privacy

cross-posted from: https://lemmy.sdf.org/post/38550444

The Chinese artificial intelligence (AI) application DeepSeek is set to be removed from app stores in Germany at the behest of the federal data protection officer, Louisa Specht-Riemenschneider, due to violations of European law.

"China does not have a level of data protection that corresponds to our General Data Protection Regulation," she told the newspapers of the Funke media group. Data transfers to China are "extremely critical," she said.

[...]

Specht-Riemenschneider said she supports the initiative of the Berlin data protection officer and did not accept criticism that data protection is a hindrance to innovation.

"Data protection is a guarantee of trust. It can even be a competitive advantage," said Specht-Riemenschneider. "What hinders innovation is legal uncertainty in the market. And this also stems from a proliferation of digital legislation."

She said that digital legislation in Europe must be better coordinated, with clear rules including for data protection.

Authorities in South Korea, Italy, Taiwan and Australia have already taken action against DeepSeek.

[...]

Bitwarden is positioning itself at the forefront of secure credential management and Agentic AI. By introducing its Model Context Protocol (MCP) server, Bitwarden provides the infrastructure for secure AI agent integration with password management.

cross-posted from: https://lemmy.sdf.org/post/38321143

TikTok was fined 530 million euros ($620 million) in May by the Data Protection Commission over European data transfers to China, though the Chinese social media giant had insisted this data was only accessed remotely.

The DPC on Thursday said it had been informed by TikTok in April that "limited EEA user data had in fact been stored on servers in China," contrary to evidence presented by the company.

The regulator said it had expressed "deep concern" in its previous investigation that "TikTok had submitted inaccurate information".

[...]

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

cross-posted from: https://lemmy.world/post/32238479

privacy issue log into multiple google account in thunderbird

What information I might leak to google server if I issue log into multiple google account in thunderbird? ip of course but what else might be collected? It would be really great if someone could clarify whether the information below will be send to google when using their email service even through Thunderbird

• device name
• device model
• ...

My main concern is that google will be able to know that I have logged into the same device with different accounts.

In addition, I plan to use VPN when using one google account but not the others. This can be achieved through profiling, but is there an option that I can simply manage all the accounts in one app but without my ip address being collected by several specific email service provider corresponding to several specific email?

thanks a lot!

cross-posted from: https://lemmy.world/post/32191588

Should I enable WIFI scanning / Bluetooth scanning / Network Location under setting->location->location services?

Which one would help me navigate inside a building or underground using open source maps?

I haven't tested yet, does google map requires any of those location services enabled to work? Should I just use google map in vanadium?

thanks a lot

cross-posted from: https://lemmy.world/post/32187260

Just a heads up for those who are using GrapheneOS. If you log into 2 (google or other) accounts on an installed app even on different profile, the service provider will still be able to link between your 2 accounts using MediaDRM. (Google will still know that both of the 2 accounts have been logged in on the same device)

More info:

• https://discuss.grapheneos.org/d/18315-how-can-an-app-identify-that-it-was-reinstalled-on-the-same-device
• https://discuss.grapheneos.org/d/9023-mediadrm-identifier

Denmark plans to become the first country in the world to give its citizens copyright over their faces and voices in an effort to clamp down on “deepfakes” — videos, audio clips and images that are digitally doctored to spread false information.

Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple’s App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad tracking and targeting.

It was a fortuitous coincidence.

Psylo for iOS and iPadOS was created by Mysk, a Canada-based app biz run by software developers and security researchers Talal Haj Bakry and Tommy Mysk.

“Psylo stands out as it is the only WebKit-based iOS browser that truly isolates tabs,” Tommy Mysk told The Register. "It’s not only about separate storage and cookies. Psylo goes beyond that.

“This is why we call tabs ‘silos.’ It applies unique anti-fingerprinting measures per silo, such as canvas randomization. This way two Psylo tabs opening the same website would appear as though they originated on two different devices to the opened website.”

cross-posted from: https://lemmy.world/post/31889457

Please see the cross-post as it is updated.

Could Windows and installed apps upload all my personal files?

Dear all

I have deleted Onedrive and disabled File system access in Privacy.

1. I would like to know, which other ways that my personal files could be uploaded in a non-malicious non-hacker way?
2. Just by using Windows, Microsoft could upload all my personal files to themselves if they would?
3. Does every installed App / software have full access to my whole drive? How can I found out, how much access it has?

Thank you for your interest and reply

Best regards

@Rikudou_Sage@lemmy.world

Yes, every application has access to everything. The only exception are those weird apps that use the universal framework or whatever that thing is called, those need to ask for permissions. But most of the apps on your PC have full access to everything.

And Windows does collect and upload a lot of personal information and they could easily upload everything on your system. The same of course applies for the apps as well, they have access to everything except privileged folders (those usually don’t contain your personal data, but system files).

cross-posted from: https://lemmy.world/post/31889457

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31887590

Please see the cross-post as it is updated.

What is the difference between Chameleon and JShelter?

• Chameleon – Get this Extension for 🦊 Firefox Android (en-US)
  • Chameleon is a WebExtension port of the popular Firefox addon Random Agent Spoofer.
• JShelter – Get this Extension for 🦊 Firefox Android (en-US)
  • JShelter is a browser extension to give back control over what your browser is doing. A JavaScript-enabled web page can access much of the browser's functionality, with little control over this process available to the user: malicious websites can uniquely identify you through fingerprinting and use other tactics for tracking your activity. JShelter aims to improve the privacy and security of your web browsing.
  • Like a firewall that controls network connections, JShelter controls the APIs provided by the browser, restricting the data that they gather and send out to websites. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the precision of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system or hardware.

JShelter seems to spoof info by controls the APIs provided by the browser? and Chameleon spoofs user agent and many other information.

To me both seems to serves the same purpose of spoofing. Is Chameleon spoofing without interfering with js and JShelter spoofing with interfering with js the main difference between them? In addition JShelter seems to be able to block malicious js

How JShelter and Chameleon achieves spoofing differently?

cross-posted from: https://lemmy.world/post/31887590

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.world/post/31789847

Browser Timezone & Privacy Concerns

How can I hide my "timezone" from sniffing sites?

From my understanding, websites can access both the timezone of my browser (without using javascript) and the timezone of my local machine (using javascript). my question being

• If a website has access to my local machine's timezone, does it mean it has access to other information on/about my local machine?
• According to Privacy - How can I hide my "timezone" from sniffing sites? - Super User, we must disable JavaScript to block timezone access. However disabling javascript is not really feasible as it breaks most of websites. Is there a workaround that allows us to block JavaScript from running specific commands?
• Maybe my understanding of JavaScript is incorrect, but if a website has the privilege of running any program on my computer through the web browser, it can retrieve all the information it needs. If I don't disable JavaScript while using the browser, I don't see the point in resisting fingerprinting, like spoofing my device info.

appreciate any help!

Please see the cross-post as it is updated.

cross-posted from: https://lemmy.sdf.org/post/37068051

Archived

Pros:

• Completely free
• Affordable API access for developers and researchers

Cons:

• Doesn’t keep your data safe
• Occasionally incorrect
• No deep research, image generation, or voice mode features
• Slow responses
• Obvious censorship

TL;DR: Mozilla is now enforcing data collection as a pre-requisite to access new features in Firefox Labs. This is backed by the Terms of Use that Mozilla introduced a few months ago.

Hello,

Im not terribly adept at this, but I got yt.dlp working. There is one age gated video Ive been wanting to watch. I tried inputing the credentials for a verified youtube account, and I got an error message with

"log in with password is not supported for youtube." Then listed error 7271, could not copy chrome cookie data, which I thought was weird, because I dont have chrome and was not using it as the browser.

Am I missing something? Or is this functionality no longer available, at least for the time being?

cross-posted from: https://lemm.ee/post/67010658

Somewhat buried source that Newsweek is using: https://istories.media/en/stories/2025/06/10/telegram-fsb/

Law enforcement’s ability to track and profile political protestors has become increasingly multifaceted and technology driven. In this edition of Incognito Mode WIRED Senior Editor, Security & Investigations Andrew Couts and WIRED Senior Writer Lily Hay Newman discuss the technologies used by law enforcement that put citizens' privacy at risk—and how to avoid them.

Hello, I want to use a PGP key with my Proton mail account.

I was wondering how using PGP works exactly. Does it encrypt the whole email message? Or is it only a signature to prove it's origin?

How does it affect recipients if they don't have my public key? Or how do I share that key securely?

cross-posted from: https://lemmy.sdf.org/post/36376926

Archived

On June 4, during a meeting with government officials, Vladimir Putin stated that all public services must be moved to the national messenger app called Max. According to Minister of Digital Development Maksut Shadayev, the multiplatform system is already operational.

[...]

The Max app — a Russian equivalent of China’s WeChat — was unveiled by the tech giant VK in late March. At present, it features a messenger, a chatbot builder, a payment system, and mini-apps. On June 5, VTB’s digital bank launched on the platform.

To register, a Belarusian or Russian SIM card is required — which, as The Insider noted, foreigners can no longer obtain without submitting biometric data.

As stated in the Max app’s privacy policy, the platform will collect data on:

• user devices
• IP address
• operating system
• browser
• location
• internet provider
• contacts from the address book
• all user activity within the service
• information obtained through the camera or microphone, if the user grants the app access (most users will, for example, in order to record voice messages)

Other messaging apps collect such data as well, but there's a catch. The Max app's privacy policy explicitly states that it may share this data with the “company's partners” as well as with “any government or local authority.”

[...]

crosspostato da: https://lemmy.sdf.org/post/36247127

Archived

A newly emerged threat actor, going by the alias “Often9,” has posted on a prominent cybercrime and database trading forum, claiming to possess 428 million unique TikTok user records. The post is titled “TikTok 2025 Breach – 428M Unique Lines.”

The seller’s post, which appeared on the forum [on May 29, 2025], promises a dataset containing detailed user information such as:

• Email addresses
• Mobile phone numbers
• Biography, avatar URLs, and profile links
• TikTok user IDs, usernames, and nicknames
• Account flags like private_account, secret, verified, and ttSeller status.
• Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts.

[...]