I was bored, so I compiled a list of 77 of my favorite open-source privacy-focused software. This ranges from Android apps to desktop apps to websites to operating systems. I scraped the programming languages used for each one from their respective repositories, and created a simple scoring system to score each programming language.

Obviously there is some bias, since Kotlin is very popular for Android apps and not much else, and it's not an exhaustive list, so some data might be off, but it was still fun to make! Just wanted to share it with all of you, in case anyone else finds it interesting.

The full ranking

Scores for each programming language

The original data

(NOTE: I am NOT looking for criticism on any choices made here)

I have been using Firefox with Ublock Origin as my main browser for a long while. Usually when I get a privacy prompt, I reject cookies, or maybe some sites that are more difficult take me a to a panel that wants me to switch off loads of individual trackers.

How does Ublock handle the cookies? Obviously some are required for site functionality, such as being logged in here, but if I accept cookies (or can't reject them) then presumably they are still accepted? Or does it accept the essential ones and delete third-party trackers?

I am a Tasker enthusiast and when I can automate something simple on my phone I like to. I set a simple task to turn off WiFi when my home network is not detected so my phone doesn't scan and report my location to businesses. However, this functionality is now nonexistent and the developer has to ask people not to one-star their app because it doesn't work. My phone is my phone and killing my ability to use it as such for whatever security theater Google is playing at is why I root my device. Anyone else still rooting for similar reasons?

Try the interactive demo.

I recently discovered a company called Flock which apparently is building a massive surveillance network. I came across a reddit post on r/sysadmin where an admin received a request to install a black box device so that law enforcement could access cameras.

https://en.m.wikipedia.org/wiki/Flock_Safety

https://www.aclu.org/news/privacy-technology/how-to-pump-the-brakes-on-your-police-departments-use-of-flocks-mass-surveillance-license-plate-readers (disclaimer: I don't support the political views of ACLU)

https://www.reddit.com/r/sysadmin/comments/1eu0fje/local_police_want_permanent_access_to_our_cameras/

I'm aware of what constitutes a decent password, but typing in 15-30 random characters each time I lock my computer screen is starting to get a bit taxing.

How secure does my user password really need to be and what are the threats to it? Does the same apply to a root-enabled user as a "regular" user when it comes to password security?

For context, my threat model doesn't need to account for real people breaking in and accessing my computer, the damage would be very contained.

Bonus question - what are the risks of having a weak password on a root user on a spare laptop on the same network as my main device that is used exclusively for web browsing? Thanks.

Hi, title's rather explanatory I think but I was considering getting a pair of TWS buds for convenience sake since cables are sometimes not an option for me. But I know a lot of modern buds make you get apps that request a large amount of questionable permissions(even if you deny them, the requests in and of itself feels like a red flag) and likely send your data away. So I was wondering if there were any options that were cleaner. Thanks for the help!

After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don't even notice there's hardening underneath. Also it protects from Google's evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don't understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven't tried GrapheneOS, try it. You won't go back to regular Android.

Not sure if true, but someone raised an issue when this was first announced. That you can no longer refuse to unlock your phone when stopped, since you'll have to unlock it to show your digital driver's license.

You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.

The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of "USDoD" stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).

Based on this class action complaint, NPD's conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.

Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).

So, yeah. I am very concerned. I'll have to figure out how to defend against this identity theft. Overall, I'm new to the privacy community, but I'm feeling like "privacy" in the United States is an absolute mess. If your data wasn't somewhere on the dark web, it might be now. Protect your data. Stay safe.

repost from: https://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux

Google's campaign against ad blockers across its services just got more aggressive. According to a report by PC World, the company has made some alterations to its extension support on Google Chrome.

Google Chrome recently changed its extension support from the Manifest V2 framework to the new Manifest V3 framework. The browser policy changes will impact one of the most popular adblockers (arguably), uBlock Origin.

The transition to the Manifest V3 framework means extensions like uBlock Origin can't use remotely hosted code. According to Google, it "presents security risks by allowing unreviewed code to be executed in extensions." The new policy changes will only allow an extension to execute JavaScript as part of its package.

Over 30 million Google Chrome users use uBlock Origin, but the tool will be automatically disabled soon via an update. Google will let users enable the feature via the settings for a limited period before it's completely scrapped. From this point, users will be forced to switch to another browser or choose another ad blocker.

Archive link

It is truly upsetting to see how few people use password managers. I have witnessed people who always use the same password (and even tell me what it is), people who try to login to accounts but constantly can't remember which credentials they used, people who store all of their passwords on a text file on their desktop, people who use a password manager but store the master password on Discord, entire tech sectors in companies locked to LastPass, and so much more. One person even told me they were upset that websites wouldn't tell you password requirements after you create your account, and so they screenshot the requirements every time so they could remember which characters to add to their reused password.

Use a password manager. Whatever solution you think you can come up with is most likely not secure. Computers store a lot of temporary files in places you might not even know how to check, so don't just stick it in a text file. Use a properly made password manager, such as Bitwarden or KeePassXC. They're not going to steal your passwords. Store your master password in a safe place or use a passphrase that you can remember. Even using your browser's password storage is better than nothing. Don't reuse passwords, use long randomly generated ones.

It's free, it's convenient, it takes a few minutes to set up, and its a massive boost in security. No needing to remember passwords. No needing to come up with new passwords. No manually typing passwords. I know I'm preaching to the choir, but if even one of you decides to use a password manager after this then it's an easy win.

Please, don't wait. If you aren't using a password manager right now, take a few minutes. You'll thank yourself later.

I am looking for an auto toggle feature for the swipe down menu. Sometimes I forget to turn off Bluetooth, location, or other toggles on the drop down menu. Is there such a way to have Bluetooth shutoff after 15 mins of inactivity? Or say Mic, camera toggle off after X time of no use, location toggle, etc. Pixel 6 Pro.

I began using invidious after every piped instances refused to play videos lately. But what I read from their docs is that my IP might get exposed to google servers while loading videos from invidious. I use rethink DNS app and in that I can see all the domains that are getting called by my browser.

I tested about five instances and none are calling googlevideo domain as mentioned in the doc. Are they proxying my requests by default or am I missing something?

No, I don't have the option proxy video turned on. I use yewtu.be as my main invidious instance.

A cookie notice that seeks permission to share your details with "848 of our partners" and "actively scan device details for identification".

Hi folks,

I'm seeing there are multiple services which externalise the task of "identity provider" (e.g. login with Facebook, google or what not).

In my case, I am curious about Tailscale, a VPN service which allows one to chose an identity provider/SSO between Google, Microsoft, Github, Apple and OIDC.

How can I find out what data is actually communicates to the identity provider? Their task should simply be to decide whether I am who I claim to be, nothing more. But I'm guessing there may be some subtleties.

In the case of Tailscale, would the identity provider know where I'm trying to connect? Or more?

Answers and insights much appreciated! The topic does not seem to have much information online.

Rather peeved about all of this. Been waiting for this game for ages and was excited about the F2P aspect then found out a lot of elements of the game are locked behind paywalls making the full game costing way over most AAA games. Ok, lets roll on anyways and see what the game has to offer. Then I get to the privacy policy and realize they're using anti-cheat services to monitor your game, I continued reading the user agreement and then had to find their actual privacy policy page because they have it listed under a different url then what they have posted. Some Highlights from the user agreement:

You may not host, provide or develop matchmaking services for the Product, or intercept, emulate or redirect the communication protocols used by Frost Giant in any way, for any purpose, including without limitation unauthorized play over the internet, network play (except as expressly authorized by Frost Giant), or as part of content aggregation networks.

You may not organize, promote or participate in an esports competition for the Product which has not been licensed by Frost Giant.

You may not play on another user's Account

In order to safeguard its licensing rights, when you are using the Product, Frost Giant may monitor your hardware random access memory (RAM)

You understand that the mere presence of unauthorized cheat software on your device, whether or not you use that unauthorized software while playing the Game, may result in Frost Giant exercising its full rights under this Agreement.

Acknowledgments. You acknowledge that:

• The Game which is the object of the Alpha or Beta Test is a work in progress and may contain bugs which may cause loss of data and/or damage to your computer system;
• You have, or will, back-up your hard drive prior to installation of the Beta;
• You have the resources necessary to easily reinstall the operating system for the computer system that you will use to take part in the Alpha or Beta Test as well as to restore any and all data that may be lost;

It just goes on and on with some really sketchy stuff, then I get to the privacy policy:

Your contact information/identifiers, such as your name, your gamer id, mailing address, email address, employer, primary language, country, social media credentials. preferred games and date of birth. If you contact us by telephone, we will also retain your telephone number.

Your geolocation data, if your device settings allow us to collect such information.

Your account preference information, such as your contact, communication and marketing preferences.

Your device and browsing information, including non-personally identifiable information about your phone, tablet, computer or device and online browsing activity, which may be automatically collected. This may include IP addresses, unique identifiers, cookie identifiers, browser language, device and browser settings and broad location-based information, and internet service provider information. It may also include information about when and how you accessed and used our Sites, how you navigated to our Sites (such as the date and time of your visit), the links you clicked, the websites you visited before and after our Sites, and what you searched for while on our Sites.

Analytics & Interest-Based Ads. We partner with third parties (like sponsors, content providers, and analytics companies) to help us improve our Services and better understand how you interact with them, as well as to support our marketing initiatives and ad campaigns. These companies may collect info from you automatically in connection with your visit.

And the really scary part

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

• A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
• A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
• Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
• Physical location or movements.

Third party service providers. - From time to time, Frost Giant may need to transmit your personal data to vendors or service providers that enable us to market, sell, or deliver our services. These service providers may require certain personal information in order to perform specific services on our behalf, such as cloud service and data storage, beta testing, tech support to enhance game operations, chat, customer support, social login, fulfillment and shipping, email and newsletter delivery, conducting surveys, payment processing, tournament operation, anti-cheat and fraud prevention, web hosting or web analytics. Such partners include:

Steam
Epic Online Services
RallyCry
Hathora
Brevo
Eventbrite
AWS
Sentry.io 
Google
Easy Anti-Cheat 
GGWP
Untapped
Kakao Games
ModSquad

I've stopped playing previous games that use these tactics and programs because there's just too many other games that don't require these that are available. This was a game I was hoping to get back into with some RTS friends I've made along the way, Is this just the way of the world or something to avoid?

I've not seen this before but it was strange.

An ad loaded at the end of a video, so I paused it. What caught my eye was the background was moving when I moved my phone, which turned out to be the room I was in. The ad was overlayed on whatever my camera was looking at, but the ad appeared stretched from a single point in the middle of the screen, which was even weirder.

Edit: The ad was using the rear camera, not the front facing one.

I've looked through my phones settings and there are no options to toggle YouTube's camera access either, so I feel like it's safe to say this is being forced on users (surprise /s).

Needless to say, that app is no longer on any of my devices :)

So I've been in the rabbit hole of android privacy for some time, last I joined the GrapheneOS community but let's just say that they doesn't have a "healthy" opinion about other projects like f-droid.

So I am looking for generic communities that focus on mobile privacy that doesn't have drama or toxicity or "extreme opinions". Any suggestions? I prefer chat based communities like matrix or simplex instead of like reddit or lemmy.