I don't know if there are other ways to use Reddit without using its own client, but I wanted to inform you.

cross-posted from: https://beehaw.org/post/14909762

It seems YT started another attempt at blocking alternative clients. They changed something in their API and both SmartTube and Tubular (NewPipe fork) are completely broken. Apparently it started happening this past week, but we personally just felt it today.

Edit: SmartTube already has an update but still not working for 4K videos it seems. Tubular still not working but it might be due to the upstream (NewPipe) is still working on a fix.

I want to use Telegram on the web without needing to have a desktop or mobile app installed. I only rarely use Telegram.

I've gotten prepaid sims for things but obviously that's not really a feasible method for your main life phone.

A U.S. government agency tasked with supporting the nation’s nuclear deterrence capability has bought access to a data tool that claims to cover more than 90 percent of the world’s internet traffic, and can in some cases let users trace activity through virtual private networks, according to documents obtained by 404 Media.

If you quit YouTube then you also quit all the content on YouTube that isn't elsewhere. The best solution if you still want to use it is to use 3rd party apps. Personally I would actually count that as having no reliance on Google in particular anymore. If a video platform owned by Google wasn't the most popular then it would be another platform. I don't think you should think of 3rd party apps as YouTube frontends, but rather, apps that scrape videos hosted on Google's servers.

cross-posted from: https://programming.dev/post/16595505

• Home routing and encryption technologies are making lawful interception harder for Europol
• PET-enabled home routing allows for secure communication, hindering law enforcement's ability to intercept and monitor communications
• Europol suggests solutions such as disabling PET technologies and implementing cross-border interception standards to address the issue.

I'm asking for existing tools/systems that let me programmatically say: "here is my public key, BUT if each of these 5 other public keys all send a signed message saying that my public key has been compromised, then you should mark my public key as compromised, and use the new one they provide". (This is not for a particular task, I'm just curious if any existing auth systems are capable of this)

I call the idea "guardian keys" because it could be friends' public keys or or just more-securely-stored less-frequently-used keys that you control.

NOTE: I know this would not work for data encryption. Encrypted data is simply gone if a key is lost. But, for proving an identity, like a login, there could be a system like this but I don't know of any

A while ago I reached a point in my privacy journey where I simply felt bored. It's not a result of going too far in privacy, but simply my threat model has caused me to let go of a lot of things that used to entertain me (games, movie streaming, short form video, etc.) The entertainment landscape in privacy seems pretty bleak, since you no longer own the movies you watch, the games you play, and lots of proprietary software along the way. I entertain myself through FreeTube, physical copies of movies, and offline installations of games like Minecraft, but it's still a step down from how it used to be.

What do you do to keep yourselves entertained in a privacy conscious way?

I rarely use my smartphone and find it a bit annoying to have to use it for 2FA through apps. I wish to get physical passkeys that will allow me to login to my laptop.

I have heard of YubiKey although I haven't given it any serious consideration since it is closed source. (My super-tin-foiled friend who introduced me to this world of privacy taught me to never trust a closed-source solution... _long _ story).

Are there any FLOSS versions of Yubikey? Can they be used to log into a Linux machine? Or for banking?

On P2P payments from their FAQ: "While the payment appears to be directly between wallets, technically the operation is intermediated by the payment service provider which will typically be legally required to identify the recipient of the funds before allowing the transaction to complete."

How about, no? How about me paying €50 to my friend for fixing my bike doesn’t need to be intermediated, KYCed, and blocked if they don't approve of it or know who the recipient is? How about it’s none of the government’s business how I split the bill at dinner with friends? This level of surveillance is madness, especially coming from an app that touts "privacy" as a feature.

GNU Taler is a trojan horse to enable CBDC adoption. They are the friendly face to an absolutely terrifying level of government control in our lives funded by the same government that tries every year to implement chat control. Imagine your least favourite political party gaining power. Now imagine they can see and control every transaction you make. No thanks.

Hey guys, I have been seeing a lot of people talking good things about noscript, I have a few questions about it:

• Why isn't it open source? Is there a open source alternative? To me this kinda feels suspicious, installing an extension that can affect all tabs from outside the Mozzila store, while not even open source...
• How to minimize damage? After briefly trying it on, I couldn't interact with lemmy anymore, many websites lost their dark mode, youtube wasn't pausing the video, nor was the like button working...
• Is it really needed? What kind of threat model makes something like that needed? Wouldn't it be possible to just add other sources for uBlock to block tracking scripts or something?

Cross-posted from: https://lemmy.zip/post/18686329 (the first OPSEC community on Lemmy, feel free to join us)

Guide to Determining Your Threat Model

Creating a solid threat model is an essential step in improving your operations security (OPSEC). It helps you identify potential threats, assess their impact, and prioritize your defenses. Here’s a step-by-step guide to help you develop your own threat model.

1. Define Your Assets

First, list the things you want to protect. These might include:

• Personal Information: Name, address, phone number, Social Security number, etc.
• Financial Information: Bank account details, credit card numbers, financial records.
• Digital Assets: Emails, social media accounts, documents, photos.
• Physical Assets: Home, devices (computers, smartphones, etc.).

2. Identify Potential Threats

Next, think about who or what could pose a threat to your assets. Possible threats include:

• Hackers: Individuals or groups looking to steal data or money.
• Government Agencies: Law enforcement or intelligence agencies conducting surveillance.
• Corporations: Companies collecting data for marketing or other purposes.
• Insiders: Employees or contractors who might misuse their access.
• Physical Threats: Burglars or thieves aiming to physically access your assets.

3. Assess Your Vulnerabilities

Identify weaknesses that these threats could exploit. Consider:

• Technical Vulnerabilities: Unpatched software, weak passwords, outdated systems.
• Behavioral Vulnerabilities: Poor security habits, lack of awareness.
• Physical Vulnerabilities: Insecure physical locations, lack of physical security measures.

4. Determine the Potential Impact

Think about the consequences if your assets were compromised. Ask yourself:

• How critical is the asset?
• What would happen if it were accessed, stolen, or damaged?
• Could compromising this asset lead to further vulnerabilities?

5. Prioritize Your Risks

Based on your assessment, rank your risks by considering:

• Likelihood: How probable is it that a specific threat will exploit a particular vulnerability?
• Impact: How severe would the consequences be if the threat succeeded?

6. Develop Mitigation Strategies

Create a plan to address the most critical risks. Strategies might include:

• Technical Measures:

  • Use strong, unique passwords and enable two-factor authentication.
  • Keep your software and systems up to date with the latest security patches.
  • Use encryption to protect sensitive data.

• Behavioral Measures:

  • Be cautious with sharing personal information online.
  • Stay informed about common scams and phishing tactics.
  • Regularly review your privacy settings on social media and other platforms.

• Physical Measures:

  • Secure your devices with locks and use physical security measures for your home or office.
  • Store sensitive documents in a safe place.
  • Be mindful of your surroundings and use privacy screens in public places.

7. Continuously Review and Update

Your threat model isn’t a one-time project. Review and update it regularly as your situation changes or new threats emerge.

Example Threat Model

1. Assets:

   • Personal Information (e.g., SSN, address)
   • Financial Information (e.g., bank accounts)
   • Digital Assets (e.g., emails, social media)
   • Physical Assets (e.g., laptop, phone)

2. Threats:

   • Hackers (e.g., phishing attacks)
   • Government Agencies (e.g., surveillance)
   • Corporations (e.g., data collection)
   • Insiders (e.g., disgruntled employees)
   • Physical Threats (e.g., theft)

3. Vulnerabilities:

   • Weak passwords
   • Outdated software
   • Sharing too much information online
   • Insecure physical locations

4. Potential Impact:

   • Identity theft
   • Financial loss
   • Loss of privacy
   • Compromise of additional accounts

5. Prioritize Risks:

   • High Likelihood/High Impact: Weak passwords leading to account compromise.
   • Low Likelihood/High Impact: Government surveillance leading to loss of privacy.

6. Mitigation Strategies:

   • Use a password manager and enable two-factor authentication.
   • Regularly update all software and devices.
   • Limit the amount of personal information shared online.
   • Use a home security system and lock devices.

It all comes from Arizona. Ive never been to Arizona. My phone number isnt anywhere near Arizona. One year, I replied STOP to every text. Nothing stopped. Now I just cuss them out and block them, but it still persists. I wrote an email to the Arizona Republican's main office and demanded my number be removed from thier canvassing. Crickets. More spam. 3 today alone. I am so tired of this shit. It doesnt help that I think conservatives are pieces of shit and I am a member of a marginalized community that they are targeting with hate and discriminative laws.

I only just thought of this. I have the same cartoon-y profile pic from a foreign TV show on a bunch of my accounts, I wonder if its unique enough and worth tracking.

In the browser, i didn't login in the google account, and I didn't accept the cookies on that site. Using privacybadger that supposedly should block the 3rd party spyware like that

Mainstream platforms such as Meta and X have accumulated a near-universal audience that is the root of all their evil. From sentiment analysis mass experiments to propagandistic political advertising. Things are worse in third countries where they are even less moderated. So I was thinking that as long as FOSS/Privacy is just geeky and elitist they just keep doing business as usual, from enshitification to fascism. Additionally, people have moved their political posting, scheduling, discussion online, so this gives them more power. Like seeing anarchist groups on Facebook is cringe, but some insist that "that is where the mass is, perhaps we move to Instagram to get to more Zedders". Whaaaat? Questions: What tactics could be used to move people en masse away from mainstream platforms, and more generally, do you think there is a point in it?

cross-posted from: https://lemmy.zip/post/18581354

Privacy measures apparently helping criminals evade capture

The Spanish government has a plan to prevent kids from watching porn online: Meet the porn passport.

Officially (and drily) called the Digital Wallet Beta (Cartera Digital Beta), the app Madrid unveiled on Monday would allow internet platforms to check whether a prospective smut-watcher is over 18. Porn-viewers will be asked to use the app to verify their age. Once verified, they'll receive 30 generated “porn credits” with a one-month validity granting them access to adult content. Enthusiasts will be able to request extra credits.

You have to request more porn credits from the government if you need more? Don't want the government to be tracking this data of you. This is a privacy issue