Privacy

Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: "We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause." 😵👇

https://github.com/obfusk/fdroid-fakesigner-poc?tab=readme-ov-file#update-2025-01-19

#fdroid #security #privacy #certpinning #signature

Safety reminders for these times:

• Direct messages on Fedi are not encrypted.
• If your instance is hosted in the US, the admin has to comply with US law.
• Discord text chat is not encrypted. Video is.
• Encrypted group chats are only as secure as the people with access and their security practices.

If you're interested in protecting the contents of your conversations or work, follow the #privacy tag. People posts some really interesting things on there.

Tools Starter pack:

• Chat: Signal. SMS is insecure, but also a bit harder to scrape.
• Video: Jitsi
• Email: Tuta or Startmail or Mailbox.org. (Proton CEO openly supports fascism)
• Browser: Librewolf is what a lot of people recommend. Firefox if you want something more commercial and don't care about their move towards AI advertising.
• Search: Duck Duck Go is probably fine.
• Clear your cookies and say no to their 783 partners who process your data.

Your privacy protects your friends too. Do it for all of us.

More advice from smarter people:

• https://www.privacytools.io/
• https://infosec.exchange/@avoidthehack/113867140078775299

🇮🇹 In Veneto, si vuole promuovere l’adozione del software libero nelle scuole

In Veneto, un gruppo di lavoro composto da insegnanti, persone volontarie ed esperte ha collaborato per sviluppare un progetto che mira a sostituire il software proprietario nelle scuole (Teams, Gmail, Zoom ecc) con soluzioni libere. Questo approccio non solo offre un’alternativa più economica, ma è anche in linea con le normative che obbligano…

https://eticadigitale.org/2025/01/21/in-veneto-si-vuole-promuovere-ladozione/ #Privacy

If you're using #Adobe #Acrobat you might want to check if your organization allows use of the by default enabled generative AI features: Acrobat sends the documents to cloud for processing, which likely goes against the data #privacypolicy of many orgs.

If unsure, go to Preferences > Generative AI and deselect "Enable generative AI features in Acrobat".

https://helpx.adobe.com/acrobat/using/disable-generative-ai.html

#privacy #defaults #enshittification

"I actually had to go to account, account settings, and “Smart features and personalization” where an administrator can set a default value for users. The spokesperson clarified that individual end users can go turn it off themselves in their own Gmail settings. They pointed to these instructions where users disable “smart features.”

But it looks like it’s all or nothing. You can’t turn off just the new Gemini stuff without also disabling things like Gmail nudging you about an email you received a few days ago, or automatic filtering when Gmail puts emails into primary, social, and promotion tabs, which are features that Gmail has had for years and which many users are probably used to.

On iOS, you go to settings, data privacy, then turn off “Smart features and personalization.” A warning then says you’re about to turn off all the other stuff too that I mentioned above and much more. On Android, you go to settings, general, and then “Google Workspace smart features.”"

https://www.404media.co/opting-out-of-gmails-gemini-ai-summaries-is-a-mess-heres-how-to-do-it-we-think/?ref=daily-stories-newsletter

#AI #GenerativeAI #Google #Gmail #Gemini #Privacy #DataProtection

"What we have today is an entire economic system built on this instrumentarian power. If capitalism is a system built on the production and sale of commodities, our personal data is one of the most sought out. It is mined and refined just like oil, and it has become almost as valuable. The ability to influence behavior at such an enormous scale is coveted by all sorts of third parties, particularly e-commerce businesses and political campaigns. So the US Supreme Court may well have reason to fear that TikTok could grant a powerful few undue influence over the behavior of many American citizens, even if politicians’ claims that TikTok — a private company — is funneling user data to the Chinese government are misguided. If the Chinese wanted the data, they could just buy it. Rather, the Supreme Court has decided that the free speech of American users of TikTok is a small price to pay to protect US tech hegemony, not Americans’ data or privacy.

This is substantiated by the astonishing lack of government oversight of homegrown apps and tech companies. The Supreme Court obviously has few qualms about the undue power to manipulate the behavior of citizens that US policy has granted to corporations, private players who have no concern for the greater interests of their users beyond their ability to target them with ads and political messaging."

https://jacobin.com/2025/01/tiktok-ban-china-data-surveillance

#USA #SociaMedia #TikTok #Censorship #Privacy #Surveillance #DataProtection #China

"Within this context, it is no surprise that Google searches for VPNs in Florida have skyrocketed. But as more states and countries pass age verification laws, it is crucial to recognize the broader implications these measures have on privacy, free speech, and access to information. While VPNs may be able to disguise the source of your internet activity, they are not foolproof—nor should they be necessary to access legally protected speech.

A VPN routes all your network traffic through an "encrypted tunnel" between your devices and the VPN server. The traffic then leaves the VPN to its ultimate destination, masking your original IP address. From a website's point of view, it appears your location is wherever the VPN server is. A VPN should not be seen as a tool for anonymity. While it can protect your location from some companies, a disreputable VPN service might deliberately collect personal information or other valuable data. There are many other ways companies may track you while you use a VPN, including GPS, web cookies, mobile ad IDs, tracking pixels, or fingerprinting.

With varying mandates across different regions, it will become increasingly difficult for VPNs to effectively circumvent these age verification requirements because each state or country may have different methods of enforcement and different types of identification checks, such as government-issued IDs, third-party verification systems, or biometric data. As a result, VPN providers will struggle to keep up with these constantly changing laws and ensure users can bypass the restrictions, especially as more sophisticated detection systems are introduced to identify and block VPN traffic."

https://www.eff.org/deeplinks/2025/01/vpns-are-not-solution-age-verification-laws

#USA #AgeVerification #Censorship #Florida #VPNs #Surveillance #Privacy #Pornhub #DataProtection

" Now I invite you to imagine a world where we voluntarily go ahead and build general-purpose agents that are capable of all of these tasks and more. You might do everything in your technical power to keep them under the user’s control, but can you guarantee that they will remain that way?

Or put differently: would you even blame governments for demanding access to a resource like this? And how would you stop them? After all, think about how much time and money a law enforcement agency could save by asking your agent sophisticated questions about your behavior and data, questions like: “does this user have any potential CSAM,” or “have they written anything that could potentially be hate speech in their private notes,” or “do you think maybe they’re cheating on their taxes?” You might even convince yourself that these questions are “privacy preserving,” since no human police officer would ever rummage through your papers, and law enforcement would only learn the answer if you were (probably) doing something illegal.

This future worries me because it doesn’t really matter what technical choices we make around privacy. It does not matter if your model is running locally, or if it uses trusted cloud hardware — once a sufficiently-powerful general-purpose agent has been deployed on your phone, the only question that remains is who is given access to talk to it. Will it be only you? Or will we prioritize the government’s interest in monitoring its citizens over various fuddy-duddy notions of individual privacy.

And while I’d like to hope that we, as a society, will make the right political choice in this instance, frankly I’m just not that confident."

https://blog.cryptographyengineering.com/2025/01/17/lets-talk-about-ai-and-end-to-end-encryption/

#AI #GenerativeAI #AIAgents #Privacy #Encryption #Surveillance

"Stopping a company you distrust from profiting off your personal data shouldn’t require tinkering with hidden settings and installing browser extensions. Instead, your data should be private by default. That’s why we need strong federal privacy legislation that puts you—not Meta—in control of your information.

Without strong privacy legislation, Meta will keep finding ways to bypass your privacy protections and monetize your personal data. Privacy is about more than safeguarding your sensitive information—it’s about having the power to prevent companies like Meta from exploiting your personal data for profit."

https://www.eff.org/deeplinks/2025/01/mad-meta-dont-let-them-collect-and-monetize-your-personal-data

#SocialMedia #Meta #Facebook #Instagram #Privacy #Surveillance #DataProtection

Vanadium version 132.0.6834.79.2 released:

https://github.com/GrapheneOS/Vanadium/releases/tag/132.0.6834.79.2

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/19065-vanadium-version-13206834792-released

#GrapheneOS #privacy #security #browser

Looks like #Microsoft appointed the new Data Protection Supervisor of the #EU.

This happened because the left did not agree on which candidate to support, if I am reading the news correctly.

I saw outgoing EDPS Wojciech Wiewiórowski at more than one @[email protected] meeting, and I doubt that his successor will turn up at this grassroots #privacy barcamp.

https://www.heise.de/en/news/Too-critical-MEPs-vote-out-Data-Protection-Commissioner-Wiewiorowski-10246060.html

#Wiewiorowski #EDPS

"Today, noyb has filed GDPR complaints against TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi for unlawful data transfers to China. While four of them openly admit to sending Europeans’ personal data to China, the other two say that they transfer data to undisclosed “third countries”. As none of the companies responded adequately to the complainants’ access requests, we have to assume that this includes China. But EU law is clear: data transfers outside the EU are only allowed if the destination country doesn’t undermine the protection of data. Given that China is an authoritarian surveillance state, companies can’t realistically shield EU users’ data from access by the Chinese government. After issues around US government access, the rise of Chinese apps opens a new front for EU data protection law."

https://noyb.eu/en/tiktok-aliexpress-shein-co-surrender-europeans-data-authoritarian-china

#EU #DataProtection #Privacy #China #TikTok #Surveillance #AlixExpress #SHEIN #Temu #WeChat #Xiaomi

Cross posted from: https://beehaw.org/post/18047893

Austrian digital rights organization noyb led by Max Schrems has filed GDPR complaints against TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi for unlawful data transfers to China. While four of them openly admit to sending Europeans’ personal data to China, the other two say that they transfer data to undisclosed “third countries”.

As none of the companies responded adequately to the complainants’ access requests, we have to assume that this includes China. But EU law is clear: data transfers outside the EU are only allowed if the destination country doesn’t undermine the protection of data. Given that China is an authoritarian surveillance state, companies can’t realistically shield EU users’ data from access by the Chinese government. After issues around US government access, the rise of Chinese apps opens a new front for EU data protection law.

"To prevent AI models from memorizing their input, we know exactly one robust method: differential privacy (DP). But crucially, DP requires you to precisely define what you want to protect. For example, to protect individual people, you must know which piece of data comes from which person in your dataset. If you have a dataset with identifiers, that's easy. If you want to use a humongous pile of data crawled from the open Web, that's not just hard: that's fundamentally impossible.

In practice, this means that for massive AI models, you can't really protect the massive pile of training data. This probably doesn't matter to you: chances are, you can't afford to train one from scratch anyway. But you may want to use sensitive data to fine-tune them, so they can perform better on some task. There, you may be able to use DP to mitigate the memorization risks on your sensitive data.

This still requires you to be OK with the inherent risk of the off-the-shelf LLMs, whose privacy and compliance story boils down to "everyone else is doing it, so it's probably fine?".

To avoid this last problem, and get robust protection, and probably get better results… Why not train a reasonably-sized model entirely on data that you fully understand instead?"

https://desfontain.es/blog/privacy-in-ai.html

#AI #GenerativeAI #LLMs #SLMs #Privacy #DifferentialPrivacy #Memorization

After I had given #Protonmail the benefit of the doubt for one board member making inconsiderate and alarming statements on #MAGA #Trump, they have doubled down officially:
https://mastodon.social/@protonprivacy/113833073219145503

I therefore consider this official opinion of Proton. Focussing on one aspect and completely ignoring the bigger picture of a luming fascist period in the most militarized economy of the world is just inacceptable. Proton just could have kept their mouth shut, but they decided not to.
Thanks for revealing yourselves and happy to end my subscription, I won't support a company like you until you do better @[email protected]

Please boost to spread this news if you find this important.

@[email protected] @[email protected] @[email protected]
@[email protected]

#ProtonExodus #Proton #E2E #Email #Privacy #Infosec

GrapheneOS version 2025011500 released:

https://grapheneos.org/releases#2025011500

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/19017-grapheneos-version-2025011500-released

#GrapheneOS #privacy #security

Vanadium version 132.0.6834.79.0 released:

https://github.com/GrapheneOS/Vanadium/releases/tag/132.0.6834.79.0

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/19000-vanadium-version-13206834790-released

#GrapheneOS #privacy #security #browser

"The Supreme Court will hear arguments on Wednesday in a case that will determine whether states can violate adults’ First Amendment rights to access sexual content online by requiring them to verify their age.

The case, Free Speech Coalition v. Paxton, could have far-reaching effects for every internet users’ free speech, anonymity, and privacy rights. The Supreme Court will decide whether a Texas law, HB1181, is constitutional. HB 1811 requires a huge swath of websites—many that would likely not consider themselves adult content websites—to implement age verification.

The plaintiff in this case is the Free Speech Coalition, the nonprofit non-partisan trade association for the adult industry, and the Defendant is Texas, represented by Ken Paxton, the state’s Attorney General. But this case is about much more than adult content or the adult content industry. State and federal lawmakers across the country have recently turned to ill-conceived, unconstitutional, and dangerous censorship legislation that would force websites to determine the identity of users before allowing them access to protected speech—in some cases, social media. If the Supreme Court were to side with Texas, it would open the door to a slew of state laws that frustrate internet users’ First Amendment rights and make them less secure online. Here's what you need to know about the upcoming arguments, and why it’s critical for the Supreme Court to get this case right."

https://www.eff.org/deeplinks/2025/01/five-things-know-about-supreme-court-case-texas-age-verification-law-free-speech

#USA #Texas #Censorship #AgeVerification #Surveillance #Anonymity #FreeSpeech #DigitalRights #PoliceState #Privacy #DataProtection

"Today, the CFPB announced that it is seeking public input on strengthening privacy protections and preventing harmful surveillance in digital payments, particularly those offered through large technology platforms. The agency is requesting comment on implementing existing financial privacy law and how to address intrusive data collection and personalized pricing. Additionally, the CFPB requested comment on a proposed interpretive rule outlining how the Electronic Fund Transfer Act, which provides consumers with protections against errors and fraud, applies to new types of digital payment mechanisms, such as those currently offered through large technology companies and video gaming platforms, as well as stablecoins and other digital currencies that are not widely used today in consumer transactions.

“When people pay for their family expenses using new forms of digital payments, they must be confident that their transactions are not tainted by harmful surveillance or errors,” said CFPB Director Rohit Chopra. “The CFPB is seeking public input on how to apply longstanding consumer and privacy protections to new and emerging payment mechanisms.”"

https://www.consumerfinance.gov/about-us/newsroom/cfpb-seeks-input-on-digital-payment-privacy-and-consumer-protections/

#USA #CFBP #DigitalPayments #Privacy #FinTech

Google: Device Fingerprinting ist okay
https://www.heise.de/news/Google-Device-Fingerprinting-ist-okay-10233355.html

Ist ja auch für die Werbeindustrie ganz dolle wichtig...

#privacy

Was ist eure aktuell größte Herausforderung im Bereich IT-Sicherheit und/oder Datenschutz? Teilt eure Fragen und Probleme, wenn ihr möchtet. 👇

#sicherheit #security #datenschutz #privacy #fragen #herausforderungen #community

"Without federal legislative action, many US states are taking privacy matters into their own hands.

In 2025, eight new state privacy laws will take effect, making a total of 25 around the country. A number of other states—like Vermont and Massachusetts—are considering passing their own privacy bills next year, and such laws could, in theory, force national legislation, says Woodrow Hartzog, a technology law scholar at Boston University School of Law. “Right now, the statutes are all similar enough that the compliance cost is perhaps expensive but manageable,” he explains. But if one state passed a law that was different enough from the others, a national law could be the only way to resolve the conflict. Additionally, four states—California, Texas, Vermont, and Oregon—already have specific laws regulating data brokers, including the requirement that they register with the state.

Along with new laws, says Justin Brookman, the director of technology policy at Consumer Reports, comes the possibility that “we can put some more teeth on these laws.”

Brookman points to Texas, where some of the most aggressive enforcement action at the state level has taken place under its Republican attorney general, Ken Paxton. Even before the state’s new consumer privacy bill went into effect in July, Paxton announced the creation of a special task force focused on enforcing the state’s privacy laws. He has since targeted a number of data brokers—including National Public Data, which exposed millions of sensitive customer records in a data breach in August, as well as companies that sell to them, like Sirius XM."

https://www.technologyreview.com/2025/01/07/1109301/privacy-protection-data-brokers-personal-information/

#USA #Privacy #DataProtection #DataBrokers #DataBrokerage

GrapheneOS version 2025010700 released:

https://grapheneos.org/releases#2025010700

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/18831-grapheneos-version-2025010700-released

#GrapheneOS #privacy #security

Vanadium version 131.0.6778.260.0 released:

https://github.com/GrapheneOS/Vanadium/releases/tag/131.0.6778.260.0

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/18829-vanadium-version-131067782600-released

#GrapheneOS #privacy #security #browser

"Having your data tracked in 2025 seems like an inevitability. Regardless of whether you're using an iPhone or Android phone, your carrier is likely gathering all sorts of data about how, where and when you use your cellphone.

Last year T-Mobile quietly began rolling out a new tracking method called "profiling and automated decisions." Spotted by Reddit users and The Mobile Report, the new option is enabled by default. While the company says it isn't using the information it gleans from such tracking today, it could be used later on for "future decisions that produce legal or similarly significant effects about you."

But the self-proclaimed "un-carrier" isn't alone. All three major US wireless providers collect data; here's what they gather and how you can turn it off. It's also worth noting that some of this you should want to keep on, particularly identity verification.

While we're focusing on the three main wireless carriers that make up a bulk of the US wireless market, it is likely smaller providers and even home internet services are engaging in similar collections. Heading to an account's profile or privacy page should help you figure out what is being collected and how you can adjust it.

We recommend checking this regularly just to make sure that you're aware of any changes the carriers may have made or new methods of collection they may have added."

https://www.cnet.com/tech/mobile/data-privacy-your-carrier-knows-a-lot-about-you-heres-how-to-take-back-control/

#USA #BigTelco #Surveillance #Privacy #CyberSecurity #DataProtection