Steven Bonk: “When Canadians provide their personal information to political parties, whether signing up for a newsletter, attending a town hall or simply expressing support, they are placing trust in us. They expect that information to be treated with care, confidentiality and respect. When that expectation is not met, the harm is not just legal or administrative. It is democratic.”
#canpoli #privacy

michaelgeist.ca/2025/06/govern…

Government Remains Silent as it Eviscerates Political Party Privacy in Canada By Fast Tracking Bill C-4 - Michael Geist

The government is moving to eviscerate political party privacy in Canada as it fast tracks Bill C-4, proposed legislation framed as implementing affordability measures, but which also exempts political parties from the application of privacy protecti…

^{Michael Geist}

Ever received an email with hundreds addresses in CC, including yours?

Send them this guide so they learn why they should use BCC! 😎 #privacy

👉 tuta.com/blog/what-is-cc-and-b…

In some #awesome news, Trump's #AI plans have been leaked on #github, which others have now backed up for themselves.

First reported yesterday by 404 Media, the #tech is to launch on July 4th. Besides a #chatbot, there are APIs to connect to other models, and some other agency tech.

Despite Trump's rush to deploy widespread AI, many experts have valid #security and #privacy concerns regarding access to #confidential #data.

theregister.com/2025/06/10/tru…

#news #technews #trump #unitedstates #uspol

Trump administration's whole-government AI plans leaked on GitHub

Updated: The AI.gov repository and staging site vanished when we asked questions, but don't worry – we captured backups

^{Brandon Vigliarolo (The Register)}

As part of the investigation, I have looked closely at Telegram's protocol and analyzed packet captures provided by IStories.

I have also done some packet captures of my own.

I dive into the nitty-gritty technical details of what I found and how I found it on my blog:

Telegram is indistinguishable from an FSB honeypot
rys.io/en/179.html

Yes, my packet captures and a small Python library I wrote in the process are all published along.

#Telegram #InfoSec #Privacy #Surveillance #Russia

Remarkable investigation into Telegram by IStories (in Russian):
istories.media/stories/2025/06…

English version by OCCRP:
occrp.org/en/investigation/tel…

tl;dr:

👉 Telegram uses a single company with ties to the Russian FSB as their sole infrastructure provider, globally.

👉 Combined with a cleartext device identifier Telegram's protocol requires to be prepended to all encrypted messages, this allows for global surveillance of Telegram users.

I am quoted in this story.

#Telegram #InfoSec #Privacy

Telegram, the FSB, and the Man in the Middle

The technical infrastructure that underpins Telegram is controlled by a man whose companies have collaborated with Russian intelligence services.

^OCCRP

Finally have some free time to start moving away from a Gmail email address. Can anybody recommend a fully hosted email service provider?

I can pay.

Something like Fastmail, with the ability for aliases, and a clean, HTML, designed interface that isn't trying to be an app in a browser? But the ability to view messages as plain text.

Proton Mail is a no go because their LLMs poke all through your messages. I want something without AI bullshit.

I'd use Fastmail but they don't work with my VOIP mobile numbers and constantly engage in union busting so want something else.

#Email #AskFedi #privacy

Privacy vs Security: Yandex is spying on their users in an insecure way, Meta (Facebook, Insta) in a more secure way. Both of them are a threat against user privacy

This is yet another example showing that there are reasons to be more suspicious against proprietary apps. We should avoid installing GAFAM apps, and reducing as much as possible our dependency on their services is healthy

localmess.github.io/

#InfoSec #Privacy #Android

One of the reasons why i recommend @Tutanota to everyone is because the mobile notifications of their app don't pass through Apple/Google servers. Like Signal.
Not even Proton has this feature. #privacy

mastodon.thenewoil.org/@thenew…

I maintain and publish to my website for two reasons:

1. To keep myself together
2. To foster human connection

Neither of these requires a single bot be allowed to visit my site.

The corporate internet already sucks and is obviously moving toward AI at breakneck speed. Does anyone know of specific efforts to create a cordoned-off human-centric internet?

I'm aware of cloudflare and other CDNs, but they're obviously not interested in that particular angle.

Boosts/ideas welcome!

#privacy #AI

Who says you can’t have #privacy and #security in an OS?

Meet PureOS — the #Linux OS that respects you.

No ads
No trackers
No #surveillance
No terms of service traps

PureOS supports Purism’s Librem 5 & Liberty Phone.

More Info: puri.sm/posts/what-is-pureos-a…

What Is PureOS? A Beginner’s Guide for iOS, Android, and Windows Users – Purism

Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.

^{Purism SPC}

🗓️ May 2025 status is live on the blog

🚀 Release 2025.3.1 with OnlyOffice 8
📰 CryptPad in use and in the news @bearstech @Tutanota

blog.cryptpad.org/2025/06/03/s…

#privacy #opensource #officesuite #e2ee

May 2025 status

CryptPad 2025.3.1 with OnlyOffice 8, CryptPad in use and in the news

^{blog.cryptpad.org}

"For now, the most comprehensive protection against Meta Pixel and Yandex Metrica tracking is to refrain from installing the Facebook, Instagram, or Yandex apps on Android devices."

That's exactly what I do.

arstechnica.com/security/2025/…

#Meta #Yandex #tracking #privacy

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

^{Dan Goodin (Ars Technica)}

We don’t want to spam you with posts, but the house is burning! Help us to put it out.
The world needs fair and sovereign digital and technical solutions. Here we are and we want to create one.
Please support us on this path and benefit directly through free monocles accounts. Become one of thousands of monocles users and get your privacy back.

startnext.com/en/monocles

#monocles #privacy #sovereign #xmpp #it #ethics #cloud #email #eu

monocles - Privacy is not a feature. It is a right.

Secure communication, fair cloud, ethical hardware - monocles offers a digital solution without tracking, without surveillance, without compromise.

^{startnext.com}

📣 Liberux NEXX is now live on crowdfunding! 🚀

After months of development and testing, we're introducing the most powerful Linux smartphone: RK3588S, 32 GB RAM, 5G, Debian 13 + GNOME Mobile, and total privacy with hardware killswitches. 🎉

🔼 Now upgraded to 512 GB of storage and European-made.
Support mobile freedom and reserve your unit in the next 30 days:

🔗 igg.me/at/liberux-nexx

#LiberuxNEXX #linuxphones #privacy #opensource

Nešlo mi nic instalovat z Aurora Store, než jsem přišel na to, že je potřeba vymazat mezipaměť.
Na hlavním profilu mám jen aplikace z F-Droidu a pár app z Aurory, aplikace z Google Play používám jen v soukromém prostoru.
Občas člověka napadne, jestli to celé stálo za to 😀

#privacy #grapheneos

Just published a blog post tearing into hCaptcha’s so-called “accessibility” mode.

It’s not accessibility. It’s a cookie. And to get that cookie, you now have to submit your email and send a code via SMS to an U.S. phone number. It fails silently. It doesn’t confirm anything. You click “Confirm Code” and get “An error has occurred.” No cookie. No fallback. No support. And if you somehow get it? It’s a third-party cookie your browser probably blocks, and it expires. Then you get to do it all again.

Meanwhile, hCaptcha’s text-based challenge — the only mode that might actually work with a screen reader — isn’t tied to the cookie at all. It only shows up if the website owner specifically enables it. Most don’t. So even if you’re blind, even if you’re using assistive tech, you get the same unusable image grid as everyone else.

This isn’t accessibility. It’s exclusion wrapped in PR.

The blog post breaks it all down: how the cookie flow works (or doesn’t), why the system is broken by design, how developers got misled, and what real alternatives look like. If you care about accessible design or just want to understand how bad this gets, read it.

Link: fireborn.mataroa.blog/blog/hel…

#Accessibility #a11y #BlindTech #hCaptcha #HellCaptcha #UX #WebDev #ScreenReaders #Disability #TechRant #DevTools #Ableism #Privacy #FOSS #Inclusion

Who says you can’t have #privacy and #security in an OS? Meet PureOS — the #Linux OS that respects you.

No ads
No trackers No #surveillance
No terms of service traps

PureOS supports Purism’s Librem 5 & Liberty Phone.

More Info: puri.sm/posts/what-is-pureos-a…

Startpage is a search engine that has been promoted as a European alternative to Google Search.

This is a misleading statement.

CLARIFICATION

Headquartered in the Netherlands.

Owned by System1: mastodon.online/@blueghost/111…

Revenue is consolidated with System1's financial statements.

System1 supports employee salaries, technology investments, and marketing initiatives.

Source: support.startpage.com/hc/artic…

Website: startpage.com

#Startpage #StartpageSearch #Privacy #InfoSec #CyberSecurity

First, they'll ask for your official IDs to confirm your age and identity.

This will create a large treasure trove
of sensitive data, which will attract criminals, and will inevitably leak from either negligence or malice, sooner than later.

Then, they'll claim your official ID is
unreliable, because it was stolen so many times, and demand you share your biometric data.

They will collect your face scan,
your palm scan, and even your iris scan (no exaggeration, these are all already being collected by some companies for identification). They will claim it's super safe.

This will create a large treasure trove
of sensitive biometric data, which will attract criminals, and will inevitably leak from either negligence or malice, sooner than later.

Then what? Rinse and escalate.

You will have lost control of not just your corporate social media accounts by participating to this, but to any data capable of validating your identity, to your privacy rights, to the protections you could use online to stay safe.

We don't have to wait that it escalates.

We can, and must, push back and say No now. Start to say No now.

#Privacy #Biometrics #DataMinimization #AgeVerification

"'Take a screenshot every few seconds' legitimately sounds like a suggestion from a low-parameter LLM that was given a prompt like 'How do I add an arbitrary AI feature to my operating system as quickly as possible in order to make investors happy?'" signal.org/blog/signal-doesnt-…

#Signal #Microsoft #Recall #MicrosoftRecall #LLM #LLMs #privacy

By Default, Signal Doesn't Recall

Signal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing screenshots of your Signal chats on Windows.

^{Signal Messenger}

FBI Warning on Messaging Apps: Time to Rethink What "Secure" Really Means

The FBI recently urged Americans to switch from SMS to encrypted messaging apps like WhatsApp and Signal.

Read More at: puri.sm/posts/fbi-raises-alarm…

#Cybersecurity #Privacy #Surveillance #Signal #WhatsApp

FBI Raises Alarm on Encrypted Messaging Apps: A New Front in the Battle for Digital Privacy and National Security – Purism

Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.

^{Purism SPC}

While working on my voice-training app last night (instead of sleeping…), I ran into an infuriating issue: I had installed a service-worker to cache the app in case it is installed as a progressive web app, but had not yet added a good way to update it…

So it ended up kinda blocking an easy re-installation of the next version that did add some capabilities to that effect.

As a result I tried really hard to get rid of that service-worker and just did not find a way to do this on mobile #Firefox… In the end I was able to change the website directly on the server, do a hard reload on the client and use the updated client to delete the web-worker. But that’s of course only viable if you control the source for the web-app.

So, I guess I kinda found a way to store very hard to delete information in the browser? Sounds like very much not great for #Privacy…

Who says you can’t have #privacy and #security in an OS?

Meet PureOS — the #Linux OS that respects you.

No ads
No trackers
No #surveillance
No terms of service traps

PureOS supports Purism’s Librem 5 & Liberty Phone.

More Info: puri.sm/posts/what-is-pureos-a…

Lightweight open source Google reCaptcha alternative: ALTCHA leverages a proof-of-work mechanism to safeguard your website, APIs, and online services from spam and abuse. Unlike traditional solutions, ALTCHA is self-hosted, does not rely on cookies or fingerprinting, and ensures complete user privacy. It is fully compliant with GDPR, WCAG 2.2 AA-level, and the European Accessibility Act. github.com/altcha-org/altcha

#privacy #webdev #security #opensource

GitHub - altcha-org/altcha: GDPR, WCAG 2.2 AA, and EAA compliant, self-hosted CAPTCHA alternative with PoW mechanism and advanced anti-spam filter.

GDPR, WCAG 2.2 AA, and EAA compliant, self-hosted CAPTCHA alternative with PoW mechanism and advanced anti-spam filter. - altcha-org/altcha

^GitHub

In 2010, #AaronSwartz downloaded 70 GB of articles from JSTOR. He faced a $1 million fine and 35 years in prison
➡️ Aaron took his own life in 2013.

#Meta illegally downloaded over 80 terabytes of books from LibGen, Anna's Archive, and Z-library to train its #AI models
➡️ facing no consequences.

Information is power, knowledge is power.

Beware and fight against those who want to keep you ignorant, unaware, and misinformed.

#digitalrights #openknowledge #opendata #privacy

*How secure is UnifiedPush?*

It’s a legitimate question that comes up from time to time. While the question is fairly short, the answer requires a few details. Behind the question of security, it’s also often about privacy.

unifiedpush.org/news/20250513_…

#UnifiedPush #PushNotifications #Android #FCM #Privacy

Who says you can’t have #privacy and #security in an OS?

Meet PureOS — the #Linux OS that respects you.

✅No ads
✅No trackers
✅No #surveillance
✅No terms of service traps

Run it on Purism’s Librem 5 & Liberty Phone.

Link - What is #PureOS?: puri.sm/posts/what-is-pureos-a…

🗣️ New interview !

@ThibaultMartin of @matrix.org sat down with @NGICommons to discuss the role Matrix plays in building a privacy-respecting, sustainable digital communication infrastructure.

Read more on our website: commons.ngi.eu/2025/05/07/matr…

#Matrix #DigitalCommons #foss #OpenSource #Decentralisation #Privacy #Sustainability #Fediverse

@OpenForumEurope
@openfuture
@martelinnovate
@cnrs
@linuxfoundation
@ngi

Ah! I am horrified by how much data Google collects! 😱🤮
Just checked it in my Google account and 𝗶𝘁 𝗸𝗻𝗼𝘄𝘀 𝗺𝗼𝗿𝗲 𝘁𝗵𝗮𝗻 𝗜 𝘁𝗵𝗼𝘂𝗴𝗵𝘁!
This is an amazing @Tutanota article about the hungry Google monster. Also, very good links inserted!
tuta.com/blog/what-does-google…

#Google #techgiant #GoogleAI #privacy #privacyMatters #PrivacySettings #tuta #Tutanota

Everything Google knows about you and how to stop it! | Tuta

Ever thought ‘What does Google know about me?' the short answer – A LOT. But you can stop them from collecting more, here's how!

^Tuta

📢 Hello Fediverse!
CryptPad is an end-to-end encrypted and collaborative office suite.
#Privacy 🤝 #Collaboration

Recent events on Fosstodon have been another reminder that we need to control our own social media channels. To this effect we have migrated our account to this brand new instance managed by XWiki SAS our parent company 👋

#introduction

Data mining. Cartoon from 2022.

#TikTok #China #privacy #datamining

De-Google your life and regain #privacy - ie. with @Tutanota :
mastodon.social/@Tutanota/1143…

Tuta

2025-04-21 13:25:08

We ❤️ #opensource - as much as we dislike #Google

Break free from Big Tech tracking, go secure! 💪 🔒

👉 tuta.com/blog/open-source-emai…

#foss #fdroid #android #email #calendar

Tuta Mail is available on F-Droid so you can break free from Big Tech tracking | Tuta

We're here to stop surveillance by corporations like Google and Apple. That's why we replaced Google's FCM with our own notification system and keep Apple Notification Data at a minimum. Learn here why this is important.

^Tuta

😬

NPR: NIH autism study will pull from private medical records

npr.org/2025/04/23/nx-s1-53726…

#privacy #health #medicine

Everything you say to #Alexa now becomes training material for #AI, and no, you cannot opt out

adguard.com/en/blog/your-voice…

#privacy #Amazon

Everything you say to Alexa now becomes training material for AI, and no, you cannot opt out

Amazon has removed the "Do Not Send Voice Recordings" option for several Echo devices. Voice commands will now be transmitted to Amazon’s cloud.

^{Daria Magdik (AdGuard)}

📱 Válí se mi doma Pixel 6a s GrapheneOS.
Mám tu plně funkční Google Pixel 6a s nainstalovaným GrapheneOS. Bezpečnostní aktualizace do července 2027. Perfektní pro někoho, kdo to myslí vážně se soukromím a chce bezpečný telefon bez Google sledovaček.

Telefon má známky běžného používání a trochu zlobí konektor na nabíjení, ale jinak šlape v pohodě.

Kdyby někomu udělal radost a využil ho naplno, dej vědět do zpráv. Rád ho pošlu dál – hlavně někomu, kdo ví, co má v rukou. 🙂

#GrapheneOS #Privacy #OpenSource #FediBazaar #androidbezgoogle

4Chan hacked; Taken down; Emails and IPs leaked

Apparently they were not only running an old, unsecure version of PHP their entire stack was outdated.

the-sun.com/tech/14029069/4cha…

#news #tech #technology #security #privacy #4chan #hack #breach #databreach

4Chan down UPDATES: Thousands of users report issues accessing controversial website...

CONTROVERSIAL website 4Chan has gone down for thousands with users unable to access the message board. More than 1,000 users of the site have logged complaints on the Downdetector website, which me…

^{Allan Glen (The US Sun)}