privacy

Denmark plans to become the first country in the world to give its citizens copyright over their faces and voices in an effort to clamp down on “deepfakes” — videos, audio clips and images that are digitally doctored to spread false information.

cross-posted from: https://lemmy.world/post/32187260

Just a heads up for those who are using GrapheneOS. If you log into 2 (google or other) accounts on an installed app even on different profile, the service provider will still be able to link between your 2 accounts using MediaDRM. (Google will still know that both of the 2 accounts have been logged in on the same device)

More info:

• https://discuss.grapheneos.org/d/18315-how-can-an-app-identify-that-it-was-reinstalled-on-the-same-device
• https://discuss.grapheneos.org/d/9023-mediadrm-identifier

cross-posted from: https://lemmy.world/post/32191588

Should I enable WIFI scanning / Bluetooth scanning / Network Location under setting->location->location services?

Which one would help me navigate inside a building or underground using open source maps?

I haven't tested yet, does google map requires any of those location services enabled to work? Should I just use google map in vanadium?

thanks a lot

cross-posted from: https://lemmy.world/post/32238479

privacy issue log into multiple google account in thunderbird

What information I might leak to google server if I issue log into multiple google account in thunderbird? ip of course but what else might be collected? It would be really great if someone could clarify whether the information below will be send to google when using their email service even through Thunderbird

• device name
• device model
• ...

My main concern is that google will be able to know that I have logged into the same device with different accounts.

In addition, I plan to use VPN when using one google account but not the others. This can be achieved through profiling, but is there an option that I can simply manage all the accounts in one app but without my ip address being collected by several specific email service provider corresponding to several specific email?

thanks a lot!

Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple’s App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad tracking and targeting.

It was a fortuitous coincidence.

Psylo for iOS and iPadOS was created by Mysk, a Canada-based app biz run by software developers and security researchers Talal Haj Bakry and Tommy Mysk.

“Psylo stands out as it is the only WebKit-based iOS browser that truly isolates tabs,” Tommy Mysk told The Register. "It’s not only about separate storage and cookies. Psylo goes beyond that.

“This is why we call tabs ‘silos.’ It applies unique anti-fingerprinting measures per silo, such as canvas randomization. This way two Psylo tabs opening the same website would appear as though they originated on two different devices to the opened website.”

cross-posted from: https://lemmy.world/post/31889457

Please see the cross-post as it is updated.

Could Windows and installed apps upload all my personal files?

Dear all

I have deleted Onedrive and disabled File system access in Privacy.

1. I would like to know, which other ways that my personal files could be uploaded in a non-malicious non-hacker way?
2. Just by using Windows, Microsoft could upload all my personal files to themselves if they would?
3. Does every installed App / software have full access to my whole drive? How can I found out, how much access it has?

Thank you for your interest and reply

Best regards

@Rikudou_Sage@lemmy.world

Yes, every application has access to everything. The only exception are those weird apps that use the universal framework or whatever that thing is called, those need to ask for permissions. But most of the apps on your PC have full access to everything.

And Windows does collect and upload a lot of personal information and they could easily upload everything on your system. The same of course applies for the apps as well, they have access to everything except privileged folders (those usually don’t contain your personal data, but system files).

cross-posted from: https://lemmy.world/post/31889457

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31887590

Please see the cross-post as it is updated.

What is the difference between Chameleon and JShelter?

• Chameleon – Get this Extension for 🦊 Firefox Android (en-US)
  • Chameleon is a WebExtension port of the popular Firefox addon Random Agent Spoofer.
• JShelter – Get this Extension for 🦊 Firefox Android (en-US)
  • JShelter is a browser extension to give back control over what your browser is doing. A JavaScript-enabled web page can access much of the browser's functionality, with little control over this process available to the user: malicious websites can uniquely identify you through fingerprinting and use other tactics for tracking your activity. JShelter aims to improve the privacy and security of your web browsing.
  • Like a firewall that controls network connections, JShelter controls the APIs provided by the browser, restricting the data that they gather and send out to websites. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the precision of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system or hardware.

JShelter seems to spoof info by controls the APIs provided by the browser? and Chameleon spoofs user agent and many other information.

To me both seems to serves the same purpose of spoofing. Is Chameleon spoofing without interfering with js and JShelter spoofing with interfering with js the main difference between them? In addition JShelter seems to be able to block malicious js

How JShelter and Chameleon achieves spoofing differently?

cross-posted from: https://lemmy.world/post/31887590

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31789847

Browser Timezone & Privacy Concerns

How can I hide my "timezone" from sniffing sites?

From my understanding, websites can access both the timezone of my browser (without using javascript) and the timezone of my local machine (using javascript). my question being

• If a website has access to my local machine's timezone, does it mean it has access to other information on/about my local machine?
• According to Privacy - How can I hide my "timezone" from sniffing sites? - Super User, we must disable JavaScript to block timezone access. However disabling javascript is not really feasible as it breaks most of websites. Is there a workaround that allows us to block JavaScript from running specific commands?
• Maybe my understanding of JavaScript is incorrect, but if a website has the privilege of running any program on my computer through the web browser, it can retrieve all the information it needs. If I don't disable JavaScript while using the browser, I don't see the point in resisting fingerprinting, like spoofing my device info.

appreciate any help!

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.sdf.org/post/37068051

Archived

Pros:

• Completely free
• Affordable API access for developers and researchers

Cons:

• Doesn’t keep your data safe
• Occasionally incorrect
• No deep research, image generation, or voice mode features
• Slow responses
• Obvious censorship

TL;DR: Mozilla is now enforcing data collection as a pre-requisite to access new features in Firefox Labs. This is backed by the Terms of Use that Mozilla introduced a few months ago.

Hello,

Im not terribly adept at this, but I got yt.dlp working. There is one age gated video Ive been wanting to watch. I tried inputing the credentials for a verified youtube account, and I got an error message with

"log in with password is not supported for youtube." Then listed error 7271, could not copy chrome cookie data, which I thought was weird, because I dont have chrome and was not using it as the browser.

Am I missing something? Or is this functionality no longer available, at least for the time being?

cross-posted from: https://lemm.ee/post/67010658

Somewhat buried source that Newsweek is using: https://istories.media/en/stories/2025/06/10/telegram-fsb/

Law enforcement’s ability to track and profile political protestors has become increasingly multifaceted and technology driven. In this edition of Incognito Mode WIRED Senior Editor, Security & Investigations Andrew Couts and WIRED Senior Writer Lily Hay Newman discuss the technologies used by law enforcement that put citizens' privacy at risk—and how to avoid them.

Hello, I want to use a PGP key with my Proton mail account.

I was wondering how using PGP works exactly. Does it encrypt the whole email message? Or is it only a signature to prove it's origin?

How does it affect recipients if they don't have my public key? Or how do I share that key securely?

cross-posted from: https://lemmy.sdf.org/post/36376926

Archived

On June 4, during a meeting with government officials, Vladimir Putin stated that all public services must be moved to the national messenger app called Max. According to Minister of Digital Development Maksut Shadayev, the multiplatform system is already operational.

[...]

The Max app — a Russian equivalent of China’s WeChat — was unveiled by the tech giant VK in late March. At present, it features a messenger, a chatbot builder, a payment system, and mini-apps. On June 5, VTB’s digital bank launched on the platform.

To register, a Belarusian or Russian SIM card is required — which, as The Insider noted, foreigners can no longer obtain without submitting biometric data.

As stated in the Max app’s privacy policy, the platform will collect data on:

• user devices
• IP address
• operating system
• browser
• location
• internet provider
• contacts from the address book
• all user activity within the service
• information obtained through the camera or microphone, if the user grants the app access (most users will, for example, in order to record voice messages)

Other messaging apps collect such data as well, but there's a catch. The Max app's privacy policy explicitly states that it may share this data with the “company's partners” as well as with “any government or local authority.”

[...]

crosspostato da: https://lemmy.sdf.org/post/36247127

Archived

A newly emerged threat actor, going by the alias “Often9,” has posted on a prominent cybercrime and database trading forum, claiming to possess 428 million unique TikTok user records. The post is titled “TikTok 2025 Breach – 428M Unique Lines.”

The seller’s post, which appeared on the forum [on May 29, 2025], promises a dataset containing detailed user information such as:

• Email addresses
• Mobile phone numbers
• Biography, avatar URLs, and profile links
• TikTok user IDs, usernames, and nicknames
• Account flags like private_account, secret, verified, and ttSeller status.
• Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts.

[...]

crosspostato da: https://lemmy.sdf.org/post/36242205

Archived

• Hundreds of millions of users are likely exposed.
• Data leak contained billions of documents with financial data, WeChat and Alipay details.
• The Cybernews research team believes the dataset was meticulously gathered and maintained for building comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen.

The supermassive data leak likely exposed hundreds of millions of users, primarily from China, the Cybernews research team’s latest findings reveal. A humungous, 631 gigabytes-strong database was left without a password, publicizing mind-boggling 4 billion records.

Bob Dyachenko, cybersecurity researcher and owner at SecurityDiscovery.com, together with the Cybernews team, discovered billions upon billions of exposed records on an open instance.

[...]

The database consisted of numerous collections, containing from half a million to over 800 million records from various sources. The Cybernews research team believes the dataset was meticulously gathered and maintained for building comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen.

“The sheer volume and diversity of data types in this leak suggests that this was likely a centralized aggregation point, potentially maintained for surveillance, profiling, or data enrichment purposes,” the team observed.

There’s no shortage of ways threat actors or nation states could exploit the data. With a data set of that magnitude, everything from large-scale phishing, blackmail, and fraud to state-sponsored intelligence gathering and disinformation campaigns is on the table.

[...]

The team managed to see sixteen data collections, likely named after the type of data they included.

The largest collection, with over 805 million records, was named “wechatid_db,” which most likely points to the data coming from the Baidu-owned super-app WeChat.

[...]

The second largest collection, “address_db,” had over 780 million records containing residential data with geographic identifiers. The third largest collection, simply named “bank,” had over 630 million records of financial data, including payment card numbers, dates of birth, names, and phone numbers.

Possessing only these three collections would enable skilled attackers to correlate different data points to find out where certain users live and what their spending habits, debts, and savings are.

Another major collection in the dataset was named in Mandarin, which roughly translates to “three-factor checks.” With over 610 million records, the collection most likely contained IDs, phone numbers, and usernames.

[...]

"Individuals who may be affected by this leak have no direct recourse due to the anonymity of the owner and lack of notification channels,” the team noted.

China-based data leaks are hardly new. We [Cybernews] ourselves have previously written about a data leak that exposed 1.5 billion Weibo, DiDi, Shanghai Communist Party, and others’ records, or a mysterious actor spilling over 1.2 billion records on Chinese users. More recently, attackers leaked 62 million iPhone users’ records online.

[...]

cross-posted from: https://lemmy.sdf.org/post/36106116

Archived

[...]

According to the measures, introduced by the Ministry of Public Security (MPS), each internet user in China will be issued with a unique “web number,” or wanghao (网号), that is linked to their personal information. While these IDs are, according to the MPS notice, to be issued on a strictly voluntary basis through public service platforms, the government appears to have been working on this system for quite some time — and state media are strongly promoting it as a means of guaranteeing personal “information security” (信息安全). With big plans afoot for how these IDs will be deployed, one obvious question is whether these measures will remain voluntary.

[...]

The measures bring China one step closer to centralized control over how Chinese citizens access the internet. The Cybersecurity Law of 2017 merely stipulated that when registering an account on, say, social media, netizens must register their “personal information” (个人信息), also called “identifying information” (身份信息). That led to uneven interpretations by private companies of what information was required. Whereas some sites merely ask for your name and phone number, others also ask for your ID number — while still others, like Huawei’s cloud software, want your facial biometrics on top of it.

[...]

Beyond the key question of personal data security, there is the risk that the cyber ID system could work as an internet kill switch on each and every citizen. It might grant the central government the power to bar citizens from accessing the internet, simply by blocking their cyber ID. “The real purpose is to control people’s behavior on the Internet,” Lao Dongyan cautioned last year.

[...]

Take a closer look at state media coverage of the evolving cyber ID system and the expansion of its application seems a foregone conclusion — even extending to the offline world. Coverage by CCTV reported last month that it would make ID verification easier in many contexts. “In the future, it can be used in all the places where you need to show your ID card,” a professor at Tsinghua’s AI Institute said of the cyber ID. Imagine using your cyber ID in the future to board the train or access the expressway.

[...]

While Chinese state media emphasize the increased ease and security cyber IDs will bring, the underlying reality is more troubling. Chinese citizens may soon find themselves dependent on government-issued digital credentials for even the most basic freedoms — online and off.