• 24 Posts
  • 6 Comments
Joined 2Y ago
cake
Cake day: Jun 07, 2020

help-circle
rss



Relevant reading: https://github.com/zlw9991/node-ipc-dependencies-list https://web.archive.org/web/20220318095406/https://github.com/RIAEvangelist/peacenotwar/issues/45 https://security.snyk.io/vuln/SNYK-JS-NODEIPC-2426370
fedilink




cross-posted from: https://lemmy.ml/post/177032 > Combined with access timestamps, they can uniquely identify the source of any shared PDFs. > > Source: https://social.coop/@jonny/107685726645817029 -- Also includes tips for removing this data.
fedilink

Does Chrome allow editable user.js and userchrome.css? Does Chrome not leak IPs via WebRTC? Is Chrome used as base for Tor Browser?


GrapheneOS squad, for example, is anti Mozilla and pro Chromium, and is a massive internet troll group. There are some anti Mozilla stans with Chromium based recommendations on Lemmy doing the rounds too.


My eyes also popped out of my sockets, so I read the Mozilla blog source article. It is just a proposal to W3C, as it stands. And since this is NOT something proprietary like FLoC and particularly NOT meant as an alternative tracking method, there seems to be more to it than what the anti Mozilla and pro Chromium squads want to believe.

Why is this reactionary attitude going on? It happened with the “deplatforming” article, and now this.

How many people are not okay with USA Big Tech corpos submitting patches to Linux kernel? Did you stop using Linux and choose… Windows or MacOS due to it?


Congratulations for saying the thing I have been saying for 2 years at this point via r/privatelife. And I think I have succeeded to a good extent infusing into the privacy crowd the importance of threat modelling and compartmentalisation.

I do not want to beat my own drum, but I want to be selfish about this one thing – when the privacy community started being defeatist and overly paranoid and misguided, I foresaw the wrong things going on that I had to tackle, and I knew someone had to do it.

The elitism, the gatekeeping, the closed source grifters, the over paranoia… this stuff is like cancer tumour and needs to be eradicated from the roots of privacy community. And while there can be a few leaders, what we need is a pro privacy libre culture. And only a community with good moral conscience and correct ideals can do this together.





r/PrivacyGuides restored citation-less slander post as facts, and GrapheneOS community sockpuppet theory is proven correct by one of its members
cross-posted from: https://lemmy.ml/post/143981 > Mod statement: https://np.reddit.com/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/hs1dxux?context=3 > > https://i.imgur.com/LahmNkO.jpg > > dng99/dngray has branded a citation-less slander post as facts. These are the "community standards" of r/PrivacyGuides. Always remember this. > > u/trai_dep, the record stands corrected once again > > Moreover, my theory about GrapheneOS community using sockpuppets is true, as confirmed by... > > https://np.reddit.com/r/fdroid/comments/rxtc14/came_across_this_thoughts/hs1o6no?context=3 > > https://i.imgur.com/JX6uTpx.jpg > > Tommy_Tran = B0risGrishenko (OP of slander post). Thanks for confirming my GrapheneOS community sockpuppet theory.
fedilink

r/PrivacyGuides restored citation-less slander post as facts, and GrapheneOS community sockpuppet theory is proven correct by one of its members
Mod statement: https://np.reddit.com/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/hs1dxux?context=3 https://i.imgur.com/LahmNkO.jpg dng99/dngray has branded a citation-less slander post as facts. These are the "community standards" of r/PrivacyGuides. Always remember this. u/trai_dep, the record stands corrected once again Moreover, my theory about GrapheneOS community using sockpuppets is true, as confirmed by... https://np.reddit.com/r/fdroid/comments/rxtc14/came_across_this_thoughts/hs1o6no?context=3 https://i.imgur.com/JX6uTpx.jpg Tommy_Tran = B0risGrishenko (OP of slander post). Thanks for confirming my GrapheneOS community sockpuppet theory.
fedilink

Comment section for 100% FOSS Smartphone Hardening non-root Guide 4.0
https://lemmy.ml/post/128667 Lemmy unfortunately has a word limit for posts, and I had to break my post into 5 parts, 4 as comments, to be able to post it. So, comments and questions can be put here.
fedilink

100% FOSS Smartphone Hardening non-root Guide 4.0
lock
pin
(1/5) Edit(11/1/2022): * MIUI has no biometric Lockdown, solution. * FFUpdater and UntrackMe apps recommended. * Added back Vinyl Music Player. **NOTE (June) 15/06/2020**: r_privacy moderator trai_dep [revengefully](https://np.reddit.com/r/privatelife/comments/h8hsdh/exclusive_rprivacy_moderator_deleted_smartphone/) deleted my highly gilded 1.0 guide [post](https://np.reddit.com/r/privacy/comments/em8doj/smartphone_hardening_guide_for_normal_people/) before. # NOTE: I will NOT respond to prejudiced and political trolls. Hello! It took a while before I could gather enough upgrades to create this fourth iteration of the smartphone guide so many people love. It seems to have benefitted many people, and it was only a matter of time before things got spicier. It is time to, once again, shake up the expectations of how much privacy, security and anonymity you can achieve on a non rooted smartphone, even compared to all those funky "security" custom ROMs. It is time to get top grade levels of privacy in the hands (pun intended) of all you smartphone users. Steps are as always easy to apply if you follow the guide, which is a pivotal foundation of this guide I started 2 years ago. After all, what is a guide if you feel unease in even being able to follow its lead? Unlike last year, I want to try and fully rewrite the guide wherever possible, but some parts will seem similar obviously, as this, while technically being an incremental improvement, is also a massive jump for darknet users. This version of the guide took a while compared to the previous versions. **A kind request to share this guide to any privacy seeker.** ----- # User and device requirement * ANY Android 9+ device (Android 10+ recommended for better security) * knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me) * For intermediate tech users: typing some URLs and saving them in a text file ----- # What brings this fourth iteration? Was the previous version not good enough? No, it was not, just like last time. There is always room for improvement, but I may have started to encounter law of diminishing returns, just like Moore's Law has started to fail with desktop CPU transistor count advancements. This does not mean I am stopping, but upgrades might get marginal from here on. The upgrades we now have are less in number, higher in quality. So, we have a lot explanation to read and understand this time around. A summary of new additions to the [3.0 guide](https://np.reddit.com/r/privatelife/comments/lpyl1s/100_foss_smartphone_hardening_nonroot_guide_30/): * Update to the Apple section * Many additions in section for app recommendations and replacements * NetGuard replaced with Invizible Pro (this is massive) * A colossal jump in your data security in the event of a possible physical phone theft using a couple applications * An attempt at teaching the importance of Android/AOSP's killswitch feature for VPNs/firewalls * (FOR XIAOMI USERS) How to configure Work Profile, as Second Space causes issues, and adding back biometric Lockdown * How to be able to copy files from work profile to main user storage without Shelter/Insular's Shuttle service * Some changes in phone brand recommendations * Caveat(s) ----- # Why not Apple devices? iPhone [does not allow you to have privacy](https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d) due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was [discovered](https://9to5mac.com/2020/08/01/new-unpatchable-exploit-allegedly-found-on-apples-secure-enclave-chip-heres-what-it-could-mean/) in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable. Also, [they recently dropped plan for encrypting iCloud backups after FBI complained](https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT). They also collect and sell data [quite a lot](https://i.imgur.com/n8Bk0bA.jpg). Siri still records conversations 9 months after Apple [promised not](https://www.theregister.co.uk/2020/05/20/apple_siri_transcriptions/) to do it. Apple Mail app is vulnerable, yet Apple stays in [denial](https://9to5mac.com/2020/04/27/iphone-mail-vulnerabilities-2/). Also, [Apple sells certificates to third-party developers that allow them to track users](https://www.theatlantic.com/technology/archive/2019/01/apples-hypocritical-defense-data-privacy/581680/), [The San Ferdandino shooter publicity stunt was completely fraudulent](https://www.aclu.org/blog/privacy-technology/internet-privacy/one-fbis-major-claims-iphone-case-fraudulent), and [Louis Rossmann dismantled Apple's PR stunt "repair program"](https://invidio.us/watch?v=rwgpTDluufY). [Apple gave the FBI access to the iCloud account of a protester **accused** of setting police cars on fire](https://www.businessinsider.com/apple-fbi-icloud-investigation-seattle-protester-arson-2020-9). [Apple's authorised repair leaked a customer's sex tape during iPhone repair.](https://www.youtube.com/watch?v=xt3YSD36ZNc) This is how much they respect your privacy. You want to know how much more they respect your privacy? Apple's Big Sur(veillance) fiasco seemed [not enough](https://np.reddit.com/r/privatelife/comments/jvdokk/writeup_beware_of_shills_defending_apple_big/), it seems. Still not enough to make your eyes pop wide open? Apple's CSAM mandatory scanning of your local storage is a fiasco that will echo forever. This blog [article](https://www.hackerfactor.com/blog/index.php?%2Farchives%2F929-One-Bad-Apple.html) should be of help. But they [lied](https://www.icenterpro.eu/apples-csam-system-was-hacked-but-the-firm-claims-it-is-protected/) how their system was never hacked. I [doubt](https://np.reddit.com/r/MachineLearning/comments/p6hsoh/p_appleneuralhash2onnx_reverseengineered_apple/). They even [removed CSAM protection references](https://www.macrumors.com/2021/12/15/apple-nixes-csam-references-website/) off of their website for some reason. Pretty sure atleast the most coveted privacy innovation of App Tracking protection with one button tracking denial would work, right? [Pure. Privacy. Theater.](https://www.yahoo.com/news/former-apple-engineer-says-button-164452709.html) Surely this benevolent company blocked and destroyed Facebook and Google's ad network ecosystem by blocking all those bad trackers and ads. Sigh. [Nope.](https://twitter.com/PatrickMcGee_/status/1449608262492459011) Now it is just Apple having monopoly over your monetised data. Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far [cheaper](https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/) to do than Android. ----- # LET'S GO!!! **ALL users must follow these steps except the "FOR ADVANCED/INTERMEDIATE USERS" tagged points or sections.** **Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.** * **Sign out all your** Google and phone brand **accounts** from your device so that Settings-->Accounts do not show any sign-ins **except WhatsApp/Signal/Telegram** * Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/ * Use ["Universal Android Debloater"](https://gitlab.com/W1nst0n/universal-android-debloater) to easily debloat your bloated phone. NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/ * Install **F-Droid app store** from [here](https://f-droid.org/en/) * Install **NetGuard** app firewall (see NOTE) from F-Droid and set it up with privacy based DNS like *AdGuard/Uncensored/Tenta/Quad9 DNS*. NOTE: NetGuard with [Energized Ultimate](https://block.energized.pro/ultimate/formats/hosts.txt) HOSTS file with any one of the above mentioned DNS providers is the ultimate solution. **NOTE: Download the Energized Ultimate hosts file from https://github.com/EnergizedProtection/block and store it on phone beforehand. This will be used either for NetGuard or Invizible, whichever is picked later on.** **(FOR ADVANCED USERS)** If you know how to merge HOSTS rules in one text file, you can merge Xtreme addon pack from Energized GitHub. You can also experiment with the Porn and Malicious IP domain lists. NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS * Install **Invizible Pro** from F-Droid (LONG SECTION FOR THIS BELOW) * In F-Droid store, open Repositories via the 3 dot menu on top right and add the following repositories below: 1. https://gitlab.com/rfc2822/fdroid-firefox 2. https://apt.izzysoft.de/fdroid/index.php 3. https://guardianproject.info/fdroid/repo/ Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu. (This may vary if you have newer F-Droid store app with new user interface.) -----
fedilink

Firefox Suggest (search bar suggestions) is offline by default (proof inside)
cross-posted from: https://lemmy.ml/post/84636 > > > https://bugzilla.mozilla.org/show_bug.cgi?id=1727907 > > 'Offline' is currently the default which is explained in the [source code](https://searchfox.org/mozilla-central/rev/d488f68d845a87cc107612b667951152c34fb116/browser/components/urlbar/UrlbarPrefs.jsm#543): > > "This is the scenario for the "offline" rollout. Firefox Suggest suggestions are enabled by default. Search strings and matching keywords are not included in related telemetry. The onboarding dialog is not shown." > > Switching to 'online' would trigger a dialog that comes up when you start the browser. Only clicking 'Allow suggestions' on the dialog would opt you into the search query collection.
fedilink




cross-posted from: https://lemmy.ml/post/76603 > I think this highlights a more general problem of data ownership. People do not own devices and services they pay for in a traditional sense because the company gets the final say on how they're used. Companies can decide to analyzer your data, share it with partners, and even prevent you from accessing it.
fedilink