As I noted within my post, #[email protected] (alternate link), thumbnail generation in Element is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

Edit History

2023-10-02T00:54Z
1c1,2
< As I noted within my post #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server.
***
> As I noted within my post #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T01:28Z
1,2c1,2
< As I noted within my post #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
< > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room. 
***
>  As I noted within my post, #[email protected] ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

Post Signature

S2VmXQSG75iBgleZwzdld8yCRStIq4BSzPmplG3xGbVTfIQ/vB/F7jyNfJdm3Z1Y
ZEWSHTdn1dl8qQw4UgY2toA6xFBNoTwn9Wro9jlLOZdoi3UdHhLQzM4eQbtbfQOJ
vDu/sOkMBVexIu1PvyzdQD+T5ZfqasXdPCu+fZmayfZHHVhjh7G1oz5tdYzI9ZnG
srl82j2L+Pb4qxbjIgNmbzNVqeBBQCkYxB/BnEB2JYUTtcYVTwW7yacYtoZrRykW
ztVfgIn5VR5yHvLTHvI4mQIYvdoDmVexp7Cpn5zNEWm0u6syye0d2TObxw8i1jCc
0Z+cT1UnURXCAvwD8+sFMw==

Use this handy tool to tell your elected officials: No reauthorization of 702 without drastic reform:

Take action

TELL congress: End 702 Absent serious reforms#

According to minutes released under FOI, the European police agency pushed for unfiltered access to data that would be obtained under a proposed new scanning system for detecting child sexual abuse images on messaging apps, with a view, experts say, to training AI algorithms.

The European police agency, Europol, has requested unfiltered access to data that would be harvested under a controversial EU proposal to scan online content for child sexual abuse images and for the AI technology behind it to be applied to other crimes too, according to minutes of a high-level meeting in mid-2022.

The meeting, involving Europol Executive Director Catherine de Bolle and the European Commission’s Director-General for Migration and Home Affairs, Monique Pariat, took place in July last year, weeks after the Commission unveiled a proposed regulation that would require digital chat providers to scan client content for child sexual abuse material, or CSAM.

The regulation, put forward by European Commissioner for Home Affairs Ylva Johansson, would also create a new EU agency - the EU centre to prevent and counter child sexual abuse. It has stirred heated debate, with critics warning it risks opening the door to mass surveillance of EU citizens.

In the meeting, the minutes of which were obtained under a Freedom of Information request, Europol requested unlimited access to the data produced from the detection and scanning of communications, and that no boundaries be set on how this data is used.

“All data is useful and should be passed on to law enforcement, there should be no filtering by the [EU] Centre because even an innocent image might contain information that could at some point be useful to law enforcement,” the minutes state. The name of the speaker is redacted, but it is clear from the exchange that it is a Europol official.

The Centre would play a key role in helping member states and companies implement the legislation; it would also vet and approve scanning technologies, as well as receive and filter suspicious reports before passing them to Europol and national authorities.

In the same meeting, Europol proposed that detection be expanded to other crime areas beyond CSAM, and suggested including them in the proposed regulation. It also requested the inclusion of other elements that would ensure another EU law in the making, the Artificial Intelligence Act, would not limit the “use of AI tools for investigations”.

The Europol input is apparent in Johansson’s proposal. According to the Commission text, all reports from the EU Centre that are not “manifestly unfounded” will have to be sent simultaneously to Europol and to national law enforcement agencies. Europol will also have access to the Centre’s databases.

Several data protection experts who examined the minutes said Europol had effectively asked for no limits or boundaries in accessing the data, including flawed data such as false positives, or in how it could be used in training algorithms.

Niovi Vavoula, a data protection expert at the Queen Mary University of London, said a reference in the document to the need for quality data “points to the direction that Europol will use the data to train algorithms, which according to the recent Europol reform is permitted”.

Europol’s in-house research and development centre, the Innovation Hub, has already started working towards an AI-powered tool to classify child sexual abuse images and videos.

According to an internal Europol document, the agency’s own Fundamental Rights Officer raised concerns in June 2023 about possible “fundamental rights issues” stemming from “biased results, false positives or false negatives”, but gave the project the green light anyway.

In response, Europol declined to comment on internal meetings, but said: “It is imperative to highlight our organisation’s mission and key role to combat the heinous crime of child sexual abuse in the EU. Regarding the future EU Centre on child sexual abuse, Europol was rightfully consulted on the interaction between the future EU Centre’s remit and Europol. Our position as the European Agency for Law Enforcement Cooperation is that we must receive relevant information to protect the EU and its citizens from serious and organised crime, including child sexual abuse.”

Staff links

On September 25, BIRN in cooperation with other European outlets reported on the complex network of AI and advocacy groups that has helped drum up support for Johansson’s proposal, often in close coordination with the Commission. There are links to Europol too.

According to information available online, Cathal Delaney, a former Europol official who led the agency’s Child Sexual Abuse team at its Cybercrime Centre, and who worked on a CSAM AI pilot project, has begun work the US-based organisation Thorn, which develops AI software to target CSAM.

Delaney moved to Thorn immediately after leaving Europol in January 2022 and is listed in the lobby register of the German federal parliament as an “employee who represents interests directly”.

Transfers of EU officials to the private sector to work on issues related to work carried out in their last three years of EU engagement require formal permission, which can be denied if it is deemed that such work “could lead to a conflict with the legitimate interests of the institution”.

In response, Europol said: “Taking into account the information provided by the staff member and in accordance with Europol’s Staff Regulation, Europol has authorised the referred staff member to conclude a contract with a new employer after his end of service for Europol at the end of 2021”.

In June, Delaney paid a visit to his former colleagues, writing on Linkedin: “I’ve spent time this week at the #APTwins Europol Annual Expert Meeting and presented on behalf of Thorn about our innovations to support victim identification.”

A senior former Europol official, Fernando Ruiz Perez, is also listed as a board member of Thorn. According to Europol, Ruiz Perez stopped working as Head of Operations of the agency’s Cybercrime Centre in April 2022 and, according to information on the Linkedin profile of Julie Cordua, Thorn’s CEO, joined the board of the organisation at the beginning of 2023.

Asked for comment, Thorn replied: “To fight child sexual abuse at scale, close collaboration with law enforcement agencies like Europol are indispensable. Of course we respect any barring clauses in transitions of employees from law enforcement agencies to Thorn. Anything else would go against our code of conduct and would also hamper Thorn’s relationships to these agencies who play a vital role in fighting child sexual abuse. And fighting this crime is our sole purpose, as Thorn is not generating any profit from the organization’s activities.”

Alongside Ruiz Peréz, on the board of Thorn is Ernie Allen, chair of the WeProtect Global Alliance, WPGA, and former head of the National Centre for Missing & Exploited Children, NCMEC, a US organisation whose set-up fed into the blueprint for the EU’s own Centre.

Europol has also co-operated with WeProtect, a putatively independent NGO that emerged from a fusion of past European Commission and national government initiatives and has been a key platform for strategies to support Johansson’s proposal.

“Europol can confirm that cooperation with the WPGA has taken place since January 2021, including in the context of the WPGA Summit 2022 and an expert meeting organised by Europol’s Analysis Project (AP) Twins (Europol’s unit focusing on CSMA)” the agency said.

This article is part of an investigation supported by the IJ4EU programme, versions of the article are also published by Netzpolitik and Solomon.

Hello. I sometimes receive images in HEIC format and I use an app to convert them to JPG. However I realized that this app uploads the images and makes the conversion in the cloud, so I stopped using it.

Does anyone know of an app that does this conversion offline?

Summary

The Electronic Frontier Foundation (EFF) filed an amicus brief urging the Michigan Supreme Court to find that warrantless drone surveillance of a home violates the Fourth Amendment. The EFF argues that drones are fundamentally different from helicopters or airplanes, and that their silent and unobtrusive capabilities make them a formidable threat to privacy. The EFF also points out that the government is increasingly using drones for surveillance, and that communities of color are more likely to be targeted. The EFF calls on the court to recognize the danger that governmental drone use poses to our Fourth Amendment rights.

don't know nothing about Monero, but I find it interesting

piped uses cloudflare, invidious doesn't support video format so posted youtube

It's been a few years since I've needed to install a version of Windows on a PC for personal use. I have a license for Windows 10 Pro, but today I found out it is no longer possible to get through the installation without first creating an account with Microsoft.

I don't want to do this. Does anybody have any way to get around it? The stuff I've read online basically ends up being create your account switch to a local account after installation and delete your account. I want a better solution. Would installing a much older version of Windows 10 work? The whole reason I got an msdn license back in the day is so I didn't have to do this.

Sync files (KeePass) between devices (PC, mobile, tablet, RPi)

I tried running sheltered from the f-droid repository with it not really working that well; refusing to show notifications during setup. I'm not sure of this is because it hasn't been updated in the last 12 months, or if its something on my end.

Any help is appreciated.

Seems like Piped and Invidious are both on their last legs. Public instances on both services are pretty iffy, they go down fairly often now. Freetube works well on desktop but no real way to sync subscriptions and watch history to a phone. Self-hosting Piped/Invidious might be the solution but I don’t know if it’s worth the upkeep when YouTube is actively fighting against it.

It’s not surprising that ChatGPT has been accused of breaching the EU’s main privacy law – PIA blog noted that ChatGPT was a privacy disaster waiting to happen back in February. As the first complaint to be taken up by an EU data protection agency, this case will be watched closely by other EU Member States, and around the world. The Polish inquiry is likely to investigate many of the key GDPR issues that arise for AI programs and be used as a benchmark in future legal cases.

Very weird, this is the TBB direct from Tor.

Trojan:Win32/Malgent!MTB

....Tor Browser\Browser\TorBrowser\Tor\tor.exe

And it links to : https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AWin32%2FMalgent!MTB&threatid=2147836816

Anyone else having issues with TBB?

It's what the title says, i don't want to be posted on fricking instagram and my school didn't ask for anyone's consent. It's not just one, it's severeal. How can i make instagram remove them? Thank you for your help

edit 1: thanks for the heads up, especially for the ones who seem truly interested to help me in this matter. So what i did till now is to send an email to my school collaborator (which is a scholastic figure who is responsible for the management of the school in general) requesting the deletion of the images depicting myself.

This is the complete request translated in english: Hi, I saw that recently several photos have been posted by the school account on instagram that depict me. I kindly request the removal of the aforementioned photos, since I have not given consent (or if given, withdraw such consent) to the publication of my image online on accounts not controlled and managed by me. I explicitly ask you to avoid "censoring" my image, but to commit to deleting the photos in which I am present, in order to avoid any kind of retaliation against me. Please let me know if there is anything else I should do to complete this process, thanks for your cooperation.

I've also tried to let instagram delete these images through this link but i don't know if it was successful or not because i gave them an email as contact info but i didn't receive anything yet.

I'll let you know how this ends

Do not really understand how Android sandboxing works for system apps.

Also wanted to test linking a Mastodon post of mine to my Lemmy account. If anything bungles up, sorry in advance!

Is there any app like Fritter? I mean, I need Twitter for my job, but in a passive way. What is the best option without login in the official app or website (Linux/Android).

Thanks!