Questions to ask when evaluating an online service
1. Are they open source to an extent that you're comfortable with? Do they ask you to run proprietary software on your devices? Is the code running on their servers open?
2. If they claim to be open source, do they use an OSI-approved or FSF-approved software license? If not, they're misleading you.
3. Is your personal data handled by such proprietary software? Do you ever transmit your personal data to their servers? Even if open source, they would be able to read and use this data however they wish and you wouldn't be able to tell - do you trust them to? What if they're compelled by law enforcement?
4. Do the needs justify the personal data they are collecting about you? If not, why are they collecting it?
5. If they claim to use encryption for the data which is transmitted to their server - question whether or not it's really private. Do they ever handle the unencrypted data? For example, if an email service claims to encrypt incoming emails, they have an opportunity to read the unencrypted email before they store it. Do they disclose these "gotcha"s, or do they make clear the limitations of their encryption? Is any encrypted information decrypted by software they control, like their web application, or a desktop application which is automatically updated without your consent? If so, they could decrypt it on your computer and transmit the decrypted data back to their servers.
6. Are they responsible for any scarce resources, like an email address, phone number, and so on, which you wouldn't be able to take with you if you leave? Are there ways to provide the same functionality without scarcity, such as the use of your own domain? If so, why aren't they offering them? How important are these resources to your identity, will your friends be able to find you if you choose to stop using the service?
7. How do they make money? What is their motivation for providing services to you? If their circumstances change, will their values change? How likely is change?
Power is always gotten through inducing mass fear, whether by terrorism, pandemics or a rouge cop. Governments are abusing the crises to push a power grab & corporations are abusing the crises to consolidate more wealth. We are all loosing to centralisation of power & wealth. We are all being f*cked by governments & corporations. Yet somehow while the governments & corporations maintain unity, we turn against each other in bipartisanship. Governments & corporations are the real enemy.
End to end encryption in proprietary software (like WhatsApp) makes little to no sense. If it's not 100% FOSS, you cannot inspect the code, you cannot know if there's a backdoor in the encryption, you have to rely on trusting the company / developer. Doesn't matter if it's "mostly" open source (like Chrome/Telegram), all it takes is one line of code to exploit you. Security should never rely on trust.
How I feel every time a #Windows vulnerability is published...
#Spotify has 8 different trackers https://reports.exodus-privacy.eu.org/en/reports/com.spotify.music/latest/
#Tidal has 9 different trackers https://reports.exodus-privacy.eu.org/en/reports/com.aspiro.tidal/latest/
Not to mention unnecessary permissions.
Playing your own .mp3 files has 0 trackers.
The dystopian present day
China - social control, concentration camps and invasive universal surveillance
USA - all personal data belongs to a few conglomerates and there's massive social inequality
Russia - clandestine ops, government backdoors in everything, tons of propaganda and sinister plots
UK - Orwellian state, mass surveillance is 2nd only to China
Dystopia is now.
All metadata in WhatsApp is unencrypted and sent to Facebook. Since you can learn an awful lot from metadata alone, it makes sense for the UN to ban it, given their threat model likely includes governments and Facebook will cower to government requests for data.
Today is Data Protection Day
As the United Kingdom prepares to exit from the European Union, our privacy standards are at a crossroads.
The signs from Government are unclear: as the future trade agreement is likely to be loose, it would be open to Government to dilute data protection, to make it harder to enforce, or to lower fines.
It is more important than ever for the United Kingdom to commit to respecting the right to privacy.
Permanent record by #Snowden is chock-full of gems. On technological tyranny:
Yesterday, the UK government turned Greenpeace into an extremist organisation, put it up on a list of extremist groups alongside actual extremists like neo-nazis 🤦♂️
Today, the UK government introduces an age verification law so companies must verify the age of all users, else restrict their use of data. Meaning adults will only be able to access websites when they verify their age, leading to the mass extreme censorship of information 🤦♂️
For Facebook tracking Brave white-lists
According to Brave developers, it's white-listed due to causing Facebook login to break if blocked.
See issue #1108 on Github
This is a great bit of kit by @MichaelAltfield - it's a kill switch to erase data on a computer in the event of a USB drive being removed.
The probability of inadvertent removal though, is likely to be quite high. Still, it's an awesome tool.
Computer nerd. Software tinkerer. Android (Graphene OS) and Linux aficionado. Interested in technology, foss, infosec, privacy, encryption.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!