Category: n

Reducing voice assistant damage

I’ve been searching about smart voice assistants like google’s one, and they’re pretty creepy. But they are useful. I found out that you can run alexa or googke assistant on a raspberry pi, so I was thinking if there are other similar but safer and open source assistants that I could run on it. Do you guys know of any alternatives? It would also be interesting to know of a separate program that blocks the mic locally until the trigger word is sad, and then sends only the command to google.

Found here

WordPress & GDPR compliance

Hey guys,

to all of you who are struggling to make their blog or website GDPR compliant (like me!).

I created a list where I collect WordPress plugins and their status regarding GDPR compliance (including what personal data is processed and where as well as solutions to keep using them and alternative plugins):

Hope that helps you! Feedback and additions to the list are always welcome. ❤️

Found here

Google has inside track to market first x-ray …

Google has inside track to market first x-ray vision cell phone camera:

Google has inside track to market first x-ray vision cell phone camera

From here

Dumb thoughts on email security

I am a privacy newb. Where am I going wrong?

You’ve always wanted to encrypt your emails. End-to-end encryption. Too bad none of your normie friends would ever bother with GPG, so you can’t send encrypted emails to anyone.

Autocrypt. Now we’re talking. You get your mom / gf / wife to install and set up K-9 on their phone. Argh, what a pain, now they hate you for it. But it’s OK, at least all your emails are now e2e encrypted.

A year later, they upgrade their phone, and guess what, they didn’t transfer their keys — obviously. Now they can’t read any of your old emails. They can read all the boring emails from all of their normie friends, but they can’t read your super cool secret emails that are all encrypted, and they don’t have the key.

OR, better yet. They install K9 on their phone. But they also use a laptop. Obviously. So you get them to install Thunderbird / Enigmail, walk them through the autocrypt setup message, which is easy enough, but now they hate you even more. But at work, they use gmail / yahoo / hotmail webmail, and they can’t read any of your emails. Sad.

Now, I am thinking. What is the purpose of email encryption? What are we trying to achieve? Do YOU encrypt emails? What are YOU getting from it, realistically?

Is it better (in terms of normies not losing their keys) for the key to be stored on the email server (not the email client) and be encrypted with the user’s password? Then, as long as the user can access their email account, whether from their phone or web, they have access to their key.

Found here

One Woman Who Knew Her Rights Forced Border Pa…

One Woman Who Knew Her Rights Forced Border Patrol Off a Greyhound Bus:

One Woman Who Knew Her Rights Forced Border Patrol Off a Greyhound Bus

From here

My threat model. Please advise.

I have constructed my threat model for your advice, using the sample from the EFF:

What do I want to protect? In order of importance:

  • Billing/credit card information
  • Home address
  • Constant location
  • Private communication
  • Browsing data

Who do I want to protect it from? In order of importance:

  • Private citizens. Getting doxxed, stalked, or identity/money stolen.
  • Government (distant second)

How bad are the consequences if I fail?

  • Billing information and home address can be devastating if it is leaked, particularly if a private citizen wishes to stalk me or use my credit. I am not yet very concerned with our government, but would like to err on the side of caution.
  • Constant location data could be likewise dangerous, but the risk of that being compromised is significantly less; the most compromising info that could lead to this is my cellphone number, which nobody has (I only give out my Google Voice number, which is always used over a VPN)
  • Private communication varies, depending on what is said.
  • Browsing data is fairly trivial; my browsing data tends to be innocuous (it’s also simple to mask).

How likely is it that I will need to protect it?

60%-80% chance I will piss off a private citizen badly enough for them to doxx me. I only see that getting worse as I get into political activism. I doubt I will make enemies powerful enough to hack into Google, but I am trying to wean myself off their services, too, just in case. My google usage will likely never be 0%, however.

How much trouble am I willing to go through to try to prevent potential consequences?

  • The top two things I will go to most any lengths to protect. Billing info will be masked with for online purchases. Other tips would be appreciated. (Cash is not ideal, as it can be lost or stolen, defeating the original purpose).
  • For home address, I am eliminating my Amazon account and re-creating it with a pseudonym and PO Box. I’ll start screening all snail mail, and deleting my info from those databases. Other tips would be appreciated.
  • I don’t have any good solutions to harmonize my constant location data with convenience; I’m terrible with directions, and rely heavily on GPS. OsmAND~ remained impossible for me to use in daily life, even after two weeks of heavy usage. Any advice here would be helpful, too. I’m a shameful Waze junky. I only use Google Voice for phonecalls (nobody on the planet has my real number except my carrier), then will transition to Sudo once that is available for Android. Again, this also over a VPN.
  • For private communications, I am transitioning to only using Signal and ProtonMail.
  • For browsing data, I can’t tear myself away from Google Chrome on the chromebook, but I do employ the following security measures: the Mullvad VPN (this is active all the time, everywhere, on everything), Ublock origin (advanced user, all 3rd party frames blocked by default), ScriptSafe, PrivacyBadger, HTTPS Everywhere, Decentraleyes, Cookie AutoDelete, no saving passwords or billing info, using LessPass in conjunction with KeePassDroid (the latter only stores the configuration info, not the passwords themselves), other basic security settings.

I own a Chromebook and a Google Pixel XL, running stock android (the bootloader is not unlockable). Both devices are locked with a strong password, with no other forms of entry enabled, and encryption switched on.
I own a dusty Windows 10 laptop that I only use for UE4.
I live in an apartment, with Spectrum as my ISP, and the stock router.
I do use Facebook, and it is an old account that used to have personal data on it, but I have since scrubbed off all user-facing personal info besides my name, and locked down every single privacy setting possible (it has too many memories to wipe out completely, and wiping it probably won’t accomplish much more than what I’ve already done).

Found here

What better way to protect your privacy than n…

What better way to protect your privacy than not asking personal data?:

What better way to protect your privacy than not asking personal data?

From here

how you category Email Address?

right now i’m in transitioning moving away from yahoo and more organise where use to have all kind of mails into one.

services/billing@gmail: all the transaction and services like banks/paypal/insurances/billings…this email only for bills which contain personal details.

online shopping/daily personal used@protonmail: just created this email for shopping like ebay-amazon..ect and other personal stuff that contain real details…

social media/forums(fb,reddit or forums) @tutanota: this email address strickly for subscription, newsletters and fake personal details. the issue are some of the website doesn’t accept tutanota/protonmail. it seems better to create gmail for this because widely accepted. and use tutanota(or create another protonmail) for services/billing email address.

one thing i’m not sure what to do is about are recovery which i really need help or guide in this department. what happen if phone get lost or forgot email password and have more secure.

I’m using yahoo mail right now as Recovery address that created months ago for shopping purpose but due yahoo policy and security so dumping it. I thought of email address if something happen to my phone unable to do 2fa.

Found here

Irish data chief finds Yahoo broke EU law in b…

Irish data chief finds Yahoo broke EU law in breach, issues no penalty:

Irish data chief finds Yahoo broke EU law in breach, issues no penalty

From here

“Private” browsing is less private than it loo…

“Private” browsing is less private than it looks like (Article + Quiz):

“Private” browsing is less private than it looks like (Article + Quiz)

From here