Privacy

cross-posted from: https://links.hackliberty.org/post/2005038

I know this is an outrageously bad idea, I don't need convincing. I am just looking for some more information and discussion on what exactly the exposure and surveillance risk is.

I'm asking both for my own education (I am still very green to networking), and to better explain to people in my life if and why they should care.

1. Is it true that traffic can be tracked and logged by ISP through DNS lookups, as these routers are preconfigured to use their internal dns service?

2. If this is changed (like base.dns.mullvad.net), how much does this actually mitigate the risk here?

3. What about when a VPN (mullvad) is also being used at all times? Would it then be "overly paranoid" to fear this untrusted box all the traffic goes through?

I personally take a conservative approach to things like this and assume it's an unacceptable risk, but I don't really understand what the truth is.

Thank you in advance for your time and thoughts.

EDIT: I'm asking about US and US adjacent areas

Isn't the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don't many two factor auth apps seem to support syncing? If it's fine to do so, are there any open source cross platform apps that sync keys?

Death Note Anonymity analysis by Gwern.

I think it would be valuable to read for people here, especially newbies and "privacy bros" to understand how privacy (anonymity) actually works.

> Given a perfect weapon, can you commit a perfect crime?

The answer is surprisingly close to no.

> Everything you do bleeds information.

A perfect crime is one that wasn't even noticed. If a perfect crime gets noticed it immediately reveals the following: you are smart and you have the knowledge and weapons to commit a perfect crime, and in a murder you must have had a motive, instantly ruling out 99% of the human population.

On the web you can be tracked using almost anything: browser window size, word choice, times you are online, internet connection delay, negative qualities like not giving your language will exclude the majority of people who do.

In fact, just this post alone is sufficient to narrow me down to less than a million (maybe even a few thousand) people.

Edit: This is actually about anonymity, privacy is slightly different, but I think this is still relevant to privacy.

All I found was this comment about the difference.

>Premium domain is only available when you have premium, because fewer people pay and fewer people use it, so there is less abuse and the domain name has better reputation, so when you public domain is not working, using the premium domain may be able to register.

https://reddit.com/r/privacy/comments/v624di/apple\_tracks\_you\_even\_if\_you\_dont\_have\_apple/

>We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple\_google.pdf

Fingerprinting works by collecting bits of information about the browser and device to identify users. Couldn't browsers see when a website gets such info with JS and either prevent or ask permission from the user for the website to make HTTP requests to upload such information to the website. Idk if they do something like this already.

iOS is very good about sandboxing and only letting apps run things while the app is open and focused on. It shows green and orange dots when the camera or mic is being used, and none of my use them without saying so and they only do so when they actually need them. If that is the case, are there any potential privacy issues with it?

I've been looking at using email aliases services, and right now I'm thinking of using Simplelogin for all my online accounts and accounts where I can change my email easily, and getting my own domain to share with people and where I can't easily update my email. It seems like I shouldn't use my own domain for online services because it would be unique and can be tracked.

I did lots of reading about this and am still wondering why someone would want to opt for catch-all domains over aliases. Catch-alls seem highly susceptible to spam and while I haven't actually done any email aliasing yet, it doesn't seem to take much effort to make a new alias if you have a plan with unlimited aliases.

I did the tests on fingerprint.com/demo/ and https://coveryourtracks.eff.org/ and they both said I have a unique fingerprint, even when I enabled privacy.resistFingerprinting to True.

https://themarkup.org/blacklight, I put in a few sites, including a full Reddit post URL and it reported 0 trackers. Does this site work well, are there other sites for seeing trackers on websites that work well?

"Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024."

"The development is part of a series of changes the company has enacted in response to allegations that it misled consumers and illegally tracked their movements despite turning off Location History from the account settings by taking advantage of the non-obvious Web & App Activity setting."

I don't want to sound like a "aluminum foil hat" guy but I'm concerned about CCTV cameras (private and public) around our towns.

All of these cameras do not send the stream to private servers (as the closed circuit would imply) but it's sent to the manufacturers' servers, usually in countries unfriendly to privacy regulations, let alone to human rights. I don't think I'm in immediate danger, but I personally think they likely flow into some AI models and into some government-controlled hands in order to do whatever they want with it.

Another risk is the fact they're very insecure.

I don't know how to battle this. I try not to look directly into a camera when I see one, but that's it. I wish more people would be aware of such risks.

Today EU governments will not adopt their position on the EU regulation on “combating child sexual abuse”, the so-called chat control regulation, as planned, which would have heralded the end of private messages and secure encryption. The Belgian Council presidency postponed the vote at short notice. Once again the chat control proposal fails in Council.

"They don't let reporters in here!" At an event paid for by a U.S. government blacklisted spy firm. I wonder how many years in a row I'll be able to infiltrate ISS World Prague, since I always post a hilarious photo. (Czech language, can be translated via Deepl)

If you can give @[email protected] subscribe. I just stole it from there.

Hello all,

Just wondering if there are any projects involving lemmy and .onion

I searched and didn't see anything but I figured I'd ask

If not is there a reason this isn't possible? Or has nobody cared to do it yet?

When I have to visit r****t I use a libreddit hidden service, and there are quite a few to choose from. Am I correct to think a similar mirror should be about as easy to implement for Lemmy?

an onion only instance where it never touches the clearnet would be really cool too but it would probably be a ghost town (sadly).

Love to hear your thoughts

Thanks