cross-posted from: https://lemmy.world/post/37402366

This is the main reason I completely ditched Reddit, if you use the new Reddit interface instead of the old one (old.reddit.com), you'll see a constant request being made to "https://www.reddit.com/svc/shreddit/events" (open your DevTools > Network tab, can't see on Firefox idk why).

The problem is, if you add this to your Ublock Origin filters the website won't load properly, that's why uBO team didn't block it already.

You'll notice this request isn't only being made from a interval but also when you do basically any action in the site, like pausing or resuming a video (send timestamps of when did you pause or resumed).

It sends other kind of data like what subjects you're seeing when closed a tab or the related subjects of a post you click, this all can be used to trace a perfect profile of you and things you like.

You can avoid that using the old.reddit but it still has the same kind of tracker, even tho you can block it here without major issues.

By my analysis, old Reddit interface does the same but to a random URL path that always starts with "reddit.com/api/something". Ex.: reddit.com/api/friends So you can block anything that starts with "www.reddit.com/api" in your custom filters (after all you're using old.reddit.com), then you're mostly free from Reddit trackers (more or less). Side effect is, you won't be able to use the chat in the old interface.

After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.

Providers

• AirVPN
• IVPN
• Mozilla VPN
• Mullvad VPN
• NordVPN
• NymVPN
• Private Internet Access (abbreviated PIA)
• Proton VPN
• Surfshark VPN
• Tor (technically not a VPN)
• Windscribe

Notes

• I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
• Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
• Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
• Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
• The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
• Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
• All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
• Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
• Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.

Takeaways

• If you don't mind the speed cost, Tor is a really good option to protect your IP address.
• If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
• If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.

ODS file: https://files.catbox.moe/cly0o6.ods

I made a spreadsheet comparing different open source VPN providers.

Part 2 here

Providers

• IVPN
• Mozilla VPN
• Mullvad VPN
• NymVPN
• Proton VPN

Notes

• Please do not start a flame war about Proton.
• Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
• The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
• IVPN has two differing plans, which is why "Standard" and "Pro" are sometimes differentiated.
• For accounts, "Generated" means a random identifier is created for you to act as your account, "Required" means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
• Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
• All prices are in United States Dollars. Tax is not included.
• Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
• The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
• The Proton VPN Flatpak is unofficial, but based on the official code.
• Availability on secureblue is based on the ujust install-vpn command. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages.
• I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.

Takeaways

• NymVPN is very very new, but it's off to a strong start. It wins in almost every category. I actually hadn't heard of it until I started this project.
• If you want a free VPN, Proton VPN is the only one here that meets that requirement.
• If you want to pay week-by-week, IVPN is the only one that allows that.
• If you're paying month-by-month on a budget, Mullvad VPN is the cheapest option.
• NymVPN is the cheapest plan for anything past 1 month.
• If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
• If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
• Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn't even matter.

If you have any sense of privacy, you know better than to use Google's official Youtube clients - not to mention, they're really kind of terrible.

To view Youtube video comfortably and limit Google's privacy invasions, the main third-party clients are:

• NewPipe and derivatives (Android)
• Grayjay (Android)
• Freetube (Desktop)
• Grayjay desktop - x64 only (Desktop)

Unfortunately, if you've been using those third-party clients for a long time, you know Google plays a game of cat and mouse with them, to discourage users from using them:

• Google breaks something or other (usually the player API) or Google blocks your IP because it detects a non-Google player.
• The developers of those clients play catch-up, make their clients work again for a while.
• Google breaks them again. Rinse. Repeat.

And Google now having free rein to be as abusive as they want under the Trump regime, it's not getting any better ☹️

The developers who react most quickly to Google's shenanigans are the FUTO developers behind Grayjay: when Google breaks it, usually they have a fix within hours, if not less. And there's a reason for that: they're paid to do it. Incidentally, I encourage you to purchase a FUTO license: it's money well spent to encourage FUTO. They've really earned it.

The Newpipe developers are also fairly quick to fix their client. Not always, but they do a pretty decent job.

Freetube however can take many days to get fixed. For instance, the native Freetube player is currently broken and it's been broken for a week.

When Google plays with everybody's balls, if you're on mobile, at least Grayjay will almost always get the job done, so you don't have to compromise your privacy and hit the official client.

On the desktop however, ~~unless you have an ARM64 machine and you use Grayjay as a desktop app in Waydroid - which is a totally valid solution that works great, in case you didn't know~~ [EDIT: this is incorrect: there is in fact an x64 Grayjay desktop client - Thanks @portnull@lemmy.dbzer0.com], Freetube will sadly let you down regularly for a long time.

The official workaround recommended by the Freetube developers when Google breaks their player is to use an external player. But there are two problems with that:

• If you don't use the right external players - which Google likely broke too - or the player isn't configured to use the latest and greatest Google evasion code, it's not going to work.
• When spawning Freetube with a URL (typically by LibRedirect from your browser), Freetube ignores the external player and tries to play the video with its broken internal player anyway. You can always manually tell it to use the external player after it's failed trying to play the video itself, but it's an extra step, and you end up running both Freetube and the external player just to view a Youtube video from a website.

So I figured I'd post a little guide on how to setup an external video player that works with Freetube (and gets fixed quickly when Google breaks it) and how to spawn it directly from your browser to view a video and bypass LibRedirect / Freetube entirely.

This little guide is mostly for Linux. If you're not running Linux, the principle should be the same, but the details of how to make this work are different of course.

So the player you need is SMPlayer. SMPlayer is a great mpv player frontend in its own right. Don't worry, both mpv and SMPlayer are usually available in most distros, so you can install it normally with your favorite package manager.

But the thing that makes SMPlayer great is, to play Youtube video, it can use yt-dlp as a backend to fetch the video from Youtube:

And it turns out, the developers of yt-dlp are usually very quick to unfuck Google's fuckeries and make it work again. Almost as quick as FUTO's developers: when Google breaks things, yt-dlp is usually one of the first Youtube clients to start working again.

The problem is, the version of yt-dlp that comes in most distributions is usually hopelessly behind, so it won't work with your distro's official package.

To use the latest and greatest yt-dlp with SMPlayer, you need to use the version in the Github repo. To do this:

• Clone the repo (for example in your home directory): git clone --recurse-submodules https://github.com/yt-dlp/yt-dlp.git
• Make yt-dlp available in your PATH: ln -s ~/yt-dlp/yt-dlp.sh ~/.local/bin/yt-dlp

Then if you invoke yt-dlp from any directory, it should start it correctly:

$ yt-dlp  

Usage: yt-dlp [OPTIONS] URL [URL...]  

yt-dlp: error: You must provide at least one URL.  
Type yt-dlp --help to see a list of all options.  

Then you can try if SMPlayer now plays a Youtube video correctly: smplayer https://youtu.be/jNQXAC9IVRw

Finally, configure Freetube to use SMPlayer as an external player:

Now try to play a video from Freetube: it should open SMPlayer and SMPlayer should play the video correctly.

When Google breaks yt-dlp again, simply go into the repo and do a git pull --recurse-submodules. Do this regularly until the yt-dlp folks work their magic and fix it, which should happen a lot quicker than fixing the internal Freetube player.

Finally, how to spawn SMPlayer directly from the browser:

• Install the RunWith browser extension: this little thing is a simple tool to spawn an external program from the browser and it's really underrated. Not terribly user-friendly to install but it does the job fine.
• In the RunWith extension preferences, configure RunWith like so:

Then if you right-click on a Youtube video link, you'll get an option in the context menu to open it with SMPlayer through RunWith:

I hope this helps 🙂

First things first, when i delete any account i have i make sure to delete everything inside the account first, convos, posts, stories or any type of activity.

I'm in process of deleting my instagram and i already cleaned everything up except the final boss, my story archive, i have never toggled the archiving option off so the archive has accumulated stories for around 8 years, and of course meta won't let you bulk delete the archive.

my question is, does it really matter doing all of that before deleting when it comes to privacy?

or can i just simply ignore the fact that the story archive is still there and delete the account anyway?

I'm not even sure about all the steps that i do but i just do it so everthing feels clean when i arrive to the deletion button.

Biggest threat for our privacy is real in Switzerland !

#EID #Switzerland #Privacy

They don't have a social media service, right? So where do they get the data to train their AI models ? Surely they need a lot, right? It would be nice if the public knew who cooperates with them (other than governments) and just boycott their services, or at least pressure them.

If company X doesn't offer your data to governments officials, but offers them to Palantir which makes a profile of you that it offer to the same officials, isn't that even worse ?

Saw this in my adguard home query logs.

A nonprofit organization dedicated to advancing human rights in digital spaces across West Asia and North Africa — is warning that Israeli-linked software secretly embedded in Samsung phones across the MENA region poses a serious surveillance threat.

According to SMEX, Samsung’s A and M series devices either come preloaded with the app “Aura” or install it automatically through system updates, without the user’s consent. The application reportedly collects a wide range of personal and device-specific data, including IP addresses, device fingerprints, hardware details, and network information.

​​In 2022, Samsung MENA partnered with Israeli tech company IronSource, integrating its Aura software into Galaxy A and M series phones across the region. The partnership was publicly marketed as a way to “enhance user experience” with AI-powered apps and content suggestions.

We all hate google and youtube, but overall as a community we're all simultaneously lukewarm and non-committal about pushing towards using an alternative. I admittedly cling to invidious frontends for dear life.

It seems like whenever somebody asks for an alternative to youtube, they're offered Odysee and Peertube, but inevitably many others chime in about the shortcomings of both of those platforms.

Can we as a community come to a consensus as to which of these platforms should be pushed forward?

I don't even think it needs to be a binary choice. Obviously youtube cannot be immediately replaced for it's archival of educational and tutorial videos, but we can at least push newcomers towards using invidious frontends for those instances.

Maybe Odysee is better for some type of content over Peertube. Let's discuss which platform works best for what and try to be more active about sharing and promoting them not just to viewers but potential creators as well.

If you go to share a youtube link, try to see if that video exists on an alternate platform first and share that link instead. I think that's a good first step towards getting away from youtube in the privacy community.

But youtube alternatives are still very much on the fringe and I'm hoping this post will at least inspire some discussion about changing that.

Was forced to use WhatsApp a while ago and didn't want to give Facebook my phone number.

Got a pretty cheap prepaid SIM, forced myself through the KYC, used it for close to a year without issues. Now they want me to top it up with at least 15€ to avoid cancelation. Surely there's a cheaper way?

Are there any services which you believe are honeypots?

cross-posted from: https://jlai.lu/post/24787719

Starting next year, Google will begin to verify the identities of developers distributing their apps on Android devices, not just those who distribute via the Play Store.

Dropsitenews published a list of websites Facebook uses to train its AI on. Multiple Lemmy instances are on the list as noticed by user BlueAEther

Hexbear is on there too. Also Facebook is very interested in people uploading their massive dongs to lemmynsfw.

Full article here.

Link to the full leaked list download: Meta leaked list pdf

I know there are plenty of software missing from here. This is just a fun infographic I made, no need to take it seriously :)

Both auto-forwarding and auto-reply are paid features, which makes cancelling & switching much more difficult. Gmail is a breeze comparatively. I highly recommend against using their addresses (e.g. protonmail.com, proton.me, pm.me)

Email forwarding is available for everyone with a paid Proton Mail plan.

(source)

cross-posted from: https://lemmus.org/post/13908976

By Jen Sorensen.

I'd appreciate any insight ppl can offer, especially relative to mullvad VPN: could a casual privacy valuer benefit from this over mullvad now or in the future?

Has anyone seen this one listed on VPN comparison sites?

Same:

They take straight monero and generate accounts from no personal info

Pros:

It's something like 1$/device/mo, so sometimes cheaper than mullvad.

Doesn't use gmail or centralized servers like mullvad, argued here; went over my head

Something about improving browser privacy

Cons:

Beta; small project; haven't found credible endorsements

A translation of this article with a few (minor additions). I could not find an English-language article. The original article has informative illustrations.

“Archive.Today” is a popular website for access to paid media content. Well-known domain names for the website are archive.is and archive.ph (and archive.md, archive.fo, archive.li, archive.vn).

What many users do not know: The website provides users' data to Russia.

The data goes to Mail.ru and thus to the Russian Internet company VK. A look at the website with Webbkoll shows the following Russian domain names:

• privacy-cs.mail.ru
• r.mradx.net
• rs.mail.ru
• top-fwz1.mail.ru

First and foremost, top-fwz1.mail.ru/js/code.js is integrated. Further code from Russia is then loaded.

The following applies to Russian Internet companies:

“Russia demands unconditional cooperation and extensive control options from its flourishing IT economy. It is not just about the full possession of the largest social network (VK) and the largest payment service (Mail.ru), but in the case of Yandex also to influence the entire output of Yandex News.

The data collected show which Paywall content is particularly popular in western media, but could also provide insight about their users. One can speculate about the importance of such data in the hybrid Russian war against Europe and the rest of the West.

(the following part is about the most common originating news sites in Switzerland that are to be archived. It refers to the above mentioned paywall content)

Incidentally (and in addition), anyone who pays for the paid media content must (also) expect for user data to go to Russia:

«Until recently, Ringier sent - thanks to these cookies - the IP addresses of "Blick" readers to the Russian tech company Yandex. […] Yandex is also listed at «20 Minuten». The free news portsal of the TX Group also works with the platform of the Interactive Advertising Bureau. […] The NZZ also sent data to the east. The traditional company on Falkenstrasse has integrated dozens of trackers, including from Yandex and also from Rutarget, an advertising company that belongs to the Russian Sberbank, is fully controlled by the state and is on the sanction list of the United States. »

The operators of «Archive.Today» do not open their identity. Neither an impressum nor a data protection declaration can be found on the website.

“Liberapay” in France should be able to say who operates “archive.today”. If you click on the "Donate" button at "Archive.Today", you will be forwarded to the donation platform "Liberapay".

A (more) reputable alternative is the Internet Archive at Archive.org, best known for the archiving of websites at web.archive.org.

Posted to privacy@lemmy.ml, privacy@lemmy.dbzer0.com and privacy@lemmy.world

edit 2 days later:

I'm aware this isn't the biggest smoking gun ever. But this particular service is in such widespread use that I feel it's important to shine a light on it.

Of course any post with certain keywords in the title will attract weird commentary, but I think you'll find that even the most contrary ones do not dispute the facts outlined in the article - just try to play them down, or ridicule them.

It's free, it has fast servers, it doesn't ask questions of you. It's a godsent!

before buying expensive routers check OpenWRT's table of hardware and buy one that is supported by the current OpenWRT release and has decent specs. There is a detailed installation guide for each supported device in the wiki too so there are no excuses it's dead simple. Free yourself from stupid hardware manufacturers and their planed obsolescence products.

• Edit: also here is the new version of the table of hardware with more details They seem to have buyers guide too in the wiki.
• Edit2: seems like GL.iNet devices ship with OpenWRT out of the box with their GUI on top and you still have access to openwrt under the hood if you need it which sounds awesome so look into them if you're interested. Thanks you guys who brought them up.
• Edit3: there is firewall sulotion called OPNSense which is not limited to commercial routers like OpenWRT and can be run on any x86 hardware of your choice (like N100 mini pcs) so look into it if you're interested. Many thanks to the guys who contributed in the comments
• Edit4: Sorry for the multiple edits but some of you guys suggest some fantastic insights that I had to add. Anyways here is a list of good candidate devices for hassle free installation and yet powerful enough hardware from OpenWRT's Forum
• I promise it's gonna be the last Edit. OpenWRT has a official device they made themselves called OpenWRT ONE (I think the second one is also in the works). It hase good specs for home network and you support the project too. Here is the link to official Retailers

It's no secret that we trade our information for access to the Internet. So what do you prefer a subscription based Internet with privacy protection or a free internet with companies allowed to take and sell your data

The title says it all. Part of what i do now is to convince people to care about their privacy. I know I cannot force people to do anything. And I have a charisma level of -1, if this was an rpg. Like its nonnexistent.

I feel lonely in general because it feels like people make me feel like I'm delusional for caring about protecting my privacy. Maybe there is a support group for that🤣🤣🤣

But anything I can specifically say that works best in planting a seed in people's mind?

I like sharing my thoughts and struggles here, but I don't want it to be a permanent digital footprint and wish to delete all the posts and comments one day.

I'm currently running Deepseek on Linux with Ollama (installed via curl -fsSL https://ollama.com/install.sh | sh), and I specifically have to run it on my personal file server because it's the only computer in the house with enough memory for the larger models. Since it's running on the same system that has direct access to all my files, I'm more concerned about security than I would be if it was running on a dedicated server that just does AI. I'm really not knowledgeable on how AI actually works at the execution level, and I just wanted to ask whether Ollama is actually private and secure. I'm assuming it doesn't send my prompts anywhere since everything I've read lists that as the biggest advantage, but how exactly is the AI being executed on the system when you give it a command like ollama run deepseek-r1:32b and have it download files from where it's downloading from by default? Is it just downloading a regular executable and running that on the system, or is it more sandboxed than that? Is it possible for a malicious AI model to scan my files or do other things on the computer?