Loads of other interesting talks as well next week.

Ive seen MS is having to do a lot of work in regards to pro privacy due to EU regulation, I switched on my oculus quest which I keep offline and questioned if enforced account, locked in applications that serve beyond base functions and the locked down setting, surely all this goes against privacy laws in some way.

Is this something regulators and Facebook will address or will fb slide through the cracks?

I've been using some available on the Internet but recently they all look the same and they all ask for CAPTYA which is an obvious attempt to obtain ones true IP.

I'm new to privacy and hoping to learn more.

From what I read you need to have a paid account in order to be able to have multiple accounts in the protomail app.

Also fairemail or alterantives don't work.

I use newpipe, freetube instead of youtube.

It has everything but the discoverability that youtube provided.

I would atleast like a way to find new channels based on the channels I subscribe, if not new videos based on watched videos.

Need suggestions.

cross-posted from: https://lemmy.world/post/9812294

Porn sites Pornhub, XVideos, and Stripchat face stricter requirements to verify the ages of their users after being officially designated as “Very Large Online Platforms” (VLOPs) under the European Union’s Digital Services Act (DSA).

I personally have mixed feelings, as the information collection could be used to link individuals and profile them. Possibly leading to discrimination if abused.

But I also feel that any random kid shouldn't be able to just go to these sites and see porn freely.
Ofc, there's always going to be those who mange to circumvent any protection put in place but it'd be much harder then just clicking a link or typing in the address.

I also feel that parents should actively monitor their kids online activities and step up a Blocklist to pro-actively prevent kids from reaching these sites to begin with.

What are your thoughts on this?

“Verizon royally fucked up,” Poppy told me in a phone call. “There’s no way around it.” Verizon, she added, was “100% at fault.”

Verizon handed Poppy’s personal data, including the address on file and phone logs, to a stalker who later directly threatened her and drove to an address armed with a knife. Police then arrested the suspect, Robert Michael Glauner, who is charged with fraud and stalking offenses, but not before he harassed Poppy, her family, friends, workplace, and daughter’s therapist, Poppy added. 404 Media has changed Poppy’s name to protect her identity.

Glauner’s alleged scheme was not sophisticated in the slightest: he used a ProtonMail account, not a government email, to make the request, and used the name of a police officer that didn’t actually work for the police department he impersonated, according to court records. Despite those red flags, Verizon still provided the sensitive data to Glauner.

Remarkably, in a text message to Poppy sent during the fallout of the data transfer, a Verizon representative told Poppy that the corporation was a victim too. “Whoever this is also victimized us,” the Verizon representative wrote, according to a copy of the message Poppy shared with 404 Media. “We are taking every step possible to work with the police so they can identify them.”

In the interview with 404 Media, Poppy pointed out that Verizon is a multi-billion dollar company and yet still made this mistake. “They need to get their shit together,” she said.

Initially saw this article from Brian Krebs mastodon account.

https://infosec.exchange/@briankrebs/111608035574860035

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers.

This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August. Citrix made patches available in early October, but many organizations did not patch in time. Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

Comcast's statement

Notice To Customers of Data Security Incident
December 18, 2023 04:30 PM Eastern Standard Time

PHILADELPHIA--(BUSINESS WIRE)--Xfinity is providing notice of a recent data security incident. Starting today, customers are being notified through a variety of channels, including through the Xfinity website, email, and news media.

On October 10, 2023, Citrix announced a vulnerability in software used by Xfinity and thousands of other companies worldwide. Citrix issued additional mitigation guidance on October 23, 2023. Xfinity promptly patched and mitigated the Citrix vulnerability within its systems. However, during a routine cybersecurity exercise on October 25, Xfinity discovered suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability.

Xfinity notified federal law enforcement and initiated an investigation into the nature and scope of the incident. On November 16, Xfinity determined that information was likely acquired. After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, the data analysis is continuing.

Xfinity has required customers to reset their passwords to protect affected accounts. In addition, Xfinity strongly recommends that customers enable two-factor or multi-factor authentication to secure their Xfinity account, as many Xfinity customers already do. While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question.

Customers with questions can contact Xfinity’s dedicated call center at 888-799-2560 toll-free 24 hours a day, seven days a week. More information is available on the Xfinity website at www.xfinity.com/dataincident.

Customers trust Xfinity to protect their information, and the company takes this responsibility seriously. Xfinity remains committed to continued investment in technology, protocols and experts dedicated to helping to protect its customers.

As an Indian, I know protesting against this bill is the best we can do but it seems like most of the people in country arent aware about this or simply dont care, this is disastorous!!

We’ve heard our users loud and clear - interoperable end to end encryption (E2EE) across email providers is critical for privacy and security online. We have taken this feedback to heart. We are proud to announce support for PGP encryption inside Skiff mail starting today for all users across all tiers, including Free.

The highlight of the research is that Apple users were less likely to be victims of financial fraud after Apple implemented the App Tracking Transparency policy. The results showed a 10% increase in the share of Apple users in a particular ZIP code leads to roughly 3% reduction in financial fraud complaints.

While the scope of the data is small, this is the first significant research we’ve seen that connects increased privacy with decreased fraud. This should matter to all of us. It reinforces that when companies take steps to protect our privacy, they also help protect us from financial fraud. This is a point we made in our Privacy First whitepaper, which discusses the many harms that a robust privacy system can protect us from. Lawmakers and regulators should take note.

Hey all

A few years ago, when I started my journey into the realm of open source, decentralisation and privacy as an ignorant, naïve young internet user, I had already registered with numerous companies without giving it much thought. I randomly signed up for services using my google and microsoft email addresses, which I opened when I was very young.

I have been struggling with this naivety and carelessness of my younger self for several years now. During this time I have gone through all the services I have ever registered for, requested my data everywhere, written dozens of emails, deleted my google account a year ago, then the amazon account, my apple account and yesterday now also the microsoft account, together with the email I have used the longest and replaced everything with open source, privacy respecting services.

Now there's only one big player missing, as you can imagine. Yes, Meta has me in its grip like no other company with its chat service WhatsApp. I myself would have been ready to finally ditch this increasingly bad service long ago unfortunately, those around me don't see it the same way.

But I have now started my preparations:

• I have cleared out, structured and organised all my contacts.
• I have said goodbye to all long-dead groups.

And now comes the exciting part:
in the near future, I will write a message to my most important contacts explaining that WhatsApp, with all its clutter, has become a burden for me and that there are better, privacy-respecting alternatives. I will suggest Signal to them and explain that I will slowly withdraw from WhatsApp. I won't be on the platform as often, but I'll still be available for emergencies. And that they should take a look at this very familiar looking app. their data and I will thank them for it :)

In conclusion, I would like to say that I have realised that you can achieve anything, not radically, but in incremental steps. Especially when others are affected, you have to give them space and time to familiarise themselves with the alternatives without having to deviate from your own convictions. And if there is no other way and if they are also averse to this plan in the long term, new ways will be found. I have already lived without a mobile phone for more than half a year a few times and have also managed that.

What do you think? I'm interested in your opinion :)

I don't like so called smartphones (flashy devices to mine your data and other reasons) but my regular no touchscreen phone's microphone is no longer working as it should, making conversations difficult.

Enter a smartphone I received as a present, my phobia (for lack of a better word) to smartphones and my (misguided?) obsession with privacy: I don't want to use this smartphone as my default phone because I'm scared the carrier, ISP or google are going to mine my data and trace my calls.

Which might be an overreaction, because each time I use my regular cell phone, the carrier knows when I'm calling from, who I'm calling and how long the call lasts.

So I ask you: how much more data would I be leaking if I use my new smartphone for calls only, compared to a regular, no touchscreen phone?

Cross posted from: https://midwest.social/post/6593381