pound_heap

Hey privacy community! A few weeks back I've seen an article posted here or in some other tech community about TSA rolling out biometric ID process in some US airports, that involved taking a face scan.

I had an international flight planned and I wouldn't want to go through biometric ID, but I was anxious of potential delay and having to explain myself to TSA agents. I also convinced my wife to opt out, which could potentially double the delay.

So for the folks who may have the same concerns, I'd like to share my experience.

I went on my flight a few days back from Newark International Airport (EWR). We went through security check in new Terminal A. At the beginning of the security line there were a few clearly visible posters about biometric ID with opt out information. To opt out you just need to tell TSA agent that you don't want your photo to be taken. The poster also says that you will not lose your place in line if you opt out. Same posters are on each agent desk.

The scanning machine is on every agent's desk, next to the opt out posters. It has a screen, about 8", with something that looks like a set of stereo lenses on top of it. The screen shows the live feed of the person in front of it during scanning process, with a template of a face that helps to properly position it. The scanning process seems to be very quick.

Now, for the opt out - it is indeed as easy and seamless as they claim. I asked the agent to not take my picture, he just said OK and asked me for my passport. The scanning machine didn't turn on. He scanned my passport and gave it back, and I was done, no questions asked.

Actually, I noticed that people who had their faces scanned also had to hand passports over. So they had to spend more time with the agent than I. I assume because it was their first time through this biometric collection and next time they just scan their face again and that's it.

And while I was pleased how easy it was for me and my family to opt out of this, in my opinion, completely unnecessary privacy invasion, I have not observed any other person (out of maybe 100 who passed before me) who did the same. Unfortunately, we know here how easily and thoughtless people give away yet another piece of their personal data. In this case, the data that can be used next time to ID people via video surveillance without any consent.

Hey all,

I've been using a commercial VPN for years on my mobile devices and home PCs. Recently I've started to use Tailscale and realized I can easily create a self-hosted VPN on a cheap VPS with unlimited traffic.

But I'm not really sure if that's what I need. BTW, I'm not doing anything dangerous, no torrents, no illegal stuff, no journalism or whistleblowing, not even looking up abortion clinics. I just hate mass surveillance and I don't want to be constantly profiled.

Commercial VPN allows to "hide in a crowd" by sharing IP with thousands of other clients. But there are a few issues:

1. Often sites blacklist VPN IPs, so I can't get in or pass captcha
2. Performance is not very good
3. I have to trust VPN to not keep the logs and not sell data. I used Mullvad and they are considered reliable, but you never know until it's too late

With self-hosted VPN, I'm losing benefit of "hiding in crowd" as my VPN will be used only by me and maybe a couple of other people. My understanding is that my VPS outgoing traffic is from static server IP. So if I login to Facebook once, the address is associated with me. I'll also have to trust VPS provider to not analyze my traffic and sell it. On other hand, I'm still protected from my ISP spying, from exposing my real IP address to web sites, from dangers of public WiFi networks. And I might get better performance for about the same price.

What's your take on VPNs? Tell me if you are using self-hosted VPN and why.

Hey all,

I'm looking for something that can track location of my preschooler who starts new school soon. He's too young to get a smartphone, so I have to rule out app based solutions I guess.

My initial research found virtually nothing. One candidate is GeoZilla, which sells nice devices and their pivacy policy looks okayish regarding location data, but it still relies on their servers of course. Another option would be an iWatch, which again puts trust into 3rd party, and the device is quite expensive for a small kid.

Any privacy-oriented trackers out there that I'm missing. Maybe there are some smartphone alternatives that can have cell connectivity and GPS and apps installed, but with much simpler interface?

Update: Thanks everyone! I got GeoZilla tag for now. The app doesn't require personal information, which is good. However, it's annoyingly reminds to enable location for itself to track "me", which I don't need at all. Garmin came as a strong second, mainly due to my child age. Garmin devices are not for very young kids, I believe. And it costs more than GeoZilla. I still have some time to think if I really want this, though. It's not too late to return GeoZilla tag