The Federal Trade Commission's Office of Technology has issued a warning to automakers that sell connected cars. Companies that offer such products "do not have the free license to monetize people’s information beyond purposes needed to provide their requested product or service," it wrote in a blog post on Tuesday. Just because executives and investors want recurring revenue streams, that does not "outweigh the need for meaningful privacy safeguards," the FTC wrote.

In 2023, the Mozilla Foundation published an extensive report examining the various automakers' policies regarding the use of data from connected cars; the report concluded that "cars are the worst product category we have ever reviewed for privacy."

The FTC is not taking specific action against any automaker at this point. Instead, the blog post is meant to be a warning to the industry. It says that "connected cars have been on the FTC's radar for years," although the agency appears to have done very little other than hold workshops in 2013 and 2018, as well as publishing guidance for consumers reminding them to wipe the data from their cars before selling them.

The FTC says the easiest way to comply is to not collect the data in the first place.

With the latest version of Firefox for U.S. desktop users, we’re introducing a new way to measure search activity broken down into high level categories. This measure is not linked with specific individuals and is further anonymized using a technology called OHTTP to ensure it can’t be connected with user IP addresses.

Let’s say you’re using Firefox to plan a trip to Spain and search for “Barcelona hotels.” Firefox infers that the search results fall under the category of “travel,” and it increments a counter to calculate the total number of searches happening at the country level.

Here’s the current list of categories we’re using: animals, arts, autos, business, career, education, fashion, finance, food, government, health, hobbies, home, inconclusive, news, real estate, society, sports, tech and travel.

Having an understanding of what types of searches happen most frequently will give us a better understanding of what’s important to our users, without giving us additional insight into individual browsing preferences. This helps us take a step forward in providing a browsing experience that is more tailored to your needs, without us stepping away from the principles that make us who we are.

We understand that any new data collection might spark some questions. Simply put, this new method only categorizes the websites that show up in your searches — not the specifics of what you’re personally looking up.

Sensitive topics, like searching for particular health care services, are categorized only under broad terms like health or society. Your search activities are handled with the same level of confidentiality as all other data regardless of any local laws surrounding certain health services.

Remember, you can always opt out of sending any technical or usage data to Firefox. Here’s a step-by-step guide on how to adjust your settings. We also don’t collect category data when you use Private Browsing mode on Firefox.

The Copy Without Site Tracking option can now remove parameters from nested URLs. It also includes expanded support for blocking over 300 tracking parameters from copied links, including those from major shopping websites. Keep those trackers away when sharing links!

I've just been clued into this and I'd like to know if anyone can give me an idea of the quality of the information contained therein. Thanks in advance--I hope you're well today!

• Mullvad VPN's blog post: DNS traffic can leak outside the VPN tunnel on Android

Identified scenarios where the Android OS can leak DNS traffic:

• If a VPN is active without any DNS server configured.
• For a short period of time while a VPN app is re-configuring the tunnel or is being force stopped/crashes.

The leaks seem to be limited to direct calls to the C function getaddrinfo.

The above applies regardless of whether Always-on VPN and Block connections without VPN is enabled or not, which is not expected OS behavior and should therefore be fixed upstream in the OS.

We’ve been able to confirm that these leaks occur in multiple versions of Android, including the latest version (Android 14).

We have reported the issues and suggested improvements to Google and hope that they will address this quickly.

• GrapheneOS 2024050900 release changelog announcement:

prevent app-based VPN implementations from leaking DNS requests when the VPN is down/connecting (this is a preliminary defense against this issue and more research is required, along with apps preventing the leaks on their end or they'll still have leaks outside of GrapheneOS)

The tool relies on Telegram's opt-in "Find People Nearby" feature, but allows searches for Telegram users globally.

cross-posted from: https://feddit.de/post/11733855

App can now be used to create and sign in with passkeys.

Some further context:

Right now the mobile apps are using a Framework called Xamarin which enables crossplatform mobile releases. Since it has become a roadblock for them (e.g. needed to wait for Microsoft to support passkeys in Xamarin) they are planning to switch to native apps (Swift for ios and Kotlin for android). Source

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

Hey guys, first post here and on an alt, I hope I don't get flamed. If there's not enough info I'll post another thread tomorrow.

Its been ~5-7 years since using Linux (Ubuntu/Kubuntu/Debian/Mint/Fedora/etc) as my daily driver. Windows since then for dev and games with kids,, but now I have a laptop that can run my dev env in a VM.

I'm an advocate for privacy and security, but I'm also at the "config once, mostly work for a while" camp... I don't like spending a ton of time fixing things. I don't need Whonix or QubesOS-level compartmentalization (unless it runs Barbone's now), but I tried OpenSuse Tumbleweed on a recommendation and the fine-tuning of flatpak controls seemed really nice. I'd love to be able to sandbox as much as possible without breaking things. Memory and exploit-hardened kernel/apps is a huge plus. Basically GrapheneOS as a Linux distro would be fantastic, even though it comes with its own issues.

Am I overthinking here? Should I commit to Debian, Fedora, or OpenSuse and learn to sandbox and harden properly (if so which has best docs and community)?

I forgot the copy-paste specs my laptop hardware info to my phone earlier, but its an HP Victus 15-fa0032dx

HP Victus 15.6" 144Hz FHD IPS Gaming Laptop (Intel i7-12650H 10-Core, 16GB DDR4, 512GB SSD, RTX 3050 Ti 4GB GDDR6), Backlit KYB, WiFi 6, BT 5.2, HD Webcam

I don't use the Bluetooth or webcam, so those drivers aren't necessary. Does Wayland work for this, and is that really necessary?

Sorry for the noob questions. Mid-30s guy with kids wanting to get this done this week if possible. Please excuse spelling and grammar mistakes.

SIDE NOTE: NOT AT ALL opposed to learning new systems, especially for security, as long as it doesn't require hunting down obscure undocumented commands.

Thanks all

cross-posted from: !technology@lemmy.world

Interesting new data on Lemmy instance federation with Threads, ordered by Active Users descending.

Source: https://fedipact.veganism.social. New data gathered on 2024-04-28.

@technology

I can see far too many privacy issues with copy and pasting text into a website, and/or registering an account which will keep a history of the text checked.

Are there any services available that are noted for being private?

For context, I'm using uBlacklist to manually block website that use AI generated content.

Since a few folks seem unaware of this, I'm posting anew for visibility.

.

The Dutch government said Friday that it may be forced to stop using Facebook after a warning from the Netherlands’ privacy regulator about the Meta owned social media platform’s privacy risks.

The Dutch Data Protection Authority (DPA) issued a statement advising the Dutch Interior Ministry not to rely on Facebook pages to communicate with citizens if it doesn’t have a clear idea of how Facebook uses the personal data of people who visit government pages.

Hiya, so been on the lookout for different services that I could help host for others to benefit from. I think TOR is a great project, and I'd like to contribute. So been thinking about hosting a TOR relay lately, and wondering how people's experience is with running one? Please correct me if I'm wrong - but as far as I know, it only becomes "scary" to host, if you were to host an exit node? And the only real requirement to host a relay is to have a good internet speed? Mainly wondering people's experiences with running a relay.

Edit: Very well-timed and relevant upload from Techlore, on how to use Tor just dropped: https://youtu.be/K3wmLvny5tg

The EU's Data Protection Board (EDPB) has told large online platforms they should not offer users a binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising.

In October last year, the social media giant said it would be possible to pay Meta to stop Instagram or Facebook feeds of personalized ads and prevent it from using personal data for marketing for users in the EU, EEA, or Switzerland. Meta then announced a subscription model of €9.99/month on the web or €12.99/month on iOS and Android for users who did not want their personal data used for targeted advertising.

At the time, Felix Mikolasch, data protection lawyer at noyb, said: "EU law requires that consent is the genuine free will of the user. Contrary to this law, Meta charges a 'privacy fee' of up to €250 per year if anyone dares to exercise their fundamental right to data protection."