I know that stock Android itself is spyware.

What tips about setting up my stock Android phone would you give me? It's not factory unlocked so I'm sticking with Google Android.

Things I've done:

• Stopped and disabled all apps that I don't use or need.
• Replaced all apps that I can with FOSS alternatives from github using Obtainium.
• Not installed things that I can just check on my laptop like email.

Is there anything else that I can do? Thanks in advance

Edit I've also:

• Changed my DNS to Mullvad DNS
• Restricted app permissions to only what they need
• Not signed into the phone. I don't even have Gmail account.

Hi all !

I just released the first version of Gosuki, a multi-browser real time bookmark manager I have been writing on and off for the past few years. It aggregates your bookmarks in real time across all browsers and even external APIs such as Reddit and Github.

• Github: https://github.com/blob42/gosuki
• Documentation: https://gosuki.net/
• Video Demo

I was always annoyed by the existing bookmark management solutions and wanted a tool that just works without relying on browser extensions, self-hosted servers or cloud services. As a developer and Linux user I also find myself using multiple browsers simultaneously depending on the needs so I needed something that works with any browser and can handle multiple profiles per browser.

The few solutions that exist require manual management of bookmarks. Gosuki automatically catches any new bookmark in real time so no need to manually export and synchronize your bookmarks. It allows a tag based bookmarking experience even if the native browser does not support tags. You just hit ctrl+d and write your tags in the title.

Feature Highlights:

• A single binary with no dependencies or browser extensions necessary. It just work right out of the box.
• Use the universal ctrl+d shortcut to add bookmarks and call custom commands.
• Tag with #hashtags even if your browser does not support it. You can even add tags in the Title. If you are used to organize your bookmarks in folders, they become tags
• Real time tracking of bookmark changes
• Builtin, local Web UI which also works without Javascript (w3m friendly)
• suki cli command for a dmenu/rofi compatible output
• Modular and extensible: Run custom scripts and actions per tags and folders when particular bookmarks are detected
• Browser Agnostic: Detects which browsers you have installed and watch changes across all of them
• Also handles multiple profiles per browser
• Stores bookmarks in a portable sqlite database compatible with the Buku. You can use any program that was made for buku.
• Can fetch your bookmarks from external APIs (Reddit and Github for now).
• Easily extensible to handle any browser or API

It's open source with an AGPLv3 license, Checkout the README and website docs for more details.

cross-posted from: https://beehaw.org/post/20989376

Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.

I have to use Zoom for a online class and I was wondering how I can make my Zoom experience more private? Is there a Zoom client that I can use like how there are privacy-focused Discord clients? What privacy tips would you recommend?

cross-posted from: https://lemmy.world/post/32631305

Analyzed by exodus, island the work profile app have 3 trackers detected

https://reports.exodus-privacy.eu.org/reports/com.oasisfeng.island/latest

Should I be worried?

About

Duck.ai is one of the few online places to chat with AI privately. Self-hosting your own AI model is a better option, but not everybody has the hardware for it. DuckDuckGo has made deals with the model providers to keep your chats private, so it's an easy option to recommend.

If you're like me, you probably clear your cookies a lot (or always browse in incognito). This means that any time you visit Duck.ai, you have to set all your settings again. One solution is to set Duck.ai as an exception to your browser data deletion, but that makes me uneasy. After getting fed up setting my preferred settings each time, I wanted to see if I could automate the process.

The Bookmarklet

Bookmarklets are essentially bookmarks in your bookmarks bar that, when clicked, run your own JavaScript code on whichever page you're visiting. This was a neat trick that some of my classmates used to edit pages when the Inspect Element was disabled on school computers.

I wrote a short bookmarklet that will automatically set my preferred settings in Duck.ai:

javascript:{
	const settings = {
		'aiChatPromptSuggestions': '{"hideSuggestions":true}',
		'aichatPromoDismissal': '{"promosDismissed":"9999-99-99"}',
		'duckaiCanUseApproxLocation': 'false',
		'duckaiSidebarCollapsed': 'true',
		'duckduckgo_settings': '{"description":"Each key is a setting documented in https://duckduckgo.com/duckduckgo-help-pages/settings/params/","kdcm":"6","kdcs":"0"}',
		'isRecentChatsOn': '"0"',
		'preferredDuckaiModel': '"6"',
	};
	
	let keys = Object.keys(settings);
	keys.forEach(key => {
		const value = settings[key];
		localStorage.setItem(key, value);
	});
	
	location.reload();
}

How To Use

(Steps may vary between browsers)

1. Copy-paste the bookmarklet code above (including the part that says javascript:)
2. Right click on the bookmarks bar in your browser
3. Select "Add page..."
4. In the field that says "URL", paste the code you copied
5. Name the bookmarklet whatever you want, for example: Debloat Duck.ai
6. Click "Save"
7. Visit Duck.ai (which redirects to https://duckduckgo.com/?q=DuckDuckGo+AI+Chat&ia=chat&duckai=1) You must visit this page before running the bookmarklet, because bookmarklets can only run code on the page you're currently visiting.
8. Click on the bookmarklet you just created. This will run the code.

You should now have a distraction free, private chat.

Explanation

Duck.ai stores its settings in the browser's "local storage". If you open the Inspect Element (either by right clicking on the page and clicking "Inspect" or by pressing F12) and navigate to Application > Local Storage > https://duckduckgo.com/ you will see a list of settings and their corresponding values.

By default, these settings are a tad too distracting for my taste. The bookmarklet I made does the following:

1. Hides prompt suggestions
2. Dismisses the promo by setting the shown date to something impossible in the future
3. Disables using approximate location for responses
4. Collapses the sidebar
5. duckduckgo_settings doesn't actually do much, and the values there are, in fact, not documented on this page
6. Disables chat history
7. Sets the preferred model to Mistral Small 3, which is open source and has low moderation.

You can set your preferred settings before running the bookmarklet and edit the bookmarklet code according to your own settings.

The code then iterates through these settings, and sets each one. Then, finally, reloads the page to apply the settings.

Updates

This project is far too small to make an entire repository for it, so I will try to just update this post with any new code. For example, duckaiCanUseApproxLocation is a new setting that was added in the last few days.

I hope everyone enjoys this as much as I did!

Here is a before and after:

cross-posted from: https://sh.itjust.works/post/41641719

Keystrokes? Screen recordings? Camera and microphone spying? Assuming an average person who's not actively targeted by an intelligence agency.

cross-posted from: https://lemmy.world/post/32523093

Anyone have the experience registering a domain name with false personal information?

I'm trying to register one but all provider asks for name and address. Anyone have the experience providing false information? Do they really care enough to check your info manually if you don't use your domain name for malicious purposes?

particularly interested in experiences with cloudflare

thanks a lot

EDIT: https://www.reddit.com/r/Domains/comments/1cxl7y2/when_registering_domain_name_should_i_use_my_real/

The issue with using fake details is that you risk getting your account suspended. Also, if your domain gets stolen you've made it impossible to retrieve because you will have to verify your information.

How can a domain get stolen?

Considering the current intrusive cyber climate, what are the best ways to preserve privacy?

For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).

I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, it’s redundant).

I also basically have all my “smart” devices (TV, lightbulbs, air purifier, etc…) at home cutoff from the internet using OpenWrt’s firewall to prevent them from calling home.

I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.

I switched email providers to mailbox.org because f*** Google and Microsoft.

I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etc…

I own Apple devices which aren’t the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future that’s my next move.

I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions ya’ll might have.

EDIT: I’m not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic “day-to-day it’s non of your business who am I online or what I do, please don’t profile/fingerprint me, I am just a passerby” kinda threat model.

I started a 5-week degoogle challenge Signal group.

The group is free...and already has 45 members ready to go next week when we officially start! We'll follow the checklist here. It will be a casual group for accountability and support.

I can help based on my experiences, we can all support each other, and we have at least 1-2 advanced techie people who can answer more complicated questions.

Please join, and tell your friends! Next week I'll post an official welcome and resources..and we'll get started.

If it goes well, I can either start another one and/move to de-Amazon, Meta, Apple, whatever.

(Also, if anyone wants to repost this in r/privacy on Reddit, please do! I apparently don't have enough karma to post there.)

If I install the extension on VSCodium (Open Source Version), is this a privacy concern other than that it reads all my HTML files in the folder I have open?

I did a search for posts on Google Takeout before posting this and the only one I saw was from a year ago so I guess its ok to post this.

I just learned about it this morning.

The TLDR; is that you can request all the info Google has on you, in my case I want to do something with that data as I move away from Google, but just seeing what they have is nuts.

You might want to consider doing so.

(i would link the url, but its long and ugly, just search for Google Takeout, you will find it)

Exciting News! We're thrilled to announce the release of CoMaps to Google Play Store, Apple App Store, and F-Droid!

CoMaps Highlights

· Offline Search and Route: Plan and navigate your trips without internet

· Saves battery: Efficient design that does not drain your battery

· Privacy-respecting: no identify people, no tracking, no data collection

· Free and No Ads: completely free, your journey is smooth

What makes CoMaps special?

CoMaps is a community-driven open-source navigation app · Open & Transparent: All decisions are made in public, with full transparency.

· Community Empowerment: You have a voice in how the app evolves.

· Free & Not-for-Profit: Our focus is on creating value for the community, not generating profit.

Download CoMaps Today

• Google Play Store: https://play.google.com/store/apps/details?id=app.comaps.google
• Apple App Store: https://apps.apple.com/app/comaps/id6747180809
• F-Droid: https://f-droid.org/packages/app.comaps.fdroid/

Powered by the community

cross-posted from: https://lemmy.world/post/28567151

A few cards that I read about.

RBC virtual card, seems to do what I need. But it's available for business use only.

Robinhood Gold Card, only in the states.

Wise, not sure if exact limits are available.

Context: I recently purchased a hotel stay where a merchant charged my card for the advertised price on their website, the amount was then refunded. Then another merchant charged my card a higher amount (a few hundred) all in a few seconds of the original transaction.

Edit: I found Wise provides limits on their virtual cards. I have yet to test how this works and if the transaction is declined for Insufficient funds, does anyone have experience with this?

Interesting counterpoint to the stuff we sometimes talk about here. It's more for public chat rooms though. MLS (RFC 9240) still interests me and I've been wanting to try coding it.

I have always used Mullvad Leta as my search engine, but after changing smartphone and download Fennec, I ended up leaving DuckDuckgo that comes standard for now. However, after the last Fennec update (140.0.0), I was surprised to have Google as a standard search engine. What do you think of this? Someone with this same experience?

So, I still receive telemetry information from my old lease car, a Kia e-Niro, to my app. A huge, HUGE privacy issue.

I made sure to remove my profile from the car before turning it in, and doing a factory reset of the car's software.

I can see everything, AC, whether there are doors open, odometer, and above all, location.

Also tried to see if I can turn off the AC, but any commands throw an error, so disabling my account on the car at least did something 😅

I had it in the Netherlands, it's in Poland, and it looks like it's on its way to Ukraine.

Kia, you need to check your security.

Edit:

Holy shit it gets real bad. I can lock and unlock the car.

So I went to F-Droid to download TOR Browser and Orbot app and I found them currently missing from the F-Droid catalog. Did something happen that I'm currently out of the loop?

-precio justo

• empresa fiable, no venden tus datos
• la mejor opción si necesitas varios dominios o alias con varias bandejas de entrada
• servicio de calendario
• aplicación móvil multiplataforma, escritorio para Linux mantenido -Me encanta el modo offline -Privacidad -utiliza y apoya el software libre

¿Más información? https://tuta.com/es

When you send a screenshot (even if height/width only is cropped) , the screenshot's width and height can be used to find the iPhone model of someone or narrowed down.

The most unique sized iPhone on the market right now is the iPhone 16 Pro and iPhone 16 Pro Max, as no other phone has the same width and height. So if you send a screenshot people will 100% know your exact phone. The regular iPhone 16 is common with the rest of the other phones and not unique.

If you send a screenshot from a iPhone XR, people can know if you using an iPhone 11 or iPhone XR since they have the same dimension which narrows down alot of options. (828x1792)

You can use this site here to view a list of all the dimensions. Click the iPhone's tab and sort the physical width or height.

If you don't want to expose your phone model, crop both width and height of each screenshot randomly. I would suggest cropping out the top of the phone as it shows your time if you care about that. Some sites like X have random inaccurate dimensions in uploaded screenshots, which is different from the original raw screenshot.

I haven't really checked with android phones, but it's probably the same thing.

If you own a Samsung A or M series phone and live in the Middle East or North Africa, you are likely being monitored, with data collected through your device by the South Korean tech giant on behalf of “Israel.”

This follows revelations that Samsung allowed the installation of a covert application developed by an Israeli company, IronSource, which harvests personal data, posing significant risks, especially if you are a potential target of Israeli surveillance.

The latest disclosure comes in the wake of the pager explosion in Lebanon, and now, attention has turned to Samsung phones, used by millions of Arab consumers, which have been found to contain Israeli software that leaks sensitive information.

Samsung entered into an agreement with IronSource, an Israeli firm, to pre-install this hidden app on Samsung phones sold exclusively in the Arab world (the MENA region), without the knowledge of the device owners.

This controversial partnership raises serious concerns about possible espionage or cyberattacks, with experts warning that the software could compromise the security of these devices.

The spyware could allow future attacks targeting communication networks or disrupt critical infrastructure in the region.

Adding to the alarm, tech specialists have highlighted that the Israeli app is particularly difficult to remove; once deleted, it reinstalls itself automatically, making it nearly impossible for users to protect their privacy.

This marks the fourth revelation of Israeli espionage tactics being used against Lebanese and Arabs, following the discovery of bombs in Pager devices, the infiltration of Walkie-Talkie communication systems used by Hezbollah, and the jamming of aviation navigation systems and GPS devices.

Spyware Deal The Lebanese digital rights platform, Social Media Exchange (SMEX), which advocates for human rights in digital spaces across West Asia and North Africa, was the first to reveal that Samsung had signed a partnership agreement with the Israeli company IronSource back in 2022.

The deal allows IronSource to pre-install its AppCloud application on Samsung’s A and M series phones before they reach consumers.

On October 29, 2024, SMEX disclosed that the South Korean tech giant, Samsung, and the Israeli firm IronSource had agreed to load this app onto phones sold in the Middle East and Africa, including Lebanon.

The app, according to SMEX, provides access to personal information from the phone's owner, as well as other sensitive data.

The AppCloud application, in turn, installs another program called Aura, which secretly downloads additional software without the user’s knowledge, particularly affecting devices distributed in Lebanon and across the Arab region.

The app in question allows access to users' data, including sensitive information such as IP addresses, device fingerprints, and personal details, enabling the identification and geographical location of the phone’s owner — potentially facilitating surveillance or even targeting for assassination.

This could also help explain the mystery behind Israeli ability to easily track and target Hezbollah figures across Lebanon, Syria, and other regions, even after the dismantling of explosive pager devices.

It underscores the urgent need for the Middle East to develop independent communication systems.

495590693.webp (1200×630) A report by SMEX highlights the alarming reality that the Israeli app can be installed on Samsung phones without the owner's knowledge, with removal proving nearly impossible due to the complex technical hurdles involved.

Even those who manage to disable the app find it reappears automatically, confirming its nature as high-tech spyware.

The app in question, AppCloud, which has been surreptitiously embedded in Samsung devices for over a year, was first flagged by a user in an August 2023 post on the company’s support forum, titled "How can I remove AppCloud?"

Spyware installation raises concerns that the app has been silently present in phones long before Operation al-Aqsa Flood and the ongoing war.

Data Harvesting or Assassination? The Israeli war on Lebanon has brought renewed focus on the issue of espionage and electronic interference, with the bombing of pager devices used by thousands of Lebanese citizens, marking yet another chapter in the ongoing conflict.

This raises critical questions: Is the installation of spyware on Samsung devices aimed at collecting data, or is it a more sinister effort, akin to the Pager incident, to facilitate targeted killings?

Abed Kataya, media program director at the Lebanese digital rights platform SMEX, confirmed that “the Israeli application is often pre-installed on [Samsung] devices,” before purchase, and updates occur without the user’s consent.

Kataya explained that this practice extends to over 50 markets in the Middle East and North Africa, indicating that the data harvesting operation is not limited to Lebanon alone.

The AppCloud app installs another program called Aura, which prompts users to download additional apps, all of which contribute to collecting personal data, including device information and biometric identifiers like fingerprints.

Data harvesting makes it easier to track and identify the device's owner.

Perhaps most concerning, says Kataya, is that the app’s activities cannot be stopped or any permissions it requests are denied.

While AppCloud claims to uphold privacy policies by allowing users to opt out of data collection, in practice, trying to delete it from the device reveals an impossible-to-find form that must be completed.

Deleting the app, according to Kataya, requires technical expertise well beyond the average user’s capacity.

1734517000.webp (770×513) Kataya explained that users can access their device settings, navigate to the Apps section, search for the AppCloud app, and press the disable button.

However, they may still be unable to completely remove the app from the device, even after disabling it.

The app may seem disabled on the surface but continues to run covertly in the background.

Kataya argues that Samsung's partnership with the Israeli company IronSource—a deal restricted to regions marked by geopolitical tensions and instability—suggests the South Korean giant may have knowingly or unknowingly facilitated Israeli espionage against Arabs.

The exposure of this spyware raises critical questions about how “Israel” could exploit the collaboration between Samsung and IronSource to carry out cyberattacks, or perhaps, these attacks have already occurred—similar to the Pager incident—in what are known as supply chain attacks.

These attacks typically involve infiltrating trusted systems, such as widely used devices and software, to gather intelligence or implant surveillance tools.

As reported by Al-Estiklal, the Israeli military has consistently sought technological advantages, preparing for future conflicts in Lebanon and the wider region through proactive cyber and technological advancements.

The partnership with IronSource allowed “Israel” to collect valuable intelligence on Lebanese citizens long before the current conflict erupted, including gaining access to communication devices used by Hezbollah operatives.

The Israeli use of the AppCloud app to target Samsung’s A and M series phones—models marketed primarily to middle and lower-income populations—was likely strategic.

Their lower price point made these devices more accessible, thus facilitating the spread of spyware and widening the scope of data collection.

Could “Israel” resort to detonating devices that have been infected with malicious software, especially given that these phones are connected to the internet, unlike the pagers and walkie-talkies?

A tech expert ruled out the possibility of “Israel” resorting to a mass detonation of mobile phones carrying this app or similar software in the Arab region.

The expert cited economic concerns, noting the potential fallout on international trade should such an action occur, as well as Israeli commercial ties with global companies, including its American allies.

He argues that if “Israel” were to somehow detonate Samsung, Huawei, or iPhone devices, it would trigger a global trade crisis that could destabilize the smartphone industry, one that neither the United States, China, nor South Korea could afford to tolerate.

There are other intelligence-related reasons as well: the purpose of implanting spyware and surveillance programs is to gather information, and detonating the phones would deprive the Israeli Occupation of a crucial communication tool, one that allows it to infiltrate and eavesdrop on its targets.

Companies supporting Israeli Occupation The infiltration of Israeli spyware into global tech products raises troubling questions about how and why multinational companies continue to allow their devices and technologies to be manipulated in ways that may harm their economic interests.

The truth is that many of these companies, most of them American or heavily aligned with the U.S., are complicit in supporting the Israeli occupation, often out of economic considerations or due to pressure from powerful pro- “Israel” lobbies.

These firms, some argue, cooperate with “Israel” to benefit from its advancements in programming and technology, or because they fear the influence of global Israeli networks.

According to foreign reports, Israeli cyber operations infiltrate global tech companies—sometimes through employees who leak sensitive data or through direct collaborations with firms that support “Tel Aviv.”

One prominent case involved a protest in 2021 by 300 Google employees and 90 Amazon workers who signed an internal letter demanding their companies withdraw from Project Nimbus, a controversial deal to supply the Israeli Occupation Forces with dangerous technology used to target Palestinians.

Rather than halting the project, these workers faced retaliation and were fired, as The Intercept reported in November 2023.

The $1.2 billion Nimbus deal, which provides cloud services to the Israeli military and government, has been a point of contention among tech workers and human rights advocates alike.

The most recent incident occurred in April 2024, when 28 Google employees were dismissed after staging a protest against the project, further fueled by revelations that the technology was being used in war crimes committed in Gaza.

This marks a growing trend where tech giants, rather than reevaluating their complicity, continue to back the Israeli military-industrial complex, despite rising moral and legal concerns.

1319699190.jpg (1600×1066) A report by Time magazine on April 12, 2024, revealed an internal document confirming that Google provides cloud computing services to the Israeli Ministry of Defense, deepening its partnership despite the ongoing genocide in Gaza.

“The Israeli Ministry of Defense, according to the document, has its own “landing zone” into Google Cloud—a secure entry point to Google-provided computing infrastructure, which would allow the ministry to store and process data, and access AI services,” as reported by Time.

The contract shows that Google invoices “the Israeli Ministry of Defense over $1 million for the consulting service.”

On April 5, 2024, The Intercept reported protests against Google for supplying technology to the Israeli military to carry out "robotic crimes" — namely, the killing of Gaza’s civilians.

Protesters lay down on the ground wrapped in white sheets with a modified Google logo reading "Genocide," demanding an end to the company’s collaboration with the Israeli government.

According to The Intercept, the Israeli military used Google's programs for facial recognition to track Palestinians attempting to flee airstrikes or search for food to feed their families.

“Many of those arrested or imprisoned, often with little or no evidence, later said they had been brutally interrogated or tortured,” as reported by The Intercept.

An Israeli official told The New York Times that Google’s facial recognition worked better than any alternative technology, helping “Israel” compile a “hit list” of Hamas fighters.

Furthermore, Google Maps and Waze were used by the Israeli military to disable live traffic updates in the occupied Palestinian territories ahead of the Israeli ground invasion of Gaza, according to Bloomberg.

In addition, an investigative report by +972 magazine highlighted that “Israel” uses artificial intelligence to target and kill Palestinians.

Interviews with six Israeli military intelligence officers revealed that AI programs in Unit 8200 — responsible for cyber security and espionage — have been used to target and assassinate Palestinians.

Since the war began in Gaza, two AI-driven programs have been developed for this purpose.

One, "Lavender," helped prepare a "kill list" of nearly 37,000 Palestinians for targeting without confirming their identities.

The other additional automated system, “Where’s Daddy?”, scanned Gaza’s population using big data, identifying names, identities, and addresses, leading to the mass extermination of Palestinian families.

Additionally, on April 11, 2023, Citizen Lab, a Canadian research organization, revealed a new Israeli spyware program similar to the notorious Pegasus.

The software, bought by governments including Saudi Arabia, the UAE, and Morocco, was used to target journalists and political opponents across multiple countries.

The program, developed by an Israeli company called Quadream Ltd — founded by a former Israeli military officer and ex-NSO Group employees — has already been linked to espionage activities.

Citizen Lab identified the victims “include journalists, political opposition figures, and an NGO worker,” confirming its widespread use in surveillance.