close
  • Google’s FLoC Is a Terrible Idea

    The third-party cookie is dying, and Google is trying to create its replacement. No one should mourn the death of the cookie as we know it. For more than two decades, the third-party cookie has been the lynchpin in a shadowy, seedy, multi-billion dollar advertising-surveillance industry on the Web...

  • De chevron_right

    Privacy Cookbook - Chapter 3.0.1 - Ad & Bad Traffic (the new list)

    pubsub.do.nohost.me / Decentralized Today · 2 days ago - 23:00 · 2 minutes

Privacy Cookbook - Chapter 3.0.1 - Ad & Bad Traffic (the new list)

Over the years I've made the point on how important DNS is and that you can block, with a setup like AdGuardHome or Pi-hole via DNS, ads and domains that are spying on or monitoring you. I believe we created a great linked list previously but I'm feeling the need to renew the list of good ad blockers.

So here goes:

Adaway (focused on mobile ads)

https://github.com/AdAway/adaway.github.io

Adguard (general)

https://adguard.com/

Anti ad (general)

https://github.com/privacy-protection-tools/anti-AD/blob/master/README.md

Android tracking (its in the name)

https://github.com/Perflyst/PiHoleBlocklist

Andryou (compilation)

https://gitlab.com/andryou/block/-/blob/master/readme.md

anudeep (complication)

https://github.com/anudeepND/blacklist

bitcoin (mining)

https://github.com/hoshsadiq/adblock-nocoin-list

disconnect (general)

https://disconnect.me/

energiser blugo (compilation)

energized blu (compilation)

energized porn (compilation + porn)

energized ultimate (compilation)

energized unified (compilation)

https://energized.pro/

firetv tracking (tracking)

https://github.com/Perflyst/PiHoleBlocklist

Games tracking (tracking)

https://www.gameindustry.eu/

gaming (tracking)

https://github.com/abyssin/pihole-blocklist

malwaredomains (malware)

https://malwaredomains.com/

notracking (tracking)

https://github.com/notracking/hosts-blocklists

oisd nl (general)

https://oisd.nl/

openphish (phishing)

https://openphish.com/

phishing army (phishing)

https://phishing.army/

Easylist China (Chinese domains)

Easylist Czech

Easylist Germany

Easylist Spain

Easylist Finland

Easylist France

Easylist Indonesia

Easylist Italy

Easylist Korea

Easylist Netherlands

Easylist Poland

Easylist Russia

Easylist Vietnam

https://easylist.to/

shallalist (general)

shallalist porn (general +porn)

https://www.shallalist.de/

Smart tv tracking (in the name)

https://github.com/Perflyst/PiHoleBlocklist

Spam404 (general)

https://github.com/Dawsey21

stevenblack (compilation)

stevenblack porn (compilation + porn)

https://github.com/StevenBlack/hosts

stopforumspam (spam)

https://www.stopforumspam.com/

utcapitole (general)

https://dsi.ut-capitole.fr/blacklists/index_en.php

wally3k (compilation)

https://firebog.net/about

whocares (general)

https://someonewhocares.org/

winspy (windows telemetry)

https://github.com/crazy-max/WindowsSpyBlocker

yoyo (general)

https://pgl.yoyo.org/adservers

This is a list that refers to the original article and was updated last on the 31st July 2020.

I believe it's more important than ever to update your block lists and to keep them updated, thus this revised entry to the Cookbook.

And if you're looking for the easy road when it comes to DNS consider NextDNS

  • De chevron_right

    Ant-laden gloves and an old dog learns no new tricks

    pubsub.do.nohost.me / Decentralized Today · 3 days ago - 23:00 · 6 minutes

Ant-laden gloves and an old dog learns no new tricks

Some of you might remember a Privacy Cookbook entry about Ant-laden gloves and an Apple? So just like last time please bear with me and not go "damn he's lost his mind and become an Apple fanboy!"

I was making a point back then about The Sateré-Mawé indigenous people, ants and, well,...Apple. My boy is a big Apple Fan, even though he's switched all his gaming over to Linux which is a great first step in the right direction. But today I want to go in a different direction because I believe every small thing is a step in the right direction. In fact, I would say every little thing matters, like replacing WhatsApp with Signal (or Matrix for example with Element). On Android perhaps don't use any Google apps, don't log in to Google and use F-Droid and not the Playstore are all already great steps, not a total de-googled step, but every little thing counts and gives Google fewer options to track you and sell your data.

And regardless of how much of us privacy orientated people prefer GrapheneOS and Linux as our daily drive, we can't ignore that Apple did a few things right. And it is only fair to point these things out and hope that other open-source projects or closed-gardens follow suit.

With iOS 14 Apple introduced privacy to the App Store. Every App developer now needs to submit what the app is doing, in other words, if they have trackers, if they connect to locations etc. There's a great step in the right direction, even though Apple is not really checking on each app and what the devs submit!. However, if an app gets caught doing something what was not submitted or was wrongfully submitted to the App Store Apple will remove the app indefinitely from its store. This is a great step in the right direction, and we have seen thanks to this approach Android is integrating something similar to the next Android update.

I was also therefore happy seeing the indicators of microphone and cameras on iOS. Another great step forward was, of course, the approximate location feature which only allows apps to get your approximate location, very handy for weather apps, or local news etc. without giving the game away completely.

In the new update on iOS 14.5 we will see something else that goes in the right direction. Apple is replacing the Safari feature for fraudulent websites and therefore Google Safe Browsing to be protected over an Apple tunnel. This means Google will not get your IP address or has the option to see what sites you use. Less tracking if you like. I highly doubt we'll see this on an Android update ;) but yes, I can see GrapheneOS having their tunnel server for this in an upcoming update.

Zero-Click Attack Prevention is another interesting approach. iOS and iPadOS 14.5 include extended PAC security provisions that are designed to make zero-click attacks more difficult to execute. With zero-click attacks, hackers are able to break into a target device without victim interaction, such as clicking a link, which makes them harder for users to detect.

Apple is already addressing iMessage Zero-Click attacks with something they call BlastDoor which will have links sent via iMessage (and later via mail etc.) and opened in isolation. This means that even if it has trackers or a bad code the link would not reach the operating system. I hope we'll see this for other apps as well, and perhaps the folks at Element, Signal et al could have a look and do this for their own apps.

I know Apple is still not open-source and by no mean matches the privacy you get with GrapheneOS or with a better Linux setup, but for the users who ask what should I get Android or iOS (out of the box) wise, perhaps for the non-geeks out there, the grandmothers, mothers or hell even the parents who can't completely tell their children to 'not use any gadgets', iOS is easing in the right direction.

The best part is that it doesn't take tweaks or much of an effort to get less tracked and less data sold. With a DNS, perhaps with some tracker blocking including Apple's own, you can get a pretty sweet but easy setup.

I recommend NextDNS, which has a simple iOS setup, by just visiting apple.nextdns.io

Within NextDNS you can block trackers based on companies, this includes an Apple list which blocks Apple from  collecting most data, yet leaves the OS fully functional.

This is not a Privacy Cookbook entry on how to tweak your phone article, but to make a point that Apple is, indeed, trying to do a few more things right and that, hopefully, we'll see Android follow. The argument for Linux and GrapheneOS stands, they're open-source, you can tweak it better and you can install apps that are not on any App Store.

However, for most people who need to use apps that need location services, be it for transportation, for travelers or, of course, simply for users who don't want to tweak and search for a replacement app that will almost be the same as the app that you used to use, iOS is indeed doing some things right.

I still recommend Linux and GrapheneOS or better no cellphone at all! But I wanted to make the point that not all Apple does toward privacy is a gimmick and just used to promote their product.

But I understand that 'out of the box' iOS beats Android on privacy. The Screen Time app can also prevent Apple or any other app from modifying things on your setup. A great setup guide, which is easy to follow, was recently published on thenewoil

And best of all you can limit your kids app use! Have a look to the Screen Time setup and get better control over what your kid is using. I understand that kids use too many gadgets, but it is your job to limit and control the apps your kid is using. And iOS as a very cool and easy app to do just that.

I know many of my followers will have arguments about Apple being a closed- garden, and that Linux phones are out there as well. I also mentioned replace WhatsApp with Signal (and I do not use Signal, let alone WhatsApp) I use Matrix (SchildiChat and GrapheneOS) if I use a phone. Furthermore, I use Linux as my daily drive when it comes to my personal choice of OS, that is for privacy reasons, but also because I just love it.

But not everyone has the knowledge, or the time to learn new tricks. As we say an old dog learns no new tricks. But an old dog that can send a WhatsApp message on Android will be able to use Signal on iOS. And every bit counts!

  • Fo chevron_right

    Everything To Know About Clubhouse Privacy Policy: Should You Worry?

    pubsub.do.nohost.me / FossBytes · 4 days ago - 07:50 · 4 minutes

Everything you need to know about Clubhouse Privacy Policy featured image

The Clubhouse app is the new buzz in the social media market. With its voice-only nature, think of it like a radio or a podcast, where you can take part in the conversation too. It sounds like a great idea, but the Clubhouse privacy policy is probably a caveat in this app’s design.

So we’ve compiled everything you need to know before using Clubhouse. Let us answer some important questions and dive into the Clubhouse privacy policy and what it means for you.

Does Clubhouse Record My Audio?

Clubhouse keeps a temporary recording of a room only if someone in the room reports an incident. So whenever you’re in a Clubhouse conversation, know that it is being recorded. If your room goes smooth and nobody reports about anything, then Clubhouse deletes the recording. If someone has reported an incident and the recording is stored, it is encrypted.

What Clubhouse hasn’t clarified is who listens in on the audio that is recorded. Also, it isn’t made clear how the app’s support determines which part of the conversation was reported. Another part which demands clarity is how different Clubhouse room recordings are treated.

For an open room, it is relatively fair for the company to keep the recording. However, a social or a closed room may even have intimate or “closed” conversations. If someone reports a closed room, it is definitely a breach of privacy if Clubhouse is listening in on that recording.

How Does Clubhouse Use My Data?

Clubhouse Privacy policy- How does Clubhouse use my data

Clubhouse tracks your data, like the time you spend on Clubhouse and how you interact on the app. The company collects data in form of cookies, usage data, email clicks, and third-party sources. The structure is pretty similar to the other social media platforms we use today.

The app may also share your data with vendors and affiliates (third-party service providers). It may also share it with law enforcement if it’s legally required.

While it’s nothing outside conventional practice, but Clubhouse is on the same lines in data collection as Facebook. The latter took a lot of flak for its aggressive data collection and isn’t the ideal role model for privacy policies. Clubhouse could’ve taken a more privacy-oriented road and made a better set of policies since it is a new app.

Can I Delete My Clubhouse Account?

Everything you need to know about Clubhouse Privacy Policy

No, you can’t just open the app and delete your Clubhouse account in a few simple steps. In fact, you can’t even change your name or other details on your account. That said, there’s still a way to edit your account information or delete your Clubhouse account.

You’ll have to send an email to Clubhouse support with the details of what you want to change in the account. To delete your Clubhouse account, you can send a delete account request to the same email ID. It isn’t the fastest or the most seamless way to make changes, so be mindful of any spelling mistakes while signing up or you may need customer support to correct them.

Should You Worry About Clubhouse Privacy Policy? You Decide!

Just like any other policy, Clubhouse also has its own pros and cons. We can appreciate the clarity of Clubhouse’s privacy policy in terms of data sharing. On the downside, there are ambiguities like the recording or closed rooms, and information on when the recordings are deleted.

Another problem is with the app accessing all your contacts. At least in a modern app, it should be an option to share contacts or not. Also, the only reason someone would share contacts with Clubhouse is to invite others on the platform. Such a basic feature should not require access to the entire contact list.

Since it is a voice-only medium, it isn’t made clear if Clubhouse can be obliged to share a closed conversation with law enforcement in case of a lawsuit. For instance, if someone reports a closed room, Clubhouse is obliged to keep a recording of the conversation from that room. If the complainant then decides to file a case in court, Clubhouse might be obliged to share that closed room conversation with the court.

In a nutshell, the main part of the privacy policy needs to have a lot more clarity. Other than that, Clubhouse hasn’t shied away from walking in Facebook’s shoes when it comes to tracking and data collection. This is questionable but not out of place. As a new app, Clubhouse could’ve done better than its current privacy policy. You can read the full policy here .

The post Everything To Know About Clubhouse Privacy Policy: Should You Worry? appeared first on Fossbytes .

  • Ar chevron_right

    TikTok agrees to proposed $92 million settlement in privacy class action

    news.movim.eu / ArsTechnica · Friday, 26 February - 21:06

TikTok agrees to proposed $92 million settlement in privacy class action

Enlarge (credit: Mateusz Slodkowski | SOPA Images | LightRocket | Getty Images )

TikTok parent company ByteDance has agreed to a $92 million deal to settle class-action lawsuits alleging that the company illegally collected and used underage TikTok users' personal data.

The proposed settlement ( PDF ) would require TikTok to pay out up to $92 million to members of the class and to change some of its data-collection processes and disclosures going forward.

The suit, which rolled up more than 20 related lawsuits, mostly filed on behalf of minors, alleged that TikTok violated both state and federal privacy laws, including the Computer Fraud and Abuse Act and the Video Privacy and Protection Act, through its use of data.

Read 10 remaining paragraphs | Comments

index?i=KbKG9WD5tak:uJLvMqgpDZM:V_sGLiPBpWUindex?i=KbKG9WD5tak:uJLvMqgpDZM:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ga chevron_right

    1Password has none, KeyPass has none... So why are there seven embedded trackers in the LastPass Android app? LastPass says you can opt out though

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Friday, 26 February - 09:17

The Exodus report on LastPass shows seven trackers in the Android app, including four from Google for the purpose of analytics and crash reporting, as well as others from AppsFlyer, MixPanel, and Segment. Segment gathers data for marketing teams and claims to offer a "single view of the customer", profiling users and connecting their activity across different platforms.

LastPass has many free users – is it a problem if the company seeks to monetise them in some way? Kuketz said it is. Typically, the way trackers like this work is that the developer compiles code from the tracking provider into their application. Even the app developers do not know what data is collected and transmitted to the third-party providers, said Kuketz, and the integration of proprietary code could introduce security risks and unexpected behaviour, as well as being a privacy risk. These things do not belong in password managers, which are security-critical, he said.

The article below does give guidance though on how to disable it, although the code remains in the app.

See https://www.theregister.com/2021/02/25/7_trackers_in_lastpass_android/

#technology #privacy #lastpass #trackers

  • Ar chevron_right

    Firefox 86 brings multiple Picture-in-Picture, “Total Cookie Protection”

    news.movim.eu / ArsTechnica · Wednesday, 24 February - 21:06

Mozilla released Firefox 86 yesterday, and the browser is now available for download and installation for all major operating systems, including Android . Along with the usual round of bug fixes and under-the-hood updates, the new build offers a couple of high-profile features—multiple Picture-in-Picture video-watching support, and (optional) stricter cookie separation, which Mozilla is branding Total Cookie Protection .

Taking Firefox 86 for a spin

Firefox 86 became the default download at mozilla.org on Tuesday—but as an Ubuntu 20.04 user, I didn't want to leave the Canonical-managed repositories just to test the new version. This is one scenario in which snaps truly excel—providing you with a containerized version of an application, easily installed but guaranteed not to mess with your "real" operating system.

As it turns out, Firefox's snap channel didn't get the message about build 86 being the new default—the latest/default snap is still on build 85. In order to get the new version, I needed to snap refresh firefox --channel=latest/candidate .

Read 13 remaining paragraphs | Comments

index?i=39ugB7go3uQ:7a62q7QOvBI:V_sGLiPBpWUindex?i=39ugB7go3uQ:7a62q7QOvBI:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA