I am in the privacy game for about 2 years now and I've become the go-to on privacy questions in my family (which makes me proud, cuz this means, I am not just this privacy nut that cant be reached on whatsapp :D). I was asked about a browser for Graphene OS. Clearly I recommended the one I use atm, which is Waterfox (was recommended once in this comm). The person who asked me is using bromite (which looks good too). After thinking about the recommendation, there is one open question:

Does it really matter which alternate browser you choose, if it is of course not something like Google Chrome, Mozilla Firefox or Safari (especially regarding the outcome in this comm, where someone compared Chromium and Firefox without any real conclusion)? Also doesnt it also come down to the plugins? Like, what difference does it make, if I use Waterfox or Bromite, if I also use Privacy Badger, uBlock Origin and maybe JShelter?

Hope too read a lot of your toughts on this :)

For me, the browser is by far the most important software on my computer. After all, I use it about 80% of the time on my PC. At the moment, it's more difficult than ever to find the right browser, at least for me. Until about a year ago, it was usually using Firefox. But for some time now I have lost all trust in Firefox. What the vendor promises is in complete contrast to what the software does by default. User tracking in various forms, unsolicited telemetry, remote installation of add-ons are just the very top reasons why I no longer want to use Firefox. Brave is an alternative, but I don't feel very comfortable with it. The default settings are not ideal here either. What's more, it's packed with extras that nobody needs. In the end, I currently use Ungoogled Chromium, fully aware that I don't always have the latest version installed.

Now there's also Midori. I can't figure it out. What should I make of it? To me it looks like a forked Firefox that lags far behind the current version. I think it's currently Firefox 128.xxx. Doesn't this mean I'm getting the same problems as with Firefox itself, plus an outdated version? What about tracking, telemetry and security problems? What do you think of this browser? In Wikipedia, i read that Midori uses WebKit? Is it not Gecko? And what is a Floorp? The Infos about this browser are really confusing.

I’m timid about this and might be late to a party where others already had this idea, so please, no haters.

I can’t get over how facile and stupid the identification of LM was at a McDoballs. This is someone who fell off the entire grid for three months??

Just asking… but couldn’t an organization trying to conceal its reach and inevitability track a fella… and then… force an identification?

I do not have any idea about details… it’s broad strokes. Could it be? How many other privacy lovers heard about these three months completely off the grid somehow and also wondered… how?

Please pardon if this isn’t the appropriate place but the real theme is privacy. What if the watchers are always watching even when a person might believe they have made themself completely digitally invisible?

This is so so sad, :( I've been using Mull for quite some time and recently Hypatia. I guess time to move to fennec since I doubt there's a fork in the horizon, :(

Since we started paying for Proton Pass I noticed that a few websites do not allow you to use the generated e-mail. Two that come to mind are Atlassian and Discogs. Has anyone figured our a way to go around this?

Source: Europese digitale identiteit is straks niet veilig genoeg, waarschuwen experts - NRC INTERVIEW DENIS ROIO SOFTWARE DEVELOPER ‘European digital identity will soon not be secure enough’   In the rush to better protect the privacy of EU citizens and to limit the power of American ‘Big Tech’, experts say design errors are being made in the development of the European digital identity.vMarloes de Koning AMSTERDAM   Denis Roio will not be using the European digital identity, which he helped develop himself. The Italian software developer and entrepreneur has lost his confidence in the ambitious European project.   By the end of 2026, every EU country must have a secure app ready that citizens can use when they need to share data about themselves online. For example, to prove that they are over 18 years old, that they have a driver's license or are registered with a municipality. They must also be able to use it to provide medical data.   Companies, governments and online platforms are legally obliged to accept the evidence from these apps. The application is similar to that of DigiD in the Netherlands, but the app will soon be available for many more services and throughout Europe. For example, you can also rent a car, buy alcohol online or gamble.   The app should ensure a significant improvement in the privacy of European citizens. It is now almost impossible to operate online without unintentionally leaving behind all kinds of data about yourself. Companies earn a lot of money from trading in this personal data. The apps should ensure that citizens can choose for themselves how much data they share about themselves.   Big mistakes But in the rush to better protect the privacy of European citizens and reduce the power of American ‘Big Tech’, big mistakes are being made in Brussels, experts say, causing supporters from the very beginning to drop out. Roio (47) is a clear example of this. He describes himself as a ‘conscientious objector’.   In principle, Roio, like many privacy activists and software experts, is a great supporter of a European digital identity. “It is intended to protect us from data theft by Big Tech.” He is a convinced European. Born and raised in Italy, but has been in the Netherlands for twenty years.   With his company, he carries out research projects for the European Commission that revolve around digital encryption, among other things. Like many experts, he actively participates in discussions about how the EUID should be built. These are technical discussions about fundamental questions. How high should the security be against cyber attacks? Will the EUID be ‘quantum-proof’, i.e. resistant to attacks by supercomputers? Can you remain completely anonymous when using the app? The EU has standard procedures for such a technical process: after a political decision, a working group first comes up with a technical elaboration in broad outline, after which it develops increasingly detailed specifications. This elaboration and specifications are published online in draft form, so that experts can respond to them and point out errors. After a vote, the process moves to the next phase.   For the EUID, the technical framework, the so-called ‘Architectural Reference Framework’, was put online this spring. Many cryptographers, including Roio, provided feedback. They have broadly the same fundamental objections. The most important is that the so-called cryptographic protection is too weak. This makes it possible for malicious parties with technical knowledge to discover the identity of users.   Back to the drawing board Jaap-Henk Hoepman, associate professor at Radboud University and specialized in online privacy, also drew up an extensive document with feedback with a group of fifteen renowned European colleagues. "If it is done well technologically, Europe can become a forerunner with private and secure identification mechanisms in the digital space," the sixteen scientists wrote in it.                                                                                               Software developer and entrepreneur Denis Roio. “There has been no active attempt to involve civil society in the EU ID. So far, only technicians are working on it.” elieve the project should first go back to the drawing board, because they too have noted that the intended anonymity of users is not properly arranged. In the eyes of the cryptographers, the EUID should use what they call zero-knowledge cryptography, instead of the chosen method of encryption.   The discussion revolves around the evidence that is placed in the app (‘wallet’) developed for this purpose on your phone. Imagine these evidences as the digital equivalent of, for example, a physical passport, driver’s license or diploma. You request them (via the app) from the relevant authority every few years. You can then use them as often as you like without the issuer (the municipality, the educational institution) being able to see where and when you do so.   Anonymous identity documents with zero knowledge proof, which Hoepman and his colleagues would prefer to see introduced, do not leave any digital traces when used. You could call them disposable proofs, for one-time use. “A gambling website that has to check my age cannot see whether it is me who comes to gamble a hundred times a day. Or whether it concerns a hundred digerent people who are all of legal age,” Hoepman gives as an example.   “Apple and Google are the dealers in this game. They deal the cards” Denis Roio softwareontwikkelaar    A second concern of Hoepman and his colleagues is that no mechanism is built in to prevent users from being asked for unnecessary information, which they usually provide without question. That also agects privacy. An example: a porn site that is not allowed to have children as customers only needs to know whether a user is old enough. Not whether he is Dutch and what his name is. If the EUID really values online privacy, consumers will automatically be protected from sharing unnecessary amounts of data, the cryptographers argue.   There are alternatives to the proposal of the European Commission working group. Professor Bart Jacobs, a colleague of Hoepman at Radboud University, developed an app in the Netherlands more than ten years ago, for example, that makes it possible to log in and share only the most essential 'evidence'. That app was first called IRMA and is now Yivi. About a hundred thousand Dutch people have it on their phones. "So it is indeed possible," says the professor, a pioneer in this field in the Netherlands. “We have been using it for ten years.” He calls it “incomprehensible” that the EU does not also opt for this.   Make haste A vote on the technical design was initially postponed this fall, probably because of the many objections from experts to the first concept. But on November 21, the Brussels working group met and decided to continue on the chosen path.   The Netherlands voted against this draft in Brussels, but did not have enough support to stop it   The working group includes representatives from all European member states. Tech companies involved also regularly join. The Netherlands voted with six other countries against the decision to continue in the current format, but did not have enough support to stop it. The Dutch ogicials involved used similar arguments as Roio, Hoepman and Jacobs. They would have liked to see ‘additional privacy protection measures’, ‘for example in the area of cryptographic security of data in EUDI wallets’, a spokesperson confirmed. Postponing the decision, or going back to the drawing board, would have meant that the ID wallets would not be ready before the end of 2026. Within Europe, Germany and France in particular are pushing for haste.   One of the arguments is that Europe is actually already terribly late in trying to do something about the power of the large (usually American) tech companies. They are now rapidly strengthening their grip on the online identity of Europeans. They do this, among other things, by ogering to log in via Google or Facebook, for example. Or verify your identity on LinkedIn. In this way, they increase the dependency of consumers and they learn more and more about people. "Apple and Google are like the croupiers in this game. They deal the cards," says Roio.   The committed Italian software developer – he once taught himself programming to help in the fight against the mafia by hacking – fears that the EU is doing the wrong thing by being so hasty. Because the ID apps have to run on mobile phones, access to the operating systems is required. In the draft that has now been adopted, the American companies Apple (iOS) and Google (Android) therefore have the de facto role of gatekeeper, says Roio. Without their cooperation, European governments can do nothing. “We, Europe, ask those companies to open their infrastructure to us. We are not the owners ourselves.”   The alternatives he proposes will cause delays, he acknowledges. But as far as Roio is concerned, governments should not worry about that.   Trust required for use Companies and governments will soon be forced to accept the EUID as a way to verify an identity online. Citizens will be allowed to choose whether they want to use it - as is the case in the Netherlands with DigiD. After a hesitant start, most people now choose to use this system because they trust it and because of its convenience. Roio does not plan to do that with the EUID, because of the objections he has to it, he says. "If it were to be mandatory, I would have a serious problem with it. Now I think it's all just a waste of money."   Hoepman has little confidence that the ID app will be embraced by citizens due to the haste that is being made, he explains by telephone, while it is so crucial that citizens trust the app 100 percent. If you make the app above all criticism, the developers are digging their own grave and the European digital identity is heading for failure in advance, in his view.   Because the option that is best for privacy has not been chosen, "the project makes itself vulnerable to social criticism, especially from suspicious quarters", fears professor Jacobs. Hoepman makes the same point.   Criticism of the introduction of a European digital identity has so far mainly come from political parties that are often already suspicious of governments. They see government initiatives for further digitalization as steps that make digital surveillance possible, and warn of 'China 2.0'. This debate was fueled during the corona pandemic, when digital vaccination certificates were used to determine whether people were allowed to enter restaurants or were allowed to travel.   There has been no healthy public debate on the European digital identity, Roio points out. “So far, only engineers are working on it,” he says. Publishing complex technical proposals is not the same as a real exchange of views on fundamental questions, such as what the minimum security of the wallets should be. “There has been no active attempt to involve civil society in the process.” He finds it a nasty thought that his feedback, which is intended to improve the EUID, could be hijacked by populist parties he strongly disagrees with. “But that should not be a reason not to talk about it.”   Jacobs believes that the move towards a European digital identity is such an important step in the right direction that he is not giving up hope yet, despite his fundamental objections to the technical choices. “ID wallets will become a new building block of European digital infrastructure.”   A spokesperson for the European Commission emphasizes that the technical specifications are a ‘living document’, but does not provide any explanation. Where Roio fears that design errors in the first phase of an IT project are virtually irreparable, Jacobs remains hopeful. “If all goes well, the identity wallets will be set up in such a way that they can be updated regularly. Not only for fixing software bugs, but also to renew the cryptographic mechanisms used. I will continue to strive for improvement.”

cross-posted from: https://fed.dyne.org/post/343234

Google Starts Fingerprint-Tracking All Your Devices In 8 Weeks

For those that are looking to install GrapheneOS and want to ensure that their banking apps work as intended, here is a curated list with app compability status per country.

Each entry also lists required settings, profile and whether they need access to Google Play services, among other details.

Update on 2024-12-23: The following site is a great resource as well, it provides details on MFA support for various services grouped by country (not only banking): https://2fa.directory/

Thank you @[email protected] for the suggestion!

On a new account, is it new ?

It's because I use vpn, email alias, random username, or every new account is like that ?

So which on of these are better for my pixel 7a if we consider these:

i dont care about leaving the bootloader unlocked

i want customization to my os as long as this is possible

i hate google so i dont want any google things or google spyware (i dont use any google service)

i need push notifications for some apps (maybe microg or sandboxed google play services? idk)

i don't use esim or google pay so idc about these

i need A LOT of privacy and security to my data to the point that i want to block trackers for any app i use

i wanna use google camera as it is in stock rom but i dont want google spy shit. if i use a firewall would that be ok?

Note: i can sacrifice locking the bootloader and customization for my privacy/security/not having spyware on my phone

Thanks in advance!

Edit: i just saw that there is iodé (which sees app trackers and i found it interesting) plus CopperheadOS

Edit 2: THANK YOU ALL A LOT, your answers are the best, imma go with grapheneos and donate them also cause their job is the best

also i found this matrix for oses that helped me: https://eylenburg.github.io/android_comparison.htm !!!

Edit 3: Deleted CopperheadOS from the title - no need to compare cause it's garbage (see comments)

Phones are kind of a mess and it seems PCs are far more secure/anon vs even graphene on a pixel. Drives aren't very easily backed up or even cloned. Software is limited on mobile or needing flashed or rooted. There's a lot to a phone that could be easily solved by a tablet/2 in 1 or Micro PC with SIM capability for phone replacement if size could be slightly larger. Working or doing much if anything even on a 6.7in screen is not that good Samsung Dex was awesome but not quite the same. So I'm willing to go larger. It would be nice to go from phone usage to gaming power. But be able to add multiple internal SSDs slots as USBs are just slower and finnicky fiddly.

But it seems PCs are leaps and bounds more capable. And SIM capable 2 in 1s are the middle ground. Which would be a better daily driver for anon and security? Convenience when on the go without sacrificing processing power as least as possible.

What about a central PC setup that you carry everywhere? Having access to running VMs, servers, all on the go. Not a laptop but similar to an micro ITX or Intel NUC.

AR mirroring PC glasses would be what I really want. The hardest part is a convenient mouse keyboard setup for times like laying in bed at night. There's so many devices things get cumbersome to do and process all the time chargers, peripherals, cables, OS types. So I was wondering what are some other peoples perspectives on this type of thinking and solutions.

Its actually seeming like a device to cast or transition screen size is most convenient. Say from AR, to TV, to monitor, or phone sized easily without always cabling in to change.

For a while now I have been looking for email providers that are transparent and meet EFF standards, and in fact, I went to the EFF website to see if there was an article about email providers, but found nothing, the only decent providers I could find on my own, have been tutanota and cock.li, I am currently using tutanota and was planning to move everything to cock. li, but unfortunately it hasn't been going through its best moment, I would stay with tutanota if it wasn't for one thing, and that is that it can't be used inside thunderbird, there is a plugin that allows you to open a window with tutanota, but that's not the idea, ideally you would be able to add your email address without any external plugin, and that is why I am asking for recommendations that meet the standards mentioned above, but that is also compatible with thunderbird to be able to save the emails locally, any client can download the emails to be able to have them locally, but that is the one I use personally.

I've searched the internet a bit, but couldn't find what I was looking for.

I saw Leon, but it doesn't have an android client, for example.

Is there good assistances, that you can self host and use on your phone? and that can perform actions like make a phone call, play music, send WhatsApp etc?

I'm not a big user of these, but recently I used Google Assistant and found it was very convenient in my case. So ofc I wanted the benefit without all the spying.

Would ideally look for something that I can self host on my VPS (oracle cloud) and run a client on Android.

thanks!

The reason I’m asking is I’ve seen it and was wondering how it works, like the fine details.

To me all you would pay for is Vodafone to look at your internet traffic and secure it, but that just means you would pay them to snoop into your data.

I’m not sure though so any answer would help, thank you

Abstract of the paper: Despite the dramatic rise of surveillance in our societies, only limited research has examined its effects on humans. While most research has focused on voluntary behaviour, no study has examined the effects of surveillance on more fundamental and automatic aspects of human perceptual awareness and cognition. Here, we show that being watched on CCTV markedly impacts a hardwired and involuntary function of human sensory perception—the ability to consciously detect faces. Using the method of continuous flash suppression (CFS), we show that when people are surveilled (N = 24), they are quicker than controls (N = 30) to detect faces. An independent control experiment (N = 42) ruled out an explanation based on demand characteristics and social desirability biases. These findings show that being watched impacts not only consciously controlled behaviours but also unconscious, involuntary visual processing. Our results have implications concerning the impacts of surveillance on basic human cognition as well as public mental health.

My own commentary: to the privacy concerns about CCTVs we can now add also concerns about mental health of people under CCTVs.

Although I hate the Brave browser, the search engine is the most useful of the others. It gives me the most correct results compared to the others, even it sometimes ignores the quality resources.

I wonder your opinion about the search engine. Do you have any negative ones?

Recently I came across Microsoft Pluton while searching for a new laptop. Initially I thought it was like TPM and wouldn't affect Linux. But the more I researched, the worse it got. According to them

Microsoft Pluton is a chip-to-cloud security technology that provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services

Does it connect to Cloud irrespective of the OS I ran? If yes this could be a privacy nightmare.

Why aren't more people talking about this? It been here at-least since the last two generation of CPUs from AMD (from my research worst offender) and Intel.

Isn't this a privacy violation lawsuit waiting to happen? In what ways does this Microsoft Pluton chip affect people who use Linux and should I not buy a new Laptop?

Also what about manufactures like Framework? Are they also forced to work with this chips?

From where I am, used laptops are not worth it.

Cricut’s Design Space enforces automatic cloud syncing of user files, even those stored "locally." This raises serious GDPR concerns, especially when files contain personal data like client details, addresses, or sensitive info, undermining user control and privacy.

What steps can we take to push Cricut toward GDPR compliance and respectful data handling? Would regulatory complaints or organized campaigns for local-only storage options make a difference?

Looking forward to your thoughts and strategies!

At home I am using PiHole but "on the road" I also what a good solution like PiHole. So a few days ago I read that NextDNS is a good option and in some cases even better then PiHole. So that is, why I'm now here to get some opiniond from you gals and guys :)

I have an android phone that had some unnecessary apps which i wanted to remove . Today i was reading up on how to remove it and came across shizuku and canta which seemed easy enough so i borrowed my friends phone to use his hotspot (you have to use wireless debugging for shizuku to work and it needs to connect to a hotspot) and connected it and removed my apps . As i was at his place and reading up on all the apps to remove and etc i was connected to his phone for a good 2-3 hours while having usb debugging and wireless debugging and shizuku on .

And now it just hit me that i may have done more damage by doing that than letting the bloat be cause the guy is infamous for having all kinda malware apps and games on his phones and computers and i have seen and jocked about it today too :(. So my question is how much did i mess up ? could his malicious phone and apps have installed or messed up my device while connected ? how much access did that phone have over my device ? The thing is none of the shizuku guides or reddit posts had any warnings about needing to connect to a secure network and me being the idiot i am didn't think of that .How to check if i messed up and whay should i do ? Also for the next time would a random router be secure to do this on this ? or is a personnel computer/phone necessary ?

UPDATE : Have scanned it with hypatia and extended list and no positives have come up . The smart play would prolly be to wipe the phone but i have too much things on it and have customized it to my liking a lot throughout the years to do it on suspicion . Should i ? a lot of lemmings are saying its a niche attack vendor but i have not yet seen anyone explaining if it was possible and how ? or what all should i do better next time . Do feel free to chip in .