Privacy

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

The wipe does not require a reboot and cannot be interrupted. It can be set up at Settings > Security > Duress Password in the owner profile. Both a duress PIN and password will need to be set to account for different profiles that may have different unlock methods.

Note that if the duress PIN/Password is the same as the actual unlock method, the actual unlock method always takes precedence, and therefore no wipe will occur.

Source: https://grapheneos.org/features#duress

cross-posted from: https://lemmy.world/post/16102424

Hi all,

Quiblr now has personalized post feeds for Lemmy!

I haven't seen a "recommended feed" feature anywhere else in the fediverse but I thought I would take a crack at building it!

My goal was to make a privacy-focused recommendation engine that tailors your experience based on the content you interact with. None of the data leaves your device. You don't even need to log in for it to work

• You can turn it off or tune your feed in the settings
• Each post now also includes a show me more/less button

I would LOVE feedback from folks if you get a chance to try it out!

This was really fun to build so let me know if there are any questions!

PS: Let me know if someone else has built this feature for the fediverse - then I will change the title to not claim "the first" lol

Hi everyone!

I was wondering, what do you guys use for online music discovery that is at a Spotify-level quality?

I've been having tough luck finding new music for the genre I like and thought I'd ask around here!

I checked out InnerTune, but it seems like it doesn't proxy my requests and sends them right back to Google. Also, a Linux supported client would be preferable .

Thanks in advance!

Nothing profound here, just need to vent: I haven't used Facebook for several years now, but I just got my 10 year old son a Meta Quest 2 and had to activate it by linking to my Facebook account. Just two days later I got a warning that the account will be locked because they detected that a child was using the Quest with an adult account (maybe because of the types of games he was playing?). My options are to either make him his own, restricted account (requires a credit card for verification) or prove that I am in-fact an adult (requires photo ID). No fucking way is Facebook getting either my credit card or photo ID. This is some sorry attempt to extort even more personal info from people. I can't understand how so many people tolerate this. How is this company still in business, let alone worth half a trillion dollars? If I had known how bad things have gotten, I would never have bought their VR.

Is their a platform or a way to know what a link does ?

I want to allow only the required links in my NextDNS allowlist so that the website somehow works and I block the trackers (both on the website & externals)

For example, I have come to know the CDNs are one of the required ones for a website

Any tips?

I want a bulletproof way to give email sub-addresses, since some websites strip out special characters like + and .. I have an idea for how it could work, let's say my email is [email protected] and I have the following:

• All emails sent to TheTwelveYearOld@ get blocked
• I specify a suffix that would be used instead of +, perhaps "From"
• I whitelist phrases that go after "From": TheTwelveYearOldFromDoorDash, TheTwelveYearOldFromGoogle, TheTwelveYearOldFromReddit

Are there any services that can do this? I'm thinking I should make my own domain for emails that way my email addresses aren't tied to any companies and I can easily switch.

cross-posted from: https://lemmy.world/post/15750986

This past day I for some reason cant to get search results on duckduckgo.com.

Does anyone else experience that problem? If you are willing, can you share only when you are experiencing in my case it is: ZA

cross-posted from: https://lemmy.today/post/10924833

I am not a fan of Twitter, but sometimes I would like to visit a Twitter profile, unfortunately due to Twitter restrictions it is currently not possible to view anything without an account, and clearly I am not going to create a Twitter account for that, are there any forks in development that are trying to solve these Twitter problems? I remember reading about a fork that uses fake accounts to access the API, but I don't know if this fork is still in development or if there are others.

The amount of questions that I got on my last post here made me want to create a full on guide for internet privacy based on my experience, so let's begin:

Browser

yeah it's gotta be firefox or a fork that you deem trustworthy

These are my settings:

• first go to about:config and set "privacy.fingerprintingProtection" and "privacy.resistFingerprinting" to "true"

https://files.catbox.moe/jcrlnh.png

• go to firefox settings "privacy and security" tab and set "enhanced privacy protection" to "strict"

https://files.catbox.moe/8koui0.png

• right under that there is "website privacy preferences" and "Cookies and site data" under privacy preferences turn on these two options: "Tell websites not to sell or share my data", "Send websites a “Do Not Track” request"

• Under "Cookies and site data" check "Delete cookies and site data when Firefox is closed". Don't worry you can set exceptions for the websites that on you want to stay logged in

https://files.catbox.moe/5qqceq.png

• Under History tab turn on "Clear history when Firefox closes"

https://files.catbox.moe/h2c1au.png

• Under Permissions enable: "Block pop-up windows" and "Warn you when websites try to install add-ons"

• Disable all telemetry under "Firefox Data Collection and Use"

https://files.catbox.moe/qxgkvc.png

• Under "Deceptive Content and Dangerous Software Protection" enable all three options

• Under Certificates enable: "Query OCSP responder servers to confirm the current validity of certificates"

• enable "https only mode"

https://files.catbox.moe/30cod4.png

• under "Dns over https" enable maximum protection and pick a hostname suitable to your needs from here: "https://mullvad.net/en/help/dns-over-https-and-dns-over-tls" I use "https://base.dns.mullvad.net/dns-query"

https://files.catbox.moe/7nq4uc.png

• in the search tab disable search suggestions

Addons:

Important Notice: addons make your fingerprint more unique so try to be conservative about using too many addons

• My essentials are "ublock origin, noscript and libredirect" optionally "skip redirect"

• My Noscript settings are pretty simple: in it's settings page I have it's default preset set to only allow "noscript" and "other"

https://files.catbox.moe/3iah8c.png

• For ublock origin things get a little more complicated. My ublock origin blocking mode is set to "medium" which means it blocks all 3rd party scripts aswell as adds. More on that here: https://github.com/gorhill/uBlock/wiki/Blocking-mode

• I have also enabled every single filter minus the country spesific ones enabled on the filters tab of the ublock origin settings plus two custom lists, that are: "https://github.com/DandelionSprout/adfilt/discussions/163", "https://github.com/yourduskquibbles/webannoyances"

https://files.catbox.moe/6uz1ss.png

Search Engine:

• The one I am using is called "Startpage" it scrapes results from google and it respects your privacy. I avoid DuckDuckGO because I remember it getting involved with cencorship in results at some point and I don't like it's results.

• Startpage's majority shareholder is an Adtech company but I trust it due to this quote from privacy guides:

"Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate privacy policy. The Privacy Guides team reached out to Startpage back in 2020 to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received."

• find the right privaccy search engine for you here: https://www.privacyguides.org/en/search-engines/

VPN:

• To quote privacy guides once again: "Using a VPN will not keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic."

• I use and reccomend "Proton VPN" as an always connected vpn with a killswitch. I have heard good things about "Mullvad" though and have some friends that swear by it

• Interview with the Proton CEO: https://yt.artemislena.eu/watch?v=Dp7ght2fMR4

Privacy Friendly Frontends:

• I like spesifically Freetube and Libreddit which the Libredirect extention can redirect to

• https://github.com/mendel5/alternative-front-ends

OS:

• Let's face it, propertiary operating systems like Windows and MacOS collect your data and invade your privacy just by you using your computer, so swapping them out for alternatives is very helpfull in terms of protecting your privacy

• Main players in the game are "Linux" and "FreeBSD". I find "Linux" to be MUCH more usable than freebsd though. Seriously just stick with linux unless you want to deal with a lot of issues.

• Reccomened distros: I am a big fan of Fedora and KDE so I am gonna reccomend "Fedora KDE spin" to the regular user. "Mint" is well liked among beginners but I tend to find it's old ubuntu LTS base infruiating. For gaming I reccomend "Nobara" which is what I use. It is based on fedora and uses KDE as it's DE and has optimizations for the gaming usecase. PopOS is also a great option for gaming but I belive it is based on ubuntu LTS aswell which I do not like. Finally "EndavourOS" is based Arch but installation is made simple and I belive is actually beginner friendly

Disclaimer about the EFF "Cover your tracks test":

https://coveryourtracks.eff.org/

• the test will not load with Mullvad DNS due to it blocking tracker domains so switch to nextdns instead while running the test

Sources: https://www.privacyguides.org/en/tools/, https://github.com/mendel5/alternative-front-ends, https://github.com/arkenfox/user.js/wiki/4.1-Extensions

https://coveryourtracks.eff.org/ Wanted to share this awesome tool to test your browser, also please do share your results in the comments.

cross-posted from: https://lemmy.world/post/15475769

I2P 2.5.2 is released to fix a bug introduced in 2.5.0 causing truncation of some HTTP content.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS

Changes

• Console: Update rrd4j to 3.9.1-preview
• Router: Publish G cap if symmetric natted

Bug Fixes

• i2ptunnel: Fix bug causing truncation of some HTTP content
• i2ptunnel: Fix custom option form width (light theme)
• Tunnels: Fix selection of peers with expired RIs

Other

• Translation updates

cross-posted from: https://lemy.lol/post/25062075

As the title says! I use Mullvad, but i'd like to try IVPN!

There are lots of reasons to want to shut off your car’s data collection. The Mozilla Foundation has called modern cars “surveillance machines on wheels” and ranked them worse than any other product category last year, with all 25 car brands they reviewed failing to offer adequate privacy protections.

With sensors, microphones, and cameras, cars collect way more data than needed to operate the vehicle. They also share and sell that information to third parties, something many Americans don’t realize they’re opting into when they buy these cars. Companies are quick to flaunt their privacy policies, but those amount to pages upon pages of legalese that leave even professionals stumped about what exactly car companies collect and where that information might go.

So what can they collect?

“Pretty much everything,” said Misha Rykov, a research associate at the Mozilla Foundation, who worked on the car-privacy report. “Sex-life data, biometric data, demographic, race, sexual orientation, gender — everything.” . . .

The only way that Whatsapp let you back up your chats is using by linking a Google account, but I'm not sure is there's some workaround like a third parties apps that let you back up your chats.

I know that using a third parties apps to this purpose is unsafe, but I'm just giving an example.

How many times I can change IMEI without harm to device via AT command? For example if I will change IMEI 3 times a day (sometimes) and 7 times (most commonly) a week (1 per day) via AT command won’t it harm device?

I need extra lawyer of security as I will go to dictatorship country for 1 week as reporter n. This is extremely critical.

Please ask the highest level of your engineer team.

P.S: I am using Mudi v2 with blue-merle