The encryption protecting communications against criminal and nation-state snooping is under threat. As private industry and governments get closer to building useful quantum computers, the algorithms protecting Bitcoin wallets, encrypted web visits, and other sensitive secrets will be useless. No one doubts the day will come, but as the now-common joke in cryptography circles observes, experts have been forecasting this cryptocalypse will arrive in the next 15 to 30 years for the past 30 years.

The uncertainty has created something of an existential dilemma: Should network architects spend the billions of dollars required to wean themselves off quantum-vulnerable algorithms now, or should they prioritize their limited security budgets fighting more immediate threats such as ransomware and espionage attacks? Given the expense and no clear deadline, it’s little wonder that less than half of all TLS connections made inside the Cloudflare network and only 18 percent of Fortune 500 networks support quantum-resistant TLS connections. It's all but certain that many fewer organizations still are supporting quantum-ready encryption in less prominent protocols.

I am sure this article has been shared before, however I wanted to have a look at this topic.
The articles short summary is this:

All 25 car brands we researched earned our *Privacy Not Included warning label – making cars the worst category of products that we have ever reviewed

I am currently driving a 2014 Ford Fiesta which just has a radio with a CD player and Bluetooth. I do not need more than that in a car.

The reason I am looking at all is that that the Fiesta does not belong to me and the friend owning it will be moving out in a bit, so I kinda need another one.

There seems to be one brand that is not as bad as the other ones (but still bad): Renault; mozilla's review...
Maybe I will have a look at their cars.

What do you guys think? Stick to older used cars and not use an EV or look at which of the manufacturers have the least bad privacy policy?

Banning online anonymity tools like Tor won’t stop crime. It will only drive people underground and normalize government control over the internet

According to Microsoft's documentation, a user can only change the setting to enable or disable the new People section three times a year.

https://archive.md/QMvAI

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

An Austrian digital privacy group has claimed victory over Microsoft after the country's data protection regulator ruled the software giant "illegally" tracked students via its 365 Education platform and used their data.

noyb said the ruling [PDF] by the Austrian Data Protection Authority also confirmed that Microsoft had tried to shift responsibility for access requests to local schools, and the software and cloud giant would have to explain how it used user data.

“You are not the customer, you are the abandoned carcass. The real customer is the market that trades in your future behaviour.” - Shoshana Zuboff

Zuboff’s The Age of Surveillance Capitalism has been on my list for a long time - finally diving in. It’s unsettling, brilliant, and painfully relevant. I wrote a short piece distilling her core message and what it means for digital freedom today.

"The problem in a nutshell. Surveillance agency NSA and its [UK counterpart] GCHQ are trying to have standards-development organizations endorse weakening [pre-quantum] ECC+PQ down to just PQ."

Part of this is that NSA and GCHQ have been endlessly repeating arguments that this weakening is a good thing... I'm instead looking at how easy it is for NSA to simply spend money to corrupt the standardization process.... The massive U.S. military budget now publicly requires cryptographic "components" to have NSA approval... In June 2024, NSA's William Layton wrote that "we do not anticipate supporting hybrid in national security systems"...

[Later a Cisco employee wrote of selling non-hybrid cryptography to a significant customer, "that's what they're willing to buy. Hence, Cisco will implement it".]

What do you do with your control over the U.S. military budget? That's another opportunity to "shape the worldwide commercial cryptography marketplace". You can tell people that you won't authorize purchasing double encryption. You can even follow through on having the military publicly purchase single encryption. Meanwhile you quietly spend a negligible amount of money on an independent encryption layer to protect the data that you care about, so you're actually using double encryption.

This makes a world of difference. I know many people may know of it but may not actually do it. It Protects your files in case your computer is ever stolen and prevents alphabet agencies from just brute forcing into your Laptop or whatever.

I found that Limine (bootloader) has the fastest decryption when paired with LUKS at least for my laptop.

If your computer isn't encrypted I could make a live USB of a distro, plug it into your computer, boot, and view your files on your hard drive. Completely bypassing your Login manager. If your computer is encrypted I could not. Use a strong password and different from your login

Benefits of Using LUKS with GRUB Enhanced Security

• Data Protection: LUKS (Linux Unified Key Setup) encrypts disk partitions, ensuring that data remains secure even if the physical device is stolen.
• Full Disk Encryption: It can encrypt the entire disk, including sensitive files and swap space, preventing unauthorized access to confidential information.

Compatibility with GRUB

• Unlocking from Bootloader: GRUB can unlock LUKS-encrypted partitions using the cryptomount command, allowing the system to boot securely without exposing sensitive data.
• Support for LVM: When combined with Logical Volume Management (LVM), LUKS allows for flexible partition management while maintaining encryption.

OC by @lunatique@lemmy.ml

Since this morning, if I visit a video, I get a black screen, if I watch from the main page, my screen flickers.

Thanks.

After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.

Providers

• AirVPN
• IVPN
• Mozilla VPN
• Mullvad VPN
• NordVPN
• NymVPN
• Private Internet Access (abbreviated PIA)
• Proton VPN
• Surfshark VPN
• Tor (technically not a VPN)
• Windscribe

Notes

• I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
• Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
• Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
• Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
• The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
• Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
• All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
• Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
• Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.

Takeaways

• If you don't mind the speed cost, Tor is a really good option to protect your IP address.
• If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
• If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.

I want to upload the ODS file, but I don't know of any places to upload it that don't require an account. If anyone knows, I'll update this to include it.

In a compelling, entertaining and accessible format, we present these negative awards to companies, organisations, and politicians. The BigBrotherAwards highlight privacy and data protection offenders in business and politics, or as the French paper Le Monde once put it, they are the “Oscars for data leeches”.

I can really recommend Digitalcourage and the event. I am not directly involved.

cross-posted from: https://lemmy.sdf.org/post/43756522

[...]

Federal privacy commissioner Philippe Dufresne and commissioners in Alberta, British Columbia and Quebec found TikTok failed to keep Canadian children off its platform and collected vast amounts of personal information, including information considered sensitive.

“The investigation uncovered that TikTok removes approximately 500,000 underage users from the platform each year,” said the report. “Where these children were engaging with the platform before being removed, TikTok was already collecting, inferring and using information about them to serve them targeted ads and recommend tailored content to them.”

Face, voice recognition

TikTok was caught using biometric information via facial and vocal analytics. It did not adequately explain to users that their data would be used to infer age and gender for the delivery of tailored ads and recommended content.

[...]

The investigation also found the company’s privacy policy was deficient.

“While TikTok requires users to expressly accept its terms and conditions and privacy policy during account sign-up, we found that such consent — vis-à-vis TikTok’s practices related to tracking, profiling, targeting and content personalization — was not valid or meaningful.”

[...]

In November 2024, the federal cabinet ordered TikTok to wind-up Canadian operations for national security reasons. However, the app was not banned from Canada and TikTok has applied for a judicial review in Federal Court.