I'm wondering what would be necessary to build GrapheneOS releases yourself, and regularly update your phone from your own servers, with your builds. The server for apps.grapheneos.org should also be replaced. Has anyone done this?

The documentation for GrapheneOS has a section about how to reproduce builds:

https://grapheneos.org/build#reproducible-builds

But it would be more involved than that.

cross-posted from: https://lemmy.today/post/49179218

Using graphene is and cash app doesn't like "emulating" their app so is there an alternative? Id need something private that works on graphene, I don't have an actual credit card and need an alternative so that I can still get paid and buy stuff but looking into open source alternatives seems like going through an ocean where I'm not even sure what's good or what would even work on graphene. Any suggestions?

I actually have two questions, first, should I switch to GOS even though they don't really recommend it on their website and might be left behind soon?

Second, should I install the new March android update? I don't use any of these features that are listed, and some dont even work for pixels older than 8. My worry is that the phone will just get slower and drain battery faster. But on the other hand I probably need to update this to receive other security updates later this year before the 5y period of support runs out.

Also I'm not looking to replace my phone. This is still an amazing and fast device with camera better than 90% of phones out now.

Thanks for the advice!

cross-posted from: https://lemmy.dbzer0.com/post/65229031

This vote fails to reject the whole regulation but approves text amendments and now the whole process goes back to the LIBE Committee (Committee on Civil Liberties, Justice and Home Affairs)

Amendment 5, tabled by Pirate Party MEP Markéta Gregorová (Greens/EFA group) and adopted by a narrow margin, demands that any scanning of private communications must be strictly limited to individual users or groups of users suspected by a competent judicial authority of being linked to child sexual abuse. This aligns with the European Parliament’s 2023 mandate on the permanent Chat Control regulation (CSAR).

• Vote details
• Amendments

Other sources:

• MEPs Vote to End Untargeted Mass Scanning of Private Chats
• Chat Control Timeline

Originally Umbrachat was a web app named Peersuite ( that I also developed) that was distributed as a docker image, web site, or electron app. Umbrachat has chat with channels, file sharing, threaded replies, and image preview in chat. Also, audio/video conferencing and screenshare.

I pulled out the non-social business type features ( document editing, whiteboard, and kanban ) and simplified the CSS and the code. I got everything down to under 200k in size and packaged it as a browser extension, which IMO is a way simpler method to use it.

All datastreams ( chat, audio, video) are encrypted end to end. After the initial connection to the server you are connected directly to your friends in a mesh network with superpeer capability.

github: https://github.com/openconstruct/umbrachat peersuite github: https://github.com/openconstruct/Peersuite

Firefox: https://addons.mozilla.org/en-US/firefox/addon/umbrachat/

Chrome: https://chromewebstore.google.com/detail/umbrachat/jdgneoijldkiffdnhkibcdnajchecaip?hl=en-US

Happy to answer any questions!

For those who use GrapheneOS, is it worth it? Do you like it?

My backups are done, all that is left is the final choice to wipe my whole phone.

cross-posted from : https://lemmy.zip/post/60567571

https://grapheneos.social/@GrapheneOS/116200110686604617

Firefox is trying to gain back user trust with this video: https://www.youtube.com/watch?app=desktop&v=O-xyNkvIB9g

This is a legit question: Should anybody trust Firefox again unless they put "we won't sell your data" back into the privacy policy? I'm actually not sure if they haven't already done so, let me elaborate:

https://brave.com/privacy/browser/ Brave: "We do not sell, trade, or transfer your information to any third parties." This seems to obviously be in the legally binding text part. As is this one: "It’s Brave’s policy to not collect personal data1 unless it’s necessary to provide services to our users, or to meet certain legal obligations. We do not buy or sell personal data about consumers." (Disclaimer: I'm not a lawyer.)

However, for Firefox it seems ambiguous to me, which worries me: https://www.mozilla.org/en-US/privacy/firefox/#notice There is no appearance of "sell" in the entire privacy document, excpet for the top summary where i'm not sure if it's at all legally non-binding.

Does anybody know if it is legally binding? If Mozilla were serious about it, why would they leave it ambiguous whether it is...?

Based on that, I'm not sure if Mozilla's video about getting users back is worth trusting. I wonder if it's just me.

Update for clarification: I'm not using Brave myself, and this isn't a suggestion anybody should blindly do so.

Been looking a few different places but not finding a full copy of all the episodes. Figured id ask here consdering there are a few likeminded folks here.

Thanks in advance

...by physically removing a port (who would do that) or using the software?

I was browsing Gemini (the protocol, not the AI) when I came across this gemlog:

• Gemini version
• HTTP version

I usually disable JavaScript, but this post advises against it. I am also worried by the fact that most users of Fingerprint.com, Am I Unique?, and Cover Your Tracks will likely be using private browsers, so the real-world results would be quite different.

What do you think?

I have been using it for more than a week and now am worried about the consequences that I am not sure are true or not!

I am worried that by allowing random users to surf using my network to prevent surveillance, someone will use my address to do malicious things, and I will get into legal consequences. Also, what if many services blacklist my IP address so eventually I get a lot of restrictions in my browing experience.

Furthermore, will this extension increase my fingerprint?

Are these thoughts valid, or am I just overthinking? If anyone knows, please comment.

cross-posted from: https://lemmy.world/post/44029008

From the official Dutch Intelligence and Security Service

---

information.

“Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” states Director of the MIVD, vice-admiral Peter Reesink.

Individual accounts

An interesting aspect of this Russian campaign is that it does not exploit any technical vulnerabilities of the messaging services. The attackers instead make malicious use of legitimate security features of the apps. Director-General of the AIVD Simone Smit states, “It is not the case that Signal or WhatsApp as a whole have been compromised. Individual user accounts are being targeted.”

To increase resilience against this Russian campaign, MIVD and AIVD have published a Cyber Advisory explaining how to identify and respond to attacks. The advisory also give instructions for Signal users on how to identify potentially compromised contacts.

All Signal users can personally check whether there are any potentially compromised contacts in their group chats. If you see any people who appear twice in the list of members (under the same or a slightly different name), this may be evidence of either a compromised account or a new account created by a victim.If you suspect this to be the case, report this to the information security department of your organisation. Together you can try to verify (preferably using a channel other than Signal or WhatsApp, such as an email or a telephone call) whether it is correct that the account in question appears twice in the chat group contact list. Should this not be the case, ask the group administrator to remove both accounts from the group chat, after which the legitimate account holder can request to rejoin the group. Please remain vigilant for group members who are not recognised by the rest of the group. The actor may occasionally change the display name of a compromised account to remain unnoticed in chat groups, for example to names such as 'Deleted account'. If a member’s display name changes, the group will receive a notification. When the change is the legitimate transition to 'Deleted account', no notification is sent. Actor-controlled accounts can also gain entry to the group via an obtained Group Link, of which the group always receives a notification. In all such unauthorised scenarios, ask the group administrator to remove the offending accounts from the chat.If there is any indication that the group administrator themselves may have been compromised, it is advisable to exit the group and create a new one. |

https://mastodon.de/@adbenitez/116196758509784557

https://projects.propublica.org/nonprofits/organizations/824506840

cross-posted from : https://lemmy.zip/post/60423023

EU rules regarding anti-money laundering, counter-terrorist financing and sanctions law (AML/CFT) have increasingly shifted responsibilities to detect crime from public entities to companies . AML/CFT law requires “obliged entities”, like banks, to collect large amounts of financial and other personal data about their customers.

The way banks implement these rules in the EU has led to a systemic negative impact on human rights, often because of over-compliance, risk-aversion and weak accountability. This has been the case in the Netherlands where, among large number of human rights breaches by banks, Dutch ING Bank has even publicly apologised for discriminating against its customers based on profiling.

I use a VPN and/or Tor to do the majority of my websurfing/streaming/torrenting. Some programs (notably web browsers) can read your local system time to access your timezone. And, I happen to live in... let's just say a very "narrow" timezone, my country of origin can be trivially pinpointed if you take a look at the UTC offset.

I know Firefox has a setting to spoof my timezone to UTC, but chromium browsers do not have that option (at least no option i could find after a fairly extensive search), and I don't even know whether any of the other programs I've installed are reading my timezone, such as, for example, my matrix client.

So, the solution I came up with: Do a timedatectl set-timezone UTC on the device. I can separately make my desktop clock do a little timezone conversion so no worries about time disorientation. This fixes the issue with most apps not allowing timezone spoofing too.

Honestly, now that I've typed all that^^ out, this is beginning to sound like an unnecessary schizo post that goes WAY beyond my threat model XD. Still, I'd love to hear anyone else's thoughts on it. Ideas to improve upon it are appreciated too.

cross-posted from: https://lemmy.zip/post/60387352

cross-posted from : https://lemmy.zip/post/60387297

Proton Mail provided Swiss authorities with payment data for defendtheatlantaforest@protonmail.com — the account linked to Stop Cop City protests in Atlanta. The FBI obtained this information through a Mutual Legal Assistance Treaty request on January 25, 2024, identifying the activist behind the anonymous account through their credit card identifier.

go to the site, use the tool. where ever you are. Keep voicing your stance on this issue.

This isn't about protecting kids nor will it protect kids from anything. Kids will just go to darker corners of the internet where nothing is moderated

forcing everyone to dox themselves won't make anything safer. All that data in hackable databases would be ripe for the picking by any hacker or groups of hackers to sell to databrokers, who then sell it to scammers

Parental controls are very easy to set up in the modern day every commonly used OS has them built in. If you're a parent, it's YOUR responsibility to make sure your kids don't see things they're not supposed to see...don't let the government control that shit

There's also https://www.defendvpns.com/ to go to as well, sign both petitions.

the EFF has some petitions too https://www.eff.org/

I've already signed them I've already emailed all my people. Now you need to do that. For anyone who still has twitter, tweet to them with these hashtags

#crushthescreenact #crushthekosabill #stopIDagechecksUSA #saynotoappstoreaccountabilty #dontrepealsection230 #SayNotoKOSMA #NoToKIDSAct

What the title says. I'm trying to discern if using a number acquired and served through JMP for phone and text, versus a mobile carrier, provides a better data security and privacy experience.

On the one hand I wouldn't be subject to the almost yearly data breaches that a number of the carriers experience, nor their potential snooping. However on the other, I'm not sure if using JMP and Cheogram actually provides any increase in privacy or security on that front?

Japan protects children online very differently to the UK. (Shout out to red rose for the heads up - it was interesting.) While the UK Online Safety Act is driving biometric age verification and platform-based ID checks, Japan has taken another route: mobile carrier filtering enabled by default for under-18s, combined with parental control and digital literacy.

There is no nationwide social media ban in Japan. Instead, age controls typically sit at the telecom/SIM registration layer rather than at individual platforms.

In this video I explain: • Japan’s 2008 Youth Internet Environment framework
• How mobile carriers determine age at SIM registration
• Why filtering is enabled by default for minors
• The parental opt-out (waiver) mechanism
• The privacy trade-offs compared to UK-style age verification
This isn’t “no regulation” — it’s a different regulatory architecture.

Sources:

Nippon.com – Overview of Japan’s youth internet law and filtering model
www.nippon.com/en/in-depth/d01099/

Children and Families Agency (Japan) – Sixth Basic Plan outline (youth internet measures)
www.cfa.go.jp/assets/contents/node/basic_page/fiel…

NTT Docomo – “Request for Not Using Filtering Services” (waiver form example)
www.docomo.ne.jp/english/binary/pdf/support/proced…

The Japan Times – Commentary on social media regulation debate
www.japantimes.co.jp/commentary/2024/11/28/japan/s…

The Japan Times – Reporting on youth victims and social media concerns
www.japantimes.co.jp/news/2026/02/27/japan/crime-l…

If you’re following UK Online Safety Act developments, this comparison shows that “protecting children online” does not automatically require biometric ID checks across platforms — but every model comes with trade-offs.

Let me know in the comments: would you prefer telecom-level filtering, or platform-based age verificatio