51
86
52
350
submitted 2 weeks ago by ooli@lemmy.world to c/privacy@lemmy.ml
53
785
submitted 3 weeks ago* (last edited 2 weeks ago) by Sunny@slrpnk.net to c/privacy@lemmy.ml

cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of 'non-google' approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that's true or not..

54
37
submitted 3 weeks ago by iuvi@lemmy.ml to c/privacy@lemmy.ml

Hey! ✌️

Open up for myself and want to share it with everyone this cool program to create LAN over Internet (P2P) -> https://gitlab.com/Monsterovich/lanemu/

I had success to create\join room but not chat, not ping ain’t works for me

Does anybody had try it or could try? Maybe there’s something blocking over NAT settings, don’t know… I also don’t get how it works over Torrent\DHT connection 🥲

Maybe any alternatives? I know Tailscale and NetBird, but maybe there’s some more?

Thanks 😀👍

55
108
submitted 3 weeks ago* (last edited 3 weeks ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

Happy Christmas and Merry Hanuka!

If you're struggling to find something to buy your privacy enthusiast friend for the holidays, I have some gift ideas. As with any gift, not everyone will need these, but it can give you a good idea of what to look for. Feel free to submit your own suggestions, as well!

No affiliate links, no sponsors, no favorites. All prices are in USD. If a price is something like "$X.99" or "$X.49" or "$X39" I have rounded it up by one digit.


Subscriptions

Some privacy tools come at a cost, and not all open source software can be used for free!


Addy.io

Addy.io is an email aliasing service.

Pricing

Lite: $1 / month

Pro: $3 / month


Bitwarden

Bitwarden is a cloud-synced password manager.

Pricing

Personal Premium: $10 / year

Personal Families: $40 / year

Business Teams: $48 / user / year

Business Enterprise: $72 / user / year


Calyx Institute Internet Membership

The Calyx Institute Internet Membership provides you with a privacy respecting cellular hotspot.

Pricing

Contributor Yearly: $500 / year for first year, $400 / year thereafter

Contributor Quarterly: $150 / 3 months

Contributor Plus: $600 / year for first year, $500 / year thereafter

Sustainer Yearly: $750 / year for first year, $500 / year thereafter

Sustainer Quarterly: $175 / 3 months


JMP

JMP is an open source phone number provider.

Pricing

Plan (USD): $5 / month + additional usage costs


Mullvad VPN

Mullvad VPN is a virtual private network.

Pricing

1 month: $5.28 / month

Physical vouchers are also available through resellers.


MySudo (PROPRIETARY)

MySudo is a proprietary aliasing software. I could not find any open source option for aliasing phone numbers, especially this cheap.

Pricing

SudoGo: $1 / month or $10 / year

SudoPro: $5 / month or $50 / year

SudoMax: $15 / month or $150 / year


Privacy.com (PROPRIETARY)

Privacy.com is a proprietary financial transaction masking and aliasing tool. There are other options such as Revolut (open source), but Privacy.com seems to be the one that works best in the United States. Consider your threat model while using these tools.

Pricing

Plus: $5 / month

Pro: $10 / month

Premium: $25 / month


Proton

Proton is a software suite that includes email, VPN, cloud storage, password manager, calendar, and wallet. Their pricing is extremely convoluted and difficult to navigate.

Pricing

Proton Unlimited 1 month: $13 / month

Proton Unlimited 12 months: $10 / month

Proton Duo: $15 / month

Proton Family: $24 / month

Mail Plus 1 month: $5 / month

Mail Plus 12 months: $4 / month

Drive Plus Monthly: $5 / month

Drive Plus Yearly: $4 / month

Proton VPN Plus 1-month plan: $10 / month

Proton VPN Plus 1-year plan: $5 / month

Proton VPN Plus 2-year plan: $4.50 / month

Pass Plus Monthly: $5 / month

Pass Plus Yearly: $3 / month

Proton Business Suite Monthly: $15 / user / month

Proton Business Suite Yearly: $13 / user / month

Mail Essentials Monthly: $8 / user / month

Mail Essentials Yearly: $7 / user / month

Mail Professional Monthly: $11 / user / month

Mail Professional Yearly: $10 / user / month

VPN Essentials Monthly: $9 / user / month

VPN Essentials Yearly: $7 / user / month

VPN Professional Monthly: $12 / user / month

VPN Professional Yearly: $10 / user / month

Pass Essentials Monthly: $5 / user / month

Pass Essentials Yearly: $2 / user / month

Pass Professional Monthly: $7 / user / month

Pass Professional Yearly: $3 / user / month

Drive Professional Monthly: $10 / user / month

Drive Professional Yearly: $6 / user / month


Hardware

Not everything is digital. Hardware is the foundation for privacy, after all!


Dumb Television

Smart TVs are so last century... and this century... and the next century... Enjoy the luxury of buying a "dumb TV" while it lasts, because your TV doesn't need to spy on you! There's no best option here. You might need to purchase a large monitor instead of a TV.


Google Pixel

Google Pixel phones are one of the most secure devices, especially when you run a security/privacy focused custom Android distribution such as GrapheneOS. Other phones exist for this category, but the Google Pixel is a good baseline. Prices here are based on what are actively being sold on Google's own website.

Some things to look out for when installing a custom Android distribution:

  • Make sure the custom Android distribution you want to install supports being installed on the device you get. GrapheneOS, for example, only supports Google devices.
  • Make sure the device you purchase allows unlocking the bootloader.
  • Make sure the custom Android distribution you want to install supports locking the bootloader after installation for the device you get. Some devices do not allow relocking the bootloader, and in some cases this can brick the device. Google Pixels generally have the best support for this.
  • Make sure the device you purchase is carrier unlocked or the carrier allows OEM unlocking/bootloader unlocking. Some carriers (most notoriously Verizon) will disable this functionality to maintain a monopoly and will refuse to lift the restriction. Second hand sellers are often unaware of this and will mistakenly list the device as "carrier unlocked" when it is in fact not.

Pricing

Refurbished Pixel 6 128GB: $340

Refurbished Pixel 6 256GB: $390

Refurbished Pixel 6 Pro 128GB: $540

Refurbished Pixel 6a: $250

Refurbished Pixel 7 128GB: $430

Refurbished Pixel 7 256GB: $480

Refurbished Pixel 7 Pro 128GB: $630

Refurbished Pixel 7 Pro 256GB: $680

Refurbished Pixel 7 Pro 512GB: $780

Pixel 7a: $500

Pixel 8 128GB: $700

Pixel 8 256GB: $760

Pixel 8 Pro 128GB: $1,000

Pixel 8 Pro 256GB: $1,060

Pixel 8 Pro 512GB: $1,180

Pixel 8 Pro 1TB: $1,400

Pixel 8a 128GB: $400

Pixel 8a 256GB: $460

Pixel 9 128GB: $650

Pixel 9 256GB: $750

Pixel 9 Pro 128GB: $850

Pixel 9 Pro 256GB: $950

Pixel 9 Pro 512GB: $1,070

Pixel 9 Pro 1TB: $1,300

Pixel 9 Pro XL 128GB: $950

Pixel 9 Pro XL 256GB: $1,050

Pixel 9 Pro XL 512GB: $1,170

Pixel 9 Pro XL 1TB: $1,400

Pixel 9 Pro Fold 256GB: $1,500

Pixel 9 Pro Fold 512GB: $1,620


OpenWrt One

OpenWrt One is the first router designed specifically to run OpenWrt. It's not the only supported device, and there are other open source router firmware projects, but this is a good out-of-the-box choice.

Pricing

This can currently only be purchased from unofficial resellers for $90.


Qubes OS certified hardware

Qubes OS is likely the most hardened Linux distro available. They have their own list of certified hardware that comes with Qubes OS preinstalled. Those devices aren't the only ones capable of running Qubes OS. You can also check out the Hardware compatibility list and Community-recommended computers. These computers can run more than just Qubes OS, but if it's good enough to be certified by them, it will likely run anything else just as securely!

Pricing

NitroPad V56: Lowest $1,565.58

NovaCustom V56 Series 16.0 inch coreboot laptop: Lowest $1,256.40

NitroPC Pro 2: Lowest $1,614.73

Star Labs StarBook: Lowest $863.00

NitroPC Pro: Lowest $1,614.91

NovaCustom NV41 Series Lowest $930.60

Dasharo FidelisGuard Z690: Lowest $994.28

NitroPad T430: Lowest $737.79

NitroPad X230: Lowest $737.79

Insurgo PrivacyBeast X230: $1,341.46


Raspberry Pi

Raspberry Pis are miniature computers that are very useful for setting up proxy servers.

Pricing

There's endless configurations, but the most recent Raspberry Pi model is the Raspberry Pi 5. There are multiple resellers of this, and the cheapest one is the $50 Raspberry Pi 5 2GB


Self-hosting hardware

A privacy enthusiast's best tool is being able to self-host certain things. There is no single device to self-host, but some ideas are:

  • A server rack for general self-hosting
  • A powerful GPU for self-hosting AI
  • A self-hosted home automation kit

Hardware Accessories

What is a piece of hardware without a few accessories? Modularity is always a benefit of modern technology.


Camera covers

From laptops to webcams to phones, cameras are everywhere. If you don't fully trust the device you use and want some peace of mind, having an accessory to obscure the lenses of your cameras is a good thing to have. There are lots of options here depending on which camera you want to cover. Some phone cases even offer a sliding camera cover.


CD/DVD/Blue-ray drives

Some CD/DVD/Blue-ray drives can allow you to preserve the physical DVDs that you have bought and paid for, that may soon be end-of-life. These devices allow you to read the contents of the disk, and save a digital copy of it for archival purposes. There is no best-option here, so look around to find one that fits.


Data storage devices

Data storage devices are useful for many things such as backups, installing operating systems, booting live operating systems, data transfer, and more. The market here is huge and convoluted, so learn about different types of drives, different connectors, different connector versions (such as USB), etc. before making an educated decision.


Hardware security keys

Hardware security keys allow your accounts to be locked with a physical form of multi-factor authentication. Many organizations sell these, and some of them even provide open source hardware/software. Here are a few common brands:


Microphone blocker

Microphone blockers come in all shapes and sizes, but they all serve the same function: making sure your microphone is not able to hear anything. The effectiveness of some of these are debatable, given that most phones have multiple microphones, but it can be a fun gift nonetheless.


Privacy screen protector

Privacy screen protectors are films that you apply over your screens to restrict viewing angles. This means that if someone were to look at your phone while standing next to you, they likely wouldn't be able to see what you're doing. These screen protectors are also available for laptops, smart watches, and other screens.

When buying these, make sure of the following:

  • The screen protector supports fingerprint unlock for relevant devices.
  • The screen protector actually works well.
  • The screen protector will actually protect the device as a screen protector.
  • The screen protector fits correctly for the device you're getting.
  • The cameras will still work after the screen protector is applied to relevant devices.

Wired headphones

Bluetooth can pose a privacy risk, and that is especially true when you need to play sensitive audio. One time I was in a hallway with my Bluetooth earbuds in, connected to my phone but not playing anything, when suddenly I heard a grainy piano song. My phone wasn't playing anything, and eventually the music just cut out. To this day I have no idea how it happened, but it does mean you should be careful with wireless headphones.

Wires can be annoying, but being able to fully turn off Bluetooth can give you peace of mind knowing that your audio stays inside the wire. Having high quality wired headphones can be a blessing, and even provide a better listening experience. It's worth looking at many brands, but Google still sells USB-C wired earphones and headphones from a few different brands. Here are a few:

Google Pixel USB-C™ earbuds: $30

AIAIAI Pipe 2.0 USB-C Earphones: $40

AIAIAI Tracks 2.0 Headphones: $60


Currency

Anonymous payments are growing more and more difficult, so if you aren't sure what to buy, these are well appreciated options.


Cash

Cash is one of the most anonymous methods of payment, and can be a privacy enthusiast's gold. Multiple small bills ($1, $5, etc.) are appreciated more than a few large bills ($20, $50, etc.) because many places do not accept cash in large bills. You can also gift some rare or interesting cash, such as $2 bills, half dollars, silver dollars, dollar coins, etc.


Cryptocurrency

Getting cryptocurrency, especially anonymously, can be a long and painful process. If you are comfortable setting it up, this is a huge time saver and a great gift. Monero is generally considered the most private cryptocurrency, so that's a better choice than other cryptocurrencies. However, Bitcoin is the most popular and most widely accepted, even though it isn't very private. Try to obtain these through anonymous means such as using cash at cryptocurrency ATMs that may be in your city.


Prepaid cards

There's usually no option to pay in cash online, but there are ways around this. If you buy gift cards or prepaid VISA cards with cash, it can be almost as anonymous as cash itself. Some good choices may include:

  • Amazon Gift Cards: Amazon is very hard to use privately, but this can help significantly.

  • Google Play Gift Cards: Google Play is one of the most secure ways of installing apps, but not all of them are free. Google Play gift cards can allow you to pay for apps anonymously, so you can maintain your security.

  • Visa Prepaid Card: This is a catch-all solution for when there's no specific gift card available.


Physical Items

As with hardware, not everything needs to be digital. There are plenty of items that are cheaper and good for almost anyone.


Books

eBooks are a marvel, but they come with complications. Sometimes the formatting isn't right, sometimes you can't get them anonymously, and you need a device to even view it. If the digital apocalypse ever happens, the only way to access information will be through books. No ads, no eye strain. A good privacy related book you could buy is Michael Bazzell's Extreme Privacy: What It Takes to Disappear


Calendar

Digital calendars can be convenient, but not always safe. Anything digital can risk being remotely accessed or spied on. Having a physical calendar means you can have the benefits of a calendar, without the need for a digital device. Plus, it comes with pictures that you get to pick.


DVDs

Best paired with a DVD ripper, having physical copies of movies and games means no company can take it away from you with the push of a button. You have no ads, use no internet, no subscriptions, and have full quality.


Faraday bags

Faraday bags and pouches are containers for your devices that block all incoming and outgoing signals. That means anything that goes inside of it will have no Wi-Fi, Bluetooth, cellular, NFC, etc. This is useful if you want to make sure your device isn't phoning home. This is an item that you may want to spend extra on, because lower quality ones can still leak radio signals.


Merchandise

Privacy themed merchandise can be a good way to show that you care about privacy and to help spread it. You can find privacy merch anywhere, but NBTV (a privacy YouTuber) has a good selection of products: https://shop.nbtv.media/en-usd/

Monerochan my beloved


Notebooks

Having everything in a digital notes app can be nice or convenient, but I much prefer to write a lot of things down in a physical notebook. From diaries to sketches, it's nice to take a break from your digital life to jot down some ideas, privately.


Paper shredder

When you have sensitive documents that you need discarded, one of the best ways is a paper shredder. If you buy one of these, the best ones are ones that dice the paper or burn it entirely. Even those small squares can be pieced together again.


Safes and lockboxes

Speaking of sensitive documents, where do you store those? A good place to store sensitive documents is in a safe or a lockbox. From government documents to your best ideas, they deserve to stay (in a) safe. It's good to make sure you buy a fireproof safe, just in case Fahrenheit 451 becomes more of a reality.


Surveillance camera jackets

As the looming threat of widespread AI surveillance comes closer, defenses against them grow stronger. Generally, you have two options:

These can be expensive and hard to find, but the best way to fight surveillance.


Ending notes

Thank you all for reading this! I hope it helps you find a gift for a privacy enthusiast you can't think of a gift idea for. You don't have to buy the exact things listed here, but it gives you a general outline with ideas. I know there are some great gift ideas I missed here, so please leave them in the comments to help out others!

Merry Christmas, Happy Hanuka, and have a nice day!

- The 8232 Project

56
148
submitted 3 weeks ago by discimus@mander.xyz to c/privacy@lemmy.ml

About 70 percent of Ukraine's population uses Telegram as their main source of news, but the government is worried that the app is being used as a method of disinformation and spying by Russia. They are trying to pivot to apps like Signal instead, but it is difficult to break the habit of such a majority of the country.

57
43
submitted 3 weeks ago by baxster@sopuli.xyz to c/privacy@lemmy.ml

You guys remeber Hungarian? The country that tried to run chatcontrol again just a few days ago? Ye those guys..

58
60
submitted 3 weeks ago* (last edited 3 weeks ago) by Nicro@discuss.tchncs.de to c/privacy@lemmy.ml

I bought a monitor since the smarts in my smart-tv died, making the entire display unusable. Now I wanted to use a separate SBC for smarts in the "dumb" monitor. I would have gone for a modded fire-stick, but Amazon in their infinite wisdom, sunset all versions except the 720p potato and the smart-speaker-cube. I'm currently using a RaspberryPi 4 and looking at argon one for a remote control case. Googles widevine does limit the DRM on some content I "own" though. With Amazon on course to EOL the more sane sticks, are there any well-moddable streaming-sticks/boxes, that bring the relevant codecs and DRMs?

59
400
submitted 3 weeks ago by Moonrise2473@feddit.it to c/privacy@lemmy.ml

In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it's valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought "wow this is so convenient I won't need to take the wallet with me anymore". I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn't want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say "wait I pin the app with a lock so you can't see the content?"

"I have nothing to hide" but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

60
157
submitted 3 weeks ago* (last edited 3 weeks ago) by zerozaku@lemmy.world to c/privacy@lemmy.ml

I'm finding the results are not helpful as they used to be and sometimes way past the topic I'm searching. This is very prevalent when I'm searching for pirate sites. I'm falling back to Searxng whenever this occurs.

Has anyone noticed it too? Has DDG upped their moderation?

61
921
submitted 3 weeks ago by baxster@sopuli.xyz to c/privacy@lemmy.ml

Chatcontrol is once again stopped. Good work again everyone who stood up, this is once again a win everytime it is a win.

Next country that is up for Presidency is Poland 🇵🇱 who are anti-chatcontrol.

Patrick Breyer website

chatcontrol timeline

StopScanMe

62
-20

For instance, People I know that are using Eventbrite for private event registration. To sign up for the event with or without an account, you have to write and confirm your email in the boxes, I did some looking up to see if hosts can see the email. I didn't find any answers so I made a Reddit post asking, and got a reply saying "No, they can't. Eventbrite deletes them as soon as you submit the form." I wanted to be sure so I created a private test event and registered for it in a private window. I then went to my event dashboard and clicked on the ticket # where I can in fact view it (the email shown is made up).

I only asked Perplexity after trying to find out myself. It did in fact find the answer (link #8: View your Attendee Summary report): "Review attendee purchase details like email address ..." I've found LLMs and search tools like Perplexity to be unreliable for answering questions like this for websites, as well as software. Which means I may not turn to them in cases where they actually would help. It's too bad they hallucinate a lot too.

63
33
submitted 3 weeks ago by sxan@midwest.social to c/privacy@lemmy.ml

On linux, this is trivial. I have my private subnet over Wireguard and hosts with static IPs all on the 10.79.x.y subnet. All other traffic goes through my commercial VPN provider.

Problem is, ya cain't do that on Android, as it supports exactly one VPN connection at a time. The best you can do is white/blacklist traffic to either go through the VPN, or not.

Do how do I achieve this? My commercial VPN provider will not nest and route on their end; I could route all traffic through my VPS servers, but that's a lot of traffic for my little VMs. It may, however, be my only option:

  1. Phone is connected to my VPS over WG VPN
  2. VPS is connected to internet via commercial WG VPN
  3. Routing tables on VPS send 10.79.x.y to destinations over the private VPS
  4. Public destinations get sent over commercial VPS

Am I missing an easier, more efficient work-around for Android's utterly stupid networking limitations?

64
93
65
43
66
-2
Police Shut Down Matrix Encrypted Hub News (www.infosecurity-magazine.com)
submitted 3 weeks ago by menas@lemmy.wtf to c/privacy@lemmy.ml

An international law enforcement operation has taken down Matrix, an encrypted messaging service used by criminals.

French media mainstream relay the propaganda of the cops, telling that the interception has been made with "innovative technology", but without any details. They also telling that :

European authorities have dismantled Matrix, an encrypted messaging platform made by criminals for criminals. https://cybernews.com/cybercrime/authorities-take-down-matrix/

An expression found in other media; it may be communication from cops.

Do you have any idea how that has been possible ? Do you think they may be issue with matrix or some of the softzare that implement it ? Or do you think that cops compromise terminal (phone or computers) ? I'm more and more suspicious with open network, that let organization enter into the federation, and let it intercept communication.

67
322
submitted 3 weeks ago by schizoidman@lemm.ee to c/privacy@lemmy.ml
68
408
submitted 3 weeks ago by baxster@sopuli.xyz to c/privacy@lemmy.ml

Germany and Poland may say yes to chatcontrol!

Take Action! Send email your politicians now! Links: patrick-breyer.de Permanent Representatives Committee

69
12

Does anyone maybe have a template? I don’t plan to store any cookies and I won’t run any analytics. I want it to be not invasive and it should just say that I’m not storing any more data than necessary to keep your session and I won’t ever run any analytics. I hate these things and I hate tracking cookies but I have to put something there.

70
61
submitted 3 weeks ago by Charger8232@lemmy.ml to c/privacy@lemmy.ml

Nobody on my post asking for controversial privacy topics asked this question, but I feel I should cover it anyways. People sometimes assume that software is safe simply because it is open source. That is a misconception, and I would like to cover that in this post.

What does "open source" mean?

When software is "open source," it means that the developers have made the source code for the software public and allows anyone to help contribute to the code, or create their own versions of the software based on the source code. By contrast, proprietary software is software that has not made the source code visible to the public. There are similar terms to open source, such as "source-available," "open-core," and "libre," which I won't cover in this post. For the sake of simplicity, any source-available software will be called "open source," since the specifics don't quite matter for the majority of this post.

What are the benefits open source software?

Open source software provides many benefits over proprietary software:

Code auditing: Because anyone can inspect the code, anybody can look for vulnerabilities or invasive code to make sure that the software is safe. With proprietary software, the developers would have to hire a third party auditor to inspect the code. That means you have to trust the auditor, and you have no way to verify first-hand that the code is safe.

Bug reporting: While both open source and proprietary software have bug reporting systems, open source software tends to have more thorough and transparent bug reporting. Bug reports are generally on a public issue tracker such as GitHub, which can also help prevent duplicate bugs from being reported. Having these reports public also makes the next benefit easier:

Bug fixing: Anyone can contribute to open source software, which means the workload is distributed. Instead of a small team of developers being the only ones working on the software, anyone can look at the public issues and code their own fixes for the software.

Resurrecting projects: Both open source and proprietary software can one day stop being developed. Even big companies such as Spotify can retire software, which can lead to hardware devices becoming unusable or insecure. (The code for Car Thing has been reconstructed, by the way.) Open source projects that fall out of development can easily be forked and maintained by a new developer. It's rare to see proprietary software handed off to a new owner.

Accountability: Open source projects hold the developers directly accountable for any vulnerabilities or invasive code, meaning the developer's interests are aligned with its users and not malicious purposes. This also incentivizes creating code without paywalls, since anyone could release a version of the code with the paid features "unlocked".

However, even with all these benefits, open source software isn't perfect.

Why has proprietary software become so popular?

Since ads and paywalls can generally be removed from open source software, it doesn't make it a very appealing choice to for-profit organizations. Generally, these organizations want to monetize and control their software, which means injecting ads, paywalls, and other invasive elements. This is done most easily if the software is proprietary.

It's also rare to see open source software becoming so popular, because generally open source software receives its funding from donations and doesn't have the budget to advertise the software. There are exceptions, such as OBS Studio or Blender, which have mostly become the most popular software in their categories.

Is open source software safe?

There is another downside to open source software that many people don't talk about: it is much easier to exploit than proprietary software. Because all the source code is visible to the public, it makes it easy for malicious parties to craft vulnerabilities. Proprietary software is generally a stab in the dark until a vulnerability is found, since you can't see exactly how it was coded.

Software being open source does mean that it becomes more likely to find and fix vulnerabilities, but being open source doesn't automatically make software safe. Which device do you think would be more likely to obtain a virus, a device running (stock) Android or a device running iOS? You're most likely more inclined to say the device running (stock) Android is more likely. Android at its core is open source. While correlation is not causation, and there are other factors at play, it's much easier for someone to try to craft a malicious app for Android than for iOS because of its open nature.

Proprietary software isn't automatically safe, either. It can be just as vulnerable as any other software. However, open source software has the potential to become much more secure than proprietary software, simply because more people can find and fix vulnerabilities. That's probably why Apple open sourced their Private Cloud Compute code before launching a bounty program for it.

Anyone can code malicious open source software. It's riskier, since it's more likely to be noticed, but it's still possible. Microsoft could open source Windows one day, and it wouldn't make it any more safe until somebody identified and fixed the issues. Open source software doesn't automatically make something private or secure, but it does provide integrity, because the developer is showing that they will be accountable for any malicious or vulnerable code, and that anyone is free to look through the code.

Final notes

I hope this gives you a better idea of what it actually means if something is open source. Even unsafe proprietary software can be run safely under the right conditions. If your threat model requires you to use as much open source software as possible, I made my own list of open source software called Open Source Everything that you can look through. I hope you enjoyed reading this!

- The 8232 Project

71
28
submitted 3 weeks ago by SolarPunker@slrpnk.net to c/privacy@lemmy.ml

It seems that YouTube is killing them all but I don't know the technical details, via FreeTube I noticed, from this link (https://api.invidious.io/), that there are very few left and they require signup, and probably financial support from users.

72
24

from the better-late-than-never dept

73
35
submitted 3 weeks ago* (last edited 3 weeks ago) by shapesandstuff@feddit.org to c/privacy@lemmy.ml

EDIT: sorry for the rambly post here's a quick clarification I wanted a decentralized/open source variant of something like NordVPN etc.

Crypto-based options I found: Sentinel, Mysterium , Orchid All of those are on the Blockchain and use their own coins as a payment system, both to pay usage fees and to pay out node-hosts. Not sure if that's my jam.


I tried to use the search and came up short - so point me elsewhere if there's already a discussion.

Let me preface this by saying I'm pretty green when it comes to a lot of the deeper aspects of FOSS privacy tools. Meaning that i'm probably more clueless about this topic than I realise.

Had a bit of a shower thought moment earlier and googled if decentralized VPNs are an option for the occasional torrent.
Did a bit of a google and came up with a couple of options, seemingly all tied into a blockchain with their own coin for payments - either using or hosting a node.

I'm a bit allergic to cryptobros and their blockchain-everything-mentality but I suppose it's not a terrible system for the usecase?

So are there people on here who have hands-on experience with this? Is it a valid tool for safer browsing and torrenting?

Are there any obvious alternatives I should look into?

Are there any obvious risks I'm not aware of?

Is the concept flawed altogether?

74
204
submitted 3 weeks ago* (last edited 3 weeks ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

In my post on why mass surveillance is not normal, I referenced how the Wikipedia page for the Nothing to hide argument labels the argument as a "logical fallacy." On October 19th, user Gratecznik edited the Wikipedia page to remove the "logical fallacy" text. I am here to prove that the "Nothing to hide" argument is indeed a logical fallacy and go through some arguments against it.

The "Nothing to hide" argument is an intuitive but misleading argument, stating that if a person has done nothing unethical, unlawful, immoral, etc., then there is no reason to hide any of their actions or information. However, this argument has been well covered already and debunked many times (here is one example).

Besides the cost of what it takes for someone to never hide anything, there are many reasons why a person may not want to share information about themselves, even if no misconduct has taken place. The "Nothing to hide" argument intuitively (but not explicitly) assumes that those whom you share your information with will handle it with care and not falsely use it against you. Unfortunately, that is not how it currently works in the real world.

You don't get to make the rules on what is and is not deemed unlawful. Something you do may be ethical or moral, but unlawful and could cost you if you aren't able to hide those actions. For example, whistleblowers try to expose government misconduct. That is an ethical and moral goal, but it does not align with government interests. Therefor, if the whistleblower is not able to hide their actions, they will have reason to fear the government or other parties. The whistleblower has something to hide, even though it is not unethical or immoral.

You are likely not a whistleblower, so you have nothing to hide, right? As stated before, you don't get to make the rules on what is and is not deemed unlawful. Anything you say or do could be used against you. Having a certain religion or viewpoint may be legal now, but if one day those become outlawed, you will have wished you hid it.

Just because you have nothing to hide doesn't mean it is justified to share everything. Privacy is a basic human right (at least until someone edits Wikipedia to say otherwise), so you shouldn't be forced to trust whoever just because you have nothing to hide.

For completeness, here is a proof that the "Nothing to hide" argument is a logical fallacy by using propositional calculus:

Let p be the proposition "I have nothing to hide"

Let q be the proposition "I should not be concerned about surveillance"

You can represent the "Nothing to hide" argument as follows:

p → q

I will be providing a proof by counterexample. Suppose p is true, but q is false (i.e. "I have nothing to hide" and "I am concerned about surveillance"):

p ∧ ¬q

Someone may have nothing to hide, but still be concerned about the state of surveillance. Since that is a viable scenario, we can conclude that the "Nothing to hide" argument is invalid (a logical fallacy).

I know someone is going to try to rip that proof apart. If anyone is an editor on Wikipedia, please revert the edit that removed the "logical fallacy" text, as it provides a very easy and direct way for people to cite that the "Nothing to hide" argument is false.

Thanks for reading!

- The 8232 Project

75
18

I already know that it's spyware but in the case that I need to use it for work and school on my Linux laptop, do I need to worry about configuring something so that it won't have access to my whole system like it does on Windows? I'm on ZorinOS/Ubuntu. Thanks in advance

view more: ‹ prev next ›

Privacy

32517 readers
267 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS