This is what I think about whenever infosec wonks on here start telling people they should use matrix or xmpp+omemo or whatnot instead of signal

To be fair, I understand the arguments and to a large extent I agree with the critiques. However, I think anyone making these recommendations is vastly underestimating the capacity or appetite for most people to deal with the user experiences presented by these alternatives.

User experience is the ultimate force multiplier. For anything that requires network effects to function (ie most anything involving communication), if it doesn't *just work* then you've lost 90% of your audience.

xkcd.com/2501/

#matrix #xmpp #infosec #cybersecurity #signal #ux #design #ui #encryption #privacy #crypto

Average Familiarity

^xkcd

Everyone knows your location: tracking myself down through in-app ads

timsh.org/tracking-myself-down…

#privacy #tracking #linuxmobile #surveillance

Everyone knows your location

Recently I read about a massive geolocation data leak from Gravy Analytics, which exposed more than 2000 apps, both in AppStore and Google Play, that secretly collect geolocation data without user consent.

^{tim (tim.sh)}

On a continuous effort to move away from Big Tech and transition to platforms and services that value privacy, I just made a new email account at @Tutanota
Their fundamental principles of no tracking, no data scanning, encryption, and privacy by design are much appreciated.
Thank you team at Tuta for your efforts!

#encryption #EmailEncryption #privacy

Nice. How to leave #X / #Twitter and #Instagram? In the edition of tomorrow‘s newspaper Augsburger Allgemeine offers valuable tips and highlights alternatives in the #Fediverse, such as #Mastodon and #Pixelfed.

A must-read especially for @Gargron from @Mastodon and @dansup from @PixelFed and of course @helpers / @admins

📖 Read more here in german language: augsburger-allgemeine.de/geld-…

#SocialMedia #Privacy #Alternatives #Mastodon #Pixelfed #Fediverse

Social-Media-Alternativen: Bluesky, Signal & Co: Neustart ohne X und Meta

Sie hadern mit Elon Musks Kurznachrichtendienst X und sind auch nicht mehr glücklich mit all dem, was Mark Zuckerbergs Meta-Konzern anbietet? Kein Problem. Es gibt Alternativen.

^{Von Dirk Averesch, dpa (Augsburger Allgemeine)}

There's no end to corporate manipulation of people's privacy.
#CVS #privacy

gizmodo.com/cvs-is-turning-loc…

CVS Is Turning Locked Shelves Into an Excuse to Make You Download Its App

The store is trialing a feature to let customers unlock cabinets with their phone.

^{AJ Dellinger (Gizmodo)}

Nice. How to leave #X / #Twitter and #Instagram? In the edition of tomorrow‘s newspaper Augsburger Allgemeine offers valuable tips and highlights alternatives in the #Fediverse, such as #Mastodon and #Pixelfed. A must-read especially for @Gargron from @Mastodon and @dansup from @PixelFed and of course @helpers / @admins

📖 Read more here in german language: augsburger-allgemeine.de/geld-…

#SocialMedia #Privacy #Alternatives #Mastodon #Pixelfed #Fediverse

On this Data Privacy Day, choose a search engine that puts you first. No ads. No tracking. No compromise. Just the results you want, on your terms.

(Illustration by Chaz Hutton for Kagi)

#Kagi #Search #DataPrivacyDay #DataPrivacyWeek #Privacy #AdFree

Let's say China manages to get just a little bit of data about people from just a few of these ... 😑

"China's overlapping tech-industrial ecosystems"

high-capacity.com/p/chinas-ove…

#cybersec #cybersecurity #infosec #itsec #china #privacy #gdpr #dataprotection #dataskydd

China's overlapping tech-industrial ecosystems

EVs, batteries, lidar, drones, robotics, smartphones, AI. China's progress across a range of overlapping industries creates a mutually reinforcing feedback loop.

^{Kyle Chan (High Capacity)}

Earlier today, Google rejected a feature request asking for the option to use DNS-over-HTTPS servers other than Google’s and Cloudflare’s in Android: issuetracker.google.com/issues…

According to Google’s own testing, DoH is more private, secure, and performant than DoT on Android. There is no reason whatsoever to limit it to a handful of Google-approved servers.

Just like with Manifest V3 in Chrome, this arbitrary restriction on what DNS servers can use the most modern technologies in Android is a clear example of Google abusing their position to campaign against blocking invasive trackers. One of the clearest uses for custom DNS servers is the ability to block privacy-invasive services like Google’s at the DNS level.

Further details & discussion on our forum: discuss.privacyguides.net/t/go…

#android #google #privacy #dns

Google rejects feature request for arbitrary DNS-over-HTTPS server support

https://issuetracker.google.com/issues/331250145?pli=1#comment7 Some background, since 2022 Android has used DNS-over-HTTP/3 instead of DNS-over-TLS for its Private DNS setting, but only for two predefined servers (Google and Cloudflare).

^{Privacy Guides Community}

The United States Government, in the wake of mobile cellular networks being compromised by China, finally suggested Americans use encrypted apps and services. One of those suggestions, provided as an exexample, by the Joe Biden Administration, was Signal.

Donald Trump, however, around the time Mark Zuckerberg made his announcement, concerning Meta policy, has continuously used WhatsApp as their example.

#Signal #WhatsApp #Privacy #Encryption #Safety #Security #Meta

So our beloved PM is announcing some "strong controls" as he's afraid of the coup... which is plain nonsense and he's just afraid to hear what people think of his romantic affairs with bloodlusting dictator, but that's not the point why I post this.

There is legitimate question on the table - what is actually the best offline (no Internet) messaging app as of today? I recall Bridgefy. Is there anything better?

#infosec #privacy #protest

Die Signatur-Problematik bei F-Droid ist offenbar noch immer nicht gelöst: "We find it concerning that F-Droid constantly chooses to move the goalposts and continues to rely on a fundamentally broken approach for certificate pinning, merely patching [15] known vulnerabilities without ever addressing the underlying cause." 😵👇

github.com/obfusk/fdroid-fakes…

#fdroid #security #privacy #certpinning #signature

GitHub - obfusk/fdroid-fakesigner-poc: F-Droid Fake Signer PoC

F-Droid Fake Signer PoC. Contribute to obfusk/fdroid-fakesigner-poc development by creating an account on GitHub.

^GitHub

Microsoft Office 2016 and Office 2019 will no longer receive software updates, technical support, or bug and security fixes after 14.10.2025.

Consider migrating to LibreOffice.

LibreOffice is free to use.
LibreOffice supports Office file formats.

Install LibreOffice and compare it with your version of Office.

Website: libreoffice.org
Mastodon: @libreoffice

1/4

#Microsoft #Office2016 #Office2019 #Office #LibreOffice #CyberSecurity #Privacy #InfoSec #FreeSoftware #OpenSource #FOSS

👋 hi
We heard you moved away from a toxic social media platform?
Congrats! now do Google Docs!

cryptpad.org

#privacy #collaboration #office-suite #googledocs #office365

CryptPad.org

End-to-end encrypted collaborative office suite

^cryptpad.org

"Hey, what's your password?"

Nice try. My password is:

Tuta_MailDoesntLetThatHappen!

Enjoy your Sunday! 🤩

🔐 #Encryption #Privacy #Security 🔐

This #NewYearsResolution should be about increasing your #privacy. Share now!

❤️ ❤️ ❤️

Looks like #Microsoft appointed the new Data Protection Supervisor of the #EU.

This happened because the “left-liberal camp” did not agree on which candidate to support, if I am reading the news correctly.

I saw outgoing EDPS Wojciech Wiewiórowski at more than one @fnf meeting, and I doubt that his successor will turn up at this grassroots #privacy barcamp.

heise.de/en/news/Too-critical-…

#Wiewiorowski #EDPS

Too critical? MEPs vote out Data Protection Commissioner Wiewiórowski

EU Parliament's Committee on Home Affairs has chosen Bruno Gencarelli as its preferred candidate for the role of EU Data Protection Supervisor.

^{Stefan Krempl (heise online)}

I like @Tutanota as email provider, but, sometimes it feels like their developers have never used an email client before in their life.
Now they *just* (I mean....) introduced labels, BUT you still cannot create filters that automatically apply labels too.
Gmail may be the evil to avoid at all cost, but, their UX had already everything like 20 years ago.

Tuta is good for privacy, but their UX is stuck in the '90s and it makes a horrible whole email experience. #privacy

Sensitive content Click to open/close

#Google Starts Tracking All Your Devices In 6 Weeks—Forget Chrome And #Android

Long story short is that Google has made updates to its advertising ecosystem essentially _permitting_ the fingerprinting of devices for use in targeted advertising. In their words they are going to be “less prescriptive with partners in how they target and measure ads.”

Doesn’t mean fingerprinting wasn’t happening before, just that Google is giving the green signal to the rest of the ecosystem to do so… and will likely use this to maybe replace third-party cookies.

Use an adblocker. Seriously.

#privacy #ads #privacymatters #useadblockers

forbes.com/sites/zakdoffman/20…

Google Starts Tracking All Your Devices In 6 Weeks—Forget Chrome And Android

Say hello to 2025—the way you're tracked has suddenly changed. Here's what you need to know.

^{Zak Doffman (Forbes)}

just discovered some very cool new projects:
git.deuxfleurs.fr/Deuxfleurs/b…
aerogramme.deuxfleurs.fr/

aerogramme is a proxy for imap and caldav that offers encryption and some security guarantees

bagage is webdav with an s3 backend

this is all based on garage which works great on commodity hardware. you could rent a $5/mo/tb vps from hosthatch and have decently good secure, open source, cloud storage of all the above

#privacy #openSource #security #s3 #garage

bagage

Bagage is the bridge between our users and garage, it enables them to synchronize files that matter for them from their computer to garage through WebDAV

^{Gitea: git with a cup of coffee}

Google: Device Fingerprinting ist okay
heise.de/news/Google-Device-Fi…

Ist ja auch für die Werbeindustrie ganz dolle wichtig...

#privacy

Google: Device Fingerprinting ist okay

Google lässt ab Februar das Tracking von Verbrauchern per Device Fingerprinting für Werbezwecke zu – eine fundamentale Abkehr von seiner bisherigen Position.

^{Jo Bager (heise online)}

❤️ Privacy matters - so does doing good. We donate Tuta to #opensource projects! ❤️

Ready to turn on #privacy?

👉 tuta.com/blog/tutanota-for-ope…

#foss #givingback #encryption #security

What to do with people around who are carrying AI Wearables that listen to everything said and record it and send conversations to whatever language model processor? How even find out? By asking? Searching? Pat down? Is friendship ended if they refuse to shut it off? Similar for home assistants. Don't visit such people anymore?
(luckily I don't know anyone who actually uses such shit, so it's hypothetical).

#Privacy #AI #Wearables #SpyDevices #ModernWorldShit #Datenschutz #Privatsphäre

We fight for your right to #privacy with #encryption! 🔒

Check out our new scrolling animation: tuta.com/ 💪

Normalize extended ASCII
And 128+ long passwords

If you use a password manager (which you should)
There's no reason not to make it as complex as you can

#keepassxc #extendedascii #passwords #privacy #cybersecurity

GrapheneOS version 2025010700 released:

grapheneos.org/releases#202501…

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

discuss.grapheneos.org/d/18831…

#GrapheneOS #privacy #security

GrapheneOS version 2025010700 released - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

What is one thing you are planning
to do in 2025 to improve your data privacy online or to improve the data privacy of others? 🔒👀

#Privacy #NewYearResolutions2025

If you're surprised Tesla takes and keeps recordings from their cars after seeing the news about the Cybertruck in Vegas, you shouldn't be. This is not something new. Tesla has been taking and storing media for many years, claiming it's used to train their AI capabilities. You can't opt out either.

And Tesla employees do access it, make fun of you, make memes, and share the content internally, without any legitimate reason to access the content.

arstechnica.com/tech-policy/20…

While this is about Tesla, this is a growing problem across this and other industries.

#Tesla #Surveillance #Privacy

Tesla workers shared images from car cameras, including “scenes of intimacy”

Ex-staffers tell Reuters about internal image sharing: “We could see their kids.”…

^{Jon Brodkin (Ars Technica)}

We are heading towards completion of another milestone 😃

Thanks to @VishnuSanal, #Prav is on Google Play Store now. It requires a 2-week testing period before being open to public downloads. Right now, only authorized testers can test it.

If you are interested in testing, please share your Gmail address with us.

On the other hand, the app is free to download from #Fdroid. Please remember that the service is still in public beta.

Stay tuned!

#XMPP #privacy #FreeSoftware #OpenSource

Ready for #NewYear? Time to make up a #NewYearResolution 💪

Why not choose #privacy over Big Tech⁉️

Here are some ideas. 👇 Which is on your list for #2025❓

And more tips to #deGoogle your life: tuta.com/blog/how-to-leave-goo…

The #38C3 presentation about the massive #Volkswagen data leak is over and the leak was as bad as it sounded. 100,000s of cars could be located down to cm precision. Also a lot of metadata that is NOT supposed to be public. Disturbing.

The main takeaway was that the real problem here wasn't the leak itself, but that this data was collected in the first place.

I agree. It's not a good idea to create mountains of very personal data and then pray it never leaks.

#privacy #fail #leak #breach #vw