privacy

cross-posted from: https://lemmy.sdf.org/post/36106116

Archived

[...]

According to the measures, introduced by the Ministry of Public Security (MPS), each internet user in China will be issued with a unique “web number,” or wanghao (网号), that is linked to their personal information. While these IDs are, according to the MPS notice, to be issued on a strictly voluntary basis through public service platforms, the government appears to have been working on this system for quite some time — and state media are strongly promoting it as a means of guaranteeing personal “information security” (信息安全). With big plans afoot for how these IDs will be deployed, one obvious question is whether these measures will remain voluntary.

[...]

The measures bring China one step closer to centralized control over how Chinese citizens access the internet. The Cybersecurity Law of 2017 merely stipulated that when registering an account on, say, social media, netizens must register their “personal information” (个人信息), also called “identifying information” (身份信息). That led to uneven interpretations by private companies of what information was required. Whereas some sites merely ask for your name and phone number, others also ask for your ID number — while still others, like Huawei’s cloud software, want your facial biometrics on top of it.

[...]

Beyond the key question of personal data security, there is the risk that the cyber ID system could work as an internet kill switch on each and every citizen. It might grant the central government the power to bar citizens from accessing the internet, simply by blocking their cyber ID. “The real purpose is to control people’s behavior on the Internet,” Lao Dongyan cautioned last year.

[...]

Take a closer look at state media coverage of the evolving cyber ID system and the expansion of its application seems a foregone conclusion — even extending to the offline world. Coverage by CCTV reported last month that it would make ID verification easier in many contexts. “In the future, it can be used in all the places where you need to show your ID card,” a professor at Tsinghua’s AI Institute said of the cyber ID. Imagine using your cyber ID in the future to board the train or access the expressway.

[...]

While Chinese state media emphasize the increased ease and security cyber IDs will bring, the underlying reality is more troubling. Chinese citizens may soon find themselves dependent on government-issued digital credentials for even the most basic freedoms — online and off.

cross-posted from: https://lemmy.sdf.org/post/35993881

[...]

Under draft legislation that the State Duma approvedat first reading on May 22, 2025, a bill will require banks and merchants to facilitate digital ruble transactions and a universal QR payment code for purchases. Beginning October 1, 2025, the digital ruble will be used for a limited range of federal budget expenditures, transitioning on January 1, 2026, to full, unrestricted use for all federal outlays.

[...]

Kremlin financiers will track every digital ruble transaction in real time, granting authorities the power to block citizens’ accounts without a court order and automatically deduct taxes, fines, and other charges. Social benefits payable in digital rubles will be usable only for government‐approved categories of goods and services, and spending may be restrictedbased on a citizen’s place of residence or product type.

[...]

Critics—from human rights groups to economic analysts—argue the digital ruble will entrench state surveillance. According to The Cryptonomist, Russia’s CBDC may replicate China’s model of monitoring every transaction, but with even tighter Kremlin oversight. Ukrainian intelligence observers highlight the risk of a “behavioral loyalty” system, where digital currency access depends on citizens’ political and social “reliability.”

Previously, it was reported that Latvia’s Defense Intelligence and Security Service released a 48-page public handbook designed to help civilians identify and report suspected Russian operatives. The guide details indicators such as ragged appearance and suspicious behavior, offers safe reporting practices, and includes case studies illustrating espionage tactics in both urban and rural settings.

[...]

cross-posted from: https://lemmy.sdf.org/post/35972832

Native Android apps – including Facebook, Instagram, and several Yandex apps such as Maps, Navi, Browser, and Search – silently listen on fixed local ports on mobile devices to de-anonymize users’ browsing habits without consent, says a report published by a team of researchers from Spain-based IMDEA Networks Internet Analytics Group, and Dutch Radboud University.

Here is the technical report: https://localmess.github.io/

By embedding tracking code into millions of websites, Meta’s Pixel and Yandex Metrica have been able to map Android users’ browsing habits with their persistent identities (that is to say, with the account holder logged in). This method bypasses privacy protections offered by Android’s permission controls and even browsers’ Incognito Mode, affecting all major Android browsers. The international research team has disclosed the issue to several browser vendors, who are actively working on mitigations to limit this type of abuse. For instance, Chrome’s mitigation is scheduled to go into effect very soon.

These tracking companies have been doing this bypass for a long time: since 2017 in the case of Yandex, and Meta since September 2024. The number of people affected by this abuse is high, given that Meta Pixel and Yandex Metrica are estimated to be installed on 5.8 million and 3 million sites, respectively. It is also worth noting that evidence of this tracking practice has been observed only on Android.

[...]

It's infuriating to create a "strong password" with letters, numbers, upper and lowercase, symbols, and non-repeating text... but it has to be only 8 to 16 characters long.

That's not a "strong" password, random characters or not.

Is there a limitation that somehow prevents these sites from allowing more than 16 characters?

I'm talking government websites, not just forums. It seems crazy to me.

Since laser printers all encode metadata into the printed image, and handwriting is unique to the writer, I was wondering if a typewriter would provide a more anonymous form of paper communication.

I expect it would be possible to determine the model of typewriter, but would it be possible to tell if two samples were made on the very same machine? Are electric typewriters better or worse than manual? (assuming the same operator) What about Selectric or Wheelwriter – would frequently swapping out the typing element help?

cross-posted from: https://lemm.ee/post/64675314

Looks like this got deleted from the original community where I posted it, so re-posting what I can remember here.

This screenshot is from a post I made on my city's subreddit.

Monday the Washington Post revealed my city was using a first of its kind mass surveillance and facial recognition software that allows police to track individuals added to a watchlist via cameras installed around the city.

The ACLU is saying it is "the stuff of authoritarian surveillance states, and has no place in American policing.”

“Until now, no American police department has been willing to risk the massive public blowback from using such a brazen face recognition surveillance system,” said Nathan Freed Wessler, deputy director of ACLU’s Speech, Privacy, and Technology Project. “By adopting this system–in secret, without safeguards, and at tremendous threat to our privacy and security–the City of New Orleans has crossed a thick red line.

The NOPD has stopped using it since WaPo began investigating because it violated a city ordinance, but federal agents (ICE) and state police are still using the real time tracking app.

I realized after reading an Axios article about it on Wednesday that the ordinance was created after the mayor, suddenly asked the city to lift a blanket ban on the technology and other controversial predictive policing policies.

The city's mayor has been facing federal charges regarding a scandal for several years and is currently just running out the clock on her last term as mayor. She has also been accused of other corruption such as accepting gifts as bribes in the past

The ban on predictive policing policies was originally created following the end of a secret partnership between Palantir and the city of New Orleans from ~2012-2018.

Months after the city first abandoned it's contract with Palantir, Mayor Cantrell seemed to be looking for loopholes that would allow her to continue using controversial predictive policing

I have tried to avoid pile-on critique of the mayor, and I actually voted her the first time she ran. However, one of the most common questions people in my city ask, is "how has she not been arrested?" I want to stress this is my own speculation, but given the details that are emerging now, I do wonder if these charges may have been related to why she so willingly turned over the city's privacy to the federal government in 2022?

The proposed ordinance, if passed, would largely reverse the council’s blanket bans on the use facial recognition and characteristic tracking software, which is similar to facial recognition but for identifying race, gender, outfits, vehicles, walking gait and other attributes. One provision also appears to walk back the city’s ban on predictive policing and cell-site simulators — which intercept and spy on cell phone calls — to locate people suspected of certain serious crimes.

That provision could, for the first time, give the city explicit permission to use a whole host of surveillance technology in certain circumstances, including voice recognition, x-ray vans, “through the wall radar,” social media monitoring software, “tools used to gain unauthorized access to a computer,” and more.

Lastly the proposal would allow the city to use “social media or communications software or applications for the purpose of communicating with the public, provided such use does not include the affirmative use of any face surveillance.” The Lens asked Tidwell and Green why this was included and what it was meant to allow, but neither responded.

While she may not have realized it at the time, the removal of the ban, along with her oddly warm welcome of the Governor's own state police force, Troop Nola, has placed the entire city in danger as the 2025 Trump administration continues to remove protection for civil rights and liberties as well as oversight for potential abuse of NSA surveillance

Louisiana State Police (LSP) Troop Nola, are now permanently established in the city and cannot be regulated by city policy and regulations. This means that they can also not be regulated by the same city ordinance that compelled the NOPD to pause their use of the controversial surveillance and real time tracking notifications.

As of yesterday, the Justice Department decided to stop investigating civil rights accusations previously made against LSP, while Louisiana Gov. Jeff Landry and his long time friend Attorney General Liz Murrill, were reported to have celebrated the decision.

TL;DR: If you want to customize Firefox using Enterprise Polices, you can create customized policies via the handy Enterprise Policy Generator. You can also browse a collection of policies I created, available for download.

“A republic, if you can keep it.”

OC by @[email protected]

This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.

Transcription (for the visually impaired)

(I tried my best)

The background is an iceberg with 6 levels, denoting 6 different levels of privacy.

The tip of the iceberg is titled "The Brainwashed" with a quote beside it that says "I have nothing to hide". The logos depicted in this section are:

• Instagram
• Apple
• TikTok
• PayPal
• Google Chrome
• CashApp
• WhatsApp
• Samsung
• Steam
• Microsoft Windows
• Ring (Security Camera)
• YouTube
• Amazon
• Discord
• Gmail
• ChatGPT

The surface section of the iceberg is titled "As seen on TV" with a quote beside it that says "This video is sponsored by...". The logos depicted in this section are:

• NordVPN
• Bitdefender
• Incogni
• Malwarebytes
• Opera GX
• ExpressVPN

An underwater section of the iceberg is titled "The Beginner" with a quote beside it that says "I don't like hackers and spying". The logos depicted in this section are:

• Telegram
• Authy
• Brave Browser
• Privacy.com (Virtual Cards)
• DuckDuckGo
• iMessage
• Proton Mail
• AdBlock (Browser Extension)

A lower section of the iceberg is titled "The Privacy Enthusiast" with a quote beside it that says "I have nothing I want to show". The logos depicted in this section are:

• Signal (Messenger)
• Tuta
• addy.io
• Linux
• Bitwarden
• uBlock Origin
• Tor and Tor Browser
• ProtonVPN

An even lower section of the iceberg is titled "The Privacy Activist" with a quote beside it that says "Privacy is a human right". The logos depicted in this section are:

• Monero
• GrapheneOS
• Vanadium (Web Browser)
• KeePassDX
• SimpleX Chat
• Accrescent
• SearXNG
• Aegis Authenticator
• OpenWrt
• Mullvad VPN
• An illustration of physical cash

The lowest portion of the iceberg is titled "The Ghost". There is a quote beside it that has been intentionally redacted. The images depicted in this section are:

• A cancel sign over a mobile phone, symbolizing "no electronics"
• An illustration of a log cabin, symbolizing "living in a log cabin in the woods"
• A picture of gold bars, symbolizing "paying only in gold"
• A picture of a death certificate, symbolizing "faking your own death"
• An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing "hiding ones identity in public"

End of transcription.

• In December, an investigation by Tom's Hardware found that Recall frequently captured sensitive information in its screenshots, including credit card numbers and Social Security numbers — even though its "filter sensitive information" setting was supposed to prevent that from happening.

glitr.io

im working on a p2p file transfer app. at the moment its a close-source webapp, but i hope to work towards some selfhosted options as seen on my other projects.

the storage is local-only from your browser/device. so like "the cloud", but the cloud storage capacity is made up of your devices.

ive recently updated the landing page and i hope ive got it as simple as possible to transfer a file from one device to another.

im looking for feedback on the experience.

(Note 1: its still a work in progress. if there is an issue, you can usually refresh the browser and try again)

(Note 2: it seems important to mention: this app is not libre software. This needs more consideration to see if I can align to this. For similar open-source projects, take a look at the docs.)