publication croisée depuis : https://lemmy.pierre-couy.fr/post/653426

This is a guide I wrote for Immich's documentation. It features some Immich specific parts, but should be quite easy to adapt to other use cases.

It is also possible (and not technically hard) to self-host a protomaps release, but this would require 100GB+ of disk space (which I can't spare right now). The main advantages of this guide over hosting a full tile server are :

• it's a single nginx config file to deploy
• it saves you some storage space since you're only hosting tiles you've previously viewed. You can also tweak the maximum cache size to your needs
• it is easy to configure a trade-off between map freshness and privacy by tweaking the cache expiration delay

If you try to follow it, please send me some feedback on the content and the wording, so I can improve it

For Android users seeking a privacy-focused browser, Privacy Guides recommends Mull:

Mull is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references.

Mull enables many features upstreamed by the Tor uplift project using preferences from Arkenfox. Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.

The spies in your home: How WiFi companies monitor your private life

https://proton.me/blog/wifi-surveillance

@privacyguides

cross-posted from: https://lemmy.ca/post/26747543

The post is in the link, the article with more background info is here (it cites the mastodon post): https://www.androidauthority.com/custom-roms-vs-google-3469378/

I originally saw the article on this post on [email protected] and went looking for links.

Like when I read 3 Billion National Public Data Records with SSNs, Addresses Dumped Online, am I supposed to access that data dump or something to see if I got pwned? Are there equivalents to haveibeenpwned.com for this type of stuff? Any guides on what to do when these happen? I feel like I'm doomscrolling or watching the news, and feeling depressed about the world as a result because I should be doing something but I can't or it seems like I can't.

Even though I know better than to put such personal info online, but that doesn't eliminate the odds of them getting into breaches like these, and having started to be careful about digital privacy has opened my eyes to the sad state of privacy.

repeated media reports of Google’s disregard for the privacy of the general public led to a push for open source, community driven alternatives to Google Maps. The biggest contender, now used by Google’s direct competitors and open source projects alike is OpenStreetMap.

1. OsmAnd

OsmAnd is a fantastic choice when searching for an alternative to Google Maps. It is available on both Android and iOS devices with both free and paid subscription options. Free accounts have full access to maps and navigation features, but choosing a paid subscription will allow you unlimited map downloads and increases the frequency of updates.

All subscriptions can take advantage of turn-by-turn navigation, route planning, map markers, and all the favorite features you expect from a map and navigation app in 2024. By making the jump to a paid subscription you get some extra features like topo maps, nautical depths, and even point-of-interest data imported from Wikipedia.

2. Organic Maps

Organic Maps is a great choice primarily because they offer support for all features of their iOS and Android apps completely offline. This means if you have an old phone laying around, you can install the app, download the maps you need and presto! You now have an indepth digital map in the palm of your hand without needing to worry about losing or damaging your primary mobile device when exploring the outdoors.

Organic Maps tugs our heartstrings by their commitment to privacy. The app can run entirely without a network connection and comes with no ads, tracking, data collection, and best of all no registration.

3. Locus Maps

Our third, and last recommendation today is Locus Maps. Locus Maps is built by outdoor enthusiasts for the same community. Hiking, biking, and geocaching are all mainstays of the Locus App, alongside standard street map navigation as well.

Locus is available in its complete version for Android, and an early version is available for iOS which is continuing to be worked on. Locus Maps offers navigation, tracking and routes, and also information on points-of-interest you might visit or stumble upon during your adventures.

Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.

In a new malvertising campaign found by Malwarebytes, threat actors created ads that display an advertisement for Google Authenticator when users search for the software in Google search.

What makes the ad more convincing is that it shows 'google.com' and "https://www.google.com" as the click URL, which clearly should not be allowed when a third party creates the advertisement.

We have seen this very effective URL cloaking strategy in past malvertising campaigns, including for KeePass, Arc browser, YouTube, and Amazon. Still, Google continues to fail to detect when these imposter ads are created.

Malwarebytes noted that the advertiser's identity is verified by Google, showing another weakness in the ad platform that threat actors abuse.

When the download is executed, it will launch the DeerStealer information-stealing malware, which steals credentials, cookies, and other information stored in your web browser.

Users looking to download software are recommended to avoid clicking on promoted results on Google Search, use an ad blocker, or bookmark the URLs of software projects they typically use.

Before downloading a file, ensure that the URL you're on corresponds to the project's official domain. Also, always scan downloaded files with an up-to-date AV tool before executing.

Filed in 2022, the Texas lawsuit said that Meta was in violation of a state law that prohibits capturing or selling a resident’s biometric information, such as their face or fingerprint, without their consent.

The company announced in 2021 that it was shutting down its face-recognition system and delete the faceprints of more than 1 billion people amid growing concerns about the technology and its misuse by governments, police and others.

Texas filed a similar lawsuit against Google in 2022. Paxton’s lawsuit says the search giant collected millions of biometric identifiers, including voiceprints and records of face geometry, through its products and services like Google Photos, Google Assistant, and Nest Hub Max. That lawsuit is still pending.

The $1.4 billion is unlikely to make a dent in Meta’s business. The Menlo Park, California-based tech made a profit of $12.37 billion in the first three months of this year, Its revenue was $36.46 billion, an increase of 27% from a year earlier.

I find that I need a security camera for my back yard. Do you folks recommend any particular makes & models? It should avoid the cloud but record locally. I'm somewhat handy with Linux and a RaspberryPi, if that helps.

Thanks!

The Kids Online Safety Act (KOSA) easily passed the Senate today despite critics' concerns that the bill may risk creating more harm than good for kids and perhaps censor speech for online users of all ages if it's signed into law.

KOSA received broad bipartisan support in the Senate, passing with a 91–3 vote alongside the Children’s Online Privacy Protection Action (COPPA) 2.0. Both laws seek to control how much data can be collected from minors, as well as regulate the platform features that could harm children's mental health.

However, while child safety advocates have heavily pressured lawmakers to pass KOSA, critics, including hundreds of kids, have continued to argue that it should be blocked.

Among them is the American Civil Liberties Union (ACLU), which argues that "the House of Representatives must vote no on this dangerous legislation."

If not, potential risks to kids include threats to privacy (by restricting access to encryption, for example), reduced access to vital resources, and reduced access to speech that impacts everyone online, the ACLU has alleged.

The ACLU recently staged a protest of more than 300 students on Capitol Hill to oppose KOSA's passage. Attending the protest was 17-year-old Anjali Verma, who criticized lawmakers for ignoring kids who are genuinely concerned that the law would greatly limit their access to resources online.

"We live on the Internet, and we are afraid that important information we’ve accessed all our lives will no longer be available," Verma said. "We need lawmakers to listen to young people when making decisions that affect us."

In a new academic paper, researchers from the Belgian university KU Leuven detailed their findings when they analyzed 15 popular dating apps. Of those, Badoo, Bumble, Grindr, happn, Hinge and Hily all had the same vulnerability that could have helped a malicious user to identify the near-exact location of another user, according to the researchers.

While neither of those apps share exact locations when displaying the distance between users on their profiles, they did use exact locations for the “filters” feature of the apps. Generally speaking, by using filters, users can tailor their search for a partner based on criteria like age, height, what type of relationship they are looking for and, crucially, distance.

To pinpoint the exact location of a target user, the researchers used a novel technique they call “oracle trilateration.”

The good news is that all the apps that had these issues, and that the researchers reached out to, have now changed how distance filters work and are not vulnerable to the oracle trilateration technique.

Neither Badoo, which is owned by Bumble, nor Hinge responded to a request for comment.

A federal district court in New York has ruled that U.S. border agents must obtain a warrant before searching the electronic devices of Americans and international travelers crossing the U.S. border.

The ruling on July 24 is the latest court opinion to upend the U.S. government’s long-standing legal argument, which asserts that federal border agents should be allowed to access the devices of travelers at ports of entry, like airports, seaports and land borders, without a court-approved warrant.

“The ruling makes clear that border agents need a warrant before they can access what the Supreme Court has called ‘a window into a person’s life,’” Scott Wilkens, senior counsel at the Knight First Amendment Institute, one of the groups that filed in the case, said in a press release Friday.

The district court’s ruling takes effect across the U.S. Eastern District of New York, which includes New York City-area airports like John F. Kennedy International Airport, one of the largest transportation hubs in the United States.

Critics have for years argued that these searches are unconstitutional and violate the Fourth Amendment, which protects against unwarranted searches and seizures of a person’s electronic devices.

In this court ruling, the judge relied in part on an amicus brief filed on the defendant’s behalf that argued the unwarranted border searches also violate the First Amendment on grounds of presenting an “unduly high” risk of a chilling effect on press activities and journalists crossing the border.

With several federal courts ruling on border searches in recent years, the issue of their legality is likely to end up before the Supreme Court, unless lawmakers act sooner.

cross-posted from: https://lemmy.ca/post/26065429

Hey, all. I just bought a Samsung Galaxy Tab A7, and I would like to install a custom Android ROM on it. After a bit of research, my two options are LineageOS and Murena (aka /e/OS).

Does one have any advantages over the other? Or is it simply a matter of preference?

1. When using Kraken to buy Monero, aren't you concerned about potential data breaches that could lead to identity theft?
2. How secure is Kraken when it comes to protecting user information?
3. If you use a no-KYC exchange like CakeWallet, aren't you worried about potential government investigations?

I'd like to get your thoughts on these options

I live in a EU member country

I tried looking for lists but didn't find any.

The Work Number is US-specific and where your employers input your salary data for future employers to see. You can opt out here: https://employees.theworknumber.com/employee-data-freeze/.

One example would be state disability programs, they already need my real name and identity to work with me. Are there any downsides to sharing a simplelogin alias containing my real name vs no containing my real name? I just think it would be easier record keeping for them.

I just tried changing my email on studentaid.gov to a simplelogin alias (using SL is a habit at this point) and I got notifications that emails from it were bounced while trying to verify the email change with sent codes. I looked it up and found a bunch of Reddit posts about issues with SL and iCloud.

I want to keep a timeline of the places I go like Google Maps can, and export it to mac for my diary*. The maps app doesn't have to be great, it just needs to keep a timeline in the background, I would still use Apple Maps as my main navigation app.

*(ideally I can automatically export it somehow, perhaps with the Shortcuts and Scriptable app but just tell me any apps with a timeline and export feature)

We're happy to announce that BusKill is presenting at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: 2024-08-10 12:00 - 13:45
Where: W303 – Third Floor – LVCC West Hall

BusKill is presenting at DEF CON 32

via @[email protected]

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

What is DEF CON?

DEF CON is a yearly hacker conference in Las Vegas, USA.

Watch the DEF CON Documentary for more info youtube.com/watch?v=3ctQOmjQyYg

What is BusKill presenting at DEF CON?

I (goldfishlaser) will be presenting Open Hardware Design for BusKill Cord in a Demo Lab at DEF CON 32.

What: Open Hardware Design for BusKill Cord
When: Sat Aug 10 12PM – 1:45PM
Where: W303 – Third Floor – LVCC West Hall

Who: Melanie Allen (goldfishlaser) More info

Talk Description

BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need:

1. a usb-a extension cord,
2. a usb hard drive capable of being attached to a carabiner,
3. a carabiner,
4. the plastic pieces in this file,
5. a usb female port,
6. a usb male,
7. 4 magnets,
8. 4 pogo pins,
9. 4 pogo receptors,
10. wire,
11. 8 screws,
12. and BusKill software.

Golden DIY BusKill Print

Full BOM, glossary, and assembly instructions are included in the github repository. The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time.

Meet Me @ DEF CON

If you'd like to find me and chat, I'm also planning to attend:

• ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 | 236),
• Hacker Kareoke (Friday and Sat 20:00-21:00 | 222),
• Goth Night (Friday: 21:00 – 02:00 | 322-324),
• QueerCon Mixer (Saturday: 16:00-18:00 | Chillout 2),
• EFF Trivia (Saturday: 17:30-21:30 | 307-308), and
• Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 | 325-327)

I hope to print many fun trinkets for my new friends, including some BusKill keychains.

Come to my presentation @ DEF CON for some free BusKill swag

By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.

That's a use case for aliases, catching if any company or service gives out your email to be abused by advertisers and whatnot. I tried looking for stories but didn't find any, I wonder if you have any to share.