Whatsapp is privacy invasive, and we likely know that even when using E2EE, this is possible due to metadata tracking.

An easy way to avoid one creepy thing, contact scanning and the creation of "who knows whom" social nets, is to not grant apps permission to your contacts!

But this is not easy, as apps often enforce this, just as they do with

• embedded cameras instead of using the system camera
• embedded galleries instead of the 2 available portals (but Google will soon forbid that)
• asking for unneeded permissions

Only GrapheneOS also allows blocking these permissions

• sensors
• internet
• loading code from memory i.e. from the internet (why would they do that? Is there something they want to hide?)
• debugging their own code to spy on the system behavior

But this app can help everyone on any Android to at least fix this :)

cross-posted from: https://lemmy.dbzer0.com/post/36880616

Help Combat Internet Censorship by Running a Snowflake Proxy (Browser or Android)

Internet censorship remains a critical threat to free expression and access to information worldwide. In regions like Iran, Russia, and Belarus, journalists, activists, and ordinary citizens face severe restrictions when trying to communicate or access uncensored news. You can support their efforts by operating a Snowflake proxy—a simple, low-impact way to contribute to a freer internet. No technical expertise is required. Here’s how it works:

What Is Snowflake?

Snowflake is a privacy tool integrated with the Tor network. By running a Snowflake proxy, you temporarily route internet traffic for users in censored regions, allowing them to bypass government or institutional blocks. Unlike traditional Tor relays, Snowflake requires minimal bandwidth, no configuration, and no ongoing maintenance. Your device acts as a temporary bridge, not a permanent node, ensuring both safety and ease of use.

Is This Safe for Me?

Short answer: Yes.

Long answer: probably. Here is why:

• Your IP address is not exposed to the websites they access. So, you don't have to worry about what they are doing either. You are not an exit node.
• No activity logs. Snowflake cannot monitor or record what users do through your connection. The only stored information is how many people have connected to your bridge. Check docs for further info on this.
• Low resource usage. The data consumed is comparable to background app activity—far less than streaming video or music. There have been, however, a few cases of people reporting high network usage.
• No direct access to your system
• No storage of sensitive data. Snowflake proxies do not store any sensitive data, such as IP addresses or browsing history, on your system.
• Encrypted communication. All communication between the Snowflake proxy and the Tor network is encrypted, making it difficult for attackers to intercept or manipulate data.

You are not hosting a VPN or a full Tor relay. Your role is limited to facilitating encrypted connections, similar to relaying a sealed envelope.

Your IP address is exposed to the user (in a P2P-like connection). Be mindful that your ISP could also potentially see the WebRTC traffic and the connections being made to it (but not the contents), so be mindful of your threat model.

For most users, it is generally safe to run Snowflake proxies. Theoretically, your ISP will be able to know that there are connections being made there, but to them it will look like you're calling someone on, say, Zoom.

Historically, as far as we know, there haven't been any cases of people getting in legal trouble for running entry relays, middle relays, or bridges. There have a been a few cases of people running exit nodes and getting in trouble with law enforcement agencies, but none of them have been arrested or prosecuted as far as I know it. If you are aware of any cases, let me know so I can update this post.

Do not hesitate to check Snowflake's official documentation for further reference and to make informed decisions.

How to Set Up a Snowflake Proxy

Option 1: Browser Extension (Brave, Firefox, or Chrome)

1. Install the Snowflake extension.
2. Click the Snowflake icon in your browser toolbar and toggle "Enable Snowflake."
3. Keep the browser open. That’s all.

Note: Brave users can enable Snowflake directly in settings. Navigate to brave://settings/privacy and activate the option under "Privacy and security."

Option 2: Android Devices via Orbot

1. Download Orbot (Tor’s official Android app).
2. Open the app’s menu, select "Snowflake Proxy," and toggle it on.
3. For continuous operation, keep your device charged and connected to Wi-Fi.

Your device will now contribute as a proxy whenever the app is active.

Addressing Common Concerns

• Battery drain: Negligible. Snowflake consumes fewer resources than typical social media or messaging apps.
• Data usage: Most users report under 1 GB per month. Adjust data limits in Orbot’s settings or restrict operation to Wi-Fi if necessary.

Why Your Participation Matters

Censorship mechanisms grow more sophisticated every year, but tools like Snowflake empower ordinary users to counteract them. Each proxy strengthens the Tor network’s resilience, making it harder for authoritarian regimes to isolate their populations. By donating a small amount of bandwidth, you provide someone with a critical connection to uncensored information, education, and global dialogue.

Recent surges in demand—particularly in Russia—highlight the urgent need for more proxies. Your contribution, however small, has an impact.

By participating, you become part of a global effort to defend digital rights and counter censorship. Please, also be mindful of your threat mode and understand the potential risks (though very little for most people). Check Snowflake's official documentation for further reference and don't make any decisions based on this post before taking your time to read through it.

Please share this post to raise awareness. The more proxies, the stronger the network.

– llama

People are noticing that their phones are getting an app called "Android System Safetycore" auto-installed without notice or consent. Check your phone for the same, it is likely it's a slow rollout instead of every device getting it installed all at the same time.

Google has all the same old reasons that they drone on about, but the actual reason is likely to harvest your messages data for training AI models.

Uninstalling seems to remove the application, and there aren't any malicious activity reported so far as I can see, but naturally that can change anytime.

Has anyone noticed this in their applications lists? Did straight up uninstalling them work? I've had some trouble removing systems apps in the past, but uninstalling this one seems to have worked straightaway - I don't see them in the list anymore.

URLs below for Reddit posts about the same: From 2 months ago: https://old.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/

From 2 days ago: https://old.reddit.com/r/privacy/comments/1idjbdi/googles_new_app_will_help_warn_you_about_nude/

cross-posted from: https://lemmy.dbzer0.com/post/36841328

Hello, everyone! I wanted to share my experience of successfully running LLaMA on an Android device. The model that performed the best for me was llama3.2:1b on a mid-range phone with around 8 GB of RAM. I was also able to get it up and running on a lower-end phone with 4 GB RAM. However, I also tested several other models that worked quite well, including qwen2.5:0.5b , qwen2.5:1.5b , qwen2.5:3b , smallthinker , tinyllama , deepseek-r1:1.5b , and gemma2:2b. I hope this helps anyone looking to experiment with these models on mobile devices!

Step 1: Install Termux

1. Download and install Termux from the Google Play Store or F-Droid

Step 2: Set Up proot-distro and Install Debian

1. Open Termux and update the package list:

   pkg update && pkg upgrade
   

2. Install proot-distro

   pkg install proot-distro
   

3. Install Debian using proot-distro:

   proot-distro install debian
   

4. Log in to the Debian environment:

   proot-distro login debian
   

   You will need to log-in every time you want to run Ollama. You will need to repeat this step and all the steps below every time you want to run a model (excluding step 3 and the first half of step 4).

Step 3: Install Dependencies

1. Update the package list in Debian:

   apt update && apt upgrade
   

2. Install curl:

   apt install curl
   

Step 4: Install Ollama

1. Run the following command to download and install Ollama:

   curl -fsSL https://ollama.com/install.sh | sh
   

2. Start the Ollama server:

   ollama serve &
   

   After you run this command, do ctrl + c and the server will continue to run in the background.

Step 5: Download and run the Llama3.2:1B Model

1. Use the following command to download the Llama3.2:1B model:

   ollama run llama3.2:1b
   

   This step fetches and runs the lightweight 1-billion-parameter version of the Llama 3.2 model .

Running LLaMA and other similar models on Android devices is definitely achievable, even with mid-range hardware. The performance varies depending on the model size and your device's specifications, but with some experimentation, you can find a setup that works well for your needs. I’ll make sure to keep this post updated if there are any new developments or additional tips that could help improve the experience. If you have any questions or suggestions, feel free to share them below!

– llama

Explaining in good detail why people should care about how modern cars have become a privacy nightmare. From Regular Car Reviews.

EU official should not get top privacy job, says think tank

The letter – signed by a list of privacy professors – stresses that if the role is awarded to long-time EU official Bruno Gencarelli, the EDPS' legitimacy is at stake and poses a risk of conflict. Early last year, the EDPS ruled for example that the Commission’s use of Microsoft 365 was not legitimate.

https://www.euronews.com/next/2025/01/31/eu-official-should-not-get-top-privacy-job-says-think-tank

@privacy

I've been working on my privacy setup and breaking away from Proton. There are a bunch of email providers I looked at, same with email aliases, password managers, etc.

But I don't understand the state of calendars. It feels like they're always shoved into email services, and they're all so crappy looking.

I was able to find one or two Android apps that are open source, and they look like they're 20 years old.

Proton Calendar, for all its faults, looks really good.

Why, in 2025, is there no simple calendar as a service with nothing else included? And why do the UIs all look like complete trash?

I don't get it. Can't one of us hire an intern to take a week to learn a CSS framework and create a decent calendar UI? Am I missing something?

Hi there!

Context: After the recent debacle with Proton I was finally pushed to look for other alternatives. I had already wanted to change services for a while so it was nice to get the final push. It's still a good service, open-source and all. I personally just wanted to look for something else. However, I had not realised how deeply I was integrated into the email+alias feature they had, and how much work it is to change out of this, I have a fair amount of accounts.

I have now found a new email provider and bought a new domain. However I've got a few questions for those to who rock custom domains:

1. Do you use random strings before the @ sign? Or do you use it like [email protected]?
2. Because I'm considering using this as a catch-all address, doesn't this mean that anyone who wants (and knows the domain) and send spam on any random string before the @? Are you worried about this, and are there any counters to this?
3. As far as I've understood the main benefit of using my own domain for email, is that it will make it a lot easier to change providers in the future, as I can just change the nameservers so traffic is directed elsewhere - correct?

Thanks for any input, experiences or thoughts about this.

Ps. My threatmodel isn't that complex, I mainly want to stop spam from any potential services selling my email.

[email protected]

Hello everyone,

After a discussion on [email protected] ( https://feddit.org/post/6950586 ), a few people interested in privacy decided to reopen [email protected] as an alternative to [email protected] .

It's also nice to have a privacy community on an instance that can be accessed via VPNs.

Feel free to join us there!

#IronFox's icon is a love child between GitLab and Grindr's.

If I become a contributor it'll only be to make this lore canon @privacy

thought you guys would find this blog post from Brian Leiter today funny. he's a pretty good guy and a respected scholar so no shade on him, clearly just misinformed. i wonder if this is in some way downstream of the recent political drama around proton.

Unnecessary and deeply concerning bow to the new "king"

Import into your F-Droid client directly by tapping this link: fdroidrepos://fdroid.ironfoxoss.org/fdroid/repo?fingerprint=C5E291B5A571F9C8CD9A9799C2C94E02EC9703948893F2CA756D67B94204F904

https://gitlab.com/ironfox-oss/IronFox

IronFox is a fork of Divested Computing Group's Mull Browser, based on Mozilla Firefox. Our goal is to continue the legacy of Mull by providing a free and open source, privacy and security-oriented web browser for daily use.

Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor.

Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I’ll say today:

Don’t use Session.

Insurance giant sued by Texas for using surveillance without consent to jack up premiums, deny coverage

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #009

For more information about BusKill canaries, see:

• https://buskill.in/canary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-01-14
Period: 2025-01-01 to 2025-06-01
Expiry: 2025-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is January 14, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

None.

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

14 Jan 25 01:01:33 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
A Miracle? Pope Francis Helps Transsexual Prostitutes in Rome
Boost for the Right Wing: Why Did a German Newspaper Help Elon Musk Interfere in German Politics?

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
What an Upended Mideast Means for Trump and U.S. Gulf Allies
Russia and Ukraine Battle Inside Kursk, With Waves of Tanks, Drones and North Koreans

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Gaza ceasefire deal being finalised, Palestinian official tells BBC
Watch: Moment man is saved from burning LA home

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
0000000000000000000042db9e17f012dcd01f3425aa403e29c28c0dc1d16470

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmeFuPcACgkQaLi8sMUC
OQXctQ//Zv7RZXPKMMyjMjfE2LjrL6RVESIZMT2tUO/y0wx8XTXKBpgOA7fTh2eC
BHkLajpU/S3LOb+wBniuo29tpGJHG5MBWDwyNUAWXqZfJ/A9YNikNYq9lOn6nKSH
oHyLB8h2nP9rfQ2wXUtN6lFJVKWU5Ef5pjMQb8flJO2kbou7QpgcOzxvRqrXOUcN
UumjSlDTtwIOYOX+Ee8SamI4LyApOlwxIGMbFcbRMcJNhtioS4qCGNGw1pqhvqmF
pi1kIaqd79I8y1U9ufncvC+pbCEvRdo+wb7ZsXA9ZYpYfJSQJzSkdCGgkbe0b1Tx
6CNlcgoXIVaEH6/W+C2DFlyG1u4JuH22eXIrloYnjOxlqSJCd0Dw1EeO33tg3xg3
tfeO9pGOcZPOwlBL509VlE9z6W3czyKJk7Z4RwYXCFYWWi8vlHvRQg0LNu0C4Jyw
fRV2LlMSeUgBz9xyE62jh/BUNZzXsD0ntprR1eRTkeW4kOGEc6Wql4lBKE08sajT
YdgTi4ojrcfTdS7Sgzh1Onh5h/nF7hoyCX0lINgyTrJFMynC6qadTZtiJ2yO8GT+
Ovk9ZJMggBMNr4Vbw6CyrU/4yYMyrEd5dzXYZLZ41lMMpjwM8OBJ/yp1pcGo9vk4
NTAjUQUvOj6nrA/r3j2ywFMDZtFR/jBjXULWE77ca3iJmc/FUdg=
=xahN
-----END PGP SIGNATURE-----

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

I’ve been using the app for a while paird with jellyfin but it’s time for my yearly purge of privacy violating apps, services, and websites.

I can’t find much online about infuse.

https://seirdy.one/posts/2021/03/10/search-engines-with-own-indexes/

Link to list of searchengines, provided by irenesteam in the comments

Old post text for history. This post turned out to become quite a mess.

The ads you're viewing in popular apps have been co-opted by companies harvesting your location data — and now hackers have it.

What's the deal? I'm testing using https://coveryourtracks.eff.org Is it truly unique (and repeatable), or is it perhaps being randomized on every request?

I've tried normal Firefox, Mull, and IronFox. With and without jShelter.

I'm using my phone. Stock Android on a Pixel 7 Pro.

In DDG Browser I have a "nearly unique" fingerprint.

I installed CanvasBlocker and disabled privacy.resistFingerprinting in IronFox (since CanvasBlocker said to), and my fingerprint is still unique. I guess I'm not surprised since I think CanvasBlocker is designed to randomize canvas fingerprinting.

Any tips on having even a shred of privacy when browsing the web on Android?

Update

The biggest identifying characteristics are screen size and user agent. User agent can be faked with an extension. I can't exactly change my screen size.

I don't know what exactly what I did, but I managed to improve to "nearly unique" in IronFox. I think all I did was install Cookie Autodelete. It's an extension I've used for a long time in Mull, and finally got around to installing it. Then I installed "User-agent Switcher" and chose a Chrome user-agent and now I'm back to "Unique". 🤔

EFF mentioned Tor Browser having some other best anti-fingerprinting, so I tried installing that. "Unique Fingerprint". Again, maybe that's fine if it means it's randomized on every request. Does anyone know if that's the case? If part of the fingerprint is a hash of canvas data and WebGL data, etc. Then I can easily see your fingerprint being unique if a browser or an extension is intentionally fuzzing that data.

Update 2

I tried Fennec with just jShelter, uBlock Origin, and Cookie AutoDelete (not that I think those last two matter).

Obtained a "randomized fingerprint" result. Success?

I am ashamed to admit I went back to Facebook recently hoping to reconnect with some old friends.

I used a VPN, and had ublock origin on. Facebook never told me to turn these things off.

After about a month, Facebook suddenly banned my account, allowing me to appeal. To do that appeal, they are requesting selfie in which I am moving my head around.

This seems incredibly invasive to me and I'm not entirely sure they aren't just doing this to permanently ban me based on biometrics. If they had just asked me not to use ublock origin, I would have done that.

The original ban notice said I was using a technology that wasn't allowed on Facebook.

The first email said: "We’ve noticed some unusual activity on your Facebook account and have restricted its access to advertising. Any ads connected to your account are currently disabled.

To learn more, please review our Advertising policies affecting business assets.

If you believe your account was incorrectly restricted, click the Fix issue button below to verify your account.

You have until July 07, 2025 to fix the issue before the account is permanently disabled.

We used technology to detect this violation and carry out this decision. Further violations of our Advertising Standards may result in your account being disabled or restricted."

What's so weird is I don't use Facebook marketplace or anything like that. Then they said the account was just banned.

"Your Facebook account has been suspended. This is because your account, or activity on it, doesn't follow our Community Standards on account integrity.

If you think we suspended your account by mistake, you have 180 days to appeal our decision. If you miss this deadline your account will be permanently disabled."

As a minority who has been arrested and feels marginalized by society, but isn't pretending to be anyone other than me, I'm left wondering why this occurred. I didn't get any notices about this at all prior to their asking. I also was arrested at one point and so when I add former friends, I don't know if some people are mortified to know me and so report the account and that is why this is happening or what is going on.

Does anyone know if doing some awful video like this would restore the account, or are they just trying to get more biometric information to ban me permanently? I really wish there were an alternative to Facebook. I hate it and they are so vicious with how they suddenly ban people.

I am unlikely to be willing to do a selfie in which I look left right up and down or whatever, as I don't believe Facebook will delete it.

Right before the ban, I was talking with an ex from a long time ago, who seemed friendly at first. Now I'm wondering if this person reported me and this is why this happened. They said they had to go to lunch, be right back, and it was sort of late for lunch.

I really hate the world and the planet sometimes. Facebook is just terrible and mean and I don't actually believe that such a 3D selfie, which is sort of what they seem to want, is going to not be stored in some government database.

I know this has been discussed a lot across the fediverse already, but I recently learned about the Fogg Behaviour Model (FBM), and thought it would be interesting use it as a frame.

Basically, the model says that people change behaviour when they are motivated, have the ability, and are given the right prompt or nudge in the right direction.

How do we nudge people who are...

• In the top left, i.e. are motivated, but lack the ability to use privacy-friendly alternatives?
• Are in the bottom right, i.e. have the ability, but don't care or have the motivation?

Unfortunately, my impression is that most people are in the bottom left, and think of the invasive surveillance of Big Tech like the weather; "I just have to deal with it". How do we give these people the ability and motivation to escape the data vampires?

Hackers have reportedly breached Gravy Analytics, a parent company of Venntel that sells smartphone location data to the U.S. government. The hackers claim to have stolen considerable data, including customer lists, industry information and individuals' location data. They are threatening to make the data public.

I have never liked Apple and lately even less. F.... US monopolies