-precio justo

• empresa fiable, no venden tus datos
• la mejor opción si necesitas varios dominios o alias con varias bandejas de entrada
• servicio de calendario
• aplicación móvil multiplataforma, escritorio para Linux mantenido -Me encanta el modo offline -Privacidad -utiliza y apoya el software libre

¿Más información? https://tuta.com/es

Just a heads up for those who are using GrapheneOS. If you log into 2 (google or other) accounts on an installed app even on different profile, the service provider will still be able to link between your 2 accounts using MediaDRM. (Google will still know that both of the 2 accounts have been logged in on the same device)

More info:

• https://discuss.grapheneos.org/d/18315-how-can-an-app-identify-that-it-was-reinstalled-on-the-same-device
• https://discuss.grapheneos.org/d/9023-mediadrm-identifier

Hi there,

I have an Asus Zenfone 10 on Android 15. In this release of android a new feature named mobile security settings became available which are supposed to signal and protect against surveillance on the mobile network side, like at a protest.

When I try to enable these settings on my device they are off again when I reenter these settings. Do these settings have some kind of prerequisite? Are they working on your device?

Thanks!

We need 804 more signatures. https://www.change.org/p/proton-to-add-monero-payment-support?recruited_by_id=95fb2230-546c-11f0-89ad-6118a8d0681a

When you send a screenshot (even if height/width only is cropped) , the screenshot's width and height can be used to find the iPhone model of someone or narrowed down.

The most unique sized iPhone on the market right now is the iPhone 16 Pro and iPhone 16 Pro Max, as no other phone has the same width and height. So if you send a screenshot people will 100% know your exact phone. The regular iPhone 16 is common with the rest of the other phones and not unique.

If you send a screenshot from a iPhone XR, people can know if you using an iPhone 11 or iPhone XR since they have the same dimension which narrows down alot of options. (828x1792)

You can use this site here to view a list of all the dimensions. Click the iPhone's tab and sort the physical width or height.

If you don't want to expose your phone model, crop both width and height of each screenshot randomly. I would suggest cropping out the top of the phone as it shows your time if you care about that. Some sites like X have random inaccurate dimensions in uploaded screenshots, which is different from the original raw screenshot.

I haven't really checked with android phones, but it's probably the same thing.

Should I enable WIFI scanning / Bluetooth scanning / Network Location under setting->location->location services?

Which one would help me navigate inside a building or underground using open source maps?

I haven't tested yet, does google map requires any of those location services enabled to work? Should I just use google map in vanadium?

thanks a lot

Is it a good enough solution for IMEI tracking to use an alternative device to provide a hotspot connection?

This approach appears to protect any new device that hasn't inserted a SIM card from being identified.

But I'm not sure how much information is carried to the second device by using hotspot.

Is this a good solution so far? Should I try to spoof IMEI?

log into multiple google account in thunderbird

What information I might leak to google server if I issue log into multiple google account in thunderbird? ip of course but what else might be collected? It would be really great if someone could clarify whether the information below will be send to google when using their email service even through Thunderbird

• device name
• device model
• ...

My main concern is that google will be able to know that I have logged into the same device with different accounts.

In addition, I plan to use VPN when using one google account but not the others. This can be achieved through profiling, but is there an option that I can simply manage all the accounts in one app but without my ip address being collected by several specific email service provider corresponding to several specific email?

thanks a lot!

Food for thought.

https://youtu.be/dpE3feBwHCM

I got a new phone number last year. The last person who owned this number just left all her accounts tied to this number and one by one I've been reaching out to the places tied to it telling them they have the wrong number and to stop using this one. Simple enough.

But there is one company that refuses to stop using this number. Wynhdam hotels absolutely refuses to do anything about this. They keep sending me notifications and check in confirmations for her hotel visits. Using just the texts they send me, I know her full name, email address, home address, her reservations at the hotel, which hotel she's going to and what days. Using past conversations with the other hotels she's been to (called in to tell them to stop this months ago), I know she's been kicked out for making a scene in the lobby or something. Looking online, I see she has a criminal record, and a history of child custody losses, drug abuse, and is apparently an "experienced college girl" on an escort site.

In my most recent calls with wyndham, they told me that they can't change the number out. I will need to contact this charming person and have her do it. I am absolutely not getting involved in that mess in any capacity. I'm still telling her johns and dealers this is the wrong number.

Once I explained to the call center supervisor I was escalated to this has gone on long enough and I'm willing to let an attorney deal with it, they put me on hold and supposedly took my number off the account. But the next day, I get another notification. It seems she is providing her services again and it's still making that my problem. So I call and get routed to a promotional department that said they have no idea why they got this call, but I should probably just sue.

I tried calling the number listed on the confirmation texts but it goes to a dead end line that just asks for a remote access code and then hangs up, so I can't ask the hotel she is actually at flag her down and say "hey, you need to update your number."

I emailed their privacy department yesterday but the notifications are still coming in. I can't change my phone number at the moment as I'm dealing with some delicate matters that are tied to this number so I can't risk changing the number at this time.

How can I get wyndham to take this seriously? This is a dangerous amount of information I was able to get off a recurring text they know is going to the wrong place.

Source: https://www.youtube.com/watch?v=u_Lxkt50xOg

cross-posted from: https://lemmy.world/post/32032383

cross-posted from: https://rss.ponder.cat/post/215685

WhatsApp can now call on Meta AI to summarize your personal chats. As shown in a GIF, you can access it by tapping the button to unfurl all of your unread messages in a chat. But instead of showing your messages, WhatsApp uses Meta AI to generate a bulleted summary of what you missed.

The feature is rolling out in English in the US, with plans to launch in more countries and languages later this year. It uses Meta’s Private Processing technology, which the company claims will prevent it and other third parties from snooping on your messages.

WhatsApp, which is owned by Meta, says its AI message summaries are optional, and the feature is turned off by default. You can also use WhatsApp’s “Advanced Privacy” setting to prevent users from using AI features in group chats.  We still don’t know if WhatsApp’s AI message summaries will struggle with accuracy, which is something we saw with the launch of Apple’s AI-generated message and notification rundowns.

Over the past year, Meta has continued stuffing different AI features into WhatsApp, including a way to ask Meta AI questions from within a chat, as well as a feature that generates images in real-time. Some users have grown frustrated by the new Meta AI button in the bottom-right corner of the app that they can’t turn off or remove. Meta also sparked backlash with another change that brought ads to the app — something its founders said they never wanted to do.

The app’s Private Processing is supposed to conceal your interactions with its AI model by creating a “secure cloud environment,” preventing Meta or WhatsApp from seeing your summaries. Other people in the group chat won’t be able to see the message summaries, either.

From The Verge via this RSS feed

I'm considering finally jumping off gmail. I'm not going to host my own email since I just don't have the skill to secure that thing well enough myself. Any mail server I set up would become a botnest within hours. So that has me looking at third party stuff.

Proton has a mostly good reputation, though their CEO's twitter post a while back praising the Trump regime makes me question if I should trust them with anything. I don't know enough about the entire situation to know if its just internet drama or a real concern, but anything involving Trump is a huge red flag for me.

Tuta looks pretty nice but I've read there are concerns about it being in a country that's part of the 14 eyes collaboration, so it might not matter what the organization wants if the government of the region they are in says fuck off and do what we tell you.

On the lower end of concerns, I am in the Apple ecosystem. (boo hiss I know). I like the clean and simple built in apps like email and calendar and how the notifications all work across my watch, phone, mac and homepods. I like how safari can just jump in and throw an email alias at things for me. I like how all my stuff is managed. But I also know Apple could piss me off at any moment and make wild sweeping changes I might not like, so relying on them too much could screw me over someday. I dont know, right now I really like their setup but portability does seem to matter more ultimately so this switch does seem like a better idea in the long run, even if I'm giving up features I may enjoy.

What are your opinions on the privacy email and calendar services in 2025? Should I even both with a cloud based calendar in the first place?

Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple’s App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad tracking and targeting.

It was a fortuitous coincidence.

Psylo for iOS and iPadOS was created by Mysk, a Canada-based app biz run by software developers and security researchers Talal Haj Bakry and Tommy Mysk.

“Psylo stands out as it is the only WebKit-based iOS browser that truly isolates tabs,” Tommy Mysk told The Register. "It’s not only about separate storage and cookies. Psylo goes beyond that.

“This is why we call tabs ‘silos.’ It applies unique anti-fingerprinting measures per silo, such as canvas randomization. This way two Psylo tabs opening the same website would appear as though they originated on two different devices to the opened website.”

I am trying to get away from Google and am looking for a decent cloud service that's integrated well into Linux, either by itself or by using rclone.

I tried Proton drive, but it is laggy and overall not very good.

I just need storage, nothing fancy. Self hosting is not an option tough, at this time.

EDIT: I don't want to write the same answer 15 times, so I'll just put this here: Thanks a lot for the recommendations to all of you! I've got some reading up to do now :-)

Could Windows and installed apps upload all my personal files?

Dear all

I have deleted Onedrive and disabled File system access in Privacy.

1. I would like to know, which other ways that my personal files could be uploaded in a non-malicious non-hacker way?
2. Just by using Windows, Microsoft could upload all my personal files to themselves if they would?
3. Does every installed App / software have full access to my whole drive? How can I found out, how much access it has?

Thank you for your interest and reply

Best regards

@Rikudou_Sage@lemmy.world

Yes, every application has access to everything. The only exception are those weird apps that use the universal framework or whatever that thing is called, those need to ask for permissions. But most of the apps on your PC have full access to everything.

And Windows does collect and upload a lot of personal information and they could easily upload everything on your system. The same of course applies for the apps as well, they have access to everything except privileged folders (those usually don’t contain your personal data, but system files).

cross-posted from: https://lemmy.world/post/31889138

Please see the cross-post as it is updated.

Is there a firefox extension that disable the web connection of other extensions?

cross-posted from: https://lemmy.world/post/31889138

Please see the cross-post as it is updated.

What is the difference between Chameleon and JShelter?

• Chameleon – Get this Extension for 🦊 Firefox Android (en-US)
  • Chameleon is a WebExtension port of the popular Firefox addon Random Agent Spoofer.
• JShelter – Get this Extension for 🦊 Firefox Android (en-US)
  • JShelter is a browser extension to give back control over what your browser is doing. A JavaScript-enabled web page can access much of the browser's functionality, with little control over this process available to the user: malicious websites can uniquely identify you through fingerprinting and use other tactics for tracking your activity. JShelter aims to improve the privacy and security of your web browsing.
  • Like a firewall that controls network connections, JShelter controls the APIs provided by the browser, restricting the data that they gather and send out to websites. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the precision of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system or hardware.

JShelter seems to spoof info by controls the APIs provided by the browser? and Chameleon spoofs user agent and many other information.

To me both seems to serves the same purpose of spoofing. Is Chameleon spoofing without interfering with js and JShelter spoofing with interfering with js the main difference between them? In addition JShelter seems to be able to block malicious js

How JShelter and Chameleon achieves spoofing differently?

https://sereneblue.github.io/chameleon/

strongly recommend

How can a site see what extensions you have?

One of the things I've seen mentioned before is that installing too many extensions can make you more unique, and thus have a negative influence on your fingerprint. This got me curious, how exactly do sites detect which extensions you have anyway? Can they outright read your list of extensions?

Furthermore, do all extensions make you more unique? I guess the answer would depend on the answer to the first question (surely, if they can just outright see your list, then the answer would be yes), but lets say you install something that seems rather innocuous, like Transparent Standalone Images, for example. Can a site see that this is installed / does it make your fingerprint more unique?

explanation

Web sites do not have any way to enumerate or query your installed extensions, and they cannot directly "see" the content scripts injected by extensions. However, some extensions do modify pages in a way that scripts in the page could recognize as being the work of a particular extension, assuming the owners of the site care to research and check for such things.

One particular issue is that an extension may insert a path into the document to a page or image in the extension itself. Firefox assigns a randomized UUID to the extension at install time, and the path uses this UUID. On the plus side, this may prevent the site from associating the URL with a specific extension. On the minus side, at least in theory, a site could detect this weird URL in the page and use that for fingerprinting. See: How to prevent fingerprinting via Add-on UUID?.

is there anything else that I should notice?

Thank you!

Answered by @listless@lemmy.cringecollective.io

Web pages are not allowed to list your extensions. They can indirectly surmise you have certain extensions based on how your requests differ from expectations. For example, if they have advertisements, but your browser never actually makes any requests to load the images, CSS, JS or HTML for the advertisements, they can deduce you have an ad-blocker. That’s a datapoint they now have to ID you: “has an ad-blocker”

Now let’s say they have an ad they know AdBlockPlus allows, but uBlock Origin doesn’t. They see your browser doesn’t load that ad. Another datapoint: “Not using AdBlockPlus”.

Based on what requests go back and forth between your browser and their servers, they map out a unique fingerprint.