Completely in that they do not delete it. Regarding the legal aspect I am not a lawyer.
Messages can contain personally identifiable information and they very often do. You cannot anonymize messages by just deleting the user name and email address of the sender. With Reddit the difference is that it is public in the first place while with direct messages you have anexpectations of privacy. But of course how things turn out in court is another matter.
YouTube once did a genius and really nice move: Paying the video authors. They realized that treating the people who create the works – that are the entire reason why people use the platform – well and creating an incentive for that work is smart and a good way to grow the platform.
But that time is long gone. YouTube is the monopoly in the market now. They ruin everything that was good about YouTube. They brought the adpocolypse and only pay video authors for videos the content of which they deem friendly to their advertisements business and easy to sell to advertisers based on a completely arbitrary broken automatic system that enforces self censorship on the video authors. All other videos that are still vital to the platform do not get any of the money they make of the viewers the demonetized videos keep on the platform.
They started putting ads on videos that the author did not choose to monetize completely breaking with their system of sharing their revenue with the people who create the basis for that.
While they impose strict arbitrary self censorship on the video authors who want a cut of the revenue their videos allowed to generate they allow a flood of scams and other illegitimate and inappropriate content for advertisers.
They removed the dislike button making the platform much worse for the users just to appeal to advertisers even more.
Open source does not make clear that the software is free as in freedom, just that the source code is available. If anything we would need to call it libre software to make it unambiguous.
GrapheneOS is the go torecommendations.
Note that the admins of your instance can see absolutely everything in your account. Social media is not private and Lemmy is no exception to this.
When renting you still have full usage rights. When renting a computer like an iPhone you still have the right to run whatever software you choose. That is not the case. This is not renting. This is nothing. You just give them money in hope of their favor. But you do not have the right to anything.
What is interesting is that they paint this as a security reason:
However, Microsoft has decided to remove this option from the Edge settings menu, citing security and privacy reasons. According to a Microsoft engineer, the reset sync option was “a potential attack vector for malicious actors to wipe out user data without their consent or knowledge”.
This is a very common reappearing thing in big tech. They deny you control over your data and device for alleged security reasons. Apple uses the same pretens for locking down iOS and not allowing the user to install apps of their choice but only what Apple approves.
They are right in a way. They are doing this for security reasons. But not for your security but for theirs, from you. You do not own "your" data and you do not own "your" device. We are heading towards a society where you do not own anything. No matter how much you pay for it.
That's all nice but their lowest paid plan also just tripled in price (while getting more features).
The entire point of E2EE encryption is that you do not have to trust the server.
Tor Browser on Android. It happens on multiple circuits with different exits. Not an image by me, but it looks like this: https://global.discourse-cdn.com/cloudflare/original/3X/c/3/c38eaed81c96ac19e4fd5a69d4257445b391927e.png
Really? That is a stupid limitation.
Presumably end-to-end encrypted. Do not trust any of them. There is no good cloud-based password manager.
Bitwarden is open source and audited: https://bitwarden.com/help/is-bitwarden-audited/
Reminder to backup your cloud password manager
Never rely on any cloud service! A good cloud based password manager is end to end encrypted meaning the password manager provider cannot access your passwords and they are secured from the provider and any compromise of the provider. But you do not only need confidentiality but also reliability. The cloud is just someone else's computer that you store your data on. They can cease their service or stop providing you access to it at any time. Always have a local backup of anything important saved in a cloud.
With Bitwarden for example you can export your vault as unencrypted json and csv format. Those are widely compatible and allow you to easily access and import your passwords.
Do not save your exported passwords unencrypted. I strongly recommend creating a dedicated VeraCrypt or LUKS container or similar and saving the export directly into that without saving it to disk unencrypted in the first place.
Note that shared organizations are not included in the standard vault export and need to be exported separately.
Edit: Someone mentioned that Bitwarden's export feature does not export attachments. So export them manually if you need to.
child sexual abuse rings, come on
You can set a custom time range. It is only set to just one month because longer ranges need more resources and time. But yes, it is non intuitive and cumbersome.
When I visit the link with JavaScript disabled I get blocked by a site stating "Please wait while your request is being verified..." and then nothing happens even though the actual site behind that screen displays fine without JavaScript.
Open source is no guarantee for security or privacy. It is a prerequisit.
Just because software is open source does not mean someone is actually looking at the code. But depending on the software there are incentives to do so. Some people might be technologically interested on the way a software does something and look at the source code for that. Some people might want to check the benignity for themselves and actively check the source code for malicious features. With community maintained software there are often many different independent people working on the software. Also many open source software projects allow code commits to the software. Many eyes on the software due to many people working on it increases the chance of malicious features or vulnerabilities being discovered. A great thing about FOSS is the possibility to fork it or to use the FOS software of someone else in your software. FOSS allows and even encourages everyone to work with the software of others for ones own purpose and to modify, adapt or embed it. This leads to more people having an eye on the source code just for purely practical purposes. Open source just means publishing the source code, but FOSS is about actively reusing, improving and adapting other people's work in your own work. Security researchers might also have a look on open source software purely for their own research. Another great important aspect are bug bounties. Many developers pay bounties to people who report vulnerabilities to them. That creates an incentive to audit the code. But obviously not every project, especially smaller ones, have bug bounty programs. But you could probably sponsor one for some software you like. Lastly there are independent third party audits. Those can be done for a number of reasons. There can be community paid audits through donations. VeraCrypt had one for example. Then there might also be other organizations who want to use the software and have an interest in its security. VeraCrypt is also an example for that. The German government paid the Frauenhofer Institute for an audit of VeraCrypt.
In the end it comes down to the specific software. If someone implements a malicious feature in their software it is not necessarily going to be found just because the source code is open. If you find some random unknown software it is not secure just for being open source, but the chance of malicious features or vulnerabilities being discovered is definitely higher if it is possible to look for them in the first place.
Security critical software should be open source and audited.
This work is licensed under CC BY-SA 4.0. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/
Reminder to check whether you have old accounts that you might have forgotten about
You might have old accounts especially cloud accounts that are just idling abandoned while still holding personal information. They might have old weak passwords just waiting to get compromised. Same goes for old email addresses that you do not use anymore but are still linked to other accounts. This is a reminder to check those, delete your data from them or to delete them altogether (delete private information manually first before deleting the account as many companies do not actually delete the data from deleted accounts and just mark the account as deleted).
Some examples of this could be:
- old Google accounts from old devices
- old iCloud accounts
- old Microsoft accounts
- old Aol or similar email accounts
- old accounts from smartphone vendors like Samsung, Huawei etc. that often have their own cloud services
Make sure to set a strong passwords on accounts you want to keep and of course use a password manager. Besides the security password managers have the great side effect of giving you an overview over all your accounts so that you cannot just forget old ones.
This work is licensed under CC BY-SA 4.0. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/
Freedom including the core freedom of privacy need to be respected by software: Why free software matters and is a prerequisite for privacy
Privacy means being in control of ones own personal information. It does not mean secrecy but deciding on your own what you share and with whom and what you do not share. On computers you can only have this control over your data when you have control over your computer. You should be the one deciding what your computer does, what software runs on its processor, what it does with your hardware and what it does with your data.
That is your personal freedom. Software should respect this freedom. That means you have to be in control of the software. This requires the following things:
- You should have the freedom to use the software for any purpose. Only you should decide and control what you do with your hardware and data.
- You should have the freedom to see what the software does. The software should be transparent and open source. To be in control of your data and your hardware, to be able to freely decide over it software should be open source so that you and anyone else who obtains a copy of it can freely check and see for themselves what the software does.
- You should be allowed to freely modify the software. To be in control of the software and in extent your device and data you need to have the right to modify the software to your liking: to remove any features that you dislike, that handle your hardware or data in a way you do not approve of, to modify features to your liking so that they suit your use case and use your hardware and data in the way you choose and to add new features so that you can do with your hardware and data what you choose to.
- You should be allowed to freely redistribute and publish the software and your modifications to it. You should not be forced to keep your copy of the software and your changes to it to yourself. Others should have the ability to profit of them as well if you want them to and you should have the ability to profit of the work and modifications of others if they want you to be able to. Your freedoms over your device are only effective if you can run the software developed and published by anyone. You should not need to develop all changes to the software yourself. Everyone including people who cannot develop software themselves should have freedom over their device and data and people developing and modifying software should have the freedom to collaborate and to build upon another. Innovation, peace, human culture and progress depend on people working together and building on the work of others.
Software that adheres to these freedoms is called free software. Free as in freedom.
You can only own a device if it runs free software. You can only have privacy if your personal information is processed by free software.
This work is licensed under CC BY-SA 4.0. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/
Saying that using an adblocker is immoral is no different than saying that it is immoral to switch the TV channel in a commercial break
just that the TV commercial looks back at you through the TV and the TV follows you around everywhere, wherever you go, whatever you do, taking note of everything to get to know every single detail about you, every interest, every prejudice, every weakness of yours, to get to know you like no person, no matter how close to you does, like not even yourself do to use that information to influence you most effectively to the TV channel's and the advertiser's advantage, to manipulate you, to sell this information about you to other companies like insurances who use the power that this knowledge provides over you to extract every last cent of money from you, to sell you.
Discord is a privacy disaster. How to use Discord as private as possible Guide
##Some general background
Discord is a privacy and security disaster. They do not make their money through ads and tracking (as of now) but they do not care about privacy or security just the slightest bit either. Discord messages are not end to end encrypted. Discord, their employees and their infrastructure partners like Google Cloud Messaging have access to your messages at all time. Do not ever send anything sensitive over Discord! Discord also does not delete your messages when you delete your account, leave a server or delete a channel or group. When you delete a channel or group or get removed from one your messages still stay on their server. You just lose access to them and have no way to delete them anymore. If you delete your account without deleting your messages first they will stay on their servers forever without you having any way to access or delete them. There is no official way for deleting all your messages. I am not a lawyer, but I am very sure that is a violation of the GDPR and highly illegal. They claim they anonymize that data when you delete your account, but all your messages are still tied to an account ID and there is no way to anonymize private messages that can contain personal information. Using client mods to automate deleting messages is even against their TOS. They do not comply with laws that require them to delete your data and reserve the right to ban you when you try to do that yourself. You should absolutely regularly delete your messages anyways. Make sure to have another mean of contact for your Discord friends so you do not rely on Discord as they can and do of course ban you for any or no reason whatsoever.
Discord also has extremely extensive telemetry that is not anonymized. They basically log every click you make in the app: when you click on a profile, when you join a voice channel etc. You can see this data when you do a GDPR request. Included in this logs is your IP address, your rough location and device information for every single event. You can block some of this with uBo in a browser or with client mods.
##Settings in Discord
- Opt out of personalization and other data sharing.
- Set yourself to invisible/offline. Everyone on every server can see when you are online otherwise and there are bots collecting this information.
##Modifications
- If you can, use Discord in a browser with uBlock Origin.
- Regularly use a script like this to delete your messages.
- Consider using a VPN to hide your IP address and location.
- If you use their mobile app do not grant it storage permission and instead share files from your gallery or file manager with Discord.
##Usage
Assume that absolutely everything you do on Discord – every message you send every word you say in a voice channel, every click you make – gets permanently recorded by Discord and secrete services, gets sold to advertisers either right away or in the future and breached to the public in the future. That is exactly what you risk when using Discord. Use it accordingly and do not share anything sensitive. If you need to discuss something private shift to another platform.