Privacy

Introduction

I wanted to explain the structure of freedom, and why part of what constitutes a free society is the right to privacy. One of the most difficult parts of educating people on privacy is the confusion about what it actually is. People often confuse privacy with secrecy, privacy with anonymity, and privacy with security. I want to distinguish between multiple related terms and show the structure of how, in order to have a truly free society, you need the right to privacy.

What is privacy?

I want to be very clear about what privacy actually is and is not. Privacy is not hiding everything about yourself. Hiding things is secrecy. Privacy is not hiding who you are. Hiding who you are is anonymity. Privacy is not protecting your information. Protecting your information is security.

Privacy is the ability to choose what you share. That gives us our first clue about the structure of a free society. Secrecy relies on privacy, because if you can't choose what you share then you cannot keep secrets.

An example of secrecy would be hiding how much you make at your job. An example of privacy is choosing to exercise that secrecy. In the moments between someone asking you how much you make and telling them you don't feel comfortable sharing that, you take a moment to decide whether or not you want (or consent) to telling them. That is privacy.

Why the distinction?

The distinction between privacy and secrecy is incredibly important for making arguments about privacy. People may say "I have the ability to choose what I share, because I am able to choose your level of privacy if I want to." What they really mean is that they can choose your level of secrecy. You don't choose to be under surveillance, but you can choose to protect yourself from surveillance, not by hiding everything you do but by eliminating the things that are tracking you in the first place.

In reality, many people cannot choose the same level of secrecy. Privacy is eroded in the background, and many people don't realize how far surveillance really goes. Becoming secretive is not the solution, because that is the same as eliminating your free speech in the face of being persecuted. This is our second clue about the structure of a free society, because free speech relies on both privacy and secrecy.

What is security?

Security is, simply, measures taken to protect something. Encryption is an an example of security, because it is used to protect sensitive data from unwanted intrusion. I want to make a clear distinction between security and safety. Security protects you before an intrusion occurs, whereas safety protects you after an intrusion occurs.

An example of safety is a surveillance camera. A surveillance camera cannot stop a crime from occurring, but it can record evidence to convict a criminal after the fact. On the other hand, strong locks are an example of security, because they protect a store from being broken into before a theft takes place.

I deliberately call them surveillance cameras instead of security cameras, because safety is different from security. When the news talks about security measures, often times they are really referring to safety measures. Safety measures are often privacy invasive, because they usually require a level of data retention to be effective.

Security protects against unwanted intrusion. If there is unwanted intrusion on data, that means it was shared without consent. Because of that, if there is no security, there is no privacy either. That gives us our third clue about a free society. A free society does not need safety, it needs security, and privacy is not possible without security.

What is anonymity?

Anonymity means hiding your identity. Because it directly relies on hiding something, it's immediately obvious that anonymity relies on secrecy. Anonymity is the best defense against a corrupt government, because it allows us to speak up against corruption without fear of persecution. Even with perfect secrecy, we ourselves can still be convicted by exercising our right to privacy. This is the final piece we need to see what a free society relies on, because without a way to combat corruption, there is no way to be free.

What is freedom?

We've finally arrived at the final section, which puts together the pieces to show what is necessary for a free society. While this is only part of what freedom requires, it is not a part that can be ignored.

This pyramid of freedom shows the dependencies for each element. Security is the foundation that everything else is built on. Privacy relies on security to prevent unwanted violation of consent. Secrecy relies on privacy to prevent sharing without consent. Anonymity relies on secrecy to hide your identity. Finally, freedom relies on anonymity to fight against corruption.

You may notice safety is not on there. While safety can be good, it often violates some aspect of the pyramid. It isn't necessary for a free society. In fact, safety doesn't even need security. Surveillance cameras are breached all the time, but that doesn't change their purpose or effectiveness.

Conclusion

Privacy is essential for a free society, but it isn't the only essential liberty. Security is the foundation that privacy is built on, and even that is eroded away by conflating security with safety. Knowing the distinctions and relationships between the various elements is incredibly useful when speaking up about privacy, because even if you can defend every "nothing to hide" argument, people still tend to have a fundamental misunderstanding about what privacy really is.

Lack-of-AI Notice

I've been burned before, so I always try to mention that none of my content is AI generated. It isn't even AI assisted. Just because something is comprehensive and well-structured does not make it AI generated. Every word I write is my own. Thank you for your understanding.

This was my first time testing an easier way for me to create posts by first drafting them in Iotas. I had a couple hiccups such as forgetting to insert the image and forgetting to double newline paragraphs, but it worked alright.

Author @Charger8232@lemmy.ml

How can I check to see if a given Onion Service is still in-use?

To be clear: I'm not asking about just Onion Services bound to port 80. Of course I can just curl it, but that won't tell me if the Onion Service is running something on another port.

I'm trying to find an XMPP server that uses an Onion Service. I found several lists of XMPP servers and their .onion names, but I expect most of these services are offline.

2n3tvihf4n27pqyqdtcqywl33kbjuv2kj3eeq6qvbtud57jwiaextmid.onion
32qywqnlnqzbry42nmotr47ebts3k6lhiwfob6xniosmepz2tsnsx7ad.onion
4colmnerbjz3xtsjmqogehtpbt5upjzef57huilibbq3wfgpsylub7yd.onion
6voaf7iamjpufgwoulypzwwecsm2nu7j5jpgadav2rfqixmpl4d65kid.onion
6w5iasklrbr2kw53zqrsjktgjapvjebxodoki3gjnmvb4dvcbmz7n3qd.onion
7drfpncjeom3svqkyjitif26ezb3xvmtgyhgplcvqa7wwbb4qdbsjead.onion
ae3w7fkzr3elfwsk6mhittjj7e7whme2tumdrhw3dfumy2hsiwomc3yd.onion
chillingguw3yu2rmrkqsog4554egiry6fmy264l5wblyadds3c2lnyd.onion
fzdx522fvinbaqgwxdet45wryluchpplrkkzkry33um5tufkjd3wdaqd.onion
gku6irp4e65ikfkbrdx576zz6biapv37vv2cmklo2qyrtobugwz5iaad.onion
gois4b6fahhrlsieupl56xd6ya226m33abzuv26vgfpuvv44wf6vbdad.onion
j4dhkkxfcsvzvh3p5djkmuehhgd6t6l7wmzih6b4ss744hegwkiae7ad.onion
jabjabdea2eewo3gzfurscj2sjqgddptwumlxi3wur57rzf5itje2rid.onion
jaswtrycaot3jzkr7znje4ebazzvbxtzkyyox67frgvgemwfbzzi6uqd.onion
jeirlvruhz22jqduzixi6li4xyoweytqglwjons4mbuif76fgslg5uad.onion
jukrlvyhgguiedqswc5lehrag2fjunfktouuhi4wozxhb6heyzvshuyd.onion
mrbenqxl345o4u7yaln25ayzz5ut6ab3kteulzqusinjdx6oh7obdlad.onion
nixnet54icmeh25qsmcsereuoareofzevjqjnw3kki6oxxey3jonwwyd.onion
qawb5xl3mxiixobjsw2d45dffngyyacp4yd3wjpmhdrazwvt4ytxvayd.onion
qwikoouqore6hxczat3gwbe2ixjpllh3yuhaecixyenprbn6r54mglqd.onion
qwikxxeiw4kgmml6vjw2bsxtviuwjce735dunai2djhu6q7qbacq73id.onion
razpihro3mgydaiykvxwa44l57opvktqeqfrsg3vvwtmvr2srbkcihyd.onion
rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion
szd7r26dbcrrrn4jthercrdypxfdmzzrysusyjohn4mpv2zbwcgmeqqd.onion
xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion
xiynxwxxpw7olq76uhrbvx2ts3i7jagqnqix7arfbknmleuoiwsmt5yd.onion
xmppccwrohw3lmfap6e3quep2yzx3thewkfhw4vptb5gwgnkttlq2vyd.onion
ynnuxkbbiy5gicdydekpihmpbqd4frruax2mqhpc35xqjxp5ayvrjuqd.onion
yxkc2uu3rlwzzhxf2thtnzd7obsdd76vtv7n34zwald76g5ogbvjbbqd.onion

I don't want to eliminate them just for not running an HTTP server (eg port 80, 443, 8080, etc). Nor do I want to eliminate them for not running on a common XMPP port (5222, 5223, 5269, 5298, 8010). I'm trying to find something that checks if an Onion Service has been used in the past days/weeks without requiring me to test a connection on a given port.

My understanding is that Onion Services will (by default) generate and publish hidden service descriptors (HSDir).

Is there some way I can query the Tor directory of HSDirs to see if a given Onion Service is still active?

An engineer discovered that the manufacturer can remotely brick his smart vacuum for not collecting data.

They have a hidden app with every permission enabled already and you can't change that.

Google Cartographer huh...

If you've been following the wave of age-gating laws sweeping across the country and the globe, you've probably noticed that lawmakers, tech companies, and advocates all seem to be using different terms for what sounds like the same thing. Age verification, age assurance, age estimation, age gating...

AB-1043 "Age verification signals: software applications and online services."

Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043

California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.

https://www.404media.co/metas-ray-ban-glasses-users-film-and-harass-massage-parlor-workers/

Based on the article: Facebook has recently gotten an Ex-Meta Member into the Data Protection Agency of Ireland near end of 2024. They were sued for 250 million euro. They are back now actively trying to push for lower data protections in the EU publicly saying "It will hurt Meta"

Paywall Bypass Link https://archive.is/M8wbm

A constantly updated dark web monitoring tool.

Privacy-focused browser receives major updates while ending support for legacy platforms.

Someone recently managed to get on a Microsoft Teams call with representatives from phone hacking company Cellebrite, and then leaked a screenshot of the company’s capabilities against many Google Pixel phones, according to a forum post about the leak and 404 Media’s review of the material.

The leak follows others obtained and verified by 404 Media over the last 18 months. Those leaks impacted both Cellebrite and its competitor Grayshift, now owned by Magnet Forensics. Both companies constantly hunt for techniques to unlock phones law enforcement have physical access to.

“You can Teams meeting with them. They tell everything. Still cannot extract esim on Pixel. Ask anything,” a user called rogueFed wrote on the GrapheneOS forum on Wednesday, speaking about what they learned about Cellebrite capabilities. GrapheneOS is a security- and privacy-focused Android-based operating system.

rogueFed then posted two screenshots of the Microsoft Teams call. The first was a Cellebrite Support Matrix, which lays out whether the company’s tech can, or can’t, unlock certain phones and under what conditions. The second screenshot was of a Cellebrite employee. 💡 Do you know anything else about phone unlocking technology? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

According to another of rogueFed’s posts, the meeting took place in October. The meeting appears to have been a sales call. The employee is a “pre sales expert,” according to a profile available online.

The Support Matrix is focused on modern Google Pixel devices, including the Pixel 9 series. The screenshot does not include details on the Pixel 10, which is Google’s latest device. It discusses Cellebrite’s capabilities regarding ‘before first unlock’, or BFU, when a piece of phone unlocking tech tries to open a device before someone has typed in the phone’s passcode for the first time since being turned on. It also shows Cellebrite’s capabilities against after first unlock, or AFU, devices.
Screenshot via GrapheneOS forum.

The Support Matrix also shows Cellebrite’s capabilities against Pixel devices running GrapheneOS, with some differences between phones running that operating system and stock Android. Cellebrite does support, for example, Pixel 9 devices BFU. Meanwhile the screenshot indicates Cellebrite cannot unlock Pixel 9 devices running GrapheneOS BFU.

In a statement, Victor Cooper, senior director of corporate communications and content strategy at Cellebrite, told 404 Media “We do not disclose or publicize the specific capabilities of our technology. This practice is central to our security strategy, as revealing such details could provide potential criminals or malicious actors with an unintended advantage.” Google did not immediately respond to a request for comment.

GrapheneOS is a long running project which makes sizable security changes to an Android device. “GrapheneOS is focused on substance rather than branding and marketing. It doesn't take the typical approach of piling on a bunch of insecure features depending on the adversaries not knowing about them and regressing actual privacy/security. It's a very technical project building privacy and security into the OS rather than including assorted unhelpful frills or bundling subjective third party apps choices,” the project’s website reads.

As well as being used by the privacy and security conscious, criminals also turn to GrapheneOS. After the FBI secretly ran its own backdoored encrypted phone company for criminals, some drug traffickers and the people who sell technology to the underworld shifted to using GrapheneOS devices with Signal installed, according to interviews with phone sellers.

In their forum post, rogueFed wrote that the “meeting focused specific on GrapheneOS bypass capability.”

They added “very fresh info more coming.”

Differential privacy keeps that data private. It’s a mathematical framework whereby a statistical output can’t be used to determine any individual’s data in a dataset, and the bureau’s algorithm for differential privacy is called TopDown. It injects “noise” into the data starting at the highest level (national), moving progressively downward. There are certain constraints placed around the kind of noise that can be introduced—for instance, the total number of people in a state or census block has to remain the same. But other demographic characteristics, like race or gender, are randomly reassigned to individual records within a set tranche of data. This way, the overall number of people with a certain characteristic remains constant, while the characteristics associated with any one record don’t describe an individual person. In other words, you’ll know how many women or Hispanic people are in a census block, just not exactly where.

On August 28, Republican Representative August Pfluger introduced the COUNT Act. If passed, it would add a citizenship question to the census and force the Census Bureau to “cease utilization of the differential privacy process.” Pfluger’s office did not immediately respond to a request for comment.

• Google has reportedly started rolling out its new age verification requirements for the Play Store.
• Failure to prove you are 18 or older could lead to disruptions in app downloads.
• Adult users find these new systems very intrusive also report being wrongly flagged as minors and forced to verify using sensitive personal information, including selfies, credit cards, or government IDs.

Source: https://chaos.social/@delta/115454041149791990