cross-posted from: https://lemmy.ml/post/31440973

The tool Lynis is an auditing tool used to audit Unix systems. Is it still relevant? Worth using?

It used to be fairly widely used years ago. Is it still worth its salt or are there other better options? Do you guys think it's needed at all with common sense now days.

I am currently using Obsidian. I like it; it is great. The graph is a bit of a gimmick but very rewarding. The formatting is easy. The search can be great and powerful, but Markdown can also be a letdown sometimes; it is just so limiting sometimes.

I think Obsidian is almost boring. It works, and my main gripe is syncing it to my phone. I have tried using Syncthing, but I often get clashes with versions of notes or even lose notes, even when using Syncthing versioning.

But then there is Notion. Let me first say, I have not used Notion at all. I made an account, saw all the great stuff, especially the database feature and all the APIs, but something felt off.

Of course, I researched the privacy of Notion and realised it is a complete dumpster fire.

My work is confidential; I really can't use something like Notion. But then, for my personal stuff, I also don't want AI to be trained on it or used for marketing to me or on me.

Are there alternatives to Notion that someone can recommend to me?

I've been interested in switching over to a phone that isn't a gold mine of my data for random companies etc. I've seen stuff for calyx, fair phone, graphene, and Linux phones. I'm curious as to how I would go about switching over. As of right now I use Android and mostly message through signal unless it's for work and I'm unfortunately on Verizon. Which privacy first smartphones would people recommend for US users and how does it work putting it on a network? Do they go on the regular networks like at&t, sprint, Verizon etc? Or do they have their own or privacy first networks? Sorry if these are dumb questions I'm just interested in switching and figured this would be a good place to find info.

Hey.

My phone is a Pixel 8A Graphene OS Phone. I Want to make this phone a Hardended phone. A safe phone. Privacy friendly phone. Not a Watched or tapped into phone. Basically limit the spying and intercepting and get control of the spying mechanisms that may be at play.

The phone has Sandboxed google.play services.

(grapheneos) and 1 profile (owner)

The phone has a kyc sim card. ( currently no way out)

Thanks.

Mullvad gives you a discount if you pay with crypto, and monero is supposed to be the private crypto. What is the best way to get Monero? I'm in Canada

https://mullvad.net/en/pricing

cross-posted from: https://lemmy.world/post/30825750

Skip Timestamp and Generated Summary below:

Video Description:

Award-winning investigative journalist Max Blumenthal, who has long spoken out against Israel’s genocidal war crimes in occupied Palestine, was recently detained by Customs and Border Protection officials at Washington Dulles International Airport after returning from a personal trip to Nicaragua.

The agent who stopped him mentioned catching a recent Blumenthal appearance on former judge Andrew Napolitano’s TV show.

Guest hosts Russell Dobular and Keaton Weiss discuss the experience with Blumenthal, and expand the conversation to address the harassment many others — some of whom are not even politically active — have faced when returning to the country from abroad.

Read Max's work at The Grayzone here: http://thegrayzone.com/

Follow Max on Twitter: / maxblumenthal

Follow Russell Dobular on Twitter: / russelldobular

Follow Keaton Weiss on Twitter: / thatkeaton

Due Dissidence on Substack: https://substack.com/@duedissidence

Skip Timestamp:

1. 28:47.000 - 28:59.549 Unpaid/Self Promotion

Generated Summary:

Main Topic: Increased scrutiny and harassment of travelers, particularly journalists and activists, by US Customs and Border Protection (CBP), especially those returning from countries deemed "high-risk" or with dissenting political views.

Key Points:

• Max Blumenthal's Experience: Blumenthal recounts being questioned by CBP upon returning from Nicaragua and anticipating similar or worse treatment upon returning from Iran. His contacts were more concerned about his treatment by the US government upon return than about Iran itself.
• Increased Border Scrutiny: The discussion highlights a trend of CBP targeting individuals for questioning, device seizure, and intelligence gathering, even without warrants, based on their travel history, political affiliations, or even their names.
• Erosion of Constitutional Rights at the Border: The video emphasizes that constitutional rights are diminished at international borders and airports, allowing CBP greater latitude in questioning and searching travelers.
• FBI Harassment: The FBI has been approaching journalists and scholars who have traveled to Iran for interviews without warrants.
• Advice for Travelers: The video advises travelers, especially those politically active or with perceived risk factors (e.g., Arab names, travel to certain countries), to prepare for potential device seizure and questioning. Suggestions include using burner phones, backing up data to the cloud, and understanding their rights (e.g., the right to remain silent without a warrant or lawyer).
• Israeli Influence: The discussion touches on the influence of Israeli security practices and training on US border security, leading to a perception of all citizens as potential threats.
• Immigration as a Pretext: The speakers argue that the focus on immigration is being used as a pretext to expand the security state and mass surveillance capabilities, even though deportation numbers are not necessarily increasing.
• Shock and Awe Deterrence: The detention and questioning of travelers, including international students, is seen as a "shock and awe" tactic intended to deter dissent and discourage travel to or from certain countries.
• Political Motivations: The Trump administration's actions are attributed to a desire to satiate its base's desire for revenge against foreigners and to create a political power base from anti-communist expats.

Highlights:

• Blumenthal's description of the CBP agent referencing his appearance on Judge Napolitano's show, suggesting political targeting.
• The anecdote about an activist declining an award in Canada due to fear of being unable to re-enter the US.
• The recommendation to use Graphine OS for enhanced phone security.
• The discussion of the Israeli security consultant training Boston's Logan Airport staff to profile travelers.
• The argument that the focus on immigration is a pretext for building a police state.

About Channel:

"I don't criticize Democrats cuz I side with Republicans, I criticize Democrats Cuz THEY side with Republicans.

Our fight is not Left/Right anymore, it is Us vs.Them.

We have 2 corporate party's that serve Wall St/War Machine/Corporations & crush everyone else. #UniParty @0rf"^[[1] https://twitter.com/jimmy_dore/status/1559374176904814594]

#TheJimmyDoreShow is a hilarious and irreverent take on news, politics and culture featuring Jimmy Dore, a professional stand up comedian, author and podcaster. The show is also broadcast on Pacifica Radio Network stations throughout the country.

“Jimmy Dore is outrageous and outraged, bothersome and bothered. A crucial, profane, passionate voice for progressives and free-thinkers in 21st century America. Jimmy will anger you if you’re a conservative and enrage you if you’re a liberal.”—Patton Oswalt

Edit:

1. Fixed Title, From "Is What Terrified People About My Trip to Iran!" To "This Is What Terrified People About My Trip to Iran!"

Receiving a spam call puts you in a bit of a dilemma, or at least it does for me: How do I deal with this call that doesn't alert the spammers that this is an active number that they can call again? Answering the call is obviously the wrong choice, but I always assume that rejecting the call outright will also be detected as a deliberate action and therefore a person is on the other side. Some people have suggested answering the phone but not talking, so they think it's a dead number, but I want something more definitive.

My idea is to have a "spam" button on the incoming call screen, that answers the call but doesn't connect the microphone. Instead it plays either the standard "the number you're dialing is not assigned, please check your number and try your call again" recording, or a fax/modem sound to make them think the phone number belongs to a machine and not a human.

Would this work? Or would they still be able to determine that the recording is spoofed by the phone itself? Does anything like this already exist?

cross-posted from: https://feddit.org/post/13725656

I'm getting a 403 error on Kagi when using Mullvad VPN. Can anyone confirm they're blocking VPN users now? I'll immediately cancel my Kagi subscription if this turns out to be the case.

An Italian parliamentary committee has confirmed that the government used the Israeli-made spyware Graphite, developed by the offensive cyber company Paragon, to hack the smartphones of several activists working with migrants.

The committee confirmed that Paragon provided Graphite to two Italian agencies, including the country's external intelligence service, starting in 2023. The version of Graphite provided did not include the ability to activate the phone's microphone or camera, the report said. Instead, it only enabled its operators access to encrypted communications on the hacked devices.

The report also confirmed that Graphite exploited a vulnerability in WhatsApp that Meta identified and patched in December 2024, one month before the spyware's activity was publicly disclosed. The vulnerability's discovery also caused "panic" at Israel's military intelligence Unit 8200, according to the recent Israeli television report.

I have 2nd hand pixel 8a with grapheneos and i havent putted sim card in it since i have it, in my country i have to have registered sim card, iam afraid of IMEI be linked with sim card and once i put it in im f**ked, the reason i need to put card is to verify bank which need sim card being in device.

I did some research but became dumb from too much information

(sorry for my english :D)

Edit: also i want to be private because of my feature, idk if i wont live in country where propaganda is normal

What is DNS4EU? DNS4EU is an initiative by the European Commission that aims to offer an alternative to the public DNS resolvers currently dominating the market. Supported by the European Union Agency for Cybersecurity (ENISA), the European Union's DNS4EU secure-infrastructure project provides a protective, privacy-compliant, and resilient DNS service to strengthen the EU’s digital sovereignty and enhance digital security for European Union citizens, governments, and institutions.

The program provides robust DNS security for public institutions and their employees, ministries, local governments or municipalities, healthcare, education, and other critical services such as telecommunications providers. By working with the latter, for example, it ensures DNS resolution service for all of a telco’s customers, with minimum manual overhead for their teams.

Additionally, the DNS4EU solutions aid organizations in complying with regulatory requirements (such as GDPR) to keep data within European borders.

As these organizations often face challenges to independently developing and maintaining high-level cybersecurity measures (such as election cycles or funding), the DNS4EU project solves these challenges by providing a Europe-based, centralized, scalable solution to ensure the highest standards of security and privacy, compliant with EU regulations.

I'm looking to get a card for general spending that's not tied to any account. Is a gift card the way to go? Are these reloadable?

Don't say cash - lots of places don't take cash any more.

If you were running a LLM locally on android through llama.cpp for use as a private personal assistant. What model would you use?

Thanks for any recommendations in advance.

A translation of this article with a few (minor additions). I could not find an English-language article. The original article has informative illustrations.

“Archive.Today” is a popular website for access to paid media content. Well-known domain names for the website are archive.is and archive.ph (and archive.md, archive.fo, archive.li, archive.vn).

What many users do not know: The website provides users' data to Russia.

The data goes to Mail.ru and thus to the Russian Internet company VK. A look at the website with Webbkoll shows the following Russian domain names:

• privacy-cs.mail.ru
• r.mradx.net
• rs.mail.ru
• top-fwz1.mail.ru

First and foremost, top-fwz1.mail.ru/js/code.js is integrated. Further code from Russia is then loaded.

The following applies to Russian Internet companies:

“Russia demands unconditional cooperation and extensive control options from its flourishing IT economy. It is not just about the full possession of the largest social network (VK) and the largest payment service (Mail.ru), but in the case of Yandex also to influence the entire output of Yandex News.

The data collected show which Paywall content is particularly popular in western media, but could also provide insight about their users. One can speculate about the importance of such data in the hybrid Russian war against Europe and the rest of the West.

(the following part is about the most common originating news sites in Switzerland that are to be archived. It refers to the above mentioned paywall content)

Incidentally (and in addition), anyone who pays for the paid media content must (also) expect for user data to go to Russia:

«Until recently, Ringier sent - thanks to these cookies - the IP addresses of "Blick" readers to the Russian tech company Yandex. […] Yandex is also listed at «20 Minuten». The free news portsal of the TX Group also works with the platform of the Interactive Advertising Bureau. […] The NZZ also sent data to the east. The traditional company on Falkenstrasse has integrated dozens of trackers, including from Yandex and also from Rutarget, an advertising company that belongs to the Russian Sberbank, is fully controlled by the state and is on the sanction list of the United States. »

The operators of «Archive.Today» do not open their identity. Neither an impressum nor a data protection declaration can be found on the website.

“Liberapay” in France should be able to say who operates “archive.today”. If you click on the "Donate" button at "Archive.Today", you will be forwarded to the donation platform "Liberapay".

A (more) reputable alternative is the Internet Archive at Archive.org, best known for the archiving of websites at web.archive.org.

Posted to privacy@lemmy.ml, privacy@lemmy.dbzer0.com and privacy@lemmy.world

edit 2 days later:

I'm aware this isn't the biggest smoking gun ever. But this particular service is in such widespread use that I feel it's important to shine a light on it.

Of course any post with certain keywords in the title will attract weird commentary, but I think you'll find that even the most contrary ones do not dispute the facts outlined in the article - just try to play them down, or ridicule them.

It's free, it has fast servers, it doesn't ask questions of you. It's a godsent!

By embedding tracking code into millions of websites, Meta’s Pixel and Yandex Metrica have been able to map Android users' browsing habits with their persistent identities (that is to say, with the account holder logged in). This method bypasses privacy protections offered by Android's permission controls and even browsers' Incognito Mode, affecting all major Android browsers. The international research team has disclosed the issue to several browser vendors, who are actively working on mitigations to limit this type of abuse. For instance, Chrome's mitigation is scheduled to go into effect very soon.

These tracking companies have been doing this bypass for a long time: since 2017 in the case of Yandex, and Meta since September 2024. The number of people affected by this abuse is high, given that Meta Pixel and Yandex Metrica are estimated to be installed on 5.8 million and 3 million sites, respectively. It is also worth noting that evidence of this tracking practice has been observed only on Android.

In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:

• https://privsec.dev/posts/android/f-droid-security-issues/
• https://xcancel.com/GrapheneOS/status/1883895255142932816#m
• https://github.com/obfusk/fdroid-fakesigner-poc

While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I've been hearing good words about F-droid in lemmyverse.

I am not good at assessing arguments, so I want to ask you guys for more aspects and information.

Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?

Some might say that no one needs LinkedIn at all but there are some jobs that people struggle to attain so they get on LinkedIn. I have noticed though that I've mostly seen users who are in things like tech, marketing, business, and blue collar jobs on that platform. I didn't see many people on there who work in medical professions but it could have just been a tailored experience for me. Are there career fields where you wouldn't even think about making a LinkedIn?

Hey Lemmy!

Exactly as the title says, where self-destructing means that no matter what email provider I, or my recipients use, the email will be gone after a set amount of time.

The methods I have come up with are:

• using a PrivateBin or PasteBin link.
  • requires the recipient to click on a link that opens in another app/tab
  • easy to set up
• using an HTML remote content stylesheet with CSS ::after to inject the body text of the email; then, if I control the server, I can delete the stylesheet and the email will be gone.
  • embedded in the email, but plain text only. I'm not even sure if it can do line breaks.
• loading an SVG from a remote source

Does anyone have more methods?

I have received emails about updates to privacy policies from at least 5 companies yesterday. What is going on? Has government done something? Is it a scheduled thing?

Edit- As most companies have started messing with data for AI training, I have proceeded to delete my accounts with them. I should have done this a long time back.