Privacy

31734 readers
703 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
2576
 
 

Molly is a hardened version of the official Signal for Android app. It claims the following features,

  • Protects database with passphrase encryption
  • Locks down the app automatically after you go a certain time without unlocking your device
  • Securely shreds sensitive data from RAM
  • Allows you to delete contacts and stop sharing your profile
  • Clears call notifications together with expiring messages
  • Disables debug logs
  • No SMS integration

There are two flavors of it,

  • Molly - Similar to the official Signal app, plus the additional features
  • Molly-FOSS - Doesn't rely on any Google components for location, push notifications & face blurring, plus all the additional features

Download it from here.

I've been using it for a couple of days & it is pretty decent so far.

Anyone here already tried or are using it? How's the experience so far?

2577
2578
 
 

Unfortunately, almost all the group projects at my university require Google Docs, so I have to use it to complete assignments. Is it possible to use Google Docs without using Google's own client?

2579
 
 

They may be sponsored by the US Government, or by cryptographers with ties to the government.

https://thebaffler.com/salvos/the-crypto-keepers-levine

It's a long read, but it's quite good. Here's a snippet to whet your palate where he describes some of the prominent people behind these projects:

At least that’s how they saw themselves. My reporting revealed a different reality. As I found out by digging through financial records and FOIA requests, many of these self-styled online radicals were actually military contractors, drawing salaries with benefits from the very same U.S. national security state they claimed to be fighting. Their spunky crypto-tech also turned out, on closer inspection, to be a jury-rigged and porous Potemkin Village version of secure digital communications. What’s more, the relevant software here was itself financed by the U.S. government: millions of dollars a year flowing to crypto radicals from the Pentagon, the State Department, and organizations spun off from the CIA.

For context: I have become very interested in the debate amongst app users such as Telegram, Signal, Threema, etc... and I know that many people claim that Signal is the very best amongst all of them but there's something really sketchy about its location (US based) and the fact that the government can for anyone to comply with their orders and forbid them from telling anyone about it via gag orders (see Durov's comments on this: https://t.me/durov/59).

Both are fascinating reads, and certainly help me appreciate platforms like Telegram and Threema even more. Regarding Threema, today they posted a comparison between their app and the competition, and found this interesting tidbit regarding Signal:

https://threema.ch/en/blog/posts/messenger-comparison-2021

Signal enjoys an outstanding reputation among experts, and it’s certainly a good alternative to WhatsApp. However, just like WhatsApp, it requires users to disclose personally identifiable information: Providing a phone number is mandatory. As a US company, Signal is also subject to the CLOUD Act, which entitles US authorities to access data from IT service providers that are based in the US.

Also: I just learned that FB spends millions of dollars every year on marketing and trying to influence people to not use platforms such as telegram.

2580
 
 

Accelerate to the future. Privacy is fundamental.

2581
0
submitted 3 years ago* (last edited 3 years ago) by [email protected] to c/[email protected]
 
 

Keyboards are probably one of the most sensitive apps on our phones, having access and handling practically everything we type. I've stopped using keyboards that require network access and started using only opensource apps a few years ago. What are your favorite, privacy-respecting android keyboards?

So far, I've found these alternatives:

  • AnySoftKeyboard. I've used ASK for years and I've always been very happy with it. Probably the autocorrect could use some improvement. It's definitely the most mature opensource keyboard out there, with the most features and configurations
  • OpenBoard. The one I'm using right now. Easy and fast to configure, quite good auto-correct
  • FlorisBoard. Haven't had the time to try it out extensively so I don't have any opinion about it
  • SimpleKeyboard. It offers the bare minimum one could ask from a keyboard but sometimes you don't actually need more than that
  • AOSP keyboard and LineageOS' fork, that is, the keyboards that come with some ROMs out of the box. They're probably what a lo of people use

These are the alternatives I've been considering. If you know about other opensource keyboards to extend this list, pleas let me know


Pros/cons of each one of the keyboards I've used, based on my usage and preferences:

AFK

  • + the copy/cut/paste tool that I could invoke by swiping up from the space bar
  • + configurable input shortcuts
  • + smaller extra top bar being (and configurable, not just with numbers)
  • + the ability to backup your settings, shortcuts and dictionaries
  • + plenty of themes
  • - maybe the settings are a bit too overwhelming

OpenBoard

  • + it's better at predicting words in my experience (maybe just placebo?)
  • + "drag to delete" gesture on the delete key
  • + configurable input shortcuts
  • + "swipe to move the cursor" gesture on the spacebar
  • - no select/copy/cut/paste tools

FlorisBoard

  • + theme editor
  • + select/copy/cut/paste tools (maybe hidden behind too many taps)
  • + ability to show the numpad using the "dialer layout" instead of having all the numbers on the same row
  • + "drag to delete" gesture on the delete key
  • + "swipe to move the cursor" gesture on the spacebar
  • + actively developed
  • - no autocorrections (yet)
2582
 
 

I know there are more privacy oriented companies in general, like Purism or System76, but I'm currently torn between Dell and Lenovo because they are the only two manufacturers that make good laptop/tablet hybrids (which I need for university) and whose devices are reasonably Linux friendly.

Of these, Lenovo is a Chinese company while Dell is an American company, both countries are pretty big on surveillance, but I legit don't know how much these factor into it if I install Linux, though manufacturer-provided Linux drivers and hardware backdoors are still concerns. There is also their histories, Levovo had that Superfish scandal while I wouldn't be surprised if Dell did something similar. Looking at the full pictures of these two companies, which do you think is better for privacy of I installed Linux on a laptop/tablet hybrid I bought from them?

2583
2584
 
 

Lenovo is shipping laptops with Linux, which is a major win for the Linux community because it's a major tier-1 OEM, and I'm personally thinking of getting a Lenovo for my next laptop. But what are the privacy implications of this since Lenovo hasn't had that great of a privacy track record (superfish being a major stain), and being a Chinese company (not that American companies are any better, IMO). Assuming one wipes the default Linux installation and installs their own (though proprietary Lenovo drivers will probably still be required to take full advantage of the hardware), how well does that bode for user privacy and security compared to other OEMs offering full Linux compatibility, like Dell?

I do appreciate Lenovo laptops having a built-in webcam cover though. That really stood out to me when I was playing around with a Lenovo laptop in an electronics store.

2585
 
 

2586
2587
 
 

Hi fellas, this is my first ever post on the lemmy :)

After browsing the communities I stumbled across "A place to discuss privacy and freedom in the digital world" aka c/privacy. So I decided that something that I recently wrote could not be more relevant to c/privacy.

My fellow privacy aware individuals I would like to bring to your attention the existance of a DLT-based open source decentralized marketplace with a mission to facilitate free and private trade of goods and services.

It is called the Particl Marketplace and it's ground breaking V3.0 is set to be released after 3 years of hard development work.

I hope my own description below of the marketplace and its technology will fuel your interest to read more about it. My even bigger hope is that some of you will decide to become first-hand beta testers as soon as the Particl Marketplace v3.0 hits the testnet (eta: a few weeks).

You can also use the exiting version (currently 2.3.5) of the Particl Marketplace to buy or sell products on the single public community market there (or just download it and play with it).

The marketplace:

The upcoming V3.0 of the marketplace will be the first version aimed at a wider public. It will allow anyone to create easily a decentralized personal storefront or a community market or simply buy/sell goods on the already existing markets. The user-created markets/storefronts on the marketplace can be public if the access key is publicly announced on the Particl network or absolutely invisible to anyone that doesn't know the access key (held by the creator). This is an intentional privacy feature and simply put without going into many technical details, if you dont have the market access key (essentially a decryption key) there is absolutely no way to see/detect that some market exists.

The Particl Marketplace is designed to be private by default with no middlemen/intermediaries whatsoever. The trades are protected by two-way automated escrow via smart-contracts that de-incentivize and penalize dishonest behavior on both sides. In particular, the buy-flow forces the buyer to deposit 1x item value + payment and seller 1x item value (+ sends item) into a common smart contract. If the buyer receives the product/service and its all good, then he unlocks the escrow so both can get their 1x item value deposits back and seller receive his payment.

The marketplace takes no sales commissions from the storefronts/markets and charges only a tiny listing fee (<0.01$) to prevent listing spamming. All the marketplace generated fees go to the staking nodes that provide the hardware infrastructure for the p2p network to operate. The staking nodes can be public or you can run them as Tor hidden services.

The technology:

The Open Marketplace is crypto-agnostic and currently supports payments in BTC, PART, ZCoin (DAI, NIX are next in the pipeline and many more to come). It uses as a settlement layer its native blockchain, which is an up-to-date Bitcoin codebase with added privacy features like CT, RingCT (up to 32 mixins), Stealth addresses, etc. These privacy features are used in combination to keep the financial data like escrows, transactions, etc private and most importantly un-linkable to the actual market buys/sells.

For the user or markets related data exchange like posted listings, buy/sell flows, encrypted user communication, built-in cryptocurrency exchange, etc, the Particl Marktplace uses a custom DSN, currently its a Bitmessage variant called SMSG, which allows metadata stripped encrypted data exchange.

Last but not least the Particl Marketplace client has a built-in option for using Tor network via proxy.

The important people:

The cypherpunks behind Particl's Open Marketplace have been OGs freedom advocates and passionate pioneers in the privacy DLT field. For example, they were the first ever to implement features like RingCT, Bulletproofs, PoS, cold staking, etc on a Bitcoin codebase. Their privacy features implementations have been audited successfully by several respectable academics and security R&D providers, like QuarksLab.

The team has been so far focused on building without any marketing and thus have remained intentionally in the shadows but the latter is planned to change with the v3.0 release. One of the steps towards that will be the initiation of several long-planned awareness campaigns, like Vendor On-boarding and Outreach Program, the Particl Academy, an easy to understand and learn about the project portal, and many more.

Me:

I am a passionate freedom and privacy advocate that discovered the project 1.5 year ago and since then has become a member of their small but like-minded community (mbacoinin@element/discord).

My personal belief is that they are releasing to the world is a game-changing/breaking product. At the minimum, due to the open source nature of the project, this is a proof of concept that is bound to shift the global eCommerce paradigm into DeCommerce.

2588
2589
2590
2591
2592
1
AnonAddy (anonaddy.com)
submitted 4 years ago by [email protected] to c/[email protected]
 
 

AnonAddy - Anonymous Email Forwarding: https://anonaddy.com/

2593
 
 

Qwant sometimes hits Tor users with this puzzle after they submit a query. Then after solving the puzzle, they're brought back to an empty form so they must re-type their query.

2594
 
 

There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spot-lighted:

  • Nefarious History of DDG founder & CEO:
    • DDG's founder (Gabriel Weinberg) has a history of privacy abuse, starting with his founding of Names DB, a surveillance capitalist service designed to coerce naive users to submit sensitive information about their friends. (2006)
    • Weinberg's motivation for creating DDG was not actually to "spread privacy"; it was to create something big, something that would compete with big players. As a privacy abuser during the conception of DDG (Names Database), Weinberg sought to become a big-name legacy. Privacy is Weinberg's means (not ends) in that endeavor. Clearly he doesn't value privacy -- he values perception of privacy.
  • Direct Privacy Abuse:
    • DDG was caught violating its own privacy policy by issuing tracker cookies.
    • DDG's app sends every URL you visit to DDG servers. (reaction).
    • DDG is currently collecting users' operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the "network" tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together)
    • DDG is accused of fingerprinting users' browsers.
    • When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project refuses to set DDG as the default browser.
    • DDG blacklisted Framabee, a search engine for the highly respected framasoft.org consortium.
  • Censorship: Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.
    • DDG is complying with the "celebrity threesome injunction".
  • CloudFlare: DDG promotes one of the largest privacy abusing tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity:
    • Anonymity: CloudFlare DoS attacks Tor users, causing substantial damage to the Tor network.
    • Privacy: All CloudFlare sites are surreptitiously MitM'd by design.
    • Net neutrality: CloudFlare's attack on Tor users causes access inequality, the centerpiece to net neutrality.
    • DDG T-shirts are sold using a CloudFlare site, thus surreptitiously sharing all order information (name, address, credit card, etc) with CloudFlare despite their statement at the bottom of the page saying "DuckDuckGo is an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs." (2019)
    • DDG hired CloudFlare to host spreadprivacy.com (2019)
  • Harmful Partnerships with Adversaries of Privacy Seekers:
    • DDG patronizes privacy-abuser Amazon, using AWS for hosting.
      • Amazon is making an astronomical investment in facial recognition which will destroy physical travel privacy worldwide.
      • Amazon uses Ring and Alexa to surveil neighborhoods and the inside of homes.
      • Amazon paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
      • Amazon runs sweat shops, invests in climate denial, etc.. the list of non-privacy related harms is too long to list here.
    • DDG feeds privacy-abuser Microsoft by patronizing the Bing API for search results and uses Outlook email service.
      • Microsoft Office products violate the GDPR (the Dutch government discovered numerous violations)
      • Microsoft finances AnyVision to equip the Israeli military with facial recognition to be used against the Palestinians who they oppress.
      • Microsoft paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
      • DDG hires Microsoft for email service: torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w' ==> "...duckduckgo-com.mail.protection.outlook.com"
    • DDG is partnered with Yahoo (aka Oath; plus Verizon and AOL by extension). DDG helps Yahoo profit by patronizing Yahoo's API for search results, and also through advertising. The Verizon corporate conglomerate is evil in many ways:
      • Yahoo, Verizon, and AOL all supported CISPA (unwarranted surveillance bills)
      • Yahoo, Verizon, and AOL all use DNSBLs to block individuals from running their own mail servers, thus forcing an over-share of e-mail metadata with a relay.
      • Verizon and AOL both drug test their employees, thus intruding on their privacy outside of the workplace.
      • Verizon supports the TTP treaty.
      • Yahoo voluntarily ratted out a human rights journalist (Shi Tao) to the Chinese gov w/out warrant, leading to his incarceration.
      • Yahoo recently recovered "deleted" e-mail to convict a criminal. The deleted e-mail was not expected to be recoverable per the Yahoo Privacy Policy.
      • Verizon received $16.8 billion in Trump tax breaks, then immediately laid off thousands of workers.
      • (2014) Verizon fined $7.4 million for violating customers’ privacy
      • (2016) Verizon fined $1.35 million for violating customers’ privacy
      • (2018) Verizon paid $200k to fight privacy in CA. See also this page
      • (2018) Verizon caught taking voice prints?
      • more dirt (scroll down to Verizon)
      • (2016) Yahoo caught surreptitiously monitoring Yahoo Mail messages for the NSA.
  • Advertising Abuses & Corruption:
    • DDG consumed a room at FOSDEM 2018 to deliver a sales pitch despite its proprietary non-free server code, then dashed out without taking questions. Shame on FOSDEM organizers for allowing this corrupt abuse of precious resources.
    • Tor Project accepted a $25k "contribution" (read: bribe) from DDG, so you'll find that DDG problems are down-played. This is why Tor Browser defaults to using DDG and why Tor Project endorses DDG over Ss -- and against the interests of the privacy-seeking Tor community. The EFF also pimps DDG -- a likely consequence of EFF's close ties to Tor Project.

For the record, this is how Tor Project responds to criticism about their loyalty toward DuckDuckGo (their benefactor) in IRC:

18:20 < psychil> if torbrowser is going to be recommended, it should also be open to scrutiny. in the absence of that transparency, you create an untrustworthy forum.

18:20 < psychil> we've seen a loyalty from TB toward duckduckgo, but DDG is in partnership with Verizon, Yahoo, AOL et. al.

18:21 < psychil> all CISPA-sponsoring companies

18:22 < psychil> if ppl choose to trust them fair enough, but this trust shouldn't be pushed on every user weighing their choice of browsers

18:26 -!- mode/#tor [-b psychil@!@*] by ChanServ

18:27 < YY_Bozhinsky> psychil: i am using Tor (thanks to Tor Devs)... PLUS brain - good bundle. I am happy. And please, don't rush to change Reality (do it slowly with love and respect). Because it's home for many ppl. They construct their lives in it. Think twice before ruining that. Please.

18:27 -!- mode/#tor [+b psychil!@] by ChanServ

18:27 -!- psychil was kicked from #tor by ChanServ [wont stop the FUD]

Indeed, Tor Project is notoriously fast to censor any discourse (no matter how civil) when it supports a narrative that doesn't align with their view / propaganda.

2595
2596
 
 

Let's pretend there was a consensus of malicious internet companies, and a sufficient number of people wished to strip those companies of their power. That group of people could establish a new network of DNS servers which specifically refuse to resolve the perceived malicious domains.

Let's just take one example. Let's pretend there is a website that serves video content, but this website tracks its users aggressively. Their domain is example.com.

Even some of the users who dislike the example.com service might want to be able to consume the video content, so there could even be proxy servers which would provide access to the content without allowing things like the tracking javascript to leak through.

I'm massively oversimplifying the technical details of how this would be achieved, but I'm just curious if anyone else had considered this possibility.

Maybe DNS is the wrong layer to execute this political action, but I feel like there exists a technical approach to such political action.

Edit: I completely glossed over the SSL/CA implications of the proxying service, not because I don't know the implications exist, but because it's a complicated topic, and I'm not exactly sure how best to resolve it, especially for users who would not understand the risks of sharing things like user credentials over a proxy service like this.

I hope this can serve more as a discussion starting point than a prescription.

One more clarification: I imagine something like one or more Political Action Committees running these DNS servers. That person or group of people would choose a list of domains to blacklist, and deny DNS resolution for those domains or resolve to 127.0.0.1.

2597
2598
 
 

This was originally posted on Reddit /r/privacy, but I saw fit to post it here since these issues seem to apply to privacy-oriented communities as a whole.

This sub is about privacy. Every day we get people who are just realizing for the first time just how much of their information is out there beyond their control. They come here looking for help and advice and sometimes to share their successes. Often times they have little or no technical knowledge, let alone an advanced understanding of information security or how to compile their own apps from source, but they want to learn.

So it absolutely fucking pains me when I see gatekeepers shitposting all over newbies. People get downvoted into oblivion for suggesting that it might be difficult for grandma to compile her own Android app instead of installing from the Play store. Comments like "you're a slave if you have a Facebook account" get circle-jerked. Within the past week I've witnessed:

OP: "Where can I find a privacy-respecting news app?" Redditor: "Ugh, why would you even want an app? That's so stupid."

OP: "I'm so happy, I just deleted my Google data!" Redditor: "You're cute, you think they actually deleted it? Guess again, moron."

OP: "I'm leaving Gmail. What do you think of ProtonMail?" Redditor: "Anything less than self-hosted is a waste of time. Why don't you just go back to AOL?"

This attitude does nothing to further privacy. It just makes the redditor look like a jackass gatekeeper. Worse, it makes the community toxic. People come here to learn about privacy. Everyday, regular, not-tech-savvy people. Instead of mocking them for being a "noob", let's welcome them into the fray and help them improve their privacy posture.

Every "noob" we scare off runs back to Google. Report gatekeeping and shitposting when you see it.

2599
2600
0
submitted 4 years ago* (last edited 4 years ago) by [email protected] to c/[email protected]
 
 

can't wait :)

mobile devices liberated at last

view more: ‹ prev next ›