Hasty Briefsbeta

All tags

#privacy

903 stories total

Bilingual

The consent you never gave: cookie pop-ups ruled unlawful under GDPR
a year ago
- EU appeals court rules Transparency and Consent Framework (TCF) incompatible with GDPR.
- Belgian Data Protection Authority's 2022 stance on TCF illegality affirmed by the court.
- Ruling impacts Big Tech (Google, Meta, etc.) and IAB, requiring fines and framework changes.
- Current cookie consent pop-ups deemed insufficient under GDPR, signaling need for overhaul.
- AdGuard blocks cookie pop-ups and tracking, simulating reject actions to protect user privacy.
- AdGuard advocates for treating CMP blocking as explicit user consent refusal post-ruling.
Show HN: Keep track of why you muted someone on X
a year ago
- A browser extension for x.com (formerly Twitter) that helps users remember why they muted or blocked someone.
- Allows private notes on user profiles, visible only to the user.
- Automatically logs mute/block events with context (link and tweet).
- Adds a text area to user profiles for personal notes.
- Supports data export/import for backup or transfer between browsers.
- Uses synced storage (chrome.storage.sync) for data, syncing across devices if logged into the same browser profile.
- Notes and logs are private and only visible to the user.
- Released under the MIT license.
Self-hosting is having a moment
a year ago
- Self-hosting is gaining popularity, though it's hard to define precisely.
- It offers privacy, DRM-free alternatives, and reduces reliance on ads.
- Self-hosting goes beyond NAS usage, encompassing various services not offered by cloud providers.
- Ethan Sholly, a finance professional, started self-hosting with Plex for media sharing.
- He expanded to building his own server and exploring other self-hosted services.
- Sholly created a resource for commonly recommended self-hosted apps and updates.
- His newsletter provides insights into the self-hosting community with a unique voice.
- Plex's price hike and business model changes highlighted the lack of donations to self-hosted projects.
By Default, Signal Doesn't Recall
a year ago
- Signal Desktop introduces a 'Screen security' setting to prevent screenshots of chats on Windows, enabled by default on Windows 11.
- The feature aims to protect messages from Microsoft Recall, which captures and stores app screenshots in a searchable database.
- Microsoft Recall faced backlash for privacy concerns, leading to adjustments, but still poses risks to privacy-preserving apps like Signal.
- Signal's 'Screen security' uses DRM flags to block screenshots, similar to movie DRM, to prevent Recall from capturing chat content.
- The setting can be disabled but requires confirmation, balancing privacy with accessibility needs like screen readers.
- Signal criticizes Microsoft for not providing granular controls for app developers to protect privacy against AI features like Recall.
- The integration of AI agents with broad permissions threatens privacy-preserving apps, requiring OS vendors to offer better tools for developers.
- Signal emphasizes the importance of privacy in messaging apps, comparing them to incognito browsing windows excluded from Recall by default.
- The 'Screen security' feature is now rolling out for Signal Desktop on Windows, with thanks to the beta testing community.
"Microsoft has simply given us no other option," Signal blocks Windows Recall
a year ago
- Signal Messenger warns Windows Desktop users about privacy threats from Windows 11's Recall AI tool.
- Signal for Windows now blocks screenshots by default to protect message privacy.
- Users can disable the screenshot block via settings if needed for accessibility or record-keeping.
- Signal criticizes Microsoft's Recall for risking privacy despite adjustments, forcing Signal to add extra protection.
- Recall initially stored plaintext screenshots and OCR data, accessible by any app with user system rights.
- Microsoft temporarily removed Recall after backlash, then reintroduced it with significant privacy improvements.
- Updated Recall is now opt-in, encrypts data, and offers user controls over indexed content.
U.S. Spy Agencies–One-Stop Shop to Buy Your Personal Data
a year ago
- U.S. intelligence agencies are purchasing vast amounts of sensitive personal data without court orders, bypassing the Fourth Amendment.
- The Office of the Director of National Intelligence (ODNI) is creating a centralized system called the 'Intelligence Community Data Consortium' (ICDC) to streamline access to commercially available information (CAI).
- The ICDC will serve as a one-stop shop for spy agencies to buy and analyze sensitive data, including location data, biometrics, and social media content.
- The system will use AI tools for analysis, raising concerns about privacy, civil liberties, and the potential for misuse.
- Critics argue that the ICDC will further entrench mass surveillance and self-regulation within the intelligence community.
- The ODNI has acknowledged the risks of CAI but insists on its necessity for national security.
- The project reflects a broader trend of government reliance on unregulated data brokers and the commodification of personal information.
- Privacy advocates warn that sentiment analysis and AI tools could amplify discrimination and privacy violations.
- The ICDC may also be accessible to non-intelligence agencies, raising concerns about misuse, such as targeting immigrants or protesters.
- The Trump administration's involvement in the project has heightened fears of authoritarian overreach and abuse of power.
Digital Payment System GNU Taler Gets Green Light to Operate in Switzerland
a year ago
- GNU Taler, a privacy-preserving digital payment system, is now operational in Switzerland.
- It is a free, open-source tool for handling fiat currencies, ensuring payer anonymity while keeping merchants auditable.
- Taler Operations AG enables GNU Taler to operate in Switzerland using Swiss francs, complying with local regulations through VQF membership.
- GNU Taler 1.0 has been released, introducing over 200 changes as a major milestone.
- A live demo is available showcasing features like a bank interface, wallet extension, and dummy online shop.
Live facial recognition cameras may become 'commonplace' as police use soars
a year ago
- Live facial recognition cameras are becoming more common in England and Wales, with nearly 5 million faces scanned last year.
- Police forces are increasing their use of both live and retrospective facial recognition technologies, with significant funding and hardware investments.
- The technology is being deployed in public spaces like city centers and transport hubs, despite lacking specific parliamentary legislation.
- Concerns exist about the self-regulation of facial recognition use, including past settings that misidentified black people disproportionately.
- A new national facial recognition system, the Strategic Facial Matcher, is being developed to search multiple databases.
- Public support for facial recognition is high, with surveys showing 80% of Londoners in favor.
- The technology has aided in arrests, including cases involving registered sex offenders.
- The Metropolitan Police is using settings to avoid bias in misidentification related to gender or ethnicity.
- Questions remain about the regulation, testing, and ethical use of AI and facial recognition technologies in law enforcement.
How to Disappear: Secrets of the Greatest Privacy Experts
a year ago
- Alec Harris, CEO of HavenX, employs extreme privacy measures to remain unfindable, including using a UPS Store for mail, virtual debit cards, and multiple phone numbers.
- HavenX provides high-end privacy and security services to clients facing serious threats, such as celebrities, ultra-wealthy individuals, and crypto executives, with fees reaching tens of thousands per month.
- Michael Bazzell, a former cop turned privacy consultant, authored 'Extreme Privacy' and pioneered techniques like data poisoning and second citizenships before disappearing in 2023.
- Privacy measures can be cumbersome and costly, involving sacrifices like lost credit-card points, decreased credit scores, and logistical challenges like airport security issues.
- Living privately requires constant vigilance, behavioral adjustments, and sometimes lying, as seen with Jameson Lopp, who went to great lengths to disappear after a swatting incident.
- Alec Harris's family, including his wife Ellyn and their children, have adapted to privacy practices, though challenges remain as the kids grow older and technology evolves.
- Privacy remains a luxury, with the wealthy able to afford more extensive measures, while others may sacrifice normalcy or relationships to maintain their anonymity.
Do we need publicly-owned social networks to escape Silicon Valley?
a year ago
- Publicly-owned social networks are proposed as alternatives to Silicon Valley platforms like Twitter and Facebook.
- Such networks could avoid addictive algorithms and data collection for ads, promoting neutral, moderated discussions.
- Concerns include risks to privacy and freedom, especially if governments misuse these platforms for surveillance or control.
- Decentralized social media networks, based on free and interoperable software, are suggested as safer alternatives.
- Legislative measures like antitrust laws and stricter regulations could limit the power of tech giants.
- Smaller, community-focused social networks might offer more meaningful interactions than massive platforms.
- The EU is urged to support independent and decentralized social media projects to ensure digital independence.
Google Shared My Phone Number
a year ago
- Received unexpected tech support calls on personal mobile number due to Google Business Profile listing it publicly.
- Personal mobile number was shared by Google without consent, appearing in search results for 'Three Rings login'.
- Deleted phone number from Google Business Profile to stop it from being publicly displayed.
- Expressed frustration over recent incidents of personal information being leaked, including by Halifax bank.
- Mentioned the age of the Three Rings system and a call for volunteers to join the support team.
- Criticized Google Search and suggested exploring alternative search engines for better privacy and fewer ads.
Signal to Windows Recall: Drop Dead
a year ago
- Microsoft's Recall feature continuously takes snapshots of your screen to create a searchable timeline, raising privacy and security concerns.
- Despite updates making Recall opt-in and encrypting snapshots, critics argue it remains inherently risky due to its nature of capturing everything displayed.
- Signal has introduced a 'Screen security' setting to block Recall from capturing its chats, citing ongoing risks to privacy-preserving apps.
- Experts and institutions, like the University of Pennsylvania and Kaspersky, warn against using Recall due to security and privacy vulnerabilities.
- The article suggests using Linux as a more secure alternative to Windows for those concerned about privacy and security.
Silencing Firefox's Chattiness for Web App Testing
a year ago
- Firefox makes numerous background requests even when not in active use, including updates, network checks, and telemetry.
- Disabling these requests can simplify web app testing by reducing unwanted traffic in tools like Burp Suite.
- Key domains involved in these requests include detectportal.firefox.com, telemetry.mozilla.org, and services.addons.mozilla.org.
- Steps to reduce Firefox's background activity include disabling the Firefox Home page, network detection, and automatic updates.
- Other settings to adjust include disabling malware protection, tracking protection, and TLS/SSL certificate revocation checks.
- Prefetching and speculative connections can be turned off to further reduce requests.
- Disabling Firefox Sync, GeoIP lookups, and diagnostic data collection can enhance privacy and reduce traffic.
- Important considerations include manually updating the browser and being aware of potential security implications.
- Most settings can be accessed via about:preferences or about:config in Firefox.
Google introduces webcam "liveness check" option to reCAPTCHA
a year ago
- Temporary camera access is required to capture hand movements.
- Users must copy shown hand movements to verify they are real persons.
- Only hand movements will be captured during the process.
- Images or videos of hand movements are used for verification but not stored.
- Consent is required for Google to process hand movements for security verification.
- Data collected will be handled according to the Google Privacy Policy.
Texas governor signs online safety law in blow to Apple and Google
a year ago
- Texas Governor Greg Abbott signs an online child safety bill requiring Apple and Google to verify user ages in app stores.
- Minors in Texas will need parental approval to download apps or make in-app purchases under the new law.
- Apple and Google opposed the bill, citing privacy concerns over collecting personal information.
- Texas follows Utah in adopting similar state-level child safety laws amid stalled federal legislation (KOSA).
- Meta lobbied for Apple and Google to handle age verification, shifting responsibility from social media platforms.
- Apple CEO Tim Cook reportedly called Governor Abbott to oppose the bill before its passage.
- Apple expressed concerns about the law's privacy implications, requiring sensitive data collection for all users.
- Apple previously introduced child safety measures, including age range selection and parental consent for under-13 users.
- The Texas law is set to take effect on January 1.
- Texas has a history of tech-related legislation, such as the 2021 law banning social media bans based on political views.
Comprehensive Analysis of De-Anonymization Attacks Against the Privacy Coin XMR
a year ago
- Monero (XMR) is a privacy-focused cryptocurrency that uses features like ring signatures, stealth addresses, and RingCT to obscure transaction details.
- Chainalysis has developed limited tools for tracking Monero transactions, relying on timing analysis and off-chain data correlation, but results are probabilistic rather than deterministic.
- CipherTrace claimed to offer Monero tracking tools to the U.S. DHS, but their efficacy is controversial and lacks independent verification.
- Academic research in 2017 identified weaknesses in Monero's ring signatures, but these were addressed by mandatory RingCT and improved decoy selection.
- Blockchain analysis firms like Elliptic use metadata correlation (exchange data, IP tracking) for partial deanonymization, dependent on user operational security.
- The IRS offered a $625,000 bounty for cracking Monero's privacy, but no public evidence shows success in comprehensive deanonymization.
- Monero's community-driven 'Breaking Monero' series proactively identifies and mitigates vulnerabilities, strengthening its privacy resilience.
- Despite various attempts, Monero's privacy remains robust, with no reliable method for widespread deanonymization.
Show HN: Loodio 2 – A Simple Rechargable Bathroom Privacy Device
a year ago
- Loodio creates a private space in your home without any effort.
- It is a bathroom privacy device designed to help you relax during private moments.
- Comes with 4GB memory card and 100 pre-installed songs.
- Offers 1 week battery life.
- Priced at $149 with free international shipping.
T-Mobile records iPhone screens and claims it's being helpful
a year ago
- T-Mobile customers discovered an unannounced 'Screen recording tool' setting in the T-Life app, enabled by default.
- The tool records user interactions within the app to analyze and improve the experience, raising privacy concerns.
- The setting was found on select devices like the iPhone 16 and Galaxy S25 Ultra but not on others like the iPhone 15 Pro or Pixel 9 Pro.
- T-Mobile clarified the tool is for troubleshooting and does not access personal information, but it was rolled out without prior notice or consent.
- Users can disable the feature in the app's settings under Preferences, though its sudden appearance has eroded trust in T-Mobile.
LexisNexis leaked SSNs and other personal data of over 364,000 people
a year ago
- LexisNexis Risk Solutions suffered a data breach exposing personal data of over 364,000 people.
- Exposed data includes names, Social Security numbers, contact information, and driver’s license numbers.
- The breach occurred on December 25th, discovered on April 1st, 2025, via unauthorized access through GitHub.
- LexisNexis is a major US data broker collecting and selling personal data for fraud and risk assessment.
- The breach highlights concerns over data brokers' handling of sensitive information and potential misuse.
- Regulatory efforts to curb data brokers' activities have stalled under recent political changes.
- A statement from EPIC criticizes data brokers for endangering privacy and national security.
Show HN: Entropy – Sharing screen is scary in SaaS age
a year ago
- Pricing Plans: Free (Essential) and Pro ($3.99/month).
- Essential features include real-time secret/PII detection, regex + entropy detection, and generic detection filters.
- Pro features include auto-enabling in screen share, custom regex & entropy settings, copy-paste alerts, and detection history & audits.
- Enterprise Browser Security offers team sync of detection rules, centralized policy enforcement, audit trail for secret reveals, and integration with Slack/SIEM alerting.
- LLM-based detection is available for enterprise solutions.
- FAQ covers detection types, performance impact, data privacy, customization, and comparisons with GitHub secret scanning or TruffleHog.
- Entropy browser extension helps secure and blur secrets during screen sharing and presentations.

first prev6next

About|Login

#privacy

The consent you never gave: cookie pop-ups ruled unlawful under GDPR

Show HN: Keep track of why you muted someone on X

Self-hosting is having a moment

By Default, Signal Doesn't Recall

"Microsoft has simply given us no other option," Signal blocks Windows Recall

U.S. Spy Agencies–One-Stop Shop to Buy Your Personal Data

Digital Payment System GNU Taler Gets Green Light to Operate in Switzerland

Live facial recognition cameras may become 'commonplace' as police use soars

How to Disappear: Secrets of the Greatest Privacy Experts

Do we need publicly-owned social networks to escape Silicon Valley?

Google Shared My Phone Number

Signal to Windows Recall: Drop Dead

Silencing Firefox's Chattiness for Web App Testing

Google introduces webcam "liveness check" option to reCAPTCHA

Texas governor signs online safety law in blow to Apple and Google

Comprehensive Analysis of De-Anonymization Attacks Against the Privacy Coin XMR

Show HN: Loodio 2 – A Simple Rechargable Bathroom Privacy Device

T-Mobile records iPhone screens and claims it's being helpful

LexisNexis leaked SSNs and other personal data of over 364,000 people

Show HN: Entropy – Sharing screen is scary in SaaS age