• 0 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: July 18th, 2023

help-circle
  • I agree with this sentiment 100%, but I think it lacks some of the context that these are children we are talking about. They aren’t being educated on privacy or security; not by their schools, and certainly not by their parents. This generation is being raised to believe that everything they do and say needs to be posted online to social media, and their concept of privacy is virtually nonexistent. Couple that with the fact that most of them don’t have a personal computer, and it leads to great levels of negligence with regard to their use of technology, and most relevant to this discussion, their use of school computers. The children being surveiled and exploited by this software don’t have the education on it to understand why it is bad, or even that it is happening to begin with.

    So while yes, they shouldn’t have private communications on school computers, they don’t have the context to understand that or independently come to that conclusion themselves, thus those private communications will happen nonetheless.


  • Oh, on second look I suppose you are correct. Silverblue and Kinoite kept their names, but Sericea and Onyx (and all future spins) use the Fedora [DE] Atomic structure. I was under the impression based on the announcement that all of them followed that naming structure, since they are collectively referred to as Fedora Atomic Desktop spins now. That actually seems much weirder than having changed them all to the same structure, because it was intended to lessen confusion, but now half of the spins use a different naming scheme than the other? Strange choice imo.

    Here’s the announcement I was referring to.



  • Yes, I believe all of that is in line with what I have stated. Just to clarify, my interpretation of the previous comment was that political parties were exempt from the requirement to provide an opt out in Australia for political parties (by my interpretation, just the official parties and not unrelated political organizations), and they implied they believed it to be the case in many other countries. I have not recently reviewed the relevant laws, so I was not 100% certain if that implication would prove true in the United States (though was pretty confident that was not the case by my previous experiences with messages from officially endorsed organizations), but I went on to explain how these are not officially endorsed by political parties anyway, so if such an exemption did exist, it should not apply to this particular message.

    Thank you for the clarification!



  • In that case, you’re best off opting out and seeing if it works. If you get a text from the same group at a later date, then you can report them to the FTC. Please do not do this unless they do not honor your opt out request, as politically affiliated groups are legally allowed to market in this way so long as they provide a means to opt out of communication. Falsely reporting puts strain on the already incredibly underfunded system and prevents real scams from being caught and dealt with due to a lack of resources. I recommend you keep a list of groups you have opted out from that is easily searchable to track this. 4 years ago I got multiple of these texts per day. I have been opting out every time I receive one, and now I have not gotten one in over 2 years. Eventually you will run out of groups to opt out of, and will only be messaged by newly created groups, which will happen much more slowly than all of the groups constantly texting/calling.

    Beyond that, there isn’t really much you can do. Your number is on a list, and people are buying that list. Although you could see if putting your number on the national do not call list would help (EDIT: though apparently political organizations are exempt from that on further reading). I have not done this personally, but I came across it while looking up how to report scam texts. Perhaps it could be beneficial to you (who knows?)



  • While I would have to find the US law and examine it more closely to tell if that is true here, these groups are not actually representatives of political parties. They are groups of self-proclaimed political advocates that try to raise money to host events that raise awareness of their causes for local voters. But they would not qualify for an exemption due to association with a political party, as they are not officially connected to or endorsed by a party.


  • True, but if you get a new phone and your blocked numbers list is reset, or they send messages from a different number, then you could get them again in the future. I see this often because there are multiple people in that campaign that will all reach out to people with their own phone numbers. Opting out prevents that for legitimate donor campaigns (you are removed from the list for all of the solicitors associated with that campaign), but obviously not for scams. There is no harm in doing both, and I would recommend that (it’s what I do).


  • Your number is on a list of real numbers with real identities associated with them that was sold to them. Data brokers sell this information daily. They already know your number is real, but in order to comply with the law, they have to provide you with a legitimate option to opt out, so you will actually stop receiving correspondence from them if you ask them to stop (it is legally required). If not, they could be subject to a fine, but you’d obviously have to file a complaint with the relevant regulatory body for that.

    If you do not attempt to opt out, they cannot be fined for spam if this is part of a legitimate donation campaign. If you don’t reply, they will continue sending messages to you in the future. It costs them almost nothing to do, so even if they didn’t know your number was real, they would do it anyway. Most of the people who donate from these messages don’t reply through text message anyway. And if this were an actual scam, then there is nothing they gain from receiving a text back so long as you do not open their link. But again, in order for legal action to be taken (since these political reach outs are legal and not spam so long as there is an option to opt out), you must first try to opt out.

    EDIT: Feel free to block the number after opting out. If they are legitimate (though the name is really fishy), then opting out will remove your number from all of their solicitors’ lists, so you won’t get texts or calls from different numbers working for the same campaign. Again, replying doesn’t give them anything even if it is a scam, as your number was obtained from a real list sold to them by a data broker; they already know the number is in service. Just don’t click the link in the text, and don’t reply with anything other than stop.



  • Facebook has been selling your data to ad companies since the day you created your account. This only changes what you visually see on the website. It makes absolutely zero difference from a data collection standpoint. Just consent so you can delete your accounts with less hassle. Filing GDPR complaints through email is a pain, takes a long time, and has no guarantee that they’ll actually accept it. Plus, some sites (likely including Facebook) will ask for a government ID to verify you live in an area where the GDPR applies. It isn’t worth the trouble when there are easier methods. Once you’re able to log in, you should be able to access a GDPR portal somewhere in case you still want to file a report before deleting your account, but it’s up to you if you want to go through the trouble. At the very least that saves you from having to write a letter and either email or mail it to them. With Facebook’s consistent history of violating GDPR, I honestly don’t even feel like it’s worth it to try. Chances are that your data will still be sold regardless. Just look at all the lawsuits against Facebook for GDPR violations in the past years.


  • Para_lyzed@lemmy.worldtoPrivacy Guides@lemmy.oneVideo chat options?
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    7 months ago

    I’d argue SimpleX does it better, they’re even modifying the Signal protocol to support post-quantum encryption. No phone number, uses the Signal protocol, and has no user identifiers at all (no usernames, no account numbers, no account at all; everything is stored locally on your device).

    Oh also, before the reply that Signal is post-quantum already, here’s an excerpt from the blog post I linked detailing why SimpleX’s implementation is better:

    unlike Signal design that only added quantum resistance to the initial key exchange by replacing X3DH key agreement scheme with post-quantum PQXDH, but did not improve Signal algorithm itself, our design added quantum-resistant key agreements inside double algorithm, making its break-in recovery property also quantum resistant.

    There is much more detail in the blog post if you’re interested. SimpleX also has an incredible whitepaper


  • Para_lyzed@lemmy.worldtoPrivacy Guides@lemmy.oneVideo chat options?
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    7 months ago

    The best options for you are going to be SimpleX Chat or Jami, depending on your use case. If you only need to make video calls, probably Jami is the easier option, but if you’d like to have a chat app with video call support, SimpleX is the right choice. SimpleX is also just a really good messaging app, because it has no user identifiers or accounts. They have a wonderful explanation of their method for two-way communication in their whitepaper if you’re interested.

    Also, video calling in a “secure environment”, as you’ve stated, is not difficult in the slightest, and absolutely not impossible. There are plenty of options available. Others beyond the ones I gave are Jitsi (but it’s gone way downhill; don’t use it), Signal, Element (you do NOT have to self-host for it, you can use the main instance or any other instance), and the options open up to basically everything if you make a new user profile and install sandboxed Google Play Services in the new user profile (from the “Apps” app). With sandboxed Google Play, you can use apps like Zoom if you really wanted, but I’d strongly encourage you not to for the sake of privacy. You can download apps without signing into a Google account via the Aurora Store.


  • Yes, of course GrapheneOS can run SimpleX! SimpleX has no dependence on the Google Services Framework, and even for apps that do have GSF dependence, they can be run with sandboxed GSF. The only apps that don’t work on GrapheneOS are apps that try to use the SafetyNet, which is mostly banking apps, or those that require GSF to have deep root privilege to operate.


  • Para_lyzed@lemmy.worldtoPrivacy Guides@lemmy.one*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    9 months ago

    Yes, that is exactly where perfect forward secrecy fails in Element. It allows all of the message keys to be downloaded by attacking a single point of failure. Perfect forward secrecy would necessitate that all messages and their encryption keys be completely independent, and each message would need to be broken one-by-one, as each key is completely different. What Element does with their cloud backup solution is it adds a single point of failure that results in every single message being compromised, without physical access to any device. Real perfect forward secrecy would make that impossible, as you have to break the encryption of every message independently (again, ignoring physical access to the device, because the device will always have access to all the messages anyway). It essentially invalidates many of the benefits of using a double-rachet key exchange protocol to begin with, as you can attack a single point of failure that would compromise all messages instead.

    Granted, whether or not that matters to you is entirely up to you. I’m just clarifying that Element lacks perfect forward secrecy, so I have an ideological objection to my own personal use of it for anything sensitive, since there are more secure messengers out there (like SimpleX) that do have perfect forward secrecy, and many more security and privacy features (like the whole no user identifiers thing and no server side storage with SimpleX). That does of course come with the tradeoff that you can only use it on one device at a time, but everything is a list of pros and cons. Is anyone going to target you and attack you by attempting to gain access to your cloud backup keys? No, most certainly not. But the fact that it exists as an attack vector to begin with is troubling from a security perspective (again, that’s where SimpleX shines with all data being stored locally, so there is no way to access those messages on demand without physical access to the device). I personally think that the metadata issues are much worse with Matrix from an immediate privacy perspective, as that is an avenue that can be actively exploited in a much easier capacity.

    If I understand correctly though, I believe we’re both on the same page. Element is still a much better option than something like Discord, but it is not without its own flaws.


  • Para_lyzed@lemmy.worldtoPrivacy Guides@lemmy.one*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    9 months ago

    The idea with perfect forward secrecy is that by breaking one key, you aren’t able to read all the other messages. The way Element works (allowing users to share encryption keys for messages stored server-side across devices, using a shared storage system), allows for a single key to allow access to all messages. All you need is your backup phrase (or a valid login session), and suddenly not just one message is visible, but all messages are. That is fundamentally in complete opposition to perfect forward secrecy.

    The way to work around this is by storing all messages locally so they cannot be decrypted simply with server access, but Element stores messages on their servers, not locally (like SimpleX does, for instance). That would allow robust backup and syncing without breaking PFS.