privacy
/privacy1097
Privacy is a human right.
"GSM Association teased that the next major milestone for the messaging standard is the addition of interoperable end-to-end encryption" https://www.engadget.com/cybersecurity/rcs-messaging-adds-end-to-end-encryption-between-android-and-ios-120020005.html
Attacking Privacy Chains: At Scale & At Home
“Monero & other privacy protocols are compromised”
> This article covers how Monero has been (allegedly) compromised & what distinguishes it from others
> It discussed a spectrum of attacks including RPC poisoning, dust storm, and how you can protect yourself from or perform them
https://x.com/signal_return/status/1899615272413311137
“Monero & other privacy protocols are compromised”
> This article covers how Monero has been (allegedly) compromised & what distinguishes it from others
> It discussed a spectrum of attacks including RPC poisoning, dust storm, and how you can protect yourself from or perform them
https://x.com/signal_return/status/1899615272413311137
Cyber URL Scanner is an advanced tool for analyzing website security. Using the latest cybersecurity technologies
Source & Credit: cyscan.io
Source & Credit: cyscan.io
What is a polymorphic extension? A malicious extension that fakes the icon and behavior of other extensions to steal user data.
https://www.ghacks.net/2025/03/10/new-polymorphic-chrome-extensions-fake-others-to-steal-your-data/
https://www.ghacks.net/2025/03/10/new-polymorphic-chrome-extensions-fake-others-to-steal-your-data/
US gov: You intentionally helped North Korea launder over $1B
Chainalysis: Yeah so, about that... it was actually a lot less...
US gov: oh okay, let's not tell anyone but you STILL intentionally helped North Korea launder $600M
Make it make sense.
https://x.com/FreeAlexeyRoman/status/1899485896904159648
Chainalysis: Yeah so, about that... it was actually a lot less...
US gov: oh okay, let's not tell anyone but you STILL intentionally helped North Korea launder $600M
Make it make sense.
https://x.com/FreeAlexeyRoman/status/1899485896904159648
This will be great for Yubico and Bitwarden so that people can upgrade away from Google, Apple, and Facebook.
375
Shane Mac
@shanemac.eth·4 days ago
We are releasing the first step in one of our most fundamental changes to the @xmtp protocol this week...
Passkey support.
This changes what's possible and allows us to support any network & any identity with a truly global and interoperable secure messaging protocol...
Passkey support.
This changes what's possible and allows us to support any network & any identity with a truly global and interoperable secure messaging protocol...
Now that Apple has stopped offering its Advanced Data Protection in the UK, it’s time to checkout alternatives.
For cloud:
- Ente
- Proton Drive
For self-host:
- Nextcloud
- Immich
Escape the walled garden.
For cloud:
- Ente
- Proton Drive
For self-host:
- Nextcloud
- Immich
Escape the walled garden.
Do this: https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now
Because of this: https://x.com/joeyneverjoe/status/1898032202447044925
Because of this: https://x.com/joeyneverjoe/status/1898032202447044925
How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now
The ad identifier - aka “IDFA” on iOS, or “AAID” on Android - is the key that enables most third-party tracking on mobile devices. Disabling it will make it substantially harder for advertisers and data brokers to track and profile you, and will limit the amount of your personal information up for...
www.eff.org
x.com
4926
kazani.base.eth 🦂
@kazani.eth·07:02 03/03/2025
Alternatives to Firefox:
https://librewolf.net/
https://www.waterfox.net/
https://zen-browser.app/
https://apps.gnome.org/Epiphany/
https://github.com/ungoogled-software/ungoogled-chromium
https://www.gnu.org/software/gnuzilla/
https://www.palemoon.org/ (I'm using this)
https://brave.com/ (and of course, this one as well)
https://ladybird.org/
https://librewolf.net/
https://www.waterfox.net/
https://zen-browser.app/
https://apps.gnome.org/Epiphany/
https://github.com/ungoogled-software/ungoogled-chromium
https://www.gnu.org/software/gnuzilla/
https://www.palemoon.org/ (I'm using this)
https://brave.com/ (and of course, this one as well)
https://ladybird.org/
Kazani
BROWSER ALTERNATIVES with Mitigations, Patches etc. ➡️ FireFox browser options: - Tor Browser (all) - Mullvad Browser (Desktop) - IronFox (Android) Read the Known Issues section on the Gitlab. - LibreWolf (mentally ill devs) ➡️ Make your own #Firefox with mitigations etc... - Phoenix Wiki - Arkenfox user.js Wiki Gui User-tool Mobile - Narsil Narsil Mobile - Betterfox Betterfox Mobile - pyllyukko - Compare some of the user.js files ➡️ Chromium based browser Options - Ungoogled Chromium (all) - Cromite (Android, Linux, Windows) ➡️ Browser extensions - uBlacklist - uBlock Origin or uMatrix (never both) - LibRedirect (setup your instances for each service in the settings) ➡️ Links to block lists - Yokoffing - Celenity/Phoenix - FilterLists ➡️ Set your default search engine to a search proxy - 4get instances - Searx instances ➡️ Why your favorite browser is not recommended - Celenity Firefox browser comparisons - How to choose a browser for everyday use? - Is your browser spyware? - Choose your browser carefully - Browsers and the connections they make compared - Fake Privacy and security ➡️ Additional reading - Wiki about extensions - Multiple Extension Conflicts - uMatrix for beginners - Firefox user.js install guide - Arch Linux Firefox Privacy wiki ➡️ Testing your browser - Fingerprint. com - How to test browsers for spyware - Privacytests browser comparison - Mullvad check - IP Leak - List of test sites A - List of test sites B * Thunderbird users should consider taking a look at Dove - Phoenix's sister project. [nostr note by Kazani]
primal.net
WARNING - Etcher Sends private information to third parties
Etcher is recommend by many people for burning image files to USB drives for distro testing, but TAILS just removed their recommendation for Etcher based on sharing information with third parties.
https://www.youtube.com/watch?v=ufDVKQ4C8-0
https://tails.net/news/rufus/index.en.html
Etcher is recommend by many people for burning image files to USB drives for distro testing, but TAILS just removed their recommendation for Etcher based on sharing information with third parties.
https://www.youtube.com/watch?v=ufDVKQ4C8-0
https://tails.net/news/rufus/index.en.html
Kagi Is Bringing Orion Web Browser to Linux
https://www.omgubuntu.co.uk/2025/03/kag-orion-web-browser-coming-to-linux
https://www.omgubuntu.co.uk/2025/03/kag-orion-web-browser-coming-to-linux
Rayhunter
A New Open-Source Tool from EFF to Detect Cellular Spying
https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
https://github.com/EFForg/rayhunter
A New Open-Source Tool from EFF to Detect Cellular Spying
https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
https://github.com/EFForg/rayhunter
Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying
Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS) around the world.
www.eff.org
GitHub - EFForg/rayhunter: Rust tool to detect cell site simulators on an orbic mobile hotspot
Rust tool to detect cell site simulators on an orbic mobile hotspot - GitHub - EFForg/rayhunter: Rust tool to detect cell site simulators on an orbic mobile hotspot
github.com
A post from the developer of WireGuard on the severe security flaws and lack of trustworthiness of FDroid:
https://bsky.app/profile/grapheneos.org/post/3lgq7wqwzpk26
The Bluesky link has GrapheneOS posts explaining
https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613430404
Stuff here but not to the point like the Bluesky link
https://discuss.grapheneos.org/d/18731-f-droid-vulnerability-allows-bypassing-certificate-pinning/
https://bsky.app/profile/grapheneos.org/post/3lgq7wqwzpk26
The Bluesky link has GrapheneOS posts explaining
https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613430404
Stuff here but not to the point like the Bluesky link
https://discuss.grapheneos.org/d/18731-f-droid-vulnerability-allows-bypassing-certificate-pinning/
GrapheneOS (@grapheneos.org)
A post from the developer of WireGuard on the severe security flaws and lack of trustworthiness of F-Droid: https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613430404
bsky.app
wireguard inclusion policy violation (auto-updates w/o explicit user consent) (#3110) · Issues · F-Droid / Data · GitLab
Per https://f-droid.org/en/docs/Inclusion_Policy/ The software must not download additional executable binary files (e.g. addons, auto-updates, etc.) without explicit user consent....
gitlab.com
2802
Garrett
@garrett·22:27 06/03/2025
Another Coinbase acqui-hire! Coinbase M&A team has been staying busy!
Does anyone know if the Iron Fish founders (Elena Nadolinski and Jason Spafford) are on farcaster?
Excited to see more privacy projects on Base like @veilanon
Would love to hear @apex777.eth thoughts on this too
https://www.coinbase.com/blog/Coinbase-acquires-team-to-accelerate-privacy-efforts-on-Base
Does anyone know if the Iron Fish founders (Elena Nadolinski and Jason Spafford) are on farcaster?
Excited to see more privacy projects on Base like @veilanon
Would love to hear @apex777.eth thoughts on this too
https://www.coinbase.com/blog/Coinbase-acquires-team-to-accelerate-privacy-efforts-on-Base
4926
kazani.base.eth 🦂
@kazani.eth·12:46 06/03/2025
https://support.google.com/product-documentation/answer/16001929
https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html
Android System SafetyCore (com.google.android.safetycore) provides common infrastructure that apps can use to protect users from unwanted content. The classification of content runs exclusively on your device and the results aren’t shared with Google.
As a system service, SafetyCore is only active when an application integrates with SafetyCore and specifically requests content to be classified. SafetyCore performs the classification on the device itself and doesn’t send identifiable data or any of the classified content or results to Google servers
For now there is no app that uses it. In future any app can use it to avoid setting up his system not on device.
1/2 ⬇️
https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html
Android System SafetyCore (com.google.android.safetycore) provides common infrastructure that apps can use to protect users from unwanted content. The classification of content runs exclusively on your device and the results aren’t shared with Google.
As a system service, SafetyCore is only active when an application integrates with SafetyCore and specifically requests content to be classified. SafetyCore performs the classification on the device itself and doesn’t send identifiable data or any of the classified content or results to Google servers
For now there is no app that uses it. In future any app can use it to avoid setting up his system not on device.
1/2 ⬇️
"...but could not ascertain where the seller had acquired them due to a language barrier."
Honestly the least believable part of this story
https://www.itpro.com/security/data-breaches/its-your-worst-nightmare-a-batch-of-eur5-hard-drives-found-at-a-flea-market-held-15gb-of-dutch-medical-records-and-experts-warn-it-couldve-caused-a-disastrous-data-breach
Honestly the least believable part of this story
https://www.itpro.com/security/data-breaches/its-your-worst-nightmare-a-batch-of-eur5-hard-drives-found-at-a-flea-market-held-15gb-of-dutch-medical-records-and-experts-warn-it-couldve-caused-a-disastrous-data-breach
Techlore video review of BusKill (Open-Source Dead Man Switch) 🔒
https://www.buskill.in/techlore-review/
https://www.buskill.in/techlore-review/
Mox - modern, secure, all-in-one email server
Stay in control of your email and keep email decentralized!
https://www.xmox.nl/
Stay in control of your email and keep email decentralized!
https://www.xmox.nl/
The idea of a crypto summit at the white house kind of makes me cringe. I'm all for deregulation, that's good, but the heart of crypto is fundamentally opposed to the state. Make crypto scary again, fuck all this cozying up with the state bullshit.
That's why I like Monero so much, the Monero community doesn't give two fucks about ETFs and Blackrock's Model Portfolio, or banks being allowed to custody crypto, strategic reserves, or politician pump and dumps. The Monero community just cares about creating digital cash that is completely outside of state control. It cares about ensuring you can hold wealth that is safe from confiscation. It cares about the ability to transfer value anywhere without being spied upon.
That's why I like Monero so much, the Monero community doesn't give two fucks about ETFs and Blackrock's Model Portfolio, or banks being allowed to custody crypto, strategic reserves, or politician pump and dumps. The Monero community just cares about creating digital cash that is completely outside of state control. It cares about ensuring you can hold wealth that is safe from confiscation. It cares about the ability to transfer value anywhere without being spied upon.
🤖 Android with 8 years of updates
Qualcomm and Google have announced a collaboration to offer up to 8 years of software and security updates from their new Snapdragon 8 Elite processor
This will not only affect Google pixels, which will see their lifespan extended, but also other manufacturers if the manufacturer so chooses, making more Android phones have a longer lifespan.
This initiative will also extend to future Snapdragon 8 and 7 chips over the next five generations, making Androids with these processors much more attractive.
It will also benefit future Pixels that will come with these processors , forgetting about Google's "tensor" processors and gaining in power.
Everything points to the fact that with the next Pixel 10 we will have 8 years of updates for GrapheneOS.
Qualcomm and Google have announced a collaboration to offer up to 8 years of software and security updates from their new Snapdragon 8 Elite processor
This will not only affect Google pixels, which will see their lifespan extended, but also other manufacturers if the manufacturer so chooses, making more Android phones have a longer lifespan.
This initiative will also extend to future Snapdragon 8 and 7 chips over the next five generations, making Androids with these processors much more attractive.
It will also benefit future Pixels that will come with these processors , forgetting about Google's "tensor" processors and gaining in power.
Everything points to the fact that with the next Pixel 10 we will have 8 years of updates for GrapheneOS.
Alternatives to Firefox:
https://librewolf.net/
https://www.waterfox.net/
https://zen-browser.app/
https://apps.gnome.org/Epiphany/
https://github.com/ungoogled-software/ungoogled-chromium
https://www.gnu.org/software/gnuzilla/
https://www.palemoon.org/ (I'm using this)
https://brave.com/ (and of course, this one as well)
https://ladybird.org/
https://librewolf.net/
https://www.waterfox.net/
https://zen-browser.app/
https://apps.gnome.org/Epiphany/
https://github.com/ungoogled-software/ungoogled-chromium
https://www.gnu.org/software/gnuzilla/
https://www.palemoon.org/ (I'm using this)
https://brave.com/ (and of course, this one as well)
https://ladybird.org/
Are privacy pools effective?
What prevents Lazarus to first move stolen funds to Tornado Cash, then slowly release them to multiple new accounts and later deposit to Railgun from those accounts?
What prevents Lazarus to first move stolen funds to Tornado Cash, then slowly release them to multiple new accounts and later deposit to Railgun from those accounts?
Apparently Firefox got caught doing TOS/TOU ninja updates. Keep an eye out and if you depend on not being tracked by traffic analysis, it is probably time to switch browser.
Recommend Brave or Kagi Orion Browser
Recommend Brave or Kagi Orion Browser
SmartTube
Advanced player for set-top boxes and tvs running Android OS
Features
No Ads
Designed for TV screens
Up to 8K video resolution
Login into your account
Cast from the phone
Support tv box remote controller
Support external software keyboard
Support devices without Google Services
Open source
https://smarttubeapp.github.io
https://github.com/yuliskov/SmartTube
https://github.com/yuliskov/SmartTube/releases
WARNING NOT FULLY OPEN SOURCE
There are at least 5 proprietary libraries in the app.
https://github.com/yuliskov/SmartTube/issues/471
Advanced player for set-top boxes and tvs running Android OS
Features
No Ads
Designed for TV screens
Up to 8K video resolution
Login into your account
Cast from the phone
Support tv box remote controller
Support external software keyboard
Support devices without Google Services
Open source
https://smarttubeapp.github.io
https://github.com/yuliskov/SmartTube
https://github.com/yuliskov/SmartTube/releases
WARNING NOT FULLY OPEN SOURCE
There are at least 5 proprietary libraries in the app.
https://github.com/yuliskov/SmartTube/issues/471
With rise of AI coding, there is great opportunity for people who actually care about privacy & security.
Majority off apps will be slop GPT code that wouldn’t normally even pass unit test.
If you can build something that actually works, doesn’t steal user data, is open source and private,
You will thrive.
Majority off apps will be slop GPT code that wouldn’t normally even pass unit test.
If you can build something that actually works, doesn’t steal user data, is open source and private,
You will thrive.
Telegram 's latest beta for Android introduces detailed user info! 🕵️♂️
You can now see:
📍 Country of phone number origin
📅 Account registration date (month/year)
👥 Number of shared groups
✔️ Whether the account is official
• https://x.com/officer_cia/status/1895442145370087681
You can now see:
📍 Country of phone number origin
📅 Account registration date (month/year)
👥 Number of shared groups
✔️ Whether the account is official
• https://x.com/officer_cia/status/1895442145370087681
New sensitive breach: Spyware service Spyzie had almost 519K email addresses breached this month. The exploited vulnerability also granted access to captured messages, photos, call logs, and more. 48% were already in haveibeenpwned.
https://techcrunch.com/2025/02/27/spyzie-stalkerware-spying-on-thousands-of-android-and-iphone-users/
https://techcrunch.com/2025/02/27/spyzie-stalkerware-spying-on-thousands-of-android-and-iphone-users/
🇫🇷 France goes for VPNs
Companies like Canal+ and LFP (Ligue de Football Professionnel) claim that VPN providers are contributing to illegal broadcasts of sports broadcasts. (Yes, they want to go after that again, just like in Spain.)
This is why, according to a journalist from "Línforme", Canal+ and LFP have different VPNs in mind.
Faced with this situation, VPN companies are considering leaving France, arguing that such measures are a threat.
Even ProtonVPN is willing to take the case to the EU Court of Justice . https://torrentfreak.com/protonvpn-site-blocking-is-an-attack-on-users-online-freedom-250214/?preview=true
There is no obligation to block VPNs for now, but we will be watching to see if such a measure is finally implemented.
Companies like Canal+ and LFP (Ligue de Football Professionnel) claim that VPN providers are contributing to illegal broadcasts of sports broadcasts. (Yes, they want to go after that again, just like in Spain.)
This is why, according to a journalist from "Línforme", Canal+ and LFP have different VPNs in mind.
Faced with this situation, VPN companies are considering leaving France, arguing that such measures are a threat.
Even ProtonVPN is willing to take the case to the EU Court of Justice . https://torrentfreak.com/protonvpn-site-blocking-is-an-attack-on-users-online-freedom-250214/?preview=true
There is no obligation to block VPNs for now, but we will be watching to see if such a measure is finally implemented.
I found an interesting resource that contains information about the main web vulnerabilities. The peculiarity of this platform is that each of the listed methods can be performed independently, following the tips and examples. And each example is interactive, so it will be easier for you to perceive the material and practice. The content is as follows:
➡ SQL Injection;
➡ Cross-Site Scripting;
➡ Command Execution;
➡ Clickjacking;
➡ Cross-Site Request Forgery;
➡ Directory Traversal;
➡ Reflected XSS;
➡ DOM-based XSS;
➡ File Upload Vulnerabilities;
➡ Broken Access Control;
➡ Open Redirects;
➡ Unencrypted Communication;
➡ User Enumeration;
1/ ⬇️
➡ SQL Injection;
➡ Cross-Site Scripting;
➡ Command Execution;
➡ Clickjacking;
➡ Cross-Site Request Forgery;
➡ Directory Traversal;
➡ Reflected XSS;
➡ DOM-based XSS;
➡ File Upload Vulnerabilities;
➡ Broken Access Control;
➡ Open Redirects;
➡ Unencrypted Communication;
➡ User Enumeration;
1/ ⬇️
A new Android feature is scanning your photos for 'sensitive content' - how to stop it
https://www.zdnet.com/article/a-new-android-feature-is-scanning-your-photos-for-sensitive-content-how-to-stop-it/
https://www.zdnet.com/article/a-new-android-feature-is-scanning-your-photos-for-sensitive-content-how-to-stop-it/
