"The space researcher was allegedly randomly checked on arrival, during which his professional computer and personal telephone were allegedly searched. Similarly, messages about the Trump administration’s treatment of scientists have been found."

Here's my problem: every F(L)OSS and E2EE solution that I know of requires other people to download an app or log in.

I want to reduce the friction for others to communicate for me. I want to give a business card with a URL where people can go and immediately send messages to my Matrix or my email or something, and they don't need to log in at all.

They just open their browser, go to snek_boi.io or whatever and a chat appears.

A couple of years ago, I was suggested Cactus Comments. I suppose that works, but I was wondering if there are other solutions. I was wondering if now there was an even easier solution for my purposes.

I bought a Garmin Forerunner 255 watch that I want to use only with Gadgetbridge. There is an old software version on the watch and I want to update it and I don't want to connect it with Garmin Connect or Garmin Express app?

I have looked for the possibility to do an “offline” update but have not found it. Maybe the community will help?

And by burned, I mean "realize they have been burning for over a year". I'm referring to a bug in the Tor Browser flatpak that prevented the launcher from updating the actual browser, despite the launcher itself updating every week or so. The fix requires manual intervention, and this was never communicated to users. The browser itself also doesn't alert the user that it is outdated. The only reason I found out today was because the NoScript extension broke due to the browser being so old.

To make matters worse, the outdated version of the browser that I had, differs from the outdated version reported in the Github thread. In other words, if you were hoping that at least everybody affected by the bug would be stuck at the same version (and thus have the same fingerprint), that doesn't seem to be the case.

This is an extreme fingerprinting vulnerability. In fact I checked my fingerprint on multiple websites, and I had a unique fingerprint even with javascript disabled. So in other words, despite following the best privacy and security advice of:

1. using Tor Browser
2. disabling javascript
3. keeping software updated

My online habits have been tracked for over a year. Even if Duckduckgo or Startpage doesn't fingerprint users, Reddit sure does (to detect ban evasions, etc), and we all know 90% of searches lead to Reddit, and that Reddit sells data to Google. So I have been browsing the web for over a year with a false sense of security, all the while most of my browsing was linked to a single identity, and that much data is more than enough to link it to my real identity.

How was I supposed to catch this? Manually check the About page of my browser to make sure the number keeps incrementing? Browse the Github issue tracker before bed? Is all this privacy and security advice actually good, or does it just give people a false sense of security, when in reality the software isn't maintained enough for those recommendations to make a difference? Sorry for the rant, it's just all so tiring.

I'm getting ready to move off of Google (and Private Internet Access), and Proton is looking like the best option. But I'm nervous. Some of the things I worry about:

• Calendar support: I rely really heavily on Google Calendar. How will I share events with others? And what will I do without Google Tasks?
• VPN App Quality: Seeing some mixed reviews on Proton VPN Android app.
• Proton ethics & politics: Look, I really don't want to open up the holy war here. My big stipulation is: I don't want my money to go to a company that will donate its money or services to fascists. To my knowledge, Proton does not do that. I know they made a post that seemed to praise GOP antitrust efforts. I do not believe that that is the same thing as lending material support for fascists. (And, as someone who is very well read-in on antitrust issues, I'll say that -- for a lot of complicated reasons -- there is some truth to Proton's post, but I wish they had framed it as a critique of the corporate wing of the Democratic party and not praise of the GOP.)
• Anything else I haven't thought to ask.

So, folks who have made the switch: What do you wish you had known? What do you wish you had done to make the move easier?

Thank you for your advice.

Porn companies must take strong action to protect privacy and prevent future harms

On March 3, 2025 Canada’s Privacy Commissioner announced that Pornhub’s practices fail to ensure meaningful consent has been obtained from everyone appearing in videos uploaded to the platform. (Shutterstock)

Elaine Craig, Dalhousie University

At a time of increased emphasis on buying Canadian, the country’s porn consumers can presumably rest easy. A Canadian business, Ethical Capital Partners (ECP), owns the world’s largest porn website, Pornhub. But do Canadian porn users have nothing to worry about?

On March 3, Canada’s privacy commissioner announced that Pornhub’s practices fail to ensure meaningful consent has been obtained from everyone appearing in videos uploaded to the platform, and that he will seek a federal court order directing Pornhub to comply with Canada’s privacy laws.

When ECP acquired Aylo (then called MindGeek), which owns Pornhub and other porn businesses, the company made numerous public statements. ECP’s executives stated in a release that Aylo was “built upon a foundation of trust, safety and compliance.” ECP executives also stated they were confident the company operates “legally and responsibly.”

However, class actions and individual lawsuits brought by women who allege Pornhub distributed videos of them without their consent, reports in 2020 of child rape videos on the platform and allegations of widespread content piracy do not align with ECP’s claims about Pornhub’s origins.

Privacy commissioner’s report

ECP’s assertion that Pornhub was built on trust and safety is also refuted by the privacy commissioner’s findings. In 2024, Commissioner Philippe Dufresne released a critical report regarding Aylo, following a complaint by a woman who alleged her ex-boyfriend uploaded a sexually explicit video of her to Pornhub without her consent. The video was copied and shared online hundreds of times.

The commissioner found that in 2015, when the video was posted, Pornhub’s process for ensuring consent was “wholly ineffective,” and that this had “devastating consequences for thousands of individuals whose intimate images were shared” without their knowledge and consent.

Dufresne stated the company was still failing “to ensure that it has obtained valid and meaningful consent from all individuals depicted in content uploaded to its websites.” He maintained this position in his announcement on March 2. ECP, which disputes the commissioner’s findings, launched unsuccessful legal proceedings to prevent Dufresne’s report from being published, delaying its release by nearly a year.

Numerous women have alleged horrific stories about their efforts to have videos removed from Pornhub that they did not consent to have uploaded (or in some cases, even created), only to be met with delay, a lack of response and administrative obstacles.

Today, Pornhub’s systems for verifying consent and responding to take-down requests are significantly more robust; they are likely superior to the mechanisms used by other platforms. But the lawsuits, testimony from victimized women and the commissioner’s report suggest this is hardly a company “built upon a foundation of trust, safety and compliance.” And according to the Dufresne, Pornhub is still not compliant with the law.

Harmful content

When they acquired the company, ECP executives told the media they bought Aylo to promote “consensual and sex-positive adult entertainment.” Academic research, including my own, has examined content on porn platforms that depicts the sexual assault of sleeping or unconscious women, the sexual abuse of children by their fathers or step-fathers and the use of misogynistic meta-data — video titles, tags, and content categories — to promote content to users.

Depictions, including fictional ones, of sexual assault by step-fathers against step-daughters, or of sexual acts imposed upon sleeping women, are not sex-positive. Using misogynistic video titles and tags to organize and amplify hateful assertions about women and adolescent girls is not sex-positive.

Pornhub’s content moderation policies prohibit this type of harmful content. If Pornhub consistently enforced its own rules regarding depictions of non-consensual sex, hate speech and community standards, the depictions of sexual assault and the hateful and discriminatory titles, tags and categories of porn that I found in my research would not be present.

The company could presumably do this, given its claim that every piece of content on its site is approved by human moderators, and the success it has had relative to other platforms in eliminating and preventing child sexual abuse material.

The harms posed by fictional depictions of sexual assault, and the use of misogynistic titles and tags to promote porn, are significantly heightened because of the nature of the porn business today. Porn has changed enormously in the last decade. It has become social media.

Contemporary porn’s ubiquity and social media character greatly enhance its capacity to shape our sexual culture, including in harmful ways. (Shutterstock)

Porn as social media

Like big tech generally, and social media in particular, the porn industry is shaped by search engine optimization, algorithms, data and the advertising revenue that drives the internet’s attention economy. As a result, porn is now freely available to anyone with a cellphone, exploding rates of consumption. And like other forms of social media, porn today is interactive.

These technological changes in the porn industry reveal that, if made easily accessible, many people will watch porn. Indeed, close to 10 per cent of Canadians visit Pornhub every day.

Contemporary porn’s ubiquity and social media character greatly enhance its capacity to shape our sexual culture, including in harmful ways. Broad social engagement with any practice, including the consumption of sexually explicit material, informs our relationships, norms and values. Eroticizing the sexual assault of unconscious women or step-daughters, or deploying misogynistic hate speech to shock, entice and arouse large segments of our communities, shapes how we understand and relate to consent, allegations of sexual assault and concepts of sexual desire.

There is nothing inherently harmful about watching porn, and not all porn contributes negatively to our social environment. However, ECP’s claims about the history of the world’s largest porn company suggest a lack of accountability regarding the tremendous harm that porn websites cause women and girls.

Transparency and accountability

Given porn’s heightened role in shaping our sexual culture in a platform society, content that depicts sexual assault or is framed in the language of misogyny is harmful to all of us. Presumably, this is why Pornhub’s policies prohibit this type of content. But content moderation rules are only as good as their enforcement.

ECP says it rebranded Aylo to reflect a “renewed commitment to…trust and safety” and to allow “the company to refocus its efforts to lead by example through transparency and public engagement.” The type of leadership that ECP contemplates requires a commitment to the truth and a willingness to rigorously uphold one’s own rules: the kind of commitment and willingness exhibited by Canada’s privacy commissioner, in this case.

To “lead by example,” ECP should start with transparency and forthright public accountability regarding the foundations upon which Pornhub was actually built and how it operated for many years. This must be followed by compliance with the privacy commissioner’s recommendations, and insistence that Pornhub’s content moderation policies are consistently and rigorously enforced.

Elaine Craig, Professor of Law, Dalhousie University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

“Private browsing” on most browsers isn’t comprehensive or easy to use. Klar is next-level privacy that’s free, always on and always on your side — because it’s backed by Mozilla, the non-profit that fights for your rights on the Web.

i was using Focus as a quick less secure browser that doesn't break official websites. I uninstalled it after Mozilla's changes to terms of use/service.

Is Klar, like IronFox, a cleaned fork? If not, why is Guardian project serving it as next level privacy?

https://x.com/mer__edith/status/1705639399503929643 (https://archive.md/yEaDA)

https://x.com/lorenzofb/status/1705341371014422845 (https://archive.md/0DMFA)

https://www.computerweekly.com/news/366552520/New-revelations-from-the-Snowden-archive-surface (https://archive.md/q95Al)

I haven't played Minecraft since 2015, but I get the feeling I might again in the new few years as I wanna find new hobbies. I know that game has changed a whole lot but I don't have any official online data on it.

I've had this Microsoft account for over a decade and its probably full of personal information that I wanna let go of, I've already exported all my data. I would need to pay $30 for another copy of Minecraft, same price I paid in 2013. I just did a bunch of searching and its not possible to transfer my Minecraft license to another account.

I am starting to use a RSS feed (Akregator). I intend to use it to follow youtube channels, and try to learn what else it can do. What kind of privacy issues should I be aware of? Are there settings I can use to improve privacy? I use a vpn, is there something else I should do?

I know Whatsapp several tenants of privacy, but outside of North America, everybody has Whatsapp. We need to unify to spread the message of Signal as an alternative, not SimpleX.

Anyways, I've noticed a pattern as I do have Whatsapp, when I get random texts that looks suspicious, I use the app "Open In WhatsApp" and enter the phone number from the text to start a chat in Whatsapp, and 99% of the time it says that phone number is not registered for Whatsapp, thereby showing it is most likely spam. Of course that is not 100% of the case, as some people don't use Whatsapp, some businesses do use Whatsapp, but it can be a safe bet if the text number is not on Whatspp, it's very very likely spam and best to block without replying

I saw a post on here months of someone posted their reply to a text that said something like "Hi, my name is Sharon, who will you most likely vote for in the next election?" with a list of options. and they boastfully got suckered to take the bait and fell into the trap. By replying, they showed it was a live and valid number to now sell their phone number to other spammers. Never ever reply to a random message until you can guarantee who that came from.

Gee, it's almost as if Zuck has zero morals...

cross-posted from: https://lemmy.bestiver.se/post/265273

Comments

cross-posted from: https://programming.dev/post/26664400

Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs.

Armed with this new tool, which enables raw access to Bluetooth traffic, Tarlogic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.

In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake. The issue is now tracked under CVE-2025-27840.

I use Qwant as my default search engine because I thought it was more respectful of my privacy than Google or Bing and DuckDuckGo is not giving so good results in my country (for localization related searches).

I noticed that the engine was removed from the default engines for URL bar in latest IronFox version. So I searched a bit about why so, and found this issue in their tracker : https://gitlab.com/ironfox-oss/IronFox/-/issues/47.

What to think about this ? The message from ironfox dev seems clear but qwant seems to claim that the shared data are anonymized.

Any way to semi achieve the image search like pinterest without using it? I've tried using google, technically it should give the same or better results but how the hell pinterest gives better search results. Also pinterest removes the context behind the image and is a privacy nightmare. I want to move away from it.

------\\------- Anyone wondering what did I end up with? Here's what I am doing. I have deactivated my pinterest account and if I specifically want results from pinterest and pinterest only then I use services such as binterest (actually that the only one working right now) and if I instant like something I take a pic of it and save in my proton drive (cloud) and if I need more recommendations out of it then I just use the google image search on that image and there's a camera like icon if you click on it, it shows more closely related images and I think that works the best instead of the general related stuff that come up upon selecting the image (the sidebar) and I keep doing that on every next image I click on.

Update: https://darkmentor.com/blog/esp32_non-backdoor/

Hello everyone,

I'm reaching out to the community to see if anyone is aware of a resource or webpage that tracks and lists VPN providers' servers, particularly focusing on their status in relation to being targeted or banned by major services like Cloudflare, Google, etc.

As privacy advocates, we understand the importance of staying informed about the effectiveness and reliability of VPN services, especially in the face of increasing scrutiny and restrictions. Having access to a centralized and up-to-date list would be incredibly beneficial for users looking to make informed decisions about their privacy tools.

If such a resource exists, please share the link or any relevant information. If not, giving a the idea to the community. Your insights and contributions are greatly appreciated!

Thank you for your time and assistance.

Just in time for 10 years of Tuta/Tutanota, we are launching the most significant security upgrade of Tuta Mail with TutaCrypt. This groundbreaking post-quantum encryption protocol will secure emails with a hybrid protocol combining state-of-the-art quantum-safe algorithms with traditional algorithms (AES/ECC) making Tuta Mail the world's first email provider that can protect emails from quantum computer attacks.

Using Mullvad on Linux Mint, I see a number of settings and have no idea what they are for. DAITA, Multihop, Local Network Sharing, API Access. I would like to keep Mullvad VPN on all the time, but still be able to use Freetube and Grayjay. Also not break too many websites, although that seems to be more of a Librewolf setting issue. Can anyone recommend settings for Mullvad that I should be using?

YouTube won't let me watch this video with my VPN on. Is this a new thing?