privacy

/privacy1097

Privacy is a human right.

Attacking Privacy Chains: At Scale & At Home

“Monero & other privacy protocols are compromised”

> This article covers how Monero has been (allegedly) compromised & what distinguishes it from others

> It discussed a spectrum of attacks including RPC poisoning, dust storm, and how you can protect yourself from or perform them

https://x.com/signal_return/status/1899615272413311137
US gov: You intentionally helped North Korea launder over $1B
Chainalysis: Yeah so, about that... it was actually a lot less...
US gov: oh okay, let's not tell anyone but you STILL intentionally helped North Korea launder $600M

Make it make sense.

https://x.com/FreeAlexeyRoman/status/1899485896904159648
This will be great for Yubico and Bitwarden so that people can upgrade away from Google, Apple, and Facebook.
375
Shane Mac
@shanemac.eth·4 days ago
We are releasing the first step in one of our most fundamental changes to the @xmtp protocol this week...

Passkey support.

This changes what's possible and allows us to support any network & any identity with a truly global and interoperable secure messaging protocol...
Now that Apple has stopped offering its Advanced Data Protection in the UK, it’s time to checkout alternatives.

For cloud:
- Ente
- Proton Drive

For self-host:
- Nextcloud
- Immich

Escape the walled garden.

Kazani

BROWSER ALTERNATIVES with Mitigations, Patches etc. ➡️ FireFox browser options: - Tor Browser (all) - Mullvad Browser (Desktop) - IronFox (Android) Read the Known Issues section on the Gitlab. - LibreWolf (mentally ill devs) ➡️ Make your own #Firefox with mitigations etc... - Phoenix Wiki - Arkenfox user.js Wiki Gui User-tool Mobile - Narsil Narsil Mobile - Betterfox Betterfox Mobile - pyllyukko - Compare some of the user.js files ➡️ Chromium based browser Options - Ungoogled Chromium (all) - Cromite (Android, Linux, Windows) ➡️ Browser extensions - uBlacklist - uBlock Origin or uMatrix (never both) - LibRedirect (setup your instances for each service in the settings) ➡️ Links to block lists - Yokoffing - Celenity/Phoenix - FilterLists ➡️ Set your default search engine to a search proxy - 4get instances - Searx instances ➡️ Why your favorite browser is not recommended - Celenity Firefox browser comparisons - How to choose a browser for everyday use? - Is your browser spyware? - Choose your browser carefully - Browsers and the connections they make compared - Fake Privacy and security ➡️ Additional reading - Wiki about extensions - Multiple Extension Conflicts - uMatrix for beginners - Firefox user.js install guide - Arch Linux Firefox Privacy wiki ➡️ Testing your browser - Fingerprint. com - How to test browsers for spyware - Privacytests browser comparison - Mullvad check - IP Leak - List of test sites A - List of test sites B * Thunderbird users should consider taking a look at Dove - Phoenix's sister project. [nostr note by Kazani]

primal.net
WARNING - Etcher Sends private information to third parties

Etcher is recommend by many people for burning image files to USB drives for distro testing, but TAILS just removed their recommendation for Etcher based on sharing information with third parties.

https://www.youtube.com/watch?v=ufDVKQ4C8-0

https://tails.net/news/rufus/index.en.html
Crxplorer.com is a great free tool for blue team to check overly permissive browser extensions
Love to see privacy efforts at /base seriously ramping up!
2802
Garrett
@garrett·22:27 06/03/2025
Another Coinbase acqui-hire! Coinbase M&A team has been staying busy!

Does anyone know if the Iron Fish founders (Elena Nadolinski and Jason Spafford) are on farcaster?

Excited to see more privacy projects on Base like @veilanon

Would love to hear @apex777.eth thoughts on this too

https://www.coinbase.com/blog/Coinbase-acquires-team-to-accelerate-privacy-efforts-on-Base
https://support.google.com/product-documentation/answer/16001929

https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html

Android System SafetyCore (com.google.android.safetycore) provides common infrastructure that apps can use to protect users from unwanted content. The classification of content runs exclusively on your device and the results aren’t shared with Google.

As a system service, SafetyCore is only active when an application integrates with SafetyCore and specifically requests content to be classified. SafetyCore performs the classification on the device itself and doesn’t send identifiable data or any of the classified content or results to Google servers

For now there is no app that uses it. In future any app can use it to avoid setting up his system not on device.



1/2 ⬇️
Mox - modern, secure, all-in-one email server

Stay in control of your email and keep email decentralized!

https://www.xmox.nl/
Un-g**gle yourself ➜ Privacy-first stack
Loading...
The idea of a crypto summit at the white house kind of makes me cringe. I'm all for deregulation, that's good, but the heart of crypto is fundamentally opposed to the state. Make crypto scary again, fuck all this cozying up with the state bullshit.

That's why I like Monero so much, the Monero community doesn't give two fucks about ETFs and Blackrock's Model Portfolio, or banks being allowed to custody crypto, strategic reserves, or politician pump and dumps. The Monero community just cares about creating digital cash that is completely outside of state control. It cares about ensuring you can hold wealth that is safe from confiscation. It cares about the ability to transfer value anywhere without being spied upon.
🤖 Android with 8 years of updates

Qualcomm and Google have announced a collaboration to offer up to 8 years of software and security updates from their new Snapdragon 8 Elite processor

This will not only affect Google pixels, which will see their lifespan extended, but also other manufacturers if the manufacturer so chooses, making more Android phones have a longer lifespan.

This initiative will also extend to future Snapdragon 8 and 7 chips over the next five generations, making Androids with these processors much more attractive.

It will also benefit future Pixels that will come with these processors , forgetting about Google's "tensor" processors and gaining in power.

Everything points to the fact that with the next Pixel 10 we will have 8 years of updates for GrapheneOS.
Are privacy pools effective?

What prevents Lazarus to first move stolen funds to Tornado Cash, then slowly release them to multiple new accounts and later deposit to Railgun from those accounts?
Apparently Firefox got caught doing TOS/TOU ninja updates. Keep an eye out and if you depend on not being tracked by traffic analysis, it is probably time to switch browser.

Recommend Brave or Kagi Orion Browser
SmartTube

Advanced player for set-top boxes and tvs running Android OS

Features
No Ads
Designed for TV screens
Up to 8K video resolution
Login into your account
Cast from the phone
Support tv box remote controller
Support external software keyboard
Support devices without Google Services
Open source

https://smarttubeapp.github.io

https://github.com/yuliskov/SmartTube

https://github.com/yuliskov/SmartTube/releases

WARNING NOT FULLY OPEN SOURCE
There are at least 5 proprietary libraries in the app.
https://github.com/yuliskov/SmartTube/issues/471
With rise of AI coding, there is great opportunity for people who actually care about privacy & security.

Majority off apps will be slop GPT code that wouldn’t normally even pass unit test.

If you can build something that actually works, doesn’t steal user data, is open source and private,

You will thrive.
Telegram 's latest beta for Android introduces detailed user info! 🕵️‍♂️

You can now see:
📍 Country of phone number origin
📅 Account registration date (month/year)
👥 Number of shared groups
✔️ Whether the account is official

https://x.com/officer_cia/status/1895442145370087681
🇫🇷 France goes for VPNs

Companies like Canal+ and LFP (Ligue de Football Professionnel) claim that VPN providers are contributing to illegal broadcasts of sports broadcasts. (Yes, they want to go after that again, just like in Spain.)

This is why, according to a journalist from "Línforme", Canal+ and LFP have different VPNs in mind.

Faced with this situation, VPN companies are considering leaving France, arguing that such measures are a threat.

Even ProtonVPN is willing to take the case to the EU Court of Justice . https://torrentfreak.com/protonvpn-site-blocking-is-an-attack-on-users-online-freedom-250214/?preview=true

There is no obligation to block VPNs for now, but we will be watching to see if such a measure is finally implemented.
I found an interesting resource that contains information about the main web vulnerabilities. The peculiarity of this platform is that each of the listed methods can be performed independently, following the tips and examples. And each example is interactive, so it will be easier for you to perceive the material and practice. The content is as follows:

➡ SQL Injection;
➡ Cross-Site Scripting;
➡ Command Execution;
➡ Clickjacking;
➡ Cross-Site Request Forgery;
➡ Directory Traversal;
➡ Reflected XSS;
➡ DOM-based XSS;
➡ File Upload Vulnerabilities;
➡ Broken Access Control;
➡ Open Redirects;
➡ Unencrypted Communication;
➡ User Enumeration;


1/ ⬇️