https://blog.mozilla.org/en/mozilla/advertisers-and-publishers-adopt-and-implement-do-not-track/ Mozilla introduced the Do Not Track feature in January 2011 and other major web browsers soon did the same. With the Do Not Track preference enabled, when a user attempts to connect to a website, a Do Not Track signal is sent as a part of the header which is sent during the connection attempt. A website which obeys Do Not Track requests is able to act on the user's choice before loading a webpage.

A website which obeys a Do Not Track signal value of "true" can use this setting positively in multiple ways.

a) https://lemmy.world/post/22974927 More than 15 analytics tools can be conveniently configured by a website operator to obey Do Not Track signals.

b) https://filippovicentini.com/notes/2019-04-22/ https://medium.com/@fixitblog/solved-how-to-make-google-analytics-respond-to-quot-do-not-track-quot-7f9785385371 Multiple websites explain how a website operator can obey Do Not Track signals, such as when an analytics tool does not have that option. These methods can be used to prevent connections to third party tracking services.

c) At least one "cookies consent" tool obeys a Do Not Track signal by silently disabling tracking cookies without the need for user interaction with potentially annoying cookie popups.

https://www.cookieyes.com/blog/respecting-browser-do-not-track-setting-cookieyes/ "If you install CookieYes banners on your website, it will respect the active DNT of the users’ browsers and avoid placing any tracking cookies"

d) Do Not Track signals have also been legally defended as a compatible mechanism of the General Data Privacy Regulation (GDPR) for a user to indicate a preference to not be tracked, in a court case in Germany. Do Not Track signals are expected to legally apply to other countries and other scenarios involving GDPR, but court cases would likely have to happen first.

https://wideangle.co/blog/do-not-track-gdpr-opt-out "A recent German court case against LinkedIn suggest that websites that track their users should recognise DNT signals or risk violating the General Data Protection Regulation (GDPR)."

"'The court stated the obvious and even quoted a bunch of legal commentaries on it,' Hense said. 'They all agreed with DNT being a valid signal.'"

In the German court case, Microsoft's LinkedIn could attempt to overturn this verdict on appeal if first Mozilla permanently removes the Do Not Track setting from Firefox's user interface and if Chromium then, in turn, removes the Do Not Track setting with partial reasoning being because Mozilla, the original champion of the setting, also removed it. Microsoft could then ask to have the verdict dismissed on appeal because a majority of web browsers might no longer have a Do Not Track setting in the user interfaces, and such an appeal result could be a terrible blow to privacy, as well as a blow to the possibility of conveniently obtaining private web browsing on potentially many more websites in the future.

There have been some arguments raised which call for the removal of the Do Not Track setting. Let's explore these arguments and see if they are strong enough to justify removing the Do Not Track setting.

These arguments include:

1 - Global Privacy Control (GPC) is legally supported in some jurisdictions and thus can replace Do Not Track.

2 - Global Privacy Control can replace Do Not Track in terms of functionality.

3 - Hardly anyone enables the Do Not Track setting and thus a user may stick out in terms of fingerprinting.

https://connect.mozilla.org/t5/ideas/keep-the-quot-do-not-track-quot-option/idi-p/81951 "even with our past education campaigns around DNT... users did not care to enable it."

4 - Hardly any of the websites which a user visits obey Do Not Track signals.

https://connect.mozilla.org/t5/ideas/keep-the-quot-do-not-track-quot-option/idi-p/81951 "it no longer made sense to offer a signal that is consistently ignored by the vast majority of site operators while also being a potential fingerprinting vector itself due to how unique it is because of its low adoption."

5 - It gives users a false sense of security.

Counter-arguments include:

1 - Global Privacy Control is legally enforceable in some states in a country. Do Not Track is legally enforceable in a country and is expected to be legally enforceable in most European countries if corresponding legal cases get presented.

https://wideangle.co/blog/do-not-track-gdpr-opt-out "For now, the judgment only applies to companies operating in Germany. However, the relevant parts of the GDPR are the same in every other country that has implemented the law."

It seems reasonable for both settings to exist in the user interface since each setting is supported by law.

2 - Global Privacy Control is akin to Do Not Track's weaker sibling and thus is not a valid replacement for Do Not Track. Suppose we discuss the scenario where a website obeys both Global Privacy Control signals and Do Not Track signals.

For Do Not Track, a website operator can either enable a setting in multiple analytics tools or can follow multiple websites which list a code snippet to check for Do Not Track signals. With most of these implementations, tracking data will not be sent to a third party analytics service.

For Global Privacy Control, the approach is to still send the tracking data to the third party analytics service!

https://www.techpowerup.com/329753/firefox-ditches-do-not-track-feature-in-version-135-in-favor-of-global-privacy-control "one criticism of the new reliance on Global Privacy Control is that GPC doesn't block Google Analytics tracking requests"

When Do Not Track signals are obeyed, privacy policies appear to indicate that this feature applies to the general Internet population. At least one company with users around the world has decided to interpret Global Privacy Control as only needing to apply to users in some jurisdictions.

https://www.atlassian.com/legal/privacy-policy "our websites do respond to the Global Privacy Control (“GPC”) to opt-out of “sales” of personal information and targeted advertising in certain locales."

3 - The Do Not Track setting is used by a significant proportion of users, with more than 20% of users reported as using it. Now is not the time to abandon it. A visit to https://amiunique.org/fingerprint shows more than 22% of users in the last 7 days, 15 days, and 30 days have enabled a "Do Not Track" HTTP header attribute value. Similar figures were reported in 2019. https://archive.today/zzcwE "A Forrester research report found 25% of people using the Do Not Track setting, and a national survey we conducted found 23%."

If JavaScript is enabled, fingerprinting can be extremely accurate with just JavaScript alone, without examining HTTP header attribute values, meaning that Do Not Track might only be considered for fingerprinting for users who have a solution for selectively blocking JavaScript, such as a web browser addon.

https://backlinko.com/ad-blockers-users "Sep. 02, 2024" "31.5% of internet users worldwide report using an ad blocker."

https://explodingtopics.com/blog/ad-block-users "June 25, 2024" "DataReportal found that approximately 1 in 3 (32.5%) internet users use ad blockers."

It might be reasonable to say at least 75% of users who enabled "Do Not Track" are also users who know what an addon is and would install an addon such as uBlock Origin, Privacy Badger, NoScript, AdGuard, etc, which can be used to selectively block JavaScript. Given this assumption, 75% of the 22% of users using "Do Not Track" signals is 16.5% of all users. 16.5% represents more than half of the reported 32.5% of users using an addon to block JavaScript. Given this assumption, to blend in with the majority of the users who use an addon to block JavaScript, we should be enabling "Do Not Track" signals!

4 - Maybe we could consider intentionally searching for and visiting more websites which obey Do Not Track signals. Websites which obey Do Not Track signals indicate they are a part of the Good Guys. Having this way of differentiating websites is a good thing. We can use a web search or even an AI web search to search for "name-of-website Do Not Track privacy policy" to quickly find some of the Good Guys. A legal requirement has caused a large proportion of websites to indicate in a privacy policy whether they choose to obey or not obey Do Not Track signals.

https://www.freeprivacypolicy.com/blog/privacy-policy-do-not-track-dnt/ "As of January 1, 2014, changes to the California Online Privacy Protection Act (CalOPPA) required the owners of websites, web apps, mobile apps, and desktop apps to include a Do Not Track disclosure in their Privacy Policy agreements."

"In order to comply with CalOPPA's DNT requirements, website owners must make sure they: State how they respond to the DNT signals they receive from user's web browsers"

"Even if a website owner or operator isn't based in California, it still must include a DNT disclosure in the Privacy Policy. This is because the website or app may be attracting visitors who live in California."

This law was created after Do Not Track signals were introduced into major web browsers. The continued existence of the Do Not Track setting in the user interfaces of web browsers means the law will still have a reason to exist and privacy policies will continue to be required to display this information, allowing us to quickly identify some of the Good Guys and even more of the Bad Guys.

If we are stuck using a Bad Guy website, the very existence of the ability to easily configure obeying Do Not Track signals in more than 15 analytics products means it is possible to contact a website operator and ask the website operator to enable the setting. For anyone who says it won't work, I ask you, have you tried?

If there are a lot of bad apples in a market, should we make it even harder to find the good apples, or should we feel happy that a tool exists (Do Not Track) which makes it easier to distinguish some of the bad apples from some of the rare good apples (by using a search engine to look at a very specific section common to most privacy policies)? The same argument can be used for any market where it is difficult to find something you think is good, including shopping for good clothing or finding a suitable marriage partner.

Why is it okay to say we should remove the Do Not Track feature because many websites do not obey it and because it could be used for fingerprinting, but exactly the same statements can be made about Global Privacy Control, while it is supposedly okay to use the Global Privacy Control setting?

5 - In Mozilla Firefox, immediately next to the Do Not Track setting is a link that has an explanation which does not seem to give a false sense of security.

https://archive.today/evyo1 "Honoring this setting is voluntary — individual websites are not required to respect it."

Mozilla has made multiple revisions to the wording of the Do Not Track feature and if someone feels there is a better way to formulate the text of the option, Mozilla allows anyone to make suggestions.

If we want to talk about a false sense of security, when we see Global Privacy Control's Firefox option's text of "Tell web sites not to sell or share my data" should we expect a website which obeys Global Privacy Control signals to share our data with a third party like Google? We might not expect as much, but our data will apparently be shared with that third party when that third party's analytics service is used by a website operator.

What can we do?

A] Enable Do Not Track signals in our web browsers and teach our family members how to do the same.

The following website obeys Do Not Track signals and gives instructions for many types of web browsers on how to enable Do Not Track signals.

https://www.surreycc.gov.uk/website/cookies/do-not-track "How to enable the 'Do Not Track' browser setting"

For Firefox users, the Do Not Track option can be toggled in about:config. In the top address bar, type in the text about:config and go to the about:config webpage. When asked to Proceed with Caution, choose to Accept the Risk and Continue. In the "Search preference name" text field we can enter a value of "donottrack" and then look at the value (true or false) of the privacy.donottrackheader.enable preference. If the value is false, we can use the toggle button to set the value to true. Our change will be applied immediately and we can close the about:config webpage tab at our convenience. This approach still works in Firefox 135 and also works in older Firefox versions.

B] Use one or more methods of selectively blocking Bad Guy JavaScript. Probabilistic tracking using a Do Not Track signal is likely to apply only to users who block JavaScript deterministic tracking. Do a good deed for the world and teach your family members how to use such an addon.

https://ublockorigin.com/ https://privacybadger.org/ https://noscript.net/ https://adguard.com/

C] If you have a Mozilla account or you do not mind creating one, you are invited to log in and "give kudos" at the following link.

https://connect.mozilla.org/t5/ideas/keep-the-quot-do-not-track-quot-option/idi-p/81951

D] Contact the website operators of websites which you use a lot and ask them to enable the Do Not Track feature in their analytics tools and send them the links in b) at the start of this posting. If you get a response, consider sharing that response with the community.

Whatsapp is privacy invasive, and we likely know that even when using E2EE, this is possible due to metadata tracking.

An easy way to avoid one creepy thing, contact scanning and the creation of "who knows whom" social nets, is to not grant apps permission to your contacts!

But this is not easy, as apps often enforce this, just as they do with

• embedded cameras instead of using the system camera
• embedded galleries instead of the 2 available portals (but Google will soon forbid that)
• asking for unneeded permissions

Only GrapheneOS also allows blocking these permissions

• sensors
• internet
• loading code from memory i.e. from the internet (why would they do that? Is there something they want to hide?)
• debugging their own code to spy on the system behavior

But this app can help everyone on any Android to at least fix this :)

People are noticing that their phones are getting an app called "Android System Safetycore" auto-installed without notice or consent. Check your phone for the same, it is likely it's a slow rollout instead of every device getting it installed all at the same time.

Google has all the same old reasons that they drone on about, but the actual reason is likely to harvest your messages data for training AI models.

Uninstalling seems to remove the application, and there aren't any malicious activity reported so far as I can see, but naturally that can change anytime.

Has anyone noticed this in their applications lists? Did straight up uninstalling them work? I've had some trouble removing systems apps in the past, but uninstalling this one seems to have worked straightaway - I don't see them in the list anymore.

URLs below for Reddit posts about the same: From 2 months ago: https://old.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/

From 2 days ago: https://old.reddit.com/r/privacy/comments/1idjbdi/googles_new_app_will_help_warn_you_about_nude/

cross-posted from: https://lemmy.dbzer0.com/post/36880616

Help Combat Internet Censorship by Running a Snowflake Proxy (Browser or Android)

Internet censorship remains a critical threat to free expression and access to information worldwide. In regions like Iran, Russia, and Belarus, journalists, activists, and ordinary citizens face severe restrictions when trying to communicate or access uncensored news. You can support their efforts by operating a Snowflake proxy—a simple, low-impact way to contribute to a freer internet. No technical expertise is required. Here’s how it works:

---

What Is Snowflake?

Snowflake is a privacy tool integrated with the Tor network. By running a Snowflake proxy, you temporarily route internet traffic for users in censored regions, allowing them to bypass government or institutional blocks. Unlike traditional Tor relays, Snowflake requires minimal bandwidth, no configuration, and no ongoing maintenance. Your device acts as a temporary bridge, not a permanent node, ensuring both safety and ease of use.

---

Is This Safe for Me?

Short answer: Yes.

Long answer: probably. Here is why:

• Your IP address is not exposed to the websites they access. So, you don't have to worry about what they are doing either. You are not an exit node.
• No activity logs. Snowflake cannot monitor or record what users do through your connection. The only stored information is how many people have connected to your bridge. Check docs for further info on this.
• Low resource usage. The data consumed is comparable to background app activity—far less than streaming video or music. There have been, however, a few cases of people reporting high network usage.
• No direct access to your system
• No storage of sensitive data. Snowflake proxies do not store any sensitive data, such as IP addresses or browsing history, on your system.
• Encrypted communication. All communication between the Snowflake proxy and the Tor network is encrypted, making it difficult for attackers to intercept or manipulate data.

You are not hosting a VPN or a full Tor relay. Your role is limited to facilitating encrypted connections, similar to relaying a sealed envelope.

Your IP address is exposed to the user (in a P2P-like connection). Be mindful that your ISP could also potentially see the WebRTC traffic and the connections being made to it (but not the contents), so be mindful of your threat model.

For most users, it is generally safe to run Snowflake proxies. Theoretically, your ISP will be able to know that there are connections being made there, but to them it will look like you're calling someone on, say, Zoom.

Historically, as far as we know, there haven't been any cases of people getting in legal trouble for running entry relays, middle relays, or bridges. There have a been a few cases of people running exit nodes and getting in trouble with law enforcement agencies, but none of them have been arrested or prosecuted as far as I know it. If you are aware of any cases, let me know so I can update this post.

Do not hesitate to check Snowflake's official documentation for further reference and to make informed decisions.

---

How to Set Up a Snowflake Proxy

Option 1: Browser Extension (Brave, Firefox, or Chrome)

1. Install the Snowflake extension.
2. Click the Snowflake icon in your browser toolbar and toggle "Enable Snowflake."
3. Keep the browser open. That’s all.

Note: Brave users can enable Snowflake directly in settings. Navigate to brave://settings/privacy and activate the option under "Privacy and security."

---

Option 2: Android Devices via Orbot

1. Download Orbot (Tor’s official Android app).
2. Open the app’s menu, select "Snowflake Proxy," and toggle it on.
3. For continuous operation, keep your device charged and connected to Wi-Fi.

Your device will now contribute as a proxy whenever the app is active.

---

Addressing Common Concerns

• Battery drain: Negligible. Snowflake consumes fewer resources than typical social media or messaging apps.
• Data usage: Most users report under 1 GB per month. Adjust data limits in Orbot’s settings or restrict operation to Wi-Fi if necessary.

---

Why Your Participation Matters

Censorship mechanisms grow more sophisticated every year, but tools like Snowflake empower ordinary users to counteract them. Each proxy strengthens the Tor network’s resilience, making it harder for authoritarian regimes to isolate their populations. By donating a small amount of bandwidth, you provide someone with a critical connection to uncensored information, education, and global dialogue.

Recent surges in demand—particularly in Russia—highlight the urgent need for more proxies. Your contribution, however small, has an impact.

By participating, you become part of a global effort to defend digital rights and counter censorship. Please, also be mindful of your threat mode and understand the potential risks (though very little for most people). Check Snowflake's official documentation for further reference and don't make any decisions based on this post before taking your time to read through it.

Please share this post to raise awareness. The more proxies, the stronger the network.

– llama

cross-posted from: https://lemmy.dbzer0.com/post/36841328

Hello, everyone! I wanted to share my experience of successfully running LLaMA on an Android device. The model that performed the best for me was llama3.2:1b on a mid-range phone with around 8 GB of RAM. I was also able to get it up and running on a lower-end phone with 4 GB RAM. However, I also tested several other models that worked quite well, including qwen2.5:0.5b , qwen2.5:1.5b , qwen2.5:3b , smallthinker , tinyllama , deepseek-r1:1.5b , and gemma2:2b. I hope this helps anyone looking to experiment with these models on mobile devices!

---

Step 1: Install Termux

1. Download and install Termux from the Google Play Store or F-Droid

---

Step 2: Set Up proot-distro and Install Debian

1. Open Termux and update the package list:

   pkg update && pkg upgrade
   

2. Install proot-distro

   pkg install proot-distro
   

3. Install Debian using proot-distro:

   proot-distro install debian
   

4. Log in to the Debian environment:

   proot-distro login debian
   

   You will need to log-in every time you want to run Ollama. You will need to repeat this step and all the steps below every time you want to run a model (excluding step 3 and the first half of step 4).

---

Step 3: Install Dependencies

1. Update the package list in Debian:

   apt update && apt upgrade
   

2. Install curl:

   apt install curl
   

---

Step 4: Install Ollama

1. Run the following command to download and install Ollama:

   curl -fsSL https://ollama.com/install.sh | sh
   

2. Start the Ollama server:

   ollama serve &
   

   After you run this command, do ctrl + c and the server will continue to run in the background.

---

Step 5: Download and run the Llama3.2:1B Model

1. Use the following command to download the Llama3.2:1B model:

   ollama run llama3.2:1b
   

   This step fetches and runs the lightweight 1-billion-parameter version of the Llama 3.2 model .

---

Running LLaMA and other similar models on Android devices is definitely achievable, even with mid-range hardware. The performance varies depending on the model size and your device's specifications, but with some experimentation, you can find a setup that works well for your needs. I’ll make sure to keep this post updated if there are any new developments or additional tips that could help improve the experience. If you have any questions or suggestions, feel free to share them below!

– llama

EU official should not get top privacy job, says think tank

The letter – signed by a list of privacy professors – stresses that if the role is awarded to long-time EU official Bruno Gencarelli, the EDPS' legitimacy is at stake and poses a risk of conflict. Early last year, the EDPS ruled for example that the Commission’s use of Microsoft 365 was not legitimate.

https://www.euronews.com/next/2025/01/31/eu-official-should-not-get-top-privacy-job-says-think-tank

@privacy

Explaining in good detail why people should care about how modern cars have become a privacy nightmare. From Regular Car Reviews.

I've been working on my privacy setup and breaking away from Proton. There are a bunch of email providers I looked at, same with email aliases, password managers, etc.

But I don't understand the state of calendars. It feels like they're always shoved into email services, and they're all so crappy looking.

I was able to find one or two Android apps that are open source, and they look like they're 20 years old.

Proton Calendar, for all its faults, looks really good.

Why, in 2025, is there no simple calendar as a service with nothing else included? And why do the UIs all look like complete trash?

I don't get it. Can't one of us hire an intern to take a week to learn a CSS framework and create a decent calendar UI? Am I missing something?

Hi there!

Context: After the recent debacle with Proton I was finally pushed to look for other alternatives. I had already wanted to change services for a while so it was nice to get the final push. It's still a good service, open-source and all. I personally just wanted to look for something else. However, I had not realised how deeply I was integrated into the email+alias feature they had, and how much work it is to change out of this, I have a fair amount of accounts.

I have now found a new email provider and bought a new domain. However I've got a few questions for those to who rock custom domains:

1. Do you use random strings before the @ sign? Or do you use it like [email protected]?
2. Because I'm considering using this as a catch-all address, doesn't this mean that anyone who wants (and knows the domain) and send spam on any random string before the @? Are you worried about this, and are there any counters to this?
3. As far as I've understood the main benefit of using my own domain for email, is that it will make it a lot easier to change providers in the future, as I can just change the nameservers so traffic is directed elsewhere - correct?

Thanks for any input, experiences or thoughts about this.

Ps. My threatmodel isn't that complex, I mainly want to stop spam from any potential services selling my email.

[email protected]

Hello everyone,

After a discussion on [email protected] ( https://feddit.org/post/6950586 ), a few people interested in privacy decided to reopen [email protected] as an alternative to [email protected] .

It's also nice to have a privacy community on an instance that can be accessed via VPNs.

Feel free to join us there!

#IronFox's icon is a love child between GitLab and Grindr's.

If I become a contributor it'll only be to make this lore canon @privacy

thought you guys would find this blog post from Brian Leiter today funny. he's a pretty good guy and a respected scholar so no shade on him, clearly just misinformed. i wonder if this is in some way downstream of the recent political drama around proton.

Unnecessary and deeply concerning bow to the new "king"

Import into your F-Droid client directly by tapping this link: fdroidrepos://fdroid.ironfoxoss.org/fdroid/repo?fingerprint=C5E291B5A571F9C8CD9A9799C2C94E02EC9703948893F2CA756D67B94204F904

https://gitlab.com/ironfox-oss/IronFox

IronFox is a fork of Divested Computing Group's Mull Browser, based on Mozilla Firefox. Our goal is to continue the legacy of Mull by providing a free and open source, privacy and security-oriented web browser for daily use.

Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor.

Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I’ll say today:

Don’t use Session.

Insurance giant sued by Texas for using surveillance without consent to jack up premiums, deny coverage

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #009

For more information about BusKill canaries, see:

• https://buskill.in/canary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-01-14
Period: 2025-01-01 to 2025-06-01
Expiry: 2025-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is January 14, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

None.

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

14 Jan 25 01:01:33 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
A Miracle? Pope Francis Helps Transsexual Prostitutes in Rome
Boost for the Right Wing: Why Did a German Newspaper Help Elon Musk Interfere in German Politics?

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
What an Upended Mideast Means for Trump and U.S. Gulf Allies
Russia and Ukraine Battle Inside Kursk, With Waves of Tanks, Drones and North Koreans

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Gaza ceasefire deal being finalised, Palestinian official tells BBC
Watch: Moment man is saved from burning LA home

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
0000000000000000000042db9e17f012dcd01f3425aa403e29c28c0dc1d16470

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmeFuPcACgkQaLi8sMUC
OQXctQ//Zv7RZXPKMMyjMjfE2LjrL6RVESIZMT2tUO/y0wx8XTXKBpgOA7fTh2eC
BHkLajpU/S3LOb+wBniuo29tpGJHG5MBWDwyNUAWXqZfJ/A9YNikNYq9lOn6nKSH
oHyLB8h2nP9rfQ2wXUtN6lFJVKWU5Ef5pjMQb8flJO2kbou7QpgcOzxvRqrXOUcN
UumjSlDTtwIOYOX+Ee8SamI4LyApOlwxIGMbFcbRMcJNhtioS4qCGNGw1pqhvqmF
pi1kIaqd79I8y1U9ufncvC+pbCEvRdo+wb7ZsXA9ZYpYfJSQJzSkdCGgkbe0b1Tx
6CNlcgoXIVaEH6/W+C2DFlyG1u4JuH22eXIrloYnjOxlqSJCd0Dw1EeO33tg3xg3
tfeO9pGOcZPOwlBL509VlE9z6W3czyKJk7Z4RwYXCFYWWi8vlHvRQg0LNu0C4Jyw
fRV2LlMSeUgBz9xyE62jh/BUNZzXsD0ntprR1eRTkeW4kOGEc6Wql4lBKE08sajT
YdgTi4ojrcfTdS7Sgzh1Onh5h/nF7hoyCX0lINgyTrJFMynC6qadTZtiJ2yO8GT+
Ovk9ZJMggBMNr4Vbw6CyrU/4yYMyrEd5dzXYZLZ41lMMpjwM8OBJ/yp1pcGo9vk4
NTAjUQUvOj6nrA/r3j2ywFMDZtFR/jBjXULWE77ca3iJmc/FUdg=
=xahN
-----END PGP SIGNATURE-----

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

I’ve been using the app for a while paird with jellyfin but it’s time for my yearly purge of privacy violating apps, services, and websites.

I can’t find much online about infuse.

https://seirdy.one/posts/2021/03/10/search-engines-with-own-indexes/

Link to list of searchengines, provided by irenesteam in the comments

Old post text for history. This post turned out to become quite a mess.

spoiler

Previously I was looking for search engine that turned out it wasnt worth remembering afterall. As people helped, i thought its easier to just list every site its not. The site I was looking for turned out to be maintained by some rightwing assholes, but I thought maybe it could still be useful as it collects scrapers from many engines into one site. But since it apparently blocks lqbt domains, its basically worthless since who knows what else it blocks. Apparently anything those fucks touch is tainted.

I tried describing the site based on what I remembered and how it appeared to me. now it feels shameful even leaving it as context. The picture gets conveyed through the comments anyway for those interested.

I'm sorry it ended up like this, I should probably have done this much eariler and not give the site any benefit of the doubt.

---

So, instead lets make this into list of search engines so this post might have at least something positive about it. I already started gathering the list earlier as by product of the unfortunate search. It might be better to just scrap this all and start with new post but it would also erase what happened and the lesson learned.

I know there are lists already, but I dont think they all have every engine, especially smaller or newer ones. We could also gather information about engines' maintainers, stuff that helps determine what to expect from them. I'll try gathering it here on this post from the comments and if I find something myself.

Lets avoid all ai searchers since those ought to be in their own category anyway.

List of search engines

• bing
• kagi
• yacy
• ask.com
• searx
• brave
• ecosia
• mojeek
• duckduckgo
• marginalia
• startpage
• giburu
• yippy
• qwant

The ads you're viewing in popular apps have been co-opted by companies harvesting your location data — and now hackers have it.

What's the deal? I'm testing using https://coveryourtracks.eff.org/ Is it truly unique (and repeatable), or is it perhaps being randomized on every request?

I've tried normal Firefox, Mull, and IronFox. With and without jShelter.

I'm using my phone. Stock Android on a Pixel 7 Pro.

In DDG Browser I have a "nearly unique" fingerprint.

I installed CanvasBlocker and disabled privacy.resistFingerprinting in IronFox (since CanvasBlocker said to), and my fingerprint is still unique. I guess I'm not surprised since I think CanvasBlocker is designed to randomize canvas fingerprinting.

Any tips on having even a shred of privacy when browsing the web on Android?

Update

The biggest identifying characteristics are screen size and user agent. User agent can be faked with an extension. I can't exactly change my screen size.

I don't know what exactly what I did, but I managed to improve to "nearly unique" in IronFox. I think all I did was install Cookie Autodelete. It's an extension I've used for a long time in Mull, and finally got around to installing it. Then I installed "User-agent Switcher" and chose a Chrome user-agent and now I'm back to "Unique". 🤔

EFF mentioned Tor Browser having some other best anti-fingerprinting, so I tried installing that. "Unique Fingerprint". Again, maybe that's fine if it means it's randomized on every request. Does anyone know if that's the case? If part of the fingerprint is a hash of canvas data and WebGL data, etc. Then I can easily see your fingerprint being unique if a browser or an extension is intentionally fuzzing that data.

Update 2

I tried Fennec with just jShelter, uBlock Origin, and Cookie AutoDelete (not that I think those last two matter).

Obtained a "randomized fingerprint" result. Success?

I am ashamed to admit I went back to Facebook recently hoping to reconnect with some old friends.

I used a VPN, and had ublock origin on. Facebook never told me to turn these things off.

After about a month, Facebook suddenly banned my account, allowing me to appeal. To do that appeal, they are requesting selfie in which I am moving my head around.

This seems incredibly invasive to me and I'm not entirely sure they aren't just doing this to permanently ban me based on biometrics. If they had just asked me not to use ublock origin, I would have done that.

The original ban notice said I was using a technology that wasn't allowed on Facebook.

The first email said: "We’ve noticed some unusual activity on your Facebook account and have restricted its access to advertising. Any ads connected to your account are currently disabled.

To learn more, please review our Advertising policies affecting business assets.

If you believe your account was incorrectly restricted, click the Fix issue button below to verify your account.

You have until July 07, 2025 to fix the issue before the account is permanently disabled.

We used technology to detect this violation and carry out this decision. Further violations of our Advertising Standards may result in your account being disabled or restricted."

What's so weird is I don't use Facebook marketplace or anything like that. Then they said the account was just banned.

"Your Facebook account has been suspended. This is because your account, or activity on it, doesn't follow our Community Standards on account integrity.

If you think we suspended your account by mistake, you have 180 days to appeal our decision. If you miss this deadline your account will be permanently disabled."

As a minority who has been arrested and feels marginalized by society, but isn't pretending to be anyone other than me, I'm left wondering why this occurred. I didn't get any notices about this at all prior to their asking. I also was arrested at one point and so when I add former friends, I don't know if some people are mortified to know me and so report the account and that is why this is happening or what is going on.

Does anyone know if doing some awful video like this would restore the account, or are they just trying to get more biometric information to ban me permanently? I really wish there were an alternative to Facebook. I hate it and they are so vicious with how they suddenly ban people.

I am unlikely to be willing to do a selfie in which I look left right up and down or whatever, as I don't believe Facebook will delete it.

Right before the ban, I was talking with an ex from a long time ago, who seemed friendly at first. Now I'm wondering if this person reported me and this is why this happened. They said they had to go to lunch, be right back, and it was sort of late for lunch.

I really hate the world and the planet sometimes. Facebook is just terrible and mean and I don't actually believe that such a 3D selfie, which is sort of what they seem to want, is going to not be stored in some government database.

I know this has been discussed a lot across the fediverse already, but I recently learned about the Fogg Behaviour Model (FBM), and thought it would be interesting use it as a frame.

Basically, the model says that people change behaviour when they are motivated, have the ability, and are given the right prompt or nudge in the right direction.

How do we nudge people who are...

• In the top left, i.e. are motivated, but lack the ability to use privacy-friendly alternatives?
• Are in the bottom right, i.e. have the ability, but don't care or have the motivation?

Unfortunately, my impression is that most people are in the bottom left, and think of the invasive surveillance of Big Tech like the weather; "I just have to deal with it". How do we give these people the ability and motivation to escape the data vampires?

Hackers have reportedly breached Gravy Analytics, a parent company of Venntel that sells smartphone location data to the U.S. government. The hackers claim to have stolen considerable data, including customer lists, industry information and individuals' location data. They are threatening to make the data public.