>The Federal Trade Commission's Office of Technology has issued a warning to automakers that sell connected cars. Companies that offer such products "do not have the free license to monetize people’s information beyond purposes needed to provide their requested product or service," it wrote in a blog post on Tuesday. Just because executives and investors want recurring revenue streams, that does not "outweigh the need for meaningful privacy safeguards," the FTC wrote. >In 2023, the Mozilla Foundation published an extensive report examining the various automakers' policies regarding the use of data from connected cars; the report concluded that "cars are the worst product category we have ever reviewed for privacy." >The FTC is not taking specific action against any automaker at this point. Instead, the blog post is meant to be a warning to the industry. It says that "connected cars have been on the FTC's radar for years," although the agency appears to have done very little other than hold workshops in 2013 and 2018, as well as publishing guidance for consumers reminding them to wipe the data from their cars before selling them. >The FTC says the easiest way to comply is to not collect the data in the first place.

>With the latest version of Firefox for U.S. desktop users, we’re introducing a new way to measure search activity broken down into high level categories. This measure is not linked with specific individuals and is further anonymized using a technology called OHTTP to ensure it can’t be connected with user IP addresses. > >Let’s say you’re using Firefox to plan a trip to Spain and search for “Barcelona hotels.” Firefox infers that the search results fall under the category of “travel,” and it increments a counter to calculate the total number of searches happening at the country level. > >Here’s the current list of categories we’re using: animals, arts, autos, business, career, education, fashion, finance, food, government, health, hobbies, home, inconclusive, news, real estate, society, sports, tech and travel. > >Having an understanding of what types of searches happen most frequently will give us a better understanding of what’s important to our users, without giving us additional insight into individual browsing preferences. This helps us take a step forward in providing a browsing experience that is more tailored to your needs, without us stepping away from the principles that make us who we are. > >We understand that any new data collection might spark some questions. Simply put, this new method only categorizes the websites that show up in your searches — not the specifics of what you’re personally looking up. > >Sensitive topics, like searching for particular health care services, are categorized only under broad terms like health or society. Your search activities are handled with the same level of confidentiality as all other data regardless of any local laws surrounding certain health services. > >Remember, you can always opt out of sending any technical or usage data to Firefox. Here’s a step-by-step guide on how to adjust your settings. We also don’t collect category data when you use Private Browsing mode on Firefox. >The Copy Without Site Tracking option can now remove parameters from nested URLs. It also includes expanded support for blocking over 300 tracking parameters from copied links, including those from major shopping websites. Keep those trackers away when sharing links!

>Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA. >Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.

>Political campaigns tap into the same intrusive adtech tracking systems used to deliver online behavioral ads. We saw a glimpse into how this worked after the Cambridge Analytica scandal, and the system has only grown since then. >In 2020, Open Secrets found political groups paid 37 different data brokers at least $23 million for access to services or data. These data brokers collect information from browser cookies, web beacons, mobile phones, social media platforms, and more. >These political data brokers make a lot of promises to campaigns. TargetSmart claims to have 171 million highly accurate cell phone numbers, and i360 claims to have data on 220 million voters. They also tend to offer specialized campaign categories that go beyond the offerings of consumer-focused data brokers. Check out data broker L2’s “National Models & Predictive Analytics” page, which breaks down interests, demographics, and political ideology—including details like "Voter Fraud Belief," and "Ukraine Continue." The New York Times demonstrated a particularly novel approach to these sorts of profiles where a voter analytics firm created a “Covid concern score” by analyzing cell phone location, then ranked people based on travel patterns during the pandemic. >As streaming video services integrate more ad-based subscription tiers, that likely means more political ads this year. One company, AdImpact, projects $1.3 billion in political ad spending on “connected television” ads in 2024. >Political ad spending on Google (mostly through YouTube) is projected to be $552 million, while Facebook is projected at $568 million. >Managing the flow of all this data might feel impossible, but you can take a few [important steps](https://www.eff.org/deeplinks/2024/04/how-political-campaigns-use-your-data-target-you) to minimize what’s out there. The chances you’ll catch everything is low, but minimizing what is accessible is still a privacy win.

>The EU's Data Protection Board (EDPB) has told large online platforms they should not offer users a binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising. >In October last year, the social media giant said it would be possible to pay Meta to stop Instagram or Facebook feeds of personalized ads and prevent it from using personal data for marketing for users in the EU, EEA, or Switzerland. Meta then announced a subscription model of €9.99/month on the web or €12.99/month on iOS and Android for users who did not want their personal data used for targeted advertising. >At the time, Felix Mikolasch, data protection lawyer at noyb, said: "EU law requires that consent is the genuine free will of the user. Contrary to this law, Meta charges a 'privacy fee' of up to €250 per year if anyone dares to exercise their fundamental right to data protection."

- Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals – essentially traditional hospitals with emergency departments – and their findings were that 96 percent of their websites transmitted user data to third parties. - Not all sites had privacy policies and of those that did, only 56% disclosed specific third parties receiving data. - Google and Meta (through Facebook Pixel) were on nearly every site and received the most data. Adobe, Verizon, Oracle, Microsoft, Amazon also received data. - Common data shared included IP addresses, browser info, pages visited, referring site. - Sharing data poses privacy risks for visitors and legal/regulatory risks for hospitals if policies don't comply with laws. - A class action lawsuit against Mass General Brigham and Dana-Farber resulted in an $18.4M settlement over sharing patient data. - Researcher calls for hospitals to collaborate with computer science departments to design more private websites. Also recommends privacy tools to block third party tracking. >But in the meantime, and in lieu of any federal data privacy law in the US, protecting personal information falls to the individual. And for that, Friedman recommends browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains. "It impacts your browsing experience almost none," he explained. "It's free. And you will be shocked at how much tracking is actually happening, and how much data is actually flowing to third parties." **Note**: Although Friedman recommends Ghostery and Privacy Badger, [uBlock Origin](https://github.com/gorhill/uBlock#readme) is generally considered a better privacy-enhancing browser extension. Additionally, there exist [multiple approaches](https://avoidthehack.com/how-to-block-ads) for adblocking and tracker blocking beyond the browser extension model.

**The purpose of this post is not to endorse the use of Reddit ([](https://tosdr.org/en/service/194)), but rather to inform users of a privacy-friendly approach in case they need to utilize the platform.** Redlib is a private front-end like [Invidious](https://github.com/iv-org/invidious) but for Reddit. - 🚀 Fast: written in Rust for blazing-fast speeds and memory safety - ☁️ Light: no JavaScript, no ads, no tracking, no bloat - 🕵 Private: all requests are proxied through the server, including media - 🔒 Secure: strong [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) prevents browser requests to Reddit - Self-hostable Redlib currently implements most of Reddit's (signed-out) functionalities but still lacks [a few features](https://github.com/redlib-org/redlib/issues). ### Redlib [Instances](https://github.com/redlib-org/redlib/blob/main/README.md#instances) (If a particular instance doesn't work, try others to see if they work) |URL|Network|Version|Location|Behind Cloudflare?|Comment| |-|-|-|-|-|-| |https://safereddit.com|WWW|v0.31.0|🇺🇸 US||SFW only| |https://l.opnxng.com|WWW|v0.31.0|🇸🇬 SG||| |https://libreddit.projectsegfau.lt|WWW|v0.31.0|🇱🇺 LU||| |https://libreddit.bus-hit.me|WWW|v0.31.0|🇨🇦 CA||| |https://reddit.invak.id|WWW|v0.31.0|🇧🇬 BG||| |https://redlib.catsarch.com|WWW|v0.31.2|🇺🇸 US||| |https://reddit.idevicehacked.com|WWW|v0.31.0|🇺🇸 US||| |https://redlib.freedit.eu|WWW|v0.31.2|🇺🇸 US||| |https://redlib.perennialte.ch|WWW|v0.31.0|🇦🇺 AU|✅|| |https://redlib.tux.pizza|WWW|v0.31.0|🇺🇸 US||| |https://redlib.vimmer.dev|WWW|v0.31.2|🇵🇱 PL||| |https://libreddit.privacydev.net|WWW|v0.31.0|🇫🇷 FR||| |https://lr.n8pjl.ca|WWW|v0.31.2|🇨🇦 CA||| |https://reddit.owo.si|WWW|v0.31.0|🇩🇪 DE||| |https://redlib.ducks.party|WWW|v0.31.0|🇳🇱 NL||| |https://red.ngn.tf|WWW|v0.31.0|🇹🇷 TR||| |https://red.artemislena.eu|WWW|v0.31.0|🇩🇪 DE||Be crime do gay| |https://redlib.dnfetheus.xyz|WWW|v0.31.0|🇧🇷 BR|✅|| |https://redlib.cow.rip|WWW|v0.31.0|🇮🇳 IN|✅|| |https://libreddit.eu.org|WWW|v0.31.0|🇩🇪 DE||| |https://r.darrennathanael.com|WWW|v0.31.0|🇺🇸 US||contact noc at darrennathanael.com| |https://redlib.kittywi.re|WWW|v0.31.0|🇫🇷 FR||| |https://redlib.privacyredirect.com|WWW|v0.31.0|🇫🇮 FI||| |http://redlib.r4focoma7gu2zdwwcjjad47ysxt634lg73sxmdbkdozanwqslho5ohyd.onion|Tor|v0.31.0|🇩🇪 DE|✅|| |http://redlib.catsarchywsyuss6jdxlypsw5dc7owd5u5tr6bujxb7o6xw2hipqehyd.onion|Tor|v0.31.2|🇺🇸 US||| |http://libreddit.g4c3eya4clenolymqbpgwz3q3tawoxw56yhzk4vugqrl6dtu3ejvhjid.onion|Tor|v0.31.0|🇫🇷 FR||| |http://reddit.pk47sgwhncn5cgidm7bofngmh7lc7ukjdpk5bjwfemmyp27ovl25ikyd.onion/|Tor|v0.31.0|🇩🇪 DE||| |http://red.lpoaj7z2zkajuhgnlltpeqh3zyq7wk2iyeggqaduhgxhyajtdt2j7wad.onion|Tor|v0.31.0|🇩🇪 DE||Onion of red.artemislena.eu| For information on instance uptime, see the [Uptime Robot status page](https://stats.uptimerobot.com/mpmqAs1G2Q). # Comparison This section outlines how Redlib compares to Reddit in terms of speed and privacy. ## Speed Last tested on January 12, 2024. Results from Google PageSpeed Insights ([Redlib Report](https://pagespeed.web.dev/report?url=https%3A%2F%2Fredlib.matthew.science%2F), [Reddit Report](https://pagespeed.web.dev/report?url=https://www.reddit.com)). | Performance metric | Redlib | Reddit | | ------------------- | -------- | --------- | | Speed Index | 0.6s | 1.9s | | Performance Score | 100% | 64% | | Time to Interactive | **2.8s** | **12.4s** | ## Privacy ### Reddit **Logging:** According to Reddit's [privacy policy](https://www.redditinc.com/policies/privacy-policy), they "may [automatically] log information" including: - IP address - User-agent string - Browser type - Operating system - Referral URLs - Device information (e.g., device IDs) - Device settings - Pages visited - Links clicked - The requested URL - Search terms **Location:** The same privacy policy goes on to describe that location data may be collected through the use of: - GPS (consensual) - Bluetooth (consensual) - Content associated with a location (consensual) - Your IP Address **Cookies:** Reddit's [cookie notice](https://www.redditinc.com/policies/cookies) documents the array of cookies used by Reddit including/regarding: - Authentication - Functionality - Analytics and Performance - Advertising - Third-Party Cookies - Third-Party Site ### Redlib #### Server - **Logging:** In production (when running the binary, hosting with docker, or using the official instances), Redlib logs nothing. When debugging (running from source without `--release`), Redlib logs post IDs fetched to aid with troubleshooting. - **Cookies:** Redlib uses optional cookies to store any configured settings in [the settings menu](https://safereddit.com//settings). These are not cross-site cookies and the cookies hold no personal data. *Settings and subscriptions are saved in browser cookies. Clearing your cookies will reset them. You can restore your current settings and subscriptions after clearing your cookies using the link given in the settings menu.* [TIP] 🔗 Want to automatically redirect Reddit links to Redlib? Use [LibRedirect](https://github.com/libredirect/libredirect) or [Privacy Redirect](https://github.com/SimonBrazell/privacy-redirect)! **Note: The above text presents an abridged and modified version of information found in the [developer's documentation](https://github.com/redlib-org/redlib?tab=readme-ov-file#table-of-contents). Some context has been removed or altered for brevity. For the full and unmodified documentation, please see the [original source](https://github.com/redlib-org/redlib).** ### Additional Information on Frontends from [Privacy Guides](https://www.privacyguides.org/en/frontends/) >Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. Frontends can allow you to get around these restrictions. >If you choose to self-host these frontends, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting, as other peoples' usage will be linked to your hosting. >When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance. They can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.

### Screenshots:         Breezy Weather is a free and open-source Android weather app, forked from Geometric Weather, adding new features, sources, modernizing code, fixing bugs, updating dependencies for security reasons, etc., while keep having a smooth user and developer experience in mind. ### [Features](https://github.com/breezy-weather/breezy-weather#features) - Weather data - Daily and hourly forecasts up to 16 days - Temperature - Air quality - Wind - UV index - Precipitation - Feels like temperature - Hourly forecasts - Humidity / Dew point - Pressure - Cloud cover - Visibility - Precipitation in the next hour - Air quality - Pollen & Mold - Ephemeris (Sun & Moon) - Severe weather and precipitation alerts - Real-time weather conditions - Temperature - Feels like - Wind - UV index - Humidity - Dew point - Atmospheric pressure - Visibility - Cloud cover - Ceiling - Multiple weather sources - Large selection of home screen widgets for at-a-glance information - Live wallpaper - Custom icon packs - Geometric Weather icon packs - Chronus Weather icon packs - Automatic dark mode - Looking for radar? Check out this document - Free and Open Source - No proprietary blobs/dependencies (versions 5.0.0-alpha and later) - Releases generated by GitHub actions, guaranteeing it matches the source code - Fully works with Open-Meteo (FOSS source) - Privacy-friendly - No personal data collected by the app (link to app privacy policy) - Multiple sources are available, with links to their privacy policies for transparency - Current location is optional and not added by default - If using current location, an IP location service can be used instead of GPS to send less accurate coordinates to weather source - No trackers/automatic crash reporters *Note: If the link isn’t working for you or if you can’t find the app, update the default F-Droid repository in your F-Droid client.*

HeliBoard keyboard is an improved fork of the now-unmaintained OpenBoard keyboard. It does not require internet permission, allowing it to be used 100% offline. ### Features - Add dictionaries for suggestions and spell check - Build your own, or access them here, or in the experimental section (quality may vary) - Additional dictionaries for emojis or scientific symbols can be used to provide suggestions (similar to "emoji search") - Note that for Korean layouts, suggestions only work using this dictionary; the tools in the dictionary repository cannot create working dictionaries - Customize keyboard themes (style, colors, and background image) - Can follow the system's day/night setting on Android 10+ (and on some versions of Android 9) - Can follow dynamic colors for Android 12+ - Customize keyboard layouts (only available when disabling system languages) - Multilingual typing - Glide typing (only with closed-source library ☹️) - Library not included in the app, as there is no compatible open-source library available - Can be extracted from GApps packages ("swypelibs"), or downloaded here - Clipboard history - One-handed mode - Split keyboard (only available if the screen is large enough) - Number pad - Backup and restore your learned word/history data ### Hidden Functionality Features that may go unnoticed, and further potentially useful information - Long-pressing the Clipboard Key (the optional one in the suggestion strip) pastes system clipboard contents. - Long-pressing keys in the suggestion strip toolbar pins them to the suggestion strip. - Long-press the Comma-key to access Clipboard View, Emoji View, One-handed Mode, Settings, or Switch Language: - Emoji View and Language Switch will disappear if you have the corresponding key enabled; - For some layouts, it's not the Comma-key, but the key at the same position (e.g. it's q for Dvorak layout). - When incognito mode is enabled, no words will be learned, and no emojis will be added to recents. - Sliding key input: Swipe from shift or symbol key to another key. This will enter a single uppercase key or symbol and return to the previous keyboard. - Hold shift or symbol key, press one or more keys, and then release shift or symbol key to return to the previous keyboard. - Long-press a suggestion in the suggestion strip to show more suggestions, and a delete button to remove this suggestion. - Swipe up from a suggestion to open more suggestions, and release on the suggestion to select it. - Long-press an entry in the clipboard history to pin it (keep it in clipboard until you unpin). - Swipe left in clipboard view to remove an entry (except when it's pinned) - Select text and press shift to switch between uppercase, lowercase, and capitalize words - You can add dictionaries by opening the file - This only works with content-uris and not with file-uris, meaning that it may not work with some file explorers. - Debug mode / debug APK - Long-press a suggestion in the suggestion strip twice to show the source dictionary. - When using debug APK, you can find Debug Settings within the Advanced Preferences, though the usefulness is limited except for dumping dictionaries into the log. - For a release APK, you need to tap the version in About several times, then you can find debug settings in Advanced Preferences. - When enabling Show suggestion infos, suggestions will have some tiny numbers on top showing some internal score and source dictionary. - In the event of an application crash, you will be prompted whether you want the crash logs when you open the Settings. - When using multilingual typing, the space bar will show a confidence value used for determining the currently used language. - For users doing manual backups with root access: Starting at Android 7, some files and the main shared preferences file are not in the default location because the app is using device-protected storage. This is necessary so the settings and layout files can be read before the device is unlocked, e.g., at boot. The files are usually located in /data/user_de/0/<package_id>/, though the location may depend on the device and Android version. ### Planned features and improvements: - Customizable functional key layout - Will likely result in having the same functional key layout for alphabet and symbols layouts - Support for alt, ctrl, meta and fn (#479) - Less complicated addition of new keyboard languages (e.g. #519) - Additional and customizable key swipe functionality - Some functionality will not be possible when using glide typing - Ability to enter all emojis independent of Android version (optional, #297) - (limited) support for customizing all internally used colors - Add and enable emoji dictionaries by default (if available for language) - Clearer / more intuitive arrangement of settings - Maybe hide some less used settings by default (similar to color customization) - Customizable currency keys - Customizable clipboard toolbar keys (#513, #403) - Ability to export/import (share) custom colors - Make use of the .com key in URL fields (currently only available for tablets) - With language-dependent TLDs - Internal cleanup (a lot of over-complicated and convoluted code) - (optionally?) move toolbar key pinning to a setting, so long press actions on unpinned toolbar keys are available - Bug fixes ### What will not be added: - Material 3 (not worth adding 1.5 MB to app size) - Dictionaries for more languages (you can still download them) - Anything that requires additional permissions

- Spain has moved to block Sam Altman’s cryptocurrency project Worldcoin, the latest blow to a venture that has raised controversy in multiple countries by collecting customers’ personal data using an eyeball-scanning “orb.” - Worldcoin has registered 4 million users, according to a person with knowledge of the matter. Investors poured roughly $250 million into the company, including venture capital groups Andreessen Horowitz and Khosla Ventures, internet entrepreneur Reid Hoffman and, prior to the collapse of his FTX empire, Sam Bankman-Fried. - “I want to send a message to young people. I understand that it can be very tempting to get €70 or €80 that sorts you out for the weekend,” España Martí said, but “giving away personal data in exchange for these derisory amounts of money is a short, medium and long-term risk.” - Sharing such biometric data, she said, opened people up to a variety of risks ranging from identity fraud to breaches of health privacy and discrimination.

>The EU Court ruled that “Backdoors may also be exploited by criminal networks and would seriously compromise the security of all users’ electronic communications. The Court takes note of the dangers of restricting encryption described by many experts in the field.” Any requirement to build in backdoors to encryption protocols for law enforcement agencies could also be taken advantage of by malicious actors. >The EU Court of Human Rights’ also builds on their acknowledgment that “mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials.” >As the EU Commision’s Chat Control Bill directly targets undermining secure end-to-end encryption, it now looks to be in trouble. In its current version, the Chat Control bill would require the scanning of content on your personal devices, including that which is sent via end-to-end encrypted messenger apps or encrypted email. At some point, providers would be required to either break this encryption to allow the scanning of content or scan content once it has been decrypted and is readable. >On February 13th, Europe received an early Valentine’s gift from the European Court of Human rights when they banned any laws that aims to weaken end-to-end encryption. This ruling is a major stumbling block for the EU Chat Control Bill, but does it really mean that Chat Control is dead? There are many reasons why Chat Control should never become law, we've collected the turn of events and steps you can take to help prevent this dangerous bill from ever being passed!

Announcement from the Proton team on [Reddit](https://www.reddit.com/r/ProtonDrive/comments/1avicc5/the_free_proton_drive_plan_is_getting_5x_the/) ([Libreddit link](https://farside.link/libreddit/r/ProtonDrive/comments/1avicc5/the_free_proton_drive_plan_is_getting_5x_the/)): >Today, we’re increasing file storage limits on the free plan. > >Instead of sharing 1 GB between files and email, you’ll now have: > > 5 GB for Proton Drive > > 1 GB for Proton Mail Additional context: For Proton Drive, you now start with 2 GB and for Proton Mail, you start with 500 MB. After signing up for the Free plan, you can unlock the maximum storage allowance on each service thus: You can boost your Proton Mail storage from 500 MB to 1 GB by completing four [account setup actions](https://proton.me/support/get-started-mail). You can boost your Proton Drive storage from the default 2 GB to 5 GB by completing three [tasks](https://proton.me/support/more-storage-proton-drive).

>Rafi Alam from CHOICE told The World Today: "When we looked at Toyota's privacy policy, we found that these Connected Services features will collect data such as fuel levels, odometer readings, vehicle location and driving data, as well as personal information like phone numbers and email addresses." >The program's policy document says Toyota collects data for various purposes if drivers don't opt out — including for safety, security, research, product development and data analysis — but the company may also share it with third parties such as finance and insurance companies, debt collection agencies and market research organisations. >In 2023, the [Mozilla Foundation reviewed](https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/) the privacy standards of 25 major car brands, including Toyota. All 25 received failing marks for consumer privacy. > >The report found brands such as BMW, Ford, Toyota, Tesla, Kia, and Subaru could "collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive", which they could potentially sell to third parties. > >Nissan was accused of being "the very worst offender", while Toyota was found to have "a near-incomprehensible galaxy of 12 privacy policy documents". >Can you trust them with everything about what you do in the car, what you say in the car, who's in the car, where it goes, your connections to every other online data service?

>Instagram and Facebook have addicted users for the last 20 years, making sure to monetize us through advertisers every step of the way. Now, they’re revisiting your old posts, your special moments, and your big life updates, and using it to create billion-dollar AI tools. Zuckerberg’s braggadocious claim about Meta’s very large dataset comes shortly after The New York Times sued OpenAI over intellectual property. But Meta is pulling an old trick out of its playbook: extracting as much value out of Instagram and Facebook users as humanly possible, and totally owning your online self.

cross-posted from: https://lemmy.world/post/11410775 > Here’s a condensed version of all 20 tips in one place. Click on any individual tip to learn more. > > *Note: Not all tips apply to everyone. Assess your [threat model](https://ssd.eff.org/module/your-security-plan) before implementing.* > > - [Use a privacy protector](https://mrkup.org/gj-toc-1) on your phone and computer screens to protect your activity from wandering eyes. > - [Download a privacy-protecting web browser](https://mrkup.org/gj-toc-2) that blocks not only ads, but cookies, trackers, and more. > - [Install software updates](https://mrkup.org/gj-toc-3) as soon as they’re available to stay secure and avoid being hacked. > - [Activate two-factor authentication](https://mrkup.org/gj-toc-4) across all of your accounts, ideally using authenticator apps or security keys. > - [Don’t share your current location](https://mrkup.org/gj-toc-5) on social media—at least, until after you’ve left it. > - [Use a password manager](https://mrkup.org/gj-toc-6) to ensure you have a secure, unique password for each of your accounts. > - [Upgrade your wireless router](https://mrkup.org/gj-toc-7) hardware, especially if yours is from before 2020. Your connection will be more secure thanks to new privacy standards. > - [Get a burner phone number](https://mrkup.org/gj-toc-8) in case you need an extra level of privacy when working, signing up for shopper rewards programs, or even using dating apps. > - [Review your social media privacy settings](https://mrkup.org/gj-toc-9) to stop your account from being shown to people you may not want seeing it. > - [Ditch Google Maps](https://mrkup.org/gj-toc-10) for an alternative. Even switching to Apple Maps can reduce how much of your data is sent to advertisers. > - [Browse the web in “private” or “incognito” mode](https://mrkup.org/gj-toc-11) to reduce the amount of cookies you’re tracked by and keep your accounts secure. Especially if you’re using a public computer. > - [Activate a little-known Screen Time setting](https://mrkup.org/gj-toc-12), if you’re an iPhone user, to decrease the chance of your data being taken if your phone gets lost or stolen. > - [Keep your kids' info off the internet](https://mrkup.org/gj-toc-13) if you’re a parent. That’s it. That’s the tip. > - [Keep your info off the internet](https://mrkup.org/gj-toc-14) by using services like DeleteMe, that remove your data from data brokers’ hands. > - [Don’t forget about real-world privacy](https://mrkup.org/gj-toc-15), like using cash and shredding your mail before you throw it away. > - [Try using a “virtual machine”](https://mrkup.org/gj-toc-16) the next time you want to open a potentially sketchy document or software. > - [Implement a written or numeric passcode](https://mrkup.org/gj-toc-17), rather than using FaceID or other face recognition technology, to unlock your phone. > - [Lie about your birthday!](https://mrkup.org/gj-toc-18) To retailers in particular. They don’t need to know. > - [Fake your answers to account security questions](https://mrkup.org/gj-toc-19) to keep hackers from finding and using your real info. This can also stop some pretty personal data from getting exposed in a potential breach. > - [Say goodbye to Gmail, Hotmail, and the like](https://mrkup.org/gj-toc-20) by switching to a more private email provider. > > Actions like these—however small they may feel—do make a difference. By implementing just a few of these privacy tips, your accounts could be safer and less of your data could end up with advertisers. > > If thinking about protecting your privacy online makes you feel anxious, overwhelmed, or resigned, you aren’t alone. > > Nearly 70 percent of Americans felt overwhelmed solely by the number of passwords they have to track, according to a 2023 [Pew Research Center survey](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/). Just over 60 percent aren’t sure that any steps they take when managing their privacy online make a difference, the same survey found. > > That’s why, this January, The Markup published one practical privacy tip a day that Markup staffers or readers actually use in their own lives. > > We called it “[Gentle January](https://themarkup.org/series/gentle-january)” because the tips are a mix of calming (did you know you can stop tracking all those passwords yourself?), whimsical (yes yes, we do teach you to fake some things), or downright practical (turns out, you should install those software updates). > > *The above excerpts are taken from [this](https://themarkup.org/gentle-january/2024/01/31/overwhelmed-by-digital-privacy-reset-with-these-practical-tips) article by The Markup.* > > *Please note that not all of the software suggestions provided in the article are necessarily the best options from a privacy standpoint. For example, the article mentions using Google Authenticator for two-factor authentication (2FA) instead of Aegis or Ente Auth. If you're looking for privacy tools, you may find the following resources helpful:* > > [Privacy Guides](https://www.privacyguides.org/en/tools/) > > [Avoid the Hack](https://avoidthehack.com/tools)

cross-posted from: https://lemmy.world/post/11253225 > [Fossify Contacts](https://f-droid.org/en/packages/org.fossify.contacts/) (fork of Simple Contacts) and [Fossify SMS Messenger](https://f-droid.org/en/packages/org.fossify.messages/) (fork of Simple SMS Messenger) have been released on F-Droid. > > Other Fossify apps available for download on F-Droid: > > - [Fossify Gallery](https://f-droid.org/en/packages/org.fossify.gallery/) (fork of Simple Gallery) > > - [Fossify File Manager](https://f-droid.org/en/packages/org.fossify.filemanager/) (fork of Simple File Manager) > > - [Fossify Phone](https://f-droid.org/en/packages/org.fossify.phone/) (fork of Simple Dialer) > > - [Fossify Calendar](https://f-droid.org/en/packages/org.fossify.calendar/) (fork of Simple Calendar) > > (ICYMI, [Simple Mobile Tools suite was acquired by an adware company](https://alternativeto.net/news/2023/12/simple-mobile-tools-bought-by-zipoapps-sparks-controversy-over-future-of-open-source-apps/) and their apps on the Google Play Store now contain trackers and unnecessary permissions. This [report from Exodus](https://reports.exodus-privacy.eu.org/en/reports/com.simplemobiletools.gallery/latest/) shows that the old version of Simple Gallery had 0 trackers and 10 permissions, whereas the app, after sale, contains 9 trackers and 21 permissions!) > > [About Fossify](https://github.com/FossifyOrg): Fossify is all about community-backed, open-source, and ad-free mobile apps. A fork of the SimpleMobileTools, which is no longer maintained, and we’re here to continue the legacy, bringing simple and private tech to everyone. >

cross-posted from: https://lemmy.world/post/11219865 > TL;DR version: > > Several popular iOS apps, including Facebook, LinkedIn, TikTok, and Twitter, have been found to be collecting user data through notifications, even when the app is closed, according to tests conducted by security researchers at Mysk Inc. The data collected includes IP addresses, device information, and other identifiable details, which can be used for targeted advertising and tracking purposes. While some of the companies involved have denied the allegations, the researchers claim that the data collection is unnecessary for notification processing and appears to be related to analytics and tracking. The issue is believed to be widespread among iOS apps, and Apple's lack of enforcement of its own privacy rules has been criticized. Upcoming changes to the iPhone operating system's rules may help address the problem, but it remains to be seen how effectively they will be enforced. > > Mitigating the issue: > > - According to a reply from the researchers under their [video](https://piped.video/watch?v=4ZPTjGG9t7s): > > >Disabling the notifications prevents this from happening, but you have to toggle the option "Allow Notifications" of the app off. Allowing the notifications while disabling the alerts isn't enough. > > - Another [article](https://www.bleepingcomputer.com/news/security/iphone-apps-abuse-ios-push-notifications-to-collect-user-data/) from BleepingComputer similarly notes that: > > >iPhone users who want to evade this fingerprinting should disable push notifications entirely. Unfortunately, making notifications silent will not prevent abuse. > To disable notifications, open 'Settings,' head to 'Notifications,' select the app you want to manage notifications for and tap the toggle to disable 'Allow Notifications.' Link to the researchers’ original post on Mastodon: https://mastodon.social/@mysk/111816751385137545

cross-posted from: https://lemmy.world/post/11117839 > [Fossify Phone](https://f-droid.org/en/packages/org.fossify.phone/) (fork of Simple Dialer) has been released on F-Droid. > > [Fossify Gallery](https://f-droid.org/en/packages/org.fossify.gallery/) (fork of Simple Gallery), [Fossify File Manager](https://f-droid.org/en/packages/org.fossify.filemanager/) (fork of Simple File Manager) and [Fossify Calendar](https://f-droid.org/en/packages/org.fossify.calendar/) (fork of Simple Calendar) are also available for download on F-Droid, with more to come. > > (ICYMI: Simple Mobile Tools suite [was acquired by an adware company](https://alternativeto.net/news/2023/12/simple-mobile-tools-bought-by-zipoapps-sparks-controversy-over-future-of-open-source-apps/) and their apps on the Google Play Store now contain trackers and unnecessary permissions. This [report](https://reports.exodus-privacy.eu.org/en/reports/com.simplemobiletools.gallery/latest/) from Exodus shows that the old version of Simple Gallery had 0 trackers and 10 permissions, whereas the app, after sale, contains 9 trackers and 21 permissions!) > > [About Fossify](https://github.com/FossifyOrg): Fossify is all about community-backed, open-source, and ad-free mobile apps. A fork of the SimpleMobileTools, which is no longer maintained, and we’re here to continue the legacy, bringing simple and private tech to everyone. >

Excerpts from the [article](https://spectrum.ieee.org/end-to-end-encryption-messenger) and another [article](https://www.eff.org/deeplinks/2023/12/meta-announces-end-end-encryption-default-messenger) by the Electronic Frontier Foundation (EFF) : While Meta won’t collect messages themselves, there is nothing stopping them from collecting metadata on those very messages. By design, Meta has access to a lot of unencrypted metadata, such as who sends messages to whom, when those messages were sent, and data about you, your account, and your social contacts. None of that will change with the introduction of default encryption. Meta has a reputation for [collecting its users’ data](https://www.wired.com/story/ways-facebook-tracks-you-limit-it/): a key part of its lucrative advertising business. In fact, last year, the company [earned](https://www.theverge.com/2023/5/22/23732461/meta-eu-privacy-fine-us-data-transfers-1-3-billion) a US $1.3 billion fine from European Union regulators for transferring EU citizens’ Facebook data to the United States. Meta’s documentation [indicates](https://messengernews.fb.com/wp-content/uploads/2021/12/Metas-approach-to-safer-private-messaging-on-Messenger-and-Instagram-DMs-Sep-23.pdf) the company will continue to process messages’ metadata: what time a message was sent, for example, and who sent it to whom. The company says it will use metadata to help identify bad actors. Privacy advocates see this use case as evidence metadata can make a double-edged sword. “*This also demonstrates how much can be inferred from behaviors and metadata without needing access to the actual contents of messages themselves*,” says Geraghty. “So we have to ask: What could Meta be using this data for additionally? It’s likely this metadata will be used to continuously enrich user profiles for targeted advertising purposes.”

cross-posted from: https://lemmy.world/post/10958052 >Vanguard, the controversial anti-cheat software initially attached to Valorant, is now also coming to League of Legends. > > Summary: > > The article discusses Riot Games' requirement for players to install their Vanguard anti-cheat software, which runs at the kernel level, in order to play their games such as League of Legends and Valorant. The software aims to combat cheating by scanning for known vulnerabilities and blocking them, as well as monitoring for suspicious activity while the game is being played. However, the use of kernel-level software raises concerns about privacy and security, as it grants the company complete access to users' devices. > > The article highlights that Riot Games is owned by Tencent, a Chinese tech giant that has been involved in censorship and surveillance activities in China. This raises concerns that Vanguard could potentially be used for similar purposes, such as monitoring players' activity and restricting free speech in-game. > > Ultimately, the decision to install Vanguard rests with players, but the article urges caution and encourages players to consider the potential risks and implications before doing so.

About Platform Tilt: This [dashboard](https://mozilla.github.io/platform-tilt/) tracks technical issues in major software platforms which disadvantage Firefox relative to the first-party browser. We consider aspects like security, stability, performance, and functionality, and propose changes to create a more level playing field. Further discussion on the live issues can be found in our [platform-tilt issue tracker. ](https://github.com/mozilla/platform-tilt/) Mozilla's blog [post](https://blog.mozilla.org/netpolicy/2024/01/19/platform-tilt/): Browsers are the principal gateway connecting people to the open Internet, acting as their agent and shaping their experience. The central role of browsers has long motivated us to build and improve Firefox in order to offer people an independent choice. However, this centrality also creates a strong incentive for dominant players to control the browser that people use. The right way to win users is to build a better product, but shortcuts can be irresistible — and there’s a long history of companies leveraging their control of devices and operating systems to tilt the playing field in favor of their own browser. *This tilt manifests in a variety of ways. For example: making it harder for a user to download and use a different browser, ignoring or resetting a user’s default browser preference, restricting capabilities to the first-party browser, or requiring the use of the first-party browser engine for third-party browsers.* For years, Mozilla has engaged in dialog with platform vendors in an effort to address these issues. With renewed public attention and an evolving regulatory environment, we think it’s time to publish these concerns using the same transparent process and tools we use to develop positions on emerging technical standards. So today we’re publishing a new issue tracker where we intend to document the ways in which platforms put Firefox at a disadvantage and engage with the vendors of those platforms to resolve them. This tracker captures the issues we experience developing Firefox, but we believe in an even playing field for everyone, not just us. We encourage other browser vendors to publish their concerns in a similar fashion, and welcome the engagement and contributions of other non-browser groups interested in these issues. We’re particularly appreciative of the efforts of Open Web Advocacy in articulating the case for a level playing field and for documenting self-preferencing. People deserve choice, and choice requires the existence of viable alternatives. Alternatives and competition are good for everyone, but they can only flourish if the playing field is fair. It’s not today, but it’s also not hard to fix if the platform vendors wish to do so. We call on Apple, Google, and Microsoft to engage with us in this new forum to speedily resolve these concerns.

cross-posted from: https://lemmy.world/post/10921294 > Quote from the article: > > >People are aware of selfie cameras on laptops and tablets and sometimes use physical blockers to cover them,” says Liu. “But for the ambient light sensor, people don’t even know that an app is using that data at all. And this sensor is always on. Liu notes that there are still no blanket restrictions for Android apps. > > Remark added by me: > > Here, it might interest readers to know that unlike Stock Android, GrapheneOS (GrapheneOS is an Android-based, open source, privacy and security-focused mobile operating system for selected Google Pixel smartphones) provides a sensors permission toggle for each app. According to their [website](https://grapheneos.org/features#network-permission-toggle): > > Sensors permission toggle: disallow access to all other sensors not covered by existing Android permissions (Camera, Microphone, Body Sensors, Activity Recognition) including an accelerometer, gyroscope, compass, barometer, thermometer and any other sensors present on a given device. When access is disabled, apps receive zeroed data when they check for sensor values and don't receive events. GrapheneOS creates an easy to disable notification when apps try to access sensors blocked by the permission being denied. This makes the feature more usable since users can tell if the app is trying to access this functionality. > > To avoid breaking compatibility with Android apps, the added permission is enabled by default. When an app attempts to access sensors and receives zeroed data due to being denied, GrapheneOS creates a notification which can be easily disabled. The Sensors permission can be set to be disabled by default for user installed apps in Settings ➔ Privacy. > > In conclusion, allow me to emphasize another quote from the article: > > >“The acquisition time in minutes is too cumbersome to launch simple and general privacy attacks on a mass scale,” says Lukasz Olejnik, an independent security researcher and consultant who has previously highlighted the [security risks posed by ambient light sensors](https://blog.lukaszolejnik.com/shedding-light-on-designing-web-features-with-privacy-risks-impact-assessments-case-study/). “However, I would not rule out the significance of targeted collections for tailored operations against chosen targets.” Liu agrees that the approach is too complicated for widespread attacks. And one saving grace is that it is unlikely to ever work on a smartphone, as the displays are simply too small. But Liu says their results demonstrate how seemingly harmless combinations of components in mobile devices can lead to surprising security risks.

The article lists settings to change on Android 14 and iOS 17. According to the author: Recommended setting changes reduce the amount of data submitted to device manufacturers, cell carriers, or app developers and improve device security against common threats, such as those posed by nosy people who find the device unattended or by common malware. By enabling all of these settings, you are significantly reducing the amount of tracking and data collection these devices perform, but keep in mind that you are not completely eliminating it.

[Fossify Gallery](https://f-droid.org/en/packages/org.fossify.gallery/) (fork of Simple Gallery), [Fossify File Manager ](https://f-droid.org/en/packages/org.fossify.filemanager/)(fork of Simple File Manager) and [Fossify Calendar](https://f-droid.org/en/packages/org.fossify.calendar/) (fork of Simple Calendar) are now available for download on F-Droid. (Simple Mobile Tools suite [was acquired by an Israeli adware company](https://alternativeto.net/news/2023/12/simple-mobile-tools-bought-by-zipoapps-sparks-controversy-over-future-of-open-source-apps/)) About [Fossify](https://github.com/FossifyOrg): Fossify is all about community-backed, open-source, and ad-free mobile apps. A fork of the SimpleMobileTools, which is no longer maintained, and we're here to continue the legacy, bringing simple and private tech to everyone.