cross-posted from: https://lemmings.world/post/8926396

In light of the recent TunnelVision vulnerability I wanted to share a simple firewall that I wrote for wireguard VPNs.

https://codeberg.org/xabadak/wg-lockdown

If you use a fancy official VPN client from Mullvad, PIA, etc, you won't need this since most clients already have a kill switch built in (also called Lockdown Mode in Mullvad). This is if you use a barebones wireguard VPN like me, or if your VPN client has a poorly-designed kill switch (like NordVPN, more info here).

A firewall should mitigate the vulnerability, though it does create a side-channel that can be exploited in extremely unlikely circumstances, so a better solution would be to use network namespaces (more info here). Unfortunately I'm a noob and I couldn't find any scripts or tools to do it that way.

cross-posted from: https://lemmy.world/post/15187027

cross-posted from: https://lemmy.world/post/15187023

Received notice of a change to the service in my inbox today. Seems icky to me.

Devices in the network use Bluetooth to scan for nearby items. If other devices detect your items, they’ll securely send the locations where the items were detected to Find My Device. Your Android devices will do the same to help others find their offline items when detected nearby

Your devices’ locations will be encrypted using the PIN, pattern, or password for your Android devices. They can only be seen by you and those you share your devices with in Find My Device. They will not be visible to Google or used for other purposes.

Materialious now can be used as a Desktop or Android application. Allowing it to be used for any Invidious instance!

https://github.com/Materialious/Materialious/tree/main?tab=readme-ov-file

Here's what he said in a post on his telegram channel:

🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷

🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕‍🦺

🕵️‍♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡

🕵️‍♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

Original post: https://t.me/durov/274

I've attempted to create a VM on my ubuntu host machine that is accessing the internet via a dedicated VPN app. I'm able to disconnect my host VPN and access the web within the VM, but cannot access the web when the host VPN is enabled. Ideally I'd like to enable the VPN on the host and pass through web access to the VM.

I have two questions:

1. If my use case is to use a VM to increase privacy and security as well as isolate my operations within the VM from my host, is it better to have the VPN app from inside the VM or pass the host's through to the VM?
2. If it doesn't make much of a difference, how can I go about passing the host's VPN to the VM?

In either scenario, I'd still like to keep the host's VPN active while being able to use the VM, which I currently cannot.

12ft ladder doesnt seem to work anymore, on major sites at least. Does anyone have an alternative? Gracias

I used to use Protonmail, however the verification steps become tedious when creating unique emails for sign ups. I've switched to Tutanota despite it contravening their one account policy. What do you all use for one off emails (for sign ups etc )? Or do you prefer one of those 10 minute email sites?

Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.

Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.

This post will be my personal experience about trying to gain back my privacy after years of being privacy unconscious. And foremost I want to apologize for my English, if it isn't perfect, 'cause English is not my first language.

I was already using Linux for the past year. I tried switching to it three times, and only the third time was successful. Also interested in open source I was for quite a long time, but the privacy topic has never really interested me. I was following this stupid statement: «I don't worry about privacy because I have nothing to hide», which I regret now. But last Christmas, I suddenly realized how much data I was giving away to Big Tech (and not only them). I can't perfectly remember what did lead me to that realization. Was it some YouTube video, privacy policy that I suddenly decided to check out or something else, but I immediately started to action.

For the past 6 months I deleted more than 100 accounts. Sometimes it was as easy as to press the button, sometimes I had to email support, and sometimes I literally had to fight for my right to remove the account. Even today there are still 7 accounts left, that I can not delete either because support is ignoring me, or because the process is too slow, or because the service simply does not give the right to remove user account.
JustDeleteMe actually helped me very much with that process, and I've even contributed to the project a few times, so to the other users who'll follow my way the process would be at least a little easier.

Today is a special day, though, because I finally get rid of my Google and Microsoft accounts. I can finally breathe free. My situation is still not perfect, 'cause I still have some proprietary, privacy invasive accounts left, like Steam, Discord, or my banking apps. I can't just immediately drop them, but at least I've reduced the amount of information I left behind.
What's the moral? Welp, it would be so much easier for today's me if yesterday's me had been concerned about privacy in the first place.

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

I use Aegis as my 2fa. Today on new token creation I observed that there's hash function set to SHA-1, later checked all my tokens and the result is same type of encryption used for all. So I have edited all my tokens to SHA-256 as a result my totp doesn't authenticate. Do I have to rescan my tokens for updating to SHA-256 or it doesn't work like that?

Security: SHA-1 < SHA-256 < SHA-512

Speed: SHA-1 > SHA-256 > SHA-512

My doubts are: Why can't we use SHA-256? Is it because TOTP requires less time so faster one(SHA-1) is chosen? Can we use SHA-256 for TOTPs?

Pulling this off requires high privileges in the network, so if this is done by intruder you're probably having a Really Bad Day anyway, but might be good to know if you're connecting to untrusted networks (public wifi etc). For now, if you need to be sure, either tether to Android - since the Android stack doesn't implement DHCP option 121 or run VPN in VM that isn't bridged.

Over the years I have saved many bookmarks in Firefox in various folders for interesting, useful or just frequently used websites.

Now I've recently moved a lot of stuff to more private (foss/selfhosted) alternative and I'm considering moving browsers too. Since the bookmarks are so integrated into the browser I was wondering what you guys do/recommend in order to keep a bit more freedom.

One option I could think of would be to write them into a Markdown doc and to sync it with all the other notes I keep but that's a bit inconvenient - there's got to be a nicer way that doesn't send every action to a browser corpo, right?

Hi, I used to use Instander to browse Instagram privately but it doesn't seem to be updated anymore, is there an alternative that you recommend that has similar features? Like "ghost mode" when watching stories

(timestamp-link) iPad Pro M4 Hands on - Why I just bought it.
Review from a top YT reviewer, Mrwhosetheboss. How do you guys feel about it?

Title is editorialized because the original is, frankly, clickbait garbage

Simple steps to take before hitting the streets

Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the current reality. In light of that reality, I believe that an encrypted email provider is a must-have for everyone in today’s age of rampant data breaches, insider threats, warrantless police access, and targeted advertising. If I can get access to your emails, I can get a range of sensitive information including where you bank (to craft more convincing phishing attacks), information about pets (I get notifications each year from the vet for my cats’ annual checkups), calendar reminders, news announcements from family, support tickets from services you use, and more. In a worse case scenario, if I get access to the account itself, it’s trivial to simply issue password reset requests for nearly any of those accounts, have it to sent to said compromised email account, and gain access to a wide number of other accounts you use – from banking to shopping and more – for any number of reasons. So this week, let’s look into the top encrypted email providers The New Oil recommends and their features to help decide which one is right for you.