What do you value the most in your devices?
Privacy, Security and/or Freedom?

At #CES2023, the biggest #tech event, we are asking people their thoughts about where they stand when it comes to #privacy, #security and #freedom when it comes to their #laptops, #phones, IoT devices

#ces

Black man wrongfully jailed for a week after face recognition error, report says

Lawyer says #police didn't check man's height, weight—or the mole on his face.

#privacy #surveillance #acab #FTP #AI
arstechnica.com/tech-policy/20…

Black man wrongfully jailed for a week after face recognition error, report says

Lawyer says police didn't check man's height, weight—or the mole on his face.

^{Ars Technica}

I have been watching the Interledger Summit 2022 session recordings incrementally over the last few weeks.

Unexpected delightful surprise was @todd presenting how @purism (the privacy-centric open source laptop and smart phone) stubbed out an entire two-sided app store marketplace based on Interledger and its related in-progress projects.

2023 is going to be breakout year for open payments.

#Interledger #openSource #payments #privacy

youtube.com/live/Whp4RfW3K_U?f…

Interledger (ILP) Summit 2022 - Day 1

Welcome to Day 1 of the 2022 Interledger (ILP) Summit!The Interledger Summit 2022 showcased and celebrated our vital work in the financial inclusion and paym...

^YouTube

People following my account for a while probably noticed me talking about South Korea every now and then. I’ve hinted towards doing some important research, and now the time has finally come for the first disclosures.

But first I need to do a bunch of explaining because most people (my past self from a few months ago included) are largely unfamiliar with the Korean software landscape. See: they have those “security” applications that everyone has to install if they want to use online banking for example.

What could possibly go wrong with applications developed by private vendors without any kind of security vetting and that everyone in a country has to install, whether they like it or not? A lot of course.

In this first blog post I explain how in my limited understanding the current situation came about, show why the companies lack incentive to really invest in security and give you a first slight idea of the disastrous consequences.

No, I’m not exaggerating. The next blog post is scheduled for January 9th, and it will be about a specific application. I submitted seven vulnerability reports for this one. It took a real issue and claimed to have solved it – by making matters considerably worse than they were.

palant.info/2023/01/02/south-k…

#infosec #ApplicationSecurity #privacy #korea

South Korea’s online security dead end

Websites in South Korea often require installation of “security applications.” Not only do these mandatory applications not help security, way too often they introduce issues.

^{Almost Secure}

🔓 Like good neocolonizers, #humanitarian organizations & #nonprofits, like militaries, also collect vast amounts of #biometric & other private information about people with reckless disregard for basic #privacy and #security concepts.

✊🏽 We must hold them accountable for the risks and damages their actions cause: it's unacceptable to allow society to continue this way.

Thanks to #CCC for helping expose the dangerous truth.

#SurevillanceCapitalism #infosec

web.archive.org/web/2022122712…

For Sale on eBay: A Military Database of Fingerprints and Iris Scans

German security researchers studying biometric capture devices popular with the U.S. military got more than they expected for $68 on eBay.

^{Kashmir Hill (The New York Times)}

Google introduces client-side encryption for Gmail - but only for key account customers.

Yet, you'll be happy to know that encryption is available to everyone in Tutanota, not just a chosen few. 😀

#fight4privacy #PrivacyMatters #privacy

tutanota.com/blog/posts/gmail-…

Google introduces client-side encryption for Gmail - but not for you.

Gmail's end-to-end encryption project seemed dead in 2017. Now it's back, but only for key account customers.

^Tutanota

Tutanota: We are kicking off the development of email import!

@Tutanota is on fire 🔥! They're finally working on an email import feature, which will make it easier for people to switch from email providers like #gmail.

#privacy #privacymatters

tutanota.com/blog/posts/kickof…

We are kicking off the development of email import!

Email import is coming to your secure Tutanota mailboxes.

^Tutanota

For anyone who doesn't know, @Framasoft support and fund a whole wide range of decentralized, #FOSS, #privacy respecting tools such as #Peertube ( @peertube ), #Mobilizon (think Facebook Groups for the #Fediverse, @mobilizon ) and more!

They do it all on super low funding, so go throw a few or your local currency at them to help grow the #fedi!

Tutanota: U2F support is now also available on #Android and #iOS

U2F keys are now supported on all @Tutanota clients.

(Tutanota is also an avoidthehack recommended encrypted email provider).

#mfa #2fa #privacy #cybersecurity #infosec #infosecurity

tutanota.com/blog/posts/app-up…

U2F support is now also available on Android and iOS.

Celebrate with us the new release of Tutanota!

^Tutanota

I donated to @thunderbird today to #freetheinbox. Join me in supporting #communication #privacy.

#opensource #donate

give.thunderbird.net

Give to Thunderbird | Give to Thunderbird

I gave to @mozthunderbird today to #freetheinbox. Join me to support communication privacy.

^{Give to Thunderbird}

A leak from the European Data Protection Board reveals that the #EU's top #privacy regulator is about to overrule the Irish Data Protection Commission and declare #Facebook's business model illegal, banning surveillance-based #ads without explicit consent:

noyb.eu/en/noyb-win-personaliz…

1/

STUDY: Privacy Violations Occurred At Least 50% Of The Time When Taking Devices For Repair

#News #Study #tech #privacy #computer #phone #data
arstechnica.com/information-te…

Thinking about taking your computer to the repair shop? Be very afraid

Not surprisingly, female customers bear the brunt of the privacy violations.

^{Ars Technica}

We fight for your digital rights!: „Wenn sie das durchkriegen, ist der Damm gebrochen.“
netzpolitik.org/2022/we-fight-…

#vds #privacy

We fight for your digital rights!: „Wenn sie das durchkriegen, ist der Damm gebrochen.“

Es ist ein Kampf, der schon mehr als ein Jahrzehnt andauert. Constanze Kurz war von Anfang an dabei. Sie ahnte damals nicht, wie schwer es wird, den Versuch der anlasslosen Massenüberwachung zu vereiteln, als ihr vor 14 Jahren ein zentimeterdicker Um…

^{netzpolitik.org}

A Security & Privacy Focused Phone with a Secure Supply Chain🙌

Order your Librem 5 USA before Dec 5, 2022. We are shipping within 10 business days. Use code LIBREM5USA to get $100 off 🎉

puri.sm/products/librem-5-usa/

#security #privacy #phone #sale #promo

TSA Wants To Scan Your Face At The Airport. Here Are Your Rights.

#News #TSA #privacy #biometrics #security #HumanRights #SurveillanceCapitalism #HomelandSecurity #DHS #Airport
washingtonpost.com/technology/…

The government wants to get in your DMs.

The #OnlineSafetyBill will make messaging apps scan what you're saying and what images you're sharing before they get encrypted. It unlocks your privacy.

Email your MP (UK) today: action.openrightsgroup.org/wri…

#BlockTheBill #PrivacyIsOnlineSafety #privacy #freedomofexpression

After 2 years of negotiations with Microsoft, the German Data Protection Conference issued a damning statement: German schools must not use MS365 due to privacy violations.

Fortunately, Linux, LibreOffice & Tutanota are very good alternatives. 💪🔐

tutanota.com/blog/posts/micros…

#OpenSource #FOSS #privacy #GDPR

Microsoft's Office 365 declared illegal for German schools - again!

American cloud providers do not comply with strict German privacy protection laws and must not be used by German schools.

^Tutanota

WhatsApp data breach sees nearly 500 million user records up for sale

If you use WhatsApp, your details could well be up for sale

#news #tech #technology @WhatsApp #security #privacy #databreach

techradar.com/news/whatsapp-da…

WhatsApp data breach sees nearly 500 million user records up for sale

^{Craig Hale (TechRadar pro)}

Google publishes the source code for their TalkBack screen reader. GrapheneOS maintains a fork of it and includes it in GrapheneOS with the help of a blind GrapheneOS user who works on their own more elaborate fork. Eventually, we'd like to include more or all of their changes.

TalkBack depends on a text-to-speech (TTS) implementation installed/configured/activated. It needs to have Direct Boot support to function before the first unlock of a profile. Google's TTS implementation supports this and can be used on GrapheneOS, but it's not open source.

We requested Direct Boot support from both prominent open source implementations:

RHVoice: github.com/RHVoice/RHVoice/iss…
eSpeak NG: github.com/espeak-ng/espeak-ng…

eSpeak NG recently added it but it's not yet included in a stable release and their licensing (GPLv3) is too restrictive for us.

RHVoice itself has acceptable licensing for inclusion in GrapheneOS (LGPL v2.1), but has dependencies with restrictive licensing. Both these software projects also have non-free licensing issues for the voices. Neither provides close to a working out-of-the-box experience either.

Google's Speech Services app providing text-to-speech and speech-to-text works perfectly. Their proprietary accessibility services app with extended TalkBack and other services also works fine. However, many of our users don't want to use them and we need something we can bundle.

There aren't currently any usable open source speech-to-text apps. There are experimental open source speech-to-text implementations but they lack Android integration.

We also really need to make a brand new setup wizard with both accessibility and enterprise deployment support.

GrapheneOS still has too little funding and too few developers to take on these projects. These would be standalone projects able to be developed largely independently. There are similar standalone projects which we need to have developed in order to replace some existing apps.

AOSP provides a set of barebones sample apps with outdated user interfaces / features. These are intended to be replaced by OEMs, but we lack the resources of a typical OEM. We replaced AOSP Camera with our own app, but we still need to do the same with Gallery and other apps.

Google has started the process of updating the open source TalkBack, which only happens rarely. We've identified a major issue: a major component has no source code published.

github.com/google/talkback/pul…

Google has been very hostile towards feedback / contributions for TalkBack...

This is one example of something seemingly on the right track significantly regressing. Another example is the takeover of the Seedvault project initially developed for GrapheneOS. It has deviated substantially from the original plans and lacks usability, robustness and security.

In the case of Seedvault, GrapheneOS designed the concept for it and one of our community members created it. It was taken over by a group highly hostile towards us and run into the ground. It doesn't have the intended design/features and lacks usability, security and robustness.

All of these are important standalone app projects for making GrapheneOS highly usable and accessible. What we need is not being developed by others and therefore we need to the resources including funding and developers to make our own implementations meeting our requirements.

#grapheneos #privacy #security #android #mobile #accessibility #texttospeech #speechtotext #talkback #blind #backup

add Direct Boot support for Android so RHVoice can be used with TalkBack before the initial unlock · Issue #271 · RHVoice/RHVoice

More information: https://developer.android.com/training/articles/direct-boot https://github.com/GrapheneOS/platform_packages_apps_Updater is a trivial example of using this. You need to mark a sub...

^GitHub

Feeling tricked by #BlackFriday offers?

That's why we refuse to join the Black Friday hype.

Instead we have fair prices all year round: tutanota.com/blog/posts/black-…

#privacy

And its happening in Germany too after France banned it last week! #Microsoft355 has finally been banned from schools!

#FLOSS #Privacy

bestofprivacy.com/eu/germany-f…

Germany Forces a Microsoft 365 Ban Due to Privacy Concerns

The central German state of Hesse’s local Data Protection Authority (DPA) has banned the use of Microsoft 365 in its schools, citing concerns over privacy violations.

^{Vuk Mujovic (Best of Privacy)}

Experts Condemn The UK Online Safety Bill As Harmful To Privacy And Encryption

eff.org/deeplinks/2022/11/expe…

#Privacy

Experts Condemn The UK Online Safety Bill As Harmful To Privacy And Encryption

The British Parliament may start debating the Online Safety Bill again as soon as this week. The bill is a deeply flawed censorship proposal that would allow U.K. residents to be thrown in jail for what they say online.

^{Electronic Frontier Foundation}

Now do Google Docs 😉 cryptpad.org

#Privacy #Collaboration #Alternatives

CryptPad.org

End-to-end encrypted collaboration suite

^cryptpad.org

Since 2003, part of our mission has been respecting your #privacy and putting YOU in control – not a corporation.

We never show advertisements. We never sell your data.

That’s because #Thunderbird is completely funded by donations from generous people just like you.

YOU keep this great software free. YOU help us develop great new features. YOU keep us thriving!

Please consider giving a gift to help Thunderbird be the best it's ever been in 2023.

mzla.link/3TZrTaz

#OpenSource #Email

Give to Thunderbird | Give to Thunderbird

I gave to @mozthunderbird today to #freetheinbox. Join me to support communication privacy.

^{Give to Thunderbird}

🎧 🕵🏽 Just a reminder that your fancy #Bose #headphones are spying on you.

#SurveillanceCapitalism #privacy

Researchers used our #privacy inspector, Blacklight, to look into the websites of multiple addiction treatment providers.

Every one was sharing visitor data with third parties. wired.com/story/substance-abus…

Telehealth Sites Put Addiction Patient Data at Risk

New research found pervasive use of tracking tech on substance-abuse-focused health care websites, potentially endangering users in a post-Roe world.

^{Lindsey Ellefson (WIRED)}

Unsealed documents in the #CambridgeAnalytica class action lawsuit in Northern California revealed how Meta/Facebook will be unable to comply with the Digital Services Act or the GDPR because its internal data management systems are absolute “anarchy” per report by the Irish Council on Civil Liberties.

#DSA #GDPR #DataProtection #Privacy
iccl.ie/news/unsealed-court-do…

Unsealed court documents reveal data anarchy at Meta - Irish Council for Civil Liberties

ICCL letter to European Commission highlights new material about Meta’s internal data systems, and how Meta infringes the DMA & GDPR.

^{Johnny Ryan (Irish Council for Civil Liberties)}

To learn more about #MLS and why this protocol exists in the first place when we already have Signal's, here is a great podcast on the topic: cryptography.fm/7.

#Privacy #Security #Crytology #Cryptography #InfoSec

Episode 7: Scaling Up Secure Messaging to Large Groups With MLS!

Raphael Robert from Wire talks about how MLS wants to scale secure messaging to groups with hundreds or even thousands of participants.

^{Cryptography FM}

Tune in to our new episode! @katherined, @dsearls, @shawnp0wers, and @kyle discuss the ups, downs, and how-tos of using Mastodon amid Twitter's recent instability.
Visit the following link for full episode - reality2cast.com/132

#Mastodon #socialMedia #Technology #Privacy #Podcast #newEpisode

Tomorrow (Wednesday at 1700 UTC) we're presenting Part 2 of the annual State of the Onion!

Last week's presentation focused on in-house Tor Project teams; tomorrow will be focused on community projects. (This part is always super interesting to me.)

Please join us!

youtube.com/watch?v=O-7k0PjnBb…

#Tor #Privacy #FOSS @torproject

State of the Onion 2022 | Tor Community

State of the Onion - Community is a compilation of updates from the Tor Project different projects, highlights of the work from projects that are part of the...

^YouTube

The State of the Onion is livestreaming in 30 minutes!

Learn more about what the Tor community is up to! Get updates on exciting software projects! Learn more about the people and groups that keep the network running! Learn how you can get involved in the fight against censorship and surveillance! Generally have a good time!

youtube.com/watch?v=O-7k0PjnBb…

#tor #FOSS #privacy @torproject

State of the Onion 2022 | Tor Community

State of the Onion - Community is a compilation of updates from the Tor Project different projects, highlights of the work from projects that are part of the...

^YouTube

#Android without #Google made easy – with @shiftphones

android.izzysoft.de/articles/n…

(the little gap with "Rooting" aka Magisk will be filled soon™)

#noGoogle #googlefree #privacy

Android without Google: Shiftphones

Like the well-known Fairphones, Shiftphones are modular devices. Right from the shop they ship with no bloat, just the minimal set of Google Apps are installed.

^IzzyOnDroid

Back to #Firefox I go! Multi-Account Containers are a killer #privacy feature that only Firefox (and maybe derivatives) has access to.

addons.mozilla.org/en-US/firef…

There's some helper add-ons to further silo #Facebook, #Twitter, and #Google. (That said, I use my own containers for Google to split my accounts)

Facebook: addons.mozilla.org/en-US/firef…

Twitter: addons.mozilla.org/en-US/firef…

Google: addons.mozilla.org/en-US/firef…

Facebook Container – Get this Extension for 🦊 Firefox (en-US)

Download Facebook Container for Firefox. Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook.

^{addons.mozilla.org}

Microsoft is phoning home the content of PowerPoint slides

rogermexico.bearblog.dev/micro…

Discussions: discu.eu/q/rogermexico.bearblo…

#microsoft #privacy

Time for an #introduction. I've been involved in #FOSS and #Linux since the late `90s. My career started as a sysadmin, pivoting to security. I'm the President of @purism and work on hardware and software to protect #privacy, #security and freedom.

I've written a number of books (kylerank.in/writing.html) and was a long-time columnist for Linux Journal magazine.

I have many hobbies including #weaving, refurbishing mechanical #calculators, #3dprinting, #brewing, and many other things.