In a judgment published today, Europe's top court concludes that suspected file-sharers can be subjected to mass surveillance and retention of their data as long as certain standards are upheld. Digital rights groups hoped to end the French 'Hadopi' anti-piracy scheme, claiming that it violates the fundamental right to privacy. The CJEU's judgment leaves no stone unturned explaining why that isn't so, leaving case law to deal with the turbulence.

Judgement here: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX:62021CJ0470

The app seems fairly small in size compared to orbot which is really old and also invizible pro seems to do a ton of things that including firewall vpn etc . So does it connect to tor network properly and pass all your traffic through it as good as orbot and completely block internet acces to not whitelisted services as good as rethink do ? Or does it cut cornors and do all the things but do all of them horribly ? Is it audited or atleast watched by enough people to be secure ? Anyway share your thoughts .

I think if the app does everything it boasts to do perfectly its one in a kind and unmatched and probably would make any android really really safe but i'm really skeptical . I have tried it out a month ago but ditched it after reading that its firewall does not work that well but idk if that is true or not anyway share your thoughts .

VLC's is broken atleast for me and i would like to know if any of the other video player from fdroid's main repo jad a good subtitle browser/downloader inbuilt . Searching got me nowhere and I'd rather not download try uninstall every video player from fdroid . So if anyone uses any do recommend as there is a fuckton of video players and i really can't download and test each and every one of them .

Maybe not the appropriate sub or c or whatever but i know mx player has one and I'd rather not turn to it (or anything outside fdroid) and i hope this post is alright here if not feel free to reach me about removal or if any mod wants to remove it also feel free . But just incase that i could get some answers don't down vote anyway cheers .

Started using xmpp recently because messaging apps sucks . I want to see if anyone use this thing .

I have a specific issue I want to solve right now, but the topic is phrased more generally as I would love the answer to this as well. But this might be an XY-problem because of this, so here's the actual problem I want to solve:

I am using LibreWolf as my main browser, and it has WebGL disabled by default to avoid fingerprinting. I would like to keep it this way, but I am currently also making some internal tools for myself that requires WebGL (map renders with Plotly in Dash).

Is there a way to tell LibreWolf to enable WebGL only for specific sites, so that I don't have to manually toggle this when I want to look at my maps? My initial thought was that this could be solved with a site-specific about:config.

from the passcodes-ftw dept

cross-posted from: https://lemmy.today/post/9850201

Late January, the U.S. Department of Commerce published a notice of proposed rulemaking for establishing new requirements for Infrastructure as a Service providers (IaaS) . The proposal boils down to a 'Know Your Customer' regime for companies operating cloud services, with the goal of countering the activities of "foreign malicious actors." Yet, despite an overseas focus, Americans won't be able to avoid the proposal's requirements, which covers CDNs, virtual private servers, proxies, and domain name resolution services, among others.

It finally happened. My 'dumb' TV died for good. Looking for recommendations on a new TV. I'll be hooking it up to a media PC anyway, but I still want a TV with a good panel and absolutely no microphones, cameras, or baked in ads (Looking at you roku). If anyone knows any good 'dumb' TV's too, I'd be very interested in looking at those.

Banks, email providers, booking sites, e-commerce, basically anything where money is involved, it's always the same experience. If you use the Android or iOS app, you stayed signed in indefinitely. If you use a web browser, you get signed out and asked to re-authenticate constantly - and often you have to do it painfully using a 2FA factor.

For either of my banks, if I use their crappy Android app all I have to do is input a short PIN to get access. But in Firefox I also get signed out after about 10 minutes without interaction and have to enter full credentials again to get back in - and, naturally, they conceal the user ID field from the login manager to be extra annoying.

For a couple of other services (also involving money) it's 2FA all the way. Literally no means of staying signed in on a desktop browser more than a single session - presumably defined as 30 minutes or whatever. Haven't tried their own crappy mobile apps but I doubt very much it is such a bad experience.

Who else is being driven crazy by this? How is there any technical justification for this discrimination? Browsers store login tokens just like blackbox spyware on Android-iOS, there is nothing to stop you staying signed in indefinitely. The standard justification seems to be that web browsers are less secure than mobile apps - is there any merit at all to this argument?

Or is all this just a blatant scam to push people to install privacy-destroying spyware apps on privacy-destroying spyware OSs, thus helping to further undermine the most privacy-respecting software platform we have: the web.

If so, could a legal challenge be mounted using the latest EU rules? Maybe it's time for Open Web Advocacy to get on the case.

Thoughts appreciated.

I never consent to give my data away or being tracked, but how do you deal with so called legitimate interest? I tried several times to untick them but it is a long list (in fact at the bottom there is a "vendors" link with even longer, much longer list. It took me 10 minutes to get to the bottom of it once).

My questions:

-how can we trust these so called legitimate interests when they are self defined by companies whose business model relies on your data?

-how can we find out what these legitimate interests are and what data it collects?

-are such companies controlled in any way?

-is this kind of consent form compliant with EU gdpr? (normally opt out is to be as easy as opt in, and there is no "refuse all" for these so called legitimate interests).

-what are your strategies against such sites tracking you? Or am I just being paranoid?

The sheer amount vendors is daunting, the Internet really turned into crap

Edit: when clicking Preferences at the bottom the content of the legitimate interested is spelled out for each vendor, so this replies one of my questions.

I just saw a comment in a thread saying to change the mirror when someone using fdroid was having issues because the mirror maybe syncing that got me to think that if the mirrors are hosted by different parties isn't there a chance some of them could be malicious ? Are alk the repos under fdroid with different URLs or something ? I'm not familiar with how they host that and couldn't find something by searching . Is there any precautions in place to make sure all the mirrors serve the same thing and hasn't changed anything ? Is there any problem with only enabling the official mirror other than if it goes down or is under sync/maintainence ? Should i just keep using that one mirtor ? If this really is a security risk why doesn't the fdroid team give any warning at all i think they have been always upfront and honest about these things and all the mirrors are enabled by default too .

Abstract

Consent plays a profound role in nearly all privacy laws. As Professor Heidi Hurd aptly said, consent works “moral magic” – it transforms things that would be illegal and immoral into lawful and legitimate activities. As to privacy, consent authorizes and legitimizes a wide range of data collection and processing.

There are generally two approaches to consent in privacy law. In the United States, the notice-and-choice approach predominates; organizations post a notice of their privacy practices and people are deemed to consent if they continue to do business with the organization or fail to opt out. In the European Union, the General Data Protection Regulation (GDPR) uses the express consent approach, where people must voluntarily and affirmatively consent.

Both approaches fail. The evidence of actual consent is non-existent under the notice-and-choice approach. Individuals are often pressured or manipulated, undermining the validity of their consent. The express consent approach also suffers from these problems – people are ill-equipped to decide about their privacy, and even experts cannot fully understand what algorithms will do with personal data. Express consent also is highly impractical; it inundates individuals with consent requests from thousands of organizations. Express consent cannot scale.

In this Article, I contend that most of the time, privacy consent is fictitious. Privacy law should take a new approach to consent that I call “murky consent.” Traditionally, consent has been binary – an on/off switch – but murky consent exists in the shadowy middle ground between full consent and no consent. Murky consent embraces the fact that consent in privacy is largely a set of fictions and is at best highly dubious.

Because it conceptualizes consent as mostly fictional, murky consent recognizes its lack of legitimacy. To return to Hurd’s analogy, murky consent is consent without magic. Rather than provide extensive legitimacy and power, murky consent should authorize only a very restricted and weak license to use data. Murky consent should be subject to extensive regulatory oversight with an ever-present risk that it could be deemed invalid. Murky consent should rest on shaky ground. Because the law pretends people are consenting, the law’s goal should be to ensure that what people are consenting to is good. Doing so promotes the integrity of the fictions of consent. I propose four duties to achieve this end: (1) duty to obtain consent appropriately; (2) duty to avoid thwarting reasonable expectations; (3) duty of loyalty; and (4) duty to avoid unreasonable risk. The law can’t make the tale of privacy consent less fictional, but with these duties, the law can ensure the story ends well.

It seems possible that Brave are building Brave Pro, which looks like its a subscription based service of some kind. A note on the Android implementation of the project reads (GitHub link):

"Implement the required runtime changes (profile settings, chrome flags, group policies, etc.) with the appropriate values that enable the Brave Pro experience. Using Brave in this mode with its default settings and making changes to the Brave Pro defaults require an active paid subscription.

When the browser has no active credentials for Brave Pro, the panel UI will promote the service and include the initial payment CTA. When credentials are present the panel UI will include the appropriate toggles for making changes to the default settings."

It also links to a private Google Doc.

It was at the Securedrop website. How did I end up there ? I read something about Sequoia and encryption and then wanted to see what Securedrop entailed.

Meanwhile I've raised the security settings. Still, today someone in this community (?) mentioned that Tor browser does not protect the remote to check for the OS, and now this. Color me surprised.

Every time I come to this sub I don’t see new posts.

Does anyone else have this issue?

If you notice your chat messages show up in the chat feed but don't appear on the streamers in-screen chat, you have been shadowbanned.

Twitch will still take your money for donations, subs, etc, but your feedback won't be seen by anybody but you. This shadowban does not appear in the appeals page and can be applied randomly and intermittently. You are never informed about this by the way. You'll likely be talking in a chat and assuming you're being ignored. Hop into a private tab and load up the stream where you'll be able to notice if your messages are missing in chat.

From my observations, there seems to be some type of algorithm/system that determines who to shadowban. I'm assuming it assigns extra points for factors like VPN usage, Linux, and adblockers. Once you've been shadowbanned, switching one of those three will not work to unban you until some arbitrary timer expires.

I'm posting this in case anybody else has experienced this and felt frustrated and isolated. You're not being ignored (unless you're a twat and are being ignored). You're just being punished by Twitch for being privacy conscious.

Proton: "Introducing Dark Web Monitoring for credential leaks"

https://proton.me/blog/dark-web-monitoring

@privacy

Hi guys!

I'm setting up a recently wiped phone, and just finding out that in order to use gTranslate, not only you need the app Google Translate, you ALSO need the app Lens, with its own permissions, and then ALSO force feeds you the app Google. Is there a way to avoid this? Or an alternative that allows live image translation (from Chinese if possible) from what the camera is seeing? As, for a travel trip, so I can read signs and texts on the street.

Thanks!