privacy

2733 readers
8 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 2 years ago
MODERATORS
26
 
 

Meta will start training its AI models using everyone's social media posts though European Union users can opt out, a luxury the rest of the world won't enjoy. The AI training rules kick in worldwide on June 26.

Meta has so far not included its European userbase in its AI training data, presumably to avoid legal conflict with the continent's privacy regulations. Now it's pushing ahead with that despite complaints.

As training AI from user data is doubtlessly going to be contentious in Europe, Meta has attempted to cover itself in two ways. Firstly, when it says "public content," Meta means posts, comments, photos, and other content posted on its social media platforms by users over the age of 18. Private messages are, apparently, strictly verboten from the training data.


I don't have a FB or Instagram account, I only use Whatsapp because it's work related.

27
 
 

The woman remembers the first time she got a smartphone.

It was 2011, and she was living in Hotan, an oasis town in Xinjiang, in northwest China. The 30-year-old, Nurjamal Atawula, loved to take pictures of her children and exchange strings of emoji with her husband while he was out. In 2013, Atawula downloaded WeChat, the Chinese social messaging app. Not long after, rumors circulated among her friends: The government could track your location through your phone. At first, she didn’t believe them.

In early 2016, police started making routine checks on Atawula’s home. Her husband was regularly called to the police station. The police informed him they were suspicious of his WeChat activity. Atawula’s children began to cower in fear at the sight of a police officer.

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
 

Hey guys, I am trying to get rid of my old Facebook accounts. I have not been using them for years, in fact I dont know their login data and for one i dont even have access to the email address any more.

I am a EU citizen and attempted to instruct them to close the accounts per email, since logging in requires me to consent to them using my data or pay money (probably illegal here too).

They sent me a quick response basically to go fuck myself, even after I offered to provide personal identification to verify I am the account owner and reminded them that I am an EU citizen and that my data is subject to those laws.

How can i force these fuckers to comply with my request for deletion of the accounts and associated data?

45
 
 

GDPR rights are being ignored. In practice, this leads to a situation where Microsoft is trying to contractually dump most of its legal responsibilities under the GDPR on schools that provide Microsoft 365 Education services to their pupils or students.

Trying to find out exactly what privacy policies or documents apply to the use of Microsoft 365 Education is an expedition in itself. There is a serious lack of transparency, forcing users and schools to navigate a maze of privacy policies, documents, terms and contracts that all seem to apply. The information provided in these documents is always slightly different, but consistently vague about what actually happens to children’s data when they use Microsoft 365 Education services.

Maartje de Graaf, data protection lawyer at noyb: “Microsoft provides such vague information that even a qualified lawyer can’t fully understand how the company processes personal data in Microsoft 365 Education. It is almost impossible for children or their parents to uncover the extent of Microsoft’s data collection.”

Felix Mikolasch, data protection lawyer at noyb: “Our analysis of the data flows is very worrying. Microsoft 365 Education appears to track users regardless of their age. This practice is likely to affect hundreds of thousands of pupils and students in the EU and EEA. Authorities should finally step up and effectively enforce the rights of minors.”

As the terms and conditions and the privacy documentation of Microsoft 365 Education are uniform for the EU/EEA, all children living in these countries are exposed to the same violations of their GDPR rights. Therefore, noyb also suggests that the authority should impose a fine on Microsoft.

46
47
48
 
 

Today we're ecstatic to publish our first demo showing a homemade BusKill Cable (in the prototype 3D-printed case) triggering a lockscreen.

3D-Printed USB Dead Man Switch (Prototype Demo)
Watch the 3D-Printed USB Dead Man Switch (Prototype Demo) for more info youtube.com/v/vFTQatw94VU

via @[email protected]

In our last update, I showed a video demo where I successfully triggered a lockscreen using a BusKill prototype without the 3D-printed body for the case and N35 disc magnets. I realized that the N35 disc magnets were not strong enough. In this update, I show a demo with the prototype built inside a 3D-printed case and with (stronger) N42 and N52 cube magnets.

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

What is BusKill? (Explainer Video)
Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Why?

While we do what we can to allow at-risk folks to purchase BusKill cables anonymously, there is always the risk of interdiction.

We don't consider hologram stickers or tamper-evident tape/crisps/glitter to be sufficient solutions to supply-chain security. Rather, the solution to these attacks is to build open-source, easily inspectable hardware whose integrity can be validated without damaging the device and without sophisticated technology.

Actually, the best way to confirm the integrity of your hardware is to build it yourself. Fortunately, BusKill doesn't have any circuit boards, microcontrollers, or silicon; it's trivial to print your own BusKill cable -- which is essentially a USB extension cable with a magnetic breakaway in the middle

Mitigating interdiction via 3D printing is one of many reasons that Melanie Allen has been diligently working on prototyping a 3D-printable BusKill cable this year. In this article, we hope to showcase her progress and provide you with some OpenSCAD and .stl files you can use to build your own version of the prototype, if you want to help us test and improve the design.

Print BusKill

Photo of the 3D-Printed BusKill Prototype

If you'd like to reproduce our experiment and print your own BusKill cable prototype, you can download the stl files and read our instructions here:

Iterate with us!

If you have access to a 3D Printer, you have basic EE experience, or you'd like to help us test our 3D printable BusKill prototype, please let us know. The whole is greater than the sum of its parts, and we're eager to finish-off this 3D printable BusKill prototype to help make this security-critical tool accessible to more people world-wide!

49
 
 

Curious how none of the coverage of this purchase mention that the app isn't open-source, which makes all of their claims of "end-to-end encryption" worthless

WordPress.com owner Automattic acquires multiservice messaging app Beeper for $125M

By Sarah Perez (@sarahpereztc) 2024-04-09

WordPress.com owner Automattic is acquiring Beeper, the company behind the iMessage-on-Android solution that was referenced by the Department of Justice in its antitrust lawsuit against Apple. The deal, which was for $125 million according to sources close to the matter, is Automattic's second acquisition of a cross-platform messaging solution after buying Texts.com last October.

Screenshot of the Beeper app
Image Credits: Beepercaption

That acquisition made Texts.com founder Kishan Bagaria Automattic's new head of Messaging, a role that will now be held by Beeper founder Eric Migicovsky, previously the founder of the Pebble smartwatch and a Y Combinator partner.

Reached for comment, Automattic said it has started the process of onboarding the Beeper team and is "excited about the progress made" so far but couldn't yet share more about its organizational updates, or what Bagaria's new title would be. However, we're told he is staying to work on Beeper as well.

Screenshot of the Beeper app
Image Credits: Beepercaption

Beeper and Texts.com's teams of 25 and 15, respectively, will join together to take the best of each company's product and merge it into one platform, according to Migicovsky.

"[Texts.com] built an amazing app that's more desktop-centric and iOS-centric," he said. "So we'll be folding the best parts of those into our app. But going forward, the Beeper brand will apply to all of the messaging efforts at Automattic," he said, adding, "Kishan ... I've known him for years now


there's not too many other people in the world that are doing what we do


and it was great to be able to combine forces with them."

The deal, which closed on April 1, represents a big bet from Automattic: that the future of messaging will be open source and will work across services, instead of being tied up in proprietary platforms, like Meta's WhatsApp or Apple's iMessage. In fact, Migicovsky says, the eventual plan after shifting people to the Beeper cross-platform app for managing their messages is to move them to Beeper's own chat protocol


an open source protocol called Matrix


under the hood.

Screenshot of the Beeper app
Image Credits: Beepercaption

Automattic had previously made a strategic investment of $4.6 million), another company building on Matrix, and it contributes annually to Matrix.org.

Matrix, a sort of "spiritual successor" to XMPP, as Migicovsky describes it, offers an open source, end-to-end encrypted client and server communications system, where servers can federate with one another, similar to open source Twitter/X alternative Mastodon. However, instead of focusing on social networking, like Mastodon, it focuses on messaging.

Migicovsky said the acquisition came about because running Beeper costs quite a bit of money and it was either time to raise more funding or find a buyer. To date, Beeper had raised $16 million in outside funding, including an $8 million Series A from Initialized. Other investors include YC, Samsung Next and Liquid2 Ventures, and angels Garry Tan, Kevin Mahaffey and Niv Dror, and the group SV Angel.

"I've known Matt [Mullenweg, Automattic founder and CEO] for years now," Migicovsky said, adding that the WordPress.com founder had shown commitment to open source technology, like Beeper, where about half its product is already open source. "We were looking to find a partner that could financially support this. One of the reasons why there are no other people building this type of app is it costs a surprisingly large amount of money to build a damn good chat app," Migicovsky noted.

As for Beeper's products, the company has now briefed the DOJ on what happened when Apple blocked its newer app, Beeper Mini, which aimed to bring iMessage to Android. That solution is no longer being updated as a result of Apple's moves.

Screenshot of the Beeper website
Image Credits: Beepercaption

Beeper on Android launches to all

The company is instead releasing an updated version of its core app, Beeper, on Android. Unlike Beeper Mini, which focuses only on iMessage, the main app connects with 14 services, including Messenger, WhatsApp, Telegram, Signal, Instagram DM, LinkedIn, Twitter/X, Discord, Google Messages and others. Android is its biggest platform by users, as 70% are on Google's smartphone OS.

In this rewritten version of Beeper, the company is starting to roll out fully end-to-end encrypted messages across Signal. That will be soon followed by WhatsApp, Messenger and Google Messages.

Because of Apple's restrictions, iMessage only works if you have an iPhone in the mix, Migicovsky says, and will not be a focus for Beeper, given the complications it saw with Apple's shutdown of Beeper Mini. However, Beeper is hopeful regulations could change things, pointing to the DOJ lawsuit and FCC investigation. In the meantime, Beeper supports RCS, which solves iMessage to Android problems like low-res images and videos, lack of typing indicators and encryption.

With the launch out of beta, the new app includes a new icon, updated design, instant chat opens and sends, the ability to add and modify chat networks directly on Android (no desktop app needed), local caching of all chats on the device and full message search.

The 10,000 Android beta testers already on Beeper will need to download the new app manually from Google Play


it won't automatically update.

Screenshot of the Beeper website
Image Credits: Beepercaption

In addition, the 466,000 or so people on Beeper's waitlist will now be able to try the product. They'll join over 115,000 users who have already downloaded the app, which is now used by tens of thousands daily. The app runs on Android, iPhone, iPad, ChromeOS, macOS, Windows and Linux.

The team expects to have feature parity across platforms in a matter of months as they overhaul the iOS and desktop apps.

In time, they plan to add other services to Beeper as well, including Google Voice, Snapchat and Microsoft Teams. Beeper also offers a widget API so developers can build on top of Beeper. Plus, since Matrix is an open standard, developers will be able to build alternative clients for Beeper, as well.

The app will generate revenue via a premium subscription, where the final price may be a couple of dollars per month, but pricing decisions haven't yet been fully nailed down. Beeper is currently free to use.

Like Automattic, Beeper's team is remotely distributed, with employees in Brazil, the U.K., Germany and the U.S. At present, Texts.com will continue to operate as the teams begin to integrate the two messaging apps.

50
 
 

cross-posted from: https://sh.itjust.works/post/17506000

I am not satisfied with Linux's security and have been researching alternative open source OS for privacy and security So far only thing that's ready to use is GrapheneOS (Based on Android) but that's not available on desktop (Though when Android release Desktop mode it may become viable)

Qubes OS is wrapper around underlying operating systems, so it doesn’t really fix for example Linux’s security holes it just kinda sandbox/virtualize them

OpenBSD is more secure than Linux on a base level but lack mitigations and patches that are added to linux overtime and it's security practices while good for it's time is outdated now

RedoxOS (Written in Rust) got some nice ideas but sticks to same outdated practices and doesn't break the wheel too much, and security doesn't seems to be main focus of OS

Haiku and Serenity are outright worse than Linux, especially Haiku as it's single user only

Serenity adopted Pledge and Unveil from OpenBSD but otherwise lacks basic security features

All new security paradigms seems to be happening in microkernels and these are the ones that caught my eyes

None of these are ready to be used as daily driver OS but in future (hopefully) it may change

Genode seems to be far ahead of game than everything else

Ironclad Written in ADA

Atmosphere And Mesosphere Open Source Re-implementation of Nintendo Switch's Horizon OS, I didn't expected this to be security-oriented but seems like Nintendo has done a very solid job

Then there are Managarm, HelenOS, Theseus but I couldn't figure out how secure they are

Finally there is Kicksecure from creators of Whonix, Kicksecure is a linux distro that plans to fix Linux's security problems

if you know of any other OS please share it here

view more: ‹ prev next ›