https://github.com/umutcamliyurt/TimeLockCrypt

So many people here will go though great lengths to protect themselves from fingerprinting and snooping. However, one thing tends to get overlooked is DHCP and other layer 3 holes. When your device requests an IP it sends over a significant amount of data. DHCP fingerprinting is very similar to browser fingerprinting but unlike the browser there does not seem to be a lot of resources to defend against it. You would need to make changes to the underlying OS components to spoof it.

What are everyone's thoughts on this? Did we miss the obvious?

https://www.arubanetworks.com/vrd/AOSDHCPFPAppNote/wwhelp/wwhimpl/common/html/wwhelp.htm#href=Chap2.html&single=true

So, Telegram has launched horrible ads that look a lot like spam to me. At least in my channels it's typically some crypto bullshit. So, I wonder if people know about alternatives to the subscription service for blocking them? Sadly, Forkgram won't offer that option and it doesn't seem to be allowed. However, I wonder if there are still forks out there which block the ads? Or do people know of alternative options?

Some talk about the privacy of the digital euro has been made. Some people said that your transactions are going to be tracked. Should an european worry about it? Would GNU Taler be a possible solution?

And it's not like the digital euro is some dream, it will become reality soon.

I'd like to track hurricanes. All the apps I see collect all kinds of personal data. I just go to NOAA to see the advisories, but wondering if there is something better.

Edit: OS is Android 14 Edit: looking for radar (probably) or some other feature to track hurricanes (I don't know what tools there are besides radar, but if there's something else I'm interested).

Curious What folks think about Banks Bill Pay feature?

My thoughts, some Banks use third parties to service bill payments, and request ebills. Seems like end user would be opening themselves to data harvesting by third party. Additionally, in my experience when one disables ebill requests, there is no confirmation sent from ebill payee that data is no longer shared with the third party.

I like Techlore (https://www.techlore.tech if you don't know) and I usually regard them as one of the most impartial and most trustworthy Youtubers out there. But for the past few months, I couldn't help noticing their somewhat heavy bias towards some of their video sponsors. Still, everybody has to eat right?

This time though, it looks like Synology flew them over to Taiwan, and if you watch their video at the event, it's wall-to-wall Synology shilling. I'm really disappointed.

So I have recently found out about forward email just a few months ago.

I am currently using tuta as my email provider, and I have been doing so for the last three years. But I am not very happy with the closed ecosystem and locking of basic features behind paywalls.

So I decided to give forwardemail a go after reading about it on free software foundation's webmail systems (this is a web archive link, more on that later)

Now the thing is, the service works. But things don't really feel legit. They claim to have thousands of users but there's surprisingly little information about them other than their own website. The branding seems completely generic and pretty much all of their code seems to be coming from one single account with no real information.

There's a couple reviews about them on trust pilot but the positive ones mostly come from accounts where the only review is for forwardmail.net

I've read some discussion about them getting recommended on privacy guides, they sounded very professional and mentioned even wanting to get auditioned, but to the best of my knowledge that has not happened yet (please correct me if I am wrong). Worse than that they seemed to stop replying to the thread a couple months ago.

Finally, I realized today that FSF has removed their recommendation for forwardemail from their website

In conclusion, I have tested and the service does work, but I can't tell if there is something shady happening. What do you all think?

I only have warehouse mgmt work experience(which means all IT responsibilities fall on me), but I can't keep away from various programming projects.

I've only dipped into the privacy-sphere of software in the last 2 years, but I've found a earnest passion in my pursuits. My obsessiveness has bled into most friends asking why I haven't pivoted my career, and I don't have a good answer other than I assumed there's no money to be made in it since I never finished my college CS degree.

I will code and continue my projects regardless, but was hoping this community could offer some advice or there experiences with similar endeavors. Thanks

Isn't the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don't many two factor auth apps seem to support syncing? If it's fine to do so, are there any open source cross platform apps that sync keys?

Not sure if this is the right mag, but m/proton has very few members. lmk if i should move/delete this, thanks

I'm on proton unlimited and I turned on Dark Web Monitoring. I figure since i use bitwarden for my password manager, i need to manually sync my passwords so proton can monitor for them. what about more important stuff like adresses, DOB, SSN, etc? proton says here that they can monitor for all that stuff, but how, if they dont have it?

cross-posted from: https://feddit.org/post/317047

in February 2024, the EU Parliament adopted the eIDAS regulation, creating the framework for a "European Digital Identity Wallet". This digital Wallet will enable citizens to identify themselves in a legally binding manner, both online and offline, sign documents, login into websites and share personal data about them with others. Recently, the European Commission published the Architectural Reference Framework (ARF) 1.4 for the technical implementation of the Wallet.

The success of the EU Digital Identity Wallet depends on its ability to gain citizens' trust and establish a resilient infrastructure in our current data-driven economy.

"However, after our analysis, we believe that this goal has been missed," says the digital rights group Epicenter Works.

"We see severe shortcomings in the ARF that either contradict the regulation or ignore important elements of it. These issues, if left unaddressed, could significantly undermine user rights and privacy."

Hello, I wrote a mail template which I send to websites that don't have an easy process of deleting an account.

Maybe it helps you, maybe you will use it too for when you want to delete your unused accounts and maybe you can contribute to it. The better the message gets and the more websites offer an easy way to delete accounts, the safer we'll be online.

If you can influence the deletion policy, please read on. Otherwise, please forward this to someone that can influence this process.

It's better for the business to offer an easy way to delete an account. Ideally, it would be good to delete accounts which weren't active for more than say 5 years, with a mail notification beforehand. Why? Here are the main reasons:

• There are higher operation and maintenance costs because you have unused accounts in your databases.
• The services load slower, with a performance penalty, because each user-related query has to go through many unused users.
• The people opinion of your services decreases, because you don't offer an easy way to delete accounts
• People might change their mail to a throw-away address and leave the account open, thus producing more waste than necessary.
• In case of a security breach, the amount of compromised data is higher than in case you regularly delete accounts, which might lead to financial penalties.
• The information you get out of a database with active accounts is much more precious than the information from a stale database, or one with obsolete data.

I hope this information helps and that you will change your policy of deleting accounts. Each website that does this, contributes to a better, safer ecosystem.

All I found was this comment about the difference.

Premium domain is only available when you have premium, because fewer people pay and fewer people use it, so there is less abuse and the domain name has better reputation, so when you public domain is not working, using the premium domain may be able to register.-

Hello! what is the best setup for creating content without compromising my privacy? i am aware of most opsec stuff but i have some questions:

• how do i use 2FA without giving YouTube my phone number?
• how big of an identifier is my voice? should i use a voice filter?

thanks.

https://reddit.com/r/privacy/comments/v624di/apple_tracks_you_even_if_you_dont_have_apple/

We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf