privacy
- YouTube Demonetized My Channel for Invalid Traffic - Your Help Needed (antenna man)
YouTube Video
Click to view this content.
> About two months ago, YouTube partially demonetized my channel for invalid traffic. Invalid traffic refers to an influx of views on a channel in a fraudulent...
- www.eff.org EFF to Supreme Court: Fifth Amendment Protects People from Being Forced to Enter or Hand Over Cell Phone Passcodes to the Police
WASHINGTON, D.C.—The Electronic Frontier Foundation (EFF) today asked the Supreme Court to overturn a ruling undermining Fifth Amendment protections against self-incrimination and find that constitutional safeguards prevent police from forcing people to provide or use passcodes for their cell...
See also: Fifth Circuit says law enforcement doesn’t need warrants to search phones at the border https://monero.town/post/402125
- Children's tablet has malware and exposes kids' data, researcher finds [and she installed Tor 🧅 to protect her daughter’s anonymity]techcrunch.com Children's tablet has malware and exposes kids' data, researcher finds | TechCrunch
Walmart subsequently pulled the affected tablet from its online store, while Amazon and Google said they are investigating.
> The app store “collects and sends data […] This includes information like device model, brand, country, timezone, screen size, view events, click events, logtime of events, and a unique KID ID,”
> Hancock didn’t return the tablet to her daughter until after making changes to protect her daughter’s privacy.
> [She] even installed Tor, a browser that is designed to protect the anonymity of its user.
An awesome Mom, like Mrs. Roberts from xkcd!
- “Tutanota is a honeypot” during the court hearing: Tutanota retorts
>A storefront, said Ortis, is a fake business or entity, either online or bricks-and-mortar, set up by police or intelligence agencies. > >The plan, he said, was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.
Tutanota (now Tuta) denies this: https://tuta.com/blog/tutanota-not-a-honeypot
- Last Chance to fix eIDAS: Secret EU law threatens Internet securitylast-chance-for-eidas.org Last Chance to fix eIDAS
EU law agreed behind closed doors threatens Internet security
> These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic
> This enables the government of any EU member state to issue website certificates for interception and surveillance
https://www.internetsociety.org/resources/doc/2023/qualified-web-authentication-certificates-qwacs-in-eidas/ > The browser ecosystem is global, not EU-bounded. Once a mechanism like QWACs is implemented in browsers, it is open to abuse
https://en.wikipedia.org/wiki/EIDAS > The proposal would force internet companies to place a backdoor in web browsers to let them perform a man-in-the-middle attack, deceiving users into thinking that they were communicating with a server they requested, when, in fact, they would be communicating directly with the EU government. […] If passed, the EU would be able to hack into any internet-enabled device, reading any sensitive or encrypted contents without the user's knowledge
See also: https://mullvad.net/en/blog/2023/11/2/eu-digital-identity-framework-eidas-another-kind-of-chat-control/
- SimpleX-Chat, Signal, XMPP, P2P
SimpleX Chat is still a relatively early stage platform (the mobile apps were released in March 2022) But in the end, SimpleX will be our choice, right? Or at least for most of us.
here: SimpleX-Chat Github
- Free Cock.li Email to Reopen New Registration on Nov 20, 2023
[Edit 2: Read the admin’s “reasoning” and comments here or see PS below. The clearnet site is up again. The onion versions = 100% up tme for me]
[Edit (PS): As of writing this (2023-11-01) their clearnet server is down, while the onion version is working. Cock.li is exactly like this… Relatively rarely but randomly it’s down. Kind of irresponsible but it’s just like that. Interestingly, though, onion is up and clearnet is down. Usually opposite.]
Onion http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/
Cockbox on kycnot.me - https://kycnot.me/service/cockbox
(From their webpage) > Cock.li is your go-to solution for professional E-mail and XMPP addresses. Since 2013 cock.li has provided stable E-mail services to an ever-increasing number of users. Cock.li allows registration and usage using Tor and other privacy services (proxies, VPNs) and thanks to continued funding by its users is certain to stay free forever.
Cock.li (aka Cockmail) is a Tor-friendly, privacy-focused, soon-to-be-10-year-old free email provider (IMAP, POP, XMPP, Webmail). Although currently (since around 2021) a new registration is invite-only, the admin @vc now states on their website:
> E-mail is a Human Right! > > Oppressive governments are using dirty tricks to try and force e-mail providers to require phone numbers or other controlled integrations to register. We will never allow these crimes against our userbase. We will stand up for the right to register for e-mail without being surveilled, and demand this right to be recognized globally. Public registration re-opens on cock.li's 10th birthday, 20 November.
Probably people here know this service pretty well, but some important points:
-
Their email addresses are sometimes blacklisted when you want to use them, because in the past the service was abused by spammers. So this provider may not be suitable for normal users/normal usage. Its “technical scores” may be low too, when checked e.g. via https://internet.nl/mail/ If you think this is sketchy and its name is weird, it is. It’s not for you, so please just ignore it.
-
A cock.li account may be great to have if you want to sign up and use it anonymously always via onion (something you can’t do with Proton or Tutanota), perhaps with PGP. Maybe great to use on Tails OS too.
-
Their service was not very stable in the past. In recent years, it’s been rather stable and very fast even via onion. Pop/Imap via Tor works perfectly. Cock.li onion may load 100 times faster than that of Proton.
-
Custom domains are not supported! Consider Disroot or Tutanota if you need them and would like to pay with Monero.
-
They are one of the earliest v3 onion providers. In contrast, Proton was so slow to migrate from v2 to v3 (even after v2 got obsolete). Cock.li is also one of the oldest mail providers that started accepting BTC and XMR donations. So probably they’re extremely well-funded (you know why).
-
If you use Thunderbird, set up your account manually (its automatic setup probably doesn’t work right).
For more info, visit their webpage. Please DO NOT abuse this based cypherpunk service.
*** PS. Vincent Canfield (vc@shitposter.club) wrote on September 23, 2023: > Good morning, CISA is now calling cock.li a "Malicious E-mail Domain" and implies this is because it's not "publicly available". So, cock.li will once again open to the public on its 10th birthday, 20 November. #StopRansomware > > https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a > > For those who don't remember, a previous CISA advisory which recommended "service providers strengthen their user validation and verification systems to prohibit misuse of their services" shortly predated cock.li going invite only. > > https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-116a > > I'm sure if cock.li added phone number verification these joint statements would go away. Everyone sees what's happening, you want to force all providers to link to identities so you can surveil people. Cock.li is never adding that bullshit.
-
- ChatGPT picks 3 privacy cryptocurrencies to hedge surveillance
> privacy is often considered a tabu when talking about money, despite being a well-accepted fundamental human right for other topics. The growing development of high-surveillance financial tools often creates controversy and conflict of interest against privacy cryptocurrencies.
> [We] asked ChatGPT to pick three privacy cryptocurrencies: > > The AI responded with its top 3 picks being Monero (XMR), ZCash (ZEC), and Dash (DASH).
>> “Renowned for its unparalleled privacy features, Monero uses ring signatures, ring confidential transactions, and stealth addresses to anonymize all transaction details. By concealing the identities of the sender and receiver, as well as the transaction amount, Monero makes financial data tracking nearly impossible, ensuring complete discretion for the users.” > > — ChatGPT-4
- No federal privacy law? After the 23andMe hack, it's time to take actiontechnical.ly No federal privacy law? After the 23andMe hack, it's time to take action - Technical.ly
We’ve waited too long for this protection in America, digital rights advocate Kate Krauss writes. Other countries can point the way forward.
- Reply in FIVE words. Your best friend tells you: “No, seriously. I’ve got nothing to hide.”mastodon.social Tutanota (@Tutanota@mastodon.social)
Attached: 1 image Reply in FIVE words. #CyberSecurityAwareness #CybersecurityAwarenessMonth #Privacy
Send me your seed words.
> "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
—Edward Snowden
https://en.wikipedia.org/wiki/Nothing_to_hide_argument
- Let's stop the EU chat control! [Most of your friends have never heard of Chat Control]stopchatcontrol.eu LET'S STOP THE CHAT CONTROL TOGETHER
With the help of our Large Language Models we will support you In order to put pressure on the policy makers to stop the chat control proposal that contradicts our fundamental rights.
> 1️⃣ Completely normal photos, such as holiday pictures 🏞️ are considered suspicious.
> 2️⃣ So our private family photos or the chats and pictures from your sexting yesterday 🍑🍆 also end up on an official table. So we can throw privacy in the bin 🚮
> Chances are high that most of your European friends have never heard of chat control. So let them know about the danger and what you think about the chat control proposal.
> “The European Commission launched an attack on our civil rights with chat control. I contacted my local MEP to tell him that I oppose the proposal. You can do so too! This Website I found will help you write an e-mail to an MEP using A.I.”
- KYC? No, thanks | KYCNOT.me Blogblog.kycnot.me KYC? No, thanks
KYC regulations, intended to combat illicit financial activities, inadvertently compromise individual privacy, security, and freedom.
> exchanges may randomly use this to freeze and block funds from users, claiming these were "flagged" […]. You are left hostage to their arbitrary decision […]. If you choose to sidestep their invasive process, they might just hold onto your funds indefinitely.
> The criminals are using stolen identities from companies that gathered them thanks to these very same regulations that were supposed to combat them.
> KYC does not protect individuals; rather, it's a threat to our privacy, freedom, security and integrity.
- For individuals in areas with poor record-keeping, […] homeless or transient, obtaining these documents can be challenging, if not impossible.
PS: Spanish speakers: KYC? NO PARA MÍ
- ‘Who Benefits?’ Inside the EU’s Fight over Scanning for Child Sex Content [⚠Behind Cloudflare, See Text]balkaninsight.com ‘Who Benefits?’ Inside the EU’s Fight over Scanning for Child Sex Content
An investigation uncovers a web of influence in the powerful coalition aligned behind the European Commission’s proposal to scan for child sexual abuse material online, a proposal leading experts say puts rights at risk and will introduce new vulnerabilities by undermining encryption.
Cloudflare-free link for Tor/Tails users: https://web.archive.org/web/20230926042518/https://balkaninsight.com/2023/09/25/who-benefits-inside-the-eus-fight-over-scanning-for-child-sex-content/
> It would introduce a complex legal architecture reliant on AI tools for detecting images, videos and speech – so-called ‘client-side scanning’ – containing sexual abuse against minors and attempts to groom children.
> If the regulation undermines encryption, it risks introducing new vulnerabilities, critics argue. “Who will benefit from the legislation?” Gerkens asked. “Not the children.”
> Groups like Thorn use everything they can to put this legislation forward, not just because they feel that this is the way forward to combat child sexual abuse, but also because they have a commercial interest in doing so.
> they are self-interested in promoting child exploitation as a problem that happens “online,” and then proposing quick (and profitable) technical solutions as a remedy to what is in reality a deep social and cultural problem. (…) I don’t think governments understand just how expensive and fallible these systems are
> the regulation has […] been met with alarm from privacy advocates and tech specialists who say it will unleash a massive new surveillance system and threaten the use of end-to-end encryption, currently the ultimate way to secure digital communications
> A Dutch government official, speaking on condition of anonymity, said: “The Netherlands has serious concerns with regard to the current proposals to detect unknown CSAM and address grooming, as current technologies lead to a high number of false positives.” “The resulting infringement of fundamental rights is not proportionate.”
- odysee.com Signal Just Published Post Quantum E2E Encryption
In this video I discuss how the Signal foundation developed PQXDH (Post Quantum Extended Diffie Helmen) an encryption algorithm that is hardened against quantum computer cracking and how this protocol...
- www.eff.org Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users
The U.K. Parliament has passed the Online Safety Bill (OSB), which says it will make the U.K. “the safest place” in the world to be online. In reality, the OSB will lead to a much more censored, locked-down internet for British users. The bill could empower the government to undermine not just the p...
> As enacted, the OSB allows the government to force companies to build technology that can scan regardless of encryption–in other words, build a backdoor.
> Paradoxically, U.K. lawmakers have created these new risks in the name of online safety.
> The U.K. government has made some recent statements indicating that it actually realizes that getting around end-to-end encryption isn’t compatible with protecting user privacy. But
> The problem is, in the U.K. as in the U.S., people do not agree about what type of content is harmful for kids. Putting that decision in the hands of government regulators will lead to politicized censorship decisions.
> The OSB will also lead to harmful age-verification systems. This violates fundamental principles about anonymous and simple access
See also: Britain Admits Defeat in Controversial Fight to Break Encryption
- www.wired.co.uk Britain Admits Defeat in Controversial Fight to Break Encryption
The UK government has admitted that the technology needed to securely scan encrypted messages sent on Signal and WhatsApp doesn’t exist, weakening its controversial Online Safety Bill.
>Although the UK government has said that it now won’t force unproven technology on tech companies, […] the controversial clauses remain within the legislation, which is still likely to pass into law.
>the continued existence of the powers within the law means encryption-breaking surveillance could still be introduced in the future.
>So all ‘until it’s technically feasible’ means is opening the door to scanning in future rather than scanning today. It’s not a change
>The implications of the British government backing down, even partially, will reverberate far beyond the UK
>“It’s huge in terms of arresting the type of permissive international precedent that this would set […]. The UK was the first jurisdiction to be pushing this kind of mass surveillance. It stops that momentum. And that’s huge for the world.”
- Fifth Circuit says law enforcement doesn’t need warrants to search phones at the borderwww.techdirt.com Fifth Circuit Says Law Enforcement Doesn’t Need Warrants To Search Phones At The Border
In 2014, the Supreme Court made it clear: phone searches require warrants. While it did note the case involved a search “incident to an arrest,” the precedent was undeniable. If a phone…
- foundation.mozilla.org Sign our petition to stop France from forcing browsers like Mozilla's Firefox to censor websites
The French government is considering a law that would require web browsers – like Mozilla's Firefox – to block websites chosen by the government.
> In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN [sécuriser et réguler l'espace numérique] Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.
[Unfortunately one should no longer trust Mozilla itself as much as one did 10 years ago. If you do sign, you might want to use a fake name and a disposable email address.]
This bill is obviously disturbing. It could be that eventually they assume that .onion sites are all suspicious and block them, or something similar might happen, which would be bad news for privacy-oriented users including Monero users, for freedom of thought, and for freedom of speech itself. Note that the EU is going to ban anonymous domains too (in NIS2, Article 28).
For a regular end user, if something like this happens and if the block is domain-name-based, then one quick workaround would be using web.archive.org (or Wayback Classic), or ANONYM ÖFFNEN of metager.de (both work without JS). If this is France-specific, of course a French user could just get a clean browser from a free country too (perhaps LibreWolf or Tor Browser, or even Tails), provided that using a non-government-approved browser is not outlawed.
Mozilla, financially supported by Google, states that Google Safe Browsing is a better solution than SREN, but that too has essentially similar problems and privacy implications; especially Gmail's Enhanced Safe Browsing is yet another real-time tracking (although, those who are using Gmail have no privacy to begin with, anyway).
If it's DNS-level blocking, you can just use a better DNS rather than one provided by your local ISP, or perhaps just use Tor Browser. Even if it's browser-side, as long as it's open-source, technically you're free to modify source code and re-compile it yourself, but that may not be easy even for a programmer, since a browser is complicated, with a lot of dependencies; security- and cryptography-related minor details tend to be extremely subtle (just because it compiles doesn't mean it's safe to use), especially given that Firefox/Thunderbird themselves really love to phone home behind the user's back.
See also: Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?
- How To Make Private Transactions; Why It's Crucial (Monero mentioned!)yewtu.be Banks Are SELLING Your Financial Data!
Financial privacy is essential for a free society, because it allows us to support causes we believe in without fear of retribution, to flee dangerous situations without being tracked, to live our daily lives without feeling like every choice we make is on display and needs to be self-censored. How...
- www.bleepingcomputer.com File sharing site Anonfiles shuts down due to overwhelming abuse
Anonfiles, a popular service for sharing files anonymously, has shut down after saying it can no longer deal with the overwhelming abuse by its users.
- sms-activate.org now requires email verification - any alternatives?
In the past I’ve recommended sms-activate for easy, quick and low cost phone verification. When you want to log in, they now force you to click on a verification link send by email, meaning you are f’ed if you used a single-use email address.
Are there any alternative options that accept monero and don’t have this restriction?
> Having free and open-source tools and a decentralized way of fighting back and reclaiming some of that power is very important. Because if we don’t resist, we’re subject to what somebody else does to us
While Tor is useful in several situations, probably we shouldn't believe in it blindly. For clearnet, LibreWolf is a great option too, and I2P might be the future.
- Searching for a Privacy-Focused VPN
Hello, fellow privacy enthusiasts!
I've been on a journey to find a VPN provider that aligns with my privacy values, and I wanted to share my experiences and concerns here, hoping for some insights and recommendations.
Primary Criteria:
-
Outside of the 14 Eyes: Ideally, I'd prefer a provider outside of the 14 Eyes intelligence-sharing countries.
-
Accepts Monero: Given its the only real privacy coin there is, I'm keen on providers that accept Monero as a payment method.
-
I need port forwarding for the services I host.
Current Options: I've considered Mullvad and IVPN, both of which I trust for their privacy focus. However, they recently disabled their port forwarding support, which I need since I host services from home. SPN by Safing sounds really interesting too but they also do not offer port forwarding sadly.
ProtonVPN seemed like a close alternative, but I've come across several red flags:
-
Logging Concerns: ProtonMail, under the same parent company, provided IP logs in response to a Swiss court order. This contradicts ProtonVPN's claim on their website that "we can’t be obligated to start logging" under Swiss law.
-
Use of Google Analytics: Despite being a privacy-focused service, ProtonMail has used Google Analytics on their website, raising questions about their commitment to user privacy.
-
No Monero Support: Proton has not added Monero as a payment option, despite numerous requests from the community over the years.
Seeking Recommendations: Given the above, I'm reaching out for advice. Are there any VPN providers you'd recommend that fit my primary criteria? Or any insights into the concerns I've raised about ProtonVPN?
Thanks in advance for your help!
-
- www.eff.org The U.K. Government Is Very Close To Eroding Encryption Worldwide
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backd...
>The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption.
>Requiring government-approved software in peoples’ messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won’t stop at the borders of the U.K.
Random thoughts...
Even if platform-assisted end-to-end encryption (pseudo e2e) is censored, perhaps we could still use true user-to-user encryption. If "end" means the messenger software itself or a platform endpoint, then the following will be true e2e - "pre-end" to "post-end" encryption:
- Alice and Bob exchange their public keys. While using a secure channel for this is ideal, a monitored channel (e.g. a normal message app) is okay too for the time being.
- Alice prepares her plain text message locally: Alice.txt
- She does gpg -sea -r Bob -o ascii.txt Alice.txt
- Alice opens ascii.txt, pastes the ascii string in it to her messenger, sends it to Bob like normally.
- So Bob gets this ascii-armored GPG message, and saves it as ascii.txt
- gpg -d -o Alice.txt ascii.txt, and he has the original Alice.txt
- He types his reply locally (not directly on the messenger): Bob.txt
- gpg -sea -r Alice -o ascii.txt Bob.txt and sends back the new ascii string
- Alice gets it, so she does gpg -d -o Bob.txt ascii.txt to read Bob.txt
In theory, scanning by government-approved software can't detect anything here: Alice and Bob are simply exchanging harmless ascii strings. Binary files like photos can be ascii-armored too.
Admittedly this will be inconvenient, as you'll have to call gpg manually by yourself. But this way you don't need to trust government-approved software at all, because encryption/decryption will be done by yourself, before and after the ascii string goes through the insecure (monitored) channel.
> Congress is trying to push through a swarm of harmful internet bills that would severely impact human rights, expand surveillance, and enable censorship on the internet. On July 20, we’re launching a week of action to get loud about our opposition to legislation like KOSA and EARN IT and demanding that Congress focus on passing badly needed comprehensive privacy legislation to actually protect us from the harms of big tech companies and data brokers, instead of pushing through misguided legislation before August congressional recess.
- github.com Don't. · Issue #28 · RupertBenWiser/Web-Environment-Integrity
Sometimes you have to ask the question whether something should be done at all, and trusted computing is certainly one of those cases where the answer is obviously a big fat NO. So please reconside...
Can someone explain what this does using only two words?
>google extortion
>more ads
>surveillance capitalism
See also: Web Environment Integrity API Proposal | Hacker News
- www.theverge.com Here’s a reminder to make your Venmo transactions private, courtesy of Clarence Thomas
Don’t be like Clarence Thomas’ aide.
>I’m currently looking at my Venmo feed. In an ideal world, I would see only a log of private payments I’ve made and received. Instead, I see a list of my friends’ business: someone paid a friend for “drinkies,” another for “rich bitch things.”
This is so terrible, I don't even know what to say about this.
- www.bitchute.com Google Street View cars were wardriving you 📡
Google's Street View (Maps) cars were not only taking pictures of everyone's house they were also mapping out the GPS coordinates of peoples WiFi networks & routers to their home.
> Kown your enemy (Google)
- arstechnica.com Threads attracts 30M users in 24 hours despite design flaws, privacy concerns
FTC requires Meta to make it easy for users to control data.
- www.upworthy.com Apple announces it will scan users' iCloud photos to catch child abusers
The company will use a "neural match" system to scan photographs.
Apple will activate the controversial image scanning feature by default & let third party apps use its scanning API.