cross-posted from: https://lemmy.ml/post/33213275

I now reside in Germany and my current employer pays 50% of this so called Deutschland-Job-Ticket. There is no physical card but travel information you download to an android wallet, but apparently google wallet is the only available option. See the picture:

Google is a company I don’t trust with my data, neither do I expect your regular public transportation authority employee to care about his privacy (he looked at me as I was asking if 2 + 2 equal 4). I am not aware of non google based wallets where I can download the travel information.

I tried some f-droid and droidify options but it turns out they’re pure crap.

The site: https://abo.ride-ticketing.de/app/ I log in with my username and password, get my travel information and on the bottom the picture I uploaded.

Any workarounds?

This being Germany, shouldn’t there be an alternative to those who refuse google? Don’t I have that right as a consumer?

Another question: I screenshot my logged in session on the link I provided where you see my qr code and my billing data. The public transportation employee told me that’s not allowed (wtf?). Can anyone here provide a rationale?

More and more, i see people wearing these 'smart' glasses as sunglasses which i find totally creepy and intrusive. Living in the EU, i am wondering how these glasses are even 'allowed' in public or may even be sold here. It becomes harder to avoid cause they become so hard to identify. How to deal with this? To what extend is this allowed? (cause apparently it is some way)

Sorry if this is not the high brow discussion this com is for.

I travel a lot between different countries in the Middle East which have restrictive laws, and I live in one that is slowly becoming more competent technologically. I have to stay for an extended time in different places, so I’ve been connecting through always-on VPN out of the same place and it’s been working fine for now. But Digital ID laws are quickly going to close things off from me.

My risks that I’m trying to avoid are as follows: Locally, I want to make sure my IPs aren’t connected to public accounts. I don’t say anything online that can put me in jail for the most part, but I don’t trust that this will always be the case. I also would appreciate being a bit separated from the local internet. Elsewhere, I also don’t want my traffic to be monitored or my accounts to be tied back to my personal identity. For example, I don’t want to land in Dubai and to have my Steam account permanently affected by having “Spec Ops the Line” (banned game there) in my account (silly thing to worry about, but this is one tiny example out of many small issues that pile up). Plus, a lot of the internet is not accessible from these places, and I don’t like that, regardless of whether or not I want to peruse inaccessible internet stuff from there.

This has come with some serious downsides (online services are more expensive in Europe, where I have historically exited from), but it was/is worth the cost for me. Ironic that many VPN users seem to be trying to connect in the opposite direction than me (out of rich countries rather than in).

I’ve just been permanently using a single reputable VPN and single exit city for all of my traffic for the past while. Digital ID laws in the UK and EU will make this increasingly infeasible and I will probably have to exit out of somewhere new like Switzerland. I don’t know if those servers might be more trouble due to increased abuse for example.

Just want to know how others are dealing with this. Is just stomaching the wave of verifications after logging into all my emails from a new country the only price to pay? Is the world going to shit and should I rethink “just” using a VPN? Is it VPS time now that more and more things are being blocked from VPN access? Do I give up on the internet a decade ahead of schedule and chop wood in the woods until Israel’s AI mistakes my shack for a children’s hospital and drops heavy munitions on me?

I’m really hesitant to start using two sets of devices, some for insecure local traffic and some for encrypted traffic. I don’t think carrying like four laptops through airport security would keep eyes off of me.

There is this carrier I stumbled upon called Cape, calls itself America's privacy first carrier.

It claims to offer privacy and security and to only store necessary information.

We don’t collect your name, social security number, address, or other personal information. Any data we do receive (like call logs) is deleted after 60 days.

We secure your account against SIM swaps—attacks to steal your phone number and access your accounts—with modern cryptography protocols.

Our proprietary signaling protection blocks attempts by bad actors to intercept calls and SMS via outdated signaling protocols like SS7.

Voicemails can hold sensitive information like 2FA codes. Cape encrypts your voicemails so only you have access to them.

We don’t collect your name or billing address at checkout, and Cape never sees your credit card details.

Anonymous sign-up

They are also partnered with Proton

Here is a detailed list of what data they collect

They are currently offering a $1.50 trial for one month.

The CEO, John Doyle, was a communications specialist in the U.S. Army and worked for Palantir.

Thoughts?

The issue with Google's personalised search results is, imo:

1. Not only is it not opt-in, but you can't even opt out of it. Personalised search results should be opt-in and disabled by default.
2. The data kept on you is used to sell you ads
3. The data kept on you will be handed over to state entities fairly easily

Given those three problems, how feasible would it be to self-host a search engine that personalises your results to show you things that are more relevant to you? Avoiding issues 1 & 2 as you're self-hosting so presumably you have made the decisions around those two things. And issue 3 is improved as you can host it off-shore if you are concerned about your domestic state, and if you are legally compelled to hand over data, you can make the personal choice about whether or not to take the hit of the consequences of refusing, rather than with a big company who will obviously immediately comply and not attempt to fight it even on legal grounds.

A basic use-case example is, say you're a programmer and you look up ruby, you would want to get the first result as the programming language's website rather than the wikipedia page for the gemstone. You could just make the search query ruby programming language on any privacy-respecting search engine, but it's just a bit of QoL improvement to not have to think about the different ways an ambiguous search query like that could be interpreted.

TLDR: Drug dealers in Catalonia have started to adopt GrapheneOS en masse leading to Catalan police suspecting anyone with a Google Pixel is a drug dealer

New eSIM vulnerabilities in Kigen eUICC cards expose billions of IoT devices to potential cyberattacks.

I'm picking up a new Google Pixel and want to put GrapheneOS on it. Heard about Graphene since before their splits at CopperHead, but I havent had the chance the try the OS out. So I searched around and GrapheneOS allowed Google Play sandbox.

Does this function similar to a "Private Space" on newer Android or "Secure Folder" on Samsung? So I can enjoy the Graphene stuff but whenever I need Google Play specific apps, I use the sandbox environment?

Mostly, I will be using bank apps under the sandbox. Are there problems with OTP in this environment? In Samsung's Secure Folder, my bank app will have problems sending OTP unless I send it outside, i.e. out of Secure Folder.

One downside is that i'll have no more passkeys. The vault syncing, i can do via SyncThing.

So Freetube got hit with 403 errors again. I tried to open a video in the embedded player and I keep getting hit with them demanding I log into to prove I am not a bot. Is anyone else getting hit with this?

Link to the list of extensions at the end of the article

I know there are plenty of software missing from here. This is just a fun infographic I made, no need to take it seriously :)

I'm trying to migrate off gmail and apple services and ended up getting a domain and going to proton and using simplelogin for making aliases. But now I'm looking at proton pass, which comes free with my plan and lets me create aliases and wondering why I did that.

Ideally, I want nobody to have my main email address. everything gets an alias and dumps into the main. if the main address is found out, I just kill it and get another and point all the aliases to that. if an alias gets spammy or sold off to obnoxious marketing boobs, I kill the alias and create a new one.

I got started with migrating a few things over today into the aliases I had on my domain with simplelogin. I started to wonder what would happen if I replied to any of these and unlike apple hide-my-mail, it looks like these expose my actual address, unless I go through the trouble of going to simplelogin and getting an reverse alias link through them, which is an annoying pain in the ass. looking to see if there was any integration like apple's icloud had, I find proton pass is included in my mail plus plan and lets me do what simplelogin already was doing, complete with my domain being in the alias address!

So my question is why did I set up two seperate services for this? can I reply to incoming emails from the aliases created in proton pass without them revealing my address?

I have needed to get away from google for a while and am finally getting off my ass to do it, but apple hide my email was so simple to use whereas proton seems to have these weird oversights.

I have a normal Googled Android phone and tinkered with a bunch of settings so that only what I can't uninstall or disable remains on it.

If I run a vpn on it then the Googled OS may still know my location(from wifi and bluethooth scanning that it may be doing nonstop) and browser searches.

In that case, would the vpn only mask my activity from my internet service provider?

Thanks in advance

PS: This is a locked phone and I understand that it's spyware but I can't afford an unlocked one yet thanks

So the UK is going to start requiring IDs to view adult content. I'm in the US, but I've got a friend in the UK who obviously doesn't want to deal with this.

I suggested he use a VPN, but he's apparently heard they sell your personal data. Can anyone recommend a reliable VPN that collects as little data as possible?

ETA: thanks for the suggestions, everyone! I'm gonna research em and pass the info along. :)

What do y'all recommend?

I know that stock Android itself is spyware.

What tips about setting up my stock Android phone would you give me? It's not factory unlocked so I'm sticking with Google Android.

Things I've done:

• Stopped and disabled all apps that I don't use or need.
• Replaced all apps that I can with FOSS alternatives from github using Obtainium.
• Not installed things that I can just check on my laptop like email.

Is there anything else that I can do? Thanks in advance

Edit I've also:

• Changed my DNS to Mullvad DNS
• Restricted app permissions to only what they need
• Not signed into the phone. I don't even have Gmail account.

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

Hi all !

I just released the first version of Gosuki, a multi-browser real time bookmark manager I have been writing on and off for the past few years. It aggregates your bookmarks in real time across all browsers and even external APIs such as Reddit and Github.

• Github: https://github.com/blob42/gosuki
• Documentation: https://gosuki.net/
• Video Demo

I was always annoyed by the existing bookmark management solutions and wanted a tool that just works without relying on browser extensions, self-hosted servers or cloud services. As a developer and Linux user I also find myself using multiple browsers simultaneously depending on the needs so I needed something that works with any browser and can handle multiple profiles per browser.

The few solutions that exist require manual management of bookmarks. Gosuki automatically catches any new bookmark in real time so no need to manually export and synchronize your bookmarks. It allows a tag based bookmarking experience even if the native browser does not support tags. You just hit ctrl+d and write your tags in the title.

Feature Highlights:

• A single binary with no dependencies or browser extensions necessary. It just work right out of the box.
• Use the universal ctrl+d shortcut to add bookmarks and call custom commands.
• Tag with #hashtags even if your browser does not support it. You can even add tags in the Title. If you are used to organize your bookmarks in folders, they become tags
• Real time tracking of bookmark changes
• Builtin, local Web UI which also works without Javascript (w3m friendly)
• suki cli command for a dmenu/rofi compatible output
• Modular and extensible: Run custom scripts and actions per tags and folders when particular bookmarks are detected
• Browser Agnostic: Detects which browsers you have installed and watch changes across all of them
• Also handles multiple profiles per browser
• Stores bookmarks in a portable sqlite database compatible with the Buku. You can use any program that was made for buku.
• Can fetch your bookmarks from external APIs (Reddit and Github for now).
• Easily extensible to handle any browser or API

It's open source with an AGPLv3 license, Checkout the README and website docs for more details.

I have to use Zoom for a online class and I was wondering how I can make my Zoom experience more private? Is there a Zoom client that I can use like how there are privacy-focused Discord clients? What privacy tips would you recommend?

cross-posted from: https://lemmy.world/post/32631305

Analyzed by exodus, island the work profile app have 3 trackers detected

https://reports.exodus-privacy.eu.org/reports/com.oasisfeng.island/latest

Should I be worried?

About

Duck.ai is one of the few online places to chat with AI privately. Self-hosting your own AI model is a better option, but not everybody has the hardware for it. DuckDuckGo has made deals with the model providers to keep your chats private, so it's an easy option to recommend.

If you're like me, you probably clear your cookies a lot (or always browse in incognito). This means that any time you visit Duck.ai, you have to set all your settings again. One solution is to set Duck.ai as an exception to your browser data deletion, but that makes me uneasy. After getting fed up setting my preferred settings each time, I wanted to see if I could automate the process.

The Bookmarklet

Bookmarklets are essentially bookmarks in your bookmarks bar that, when clicked, run your own JavaScript code on whichever page you're visiting. This was a neat trick that some of my classmates used to edit pages when the Inspect Element was disabled on school computers.

I wrote a short bookmarklet that will automatically set my preferred settings in Duck.ai:

javascript:{
	const settings = {
		'aiChatPromptSuggestions': '{"hideSuggestions":true}',
		'aichatPromoDismissal': '{"promosDismissed":"9999-99-99"}',
		'duckaiCanUseApproxLocation': 'false',
		'duckaiSidebarCollapsed': 'true',
		'duckduckgo_settings': '{"description":"Each key is a setting documented in https://duckduckgo.com/duckduckgo-help-pages/settings/params/","kdcm":"6","kdcs":"0"}',
		'isRecentChatsOn': '"0"',
		'preferredDuckaiModel': '"6"',
	};
	
	let keys = Object.keys(settings);
	keys.forEach(key => {
		const value = settings[key];
		localStorage.setItem(key, value);
	});
	
	location.reload();
}

How To Use

(Steps may vary between browsers)

1. Copy-paste the bookmarklet code above (including the part that says javascript:)
2. Right click on the bookmarks bar in your browser
3. Select "Add page..."
4. In the field that says "URL", paste the code you copied
5. Name the bookmarklet whatever you want, for example: Debloat Duck.ai
6. Click "Save"
7. Visit Duck.ai (which redirects to https://duckduckgo.com/?q=DuckDuckGo+AI+Chat&ia=chat&duckai=1) You must visit this page before running the bookmarklet, because bookmarklets can only run code on the page you're currently visiting.
8. Click on the bookmarklet you just created. This will run the code.

You should now have a distraction free, private chat.

Explanation

Duck.ai stores its settings in the browser's "local storage". If you open the Inspect Element (either by right clicking on the page and clicking "Inspect" or by pressing F12) and navigate to Application > Local Storage > https://duckduckgo.com/ you will see a list of settings and their corresponding values.

By default, these settings are a tad too distracting for my taste. The bookmarklet I made does the following:

1. Hides prompt suggestions
2. Dismisses the promo by setting the shown date to something impossible in the future
3. Disables using approximate location for responses
4. Collapses the sidebar
5. duckduckgo_settings doesn't actually do much, and the values there are, in fact, not documented on this page
6. Disables chat history
7. Sets the preferred model to Mistral Small 3, which is open source and has low moderation.

You can set your preferred settings before running the bookmarklet and edit the bookmarklet code according to your own settings.

The code then iterates through these settings, and sets each one. Then, finally, reloads the page to apply the settings.

Updates

This project is far too small to make an entire repository for it, so I will try to just update this post with any new code. For example, duckaiCanUseApproxLocation is a new setting that was added in the last few days.

I hope everyone enjoys this as much as I did!

Here is a before and after:

cross-posted from: https://sh.itjust.works/post/41641719

Keystrokes? Screen recordings? Camera and microphone spying? Assuming an average person who's not actively targeted by an intelligence agency.