Does anyone that pays for proton also use it with a SO? We've been looking to pay for it but the family plan looks like an overkill for us. The viable alternative is paying for the Mail Plus plan for each of us but we are a bit worried that we won't be able to share calendars.

Would appreciate if someone else has the same use case as us and could share their experiences. Thanks!

The data brokerage giant sold face recognition, phone tracking, and other surveillance technology to the border guards, say government documents.

There are some speculations about TPM uncontrollably sending data to manufacturer servers if a laptop has any Internet connection. Others say it's not intended/capable of that, like this answer for example (which is 5 years old though).

Lemmy, what do you say?

Hey everyone, so for the past few month I have been working on this project and I'd love to have your feedback on it.

As we all know any time we publish something public online (on Reddit, Twitter or even this forum), our posts, comments or messages are scrapped and read by thousands of bots for various legitimate or illegitimate reasons.

With the rise of LLMs like ChatGPT we know that the "understanding" of textual content at scale is more efficient than ever.

So I created Redakt, an open source zero-click decryption tool to encrypt any text you publish online to make it only understandable to other users that have the browser extension installed.

Try it! Feel free to install the extension (Chrome/Brave/Firefox ): https://redakt.org/browser/

EDIT: For example, here’s a Medium article with encrypted content: https://redakt.org/demo/

Before you ask: What if the bots adapt and also use Redakt's extension or encryption key?

Well first they don't at the moment (they're too busy gathering billions of data points "in clear"). If they do use the extension then any changes we'll add to the extension (captcha, encryption method) will force them to readapt and prevent them to scale their data collection.

Let me know what you guys think!

Proton Mail, the leading privacy-focused email service, is making its first foray into blockchain technology with Key Transparency, which will allow users to verify email addresses. From a report: In an interview with Fortune, CEO and founder Andy Yen made clear that although the new feature uses blockchain, the key technology behind crypto, Key Transparency isn't "some sketchy cryptocurrency" linked to an "exit scam." A student of cryptography, Yen added that the new feature is "blockchain in a very pure form," and it allows the platform to solve the thorny issue of ensuring that every email address actually belongs to the person who's claiming it.

Proton Mail uses end-to-end encryption, a secure form of communication that ensures only the intended recipient can read the information. Senders encrypt an email using their intended recipient's public key -- a long string of letters and numbers -- which the recipient can then decrypt with their own private key. The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. "Maybe it's the NSA that has created a fake public key linked to you, and I'm somehow tricked into encrypting data with that public key," he told Fortune. In the security space, the tactic is known as a "man-in-the-middle attack," like a postal worker opening your bank statement to get your social security number and then resealing the envelope.

Blockchains are an immutable ledger, meaning any data initially entered onto them can't be altered. Yen realized that putting users' public keys on a blockchain would create a record ensuring those keys actually belonged to them -- and would be cross-referenced whenever other users send emails. "In order for the verification to be trusted, it needs to be public, and it needs to be unchanging," Yen said.

Curious if anyone here would use a feature like this? It sounds neat but I don't think I'm going to be needing a feature like this on a day-to-day basis, though I could see use cases for folks handling sensitive information.

cross-posted from: https://lemmy.world/post/8326497

The FCC can now punish telecom providers for charging customers more for less::The Federal Communications Commission has passed new digital discrimination rules that hold telecom providers accountable for not providing equal internet access.

Thanks Max!

Just heard of Lemmy today

I would love to leave reddit

Whats most privacy respecting android app for Lemmy ?

Looks like gitlab now requires account verification for new accounts in addition to email. Either phone number or credit card.

This applies both to accounts created with a working email or by logging in using your github account. You can't even verify your email until you go through step 1.

I don't know when this started, but at least for the last month or two judging from these posts in the forums.

• https://forum.gitlab.com/t/how-to-create-an-account-without-telephone-number-if-an-non-activated-account-has-already-been-created-with-the-same-e-mail-address-that-demands-a-phone-number/93675/2
• https://forum.gitlab.com/t/phone-verification-sms-not-received-unable-to-login-and-register/92202
• https://forum.gitlab.com/t/how-to-create-an-account-without-telephone-number-if-an-non-activated-account-has-already-been-created-with-the-same-e-mail-address-that-demands-a-phone-number/93675/2

Fun fact: I don't even want to host on gitlab, I just wanted to report bugs in some projects. So I'm locked out.

Just saw this update. I'll quote from the previous article for a complete picture.

After years of legislative process, the near-final text of the eIDAS regulation has been agreed by trialogue negotiators1 representing EU’s key bodies and will be presented to the public and parliament for a rubber stamp before the end of the year. New legislative articles, introduced in recent closed-door meetings and not yet public, envision that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments.

This means governments could impersonate websites, effectively breaking https. Over 500 researchers and experts had signed a letter against the problematic article 45. In the update they got a response:

In a media Q&A given by the European Commission on Thursday (9th November), the Commission characterized the risks raised in the open letter from cyber security experts and civil society as a ‘misunderstanding’. The Commission went on to state that the open letter had been discussed with their experts, who concluded ‘there is no risk of government spying, nor breaching the confidentiality of internet connections’.

So they asked 'experts' who said breaking https doesn't lead to government spying.

We call on the European Commission, Council and Parliament to:

• Publish the final legal text of the eIDAS regulation as soon as possible.

• Ensure that civil society and cyber security experts have adequate time to scrutinize this regulation ahead of any legislative action.

• Be transparent about the advice the Commission has received regarding this regulation and who was consulted.

I'm so done with this. The fact that they can just:

1. Introduce an article that breaks https into a regulation a short time before it's voted on

2. Don't disclose the text of the articles for independent experts to look at

3. Blatantly deny what it does after it gets discovered

Without any repercussions is depressing. They'll just keep trying this until it sneaks past.

This text is subject to approval in the final closed-door trialogue meeting in Brussels on November 8th, after which it will be published and presented for formal ratification in the European Parliament. This is expected to be in the first few months of 2024, but this vote is seen as a formality with the text of trialogue negotiations typically being adopted into law without alteration.

Last week, representatives of the European Parliament, Council and Commission announced they had signed off on the eIDAS Regulation and that a vote in Parliament’s ITRE committee will be held on November 28th. We understand that although no changes have been made to Article 45, there were last-minute changes to the accompanying Recital 32. However, the EU has still not published the agreed legal text. There are now less than 13 days until the vote and the cyber security community, civil society and the public are still unable to read the proposed regulation, let alone scrutinize its impacts.

Finally:

If you’re a European citizen, you can write to the member of the European Parliament responsible for the eIDAS file - Romana JERKOVIĆ - and register your concern.

Edit: formatting

Hello, could someone recommended a keyboard for android that is a bit smart in predictive typing? I used to like swiftkeybefore it was bought by microsoft. Not that swiftkey itself was much better but I was not so privy conscious at that time.

I recall swiftkey would require access to your texts and emails to train itself to your predictions.

Is there some similar foss keyboard where all the data then remains local?

I know swiftkey has an incognito mode, but then it stops learning from your typing.

Can you recommend me some anonymous phone number services to use when creating account that requiring phone number verification?

I think we all draw a line between privacy and convenience and I think I found mine and settled into a comfort zone of sorts. I use Fedora 38. My browser is Mozilla Firefox with it's "strict" setting. uBlock origin and uMatrix. When I need/want to use a site that doesn't work due to blocked connections I relax the restrictions in uMatrix or temporarily disable it entirely if I get frustrated or I'm in a hurry. I watch videos on YouTube. Don't use social media, but I do use Facebook messenger (although I prefer to use Signal with the handful of people I can). I use a Xiaomi phone with custom ad blocking DNS (I'd like to get a Pixel with GrapheneOS someday). I look for an app on F-Droid first, but install it through Google Play if I can't find what I need there. I use Qwant and DuckDuckGo. I use ReVanced. I do not use a VPN. I think that's all the relevant information. My question is: how easy do you think it still is for big tech to track me? Are there any suggestions you would have for a person like me that wouldn't sacrifice too much convenience?

Hello all, I'm relatively new to the realm of self-hosting. Over the past few months, particularly in response to recent events, I've been actively advocating for privacy, security, and decentralization. Initially, I began by implementing Nextcloud for my family and friends, and later expanded to include services like Immich, Jellyfin, and more. Recently, I've also set up a Tor relay (non-exit to avoid unnecessary attention). I'm looking for suggestions on other projects, tools, or areas to explore that can contribute to enhancing others' privacy. I appreciate services like a Tor relay because once set up, they can run relatively autonomously. Are there any similar services that others can benefit from without requiring consistent direct input from me? I've got a few spare Gigabit lines and ~20TB of free space I can spare for the greater good.

Anybody know about this search engine ?

How it can be compared with duckduckgo, qwant, swisscows, metager, startpage, etc...

It is opensource , free & private according to alternativeto.net

What do you think ?

I started some time ago using a teddit frontend with local subscriptions, and at some point it was hard for the one I picked to keep up, then I moved to libreddit, at that time libredd.it, then it stopped working and moved to libreddit.spike.codes, but it seems it stopped working as well, and finally I moved to libreddit .mha.fi, but some time back there was too much rate limiting, making it unusable, and since yesterday it seems totally down, giving the error "502 Bad Gateway". I also have the libRedirect extension on Librewolf configure to choose among several libreddit instances (so when searching for something any is picked), and most of them seem out of service, or being rate limited as well.

So, are frontends for reddit finally coming to an end?

Edit: Indeed, it seems at least non self-hosted front-end instances are way rate limited or down

Sorry I don't have an english version of this article, this is the best source I could find for it.

https://www-heise-de.translate.goog/news/Microsoft-krallt-sich-Zugangsdaten-Achtung-vorm-neuen-Outlook-9357691.html?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=de

Privacy is not just an illusion; it’s a delusion. Things like privacy statements and permission to use cookies are little more than sophisticated propaganda. If you think for a moment the Overlords cannot prepare a dossier on you within minutes that would make your mother faint and your father die of shame, you’re living in fantasy land. You have no idea how much data they store on individuals, and not just credit card purchases: tracking data, telephone conversations, text messages, anything you ever posted on the Internet. It’s a devouring machine. Get in their way, and you will find out how much they know about you. It has been this way for a very long time. This is nothing new. And yes, they really can turn on your cell phone camera and microphone at will without lights, so long as the battery is attached. And VPN? I laugh when I think about VPN. There is no cryptographic protocol used on the Internet, that the Overlords who brought all these technologies out in the first place, cannot decipher. None. The only way to live with this level of privacy evasion is to accept the reality of it. Stop thinking you are ever alone. Out in the middle of nowhere with no electronics on you? Maybe

Without naming names, there's a well advertised grammar editing tool that's available either as an app download or browser extension. This is something I'd value for a number of reasons (good grammar is important!) but I'm super cautious about anything I'm giving permission to watch what I'm typing.

Ideally, I'd prefer to select text and have it analyzed on-demand using on-device intelligence. I'm on a Mac and it seems like Pages isn't cut out to check grammar. Also, there's no way in heck I'm paying $30 a month for a subscription.

Edit: I just want to acknowledge my request for something I'd value and then saying I don't want to pay for it. I would certainly pay for something if it met my needs but this function isn't something I'd personally value at $30 a month or any monthly subscription ($30 a year sounds reasonable). Moreover, if there's any suspicion of an application using my data for their own profit, they are not getting my money. So, in this case, for the sake of data privacy, I would prefer to pay for something (preferably once - grammar shouldn't need updating).