If I am already using a rooted but proprietary smartphone (Samsung Galaxy S23), downloading my apps from other sources than Google Play, how would Google be able to control what I do with it? If necessary, I could just stay on my current OS build as well. All in all, while politically and philosophically, Google's new policy is bad, I don't feel threatened by it with my current understand of the situation and technology...

Apparently Europe finally got Whatsapp to enable 3rd party chats making it easier to switch to more privacy friendly alternatives [article](https://about.fb.com/news/2025/11/messaging-interoperability-whatsapp-enables-third-party-chats-for-users-in-europe/) However the only other app that currently works with it is "BirdyChat"?? Have anybody found any news about when serious alternatives will be integrated?

We have no idea what content is most viral on YouTube, Meta, TikTok, LinkedIn, or X – because they refuse to share basic data. On the DSA’s Birthday (Oct 4th) we've led a “mass data access request” along with @mozilla and DSA40 Data Access Collaboratory, where a series of ~20 orgs requested daily data on their top 1,000 most-viewed posts in EU Member States. Every single one refused. Join us in demanding platform transparency. Posted on mastodon: https://chaos.social/@algorithmwatch/115620980818833875

I use Linux on all my personal computers and privacy respecting ROMs on phones, and Pi-Hole, but a part I haven't really taken a look at is my network at home. I currently have my ISP's smart router in bridge mode connected to a brand name Wi-Fi 6 router with a wireless "mesh" range extender. I really like the range extender because it has an Ethernet port so it's basically a "free" Ethernet plug for that room connected to a high power Wi-Fi transceiver that's faster than a lot of on board Wi-Fi antennas. But I feel like it's probably not the best thing privacy and security wise? I already don't use the app and luckily it still has a web interface for management, but I don't know how secure the firmware is or if it has any corporate "analytics" or not. I'm thinking a PFsense or similar router software on Linux box to connect to the bridge port of my ISP's router since I was told the "Ethernet" cable connecting from it to the fiber modem won't work with a store bought router, I assume it has some kind of DRM? I already have an old PC in mind to convert to a router. I assume I could just use the onboard Ethernet port to talk to the router and add my own USB NIC to connect to the main switch? I don't know what to do for Wi-Fi though, could I buy two dedicated access points and put them on different floors, and have them both connected to the wired network? How hard would it be to have those be the same Wi-Fi network and have devices actually switch between them depending on location? Also, most of my NICs and switches are from the thrift store or eBay for higher end used server parts. Is that bad? As in how worried should I be about the firmware running in those being tampered with by whoever owned it last?

Hello. I installed Linux Mint on a new desktop that I built about a week ago, and I'm starting to get used to it, so it's probably time to start using it for some actual life things. A couple of these do involve talking with family members all in Facebook Messenger, as well as the necessity of using Google Workspace for some work-related functions. I'm aware that using both of these is a compromise of privacy in and of itself, but I'm still interested in mitigating the damages best as I can. What steps can I take to make the usage of these as private and non-invasive as possible? If it helps at all, the browser I'm using is Firefox and the operating system is Linux Mint.

With the UK apparently floating ideas of a VPN ban it's got me worried about the future of anonymity online. Now people have already pointed out that a VPN ban doesn't make sense because of all the legitimate uses of one and wouldn't even be enforceable anyway, but that got me thinking. What if governments ordered websites (such as social media sites) to block traffic originating from a VPN node? Lots of sites already do this (or restrict your activity if they detect a VPN) to mitigate spam etc. and technically that wouldn't interfere with "legitimate" (in the eyes of the gov) VPN usage like logging onto corporate networks remotely It's already a pain with so many sites either blocking you from access or making you jump through a million captchas using VPNs now. I'm worried it's about to get a whole lot worse

Or have to go through great lengths to escape. In my country you can't buy any medicine without showing your ID... I mean, you technically can, but if you are registered they "give" like an 80% discount, so everyone thinks it's a great deal, not realizing that's the normal price, they are just pretending you can still go and buy a simple cold medicine without sharing your ID, phone, email, and street address with the drug store and whoever they decide to sell that information to, you just have to pay absurdly more. Yeah, you can lie about all the other information, but not really about your ID number. Probably soon, to get the "discount", you are going to have to verify your email or phone number as well.

I purchased a custom domain to use with mailbox.org. The MX records are setup and basic tests are working. I'm getting myname@customdomain.com showing up in my mailbox.org account. But I got confused with setting up a family member with theirname@customdomain.com Do they need to pay for a plan too? There not worried about the privacy they just want the custom email address. Is there anyway to do this for free or cheaper, without self hosting email? Side question. I've been paying for anonaddy to hide my normal @outlook account. Are there any benefits in keeping anonaddy to send emails to my custom domain. Instead of just using a catchall, or pre-configuring some aliases? The only benifits I see are - Anonaddy can make accounts on the fly - On The Fly accounts might be easier to disable than things sent to a catchall - Anonaddy dosnt reveal your domain (maybe this is the big draw card?) Thanks.

I mean for fingerprinting protections I go minimal with extensions. I only have Ublock origin. I want to keep dark reader but for fingerprinting issue I'm not doing it. So if I keep js disabled with Ublock origin (I'm doing it for a while now) and then install dark reader will websites still be able to tell that I have dark reader installed?

> Contrary to headlines suggesting the EU has “backed away” from Chat Control, the negotiating mandate endorsed today by EU ambassadors in a close split vote paves the way for a permanent infrastructure of mass surveillance. > While the Council removed the _obligation_ for scanning, the agreed text creates a toxic legal framework that incentivizes US tech giants to scan private communications indiscriminately, introduces mandatory age checks for all internet users, and threatens to exclude teenagers from digital life. The article is non-paywalled, freely readable on the link --^

Greetings! I've been daily driving a Raspberry Pi 4B as a home server for quite a while now and thought it was a great time to make the switch to a proper NAS. My current Home Server setup uses 2 Raspberry Pi's. One is where i selfhost all of the stuff i need, and one hosts my website. The Pi only has 4gb of RAM, which is ok for me. But i can't really say much about it's performance. In Jellyfin, it's struggling with streaming music. Not even a movie, a single MP3 file, it struggles with it. I tried solutions like Nextcloud for a Selfhosted Cloud Storage Solution, but it would always wipe out it's config every time the pi reboots. I am looking forward to buy a Synology NAS. Their Web interface seems intuitive (theres even docker support too) and easy to use. However, i really am concerned on what data can Synology collect off of it. So, what data can Synology collect off the NAS and is it safe in a Privacy nerd's view?

Cross posted from: https://feddit.uk/post/40232992 european funds recovery initiative Search Search... Digital Omnibus: How Big Tech Lobbying Is Gutting the GDPR HOME Related News Digital Omnibus: How Big Tech Lobbying Is Gutting the GDPR Last week we at [EFRI](https://efri.io/finleaks-a-retaliation-platform-full-of-defamation/) wrote about the *[Digital Omnibus leak](https://efri.io/the-digital-omnibus-leak-a-stealth-attack-on-the-gdpr/)* and warned that the European Commission was preparing a stealth attack on the [GDPR](https://efri.io/the-digital-omnibus-leak-a-stealth-attack-on-the-gdpr/) Since then, two things have happened: The Commission has now officially [published](https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-regulation-proposal) its Digital Omnibus proposal. noyb (Max Schrems’ organisation) has released a detailed legal analysis and new campaigning material that confirms our worst fears: this is not harmless “simplification”, it is a deregulation package that cuts into the core of the GDPR and ePrivacy. **What noyb has now put on the table** On 19 November 2025, noyb [published a new piece](https://noyb.eu/en/digital-omnibus-eu-commission-wants-wreck-core-gdpr-principles) with the blunt headline: “**Digital Omnibus: [EU](https://efri.io/recent-development-on-crypto-regulation-in-the-eu-and-in-the-us/) Commission wants to wreck core GDPR principles**” Here’s a focused summary of the four core points from noyb’s announcement, in plain language: **New GDPR loophole via “pseudonyms” and IDs** The Commission wants to narrow the definition of “personal data” so that much data under pseudonyms or random IDs (ad-tech, data brokers, etc.) might no longer fall under the GDPR. This would mean a shift from an objective test (“can a person be identified, directly or indirectly?”) to a subjective test (“does this company currently want or claim to be able to identify someone?”). Therefore, whether the GDPR applies would depend on what a company says about its own capabilities and intentions. Different companies handling the same dataset could fall inside or outside the GDPR. For users and authorities, it becomes almost impossible to know ex ante whether the GDPR applies – endless arguments over a company’s “true intentions”. Schrems’ analogy: it’s like a gun law that only applies if the gun owner admits he can handle the gun and intends to shoot – obviously absurd as a regulatory concept. arzh-CNnlenfrdeitptrues european funds recovery initiative Search Search... Digital Omnibus: How Big Tech Lobbying Is Gutting the GDPR HOME Related News Digital Omnibus: How Big Tech Lobbying Is Gutting the GDPR Last week we at EFRI wrote about the Digital Omnibus leak and warned that the European Commission was preparing a stealth attack on the GDPR Since then, two things have happened: The Commission has now officially published its Digital Omnibus proposal. noyb (Max Schrems’ organisation) has released a detailed legal analysis and new campaigning material that confirms our worst fears: this is not harmless “simplification”, it is a deregulation package that cuts into the core of the GDPR and ePrivacy. What noyb has now put on the table On 19 November 2025, noyb published a new piece with the blunt headline: “Digital Omnibus: EU Commission wants to wreck core GDPR principles” Here’s a focused summary of the four core points from noyb’s announcement, in plain language: New GDPR loophole via “pseudonyms” and IDs The Commission wants to narrow the definition of “personal data” so that much data under pseudonyms or random IDs (ad-tech, data brokers, etc.) might no longer fall under the GDPR. This would mean a shift from an objective test (“can a person be identified, directly or indirectly?”) to a subjective test (“does this company currently want or claim to be able to identify someone?”). Therefore, whether the GDPR applies would depend on what a company says about its own capabilities and intentions. Different companies handling the same dataset could fall inside or outside the GDPR. For users and authorities, it becomes almost impossible to know ex ante whether the GDPR applies – endless arguments over a company’s “true intentions”. Schrems’ analogy: it’s like a gun law that only applies if the gun owner admits he can handle the gun and intends to shoot – obviously absurd as a regulatory concept. **Weakening ePrivacy protection for data on your device** Today, Article 5(3) ePrivacy protects against remote access to data on your devices (PCs, smartphones, etc.) – based on the Charter right to the confidentiality of communications. The Commission now wants to add broad “white-listed” exceptions for access to terminal equipment, including “aggregated statistics” and “security purposes”. Max Schrems finds the wording of the new rule to be extremely permissive and could effectively allow extensive remote scanning or “searches” of user devices,ces as long as they are framed as minimal “security” or “statistics” operations – undermining the current strong protection against device-level snooping. **Opening the door for AI training on EU personal data (Meta, Google, etc.)** Despite clear public resistance (only a tiny minority wants Meta to use their data for AI), the Commission wants to allow Big Tech to train AI on highly personal data, e.g. 15+ years of social-media history. Schrems’ core argument: People were told their data is for “connecting” or advertising – now it is fed into opaque AI models, enabling those systems to infer intimate details and manipulate users. The main beneficiaries are US Big Tech firms building base models from Europeans’ personal data. The Commission relies on an opt-out approach, but in practice: Companies often don’t know which specific users’ data are in a training dataset. Users don’t know which companies are training on their data. Realistically, people would need to send thousands of opt-outs per year – impossible. Schrems calls this opt-out a “fig leaf” to cover fundamentally unlawful processing. On top of training, the proposal would also privilege the “operation” of AI systems as a legal basis – effectively a wildcard: processing that would be illegal under normal GDPR rules becomes legal if it’s done “for AI”. Resulting in an inversion of normal logic: riskier technology (AI) gets lower, not higher, legal standards. **Cutting user rights back to almost zero – driven by German demands** The starting point for this attack on user rights is a debate in Germany about people using GDPR access rights in employment disputes, for example to prove unpaid overtime. The German government chose to label such use as “abuse” and pushed in Brussels for sharp limits on these rights. The Commission has now taken over this line of argument and proposes to restrict the GDPR access right to situations where it is exercised for “data protection purposes” only. In practice, this would mean that employees could be refused access to their own working-time records in labour disputes. Journalists and researchers could be blocked from using access rights to obtain internal documents and data that are crucial for investigative work. Consumers who want to challenge and correct wrong credit scores in order to obtain better loan conditions could be told that their request is “not a data-protection purpose” and therefore can be rejected. This approach directly contradicts both CJEU case law and Article 8(2) of the Charter of Fundamental Rights. The Court has repeatedly confirmed that data-subject rights may be exercised for any purpose, including litigation and gathering evidence against a company. As Max Schrems points out, there is no evidence of widespread abuse of GDPR rights by citizens; what we actually see in practice is widespread non-compliance by companies. Cutting back user rights in this situation shifts the balance even further in favour of controllers and demonstrates how detached the Commission has become from the day-to-day reality of users trying to defend themselves. **EFRI’s take: when Big Tech lobbying becomes lawmaking** For EFRI, the message is clear: the Commission has decided that instead of forcing Big Tech and financial intermediaries to finally comply with the GDPR, it is easier to move the goalposts and rewrite the rules in their favour. The result is a quiet but very real redistribution of power – away from citizens, victims, workers and journalists, and towards those who already control the data and the infrastructure. If this package goes through in anything like its current form, it will confirm that well-organised corporate lobbying can systematically erode even the EU’s flagship fundamental-rights legislation. That makes it all the more important for consumer organisations, victim groups and digital-rights advocates to push back – loudly, publicly and with concrete case stories – before the interests of Big Tech are permanently written into EU law.

Hello everyone! First of all, thanks a lot for the [amazing response](https://lemmy.world/post/38696249) and interest in Journiv. We have [hundreds of stars](https://github.com/journiv/journiv-app/stargazers), thousands of [docker pull](https://hub.docker.com/r/swalabtech/journiv-app) and many many [feature request](https://github.com/journiv/journiv-app/issues) (and bugs reports) on Github in just two weeks (sleepless two weeks for me :)). [Journiv](https://journiv.com/) v0.1.0-beta.8 is out and in it I have added the most requested features. **Highlights:** * OIDC support (now pretty stable) * In app [one click export-import](https://www.youtube.com/watch?v=rQRpQbyExMU) with history. So you always have your memories safe and backed up even if you don't want to deal with docker backups * Role Based Access Control for user management. * Many quality of life features and bug fixes. * Read the release notes [here](https://github.com/journiv/journiv-app/releases/tag/v0.1.0-beta.8) Journiv began as a deeply personal project, a way for me to capture memories, reflections, and the stories behind thousands of photos and videos of my fast-growing kids. What started as a tool for my own parenting journey has grown into something that fills a real gap in the self-hosting community. If you’re curious, you can read the full story behind Journiv [here](https://journiv.com/blog/the-story-behind-journiv). I’m grateful that Journiv is now helping others preserve their memories as well. **The Journey Ahead** Journiv is in active development, with a fully functional backend, a web frontend, and mobile apps launching soon. It is self-hosted, and designed to be your companion for decades. Journiv is being built because our memories deserve to be ours, forever. **So this Thanksgiving, give your family the gift of memories that last forever!**

**Solved:** Thanks to all who commented, especially those who took the time to respond to my follow-up questions. Your responses were enough to convince me of the value of buying a custom domain in order to keep one's true email address private w/ the added benefit of working on websites that block known domains of temp/forwarding service providers. Key takeaways: - Forwarding services' shared domains are useful for blending in w/ the crowd. (credit to @Cricket@lemmy.zip) - Custom domains are handy when you don't care about blending in and you want to use a website that blacklists known domains of disposable/forwarding service providers, including the paid-tier domains. - Deciding whether to enable catch-all: - Enabled: You can make up new addresses without having to configure the alias manually each time, but it's also easier for spammers to guess valid addresses. - Disabled: It's more difficult for spammers to guess valid addresses, but you'll have to configure your aliases manually *unless* you have regex matching for automatic creation of new aliases. With regex matching for automatic creation of new aliases, disabling catch-all has few if any downsides. - Regex matching: Seems to provide the best of all worlds by making it harder for spammers to guess valid addresses without having to configure aliases manually each time. - For aliases, including a string of random characters after the company name makes it harder for spammers to guess your other aliases and/or learn where else you have accounts by spamming emails to every `$companyname@example.com` and seeing which ones bounce back. (credit to @erebion@news.erebion.eu) **Original post:** I've recently signed up for an email forwarding service w/ aliases so that I can keep my true email address private when I sign up for new websites and services. I should clarify that I'm less concerned about *concealing my identity* as I am about protecting my real email address, identifying who leaked my info when my email address is compromised, and being able to stop the spam by turning off that alias. While updating my existing profiles to point to aliases instead of my real address, I've hit a snag - some sites (Steam, Slack, etc) won't allow me to update my email address to any known domains from my email forwarding service. On these sites that block email forwarding addresses, for now I'm either updating my existing email address w/ a plus sign if the website allows it, otherwise I'm just leaving my existing email address unchanged. It's not the end of the world, they already have my real email address, and I can probably go a Very Long Time without needing to check those inboxes anyway, but I'm still miffed that I can't completely migrate my existing accounts to my new scheme. I've read numerous posts about the benefits of custom domains to enable portability of email service providers, and I'm wondering if custom domains are the answer to these sites that disallow forwarding addresses, but I have questions: - How do other people deal with this situation? - Do these websites that block known email forwarding domains typically work on a whitelist or blacklist model? If the former (whitelist), then I'm thinking a custom domain will have the same problem, but if the latter (blacklist), then I reckon a custom domain with catchall might work. - Particularly owners of custom domains, do you find your custom domain is allowed more often than not or do you run into the same problem? EDIT: Clarified my objectives.

[Donate](https://grapheneos.org/donate) [Discord Server](https://discord.gg/grapheneos) [Message Link](https://discord.com/channels/1176414688112820234/1176434676311797760/1442528725370540208)

The drama and accusations the GrapheneOS developers are spewing and engaging in are giving me a bad taste in the mouth and make me doubt the OS’s reliability am I the only one?

Our latest blog post is aimed at people who 'get it' about online privacy, but who struggle to convince friends and family to take it seriously. We hope it helps!

Cross posted from: https://feddit.uk/post/39979350 [TRANSLATED ARTICLE] **EU chat control comes – through the back door of voluntariness** The EU states have agreed on a common position on chat control. Data protection advocates warn against massive surveillance. What is in store for us? After lengthy negotiations, the EU states have agreed on a common position on so-called chat control. Like from one Minutes of negotiations of the Council working group As can be seen, Internet services will in future be allowed to voluntarily search their users' communications for information about crimes, but will not be obliged to do so. The Danish Council Presidency wants to get the draft law through the Council "as quickly as possible", "so that the trilogue negotiations can begin promptly", the minutes say. Feedback from states should be limited to "absolute red lines". **Consensus achieved** The majority of States supported the compromise proposal. At least 15 spoke in favor, including Germany and France. Germany "welcomed both the deletion of the mandatory measures and the permanent anchoring of voluntary measures", said the protocol. However, other countries were disappointed. Spain in particular "continued to see mandatory measures as necessary, unfortunately a comprehensive agreement on this was not possible". Hungary also "seen voluntariness as the sole concept as too little". Spain, Hungary and Bulgaria proposed "an obligation for providers to detect, at least in open areas". The Danish Presidency "described the proposal as ambitious, but did not take it up to avoid further discussion. The organization Netzpolitik.org, which has been reporting critically on chat control for years, sees the plans as a fundamental threat to democracy. "From the beginning, a lobby network intertwined with the security apparatus pushed chat control", writes the organization. “It was never really about the children, otherwise it would get to the root of abuse and violence instead of monitoring people without any initial suspicion.” Netzpolitik.org argues that "encrypted communication is a thorn in the side of the security apparatus". Authorities have been trying to combat private and encrypted communication in various ways for years. A number of scholars criticize the compromise proposal, calling voluntary chat control inappropriate. "Their benefits have not been proven, while the potential for harm and abuse is enormous", one said open letter. According to critics, the planned technology, so-called client-side scanning, would create a backdoor on all users' devices. Netzpolitik.org warns that this represents a "frontal attack on end-to-end encryption, which is vital in the digital world". The problem with such backdoors is that "not only the supposedly 'good guys' can use them, but also resourceful criminals or unwell-disposed other states", argues the organization. **Signal considers withdrawing from the EU** Journalists' associations are also alarmed by the plans. The DJV rejects chat control as a form of mass surveillance without cause and sees source protection threatened, for which encrypted communication is essential. The infrastructure created in this way can be used for political control "in just a few simple steps", said the DJV in a statement Opinion. The Messenger service Signal Already announced that it would withdraw from the EU if necessary. Signal President Meredith Whittaker told the dpa: “Unfortunately, if we were given the choice of either undermining the integrity of our encryption or leaving Europe, we would make the decision to leave the market.” **Next steps in the legislative process** The Permanent Representatives of the EU states are due to meet next week on the subject, followed in December by the Ministers of Justice and Home Affairs, these two bodies are due to approve the bill as the Council's official position. The trilogue then begins, in which the Commission, Parliament and Council must reach a compromise from their three draft laws. Parliament had described the original plans as mass surveillance and called for only unencrypted suspect content to be scanned. The EU Commission had originally proposed requiring Internet services to search their users' content for information about crimes without cause and to send it to authorities if suspected.

I wanted to share an interesting statistic with you. Approximately 1 out of every 25 people with a Google Pixel phone is running [GrapheneOS](http://grapheneos.org/) right now. While it's difficult to get an exact number, we can make educated guesses to get an approximate number. How many GrapheneOS users are there? According to [an estimate](https://grapheneos.social/@GrapheneOS/115594050576298731) released by GrapheneOS today, the number of GrapheneOS devices is approaching 400,000. This estimate is based on the number of devices that downloaded recent GrapheneOS updates. Some users may have multiple devices, such as organizations, and some users may download and flash updates externally, but it's the best estimate we have. How many Google Pixel users are there? Despite Google's extensive data collection, this one is surprisingly harder to estimate, since Google hasn't released an exact number. There's a number floating around that Google has 4-5% of the smartphone market, which is between 10 million and 13.2 million users **in the United States**. I can't find the source of where this information came from. That number is problematic, too, because Japan [supposedly](https://www.statista.com/chart/25463/popularity-of-google-smartphones/) uses more Google Pixel phones than the United States. The Pixel 9 series was also a [big jump in market share](https://www.theshortcut.com/p/google-pixel-9-sales-2024) for Google. I couldn't find any numbers smaller than 10 million, and it made the math nice, so that is what I went with. Putting the numbers together, it means that 4% of Google Pixel users are running GrapheneOS. That means in a room of 25 Google Pixel users, 1 of them will be a GrapheneOS user. If you include all custom Android operating systems, that number would certainly be much, much higher. To put it into perspective, each pixel in this image represents ~5 Google Pixel users. Each white pixel represents that those ~5 people use GrapheneOS:  Even with generous estimates to Google's market share, GrapheneOS still makes up a large portion of their users.

Hi everyone, I’m considering setting up: A dedicated email address (e.g., first.last@proton.me or similar) A separate phone number (via Free, Google Voice, or another provider) Exclusively for: Administrative tasks (taxes, banking, etc.) Communication with family and close friends Goal: Minimize my personal data exposure to GAFAM and other platforms, while keeping a reliable way for loved ones to reach me. **Issue: Even with this separation, if my friends or family share my info (e.g., my number or email) with their services (Facebook, WhatsApp, etc.), my identity will eventually be linked back to these platforms. How can I mitigate this risk?** Questions: Is this approach actually effective, or am I missing something? What solutions do you use to protect your data in similar situations? Are there alternatives for staying in touch with loved ones without exposing my identity to GAFAM? Thanks in advance for your insights and advice!

>The CLI is now in beta version and available for Visionary supporters, with a broader availability across paid plans coming soon.

Since the Internet is going to shit, even in the Western world, I'm looking for ways to avoid the corporate and governmental grip that is coming our way. Is I2P a viable solution? I figure if it can resist China and Iran's level of censorship/surveillance, we should be good in the West, at least for awhile.

So, I have a profile at Tumblr to archive a specific media's contents. (It's in Portuguese) I currently use tumblr, but is there some other page I should use to get better privacy? I've been considering Mastodon.

Christmas is coming, we recently had a newborn, and we aren't sharing pictures of them on social media. But of course, we'd like to share photos with family, and a digital photo frame seems like an ideal way to do that. I'm _considering_ a solution with Immich, and found [ImmichFrame](http://immichframe.online/). This _doesn't_ recommend making it available to the internet, however, but running it on a Raspberry Pi with only the images we intend to share this way seems like a reasonable amount of risk. Regarding Immich Frame, how does it handle when the server is unavailable, when say, my IP address changes? Ideally, I don't want this gift to become a series of tech support problems, there's good reason I haven't offered family access to anything else I self host. Also, what frames do y'all recommend? Not looking to break the bank here, as I may be buying several. I assume something simple and Android would be best, maybe even something that can have its OS replaced with stock? I'd hate to get stuck with something locked down and unworkable, or that introduces its own broad privacy/security issues. Lastly, please feel free to suggest other alternatives. Maybe there's a solution that sends images encrypted and decrypts them on device, and doesn't require me to self-host Immich, for example?

I just got a message on my app forcing me to agree to let the app look at when I scroll and scan what apps I have on my phone, in the name of "preventing hackers" which kinda sucks. Any banks that actually respect your privacy in Australia? or does anyone have tips to make banking more private? Yes I know graphene-os has sandboxing, no I'm not buying a new phone.

I always remember WannaCry as a reason to keep Windows updated (no, I wasn't affected by it), but every new update is full of AI bloat :S I keep all the communication with the mothership blocked and open just the Wuauserv, Bits and few domains just for updates, and every new update that are new services trying to call home, and this one update sitting here waiting for me to allow internet access I read the content and it is very descriptive about "Copilot+ PCs unique features", "AI-Powered experience", "Accessibility and input" (they added AI to a bunch of stuff), "User interface and experience" (more AI and widgets), then they say they added this Windows Hello and Windows Share that I don't even want to know, and for security all they say is "Critical security fixes are included to help keep your system protected against emerging threats." but to get this I need to get all their AI crap that might be a bigger security and privacy risk than whatever "Critical security fix" they included :S

Cross posted from: https://feddit.uk/post/39979757 After Germany blocked the October vote, Europe’s surveillance proposal didn’t die—it evolved. Denmark’s November compromise claims to abandon mandatory scanning while preserving identical outcomes through legal sleight of hand. The repackaging reveals the essential dynamic: when democratic opposition defeats mass surveillance, proponents don’t accept defeat. They redraft terminology, shift articles, and reintroduce the same architecture under different labels until resistance exhausts itself. The pattern is documented across five iterations. Sweden’s January-June 2023 presidency failed. Belgium couldn’t secure passage in June 2024. Hungary’s presidency ended December 31, 2024 without achieving agreement. Poland’s presidency collapsed in January-June 2025 when 16 pro-scanning states refused meaningful compromise. Each defeat produced not withdrawal but repackaging: “chat control” became “child sexual abuse regulation,” “scanning” became “detection orders,” “mandatory” became “risk mitigation,” and “breaking encryption” became “lawful access.” October’s blocking minority forced Denmark’s hand, but rather than accepting defeat, Justice Minister Peter Hummelgaard withdrew the proposal on October 31 and immediately began drafting version 2.0. The Loophole Disguised as Compromise Denmark’s November 5 revised text removes Articles 7-11’s “detection orders”—the language mandating scanning. Privacy advocates initially celebrated. Then legal experts read Article 4. The provision requires all communication providers implement “all appropriate risk mitigation measures” to prevent abuse on their platforms. Services classified as “high risk”—essentially any platform offering encryption, anonymity, or real-time communications—face obligations that experts argue constitute mandatory scanning without using the word “mandatory.” Continue reading this article - https://restmedia.st/the-voluntary-trap-how-denmark-repackaged-chat-control-after-defeat/

*Edit*: Samsung Keyboard (in the personal profile) was reinstalled probably after a system update and was the culprit. The issue is now solved. Thank you for your comments. I have made a work profile using Shelter. I was copy-pasting some stuff in my personal profile while the work profile was disabled. Later, I discovered everything I had copied was showing up in Samsung Keyboard's clipboard history (in the work profile). Personal profile's Samsung Keyboard was uninstalled via ADB (among some other packages like Google Play Services). What package could be the culprit? (I'd love to just install LineageOS on it but there isn't a built for the device yet. I just don't use it for sensitive stuff.)

Friends and I are considering some travelling around the world, including perhaps a trip to China. There is much negative press on the state of digital privacy in China, but what exactly should I pay attention to if I do visit? If I am your typical privacy enthusiast with a GrapheneOS phone and Linux laptop, how might I prepare for the trip privacy-wise? I'd also love to hear any firsthand experience as to which concerns are myths and which ones are real.

MEGA has a C rating in tosdr.org. I still use it, but should I change services for a better privacy? I will soon have to pay for more space, and am afraid of what will happen to my bank data.

My mother currently uses WhatsApp but really doesn’t like the way it looks and feels. She’s not very tech-savvy, so I want to find a messaging app that is: Easy to use for someone older Similar core functionality (text, voice, video) Privacy-friendly if possible ___ She originally got into WhatsApp because while using regular texting, random messages wouldn't go through, due to the whole ios/android wars. ___ I’ve looked at Signal, Threema, Session, and a few others, but I’m not sure which would be the smoothest transition from WhatsApp for her. What would you recommend for older users who are coming from WhatsApp but want something simpler or more pleasant to use?

Cross posted from: https://lemmy.world/post/39114169 **How to opt out** Opting out requires you to change settings in two places, so I’ve tried to make it as easy to follow as possible. Feel free to let me know in the comments if I missed anything. To fully opt out, you must turn off Gmail’s “Smart features” in two separate locations in your settings. Don’t miss one, or AI training may continue. Step 1: Turn off Smart Features in Gmail, Chat, and Meet settings Open Gmail on your desktop or mobile app. Click the gear icon → See all settings (desktop) or Menu → Settings (mobile). Find the section called Smart Features in Gmail, Chat, and Meet. You’ll need to scroll down quite a bit. Smart features settings Uncheck this option. Scroll down and hit Save changes if on desktop. Step 2: Turn off Google Workspace Smart Features Still in Settings, locate Google Workspace smart features. Click on Manage Workspace smart feature settings. You’ll see two options: Smart features in Google Workspace and Smart features in other Google products. Smart feature settings Toggle both off. Save again in this screen. Step 3: Verify if both are off Make sure both toggles remain off. Refresh your Gmail app or sign out and back in to confirm changes. Why two places? Google separates “Workspace” smart features (email, chat, meet) from smart features used across other Google apps. To fully opt out of feeding your data into AI training, both must be disabled. Note Your account might not show these settings enabled by default yet (mine didn’t). Google appears to be rolling this out gradually. But if you care about privacy and control, double-check your settings today.

Damn... I guess the next idea is going offline for good

cross-posted from: https://lemmy.world/post/39088745 > Lenovo or ASUS? Trying to figure out which laptop to go with. > > Which company has a better reputation (in quality, privacy...), or are they both bad? > EDIT: I have come to the conclusion that both Lenovo and ASUS are extremely terrible, anyone who sees this post should go straight to framework laptop

Being sanctioned by USA nowadays means getting banned from 90% of commercial internet. This is a clear example that being careful is not paranoia but valid precaution.

Crossposted from https://lemmy.dbzer0.com/post/57854507 -----