https://paglen.studio/2020/04/09/autonomy-cube/

Does anyone know what the technical design model of this project might entail? Its last iteration was a tor exit node, which is straightforward enough, but how would you design a gateway router accessible via WiFi that would direct all traffic over tor? This is not idea. The client (or full OS like TAILS or Whonix) is ideal and many common sites block tor (like this one). There must be a design for combining proxies with tor to get this AP to work practically for conventional use, as it seems to be advertised. Maybe early on, before tor got blocked so much, it did work as simply as it sounds.

Has anyone read the book or theories that inspired this work? Probably perfect for this community. I want to see if I can get a hold of a copy.

9 months ago, Raivo OTP for iOS was sold to Mobime. Raivo was hailed highly in terms of privacy, but was dethroned to 2FAS Auth after that incident. Today, Raivo launched an update, and after updating all of my entries were completely wiped. I didn't have a backup, but even if I did you now have to pay in order to import/export TOTP codes. No thank you.

If you haven't already, create a backup right now for all of your 2FA apps, even if you think it won't break.

ASUS rolled out an update to its firmware (3.0.0.6.102_34791) that now requires users to be over the age of 16 and to send a slew of metrics and data back to ASUS. If you do not agree or do not check the box to verify you are 16y or older, you cannot use the router. At this time, I’m not sure if ASUS has meant to disable the router for anyone under 16 or if it’s a bug.

You can opt out at any time but lose access to a slew of features:

Please note that users are required to agree to share their information before using DDNS, Remote Connection (ASUS Router APP, Lyra APP. AiCloud, AiDisk), AiProtection, Traffic analyzer, Apps analyzer, Adaptive QoS, Game Boost and Web history. At any time, users can search the contents of the terms at this page or stop sharing their information with other parties by choosing Withdraw.

Moreover, ASUS disables automatic firmware updates and worse, all security upgrades unless you opt into the data sharing. Security upgrades perform the following:

Security upgrade incorporates security measures that continuously update its security file and scans to protect against malware, malicious scripts, and emerging threats in order to secure the router and ensure system stability. Some upgrades addressing important security issues or meeting legal/regulatory requirements will still be downloaded and installed automatically, even if "Security Upgrade" is turned off.

Edit: I have personally contacted their CEO's office, but if others would like to voice their disapproval as well, here is a link: https://www.asus.com/us/support/article/787/

For weeks, I can't reach qwant maps anymore. Is it down for you guys as well? Does anyone know anything? There isn't even a mention on their main pages of it anymore. They just purged everything without further notice. Is that the same experience for you? I'm accessing with a VPN from within france.

I never want to get a smart TV, but I found this exact TV (Toshiba FireTV) on the side of the road and decided it would be a fun project to try enhancing its privacy as much as I can. It did not come with the remote or any other accessories besides the TV, so if there is any way to pair an iPhone/Pixel as a remote that would also be good. Is there any way to replace the software with something open source, and anything else I can try?

Thank you all!

basically what the title says

the ones i'm aware of:

• google's recaptcha
• ~~cloudflare's~~ hcaptcha

cloudflare being better for privacy compared to google, but still not great afaik

Wall Street Journal (paywalled) The digital payments company plans to build an ad sales business around the reams of data it generates from tracking the purchases as well as the broader spending behaviors of millions of consumers who use its services, which include the more socially-enabled Venmo app.

PayPal has hired Mark Grether, who formerly led Uber’s advertising business, to lead the effort as senior vice president and general manager of its newly-created PayPal Ads division.

Hello guys. I recently acquired a Pixel 8A and it was Google stock os I bought it from a man locally all with cash I brought It home and I flashed grapheneos onto this phone.

What else needs to be done to anonymous this phone and make it a privacy phone and a spy free phone no tracking phone no interception phone and no monitored phone.

Any advice welcome!

Thanks.

Cross-posted from: https://sh.itjust.works/post/19987854

We have previously highlighted the importance of not losing your account number, encouraging it to be written down in a password manager or similar safe location.

For the sake of convenience account numbers have been visible when users logged into our website. This had led to there being potential concerns where a malicious observer could:

• Use up all of a user's connections
• Delete a user's devices

From the 3rd June 2024 you will no longer be able to see your account number after logging into our website.

• "Hiding account numbers". Mullvad. 2024-05-27. Mullvad Blog (https://mullvad.net/en/blog/2024/5/27/hiding-account-numbers).
• Archive

i want to export all playlists and subscribtiones from invidious to piped but it doesnt work.

in invidious i click -Export Invidious data as JSON-

then i go to my acc in piped.video and i click -Import from JSON/CSV-

then piped popup says -The file doesn't contain valid playlists!-

how do i import then? there are no other formats to export from invidious than json and OPML, and piped only accepts JSON and CSV... i tried to see if there's community for invidious or piped on lemmy but i only found abandoned piped page and no invidious page.

I am currently in the process of finally getting rid of my Meta-account. In the process I have requested data extraction. The media stuff was made available pretty quickly, but the data logs are still being processed. Does anyone know what data they actually contain, and whether there's any point in waiting for it?

The reason I ask is that I also recently got a notification saying that will soon train their AI-model on my data which they will use the "legitimate interest" bullshit to do. I want to have my account deleted by the time this will be phased in (towards the end of June).

So now I am in the dilemma of waiting for the data logs to complete (which I don't know how long will take) or just delete my account in hopes that it will be purged before the AI-stuff goes into effect. I am unable to find out exactly what these data logs consists of and whether there is any point in keeping onto them for whatever reason.

Now, whether I can trust that they actually delete the data is another matter, but at least I would've done what I can, and they would break the law if the retain the data after my deletion request (under GDPR).

Is it possible to blog in the AI era?

I write short stories every now and then and I throw them online. I also have a tech blog, where I moan about the decisions software I use make and with my "infinite wisdom", I tell them what they should be doing instead.

I used to host both on Medium, but Medium got greedy. Then it was WordPress, but now even they're trying to be greedy bastards and use my shit for training AI.

Some would argue that WordPress paid hosting will exempt me from the AI training, but for less than 100 visitors a year, it's not really worth the expense.

So what is the solution? I ask the greater minds of this community for suggestions.

cross-posted from: https://slrpnk.net/post/9961019

Hello Lemmy! Yesterday I released the first version of an alternative frontend for Threads: Shoelace. It allows for fetching posts and profiles from Threads without the need of any browser-side JavaScript. It's written in Rust, and powered by the spools library, which was co-developed between me and my girlfriend. Here's a quick preview:

The official public instance (at least for now) is located at https://shoelace.mint.lgbt/, if y'all wanna try it out. There's also instructions to deploy it inside the docs you can find in the README. Hope y'all enjoy it!

Waterfox is a browser, obviously based on Firefox, but without default "junk" that Firefox comes with.

Don't see many mentions to Waterfox at all in this community? Are there any specific reasons for it? Seems like a neat version of Firefox, with development based out of the UK.

• Worthwile blogpost on their independence and future updates: https://www.waterfox.net/blog/waterfox-in-2023/
• Project: https://www.waterfox.net
• Flathub: https://flathub.org/apps/net.waterfox.waterfox

This is half a decade old news, but I only found this out myself after it accidentally came up in conversation at the DMV. The worker would not have informed me if it hadn't come into conversation. Every DMV photo in the United States is being used for AI facial recognition, and nobody has talked about it for years. This is especially concerning given that citizens are recently being required to update their ID to a "Real ID," which means more people than ever before are giving away the rights to their own face.

The biggest problem with privacy issues is that people talk about it for a while, but more often than not nothing ever happens to fix the problem, it simply gets forgotten. For example, in the next few years Copilot will simply become a part of people's lives, and people will slowly stop talking about the privacy implications. What can we even do to fight the privacy practices of giants?

I am currently using Proton VPN (free tier) which is set to Always-ON and Block Connections on disable.

Today while I am going through my Gmail security option, on the devices/sessions I found my real location mentioned over there. Even when I use desktop I always connect to VPN.

On this issue I got couple of doubts:

• Is this because I am using a free tier VPN? so it's not functioning properly etc...
• Else google fixed my location based on my previous location history? I used my google applications without VPN for many years, I am just learning & following privacy tips recently.

So with the recent Bing situation I wanted to take a second look on private search engines and sharing my conclusions of each search engine. Here is my list of private search engines:

Duckduckgo

I really like Duckduckgo, it has all important tools, decent result quality and a great image search function. Instant answers is very useful. My main problems are the reliance on Bing as the index and the choice of Apple Maps as mapping solution. Apart from the situation with the browser and Microsoft tracking Duckduckgo has a pretty clear record and the privacy.

Startpage

Startpage is another great option. Apart from mapping everything is there and, while not as good as Duckduckgo's, the image search engine good. The results are based on google and on par to better than those of DDG. The main advantages over DDG are European base (Netherlands) and the anonymous view, which basically functions as a quick access VPN, but sadly breaks ad/tracker blockers. Privacy for regular search is equal to DDG, but you have to disable JS to get rid of some telemetry. It is owned by an advertising company

Swisscows

Swisscows is okay. It is also Bing based, but slightly worse than DDG results. It lacks image search filters and mapping, but offers a music search which allows you to listen to ad free music. It also has an anonymous view, but it's not interactive. Privacy is similar to DDG, but has more telemetry and (temporally) stores your IP. It is from Switzerland, it also has a very strict anti gore/porn policy that sometimes makes normal search terms inaccessible.

Qwant

Qwant used to be very solid French search engine, has dropped in quality. Similar search quality to DDG, image search like Startpage. They use Bing in combination with their own index. Then problems: They share your IP with Microsoft and they replaced their main advantage, openstreetmap based independent mapping service, with AI summary's that require an account. Worse privacy than all the above.

Ecosia

Very similar to DDG. The main differences are that Ecosia is based in Germany, it plants trees to fight climate change, but also forwards your IP to MS.

Brave

Braves main advantages are being independent, both with the search and the AI, and the goggles that allow you to customize your results. Search results are slightly better than DDG, image search is bad, no mapping is available. Brave has had invaded privacy in the past, but currently the privacy is good as long as you disable statistics. The company itself is a bit concerning and the CEO is homophobic.

SearXNG

SearXNG is self hosted and open source, it uses various search engines as index and has a ton of extra feature like music search, fediverse search and a bunch more. While it has the most features and best privacy of all options, public instances are sometimes slow and the results aren't really good.

Kagi

Kagi is in principle a decent quality search engine, but it is paid and has some problems that are only getting worse. For those interested read this blogpost.

4get

4get is a open source, self hostable search engine. It acts as a web scraper for various search engines, also supports Soundcloud. It has great privacy and good results, but it lacks mapping and the official instance requires a CAPTCHA per 100 searches

Yep

Yep is an independent search engine. It is private and has good results, but lacks image search tools, video search and mapping.

Presearch

Decentralized independent search. It has good results but lacks image search tools, is sometimes unreliable and has intrusive advertising

A quick fire round of search engine that have decent privacy, but I wouldn't use due to result quality:

Ekoru Like Ecosia, but for cleaning oceans, Bing based, few features, requires extension.

Whoggle Like SearXNG, but with less features.

Metager Meta search engine with multiple search back ends, mainly Bing (Yahoo), completely powered by renewable energy

Mojeek Independent UK search engine with few additional feature, is supposed to be unbiased

LibreX/LibreY Like Whoggle

AstianGO Slightly modified version of LibreX by the Devs of the Midori Browser

Ghostery German independent search engine, regular web only, offers tracker analysis for websites

Stract Open source, self hostable, independent search engine

Lilo Like Ecosia, but with fewer features and the option to support various projects

YouCare Bing based search, shares your IP with MS, does "good deeds", some missing features

Giburu Google based proxy search

Gigablast Open source, self hostable, independent search engine

Mwmbl Open source, independent, self hostable search engine. Only web results

Marginalia Open source, independent, self hostable search engine. Only web results, offers filters

That would be my list. I'll still be sticking with Duckduckgo but I'd reconsider if Startpage improves it image search. Brave will probably never be my default, but it has proven it's role as a more private backup. Comment if I missed any search engine

Search engines I didn't include due to horrible privacy Bing/Google/Yandex/Yahoo/You/Baidu

In an effort to increase my privacy, I decided to buy a Pixel phone second hand to use with GrapheneOS. Due to some miscommunications, the phone ended up being carrier locked with T-Mobile. GrapheneOS's own website advises against buying carrier locked phones in order to avoid the hassle of carrier unlocking it.

I assumed that even if the support staff was unaware about OEM unlocking, I would at least be able to fairly effortlessly get the device carrier unlocked because it was bought second hand. My first call was to the T-Mobile support center, and the representative wanted the phone number of the device in order to unlock it. The device had no phone number, so we instead tried the IMEI. I was told that the IMEI was invalid because it was not the correct number of characters, and was told that there was nothing they could do without physical access to the device. As expected, the representative had never heard of OEM unlocking.

My next stop was at a T-Mobile store, to seek help there. The staff member there was very helpful and, despite not knowing what OEM unlocking was, was very aware of how to handle the situation regardless. He made a call to T-Mobile support (which has a different process if you are a staff member) and explained the situation to them.

Here is where things get interesting: T-Mobile had the ability to carrier unlock the phone, and had enough information to prove the device was mine, but refused to carrier unlock it because it has to be done by the original account holder. They wouldn't give any information about how to contact the original account holder, which is reasonable.

The in-person representative told me that if I was able to find a phone number linked with the original account holder that they would be able to do more, but after trying for over an hour to find any contact information with the seller, I couldn't find anything.

The in-person representative decided to try calling support one more time, and even went out of his way to try lying to the support team on my behalf, just to see what could be done.

After hanging up the phone, he told me that T-Mobile gave me 2 options:

1. Return the device entirely and buy a different one
2. Pay for T-Mobile for an entire year AND pay a $100 service fee

That's like telling someone they have to pay a year of rent before they can even step foot in a house they already paid for, and then pay $100 to get the doors unlocked. I knew it would be a bit of a process to get it carrier unlocked, but I didn't realize it would take me four hours to be told I had to pay T-Mobile for a year to be able to access a device I paid for.

I even tried using T-Mobile's own app to unlock the device, but the app is not functional as many reviewers have also noted.

Thankfully the seller accepted free returns, so the story has a happy ending, but any consideration of buying a carrier locked phone before has since evaporated.

It is truly dystopian how we live in a world where companies are allowed to get away with stuff like that, and yet people still give away their money and freedom to these companies.

Innovation and privacy go hand in hand here at Mozilla…

Is this the time to drop firefox?

What cloud VPS host is the best for privacy and security? I want to self host stuff for myself some tools. Mental Outlaw make a video last year about self hosting your own VPN with a service called Vultr but back in December vultr added to their TOS that they own what you host and a bunch of other scary stuff. So I don't trust Vultr anymore. I don't see recommended vps hosts on privacyguides website. So what do you guys think I should use to self host various things like a VPN, Nextcloud, and so on.