Wall Street Journal (paywalled) The digital payments company plans to build an ad sales business around the reams of data it generates from tracking the purchases as well as the broader spending behaviors of millions of consumers who use its services, which include the more socially-enabled Venmo app.

PayPal has hired Mark Grether, who formerly led Uber’s advertising business, to lead the effort as senior vice president and general manager of its newly-created PayPal Ads division.

Hello guys. I recently acquired a Pixel 8A and it was Google stock os I bought it from a man locally all with cash I brought It home and I flashed grapheneos onto this phone.

What else needs to be done to anonymous this phone and make it a privacy phone and a spy free phone no tracking phone no interception phone and no monitored phone.

Any advice welcome!

Thanks.

Cross-posted from: https://sh.itjust.works/post/19987854

We have previously highlighted the importance of not losing your account number, encouraging it to be written down in a password manager or similar safe location.

For the sake of convenience account numbers have been visible when users logged into our website. This had led to there being potential concerns where a malicious observer could:

• Use up all of a user's connections
• Delete a user's devices

From the 3rd June 2024 you will no longer be able to see your account number after logging into our website.

• "Hiding account numbers". Mullvad. 2024-05-27. Mullvad Blog (https://mullvad.net/en/blog/2024/5/27/hiding-account-numbers).
• Archive

i want to export all playlists and subscribtiones from invidious to piped but it doesnt work.

in invidious i click -Export Invidious data as JSON-

then i go to my acc in piped.video and i click -Import from JSON/CSV-

then piped popup says -The file doesn't contain valid playlists!-

how do i import then? there are no other formats to export from invidious than json and OPML, and piped only accepts JSON and CSV... i tried to see if there's community for invidious or piped on lemmy but i only found abandoned piped page and no invidious page.

I am currently in the process of finally getting rid of my Meta-account. In the process I have requested data extraction. The media stuff was made available pretty quickly, but the data logs are still being processed. Does anyone know what data they actually contain, and whether there's any point in waiting for it?

The reason I ask is that I also recently got a notification saying that will soon train their AI-model on my data which they will use the "legitimate interest" bullshit to do. I want to have my account deleted by the time this will be phased in (towards the end of June).

So now I am in the dilemma of waiting for the data logs to complete (which I don't know how long will take) or just delete my account in hopes that it will be purged before the AI-stuff goes into effect. I am unable to find out exactly what these data logs consists of and whether there is any point in keeping onto them for whatever reason.

Now, whether I can trust that they actually delete the data is another matter, but at least I would've done what I can, and they would break the law if the retain the data after my deletion request (under GDPR).

Is it possible to blog in the AI era?

I write short stories every now and then and I throw them online. I also have a tech blog, where I moan about the decisions software I use make and with my "infinite wisdom", I tell them what they should be doing instead.

I used to host both on Medium, but Medium got greedy. Then it was WordPress, but now even they're trying to be greedy bastards and use my shit for training AI.

Some would argue that WordPress paid hosting will exempt me from the AI training, but for less than 100 visitors a year, it's not really worth the expense.

So what is the solution? I ask the greater minds of this community for suggestions.

cross-posted from: https://slrpnk.net/post/9961019

Hello Lemmy! Yesterday I released the first version of an alternative frontend for Threads: Shoelace. It allows for fetching posts and profiles from Threads without the need of any browser-side JavaScript. It's written in Rust, and powered by the spools library, which was co-developed between me and my girlfriend. Here's a quick preview:

The official public instance (at least for now) is located at https://shoelace.mint.lgbt/, if y'all wanna try it out. There's also instructions to deploy it inside the docs you can find in the README. Hope y'all enjoy it!

Waterfox is a browser, obviously based on Firefox, but without default "junk" that Firefox comes with.

Don't see many mentions to Waterfox at all in this community? Are there any specific reasons for it? Seems like a neat version of Firefox, with development based out of the UK.

• Worthwile blogpost on their independence and future updates: https://www.waterfox.net/blog/waterfox-in-2023/
• Project: https://www.waterfox.net
• Flathub: https://flathub.org/apps/net.waterfox.waterfox

This is half a decade old news, but I only found this out myself after it accidentally came up in conversation at the DMV. The worker would not have informed me if it hadn't come into conversation. Every DMV photo in the United States is being used for AI facial recognition, and nobody has talked about it for years. This is especially concerning given that citizens are recently being required to update their ID to a "Real ID," which means more people than ever before are giving away the rights to their own face.

The biggest problem with privacy issues is that people talk about it for a while, but more often than not nothing ever happens to fix the problem, it simply gets forgotten. For example, in the next few years Copilot will simply become a part of people's lives, and people will slowly stop talking about the privacy implications. What can we even do to fight the privacy practices of giants?

I am currently using Proton VPN (free tier) which is set to Always-ON and Block Connections on disable.

Today while I am going through my Gmail security option, on the devices/sessions I found my real location mentioned over there. Even when I use desktop I always connect to VPN.

On this issue I got couple of doubts:

• Is this because I am using a free tier VPN? so it's not functioning properly etc...
• Else google fixed my location based on my previous location history? I used my google applications without VPN for many years, I am just learning & following privacy tips recently.

So with the recent Bing situation I wanted to take a second look on private search engines and sharing my conclusions of each search engine. Here is my list of private search engines:

Duckduckgo

I really like Duckduckgo, it has all important tools, decent result quality and a great image search function. Instant answers is very useful. My main problems are the reliance on Bing as the index and the choice of Apple Maps as mapping solution. Apart from the situation with the browser and Microsoft tracking Duckduckgo has a pretty clear record and the privacy.

Startpage

Startpage is another great option. Apart from mapping everything is there and, while not as good as Duckduckgo's, the image search engine good. The results are based on google and on par to better than those of DDG. The main advantages over DDG are European base (Netherlands) and the anonymous view, which basically functions as a quick access VPN, but sadly breaks ad/tracker blockers. Privacy for regular search is equal to DDG, but you have to disable JS to get rid of some telemetry. It is owned by an advertising company

Swisscows

Swisscows is okay. It is also Bing based, but slightly worse than DDG results. It lacks image search filters and mapping, but offers a music search which allows you to listen to ad free music. It also has an anonymous view, but it's not interactive. Privacy is similar to DDG, but has more telemetry and (temporally) stores your IP. It is from Switzerland, it also has a very strict anti gore/porn policy that sometimes makes normal search terms inaccessible.

Qwant

Qwant used to be very solid French search engine, has dropped in quality. Similar search quality to DDG, image search like Startpage. They use Bing in combination with their own index. Then problems: They share your IP with Microsoft and they replaced their main advantage, openstreetmap based independent mapping service, with AI summary's that require an account. Worse privacy than all the above.

Ecosia

Very similar to DDG. The main differences are that Ecosia is based in Germany, it plants trees to fight climate change, but also forwards your IP to MS.

Brave

Braves main advantages are being independent, both with the search and the AI, and the goggles that allow you to customize your results. Search results are slightly better than DDG, image search is bad, no mapping is available. Brave has had invaded privacy in the past, but currently the privacy is good as long as you disable statistics. The company itself is a bit concerning and the CEO is homophobic.

SearXNG

SearXNG is self hosted and open source, it uses various search engines as index and has a ton of extra feature like music search, fediverse search and a bunch more. While it has the most features and best privacy of all options, public instances are sometimes slow and the results aren't really good.

Kagi

Kagi is in principle a decent quality search engine, but it is paid and has some problems that are only getting worse. For those interested read this blogpost.

4get

4get is a open source, self hostable search engine. It acts as a web scraper for various search engines, also supports Soundcloud. It has great privacy and good results, but it lacks mapping and the official instance requires a CAPTCHA per 100 searches

Yep

Yep is an independent search engine. It is private and has good results, but lacks image search tools, video search and mapping.

Presearch

Decentralized independent search. It has good results but lacks image search tools, is sometimes unreliable and has intrusive advertising

A quick fire round of search engine that have decent privacy, but I wouldn't use due to result quality:

Ekoru Like Ecosia, but for cleaning oceans, Bing based, few features, requires extension.

Whoggle Like SearXNG, but with less features.

Metager Meta search engine with multiple search back ends, mainly Bing (Yahoo), completely powered by renewable energy

Mojeek Independent UK search engine with few additional feature, is supposed to be unbiased

LibreX/LibreY Like Whoggle

AstianGO Slightly modified version of LibreX by the Devs of the Midori Browser

Ghostery German independent search engine, regular web only, offers tracker analysis for websites

Stract Open source, self hostable, independent search engine

Lilo Like Ecosia, but with fewer features and the option to support various projects

YouCare Bing based search, shares your IP with MS, does "good deeds", some missing features

Giburu Google based proxy search

Gigablast Open source, self hostable, independent search engine

Mwmbl Open source, independent, self hostable search engine. Only web results

Marginalia Open source, independent, self hostable search engine. Only web results, offers filters

That would be my list. I'll still be sticking with Duckduckgo but I'd reconsider if Startpage improves it image search. Brave will probably never be my default, but it has proven it's role as a more private backup. Comment if I missed any search engine

Search engines I didn't include due to horrible privacy Bing/Google/Yandex/Yahoo/You/Baidu

In an effort to increase my privacy, I decided to buy a Pixel phone second hand to use with GrapheneOS. Due to some miscommunications, the phone ended up being carrier locked with T-Mobile. GrapheneOS's own website advises against buying carrier locked phones in order to avoid the hassle of carrier unlocking it.

I assumed that even if the support staff was unaware about OEM unlocking, I would at least be able to fairly effortlessly get the device carrier unlocked because it was bought second hand. My first call was to the T-Mobile support center, and the representative wanted the phone number of the device in order to unlock it. The device had no phone number, so we instead tried the IMEI. I was told that the IMEI was invalid because it was not the correct number of characters, and was told that there was nothing they could do without physical access to the device. As expected, the representative had never heard of OEM unlocking.

My next stop was at a T-Mobile store, to seek help there. The staff member there was very helpful and, despite not knowing what OEM unlocking was, was very aware of how to handle the situation regardless. He made a call to T-Mobile support (which has a different process if you are a staff member) and explained the situation to them.

Here is where things get interesting: T-Mobile had the ability to carrier unlock the phone, and had enough information to prove the device was mine, but refused to carrier unlock it because it has to be done by the original account holder. They wouldn't give any information about how to contact the original account holder, which is reasonable.

The in-person representative told me that if I was able to find a phone number linked with the original account holder that they would be able to do more, but after trying for over an hour to find any contact information with the seller, I couldn't find anything.

The in-person representative decided to try calling support one more time, and even went out of his way to try lying to the support team on my behalf, just to see what could be done.

After hanging up the phone, he told me that T-Mobile gave me 2 options:

1. Return the device entirely and buy a different one
2. Pay for T-Mobile for an entire year AND pay a $100 service fee

That's like telling someone they have to pay a year of rent before they can even step foot in a house they already paid for, and then pay $100 to get the doors unlocked. I knew it would be a bit of a process to get it carrier unlocked, but I didn't realize it would take me four hours to be told I had to pay T-Mobile for a year to be able to access a device I paid for.

I even tried using T-Mobile's own app to unlock the device, but the app is not functional as many reviewers have also noted.

Thankfully the seller accepted free returns, so the story has a happy ending, but any consideration of buying a carrier locked phone before has since evaporated.

It is truly dystopian how we live in a world where companies are allowed to get away with stuff like that, and yet people still give away their money and freedom to these companies.

Innovation and privacy go hand in hand here at Mozilla…

Is this the time to drop firefox?

What cloud VPS host is the best for privacy and security? I want to self host stuff for myself some tools. Mental Outlaw make a video last year about self hosting your own VPN with a service called Vultr but back in December vultr added to their TOS that they own what you host and a bunch of other scary stuff. So I don't trust Vultr anymore. I don't see recommended vps hosts on privacyguides website. So what do you guys think I should use to self host various things like a VPN, Nextcloud, and so on.

In sharing this video here I'm preaching to the choir, but I do think it indirectly raised a valuable point which probably doesn't get spoken about enough in privacy communities. That is, in choosing to use even a single product or service that is more privacy-respecting than the equivalent big tech alternative, you are showing that there is a demand for privacy and helping to keep these alternative projects alive so they can continue to improve. Digital privacy is slowly becoming more mainstream and viable because people like you are choosing to fight back instead of giving up.

The example I often think about in my life is email. I used to be a big Google fan back in the early 2010s and the concept of digital privacy wasn't even on my radar. I loved my Gmail account and thought it was incredible that Google offered me this amazing service completely free of charge. However, as I became increasingly concerned about my digital privacy throughout the 2010s, I started looking for alternatives. In 2020 I opened an account with Proton Mail, which had launched all the way back in 2014. A big part of the reason it was available to me 6 years later as a mature service is because people who were clued into digital privacy way before me chose to support it instead of giving up and going back to Gmail. This is my attitude now towards a lot of privacy-respecting and FOSS projects: I choose to support them so that they have the best chance of surviving and improving to the point that the next wave of new privacy-minded people can consider them a viable alternative and make the switch.

I want a bulletproof way to give email sub-addresses, since some websites strip out special characters like + and .. I have an idea for how it could work, let's say my email is [email protected] and I have the following:

• All emails sent to TheTwelveYearOld@ get blocked
• I specify a suffix that would be used instead of +, perhaps "From"
• I whitelist phrases that go after "From": TheTwelveYearOldFromDoorDash, TheTwelveYearOldFromGoogle, TheTwelveYearOldFromReddit

Are there any services that can do this? I'm thinking I should make my own domain for emails that way my email addresses aren't tied to any companies and I can easily switch.

cross-posted from: https://lemmy.world/post/15750986

Danish banks have implemented significant restrictions on how Danish kroner (DKK) used outside Denmark can be repatriated back into Denmark.

Due to these circumstances, which are unfortunately beyond Mullvad’s control, Mullvad will no longer be able to accept DKK from its customers. We will continue to credit DKK received until the end of the month, but considering postal delays, it is best to stop sending it immediately.

• Source
• Archive

Archive link: https://archive.ph/GJauG

In exchange for selling them repair parts, Samsung requires independent repair shops to give Samsung the name, contact information, phone identifier, and customer complaint details of everyone who gets their phone repaired at these shops, according to a contract obtained by 404 Media. Stunningly, it also requires these nominally independent shops to “immediately disassemble” any phones that customers have brought them that have been previously repaired with aftermarket or third-party parts and to “immediately notify” Samsung that the customer has used third-party parts.

Aaron Perzanowski, a personal property law expert and professor at the University of Michigan Law School, told me “Most consumers would be very surprised to learn that their personal information and details about their devices are being shared with the manufacturer. And I doubt there is any meaningful disclosure of or consent to sharing that data. So this looks like a substantial and unexpected invasion of consumer privacy.”

“This is exactly the kind of onerous, one-sided ‘agreement’ that necessitates the right-to-repair,” Kit Walsh, a staff attorney at the Electronic Freedom Foundation and right to repair expert told me. “The data collection is excessive. I may not have chosen to disclose my address or identity to Samsung, yet an added cost of repair—even at an independent shop—is giving that information up. In addition to the provision you mentioned about dismantling devices with third-party components, these create additional disincentives to getting devices repaired, which can harm both device security and the environment as repairable devices wind up in landfills.”