This is a guide I wrote for Immich's documentation. It features some Immich specific parts, but should be quite easy to adapt to other use cases.

It is also possible (and not technically hard) to self-host a protomaps release, but this would require 100GB+ of disk space (which I can't spare right now). The main advantages of this guide over hosting a full tile server are :

• it's a single nginx config file to deploy
• it saves you some storage space since you're only hosting tiles you've previously viewed. You can also tweak the maximum cache size to your needs
• it is easy to configure a trade-off between map freshness and privacy by tweaking the cache expiration delay

If you try to follow it, please send me some feedback on the content and the wording, so I can improve it

Chat control is back on the agenda again and the works is kept in secret.

Link to document

Take Action!

Edit: More information about the meeting

AOSP with MicroG vs Nextdns with good lists

How better is AOSP or Graphene OS with MicroG or Sandboxed google services compared to just using NextDNS with some good filters.
I mean microg or graphene os will still connect to internet for google stuff I use. Also I can block internet access for a domain using NextDNS which is quite similiar to cutting network access in graphene OS. So how come stock android with NextDNS is less private than MicroG/GrapheneOS.
@privacy

For Android users seeking a privacy-focused browser, Privacy Guides recommends Mull:

Mull is a privacy oriented and deblobbed Android browser based on Firefox. Compared to Firefox, it offers much greater fingerprinting protection out of the box, and disables JavaScript Just-in-Time (JIT) compilation for enhanced security. It also removes all proprietary elements from Firefox, such as replacing Google Play Services references.

Mull enables many features upstreamed by the Tor uplift project using preferences from Arkenfox. Proprietary blobs are removed from Mozilla's code using the scripts developed for Fennec F-Droid.

During the past few years I was avoiding the increasing number of products or services that required biometric verification, specially face recognition (FR). But the things are getting harder are harder in my country:

• The largest e-commerce platform in latin america and the most used in my country requires FR to use it. It was possible to use cash if you buy from its website but since a couple of weeks it's requesting me to identify using it's app.
• The telecoms demands FR from now on if you want a new SIM card in case you lost your phone or it's been stolen.
• The bank is now pressing me to use their app with FR as a 2fa when using homebanking from its website, something that wasn't necessary up to some weeks ago.
• The government is in the same direction as it's moving to digitalizing many burocratic procedures and also requires FR.

and the list is increasing quickly.

I've never used any private social networks and I've degoogled many years ago, the only non free software that I use is Whatsapp because in some countries in latin america is almost imposible not to use it, you need it even to call to the car towing service.

Anybody that is well informed knows the dangers of allowing such an amount of private information now tied to our face be available for hackers now equiped with AI, but frankly it seems a lost cause to fight against something that 99.9% of people dont worry about and give consent to do so to corporations (that sell all your data to whoever wants it) and governments (who use it as a tool of control).

I don't know, may be I'm also worring to much and it's not that serious, after all if tens of millions of people do the same the chances of being targeted by hackers is not different of being robbed in the street (at least in latin america) and with the obiquitous surveillance cameras plus the almost unavoidable need of a phone, the government probably know exactly where you are and how you look, so the information may be already available. Perhaps it's time to give up and adapt to the world we now live in.

cross-posted from: https://lemmy.world/post/19163486

cross-posted from: https://slrpnk.net/post/12778902

Pavel Durov's arrest suggests that the law enforcement dragnet is being widened from private financial transactions to private speech.

The arrest of the Telegram CEO Pavel Durov in France this week is extremely significant. It confirms that we are deep into the second crypto war, where governments are systematically seeking to prosecute developers of digital encryption tools because encryption frustrates state surveillance and control. While the first crypto war in the 1990s was led by the United States, this one is led jointly by the European Union — now its own regulatory superpower.

Durov, a former Russian, now French citizen, was arrested in Paris on Saturday, and has now been indicted. You can read the French accusations here. They include complicity in drug possession and sale, fraud, child pornography and money laundering. These are extremely serious crimes — but note that the charge is complicity, not participation. The meaning of that word “complicity” seems to be revealed by the last three charges: Telegram has been providing users a “cryptology tool” unauthorised by French regulators.

All the recent dark net arrests seem to be pretty vague on how the big bad was caught (except the IM admin's silly opsec errors) In the article they say he clicked on a honeypot link, but how was his ip or any other identifier identified, why didnt tor protect him.

Obviously this guy in question was a pedophile and an active danger, but recently in my country a state passed a law that can get you arrested if you post anything the government doesnt like, so these tools are important and need to be bulletproof.

Basically the subject is in title. I recently discovered lemmy.world doesn't allow commenting/posting from VPNs. Some VPNs are working, but it seems to be a matter of time until they appear on publicly sourced lists and banned.

(See bottom for tl;dr.)

I'm the kind of person who loses their keys easily, so I love the idea of trackers: little devices that you can attach to your wallet, phone, or keyring that connect via bluetooth to an app on your phone to help you find it.

Problem is pretty much all the options I can find are run by companies with shitty privacy policies: Tile, Apple AirTag, Chipolo, and so forth.

• Tile collects shitloads of data and is partnered with Amazon to boot;
• Apple Airtags AFAIK only work with Apple devices, and besides it's Apple so no thank you; and
• Chipolo also collects shitloads of data and shares information with data brokers and data collection companies of all stripes. No thank you.

In any case, I really don't need a location network larger than maybe 200 meters (about 650 feet). If I lose my keys, odds are it's either in my car or in my house, and my house is like 100 square meters (about 1000 square feet). So Bluetooth is really all I need. I don't even need to see it on a map; I just need for it to ding or something.

I'm currently using Tile but I really want to get away from it. Worst case scenario, I'll stop using the Tile, but I really am a forgetful little shit. Lol.

tl;dr – Looking for recommendations for ideally short-range Bluetooth trackers for keys with decent privacy. Max required range = 200 m (650 ft). Also, pie tastes great. Cheers.

Not sure is this is the best place to post this question, but wondering what is the best way to encrypt a usb drive?

Want to be able to carry an encrypted flash drive with me but also be able to unlock it, if possible, on various OSes. Preferably with some kind of portable software. Something similar to the method that comes with the Kingston Data Traveler USB drives.

Edit: Seems like Veracrypt and Cryptomator are the best options to check out. Thank everyone!

The head of Telegram, Pavel Durov, has been charged by the French judiciary for allegedly allowing criminal activity on the messaging app but avoided jail with a €5m bail.

The Russian-born multi-billionaire, who has French citizenship, was granted release on condition that he report to a police station twice a week and remain in France, Paris prosecutor Laure Beccuau said in a statement.

The charges against Durov include complicity in the spread of sexual images of children and a litany of other alleged violations on the messaging app.

His surprise arrest has put a spotlight on the criminal liability of Telegram, the popular app with around 1 billion users, and has sparked debate over free speech and government censorship.

I tried SimpleX but the VPN kill switch on my phone prevents syncing with my computer.

I use telegram primarily as a note taking app with sync features.

Occasionally I send files to friends, so having easy set up for tech illiterate would be great.

It's based on Signal protocol and it's also open source. However, unlike Signal it doesn't harvest phone numbers.

https://github.com/wireapp

https://ghostarchive.org/archive/0QgXq

I thought this group may enjoy this read about a suggestion on an option to take in the Google antitrust lawsuit. Of particular interest is that certain groups feel that the "right" approach is that everyone should be able to surveil the population, Google-style and the choice quote:

The judge repeats some of the most cherished and absurd canards of the marketing industry, like the idea that people actually like advertisements, provided that they're relevant, so spying on people is actually doing them a favor by making it easier to target the right ads to them.

The original article is in Russian, so here is the translation from Firefox's built-in translator:

In Kazakhstan, users will be required to provide biometric data, such as images of individuals to connect to cellular services and access to the Internet. This data must be provided by every subscriber who wishes to conclude a contract for the provision of cellular services. The changes governing the provision of communication services are posted on the "Open NPA" portal.

How it will work

• Connecting to services: to conclude a contract with the operator, users will have to provide their biometric data (for example, a photo of the person).
• Termination of the contract: If you decide to stop using the services, you will need to send the operator a statement with biometric data. The termination of the services will occur from the date specified in the application, but not before its submission.
• Transfer number: when transferring the number to the new operator will also need to provide biometric data. The services of the old operator will stop when the new operator begins to provide its own.

Access to the Internet in public areas

To access the Internet through public points (for example, at a cafe or airport), users will enter disposable passwords that they will receive by SMS or call. It will also be possible to log in to the network using identity documents scanned by the operator's application.

The amendments to the order "On approval of the rules for the provision of communication services" as additional authorization methods are indicated:

• communication with the eGov;
• the biometrics;
• confirmation through the bank card number;
• scanning the document through the operator's application;
• accounts of social networks;
• e-mail with its confirmation.

These measures are aimed at enhancing security and simplifying the user identification process. However, it should be borne in mind that with the expansion of the collection of biometric data, the need to protect personal information is also increasing.

Why do you need it?

The explanatory note to the changes indicates that confirmation of the identity by biometrics is necessary to combat fraudsters. The project was agreed by the Ministry of National Economy, the National Economy, the National Security Service and the Ministry of Internal Affairs of the Republic of Kazakhstan. The public discussion will last until 10 September 2024.

They're making changes to where if you have your transactions set to private it will only say "PWP*Privacy.com" on your bank statements. Say goodbye to "NSA Giftshop". Sad day

"404 Media previously reported Cox Media Group (CMG) was advertising a service that claimed to target ads based on what potential customers said near device microphones. Now, here is the pitch deck CMG sent to prospective companies. Google has kicked CMG off its Partner Program in response..."

Just stumbled upon this project, seems rather new as my DNS blocked its domain by default for being too new hehe.. Anyone had a chance to try it yet? Its got some hefty promises, like having equally strong privacy features as Librewolf. I'll be giving it ago at least, almost sounds a bit too good to be true...