Hasty Briefsbeta

All tags

#privacy

903 stories total

Bilingual

Blue Shield shared the private health data of millions with Google for years
a year ago
- Blue Shield of California notified millions of a data breach involving Google.
- Patient data, including health and personal info, was shared from 2021 to January 2024.
- Misconfigured Google Analytics collected search terms, insurance details, and personal info.
- Google may have used the data for targeted ad campaigns.
- Breach affects 4.7 million individuals, most of Blue Shield's customer base.
- Unclear if Google deleted the data or complied with requests.
- Blue Shield is among several healthcare firms caught by tracking tech breaches.
- Kaiser, Cerebral, Monument, and Tempest also faced similar breaches.
- This is the largest healthcare data breach of 2025 so far.
Daily driving a Linux phone, but why?
a year ago
- Daily driving a Linux phone is about questioning forced lifestyles and seeking better privacy and security balance.
- Linux phones like PinePhone Pro are open-source, avoiding ads and surveillance-based business models.
- PinePhone Pro's hardware is slow but sufficient for basic tasks like browsing and media playback.
- Advantages of PinePhone Pro include lighter weight, smaller size, and a reliable 3.5mm headphone jack.
- Author prefers repurposing an old LGv40 Thinq with PostmarketOS for better performance and features.
What I wish I knew about privacy sooner
a year ago
- The internet is a battlefield for attention, often with harmful intentions.
- Digital behavior is shaped by systems designed to influence decisions.
- Privacy mistakes compound over time, making data nearly impossible to erase.
- Tracking occurs even when not actively using the internet, through various methods.
- Deleted data is often just hidden, not truly erased.
- Privacy is about control, not just hiding information.
- Free services often monetize user data, making users the product.
- Supporting privacy-friendly companies and tools can help protect personal data and contribute to a safer digital ecosystem.
Show HN: Colanode, open-source and local-first Slack and Notion alternative
a year ago
- Colanode is an all-in-one collaboration platform prioritizing data privacy and control.
- Features include real-time chat, rich text pages, customizable databases, and file management.
- Designed for individuals and teams, supporting both online and offline work.
- Self-hosted model ensures full data control with a polished user experience.
- Desktop app connects to multiple servers, each with one or more workspaces.
- Changes are saved locally first, then synced to the server for offline access.
- Uses CRDTs (via Yjs) for real-time collaboration on pages and database records.
- Messages and file operations use simpler database tables without concurrent edits.
- Download the desktop app to connect to free beta cloud servers (EU or US).
- Self-hosting requires Postgres (with pgvector), Redis, S3-compatible storage, and Docker.
- Released under the Apache 2.0 License.
Your phone isn't secretly listening to you, but the truth is more disturbing
a year ago
- Smartphone microphone surveillance conspiracy theory suggests phones listen to private conversations for targeted ads.
- No clear evidence supports the theory that smartphones constantly listen to conversations for ad targeting.
- In 2024, Cox Media Group's 'Active Listening' system claimed to capture voice data for ads, but tech companies distanced themselves.
- Facebook admitted in 2019 to transcribing Messenger audio for testing but denied using microphones for ads.
- Wandera's 2019 experiment found no evidence of phones listening to conversations for ad targeting.
- Data consumption and battery usage tests showed no signs of constant microphone surveillance.
- Ex-Facebook employee explained the impracticality of constant audio surveillance due to massive data requirements.
- Research revealed apps taking screenshots and videos of screen activity, posing privacy risks.
- Targeted ads rely on vast data tracking (location, friends, interests) rather than microphone surveillance.
- Voice assistants like 'Hey Google' record briefly after activation, but constant recording is detectable and impractical.
Watching o3 guess a photo's location is surreal, dystopian and entertaining
a year ago
- OpenAI's o3 model can guess photo locations with surprising accuracy.
- The process involves uploading a photo and prompting the model to guess the location.
- The model uses vision abilities and sometimes pretends not to see the image initially.
- It employs Python code to crop and analyze parts of the photo, like license plates.
- The model's guesses are detailed, comparing vegetation, architecture, and other clues.
- Final guesses can be very close, though sometimes off by a significant distance.
- Other models like Claude and Gemini also perform well but differ in approach.
- The technology is both entertaining and dystopian, raising privacy concerns.
- Understanding these capabilities is crucial for safety and awareness.
The NNCPNET Email Network
a year ago
- The author ran a personal mail server from 1995 to 2019, starting with a UUCP link and later transitioning to a VPS.
- Running an email server became increasingly difficult due to requirements like SPF, DKIM, DMARC, and TLS.
- NNCPNET is introduced as a modern email system running atop NNCP, offering a way to tinker with email again.
- NNCP is described as a secure, asynchronous, onion-routed, store-and-forward network, modernizing UUCP.
- NNCPNET provides tools and standards for a broader email network using NNCP, including a Docker container for easy setup.
- Features include Exim mail server, NNCP, verification tools, automated nodelist updates, and optional Internet email bridge integration.
- The system supports mailing lists and offers extensive documentation and source code availability.
- No inbound ports or constant Internet connection is required, with options like IMAP server for Thunderbird.
Show HN: AgenticSeek – Self-hosted Manus alternative
a year ago
- AgenticSeek is a 100% local AI assistant alternative to Manus AI, ensuring complete privacy with no cloud dependency.
- Features include autonomous web browsing, coding assistance in multiple languages, and complex task planning.
- Voice-enabled interaction allows for hands-free operation, with speech-to-text and text-to-speech capabilities.
- Supports multiple local providers like Ollama and LM Studio, with options for remote server usage.
- Requires specific hardware depending on the model size, with recommendations for optimal performance.
- Installation involves cloning the repository, setting up a Python environment, and configuring the config.ini file.
- Includes troubleshooting tips for common issues like chromedriver mismatch and hardware requirements.
- AgenticSeek prioritizes independence from external systems, offering more control and privacy compared to cloud-based alternatives.
Everything you say to Alexa now becomes training material for AI
a year ago
- Amazon has removed the 'Do Not Send Voice Recordings' option for certain Echo devices, meaning all voice commands will now be processed in Amazon’s cloud.
- This change is to support new generative AI features in Alexa, with voice data used to train Alexa+, Amazon’s next-gen voice assistant.
- Privacy concerns include increased risk of data leaks, potential human review of recordings, and unclear data deletion policies.
- Amazon claims voice recordings are encrypted and deleted after processing, but users question the transparency and control over their data.
- The shift reflects a broader trend where tech companies prioritize AI training over user privacy, raising ethical and security concerns.
Lenovo May Be Avoiding 'Windows Tax' via Cheaper Laptops with Preinstalled Linux
a year ago
- Perplexity's new Comet web browser raises privacy concerns due to its tracking capabilities.
- Lenovo offers laptops with Fedora and Ubuntu at lower prices than Windows versions in the U.S. and Canada.
- Price differences highlight the high cost of Windows, with discounts up to $140 (U.S.) and CAD $211 for Linux models.
- Not all Lenovo laptop models provide a Linux pre-install option; filtering by OS on their website helps identify compatible models.
- Dell also offers Ubuntu-certified laptops but does not reduce prices for Linux versions, unlike Lenovo.
- Manufacturers could improve marketing of Linux options to show cost savings over Windows.
- The article questions whether mainstream users would benefit from Linux pre-installed on laptops.
Car Subscription Features Raise Your Risk of Government Surveillance
a year ago
- Automakers are pushing subscription-based features, increasing connectivity and data exposure.
- Police records show law enforcement training on accessing data from connected cars.
- Vehicle manufacturers and ISPs determine data access, not laws.
- GM requires a court order for location data; other manufacturers' policies vary.
- Police use 'ping' and 'tower dump' techniques to locate suspects or devices.
- Tower dumps are facing legal challenges due to Fourth Amendment concerns.
- Google has made technical changes to resist geofence warrants.
- Senators highlight automakers' inconsistent policies on disclosing location data to authorities.
- Corporations share detailed surveillance info with law enforcement but not the public.
- Civil liberties advocates call for transparency and consent in vehicle surveillance.
Show HN: A Chrome extension that will auto-reject non-essential cookies
a year ago
- Cookie consent banners are a common frustration on the internet.
- Existing solutions include auto-accepting cookies or blocking pop-ups, but there's a need for an extension that auto-rejects non-essential cookies.
- The 'Reject Cookies' Chrome extension attempts to reject cookies first, then closes the pop-up if rejection fails.
- The extension complies with GDPR and ePrivacy Directive by treating lack of acceptance as rejection.
- Implementation involved using Cursor for setup but required manual adjustments for permissions and logic.
- The extension targets specific cookie consent vendors with tailored checks and actions.
- Users can help improve the extension by reporting missed rejections or bugs via the side panel or email.
Chris Krebs Support Letter
a year ago
- The text is a webpage from the Electronic Frontier Foundation (EFF) with navigation links to various sections.
- It includes links to About, Contact, Press, People, Opportunities, and Issues like Free Speech, Privacy, Creativity and Innovation, Transparency, International, and Security.
- The page also lists sections like Our Work, Take Action, Tools, and Donate options.
- There is a specific document mentioned: 'Chris Krebs Support Letter - April 28 2025' with a link to a PDF file.
- The webpage provides options for email updates and joining EFF lists.
India govt has backdoor to WhatsApp
a year ago
- Government seeks to include digital spaces under income tax search and seizure provisions.
- Current Section 132 of I-T Act covers only physical assets, not digital ones.
- WhatsApp messages, Google Maps, and Instagram have helped uncover unaccounted funds and properties.
- Concerns raised about privacy violations and government access to encrypted messages.
- Government can access encrypted messages under DPDP Act for national security and law enforcement.
- WhatsApp does not store message content but may share metadata under lawful requests.
- Google Maps location history can be accessed with a court order for investigations.
- Google is changing its Location History feature to store data locally, enhancing privacy.
Fixing web browser history leaks
a year ago
- Web browsing history allows styling visited links differently, aiding navigation but posing privacy risks.
- CSS:visited pseudo-class enables styling differences, exploited via side-channel attacks to detect visited links.
- Various sophisticated side-channel techniques emerged, including DOM inspection, timing attacks, and pixel color attacks.
- Browsing habits can reveal sensitive information, enabling targeted profiling, cross-site tracking, and enhanced fingerprinting.
- Research shows browsing histories are unique and stable, with up to 97-99% uniquely identifying individuals.
- 2010 mitigations (lying about unvisited styles and restricting CSS) were complex and inadequate.
- A new solution proposes partitioning visited link history using a triple-key partition (Link URL, Top-Level Site, Frame Origin).
- This approach ensures isolation, conforms to privacy principles, and mitigates cross-site history leaks.
- Implemented in Chrome v132 (behind a flag), this solution aims to resolve privacy issues by 2025.
Age Verification in the European Union: The Commission's Age Verification App
a year ago
- The European Commission is developing an age verification app based on digital identities to allow users to access age-restricted content.
- The app will generate proof of age using methods like national eID schemes, physical ID cards, third-party apps, or age assessment through institutions.
- Privacy and security are key concerns, with features like data minimization and unlinkability, but many protections are optional, such as Zero Knowledge Proofs (ZKPs).
- ZKPs offer a way to verify age without revealing exact details, but their implementation is not yet mature, raising privacy concerns.
- The app may exclude marginalized groups, such as refugees, unhoused people, and children without IDs, limiting their access to digital services.
- Biometric recognition for age verification risks discrimination, with higher error rates for certain ethnicities, genders, and people with disabilities.
- Device-dependent verification methods could exclude those without personal devices, exacerbating digital divides.
- Age verification mandates risk undermining privacy, data protection, and freedom of expression, making it crucial to advocate for alternative safety measures.
Linkwarden: FOSS self-hostable bookmarking with AI-tagging and page archival
a year ago
- All-in-one collaborative tool for collecting and preserving webpages and documents.
- Auto-preserve webpages as screenshots and full-page HTML to prevent link rot.
- Organize links with collections, sub-collections, and AI-generated tags.
- Share and collaborate with teams, assigning permissions as needed.
- Open-source and self-hostable, ensuring transparency and trust.
- Features include dark/light mode, bulk actions, and powerful search.
- Browser extension available for easy webpage collection.
- Privacy-focused with no data sold to third parties.
- Cloud and custom plans available, starting at $3/month.
- Positive user feedback highlights ease of use and bookmark management.
Third Party Cookies Must Be Removed
a year ago
- Third-party cookies are harmful to the web and must be removed to improve privacy.
- Privacy is a core design principle for the web platform, and many browsers have already restricted third-party cookies.
- Removing third-party cookies presents challenges, including preserving necessary use cases like federated identity and fraud mitigation.
- Third-party cookies enable tracking networks, which threaten privacy and centralize data, reducing individual and collective privacy.
- Replacement technologies for third-party cookies must be designed-for-purpose and respect user privacy.
- New proposals must be reviewed to ensure they do not recreate privacy pitfalls, either individually or in combination with other technologies.
- Multi-implementer and developer support is essential for privacy-related specifications to succeed.
- There is an urgency to establish a strict timeline for the removal of third-party cookies.
- Proposals must justify their benefits and trade-offs, with independent review encouraged to ensure privacy preservation.
- Web standards should avoid encoding specific business models to maintain flexibility and innovation.
Connet.dev – high performance reverse proxy to connect devices privately
a year ago
- Connet is a high-performance reverse proxy for private device connections.
- Devices in Connet are never exposed publicly; only trusted individuals and software can connect.
- Peers communicate directly, bypassing third-party intermediaries for better performance.
- Direct client-to-client communication is always free.
- Relay server usage is currently free but will incur traffic charges in the future.
- Future pricing includes traffic charges for Connet's relays and a flat monthly fee for personal relays.
Technical analysis of TM SGNL, the unofficial Signal app Trump officials use
a year ago
- Mike Waltz, former National Security Advisor, uses an unofficial Signal app called TM SGNL to communicate with Trump officials.
- TM SGNL archives messages automatically, including disappearing ones, potentially compromising security.
- The app is developed by TeleMessage, owned by Smarsh, with executives linked to Israeli intelligence.
- TM SGNL likely violates Signal's open-source license by not sharing its modified source code.
- The app is not publicly available; it's distributed via enterprise management services like Apple Business Manager or Google Enterprise.
- Trump officials likely use managed iPhones with TM SGNL installed via MDM, archiving messages to cloud or email servers.
- Documentation suggests archived messages are stored in Microsoft 365, SMTP, or SFTP destinations.
- TeleMessage also offers similar apps for WhatsApp, Telegram, and WeChat, likely violating their proprietary licenses.
- The iOS version of TM SGNL is distributed as an unlisted app in the App Store, requiring a direct link for installation.

first prev3next

About|Login

#privacy

Blue Shield shared the private health data of millions with Google for years

Daily driving a Linux phone, but why?

What I wish I knew about privacy sooner

Show HN: Colanode, open-source and local-first Slack and Notion alternative

Your phone isn't secretly listening to you, but the truth is more disturbing

Watching o3 guess a photo's location is surreal, dystopian and entertaining

The NNCPNET Email Network

Show HN: AgenticSeek – Self-hosted Manus alternative

Everything you say to Alexa now becomes training material for AI

Lenovo May Be Avoiding 'Windows Tax' via Cheaper Laptops with Preinstalled Linux

Car Subscription Features Raise Your Risk of Government Surveillance

Show HN: A Chrome extension that will auto-reject non-essential cookies

Chris Krebs Support Letter

India govt has backdoor to WhatsApp

Fixing web browser history leaks

Age Verification in the European Union: The Commission's Age Verification App

Linkwarden: FOSS self-hostable bookmarking with AI-tagging and page archival

Third Party Cookies Must Be Removed

Connet.dev – high performance reverse proxy to connect devices privately

Technical analysis of TM SGNL, the unofficial Signal app Trump officials use