Remember #Patreon set up new on-by-default sharing of your account information with every other Patreon user (and maybe the world)? Remember people posting how to turn it off, because they were using confusing language/dark patterns to try to #trick you into oversharing?
I got the "welcome to the new Patreon" today, and ... they've turned the "Community Profile" setting back on after I deliberately turned it off.
It's fucking insane how addicted corporations have become to #tracking everything you do, everything you look at, everything you type, everything you think about.
They've gotten so brazen about it. Shit like this - the #Microsoft#Edge browser routing every image through some "AI enhancer" that also tracks what you're viewing - is now a default setting. I suppose at least people who use Edge can opt out, for now, if they know to.
#Firefox just announced a new #privacy feature: Encrypted Client Hello (ECH). In short, it encrypts the very first message the browser sends out to initiate an encrypted communication tunnel (TLS channel) with a website.
"ECH uses a public key fetched over the Domain Name System (DNS) to encrypt the first message between a browser and a website, protecting the name of the visited website from prying eyes and dramatically improving user privacy."
Cameras can be identified by location and type, the area being observed can be disclosed.
Surveillance under Surveillance/https://sunders.uber.space is an OpenStreetMap instance focused on surveillance cameras, it uses data that is not visualized on the OpenStreetMap.org instance.
Random Website: You need to set up #2FA with your phone number!
Me: Why?
Website: In case we get hacked!
Me: I don't really care, no one even knows about this account and it doesn't have my personal information.
Website: You misunderstand, it's so that in case we get hacked, we HAVE your information to leak to the hackers. They worked hard and deserve it! Also we sell your account to ad companies but they're not interested unless they can tie it to a real person.
Walmart reports their customers on ozempic buy less food and Junk food stocks get hit. Nobodys asking why it's ok a grocery store knows what drugs their customers are on. #privacy
Please I implore you,
do not require candidates create an account to apply for an open position.
Candidates often apply to hundreds of places before finding a right fit. Can you imagine having to create a hundred accounts that you will never use after just for that? This is a real data privacy nightmare for them, and for you too!
Many people seem still unaware of just how bad Chrome Sync is for your privacy. By default, Chrome will sync all your data – including e.g. your passwords, bookmarks, browsing history and open tabs. And by default, Chrome will not encrypt any of this data. All of it will be accessible by Google, by anyone who subpoenas Google to turn up your data and whoever else managed to get access to these servers.
If you want this data encrypted before it is first uploaded, you need to click “Settings” instead of confirming sync, then expand “Encryption options” and set up a sync passphrase. The default option “Encrypt synced passwords with your Google Account” is essentially a disguised “We can access all your data but we promise not to look. Don’t you trust us?”
The only positive aspect here: Chrome Sync used to be a lot worse. It used to enable automatically when you signed into Chrome. It used to encrypt only passwords and none of the other data even if you set up a passphrase. It used to warn you when setting a passphrase because Google’s web services would no longer be able to access your passwords. It used to upload data without encryption first, only allowing to enable encryption after the fact. And its encryption used to be horribly broken. I wrote about that five years ago: https://palant.info/2018/03/13/can-chrome-sync-or-firefox-sync-be-trusted-with-sensitive-data/#chrome-sync
But even now, Chrome Sync requires you to take action in order to get privacy. Because Google knows that you won’t. Compare that to Firefox Sync which has always been encrypting all data by default. I criticized the implementation here as well, but that was really a minor issue compared to the mess which is Chrome Sync.
Edit: Removed link to a post claiming that Google is censoring synced bookmarks. This claim appears to be incorrect, the message there referring to a different Google service.
This US bill could push mandatory age-verification on all major platforms (meaning you would have to give your ID to someone likely to abuse or not protect very well your sensitive data).
Imagine how more horrible and more unsafe that could make the internet.
Imagine how much worse that would be for any marginalized groups.
Imagine how much that could endanger vulnerable people.
Imagine how destructive that would be for anyone’s #privacy.
The attack on encryption in Europe is very real. We obtained a leaked document from the EU showing Spanish officials want to ban end-to-end encryption.
Beyond this, the document shows the views of 20 countries on encryption, and how it relates to a controversial proposed law that would allow companies to scan people's chats to hunt for child sexual abuse material.
The majority said they are in favour of some form of scanning of encrypted messages.
The document also reveals that a lot of countries don't appear to know how end-to-end encryption works, with many proposals being technically infeasible.
No ad-blocker needed.
Zero ads.
My data stays on my server.
Interactions are genuine, driven by people's desire, not an algorithm pushing for conflict to boost engagement (and ad sales).
Nobody's here just because it's trendy. If you're here, you want to be here.
The best social media experience I've had in years.
Thank you to all of you, among these 15 million accounts, who have helped make this a wonderful place to be.
Disappointed to see The Markup share advice for people to use WhatsApp in its post about preparing your phone for a protest, and that it's coming from "digital security trainers."
Metadata literally kills, and WhatsApp is swimming in it. The metadata they collect includes:
Groups you're a member of, location, personal info (email, phone number, user IDs), contacts and their phone numbers, in-app search history, when you use the app & how often you use it. E2EE alone doesn't guarantee #privacy
#YlvaJohansson's department specifically targeted people in member states that had been critical of her proposal but excluded people who are likely to value #privacy.
In what can only be seen as Alphabet's blatant refusal to obey EU law, it was announced over the weekend that they would introduce Bard to Android Messages App and intercept all messages (past and future) for the purpose of training it - in breach of EU's rules on interception of communications under Article 5(1) of Directive 2002/58/EC.
To make it worse Alphabet know this is illegal after they were caught intercepting WiFi communications in 2010 with their Streetview cars.
"De-anonymising data is surprisingly easy: if you know Tony Blair’s date of birth (a matter of public record) and the two dates during his term in office in which he was treated for a heart condition (ditto), you can pick him out of any “anonymised” pool of NHS data in seconds, and then discover all those facts about his health that aren’t a matter of public record... Dr Ben Goldacre and his team at Oxford created OpenSAFELY, a “Trusted Research Environment” that allows researchers to write programs that analyse NHS data in situ. These programs would be dispatched to run against the data held by NHS trusts, and then the system would return the results to the researchers without ever letting them handle the data – which never left the trusts’ own servers." https://goodlawproject.org/cory-doctorow-health-data-it-isnt-just-palantir-or-bust/ #dataProtection#research#NHS#privacy
PS #Palantir, ... is literally named after an evil, all-seeing magic talisman employed by the principal villain of Lord of the Rings (“Sauron, are we the baddies?”)