Privacy

1112 readers
829 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be nice, civil and no bigotry/prejudice.
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
  3. Stay on topic.
  4. Don't promote proprietary software.
  5. No crypto, blockchain, etc.
  6. No Xitter links. (only allowed when can't fact check any other way, use xcancel)
  7. If in doubt, read rule 1

Related communities:

founded 3 months ago
MODERATORS
1
 
 

cross-posted from: https://lemmy.dbzer0.com/post/36880616

Help Combat Internet Censorship by Running a Snowflake Proxy (Browser or Android)

Internet censorship remains a critical threat to free expression and access to information worldwide. In regions like Iran, Russia, and Belarus, journalists, activists, and ordinary citizens face severe restrictions when trying to communicate or access uncensored news. You can support their efforts by operating a Snowflake proxy—a simple, low-impact way to contribute to a freer internet. No technical expertise is required. Here’s how it works:


What Is Snowflake?

Snowflake is a privacy tool integrated with the Tor network. By running a Snowflake proxy, you temporarily route internet traffic for users in censored regions, allowing them to bypass government or institutional blocks. Unlike traditional Tor relays, Snowflake requires minimal bandwidth, no configuration, and no ongoing maintenance. Your device acts as a temporary bridge, not a permanent node, ensuring both safety and ease of use.


Is This Safe for Me?

Short answer: Yes.

Long answer: pobably. Here is why:

  • Your IP address is not exposed to the websites they access. So, you don't have to worry about what they are doing either. You are not an exit node.
  • No activity logs. Snowflake cannot monitor or record what users do through your connection. The only stored information is how many people have connected to your bridge. Check docs for further info on this.
  • Low resource usage. The data consumed is comparable to background app activity—far less than streaming video or music.
  • No direct access to your system
  • No storage of sensitive data. Snowflake proxies do not store any sensitive data, such as IP addresses or browsing history, on your system.
  • Encrypted communication. All communication between the Snowflake proxy and the Tor network is encrypted, making it difficult for attackers to intercept or manipulate data.

You are not hosting a VPN or a full Tor relay. Your role is limited to facilitating encrypted connections, similar to relaying a sealed envelope.

Your IP address is exposed to the user (in a P2P-like connection). Be mindful that your ISP could also potentially see the WebRTC traffic and the connections being made to it (but not the contents), so be mindful of your threat model.

For most users, it is generally safe to run Snowflake proxies. Theoretically, your ISP will be able to know that there are connections being made there, but to them it will look like you're calling someone on, say, Zoom.

Historically, as far as we know, there haven't been any cases of people getting in legal trouble for running entry relays, middle relays, or bridges. There have a been a few cases of people running exit nodes and getting in trouble with law enforcement agencies, but none of them have been arrested or prosecuted as far as I know it. If you are aware of any cases, let me know so I can update this post.

Do not hesitate to check Snowflake's official documentation for further reference and to make informed decisions.


How to Set Up a Snowflake Proxy

Option 1: Browser Extension (Brave, Firefox, or Chrome)

  1. Install the Snowflake extension.
  2. Click the Snowflake icon in your browser toolbar and toggle "Enable Snowflake."
  3. Keep the browser open. That’s all.

Note: Brave users can enable Snowflake directly in settings. Navigate to brave://settings/privacy and activate the option under "Privacy and security."


Option 2: Android Devices via Orbot

  1. Download Orbot (Tor’s official Android app).
  2. Open the app’s menu, select "Snowflake Proxy," and toggle it on.
  3. For continuous operation, keep your device charged and connected to Wi-Fi.

Your device will now contribute as a proxy whenever the app is active.


Addressing Common Concerns

  • Battery drain: Negligible. Snowflake consumes fewer resources than typical social media or messaging apps.
  • Data usage: Most users report under 1 GB per month. Adjust data limits in Orbot’s settings or restrict operation to Wi-Fi if necessary.

Why Your Participation Matters

Censorship mechanisms grow more sophisticated every year, but tools like Snowflake empower ordinary users to counteract them. Each proxy strengthens the Tor network’s resilience, making it harder for authoritarian regimes to isolate their populations. By donating a small amount of bandwidth, you provide someone with a critical connection to uncensored information, education, and global dialogue.

Recent surges in demand—particularly in Russia—highlight the urgent need for more proxies. Your contribution, however small, has an impact.

By participating, you become part of a global effort to defend digital rights and counter censorship. Please, also be mindful of your threat mode and understand the potential risks (though very little for most people). Check Snowflake's official documentation for further reference and don't make any decisions based on this post before taking your time to read through it.

Please share this post to raise awareness. The more proxies, the stronger the network.

– llama

2
59
submitted 4 weeks ago* (last edited 4 weeks ago) by shaytan@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com
 
 

It's hard to make the full switch towards a more private life, but switching your mail already fixes a big underlying issue: that being, Google or other companies having access to all your emails. So, I'll cover the basics of making your online mailing more private.

Switching Mail Providers:

Your email is a big part of your online footprint and helps you keep track of your online identity. So, in order to keep that to yourself, I encourage leaving services like:

"Gmail" or "Outlook",

for others like:

"ProtonMail" or "Tutanota".

This is already a big step towards keeping all your emails private and safe. Both of these are free and respect your privacy on their free tier, but expand in features with paid plans. This takes time, as you have to switch your email on most accounts to this new email.

For the best privacy, you should delete most accounts and create new ones with this new email or with aliases. Some people, like myself, prefer to have multiple emails over aliases. For example:

  • "something.banking11231@provider.me" -> For banking and finance
  • "something.social12312@provider.me" -> For social media
  • "general.use@provider.me" -> For casual and responsible internet use
  • "something.trash21412@provider.me" -> For crappy websites or similar uses

(Self-hosting your own mail domain is possible, but it’s a harder process, and custom domains are not always accepted or reliable.)

(You should keep your old email for a year or so to make sure no important service was left behind locked to that email. Once that's done, you can delete the account.)

Tips:

If you can, you should try expanding your protocol with this:

  • Adding 2FA to any online website, especially email. I use ~~"Authy" ~~for this. -> Better use Aegis, good app!

  • Switching your browser to something like "Librewolf".

  • Switching to a password manager like "Proton Pass" or "1Password".

  • Encourage your close family to do the same once you're comfortable with the process.

  • Switch social media to private alternatives.

  • If you take any efforts to switch browser or install Aegis, try to use "F-droid", or even better, "Droidify". These being a FOSS app store, and a good Material alternative frontend. For apps not in here, consider "Aurora store", a more private **"Play store" **alternative

This is about it for me, quick posts from class, feel free to add into this topic bellow.

Edit:

Important additions after reading the comments:

  • Proton is a bit disencouraged by some for some political views published by the CEO under proton's account and image. They backed down, and I believe it isn't something too bad as for users to leave such a good privacy oriented suite of apps. I encourage anyone who cares about this topic to research before making the switch.

  • Mail is not 100% private with any option, and shouldn't be used for highly sensitive information. For that use end to end encrypted apps well respected, like "signal". Still is best to just don't send very sensitive information online.

  • As a comment pointed, for a mail to be as private as possible, both the sender and reciever should have a private mail, otherwise you can be private but the other person would still be having your mail conversations stored under "gmail" or similar.

Sorry if this post didn't give the best newbie advice, I tried to track back some of my old knowledge, but I'll take more time to research the next time. Take care and stay private!

3
22
submitted 3 hours ago* (last edited 3 hours ago) by CosmicTurtle0@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com
 
 

TL;DR:

  • "all rights" has been replaced with "rights necessary"
  • Overall language of "operate Firefox" still remains, with a link to their Privacy Notice.
  • "nonexclusive, royalty-free, worldwide license" remains, but is explicitly limited to "the purpose of doing as you request with the content you input in Firefox"
  • Removed references to their Acceptable Use Policy

Details from a developer and FOSS advocate POV:

This is not enough.

Mozilla has yet to comment on why this change was necessary, outside of some vague "legally we have to" language. While these updated Terms shift more control back to the user, it's simply not enough. The only reason Mozilla would need any sort of license from the user is if they are going to be doing something with it on their systems. Any local use is and continues to be fully covered by the Mozilla Public License, which is the current license used by Firefox.

The MPL includes an indemnity and liability clause, which protects Mozilla from anything you might do with their browser. I can't think of a single FOSS license that doesn't include these clauses.

Controlling an application within the confines of your local device does not require the application to have a license to your content. It is, from a legal perspective, a tool you are using to do your own stuff. We don't give chisels manufactures a license for statues we make, notebook companies licenses for stories we write. And on the other side of that coin, no one sues Mozilla or Google because someone accesses The Pirate Bay or fmovies using the browser.

But let's take Mozilla at their word for a second. Suppose there was a legal reason for licensing your data.

Does Mozilla intend to force the websites you visit to agree to their terms? There are two sides to the connection you make on a website. For the sake of argument, say I'm visiting Disney+, another company super picky about their copyrights. I enter "www.disneyplus.com" into my browser, agreeing to Mozilla license provision. In order to "operate Firefox", the license allows Firefox to go to Disney+, who then responds back with their catalog. If Mozilla needs a license from me for my data, surely they need a license from Disney for their data to "operate Firefox".

In what world do you think Disney is going to grant Mozilla a "nonexclusive, royalty-free, worldwide license"? Their argument for any sort of licensing being necessary falls flat with this example right here.

Quick Edit here: their TOU assumes that you are the only license holder of content you upload using the browser. You cannot grant licenses to other people's content. So, in essence, you cannot upload a picture taken by your friend and if you do, the nature of these Terms allows your friend to sue Mozilla for copyright infringement. The very nature of asking for this license exposes them to liability for violations against copyright. Most websites have a clause that says something along the lines of "you agree that you have permission to share the content you upload to our servers and grant us a license to use that content as if it were you own" etc.

This isn't about your data within the local browser. This is about your data flowing through Mozilla. That's why they need the license. Their additional clause "This does not give Mozilla any ownership in that content" does absolutely nothing. A license, by it's nature, means that Mozilla doesn't own the content and seeks your permission to use it.

To Mozilla's credit, they removed references to their Acceptable Use Policy, but remains in place their ability to terminate your license to use Firefox for any reason, keeping Firefox firmly in the "Source Available" category.

Each person will need to decide whether Firefox fits in within their personal use of the internet. I, for one, am tired of my content being used without my express permission. My goal is to move to Waterfox by the end of March, if not sooner.

4
5
6
 
 

cross-posted from: https://infosec.exchange/users/thenexusofprivacy/statuses/114084624503739574

Universities nationwide used pro-Palestine protests to expand surveillance

"In the aftermath of pro-Palestinian encampments last year, colleges across the country announced new policies that effectively ban many forms of protest. In addition to chilling dissent, the new university rules also allow for campus surveillance and overreach by law enforcement. "

https://prismreports.org/2025/02/26/universities-pro-palestine-protests-surveillance/

#surveillance #privacy #protest

7
 
 

cross-posted from: https://programming.dev/post/26136291

Mozilla has just deleted the following:

“Does Firefox sell your personal data?”

“Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. "

Source: Lundke journal.

8
 
 

Mozilla deletes promise to never sell Firefox data.

9
10
 
 

cross-posted from: https://lemmy.sdf.org/post/30014811

cross-posted from: https://lemmy.sdf.org/post/30014783

U.S. Federal Trade Commission urged to investigate Google’s RTB data in first ever complaint under new national security data law.

Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by Enforce and EPIC. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.

The complaint (open pdf) targets a major part of Google’s business: Google’s Real-Time Bidding (RTB) system dominates online advertising, and operates on 33.7 million websites, 92% of Android apps, and 77% of iOS apps. Much of Google’s $237.9 billion advertising revenue is RTB.

Today’s complaint reveals that Google has known for at least a decade that its RTB technology broadcasts sensitive data without any security, according to internal Google discussions highlighted in today’s complaint.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls (example) to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. Even Google’s so called “non personalized” data contains dangerous data.

[...]

11
12
 
 

cross-posted from: https://lemmy.blahaj.zone/post/22523265

There’s a reason that cookies and privacy policies (in the EU at least) have become such an online nuisance. These assurances of your safety and privacy are nothing more than a pretext to get consent. Your “anonymised” data is sold to an infinite regress of third parties, analysed, correlated and de-anonymised again. Any smart device you use, your browsing habits, banking transactions, your GPS position are all used to deduce fine grain information about you. Then weaponised against you for as much profit as possible.

13
14
15
 
 

The 2024 Tesla Model 3 has some of the most advanced navigation, autonomous driving, and safety features currently on the market, meaning it’s full of equipment that can record and track your surroundings—and you. How much data does Tesla collect? Where is it stored? And can you trust them to protect your sensitive information? WIRED decided to investigate.

16
 
 

cross-posted from: https://lemm.ee/post/56769139

cross-posted from: https://sopuli.xyz/post/23170564

17
 
 

cross-posted from: https://lemmy.blahaj.zone/post/22470723

The DHS quietly updated its policy manual earlier this month, removing LGBTQ+ identities from the section prohibiting surveillance based solely on immutable characteristics.

18
19
 
 

From the new terms:

When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

20
 
 

*With ‘better’ I mean that an encrypted solution is adequate in these cases because the mails are on other servers, and the companies/servers depend on the jurisdiction where they are located. But by hosting a mail server at home, even unencrypted, we are 100% in control of our data.

PS: is there a self-hosting mail server solution that stores everything encrypted? I already self-host almost everything I use, but not email.

21
 
 

It may seem like AI chatbots are taking over every digital application, whether we like it or not. You might have noticed more AI note-taking bots in online conferencing platforms, some of which offer end-to-end encryption (E2EE). Then Apple Intelligence plans were announced, promising application redesigns to offer AI features across its phone and laptop operating systems. The latest changes have come from Meta AI’s integration in WhatsApp, replete with “bots nobody wants.”

Any time new features are added to an E2EE messaging app, it raises concerns about privacy and security. So, what concerns are raised by the addition of AI bots? How can we evaluate those concerns? As AI becomes more embedded into encrypted services, is it possible to resolve the tension between the privacy users expect from E2EE and the data access needed for AI functionality? With our colleagues at Cornell and NYU, we set out to answer these questions.

We uncovered several facets of this question from both a technical and legal perspective and published a paper laying practical recommendations for E2EE messaging platforms and regulators. It’s also important that we outline the practical solutions and recommendations for the public. You can read the full preprint paper here.

22
 
 

cross-posted from: https://lemmy.world/post/26088944

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.

She made the claims in an interview with Swedish media SVT Nyheter which reported the government could legislate for a so-called E2EE backdoor as soon as March 2026. It could bring all E2EE messenger apps like Signal, WhatsApp, iMessage, and others into scope.

Whittaker said there is no such thing as a backdoor for E2EE "that only the good guys can access," however.

"Either it's a vulnerability that lets everyone in, or we continue to uphold strong, robust encryption and ensure the right to privacy for everyone. It either works for everyone or it's broken for everyone, and our response is the same: We would leave the market before we would comply with something that would catastrophically undermine our ability to provide private communications."

Sweden launched an investigation into its data retention and access laws in 2021, which was finalized and published in May 2023, led by Minister of Justice Gunnar Strömmer.

Strömmer said it was vital that law enforcement and intelligence agencies were able to access encrypted messaging content to scupper serious crime – the main argument made by the UK in pursuing its long-term ambition to break E2EE.

The inquiry made several proposals to amend existing legislation, including the recommendation that encrypted messaging must store chat data for up to two years and make it available to law enforcement officials upon request.

It would essentially mirror the existing obligation for telecoms companies to provide call and SMS data to law enforcement, as is standard across many parts of the developed world, but extend it to encrypted communications providers.

23
24
 
 

cross-posted from: https://fedia.io/m/firefox/t/1847796

We’re introducing a Terms of Use for Firefox for the first time, along with an updated Privacy Notice.

25
view more: next ›