• second, i have no intention to use any services using cloudflare
• how did i know_
  • fdroid_ settings_ repositories_ activate guardian project official relases
  • install torservices (alpha)
• install privacy browser
  • settings_ proxy_ enable tor
• visit *.lemmy.world
• screenshot_

Firefox and Fastly take another step toward a privacy upgrade for the internet

Fastly and Mozilla are taking another important step toward a more secure and private internet with Firefox’s adoption of Fastly as an Oblivious HTTP (OHTTP) Relay in order to guarantee more privacy for Firefox users. We are thrilled to work in partnership with Firefox and Mozilla, who have a proven track record of investing in technologies that protect their users and working to improve the internet. How does Oblivious HTTP (OHTTP) work?

OHTTP is a spec and service architecture that engineers can use to enable more private communications between two parties by splitting the information about the requester from the information of the request being made. You can read more about OHTTP here, but the basic idea is that it is “double-blind” in the sense that the spec is designed so that there is never a single party who has all of the information about who is making a request, and what the request is. When OHTTP is not in use all of that data is mixed together, which leaves room for abuse or misuse, and also means that a malicious attack could gain access to that data. With OHTTP a new level of privacy is guaranteed. firefox blog image 2

Fastly serves as the OHTTP Relay, receiving a request from the OHTTP client (in this case it would be in the browser), that includes metadata about the requester which Fastly can read and strip away, as well as an encapsulated and encrypted request that is passed along through the relay as designed. Fastly never knows what information is in the request itself, and Mozilla never knows any of the metadata about the requester. Browsers are the beginning

The double blind communication enabled by a new generation of private-by-design technologies are impossible with HTTP alone. We believe that OHTTP, MASQUE*, and DAP** represent the beginning of a more private and secure future for all communications on the internet. Browsers occupy an important position, sitting between users and a great deal of their activity on the internet. When Firefox and other browsers adopt new technologies like this it sends an important signal that this level of privacy-by-design should be table-stakes going forward. Working toward a more private internet

This technology is still relatively complicated to implement, being adopted by larger organizations like the most popular browsers, but we are getting a glimpse of a future where more is possible. We have seen this before with the adoption of HTTPS, which is now expected and the default – not just for business and large organizations, but even for small personal websites.

Fastly views the work to bring OHTTP and other privacy protecting technologies to browsers and apps as a fundamental, necessary first step. Connected/smart device manufacturers, network hardware companies, and the consumer electronics industry at large are becoming more serious about compliance and privacy. And with the help of organizations like Mozilla, we are laying the groundwork for a future where applications – even smaller ones without the resources of an Apple, Google, Microsoft, or Mozilla, will be able to access OHTTP simply. We won’t arrive at this state tomorrow, but we are starting to have options for how to get there.

Our goal is to create a future where all internet communications are private through the democratization of these private-by-design technologies. We must start with specific use cases and particular protocols with organizations like Mozilla who share this vision, and are ready to be early adopters. Over time the aim is to broaden the use of the technology as the private communication pathways are more universally available and easy to use. We expect this to be pushed forward in at least a couple ways – first, by continued regulatory moves and privacy legislation that forces adoption of these kinds of technologies. Second, we expect it to evolve to be a standard that users expect, like the lock in their URL bar for HTTPS connections. This is the commoditization of privacy in a great way, where improved privacy becomes cheap to the point that it is only a negligible cost to adopt an improved standard, and a reputational cost if you don’t adopt it.

Fastly will not be the only option for providing a relay for this type of feature, but we do intend to be the best option. We intend to be the change we want to see in the internet and move all of us toward a future of complete privacy in internet traffic.

*MASQUE = Multiplexed Application Substrate over QUIC Encryption

**DAP = Distributed Aggregation Protocol (for privacy preserving measurement)

Originally I've download the signal app through playstore, but often it also get updates from Droid-ify(Fdroid client). Today its weird and I got this . Explain to me this.

On the Droid-ify the signal app is provided by: org.thoughtcrimes.securesms

Let's review what Elon Musk has done just in 2023:

1. Changed Twitter to X.
2. Plans to implement a small monthly payment for everyone using the X system.
3. Plans to collect user biometric information, job, and education history for "safety, security, and identification purposes."
4. Brings back shadowbanning.
5. Uses user data to train AI models.
6. Limits replies to verified users only.

Elon has made so many terrible changes to Twitter that I can’t remember what the breaking point was for me.

Fortunately, there’s a lot more competition in Twitter-like social media platforms. Mastodon may currently hold the position as the most established platform, but there are numerous other services competing to become the next preferred place for online users.

Installed grapheneOS on my pixel (finally) the other day. Actually was loving stock, until it got corrupted due to a bug. Had to factory reset to boot up again. Anyway, used that opportunity to install GOS.

NGL I do miss adaptive features and now playing, but I am liking GOS more and more day by day. Better battery life despite not having adaptive features, more security options like sensor permission and scopes, auto reboot if not unlocked feature and all that.

I use GPay and my bank app on a secondary profile. works seamlessly. Some UI improvements and adaptive features and it will be on par with the stock pixel experience itself.

I'm kind of disappointed in ecosia for implementing a new feature that would send user data to Microsoft and Google. I liked it not only for it's environmental mission but also because it had decent privacy.

I care about my privacy, though I like it's UI. Is it really as bad as some say?

A programmer in northern China has been ordered to pay more than 1 million yuan to the authorities for using a virtual private network (VPN), in what is thought to be the most severe individual financial penalty ever issued for circumventing China's "great firewall." The programmer, surnamed Ma, was issued with a penalty notice by the public security bureau of Chengde, a city in Hebei province, on August 18. The notice said Ma had used "unauthorised channels" to connect to international networks to work for a Turkish company. The police confiscated the 1.058m yuan ($145,092) Ma had earned as a software developer between September 2019 and November 2022, describing it as "illegal income," as well as fining him 200 yuan ($27).

Charlie Smith (a pseudonym), the co-founder of GreatFire.org, a website that tracks internet censorship in China, said: "Even if this decision is overturned in court, a message has been sent and damage has been done. Is doing business outside of China now subject to penalties?"

Abstract credit: https://slashdot.org/story/420019

Washington-based Digital Impact Alliance (DIAL) has called for more money to be set aside for digital public infrastructure (DPI) including one of its elements, digital ID – and this means not only the funds earmarked for the technology portion of it.

Currently, DPI projects can count on $400 million by the end of the decade – that is the figure “stakeholders” have already committed to “the cause.”

Essentially, DIAL is advocating for money to be steadily spent on promotion of its mission via seemingly “trustworthy” messengers such as civil societies, academics, etc. Apparently, this would also allow their participation in governance, as well as the design and deployment of various DPIs.

Among those sitting on DIAL’s board are the director of USAI, an organization known for its involvement in setting up the digital ID in Ukraine, as well as the president and CEO of the UN Foundation, and a Gates Foundation senior adviser.

The new bill reinforces that all data brokers must register with the California privacy protection agency, and it requires the CPPA to establish an easy and free way for Californians to request that all data brokers in the state delete their data through a single page, regardless of how they acquired that information. If data brokers don’t comply with these rules, the bill stipulates they be fined or otherwise penalized.

Hopefully this becomes the standard nation wide. Having a single page where you can delete your accounts on multiple services with a single click sounds like a data privacy dream.

Hi guys! Back in the day I bought a DJI Mavic (1st gen) for my travels, when they were not so absolutely obnoxious about sending ALL your flight logs back to the motherland. As the obnoxiousness increased, I ended up installing a CFW (Merlin, I think) on the drone, so I could fly unrestricted and with no logged-in account on the phone (custom modded app), with the app requiring no callback to any server. But seems these days the drone is increasingly misbehaving. Might be due to old age, but it tends to not detect obstacles at all, and also doesn't detect the floor, so landing is...hairy.

So I'd like to have some sort of replacement, hopefully with similar flying aids (GPS positioning and obstacle detection at least, more are welcome), and hopefully smaller & foldable... but without the need to call home at every damn time. Is this possible? What are the recommendations these days? Can newer DJI drones be modded in the same manner? Are the alternatives?

Thanks!

So I've got Android as I want. LineageOS, no Google, Magisk, MicroG but with AndroidAuto with OsmAnd+.

But the outside world of WhatsApp, Bank apps, etc is putting pressure to join. Plus not everything works properly with MicroG instead of the Google service provider. Makes me cross techno-politically, but I can't always hard life tech choices when it effects others.

So, what do others do? At the moment, I've thinking I need a non-free phone and a free-phone! Then what, I keep swapping SIM?? I can't see a workable VM solution to run a non-free Android in a freer Android.

The state of the phone market is pitiful.

cross-posted from: https://sopuli.xyz/post/939198

Searching for replacement for Bibliogram, I found an website called imgsed.com .

It was sufficient to my needs.

One problem was that it seemed to fetch only a few comments of a post.

Here's the website's own About page:

imgsed.com is an online instagram backup tool that helps users save instagram photos through the instagram public API.

imgsed.com can't verify user information, so you need to pay attention to the copyright when downloading photos.

If you do not wish to be downloaded, please submit your information remove account

ETA:

Apparently it has crazy much ads, so use of adblocker is very much advised!

I have seen many people in this community either talking about switching to Brave, or people who are actively using Brave. I would like to remind people that Brave browser (and by extension their search engine) is not privacy-centric whatsoever.

Brave was already ousted as spyware in the past and the company has made many decisions that are questionable at best. For example, Brave made a cryptocurrency which they then added to a rewards program that is built into the browser to encourage you to enable ads that are controlled by Brave.

Edit: Please be aware that the spyware article on Brave (and the rest of the browsers on the site) is outdated and may not reflect the browser as it is today.

After creating this cryptocurrency and rewards program, they started inserting affiliate codes into URL's. Prior to this they had faked fundraising for popular social media creators.

Do these decisions seem like ones a company that cares about their users (and by extension their privacy) would make? I'd say the answer is a very clear no.

One last thing, Brave illegally promoted an eToro affiliate program making a fortune from its users who will likely lose their money.

Edit: To the people commenting saying how Brave has a good out-of-the-box experience compared to other browsers, yes, it does. However, this is not a warning for your average person, this is a warning for people who actively care about their privacy and don't mind configuring their browser to maximize said privacy.

For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it's not open source, you can't be sure that the encryption keys aren't sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?

Hello, how are you guys?

As the title says, what search Ingine are you currently using? I used DuckDuckGo for years, and just recently switched to Brave.

Also, what do you think about the Brave Browser? I have been using FireFox since forever.

Thank you for reading.

There is this common narrative I see all the time, implying that we as individuals are empowered to choose and manifest our own destiny, and this comes up often in privacy discussions.

Don't like Facebook's privacy nightmares? Just don't use Facebook!

Don't like personalized ads? I remember a popular post on reddit saying "if your ad interrupts my YouTube video, I will hate your product".

Don't like Google chrome hegemony? Just use Firefox!

And while I agree that we should strive to do that, the battle doesn't end here. Facebook has shadow accounts for people who never signed up. Google chrome keeps it's hegemony despite people on the Internet advocating Firefox day and night. And ads continue to be extremely profitable despite you "hating the product" because it interrupted your YouTube video.

Even worse: even if you "hate the product", you now already know it. You now know they product exists, and possibly whatever they wanted you to know about it. The reality is that these companies own your eyes. They control what shows up on your screen. And even if you hate it, they control what you end up learning.

the reality is that our individual resistance is very far from enough

I am not saying it is completely futile. It is a step in the right direction. But the only effective solution is organized action. We, alone, cannot achieve much. Unless we organize our resistance against privacy violations, we will continue to live through this privacy nightmare.

Hello! Since I'm unable to find a public searxng instance that could work for more than a week and sadly cannot selfhost one, I'm looking for a replacement. I so found Swisscows, that promise to be privacy respecting, but here on lemmy didn't find any opinion on it. Do any of you use it? Why or why not?
I'm also considering Qwant and Mojeek.

Right To Repair Advocate Louis Rossman recently announced the release of FUTO, a Text To Speech App that respects your privacy.

After having played around with FUTO on my GrapheneOS Pixel, I can honestly say it's nice to have. Using the Openboards Keyboard, I'll admit that the one thing I missed about Gboards was its text to speech capability, but I refused to use it because it logs everything said into it.

IMHO, the team that developed FUTO have created something truly special here, and I'd recommend anyone to at least try it out.

There is a one time $10 payment, but the developers have basically made this more like an opt in donation, as you can just click 'I Already Paid' and utilize the app regardless of whether you paid or not. If you try FUTO out, and like it, maybe throw them a few bucks.

Here is an invidious link of Rossman talking about FUTO and its features.

I see a lot of people, including friends and family, sharing URLs rife with tracking parameters.

I feel alone in making sure that I'm sharing the cleanest possible URLs to others. For example, checking if the URLs are shortened to hide plenty of tracking params.

Just need to vent, thanks for reading.

Edit: adding some context for future references.

By using url tracking params, tech companies can track who shares the content and who clicks on that specific shared urls. A simple but effective tracking method.

Try sharing Instagram post or YouTube video from the apps.

Instagram adds 'igshid=' . YouTube adds 'si='.

If you share the same IG or YouTube content from different accounts. The 'igshid', 'si' value will be different.

This can be used to tag who shares it, and who clicks on that specific url param value.

TikTok hides a ton of such params behind shortened url. Try expanding tiktok shared urls.

If you use android, use this app to expand, analyze and clean up urls https://github.com/TrianguloY/UrlChecker

If you use Firefox (you should), install ublock origin and add this url tracking filter maintained by adguard: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt

Preferably one that doesn't censor search results. Like DuckDuckGo, apparently

I filed a GDPR deletion request with Twitter a couple of weeks ago. It was quite a challenge to find a way to contact Twitter (for anyone who wants to you can do so via: https://secure.ethicspoint.com/domain/en/default_reporter.asp) - but I finally succeded. I did not simply wanted to deactivate my account I want all of my data to be deleted as is my right through the GDPR.

A couple of weeks later I received message saying that my account had been deactivated and that I should not log in as this my halt the deletion. Today (one and half months later) I tried logging into Twitter and found out that my login email is still registered).

I filed a new complained but wanted to know if anybody here has had their data successfully deleted? Twitter makes it deliberately hard to do so and this might be a violation of the GDPR.

Warning to all Brave Browser Users

Blocking variations.brave.com which is used for A/B testing could potentially break Brave's functionalities. For me did Brave's "forgetful browsing" feature broke which seems to be disabled by default if you block this domain.

#brave #bravebrowser #privacy @privacy @privacyguides

Basically title, but I don't want an iPad because of my "open source mindset" ik it sounds cringe but fr I hate Apple's philosophy and I don't want an iPhone to sync every shit. Also I'd like to have a tablet that doesn't all my data to some big corporation (like Xiaomi or Google), and I don't know where to start to find it. Do you have some tablets to suggest? Budget is around 300/400€. Thanks to everyone who will respond ✨

@Joe_0237@fosstodon.org wrote:

Today I found out that google docs infects html exports with spyware, no scripts, but links in your document are replaced with invisible google tracking redirects. I was using their software because a friend wanted me to work with him on a google doc, he is a pretty big fan of their software, but we were both somehow absolutely shocked that they would go that far.