As you know, GrapheneOS is a privacy‑ and security‑focused, independent Android‑based distribution for smartphones. With the mobile market dominated by just two major advertising giants—Apple increasingly joining the ranks—we urgently need genuine alternatives. GrapheneOS stands out as the sole platform that lets users enjoy modern features without compromising their freedom, privacy and security.

Please consider supporting the GrapheneOS project in this year’s Proton fundraiser.

After extensive testing, it's finally here: the new SHIFTphone 8.1 with iodéOS is now available at NovaCustom! It's a privacy-friendly phone that's not only user-friendly and secure, but also sustainable and fully modular. This smartphone stands for privacy, security, freedom of choice, and repairability: values that perfectly align with NovaCustom's mission.

• https://novacustom.com/privacy-friendly-phone/

Why NovaCustom and SHIFTphone are the perfect match

At NovaCustom, we believe that users should have control over their own hardware and software. The SHIFTphone is perfect for this in terms of hardware: it has a modular design and is easy to repair. In terms of software, the original product is less than ideal: it comes with Google software as standard. NovaCustom replaces that software with iodéOS by default. This is an operating system without Google services (only microG, but it can also work without it!). This gives you a privacy-friendly phone with maximum control over your data.

Fully modular and customizable

NovaCustom launches the SHIFTphone 8.1

Whether you want to replace a screen, insert a new battery, or simply tinker with your smartphone yourself, the SHIFTphone makes it possible. No glue, no frustration, just pure freedom. NovaCustom has been supporting this principle for years with configurable laptops, and now we are bringing that same idea to smartphones.

Is there any method to see people's full profile on Linkedin without an account on pc? Any Linkedin frontend? Thanks!

cross-posted from: https://lemmy.zip/post/53013464

The EU countries have no fundamental problem with US law enforcement agencies accessing their national databases to search for threats.

cross-posted from: https://feddit.uk/post/39495921

The EU Council seems to agree to the new compromise "without further changes"

The EU Council has received new Chat Control proposal with broad support
CSAM scanning would now be voluntary, but with some exceptions
Lawmakers met today (November 12) for further discussion

It's official, a revised version of the CSAM scanning proposal is back on the EU lawmakers' table − and is keeping privacy experts worried.

The Law Enforcement Working Party met again this morning (November 12) in the EU Council to discuss what's been deemed by critics the Chat Control bill.

This follows a meeting the group held on November 5, and comes as the Denmark Presidency put forward a new compromise after withdrawing mandatory chat scanning.

As reported by Netzpolitik, the latest Child Sexual Abuse Regulation (CSAR) proposal was received with broad support during the November 5 meeting, "without any dissenting votes" nor further changes needed.

The new text, which removes all provisions on detection obligations included in the bill and makes CSAM scanning voluntary, seems to be the winning path to finally find an agreement after over three years of trying.

Privacy experts and technologists aren't quite on board, though, with long-standing Chat Control critic and digital rights jurist, Patrick Breyer, deeming the proposal "a political deception of the highest order." Chat Control − what's changing and what are the risk

As per the latest version of the text, messaging service providers won't be forced to scan all URLs, pictures, and videos shared by users, but rather choose to perform voluntary CSAM scanning.

There's a catch, though. Article 4 will include a possible "mitigation measure" that could be applied to high-risk services to require them to take "all appropriate risk mitigation measures."

According to Breyer, such a loophole could make the removal of detection obligations "worthless" by negating their voluntary nature. He said: "Even client-side scanning (CSS) on our smartphones could soon become mandatory – the end of secure encryption."

Breaking encryption, the tech that security software like the best VPNs, Signal, and WhatsApp use to secure our private communications, has been the strongest argument against the proposal so far.

Continue Reading - https://www.techradar.com/vpn/vpn-privacy-security/this-is-a-political-deception-new-chat-control-convinces-lawmakers-but-not-privacy-experts-yet

I just stumbled across chasing-your-tail-ng and wigle.net. I previously didn't know anything like this existed.

Looks like you could run Chasing Your Tail, and log all the WIFI SSIDs that devices (e.g. peoples' cell phones) around you are looking for, then search for the SSIDs on wigle.net, and possibly find the work/school/home locations of the people around you.

Looks like Chasing Your Tail also logs bluetooth, so could be used to find BT beacons that may be in your car, etc. And also SDR for other types of radios. Pretty interesting.

I'm not really familiar with security/OSINT type stuff, but it is interesting. Anybody know of any other projects related to this? What the best ways to mitigate this? I suppose naming your home SSID to a very common SSID would help.

This dish was erected atop a roof of a shopping center near me a few weeks ago. It’s super ominous looking and it bugs me regularly.

Just installed GOS on my phone, really like it. I want to know how GOS users setup their profiles to learn from them. So far, i found out the followings:

1. everything in Owner

2. leave Owner blank. Put everything in another profile names User.

3. leave Owner blank. Put all Google stuff in user Google. Put all FOSS app in FOSS user. Put all bank stuff under Sensitive user.

4. use Owner as an app repo. So install Google Play, Acrescent, Fdroid. Install apps from there, but dont use them. Instead, when create new user, push those apps from Owner. This is similar to Side of Burritos on Youtube.

anything different?

cross-posted from: https://lemmy.zip/post/52889139

As weird as the title sounds, my family really dislikes me using Tuta and not Gmail. Is your family also like this?

"Come on, Sarah, can't you just be normal and use Gmail like everyone?"

• my mom, scolding me.

Hello everyone!

TL;DR:
Journiv is a a beautiful, self-hosted, privacy-first journaling app with mood tracking, daily prompts, and meaningful insights. The mission is simple: your memories should always stay yours. Own them, don’t rent them.

Journiv 0.1.0-beta.4 is now live on GitHub and fully Docker-hostable.
Start owning your thoughts and memories forever and keep them completely private.

The Story Behind Journiv

I got into self-hosting last year and while exploring options journaling solution, I realized there wasn’t a truly modern, self-hosted equivalent to Day One or Apple Journal. Most alternatives were either general note apps or old abandoned projects.

I wanted something focused on journaling with:

• “On This Day” memories
• Prompt-based journaling
• A clean, minimal, distraction-free writing experience

So… I built my own: Journiv, a beautiful (at least I am trying to make it so), self-hosted, privacy-first journaling app with mood tracking, daily prompts, and meaningful insights.

Get Involved

Give Journiv a try, share your feedback and report issues. It means a lot at this stage.

cross-posted from: https://lemmy.zip/post/52889143

cross-posted from: https://lemmy.zip/post/52889334

The UK's communications regulator, Ofcom, has told TechRadar that it's using an unnamed third-party tool to monitor VPN use in the UK.

I was thinking of donating to the NTP Project when I saw this link on hacker news, because I think small amounts of donations from many people is a good thing, to maintain open source projects. The request of my address as a donator stopped me from donating. I want just to make an anonymous donation.

I decided to finally clean up an old account on CivitAI (https://civitai.com/). Nothing unusual - I just wanted to exercise my right to be forgotten, the one I heard about so much on Reddit before, being a regular lurker.

I sent them a polite email citing Article 17 GDPR. Gave them enough info to find me (email, username, first login date, payment history). Didn’t use my real name, didn’t log in - partly because I didn’t want to trigger Cloudflare’s fingerprinting again.

Their reply?

"When users delete their account, this action is permanent, since we delete any and all data associated with that account."

Maybe? There’s no way to verify their claim without re-engaging. No public deletion policy (https://civitai.com/content/privacy). No confirmation. No alternative. Only if you log in to do it. Which means triggering Cloudflare’s tracking system again.
I shouldn’t have to expose myself to surveillance just to ask to be forgotten.

Honestly, I was taken aback a little. But fair enough, I thought. I still have a shield for myself - let’s escalate.

I filed with the Irish Data Protection Commission (DPC) - mostly because they accept anonymous, English requests.
They closed my case within days with this:

You’re from Ukraine. Not our problem.

No discussion of whether CivitAI targets EU users (they do!). No interest in the fact they process personal data globally. Didn’t even ask if I was in the EU at that time. Just a flat rejection based on my location.

Fine. Maybe NGOs can help?
I contacted:

• Access Now
• EDRi
• Digitalcourage
• epicenter.works
• Even tried the UK ICO (turns out, CivitAI blocks UK users now, so no luck there)
  Out of all of them, only epicenter.works replied - twice - telling me to contact noyb.
  Which is silly, because I already did. Over a month ago. Still no reply.

So here I am.
I did everything I could - correctly, thoroughly, and in good faith. But all I got in return is silence, deflection, bureaucracy.
Don’t get me wrong - I still believe in the idea of GDPR. I want to believe in it. But the enforcement? It’s a paper tiger. All bark, no bite. And worst of all, it doesn’t even have self-respect - happy to roll over the moment someone shows up without an EU passport.
This wasn’t about being petty or creating drama. I just wanted to get in control of my data, as was promised by the GDPR declaration.
But apparently, even that is too much to ask.

Anyway, vent over. Just wanted to share this so others don’t waste months chasing rainbows like I did.

And maybe - just maybe - someone at noyb, DPC, or CivitAI will finally read it and feel ashamed enough to act.

P.S. Why I'm posting it here:

• I think it fits this community topic
• This post was removed from r/gdpr by moderators
• Some subreddits ignored my request to approve this post on their subreddits
• r/privacy requires karma to post
• I was shadowbanned by Reddit for no apparent reason
• Similar post saw zero reaction on Mastodon instance
• Twitter & Bluesky requires solving a captcha that I'm incapable of solving
  In addition, since the initial post on Reddit and Mastodon weeks ago, I've sent emails to various privacy oriented news outlets and public organizations, but I was ignored by all, but EFF which replied "we can't help you".

EDIT: To clarify a recurring point: GDPR does not require you to be an EU citizen or resident to be protected.
Under Article 3(2), it applies to any company that offers goods/services to people in the EU - even if the user is from Ukraine, the US, or elsewhere. if anyone think I'm in wrong, please provide source. I don't see what I'm doing wrong here.

Proof (screenshots)

My GDPR request sent to support@.

Reasserting rights after their first refusal.

"Use the button." No erasure guarantee.

Irish DPC closes case based on nationality.

Stumbled across this last night. Never heard of it before. I am just getting into the documentation, but I wondered if any of you have some sauce on Tahoe-LAFS. Good, bad, indifferent. Any scary stories, anecdotes? Gotchas?

https://home.of.tahoe-lafs.org/

cross-posted from: https://lemmy.zip/post/52834195

https://archive.is/je5sj

“If adopted, these amendments would not simplify compliance but hollow out the GDPR’s and ePrivacy’s core guarantees: purpose limitation, accountability, and independent oversight,” Itxaso Dominguez de Olazabal, from the European Digital Rights group, told EUobserver.

The draft includes adjustments to what is considered “personal data,” a key component of the GDPR and protected by Article 8 of the Charter of Fundamental Rights of the European Union.

cross-posted from: https://lemmy.ml/post/38782740

As gradually leaked the last days by various news outlets, the EU Commission has secretly set in motion a potentially massive reform of the GDPR. If internal drafts become reality, this would have significant impact on people's fundamental right to privacy and data protection. The reform would be part of the so-called "Digital Omnibus" which was supposed to only bring targeted adjustments to simplify compliance for businesses. Now, the Commission proposes changes to core elements like the definition of "personal data" and all data subject's rights under the GDPR. The leaked draft also suggests to give AI companies (like Google, Meta or OpenAI) a blank check to suck up European's personal data. In addition, the special protection of sensitive data like health data, political views or sexual orientation would be significantly reduced. Also, remote access to personal data on PCs or smart phones without consent of the user would be enabled. Many elements of the envisaged reform would overturn CJEU case law, violate European Conventions and the European Charter of Fundamental Rights. If this extreme draft will become the official position of the European Commission, will only become clear on 19 November, when the "Digital Omnibus" will be officially presented. Schrems: "This would be a massive downgrading of European's privacy ten years after the GDPR was adopted."

I recently asked the /c/Android community what information Google has access to on stock Android, assuming the user is not using any Google apps, and was told Google has full "unstoppable" access to the entire device, including Signal messages, the microphone, duckduckgo search history and anything displayed on the screen at all times.

Does this mean that encrypted messaging is essentially pointless to use on Android? I'm a newb here so go easy on me.

Hi everyone, we're mainly looking for feedback and testers for our project, which is currently in beta. We’ve been working on Safebox, an open-source framework that helps you install, manage, and access self-hosted applications such as Home Assistant, Nextcloud, and Jellyfin etc. Safebox runs on Linux, macOS, and Windows (supporting both x86 and ARM64 architectures, even Raspberry Pi, Banana Pi hardware also tested). It manages domain and subdomain setup, Let's Encrypt certificates, DNS configuration, and reverse proxy (nginx). It also includes a Wireguard-based remote access feature and a geo-redundant backup system (currently in development). The project is in beta, and we’re looking for people interested in testing and giving feedback on its usability, stability, features, and really anything else. All information about Safebox and beta testing can be found in our discord channel.

If you’d like to try it out, you can start it with Docker:

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock safebox/framework-scheduler

Then open: http://localhost:8080/

Website: https://safebox.network/ Github: https://github.com/safeboxnetwork/framework-scheduler Discord: https://discord.gg/aBP8bz6N8J

We’d really appreciate any feedback or ideas for improvement.