't find any discussion of it online. Here's a link to the policies if you want to check it out. These are Wayback Machine links.

Current Policy (As of April 2, 2024)

Upcoming Policy (Effective Aug 1, 2024)

https://github.com/umutcamliyurt/TimeLockCrypt