This DuckDuckGo audit by @purism is a sobering read:

source.puri.sm/toolauditor/CEA

Remember that DuckDuckGo is venture capital-funded which means that they must exit—either become a publicly-traded multi-billion-dollar company (sell to the public) or sell to one of the incumbents.

(What we need is a publicly-funded but independently run search engine. The EU could create such a thing… if they didn’t have they heads firmly entrenched up Silicon Valley’s bumhole.)

HT @koherecoWatchdog

Delete Chrome. Now.

Google is using its exceptionally powerful position to make *the browser itself* analyze your browsing behavior and serve that on a plate in the form of "cohorts" to anyone interested.

They are transforming Chrome into a "browsing-history-passport" - right now.

If you care about your intellectual freedom even a little bit, you must put Chrome out of your life as soon as possible. Support others doing the same.

eff.org/deeplinks/2021/03/goog

#DeleteChrome

Closing web browser windows doesn't close connections lapcatsoftware.com/articles/cl
"I feel that many decisions made by web browser developers in the past — sometimes more than a decade ago — need to be reevaluated now that browsers are finally starting to care about user privacy"

You can now watch yesterday’s Small is Beautiful livestream with guest David Heinemeier Hansson, with captions, or read the transcript at small-tech.org/videos/small-is

We covered so many topics! Including Small Tech (vs Big Tech), business models, ethical design, scaling organisations, and much more.

Oh my goodness, someone just pointed out that NFTs are exactly the same as the "name a star"/"buy a piece of the moon" scam and suddenly it all makes sense.

Literally the only real reason anyone cares about anything blockchain-related is because they think if they speculate, it'll make them rich. There's literally no other reason. And they're willing to risk the future of this world to become rich off of pure speculation. Ugh.

So you know how the entire Trump impeachment case was built almost entirely on my work, with a timeline of events with video evidence in relation to what Trump was doing at the time and most of those videos coming from Parler?

With the enum exploit I found in Parler's API, I could list the ID of every video file ever uploaded to Parler - over one million videos, or over 30TB of data.

How were people able to sift through them so quick to find videos from US Capitol riot? Because of the GPS/timestamp metadata.

But the encoded video files you would find on Parler had the metadata scrubbed. But I knew that if you removed ".mp4" from the URL, you could download the original video file.

How did I know this? I had an XSS capable arbitrary file upload exploit that relied on the original video files being accessible.

If you were part of the archival, you might remember me publicly disclosing it as "how is that for free speech" just as Parler was about to go down.

My original plan was to use it to spearfish Tucker Carlson into posting a deepfake gay coming out video and locking him out of his Parler account (the XSS also let me enable 2FA on someone's account without a password)

While I never got around to it, this is the true, untold (outside a few IRC channels) story of what gave us this: projects.propublica.org/parler

That feeling of despair when you've nerdsniped yourself into spending an inordinate amount of time on something only to realize that it's actually not possible to do the way you intended. 😭

So... How's your Wednesday going?

Alicia Kennedy: On the future and why justice is more important than innovation.

aliciakennedy.news/p/on-future

Read and absorb every delicious word of this.

Small Is Beautiful

Live, this Thursday, Feb 18, 2021, at 5PM UTC. Paul Frazee (Beaker browser) will join us talk about his new decentralised social network project, CTZN.

small-tech.org/small-is-beauti

#SmallIsBeautiful #SmallTech

Inequality requires narrative stabilizers. When you have too little and someone else has more than they can possibly use, simple logic dictates that you should take what they have.

The forbearance exercised by the many when it comes to the wealth of the few isn't down to guards or laws - rather, the laws and the guards are effective because of the *story*, the story of why this is fair, even inevitable.

1/

Today, EFF published "Privacy Without Monopoly: Data Protection and Interoperability," a major new paper by Bennett Cyphers and me.

eff.org/wp/interoperability-an

It's a paper that tries to resolve the tension between demanding that tech platforms gather, retain and mine less of our data, and the demand that platforms allow alternatives (nonprofits, co-ops, tinkerers, startups) to connect with their services.

1/

Looks like we'll need authentication of any kind of external code - which upon writing it seems completely obvious.

How lazy we have become...

CC @aral
twitter.com/alxbrsn/status/135

There is no such thing as a backdoor that only lets the good guys in. Together with Tresorit, @threemaapp and Tutanota, we are calling on EU policy makers to rethink anti-encryption proposals that would introduce backdoors in encryption platforms: protonmail.com/blog/joint-stat

The only “ethical AI” for personal data is free and open AI that runs on your own devices where you own and control it. The only “ethical AI” for communal data is free and open AI owned and controlled by us all. AI/data owned and controlled by corporations is unethical to begin with.

Today, in a hearing at the Danish parliament, the minister of justice admitted that the Danish telcos could not be prosecuted or otherwise punished for ceasing the general and undifferentiated logging it has upheld for mere than a decade - despite several rulings from EUCJ against it.

A great day for privacy in Denmark!

In Pasco County, police assign crime scores to people, including minors, who they think might commit crimes—then harass them for years.

This predictive policing program is “the worst case scenario in our head, played out exactly,” says EFF's @mguariglia.
tampabay.com/investigations/20

📣#FreedomBox 21.0 was released & uploaded to #Debian unstable. It will migrate to #testing in 2 days, then can be uploaded. ⚙️🔨🔧

The News:
-Allow downloads in openvpn & backups
-Updates for 8 languages 🌐
-12 contributed 🥸

Details:
discuss.freedombox.org/t/freed

Thanks to SIDN Funds we are working to develop an integrated privacy center for #Android and /e/OS. We want an app tailored to your needs, so we'd like your input! Take our anonymous survey about privacy & related issues on mobile phones here :
community.e.foundation/t/2021-
#privacy #opensource #yourdataisYOURdata

Show older
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!