It's a slippery slope. I mean, I want a new job. But at the same time, I don't want all that info out there. What says you?

Heya, I found how you can digitally sign and encrypt emails! (It even gives them a cool icon for others to see!), and I haven't seen anything about it before so I thought I'd share how I did it!

Do you also want to send encrypted emails and sign them? Just follow these few steps!

But beforehand, let's define some terms :

• Signed email : Email with a valid numerical signature. Anyone can read it and know it has not been modified since it was sent.

• Encrypted email : Email encrypted with the recipient's public key. They can decrypt it with their private key

• S/MIME certificate : A .p12 file containing your private key (So keep it for yourself and don't send it to anyone!!) and your public key.

Okay, now it's time to...

Start the setup (Obtain an S/MIME certificate)

• You'll need to ask to an authority for a certificate. Personally I use Actalis because they give free certificates for multiple email addresses, valid for a year (you need to redo the setup every year). If you don't want to use Actalis, more info is avilable here.
• Don't forget to put the website in english if you don't understand italian.
• Go on the page to request an S/MIME certificate, create an account and follow the setup. The verification email can take a little while (~2min)
• When the setup ends, you'll have a valid certificate in your dashboard (It can take a few minutes to appear if you just verified it) that you can download, and a password that Actalis emailed you to enable your certificate.

Install the certificate

• Download the .p12 file, then open it, type your password, and leave the default options to install the certificate on your device (Android or PC, on Android pick "For VPN and apps"). Don't delete your old one, so you can still decrypt old messages sent on the expired certificate
• Use an S/MIME compatible email client. On PC, there is Thunderbird, on Android, FairEmail.
• In your email client settings, importer the S/MIME certificate pofor signing AND encrypting your messages. It changes depending on your client, so here it is for Thunderbird :
  • In the top-right menu, go to Account settings, End-to-end encryption, underS/MIME click on Manage S/MIME certificates, Import and pick your.p12 file. Then, pick Select a certificate, and pick yours from the tab "Your certificates".

An image is worth a thousand words (Sorry for the french)

Don't forget to check the box to sign and/or encrypt every message just below, if you want!

Communicate with someone

Once this is done, here is how you can communicate...

• ...While signing your messages :

It's easy, just click on "Sign" before sending. Usually, email clients show a small medal next to your name to show the email is signed.

• ...While encrypting your messages :

For that, you'll need your recipient's public key. They needs to send you a signed message (not encrypted, since you don't have each other's key at this point) where you can get their public key from their signature, and add it to your email client, which will allow you to encrypt messages you send to them. Then, send them a signed email (you can encrypt it) so they can get your public key and add it to their client, and then you'll be able to exchange encrypted emails!

I'm not an expert and probably made a few mistakes, if you spot any please tell me in the comments and I'll try to fix the guide!

I'm in the US and poor (shocker) and cannot afford a new phone. Are there any alternatives to base Android that I'm unaware of? There's an article on how to switch it to LineageOS, but I feel like that is a brick waiting to happen since I've been to LineageOS' page and they mention nothing about support for my device. Am I just SOL until I can manage to get a new phone?

I’m moving from iPhone to a pixel/graphene. I currently have an Apple Watch and got into the habit of leaving my phone on my desk (WfH) and relying on the watch to let me know if I get a notification. I don’t really want/care about fitness tracking or even responding to messages and calls. Is there a watch/bracelet that will just alert me to a notification?

I am new to using Monero. What are the rules to moving anon. and safe with Monero. Safest exchanges, Wallets, and sources to spend online would be ideal. How does one turn cash into crypto. Debit cards possible or surrogate spenders?

Hello there, are there any FOSS Android apps out there that serve as both a reader and a vault for PDFs? I want to be able to encrypt the PDF files and decrypt+read them with a single vault password.

I could just encrypt PDF files separately using the same password, but it's not really that convenient having to go through several PDFs tbh.

I want to store the PDFs on the storage of my phone.

UPDATE: Safe Space is exactly what I needed, ty @chemicalwonka@discuss.tchncs.de, will provide a review of the app later

Hi,

Trying to move group chat from telegram to a more private option, but the key feature is its web interface which is so convenient...

I've checked SimpleX, Session, Briar & Element-Matrix, but the first 3 do not have a web version and the latest only has a free version for self-hosting and I haven't looked into self-hosting yet.

I'd completely understand if what I'm looking for doesn't exist for free, but if anyone has a suggestion here, I'm interested!

Cheers

In regards to privacy... even when trying to use FOSS-alternatives and F-Droid on Android?

how do they know?

EDIT: Original post seems to have been removed, try this Nitter mirror instead.

Was browsing on the GrapheneOS website and came across a new thing called WebUSB, which is essentially a JS API through which GrapheneOS web installer worked.

This got me wondering, if website could read what's plugged into my computer like my phone or disks, isn't that a huge risk to privacy? I don't know how this works (haven't used it) so I would like to know about its privacy.

AFAIK Firefox doesn't allow this API, so that's a relief (I use librefox), but what about other browsers? I am getting a bit paranoid.

[Also, are there other APIs like these; which are a privacy nightmare that websites could use?]

Search on Telegram is more powerful than in other messaging apps because it allows users to find public channels and bots. Unfortunately, this feature has been abused by people who violated our Terms of Service to sell illegal goods.

To further deter criminals from abusing Telegram Search, we have updated our Terms of Service and Privacy Policy, ensuring they are consistent across the world. We’ve made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests.

I never asked for a credit score. I don't use credit. They have made it very clear breach sfter breach that I don't want them to have my data. How do I remove myself from credit data agencies?

SS7 is vulnerable to attack. However, the types off attacks on the video don't affect Signal as it requires a pin. (Make sure you set your pin to something strong and secure)

Fingerprinting isn't always possible to defeat, and its not always possible to avoid making accounts (work and school accounts)

However, it should be possible to fill up tracked data with meaningless garbage and reduce the signal-to-noise ratio. Ex: a bot that browses random products on amazon to reduce profiling accuracy.

Do you guys know of any tools that do this? Anything from browser extensions to command line scripts, to anonymous group-accounts.

I'm entertaining the idea of starting a digital privacy and security blog. As a matter of fact, I am self hosting it right now, but mainly for friends, family and acquaintances. It's super basic, more rants than articles honestly, 🤣

Since the only 2 social networks I have are Lemmy and Mastodon, I've been avoiding allowing sharing to Facebook, Twitter and other mainstream SNs.

My wife thinks I should just host it on a cloud and share it everywhere with the argument of, and I quote, "the platforms you use are already full of people as paranoid as you. If you really want to bring your knowledge and experience to others, you should allow us to share to the platforms full of people oblivious to the dangers you constantly slam us with" (which is absolutely true. I'm a thorn on their side, lol.

What do you guys think? Should I add features to share to those places? Would you if it was you? Under no circumstances will I post on any of them, and if I allow to share from my blog, my inner circle would be the one doing the sharing.

I do want to help spread our gospel, but I think that most people in those platforms are just to far gone to even care. I don't even know what to think anymore. I've only written 2 articles so far anyway, so it's not like I'd be the New York Times of privacy or anything.

My threat model is against mass surveillance. This is one of the hardest threat models to defend against and to justify, because (at least here in the US), mass surveillance has become normalized. I've heard people directly tell me that "privacy is weird." I'm not here to shoot down the Nothing to hide argument literally labelled on Wikipedia as "a logical fallacy," instead, I want to take my own approach to show just how unnatural mass surveillance is.

Picture this: Your best friend tells you that he heard rumors that someone put cameras in your house and was actively spying on you. That is super creepy, but you brush it off and say that nobody would do that, because who would care that much about you? However, when you get home, you look around and find multiple dozen hidden cameras everywhere. Think about how you're feeling right now, knowing that you're being watched. Even though you know that you're being watched, but have no idea who has been watching you, what they have seen, or how long they've been watching you, it's disillusioning and creepy to find out that what your friend said was true.

Then, you do some digging online and find out that everyone in your neighborhood is also being watched. Oh, it's fine then, right? Suddenly it's much better that you're not alone. No! More surveillance is not a good thing. People fall into the false belief that as long as it's not targeted surveillance or a personal attack that it's suddenly fine, that you will just blend in with the noise. Your data is valuable, and spying in any capacity is NOT normal. Remember: The situation never changed, you are still being watched, you just found out that not only you, but everyone around you is also being spied on.

You still have no idea who is watching you, and it's even worse to find out that it might not just be one person, that anyone can buy this data for cheap. Data like this can be used to stalk you, drain your bank account, read intimate personal texts, rig elections, manipulate you into buying things you never intended to buy, and so much more. This is the state of mass surveillance and it needs to stop. It's not a conspiracy, the dystopia is today.

Mass surveillance is not normal. Privacy also isn't normal: it's a right, instead.

cross-posted from: https://lemmy.world/post/19944734

KANSAS CITY, Mo. (KCTV) - A sight previously thought to be science fiction is very real at a southeast Kansas City shopping center. Instead of a police officer, a security robot has been patrolling sidewalks and shoppers are taking notice.

Since Marshall the robot has been on the job, shoppers say the experiences have completely changed when they come to these stores. The robot can spend 23 hours a day monitoring the parking lot from all angles which gives people a new sense of protection and ease they don’t always have when out.

Marshall took over security at Brywood Centre in April. Before that, Karen White noticed a lot of trouble outside the shopping center.

“Sometimes it’d be concerning for your car like someone could take it or something,” White said.

Knowing now that Marshall is always watching, the risk of crime does not worry her or others as much.

“It made it very better, like you can’t be in the parking lot without seeing the robot,” White continued. “So, I think it scared them off.”

We all know how awful most modern websites are in terms of bloat, javascript and tracking. Not only that, but designing and maintaining web-browsers has become such a gigantic undertaking (almost the size of an operating system), that only a few companies have the resources to do it (google and mozilla, and mozilla might not hold on for much longer).

These alternative protocols offer a minimal set of features, and are trying to get back to what the web should've been: static content with images, text, and links, with local applications filling the void for anything more complicated than that.

Lets say I wanted a privacy-friendly way to view a page on a news site. I could:

• Copy the URL of the page
• Open some tool, (or website, anything), paste that url.
• It converts the content in the url to the necessary privacy-friendly alternative format, and I can view it with my gopher/gemini browser (or even maybe a markdown viewer).

I know there are a few html -> markdown converters that can do the last step.

Does anyone know if this would work?