With over 3 billion users globally, mobile instant messaging apps have become indispensable for both personal and professional communication. Besides plain messaging, many services implement additional features such as delivery and read receipts informing a user when a message has successfully reached its target. This paper highlights that delivery receipts can pose significant privacy risks to users. We use specifically crafted messages that trigger delivery receipts allowing any user to be pinged without their knowledge or consent. By using this technique at high frequency, we demonstrate how an attacker could extract private information such as the online and activity status of a victim, e.g., screen on/off. Moreover, we can infer the number of currently active user devices and their operating system, as well as launch resource exhaustion attacks, such as draining a user's battery or data allowance, all without generating any notification on the target side. Due to the widespread adoption of vulnerable messengers (WhatsApp and Signal) and the fact that any user can be targeted simply by knowing their phone number, we argue for a design change to address this issue.

Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data. The analysis highlights that browser fingerprinting poses a complex challenge from both technical and privacy perspectives, as users often have no control over the collection and use of their data. In addition, it raises significant privacy concerns as users are often tracked without their knowledge or consent.

Disable JavaScript, to bypass paywall.

I have my browser setup to automatically delete cookies after the app is closed. I do this for privacy reasons. I would however like to store some cookie information, but not the rest. Example: Every time I start a new session I am forced to read DuckDuckGo's AI slop as the first result to my search query. I have to manually change site settings every new session and I don't like it. I know that I could allow certain sites to store cookies but I don't want to allow DuckDuckGo to store any other information. Is there any way I could save site settings in a static file that is reloaded every time I open my browser? I use both Chromium and Firefox on linux and android.

New research reveals serious privacy flaws in the data practices of new internet connected cars in Australia. It’s yet another reason why we need urgent reform of privacy laws.

Modern cars are increasingly equipped with internet-enabled features. Your “connected car” might automatically detect an accident and call emergency services, or send a notification if a child is left in the back seat.

But connected cars are also sophisticated surveillance devices. The data they collect can create a highly revealing picture of each driver. If this data is misused, it can result in privacy and security threats.

A report published today analysed the privacy terms from 15 of the most popular new car brands that sell connected cars in Australia.

cross-posted from: https://aussie.zone/post/15432818

Apparently, Bunnings have my face on-file. I don't think I like that.

I accidentally had my forgejo instance open for registration. When I noticed it, there were tons of fake accounts open, with empty repos opened for each account. All of them had emails associated with them. They might've just been trying to annoy me, or maybe there was some plan to be executed later, since they'd have access to basically free storage, without any tracking.

In any case, I have cleaned all of it, and now have a list of 19311 usernames and emails. Maybe I can submit these somewhere for a spam filter? Idk, just curious if there's any point in keeping this list.

Here's the list.

WASHINGTON, Nov 18 (Reuters) - The U.S. Department of Justice will ask a judge to force Alphabet's Google (GOOGL.O), opens new tab to sell off its Chrome internet browser, Bloomberg News reported on Monday, citing people familiar with the plans.

The DOJ will also ask the judge, who ruled in August that Google illegally monopolized the search market, to require measures related to artificial intelligence and its Android smartphone operating system, the report said.

Google controls how people view the internet and what ads they see in part through its Chrome browser, which typically uses Google search, gathers information important to Google's ad business, and is estimated to have about two-thirds of the global browser market.

The DOJ declined to comment. Google, in a statement from Lee-Anne Mulholland, vice president, Google Regulatory Affairs, said the DOJ is pushing a "radical agenda that goes far beyond the legal issues in this case," and would harm consumers.

The move would be one of the most aggressive attempts by the Biden administration to curb what it alleges are Big Tech monopolies.

Ultimately, however, the re-election of Donald Trump to the presidency could have the greatest impact over the case.

Two months before the election, Trump claimed he would prosecute Google for what he perceives as bias against him. But a month later, Trump questioned whether breaking up the company was a good idea.

The company plans to appeal once U.S. District Judge Amit Mehta makes a final ruling, which he is likely to do by August 2025. Mehta has scheduled a trial on the remedy proposals for April.

Prosecutors had floated a range of potential remedies in the case, from ending exclusive agreements where Google pays billions of dollars annually to Apple Inc (AAPL.O) and other companies to remain the default search engine on tablets and smart phones, all the way to divesting parts of its business, such as Chrome and Android operating system.

Because Chrome's market share is so high, it is an important revenue driver for Google. At the same time, when users sign into Chrome with a Google account, Google can offer more targeted search ads.

Google maintains its search engine has won users with its quality, adding that it faces robust competition from Amazon (AMZN.O) and other sites and users can choose other search engines as their default.

The government has the option to decide whether a Chrome sale is necessary at a later date if some of the other aspects of the remedy create a more competitive market, the Bloomberg report said.

A FAQ for questions on how your data is used every day.

Crossposting here as I consider X a threat to both privacy and freedom

I got this reCaptcha on archive.is and it is too ironic not to share.

Mathematical prof that surveillance harms x 1K more than it could potentially help.

Because of crap like this is why I haven't been on any mainstream social media for 7+ years. And where do companies get off going over employees' personal crap anyway? For the record, I believe EVERYONE hates Mondays.

We Need New Troops

You might remember a few months ago I interviewed Phil Zimmermann, the creator of PGP, which became the most widely used email encryption software in the world.

Phil and I spoke about the war against privacy in the early '90s. When Phil published his PGP code as free, open-source software, he wanted to help people protect their privacy. For this, the U.S. government investigated him for three years, claiming he was effectively trafficking munitions.

Phil fought the government alongside a group of hackers and cryptographers known as the Cypherpunks, who stood firm in their belief that privacy is a fundamental human right. Phil laid out this argument in his essay titled Why I Wrote PGP, where he explained that without the ability to communicate privately, democracies slide into autocracies:

“The need for protecting our right to a private conversation has never been stronger. ... Ordinary citizens and grassroots political opposition groups need to protect themselves against these emerging autocracies as best as they can. If an autocracy inherits or builds a pervasive surveillance infrastructure, it becomes nearly impossible for political opposition to organize, as we can see in China. Secure communication is necessary for grassroots political opposition in those societies. …

PGP is good for preserving democracy. If privacy is outlawed, only outlaws will have privacy.”

These early battles, known as the First Crypto Wars (where "crypto" is short for cryptography), were won, and individuals were once again able to exercise their right to privacy in the digital age:

“It has been a long struggle, but we have finally won, at least on the export control front in the US. Now we must continue our efforts to deploy strong crypto, to blunt the effects increasing surveillance efforts on the Internet by various governments. And we still need to entrench our right to use it domestically over the objections of the FBI. PGP empowers people to take their privacy into their own hands. There has been a growing social need for it. That's why I wrote it.”

This essay was written in 1999, and while the battle may have seemed won-and-done at the time, we have since found that it’s ongoing.

Today, there is a massive assault on privacy, with hidden code in our apps tracking our activities, governments skirting checks and balances by purchasing vast amounts of data from brokers, and the normalization of surveillance creating a dangerous complacency around the loss of privacy.

Phil Zimmermann has since realized:

“We are going to need fresh troops.”

Learning From Battles of the Past

We won’t win unless we inspire others to join our cause. During the First Crypto Wars, people were galvanized by rallying cries from pioneers like Phil Zimmermann and manifestos written by Cypherpunks like Tim May and Eric Hughes.

I can’t possibly expect to reach their standards, but I have tried my hand at writing a manifesto. My hope is that it might contribute, in some small way, to encouraging people to join us.

I have also soft-launched a new institute—a nonprofit dedicated to helping people maintain their freedom and dignity in the digital age. I haven’t officially announced it yet (you’ll hear more in the coming months), but our board of advisors is packed with inspiring Cypherpunks who fought these early privacy battles, including Phil Zimmermann himself.

This manifesto may seem intense in a world where surveillance has become normalized. But we need to shift the Overton Window back to a place where individuals are empowered in their own lives. As Phil said in his essay, “There’s nothing wrong with asserting your privacy.”

Here it is. Tell me what you think.

The Priv/Acc Manifesto

A new force is rising in the digital age, a force to reclaim what has been quietly stolen: privacy.

We are the Privacy Accelerationists—driven by a simple conviction that privacy is not optional, but essential for personal freedom. Surveillance capitalism, government overreach, and the culture of data extraction corrode our ability to live freely, think independently, and interact with trust.

The future of privacy is no longer something that can be delayed, debated, or dissected. It must be accelerated—now. The pace of intrusion is relentless; our response must be swifter still. The tools to protect privacy—encryption, decentralized networks, and privacy-enhancing technologies—already exist. But only decisive action can ensure these tools are put into the hands of billions.

We are not radicals for desiring privacy, but because we understand that privacy is power—liberation in a world that seeks to control us. Privacy is rebellion. In a society where thoughts, desires, and behaviors are commodified for control, privacy becomes the means by which we reclaim our lives and identities.

The systems of surveillance—corporate, governmental, and societal—are intertwined, feeding off each other in a symbiotic cycle. But as history shows, even the most entrenched systems are vulnerable to revolution. Cryptography is that revolution. Anonymous transactions, encrypted communications, decentralized data: these are not just theoretical tools but the foundations of a new era.

Governments and corporations will attempt to stop us, justifying endless data collection with claims of “efficiency” or “security.” They will argue privacy is unnecessary in a world where transparency is a virtue. They will say, "If you have nothing to hide, you have nothing to fear."

We reject these premises entirely. Privacy is not about hiding—it’s about choice. The choice of what to reveal, to whom, and when. Without privacy, there is no autonomy; without autonomy, there is no freedom. The acceleration of privacy technology is our only path forward. We do not oppose technology—we champion it. Our fight is against the hijacking of technology to strip away privacy and autonomy. We assert our right to navigate the digital world without the oppressive gaze of surveillance. By embracing technology as a tool for empowerment, we can restore control over personal information to where it belongs—with the individual. This is our moral imperative, our stand for a future where freedom and technology coexist.

The systems of control thrive on complacency and apathy. We are here to disrupt that cycle. We will accelerate the adoption of privacy-enhancing technologies—not as a slow reform, but as a revolution. Code is our weapon, and knowledge our shield. We build not for governments or corporations, but for people.

Privacy is the cornerstone of an open society in the digital age. To build that society, we will work with cryptographers, developers, activists, and everyday users. We will create networks that resist censorship, tools that ensure anonymity, and communities that defend privacy at all costs.

We will not wait for permission. We will not apologize for defending our right to exist unobserved. We are not products. We are not data points. We are free individuals.

Join us, or stand aside. Privacy will not wait.

Onward.

Privacc.org

Post got deleted, posts removed...

cross-posted from: https://lemmy.ca/post/33165280

I got a copy of the text from the email, and added it below, with personal information and link trackers removed.

Hello [receiver's name],

I’ve long dreamed about working for Mozilla. I learned how to send encrypted e-mail using Mozilla Thunderbird, and I’ve been a Firefox user since almost as long as I can remember. In more recent years, I’ve been an avid follower of Mozilla’s advocacy work, and was lucky enough to partner with Mozilla on investigative journalism in my last job.

In many ways, Mozilla was the dream – and now, as the leader of the Foundation, my job is to make my dreams for Mozilla come true. What that means, though, is making your dreams come true – for a trustworthy and open future of technology; for tech that is a tool for liberation, not limitation; and for tech that values people over profit.

So I’m reaching out to technologists, activists, researchers, engineers, policy experts, and, most importantly, to you – the people who make up the Mozilla community – to ask a simple question.

[receiver's name]. What is your dream for Mozilla? I invite you to take a moment to share your thoughts by completing this brief survey.

Let’s start with this question:

Question 1: What is most important to you right now about technology and the internet?

• Protecting my privacy online
• Avoiding scams
• Choosing products, apps, technology, and services that I can trust
• Keeping children safe online
• Responsible use of AI
• Keeping the internet is open and free
• Knowing how to spot misinformation
• Other (please specify)

Take the survey now →

With your help, together we can imagine and create the Internet we want. Thank you for being a part of this.

Always yours,

Nabiha Syed Executive Director Mozilla Foundation

TLDR: i complain about samsung's flagship and newer android.

I use samsung flagship phone and it's crazy, how unable I am to use full potential of my phone, just because I don't want to log in to google neither to samsung. I try to use F-droid and Aurora Store whenever possible, but its so bad experience...for maps I use Organic Maps, but google forces it to be installed specifically from Google Play Store to work with Android Auto, so I have to log in every time there is an update. Most of games won't work, because they require being signed-in to google, and thats actually kinda weird..before my phone now I had an old Galaxy S5 Android 6.0 and games there didn't complain that much as here on Android 14 (so the newer android the less privacy you get, while them all companies "focus on privacy", bullshit liars), samsung requires signing-in to usd like 1/10 of the flagship features..It's so sad, as I love samsung's quality, phone is really outstanding, overall all samsung products are very good quality, but pushing these fucking accounts is convincing me not to buy samsung's flagship anymore. We need to finally unite and make some alternative to those close-sourced bloatware, as phone industry is nowhere near to being as free as desktop industry. I feel more free using Windoze than those fucking " smart"phones. Really if you have to buy new smartphone and are into privacy, think twice before you buy samsung..phone itself is great, but software side is a nightmare.

cross-posted from: https://lemmy.zip/post/26423177

cross-posted from: https://sh.itjust.works/post/28167168

I have now a pixel 8, which was working OK from the past 8 months and using grapheneos. Unfortunately, today out of nowhere got the green screen bug (searched around, this seems to be really a thing with pixel 8 and some pixel 7). This really stroke me a nerve. Previously I had a pixel 5 which at some point also got screen problems and later the speaker piece just straight up did not work properly. And now this with the pixel 8.

So my question is: what other phones could potentially be used with a custom ROM that allow bootloader relocking? Other Roms can be something like divest or calyx (I used calyx before, so I am fairly familiar with it).

It really pisses me off the only option until now are pixel phones for proper relocking (from what I know from a while back), and then they have these annoying issues. It makes my skin crawl, but if required I would change to an iPhone (and throwaway a lot of things that android is actually superior, such as proper tor browser, VPN split tunneling, work/user profiles, no bloody account to use a phone).

Thanks for the responses in advance.

Hey there,

Due to having an unlocked bootloader, I fail safetynet. So Google-Pay is locked out, even if I wanted to use it. I find cash or cards to inconvenient, since my dexterity is impaired.

So I looked into getting an nfc-token to pay with and found that my bank is partnered with Fidesmo. This would allow for mobile-pay without an extra party involved. They seem fine from what I found online and they do publish some client-code on Github, but I had never heard of them.

Does anyone have any info on them?

I used google for most of my life, for the past couple months I’ve been using brave search, but I still end up using google often because google images is far better than brave search images. I’m also worried that maybe brave search isn’t the best choice. What would you guys recommend?

Border Protection (CBP) released its long overdue Privacy Impact Assessment (PIA) on Commercial Telemetry Data. CBP defines Commercial Telemetry Data (CTD) as historic location data collected from mobile devices by tracking their advertising ID’s (adIDs).

Importantly, CTD can encompass more than just historic location data from smartphones. For example, ICE has been accessing car telemetry data from OnStar, a security system installed in millions of vehicles worldwide. In fact, most car companies sell your data. Arguably, CBP should have a much broader view of what constitutes telemetry data. The Berlin Group, an international working group on data protection, has defined telemetry data more broadly as “data that is collected and transmitted by a device or application on a more or less continual basis. Telemetry data usually consists of information on operational behavior or environmental parameters but may also include elements like location information.” Any connected device can create telemetry data—and where it is created, it is also sold.

Thus, CBP’s PIA has an extremely narrow view of what constitutes CTD—which is no surprise. CBP’s PIA on CTD is extremely vague, years too late, and is a complete failure to comply with federal privacy regulations. PIAs are statutorily required by the E-Government Act prior to implementation of any information technology that has privacy implications. But there is a pattern of DHS and its components doing PIAs after implementing the technology and nonchalantly violating our civil liberties. This PIA is the latest example.