Privacy

32763 readers
1631 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
1
 
 

Since the recent Proton events I need to change providers and I found RiseUP.

I would like to know how good is this service and if I should consider it.

Moreover as I know that it is no open to sign up how to get a RiseUP account? THX for all

2
 
 

Nothing crazy, but it would be cool to be able to build automations in home Assistant off of my Microsoft teams status. (Pause music and whatever I'm casting to Kodi if I get a call, etc)

Maybe even browsing Lemmy? Maybe not though lol

If there's no good options, no worries, I certainly have no problem keeping it in a work sandbox (connected to the same guest network I keep the work computer on and stuff like that)

But I just wanted to see if there's any more value I could squeeze out of it

Thanks in advance!

EDIT I wouldn't be casting shit FROM the iPad or anything, just to be clear

3
 
 

I still use my first ever made email address, at this point it's pushing 28 years old. However I have a major problem. I can rarely log into it anymore. There are so many attempts to login to the account daily from whoever out there that wants to gain access that the login is normally locked out for a period of time. At this point I've moved everything of financial value off of it as someone did get access once, but there are still plenty of random little things I'd like to hang on to it for.

I know I can just make a new one and ditch that one as a quick solution, but I figured i'd ask a wider community if they had any insights I might not have. It's a Microsoft account, and my windows is tied to it, but I'm pretty sure I can just migrate that to something new.

4
 
 

I've been a user of Librewolf for a about a year now, and it's always served me pretty well as a nice easy way to get a hardened Arkenfox Firefox.

However, recently I was curious why Librewolf wasn't recommended on PrivacyGuides, and took a look through their reasoning on their forum. That thread spans multiple years, and for the most part I thought their reasons for not including it were a bit unfair, especially after Librewolf started offering automatic updates.

But towards the end of that thread in October, a Privacy guide team member posted a link to the Arkenfox github issue tracker, where a Librewolf team member reveals how the project appeared to have lost steam after a critical member left, and they are struggling to keep it up to date with the latest Arkenfox updates, despite putting out new releases.

I'm not sure if those problems have been resolved since that time. One of the maintainers did mention they're still short staffed in this topic on taking over maintaining Mull.

After considering the arguments for and against in the PrivacyGuides thread, I think their conclusion for not recommending it was ultimately correct. Using Librewolf adds an additional layer of trust, not only to not be malicious (which I don't suspect they are) but to also be able to adequately fulfill what they set out to do reliably.

Another big part of them not recommending it was the existence of the Mullvad Browser, which I didn't realize was in fact a very well hardened version of Firefox (essentially the Tor browser without the Tor part), and is far more effective for private browsing compared to Librewolf or an Arkenfox'd firefox.

Ultimately you'll have to come to your own conclusion, but personally I'll be switching back to Firefox as my convenient daily browser full of addons, alongside the mullvad browser for (more) private browsing.

5
223
submitted 1 day ago* (last edited 1 day ago) by BenDoubleU@lemmy.radio to c/privacy@lemmy.ml
 
 

Copied from the reddit post:

Hi all, last night, a post from last year from my personal X account suddenly became a topic of discussion here on Reddit. I want to share a few thoughts on this to provide clarity to the community on what is Proton's policy on politics going forward.

First, while the X post was not intended to be a political statement, I can understand how it can be interpreted as such, and it therefore should not have been made. While we will not prohibit all employees from expressing personal political opinions publicly, it is something I will personally avoid in the future. I lean left on some issues, and right on other issues, but it doesn't serve our mission to publicly debate this. It should be obvious, but I will say that it is a false equivalence to say that agreeing with Republicans on one specific issue (antitrust enforcement to protect small companies) is equal to endorsing the entire Republican party platform.

Second, officially Proton must always be politically neutral, and while we may share facts and analysis, our policy going forward will be to share no opinions of a political nature. The line between facts, analysis, and opinions can be blurry at times, but we will seek to better clarify this over time through your feedback and input.

The exception to these rules is on the topics of privacy, security, and freedom. These are necessarily political topics, where influencing public policy to defend these values, often requires engaging politically.

The operations of Proton have always reflected our neutrality. For example, recently we refused pressure to deplatform both Palestinian student groups and Zionist student groups, not because we necessarily agreed with their views, but because we believe more strongly in their right to have their own views.

It is also a legal guarantee under Swiss law, which explicitly prohibits us from assisting foreign governments or agencies, and allows us no discretion to show favoritism as Swiss law and Swiss courts have the final say.

The promise we make is that no matter your politics, you will always be welcome at Proton (subject of course to adherence to our terms and conditions). When it comes to defending your right to privacy, Proton will show no favoritism or bias, and will unconditionally defend it irrespective of the opinions you may hold.

This is because both Proton as a company, and Proton as a community, is highly diverse, with people that hold a wide range of opinions and perspectives. It's important that we not lose sight of nuance. Agreeing/disagreeing with somebody on one point, rarely means you agree/disagree with them on every other point.

I would like to believe that as a community there is more that unites us than divides us, and that privacy and freedom are universal values that we can all agree upon. This continues to be the mission of the non-profit Proton Foundation, and we will strive to carry it out as neutrally as possible.

Going forward, I will be posting via u/andy1011000. Thank you for your feedback and inputs so far, and we look forward to continuing the conversation.

6
 
 

I'm sure those who have run and maintained a mail server, and cryptologists, would probably want to throw something at me for spouting crap, but please bear with me.

Firstly, the Fediverse appealed to me because I knew it was the true answer to these centralised social media platforms. But the problem is that cross server encryption is difficult. For example, I hear that Mastodon servers cannot federate with each other properly if end-to-end encryption was rigorously implemented.

Secondly, there are EU laws that are proposing that messenger services should be interoperable. So in theory, Signal users can chat with WhatsApp user and Telegram users. They say it is possible with open protocols and API tooling.

So together, I wanted to know if this was possible for email. I know that some of the ancient protocols (in computing timelines) don't lend themselves very well for the hostile encryption heavy requirements of the modern internet, but I think it is possible to envision an grassroots alternative.

Am I completely missing something super critical? or are there already federated, end-to-end encrypted emailing services that can be easily spun up?

7
13
Simple Login - help (?) (endlesstalk.org)
submitted 20 hours ago* (last edited 20 hours ago) by welpmybro@endlesstalk.org to c/privacy@lemmy.ml
 
 

So, since the recent news of Proton, im kinda thinking to get over off it... my problem however is with simple login. Simple Login belongs to Proton and this service is such a incredibly peace of art for me. This would me allow to create alias for every software i use, and use too for my health care - specific alias create with simplelogin - and bank - same thing.

I create this method to separate things from my inbox and this help me to be prepare if some leak from dark web happens.

The main problem is that Simple Login belongs to Proton. I can switch email provider, and that is easy, but change all my alias now is incredibly a nightmare. Anyone have some suggestions on what to do now?

I remember see people/communitys self host Simple Login ( for example, like private.coffee , tchncs.de or nomagic.uk do but for other services they plan) and im totally fine to donate who do that. I just dont know what im doing now... and SimpleLogin is the one i find, for example, to create a alias for services like discord (for example, i remember discord dont accept anon addy domains).

Thank you in advance

8
 
 

I need to send a sensitive email anonymously to a VP at work. I was given information I should not have but it's important to get it to this person. I don't have much trust in local management to address the situation. I also need to protect myself because I won't be ready to leave this job for a few more months.

Any recommendations? It can be a simple one and done or one that's good for a limited time/number of emails.

TIA!

EDIT: I appreciate the recommendations! I will start checking them shortly. I'm hoping we can fix the situation locally but knowing that you recommended these helps me feel better about going this route if it becomes necessary.

9
 
 

I use an RSS reader to curate my Lemmy feed, which means I see every post, including deleted ones. Every so often, posts will crop up with pessimistic content such as "Why try anymore?" etc. Most of the time these are a result of privacy burnout, where the individual has a threat model that is too strict for their own tolerance.

We all wish we have perfect privacy. We all wish the world could be more pro-privacy than anti-privacy. One day, that may be the case. For now, we have to accept that nobody can be completely private. Privacy is a spectrum, and doing what you can to minimize data collection goes a long way. You can't become private overnight, so taking small steps like these means you can grow a strong foundation for future privacy. Privacy takes time, so take it as slow as you need to.

Even if a company already has your data or another means to track you, by minimizing you are making it harder for them to extract that data, and it increases the odds that your data becomes stale. By caring about privacy to begin with, you're showing companies and other people that the data collection is not ok.

I've been a privacy activist for years now, and I will also face periods of privacy burnout. I handle it by stopping, taking a step back, and reevaluating my threat model. It's good to take breaks like those, because it means you don't push yourself past your limits and become burnt out.

It's really easy to get caught up in the "breaking news" of privacy, too. This is more of a personal stance, but getting caught up in politics and news often leads to stress and makes it harder to make real progress. (This is one of the reasons I use an RSS reader, I can curate my information without stressful headlines.) You don't need to use the most private software or jump ship the moment anything goes wrong. If you feel you need to switch, do it when you have time and when it won't cause problems elsewhere.

Take a look at how far you've come, and realize that even if you're not where you want to be yet, you've taken steps to get there. Every person who starts to care about privacy, even you, is one more person to help make the world a more privacy respecting place. It may not seem like you make that much of a difference, but it's not just you. You and everybody else who cares about privacy makes a huge difference.

Don't give up now. Privacy is an uphill battle by design, but the payoff is worth it.

Good luck!

10
 
 

In an unexpected mask off "secure" email and VPN provider Proton took the stance of siding with the fascist MAGA Reps. Proton's services are no option for me and many others any longer. Let's collect and discuss alternatives (E2E encrypted email and VPN) here 🔐👇

Always try to provide:

-Server location (jurisdiction)

-Governance

-Integrity/trustworthiness/transparency

-User experience/ease of use (grade 1 to 10, lets take Proton as a benchmark with an 8)

-Pricing and links

If you know alternative setups, feel free to share, too.

#ProtonExodus

Background: https://lemmy.ca/comment/13913116

Edit:typo

11
 
 

All of us have made privacy mistakes at some point in our privacy journeys. In an effort to help those earlier on in that journey, please share some of the mistakes you've made, and how you could have prevented it.

12
 
 

Unnecessary and deeply concerning bow to the new "king"

Update: position got backed up by an official Proton post on Mastodon, it's an official Proton statement now. https://mastodon.social/@protonprivacy/113833073219145503

Update 2, plot-twist: they removed this response from Mastodon - seems they realize it exploded into their face!

13
64
submitted 1 day ago* (last edited 1 day ago) by kate@lemmy.uhhoh.com to c/privacy@lemmy.ml
 
 

still deciding which i’ll go for but it’s a good list

14
 
 

How can I go back to using Google Drive, Gmail, downloading the WhatsApp application, trusting proprietary software in general?

How can I go back to convenience knowing what I know now? Constantly aware that I'm trading my privacy and my data for convenience? Why must this road be so arduous?

Genuinely struggling with this, how do you all manage? Do you just accept it and use this stuff trying to minimize how much information on yourself you give away? Or have you resigned to self-hosted email and wood cabins (unable to fully interface with payment systems, government bureaucracy, modern technology)?

15
 
 

Wanna avoid anything having to do with cloud sync, I just want the option to backup/export and store it myself.

Mainly looking for Android apps, but hopefully theres something cross-platform.

16
17
18
19
 
 

I didn't liked it because of their proud claims "we are better than Tor" talking about their blockchain-based "incentives", and their venture capital small start-up model. VC always means you're product is doomed to be sold, abandoned or screwed. Apparently they also proudly claimed "we are better than Signal". Good luck.

20
 
 

There used to be some application named vigilante that had alert when microphone or camera was activated. Then it's dev stopped updating it and that was that.

I know android should show some small icon when camera or mic is active, but that doesnt help me if i'm not actively looking at the screen at the time.

Do you know of anything that could still do what vigilante did? I'd prefer to know if something was trying to be sneaky. Or is it pointless even trying to do that due to something?

21
 
 
22
 
 

App: https://chat.positive-intentions.com/

A p2p encrypted file transfer and messaging app. Here are some features below:

  • Open Source
  • Cross platform
    • PWA
    • iOS, Android, Desktop (self compile)
    • App store, Play store (coming soon)
    • Desktop
      • Windows, Macos, Linux (self compile)
      • run index.html on any modern browser
    • Decentralized
  • Secure
    • No cookies
    • P2P encrypted
    • No registration
    • No installing
  • Messaging
    • Group Messaging (coming soon)
    • Text Messaging
    • Multimedia Messaging
    • Screensharing (on desktop browsers)
    • Offline Messaging (in research phase)
    • File Transfer
    • Video Calls
  • Data Ownership
    • Self Hosting
    • GitHub pages Hosting
    • Local-Only storage

Check it out!

23
 
 

I recently learned that my company prefers closed-source tools for privacy and security.

I don't know whether the person who said that was just confused, but I am trying to come up with reasons to opt to closed-source for privacy.

24
 
 

Allstate, through its subsidiary data analytics company Arity, would pay app developers to incorporate its software to track consumers’ driving data. Allstate collected trillions of miles worth of location data from over 45 million consumers nationwide and used the data to create the “world’s largest driving behavior database.” When a consumer requested a quote or renewed their coverage, Allstate and other insurers would use that consumer’s data to justify increasing their car insurance premium.

25
 
 

(I apologize if this is not the right community for the question described in the post title.)

My problem with setting up Mollysocket is that my knowledge and competence with such things is very limited (I have MSc in natural sciences) so the instructions on their Github repo are not clear enough for me to resolve the issues I've faced. I have a strong passion for these though, and there are still lots of things I do understand.

However, none of the three alternative methods to install Mollysocket worked. First I tried using crates.io, but hit the wall when trying to perform "cargo install mollysocket" because it ended up giving a feature error which I couldn't pass regardless the given instructions of using nightly version and enabling such unstable feature (+ I've no idea where to find Cargo.toml file).

So next I tried the precompiled version, but then the issue was that I couldn't start mollysocket via systemctl. Troubleshooting by myself was impossible because I couldn't find anything from the search engines related to this.

And the Docker option, well, I think I understood everything until the step where I should generate VAPID key. I copy-pasted the given command from their Github, but this results in a error that such command does not exist.

The instructions given on their Github are, in my opinion, not so beginner friendly, thus I would be very grateful to those who could help with this.

view more: next ›