My main laptop is dead, so I'm on a potato laptop with a 6th gen Intel i3 processor and 4GB of RAM. I have IceCat installed, but I really don't like the defaults it provides.

Maybe I am in the wrong here, but from the Arkenfox page, I've read that having way too many extension is bad - there's an unbelievable amount of these plugins. IceCat being on the older ESR version is a big no when it comes to security. Last but not the least, I want to create a separate, non-secure profile to use normal pages, but IceCat has hard-coded blocks on several websites.

And that is exactly why I'm looking to move to LibreWolf. But the issue is that there is no pre-built binaries available for my distro. I've waited the entire day for this browser, and I'm tired of having to come back to a frozen desktop, or build fails while waking from sleep.

I'm trying the build once again, and I just wanted to know how long it takes to build, so that I can leave it uninterrupted.

I wish to mention learnings from the coupious time i spend on learning online privacy ,security and anonymity for my b school (MBA) admissions interview. Can I market is as a cybersecurity internship. But Cyber security has a different meaning altogether. I’m pretty much at the advance stage of the privacy journey( read all prominent books, understand techlore and others in the privacy community. Help me structure a pitch around it.

edit: please see comments for more informed insights.

I am currently investigating and reverse engineering free VPNs for a master thesis, and just came across something I thought I'd share. VPN in this case is 1clickvpn.net, not .com!

I'm sharing this as a warning as to never use free vpns! They are most often the opposite of what they promise to be. (by free I do not mean the free versions of premium services). But either way; be careful about your VPN choice, as they have access to a lot of sensitive data. I'm sure most peeps here know of this already, but next time you hear someone using a free vpn, let them know...

This first image/code was sitting inside a file called NetworkModule, with some hella weird external links.

1. addrDOTcx, seems to have been linked to malware? Comes up flagged as malicious a few times on VirusTotal.
2. freevpnDOTzone, seems to be another free possible malicious VPN service, might investigate this one later.
3. bigbrolookDOTcom, seems to longer be a registered domain. But wtf? Was this VPN service linked to p*rn??
   IMAGE HERE; Don't visit these links unless you know what you're doing.

   

Furthermore, there is this interesting find; Now I am no expert coder, frankly quite the amateur. But does the below code really mean what I think it does? ~~Seems like it could be creating a fake connection?~~. This is more-less normal behaviour it seems, considering it is a local address it is probably used for testing purposes or making the app not crash if a connection cant be established. Is used once here;

Stay safe 🌻

For some years I have been using several of these apps, and just (re)discovered that they have plenty more than the 5 or 6 I use. Wanted to share. This webpage is in German, but apps description in F-droid are in English.

Screenshots:

Breezy Weather is a free and open-source Android weather app, forked from Geometric Weather, adding new features, sources, modernizing code, fixing bugs, updating dependencies for security reasons, etc., while keep having a smooth user and developer experience in mind.

Features

• Weather data

  • Daily and hourly forecasts up to 16 days
    • Temperature
    • Air quality
    • Wind
    • UV index
    • Precipitation
    • Feels like temperature
  • Hourly forecasts
    • Humidity / Dew point
    • Pressure
    • Cloud cover
    • Visibility
  • Precipitation in the next hour
  • Air quality
  • Pollen & Mold
  • Ephemeris (Sun & Moon)
  • Severe weather and precipitation alerts
  • Real-time weather conditions
    • Temperature
    • Feels like
    • Wind
    • UV index
    • Humidity
    • Dew point
    • Atmospheric pressure
    • Visibility
    • Cloud cover
    • Ceiling

• Multiple weather sources

• Large selection of home screen widgets for at-a-glance information

• Live wallpaper

• Custom icon packs

  • Geometric Weather icon packs
  • Chronus Weather icon packs

• Automatic dark mode

• Looking for radar? Check out this document

• Free and Open Source

  • No proprietary blobs/dependencies (versions 5.0.0-alpha and later)
  • Releases generated by GitHub actions, guaranteeing it matches the source code
  • Fully works with Open-Meteo (FOSS source)

• Privacy-friendly

  • No personal data collected by the app (link to app privacy policy)
  • Multiple sources are available, with links to their privacy policies for transparency
  • Current location is optional and not added by default
  • If using current location, an IP location service can be used instead of GPS to send less accurate coordinates to weather source
  • No trackers/automatic crash reporters

Note: If the link isn’t working for you or if you can’t find the app, update the default F-Droid repository in your F-Droid client.

cross-posted from: https://lemmy.blahaj.zone/post/10889989

Big news in DC: a new bipartisan, bicameral proposal for a "compromise" federal privacy bill, the American Privacy Rights Act (APRA). At this point, take it all with a grain of salt; in 2022, the initial draft of the bill was promising, but it got weakened substantially by the subcommittee and then weakened further by the committee. I haven't read the discussion draft yet so don't have any strong opinions on it.

Is it possivle to debloat a fire tv stick? I.e. remove all amazon related apps and replace the launcher. The info I find online is scattered around and depends on the version.

Recently stumbled upon this note-taking app called SiYuan, but it honestly looks a bit too good to be true(?). Has anyone here used it or got any experience with it? Trying to replace Obsidian is a difficult task, and I've been through almost all note-taking apps there are out there, however this one looks fairly similar.

Link to Repo;

https://github.com/siyuan-note/siyuan

Link to project;

https://b3log.org/siyuan/en/

I am not satisfied with Linux's security and have been researching alternative open source OS for privacy and security So far only thing that's ready to use is GrapheneOS (Based on Android) but that's not available on desktop (Though when Android release Desktop mode it may become viable)

Qubes OS is wrapper around underlying operating systems, so it doesn’t really fix for example Linux’s security holes it just kinda sandbox/virtualize them

OpenBSD is more secure than Linux on a base level but lack mitigations and patches that are added to linux overtime and it's security practices while good for it's time is outdated now

RedoxOS (Written in Rust) got some nice ideas but sticks to same outdated practices and doesn't break the wheel too much, and security doesn't seems to be main focus of OS

Haiku and Serenity are outright worse than Linux, especially Haiku as it's single user only

Serenity adopted Pledge and Unveil from OpenBSD but otherwise lacks basic security features

All new security paradigms seems to be happening in microkernels and these are the ones that caught my eyes

None of these are ready to be used as daily driver OS but in future (hopefully) it may change

Genode seems to be far ahead of game than everything else

Ironclad Written in ADA

Atmosphere And Mesosphere Open Source Re-implementation of Nintendo Switch's Horizon OS, I didn't expected this to be security-oriented but seems like Nintendo has done a very solid job

Then there are Managarm, HelenOS, Theseus but I couldn't figure out how secure they are

Finally there is Kicksecure from creators of Whonix, Kicksecure is a linux distro that plans to fix Linux's security problems

if you know of any other OS please share it here

Identity theft is a common cause of anxiety in modern society, and it's pretty justifiable. According to a recent survey from US News, almost three quarters of adults have experienced at least one case of identity theft, and 27% have experienced more than one. In 2022 there were more than 1.1 million reports of identity theft, costing Americans a total of $8.8 billion dollars with a median of $650. One-in-five respondents reported that they continue to suffer financial consequences to this day. It's no wonder that a multi-billion-dollar industry has sprung up around protecting against identity theft. But does it make sense to pay for an identity theft protection service? Or is it just snake oil?

Apparently Apple can end-to-end encrypt your iCloud, but it’s opt in because they still want to profit off your data >_<

To enable this, go to Settings -> iCloud -> Advanced Data Protection

You need to have all the devices under your apple account to be fully updated, and you’ll need to remember a 28-key passphrase for recovery

I hate how big tech treats privacy as an afterthought. This should have been the default. But oh well. Spread the world people.

HeliBoard keyboard is an improved fork of the now-unmaintained OpenBoard keyboard. It does not require internet permission, allowing it to be used 100% offline.

Features

• Add dictionaries for suggestions and spell check

  • Build your own, or access them here, or in the experimental section (quality may vary)
  • Additional dictionaries for emojis or scientific symbols can be used to provide suggestions (similar to "emoji search")
  • Note that for Korean layouts, suggestions only work using this dictionary; the tools in the dictionary repository cannot create working dictionaries

• Customize keyboard themes (style, colors, and background image)

  • Can follow the system's day/night setting on Android 10+ (and on some versions of Android 9)
  • Can follow dynamic colors for Android 12+

• Customize keyboard layouts (only available when disabling system languages)

• Multilingual typing

• Glide typing (only with closed-source library ☹️)

  • Library not included in the app, as there is no compatible open-source library available
  • Can be extracted from GApps packages ("swypelibs"), or downloaded here

• Clipboard history

• One-handed mode

• Split keyboard (only available if the screen is large enough)

• Number pad

• Backup and restore your learned word/history data

Hidden Functionality

Features that may go unnoticed, and further potentially useful information

• Long-pressing the Clipboard Key (the optional one in the suggestion strip) pastes system clipboard contents.
• Long-pressing keys in the suggestion strip toolbar pins them to the suggestion strip.
• Long-press the Comma-key to access Clipboard View, Emoji View, One-handed Mode, Settings, or Switch Language:
  • Emoji View and Language Switch will disappear if you have the corresponding key enabled;
  • For some layouts, it's not the Comma-key, but the key at the same position (e.g. it's q for Dvorak layout).
• When incognito mode is enabled, no words will be learned, and no emojis will be added to recents.
• Sliding key input: Swipe from shift or symbol key to another key. This will enter a single uppercase key or symbol and return to the previous keyboard.
• Hold shift or symbol key, press one or more keys, and then release shift or symbol key to return to the previous keyboard.
• Long-press a suggestion in the suggestion strip to show more suggestions, and a delete button to remove this suggestion.
• Swipe up from a suggestion to open more suggestions, and release on the suggestion to select it.
• Long-press an entry in the clipboard history to pin it (keep it in clipboard until you unpin).
• Swipe left in clipboard view to remove an entry (except when it's pinned)
• Select text and press shift to switch between uppercase, lowercase, and capitalize words
• You can add dictionaries by opening the file
  • This only works with content-uris and not with file-uris, meaning that it may not work with some file explorers.
• Debug mode / debug APK
  • Long-press a suggestion in the suggestion strip twice to show the source dictionary.
  • When using debug APK, you can find Debug Settings within the Advanced Preferences, though the usefulness is limited except for dumping dictionaries into the log.
    • For a release APK, you need to tap the version in About several times, then you can find debug settings in Advanced Preferences.
    • When enabling Show suggestion infos, suggestions will have some tiny numbers on top showing some internal score and source dictionary.
  • In the event of an application crash, you will be prompted whether you want the crash logs when you open the Settings.
  • When using multilingual typing, the space bar will show a confidence value used for determining the currently used language.
• For users doing manual backups with root access: Starting at Android 7, some files and the main shared preferences file are not in the default location because the app is using device-protected storage. This is necessary so the settings and layout files can be read before the device is unlocked, e.g., at boot. The files are usually located in /data/user_de/0/<package_id>/, though the location may depend on the device and Android version.

Planned features and improvements:

• Customizable functional key layout
  • Will likely result in having the same functional key layout for alphabet and symbols layouts
• Support for alt, ctrl, meta and fn (#479)
• Less complicated addition of new keyboard languages (e.g. #519)
• Additional and customizable key swipe functionality
  • Some functionality will not be possible when using glide typing
• Ability to enter all emojis independent of Android version (optional, #297)
• (limited) support for customizing all internally used colors
• Add and enable emoji dictionaries by default (if available for language)
• Clearer / more intuitive arrangement of settings
  • Maybe hide some less used settings by default (similar to color customization)
• Customizable currency keys
• Customizable clipboard toolbar keys (#513, #403)
• Ability to export/import (share) custom colors
• Make use of the .com key in URL fields (currently only available for tablets)
  • With language-dependent TLDs
• Internal cleanup (a lot of over-complicated and convoluted code)
• (optionally?) move toolbar key pinning to a setting, so long press actions on unpinned toolbar keys are available
• Bug fixes

What will not be added:

• Material 3 (not worth adding 1.5 MB to app size)
• Dictionaries for more languages (you can still download them)
• Anything that requires additional permissions

cross-posted from: https://lemmings.world/post/7876457

Turning Off the Roku Features of Your TCL Smart TV

You have the option to disable the Roku features of your TCL Smart TV...

Are comments no longer visible for anyone else using the youtube frontends? I can no longer see comments with either invidious, piped, or viewtube, and I've tried several instances of each. With invidious there's just nothing there below the video description. With viewtube I get an error message. And with piped I see placeholder text "Avatar, null, -1 replies" in place of every comment. The last one is kind of funny actually, and better than most comments anyway.

I'm assuming youtube/google did something fucky again to try to dissuade people from doing what they can to escape their bullshit and hopefully viewing the comments on videos will be back to normal when the frontend devs make it work again in a couple days. But I figured it would be worth checking here to make sure it's not just on my end. Then again, it will probably be better for my sanity and my struggle not to descend into sheer misanthropic hatred if I just never read youtube comments again.

Hi all! I'm working on my cyber security bachelor's thesis and am reaching out to gather insights from users who use decentralized messaging applications.

I would be incredibly thankful if you could find the 2 to 4 minutes to fill out the form. Your experience in the matter is incredibly valuable.

You'll find the survey at https://questionnaire.ink/412758

Your responses are confidential and will be used solely for supporting my thesis. No personally identifiable information is collected.

Thanks!

EM Eye investigates a cybersecurity attack where the attackers eavesdrop on the confidential video data of cameras by parsing the unintentional electromagnetic leakage signals from camera circuits. This happens on the physical/analog layer of camera systems and thus allows attackers to steal victim's camera data even when perfect software protections (e.g., unbreakable passwords) are all in place. Exploiting the eavesdropped videos, attackers can spy on privacy-sensitive information such as people's activities in an enclosed room recorded by the victim's home security camera. [...]

Paper.