Privacy

For more than a decade, the Sacramento Municipal Utility District coordinated with police to sift through the granular smart meter data of residents without suspicion to find evidence of cannabis growing.

Under the proposal, the EU would weaken data protection rules by delaying when regulations governing high-risk AI systems take effect and allowing companies to use personal data for AI training without prior consent from users in most circumstances.

How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.

Want to send E2E encrypted messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses PeerJS to establish a secure browser-to-browser connection. Using browser-only storage—true zerodata privacy!

Check out the pre-release demo here.

NOTE: This is still a work-in-progress and partially a close-source project. To view the open source version see here. It has NOT been audited or reviewed. For testing purposes only, not a replacement for your current messaging app.

• Docs: https://positive-intentions.com/docs/category/sparcle
• Reddit: https://www.reddit.com/r/positive/_intentions
• Mastodon: https://infosec.exchange/@xoron
• More: https://positive-intentions.com/

How it works:

PeerJS allows users to connect with a unique string. A crypto-random ID is generated automatically on the frontend and used for the connection.

To connect, you can share your unique ID. Strangers are not able to guess your ID. Upon the initial connection, new encryption keys are exchanged and persisted to browser storage. These are used to encrypt message payloads to be sent over the WebRTC connection as created with PeerJS.

After a page reload (or future session), the app automatically pings the "known peers". If connecting to to a peer ID that is already registered, the previsously establish encryption keys are used to authenticate the user. This helps prevent MITM.

Being sanctioned by USA nowadays means getting banned from 90% of commercial internet. This is a clear example that being careful is not paranoia but valid precaution.

Amidst the glossy marketing for VPN services, it can be tempting to believe that the moment you flick on the VPN connection you can browse the internet with full privacy. Unfortunately this is quite far from the truth, as interacting with internet services like websites leaves a significant fingerprint. In a study by [RTINGS.com] this browser fingerprinting was investigated in detail, showing just how easy it is to uniquely identify a visitor across the 83 laptops used in the study.

As summarized in the related video (also embedded below), the start of the study involved the Am I Unique? website which provides you with an overview of your browser fingerprint. With over 4.5 million fingerprints in their database as of writing, even using Edge on Windows 10 marks you as unique, which is telling.

cross-posted from: https://lemmy.zip/post/53414868

The core function of the planned EU Travel App is for the Council, the option for travellers to transmit their data to the responsible authorities before arriving at the border. This will allow border officials to verify travel documents remotely and also to compare them with police and migration databases.

Despite the promised travel facilitation, civil rights activists and data protectionists are urgently warning against the consequences of digitizing travel documents. They see it as an expansion of the biometric surveillance infrastructure at the EU level. The digital travel app initially provides for automated facial recognition for biometric identification, but it is likely to pave the way for comprehensive and automated collection and evaluation of biometric data. This would restrict freedom of travel in the long term.

Chatbot roleplay and image generator platform SecretDesires.ai left cloud storage containers of nearly two million of images and videos exposed, including photos and full names of women from social media, at their workplaces, graduating from universities, taking selfies on vacation, and more.

The Digital Omnibus needs to be defeated.

Despite heavy criticism from civil society and large parts of the EU Parliament, the EU Commission has now published its proposal for the “Digital Omnibus”. Contrary to the Commission's official press release, these changes are not “maintaining the highest level of personal data protection”, but massively lower protections for Europeans. While having basically no real benefit for average European small and medium businesses, the proposed changes are a gift to US big tech as they open up many new loopholes for their law departments to exploit. Schrems: “This is the biggest attack on European’s digital rights in years. When the Commission states that it ‘maintains the highest standards’, it clearly is incorrect. It proposes to undermine these standards.”

Due to the UK's Online Safety Act implemented earlier this year, accessing my Bluesky DM's now means I need to allow a third-party service to scan my face, ID, or bank card. Understandably, that gives me the willies. So I can either simply never look at my messages again, whip out the likeness of Norman Reedus, OR I can log on via a VPN. However, the days of this vastly preferable third option may be numbered.

US states Wisconsin and Michigan have already proposed VPN crackdown bills aiming to close off this workaround—and the UK may be looking to follow suit. Online privacy nonprofit the Electronic Frontier Foundation recently criticised this strategy, taking aim at Wisconsin's bill in particular, saying that blocking the use of VPNs is "going to be a disaster for everyone."

Poland will “never agree” to any EU legislation that would require instant messaging services such as Messenger, WhatsApp or Signal to monitor users for evidence of child abuse, the country’s digital affairs minister said.

Society
Poland opposes mandatory EU ‘chat monitoring’ law to combat child abuse
fot. TVP
Maria Kamińska
Edited by: Piotr Kononczuk
17.11.2025, 17:03
Photo: Envato/Kira_Yan, PAP/Radek Pietruszka
Digital Affairs Minister Krzysztof Gawkowski said Poland would “never agree" to any mandatory scanning of private communications. Photo: Envato/Kira_Yan, PAP/Radek Pietruszka
Poland will “never agree” to any EU legislation that would require instant messaging services such as Messenger, WhatsApp or Signal to monitor users for evidence of child abuse, the country’s digital affairs minister said.

Politics
Under a revised version of the EU Child Sexual Abuse Material (CSAM) regulation – approved for further work by an EU Council working group last week – instant messaging providers could voluntarily agree to scan users’ communications for child sexual abuse content.

This marks a watering down of an initial proposal – first presented in 2022 – which would have made message scanning mandatory for all platforms, including those offering end-to-end encryption designed to prevent unauthorized access to private communications.

The legislation has raised concerns over potential violations of privacy rights and has been repeatedly revised, so far failing to secure majority support among EU member states.

Commenting on the revised proposal, Poland’s Digital Affairs Minister Krzysztof Gawkowski, told state news agency PAP on Monday that his country would “never agree to any mandatory scanning", citing concerns over the privacy of communications.

“We are treating the search for a compromise on child protection as a priority and with great consideration,” he said.

“We want legislation that enables us to effectively combat paedophilia while at the same time ensuring the security of all citizens,” he added.

Gawkowski said the latest proposal – put forward by Denmark, which took over the rotating EU Council presidency from Poland in July – aligns with the approach Warsaw advocated during its own presidency of the Council in the first half of 2025.

He also said his team will “monitor the issue” as talks progress, adding that the Polish government’s position would depend on the final draft regulation.

Continue reading - https://tvpworld.com/90062380/poland-against-compulsory-eu-messaging-scans-to-fight-child-abuse

https://archive.is/2025.11.12-204929/https://www.ft.com/content/7d3d3e88-206a-49db-aaa3-085f1c28f8d6

Lloyds Banking Group analysed data from the personal bank accounts of more than 30,000 employees to assess their financial resilience as part of pay negotiations.

The bank’s customer insights team compared the spending habits, saving rates and salary increases of its lowest-paid employees to those of customers and presented them in salary talks with UK trade unions, two people familiar with the matter said.

Material viewed by 404 Media shows data giant Thomson Reuters enriches license plate data with marriage, voter, and ownership records. The tool can predict where a car may be in the future.

This won't be a post for people that already have dedicated server hardware, unless they find something theyd like to run off an android phone specifically.

But anyways, more people than ever have and old spare, but relatively powerful, android phone laying about. I'm talking 2-4+ gb of ram and 32gb+ of storage. Usually these devices end up in a drawer, but in an age of dystopian tracking and company overreach, such a device can be an extremely useful and low power draw tool that can improve your security and experience on the web. And it also has its own battery to boot lol.

If you're wanting to do something like this you should definitely consider finding a custom android rom with more care for security and you will need to root your device. But with a rooted device you then get access to a range of tools. You will want to install magisk through the bootloader as well as termux and termux boot from within fdroid (its important you get the two of them from the same source).

USES/SERVICES With all of these theres now a few options that I can confirm all work on android armv8 devices.

0: To set up most of these services to boot on launch you can either use magisk boot scripts in /data/adb/service.d/ iirc, or you can use termuxboot scripts placed in /data/data/com.termux/files/home/.termux/boot/

1: You can run an instance of Adguard Home on your network that will have enough resources to handle quite heavy lists. You will need to import ssl certificates to properly get it working but otherwise the armv8 binary works well. Adguard home can then be set as your network's dns address. Adguard home has lists for threat protection, to malware, to ads etc.

2: Adguard is good for security but you can experience even less tracking and control by pairing it with an instance of Unbound dnsrunning on the same device. Depending on storage you can store larger dns caches which will stop dns providers from tracking every dns lookup you do.

3: This one is more optional dependent on the person but i use and love it. Searxng is a privacy focused metasearch engine that can aggregate a bunch of data from tons of sources, depending on which sources you enable. It can be used to replace your current search engine such as duckduckgo and can gather anything from torrents and apks, to music, videos and pictures, and my favourite which is its equivalent to google scholar. All in one search engine. Its recommended to disabled certain sources for speed and I would recommend disabling brave search as a source for example because they're scummy. For Searxng it will be required to create a virtual environment with the correct python dependencies and I've had to run it through termux rather than the other two which can run even through an adb shell.

4: Memos is a nice note taking webapp and its my personal choice to use but other similar calender or note apps are a good option if you wanna self host something like that. Can be ran through an adb shell or magisk boot script.

5: Others things you wanna try!!! An android phone is just a Linux computer and if theres services you've wanted a pi to run or a server in general then theres a pretty good chance you can get it running on your power efficient android phone thats just already laying around!! Heres some more ideas ive planned to try but not gotten to yet/haven't finished: -Samba drive to sync and back up your boot drive -Aur build server to pre compile different large packages to be installed to my pc without building them on the computer itself -openvpn proxy to run downloads through a protonvpn account for download managers that dont support password authentication (a surprising amount of them tbh) -Invidious instance, a youtube frontend that doesn't count as actual page views. This allows you to boycott YouTube in regards to data they can show advertisers, while still allowing you to privately subscribe and watch creators you like. It also keeps you from being tracked by your YouTube account while giving you access to better/more consistent resolution tools as well as automatically removed ads. Youtube sponsorblock extensions can also be set up to work with invidious so you don't lose much at all switching.