Privacy

A sophisticated tracking method employed by Meta (Facebook) and Yandex that potentially affected billions of Android users through covert web-to-app communications via localhost sockets.

The technique allowed native Android apps, including Facebook and Instagram, to silently receive browser metadata, cookies, and commands from Meta Pixel scripts embedded on thousands of websites, effectively linking mobile browsing sessions to user identities and bypassing standard privacy protections.

TLDR: Automakers want a piece of the data harvesting pie. But don't worry they assure us it's just to improve their products. You know, like the infotainment they're building, that they wouldn't need to build if they kept phone integration.

A London woman has made a data complaint after discovering she had been put on a facial recognition camera watchlist at a Home Bargains store after a dispute over 39p worth of paracetamol.

She learned of her entry on a database of banned customers when a member of staff at the store in Grove Farm retail park in Chadwell Heath asked her to leave and directed her attention to a Facewatch sign.

Facewatch is a facial recognition system used by retailers to identify and deter shoplifters by analysing CCTV footage and comparing faces against a private database of known offenders. It triggers an alert to staff when a match is made by the software.

The Apple and Google app stores continue to offer private browsing apps that are surreptitiously owned by Chinese companies, more than six weeks after they were identified in a Tech Transparency Project report. Apple and Google may also be profiting from these apps, which put Americans’ privacy and U.S. national security at risk, TTP found.

The apps are virtual private networks (VPNs), which promise to mask a user’s identity as they browse the internet. But Chinese-owned VPNs raise serious privacy and security concerns for Americans because Chinese companies can be forced to share user data with the Chinese government under the country’s national security laws. VPNs have access to particularly sensitive user data since they see all of a person’s web activity.

TTP’s April 1 report found that more than 20 of the top 100 free VPNs in the U.S. Apple App Store in 2024 showed evidence of Chinese ownership. None of these apps clearly disclosed their Chinese ties, and some obscured their origins behind layers of shell companies. Several of the apps were linked to Qihoo 360, a Chinese cybersecurity firm that has been sanctioned by the U.S. over its ties to China’s People’s Liberation Army, TTP found.

I know this might be more tightly knit to encryption but I do not think it is entirely irrelevant for this community.

Question is in the title.

Bret Victor wants to sell Dynamicland to cities.

I'm submitting this for public comment because Victor is a coward who cannot take peer review in public. Ironically, this is part of the problem with his recent push to adapt Dynamicland for public spaces; Victor's projects have spent years insisting that physical access control is equivalent to proper capability safety, and now he is left with only nebulous promises of protecting the public from surveillance while rolling out a public surveillance system -- sorry, a "computational public space."

glitr.io

I'm working towards something for secure/private/simple P2P file transfer. It isnt as "simple" as it could be, im still working on it, but ive got it down to:

• Zero-installation as a PWA
• Zero-registration by using local-only storage
• P2P-authentication using WebCrypto API
• Fast data-transfer using WebRTC

It's far from finished, but i think ive got it "usable" enough to ask for feedback on it.

I'm aware there are things like SFTP and several other established protocols and tools. I started doing this because I was learning about WebRTC and it seems suprisingly capable. This isnt ready to replace any existing apps or services.

(Note: I know you guys on lemmy are interested in open-source code. this project is a spin-off from a bigger project: https://github.com/positive-intentions/chat)

Let me know what you think about the app, features and experience you would expect from a tool like this.

If you are concerned about your privacy online you should totally be using a Temporary Email Generator service to help your reduce spam and protect your identity.

Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers' exposure to government surveillance and the likelihood of being caught up in police investigations. A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of "connected cars," with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement's knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies -- not the law -- determine driver privacy.

"Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera," one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. "If the vehicle has an active subscription," they add, "it does create more data." The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely.

One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data -- revealing its location -- roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead. [...] Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car's systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

I know I could and should encrypt whole drives but I want another layer of protect specific folders when my devices are unlocked, a password. I want the folders to behave like regular folders where I can add or remove files as usual, without a clunky UX like password protected zips. I looked it up and didn't find any straightforward solutions.

A chart titled "What Kind of Data Do AI Chatbots Collect?" lists and compares seven AI chatbots—Gemini, Claude, CoPilot, Deepseek, ChatGPT, Perplexity, and Grok—based on the types and number of data points they collect as of February 2025. The categories of data include: Contact Info, Location, Contacts, User Content, History, Identifiers, Diagnostics, Usage Data, Purchases, Other Data.

• Gemini: Collects all 10 data types; highest total at 22 data points
• Claude: Collects 7 types; 13 data points
• CoPilot: Collects 7 types; 12 data points
• Deepseek: Collects 6 types; 11 data points
• ChatGPT: Collects 6 types; 10 data points
• Perplexity: Collects 6 types; 10 data points
• Grok: Collects 4 types; 7 data points