privacy

One of the most pervasive ways of being tracked online is also the most invisible. VPNs, browsers, extensions, and more all promise to protect you, but can they really?

Invidious link: https://invidious.nerdvpn.de/watch?v=tMCcpV2c4K4

For instance, People I know that are using Eventbrite for private event registration. To sign up for the event with or without an account, you have to write and confirm your email in the boxes, I did some looking up to see if hosts can see the email. I didn't find any answers so I made a Reddit post asking, and got a reply saying "No, they can't. Eventbrite deletes them as soon as you submit the form." I wanted to be sure so I created a private test event and registered for it in a private window. I then went to my event dashboard and clicked on the ticket # where I can in fact view it (the email shown is made up).

I only asked Perplexity after trying to find out myself. It did in fact find the answer (link #8: View your Attendee Summary report): "Review attendee purchase details like email address ..." I've found LLMs and search tools like Perplexity to be unreliable for answering questions like this for websites, as well as software. Which means I may not turn to them in cases where they actually would help. It's too bad they hallucinate a lot too.

cross-posted from: https://lemmy.world/post/22790935

cross-posted from: https://lemm.ee/post/48995777

cross-posted from: https://lemmy.world/post/22758570

Archived, if you prefer that: https://ghostarchive.org/archive/Bif16

I’ve been using DuckDuckGo for years now but am becoming increasingly interested in Ecosia and Ekoru for their environmentalist efforts. I’ve read the privacy policies for both, and it seems they both share user data with Bing. However, if I use a VPN, set my user data to something generic like Chrome on Windows, and whitelist the search engine on my adblocker, I should be able to support them by viewing ads without being tracked by Microsoft. Is that worth it, or do you have another recommendation?

cross-posted from: https://lemmy.zip/post/25327109

Le Monde reports that confidential movements of powerful leaders like Joe Biden, Donald Trump and Kamala Harris could be tracked through a fitness app used by their bodyguards.

Archived version: https://archive.ph/Xopbm

SpinScore: https://spinscore.io/?url=https%3A%2F%2Fapnews.com%2Farticle%2Fbiden-trump-macron-bodyguards-security-strava-0a48afca09c7aa74d703e72833dcaf72

Samsung has gone hard promoting AI in their phones, and now OnePlus has also announced some heavy AI-based features in their new Android OS. Pretty much every other brand is now doing the same, so you can't escape it.

I've been in the market to upgrade my nearly 6-year-old phone, but seeing all these AI features, especially when they rely on Google's Gemini (or other cloud AI), and it feels deflating.

Will privacy ultimately have to be sacrificed "from now on"?

By not using these AI features, you pay a lot for features you won't be using. And the usefulness of the device becomes limited as nearly all functions now have AI-based components to them.

I'm totally fine with on-device AI, but many features I'm seeing don't seem to be on-device, and I've spent years trying to stop sending my data to companies like Google. I don't want to go backwards for the sake of market trends.

What are your future plans when it comes to smartphones?

Earlier today I came across a Reddit comment with a link to an Instagram post. The link had ?igsh= at the end.

When I clicked on the link, I got this popup. It had a name and profile photo that was different from that of the post being shared.

Join Firstname Lastname on Instagram

See photos, videos, and more from Firstname Lastname.

[ Open Instagram ]

not now

I avoid link trackers. However, I did not realize it was this bad.

To my knowledge, TikTok does the same thing and lists the name of the person that shared the link. Assuming this increases engagement, any website could enable such a feature, even on old links that you shared in the past.

You should manually remove any trackers before sharing, or use an app for it.

Technically, I have some online activity I could try to refer to for work purposes, but it would mean sharing content tied to usernames/profiles I think of more as casual and personal. I could delete those profiles and move the relevant work to usernames/profiles I'm willing to share, but then I'm less likely to use those as much for portfolio building as I wouldn't want to contribute/do things online under a more public-facing profile, or link my personal ones to said profile.

Any which way I think about it involves crossing private/public streams I'd prefer to keep uncrossed, but I'm thinking I may be overlooking some compromises that could work, so what might those be?

There was another thread with a paywalled article, but here's the actual study that found that smart TVs use "automatic content recognition" to build an ad profile for you based on what's on your screen... including HDMI content streamed from a laptop, game console, etc. Yikes.

At a high level, ACR works by periodically capturing the content displayed on a TV’s screen and matching it against a content library to detect the content being viewed on the TV. It is essentially a Shazam-like technology for audio/video content on the smart TV [38]. ACR is implemented by all major smart TV manufacturers, including Samsung [9] and LG [55 ].

Our findings indicate that (1) ACR operates even when it is used as a “dumb” display via HDMI; (2) opt-out mecha- nisms stop ACR traffic; (3) ACR works differently in the UK as com- pared to the US.

So it seems like you're opted-in by default, but you can stop ACR traffic by simply configuring six different options on Samsung, or eleven different options on LG.

Oh, and this doesn't seem to happen when you're using native streaming apps like Netflix or Disney+, because hey, they wouldn't want to infringe on those companies' rights by spying on them, right?

So here is the thing. Given the Eqifax breach I kinda feel like giving yet another agency to much information for them to monitor your credit is just another source of a possible future data breach.

cross-posted from: https://lemm.ee/post/42694373

Leak on latest #ChatControl attempt (in German): https://netzpolitik.org/2024/interne-dokumente-sperrminoritaet-gegen-chatkontrolle-wackelt/ +++ Only AUT, DEU, EST, LUX, POL, SVN were critical – no blocking minority! +++ BEL, CZE, FIN, ITA, NLD, PRT, SWE undecided +++ EU legal experts confirm violation of our fundamental rights +++ Only 5 days to next discussion +++

Help pressure our governments into defending our #privacy of correspondence and secure #encryption now: https://www.patrick-breyer.de/en/take-action-to-stop-chat-control-now/

This is straightforward with browser addons like uBlock Origin where you can add and choose blocklists, but I did searches for doing so system wide and using a VPN but didn’t find clear answers. I could use a DNS service that provides blocklists but isn’t it best practice to leave DNS to the VPN provider? I looked up blocklists and VPNs but didn’t find relevant results.

On Android, I didn’t find any apps that let you filter blocklists and using your own VPN other than Rethink, but the blocklists feature requires using Rethink’s DNS.

So what’s the best way to filter ads and trackers on both 3rd party apps and on OS’s like Android (specific Samsung phones) while still using a VPN?

New EU #ChatControl proposal leaked +++ Governments to position themselves by 23 September, will be very tight... +++ Will messenger services be blocked in Europe? https://www.patrick-breyer.de/en/new-eu-push-for-chat-control-will-messenger-services-be-blocked-in-europe/

Help pressure your government now to defend privacy and secure encryption: https://www.patrick-breyer.de/en/take-action-to-stop-chat-control-now/

🇬🇧🚨#ChatControl is back on the agenda: As soon as next Wednesday representatives of EU governments will resume work based on a secret document. https://www.consilium.europa.eu/en/documents-publications/public-register/public-register-search/?DocumentNumber=12319%2F24

This is what you can do now to help: https://www.patrick-breyer.de/en/take-action-to-stop-chat-control-now/

#ALTtext: A screenshot capture shows the cookies settings popup window of a current website. The first sentence of the popup starts: "We and our 843 partners store and access personal data..." The screenshot is annotated. "843 partners" is highlighted with "Is that all?" written beside it

Some significant news for Telegram users!

See this article for some interesting backstory context on Pavel Durov and Telegram: https://www.spiegel.de/international/world/the-telegram-billionaire-and-his-dark-empire-a-f27cb79f-86ae-48de-bdbd-8df604d07cc8

Since the post article is in French, here's an auto-translation:

Pavel Durov, the founder and CEO of the encrypted messaging service Telegram, was arrested around 8 p.m. on Saturday evening as he got off his private jet on the tarmac of Le Bourget airport. The 39-year-old Franco-Russian was accompanied by his bodyguard and a woman.

The arrest was carried out by the gendarmes of the GTA (Air Transport Gendarmerie). Registered in the RPF (wanted persons file), Pavel Durov came straight from Azerbaijan. He had over his head a French search warrant issued by the OFMIN of the National Directorate of the French Judicial Police, issued on the basis of a preliminary investigation.

Why was he under threat of a search warrant?

The Justice considers that the lack of moderation, cooperation with the police and the tools offered by Telegram (disposable number, cryptocurrencies, etc.) makes it complicit in drug trafficking, paedophile offences and fraud.

This search warrant ran if, and only if, Pavel Durov was on national territory. "He made a mistake tonight. We don't know why... Was this flight just a step? In any case, he's locked up!" a source close to the investigation told TF1/LCI. Since he knew he was persona non grata in France, Pavel Durov used to travel to the Emirates, the countries of the former USSR, South America... He travelled very little in Europe and avoided countries where Telegram is under surveillance.

And now?

Investigators from the ONAF (National Anti-Fraud Office attached to the Customs Directorate) notified him and placed him in police custody. He is expected to be presented to an investigating judge this Saturday evening before a possible indictment on Sunday for a multitude of offences: terrorism, drugs, complicity, fraud, money laundering, concealment, paedophile content...

"Pavel Durov will end up in pre-trial detention, that's for sure," comments an investigator to TF1/LCI. "On his platform, he allowed an incalculable number of misdemeanours and crimes to be committed for which he does nothing to moderate or cooperate," said a source close to the case.

His pre-trial detention at the end of his indictment is indeed in no doubt. Pavel Durov, a billionaire, has substantial means to flee and his guarantees of representation will hardly convince the judges.

A net with international resonance

For the investigators, this international sweep has various objectives. First, it makes it possible to kick the anthill, impress and deter the perpetrators of crimes and offences who exchange, until now, freely on Telegram. Secondly, they aim to put pressure on European countries to step up joint work to make secure messaging on terrorist cases bend.

Indeed, Telegram is a hive of criminal content. At the moment, the platform is in the news with the illegal broadcasting of Ligue 1 matches. But on this encrypted messaging service, many accounts are used by organized crime. Beyond terrorism, the most dangerous pedophiles communicate on Telegram to exchange content. "It has become for years THE number 1 platform for organized crime," comments an investigator.

Google representatives gave ad buyers tips on how they could reach teens, even though the company bars targeted advertisements to users under the age of 18 based on their demographics, according to a report from Adweek.

Three unnamed ad buyers told Adweek that Google sales reps suggested they might be able to reach teens by targeting a group of “unknown” users, whose “age, gender, parental status, or household income” Google doesn’t know. Adweek said it also reviewed written documents backing up the sources’ claims. A Google spokesperson told Adweek that the unknown category can include users who aren’t signed in to their accounts or who’ve turned off personalized ad targeting.

Google’s stated policy is to “block ad targeting based on the age, gender, or interests of people under 18.” The Adweek story is yet another example of Google reportedly helping ad buyers target teens through the use of its unknown user category, after the Financial Times recently reported on a similar situation.