privacy

This magazine is from a federated server and may be incomplete. Browse more on the original instance.

CowsLookLikeMaps, in EFF’s Street-Level Surveillance project shines a light on the surveillance technologies that law enforcement agencies routinely deploy in our communities

WhereAreTheEyes is a neat project to catalog surveillance cameras.

TheHobbyist, (edited )

Is the app still working? Doesn’t seem to have been updated in 6 years

willya, in What site can scan sites for trackers?
@willya@lemmyf.uk avatar

I thought most of the modern browsers had this ability built in?

dysprosium,

I don’t think browsers are able to detect as much and easily as a dedicated website can. Anyway, these dedicated website detectors can also be used BEFORE visiting the site, providing more protection

willya,
@willya@lemmyf.uk avatar

Interesting. I’d like to find what you’re looking for and compare what shows on mine.

dysprosium, (edited )

You using special scripts / add-ons? Or bare browser?

Yeh okay what does your super computer say about e.g. mathpix.com ?

willya,
@willya@lemmyf.uk avatar

Standard three google ones and one for jsdelivr.net

dysprosium, (edited )

So no mention of “3 ad trackers”, “4 third-party cookies”? Which is additionally reported by blacklight

willya,
@willya@lemmyf.uk avatar

The 3 ad trackers are also in that cookie count with jsdelivr. But no it does not break it down into separate sections.

scumola, in Custom ROM Fire TV Stick

So just to put this out there. I’ve been testing single-board-computers running Android and Linux and streaming multiple IPTV streams at the same time and the Fire TV (I have the 4K Max) beats the Raspberry Pi 4, Odroid N2 + & Intel NUC 7 i5 CPU w/ Intel GPU). I know that they’re cheap as hell but they actually perform better in my specific use case than other Android or Linux platforms. I can stream 5 or 6 1080 IPTV streams simultaneously on the Fire TV, while 3 or 4 is the max on the others.

CrypticCoffee,

How many things does 1 person want to stream at once?

scumola,

I keep several IPTV news streams going at once. 4+ is good for me.

mr_satan, in Privacy Concerns on Lemmy: A Call for More User Control
@mr_satan@monyet.cc avatar

What you’re describing is an issue with all of social media. While your concerns are valid, I don’t see your arguments as privacy issue. I honestly prefer post and comment history being transparent and accessible. It’s much like Reddit and this format fits much better with an open forum style of platform.

Don’t post private information and it’s a non-issue.

Also, can’t you just delete posts and comments like on Reddit?

Outtatime,
@Outtatime@sh.itjust.works avatar

Would still be nice to hide that information

drndramrndra,

Also, can’t you just delete posts and comments like on Reddit?

Not really AFAIK. Your comment is spread across many instances, and they’re not required to follow your deletion request.

mr_satan,
@mr_satan@monyet.cc avatar

Oh, I see

LWD,

It’s no required, but if a server is misbehaving, people could notice and those servers could be defederated. By default, deletions are federated.

bamboo,

Also, can’t you just delete posts and comments like on Reddit?

Nothing ever dies on the Internet. With the federated nature of Lemmy, it’s possible for deletes to not sync across instances, especially if there’s defederation that happens.

mr_satan,
@mr_satan@monyet.cc avatar

Makes sense, when I think about it

SnotFlickerman, (edited ) in Privacy Concerns on Lemmy: A Call for More User Control
@SnotFlickerman@lemmy.blahaj.zone avatar

If you’re not running your own server privacy policies are not even worth the pixels they’re presented on.

Literally, you’re just taking a random person’s word for it (whoever the admin is). A website is a black box, you have no idea what’s going on on the back-end.

The only way to be in complete control of your user data is to run your own server and be literally the only user on it.

Even then, any public comments you make are, you know… public.

otp,

Even then, any public comments you make are, you know… public.

As they should be.

Public comments is how you can find patterns of sketchy user behaviour.

henfredemars,

Ask me no questions and I’ll tell you no lies. It asks much less of my instance admins if it’s understood that my information was never private to begin with.

morrowind,
@morrowind@lemmy.ml avatar

Well there’s still the legal threat. You have to trust someone, unless you’re creating your own hardware and never connecting to the internet

SnotFlickerman,
@SnotFlickerman@lemmy.blahaj.zone avatar

True! All your data will pass over other hardware owned by other people.

The only real online privacy is not connecting to the internet to begin with.

The whole system is based on trust.

Which is why I think some of these privacy demands are straight silly.

FutileRecipe,

All your data will pass over other hardware owned by other people. The only real online privacy is not connecting to the internet to begin with.

And now we’re entering into the realm of encryption, especially end-to-end. Generally speaking, just because you’re sending information that touches other people’s hardware, doesn’t mean it’s public and readable.

Danitos,

Even then, AMD, Intel and now Apple CPU chips are suspected to be backdored. NIST has been slow to adapt a standard post-quantun E2EE algorithm, with some rumours of self-sabotage mandated by NSA (like they have already done in the past). The Tor network is extremely vulnerable to traffic correlation by big parties.

Encryption theoretically gives you what you describe, but in reality you still need to put a lot of thrust in things like your own hardware.

LWD, (edited )

deleted_by_author

  • Loading...
  • SnotFlickerman, (edited )
    @SnotFlickerman@lemmy.blahaj.zone avatar

    I think that’s worth considering: an open-source volunteer project requires and leaks way more data than a private corporation it’s mimicking.

    It couldn’t be that one has had loads of VC funding for *checks notes… 15 years. Whereas one has been barely funded for five years and has more people complaining than adding code.

    Actually, it makes perfect sense that an open source project that doesn’t have a big organization behind it isn’t going to have the same capability anywhere near as quickly. Reddit also makes money from advertising. The money for Lemmy is from donations and an abysmally small set of grants.

    Hell, Matrix, an actual open source communications protocol is 9 years old and they still haven’t gotten encrypted video group chats working properly and if I recall correctly still offload a lot of that to JitsiMeet. I was using Matrix/Riot.IM (now Element) in 2016 and it was garbage that barely worked, and updates constantly broke what previously worked, etc. It took time to become better and Matrix does have a whole ass organization backing it.

    For comparison, Lemmy has been around for about five years and they’ve had far less financial backing and developers contributing to the project. Matrix has governments like France and Germany lining up for services for private communications, which means they’ve literally got people paying them for the service of helping manage their Matrix servers. Lemmy doesn’t have the same advantages. They don’t have a service or ads to sell (no ads is part of the appeal.).

    For what its worth, Veilid exists, if you’re looking for a better framework to start with than ActivityPub.

    Vinny_93, in what are your recommendations for a good privacy friendly sms app?

    Signal does sms but they may not be as privacy friendly as they claim. Although idk.

    lemmyreader,
    Vinny_93,

    Oh I was unaware. Sorry!

    lemmyreader,

    No problem.

    sxan, (edited ) in what are your recommendations for a good privacy friendly sms app?
    @sxan@midwest.social avatar

    Yeah, qksms’s handling of group messages is really klunky, too.

    Deku SMS looks nice, but it doesn’t understand group SNS at all. Neither does Connect You (it also doesn’t have search-by-name for texts, and has trouble linking contacts to texts). Simple SMS is now verboten.

    Despite warts, I’m stuck with qksms as well.

    Edit Fossify Messages has been released on fdroid. It supports groups, looks nice, and is working for me so far!

    TheOSINTguy,

    Not to also mention that the dev for qksms hasn’t fixed some issues from 2017.

    kureta, in How bad is Idea of .Zip as password manager?

    If you do this, you’ll start writing small scripts to help you with repeating tasks, to simplify somethings, then you’ll start looking for help trying to improve those scripts, then you’ll find better written and tested ones and start replacing yours with those, one by one. Then you’ll probably find pass or other terminal password manager. It can be a fun learning experience but sooner or later you’ll end up using a password manager.

    Tangent5280,

    Ah, the programmers pilgrimage. The first hill that they must climb is the one where they spend 12 days automating something that would have taken 10 seconds every time + half hour setup time.

    Gooey0210,

    Pass is pretty cool, used it for many years

    Now switched to vaultwarden so it’s more user friendly for my girlfriend

    Xirup, (edited ) in Riot Games Now Requires Kernel-Level Anti-Cheat Software for League of Legends, Following Valorant's Implementation

    One more reason to switch to Linux! (It can’t run Valorant)

    agitatedpotato,

    Not supporting a game is not a reason to switch to linux, and the more games aren’t supported, the less people are gonna switch. The Linux zeal on this site is comical.

    “Haha my OS cant play games that have millions of concurrent daily users each!”

    How the year of the Linux gaming PC coming?

    jinarched, (edited )
    @jinarched@lemm.ee avatar

    OP was saying something along the lines of ‘if Valorant can’t run on Linux, it’s a sign your privacy is much less compromised.’ After all this community is specifically about privacy.

    Prunebutt, (edited )

    It’s the other way around: no game is worth sacrificing security and privacy by giving it kernel level access.

    The argument is: more and more games are running on Linux and there’s a damn good reason not to play the ones that don’t at all.

    agitatedpotato, (edited )

    That’s a great argument for the extremely small percentage of gamers who give a damn about that, but just about all of them are already on linux, so if that’s the way forward for linux gaming, congrats it’s at full saturation. This site is wild. Downvotes for pointing out thay not running games thay millions play a day is bad for gaming on the OS. I may as well be talking to Republicans about Biden. You’re zealots.

    Go on the legaue and valorant forums see how many of the millions you can convince that Linux security is more important than being able to play with their friends.

    Gabu,

    I don’t give a shit if a billion people suddenly decide that shooting their own brains is a great idea, shooting yourself is still a bad idea.

    R00bot,
    @R00bot@lemmy.blahaj.zone avatar

    Hey bud. The original comment was a joke.

    agitatedpotato,

    Lol bold opinion on this site when people are already responding that its good for Linux gaming that it won’t play games that has intrusive anticheat. I’ll admit sure it’s better for security, but to think that’s a good thing for gaming on Linux is hilarious.

    R00bot,
    @R00bot@lemmy.blahaj.zone avatar

    No, it’s obviously better to have the choice (run the game or not). And losing a game that previously worked on Linux is obviously a bad thing, hence the joke about it being good.

    Of course you could argue that taking a stance against this kind of intrusive anticheat is good in the long run. If Microsoft had a backbone they’d do the same.

    But yeah losing games because of anticheat is obviously a bad thing lol. No need to take it so seriously.

    agitatedpotato, (edited )

    The comment was about valorant, did that one ever work on Linux, if so I wasn’t aware that they figured it out. Didnt seem like a joke, and people are unironocally agreeing with it soooo

    Prunebutt,

    So, requiring to puncture the security and privacy of your PC for a game is ok, as long as millions of players are affected. Did I understand you correctly, here?

    joyjoy,

    The same people would let Sony install a rootkit so they can listen to music on their PC.

    agitatedpotato, (edited )

    Nowhere did I say that, what I said is most gamers do not care. So what I’m implying is if you want Linux desktop OS to overtake the next highest competitor (which is ‘OS unknown’ btw) you’re going to need to do better. For at least the past 20 years gaming has been a social phenomena more than anything else, and not being able to play games that millions play daily isn’t a brag for linux gaming just because you’re more secure than they are. Unknown OS is ahead of linux on desktop share, not just gaming desktop, all desktop. Linux ranks just below a statistical anomaly and just above chrome os. If that’s fine with you than fine, but if you’re one of the people for whom gaming is a very social thing, then you’re probably never moving to linux at this rate, or at least hope things get better. But apparently I’m the only one unsatisfied with what gaming on linux looks like, and everyone else loves it as is. Welp, if that’s how it is and this is what linux gaming is supposed to be, then it’s defiantly not for me either.

    Prunebutt,

    Name checks out.

    It was a joke, chill your beans.

    turkalino,
    @turkalino@lemmy.yachts avatar

    How the year of the Linux gaming PC coming?

    You’re right, it’s been absolutely devastating not being able to play games on my computer. I’ll go cry over my video game consoles.

    agitatedpotato,

    League of Legends doesn’t run on console . . .

    turkalino,
    @turkalino@lemmy.yachts avatar

    You’re right, it’s been absolutely devastating not being able to play a 14-year old game that I have no interest in playing on my computer. I’ll go cry over my video game consoles.

    Xirup,

    It may sound silly, but for a lot of people being unable to play games like Valorant, Warzone or League of Legends it’s actually a feature and not a bug or a problem.

    agitatedpotato, (edited )

    Pro tip, you can not install those games on literally every OS, so even if that’s a feature for you, its one you absolutely do not need linux for.

    “Thats the best part of my ti 89 calculator. It doesn’t play Lol Cod or Valorant!”

    What a brilliant feature, that calculator was ahead of its time.

    Neps,
    @Neps@lemmy.blahaj.zone avatar

    Ima tell you right now 90% probably more of the val community wouldnt play the game on linux or switch regardless of if it ran or not so it so it doesnt really matter

    Crack0n7uesday,

    Correct me if I’m wrong but if it can’t run Valorant then it can’t run the game in general, so you’d be just as well off by not playing Riot games on a Windoze or Mac machine as well.

    HowMany, in There’s a Multibillion-Dollar Market for Your Phone’s Location Data – The Markup

    What’s my cut?

    FriendBesto, (edited )

    Being the product.

    Anticorp, in Facebook Messenger's Rollout of End-to-End Encryption Leaves Metadata Questions Unanswered

    While Meta won’t collect messages themselves

    We have no proof of this, only the word of a company that habitually lies and cheats.

    hersh,

    Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.

    That said, it seems like we’re reaching a turning point for big tech, where having access to private user data becomes more of a liability than an asset. Having access to the data means that they will be required by law to provide that data to governments in various circumstances. They might have other legal obligations in how they handle, store, and process that data. All of this comes with costs in terms of person-hours and infrastructure. Google specifically cited this is a reason they are moving Android location history on-device; they don’t want to deal with law enforcement constantly asking them to spy on people. It’s not because they give a shit about user privacy; it’s because they’re tired of providing law enforcement with free labor.

    I suspect it also helps them comply with some of the recent privacy protection laws in the EU, though I’m not 100% sure on that. Again, this is a liability issue for them, not a user-privacy issue.

    Also, how much valuable information were they getting from private messages in the first place? Considering how much people willingly put out in the open, and how much can be inferred simply by the metadata they still have access to (e.g. the social graph), it seems likely that the actual message data was largely redundant or superfluous. Facebook is certainly in position to measure this objectively.

    The social graph is powerful, and if you really care about privacy, you need to worry about it. If you’re a journalist, whistleblower, or political dissident, you absolutely do not want Facebook (and by extension governments) to know who you talk you or when. It doesn’t matter if they don’t know what you’re saying; the association alone is enough to blow your cover.

    The metadata problem is common to a lot of platforms. Even Signal cannot use E2EE for metadata; they need to know who you’re communicating with in order to deliver your messages to them. Signal doesn’t retain that metadata, but ultimately you need to take their word on that.

    Endward23, (edited )

    Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.

    I’m quite sure, they arn’t. This statement doesn’t mean that I think they have bad intention or something. It’s just, at least for me, obivious that the interest of the users and these of the companies are highly different. This is also the case with other companies and their customers.

    Having access to the data means that they will be required by law to provide that data to governments in various circumstances.

    A more paranoid person than myself would suspect that any big enough gouverment world simply force the companies to collect and share data.

    The metadata problem is common to a lot of platforms.

    From the viewpoint of the cooperations, this is a good deal. Enough privacy to keep people on the plattform and still enough data for advertisment.

    chicken, in Privacy Concerns on Lemmy: A Call for More User Control

    I remember a little while ago a thread with someone from kbin gloating that they could see what everyone was voting, and accusing the people upvoting comments they disagreed with of being bigots in a vaguely threatening way obviously intended to produce a chilling effect, and people found this surprising because that information is not public on most instances.

    I basically agree with the people saying open info is just the nature of posting on a public forum and of federation, but there could be improvements, even just in awareness of what is and isn’t private.

    bamboo,

    This is a great point because in the Lemmy UI, this information isn’t shown, and you can’t even list out all posts you’ve upvoted. As most of us coming from Reddit, we’re used to upvotes being private, and probably assume it’s the same. I understand the technical reasons for having the information public, but it is not clear from a user perspective that it’s public.

    chicken, (edited )

    What’s extra confusing is that I’ve seen people asking about how to get this information from the API, with the answer being that you can’t (I guess to protect privacy?). It’s only accessible to federated servers, but then those can do what they want with it including publishing it to everyone.

    utopiah, in How bad is Idea of .Zip as password manager?

    Depends against whom you are protecting yourself. If it’s against

    • your younger sibling then it’s probably sufficient
    • some script kiddie or scammer running scripts against the most typical setups, might be just obscure enough
    • a proper targeted attack, then it will depend on which zip software you are using. Most likely the stock one that might (I didn’t bother checking) relying on something that is far from the state of the art in terms of encryption. In that case it will most likely not be secure.
    • a proper attack but you use something like 7z with encryption that is relatively resilient, then most like if you are not facing state actors with huge amount of resources to try to crack it, most likely secure

    Note I’m NOT a security expert so… don’t believe me.

    bhamlin, (edited )

    I don’t know that I’d really add more. It all depends on who and what you’re protecting against. The only thing that’s secure is something that doesn’t exist.

    National level hackers have access to resources you might not be able to think of. And if they really want in, rubber hose cryptography is super effective. But most “hackers” on the Internet? And encrypted zip is often enough to deter them. Not impossible, but you might not be worth the time and effort.

    In summary, there is better. Much better than an encrypted zip file. But only you can judge if you’re a juicy enough target to pursue more esoteric protection.

    pipariturbiini, in Facebook Messenger's Rollout of End-to-End Encryption Leaves Metadata Questions Unanswered

    It’s called “metadata”, so clearly it belongs to Meta.

    Anticorp, (edited )

    By that reasoning, all your CaccaDoodie are belong to us.

    cheese_greater,

    And lawyers are just practicing ;)

    charonn0, (edited ) in the encryption keys, why can't the government just sneak on them?
    @charonn0@startrek.website avatar

    SSL/TLS, the “S” in HTTPS, and other network encryption protocols such as SSH, use a technique called a Diffie-Hellman key exchange. This is a mode of cryptography where each side generates two keys: a public half and a private half. Anything encrypted with the public half is only decryptable by the associated private half (and vice versa).

    You and Youtube only ever exchange the public halves of your respective key pairs. If someone snoops on the key exchange all they can do is insert spoofed messages, not decrypt real ones.

    Moreover, the keypairs are generated on the fly for each new session rather than reused. This means that even a future compromise of youtube won’t unlock old sessions. This is a concept called forward secrecy.

    Message spoofing is prevented by digital signatures. These also use the Diffie-Hellman principle of pairs of public/private keys, but use separate longer-term key pairs than those used with encryption. The public half of youtube’s signing key, as presented by the server when you connect to it, has to be digitally signed by a well-known public authority whose public signing key was shipped with your web browser.

    zaknenou, (edited )
    @zaknenou@lemmy.dbzer0.com avatar

    this is very detailed answer thank you. however I face an ambiguity regarding this:

    This is a mode of cryptography where each side generates two keys: a public half and a private half. Anything encrypted with the public half is only decryptable by the associated private half (and vice versa).

    How can this private half be something that I know, Youtube knows but impossible for the snooper to our communication to know??

    Darkassassin07, (edited )
    @Darkassassin07@lemmy.ca avatar

    Youtube never knows the private half of your key pair. That never leaves your system.

    Anything encrypted with the private half can only be decrypted with the public half, and anything encrypted with the public half can only be decrypted with the private half. These halves are known as the public key and the private key. Each side of the connection generates their own key pairs.

    We both generate a set of keys, and exchange the public halves with each other. I then want to send you a message: I first encrypt it using my private key, I then encrypt it again using your public key and send that to you.

    In order to read that message, you first decrypt it using your private key. This ensures the message was intended for you and wasn’t modified in transit, as you are the only one with access to that private key and only its matching public key could have been used to encrypt that layer.

    You then decrypt it a second time using my public key. As I’m the only one with access to my own private key, you can be sure the message was sent by me.

    As long as that resulted in a readable message; You’ve now verified who sent the message, that it was intended for you, and that the contents have not been modified or read in transit.

    All this, including the key exchange is handled for you by the https (tls) protocol every time you connect to a website. Each of the messages sent between you and the site are encrypted in this manner.

    zaknenou,
    @zaknenou@lemmy.dbzer0.com avatar

    so you can encrypt a message with my public key but you cannot decrypt it afterward ??

    deluxeparrot, (edited )

    The best way I find to think about it is a padlocked box.

    The public key is a box with an open padlock on it. I can give it to anyone. If someone puts a message inside the box they can lock the padlock, but they don’t have the key to open it again.

    I keep the key private. If someone sends me a locked box that has my padlock on it, only I have the key to open it and read the message.

    Darkassassin07,
    @Darkassassin07@lemmy.ca avatar

    Exactly. Once encrypted with your public key, you’re the only one who can decrypt and read it as you are the only one with access to your private key.

    intensely_human,

    Anything encrypted with the private half can only be decrypted with the public half, and anything encrypted with the public half can only be decrypted with the private half.

    This is not true. In key pair cryptography, the public key used only for encryption and the private key is used only for decryption.

    Darkassassin07,
    @Darkassassin07@lemmy.ca avatar

    As far as I understand a key pair can be used bi-directionally like I’d described. Was I mistaken?

    In practice, the private key is usually used to create signatures instead, but I avoided that for simplicity.

    chayleaf,

    no, it isn’t bidirectional, public = encrypt, private = decrypt, that’s it. You can address a message to multiple recipients though (when using GPG), so often in case of email a message is addressed both to yourself and your recipient, so both you and your recipient have access to message text

    azdle, (edited )
    @azdle@news.idlestate.org avatar

    You’re not mistaken, it is definitely possible with at least RSA, though, I would guess it may not always be possible. It also sounds like it’s still a bad idea unless you know all of the parameters used to generate the keys and can be sure what information is actually encoded in the keys.

    matthewc,

    Your computer generates two keys. One to encrypt a message. One to decrypt the message. The encrypt key is public. The decrypt key is private. Your computer shares the public key with YouTube. The private key is never shared.

    YouTube does the same thing for your computer.

    Your computer will have YouTube’s public key and your computer’s private key…

    Your computer will be able to encrypt messages to send to YouTube that only YouTube will be able to decrypt. Even your computer will not be able to decrypt these messages after it has encrypted them using YouTube’s public key.

    Since the decryption keys are never shared they can’t be snooped. That is why it is only possible for an attacker to encrypt new messages but not read any messages from either sender.

    aldalire,

    Good description of asymmetric cryptography!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • localhost
  • All magazines
  • Loading…
    Loading the web debug toolbar…
    Attempt #

    Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 25798264 bytes) in /var/www/kbin/kbin/vendor/symfony/http-kernel/Profiler/FileProfilerStorage.php on line 174

    Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 2097152 bytes) in /var/www/kbin/kbin/vendor/symfony/error-handler/Resources/views/logs.html.php on line 25