As per title, Help me choose a browser for android I have non rooted device. After all the researches I found best for me would be 1: Mull but with Some way for knowing which site have saved any data on my device (Maybe by extension or some defined page like about:config type) But as per my research I do not found any such thing. 2:Cromite or like it but with extension support like kiwi. 3:Privacy browser but just give assurance that google will not track me (as I have nonrooted device I have default webview).

I dont think that Vivaldi,Opera or brave stand anywhere when it is about privacy.

Help/advice/correct me!

A senator has complained that American law enforcement agencies snoop on US citizens and residents, seemingly without regard for the privacy provisions of the Fourth Amendment, under a secret program called the Hemisphere Project that allows police to conduct searches of trillions of phone records.

It took a few months preparation but I deleted all my google accounts today, and it feels good.

cross-posted from: https://lemmy.ml/post/8465136

From the group chat:

Hello all!

SimpleX Chat v5.4 is released - link mobile and desktop apps via secure quantum resistant protocol, and much better groups!

Once you upgrade, join the new users' group via this link https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2FPQUV2eL0t7OStZOoAsPEV2QYWt4-xilbakvGUGOItUo%3D%40smp6.simplex.im%2Fos8FftfoV8zjb2T89fUEjJtF7y64p5av%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAQqMgh0fw2lPhjn3PDIEfAKA_E0-gf8Hr8zzhYnDivRs%253D%26srv%3Dbylepyau3ty4czmn77q4fglvperknl4bi2eb2fdy2bh4jxtf32kf73yd.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22lBPiveK2mjfUH43SN77R0w%3D%3D%22%7D and find other groups in SimpleX directory https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2Fu2dS9sG8nMNURyZwqASV4yROM28Er0luVTx5X1CsMrU%3D%40smp4.simplex.im%2FeXSPwqTkKyDO3px4fLf1wx3MvPdjdLW3%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAaiv6MkMH44L2TcYrt_CsX3ZvM11WgbMEUn0hkIKTOho%253D%26srv%3Do5vmywmrnaxalvz6wi3zicyftgio6psuvyniis6gco6bp6ekl4cqj4id.onion.

Please read more in the announcement, and please upvote/share our posts to help spread the word:

https://www.reddit.com/r/selfhosted/comments/183sd9h/simplex_chat_fully_opensource_private_messenger/

https://twitter.com/SimpleXChat/status/1728507765813809487

https://mastodon.social/@simplex/111473020768393442

Posting here since they did not.

• Anonymous Planet - a community contributed online guide to anonymity written for activists, journalists, scientists, lawyers, whistle-blowers, and good people being oppressed, censored, harassed anywhere
• Privacy Guides - a non-profit, socially motivated website that provides information for protecting your data security and privacy
• Extreme Privacy 4th Edition - Michael Bazzell has helped hundreds of celebrities, billionaires, and everyday citizens disappear completely from public view.
• Anonymous Land - a community dedicated to providing anonymity enhancing guides and services
• Prism Break - opt out of global data surveillance programs like prism, xkeyscore and tempora.
• The New Oil [Tor] - the beginner’s guide to data privacy & cybersecurity
• Techlore - a small team educating people about digital rights, privacy, security, digital control, and other important topics to push the world towards a safer internet
• Qubes OS for Anarchists [Tor] - Qubes OS is a security-oriented operating system (OS), which means it is an operating system designed from the ground up to be more difficult to hack. Given that anarchists are regularly targeted for hacking in repressive investigations, Qubes OS is an excellent choice
• GrapheneOS for Anarchists - [Tor] - anarchists should not have phones. if you must use a phone, make it as difficult as possible for an adversary to geotrack it, intercept its messages, or hack it. this means using grapheneos
• Tails for Anarchists [Tor] - tails is an operating system that makes anonymous computer use accessible to everyone. tails is designed to leave no trace of your activity on your computer unless you explicitly configure it to save specific data
• Tails Opsec for Anarchists [Tor] - additional precautions you can take that are relevant to an anarchist threat model - operational security for tails
• Make Your Electronics Tamper-Evident [Tor] - if the police ever have physical access to an electronic device like a laptop, even for five minutes, they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. one way to minimize this risk is to make it tamper-evident
• Encrypted Messaging for Anarchists [Tor] - This article provides an overview and installation instructions for Tails, Qubes OS, and GrapheneOS encrypted messengers
• Kill the Cop in Your Pocket [Tor] - your phone's location is tracked at all times, and this data is harvested by private companies, allowing police to bypass laws requiring them to obtain a warrant
• Remove Identifying Metadata From Files [Tor] - metadata is 'data about data' or 'information about information'. in the context of files, this can mean information that is automatically embedded in the file, and this information can be used to deanonymize you
• Defending against Stylometric attacks [Tor] - stylometric fingerprinting analyzes unique writing style (i.e., it uses stylometry) to identify the author of a work. it’s one of the most common techniques for de-anonymization, used by adversaries ranging from trolls to law enforcement
• EFF Surveillance Self-Defense: The Basics - surveillance self-defense is a digital security guide that teaches you how to assess your personal risk from online spying. it can help protect you from surveillance by those who might want to find out your secrets, from petty criminals to nation states
• EFF Surveillance Self-Defense: Tool Guides - step-by-step tutorials to help you install and use handy privacy and security tools
• Into the Crypt - the art of anti-forensics
• Advanced Privacy and Anonymity Using VMs, VPN’s, Tor - a series of guides that explains how to obtain vastly greater freedom, privacy and anonymity through compartmentalization and isolation through nested chains of VPNs and Tor
• How to create anonymous Telegram and Signal accounts without a phone - a guide for using Whonix & Anbox to create anonymous mobile accounts without a phone
• Security Tips & Devices for Digital Nomads - various tools and gadgets for OpSec, written with a preference for practical usability
• Telegram Security Best Practices - quick tips that will help you sleep better at night when using Telegram

read more at: https://git.hackliberty.org/hackliberty.org/Hack-Liberty-Resources/

So recently my moto G60 reached the end of life with respect to security updates. That was the reason I was using to prevent myself from switching to a custom rom(actual reason is laziness). This phone has rom support for pixel experience and lineage OS. So my questions are if pixel experience has any privacy advantages when compared to the stock rom the phone ships with¿? Also if I flash GApps along with lineage OS will all the privacy advantages I get with lineage disappear¿? I might need Google play services for some banking applications.

"After signing into their ACT account, if a student accepted cookies on the following page, Facebook received details on almost everything they clicked on—including scrambled but identifiable data like their first and last name, and whether they’re registering for the ACT. The site even registered clicks about a student’s ethnicity and gender, and whether they planned to request college financial aid or needed accommodations for a disability"

Basically I am looking for a messaging platform like signal or? but with anonymous signup, perfect forward secrecy, capable of video chat, sending photos the usual uses in today's life. But with a panic button. So that any party member could use said button to wipe all other members devices of any data instantly inside the messaging app. So if one member gets compromised, or lost their device, stolen device ect, any other member could wipe all chats, call log, and any other data strictly inside the messaging client instantly for everyone involved. Disolving the group like it never existed rendering the data unrecoverable. Amazons Wickr used to have most of these features but it is being discontinued December 2023 and who trusts amazon with their data. Does something like this exist? Sorry if I'm not explaining it well I'll do my best to clarify and update this post. I am not trying to delete the whole device. Just the data inside the messaging app. If that does not exist. What about a separate app that could delete the entire messaging platform from the device when triggered. Assume all necessary requirements are met and this is for daily use. Between a group of trusted parties.

Updated wording to clarify the objective as replies where getting misunderstood.

I've never owned a TV before but recently purchased a Samsung TV.

In terms of privacy, is it recommended I use its internal OS to log into things like Netflix or Disney+, or is it better to use a Chromecast for those things?

I figured if I use a Chromecast I can simply not connect my TV to the Internet at all. Of course, it does mean I'll be using a Google product.

And what privacy related issues am I opening myself up to in the first place? What kinds of things do TVs and Chromecasts track?

Anything else I should be considering?

Hello everyone,

There are a few basic things in my current setup that I'm not very comfortable with. Since we're on blackfriday -> cybermonday I think it would be a nice season to make some changes [cloud - e-mail - calendar - cloud - DNS] Here's the deal:

E-mail / Calendar Strategy

• Using tuta for more than 2 years but I still rely on my gmail address for many things; issues with Tuta:
• troublesome to export/make backups (worse since I have many folders, would be folder by folder)
• not a fan of not having an e-mail client on my desktop (not issue in mobile phone), also don't love the calendar

What would be ideal:

• a nice mail provider, possibility of easy backups, possibility of using e-mail client (this one is not a hard requirement)
• Calendar, end-to-end encrypted: a hard requirement since I store some sensitive data there. Should be easy to see on mobile (e.g.: dedicated app); for desktop it does not matter much to me I guess the calendar requirement excludes nextcloud and most providers, as well as calDav stuff and similar
• I wouldn't mind if it would be 2 products working side by side if no alternatives are available (calendar and e-mail, but not ideal)

Backups and Cloud Storage (for redundancy)

• I have 1 cold backup at home, another at someone else's home (both encrypted) but to be safe I'd like to also have a trustworthy cloud Cloud: -end-to-end encrypted or -> next bullet
• compatibility with cryptomator is a big plus (though I want to avoid Apple/Google/MS/Dropbox)
• possibility of mounting the cloud storage as drive on my computer (not hard requirement this one)
• could be 2 products side by side (not ideal though): a storage solution for entire backup (wasabis and stuff) and a cloud solution (day to day usage)

DNS for filtering

I'd like a solution to have all traffic filtered (malware, ads) system wide on my laptop/desktop I have used adguard in the past; open to all other possibilities. I also have mullvadVPN; wouldn't using a different DNS defeat the purpose of the VPN? Or when VPN is on, the DNS is always the one of the VPN? Possibilities:

• controlD (i have seen people vouching for it)
• NextDNS (system settings)
• MullvadDNS (system settings)
• adguard desktop app

Malware / Virus / etc

I have a linux desktop and macOS laptop. My doubts are regarding macOS. I've seen so many new antivirus ads that it almost makes me think that I should have one. I have malwarebytes installed for occasional runs and CleanMyMacX (I have doubts regarding its security claims - I use more for system management)

• Should I opt for an antivirus program? If so, which would be advised intego is showing up all the time weirdly)

This time of the year is when I can gear up, since financially I haven't been at the top.

For those that will answer, thank you so much in advance!!!!

#YouTube is making the watching experience worse on #Firefox and Microsoft Edge.

I didn't believe it the first time I heard abt it, since it sounded more like a conspiracy theory than a actual thing, but it's true. Google does add 5s timeout specifically to Firefox and Edge users when they try to watch a video on YT. If you want to know more about it, Mental Outlaw make a very good video abt it (Link: https://youtu.be/v4gXhmzQztE ). I think Google did this, to get people moving to Chrome since the majority will think this is a browser issue, nobody would expect YouTube to purposely doing this. In the attached Screenshot you can see that YouTube checks the user agent of browsers to see if it's Edge, Firefox or not. You can bypass this by changing your User agent to chrome.

Edit: Due a lot of people saying a lot of different things abt it, I want to say that I'm not 100% sure abt how exactly this works, there is a inbuild delay by Google, but who is actually affected, there are a lot of different opinions abt it. I wasn't able to verify this myself in LibreWolf, but this could be the case due my intensive hardening I did and this is just a result of what I found in the code and what Mental Outlaw and others shared across social media, if you got different or additional infos abt this feel free to comment and I suggest everyone ti also check the comment section.

#privacy #youtube #google #dataprotection #firefox #msedge #browser @privacy

So basically what title says.

Im using 2FA with google authenticator for multiple accounts. What if my phone gets stolen? Can I have some kind of backup? Or maybe sync with some self hosted service?

Bonus question: what 2FA should I use instead of google?

Before I say anything else, I should mention that this is nothing ground-breaking, neither is it terribly difficult to implement. This is simply how I envision a simple solution.

Basically, the EU and the UK want the secret keys to your encrypted media/messages. Which essentially breaks encryption completely, ending E2EE usage.

The alternative is, then, for the user to utilise their own form of E2EE. How though? The answer, in my opinion, is personal exchange of keys utilising asymmetrical encryption. Exchanging public keys in plaintext is fine as long as they don't have your private key. Which means unencrypted services like SMS could also be secured using this method (for example, have the public key of a user in their profile). I believe QKSMS employed encryption for SMSes for as long as it lasted, but no idea about the kind of encryption).

Technically, if everyone started to use p2p messengers with asymmetrical encryption, the EU would have very little they could do without compromising every mobile in the region and preventing people from downloading APKs somehow (sorry iOS users but you're never going to have privacy anyway).

However, this is only possible with a FOSS project, because a company would have to fork over the keys anyway to stay alive. A FOSS project can simply be forked once the OG maintainer stops working on it due to government pressure. That is where the problem comes, since FOSS projects can't really run their own servers to store media, making p2p the only viable option. But with some people behind CG-NAT, that becomes harder for non-technical users.

I don't have a way to solve this other than the general population becoming tech-savvy enough to give a damn.

Tl:dr; FOSS projects are best suited for implementing personal E2EE between users, but that makes p2p the only viable option without a back-end, which makes it difficult for people behind CG-NAT.

Cheers

I've been looking for something to replace the google chromecast that is attached to our TV.

I've tried Kodi out, but the main use case for the TV set is a 70+ yo person watching netflix and there is just no way they will be better off with Kodi than with the stock netflix app.

Besides supporting netflix, being easy to use, and providing significantly better privacy than the chromecast does, the device would ideally:

• support other mainstream streaming (amazon, disney, ...) for when my people get tired of netflix
• support a DVB-T2 usb stick (directly, or through IPTV: I can put the stick in a different machine)
• support youtube without ads (through an adblocker and possibly sponsorblock, or maybe using invidious)
• possibly, support local public TV streaming (eg. BBC)

I have a PC set aside that should be more than capable enough (intel N100), but I'm open to getting new hardware if needed. Also, it doesn't matter if the system is not very user friendly to setup (eg. if it needs to be nixos), but once it's setup it should be easy to use and relatively straightforward to update/maintain.

I guess a FOSS android TV would be ideal, but.. is there any? (I see Lineage supports the Google ADT-3, but that is basically unobtanium, at least where I live).

cross-posted from: https://lemmy.cafe/post/1482289

It's an opinion article, but I heavily agree with it. It's really sad that technical decisions are made by chimps who can't tell the difference between a computer and internet.

Some random website knows which school i go to, this is the second time i have received this message

I have a feeling I know the answer, but thought it worth an ask, so here goes - I’ve not used FB in years, and generally try to keep fairly private online (Mullvad, librefox, etc) but I’ve found I’m missing out by not being able to use FB marketplace. If I set up a fresh account, and don’t use the social side of it at all, is there a fairly safe way to use Facebook? In a container, or in Mullvad browser with nothing else open? Or an an extreme, in a VM?

If you care about data privacy: You may be interested in this organization dedicated to protecting digital human rights and promoting encryption: the Global Encryption Coalition. https://www.globalencryption.org/

This young organization was founded by Democracy & Technology, Global Partners Digital, and the Internet Society. They have been working tirelessly to resist those that undermine the security and privacy provided by end-to-end encryption, such as the United Kingdom’s Online Safety Bill and the Electronic Communication Law by the Turkish government.

On their website, you can stay informed about up-to-date news of encryption and join some joint statements to advocate for the widespread use of encryption.

They also list some excellent examples that adhere to encryption standards and actively protect user privacy, such as WireMin, Session, etc. PS: They are free to use. https://www.globalencryption.org/testimonials/

An interesting tidbit from Mozilla's latest privacy release (https://www.ghacks.net/2023/11/21/firefox-120-ships-today-with-massive-privacy-improvements/):

The first introduces support for the Global Privacy Control in Settings. The privacy feature informs websites that you visit that you don't want your data sold or shared. It is legally binding in some states in the United States, including in California and Colorado.

What's to stop users from utilizing a VPN exit point in California or Colorado to force the binding nature of the request?

I am looking for an open source app similar to Apple's "Find My", the intention is to give it root permissions and be able to monitor its location from another device and even be able to do a factory reset remotely in case of theft.

Is there an app that can be used for this purpose? Any help would be appreciated!

Hi everyone !

Right now I use:

• Firefox's full protection with everything blocked by default
• AdGuard adblocker extension
• Adguardhome DNS blocker
• ProtonVPN through wireguard
• Selfhosted searxng instance (metasearch engine aggregator).

While this gives me reasonable doubt of protection/privacy, this blocks me out to interact with FOSS projects on github, which kindda sucks!! I don't want to accepts GitHub's long cookie list of tracking and statistics, but not being able too interact and help FOSS project to thrive, improve, get some visibility, will in the long term hurt FOSS projects.

I'm aware of GitHub's cookie management preferences, but I don't trust them to manage and choose what should be accepted or not !

Firefox only allows to block/accept everything and all extensions are just to delete them. I couldn't find any related and somehow workaround on this issue.

Q: Is there anyway to only accept cookies allowing me to login and interact with repos without accepting those tracking and analytic cookies?

If you have any solution/workaround to share, I'm all ears !

Edit

I learned a few new things today:

• Adguard AdBlocker extension for firefox allows to block cookies before they enter into your system
• User Agent spoofing addon
• Firefox privacy.fingerprintingProtection is not activated by default for everthing

– How to block specific cookies with the Adguard Adblocker extension

⚠️ This can and will cause the website to malfunction if you block the wrongs cookies ⚠️

To find out what specific cookie you want to block, you first need to know his name. For firefox you need to open the application menu -> more tools -> web developer tools OR right click inspect (keyboard shurtcuts depends on your system).

In the web developer tools windows go to STORAGE -> cookies.

After you found out what additional non-essential cookies you want to block out you need to add them in the AdGuard user rules:

||github.com/$cookie=tz
||github.com/$cookie=preferred_color_mode
||github.com/$cookie=color_mode
||github.com/$cookie=saved_user_sessions
||github.com/^$third-party

To read more about on how to create you own ad filters read the official documentation.

– User Agent spoofing

User agent string switcher

This extension allows you to spoof your browser "user-agent" string to a custom designation, making it impossible for websites to know specific details about your browsing arrangement.

– Firefox about:config privacy.fingerprintingProtection = true

Firefox's documentation is pretty straightforward but here is what they are saying about:

However, the Canvas Permission Prompt is not the only thing that Fingerprinting Protection is doing. Fingerprinting Detection changes how you are detected online:

• Your timezone is reported to be UTC
• Not all fonts installed on your computer are available to webpages
• The browser window prefers to be set to a specific size
• Your browser reports a specific, common version number and operating system
• Your keyboard layout and language is disguised
• Your webcam and microphone capabilities are disguised
• The Media Statistics Web API reports misleading information
• Any Site-Specific Zoom settings are not applied
• The WebSpeech, Gamepad, Sensors, and Performance Web APIs are disabled

Type about:config in the address bar and press EnterReturn. A warning page may appear. Click Accept the Risk and Continue to go to the about:config page. Search for privacy.resistFingerprinting and set it to true. You can double-click the preference or click the Toggle Fx71aboutconfig-ToggleButton button to toggle the setting.

If it is bolded and already set to true, you, or an extension you installed, may have enabled this preference. If you discover the setting has become re-enabled, it is likely a Web Extension you have installed is setting it for you.

Closing thoughts

This may seem overkill for some people and I get it, but if you are really concerned about your privacy/security, there is nothing as "one-click/done" privacy. It's hard-work and a every day battle with E-corp and other hidden institutions that gather every bit of fingerprints/trace you leave behind ! I hope this long edit will help some people to have a more private and safer web browsing !

"I'll be interviewing Andy Yen, the CEO of #Proton in early December, and I'd like to ask them the questions YOU have about Proton Mail, Drive, Calendar or VPN, or security and privacy in general."

See the info in the link on how to submit your questions.

I'm shopping for a VPN providers, and really struggling to find a detailed and non-biased breakdown of the various options. A number of years ago, I recall finding an extremely detailed VPN comparison spreadsheet that had 30+ columns, which were contained criteria by which the VPNs were judged both quantitatively and qualitatively. I can no longer find that table, so I suspect it has been removed, but I did find the less-comprehensive table, below:

https://docs.google.com/spreadsheets/d/1ijfqfLrJWLUVBfJZ_YalVpstWsjw-JGzkvMd6u2jqEk/edit?usp=sharing

In the thread posted by the owner of this sheet, a few commenters pointed out that the highest rated VPN providers in this table just happen to be the ones that advertise most aggressively and are well-known for buying positive reviews from tech blogs, which are pretty clearly designed to be misleading. I too am suspicious that this table can't be trusted, however I really am not knowledgeable about VPNs, so before passing judgement, I figured I should consult those who know more about it. I also recognize that a strong marketing team and an excellent product aren't mutually exclusive, however I think that generally applies more in markets where economies of scale play a significant role, as does mass-adoption, which fuels loads of well-informed, independent research (ex: the car market and phone market.) That obviously isn't the case with the VPN markets... but I'm still sorta holding out hope.

If I end up excluding this table, I'm not sure where to turn at that point. Shilling is extremely pervasive in the VPN market, so it's tough to trust any one person or any one thread. It's also well established that a few of the large VPNs actually own a number of review blogs, so I can't really trust blogs either.

I guess I'm here hoping to be told that my suspicions about this table are unfounded, and / or that another excellent, unbiased resource for comparative VPN info exists. Any help would be appreciated!

Sorry if this reads like an ad; the link is a non-referral one. (I am broke though if anyone wants me to DM my referral link (10%) lol) I heard about it here and wanted to share for others that were interested by that original post but waiting for a sale.

Hello everyone I just figured I would share a PSA since filen.io's black friday sale seems to be live now. Filen is another good opensource (all their client apps) alternative to google drive, dropbox, icloud, MEGA, etc.

I've been checking this company out for the past week after I saw someone asking here if it was trustworthy. It seems legit; fairly young company which explains why they still offer lifetime plans as they are growing.

Its only like 35 Euro for a 200GB lifetime client-side encrypted cloud storage with no bandwith limits. I despise subscriptions so hard to argue with that for me.

I plan on using this for my offsite backups mainly.

EDIT: For christ sakes folks, Lifetime obviously means the lifetime of the company as is the case for ANY "LIFETIME" PRODUCT. That's been the legal meaning of the term when it comes to warranties and such for decades. Should I rename it "One Time Payment" so you guys can stop commenting that a company can go under? Newsflash if you pay monthly for dropbox and that company fails, same thing happens, except you'll have paid hundreds or thousands over the years (depending how long we're talking) for 200GB storage instead of a one time payment of 35 Euro. It will take ~13 months to break even with GDrive's 200GB plan so as long as filen lasts more than 13 months you still come out ahead. They have also stated in their blog that lifetime plans will increase in price down the road as they are currently being partially funded by their monthly plans. I would expect they will likely increase in price to similar to what pcloud charges for lifetime plans? IDK don't quote me.