I have come to realise that I can't just leave Facebook and Instagram without it influencing the stuff that I really care about. Most of my hobbies, interests, friends, clubs etc are on Facebook, and leaving the platform would affect the level of involvement that I can achieve.

So my question is: would it be an option to run Facebook and Instagram on a device that I don't use for anything else than that? I won't being it with me anywhere and I won't use it for communication, searches, browsing etc. Only Facebook and Instagram.

I still haven't accepted the terms of the meta platform and as accepting them would allow to track on any device, I have uninstalled on all devices. So I am thinking of installing the apps on a spare device and just letting them be isolated there.

I realise that they will still track my activities on the apps though, but I believe that the few weeks I've had without the app, has taught me that I dont need to browse the fees. Just check the communities that i am involved in and put again

Any thoughts or advice on this?

Does anyone that pays for proton also use it with a SO? We've been looking to pay for it but the family plan looks like an overkill for us. The viable alternative is paying for the Mail Plus plan for each of us but we are a bit worried that we won't be able to share calendars.

Would appreciate if someone else has the same use case as us and could share their experiences. Thanks!

The data brokerage giant sold face recognition, phone tracking, and other surveillance technology to the border guards, say government documents.

There are some speculations about TPM uncontrollably sending data to manufacturer servers if a laptop has any Internet connection. Others say it's not intended/capable of that, like this answer for example (which is 5 years old though).

Lemmy, what do you say?

Hey everyone, so for the past few month I have been working on this project and I'd love to have your feedback on it.

As we all know any time we publish something public online (on Reddit, Twitter or even this forum), our posts, comments or messages are scrapped and read by thousands of bots for various legitimate or illegitimate reasons.

With the rise of LLMs like ChatGPT we know that the "understanding" of textual content at scale is more efficient than ever.

So I created Redakt, an open source zero-click decryption tool to encrypt any text you publish online to make it only understandable to other users that have the browser extension installed.

Try it! Feel free to install the extension (Chrome/Brave/Firefox ): https://redakt.org/browser/

EDIT: For example, here’s a Medium article with encrypted content: https://redakt.org/demo/

Before you ask: What if the bots adapt and also use Redakt's extension or encryption key?

Well first they don't at the moment (they're too busy gathering billions of data points "in clear"). If they do use the extension then any changes we'll add to the extension (captcha, encryption method) will force them to readapt and prevent them to scale their data collection.

Let me know what you guys think!

Proton Mail, the leading privacy-focused email service, is making its first foray into blockchain technology with Key Transparency, which will allow users to verify email addresses. From a report: In an interview with Fortune, CEO and founder Andy Yen made clear that although the new feature uses blockchain, the key technology behind crypto, Key Transparency isn't "some sketchy cryptocurrency" linked to an "exit scam." A student of cryptography, Yen added that the new feature is "blockchain in a very pure form," and it allows the platform to solve the thorny issue of ensuring that every email address actually belongs to the person who's claiming it.

Proton Mail uses end-to-end encryption, a secure form of communication that ensures only the intended recipient can read the information. Senders encrypt an email using their intended recipient's public key -- a long string of letters and numbers -- which the recipient can then decrypt with their own private key. The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. "Maybe it's the NSA that has created a fake public key linked to you, and I'm somehow tricked into encrypting data with that public key," he told Fortune. In the security space, the tactic is known as a "man-in-the-middle attack," like a postal worker opening your bank statement to get your social security number and then resealing the envelope.

Blockchains are an immutable ledger, meaning any data initially entered onto them can't be altered. Yen realized that putting users' public keys on a blockchain would create a record ensuring those keys actually belonged to them -- and would be cross-referenced whenever other users send emails. "In order for the verification to be trusted, it needs to be public, and it needs to be unchanging," Yen said.

Curious if anyone here would use a feature like this? It sounds neat but I don't think I'm going to be needing a feature like this on a day-to-day basis, though I could see use cases for folks handling sensitive information.

cross-posted from: https://lemmy.world/post/8326497

The FCC can now punish telecom providers for charging customers more for less::The Federal Communications Commission has passed new digital discrimination rules that hold telecom providers accountable for not providing equal internet access.

Thanks Max!

Just heard of Lemmy today

I would love to leave reddit

Whats most privacy respecting android app for Lemmy ?

Looks like gitlab now requires account verification for new accounts in addition to email. Either phone number or credit card.

This applies both to accounts created with a working email or by logging in using your github account. You can't even verify your email until you go through step 1.

I don't know when this started, but at least for the last month or two judging from these posts in the forums.

• https://forum.gitlab.com/t/how-to-create-an-account-without-telephone-number-if-an-non-activated-account-has-already-been-created-with-the-same-e-mail-address-that-demands-a-phone-number/93675/2
• https://forum.gitlab.com/t/phone-verification-sms-not-received-unable-to-login-and-register/92202
• https://forum.gitlab.com/t/how-to-create-an-account-without-telephone-number-if-an-non-activated-account-has-already-been-created-with-the-same-e-mail-address-that-demands-a-phone-number/93675/2

Fun fact: I don't even want to host on gitlab, I just wanted to report bugs in some projects. So I'm locked out.

Just saw this update. I'll quote from the previous article for a complete picture.

After years of legislative process, the near-final text of the eIDAS regulation has been agreed by trialogue negotiators1 representing EU’s key bodies and will be presented to the public and parliament for a rubber stamp before the end of the year. New legislative articles, introduced in recent closed-door meetings and not yet public, envision that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments.

This means governments could impersonate websites, effectively breaking https. Over 500 researchers and experts had signed a letter against the problematic article 45. In the update they got a response:

In a media Q&A given by the European Commission on Thursday (9th November), the Commission characterized the risks raised in the open letter from cyber security experts and civil society as a ‘misunderstanding’. The Commission went on to state that the open letter had been discussed with their experts, who concluded ‘there is no risk of government spying, nor breaching the confidentiality of internet connections’.

So they asked 'experts' who said breaking https doesn't lead to government spying.

We call on the European Commission, Council and Parliament to:

• Publish the final legal text of the eIDAS regulation as soon as possible.

• Ensure that civil society and cyber security experts have adequate time to scrutinize this regulation ahead of any legislative action.

• Be transparent about the advice the Commission has received regarding this regulation and who was consulted.

I'm so done with this. The fact that they can just:

1. Introduce an article that breaks https into a regulation a short time before it's voted on

2. Don't disclose the text of the articles for independent experts to look at

3. Blatantly deny what it does after it gets discovered

Without any repercussions is depressing. They'll just keep trying this until it sneaks past.

This text is subject to approval in the final closed-door trialogue meeting in Brussels on November 8th, after which it will be published and presented for formal ratification in the European Parliament. This is expected to be in the first few months of 2024, but this vote is seen as a formality with the text of trialogue negotiations typically being adopted into law without alteration.

Last week, representatives of the European Parliament, Council and Commission announced they had signed off on the eIDAS Regulation and that a vote in Parliament’s ITRE committee will be held on November 28th. We understand that although no changes have been made to Article 45, there were last-minute changes to the accompanying Recital 32. However, the EU has still not published the agreed legal text. There are now less than 13 days until the vote and the cyber security community, civil society and the public are still unable to read the proposed regulation, let alone scrutinize its impacts.

Finally:

If you’re a European citizen, you can write to the member of the European Parliament responsible for the eIDAS file - Romana JERKOVIĆ - and register your concern.

Edit: formatting

Hello, could someone recommended a keyboard for android that is a bit smart in predictive typing? I used to like swiftkeybefore it was bought by microsoft. Not that swiftkey itself was much better but I was not so privy conscious at that time.

I recall swiftkey would require access to your texts and emails to train itself to your predictions.

Is there some similar foss keyboard where all the data then remains local?

I know swiftkey has an incognito mode, but then it stops learning from your typing.

Can you recommend me some anonymous phone number services to use when creating account that requiring phone number verification?

I think we all draw a line between privacy and convenience and I think I found mine and settled into a comfort zone of sorts. I use Fedora 38. My browser is Mozilla Firefox with it's "strict" setting. uBlock origin and uMatrix. When I need/want to use a site that doesn't work due to blocked connections I relax the restrictions in uMatrix or temporarily disable it entirely if I get frustrated or I'm in a hurry. I watch videos on YouTube. Don't use social media, but I do use Facebook messenger (although I prefer to use Signal with the handful of people I can). I use a Xiaomi phone with custom ad blocking DNS (I'd like to get a Pixel with GrapheneOS someday). I look for an app on F-Droid first, but install it through Google Play if I can't find what I need there. I use Qwant and DuckDuckGo. I use ReVanced. I do not use a VPN. I think that's all the relevant information. My question is: how easy do you think it still is for big tech to track me? Are there any suggestions you would have for a person like me that wouldn't sacrifice too much convenience?

Hello all, I'm relatively new to the realm of self-hosting. Over the past few months, particularly in response to recent events, I've been actively advocating for privacy, security, and decentralization. Initially, I began by implementing Nextcloud for my family and friends, and later expanded to include services like Immich, Jellyfin, and more. Recently, I've also set up a Tor relay (non-exit to avoid unnecessary attention). I'm looking for suggestions on other projects, tools, or areas to explore that can contribute to enhancing others' privacy. I appreciate services like a Tor relay because once set up, they can run relatively autonomously. Are there any similar services that others can benefit from without requiring consistent direct input from me? I've got a few spare Gigabit lines and ~20TB of free space I can spare for the greater good.

Anybody know about this search engine ?

How it can be compared with duckduckgo, qwant, swisscows, metager, startpage, etc...

It is opensource , free & private according to alternativeto.net

What do you think ?

I started some time ago using a teddit frontend with local subscriptions, and at some point it was hard for the one I picked to keep up, then I moved to libreddit, at that time libredd.it, then it stopped working and moved to libreddit.spike.codes, but it seems it stopped working as well, and finally I moved to libreddit .mha.fi, but some time back there was too much rate limiting, making it unusable, and since yesterday it seems totally down, giving the error "502 Bad Gateway". I also have the libRedirect extension on Librewolf configure to choose among several libreddit instances (so when searching for something any is picked), and most of them seem out of service, or being rate limited as well.

So, are frontends for reddit finally coming to an end?

Edit: Indeed, it seems at least non self-hosted front-end instances are way rate limited or down

Sorry I don't have an english version of this article, this is the best source I could find for it.

https://www-heise-de.translate.goog/news/Microsoft-krallt-sich-Zugangsdaten-Achtung-vorm-neuen-Outlook-9357691.html?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=de

Without naming names, there's a well advertised grammar editing tool that's available either as an app download or browser extension. This is something I'd value for a number of reasons (good grammar is important!) but I'm super cautious about anything I'm giving permission to watch what I'm typing.

Ideally, I'd prefer to select text and have it analyzed on-demand using on-device intelligence. I'm on a Mac and it seems like Pages isn't cut out to check grammar. Also, there's no way in heck I'm paying $30 a month for a subscription.

Edit: I just want to acknowledge my request for something I'd value and then saying I don't want to pay for it. I would certainly pay for something if it met my needs but this function isn't something I'd personally value at $30 a month or any monthly subscription ($30 a year sounds reasonable). Moreover, if there's any suspicion of an application using my data for their own profit, they are not getting my money. So, in this case, for the sake of data privacy, I would prefer to pay for something (preferably once - grammar shouldn't need updating).

cross-posted from: https://lemmy.world/post/8237599

At Framasoft, we're trying to push back GAFAMs' toxic web by multiplying digital-friendly spaces.

Find out more about our actions and how you can support us: https://framablog.org/2023/11/14/lets-regain-ground-on-the-toxic-web-framasofts-2023-report/

Our 2022-2025 roadmap "COllectivize INternet / COnvivialize INternet" is represented by Coin-Coin, who is reporting on this first year's work.

Help him to push back against the Datavöre by sharing https://soutenir.framasoft.org

This just blows my mind and makes me feel sick to my stomach that such company's like CMG Local Solutions ~~do this sort of thing~~ even exist! 🤢🤮

Note: I did not want to use the 'URL' field in this post to add a direct link to this company as they use a pixel tracker (see post title). I don not recommend you visit it. Instead, I'll quote them here:

It's True. Your Devices Are Listening to You. With Active Listening, CMG can now use voice data to target your advertising to the EXACT people you are looking for.

magine This... What could it do for your business, if you were able to target potential clients or customers who are using terms like this in their day to day conversations:

The car lease ends in a month- we need a plan. We need to get serious about planning for retirement. A mini van would be perfect for us. This AC is on it's last leg! Do I see mold on the ceiling? We need a better mortgage rate.

Active Listening can make that happen for you! We know this sounds like something from the future, but we are there! We can customize your campaign to listen for any keywords/targets relevant to your business. Here is how we do it:

Create Personas We create buyer personas by uploading past client data into the platform.

Identify Keywords We identify top performing keywords relative to the type of customer you are looking for.

Tracking We set up tracking via pixel placed on your site, so we can track your ROI in real time.

Listening Active Listening begins and is analyzed via AI to detect pertinent conversations via smartphones, smart tvs and other devices.

Analysis As qualified consumers are detected, a 360 analysis via AI on past behaviors of each potential customer occurs.

Create a List With the audience information gathered, an encrypted evergreen audience list is created.

Re-targeting We use the list to target your advertising via many different platforms and tactics including:

• Streaming TV/OTT
• Streaming Audio
• Display Ads
• Paid Social Media
• YouTube
• Mobile Precise
• Google/Bing Search (PPC)

Claim Your Exclusive Territory Before Your Competitor Our technology provides a process that makes it possible to know exactly when someone is in the market for your services in real-time, giving you a significant advantage over your competitors. Territories are available in 10 or 20 mile radiuses, but customizations can be made for regional, state and national coverage.

Here's the best part! 🤥

We know what you are thinking... Is this legal? YES- it is totally legal for phones and devices to listen to you. That's because consumers usually give consent when accepting terms and conditions of software updates or app downloads

Is it just me or does the world feel more and more everyday like a dystopian nightmare, a bad joke, satire? Ahhhh!

What's your thoughts on this?

It's a well-known fact that Google spies on users, which isn't anything new. However, the fact that they are now using this as a reference in a marketing meme is insulting.

Google is now making jokes at customers expense, using memes for promotional ads on Reddit, and saying that they don't care about you because they know people will still buy their ad-platform spyware products.

Well, I say 🖕Google! Your corporate capitalism greed gets another 🖕! Oh, and before I forget, 🖕too reddit.

Edit: removed mention of a certain country