Privacy

On Thursday, a digital rights group, the Electronic Frontier Foundation, published an expansive investigation into AI-generated police reports that the group alleged are, by design, nearly impossible to audit and could make it easier for cops to lie under oath.

Axon's Draft One debuted last summer at a police department in Colorado, instantly raising questions about the feared negative impacts of AI-written police reports on the criminal justice system. The tool relies on a ChatGPT variant to generate police reports based on body camera audio, which cops are then supposed to edit to correct any mistakes, assess the AI outputs for biases, or add key context.

On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver “secure” and “private” messaging without a centralized infrastructure.

The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey’s white paper detailing the app’s protocols and privacy mechanisms, Bitchat’s system design “prioritizes” security.

But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all — by Dorsey’s own admission.

Getting your identity stolen is bad enough. What if it was abused to buy and sell some of the worst content imaginable?

That’s what happened to a man in Ohio, whose name and personal details were used by people who were allegedly trading child sexual abuse material (CSAM), according to a search warrant reviewed by Forbes.

In 2023, when the FBI began looking into a person uploading CSAM to Dropbox, they discovered they’interacting with an individual who’d been selling links to abuse material.

Data from the user’s CashApp showed it’d ostensibly been registered by a 31-year-old from Mississippi. When cops learned the man was also under investigation in Dallas, they decided to search his address.

Doctors who oppose the use of software developed by Palantir in the NHS have “chosen ideology over patient interest”, the UK boss of the tech giant has told MPs.

Louis Mosley appeared in front of the Science, Innovation and Technology Committee on Tuesday as part of its innovation showcase.

While there, he also challenged claims that Palantir has a “reputational difficulty” and said it is “very proud” of the work it does in Israel.

Palantir was co-founded by billionaire tech entrepreneur Peter Thiel, who was an early backer of US President Donald Trump, and has worked with the US government.

It was announced in November 2023 that a group led by Palantir had secured a £330 million contract to provide the NHS Federated Data Platform (FDP).

The shared software system will aim to make it easier for health and care organisations to work together and provide better services to patients, but Palantir’s involvement sparked concerns about how patient data will be used.

Gemini AI needs to be disabled on Android or it will override your privacy settings and gain full access to your texts, calls, and WhatsApp - even if you’ve turned off Gemini Apps Activity.

Google recently started notifying users via email that from July 7th, 2025, its AI model, Gemini, will assist apps on Android like WhatsApp, messages, and phone. Simply put, Gemini will get access to your apps even if you previously turned tracking for Gemini Apps Activity off. Soon the AI tool will be able to run tasks like send WhatsApp messages, set timers, and even make calls – regardless of whether you previously told Google’s Gemini not to track you. We take a look at how you can disable Gemini on Android from accessing your phone’s services, using your data for AI, and how to take back your privacy.

Instagram users have told the BBC of the "extreme stress" of having their accounts banned after being wrongly accused by the platform of breaching its rules on child sexual exploitation.

The BBC has been in touch with three people who were told by parent company Meta that their accounts were being permanently disabled, only to have them reinstated shortly after their cases were highlighted to journalists.

On the internet, it’s easy to feel anonymous. If you don’t log in, no one can see who you are; you can even switch to incognito mode. The more savvy user would say that’s not really enough. To be anonymous, you need to clear your cookies and use a privacy-oriented browser.

But new research shows even that doesn’t work anymore. Websites are still tracking you — silently, persistently, and without your consent — by reading your browser’s unique “fingerprint.”

Analyzed by exodus, island the work profile app have 3 trackers detected

https://reports.exodus-privacy.eu.org/reports/com.oasisfeng.island/latest

Should I be worried?

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

Apple on Monday filed an appeal against the EU’s decision to fine the company €500 million (about $580 million) for not complying with rules that mandate companies to let developers steer users outside the App Store for making purchases, according to multiple reports.

The European Commission issued the fine in April, saying that Apple failed to comply with the Digital Markets Act (DMA) rules to allow developers to accept payments for their apps outside Apple’s ecosystem.

Apple revised its fee structure for app distribution in the EU in late June with a more complicated framework that includes an initial acquisition fee, a store services fee, along with a core technology commission to accommodate alternative payment methods. This move was likely to avoid further fines from the European Commission.

The European Commission and U.K. 's competition regulator have both received legal complaints this week from publishers over Alphabet's new Google AI Overview tool, saying the company is abusing its dominance and is directing traffic away from news websites.

It comes after Google started rolling out its AI Overview feature--where summaries are displayed over Google's blue-linked search results to other websites--last year, first in the U.S., before bringing the service to users in the U.K. in August 2024 and the EU earlier this year.

I made an ephemeral onion chatroom, inspired by Ricochet and OnionShare, just for fun. Anyone wants to try? This app has a clearnet version and tor version as well!

• Clearnet: https://shadowtalk.yuzukateam.io.vn/
• Tor: 74xhglgkx3yq5o5ibiehpfwoq4jxb62323ydzam56fvqbkuo6kd7tcid (hash)
• And it open source!!!:https://github.com/plsgivemeachane/ShadowTalk I really like to get some feedback. Have fun everyone!

I've been looking at the WebCrypto API. When combined with the File system API, it can be used to encrypt and store files on your device storage in what seems to be a pretty secure way.

A webapp has some clear vulnerabilities with the code being served over the web (so you shouldnt be using this for any serious purposes!).

Live demo: https://dim.positive-intentions.com/?path=%2Fstory%2Fusefs--encrypted-demo

Demo code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js

IMPORTANT NOTES TO PREVENT MISLEADING

• this isnt a product. it provided for testing and demo.
• it isnt reviewed or audited.
• the "password encryption" is using a hardcoded password. id like to aim for a passwordless approach for this, but i havent considered it enough to discuss yet :)
• this isnt aimed to replace anything like veracrypt. just to show a comparison.
• this respository represents a webcomponent UI framework. while it holds some ideas i think are interesting, the ui framework seems like its going to be deprecated and i will be refactoring the functionality in favour of React.

I'm wondering if this concept would work...

I love cheese, and sometimes find that websites don't have enough info about cheese. So I'm trying to help Google and GTM know that I have a significant interest in cheese. Only cheese, nothing else.

I want to code an extension in FF or Chrome to use in a VM that looks for a GTM container ID and injects data into that container that sends tags for cheese, cheese products, cheese accessories, charcuterie, etc. And even injects data showing large purchases of cheese. it would replace GTM tags on a site with my custom selection, just to ensure there's no question - we're all about cheese here.

This will save Google time, because otherwise I would have to rely on several weeks or months of searches about cheese. Instead, if every site I visit helps me express an interest in cheese, that would be great!

I would, of course, only use this extension myself, and never share such a thing. In the extension options, I would be able to select tags to share, just in case I end up with a similar interest for pine trees, marshmallows, or tomatoes.

Thoughts? Open to any suggestions here.

I recently realized that I’ve been using some tool a lot: a small web app I built myself to remove EXIF data from images.

United States Customs and Border Protection (CBP) is asking tech companies to pitch digital forensics tools that are designed to process and analyze text messages, pictures, videos, and contacts from seized phones, laptops, and other devices at the United States border, according to documents reviewed by WIRED.

The agency said in a federal registry listing that the tools it’s seeking must have very specific capabilities, such as the ability to find a “hidden language” in a person’s text messages; identify specific objects, “like a red tricycle,” across different videos; access chats in encrypted messaging apps; and “find patterns” in large datasets for “intel generation.” The listing was first posted on June 20 and updated on July 1.

CBP has been using Cellebrite to extract and analyze data from devices since 2008. But the agency said that it wants to “expand” and modernize its digital forensics program. Last year, CBP claims, it did searches on more than 47,000 electronic devices—which is slightly higher than the approximately 41,500 devices it searched in 2023 but a dramatic rise from 2015, when it searched just more than 8,500 devices.

Meta has come out swinging following the European Commission's decision that its pay-or-consent model falls foul of the Digital Markets Act (DMA).

In a post, the company stated: "This decision is both incorrect and unlawful, and we are appealing it." It then cites previous judgments to support its argument that it should be permitted to display personalized ads to users who don't want a paid subscription.

"Meta," it said, "is the only company in Europe unable to offer both a subscription-based and a free ad-supported service. Instead, Meta is required to offer a free, reduced-ad service – less personalized ads – that leads to poorer outcomes for users, advertisers, and platforms."

According to Meta, national courts and data protection authorities, including in France, Denmark, and Germany, have given "consistent support" for "business models that provide a paid subscription alternative to consent for personal data use for personalized ads."

But not the European Commission, which handed down a €200 million ($228 million) fine for the Meta's "consent or pay" ad model in April.

The Committee to Protect Journalists (CPJ) expressed alarm Monday over new directives issued by Israeli authorities ordering international media to obtain prior approval from the military censor before broadcasting news from combat zones or missile impact areas in Israel.

The move represents a significant escalation in efforts to control wartime reporting. CPJ regional director Sara Qudah voiced deep concern over the “escalating efforts to suppress press freedom through censorship and intimidation,” emphasizing that silencing the press “deprives the world of a clear, unfiltered view of the reality unfolding in the region.”

The Union of Journalists in Israel also denounced the move. Opposition leader Yair Lapid criticized the decision, arguing it damages Israeli diplomacy and is unenforceable considering smartphone ubiquity.

cross-posted from: https://lemmy.world/post/32238479

privacy issue log into multiple google account in thunderbird

What information I might leak to google server if I issue log into multiple google account in thunderbird? ip of course but what else might be collected? It would be really great if someone could clarify whether the information below will be send to google when using their email service even through Thunderbird

• device name
• device model
• ...

My main concern is that google will be able to know that I have logged into the same device with different accounts.

In addition, I plan to use VPN when using one google account but not the others. This can be achieved through profiling, but is there an option that I can simply manage all the accounts in one app but without my ip address being collected by several specific email service provider corresponding to several specific email?

thanks a lot!

In the early hours of Thursday morning, after two separate sessions of fierce debate that ran over 20 hours, Mexico's lower chamber of Congress passed two laws opening up personal data to the nation's military-run security force.

The Investigation and Intelligence Law and National Public Security System Law were two main pieces of Mexican President Claudia Sheinbaum's security package unveiled on June 9.

The law allows the creation of a National Information System, another set of registries that security institutions will have access to. The registries include national registry of arrests, criminal incidents, court orders, protective measures for women, girls and boys, and stolen and recovered vehicles. The law stipulates that the National Guard will also have access to the system.

"This new reform strengthens the political arm of the Morena cartel, a political organization that administers violence, profits from death and governs like organized criminals," said Institutional Revolutionary Party Congressman Carlos Gutiérrez Mancilla on Wednesday during a speech at the Congress podium.

Archive : https://archive.is/EbaLM

cross-posted from: https://lemmy.world/post/32194340

Is it a good enough solution for IMEI tracking to use an alternative device to provide a hotspot connection?

This approach appears to protect any new device that hasn't inserted a SIM card from being identified.

But I'm not sure how much information is carried to the second device by using hotspot.

Is this a good solution so far? Should I try to spoof IMEI?

Meta says its new AI feature won't be used for targeted ads, but experts still have concerns. When people upload personal photos or videos—even if they agree to it—it's unclear how long that data is kept or who can see it. Since the processing happens in the cloud, there are risks, especially with things like facial recognition and hidden details such as time or location.

Even if it's not used for ads, this kind of data could still end up in training datasets or be used to build user profiles. It's a bit like handing your photo album to an algorithm that quietly learns your habits, preferences, and patterns over time.

Last month, Meta began to train its AI models using public data shared by adults across its platforms in the European Union after it received approval from the Irish Data Protection Commission (DPC). The company suspended the use of generative AI tools in Brazil in July 2024 in response to privacy concerns raised by the government.