Like, there's a lot of people freaking out about Apple ending End to End encryption in iCloud in UK. I'm just like: So What? It was probably backdoored from the beginning

So is Big Tech's E2E actually not backdoored? Or is that just a PR stunt to trick people into trusting iCloud, and this is a secret honeypot? 🤔

What are your thoughts?

https://positive-intentions.com/

A webapp for P2P E2EE messaging and file transfer. its a fairly unique approach to secure messaging.

the project isnt ready to replace any existing apps or services, but given the competative market for this kind of project, id like to push it out to get feedback.

i made an attempt to create documentation on the website, but otherwise feel free to reach out with questions about how it works.

I think those websites are over using trackers in their websites for extra profit with no care for the privacy of their users, I highly recommend avoiding them.

• The Guardian.
• The Verge.
• Wired.

For comparsion:

• Associated Press(AP).
• Al Jazeera.
• ABC.
• BBC.
• CBC.
• DW.
• France24.
• Sky News.
• The Register.
• Tech Policy Press.

Update: added Wired and more websites for comparison.

Firewalls are a great way to tell if new apps are secrely installed

Btw what is the key verifier thing?

Hi guys!

I'm looking for a Proton alternative. So far I've seen these two recommended. I was wondering what are the pros/cons of each? Seems Tutanota offers more bang for the buck in mailbox size etc, but I'm not sure. I'd also like to have a better integration with Android, because Proton's email/calendar apps suck big time.

Thanks!

TL;DR: I'm writing a program that could be used by a malicious user to track people. Do I license it under GPLv3 to guarantee user freedom, or do I use a more restrictive license to prevent abuse?

Introduction

Hello! I'm a software developer with quite a bit of experience in automotive electronics, and I've run into a bit of an ethical dilemma, and I'd like to get some input from people who care about the same issues I do.

ALPR

If you already know what ALPR is, you can skip to the next section.

As a brief background for those who aren't familiar, automated license plate recognition (ALPR) is a rapidly growing technology that detects, records, and logs license plates, typically on public roads. This technology is almost always pushed as a safety measure to protect the populations under surveillance. The argument generally goes that people should be willing to give up some privacy if it means helping police identify stolen vehicles, AMBER alerts, and more. If you're a member of this Lemmy community, I don't think I need to explain why I think this is a terrible idea.

V0LT Predator

Predator is my attempt to take on this industry with a highly private alternative to traditional ALPR. In short, Predator is completely open source, runs entirely locally (with no telemetry/data mining), and uses independent hot-lists to decide what plates to alert to. The idea is that instead of a government agency setting up thousands of cameras to track hundreds of thousands of vehicles, individual users can set up cameras in their own vehicles, and help track down relevant vehicles (like AMBER alerts with associated license plates) indepdently. I figure this bottom-up approach can reduce the severity of mass surveillance and data centralization without entirely giving up the advantages of ALPR.

The danger with ALPR is when someone has access to so much centralized data that they can form a map of everywhere a specific vehicle has been. This is not something that's realistically possible on the scale of an individual user operating independently.

I realize many people will probably be entirely opposed to the idea of building an ALPR platform in the first place, but I hope you can understand my motivation.

Growth

Predator started as a brief personal challenge, but rapidly turned into one of my most advanced products. As far as I can tell, it is currently the only active open source ALPR ecosystem, and is the most popular alternative to SaaS ALPR platforms like Rekor and Flock Safety.

The issue is that this growth came with surging demand for many of the features supported by traditional ALPR services. I've had to walk a very fine line with making Predator valuable enough as a product to replace traditional mass-surveillance without turning it into a mass-surveillance product in itself. My decision making when considering new features has primarily been based on these two features:

1. Is this feature useful to individual private users? (people with Predator dash-cams, home security systems, etc)
2. Would this feature make it easier for a state agency or company to conduct mass surveillance?

As I'm sure you can image, this is an extremely gray area, but I think I've managed to walk the line pretty effectively so far.

The Problem

That leads us to the latest problem. There's been a lot of interest in some kind of product to organize and centralize license plate data collected by individual Predator instances. For example, a university police department running parking enforcement might want to identify plates that haven't purchased a parking pass. I think this use-case is fair, since all vehicles being monitored implicitly consent by purchasing a pass, and vehicles are not followed off-campus. That being said, this is one of those products I've been hesitant to add, since it would absolutely make it possible to use Predator as a mass surveillance tool.

The other day, I started developing a system like this internally, and it was a bit terrifying how effectively it worked. With a $80 off-the-shelf camera system, I was able to track dozens of vehicles after driving around for ~15 minutes.

The Dilemma

Here's the dilemma. If I hosted this service as an online-only product (which is the current plan), I could pretty effectively prevent it from being used for mass surveillance. For example, I plan to limit accounts to a few hundred unique vehicles unless they apply for an override. Customers with legitimate use cases can be granted overrides with geofenced areas to fill their use-case (i.e. the university campus from the previous example). However, this significantly compromises user control, since they would have to go through my services to use the product.

Typically, I would prefer to make the software entirely open source and self-hostable under the AGPLv3. However, this would make it trivially easy for a government agency or business to set up a mass scale surveillance system.

I'm struggle to decide how to approach this issue. Have I backed myself into a corner with this one? I'd love to hear everyone's thoughts on this dilemma, and the Predator ecosystem as a whole.

Joan Westenberg mentioned this in her "Trump-proof tech stack" post; anyone have any experience with this? It says it's open source, self-hostable, and based in France.

Unfortunate Andy Yen comments aside, a big plus is that cozy actually has a Linux desktop client (!), unlike Proton.

cross-posted from: https://feddit.nl/post/29675306

I am not the author.

I found this blog to have both a short summary of the reasons as well as a pretty complete overview of the options for protecting against this specific threat model. I can just send this to people and they'll understand the why and the how.

YouTube link: https://youtu.be/wVyu7NB7W6Y

Invidious link: https://inv.nadeko.net/watch?v=wVyu7NB7W6Y

Sorry for the formatting... Tried to remove the URL for better readability, but there seems some kind of bug.

TLDW

• hack phones remotely just knowing it's phone number
• Intercept 2FA sms
• Intercept phone calls
• Reroute phone calls
• Geolocation of a target

I dunno if it has already been posted/discussed here but this kinda blew my mind ! Sorry there's a lot of clickbait but the general subject is interesting...

I never heard of SS7 and have actually no idea how the whole phone system communication works but that's kinda scary...

Yes we are probably not the first target with this "hack" nor is it as easy as exposed in this video and nor do we have 14k $ to spend on this, but that's not out of reach for some people. I mean it's not as expensive as Pegasus and people with the mean and some good stable income can probably misuse this system for targeting specific vulnerable people (example in the video).

Had never heard of this before today. Anyone tried it?

EDIT: "Being a fork of Mozilla Thunderbird, the software collects some data about the user, less than the original Mozilla Thunderbird, as outlined in Thunderbird's privacy statement. No data is submitted to Betterbird, some data may be submitted to Mozilla. No telemetry and no crash reports are submitted, however, add-on updates and blocklists are downloaded from Mozilla sites. Betterbird offers a product Start Page which processes access data as described above."

Does the Proton VPN iOS app route all DNS queries through the tunnel, and ultimately to their DNS servers, on both cellular and Wi-Fi?

I figure WiFi will for but I only have a very basic understanding of how cellular data works and I am pretty new to the privacy conscious networking game. So maybe this is a stupid ass question but I’d appreciate any insight!

P.S. this is my first real post into the fediverse! Be gentle.

On Linux and Android. What are privacy oriented alternatives to Firefox now that it's no longer trustworthy?

The ability to sync between devices would be a huge bonus, even just on a local network.

They have several apps on F-Droid, which is usually a good sign . . .

EDIT: But try to sign up and they want your name, address, and phone number. Forget it!

A common situation in my life is the following: a small-ish organization consisting of somewhere from 3 to 50 people need some type of way to be reached as a group. The current solution is to have an email adress, normally with a password that is shared in some way among the trusted subset of members that need to be able to access the email directly.

The solution isn't great for multiple reasons:

• Sharing a password among multiple people isn't great, 2FA is tricky
• Most email communication are readable by the email provider, unless PGP is correctly used. For most people, PGP is non-trivial to use correctly, and meta-data will not be encrypted even with correctly used PGP.

But it has the following upsides:

• A single stable address to reach the group
• Communication is gathered in one place, searchable, possible to for multiple members to track communication with someone that has reached out.
• Easy to use from any device anywhere

Ideally we'd like all of these things: sensible access controls, some level of transparency within the org regarding who has responded to what messages, an address that is easy to share with people outside the group, minimal (meta)data accessible by the providers, and easy to use across devices.

How do you handle this? What would your recommendation be? I have considered setting up a Signal account, but having multiple signal accounts on a single device is non-trivial, as is setting it up on a new device, meaning that probably each group would need a single dedicated device, which isn't super practical.

cross-posted from: https://lemmy.today/post/24809302

also i can't self-host.

Opting out of ATT seems like the most obvious no-brainer, but are there options for phone service that are actually halfway decent?

Or as an alternative, would it be feasible to get some kind of internet phone/texting service, use that over wifi, or maybe have a basic data plan to go with it at most?

https://archive.ph/ein6g

The video presents how far British government has come to spy on its citizens and some call for them to wake up and fight for their privacy!

Does the school you go to need to know that you have the Signal app installed on your phone, checking with the Signal servers in the background for new messages? Even if you chose to use a VPN to tunnel your traffic entirely, is there no other option but for your employer to witness you connected to a foreign VPN server? If you connected to a point at your home, even that could be interpreted that you have something hide.

You could have two phones with different sets of apps in your pocket (one for “business” and one for everything else), but you if you don’t want that you have to ask:

Is there a firewall for Android that can block your usual traffic from leaving the device, by turning on a specific profile based on something like the Wi-Fi name? There are quite a few traffic blockers, such as RethinkDNS, Netguard, or personalDNSfilter, but they assume you want to block the same set of traffic regardless of time and place.

cross-posted from: https://lemmy.world/post/26233189

"Android System SafetyCore’ claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application."

If you don't want to navigate android settings you can also simply uninstall it from the Play Store https://play.google.com/store/apps/details?id=com.google.android.safetycore

Additionaly you can install this placeholder app to prevent Google from reinstalling it every time it updates: https://github.com/daboynb/SafetyCore-placeholder