Depending on where you're based, you'll find PayPal's new data-sharing option under a different name. Remember, you may not see this at all if you're based in a country that doesn't allow it.

If you're in the US, you should head to your profile Settings and tap on Data & privacy. Under Manage shared info, click on Personalized shopping. You should see the option enabled by default. Toggle off the button at the right to opt-out.

If you are in the UK like me, you'll see something different after you head to your profile Settings and tap on Data & privacy.

Under Manage your privacy settings, here you'll see an Interest-based marketing tab – click on it. At this point, two options will appear: Interest-based marketing on PayPal and Internet-based marketing on your accounts. You have to tap on each of these and toggle off the button at the right to opt-out. These instructions can also apply if you're based in the EU.

@privacyguides collaborators, it’s time to review the recommendation of Firefox as a good browser option…

From: @sarahjamielewis
https://mastodon.social/@sarahjamielewis/113245689258934184

cross-posted from: https://lemmy.zip/post/23512234

A new Federal Trade Commission (FTC) report confirms what EFF has been warning about for years: tech giants are widely harvesting and sharing your personal information to fuel their online behavioral advertising businesses.

Report: https://www.ftc.gov/news-events/news/press-releases/2024/09/ftc-staff-report-finds-large-social-media-video-streaming-companies-have-engaged-vast-surveillance

Tails will be incorporated “into the Tor Project’s structure,” which will allow for “easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats,” according to a blog post published today by the Tor Project

LinkedIn users in the U.S. — but not the EU, EEA, or Switzerland, likely due to those regions’ data privacy rules — have an opt-out toggle in their settings screen disclosing that LinkedIn scrapes personal data to train “content creation AI models.” The toggle isn’t new. But, as first reported by 404 Media, LinkedIn initially didn’t refresh its privacy policy to reflect the data use.

The terms of service have now been updated, but ordinarily that occurs well before a big change like using user data for a new purpose like this. The idea is it gives users an option to make account changes or leave the platform if they don’t like the changes. Not this time, it seems.

To opt out of LinkedIn’s data scraping, head to the “Data Privacy” section of the LinkedIn settings menu on desktop, click “Data for Generative AI improvement,” then toggle off the “Use my data for training content creation AI models” option. You can also attempt to opt out more comprehensively via this form, but LinkedIn notes that any opt-out won’t affect training that’s already taken place.

The nonprofit Open Rights Group (ORG) has called on the Information Commissioner’s Office (ICO), the U.K.’s independent regulator for data protection rights, to investigate LinkedIn and other social networks that train on user data by default.

“LinkedIn is the latest social media company found to be processing our data without asking for consent,” Mariano delli Santi, ORG’s legal and policy officer, said in a statement. “The opt-out model proves once again to be wholly inadequate to protect our rights: the public cannot be expected to monitor and chase every single online company that decides to use our data to train AI. Opt-in consent isn’t only legally mandated, but a common-sense requirement.”

This is straightforward with browser addons like uBlock Origin where you can add and choose blocklists, but I did searches for doing so system wide and using a VPN but didn’t find clear answers. I could use a DNS service that provides blocklists but isn’t it best practice to leave DNS to the VPN provider? I looked up blocklists and VPNs but didn’t find relevant results.

On Android, I didn’t find any apps that let you filter blocklists and using your own VPN other than Rethink, but the blocklists feature requires using Rethink’s DNS.

So what’s the best way to filter ads and trackers on both 3rd party apps and on OS’s like Android (specific Samsung phones) while still using a VPN?

I've had a Galaxy S22+ for 2 years and still want to use it. When I look up how to maximize privacy on Android, many results say to install custom ROMs which I can't since its a US model and the bootloader is locked. I just want to minimize tracking and sharing of personal information. I could use a firewall app like RethinkDNS to block trackers, but could I completely block tracking from Google and Samsung? Are there any lists of packages to uninstall to improve privacy? (I've used ADB to remove a bunch of bloatware. Ex: pm uninstall -k --user 0 com.samsung.android.arzone)

Hi, my wife decided to create a new email for our newborn daughter which my wife would use to send updates to our relatives about what is going on in our daughter life. My wife is using gmail, I do use proton. She has created a new gmail account but I have asked her to reconsider and to create a new account on proton privacy wise. What arguments would you use for my case? Thanks.

A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again.

publication croisée depuis : https://lemmy.pierre-couy.fr/post/653426

This is a guide I wrote for Immich's documentation. It features some Immich specific parts, but should be quite easy to adapt to other use cases.

It is also possible (and not technically hard) to self-host a protomaps release, but this would require 100GB+ of disk space (which I can't spare right now). The main advantages of this guide over hosting a full tile server are :

• it's a single nginx config file to deploy
• it saves you some storage space since you're only hosting tiles you've previously viewed. You can also tweak the maximum cache size to your needs
• it is easy to configure a trade-off between map freshness and privacy by tweaking the cache expiration delay

If you try to follow it, please send me some feedback on the content and the wording, so I can improve it

For Android users seeking a privacy-focused browser, Privacy Guides recommends Mull:

Mull is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references.

Mull enables many features upstreamed by the Tor uplift project using preferences from Arkenfox. Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.

cross-posted from: https://links.hackliberty.org/post/2496422

This survey was conducted among 5,101 U.S. adults from May 15 to 21, 2023

% say they are concerned about how ... use(s) the data they collect about them

• Companies: 81%
• The government: 71%

% say they have little to no understanding about what ... do(es) with the data they collect about them

• Companies: 67%
• The government: 77%

% say they have very little or no trust at all that leaders of social media companies will

• Publicly admit mistakes and take responsibility when they misuse or compromises users' personal data: 77%
• Not sell users' personal data to others without their consent: 76%
• Be held accountable by the government if they misuse or compromise users' personal data: 71%

% say that as companies use AI to collect and analyze personal information, this information will be used in ways that ...

• People would not be comfortable with: 81%
• Were not originally intended: 80%
• Could make people's lives easier: 62%

% say that when they think about managing their privacy online, they ...

• Trust themselves to make the right decisions about their personal information: 78%
• Feel skeptical that anything they do will make much difference: 61%
• Feel overwhelmed by figuring out what they need to do: 37%
• Feel privacy is not that big of a deal to them: 29%
• Are confident those who have access to their personal information will do what is right: 21%

% say they ... agree to online privacy policies right away, without reading what the policies say

• Always, almost always or often: 56%
• Sometimes: 22%
• Rarely or never: 18%
• No answer: 4%

Please read the report for a more in-depth look at the data and analysis!

Just wondered how others promote threat awareness for friends, family, co-workers, and clients.

Every few weeks I email a half dozen employees & family members explaining one or other phishing attempt I've seen, just to keep it in peoples minds.

I heard someone else talking about a kind of email pen-testing service you can sign up for and they send scammy emails to see if the recipient falls for it. Seems like a great idea but only viable for me if it's very cheap.

I could link to something on privacyguides.org in my email footer but I think that's just virtue signalling more than anything actually useful.

The spies in your home: How WiFi companies monitor your private life

https://proton.me/blog/wifi-surveillance

@privacyguides

More info: https://github.com/abrahamjuliot/creepjs

cross-posted from: https://lemmy.ca/post/26747543

The post is in the link, the article with more background info is here (it cites the mastodon post): https://www.androidauthority.com/custom-roms-vs-google-3469378/

I originally saw the article on this post on !android@lemdro.id and went looking for links.

Like when I read 3 Billion National Public Data Records with SSNs, Addresses Dumped Online, am I supposed to access that data dump or something to see if I got pwned? Are there equivalents to haveibeenpwned.com for this type of stuff? Any guides on what to do when these happen? I feel like I'm doomscrolling or watching the news, and feeling depressed about the world as a result because I should be doing something but I can't or it seems like I can't.

Even though I know better than to put such personal info online, but that doesn't eliminate the odds of them getting into breaches like these, and having started to be careful about digital privacy has opened my eyes to the sad state of privacy.

repeated media reports of Google’s disregard for the privacy of the general public led to a push for open source, community driven alternatives to Google Maps. The biggest contender, now used by Google’s direct competitors and open source projects alike is OpenStreetMap.

1. OsmAnd

OsmAnd is a fantastic choice when searching for an alternative to Google Maps. It is available on both Android and iOS devices with both free and paid subscription options. Free accounts have full access to maps and navigation features, but choosing a paid subscription will allow you unlimited map downloads and increases the frequency of updates.

All subscriptions can take advantage of turn-by-turn navigation, route planning, map markers, and all the favorite features you expect from a map and navigation app in 2024. By making the jump to a paid subscription you get some extra features like topo maps, nautical depths, and even point-of-interest data imported from Wikipedia.

2. Organic Maps

Organic Maps is a great choice primarily because they offer support for all features of their iOS and Android apps completely offline. This means if you have an old phone laying around, you can install the app, download the maps you need and presto! You now have an indepth digital map in the palm of your hand without needing to worry about losing or damaging your primary mobile device when exploring the outdoors.

Organic Maps tugs our heartstrings by their commitment to privacy. The app can run entirely without a network connection and comes with no ads, tracking, data collection, and best of all no registration.

3. Locus Maps

Our third, and last recommendation today is Locus Maps. Locus Maps is built by outdoor enthusiasts for the same community. Hiking, biking, and geocaching are all mainstays of the Locus App, alongside standard street map navigation as well.

Locus is available in its complete version for Android, and an early version is available for iOS which is continuing to be worked on. Locus Maps offers navigation, tracking and routes, and also information on points-of-interest you might visit or stumble upon during your adventures.

Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.

In a new malvertising campaign found by Malwarebytes, threat actors created ads that display an advertisement for Google Authenticator when users search for the software in Google search.

What makes the ad more convincing is that it shows 'google.com' and "https://www.google.com" as the click URL, which clearly should not be allowed when a third party creates the advertisement.

We have seen this very effective URL cloaking strategy in past malvertising campaigns, including for KeePass, Arc browser, YouTube, and Amazon. Still, Google continues to fail to detect when these imposter ads are created.

Malwarebytes noted that the advertiser's identity is verified by Google, showing another weakness in the ad platform that threat actors abuse.

When the download is executed, it will launch the DeerStealer information-stealing malware, which steals credentials, cookies, and other information stored in your web browser.

Users looking to download software are recommended to avoid clicking on promoted results on Google Search, use an ad blocker, or bookmark the URLs of software projects they typically use.

Before downloading a file, ensure that the URL you're on corresponds to the project's official domain. Also, always scan downloaded files with an up-to-date AV tool before executing.

Filed in 2022, the Texas lawsuit said that Meta was in violation of a state law that prohibits capturing or selling a resident’s biometric information, such as their face or fingerprint, without their consent.

The company announced in 2021 that it was shutting down its face-recognition system and delete the faceprints of more than 1 billion people amid growing concerns about the technology and its misuse by governments, police and others.

Texas filed a similar lawsuit against Google in 2022. Paxton’s lawsuit says the search giant collected millions of biometric identifiers, including voiceprints and records of face geometry, through its products and services like Google Photos, Google Assistant, and Nest Hub Max. That lawsuit is still pending.

The $1.4 billion is unlikely to make a dent in Meta’s business. The Menlo Park, California-based tech made a profit of $12.37 billion in the first three months of this year, Its revenue was $36.46 billion, an increase of 27% from a year earlier.

I find that I need a security camera for my back yard. Do you folks recommend any particular makes & models? It should avoid the cloud but record locally. I'm somewhat handy with Linux and a RaspberryPi, if that helps.

Thanks!