Hello all,

Currently I am debating whether or not to switch to a (preferably private/secure) custom rom on my device, however said device had been in use for a while now.

My question is the following: For those who have been in this situation, how have you dealt with the existing data on the device in terms of migration? After all, switching ROM usually involves a factory reset. Creating backups of everything is a bit tedious and timeconsuming and there is always the possibility of forgetting something.

I have to create one for personal reasons. I know it's inherently un-private, but how can I maximize privacy while creating & using it without running into problems?

Hi there! I like to listen to the "Slightly something else" podcast. Although it is gaming-related, they have these ad-segments that have some kind of targetting, as it is always in the language from where I've downloaded the episone.

Yesterday I was really surprised that the ad seemed very well targeted, because it has been referencing a very specific topic concerning my flatmates and me that doesn't have anything to do with gaming.

My first theory was that my IP was correlated with search terms my partner googled in my home IP (I search with searxng). But then I realized that I've subscribed to another podcast related to the advertised topic. (also: the episode with the advertisements was downloaded via mobile network)

So... Apparently, spotify (where slightly something else is hosted via anchor.fm) analyzes the podcasts I subscribe to via rss feed. Is there any way how I can avoid being profiled? Is this the reason why I'd start using a commercial VPN?

Edit: I'd like to reply to your comments, but my lemmy instance won't display them correctly. So I'll try to answer here: I'm already using Antennapod with rss feeds for download. That's why I was so suprised and pissed that the ad was so obviously targeted.

Hi, I have been having a look at utilising RF and trying to understand how every device around me emits RF.

I recently came across RTL-SDR and HackRF, alongside software like SDR++, TempestSDR, gqrx etc. I know that I can spy on my monitor and record keyboard keys being pressed using RF, but what are some other ways I should be looking at to exploit my digital vulnerabilities, and trying to solve such problems?

Thanks!

Edit: I'm well aware that nothing I'm doing is that interesting to security agencies across the globe. With that said, I'm interested in maintaining my privacy, and this happens to be an avenue I find interesting. Any suggestions on how I can look to do so would be greatly appreciated!

Seems like every dictionary wants your first born personal data-wise.

What's a good, non-chatty private dictionary app that I can buy across various platforms/devices?

I installed the mull browser revently. People who are familiar with this will know that it's a fork of firefox android. It's hardened but I haven't noticed much difference b/w the two. Mull has a few visible tweaks like Https mode by default, strict protection etc. but I haven't come across other backend/not so visible changes. How is it different from firefox android?

And if so, why exactly? It says it's end-to-end encrypted. The metadata isn't. But what is metadata and is it bad that it's not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

The massive Chinese social media network Sina Weibo informed its platform’s most popular users last week that they must display their real identities, including names, gender, IP locations, as well as professional and educational background, on their account page starting at the end of October.

The policy will first apply to Weibo users with more than 1 million followers and later extend to those with half a million followers. It is believed that other social media platforms in China will also follow the move.

China implemented the online real-name registration system in 2012. Under the policy, personal data are stored on the platforms and are invisible to other users. Last year, Chinese social media platforms started displaying the IP locations of social media users to crack down on online rumors, including witness accounts of social incidents such as protests.

The latest change was confirmed by Weibo’s CEO Wang Gaofei, who briefly activated the personal information display on his profile page on October 20, 2023. Wang’s social credit status, employment, and professional and educational background were all listed on this profile page.

The new policy triggered a heated debate on Chinese social media. Unexpectedly, online patriots, who are usually fairly united, split into two camps over the new requirements.

Supporters argued that the policy could reduce online rumours and that influencers should bear more social responsibility and reveal their genuine identity to their readers. Among them is state-owned Global Times’ top commentator Hu Xijin, who commented on the new measure on Weibo on October 16:

read more: https://globalvoices.org/2023/10/23/new-policy-requires-chinese-influencers-to-display-their-real-identities-on-weibo/

A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

Basically what the title says - Can my ISP see the exit node of my VPN ? I hope not, because that would be weird, and would defeat the whole purpose of a VPN.

A bit of backstory about why I had this question ( it is slightly long, so is totally okay for the reader to skip this part )

My partner subscribed to a McAfee security suite, that we share (because they had some promotions available or something for multiple devices). It's not the worst thing around - the antivirus part, but it also came with their "McAfee Safe Connect VPN" service, which is infamous for having a super-invasive data logging policy. So I said fuck'em and set out for a better option.

I am more or less tech-literate, but I researched somewhat deeply‌ this time, basically to choose between "Privacy" (like Bruce Wayne - everybody knows who he is and lives in the Wayne Manor, but nobody knows what he does there, or that he has a BatCave underground), and "Anonymity" (Like Batman - everybody knows what he does - kicks ass of bad guys - but nobody really knows who he is, ok except for may be a couple of people) - basically trying to figure out if I needed a VPN at all or not.

I already have DNS-over-HTTPS enabled in all my devices - so that kinda took care of my "privacy" concerns (i.e. a nosy ISP) - although I believe my ISP can see which IP/Domain I am finally connecting to, which kinda sucks.

Apart from my ISP, the other concern was Public Wi-fi. I do work with my device(s) on-the-go a lot, which is why I have reason to ensure safety while connected to Public Wi-fi at Cafes/Restaurants/Airports. The fact that Internet is not just HTTPS - there's telnet/FTP/SMTP/IMAP/POP3/Gopher and other protocols which have their own encryption methods (or not) also led me to the realization that DOH is not a total replacement for VPN. And the ISP can know my destination Domain even if DOH stops them from sniffing or blocking the DNS lookup itself.

In the end, I decided to go with VPN. Not any free ones (because as we all know they suck), and neither any over-promoted ones as well, like Nord or IPVanish (because they suck as well, in a different way). I chose Mullvad, but white labeled as Mozilla VPN. This is because I do use email-forwarding services to a large extent, and Mozilla is providing this combined deal of their email masking service Firefox Relay along with phone masking and VPN for 5 devices, all for a reasonable subscription (I won't say how much because this post is not a promotion for them) - and being a long-time Firefox user (and also being anti-Google for a while), I decided to go with that (and so far all I heard about Mullvad are good things).

So far I am alright with it. Let's see how it goes.

And that concludes my VPN journey story. While I was researching about how much my ISP can see when I connect to a VPN - I found that they can see encrypted traffic to and from my real IP, and that I connected to a "VPN server", and nothing else.

I assume this "VPN Server" that they can see is the "entry node", and not the "exit node" (i.e. my IP as seen by the world) - but never got a clear answer to that - which led me to my original question above.

And thanks for reading this far ! Feel free to share insights.

The term "Dying" reflects to getting tortured to death.

As far as I can see, the T440p is the latest Thinkpad to support Coreboot/skulls.

If I wanted something newer (say, something from 2019-2022 or so) under $400, what could I even get? I want to run my own choice of linux distribution on it, so most chromebooks are out of the question (also I'd like something more powerful and upgradeable).

Thanks.

I’m concidering to install shizuku with app ops (same dev) to be able to remove system app permissions without rooting. Is this app safe to use or should i search for other options?

I came across privacy.com, a service that generates virtual credit cards, like aliases for your real credit card that can be paused or discarded at any moment.

My own credit card company has this feature. But it requires a browser plugin that so obviously is there to track my spending habits, so I've not wanted to consider it. Privacy.com looks like a great alternative.

But is it even worth it? It may be a hastle, but I can also cancel my actual credit card at any moment and they will send me a new number immediately and a card a few days later. From a privacy prospective, how much can a company use my credit card credentials to track me? Maybe a third-party virtual card provider even masks my own purchases so not even my credit card company knows? Not sure about that one.

Please share if you use one, who its with, and if its worth it.

"A company which enables its clients to search a database of billions of images scraped from the internet for matches to a particular face has won an appeal against the UK's privacy watchdog.

Last year, Clearview AI was fined more than £7.5m by the Information Commissioner's Office (ICO) for unlawfully storing facial images.

Privacy International (who helped bring the original case I believe) responded to this on Mastodon:

"The first 33 pages of the judgment explain with great detail and clarity why Clearview falls squarely within the bounds of GDPR. Clearview's activities are entirely "related to the monitoring of behaviour" of UK data subjects.

In essence, what Clearview does is large-scale processing of a highly intrusive nature. That, the Tribunal agreed.

BUT in the last 2 pages the Tribunal tells us that because Clearview only sells to foreign governments, it doesn't fall under UK GDPR jurisdiction.

So Clearview would have been subject to GDPR if it sold its services to UK police or government authorities or commercial entities, but because it doesn't, it can do whatever the hell it wants with UK people's data - this is at best puzzling, at worst nonsensical."

Right now, I'm using Bitwarden's official instance, and I am bothered that I have to use Google's Authenticator app separately for TOTP. Yes, there's also Aegis and 2FAS, but I have no idea about WebDAV servers and also don't want to rely on Google Drive for backup, also because I'm moving away from Google services.

I'm planning to run Vaultwarden on a free instance of render.com, and I wanted to know if this was a good idea? Has anyone over here tried this?

What would happen if Render changes their plans and I lose access to the database? Will I still have access to the last-stored cache on my browser extension and mobile phone? And since I'm running a Rust infrastructure, would it use less of the free plan bandwidth that Render assigns?

Do I also need to purchase a domain? Or can I access the app with Render-affixed URL?

I'm wondering if there's a service out there that can scrape sites to determine if you have an account tied to your email(s) and subsequently delete them. The deletion would be amazing, but I'd settle for something that just confirms if there are sites out there I never tracked my login against.

I'm trying to get all my accounts under control. Enable MFA, rotate passwords, remove saved details like payments and addresses, etc...

Any advice is appreciated!