Privacy

Hollowing out some of the world’s strongest digital safeguards will harm us all. But there is still time to change course

Timo Zimmermann talking about software engineering, leading teams, consulting and start ups.

Who needs a DDoS (Denial of Service) attack when you have a new president? As of February 2nd, thousands of web pages and datasets have been removed from U.S. government agencies following a series of executive orders. The impacts span the Department of Veteran Affairs and the Center of Disease...

We have no idea what content is most viral on YouTube, Meta, TikTok, LinkedIn, or X – because they refuse to share basic data.

On the DSA’s Birthday (Oct 4th) we've led a “mass data access request” along with @mozilla and DSA40 Data Access Collaboratory, where a series of ~20 orgs requested daily data on their top 1,000 most-viewed posts in EU Member States. Every single one refused.

Join us in demanding platform transparency.

Posted on mastodon: https://chaos.social/@algorithmwatch/115620980818833875

https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/

By "shared" servers I mean hosters like https://tchncs.de/en/ who offer a bunch of services (they do a great job at it by the way) including Matrix and Lemmy.

I'm thinking of moving my close family to a Matrix chat over there, but I guess long term they might have to implement the ChatControl scanning.

This whole thing is just stupid.

Hey,

I'm currently using Tracker Control (https://trackercontrol.org/) on Android and I really like it. It allows me to see what app are trying to call which trackers. If I have an issue with any app I can check its logs and unblock some trackers to fix it temporarily. The problem is that it's working as a VPN so I can't use any VPN with it. I see some VPN services offer features like "tracker blocking" but none I checked had features like TC. Anyone knows of a VPN that also has nice tracker monitoring/blocking feature?

The CLI is now in beta version and available for Visionary supporters, with a broader availability across paid plans coming soon.

Our latest blog post is aimed at people who 'get it' about online privacy, but who struggle to convince friends and family to take it seriously. We hope it helps!

https://grapheneos.org/donate

I started The New Oil in 2018. TNO began simply as a way to share what I was learning about privacy and security with my friends and fami...

Keep a close eye on who’s joining your group chats.

SAN FRANCISCO – The Electronic Frontier Foundation (EFF) sued the departments of Justice (DOJ) and Homeland Security (DHS) today to uncover information about the federal government demanding that tech companies remove apps that document immigration enforcement activities in communities throughout...

[TRANSLATED ARTICLE]

EU chat control comes – through the back door of voluntariness

The EU states have agreed on a common position on chat control. Data protection advocates warn against massive surveillance. What is in store for us?

After lengthy negotiations, the EU states have agreed on a common position on so-called chat control. Like from one Minutes of negotiations of the Council working group As can be seen, Internet services will in future be allowed to voluntarily search their users' communications for information about crimes, but will not be obliged to do so.

The Danish Council Presidency wants to get the draft law through the Council "as quickly as possible", "so that the trilogue negotiations can begin promptly", the minutes say. Feedback from states should be limited to "absolute red lines".

Consensus achieved

The majority of States supported the compromise proposal. At least 15 spoke in favor, including Germany and France. Germany "welcomed both the deletion of the mandatory measures and the permanent anchoring of voluntary measures", said the protocol.

However, other countries were disappointed. Spain in particular "continued to see mandatory measures as necessary, unfortunately a comprehensive agreement on this was not possible". Hungary also "seen voluntariness as the sole concept as too little".

Spain, Hungary and Bulgaria proposed "an obligation for providers to detect, at least in open areas". The Danish Presidency "described the proposal as ambitious, but did not take it up to avoid further discussion.

The organization Netzpolitik.org, which has been reporting critically on chat control for years, sees the plans as a fundamental threat to democracy. "From the beginning, a lobby network intertwined with the security apparatus pushed chat control", writes the organization. “It was never really about the children, otherwise it would get to the root of abuse and violence instead of monitoring people without any initial suspicion.”

Netzpolitik.org argues that "encrypted communication is a thorn in the side of the security apparatus". Authorities have been trying to combat private and encrypted communication in various ways for years.

A number of scholars criticize the compromise proposal, calling voluntary chat control inappropriate. "Their benefits have not been proven, while the potential for harm and abuse is enormous", one said open letter.

According to critics, the planned technology, so-called client-side scanning, would create a backdoor on all users' devices. Netzpolitik.org warns that this represents a "frontal attack on end-to-end encryption, which is vital in the digital world".

The problem with such backdoors is that "not only the supposedly 'good guys' can use them, but also resourceful criminals or unwell-disposed other states", argues the organization.

Signal considers withdrawing from the EU

Journalists' associations are also alarmed by the plans. The DJV rejects chat control as a form of mass surveillance without cause and sees source protection threatened, for which encrypted communication is essential. The infrastructure created in this way can be used for political control "in just a few simple steps", said the DJV in a statement Opinion.

The Messenger service Signal Already announced that it would withdraw from the EU if necessary. Signal President Meredith Whittaker told the dpa: “Unfortunately, if we were given the choice of either undermining the integrity of our encryption or leaving Europe, we would make the decision to leave the market.”

Next steps in the legislative process

The Permanent Representatives of the EU states are due to meet next week on the subject, followed in December by the Ministers of Justice and Home Affairs, these two bodies are due to approve the bill as the Council's official position.

The trilogue then begins, in which the Commission, Parliament and Council must reach a compromise from their three draft laws. Parliament had described the original plans as mass surveillance and called for only unencrypted suspect content to be scanned.

The EU Commission had originally proposed requiring Internet services to search their users' content for information about crimes without cause and to send it to authorities if suspected.

After Germany blocked the October vote, Europe’s surveillance proposal didn’t die—it evolved. Denmark’s November compromise claims to abandon mandatory scanning while preserving identical outcomes through legal sleight of hand. The repackaging reveals the essential dynamic: when democratic opposition defeats mass surveillance, proponents don’t accept defeat. They redraft terminology, shift articles, and reintroduce the same architecture under different labels until resistance exhausts itself.

The pattern is documented across five iterations. Sweden’s January-June 2023 presidency failed. Belgium couldn’t secure passage in June 2024. Hungary’s presidency ended December 31, 2024 without achieving agreement. Poland’s presidency collapsed in January-June 2025 when 16 pro-scanning states refused meaningful compromise. Each defeat produced not withdrawal but repackaging: “chat control” became “child sexual abuse regulation,” “scanning” became “detection orders,” “mandatory” became “risk mitigation,” and “breaking encryption” became “lawful access.” October’s blocking minority forced Denmark’s hand, but rather than accepting defeat, Justice Minister Peter Hummelgaard withdrew the proposal on October 31 and immediately began drafting version 2.0.

The Loophole Disguised as Compromise

Denmark’s November 5 revised text removes Articles 7-11’s “detection orders”—the language mandating scanning. Privacy advocates initially celebrated. Then legal experts read Article 4. The provision requires all communication providers implement “all appropriate risk mitigation measures” to prevent abuse on their platforms. Services classified as “high risk”—essentially any platform offering encryption, anonymity, or real-time communications—face obligations that experts argue constitute mandatory scanning without using the word “mandatory.”

When the Trump administration gave Immigration and Customs Enforcement access to a massive database of information about Medicaid recipients in June 2025, privacy and medical justice advocates sounded the alarm. They warned that the move could trigger all kinds of public health and human rights harms.

But most people likely shrugged and moved on with their day. Why is that? It’s not that people don’t care. According to a 2023 Pew Research Center survey, 81% of American adults said they were concerned about how companies use their data, and 71% said they were concerned about how the government uses their data.

At the same time, though, 61% expressed skepticism that anything they do makes much difference. This is because people have come to expect that their data will be captured, shared and misused by state and corporate entities alike. For example, many people are now accustomed to instinctively hitting “accept” on terms of service agreements, privacy policies and cookie banners regardless of what the policies actually say.

I wanted to share an interesting statistic with you. Approximately 1 out of every 25 people with a Google Pixel phone is running GrapheneOS right now. While it's difficult to get an exact number, we can make educated guesses to get an approximate number.

How many GrapheneOS users are there? According to an estimate released by GrapheneOS today, the number of GrapheneOS devices is approaching 400,000. This estimate is based on the number of devices that downloaded recent GrapheneOS updates. Some users may have multiple devices, such as organizations, and some users may download and flash updates externally, but it's the best estimate we have.

How many Google Pixel users are there? Despite Google's extensive data collection, this one is surprisingly harder to estimate, since Google hasn't released an exact number. There's a number floating around that Google has 4-5% of the smartphone market, which is between 10 million and 13.2 million users in the United States. I can't find the source of where this information came from. That number is problematic, too, because Japan supposedly uses more Google Pixel phones than the United States. The Pixel 9 series was also a big jump in market share for Google. I couldn't find any numbers smaller than 10 million, and it made the math nice, so that is what I went with.

Putting the numbers together, it means that 4% of Google Pixel users are running GrapheneOS. That means in a room of 25 Google Pixel users, 1 of them will be a GrapheneOS user. If you include all custom Android operating systems, that number would certainly be much, much higher.

To put it into perspective, each pixel in this image represents ~5 Google Pixel users. Each white pixel represents that those ~5 people use GrapheneOS:

Even with generous estimates to Google's market share, GrapheneOS still makes up a large portion of their users.

OC by @Charger8232@lemmy.ml