disclaimer: I'm just asking to get understanding of the theory behind network traffic encryption, I know this doesn't happen irl most likely.

Let's take https connection for example. I like watching revolutionary things on youtube and do not wish for authorities to know what I am watching, we accept here for the sake of showcase that google won't sell my watch history if asked (LMAO what am I even saying?).
So if I'm not mistaken since youtube has https implemented, our communication is encrypted, the keys are shared only between me and youtube. But when Youtube shares the key with me/my client the first time, is that also encrypted? Wouldn't the same question keep getting answered until there is something unencrypted? I know this is a bit too much unlikely, but if ISP automated the process of gathering keys and decrypting web traffic for a certain site with them for all users, would that work for them?
I'm taking https here as an example, while I have the same question for like VPN.

EDIT: Thank you everybody. I am not a member of this community, but every comment was a golden experience to read!

Any explanation of Why to not store passwords in plaintext and encrypt folder in zip archive (I guess U cant break pass?) Pls don't be agressive!!

AdGuard Temp Mail’s addresses are temporary and aren’t stored long by design:

Emails are automatically deleted 24 hours after you receive them.
A temporary mailbox is deleted after 7 days of inactivity. But if you keep the page open or come back in a couple of days, it won’t disappear.

AdGuard Temp Mail is currently in beta stage. Here’s what we’re planning to add in the future:

Zero-access encryption
TLS support on the SMTP server side
Image proxying
Security checks for links

"The InMarket Apps have been downloaded onto over 30 million unique devices since 2017," reads the FTC complaint against InMarket Media.

"Respondent also makes the InMarket SDK available to third party app developers, and it has been incorporated into more than 300 such apps which have been downloaded onto over 390 million unique devices since 2017."

The FTC complaint says InMarket maintains 2,000 categories of distinct "audiences" which tracked people fall into, including "Christian churchgoers," "wealthy and not healthy," and "parents of preschoolers."

Ultimately, the FTC deems InMarket's five-year data retention policy overly excessive for targeted advertising, significantly elevating the risk of misuse and exposure.

cross-posted from: https://poptalk.scrubbles.tech/post/567593

Haier hits Home Assistant plugin dev with takedown notice

I'm not really big on "let's make a movement", but this independent dev has been hit with a cease-and-desist from making a FOSS Home Assistant addon for their Haier air conditioners.

Haier claims that they are losing out on millions of dollars due to this plugin which... lets you control their air conditions from home assistant. They haven't bothered to explain how that's possibly worth millions of dollars - they're just claiming it.

So of course they hit the Streisand button and are demanding that he takes it down. He of course is complying... in a couple of days. Maybe you see where this is going.

It would be an absolute shame if any of you just happened to create a fork, or clone the code, or mirror it in your own instance. An absolute shame.

Just so everyone here knows which repositories NOT to clone or fork, here are the two links:

• https://github.com/Andre0512/hon
• https://github.com/Andre0512/pyhOn

and please, don't repost this anywhere, or share it in other communities, or anything like that. It's a shame that so many people already know and are making clones. I'm just letting you know so you don't do anything like telling others who may make their own copies.

(sidenote: Haier owns GE Appliance, so for our American folks it may affect you folks too)

We can also break down users by country. The largest contingent of Snowflake users are in Iran, which has been the case since the Mahsa Amini protests in 2022 1. The graph shows also a large number of users apparently from the United States, but we believe that may be partly the result of geolocation errors, and many of them are actually from Iran. After Iran, the countries with the most Snowflake users are Russia and China.

A deep dive into the Data Protection Review Court by Alfred Ng and John Sakellariadis, including some great perspectives from Max Schrems of noyb.eu

I have a pair of Bluetooth headphones, which I have been using since 2022. Today, I was sitting on the bus when some random person connected to them and started playing Free Bird.

It was a bit funny, but I don't want this to become a regular thing. Is there a way of locking the headphones to certain Bluetooth addresses? Or a way of making it not show up automatically on phones (similar to a hidden WiFi network)?

The headphones in question are the JBL Tune 510, which have a USB-C port. However, I don't know if this can be used to flash firmware.

If there's already a comment telling me to "just use wired" or something, please don't tell me again. It's the best solution, but my phone doesn't have a headphone jack (fuck you, Apple).

Thanks!

Google collects and shares data between its own services by default. Search, advertising, YouTube and several others exchange user data. Users in the EU have to give consent to this form of sharing. By default, data will no longer be exchanged between services. EU users may already manage the Google Services that may or may not exchange data.

EU users who searching with buying intentions, e.g., for a hotel or laptop, will get a new dedicated unit in the search results that shows group of links from comparison sites "from across the web" and "query shortcuts at the top of the search page to help people refine their searches".

Users from the EU will get browser and search engine choice screens on Android and in Google Chrome.

The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware.

Credential stuffing lists are collections of login name and password pairs stolen from previous data breaches that are used to breach accounts on other sites.

Information-stealing malware attempts to steal a wide variety of data from an infected computer, including credentials saved in browsers, VPN clients, and FTP clients. This type of malware also attempts to steal SSH keys, credit cards, cookies, browsing history, and cryptocurrency wallets.

Examples of passive defenses against surveillance:

• Privacy Badger
• uBlock Origin
• Using open source Linux rather than Microsoft Windows
• etc.

But why not actively combat surveillance instead of passively defending against it? Examples of active combat:

• AdNauseam
• ScareMail
• Emacs spook.el

We must poison the data of those who are violating our privacy. Let us waste their time, increase their data storage costs, and waste their processing power. Let them drown in an ocean of data. Let them search for tiny needles in huge haystacks, with no way to distinguish between needles and hay.

Some ideas:

• Sending fake data to Google Analytics (How does Google Analytics prevent fake data attacks against an entity's traffic?)
• Create fake contacts lists to mislead those who are building social network graphs.
• Encrypt lots of worthless data, store them in the cloud or send them by email. If the encrypted data is intercepted by any nosy entity, they will have to waste storage space while waiting to be able to break the encryption.

What are some other possible methods?

Let us turn the tables on those who have been violating our privacy. Why do we have to be on the defense? Let us waste their resources in the same way that they are wasting ours!

Location firm Near describes itself as “The World’s Largest Dataset of People’s Behavior in the Real-World,” with data representing “1.6B people across 44 countries.” Mobilewalla boasts “40+ Countries, 1.9B+ Devices, 50B Mobile Signals Daily, 5+ Years of Data.” X-Mode’s website claims its data covers “25%+ of the Adult U.S. population monthly.”

Fast food restaurants and other businesses have been known to buy location data for advertising purposes down to a person’s steps. For example, in 2018, Burger King ran a promotion in which, if a customer’s phone was within 600 feet of a McDonalds, the Burger King app would let the user buy a Whopper for one cent.

Outlogic (formerly known as X-Mode) offers a license for a location dataset titled “Cyber Security Location data” on Datarade for $240,000 per year. The listing says “Outlogic’s accurate and granular location data is collected directly from a mobile device’s GPS.”

Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data.

X’s move to make people pay for a basic form of two-factor is problematic. It also created confusion because the company prompted free users to switch away from SMS two-factor, but then seemingly simply turned off the protection altogether for those who didn’t. This likely left a group of users in a situation where they think they have two-factor authentication on, but actually don’t.

I've been just not updating Nova as I haven't had a ton of time to research this, I really like the GUI, what are my privacy friendly/FOSS options for an android s21 5G?

Update: Went with Neo launcher. It's got enough of the features that I'm willing to use it.

There are a few spots where padding can't be removed that is obnoxious, FF search bar and dock are what I have noticed so far.

I also don't like that I can't continuosly scroll through my home screens.

Are there any custom roms/setup to make a fire tv faster and safer?

Edit: I own a Firestick and a Fire Tv and they are getting slower with the last updates and obviously I don't want to throw them away

The news was already posted here last week, but I found this great technical explanation of the flaw. Long story short: Apple is using bad cryptography. They got alerted by researchers back in 2019 but didn't fix it.

A web extension that redirects YouTube, Twitter, TikTok, and other websites to their alternative privacy friendly frontends

YouTube → Invidious, Piped, Piped-Material, PokeTube, CloudTube, Tubo, FreeTube, Yattee, FreeTube PWA
YouTube Music → Beatbump, Hyperpipe
Twitter →  Nitter
Bluesky →  skyview
Reddit → redlib, Teddit
Tumblr →  Priviblur
Twitch →  SafeTwitch, Twineo
TikTok →  ProxiTok
Instagram →  Proxigram
IMDb →  LibreMDb
Bilibili → MikuInvidious
Pixiv →  PixivFE
Fandom →  BreezeWiki
Imgur →  Rimgo
Pinterest →  Binternet
Soundcloud →  Tubo
Bandcamp → Tent
Tekstowo → TekstoLibre
Genius → Dumb
Medium →   Scribe, LibMedium
Quora →  Quetre
Github →  Gothub
Gitlab →  Laboratory
Stack Overflow →  AnonymousOverflow
Reuters → Neuters
Snopes → Suds
Urban Dictionary → Rural Dictionary
Goodreads →  BiblioReads
Wolfram Alpha → WolfreeAlpha
Instructables →  Indestructables, Destructables
Wikipedia → Wikiless
Wayback Machine → Wayback Classic
Search → SearXNG, SearX, Whoogle, LibreX, 4get
Translate → SimplyTranslate, Mozhi, LibreTranslate
Google Maps → OpenStreetMap
Meet → Jitsi
Send Files → Send
Paste Text → PrivateBin

Mastodon

PSA: It seems the latest version of the Reolink Android app (v4.43.0.5.20240111) is capturing the phone's clipboard when first opened, and again whenever the clipboard contents change and the app is brought into the foreground.

GrapheneOS reports, "Reolink pasted from your clipboard". I don't recall seeing this message on older versions of the software.

While network-accessible camera software has always posed a privacy risk, this is particularly concerning behaviour.