A lot has happened in the past month: the EU Commission (the executive branch of the EU) publicly attacked the three largest porn sites — including us — over our supposed obligation to prevent minor access, while completely ignoring far larger mainstream platforms.

AV implementation was also scheduled to begin in France in June 2025, but was later halted — though only temporarily. However, it is set to come into effect next month in the UK — July 2025.

And just yesterday — June 27 — the U.S. Supreme Court (SCOTUS) issued a devastating decision that opens the door to broad state regulation of adult content, effectively allowing AV laws with minimal constitutional constraint.

Amazing article by the famous british reporter Tom Burgis. He is one of my favorite book author and journalist. Thank you Tom👏👏👏

I suggest just reading the full article and making your own conclusions but I personally deleted the game for now. I need to see how far these measures will actually go and will they want to like take my DNS history or something.

Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information.

Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are affected.

The list of impacted products includes speakers, earbuds, headphones, and wireless microphones.

PewDiePie on Privacy: Don't call it privacy!

Unless you go all the way with privacy, it doesn't mean anything. Don't call it privacy!

Full video: I’m DONE with Google.

cross-posted from: https://lemmy.zip/post/42644474

We need 804 more signatures. https://www.change.org/p/proton-to-add-monero-payment-support?recruited_by_id=95fb2230-546c-11f0-89ad-6118a8d0681a

cross-posted from: https://sh.itjust.works/post/41026064

Good day, or good evening privacy people! So as many lots of people may know there's 3 ways to build a world for yourself. Start your own business, go into the trades and apprenticeships or go to collage. There is no wrong choice because it is for you to make, i mean its your life after all! But any way today i wanna talk about number three on our roster, i have a very close friend who has chosen to go to collage . He is a pretty smart person as well has immense empathy and sympathy and has decided to follow his intuition to go seek further education. To become a substance abuse therapist, and recently he is getting closer to the end of his collage degree. However for some of the final exams they require a software called "Secure Browser" by Respondus. This is in fact not a Secure browser, wheres the TOR?? This browser is meant to kill all background apps and to eliminate the possibility of cheating, by you guested it SPYWARE!! Now one of the description from my friend is that you MUST use this software to take the quiz or kick rocks and get a bad grade. So we read the TOS which is about what you expect.

"Respondus collects data to operate effectively and to strive to provide you with the best experience with LockDown Browser. You provide some of this data directly, such as when you contact us for support. Some data is obtained by recording how you interact with LockDown Browser by, for example, receiving error reports or usage data from software running on your device. Some data is obtained by how you interact with the assessment delivery system, such as the amount of time spent answering a question. The data we collect within the Help Services depends on the features you use, and includes the following:

Webcam & Microphone Check. The webcam and microphone check streams video and audio from your webcam to the Respondus servers. The video and audio can then be played back by you to ensure the webcam and microphone are working properly. The video and audio recorded during the webcam and microphone check is stored in temporary cache on the Respondus server and is automatically deleted in about an hour. Persistent storage is not used for these recordings, and Respondus does not provide a way to electronically identify the recordings as being transmitted from a specific user. "

aswell on a separate webpage for a general TOS not for secure browser but in general for using any of there software

they collect Webcam & Microphone Check. and System Check. unique System Check ID. Basic personal data (first name, last name) Authentication data (user name) Contact information (may include postal or email address) Pseudonymous identifiers (student ID code assigned by LMS, if applicable) Device identification (IP address) We may disclose your personal data to partner companies where you have agreed to have that information shared

System Check. The System Check gathers certain information from your computing device, the networking environment, and the institution's Learning Management System.

So obviously like any sane person living in the year 2025, and not wanting a data company have, voice, video and as much data they can get out of there ~~Secure Browser~~ RootKit. We both decided and or was predetermined, that it doesnt ~~run~~ infect linux. Because its only for PaidBSD (MacOS) or Windows, So we thought about running a virtual machine of windows 10, but the idea was quickly thrown out because odds are it probably checks for hypervisors. So we decided to take out "old reliable" the 14 pound billet of a computer from circa 2008 aka my lenovo T440p with libreboot and a de-soldered webcam and microphone. Some of you may think im paranoid at this point, but i havent trusted windows since windows 11 came out. Sooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo anyhow

We installed windows 10 and installed "secure browser", we ran a test for the software to make sure it would function without a webcam or mic. And it did!

So end of story right? malware and scummy business solved by FOSS software and soldering iron?

Well for my friend it is solved but for those who are not tech savvy or paranoid they still got con'd. So enough about the past lets talk about the future, My friend has decided to complain to the teacher whom runs the class and requires them to run this software. That there should be alternatives, we have constructed a email which as of writing has been sent. This is paraphrased but the points are all made the same,

" I disliked having to use Lockdown Browser. Since I run Linux it was hard for me to get it to work. I ended up having to get an old laptop and install windows 10 to get it to work. Lockdown Browser does not support Linux. I also disliked the TOS because they are able to use your microphone and camera and that "we may disclose your personal data to partner companies..." I feel as if this is an invasion of privacy as a student. I think colleges are becoming so focused on academic integrity that they overlook what students' information is given towards the company (in this case Lockdown). Like I said before this is forcing students to take video and audio recording of themselves or else they cannot take the test. They also say in the TOS that for the microphone and video the test run is deleted, but they never say what happens to the quiz video and audio. If I would have known this class was going to use Lockdown for its test-taking I would have had second thoughts. https://web.respondus.com/tou-ldb/ "

I am proud of my friend, as he also wants to fight for digital sovereignty, privacy and a better digital world. we discussed this email back and forth onto what it should say. He asked me what i would add, and i flat out gave my rather blunt opinion on the matter. "There should be another option, i understand the microphone and camera requirement because they don't want you to cheat. But it never says whats done with that data on there website, it says what happens to the demo data but not the quiz data! they leave an open ended "we may share your data" which im 99% definitively means there selling it to partners. That end of the day you should say what you think about this software, respectfully and precisely. Its your collage degree, its your collage, its your money. Let them know that you are displeased with this choice."

he then added the part about if he knew this software was going to be used in this class he would have reconsidered taking it. which i think is very fair and to the point of the matter.

To close off this very lengthy post, i want to thank my friend for sharing his experiences with me. And to let other people know about the evil that infects collage software, like Pearson. Which is another topic for another day.

Cheers Steamy

Public Key 405B46E81DCCDB2B310DEF0DA5F0B998E8AC3752

My question is: Can you block the IPs it's phoning home to without breaking other TV functions, like OS/app updates, etc? Is there a list of IPs available for smart TVs specifically that keep the fingerprint from being received by the mfg?

Starting in Firefox 138, Mozilla started gating Firefox Labs features behind data collection.

Mozilla had announced that some new Firefox features would be released via Firefox Labs.

It is now a few hours since I posted, and there is reason to celebrate – Mozilla is updating Firefox Labs to let people access features without needing to enable data collection.

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-06-16
Period: 2025-06-01 to 2026-05-31
Expiry: 2026-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is July 16, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

1. We are changing from twice-yearly to once-yearly canaries

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

16 Jun 25 19:17:39 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
"Teacher Li": Catching Up with the Most Effective Chinese Regime Opponent
Firing at the Desperate: Palestinians Killed as They Gather to Receive Relief Supplies

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Live Updates: Israel Strikes Iranian State TV as It Expands Targets in Tehran
With No Clear Off-Ramp, Israel’s War With Iran May Last Weeks, Not Days

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
No further damage seen at Iran nuclear sites, global watchdog says
'Nowhere feels safe': Iranians on life under Israeli attacks

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
00000000000000000000f2c3a15949aac2f6d7bc153330a4fca496f68c8c4b21

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmhQbsQACgkQaLi8sMUC
OQW6Ng//aVnkEMdWFTbwBkDD5k7i1+sdoX1XwigV/hYHoTBJqeIATbw3uvdqiQfx
/VY8sCJUFyLjAqSmEb7rXMjvVy0PFWP7zS4BJgGimEkNoIYRQBfY7txK9uD7ZJ1n
02ybYu7VwEoBJPtwmP4rp6Vpb5rVXmN//ezXDHteLvLEGTKSJ6X/O7tEPtUNbJmR
37KvkKPLY4txkm0z/3ChGVCicQPO9R7d+Xh2TUo9xXPyVneYTRhjSjWfwpcg0Z58
xW5KTGDbB09HMdrmWkl2aOQrf0GgHjPUapOXy1CB3NBR84j6Nsr2Pod3dOuS7moQ
VKnokMS6/dTTvoUbjUpSizDZu+Te2RYanV2I3gt5CHKDNhyFUh4EYOMPqje1dy8j
bf5I4p0qsZkRN12IvIQzDVKKq4guD7zQuagpWvi0d7OtNldT2lu7G2uWQ55WLej0
4QbFn7WCeEWyMXhQHYVYjY8QZPSIHTLHUBTm59+/CGEXYB9WeVi3g2sbD9Aasgod
Te7pm3SC4Sg+F8v7SCoPbxY9VXdCUREOsxPybYrtbFgkdnZwsb2YlN7UDJ9Lqz7i
GYMqX7JNpt7R+Zbp4TQCy1yQY4gNR4H2E1Z2o+3cRTygbUHV58/L0IJc+lO6oHJY
Sa4k/6pswal3CYJSu+imbRmhoFnpv1pFZ1ch2b8k8K/1q727NkU=
=1XvB
-----END PGP SIGNATURE-----

What is a Warrant Canary?

The BusKill team publishes cryptographically signed warrant canaries on an annual basis.

Although security is one of our top priorities, we might not be able to inform you of of a breach if served with a State-issued, secret subpoena (gag order).

The purpose of publishing these canary statements is to indicate to our users the integrity of our systems.

For more information about BusKill canaries, see:

• https://buskill.in/canary

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

TL;DR: Mozilla is now enforcing data collection as a pre-requisite to access new features in Firefox Labs. This is backed by the Terms of Use that Mozilla introduced a few months ago.

Somewhat buried source that Newsweek is using: https://istories.media/en/stories/2025/06/10/telegram-fsb/

Just wanted to put this put this out there, especially because most get blocked. Altaddress.org, anyone else ever use it?

I am being forced into installing Life360 on my phone, which as you all probably know, is a massive privacy violation. Just by looking through the AppStore data page, lots of sensitive information gets shared with third parties. There’s got to be a way to disable it, and only enable it when necessary right? Or am I out of options here? Even though it’s only slightly less of a privacy risk, I’d prefer using Apple’s find my service, which has most of the features that Life360 has, while also being built in to every iOS device. How do I reason with this person?

Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.

This is the process through which Meta (Facebook/Instagram) managed to link what you do in your browser (for example, visiting a news site or an online store) with your real identity (your Facebook or Instagram account), even if you never logged into your account through the browser or anything like that.

Meta accomplishes this through two invisible channels that exchange information:

(i) The Facebook or Instagram app running in the background on your phone, even when you’re not using it.

(ii) Meta’s tracking scripts (the now-pulled illegal brainchild uncovered last week), which operate inside your mobile web browser.

Seems if you scroll around shopping websites and look at the negative reviews you always see people saying things like "never worked at all" or "stopped working soon after".

It can't really be that involved to line a small enclosure with some metal fibers, can it?

A translation of this article with a few (minor additions). I could not find an English-language article. The original article has informative illustrations.

“Archive.Today” is a popular website for access to paid media content. Well-known domain names for the website are archive.is and archive.ph (and archive.md, archive.fo, archive.li, archive.vn).

What many users do not know: The website provides users' data to Russia.

The data goes to Mail.ru and thus to the Russian Internet company VK. A look at the website with Webbkoll shows the following Russian domain names:

• privacy-cs.mail.ru
• r.mradx.net
• rs.mail.ru
• top-fwz1.mail.ru

First and foremost, top-fwz1.mail.ru/js/code.js is integrated. Further code from Russia is then loaded.

The following applies to Russian Internet companies:

“Russia demands unconditional cooperation and extensive control options from its flourishing IT economy. It is not just about the full possession of the largest social network (VK) and the largest payment service (Mail.ru), but in the case of Yandex also to influence the entire output of Yandex News.

The data collected show which Paywall content is particularly popular in western media, but could also provide insight about their users. One can speculate about the importance of such data in the hybrid Russian war against Europe and the rest of the West.

(the following part is about the most common originating news sites in Switzerland that are to be archived. It refers to the above mentioned paywall content)

Incidentally (and in addition), anyone who pays for the paid media content must (also) expect for user data to go to Russia:

«Until recently, Ringier sent - thanks to these cookies - the IP addresses of "Blick" readers to the Russian tech company Yandex. […] Yandex is also listed at «20 Minuten». The free news portsal of the TX Group also works with the platform of the Interactive Advertising Bureau. […] The NZZ also sent data to the east. The traditional company on Falkenstrasse has integrated dozens of trackers, including from Yandex and also from Rutarget, an advertising company that belongs to the Russian Sberbank, is fully controlled by the state and is on the sanction list of the United States. »

The operators of «Archive.Today» do not open their identity. Neither an impressum nor a data protection declaration can be found on the website.

“Liberapay” in France should be able to say who operates “archive.today”. If you click on the "Donate" button at "Archive.Today", you will be forwarded to the donation platform "Liberapay".

A (more) reputable alternative is the Internet Archive at Archive.org, best known for the archiving of websites at web.archive.org.

Posted to privacy@lemmy.ml, privacy@lemmy.dbzer0.com and privacy@lemmy.world

edit 2 days later:

I'm aware this isn't the biggest smoking gun ever. But this particular service is in such widespread use that I feel it's important to shine a light on it.

Of course any post with certain keywords in the title will attract weird commentary, but I think you'll find that even the most contrary ones do not dispute the facts outlined in the article - just try to play them down, or ridicule them.

It's free, it has fast servers, it doesn't ask questions of you. It's a godsent!

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

Wired is soft paywall. Subscribe, use Reader mode, Firefox (forks) with UBlock Origin, or clear cookies

via @kuketzblog@social.tchncs.de:

The #UnplugTrump series is now in English – spread the word and let it roll like a wave across the Fediverse! 🌊 👇

https://www.kuketz-blog.de/unplugtrump-free-yourself-digitally-from-trump-and-big-tech/

#UnplugTrump #privacy #security #GAFAM"

https://social.tchncs.de/@kuketzblog/114572938988438124