Privacy

Cross-posted from "It's Time to Wake Up: A Darknet Anarchist's Case for Anonymity & Digital Safety" by @Illegal_Computer@lemmy.dbzer0.com in !Resist@fedia.io

(Note: .onion links should be accessed with Tor Browser)

The main source of Anonymity: The Tor Network http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/torvsvpns/index.html

Tor Web Browser Setup (on Desktop and Mobile) http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/torbrowsing/index.html

Have you ever been afraid to speak your mind on the internet? Do you have peace of mind that you know what your electronics are doing? Is technology working for and empowering you, or has it become a tool of oppression tracking your every move and storing it on corporate/government servers to be used against you in the future?

These powerful tech companies work closely with our fascist government to surveil, track, manipulate, and scare vulnerable citizens into compliance and silence. We have been tricked into giving up all control and privacy for the sake of convenience.

This is no accident.

The state has the most sophisticated surveillance network ever known, and you are voluntarily participating in it.

The phones Americans carry in their pockets are proprietary black boxes, constantly communicating with cell towers logging your position and IMEI/IMSI tied to your real identity. They are also constantly recording the strength of wifi access points, and other devices around you, sending this back to HQ to build a map of everyone's movements. This is not even mentioning how most people are logged into a google/apple account at all times. You probably know this costs you YOUR privacy, but do you realize you are also snitching on everyone around you and contributing to this surveillance network?

Kill the Cop in your Pocket: http://uwb25d43nnzerbozmtviwn7unn7ku226tpsjyhy5n4st5cf3d4mtflqd.onion/posts/nophones/

Ask yourself how you feel about this? How much would freedom, privacy, and anonymity be worth to you? Many realize the situation is dire, but are preoccupied with trying to survive the next rent payment, and are do not have the knowledge necessary to resist.

Those organizing in the US (50501) overwhelmingly are using reddit and discord to plan protests. A few who know better use signal and consider this good enough, not thinking about how they are linked to a phone number. Signal is secure and private, but when your adversary is the US gov/tech corps that is not enough. We need ANONYMITY.**

Phone Numbers are incompatible with Anonymity: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/phonenumbers/index.html

"Laws" and "rights" are meaningless now. If the state deems you an enemy they have hundreds of ways to crush you into submission, throw you in prison, or worse. Things will only get worse over the coming years. The only hope we have is to maintain real anonymity

Here on Lemmy many are curious about digital privacy, but only have bits and pieces of the knowledge required. Without a solid understanding of how to use technology safely, misinformation, half truths, and FUD abound. There is a pervasive attitude that you have no choice at all, and that it is hopeless to stand up against your oppressors.

I am here to tell you this is NOT TRUE. I am here to tell you it is POSSIBLE, and WORTHWHILE.

You can reclaim technology to work for you instead of against you, but it will require effort and change.

Using Lemmy anonymously Is not too hard. You just need to register an email account in tor browser, and use that to verify a lemmy account. Be sure to ONLY access this account over Tor. The more privacy invasive the service, the more likely they will try to prevent you from doing this. Circumventing that is an advanced topic for another time.

How to Get an Email Account Anonymously (Emails as a Service) http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonemail/index.html

https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/

Trump wants green card applicants already legally in the US to hand over social media profiles: https://www.independent.co.uk/news/world/americas/us-politics/trump-green-card-applicants-social-media-b2720180.html

How long until similar demands are made of others? Every day the risk grows greater and less possible to ignore. The time to wise up is now! Start learning and investing in yourself today so that you can be prepared to protect yourself and those you care about before it is too late.

What is Anonymity ? Why is it Important ? http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymityexplained/index.html

Why isn’t Privacy enough for Anonymous Use? http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonuse/index.html

In this technocracy lines are being drawn. They are wielding technology to oppress and control us, and we need to decide if we are subservient data cattle, or if we are willing to learn how to use technology to empower ourselves and resist.

The relationship between average people and technology is unacceptable. Even those with advanced "tech skills" know next to nothing about how to maintain security/privacy/anonymity against the state. It does not have to be this way.

You deserve better. The people in your life deserve better. They NEED you to educate yourself so you can help teach them. The only way we can do this is together. The time for learning is limited and the clock is ticking.

Operational Security: Privacy, Anonymity and Deniability (Current and High quality) https://nowhere.moe/ http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/index.html

Anonymous Planet: Hitchhiker's Guide to Online Anonymity (Classic resource, somewhat dated) https://anonymousplanet.org/guide/

It's time to decide. Will you allow these corporations to own you, or will you rise to the challenge?

**When law enforcement subpeonas Signal for user information, all they hand over is the phone number associated with the account, and the last time they logged in. Due to the secure end to end encryption the contents of the messages are safe. No problem right? Well the cell phone number and associated metadata is more than enough for them to prosecute, imprison, and kill. Which cell towers has this phone number been around? What other numbers has it been communicating with and when? How is this cell service paid for?

It is not impossible to circumvent these issues, for instance by paying for a jmp.chat phone number with monero XMR. In this case you don't actually have the sim, but rather access it remotely over XMPP. If you do this over Tor very little can be used against you.

Ask yourself though, how many signal users actually go through these lengths? These phone numbers change law enforcement investigations from stumped, to having valuable leads and evidence. What motivations could signal have for requiring this valuable personally identifying information to be shared?

If a service requires your phone number, they are against your Anonymity http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/phonenumbers/index.html

Easy Private Chats - SimpleX (http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/privatesimplex/index.html)

(sorry for the semi off topic rant, no signal is not the worst thing or the first problem to fix, but KYC*** phone numbers are.)

***KYC: Know your Customer: https://kycnot.me/about

I was going to make some anonymity guides, but I needed to first address the issues and problems so I can follow up with solutions. Please give me your feedback and feel free to ask if you have any questions or requests for guides.

Privacy Guides is formally taking a stand against dangerous and frightening technologies.

cross-posted from: https://lemmy.sdf.org/post/31957116

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]

Hi! Just wanting to migrate from big tech and going BuyfromEU. I am trying out Posteo, which does not have an app only web interface. Since I can’t stay logged in on the web I’m using Apple Mail app as a gateway to simplify usage. To my question, is this totally counter productive to my privacy, pro-eu stance? Will apple mail collect my posteo data through the posteo now instead? Previously using outlook.

Thanks in advance!

@privacy Privacy Roundup: Week 13 of Year 2025

Delivered to you (on Lemmy) from Mastodon.

Features Signalgate and the 23andMe bankruptcy with a dash of sandbox escape in Chromium/Firefox on Windows (but is fixed in latest versions).

https://avoidthehack.com/privacy-week13-2025

cross-posted from: https://lemmy.world/post/27609585

https://archive.ph/9fyuk

cross-posted from: https://slrpnk.net/post/20187958

A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.

Xiaofeng Wang has a long list of prestigious titles. He was the associate dean for research at Indiana University's Luddy School of Informatics, Computing and Engineering, a fellow at the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, and a tenured professor at Indiana University at Bloomington. According to his employer, he has served as principal investigator on research projects totaling nearly $23 million over his 21 years there.

He has also co-authored scores of academic papers on a diverse range of research fields, including cryptography, systems security, and data privacy, including the protection of human genomic data. I have personally spoken to him on three occasions for articles here, here, and here.

"None of this is in any way normal"

In recent weeks, Wang's email account, phone number, and profile page at the Luddy School were quietly erased by his employer. Over the same time, Indiana University also removed a profile for his wife, Nianli Ma, who was listed as a Lead Systems Analyst and Programmer at the university's Library Technologies division.

According to the Herald-Times in Bloomington, a small fleet of unmarked cars driven by government agents descended on the Bloomington home of Wang and Ma on Friday. They spent most of the day going in and out of the house and occasionally transferred boxes from their vehicles. TV station WTHR, meanwhile, reported that a second home owned by Wang and Ma and located in Carmel, Indiana, was also searched. The station said that both a resident and an attorney for the resident were on scene during at least part of the search.

Attempts to locate Wang and Ma have so far been unsuccessful. An Indiana University spokesman didn't answer emailed questions asking if the couple was still employed by the university and why their profile pages, email addresses and phone numbers had been removed. The spokesman provided the contact information for a spokeswoman at the FBI's field office in Indianapolis. In an email, the spokeswoman wrote: "The FBI conducted court authorized law enforcement activity at homes in Bloomington and Carmel Friday. We have no further comment at this time."

Searches of federal court dockets turned up no documents related to Wang, Ma, or any searches of their residences. The FBI spokeswoman didn't answer questions seeking which US district court issued the warrant and when, and whether either Wang or Ma is being detained by authorities. Justice Department representatives didn't return an email seeking the same information. An email sent to a personal email address belonging to Wang went unanswered at the time this post went live. Their resident status (e.g. US citizens or green card holders) is currently unknown.

Fellow researchers took to social media over the weekend to register their concern over the series of events.

"None of this is in any way normal," Matthew Green, a professor specializing in cryptography at Johns Hopkins University, wrote on Mastodon. He continued: "Has anyone been in contact? I hear he’s been missing for two weeks and his students can’t reach him. How does this not get noticed for two weeks???"

In the same thread, Matt Blaze, a McDevitt Professor of Computer Science and Law at Georgetown University said: "It's hard to imagine what reason there could be for the university to scrub its website as if he never worked there. And while there's a process for removing tenured faculty, it takes more than an afternoon to do it."

Local news outlets reported the agents spent several hours moving boxes in an out of the residences. WTHR provided the following details about the raid on the Carmel home:

Neighbors say the agents announced "FBI, come out!" over a megaphone.

A woman came out of the house holding a phone. A video from a neighbor shows an agent taking that phone from her. She was then questioned in the driveway before agents began searching the home, collecting evidence and taking photos.

A car was pulled out of the garage slightly to allow investigators to access the attic.

The woman left the house before 13News arrived. She returned just after noon accompanied by a lawyer. The group of ten or so investigators left a few minutes later.

The FBI would not say what they were looking for or who is under investigation. A bureau spokesperson issued a statement: “I can confirm we conducted court-authorized activity at the address in Carmel today. We have no further comment at this time.”

Investigators were at the house for about four hours before leaving with several boxes of evidence. 13News rang the doorbell when the agents were gone. A lawyer representing the family who answered the door told us they're not sure yet what the investigation is about.

This post will be updated if new details become available. Anyone with first-hand knowledge of events involving Wang, Ma, or the investigation into either is encouraged to contact me, preferably over Signal at DanArs.82. The email address is: dan.goodin@arstechnica.com.

cross-posted from: https://lemm.ee/post/59836504

A massive thanks to @LuanRT for providing the fix regarding to the extraction of the deciphering functions. Also, big thanks to @PikachuEXE for coming up with a potential alternative solution!

https://github.com/FreeTubeApp/FreeTube/releases

Yesterday, reports emerged in the Vietnamese infosec community that two popular banking apps – BIDV SmartBanking and Agribank – were using hidden / private iOS API to detect other apps installed on users’ iPhones.

This behavior was initially highlighted by @opa334, developer of TrollStore, on infosec.exchange two days ago and later in a Facebook post on Vietnamse J2TEAM forum. The controversy quickly gained traction because such behavior suggests a violation of Apple’s policies and an invasion of user privacy.

Therefore, we conducted a thorough technical analysis of the mentioned bank apps BIDV SmartBanking (v5.2.62, updated on Mar 14, 2025) and Agribank Plus (v5.1.8, updated on Mar 25, 2025), detailed in this write-up, which also examines implications for users and the banking apps.

Since 2022, with Android 11, Google removed this access from app developers. Under their new package visibility policy, apps should only see other installed apps if it’s essential to their core functionality. Developers must also explicitly declare these apps in the AndroidManifest.xml file - a required configuration file for all Android apps.

For extremely specific use cases such as file managers, browsers or antivirus apps, Google grants an exception by allowing QUERY_ALL_PACKAGES permission, which provides full visibility into installed apps.

I don’t use Android as my primary phone, but I have a spare one and I was really curious to find out which apps from Indian companies had checks to see what other apps I had installed.

So I downloaded a few dozen Indian apps I could think of on top of my head and started reading their manifest files. Surely they will be respectful of my privacy and will only query apps essential to their app's core functionality? 🙃

Hello! There are numerous unverified temporary phone number services available (for activation codes when setting up new accounts online) which might collect user data. However, it seems that the privacy-focused community is lacking similar services for Europe created by respected privacy-focused companies, such as Mullvad. While there is the Cloaked app, it is currently only available in the United States.

cross-posted from: https://lemmy.blahaj.zone/post/23777198

especially estonians

Original question by @MajorMajormajormajor@lemmy.ca

Looking for the most privacy respecting baby monitor available. Doesn't have to be overly complicated, just the ability to watch a video feed from an app on my phone. It's a must have from the wife, so trying to find the best option and accepting some losses in privacy is likely necessary.