cross-posted from: https://lemmy.sdf.org/post/30749052

Gee, it's almost as if Zuck has zero morals...

I want to delete my Disney plus account but their app and website force some ad for their latest subscription deal. My account settings are not accessible anywhere. When I am logged in and refresh the page, I can briefly see my avatar in the top right corner before the ad comes up. According to Disney's instructions, I need to use that to access my account configuration and delete it.

Is this a denial of my right to erasure granted by the GDPR? Should I report this to some authority? If yes, who is that authority?

cross-posted from: https://lemm.ee/post/57611481

Just in time for 10 years of Tuta/Tutanota, we are launching the most significant security upgrade of Tuta Mail with TutaCrypt. This groundbreaking post-quantum encryption protocol will secure emails with a hybrid protocol combining state-of-the-art quantum-safe algorithms with traditional algorithms (AES/ECC) making Tuta Mail the world's first email provider that can protect emails from quantum computer attacks.

cross-posted from: https://lemmy.ml/post/26803468

https://positive-intentions.com/

A webapp for P2P E2EE messaging and file transfer. its a fairly unique approach to secure messaging.

the project isnt ready to replace any existing apps or services, but given the competative market for this kind of project, id like to push it out to get feedback.

i made an attempt to create documentation on the website, but otherwise feel free to reach out with questions about how it works.

Take control of your Discord message history. Browse and archive your messages, and easily request deletions — all while respecting Discord's guidelines

cross-posted from: https://lemmy.sdf.org/post/30517126

[...]

The start of a new government in Germany is accompanied by a turnaround in transatlantic relations and an unprecedented anti-democratic takeover of power by tech broligarchs in the United States. "Therefore, mass surveillance by tech companies is even more of a political issue than before, which a new government cannot ignore," the CCC writes on its site.

[...]

The CCC demands:

• A ban on biometric mass surveillance of public spaces and the untargeted biometric analysis of the Internet. In particular, any form of database that analyses images, videos, and audio files from the Internet for biometric characteristics in an untargeted manner will actively be dismantled. The corresponding powers of the Federal Office for Migration and Refugees will be revoked.
• Mass data retention without occasion will be rejected. Instead, more effective and rights-preserving law enforcement measures, such as the so-called ‘quick-freeze’-procedure and the ‘login trap’, should be pursued.
• Automated data analysis of information held by law enforcement agencies and any form of predictive policing or automated profiling of people are rejected. Cooperation between German and US intelligence services will be restricted, and any kind of automated mass exchange of content or metadata will be prevented.
• The full evaluation of surveillance programmes (‘Überwachungsgesamtrechnung’) will be published, continuously updated and legislation will adjust the scope of state surveillance powers accordingly.

[...]

[Edit title for clarity.]

I think those websites are over using trackers in their websites for extra profit with no care for the privacy of their users, I highly recommend avoiding them.

• The Guardian.
• The Verge.
• Wired.

For comparsion:

• Associated Press(AP).
• Al Jazeera.
• ABC.
• BBC.
• CBC.
• DW.
• France24.
• Sky News.
• The Register.
• Tech Policy Press.

Update: added Wired and more websites for comparison.

cross-posted from: https://lemmy.world/post/26342568

At launch, access to Mullvad Leta was restricted to users with a paid Mullvad VPN account, but it is now free and open to all.

Mullvad Leta has been audited by Assured.

• FAQ
• Terms of Service

Just a heads up, some of the details in the FAQ and Terms of Service seem a bit outdated and might not be accurate anymore.

Some relevant information from their FAQ section is as follows:

What can I do with Leta?

Leta is a search engine. You can use it to return search results from many locations. We provide text search results, currently we do not offer image, news or any other types of search result. Leta acts as a proxy to Google and Brave search results. You can select which backend search engine you wish to use from the homepage of Leta.

Can I use Leta as my default search engine?

Yes, so long as your browser supports changing default search engines.

Navigate to https://leta.mullvad.net/ in your browser and right-click on the URL bar.

From there you should see Add “Mullvad Leta“ with the Mullvad VPN logo to the left.

If you do not see this, you can attempt to add a custom search engine to your browser with:

• The name set to: Leta
• The URL set to: https://leta.mullvad.net/?q=%25s

You can select which backend engine to use as follows:

• Google: https://leta.mullvad.net/?q=%25s&engine=google
• Brave: https://leta.mullvad.net/?q=%25s&engine=brave

Did you make your own search engine from scratch?

We did not, we made a front end to the Google and Brave Search APIs.

Our search engine performs the searches on behalf of our users. This means that rather than using Google or Brave Search directly, our Leta server makes the requests.

Searching by proxy in other words.

What is the point of Leta?

Leta aims to present a reliable and trustworthy way of searching privately on the internet.

However, Leta is useless as a service if you use the perfect non-logging VPN, a privacy focussed DNS service, a web browser that resists fingerprinting, and correlation attacks from global actors. Leta is also useless if your browser blocks all cookies, tracking pixels and other tracking technologies.

For most people Leta can be useful, as the above conditions cannot ever truly be met by systems that are available today.

What is a cached search?

We store every search in a RAM based cache storage (Redis), which is removed after it reaches over 30 days in age.

Cached searches are fetched from this storage, which means we return a result that can be from 0 to 30 days old. It may be the case that no other user has searched for something during the time that you search, which means you would be shown a stale result.

What happens to everything I search for?

Your searches are performed by proxy, it is the Leta server that makes calls to the Google or Brave Search API.

Each search that has not already been cached is saved in RAM for 30 days. The idea is that the more searches performed, the larger and more substantial the cached results become, therefore aiding with privacy.

All searches will be stored hashed with a secret in a cache. When you perform a search the cache will be checked first, before determining whether a direct call to Google or Brave Search should be made. Each time the Leta application is restarted (due to an upgrade, or new version) server side, a new secret hash is generated, meaning that all previous search queries are no longer visible to Leta

What could potentially be a unique search would become something that many other users would also search for.

What is running on the server side?

We run the Leta servers on STBooted RAM only servers, the same as our VPN servers. These servers run the latest Ubuntu LTS, with our own stripped down custom Mullvad VPN kernel which we tune in-house to remove anything unnecessary for the running system.

The cached search results are stored in an in-memory Redis key / value store.

The Leta service is a NodeJS based application that proxies requests to Google or Brave Search, or returns them from cache.

We gather metrics relating to the number of cached searches, vs direct searches, solely to understand the value of our service.

Additionally we gather information about CPU usage, RAM usage and other such information to keep the service running smoothly.

cross-posted from: https://lemmy.world/post/26343161

Apple reportedly filed an appeal in hopes of overturning a secret UK order requiring it to create a backdoor for government security officials to access encrypted data.

"The iPhone maker has made its appeal to the Investigatory Powers Tribunal, an independent judicial body that examines complaints against the UK security services, according to people familiar with the matter," the Financial Times reported today. The case "is believed to be the first time that provisions in the 2016 Investigatory Powers Act allowing UK authorities to break encryption have been tested before the court," the article said.

Although it wasn't previously reported, Apple's appeal was filed last month at about the time it withdrew ADP from the UK, the Financial Times wrote today.

"The case could be heard as soon as this month, although it is unclear whether there will be any public disclosure of the hearing," the FT wrote. "The government is likely to argue the case should be restricted on national security grounds."

Which is better and why?

Is there an indication of superiority based on the fact Android has somewhat implemented DOH whereas they ignore DNSSEC completely? Or are they ignoring it because it's so good. That said, NextDNS also ignore DNSSEC.

cross-posted from: https://feddit.org/post/8724158

An alternative to a VPNs - afair it routes your traffic through a Tor-style network, it's FOSS software made in Austria