It should fake JavaScript API and provide fake info to trackers. There no many users and Mozilla is not tracking it for security.

• JShelter: Home
• FSF announces JShelter browser add-on to combat threats from nonfree JavaScript
• JShelter Firefox add on

Do these news articles on the same day suggest that politicians are either out of touch with technology, or that removing encryption has little to do with protecting children?

https://english.elpais.com/international/2023-09-18/in-spain-dozens-of-girls-are-reporting-ai-generated-nude-photos-of-them-being-circulated-at-school-my-heart-skipped-a-beat.html

https://www.independent.co.uk/news/uk/crime/meta-encryption-suella-braverman-child-abuse-b2414479.html

Today we announce that we have completely removed all traces of disks being used by our VPN infrastructure!

I have been reading about internet privacy for a long time. As time went on, I got a vpn subcription, a custom domain, a paid email hosting, etc. No regrets on the services themselves.

I recently had this conversation with a colleague of mine, complaining about the rising cost of everything including internet subscription services: netflix, spotify, youtube, you name it. I could simply disregard my colleague's complaints as I didn't have any of those and know the ways of obtaining materials. However, once I start adding up the privacy related services I'm willingly paying instead... they also add up into a considerable amount.

So, do you pay for anything privacy related, how much do you pay in total, and is it affordable for you? For example, many VPN providers offer yearly subscriptions around 40-50 USD.

We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations, but to be safe we do not want to simply replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem. Instead, we are augmenting our existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people’s communications.

...

Our new protocol is already supported in the latest versions of Signal’s client applications and is in use for chats initiated after both sides of the chat are using the latest Signal software. In the coming months (after sufficient time has passed for everyone using Signal to update), we will disable X3DH for new chats and require PQXDH for all new chats. In parallel, we will roll out software updates to upgrade existing chats to this new protocol.

Summary

The UK Parliament has passed the Online Safety Bill (OSB), claiming it will enhance online safety but actually leading to increased censorship and surveillance. The bill grants the government the authority to compel tech companies to scan all user data, including encrypted messages, to detect child abuse content, effectively creating a backdoor. This jeopardizes privacy and security for everyone. The bill also mandates the removal of content deemed inappropriate for children, potentially resulting in politicized censorship decisions. Age-verification systems may infringe on anonymity and free speech. The implications of how these powers will be used are a cause for concern, with the possibility that encrypted services may withdraw from the UK if their users' security is compromised.

Haven't seen a lot of talk about URLCheck.

It can clear useless URL parameters, unshorten shortened links, scan links with VirusTotal (API key required) or redirect you to privacy friendly websites like Nitter or Libreddit.

If you are interested checking it out, check out my guide I made on it too!

PS. I'm not affiliated with the dev/app in any way. Just wanted to share this useful app that no one has been talking about.

Dark day for online privacy in the UK.

California's attempt to force "age verification" on us all is having legal problems.

"Based on the materials before the Court, the CAADCA’s age estimation provision appears not only unlikely to materially alleviate the harm of insufficient data and privacy protections for children, but actually likely to exacerbate the problem by inducing covered businesses to require consumers, including children, to divulge additional personal information."

So I'm in a somewhat unfortunate situation. My circle of friends doesn't want to switch to another messenger and we are currently stuck on the worst possible platform for security: Telegram.

The problem is that it is very hard to convince anyone to switch, if they are all perfectly fine and like Telegram. I mean I can get why they like it: The UX and UI of Telegram are amazing and there are well functioning clients available for any platform. It has more features and gimmicks than any other messenger I know BUT it lacks one mayor thing: E2EE. And that's mostly what I care about. The second problem is that I was the person who recommended the switch to Telegram right after WhatsApp was bought by Facebook. I know, that was a bad recommendation, but back then I didn't know shit about privacy or why E2EE mattered. I was just like "Hey, it's not by Facebook, so it must be better". And now everyone I know is there and won't leave.

If - in the hypothetical situation of me setting an ultimatum and deleting my Telegram after that - I wanted to make them switch somewhere else: What messenger would that be? Currently I'm mostly thinking Signal. I know it's not perfect either, it is centralized, and the servers are in the US, but it has a bigger user base already than most of its competitors like Threema or Matrix/Element and it is very easy to set up and use. I'm already a user of Signal, Threema, Matrix, WhatsApp and Telegram (every platform for some contacts, but most of them on Telegram sadly), so having yet another option is not a problem for me, as well as getting rid of one is also no problem. I'd love to delete both Telegram and WhatsApp in this move.

So, in conclusion, what I need is a messenger that has all or most of the following:

• best possible security (E2EE is minimum)
• easy to use (no complicated setup, simple UI)
• already has some users (not too niche)
• cross-platform and multi-device (should run on Android, iOS and Windows/Web)
• some flashy dumb features like stickers and so on to keep them entertained

My choice would be Signal. But I am unsure if that is the best choice or if I should just wait a bit and see what all of the new EU laws about messengers and gatekeepers bring to the game and if anything chances with that.

Before embarking on my privacy journey, I setup a very basic IoT of all Amazon products - FireTV, several Alexa Echos, and a Ring doorbell camera. Now I am desperately trying to find an affordable replacement for them. I am planning on buying the Nvidia Shield TV to replace FireTV and open to suggestions, but I'm unsure about the others. FOSS would be great too, though I don't think I can go full hog and build my own devices.
The only FOSS, privacy-centric Echo alternative I know of is the NeonAI Mycroft Mark II, but this is $400 per unit. Since this would be a fortune just to put one in each room, I'm wondering if anything else more reasonable has emerged yet.
As for the Ring doorbell, I've seen various recommendations for Arlo, Eufy, and Ubiquiti/Unify, but I can't tell if any are actually much better than Ring in terms of privacy and security, especially for the steeper prices. Would love to know the community favorites.
Thanks in advance for the help!

Extensions: Ad Block Plus, Ad Guard, FastForward, Skip Redirect, Firefox Translations, Youtube NonStop, AdBlocker for YouTube, Cookie Autodelete, Search by Image.

Thank you!

Long range (LoRa) mesh networks are interesting alternatives to communication, especially when state actors are blocking internet access for various reasons.

More details about meshtastic: https://meshtastic.org/

About its current state of encryption: https://meshtastic.org/docs/overview/encryption

I know that scanning images for Scam is kind if a dystopian and scary. However, that doesn't mean that we need to open ourselves for abusive materials to be sent to us.

What I think we need is some publicly available ML models that can be run on each device voluntary to block SCAM from being shown or stored.

Publicly available models would help but implementing them could be a slippery sloap. If popular encrypted messaging apps start having this feature built in its possible it will become illegal to turn it off or use versions of the app with scanner removed. This would mean that we would effectively stuck with a bad egg in our code.

Maybe the best answer is to not give individuals with questionable history the ability to message you.

Does anyone else have a thought?

I am currently in the market for some wireless access points and thought I'd get some suggestions here first. I am currently using some old eero pro's as access points with a firewalla router. The firewalla isn't old and I am happy with it so I am not looking to replace it with something at this time.

Are there suggestions for more privacy focused networking equipment? Or is that just a dumb question to ask?

Title. How many extensions would be the average to not be profiled? Obviously not having any or having 23 will make you pretty easy to fingerprint, so how many is the average or safest?

For transparency sake, I'm the new maintainer of this website. Just wanted to share it here. I was thinking of creating a community for it, but I don't know if it is worth it.

I hope someone find it useful. If you want to contribute, collaborate or just share your opinion, you're more than welcome! The repository for the website is here https://codeberg.org/ThePrivacyRaccoon/website

As the title say, I have 2 android phones , both factory reset and logged in with google accounts. Checked the dns logs on both-

Phone 1 connects to google server but is minimal

Phone 2 is going bonkers, connecting to google server , xtracloud server etc.

Phone 2 battery drops 5% in a hour and phone 1 doesnt drain at all.

Which bring me to the conclusion that phone battery draining has something to do with google accounts as phone 1 google account has fake name and details but other has real name and also a phone number linked to that account.

Please feel free to correct me. Thanks

Summary

Israeli software maker Insanet has developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients. This is the first time details of Insanet and its surveillanceware have been made public. Sherlock is capable of drilling its way into Microsoft Windows, Google Android, and Apple iOS devices. Insanet received approval from Israel's Defense Ministry to sell Sherlock globally as a military product albeit under various tight restrictions, such as only selling to Western nations.

To market its snoopware, Insanet reportedly teamed up with Candiru, an Israel-based spyware maker that has been sanctioned in the US, to offer Sherlock along with Candiru's spyware.

The Electronic Frontier Foundation's Director of Activism Jason Kelley said Insanet's use of advertising technology to infect devices and spy on clients' targets makes it especially worrisome.

There are some measures netizens can take to protect themselves from Sherlock and other data-harvesting technologies.

• not loading JavaScript
• using ad blockers or privacy-aware browsers
• not clicking on advertisements
• pass consumer data privacy laws

Thought this might be helpful to others who use Mullvad Browser.

Got to the advanced preferences and set webextensions.storage.sync.enabled to true.

using mull rn, wondering if y'all recconend something different. nothing really wrong with mull, but maybe there's a better alternative. privacyguides.org reccomends brave, but a. I font like the CEO and b. I'm hesitant to use chromium