Privacy Hub

225 readers
1 users here now

Privacy hub is your one stop hub for all things privacy, security and freedom. We know that there’s nothing private in the internet. But at least we can find ways to minimize risk by identifying threat models and act accordingly. Got a story to tell? Or something to share? Feel free to jump in!

UPDATE: Got started with a guide here: https://lemmy.world/post/954144

Will add more soon.

Until a more comprehensive list can be made in this community check out https://www.privacytools.io/ as a starting place to begin your privacy journey. NOTE: that some recommendations in that site are closed-source as pointed out by @lemmy.world/u/rooki.

Some ammendments we would like to point out

PrivacyHub is a place where users from the fediverse are welcome to discuss, answer, share news and exchange best privacy practices.

founded 1 year ago
MODERATORS
1
 
 

cross-posted from: https://lemmy.world/post/5196308

It’s scary that the Unity debacle is not just happening in games but a very real threat not just in digital and app space but in real life.

It can happen in medicine, housing, even the food we eat if the trend of subscriptions and lock ins continue.

Despite this, a global concerted effort towards Open Source tech is still not happening.

In Unity for example, there is a push to transition to Unreal but less so for Godot. We see this happening with reddit too. And soon maybe we’ll see it in real life. What’s stopping our hotels and landlords from charging us everytime we open doors.

We see this in the rampant mandatory tips. Where everyone is automatically charged per order.

It’s scary and frustrating at the same time that there may not be a clear remedy for this. As the world shifts to subscriptions and services, do we truly own anything anymore?

2
3
4
5
10
submitted 1 year ago* (last edited 1 year ago) by RatoGBM to c/privacyhub
 
 

So you want everybody to give up their privacy to protect children from ****?

6
 
 

https://www.geeksmint.com/youtube-alternatives/

With youtube blocking adblockers, maybe it’s time to look into alternatives and start migrating videos there as well. Any viable Fediverse alternatives that’s mature enough to contend with youtube?

7
 
 

https://www.consumerreports.org/privacy/66-ways-to-protect-your-privacy-right-now-a7383217267/

Personally, I believe that a good password manager, 2fa, and diligent digital hygiene is all we need. But what do you think?

8
 
 

Historic $3.36 billion cryptocurrency seizure and conviction in connection with Silk Road Dark Web fraud

From the article:

Silk Road was an online "darknet" black market. In operation from approximately 2011 until 2013, Silk Road was used by numerous drug dealers and other unlawful vendors to distribute massive quantities of illegal drugs and other illicit goods and services to many buyers and to launder all funds passing through it. In 2015, following a groundbreaking prosecution by this Office, Silk Road's founder Ross Ulbricht was convicted by a unanimous jury and sentenced to life in prison.

In September 2012, Zhong executed a scheme to defraud Silk Road of its money and property by (a) creating a string of approximately nine Silk Road accounts (the "Fraud Accounts") in a manner designed to conceal his identity; (b) triggering over 140 transactions in rapid succession in order to trick Silk Road's withdrawal-processing system into releasing approximately 50,000 Bitcoin from its Bitcoin-based payment system into Zhong's accounts; and (c) transferring this Bitcoin into a variety of separate addresses also under Zhong's control, all in a manner designed to prevent detection, conceal his identity and ownership, and obfuscate the Bitcoin's source.

While executing the September 2012 fraud, Zhong did not list any item or service for sale on Silk Road, nor did he buy any item or service on Silk Road. Zhong registered the accounts by providing the bare minimum of information required by Silk Road to create the account; the Fraud Accounts were merely a conduit for Zhong to defraud Silk Road of Bitcoin.

Zhong funded the Fraud Accounts with an initial deposit of between 200 and 2,000 Bitcoin. After the initial deposit, Zhong then quickly executed a series of withdrawals. Through his scheme to defraud, Zhong was able to withdraw many times more Bitcoin out of Silk Road than he had deposited in the first instance. As an example, on September 19, 2012, Zhong deposited 500 Bitcoin into a Silk Road wallet. Less than five seconds after making the initial deposit, Zhong executed five withdrawals of 500 Bitcoin in rapid succession — i.e., within the same second — resulting in a net gain of 2,000 Bitcoin. As another example, a different Fraud Account made a single deposit and over 50 Bitcoin withdrawals before the account ceased its activity. ZHONG moved this Bitcoin out of Silk Road and, in a matter of days, consolidated them into two high-value amounts.

Nearly five years after Zhong's fraud, in August 2017, solely by virtue of Zhong's possession of the 50,000 Bitcoin that he unlawfully obtained from Silk Road, Zhong received a matching amount of a related cryptocurrency — 50,000 Bitcoin Cash ("BCH Crime Proceeds") — on top of the 50,000 Bitcoin. In August 2017, in a hard fork coin split, Bitcoin split into two cryptocurrencies, traditional Bitcoin and Bitcoin Cash ("BCH"). When this split occurred, any Bitcoin address that had a Bitcoin balance (as Zhong's addresses did) now had the exact same balance on both the Bitcoin blockchain and on the Bitcoin Cash blockchain. As of August 2017, Zhong thus possessed 50,000 BCH in addition to the 50,000 Bitcoin that ZHONG unlawfully obtained from Silk Road. Zhong thereafter exchanged through an overseas cryptocurrency exchange all of the BCH Crime Proceeds for additional Bitcoin, amounting to approximately 3,500 Bitcoin of additional crime proceeds. Collectively, by the last quarter of 2017, ZHONG thus possessed approximately 53,500 Bitcoin of total crime proceeds (the "Crime Proceeds").

Read in full at: https://www.irs.gov/compliance/criminal-investigation/historic-3-point-36-billion-cryptocurrency-seizure-and-conviction-in-connection-with-silk-road-dark-web-fraud

9
 
 

Note: For majority of privacy concerns, https://www.privacytools.io/ remains our best source.

Privacytools is very biased to closed source, not self hosted stuff ( see their start page )

For example nextdns ( not self hosted ) a good, simple alternative is "pihole" it is 100% open source and self hostable and free for ever.

Surfshark is the most honeypot thing i ever saw.

Please find a better alternative to it or give it a big warning.

10
 
 

In today's digital age, the importance of strong, unique passwords cannot be overstated. With numerous online accounts and platforms requiring password protection, it can be tempting to rely on the convenience of having your passwords saved in your web browser. However, this seemingly convenient feature comes with significant risks and potential security breaches.

One of the major drawbacks of saving passwords in your browser is the ease with which someone who gains access to your computer can retrieve them. Imagine a scenario where an unauthorized individual gains control of your device. In popular browsers like Chrome, for instance, accessing saved passwords is as simple as navigating to the browser's settings and clicking on the "show" button in the preferences tab. This grants unrestricted access to all your saved passwords, compromising the security of your online accounts.

Moreover, there are various tools available, such as WebBrowserPassView (http://www.nirsoft.net/utils/web_browser_password.html), that can extract and reveal passwords stored within browsers. While these tools may not be able to retrieve passwords encrypted with a master password, they still pose a significant threat to users who do not employ robust security measures.

It is worth noting that Firefox stands out as the most secure browser when it comes to password management. Unlike Chrome or other browsers, Firefox provides the option to encrypt and password-protect your login credentials using a master password. By setting up a master password, you add an extra layer of protection to your saved passwords, ensuring that even if someone gains access to your computer, they won't be able to access the encrypted passwords without the master password.

However, it is crucial to emphasize that users must actively set up the master password feature in Firefox, as it is not enabled by default. Failure to do so leaves your passwords vulnerable to the same security risks as other browsers if your computer falls into the wrong hands.

To maintain robust password security and protect your online accounts effectively, it is recommended to follow these best practices:

  • Avoid saving passwords in your browser: While it may seem convenient, it is safer to rely on secure password managers that use strong encryption algorithms to store your passwords.

  • Use a reputable password manager: Consider using trusted password management tools that provide robust encryption and multifactor authentication options to safeguard your login credentials. For most, bitwarden is enough.

  • Create strong and unique passwords: Ensure that each of your online accounts has a unique, complex password to minimize the risk of unauthorized access to multiple accounts if one password is compromised.

  • Enable two-factor authentication (2FA): Implementing 2FA adds an additional layer of security by requiring a second form of verification, such as a unique code sent to your mobile device, to access your accounts.

  • Regularly update passwords: Periodically change your passwords to minimize the impact of potential security breaches. Aim to update them every few months, or immediately if you suspect any compromise.

  • Stay vigilant and exercise caution: Be cautious while accessing your accounts on public computers or networks, and ensure you log out of any sessions when finished.

While saving passwords in your browser may provide convenience, it is crucial to recognize the inherent security risks associated with this practice. By adopting secure password management practices and utilizing reputable tools, you can enhance the protection of your online accounts and minimize the chances of falling victim to unauthorized access and potential data breaches.

11
0
submitted 1 year ago* (last edited 1 year ago) by Frostwolf to c/privacyhub
 
 

Will be expanding this soon. If you know of sites and guides to put here, feel free to comment below.

Tools and Apps

Password Managers

  • Bitwarden
  • Keepass

VPN

  • Mullvad

Note-taking tools

  • Joplin (open source), cross platform
  • Obsidian (closed source but has end to end encryption), cross-platform

DNS and Ad-Block

  • PiHole (self-hosted) - https://pi-hole.net/
  • Adguard (paid)
  • Adblock (browser extension)
  • uBlock origin (browser extension)

Note: More and more tools will be added to this guide as I do more research. And will definitely take your inputs into consideration as well. This is after all meant as a community resource.

Stay private fellow lemmies…

12
 
 

Since the original 2008 white paper introducing blockchain technology, bitcoin and other cryptocurrency transactions have been touted as completely anonymous and private. But how anonymous are crypto transactions really?

Earlier this year, $3.6 billion in bitcoin was seized from a Manhattan couple who were arrested and charged with money laundering in connection with a 2016 hack on the Hong Kong cryptocurrency exchange Bitfinex. It was the largest financial seizure in the Justice Department's history.

Law enforcement went to great lengths to trace the illicit funds, including tracking the stolen bitcoin through a complicated web of transactions spanning multiple countries. It took six years, but authorities eventually caught up. More recently, researchers have demonstrated traceability via unintentional patterns in bitcoin's transactional data -- the bigger a data set gets, the more patterns show up. And patterns can be identified and tracked.

Read more at: https://www.cnet.com/personal-finance/crypto/are-cryptocurrency-transactions-actually-anonymous/

13
1
submitted 1 year ago by Frostwolf to c/privacyhub
 
 
  • Understand Your Digital Footprint: Your digital footprint refers to the trail of data you create online. It includes your social media activity, browsing history, and information shared through online accounts. Be mindful of the information you post and the platforms you use.
  • Use Strong and Unique Passwords: Create strong and unique passwords for each of your online accounts. Include a mix of uppercase and lowercase letters, numbers, and special characters. Consider using a password manager to securely store and generate passwords.
  • Enable Two-Factor Authentication (2FA): Enable 2FA whenever possible. It adds an extra layer of security by requiring a secondary verification method, such as a code sent to your phone, in addition to your password.
  • Be Cautious of Phishing Attempts: Phishing is a technique used by hackers to trick individuals into revealing sensitive information. Be skeptical of suspicious emails, messages, or links. Avoid clicking on unknown or suspicious links, and verify the authenticity of websites before providing any personal information.
  • Keep Software and Devices Updated: Regularly update your operating system, web browsers, and applications. Updates often include security patches that fix vulnerabilities and protect your devices from potential threats.
  • Utilize Privacy Settings: Review and adjust privacy settings on social media platforms, web browsers, and other online services. Limit the amount of personal information visible to others and be cautious about sharing sensitive details publicly.
  • Browse Anonymously: Consider using a virtual private network (VPN) to encrypt your internet connection and protect your online activities from being monitored. VPNs can help hide your IP address and make it harder for others to track your online behavior.
  • Be Mindful of Social Media Sharing: Be cautious about the information you share on social media. Avoid posting personal details like your address, phone number, or full birthdate publicly. Regularly review and update your privacy settings on social media platforms.
  • Regularly Clear Browsing Data: Clear your browser's cache, cookies, and browsing history regularly to minimize the amount of data stored about your online activities. This can help reduce the tracking of your online behavior.
  • Review App Permissions: When installing new apps, review the permissions they request. Be cautious about granting unnecessary permissions that could compromise your privacy. Check app settings to ensure they have limited access to your data.
  • Use Encrypted Communication Channels: When sharing sensitive information or communicating privately, consider using end-to-end encrypted messaging apps and platforms. Examples include Signal, WhatsApp (with enabled end-to-end encryption), and Telegram's secret chats feature.
  • Educate Yourself About Privacy: Stay informed about privacy best practices, new threats, and emerging technologies. Regularly educate yourself about privacy-related topics to make informed decisions regarding your online activities.