Just came across this. Would love someone knowledgeable to comment on the architecture, security.

Just to warn those who use it, Ive just discovered a Google AdMob tracker embedded into the app.

(the original app, not element X)

https://reports.exodus-privacy.eu.org/en/reports/im.vector.app/latest/#trackers

Searching F-droid today for 'vpn', something called URNetwork came up, touting itself as better then a VPN, and sounding frankly too good to be true. Duckduckgo searches are finding very little not either going to them (ur.io, or their github, etc) or some site called Product Hunt that I've never come across before. Nothing useful or that gives me confidence even that this isn't a scam.

Does anyone know anything about this product?

For context: I recently switched to a Pixel 9, installed GrapheneOS and created a profile just for some apps I need Play Store for, which is sandboxed btw. I created a new empty google account for it too.

So I was just downloading an app and saw the option to download it on my old device too, which made me wonder how GP knows about it, since I don't think I have anything on my new phone that could link to it (except my SIM I guess)

Any ideas?

So friends and me arguing over if Teleguard encrypts media too or only chats. My take is, everything, as stated on their site: -> Complex encryption system for all transmitted data... (plus it's swiss based).

Element says this on their site (2.4 Sharing Data in Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights): ... Shared information is exclusively limited to what we are technically able to see, which means end-to-end encrypted information is never accessed by our teams or shared externally. (U.S based)

So both encrypt media but Element saves them while Teleguard deletes the messages after receiving?

cross-posted from: https://lemm.ee/post/61780502

I know I could and should encrypt whole drives but I want another layer of protect specific folders when my devices are unlocked, a password. I want the folders to behave like regular folders where I can add or remove files as usual, without a clunky UX like password protected zips. I looked it up and didn't find any straightforward solutions.

I have an old gmail account. I stopped actively using this account many years ago, but I'm still keeping it open for various reasons. I just sign in once a year or so, delete a few bits of spam, then log out.

Yesterday when I tried to log in to do this, Google wanted a phone number to verify my identity. It would not allow me to log in without a verification code from a phone. I tried to find a way around this. I clicked 'try another option', which then asked for the 'last password I remember'. I tried the current password, and the previous password that I had before that - but just told me that this was not enough to verify my identity.

I checked the Google help centre. Following its chain of questions basically told me that the only reason Google would do this is if I had activated two-factor authentication, or if someone else had got control of the account (and then activated two-factor authentication). ... I'm sure I didn't do this, and I very much doubt someone else had the account.

Reluctantly, I put in my phone number (which I know Google has had in the past, because I use to use this as my main account). The first time, I left off the area code, and Google told me that the number wasn't registered with the account. But then with the area code, the phone number worked and I was able to log in. So clearly it did have that number on record.

The very first thing I did was to try to remove any mention of this phone number from the account. But it wasn't mentioned. There were no phone numbers listed as registered to the account, and two factor authentication was turned off. I couldn't find any mention of that phone number anywhere in my account, nor find any way to delete it. Nevertheless, it was required when I wanted to sign in.

So I'm somewhat concerned. I don't want this number registered to the account in any way. I don't want to ever have to use it to verify my identity. I don't want it to be associated with my identity. Google doesn't show me that the number is associated with my account, but obviously it is - because it was required for me to log in!

Google has lots of 'helpful' pages about what personal information they store, and how you can delete it. But this experience highlights that they definitely store more than is shown in the profile page, and that there is no built-in way to ask for it to be deleted (or to even know what the information is). It makes me wonder what other personal information they have secretly stored. Probably a lot.

I'm wondering what steps I should take to have this personal data removed. I'm under the impression that there are GDPR laws which might compel Google to delete personal data if I request it to be deleted. But it isn't clear what data they have; and it definitely isn't clear how to contact them.

Basically just the title, delete this if it's not the right community.

I hate iphones and apple stuff for obvious reasons. But I am forced to use it to some degree. I just want to get a community consensus on any problems with signal being shared, seen, monitored, or sent to apple servers or icloud while being used on an iphone.

i use GrapheneOS since December 2024 without even sandboxed google play services. the only non open source and not safe apps on my phone are instagram, messenger, telegram, whatsapp, tiktok, snapchat and i want to get rid of them but i wanna see the content from people on these apps. are there any wrappers for privacy, for these apps, such as aeroinsta for instagram (i already use it) in order to use them but protect my data at the same time? 😭

I was posting some comments on Reddit, in the "Privacy" subreddit, about better privacy options than Android or iOS—like GrapheneOS. I just received a message from the bot deleting my posts that mentioned GrapheneOS or other privacy-friendly operating systems. I accept this, since I'm not the owner of the subreddit. But with all due respect, what's the point of having a place to discuss privacy if comments recommending great privacy-focused OS alternatives get deleted? I don’t get it.

It seems like people in that community want privacy, but apparently not enough to have an open discussion about alternatives. Sure, some people might disagree—that's normal in any discussion! Should we stop talking about the NSA because some people support what they do? I doubt anyone would suggest that.

Am I missing something here? Maybe I just don’t understand the reasoning.

I have noticed recently (perhaps within the last 6-12 months?) that I can hit many major sites via Tor with JavaScript off. there are a few that reject Tor connections or render illegibly - but, for many mainstream sites, things are actually pretty reasonable. fingerprinting and personal threat models aside, this seems like a positive move and feels different from e.g. 2 years ago.

am I slowly going insane? has anyone else noticed this? tested over time via orbot and classic Tor nodes with various hardened and non-hardened browsers and DNS resolvers.

Do you know of a way to share your location with family members. I currently use Google maps because my family has both Android and iOS devices so preferably something cross platform. Thanks for your help.

I've been working in infographics that sum up some of the advice in DISENGAGE: Opting Out—and Finding New Options—to Reclaim Your Life from Spammers, Scammers, Intrusive Marketers and Big Tech. I hope it's helpful!

cross-posted from: https://lemmy.world/post/2694719

cross-posted from: https://lemmy.world/post/2685916

OK, c’est pas vraiment "l’image du jour". Elle correspond plus à la période troublée que nous traversons actuellement.

Hi there! A little background: I write down notes a lot to make up for my bad memory. I’ve been doing this for a few years, and it’s usually a few thousand words a day: some professional, some deeply personal. Because of this, I’m trying to be conscious about keeping these notes private. While I’ve made a few changes along the way to follow better privacy practices, I thought I’d post here and see what other ideas are out there.

Right now, I have a few thousand markdown files stored in iCloud with end to end encryption. It’s far from a perfect system: ideally I would get away from cloud storage, iCloud is closed source, and there’s no native linux client. While it’s more private, writing entirely on paper isn’t an option: typing is much faster, it’s easier to query, and I can do fun things with this data. I think my next shift is towards using syncthing to maintain copies of these notes across devices, as I often edit from various machines and want to maintain multiple backups.

Rather than asking directly for proposed solutions, I’ll ask: What should I be considering? Does the editor I use matter? Does this go down to operating system level? I think the answers are both of these are yes, but I don’t know what else I should be asking myself.

A chart titled "What Kind of Data Do AI Chatbots Collect?" lists and compares seven AI chatbots—Gemini, Claude, CoPilot, Deepseek, ChatGPT, Perplexity, and Grok—based on the types and number of data points they collect as of February 2025. The categories of data include: Contact Info, Location, Contacts, User Content, History, Identifiers, Diagnostics, Usage Data, Purchases, Other Data.

• Gemini: Collects all 10 data types; highest total at 22 data points
• Claude: Collects 7 types; 13 data points
• CoPilot: Collects 7 types; 12 data points
• Deepseek: Collects 6 types; 11 data points
• ChatGPT: Collects 6 types; 10 data points
• Perplexity: Collects 6 types; 10 data points
• Grok: Collects 4 types; 7 data points

cross-posted from: https://lemmy.world/post/2180929

Meta sneakily introduced "Platform Integrity Attestation API" which basically calls home to see whether the user has a valid license to play.

This means that to run apps user has to have online connection to perform an integrity test. Whether it's only a test on launch or continues call home like Denuvo-like DRMs is not yet clear. This could also mean that modified headsets could fail to pass this test essentially closing down the device for modifications that could damage "platform integrity". Not all details are clear yet but this doesn't look good.

Currently it's optional and up to app developers to enable it.

I'm guessing there is no way to use Lemmy without having javascript enabled?

Trying to setup a new and better network in the house. Ditching my ISP router because its just a mess and I want better security.

I keep being suggested Unifi as a setup. Its pricey but I am told its well worth the cost.

My main concern is the privacy side.

How reputable is Ubiquity when it comes to handling data? Any ideas?

Privacy gives you the freedom to live your life in a way that best suits your personal goals and needs, without having to constantly balance every action between "the private game" (your own needs) and "the public game" (how all kinds of other people, intermediated by all kinds of mechanisms including social media cascades, commercial incentives, politics, institutions, etc, will perceive and respond to your behavior)

Without privacy, everything becomes a constant battle of "what will other people (and bots) think of what I'm doing" - powerful people, companies, and peers, people today and in the future. With privacy, we can preserve a balance.