My questions are:

• Does the DuckDuckGo Firefox extension "Privacy Essentials" add a local css file to every visited site?
• Can others reproduce this?
• Is this harmfull or not?

Background:

I have a simple static one page site with just one html and css file. It's completely tracker free. Debugging it a bit with developer mode (F12) on I discovered a second css file. This file isnt on my webserver but added local. To pinpoint what caused this I removed every add-on / extension in my browser one by one, reloading and checking my website every time. Took me a while because didnt expect this one causing it.

To reproduce:

• Install the extension from the link.
• Open a random site
• Check in developer mode the tab Style editor.
• Scroll and look for a file named %3Ais(%5Bid*%3D'google_ads_iframe'%5D%.css or something like that.
• Remove the extension and refresh.
• Check if the file disappears.

Content of the css file: :is([id*='google_ads_iframe'], [id*='taboola-'], .taboolaHeight, .taboola-placeholder, #credential_picker_container, #credentials-picker-container, #credential_picker_iframe, [id*='google-one-tap-iframe'], #google-one-tap-popup-container, .google-one-tap-modal-div, #amp_floatingAdDiv, #ez-content-blocker-container) { display:none!important; min-height:0!important; height:0!important; }

Edit 25-03-2024: Changed title to not give the wrong impression. See comments below.

*In terms of privacy, customisation, camera quality, and battery time.

For the longest time I have only used either iPhone or Samsung. I plan on switching to Android for the next phone I get, but I find that Samsung phones are often too big for me and put too much energy on camera quality (I don’t take many photos). I have started to look into brands such as Nokia and Motorola, and I would like to know what you guys think of them. Additionally, do you suggest any other phone brands aside from them? My biggest priorities are privacy and long battery time. Bonus if the phone can run LineageOS (I have excluded Graphene as they are only compatible with Pixel phones).

Thank you for any answers. Cheers!

Heya, as the title suggests. I have tried the KDE Initary (on mobile), but the user experience didn't quite flop-my-mop. It is however the better one in terms of privacy as far as I have found. Are there any other ones that you folks know of and would recommend? Looking for an app that specifically can hold boarding passes.

Thanks in advance :=)

cross-posted from: https://lemmy.world/post/13408103

I‘ve been using unique passwords and totp for some time but I get uneasy whenever I use my phone as a mfa. The reason is the worry about losing it and potentially getting locked out of my accounts.

Searching for best practices didnt help so far. Thats why I turn to you.

So far I have my password vault and my phone with an authenticator app. I may have stored two backup codes somewhere but I wouldnt find them, ever. Especially not in panic mode.

Since mfa should actually not be on the same device or at least require different things (password and biometrics) I dont think using the totp of my vault is a great idea, right? Or only if I configured the mfa to ask for a pin while the passwords ask for biometrics or something.

If I did this I‘d still lose everything if the vault got lost but thats what backups are for. This solution does not include the mfa (or backup key) to my vault though.

Ideally, I would put it in an actual vault but so the single point of failure probabilities keep increasing.

Any pros here that solve these binds regularly? Whats the best practice? Is there a 3-2-1-backup equivalent?

Edit: btw here is what I found. The encrypted text on paper idea is pretty good but seems very complex. https://security.stackexchange.com/questions/76464/best-practices-for-usefully-storing-two-factor-authentication-backup-codes

How to contact your MEP: https://www.europarl.europa.eu/portal/en/contact

Source: https://snort.social/nevent1qqsvcedd6dg39eh6633uqqff0p9h2zqyhu3zd6kwyyhzqj7da02x4pszyqe2wpknmwkyd0t295d5ezvtaxr00ngxjtcfuct8pfvyec3snckpwqcyqqqqqqgz2f7lp

I've looked through most posts here and on reddit and it seems pretty bleak, but maybe someone here knows an app that's somehow miraculously unaffected by the rate limiting? I know I could just not use instagram at all, but I mostly use it to keep up with local and international activism and most of these organizations don't have their own website and it would suck to have to either reinstall the official app or use the desktop version just for that.

A few weeks ago, leaks from a Chinese company specialized in hacking were revealed publicly. We learned about the ways of hacking and much more, very interesting article to read! 👍

I-Soon was founded in Shanghai in 2010. Its CEO, Wu Haibo (吴海波), is a “first-generation red hacker or Honker and early member of Green Army which was the very first Chinese hacktivist group founded in 1997” according to a Natto Thoughts blog post on the company from October 2023

Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn.

Once again do not use google based apps, degoogled yourself, and don't trust big companies, have a (de)goo(gle)d day!

Hello everyone, I have a question : Does Android phone have hardware based trackers? Not with the telecom part (for sure it has some), but especially in the CPU... And are Chinese phones worst than USA branded? So is the fact of having a degoogled os resolved the problem? Thx 😃

I installed NetGuard about a month ago and blocked all internet to apps, unless they're on a whitelist. No notifications from this particular system app (that can't be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?

Edit 2: I bought my Pixel 6 phone outright, directly from Google's Australian store. I have no creditors.

Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?

I don't even live in the US, so what the actual fuck?

Edit 1: You can check it's installed (~~stock~~ Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search "DeviceLockController".

I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it's amazing. You can also purchase via Google Play store.

Hello everyone! I have a small issue. I wanted to remove all media accounts associated with my phone number. One account to remove was Telegram, I deleted the app long ago, but never my account.

So, I downloaded Telegram again, tried to log in, and it keeps texting the login code to my number on Telegram, it won't do SMS. And I have no other telegrams sessions anywhere else where I can log in. I'm stuck, can't log in to delete it.

I went on their support website to file a complaint, and they never got back to me. Is there another way for me to delete my actual account if they won't let me log back on?

I guess I have 2 questions at this point, either how can I deal with Telegram, and or is there way to clean my phone number of all accounts at once? Any ideas are appreciated.

TL;DR Can't log in to Telegram, want to delete account, how can I achieve this?

Hi! I started learning about privacy a few months ago and there is a few (many) things I'm struggling to understand and I would thank you if you could share some documentation/sites to learn more

One of the issues is about DuckDuck Tracker Blocker on android phone (low/moderate threat level), which takes the VPN spot. Is it really useful? I've uninstalled several apps and replaced with FOSS when possible, so it's not blocking a lot of stuff lately (or so it says) I've also been trying Proton Free+nextDNS (also not sure how to choose lists) but IDK how to decide which one is better, but I'm wondering: does DNS make the blocker app redundant? Isn't it kinda the same job (different lists, maybe)?

Thanks in advance!

Hello!

My knowledge about DNS resolvers is somewhat limited. So, in an effort to expand my knowledge and find a DNS resolver that works for me, I've come for help here.

Here is a list of terminology that I either know too little about, don't know anything about, or want to make sure my understanding is correct about:

Cleartext (What does this mean in the context of protocols? Is it inherently bad?)

DoH (I somewhat understand this, but is it less secure than DoT?)

DoH/3 (How is this different from DoH?)

DoT (Is this more private than DoH?)

DoQ (I don't know enough about this, how does it compare to DoH and DoT?)

DNSCrypt (I'm not sure what this is.)

Do53 (I'm not sure what this is. Is it a replacement for DoH/DoT/DoQ, or does it work alongside it?)

DNSSEC (I don't know what this is.)

EDNS padding (I'm pretty sure I know what this is, it just pads DNS queries. What happens if "Cleartext" is used, does it still pad it?)

As for what I'm looking for in a DNS resolver: I don't plan to self host it, I would like support for iOS, Linux, and Android, I would like it to be free, I would like EDNS padding, DoH is preferred (although I don't quite understand the alternatives). I am aware that the DNS resolver will usually be the same as my VPN. Note: I'm not looking for a beginner DNS resolver, I've been using NextDNS for a while now, I'm looking for one with strict privacy and security.

I've tried looking at Privacy Guides and Wikipedia, but I don't know enough to make an educated decision.

Any suggestions?

Thank you all!

Exciting news! Trackers being built into the Bitwarden F-Droid app for who knows how long have been removed

https://github.com/bitwarden/mobile/commit/f343a2cdbb5895fb518ed963b30c0d9822db2c74

Previously two trackers were introduced: Google Firebase and Microsoft AppCrashes

Fan of Libredirect browser add-on here. This one looks useful. https://github.com/libredirect/frontends_manager

By the way, My favorite Teddit instance was taken down by its owner, claiming that Teddit is no longer maintained and Reddit was rate limiting the instance. Now Redlib recommended. Very few instances but it works fine for me.

seems to be the soft spot of Mull. It leaks too many "Bits of identifying information"

how do i anonymize it?

mull resets about:config modifications after quit

I've been using this phone number from JMP.chat and I've barely used it for much of anything (Started February 27th, 2024), and somehow its telling me I need $35? I tried out their service plan but it was way too expensive. I only bought it once and took off my credit card after because auto pay kept auto depositing money into my account too frequently. Maybe I'm doing something wrong?

Edit: Found out what happened, it's $6.99/GB for the eSIM, I'm billed 5GB at a time. So $35 total.

I was wondering what viewpoints and opinions this community has when it comes to cryptocurrency.

Personally, I'm not against it, but I'm not for it either. I like the concept of bringing back cash anonymity, and also decentralization (obviously). Although I don't think it will be viable for at least another decade.

Is there a fork of Android (or a way to harden it) that locks down the OS similarly to how Apple does it?

Apple's implementation can actually protect you from commercial spyware. I'm impressed.

I have started to develop an AI voice assistant using python and some other software. I am building it with privacy and security in mind. I am open to contributions. https://github.com/sidgames5/excalibur

All questions are in bold for ease of use.

The major carriers in the United States participate in NSA surveillance (except for T-Mobile apparently, because it's based outside of the US. Except they bought Sprint, which participates.) and that, along with other major privacy issues, means that the market for private carriers is incredibly slim. When I found out that some carriers, such as Mint Mobile, piggyback off of Verizon, I wondered: What's stopping a carrier from simply E2EE everything from Verizon, and then using Verizon to transfer the data? Obviously, the encrypted data could still be collected and sold, but it wouldn't matter if the encryption was setup properly, right? I'm looking to better understand how this works, and, if a solution exists, potentially be the first to make it happen. The reason I'm not suggesting creating a carrier without piggybacking is due to the sheer cost and lack of support it would have, which would lead to poor adoption. Also, if carriers simply don't support E2EE, couldn't carrier locked phones install the software (since most install software anyways) required to make E2EE work?