Privacy

39054 readers
516 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
1
 
 

Browser Timezone & Privacy Concerns

How can I hide my "timezone" from sniffing sites?

From my understanding, websites can access both the timezone of my browser (without using javascript) and the timezone of my local machine (using javascript). my question being

  • If a website has access to my local machine's timezone, does it mean it has access to other information on/about my local machine?
  • According to Privacy - How can I hide my "timezone" from sniffing sites? - Super User, we must disable JavaScript to block timezone access. However disabling javascript is not really feasible as it breaks most of websites. Is there a workaround that allows us to block JavaScript from running specific commands?
  • Maybe my understanding of JavaScript is incorrect, but if a website has the privilege of running any program on my computer through the web browser, it can retrieve all the information it needs. If I don't disable JavaScript while using the browser, I don't see the point in resisting fingerprinting, like spoofing my device info.

appreciate any help!

2
 
 

I’m curious about how DuckAI is able to stores chat conversations.

How it is able to store my conversation for over a month?

3
 
 

Zotero 7 Lost WebDAV - Zotero Forums

Is zotero trustworthy given that it forces people to create a zotero account and possible forces people to sync their data to their server?

4
 
 

At this point it not about passive collection, corporations are going to extreme ends to get our data.

https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

I am interested in what people are doing to enforce their privacy while using the web.

I have some things in place, looking to compare with the community.

(btw, I am new here, this is my first post. So uh… Hi )

5
23
submitted 13 hours ago* (last edited 1 hour ago) by happeningtofry99158@lemmy.world to c/privacy@lemmy.ml
 
 

GrapheneOS vs LineageOS vs iodéOS

According to Comparison of Android-based Operating Systems, GrapheneOS seems to be better than LineageOS and iodéOS in every aspect.

I'm wondering if there is any downside of GrapheneOS. What am I giving up for using GrapheneOS instead of LineageOS and iodéOS (besides GrapheneOS only support pixel)?

In terms of privacy, security, customizability and functionality, which OS would you recommend and on what device would you recommend using it?

Answered questions

  • Does LineageOS supports muti profile like GrapheneOS (I thought all AOSP supports multiprofile feature)
  • Does LineageOS supports full device encryption using some open source app? (like veracrypt)
    • @https://lemmy.world/u/who@feddit.org Yes, full-device encryption is built in to Android these days.

Some questions

  • Can LineageOS supports Sandboxed Google Play with some tweaks?
  • If there is backdoor planted in pixel (which in my opinion is very likely), then I guess the “risk of an adversary gaining physical access to the phone” is quite equal for both of OS?
  • @benjaminoakes https://lemmy.world/u/benjaminoakes (how do I @ another user in lemmy???) and I qoute "Graphene is likely to run into issues soon. They were relying on the AOSP source tree including Pixel-specific files. Google isn’t releasing those anymore, so GrapheneOS would have to reverse engineer or extract the needed files somehow."
    • should I be concerned about this issue? Will it affect my experience in the next 5 years ? (I usually update my device in 5 year cycle)

thanks a million

6
 
 

Recently, I can't access any GitHub repositories without having to sign in. This is becoming frustrating.

I'm looking for an alternative to switch to that has good git push/pull speeds (I've visited one which speeds are slow for me).

Any good options? Would one of the following be good?

  • Codeberg
  • Gitlab
7
 
 

been tracking the ORBs along with TrashFuture. not good.

8
 
 

cross-posted from: https://lemm.ee/post/67352766

9
 
 

Looking for Privacy-Oriented Open-Source Android Browsers

I'm looking for a privacy-focused, open-source Android browser. Here are some options I've found:

  • IronFox
    • recommended by LibreWolf
  • Fennec
    • no repo
  • Waterfox
  • Vanadium
  • iceraven
    • most stars
    • https://lemmy.world/u/Thetimefarm@lemm.ee - As far as I know ironfox supports any extensions normal firefox mobile does, but neither give you access to the full full extensions store. Iceraven is the only mobile browser I know of that lets you use all the extensions that you can on desktop firefox.
  • bromite
    • no longer maintained
    • Bromite has a fingerprint randomization and Vanadium doesn't. But Vanadium has better security if you use Graphene. So yeah, for privacy Bromite might be better
  • cromite
    • Bromite fork
  • brave
    • controversial
  • duckduckgo

Is there any other browser out there that fits this criteria? Is there an even better choice? I’m particularly interested in ones that focus on privacy.

EDIT: in terms of popularity, privacy and functionality I guess the best choices are iceraven (based on firefox) as it has most stars on github and cromite (based on chromium) as brave is controversial


Solved Questions

I know that Brave is a bit controversial, but If Brave does something behind our backs wouldn’t we be able to know it since all the source code is out there? If it has some features we don’t like can’t we simply modify the source code?

@slackness

re: open source In theory: yes. In practice: maybe. It’ll probably eventually be caught by some researcher but unlike popular belief all open source code bases are not constantly being audited by the community. A random person can’t just read Brave source code for all platforms and accurately gauge if they’re doing something nefarious. It is very easy to hide stuff in code or misuse a protocol for evil purposes, etc.

You can modify the source code but as evident by the fact that there’s no Brave fork with crypto removed (there was one but their branding was too similar to Brave’s so they got sued), it’s not an easy feat to maintain that.


few questions

  • What is the difference between IronFox, Fennec, Waterfox and iceraven?

As far as I know ironfox supports any extensions normal firefox mobile does, but neither give you access to the full full extensions store. Iceraven is the only mobile browser I know of that lets you use all the extensions that you can on desktop firefox.

10
11
 
 

Recently, I came across Preveil, which is a service that can provide end-to-end encryption to either your Outlook, Gmail, or Apple Mail email accounts. It’s free, but if you want more storage, obviously, you will need to pay.

It looks very interesting as this could get others to use end-to-end encryption for the emails without having to move to another provider. However, I haven’t really seen any reviews (besides this one from PC Mag) or others expressing their experience with Preveil, so I am unsure if it’s a good service to use or recommend.

Has anyone used it or is familiar with Preveil? Does anyone know if there are similar services to Preveil, preferably those that are open source?

12
 
 

“To facilitate this vetting, all applicants for F, M and J non-immigrant visas will be asked to adjust the privacy settings on all their social media profiles to ‘public’”, the official said. “The enhanced social media vetting will ensure we are properly screening every single person attempting to visit our country.”

13
 
 

Is there a privacy-focused accurate handwriting-to-text option for android? Ideally it would run locally on device with no required connection to the internet.

Thanks for any recommendations in advance.

14
15
429
submitted 4 days ago* (last edited 3 days ago) by jimmy@feddit.org to c/privacy@lemmy.ml
16
 
 

The Minnesota shooter apparently used data broker websites to find the home addresses of the people he shot and murdered.

Congress has had years to do something about data brokers and they've sided with the tech lobby over and over again.

Their inaction is deadly.

By Evan Greer

17
18
19
20
 
 

Cock.li confirmed the validity of the breach based on sample data and column structure, stating that the exposed dataset includes roughly 1,023,800 user records. The compromised fields include email addresses, timestamps of first and last webmail logins, failed login attempt data, language preferences, and serialized Roundcube user settings such as webmail signatures and interface configurations. Additionally, approximately 93,000 contact entries associated with around 10,400 users were leaked, containing names, email addresses, comments, and vCard data.

Not sure why people ever trusted a meme email provider in the first place...

21
 
 

I'm looking to direct people to message me on Signal, Matrix, etc. Any suggestions? Thanks in advance

22
 
 

Hi, I'm looking for a mail client that is well suited for managing multiple identities and can easily handle routing everything over an anonymity network.

I would use Thunderbird, but I think when you take it online, it downloads from all your connected email accounts. I want to "go online" at will toward particular email addresses, in other words I do not want my upstream mail provider to be able to associate my accounts in any way, including access time, assuming there is a large enough other pool of people using the same client/anonymity network.

Are there any that are well made for this purpose? Otherwise I will use the mail frontend over Tor or something, but it would be nice to have a lightweight client-side application too so I can keep my emails downloaded and delete them from the server.

23
 
 

Hello, I just wanted to share my story regarding having a domain with Njalla using ProtonMail/SimpleLogin's services.

TLDR (full story below): You may not be able to send emails from your domain with ProtonMail/SimpleLogin if your domain is registered with Njalla (or any other "privacy-friendly" domain registrar).

Full-story:

I had a domain with Njalla (njal.la) for a couple of years, and at the same time, I was using this domain with ProtonMail (to send emails from my domain) and SimpleLogin (catch-all aliases with my domain). I never had any issues during the last few years until recently:

  • A few months ago, beginning of 2025, I suddenly wasn't able to send emails from my domains/aliases: They were rejected ("Undelivered Mail Returned to Sender") because I was listed on Spamhaus (a service which lists domain reputation, check.spamhaus.org). I contacted Proton's support, and they advised me to reach out Spamhaus directly to resolve this issue. I was able to request a delisting of my domain "automatically" (through a form), and a few days later, my domain had been "automatically" delisted and I was thus able to send emails again.
  • A month ago, my domain has suddenly been re-listed on spamhaus, again. This time, I wasn't prompted with the automatic delisting form like the first time. I had to contact through a form Spamhaus and I had to write a small text requesting to be delisted and explaining to them how I was not using my domain for spamming/scaming/bulk email sending/etc... This time, spamhaus refused to delist my domain because my domain was considered as an Internet neighbourhood with “poor reputation” that has shared (or inevitably will share) its negative reputation. (...) The domain is not eligible for removal while being associated with this neighbourhood. We recommend moving your domain to a hosting network with good reputation.. I was talking with Njalla's support and ProtonMail's support at the same time, and they basically both told me that there is nothing they could do. I was basically forced to transfer my domain to a new domain hoster provider. And not any other domain hoster, but one with a "good" reputation (when I asked if transfering to 1984 (https://1984.hosting/), a privacy-friendly domain provider, Spamhaus discouraged me to do so.

To sum it up, by having your domain with any privacy-friendly service (like Njalla, 1984, ...), there is a chance that your domain will be listed on Spamhaus, preventing you from using your domain with ProtonMail/SimpleLogin.

I find it ironic from Proton, as they even encourage using Njalla/1984 in one of their blog article: https://proton.me/blog/professional-domain-and-email. At the end, I'm a bit pissed by Spamhaus's behaviour and also ProtonMail for using such services.

Here are screenshots of my discussions with ProtonMail, Njalla and Spamhaus support if anyone is interested enough in reading the whole discussions: https://postimg.cc/gallery/phgVK4M

Just wanted to share my story to help other people know about this issue and the issues they might encounter with ProtonMail based on their DNS provider choice.

24
 
 

I created a 5-week degoogling plan PDF based on the steps in my book DISENGAGE: Escape the Leash of Big Tech, Scams and Surveillance—Everyday Resistance for the Digital Underdog.

Before I finalize and post it to my site, I'd love some feedback from people who have degoogled or are in the process of doing so.

The final package will be a single PDF, and I've pasted images of the pages below. The final infographic has a link for each product. Please don't worry about formatting issues, I'll get those fixed. But in general, I'm wondering.

  • Does this seem motivational/doable?

  • Are the tips clear?

  • Is there anything that is now incorrect? I wrote the book originally two years ago and updated it in February, so some of my suggestions may already be out of date.

  • At the bottom I mention that full instructions for each step are available in DISENGAGE, which is a free book. Is that enough? Or should I instead either note which chapter/page to look at for each step, or directly include links to instructions/tools online?

  • The infographic at the end...is it weird to be sideways? I created it a while ago and don't want to have to redo it to fit the orientation. I could offer that separately, OR I could redo the whole PDF to be landscape instead of portrait (which I don't love).

  • I'm thinking of turning this into a group challenge (also no cost). If there's enough interest, it could be the checklist, the book, and a Signal group (maybe with a weekly call). I don't know nearly everything about the topic, but I did degoogle myself, and everyone in the group/on the call can share questions and suggestions. What do you think of this idea?

Thanks!

25
 
 

Hello everyone. I'm in the process of migrating approx 28 users to Threema. I would appreciate any spare promo codes that you might have. Many thanks!

view more: next ›