A court ordered Google to pay $425 million after finding the company misled 98 million users about data collection through its "Web & App Activity" setting[^1]. The case revealed Google continued gathering user data via Firebase, a monitoring database embedded in 97% of top Android apps and 54% of leading iOS apps, even after users disabled data collection[^1]. Google's internal communications showed the company was "intentionally vague" about its data collection practices because being transparent "could sound alarming to users," according to district judge Richard Seeborg[^1]. This ruling adds to Google's recent privacy settlements, including: - $392 million paid to 40 states in 2023 for location tracking violations - $40 million to Washington state for similar location tracking issues - $1.38 billion to Texas in 2025 over location tracking and incognito mode claims[^1] Google plans to appeal the $425 million verdict, with spokesperson Jose Castaneda stating "This decision misunderstands how our products work" and asserting that Google honors user privacy choices[^1]. [^1]: [Malwarebytes - Google misled users about their privacy and now owes them $425m, says court](https://www.malwarebytes.com/blog/news/2025/09/google-misled-users-about-their-privacy-and-now-owes-them-425m-says-court)

So I had researched it a while ago and don't recall having found anything effective and non-suspicious to protect from public camera mass survaillence in cities and the like. Is there anything that is a good option for that yet, and if so, could you point me toward it?

I've used mullvad for quite a long time, but because it doesn't have port forwarding, its created some concerns with media sharing. Ive seen TorGuard and AirVPN as the main 2 that are recommended. Are they as trustworthy as Mullvad?

Hey there, i have a domain (.de-domain, registered with netcup) that i would like to use for my email-provider, but i am hesitant. Why i am hesitant: I don't want that people might be able to find out my name/adress that is registered with my domain. If some service does not need my personal data, i simply don't want them to be able to access them. It's as simple as that. I read that a whois-check could reveal my data, but the situation seems more complicated. At least, i couldn't reveal my personal data with a whois-check. Why i would like to use my own domain: I want to be more independent from my mail-provider. I am not that tech-savvy, so sorry if this is a silly question. I tried searching, but didn't found anything, probably because keywords like domain bring up lots of different topics.

In case anyone is interested in a digital exodus: https://mastodon.social/@patrickleavy/115182449720835182 ETA a link with more details: https://www.rebeltechalliance.org/collectiveaction.html

I use GrapheneOS and love my privacy. However, I am not as knowledge in regards to simcards. My family needed to get a new simcard while abroad and I was hesitant to get a new simcard and preferred to 'hitchhike' on a family members internet thearing so he could get a simcard instead of me. It left me with the choice to: * Get a Sim card * Get an e-sim * Let a family member get a simcard and hitchhike from their internet. (Internet hotspot thearing) My question: Was my worry in vain and I could actually get an e-sim/Sim or did I do it correctly, making someone else get a Sim and share the internet to me? :P What I'm worried of, is that I'm currently outside EU and I don't want any weird hacking attempts towards me from the government. There are a lot of protests here, quite violent ones at times too, and I am aware that governments usually use stingrays or equivalent devices to identify or stalk people of interest.

And **all** service providers/hosts around the world are expected to **comply**. Here's one summary of the looming access control measures. Reading and understanding all this (and the linked sources) feels so.. difficult, obtuse, complex.

We all hate google and youtube, but overall as a community we're all simultaneously lukewarm and non-committal about pushing towards using an alternative. I admittedly cling to invidious frontends for dear life. It seems like whenever somebody asks for an alternative to youtube, they're offered Odysee and Peertube, but inevitably many others chime in about the shortcomings of both of those platforms. Can we as a community come to a consensus as to which of these platforms should be pushed forward? I don't even think it needs to be a binary choice. Obviously youtube cannot be immediately replaced for it's archival of educational and tutorial videos, but we can at least push newcomers towards using invidious frontends for those instances. Maybe Odysee is better for some type of content over Peertube. Let's discuss which platform works best for what and try to be more active about sharing and promoting them not just to viewers but potential creators as well. If you go to share a youtube link, try to see if that video exists on an alternate platform first and share that link instead. I think that's a good first step towards getting away from youtube in the privacy community. But youtube alternatives are still very much on the fringe and I'm hoping this post will at least inspire some discussion about changing that.

Private company - but can they be trusted to maintain user privacy? [Hostinger](https://www.hostinger.com/) is a (German?) company that provides web hosting, vps and other services.

cross-posted from: https://lemmy.bestiver.se/post/613592 > [Comments](https://news.ycombinator.com/item?id=45221274)

cross-posted from: https://programming.dev/post/37278389 > >  > > > > Optical blur is an inherent property of any lens system and is challenging to model in modern cameras because of their complex optical elements. To tackle this challenge, we introduce a high‑dimensional neural representation of blur—the lens blur field—and a practical method for acquisition. > > > > The lens blur field is a multilayer perceptron (MLP) designed to (1) accurately capture variations of the lens 2‑D point spread function over image‑plane location, focus setting, and optionally depth; and (2) represent these variations parametrically as a single, sensor‑specific function. The representation models the combined effects of defocus, diffraction, aberration, and accounts for sensor features such as pixel color filters and pixel‑specific micro‑lenses. > > > > We provide a first‑of‑its‑kind dataset of 5‑D blur fields—for smartphone cameras, camera bodies equipped with a variety of lenses, etc. Finally, we show that acquired 5‑D blur fields are expressive and accurate enough to reveal, for the first time, differences in optical behavior of smartphone devices of the same make and model.

So google now requires Id verification for submitting apps to android, what does it mean for Foss apps, for Foss stores like fdroid and for future development?

The EU Commission is lying open on social media about chat control. Tomorrow EU governments debate about Chat control 2.0 Use the [fightchatcontrol.eu](https://fightchatcontrol.eu/) email tool to make yourself heard [EUCommission Mastodon post](https://ec.social-network.europa.eu/@EUCommission/115180569539039179) [‘Danger to Democracy’ patrick-breyer](https://www.patrick-breyer.de/en/danger-to-democracy-500-top-scientists-urge-eu-governments-to-reject-technically-infeasible-chat-control/)

cross-posted from: https://lemmy.zip/post/48551495

I use mailbox.org. Mailbox.org provides an "encrypted mailbox" feature, which PGP encrypts incoming unencrypted emails. The server can of course intercept incoming messages, but it can't look at the entire backlog unless it was compromised the entire time. Alternatively, using POP3 instead of IMAP (at least with the default settings) deletes emails from the server after downloading, whenever my laptop is connected. Thus, the server can intercept incoming messages, but not the entire backlog. Of course, both of these have downsides. The encrypted mailbox is PGP, so it misses important details like the subject lines and source addresses. Meanwhile, POP3 can leave my mail entirely unprotected for as long as I'm offline, and it also means that I can't access it from anything other than my laptop, and means that I have to do manual backups. Which is more important in terms of security, or should I use both? I'm looking for the legal perspective of law enforcement (In Canada and Germany, home to myself and my email provider respectively), but also that of some hacker who's trying to get into my (and everyone else's) accounts. Would there be a server software that I could use to download emails from mailbox.org over POP3 and then provide them to all my own devices over IMAP? That might, in some sense be the best of both worlds. Right now, I am using both POP3 and the encrypted mailbox, but convenience is definitely not optimal, so I'd like to change if it can be done safely.

Can someone tell me why an Android launcher should have Internet access..? Been on the hunt for a new launcher but am not installing software which I fail to see having to use the net to operate...just like keyboards...another one that has me scratch my head

I am currently using Librewolf. But Zen & floorp browser looks beautiful. What do you suggest? I personally like the looks of Zen. I would also appreciate any tips to make Zen more secure than it already is. **Edit**: consider this too Negative post about zen: [https://www.reddit.com/r/LibreWolf/comments/1ezumu7/comment/ljnjx2b/](https://www.reddit.com/r/LibreWolf/comments/1ezumu7/comment/ljnjx2b/) Positive post about zen: [https://www.reddit.com/r/browsers/comments/1fz7j9s/comment/lqzklza/](https://www.reddit.com/r/browsers/comments/1fz7j9s/comment/lqzklza/)

I have been finding more and more videos being recommended on my homepage which I search about even though my privacy paths I follow seem good enough. So this is how it goes: - I come across a term I don't know on a Lemmy post. - I open my browser, Cromite which has been set to priv.au, a searx instance, as the default search engine. - Search the word and don't even open any links to know, just reading the meaning of this term out from the subtexts present on search results. - And then I open YouTube and scroll a bit on homepage to find a video on that term. This has happened to me twice in past few days and I am not understanding which service of mine is giving it away. To add more about my setup, I'm on mobile btw, using FUTO keyboard and using Duckduckgo VPN which blocks cross-app tracking. My mobile lemmy client is Voyager. I don't even interact with the post containing that term. I just open it up, read the post and the comments. No upvoting no commenting. Who's the culprit here?

>The United States has emerged as the largest investor in commercial spyware—a global industry that has enabled the covert surveillance of journalists, human rights defenders, politicians, diplomats, and others, posing grave threats to human rights and national security.

Something I hardly see mentioned here is encryption for data such as on your PC. My modus operandi is to encrypt all the things. This is a little .bat script I came up with to lock all drives, except the C: drive, all in one click. It resides on my desktop as an icon, and i can lock all drives in a couple seconds vs doing it drive by drive. Not sure if anyone here could use it, but I thought I'd share. I am sure that some of you real coders here could fine tune it a bit, and I'd be open to suggestions. ``` @echo off REM Script to lock multiple BitLocker drives with admin privileges REM Check for administrative privileges net session >nul 2>&1 if %errorlevel% neq 0 ( echo This script requires administrative privileges. echo Requesting elevation... REM Create a VBS script to trigger UAC prompt echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\elevate.vbs" echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\elevate.vbs" cscript //nologo "%temp%\elevate.vbs" del "%temp%\elevate.vbs" exit /b ) REM List of drives to lock set drives=D: G: I: H: E: F: P: J: REM Loop through each drive and lock it for %%d in (%drives%) do ( echo Locking drive %%d... manage-bde -lock %%d -ForceDismount ) echo All specified drives have been locked. pause ```

What are the options for increased privacy in how you pay for things where you live? Cash is the obvious answer, but what about buying stuff online? UK here. Thinking of ditching cards/contactless for good old cash. No idea about online payments - not doing anything illegal so might persevere with cards for now. Zero experience with crypto.

> > San Francisco billionaire Chris Larsen once again has wielded his wallet to keep city residents under the eye of all-seeing police surveillance. > > > > The San Francisco Police Commission, the Board of Supervisors, and Mayor Daniel Lurie have signed off on Larsen’s $9.4 million gift of a new Real-Time Investigations Center. The plan involves moving the city’s existing police tech hub from the public Hall of Justice not to the city’s brand-new police headquarters but instead to a sublet in the Financial District building of Ripple Labs, Larsen’s crypto-transfer company. Although the city reportedly won’t be paying for the space, the lease reportedly cost Ripple $2.3 million and will last until December 2026. > > > > The deal will also include a $7.25 million gift from the San Francisco Police Community Foundation that Larsen created. Police foundations are semi-public fundraising arms of police departments that allow them to buy technology and gear that the city will not give them money for.

cross-posted from: https://lemmy.zip/post/48322335 > > The EU is planning to strike a deal with the US that would let the Department of Homeland Security and other agencies search European databases to identify people posing “a threat to US security,” according to a proposal published by the European Commission at the end of July.

cross-posted from: https://programming.dev/post/37353326

Was forced to use WhatsApp a while ago and didn't want to give Facebook my phone number. Got a pretty cheap prepaid SIM, forced myself through the KYC, used it for close to a year without issues. Now they want me to top it up with at least 15€ to avoid cancelation. Surely there's a cheaper way? Edit: Looking to buy one in Germany

I really don’t get why so many people are turning this into a privacy versus anonymity debate when the real problem is censorship. Yes, Signal needs a phone number to sign up, but replacing that with an email or username doesn’t make it anonymous. The real issue is that governments are blocking the registration SMS, so people can’t even sign up for the app in the first place. Sure, there are workarounds, but most people aren’t going to jump through all those extra hoops just to use an app. If we want to spread privacy, how do we do that when Signal's phone number requirement is actively working against us? Instead of arguing over privacy versus anonymity, shouldn’t we focus on making sure everyone can access Signal without issues? What do you think?

I found this to be an interesting watch in layering security/ privacy rather than throwing the hail mary at a VPN and expecting it to keep you anonymous. https://youtu.be/1opKW6X88og

In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet messages, important documents, or anything else you don’t want to lose forever. This explains why the most common feature request has been backups; a way for people to get Signal messages back even if their phone is lost or damaged. After careful design and development, we are now starting to roll out secure backups, an opt-in feature. This first phase is available in the latest beta release for Android. This will let us further test this feature in a limited setting, before it rolls out to iOS and Desktop in the near future. Here, we’ll outline the basics of secure backups and provide a high-level overview about how they work and how we built a system that allows you to recover your Signal conversations while maintaining the highest bar for privacy and security. ### Secure Backups 101 Secure backups let you save an archive of your Signal conversations in a privacy-preserving form, refreshed every day; giving you the ability to restore your chats even if you lose access to your phone. Signal’s secure backups are opt-in and, of course, end-to-end encrypted. So if you don’t want to create a secure backup archive of your Signal messages and media, you never have to use the feature. If you do decide to opt in to secure backups, you’ll be able to securely back up all of your text messages and the last 45 days’ worth of media for free. If you want to back up your media history beyond 45 days, as well as your message history, we also offer a paid subscription plan for US$1.99 per month. This is the first time we’ve offered a paid feature. The reason we’re doing this is simple: media requires a lot of storage, and storing and transferring large amounts of data is expensive. As a nonprofit that refuses to collect or sell your data, Signal needs to cover those costs differently than other tech organizations that offer similar products but support themselves by selling ads and monetizing data. ### Anatomy of Secure Backups: Privacy First, Always At Signal, our commitment to privacy informs which features we build and the ways that we build them. Using the same zero-knowledge technology that enables Signal groups to work without revealing intimate metadata, backup archives are stored without a direct link to a specific backup payment or Signal user account. At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it. You can generate a new key if you choose. We recommend storing this key securely (writing it down in a notebook or a secure password manager, for example). These choices are part and parcel of Signal’s guiding mission to collect as close to no data as possible, and to make sure that any information that is required to make Signal robust and usable cannot be tied back to the people who depend on Signal. This is why wherever there’s a choice between security and any other objective, we’ve prioritized security. ### Enabling Secure Backups If you want to opt in to secure backups, you can do so from your Signal Settings menu. For now, only people running the latest beta version of Signal on Android will be able to opt in. But soon, we’ll be rolling this feature out across all platforms. Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive. Only you can decrypt your backup archive, which will allow you to restore your message database (excluding view-once messages and messages scheduled to disappear within the next 24 hours). Because your secure backup archive is refreshed daily, anything you deleted in the past 24 hours, or any messages set to disappear are removed from the latest daily secure backup archive, as you intended. ### Backing up, moving forward We’re excited to introduce secure backups, making sure you can retain access to your Signal messages even when your phone is lost or destroyed. But secure backups aren’t the end of the road. The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices. Secure backups are available in today’s Android beta release. A full public release, along with iOS and Desktop support, is coming soon.

Hi. I know the most privacy-oriented (and best-working) phone OS is GrapheneOS, but I was wondering about other, less well-known ones, such as [VollaOS](https://volla.online/en/operating-systems/volla-os/) (modified Android), [Sailfish OS](https://sailfishos.org/) or [Ubuntu Touch](https://www.ubuntu-touch.io/). Are they private? Do they work? Can I run Android applications on them (VollaOS and SailfishOS) without too much effort? I like using Linux, but I rely on many Android apps, such as navigation, mobile banking, the Garmin app, and many others. Do you have any experience with these operating systems?

cross-posted from: https://discuss.tchncs.de/post/44544181 > I read about Google's decision of not releasing the firmware source code going forward. Is it still the case? If it is, should one purchase any Pixel 8/9/10 series in hope of keeping it for a long time? > > I am planning to purchase a new Pixel 9 (used ones are not an option unfortunately) during the Black Friday or something. It will be a substantial amount but I am hoping it will be justified with amortisation. > > Sorry if this is a dumb question, but I cannot find a clear cut answer in the forums.

cross-posted from: https://lemmy.ml/post/35909566 > SMH @ activists using techno-fascist platforms for communications during an operation subject to state-actor level interference. I thought we recognised and acknowledged this problem 15-20 years ago already. > > https://xcancel.com/CraigMurrayOrg/status/1965431513320927706 >

cross-posted from: https://programming.dev/post/37120773 > [Complaint](https://storage.courtlistener.com/recap/gov.uscourts.cand.455911/gov.uscourts.cand.455911.3.0_1.pdf).

As Signal get your phone number. Can we considerate this application as private ? What's your thoughts about it ? I'm also using SimpleX, ElementX, Threema, but not much people using it... Cheers

I’ve been seeing this more and more in comments, and it’s got me wondering just how big this issue really is. A lot of people feel trapped in apps like Discord, WhatsApp, and Instagram, but can’t get their friends to leave. It’s really annoying when you suggest trying something new, whether it’s a different app or just not using these platforms so much but sometimes it can feel like no one wants to go first. So I’m curious, what apps do you feel most trapped in? And have you tried convincing your friends to leave them? What happened? Is it an issue for you, or are you just going along with the flow? Looking forward to hearing if this is as common as it feels!