Hi all!

Latest version of Konform Browser just dropped and now I come here to share with y'all about what's been cooking.

If you are new to Konform Browser, dev writing and previously posted on Lemmy introducing the project here.

Highlights since last time:

• Latest security fixes from up to most recent Firefox ESR 140.7.1.
• A new welcome screen (pictured) where user can quickly choose between how private vs integrated experience they want, from a locked down "Purely Private" all the way to an unleashed "Just Make It Work" (affectionately referred to as "yolo mode")
  • The "Show detailed information" link leads to a table showing exactly what settings will be impacted by each preset so user can make educated decision and understand impact before choosing.
• Improvements around privacy and fingerprinting. In particular: Closed a significant vector of identity leaks and fingerprinting from unique IDs sent in Origin headers of HTTP requests by addons. This is a previously known issue (1405971) that has been considered wontfix by upstream for 6 years now.
  • To my knowledge, Konform Browser is the only Firefox derivative which protects against this under defaults and improves over status quo in chromium too. Attempts are being made to reach out and see if the patch can also be of interest and benefit for Tor Browser.
  • New user pref network.http.addonOriginBehavior can be tweaked to further change behavior and work around any breaking addons.
  • A future update might change default to 3 (random), which could make browser choice less fingerprintable. The current default is not set in stone and I'd be very curious about what breaks and what doesn't if anyone plays around with this.
• Now also publishing binary packages for easy installation and updates from Alpine Linux and Arch Linux package repos, alongside deb/rpm ones. All builds and releases are produced by Codeberg CI. Building from source is of course still supported.
• Various improvements and fixes for optional features unlocked by "Just Make It Work" preset

There is also now a more official fedi account on Mastodon where an abbreviated version of this post is already shared with a couple of screenshots of the new onboarding: @konform@techhub.social^1^.

As always, installation and build instructions can be found from release notes and doors are open on Codeberg for issue reports and merge requests alike.

https://codeberg.org/konform-browser/source/releases

^1^: Still figuring out how crossposting works or doesn't across the fedis! In case federation clients botcher the link: https://techhub.social/@konform

Cross-post. Original Thread @ https://discuss.tchncs.de/post/54998565?scrollToComments=true

It merely helps you navigate your data package from Discord and craft data deletion requests to send to their privacy team. In cases where their privacy team's policies prohibit deletion, it guides you through automating the remaining tasks yourself.

How this works Discord acts in malicious compliance with the GDPR. You are not allowed to delete your DMs through their support flow, since you can always regain access to a DM, technically speaking, since you are always a member of the DM channel on their backend.

For servers and group DMs you no longer have access to, however, Discord will comply with deletion requests. This tool helps you identify those messages and craft deletion requests for their privacy team.

For 1:1 DMs, Discord will not delete them through the privacy request process. In that case, the risky flow guides you through automating the deletion yourself via browser extensions.

More relevant than ever.

Meta, the parent company for Facebook, Instagram, and WhatsApp, plans to introduce new face scanning tech while people are distracted by current political turbulence. The Trump-adjacent corporation plans to package the feature in new smart glasses. An internal Meta document seen by the New York Times (NYT) says:

We will launch during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns.

The media outlet provides further info on what the tech would allow:

The feature, internally called “Name Tag,” would let wearers of smart glasses identify people and get information about them via Meta’s artificial intelligence assistant.

The cynical internal memo likely references the tumult currently sweeping the US amidst the mass criminality carried out by the brownshirts of Immigration and Customs Enforcement (ICE). Trump’s personal paramilitary goons have been violating laws left and right as they beat and kill their way around the US, under the pretext of an immigration crackdown.

ICE have already made extensive use of face scanning tech. Meta’s glasses would represent another privacy violating move, capturing massive amounts of personal data which may ultimately find its way into the hands of an authoritarian state. Meta has form when it comes to handing over info about customers to governments.

ChatGPT will now predict your age based on how you interact with it

It seems now #openai is doing age estimation too based on this email I received,

After Google who made the "Age signals API" into Android phones, now OpenAI will "predict your age based on how you interact with our services".

No, I don't want #chatgpt to analyze my age, thank you very much, (I always used the privage chat mode anyways, whatever impact it actually has on the data they use), so I will now switch to an alternative that doesn't do that : https://chat.mistral.ai/

Don't misunderstand me, protecting children is a good idea, but if that implies having to be analyzed by an #AI and having your experience change based on that, I'm heavily against it.

Although it's convenient, if it starts analyzing my behaviour as well then I guess it will be a good time to start thinking a bit more on my own and only rely on AI as a last resort solution...

Their article https://help.openai.com/en/articles/12652064-age-prediction-in-chatgpt

@privacy@lemmy.ml @privacy@lemmy.world

#privacy

does anyone know a good workaround for watching age-restricted videos from youtube without being forced to having a google account? i've tried

• a few browser extensions (very old ones) who promised to solve it. didn't work.
• downloading them through classic youtube downloading services. didn't work.
• switching to nsfwyoutube.com/url . didn't work does anyone know of a working solution right now? thanks a lot in advance!!

If you check out Upsolve.org because you are considering bankruptcy due to any sort of reason, there is a tool to help you evaluate whether bankruptcy is appropriate at my.upsolve.org/bankruptcy-screener. (Don't click that before reading more.)

Bankruptcy is a difficult choice. Sometimes people pursue it as a result of medical debt or other extremely personal reasons.

Upsolve.org bills itself as an organization that help the poor. Unlike a lawyer's office, it can help people without charging a lot and unlike a lawyer's office, there is no duty of confidentiality or privilege.

However, someone taking a screening tool might be providing information just to see if bankruptcy is even possible. And Upsolve.org sells or gives this information to Facebook. Even if it's not selling the screener results, just someone landing on this page, combined with IP gives Facebook valuable information.

The user who goes there without their IP protected could later get ads for predatory financial companies to "help" debtors and importantly, this information can be sold to data brokers to determine that the people viewing the site are a credit risk.

For example, if someone gets into a car accident and needs 90,000 worth of medical care over two weeks. They get the bill after the two weeks of medical care. They are going to be unable to work for a while and they are considering bankruptcy. The 90,000 has not gone to collections. This person is technically still employed but will need a lot of time off. They may not even be able to go back to work.

Normally, if this person decided not to declare bankruptcy and to wait 4 months and hopefully go back to work, they might be able to get a loan from a bank. But if Facebook has sold their info (person with this IP identified is a person interested in bankruptcy information) to data brokers, and the bank has access to that information, that loan will be denied.

Real consequences can happen from selling shit like this to Facebook. Worst of all, the Facebook analytics aren't on the main page and instead are hidden in the screener.

Although Upsolve.org probably just wants to target users online with ads about how great its service is, and it's actually a service that can help many save a ton of money, it may be overlooking the privacy risk. I hate seeing scripts like this in pages for things that should be confidential, things like abortion clinics, addiction treatment clinics, financial help pages, and pages related to mental health. All of that fucking info gets monetized the second someone hits the page if there are analytics in the page. It would be one thing if that info only resulted in helpful services being sold, but it also is given to companies building profiles on people which can wind up in the hands of surveillance state government officials, financial industry decision makers, and others that classify people based on browsing habits.

I may be wrong about this and facebook doesn't sell that specific "looking at possible bankruptcy" data to data brokers. I can't be sure. But I wish I didn't have to wonder. And they probably do. And it probably does go to financial institutions somehow, ultimately hurting some people who were merely considering bankruptcy but don't ultimately do it.

cross-posted from: https://piefed.social/c/technology/p/1781732/weapon-of-mass-exposure-how-efficiency-led-to-your-most-private-records-sitting-on-an-u

Original Link: https://youtu.be/nID9gWrUfN4

Materialious is usable on Web, Android (TV too) & Desktop.

It can be used with Invidious or using its own YouTube backend.

Has its own account system with end-to-end encryption for subscriptions.

I lost a bunch of keys today. It sucks and it's gonna cost me a lot of money to replace the locks. I want to to add an airtag-like device to my key ring in the future. However I don't know of any device that works in a similar fashion, either through bluetooth or GPS, that works with Graphene and doesn't require some kind of privacy invading online subscription.

Do you have any advice on privacy respecting alternatives to airtags?

Ring is terminating its partnership with police tech provider Flock Safety, the Amazon-owned company announced Thursday.

The partnership between Flock and Ring came under scrutiny after the Amazon doorbell company ran an ad during the Super Bowl that touted a “Search Party” feature that uses AI to help locate lost pets. When a user initiates the feature, it activates a network of participating Ring cameras, which scan footage for images resembling the missing dog. The Electronic Frontier Foundation called the feature a “surveillance nightmare.”

Flock, meanwhile, operates a network of automated license plate readers, and sells access to that software to customers that include law enforcement agencies.

Ring’s decision to cancel its partnership with Flock comes as tech companies face growing pressure to reexamine their work with federal agencies including Immigration and Customs Enforcement. Earlier this week, Salesforce employees pressed CEO Marc Benioff to cancel “ICE opportunities,” CNBC reported. More than 900 Google employees also asked their company to divest itself from ICE and U.S. Customs and Border Protection.

Nancy Guthrie's kidnapping has led many to question how private their data actually is, as the FBI has managed to recover footage of a suspect from her doorbell camera, despite it being supposedly disabled.

Shared by FBI Director Kash Patel in a post on X, the images and video footage shows a masked individual approach her house, following power being completely disabled.

It shouldn't surprise you to find out that your data is never truly safe or secure if it's being uploaded and shared on the cloud, as while the convenience is certainly handy, it's far from private.

As reported by Tom's Guide, the situation in Guthrie's case is a little more complicated though, as she appeared to have a 2nd Generation Google Nest Doorbell, which is both wireless – so it didn't shut off when the house's power was cut – and it has a small amount of on-device storage.

Following the Wi-Fi connection cutting out at her home, the device then switched to local storage, with three hours of event-based data also captured without a Nest Aware subscription.

This footage was then stored within Google's servers despite being 'deleted' – as things don't actually get removed entirely straight away – allowing officials to recover it from the backend before it was overwritten.

💯

I remember something about Google asking developers for verification in 2027, will this affect GrapheneOS? Is a Pixel phone really worth buying still?

Youtube has added a new "feature" that blocks users with adblockers from viewing videos. How do I get around this while still blocking ads? I currently use uBlock Origin on firefox.

let me save you the hassles of self-hosting nextcloud 😂 however it's a pretty small company so don't be surprised that hosting on their stuff is overpriced. nextcloud has free open servers, this doesn't. then again nextcloud's encryption is more fake than matrix

Google fulfilled an Immigration and Customs Enforcement subpoena that demanded a wide array of personal data on a student activist and journalist, including his credit card and bank account numbers, according to a copy of an ICE subpoena obtained by The Intercept.

Amandla Thomas-Johnson had attended a protest targeting companies that supplied weapons to Israel at a Cornell University job fair in 2024 for all of five minutes, but the action got him banned from campus. When President Donald Trump assumed office and issued a series of executive orders targeting students who protested in support of Palestinians, Thomas-Johnson and his friend Momodou Taal went into hiding.

Google informed Thomas-Johnson via a brief email in April that it had already shared his metadata with the Department of Homeland Security, as The Intercept previously reported. But the full extent of the information the agency sought — including usernames, addresses, itemized list of services, including any IP masking services, telephone or instrument numbers, subscriber numbers or identities, and credit card and bank account numbers — was not previously known.

To my understanding, Signal requires that you have a physical phone to use the desktop version. Is there any way to scan the QR code without a physical device? I'm trying to make an anonymous Signal account.

My idea:

1.) Set up Android VM on Linux laptop

2.) Use laptop camera to scan the QR code on my desktop

Russian authorities have begun restricting access to Telegram, one of the country’s most popular social media apps, as the government continues to push everyday Russians toward its own tightly controlled alternatives to foreign tech platforms.

On Tuesday, the government said it was restricting access to Telegram for the “protection of Russian citizens,” accusing the app of refusing to block content authorities consider “criminal and terrorist.”

Russia’s telecommunications regulator Roskomnadzor said in a statement that it would continue to restrict the operation of the Telegram messenger “until violations of Russian law are eliminated.”

Afternoon, y'all! It's been a week since I took the plunge into Graphene OS. I wanted to present my thoughts as a free flowing dialogue and hopefully encourage others to delve into the joy that is GOS.

So, I started using the web-based installer. I have Debian 13 and Chromium, so I didn't need any extra steps. Unlocking the bootloader was a blast of nostalgia to me. Brought me right back to the days of bouncing between AOKP and CyanMod. The installation process was honestly easier than anything I could have imagined. I booted up into GOS and locked everything back up and I was ready to go.

Beforehand, I had backed up all my app settings, and since I was already using FOSS apps it was relatively painless. I spent the next couple hours installing everything and importing settings. I'm using the fossify apps in place of the standard AOSP apps GOS provides. I have no idea if this will fuck me over, but I'm willing to find out. I ended up losing some SMS messages as the backup file corrupted, but I'm not that brokenhearted about it. But I went to bed at about 02.00 happy with my new phone.

Throughout my daily use, I noticed something peculiar. I was using my phone less and less. Inherently, becoming less reliant over time. It forced me to use my computer increasingly for things such as banking and social media.

Quick side note: I had Instagram installed and sandboxed, but it was killing my battery, so now I just use the website, which is actually kinda nice.

But the thing that stood out to me most was, I was using the phone for it's intended purpose; telecommunications. I chatted with people, answered some e-mails, did some daily games, browsed Lemmy a bit. But my screen time was significantly less. I read more, I'm more intentional about tasks and hobbies. It seems I had signicantly more damage to my brain from doomscrolling, than I had previously thought.

Overall, it made me feel like my phone, was my phone. I've not worried a bit about my privacy, I've been able to live in ease and a lot happier. I also use cash and interact with people more and more, because there's more personal connection in transactions and interactions now. (Why do so many businesses have an app?) I highly recommend it. The joy, the freedom 🇺🇲🦅🍔🛣️🛢️🏈, and the comfort is something I'll never give back. GOS for life, now.

Thank for reading my, probably, incongruent thoughts about GOS. I appreciate this community and the folks around Lemmy for helping and encouraging me. This place has been a nice reprieve from the waking nightmare of the current state of the world. I'm sorry if I didn't get to your comment on my previous post. I didn't expect it to blow up the way it did. I really appreciate it and I'm gonna hang around and see if I can also help and encourage folks.

Peace and cheers, with all my love.