After all, the privacy of our mind may be the only privacy we have left.

The EU Council has now passed a 4th term without passing its controversial message-scanning proposal. The just-concluded Belgian Presidency failed to broker a deal that would push forward this regulation, which has now been debated in the EU for more than two years.

For all those who have reached out to sign the “Don’t Scan Me” petition, thank you—your voice is being heard. News reports indicate the sponsors of this flawed proposal withdrew it because they couldn’t get a majority of member states to support it.

Now, it’s time to stop attempting to compromise encryption in the name of public safety. EFF has opposed this legislation from the start. Today, we’ve published a statement, along with EU civil society groups, explaining why this flawed proposal should be withdrawn.

The scanning proposal would create “detection orders” that allow for messages, files, and photos from hundreds of millions of users around the world to be compared to government databases of child abuse images. At some points during the debate, EU officials even suggested using AI to scan text conversations and predict who would engage in child abuse. That’s one of the reasons why some opponents have labeled the proposal “chat control.”

There’s scant public support for government file-scanning systems that break encryption. Nor is there support in EU law. People who need secure communications the most—lawyers, journalists, human rights workers, political dissidents, and oppressed minorities—will be the most affected by such invasive systems. Another group harmed would be those whom the EU’s proposal claims to be helping—abused and at-risk children, who need to securely communicate with trusted adults in order to seek help.

The right to have a private conversation, online or offline, is a bedrock human rights principle. When surveillance is used as an investigation technique, it must be targeted and coupled with strong judicial oversight. In the coming EU council presidency, which will be led by Hungary, leaders should drop this flawed message-scanning proposal and focus on law enforcement strategies that respect peoples’ privacy and security.

Further reading:

• EFF and EDRi Coalition Statement on the Future of the CSA Regulation

We’ve said it before: online age verification is incompatible with privacy. Companies responsible for storing or processing sensitive documents like drivers’ licenses are likely to encounter data breaches, potentially exposing not only personal data like users’ government-issued ID, but also information about the sites that they visit.

This threat is not hypothetical. This morning, 404 Media reported that a major identity verification company, AU10TIX, left login credentials exposed online for more than a year, allowing access to this very sensitive user data.

A researcher gained access to the company’s logging platform, “which in turn contained links to data related to specific people who had uploaded their identity documents,” including “the person’s name, date of birth, nationality, identification number, and the type of document uploaded such as a drivers’ license,” as well as images of those identity documents. Platforms reportedly using AU10TIX for identity verification include TikTok and X, formerly Twitter.

Lawmakers pushing forward with dangerous age verifications laws should stop and consider this report. Proposals like the federal Kids Online Safety Act and California’s Assembly Bill 3080 are moving further toward passage, with lawmakers in the House scheduled to vote in a key committee on KOSA this week, and California's Senate Judiciary committee set to discuss AB 3080 next week. Several other laws requiring age verification for accessing “adult” content and social media content have already passed in states across the country. EFF and others are challenging some of these laws in court.

In the final analysis, age verification systems are surveillance systems. Mandating them forces websites to require visitors to submit information such as government-issued identification to companies like AU10TIX. Hacks and data breaches of this sensitive information are not a hypothetical concern; it is simply a matter of when the data will be exposed, as this breach shows.

Data breaches can lead to any number of dangers for users: phishing, blackmail, or identity theft, in addition to the loss of anonymity and privacy. Requiring users to upload government documents—some of the most sensitive user data—will hurt all users.

According to the news report, so far the exposure of user data in the AU10TIX case did not lead to exposure beyond what the researcher showed was possible. If age verification requirements are passed into law, users will likely find themselves forced to share their private information across networks of third-party companies if they want to continue accessing and sharing online content. Within a year, it wouldn’t be strange to have uploaded your ID to a half-dozen different platforms.

No matter how vigilant you are, you cannot control what other companies do with your data. If age verification requirements become law, you’ll have to be lucky every time you are forced to share your private information. Hackers will just have to be lucky once.

cross-posted from: https://discuss.tchncs.de/post/18038249

Are thwre guides, tutorials or similar on how to use Steam more privately?

I'm at a point where I'd like to play certain games, but I dislike that they're exclusively available on consoles and Steam for Desktop. Steam's Privacy Policy and Terms of Service raise concerns about my personal security and privacy. I'm looking for advice on how to improve my privacy while using Steam.

Thank you in advance!

(I will use Steam on Linux)

If you want to join the group, please send me a PM with the reason you want to and your favourite animal.

Does anyone know about the legality of removing the built-in sim cards from your car, specifically in Australia?

I don't intend on using any car smart-features when I get one. For context, I've never owned a car. When I do get one though, I intend to remove the sim card to prevent the car's location from being constantly tracked. All I care about in terms a cars functionality is a radio, a CD drive (Yes, I use CD's), and Bluetooth audio, so I don't think removing the sim card should affect this much, if at all. Any knowledge and advice would be appreciated, thankyou!

Update: What I was referring to is an eSim, which appears not to be in the form of a physical card. Even so, if possible, I would like to disable the functionality of this eSim assuming the car I purchase has one in-built. From my research, I cannot find anything that explicitly forbids disabling or removing Sims.

Hi guys!

Today I use Mullvad VPN on my Pixel 8 but unfortunately Mullvad team didn't enable multihop feature to use on Android app.

Use WireGuard official app and importing wireguard key file is a good approach to have multihop feature enable on Android?

iOS apps that build their own social networks on the back of users’ address books may soon become a thing of the past. In iOS 18, Apple is cracking down on the social apps that ask users’ permission to access their contacts — something social apps often do to connect users with their friends or make suggestions for who to follow. Now, Apple is adding a new two-step permissions pop-up screen that will first ask users to allow or deny access to their contacts, as before, and then, if the user allows access, will allow them to choose which contacts they want to share, if not all.

For those interested in security and privacy, the addition is welcome. As security firm Mysk wrote on X, the change would be “sad news for data harvesting apps…” Others pointed out that this would hopefully prevent apps that ask repeatedly for address book access even after they had been denied. Now users could grant them access but limit which contacts they could actually ingest.

cross-posted from: https://lemmy.zip/post/17061827

Hello let's say you are absolutely forced to join zoom in the future, is there any way at all to have any security, such as an alternate client that can connect? I expect the answer is no besides only connecting in a browser with add ons or in a sandbox etc etc and nothing truly groundbreaking.

cross-posted from: https://lemmy.ca/post/22775470

I'm looking to buy a router for home use, on which I plan to install OpenWRT. After some research, I have come across the TP-LINK Archer AX23, which checks all of the boxes I have:

• [x] Comparatively low price

• [x] Supports WPA3

• [x] Supported by OpenWRT

• [x] Has at least three LAN ports

However, before I and my dad go and buy one, it has to pass the final test: the forums.

Has anyone used this router before? What was your experience? Can I do better, or have I found the best router ever made? Please share your thoughts.

I'm asking for Android specifically, but I'm curious what else is out there.

For example, some apps work without internet but may use it if it's available. I might want to block that without having to turn off wifi, force stopping it, and wiping the cache/data.

Similarly, maybe I only want to use the app over a VPN and want to prevent accidentally opening it without first turning the VPN on.

I have thought about this on and off for quite a few years now, and I was just wondering what people here have done while maintaining account / device security.

I hope people don't mind this rather morbid conversation, but how have people here planned for what will happen with their accounts, computers, self hosted things etc. in the event of their deaths? I am particularly interested in what people have planned for if they are the person in their household who is self hosting things for the household. I'm not in a living situation that allows me to self host much but it is one of the questions I've had for myself when I decide to move in with my significant other and self host more things. I don't think they could manage much of the self hosted stuff and I also don't think they can remember all of the credentials for accounts etc., is the best way of going about it sharing a keepass database or bitwarden account with them?

In regards to my accounts, I am not expecting most of my accounts to transfer, if anything I'd much rather them be deleted (and I have enabled this feature where possible). There are a few however, that I wouldn't mind leaving to someone after my passing. Is there a privacy and security preserving way of setting this up?

I guess I have just been struggling with how to do this, ideally I would want a way for accounts to transfer to someone listed in my will, but I don't think it's a good idea to give ~2-3 people a copy of my keepass databse while I am still living.

I am looking forward to hearing what people's thoughts are on this matter, and I apologize again for such a morbid topic.