Privacy

On the internet, it’s easy to feel anonymous. If you don’t log in, no one can see who you are; you can even switch to incognito mode. The more savvy user would say that’s not really enough. To be anonymous, you need to clear your cookies and use a privacy-oriented browser.

But new research shows even that doesn’t work anymore. Websites are still tracking you — silently, persistently, and without your consent — by reading your browser’s unique “fingerprint.”

I've been looking at the WebCrypto API. When combined with the File system API, it can be used to encrypt and store files on your device storage in what seems to be a pretty secure way.

A webapp has some clear vulnerabilities with the code being served over the web (so you shouldnt be using this for any serious purposes!).

Live demo: https://dim.positive-intentions.com/?path=%2Fstory%2Fusefs--encrypted-demo

Demo code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js

IMPORTANT NOTES TO PREVENT MISLEADING

• this isnt a product. it provided for testing and demo.
• it isnt reviewed or audited.
• the "password encryption" is using a hardcoded password. id like to aim for a passwordless approach for this, but i havent considered it enough to discuss yet :)
• this isnt aimed to replace anything like veracrypt. just to show a comparison.
• this respository represents a webcomponent UI framework. while it holds some ideas i think are interesting, the ui framework seems like its going to be deprecated and i will be refactoring the functionality in favour of React.

I made an ephemeral onion chatroom, inspired by Ricochet and OnionShare, just for fun. Anyone wants to try? This app has a clearnet version and tor version as well!

• Clearnet: https://shadowtalk.yuzukateam.io.vn/
• Tor: 74xhglgkx3yq5o5ibiehpfwoq4jxb62323ydzam56fvqbkuo6kd7tcid (hash)
• And it open source!!!:https://github.com/plsgivemeachane/ShadowTalk I really like to get some feedback. Have fun everyone!

I'm wondering if this concept would work...

I love cheese, and sometimes find that websites don't have enough info about cheese. So I'm trying to help Google and GTM know that I have a significant interest in cheese. Only cheese, nothing else.

I want to code an extension in FF or Chrome to use in a VM that looks for a GTM container ID and injects data into that container that sends tags for cheese, cheese products, cheese accessories, charcuterie, etc. And even injects data showing large purchases of cheese. it would replace GTM tags on a site with my custom selection, just to ensure there's no question - we're all about cheese here.

This will save Google time, because otherwise I would have to rely on several weeks or months of searches about cheese. Instead, if every site I visit helps me express an interest in cheese, that would be great!

I would, of course, only use this extension myself, and never share such a thing. In the extension options, I would be able to select tags to share, just in case I end up with a similar interest for pine trees, marshmallows, or tomatoes.

Thoughts? Open to any suggestions here.

I recently realized that I’ve been using some tool a lot: a small web app I built myself to remove EXIF data from images.

United States Customs and Border Protection (CBP) is asking tech companies to pitch digital forensics tools that are designed to process and analyze text messages, pictures, videos, and contacts from seized phones, laptops, and other devices at the United States border, according to documents reviewed by WIRED.

The agency said in a federal registry listing that the tools it’s seeking must have very specific capabilities, such as the ability to find a “hidden language” in a person’s text messages; identify specific objects, “like a red tricycle,” across different videos; access chats in encrypted messaging apps; and “find patterns” in large datasets for “intel generation.” The listing was first posted on June 20 and updated on July 1.

CBP has been using Cellebrite to extract and analyze data from devices since 2008. But the agency said that it wants to “expand” and modernize its digital forensics program. Last year, CBP claims, it did searches on more than 47,000 electronic devices—which is slightly higher than the approximately 41,500 devices it searched in 2023 but a dramatic rise from 2015, when it searched just more than 8,500 devices.

Meta has come out swinging following the European Commission's decision that its pay-or-consent model falls foul of the Digital Markets Act (DMA).

In a post, the company stated: "This decision is both incorrect and unlawful, and we are appealing it." It then cites previous judgments to support its argument that it should be permitted to display personalized ads to users who don't want a paid subscription.

"Meta," it said, "is the only company in Europe unable to offer both a subscription-based and a free ad-supported service. Instead, Meta is required to offer a free, reduced-ad service – less personalized ads – that leads to poorer outcomes for users, advertisers, and platforms."

According to Meta, national courts and data protection authorities, including in France, Denmark, and Germany, have given "consistent support" for "business models that provide a paid subscription alternative to consent for personal data use for personalized ads."

But not the European Commission, which handed down a €200 million ($228 million) fine for the Meta's "consent or pay" ad model in April.

The Committee to Protect Journalists (CPJ) expressed alarm Monday over new directives issued by Israeli authorities ordering international media to obtain prior approval from the military censor before broadcasting news from combat zones or missile impact areas in Israel.

The move represents a significant escalation in efforts to control wartime reporting. CPJ regional director Sara Qudah voiced deep concern over the “escalating efforts to suppress press freedom through censorship and intimidation,” emphasizing that silencing the press “deprives the world of a clear, unfiltered view of the reality unfolding in the region.”

The Union of Journalists in Israel also denounced the move. Opposition leader Yair Lapid criticized the decision, arguing it damages Israeli diplomacy and is unenforceable considering smartphone ubiquity.

cross-posted from: https://lemmy.world/post/32238479

privacy issue log into multiple google account in thunderbird

What information I might leak to google server if I issue log into multiple google account in thunderbird? ip of course but what else might be collected? It would be really great if someone could clarify whether the information below will be send to google when using their email service even through Thunderbird

• device name
• device model
• ...

My main concern is that google will be able to know that I have logged into the same device with different accounts.

In addition, I plan to use VPN when using one google account but not the others. This can be achieved through profiling, but is there an option that I can simply manage all the accounts in one app but without my ip address being collected by several specific email service provider corresponding to several specific email?

thanks a lot!

In the early hours of Thursday morning, after two separate sessions of fierce debate that ran over 20 hours, Mexico's lower chamber of Congress passed two laws opening up personal data to the nation's military-run security force.

The Investigation and Intelligence Law and National Public Security System Law were two main pieces of Mexican President Claudia Sheinbaum's security package unveiled on June 9.

The law allows the creation of a National Information System, another set of registries that security institutions will have access to. The registries include national registry of arrests, criminal incidents, court orders, protective measures for women, girls and boys, and stolen and recovered vehicles. The law stipulates that the National Guard will also have access to the system.

"This new reform strengthens the political arm of the Morena cartel, a political organization that administers violence, profits from death and governs like organized criminals," said Institutional Revolutionary Party Congressman Carlos Gutiérrez Mancilla on Wednesday during a speech at the Congress podium.

Archive : https://archive.is/EbaLM

cross-posted from: https://lemmy.world/post/32194340

Is it a good enough solution for IMEI tracking to use an alternative device to provide a hotspot connection?

This approach appears to protect any new device that hasn't inserted a SIM card from being identified.

But I'm not sure how much information is carried to the second device by using hotspot.

Is this a good solution so far? Should I try to spoof IMEI?

Meta says its new AI feature won't be used for targeted ads, but experts still have concerns. When people upload personal photos or videos—even if they agree to it—it's unclear how long that data is kept or who can see it. Since the processing happens in the cloud, there are risks, especially with things like facial recognition and hidden details such as time or location.

Even if it's not used for ads, this kind of data could still end up in training datasets or be used to build user profiles. It's a bit like handing your photo album to an algorithm that quietly learns your habits, preferences, and patterns over time.

Last month, Meta began to train its AI models using public data shared by adults across its platforms in the European Union after it received approval from the Irish Data Protection Commission (DPC). The company suspended the use of generative AI tools in Brazil in July 2024 in response to privacy concerns raised by the government.

WhatsApp introduced a feature called Message Summaries. It is powered by Meta AI.

Why would one need this? The Meta-owned messaging app explains that sometimes users may have too many chats to catch up with, and if you want to do so quickly, the new feature will help.

Message Summaries uses Meta's Private Processing, a technology which was introduced in May 2025. Private Processing uses certain optional Meta AI features to process messages off-device in a confidential and secure environment. WhatsApp says that this process is so secure that not even Meta or WhatsApp can read or access your personal messages.

Sure, we may occasionally have to deal with long group chats that we may have missed. But, I'm not sure if the answer to this is AI-powered summaries. It could be useful in a pinch, but the fact is an AI may not be able to determine what is important to you, and what isn't. There's a good chance that some crucial information could be overlooked by the bot. If you want to use the summarization tool when you're in a hurry, that's cool, but I would advise checking your messages when you have the time.

Message Summaries are currently rolling out to users in the U.S., specifically for users in the English language. WhatsApp says it will bring the feature to more languages and countries later this year.

Google is making a change to Gemini, which will allow it to access WhatsApp and other content by default. Imagine that, both Gemini and Meta AI can access your WhatsApp. Don't forget, WhatsApp has ads now.

Would you allow AI to access your private conversations?

Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple's App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad tracking and targeting.

It was a fortuitous coincidence.

Psylo for iOS and iPadOS was created by Mysk, a Canada-based app biz run by software developers and security researchers Talal Haj Bakry and Tommy Mysk.

"Psylo stands out as it is the only WebKit-based iOS browser that truly isolates tabs," Tommy Mysk told The Register. "It's not only about separate storage and cookies. Psylo goes beyond that.

"This is why we call tabs 'silos.' It applies unique anti-fingerprinting measures per silo, such as canvas randomization. This way two Psylo tabs opening the same website would appear as though they originated on two different devices to the opened website."

ps : I've never tried anything like this, although it sounds plausible. If you still use social media like facebook, instagram, tiktok or google account. They can still track you, even you use different IP in each browser tab. So make sure you don't use social media, google, or microsoft account

Like it or not, artificial intelligence has become part of daily life. Many devices — including electric razors and toothbrushes — have become AI-powered," using machine learning algorithms to track how a person uses the device, how the device is working in real time, and provide feedback. From asking questions to an AI assistant like ChatGPT or Microsoft Copilot to monitoring a daily fitness routine with a smartwatch, many people use an AI system or tool every day.

While AI tools and technologies can make life easier, they also raise important questions about data privacy. These systems often collect large amounts of data, sometimes without people even realizing their data is being collected. The information can then be used to identify personal habits and preferences, and even predict future behaviors by drawing inferences from the aggregated data.

An assistant professor of cybersecurity at West Virginia University, studies how emerging technologies and different types of AI systems manage personal data and how we can build more secure and privacy-preserving systems for the future.

British police forces have signed contracts with a controversial US tech giant to buy AI-powered software that uses data about an individual’s race, sex life, health and political beliefs, it can be revealed.

An internal police memo obtained by The i Paper and Liberty Investigates confirms an intention to “nationally” apply the “Nectar” intelligence system, currently deployed as a pilot by the Bedfordshire force after being developed with Silicon Valley data analysis group Palantir Technologies.

The document, obtained under freedom of information rules, shows how the Palantir system is designed to bring together dozens of existing law enforcement databases into a single computing platform to draw up detailed profiles of suspects, as well as collate information on victims of crime, witnesses, and vulnerable individuals including children.

The State Department had temporarily paused issuing visas for foreign students at the end of May while it came up with the new social media guidance and it will now resume taking appointments.

"The enhanced social media vetting will ensure we are properly screening every single person attempting to visit our country," a senior State Department official said.

US consular officers will conduct a conduct a "comprehensive and thorough vetting of all student and exchange visitor applicants," the official said.