Sidebar
Privacy
President Maduro of Venezuela denounces WhatsApp as a spying system Venezuelan President Nicolás Maduro has accused WhatsApp of operating as a spying tool and urged citizens to switch to alternative messaging apps such as Telegram and WeChat. Speaking at a meeting in Miraflores Presidential Palace in Caracas, the president asserted, "WhatsApp provided its list of Venezuelan users to Colombian drug traffickers, who then conducted months of espionage."
www.privacyguides.org
After [almost 2 years](https://github.com/privacyguides/privacyguides.org/issues/1899), Privacy Guides has added a new [Hardware Recommendations](https://www.privacyguides.org/en/basics/hardware/) section to their website. Thanks to [Daniel Nathan Gray](https://github.com/dngray) and [others](https://github.com/privacyguides/privacyguides.org/pull/2268) for implementing this new hardware guide
www.buskill.in
We're happy to announce that [BusKill is presenting at DEF CON 32](https://www.buskill.in/defcon32/). **What: Open Hardware Design for BusKill Cord When: 2024-08-10 12:00 - 13:45 Where: W303 – Third Floor – LVCC West Hall** | [](https://www.buskill.in/defcon32/) | |:--:| | [BusKill is presenting at DEF CON 32](https://www.buskill.in/defcon32/) | via [@Goldfishlaser@lemmy.ml](https://lemmy.ml/u/Goldfishlaser) # What is BusKill? BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer. | [](https://www.buskill.in/#demo) | |:--:| | *Watch the [BusKill Explainer Video](https://www.buskill.in/#demo) for more info [youtube.com/v/qPwyoD_cQR4](https://www.youtube.com/v/qPwyoD_cQR4)* | If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device. # What is DEF CON? DEF CON is a yearly hacker conference in Las Vegas, USA. | [](https://www.buskill.in/defcon32/) | |:--:| | *Watch the [DEF CON Documentary](https://www.youtube.com/watch?v=3ctQOmjQyYg) for more info [youtube.com/watch?v=3ctQOmjQyYg](https://www.youtube.com/watch?v=3ctQOmjQyYg)* | # What is BusKill presenting at DEF CON? I ([goldfishlaser](https://github.com/goldfishlaser)) will be presenting **Open Hardware Design for BusKill Cord** in a Demo Lab at DEF CON 32. **What: Open Hardware Design for BusKill Cord When: Sat Aug 10 12PM – 1:45PM Where: W303 – Third Floor – LVCC West Hall** Who: Melanie Allen ([goldfishlaser](https://github.com/goldfishlaser)) [More info](https://forum.defcon.org/node/249627) ## Talk Description BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need: 1. a usb-a extension cord, 2. a usb hard drive capable of being attached to a carabiner, 3. a carabiner, 4. the plastic pieces in this file, 5. a usb female port, 6. a usb male, 7. 4 magnets, 8. 4 pogo pins, 9. 4 pogo receptors, 10. wire, 11. 8 screws, 12. and BusKill software. | [](https://www.buskill.in/defcon32/) | |:--:| | Golden DIY BusKill Print | Full BOM, glossary, and assembly instructions are included in the [github repository](https://github.com/BusKill/usb-a-magnetic-breakaway). The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time. ## Meet Me @ DEF CON If you'd like to find me and chat, I'm also planning to attend: - ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 \| 236), - Hacker Kareoke (Friday and Sat 20:00-21:00 \| 222), - Goth Night (Friday: 21:00 – 02:00 \| 322-324), - QueerCon Mixer (Saturday: 16:00-18:00 \| Chillout 2), - EFF Trivia (Saturday: 17:30-21:30 \| 307-308), and - Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 \| 325-327) I hope to print many fun trinkets for my new friends, including some BusKill keychains. | [](https://www.buskill.in/defcon32/) | |:--:| | Come to my presentation @ DEF CON for some free BusKill swag | By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.
bearblog.dev
Dear comrades, Recently I got more into online privacy – due to my direct and indirect environment –, this is also why I created a new account that is harder to be traced back to me. I was wondering I you have any advise of a two-factor authenticator that I could use that is safe and Linux friendly – especially on Tails –. I already tried looking for one online, like in the surveillance self-defense guide, but couldn’t find one in which I’m 100% confident. It would also be nice if this program/the key is able to be backed-up to my other tails usb-sticks with the persistent back-up feature. Of course I already have one on my phone but don’t want to use this one because it would be easier to trace this account back to me. Hope you guys have some good alternatives. Edit: grammar
This article will describe how lemmy instance admins can [purge images from pict-rs](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/). | [](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/) | |:--:| | [Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/) | This is (also) a horror story about accidentally [uploading very sensitive data](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/) to Lemmy, and the (surprisingly) difficult task of deleting it.
The privacy policy website is not working . So I cannot find out from it.
I want to be able to create an account without providing an email
I cannot figure out how to set it up for the life of me.
It is an open-source project that doesn't have any ads and works only on donations. Also, it doesn't log IP addresses or searchers. https://searx.tiekoetter.com/
What countries do you think would be less likely to disclose your private data? I was thinking of either Switzerland or Belarus. But here's some things to consider: - Don't assume that just because countries have bad relations that they won't share private information with each other. For example, in 2021 the Mayor of Lisbon disclosed personal information of Russian immigrants in Portugal with the Russian government. This was an act of incompetence which resulted in a 1.2M€ fine. But the damage was done. - Even if there are laws in place, the hosting company might have sloppy procedures in place and disclose your private information. - The country should also not be the target of heavy sanctions because you might get in trouble for trying to do business with them. So which countries do you recommend?
I followed [@TheAnonymouseJoker@lemmy.ml](https://lemmy.ml/u/TheAnonymouseJoker)'s rootless android privacy guide. It's been good so far, but I'm considering rooting my phone so I can do more with it. However, there aren't any OSes like lineage or calyx that work with my phone (oneplus 11). Are there any risks or benefits I need to consider when deciding if rooting my phone is a good decision?
It is 1.85 dollars a month if one pays for 3 years. I am looking into ways of saving money so I was thinking into switching. However, I am a bit worried since 3 years ago I did the same with Nord VPN and it is sooo buggy. It rarely ever works for me. I had to switch to ProtonVPN after paying for 3 years for Nord 💀.
The incident happened in november 2022 and I received an email update just now. If you have an account with Hamachi, they've reset your password and you should change it. Because I switched to Firefox's password manager... I don't have to do anything. For the first time in my life a notification of hacking doesn't have to be a bother. In 2021, I wrote on lemmygrad that Albion Online's forums were hacked and I received an email that my password was hacked. This prompted me to finally switch to a password manager and just let it generate strong unique passwords for every application I use. It also auto-fills them in. This means even if the hackers get my password (if they manage to decrypt it over the hash and salt), I don't care. It's not gonna lead them to anywhere else. It's already been reset too so it's not even good for my Hamachi account.
Hello, I have just found this community and am really lacking in the privacy aspect (I'm a glorified farmer by trade). I own the cheapest smartphone that I could buy and it has worked beautifully for the past two years or so... until recently. It's slowed down dramatically and screws up everything. I suspect this is the corporate method of motivating one to get a new phone. I'm also reading up on the info post on how to make a discrete email. What phone would be best to buy so that I'm am minimally under the corporate money-extraction machine? Any info is appreciated as I'm a total noob.
As usual, never assume any technology or service is "private"/"secret" and rely on it as your sole protection. Also, all online communications can have metadata collected
www.itnews.com.au
remains unclear how the anti-encryption laws were used. they appear to have extra-territorial applications. but as always, assume it is possible that your encrypted chat service could be compromized in some way
Your data is stored in what we call databases. They're similar to Excel sheets, with one sheet holding for example login data, another holding your comments, etc. Today, any web developer worth their salt will implement steps to help protect your data from unauthorized eyes -- even themselves. That means your login info ought to be encrypted, salted, and hashed. I couldn't tell you much more about what this means exactly but essentially, it makes it so even if someone gets access to the database that holds your password, they'll just see a jumbled mess of letters that may take *years* to decrypt. That means if your login info is "AnimeFan111", email is "animeiskewl@gmail.com" and password is "Hunter2", they'll just see stuff like "asddgjb21312nvsj" instead. > **You yourself are not very interesting to hackers.** > > What's interesting is getting access to thousands of logins at once, and you may very well be on it. The way hackers operate today is by getting access to these databases through some vulnerability. That's why it's important to keep your site up to date if you use any databases or PHP. I made a post on this community about Albion Online *forums* (not the website nor the game, just the forums!) being hacked. They've since patched the vulnerability but, too little too late. > **Don't assume only high-profile websites will be hacked!** > > The more interesting websites to hack are those with little security, that won't even notice they were hacked. What matters is getting the dump so that you can then access the actual payload sites (Amazon, Google, etc). Once the hacker has access to the database, they just need to download it (probably to an actual Excel file). They now have thousands upon thousands of logins ready to go, albeit encrypted. I mentioned that decryption can take years. It can also take mere hours if the hackers have enough computer power and if the encryption standard is low, or your password is not particularly secure. It also depends what info exactly is encrypted. If it's just the passwords, then they still have access to your email. > **What makes a password secure?** > > Prefer length over complexity. A character is encoded on a bit, and the more bits you have to decrypt, the longer it will take. Instead of complex characters like +/* interwoven with numbers, try a very long sentence that you can remember. This information is worth some money, and it will be sold on the web. You can buy, for 50 bucks, a dump of tens of thousands of encrypted login data, or even credit card data. Decrypted info is worth much more obviously. Moreover, this means it's not just the one lone hacker working at decrypting your password. It's a team of buyers, and sometimes teams of hackers all together. Once you know your info has been leaked, assume that it's been decrypted. This is how haveibeenpwned.com knows that your email appears in "dumps", a term to describe the file of thousands of logins I mentioned earlier. You can even access some of these dumps in plain text on the clear web, and it's quite a shock to see your password next to your email in plain text for the world to see. Once that info is in clear text and decrypted, it can be resold or used. It's really simple: the latter is a much bigger crime than the former (and much more high-profile), so usually the group that leaked your data just sells it and stops there. Other people, potentially dozens, will then buy that dump and try it out. At this point, they would be better off using automated programs to try your logins on hundreds of websites. It doesn't matter which, it just matters that they can find something more substantial. The point of hacking the Albion Online forums (not even the game, the two are separate) was not to steal gold coins on the accounts, it was to resell that data for a quick buck. And the point of buying Albion Online logins was, again, not to steal your characters, but to find your credit card info on other, more secure websites. Where do you have your credit card info registered? On Amazon, GOG, Steam, maybe even your local pharmacy that opened up an online shop. With the logins in hand, I can make a program (or buy one) that automatically tries out the combinations on websites, one after the other. If I get access to your Amazon account, I can get stuff delivered to a PO box or a pick-up location. If I get access to your Steam account, and you've linked your paypal account, I can see which email you use on Paypal and possibly compare that to my other dumps. To be honest these hackers are more interested in quick gains, they have thousands of logins to check on thousands of websites, they don't have time to be tracking down your logins. After that, your credit card info travels in two ways. Either the hackers use it themselves, or they put it in a dump and resell it (50 bucks for a few hundred numbers). Again because one is a worse crime than the other. Let's recap the process. A random website you haven't used for several years and didn't even remember (looking at you Albion) announces they were hacked. The hackers made out with thousands of hashed login info. They decrypt what they can, and sell that on the web. Buyers use those files to try and connect to your accounts on other websites where there is juicier info, like Amazon, Paypal, Google. They extract your credit card information if they can, put that in a dump of their own, and sell it. Then a third buyer purchases your credit card number, and they are free to use it any way they want. > **If you've been hacked like this, look up irregular transactions on your banking software.** > > Criminals will also sometimes make a small purchase of 1 or 2 dollars with your credit card to confirm that it works, before moving on to the really dangerous sums. Typically, credit card info on any serious website will be secured differently. I'm not sure exactly what developers do, but typically even if you get access to the account the legit way (logging in), you can't just get the credit card info in plain text. **IF** the website is doing things properly. That's also why I don't recommend saving your payment info on websites but it's not entirely safe either. It's safe from *this type* of access, but it's not safe from a man-in-the-middle attack, for example. Whenever you use your credit card to buy something online, that transaction has to be transit and be stored somewhere. ### So what can you do? If you know you're going to be using a service sparingly, consider registering it to a burner email with a randomly-generated password. Since we have so many logins to remember these days, I recommend using the password manager of your choice (but contrary to popular belief, open-source software is actually more secure, so opt for that). Enable two-factor authentication whenever possible (2FA). This will send a code to your email or phone that you need to input to finalize logging in. And don't assume your data is safe just because there's a lot of security or, conversely, because you're using an obscure website. As we've seen what's interesting is getting that data for resale and to get more juicy info down the line. Even a website like Lemmygrad (though most people probably don't have an email attached) can be hacked for this reason.
Albion Online is an online game and their forums were recently hacked, as per an email they sent out to affected accounts. Hackers made out with hashed passwords and plain emails. Evidently they managed to decrypt the passwords, because I've had a couple of connection attempts on other websites. Thankfully this time it was my old email address that I practically never use (and that has been in at least 10 dumps over the years lol), and it seems nobody has been able to access the email itself. I have now enabled 2FA on everything I can (also I hope Lemmy will offer an open-source 2FA option down the line!). Protect your logins; all it takes is one hack on a badly-protected website to put everything at risk. There's no miracle to do that. Use unique passwords (Firefox now offers to create and manage your passwords and sync them across devices), enable 2FA when you can, and if possible replace your email addresses on your accounts once they've been compromised. You can check https://haveibeenpwned.com/ or register on [Firefox Monitor](https://monitor.firefox.com/user/dashboard) to get emails when your data is compromised (uses haveibeenpwned data). What grinds my gears with this mostly is you sometimes have to create an account on some obscure website that you know you're never going to use again (maybe an online shop that requires you to make an account). You don't know how they protect their database. In this case you can use a burner email and a unique password, but you never know if they take security seriously anyway. Maybe they've been hacked already and never said because they wouldn't even know. And with major email providers all requiring a unique phone number now, you can't even make burner accounts on their service.
I figure it's absolutely impossible to get away from Google and Facebook. Even if you don't have an account with them, they track you on virtue of other sites using their APIs. And if you have a smartphone, you'll be tracked by either Apple or Google. But for trash emails, I just use mailinator.com. You just type any email in it and it takes you to a read-only mailbox. Great when you register on shady sites, or sites you're not sure you can trust. On Firefox, I use Disconnect and uBlock Origin - one to block trackers, the other to stop ads. Both of those, last I knew at least, are open-source. A must to know how exactly your data is being used. Otherwise that's about it for me. I use thunderbird for my email, and I wish they would update it for 2020 lol. It's still stuck in 2008, but it works so eh. I recently started using 2FA on my logins, five years too late lol. It's still not implemented everywhere despite there being open source APIs for this. But Firefox recently introduced Lockwise, which is an upgrade on their password manager. Now, whenever you register to a website, you can click to use a unique, randomly generate password. It will be saved in their manager (which you can protect with a master password) and if you connect to a Firefox account, you can share your logins with your other devices. That means I have my passwords on my phone if I ever need to login on another website and I don't remember the PW.