Privacy Cookbook - Chapter 3.0.1 - Ad & Bad Traffic (the new list)
pubsub.do.nohost.me / Decentralized Today · 2 days ago - 23:00 · 2 minutes
Over the years I've made the point on how important DNS is and that you can block, with a setup like AdGuardHome or Pi-hole via DNS, ads and domains that are spying on or monitoring you. I believe we created a great linked list previously but I'm feeling the need to renew the list of good ad blockers.
So here goes:
Adaway (focused on mobile ads)
Anti ad (general)
Android tracking (its in the name)
energiser blugo (compilation)
energized blu (compilation)
energized porn (compilation + porn)
energized ultimate (compilation)
energized unified (compilation)
firetv tracking (tracking)
Games tracking (tracking)
oisd nl (general)
phishing army (phishing)
Easylist China (Chinese domains)
shallalist porn (general +porn)
Smart tv tracking (in the name)
stevenblack porn (compilation + porn)
winspy (windows telemetry)
This is a list that refers to the original article and was updated last on the 31st July 2020.
I believe it's more important than ever to update your block lists and to keep them updated, thus this revised entry to the Cookbook.
And if you're looking for the easy road when it comes to DNS consider NextDNS
Privacy-Focused Brave Browser Plans to Challenge Google With A Private Search Engine
pubsub.do.nohost.me / ItsFoss News · 2 days ago - 13:33
It's tough to compete with Google's search engine. Brave plans to do that by offering a privacy-focused search engine that relies on the community.
The post Privacy-Focused Brave Browser Plans to Challenge Google With A Private Search Engine appeared first on It's FOSS News .
Ant-laden gloves and an old dog learns no new tricks
pubsub.do.nohost.me / Decentralized Today · 3 days ago - 23:00 · 6 minutes
Some of you might remember a Privacy Cookbook entry about Ant-laden gloves and an Apple? So just like last time please bear with me and not go "damn he's lost his mind and become an Apple fanboy!"
I was making a point back then about The Sateré-Mawé indigenous people, ants and, well,...Apple. My boy is a big Apple Fan, even though he's switched all his gaming over to Linux which is a great first step in the right direction. But today I want to go in a different direction because I believe every small thing is a step in the right direction. In fact, I would say every little thing matters, like replacing WhatsApp with Signal (or Matrix for example with Element). On Android perhaps don't use any Google apps, don't log in to Google and use F-Droid and not the Playstore are all already great steps, not a total de-googled step, but every little thing counts and gives Google fewer options to track you and sell your data.
And regardless of how much of us privacy orientated people prefer GrapheneOS and Linux as our daily drive, we can't ignore that Apple did a few things right. And it is only fair to point these things out and hope that other open-source projects or closed-gardens follow suit.
With iOS 14 Apple introduced privacy to the App Store. Every App developer now needs to submit what the app is doing, in other words, if they have trackers, if they connect to locations etc. There's a great step in the right direction, even though Apple is not really checking on each app and what the devs submit!. However, if an app gets caught doing something what was not submitted or was wrongfully submitted to the App Store Apple will remove the app indefinitely from its store. This is a great step in the right direction, and we have seen thanks to this approach Android is integrating something similar to the next Android update.
I was also therefore happy seeing the indicators of microphone and cameras on iOS. Another great step forward was, of course, the approximate location feature which only allows apps to get your approximate location, very handy for weather apps, or local news etc. without giving the game away completely.
In the new update on iOS 14.5 we will see something else that goes in the right direction. Apple is replacing the Safari feature for fraudulent websites and therefore Google Safe Browsing to be protected over an Apple tunnel. This means Google will not get your IP address or has the option to see what sites you use. Less tracking if you like. I highly doubt we'll see this on an Android update ;) but yes, I can see GrapheneOS having their tunnel server for this in an upcoming update.
Zero-Click Attack Prevention is another interesting approach. iOS and iPadOS 14.5 include extended PAC security provisions that are designed to make zero-click attacks more difficult to execute. With zero-click attacks, hackers are able to break into a target device without victim interaction, such as clicking a link, which makes them harder for users to detect.
Apple is already addressing iMessage Zero-Click attacks with something they call BlastDoor which will have links sent via iMessage (and later via mail etc.) and opened in isolation. This means that even if it has trackers or a bad code the link would not reach the operating system. I hope we'll see this for other apps as well, and perhaps the folks at Element, Signal et al could have a look and do this for their own apps.
I know Apple is still not open-source and by no mean matches the privacy you get with GrapheneOS or with a better Linux setup, but for the users who ask what should I get Android or iOS (out of the box) wise, perhaps for the non-geeks out there, the grandmothers, mothers or hell even the parents who can't completely tell their children to 'not use any gadgets', iOS is easing in the right direction.
The best part is that it doesn't take tweaks or much of an effort to get less tracked and less data sold. With a DNS, perhaps with some tracker blocking including Apple's own, you can get a pretty sweet but easy setup.
I recommend NextDNS, which has a simple iOS setup, by just visiting apple.nextdns.io
Within NextDNS you can block trackers based on companies, this includes an Apple list which blocks Apple from collecting most data, yet leaves the OS fully functional.
This is not a Privacy Cookbook entry on how to tweak your phone article, but to make a point that Apple is, indeed, trying to do a few more things right and that, hopefully, we'll see Android follow. The argument for Linux and GrapheneOS stands, they're open-source, you can tweak it better and you can install apps that are not on any App Store.
However, for most people who need to use apps that need location services, be it for transportation, for travelers or, of course, simply for users who don't want to tweak and search for a replacement app that will almost be the same as the app that you used to use, iOS is indeed doing some things right.
I still recommend Linux and GrapheneOS or better no cellphone at all! But I wanted to make the point that not all Apple does toward privacy is a gimmick and just used to promote their product.
But I understand that 'out of the box' iOS beats Android on privacy. The Screen Time app can also prevent Apple or any other app from modifying things on your setup. A great setup guide, which is easy to follow, was recently published on thenewoil
And best of all you can limit your kids app use! Have a look to the Screen Time setup and get better control over what your kid is using. I understand that kids use too many gadgets, but it is your job to limit and control the apps your kid is using. And iOS as a very cool and easy app to do just that.
I know many of my followers will have arguments about Apple being a closed- garden, and that Linux phones are out there as well. I also mentioned replace WhatsApp with Signal (and I do not use Signal, let alone WhatsApp) I use Matrix (SchildiChat and GrapheneOS) if I use a phone. Furthermore, I use Linux as my daily drive when it comes to my personal choice of OS, that is for privacy reasons, but also because I just love it.
But not everyone has the knowledge, or the time to learn new tricks. As we say an old dog learns no new tricks. But an old dog that can send a WhatsApp message on Android will be able to use Signal on iOS. And every bit counts!
pubsub.do.nohost.me / FossBytes · 4 days ago - 07:50 · 4 minutes
Does Clubhouse Record My Audio?
Clubhouse keeps a temporary recording of a room only if someone in the room reports an incident. So whenever you’re in a Clubhouse conversation, know that it is being recorded. If your room goes smooth and nobody reports about anything, then Clubhouse deletes the recording. If someone has reported an incident and the recording is stored, it is encrypted.
What Clubhouse hasn’t clarified is who listens in on the audio that is recorded. Also, it isn’t made clear how the app’s support determines which part of the conversation was reported. Another part which demands clarity is how different Clubhouse room recordings are treated.
For an open room, it is relatively fair for the company to keep the recording. However, a social or a closed room may even have intimate or “closed” conversations. If someone reports a closed room, it is definitely a breach of privacy if Clubhouse is listening in on that recording.
How Does Clubhouse Use My Data?
Clubhouse tracks your data, like the time you spend on Clubhouse and how you interact on the app. The company collects data in form of cookies, usage data, email clicks, and third-party sources. The structure is pretty similar to the other social media platforms we use today.
The app may also share your data with vendors and affiliates (third-party service providers). It may also share it with law enforcement if it’s legally required.
While it’s nothing outside conventional practice, but Clubhouse is on the same lines in data collection as Facebook. The latter took a lot of flak for its aggressive data collection and isn’t the ideal role model for privacy policies. Clubhouse could’ve taken a more privacy-oriented road and made a better set of policies since it is a new app.
Can I Delete My Clubhouse Account?
No, you can’t just open the app and delete your Clubhouse account in a few simple steps. In fact, you can’t even change your name or other details on your account. That said, there’s still a way to edit your account information or delete your Clubhouse account.
You’ll have to send an email to Clubhouse support with the details of what you want to change in the account. To delete your Clubhouse account, you can send a delete account request to the same email ID. It isn’t the fastest or the most seamless way to make changes, so be mindful of any spelling mistakes while signing up or you may need customer support to correct them.
Another problem is with the app accessing all your contacts. At least in a modern app, it should be an option to share contacts or not. Also, the only reason someone would share contacts with Clubhouse is to invite others on the platform. Such a basic feature should not require access to the entire contact list.
Since it is a voice-only medium, it isn’t made clear if Clubhouse can be obliged to share a closed conversation with law enforcement in case of a lawsuit. For instance, if someone reports a closed room, Clubhouse is obliged to keep a recording of the conversation from that room. If the complainant then decides to file a case in court, Clubhouse might be obliged to share that closed room conversation with the court.
TikTok agrees to proposed $92 million settlement in privacy class action
news.movim.eu / ArsTechnica · Friday, 26 February - 21:06
TikTok parent company ByteDance has agreed to a $92 million deal to settle class-action lawsuits alleging that the company illegally collected and used underage TikTok users' personal data.
The proposed settlement ( PDF ) would require TikTok to pay out up to $92 million to members of the class and to change some of its data-collection processes and disclosures going forward.
The suit, which rolled up more than 20 related lawsuits, mostly filed on behalf of minors, alleged that TikTok violated both state and federal privacy laws, including the Computer Fraud and Abuse Act and the Video Privacy and Protection Act, through its use of data.
1Password has none, KeyPass has none... So why are there seven embedded trackers in the LastPass Android app? LastPass says you can opt out though
Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Friday, 26 February - 09:17
The Exodus report on LastPass shows seven trackers in the Android app, including four from Google for the purpose of analytics and crash reporting, as well as others from AppsFlyer, MixPanel, and Segment. Segment gathers data for marketing teams and claims to offer a "single view of the customer", profiling users and connecting their activity across different platforms.
LastPass has many free users – is it a problem if the company seeks to monetise them in some way? Kuketz said it is. Typically, the way trackers like this work is that the developer compiles code from the tracking provider into their application. Even the app developers do not know what data is collected and transmitted to the third-party providers, said Kuketz, and the integration of proprietary code could introduce security risks and unexpected behaviour, as well as being a privacy risk. These things do not belong in password managers, which are security-critical, he said.
The article below does give guidance though on how to disable it, although the code remains in the app.
Firefox 86 brings multiple Picture-in-Picture, “Total Cookie Protection”
news.movim.eu / ArsTechnica · Wednesday, 24 February - 21:06
I installed Firefox 86 on my Ubuntu workstation using Snap, to be certain I wouldn't accidentally mess with my working system configuration. [credit: Jim Salter ]
Mozilla released Firefox 86 yesterday, and the browser is now available for download and installation for all major operating systems, including Android . Along with the usual round of bug fixes and under-the-hood updates, the new build offers a couple of high-profile features—multiple Picture-in-Picture video-watching support, and (optional) stricter cookie separation, which Mozilla is branding Total Cookie Protection .
Taking Firefox 86 for a spin
Firefox 86 became the default download at mozilla.org on Tuesday—but as an Ubuntu 20.04 user, I didn't want to leave the Canonical-managed repositories just to test the new version. This is one scenario in which snaps truly excel—providing you with a containerized version of an application, easily installed but guaranteed not to mess with your "real" operating system.
As it turns out, Firefox's snap channel didn't get the message about build 86 being the new default—the
latest/default snap is still on build 85. In order to get the new version, I needed to
snap refresh firefox --channel=latest/candidate .