Visit our site: https://purplix.io

Support us on Github: https://github.com/WardPearce/Purplix.io

What is Purplix Survey?

Purplix Survey is a free & open source survey tool what can't read your questions & answers.

With traditional surveys you are one data breach, one rouge employee or one government warrant away from all your user's data being exposed. Purplix uses modern encryption techniques to keep your user's data away from any actors.

How does it work?

Questions, Descriptions & Title encryption

When you create a survey, we encrypt your title, descriptions & questions with a secret key. This key is then stored encrypted in your keychain. When you share your survey with others using a link, the key is stored in the link for your participants. This ensures that your survey questions can only be read by your participants.

Answers encryption

Every survey has its own unique key pair. The private key is securely stored in your keychain, while the public key is used by users to encrypt their answers. Only you have the means to decrypt the answers once they are submitted. When you share a survey, we include a hash of the public key in the URL to prevent main-in-the-middle attacks.

Preventing spam & multiple submissions

Survey creators can opt-in to use VPN blocking, requiring a Purplix account or IP blocking. IP blocking works by storing a hash of the IP salted with a key not stored by Purplix, minimizing the attack surface of tracking submission locations, these IP hashes are only stored for 7 days or until the survey closes. Users will always be informed when any of these features are enabled.

Fill out a survey!

https://purplix.io/s/651e32f0ab4897a99d28ea0e/CCpu5Nd8guMbuEw-jIEv10l6ICSvdCr84AtRYf9fPWk#905wt-r_OcvYfhQKhdS2Cjc1HXm7Vw6W_sm--9GkaOw

----

Does anyone know if this enables any kind of tracking (either through WiFi device logging or network activity)? I've typically used my own networking modems and routers, I'm a little weary of a required smart device that I don't have control over.

So far I haven't been able to find much information beyond what's available from century-link

Since it's mostly free, there has to be a catch. I may be wrong, but since it's Google, there's always a catch nowadays.

Sick of companies grabbing and selling your address, birth date, location, online activity, dog food brand and even adult-film preferences? Oh boy, do I have some good news. A new iPhone and Android app called Permission Slip makes it super simple to order companies to delete your personal information and secrets. Trying it saved me about 76 hours of work telling Ticketmaster, United, AT&T, CVS and 35 other companies to knock it off. Did I mention Permission Slip is free? And it’s made by an organization you can trust: the nonprofit Consumer Reports. I had a few hiccups testing it, but I’m telling everyone I know to use it. This is the privacy app all those snooping companies don’t want you to know about. (A surge of interest in Permission Slip has caused technical difficulties for Consumer Reports. If you can’t get on, try again later or reach out to their support line at permissionslip@cr.consumer.org.) Here’s how it works: Following California in 2020, a dozen states passed laws that finally gave Americans some digital privacy rights. They empower us to tell companies to stop selling and delete our data, but the truth is they’re pretty painful to take advantage of. You have to jump through hoops, going to each and every company that might have your data to fill out forms. Until now. Permission Slip acts behind the scenes as a legally “authorized agent” — kind of like your own privacy butler. You tell the app your name, email address(es) and phone number, and it does most of the work, sending emails and filling out paperwork on your behalf after it has verified your information. Even if your state isn’t one of the ones with a privacy law, most national companies respect these sorts of data privacy requests from all Americans. After using Permission Slip, most people notice a decrease in creepy targeted ads, says Ginny Fahs, who has been working on the app for the past three years at the Innovation Lab, a division of Consumer Reports. So how do you get started? Permission Slip opens up to a series of cards you swipe through, each representing a company that collects and possibly sells your data. Tap on a company card, and up pops a summary of data the company knows and your options to take action, depending on whether you have an account. At the bottom, you usually get two options: “Do Not Sell My Data” or “Delete My Account.” Tap one and Permission Slip starts the process. Then you can do it again for a different company. Each takes just a few seconds. This works for far more than just tech companies. Permission Slip covers Starbucks, Netflix, Disney, Lowes, Panda Express, reproductive app Glow and adult website Pornhub, to name a few — and plans to keep adding more. It also includes The Washington Post. What kind of personal information are we talking about? You might be (unpleasantly) surprised. For example, Permission Slip highlights that the retailer Petco could have your name and address, demographics and locations from where you’ve used their app on your phone, not to mention every little detail of your pet. More eyebrow-raising: Adult website Pornhub collects the email, username, demographics, on-site search history, browser info and interests from people with registered accounts. What about all those data companies whose names most people don’t recognize — the ones that make money by collecting and selling your information? A second part of the app can automatically ask data brokers to delete their creepy file of personal information about you. (I hope Permission Slip adds some of the obnoxious voter data brokers ahead of us all getting blitzed with political spam and texts for the 2024 election cycle.) “The more data you have out there, the more attack surface there is for security breaches and for data to leak. So having good data hygiene is really helpful for preventing future harm,” Fahs says. There are a growing number of privacy apps on the market, but Permission Slip stands out in part for being free, not trying to upsell you on a product like a VPN, and not needing access to more data like your email inbox to work. Consumer Reports says it won’t abuse your data — not even to sell subscriptions to its magazine — and minimizes the data it collects about you while working as your agent. Through an open trial period, the app has already processed 200,000 requests. Sweating the details Permission Slip was easy for me to use, with the app sweating most of the details. But if you’re going to dive in, there are a few things to know. It’s super fast to use the app, but can take some time for your requests to be fulfilled. Companies typically have at least 15 business days to opt you out of selling your data, and 45 business days to delete your data. Permission Slip stays on top of the companies in a dashboard of all your pending and completed requests. Sometimes companies ask for additional information to process requests, and Permission Slip has human agents go through them to minimize the hassle for you. (It pays for those humans and other expenses, in part, with grants from the Omidyar Foundation and others.) Often, companies insist on reaching out to you directly — so you’ll want to keep an eye on your inbox. For example, Disney sent me an email asking to confirm my request, which was easy. [Your Instagrams are training AI. There’s little you can do about it.] The most cumbersome response I got was from reservation service OpenTable, which emailed to say that if I wanted it to not sell my data I would have to log into their website, navigate to privacy settings, and figure out which of its half-dozen settings I wanted to turn off. Permission Slip told me fewer than 10 percent of the companies in its app do something like this. When I reached out for comment, OpenTable told me its extra steps help “ensure it is not a fraudulent request” and “make it possible for diners to customize their privacy preferences (particularly relevant to those who have created a diner profile with OpenTable).” You will still need to make some important choices. Before you swipe through the app and tell every company to delete your data, know there may be good reasons you want a company to have your data. For example, if you delete your Netflix account, then you couldn’t use Netflix. There may even be companies you decide to allow to sell or share your data. For example, Permission Slip points out that opting out at Petco could affect your discounts and rewards if you use the retailer’s Pal Rewards program. “What we’re hoping to do is provide a little bit of education on the sorts of data that different companies collect and then help consumers reason with how they want to manage their data,” Fahs says. Unfortunately, Big Tech companies like Google, Meta and Amazon make it particularly hard to make use of the “do not sell” and “delete” options to protect your privacy. To start with, they say they don’t “sell” your data — instead, they keep it for themselves to make lots of money off your digital life. And deleting your account probably isn’t an option if you want to keep using Google services like Gmail. In some of these cases, Permission Slip offers step by step instructions to download your data or just delete parts of it, but the process isn’t automated. If you want to reclaim your privacy from these sorts of Big Tech companies, you can also make your way through the Help Desk’s Privacy Reset Guide. It walks you through the most important privacy settings to adjust for Google, Amazon, Facebook, Apple, Android and more. (Friends don’t let friends keep the default settings for any of these companies.) And you can help stop companies from snooping on you in the first place by using a Web browser that stops unwanted tracking, like Mozilla’s Firefox.

Say (an encrypted) hello to a more private internet.

https://blog.mozilla.org/en/products/firefox/encrypted-hello/

Nothing big, but kinda interesting. I'm excited to see how this will go 👀

#privacy #mozilla #firefox @privacy

The Wall Street Journal reported that Meta plans to move to a "Pay for your Rights" model, where EU users will have to pay $ 168 a year (€ 160 a year) if they don't agree to give up their fundamental right to privacy on platforms such as Instagram and Facebook. History has shown that Meta's regulator, the Irish DPC, is likely to agree to any way that Meta can bypass the GDPR. However, the company may also be able to use six words from a recent Court of Justice (CJEU) ruling to support its approach.

This article describes how to setup keyboard shortcuts in QubesOS so that you can temporarily disarm (pause) the BusKill laptop kill cord.

This allows the user to, for example, go to the bathroom without causing their computer to shutdown or self-destruct.

This is a guide that builds on part one: A Laptop Kill Cord for QubesOS (1/2). Before reading this, you should already be familiar with how to setup udev rules for BusKill on QubesOS.

1. A Laptop Kill Cord for QubesOS (1/2)
2. Disarm BusKill in QubesOS (2/2)

ⓘ Note: This post is adapted from its original article on Tom Hocker's blog.

What is BusKill?

What if someone literally steals your laptop while you're working with classified information inside a Whonix DispVM? They'd also be able to recover data from previous DispVMs--as Disposable VM's rootfs virtual files are not securely shredded after your DispVM is destroyed.

Are you a security researcher, journalist, or intelligence operative that works in QubesOS--exploiting Qubes' brilliant security-through-compartimentalization to keep your data safe? Do you make use of Whonix Disposable VMs for your work? Great! This post is for you.

I'm sure your QubesOS laptop has Full Disk Encryption and you're using a strong passphrase. But what if someone literally steals your laptop while you're working with classified information inside a Whonix DispVM? Not only will they get access to all of your AppVM's private data and the currently-running Whonix DispVM's data, but there's a high chance they'd be able to recover data from previous DispVMs--as Disposable VM's rootfs virtual files (volatile.img) are not securely shredded after your DispVM is destroyed by Qubes!

Let's say you're a journalist, activist, whistleblower, or a human rights worker in an oppressive regime. Or an intelligence operative behind enemy lines doing research or preparing a top-secret document behind a locked door. What do you do to protect your data, sources, or assets when the secret police suddenly batter down your door? How quickly can you actually act to shutdown your laptop and shred your RAM and/or FDE encryption keys?

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

BusKill utilizes a magnetic trip-wire that tethers your body to your laptop. If you suddenly jump to your feet or fall off your chair (in response to the battering ram crashing through your door) or your laptop is ripped off your table by a group of armed thugs, the data bus' magnetic connection will be severed. This event causes a configurable trigger to execute.

The BusKill trigger can be anything from:

1. locking your screen or
2. shutting down the computer or
3. initiating a self-destruct sequence

While our last post described how to setup such a system in QubesOS with BusKill, this post will describe how to add keyboard shortcuts to arm & disarm the dead man switch (eg so you can go to the bathroom).

Disclaimer

This guide contains experimental files, commands, and software. The information contained in this article may or may not lead to corruption or total permanent deletion of some or all of your data. We've done our best to carefully guide the user so they know the risks of each BusKill trigger, but we cannot be responsible for any data loss that has occurred as a result of following this guide.

The contents of this guide is provided openly and is licensed under the CC-BY-SA license. The software included in this guide is licensed under the GNU GPLv3 license. All content here is consistent with the limitations of liabilities outlined in its respective licenses.

We highly recommend that any experiments with the scripts included in this article are used exclusively on a disposable machine containing no valuable data.

If data loss is a concern for you, then leave now and do not proceed with following this guide. You have been warned.

Release Note

Also be aware that, due to the risks outlined above, BusKill will not be released with this "self-destruct" trigger.

If you purchase a BusKill cable, it will only ship with non-destructive triggers that lock the screen or shutdown the computer. Advanced users can follow guides to add additional destructive triggers, such as the one described in this post, but they should do so at their own risk--taking carefully into consideration all of the warnings outlined above and throughout this article.

Again, if you buy a BusKill cable, the worst that can happen is your computer will abruptly shutdown.

Assumptions

This guide necessarily makes several assumptions outlined below.

sys-usb

In this guide, we assume that your QubesOS install has a USB-Qube named 'sys-usb' for handling USB events on behalf of dom0.

If you decided to combine your USB and networking Qubes at install time, then replace all references in this guide for 'sys-usb' to 'sys-net'.

If you decided to run your 'sys-usb' VM as a DispoableVM at install time, then replace all references in this guide for 'sys-usb' its Disposable TemplateVM (eg 'fedora-36-dvm').

..And if you chose not to isolate your USB devices, then may god help you.

Udev Device Matching

BusKill in Linux uses udev to detect when the USB's cable is severed. The exact udev rule that you use in the files below will depend on the drive you choose to use in your BusKill cable.

In this guide, we identify our BusKill-specific drive with the 'ENV{ID_MODEL}=="Micromax_A74"' udev property. You should replace this property with one that matches your BusKill-specific drive.

To determine how to query your USB drive for device-specific identifiers, see Introducing BusKill: A Kill Cord for your Laptop. Note that the `udevadm monitor --environment --udev` command should be run in the 'sys-usb' Qube.

ⓘ Note: If you'd prefer to buy a BusKill cable than make your own, you can buy one fully assembled here.

QubesOS Version

This guide was written for QubesOS v4.1.

[user@dom0 ~]$ cat /etc/redhat-release Qubes release 4.1.2 (R4.1)
[user@dom0 ~]$

BusKill Files

This section will describe what files should be created and where.

Due to the design of QubesOS, it takes a bit of mental gymnastics to understand what we're doing and why. It's important to keep in mind that, in QubesOS

1. The keyboard and UI are configured in 'dom0'
2. USB devices (like the BusKill device) are routed to the 'sys-usb' VM
3. dom0 has the privilege to execute scripts inside other VMs (eg 'sys-usb')
4. By design, VMs should *not* be able to send arbitrary commands to be executed in dom0
5. ...but via the qubes-rpc, we can permit some VMs (eg 'sys-usb') to execute a script in dom0 (though for security reasons, ideally such that no data/input is sent from the less-trusted VM to dom0 -- other than the name of the script)

Due to the constraints listed above:

1. We'll be configuring the disarm button as keyboard shortcut in dom0
2. We'll be saving and executing the 'buskill-disarm.sh' script in 'sys-usb' (because these scripts manipulate our udev rules)
3. The keyboard shortcut in dom0 will actually be executing the above script in 'sys-usb'

sys-usb

If you followed our previous guide to setting-up BusKill in QubesOS, then you should already have a file in 'sys-usb' at '/rw/config/buskill.rules'. You may even have modified it to trigger a LUKS Self-Destruct on removal of your BusKill device.

Because you're now experimenting with a new setup, let's go ahead and wipe out that old file with a new one that just executes a soft-shutdown. You might need some days to get used to the new disarm procedure, and you probably don't want to suddenly loose all your data due to an accidental false-positive!

Execute the following on your 'sys-usb' Qube:

mv /rw/config/buskill.rules /rw/config/buskill.rules.bak.`date "+%Y%m%d_%H%M%S"`
cat << EOF | sudo tee /rw/config/buskill.rules
################################################################################
# File:    sys-usb:/etc/udev/rules.d/buskill.rules -> /rw/config/buskill.rules
# Purpose: Add buskill rules. For more info, see: https://buskill.in/qubes-os/
# Authors: Michael Altfield 
# Created: 2020-01-02
# License: GNU GPLv3
################################################################################
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="/usr/bin/qrexec-client-vm dom0 buskill.softShutdown"
EOF
sudo ln -s /rw/config/buskill.rules /etc/udev/rules.d/
sudo udevadm control --reload

Now, let's add a new udev '.rules' file. This one will always just lock your screen, and it's what will be put in-place when BusKill is "disarmed".

Execute the following on your 'sys-usb' Qube:

cat << EOF | sudo tee /rw/config/buskill.lock.rules
################################################################################
# File:    sys-usb:/etc/udev/rules.d/buskill.rules -> /rw/config/buskill.lock.rules
# Purpose: Just lock the screen. For more info, see: https://buskill.in/qubes-os/
# Authors: Michael Altfield 
# Created: 2023-05-10
# License: GNU GPLv3
################################################################################
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="/usr/bin/qrexec-client-vm dom0 buskill.lock"
EOF

The careful reader will see that we're not actually disarming BusKill in the same sense as our BusKill GUI app. Indeed, what we're actually going to do is swap these two files for 30 seconds.

This way, if BusKill is armed and you remove the cable, your computer shuts-down.

But if you want to disarm, the procedure becomes:

1. Hit the "Disarm BusKill" keyboard shortcut (see below)
2. Wait for the toast popup message indicating that BusKill is now disarmed
3. Remove the cable within 30 seconds
4. Your screen locks (instead of shutting down)

Personally, I can't think of a QubesOS user that would want to leave their machine unlocked when they go to the bathroom, so I figured this approach would work better than an actual disarm.

Bonus: when you return from your break, just plug-in the BusKill cable in, and it'll already be armed (reducing the risk of user error due to forgetting to arm BusKill).

Now, let's add the actual 'buskill-disarm.sh' script to disarm BusKill:

Execute the following on your 'sys-usb' Qube:

cat << EOF | sudo tee /usr/local/bin/buskill-disarm.sh
#!/bin/bash
 
################################################################################
# File:    sys-usb:/usr/local/bin/buskill-disarm.sh
# Purpose: Temp disarm BusKill. For more info, see: https://buskill.in/qubes-os/
# Authors: Tom 
# Co-Auth: Michael Altfield 
# Created: 2023-05-10
# License: GNU GPLv3
################################################################################
 
# replace the 'shutdown' trigger with the 'lock' trigger
sudo rm /etc/udev/rules.d/buskill.rules
sudo ln -s /rw/config/buskill.lock.rules /etc/udev/rules.d/buskill.rules
sudo udevadm control --reload
 
# let the user know that BusKill is now temporarily disarmed
notify-send -t 21000 "BusKill" "Disarmed for 30 seconds" -i changes-allow
 
# wait 30 seconds
sleep 30
 
# replace the 'lock' trigger with the 'shutdown' trigger
sudo rm /etc/udev/rules.d/buskill.rules
sudo ln -s /rw/config/buskill.rules /etc/udev/rules.d/buskill.rules
sudo udevadm control --reload
notify-send -t 5000 "BusKill" "BusKill is Armed" -i changes-prevent
EOF
sudo chmod +x /usr/local/bin/buskill-disarm.sh

dom0

If you followed our previous guide to setting-up BusKill in QubesOS, then you shouldn't need to add any files to dom0. What you do need to do is setup some keyboard shortcuts.

In the QubesOS GUI, click on the big Q "Start Menu" in the top-left of your XFCE panel to open the Applications menu. Navigate to 'System Tools' and click Keyboard

Click the “Q” to open the QubesOS Application Menu	Click System Tools -> Keyboard

Click the 'Application Shortcuts' Tab and then click the '+ Add' button on the bottom-left of the window.

Click the “Application Shortcuts” tab to add a Keyboard Shortcut in Qubes	Click the “Add” Button to add a new Keyboard Shortcut in Qubes

In the 'Command' input field, type the following

qvm-run sys-usb buskill-disarm.sh

The above command will execute a command in 'dom0' that will execute a command in 'sys-usb' that will execute the 'buskill-disarm.sh' script that we created above.

After typing the command to be executed when the keyboard shortcut is pressed, click the "OK" button

Now click "OK" and, when prompted, type Ctrl+Shift+D (or whatever keyboard shortcut you want to bind to "Disarming BusKill").

Type "Ctrl+Shift+D" or whatever keyboard shortcut you want to trigger BusKill to be disarmed for 30 seconds

You should now have a keyboard shortcut binding for disarming BusKill!

Test It!

At this point, you can test your new (temporary) BusKill Disarm functionality by:

1. Plugging-in your BusKill cable
2. Typing Ctrl+Shift+D
3. Waiting for the toast popup message to appear indicating that BusKill is disarmed for 30 seconds
4. Unplugging your BusKill cable

Your machine should lock, not shutdown.

After hitting the keyboard shortcut to disarm BusKill, you have 30 seconds to remove the cable

After 30 seconds, return to your computer and test the normal "arm" functionality:

1. Plug-in your BusKill cable
2. Unlock your screen
3. Unplug your BusKill cable

Your computer should shutdown, not lock.

30 seconds after hitting the keyboard shortcut, BusKill will arm itself

Troubleshooting

Is unplugging your USB device doing nothing? Having other issues?

See the Troubleshooting section in our original guide to using BusKill on QubesOS.

Limitations/Improvements

Security is porous. All software has bugs. Nothing is 100% secure. For more limitations to using BusKill on QubesOS, see the Limitations section in our original guide to using BusKill on QubesOS.

Buy a BusKill Cable

We look forward to continuing to improve the BusKill software and making BusKill more accessible this year. If you want to help, please consider purchasing a BusKill cable for yourself or a loved one. It helps us fund further development, and you get your own BusKill cable to keep you or your loved ones safe.

You can also buy a BusKill cable with bitcoin, monero, and other altcoins from our BusKill Store's .onion site.

Stay safe,
The BusKill Team
https://www.buskill.in/
http://www.buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion

Tor Browser is no longer flagged as "Malware" by Windows Defender

https://forum.torproject.org/t/torbrowser-12-5-6-no-longer-flagged-by-windows-defender/9522

#privacy #cybersecurity #torbrowser #thetorproject @privacy

I'm currently still using gmail unfortunately

Cock.li (airmail.cc)looks very nice but it is invite only

Sync files (KeePass) between devices (PC, mobile, tablet, RPi)

Very weird, this is the TBB direct from Tor.

Trojan:Win32/Malgent!MTB

....Tor Browser\Browser\TorBrowser\Tor\tor.exe

And it links to : https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AWin32%2FMalgent!MTB&threatid=2147836816

Anyone else having issues with TBB?

Is there any app like Fritter? I mean, I need Twitter for my job, but in a passive way. What is the best option without login in the official app or website (Linux/Android).

Thanks!

Firefox has added a new built-in full page translation feature that allows you to seamlessly browse the web in your preferred language. As you navigate the site, Firefox continuously translates new content in real time. This feature will be rolled out gradually and should be available for all users starting in Firefox version 118.

Note: Unlike other browsers that rely on cloud services, Firefox keeps your data safe on your device. There's no privacy risk of sending text to third parties for analysis because translation happens on your device, not externally.

• f-droid.org
• F-droid onion
• direct download apk on signal.org

I'm only just hearing about the suite from skiff.com and curious if anyone here uses it. They've been around for 3 years and apparently offer an open sourced encrypted suite. They're mainly known a Google Docs alt, but I just learned they offer encrypted mail, calendar, and cloud (10GB for free) along with their docs. Sorta blew my mind as I'm pretty acitve keeping up with privacy news. Is it just cause I use Cryptpad this is news to me and its some folks go to?

From September 2023, we will be gradually rolling out our new unique search offer. This will happen over several months and won’t apply to everyone at the same time. This means that when you search through Ecosia, we work with either Microsoft Bing or, with your consent, Google to provide you with search results and ads. In order to do this, we automatically collect data required by search partners to prevent bot attacks and ad fraud - which includes your IP address and search terms.

For a growing number of users we can now provide Google results and advertisements. In order to supply these results and ads, Google requires a cookie to be set on your browser and access to your device’s local storage to store information. We will ask for your consent before doing this and if you do not agree, we will provide non-personalized results from Microsoft Bing.

In order to provide non-personalized Microsoft Bing results and ads, we are contractually obliged to implement Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, as well as sharing your IP address and search terms. This behavioral data is captured in individual search sessions and is not tied to a user profile unless you consent. The processing of this data is necessary for the provision of our service. Although Ecosia does not use this information, it is used by Microsoft Bing for site and advertising optimization, as well as fraud protection. For more information about how Microsoft collects and uses your data, visit Microsoft’s privacy statement and Microsoft Clarity documentation.

Microsoft Bing does also offer personalized search results and ads. This service requires a cookie to be set on your browser which creates a personal profile. We will ask for your consent before enabling this and you can change your choice at any time in your cookie preferences. More information on cookies and how to take control of your preferences can be found in the “What about cookies?” section.

Is there a GUI which I can just click and disable and enable packages debugging Samsung Android phones? I heard that there are options which are much simpler than vanilla ADB. I just want to get rid ofll the Samsung/Google/Meta bloat prepackaged with the phone. Appreciate any pointers/advice.