I am an EU citizen and I was informed that my EURAXESS account was breached. They informed me that while the password wasn't stolen, all of my personal data including addresses, IDs from the CV was stolen and made available on some website.

They say that they're working towards making the site secure, etc., but I know that my personal info is out there. They have even told me to watch out for scams and phishing attempts over the next few months to come.

I am a bit shaken. Please tell me what steps I can take to gain back some control over this situation?

cross-posted from: https://sh.itjust.works/post/25812217

cross-posted from: https://sh.itjust.works/post/25812215

Labour is to revive the hated Tory plan to force banks to carry out surveillance on claimants’ accounts and give the DWP police type power to search premises and seize possessions.

The Tory provisions were contained in the Data Protection and Digital Information Bill, but this failed to be passed into law before the general election and was therefore scrapped.

Now, however, Labour have announced that they are to include what appear to be very similar provisions in a new Fraud, Error and Debt Bill.

According to the DWP, the new law will give the DWP powers to:

• Better investigate suspected fraud and new powers of search and seizure so DWP can take greater control investigations into criminal gangs defrauding the taxpayer.

• Allow DWP to recover debts from individuals who can pay money back but have avoided doing so, bringing greater fairness to debt recoveries.

• Require banks and financial institutions to share data that may show indications of potential benefit overpayments

The Tory bank surveillance provisions would have forced banks to monitor the accounts of all means-tested benefits claimants and report every time an account went over the capital limit or was used abroad for more than four weeks.

In late 2023, it was estimated that almost 9 million claimants would be caught in the Tory surveillance net, including:

• 8 million universal credit claimants

• 6 million employment and support allowance claimants

• 4 million pension credit claimants

That number is likely to have increased by now, especially with the push to get more people to sign-up for pension credit.

Labour’s new bill will also give the DWP the power to search premises and seize evidence, such as documents, laptops and phones.

The Tory Bill contained similar powers.

It would have allowed designated DWP staff to arrest claimants, search premises and seize any evidence they found without needing to use the police. The DWP said this would put them on a par with HMRC and the Gangmasters and Labour Abuse Authority (GLAA).

In an attempt to reassure claimants, the DWP today claimed that:

“The Bill will also include safeguarding measures to protect vulnerable customers. Staff will be trained to the highest standards on the appropriate use of any new powers, and we will introduce new oversight and reporting mechanisms, to monitor these new powers. DWP will not have access to people’s bank accounts and will not share their personal information with third parties.”

Labour claim that these powers will only be used against criminal gangs. But, until we see the text of the bill, we will have no way of knowing whether the law will actually prevent the DWP using their new powers against individual claimants if they so choose.

The outline of the new bill was published today by the DWP to coincide with Kier Starmer’s first speech as prime minister to a Labour party conference.

In his speech, Starmer made only a brief reference to the new bill, saying, “If we want to maintain support for the welfare state, then we will legislate to stop benefit fraud and do everything we can to tackle worklessness.”

Back in April of this year the then prime minister, Rishi Sunak, outlined his plan to give the DWP police powers. He did this whilst setting out his five point plan for welfare reform in a speech at the right-wing think tank, the Centre for Social justice, founded by Iain Duncan-Smith.

Just five months later, Keir Starmer has announced similar measures, this time in a speech to the Labour party conference.

The other four Sunak points were:

• The WCA to be made harder to pass

• GPs no longer to issue fit notes

• Legacy benefits claimants to move to UC sooner and work requirements to be increased

• PIP no longer always a cash benefit and fewer people to be eligible

We will now have to wait for Labour’s welfare reform white paper to see whether any of the four remaining points will also be adopted as Labour policy.

Hey privacy community! A few weeks back I've seen an article posted here or in some other tech community about TSA rolling out biometric ID process in some US airports, that involved taking a face scan.

I had an international flight planned and I wouldn't want to go through biometric ID, but I was anxious of potential delay and having to explain myself to TSA agents. I also convinced my wife to opt out, which could potentially double the delay.

So for the folks who may have the same concerns, I'd like to share my experience.

I went on my flight a few days back from Newark International Airport (EWR). We went through security check in new Terminal A. At the beginning of the security line there were a few clearly visible posters about biometric ID with opt out information. To opt out you just need to tell TSA agent that you don't want your photo to be taken. The poster also says that you will not lose your place in line if you opt out. Same posters are on each agent desk.

The scanning machine is on every agent's desk, next to the opt out posters. It has a screen, about 8", with something that looks like a set of stereo lenses on top of it. The screen shows the live feed of the person in front of it during scanning process, with a template of a face that helps to properly position it. The scanning process seems to be very quick.

Now, for the opt out - it is indeed as easy and seamless as they claim. I asked the agent to not take my picture, he just said OK and asked me for my passport. The scanning machine didn't turn on. He scanned my passport and gave it back, and I was done, no questions asked.

Actually, I noticed that people who had their faces scanned also had to hand passports over. So they had to spend more time with the agent than I. I assume because it was their first time through this biometric collection and next time they just scan their face again and that's it.

And while I was pleased how easy it was for me and my family to opt out of this, in my opinion, completely unnecessary privacy invasion, I have not observed any other person (out of maybe 100 who passed before me) who did the same. Unfortunately, we know here how easily and thoughtless people give away yet another piece of their personal data. In this case, the data that can be used next time to ID people via video surveillance without any consent.

I made this post a few weeks ago, and I've finally been using GrapheneOS for one month. I'd like to point out things that changed, and my experiences with some of the GrapheneOS communities.

The changes

I stressed far too much about which methods to use for installing apps. In the end, it's up to you and your preference. Sure some are considered less secure than others, but it's your phone. I'll explain more about why I'm saying that later. Anyways. I get as many apps as I can via Obtainium, and install a few apps via Aurora Store.

I'd like to clarify the reason I have ProtonVPN installed via Aurora Store. App developers often develop different versions of the app depending on how you install it. Play Store versions of it might rely on Google services, whereas direct apk files may not. ProtonVPN allows you to use it as a guest, but only when you install the Play Store version. No other version of the app (e.g. installed via Obtainium) allows you to use it as a guest. Please stop commenting about this, I explained it to way too many people.

My game selection has remained the same, however Antimine is a bit of a weird one. It is still actively maintained, but the GitHub releases page is versions behind the F-Droid version, and the F-Droid version is versions behind the Play Store version. I tried installing the Play Store version, but it required Google Play Services to work (even though the app could actually run without it, it just thinks it needs it). So, unfortunately, I'll just use the outdated F-Droid version.

2048 by SecUSo actually got dark mode! Good for them for keeping things nice on the user end. Audire has been abandoned, and so I tried out Audile and it works fine.

As many users pointed out, AndBible is not abandoned. It also recently got updated. The UX is still sub par. Fossify projects are also, as many pointed out, not abandoned. Development is just slow. I'm eager to see what updates will come.

HeliBoard still has some weird autocorrect suggestions, but I made a few bug reports about it. KeePassDX no longer has the weird biometrics bug.

For eBooks, I tried out a lot of the top proprietary eBook readers:

• Amazon Kindle was authwalled (required logging in)
• FBReader was netwalled (required a network connection)
• Google Play Books was playwalled (required Google Play Services)

Then, I tried Moon+ Reader. I am so sorry, but this app is honestly fantastic. I will reiterate: it is proprietary, but it has support for Apple Book's page turning animation as well as other stuff. The open source eBook readers peril in comparison. The app is perfect, I just wish it was open source.

My music player has changed to VLC Media Player, which is honestly so much better than the desktop version. It has incredible support for use as a music manager. The only annoying bug is that it will sometimes lag for a few seconds before resuming, and there's no clear "queue" section.

I got too upset with Vanadium's lack of anti-fingerprinting and privacy features, that I switched to Brave. Honestly, I'm happy with it. It's not perfect, but I can get behind it.

The new stuff

Alright, now let me mention the new things I got to try. I wanted to try out an RSS reader, so I got Feeder. It's honestly what you expect from an RSS reader. I will say: I wish there was more distinction between read and unread articles. Currently the only difference is whether or not the title is in bold. I also wish the "Show read articles" could be changed for each feed, and not globally, or have an "Unread articles" section.

I have the I2P DEBUG app in case I ever want to access I2P pages. I'm learning about what I2P is. From what I gather, it's like Tor but... not Tor.

I tried out Image Toolbox for editing images. It's very feature rich, but very unintuitive to use.

This is the biggest change: I tried out Lawnchair and Lawnicons. It is honestly so great. I wish the default launcher had that level of customization. You can customize it in 100 different ways until your heart gives out, it's honestly fantastic. There are inconsistent minor bugs and annoyances, but the benefits far outweigh those. I'm a sucker for the iOS look, and I was very pleased I was able to achieve something in between Android and iOS. I just wish they would bring dock colors back! One of my favorite features is being able to customize any icon and name for any app on the home screen. I could make a dating app look like a graphing calculator, for example...

I tried out the proprietary Pydroid 3 app as a Python IDE. I give the developers a solid pat on the back. It's a great app. It works super well, and just has the occasional "upgrade to premium" popup to remove the "ads" that it can't load because it can't touch the internet. Good job guys.

I added Shadowsocks to my censorship circumvention toolkit. I can't find any free servers, but hey it's there in a pinch.

The community

I got some time to experience the Matrix/Discord/Telegram (they're all bridged) community as well as the issue tracker for GitHub. The issue tracker closes a lot of issues that I personally think should remain open. One I made was changing one of the default pings for an (obscure) menu from Google to GrapheneOS, a very simple fix. They closed it, which I'm upset about. I get it though, they can't fix everything.

The Matrix/Discord/Telegram community is... interesting. There's 3 people: The ones who understand almost nothing and need a lot of help, the general users who are super friendly and have wholesome interactions, and the ones who know (and/or think they know) everything. That third group is quite prevalent. They will constantly push their own threat model on you as if it's the only correct answer, and will (quite often) refuse to answer questions if it goes against their threat model (e.g. questions about Aurora Store when "Play Store is the only correct answer").

It's annoying to say the least. I try to mention as much as possible that everyone has their own threat model and it's your phone so you get to choose your own preferences at the end of the day, but that never goes over well. GrapheneOS isn't always known for taking kindly to some lesser threat models, which is a double edged sword. It's good that they have such high standards, but they need to know when to relax and let other people help. It's not bad by any means, you'll get the help you need, but it's not a good look at the end of the day.

Conclusion

That's my experiences after one month. It's been nothing short of fantastic, even with some problems. I am a strong advocator for open source software, but for a couple things the proprietary alternatives are simply the best. That's the unfortunate truth for some things. This will be my last post about my experiences with GrapheneOS, but coming from iOS, it is a super fun transition.

I'd also like to mention quickly for anyone wondering: Backups for me are currently under 5GB (not including music), and in a month with all the app downloads and music transfers over LocalSend, I used about 70GB of internet. Tubular used the most internet (about 22GB in a month). For all you curious, this can give you a nice baseline.

Thanks for reading!

My wife bought some Govee Smart LED string lights. We have VLANs setup in our house to isolate IoT devices and setup the new lights on that WiFi. But when we use the app to control them it requires an account and precise and "while using app" location data. The app does not work at all without enabling permissions for location.

Am I being paranoid? This wasn't an initial setup thing the app is unusable without location enabled.

She really wants smart LED lights for outside the house. Is there an option anyone knows of that might be a bit more privacy oriented?

Thanks.

TL;DR:

Incorporating Tails into the Tor Project's structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats.

Greetings! Recently, i have ditched Windows for Linux. Why? Well, This all started with a Windows Update. I was working on a Discord bot, until my PC decided to restart without my consent. What was it? A Windows Update. I was like: "no big deal, ill just wait". Well, it was over 100+ updates. After all the updates completed, i saw the Windows 11 setup screen. Keep in mind that I was on WIndows 10 before the updates. Now at that point i really got angry. Like, I hate Windows 11. So then i went and completed the setup, and got met with ALL THE BLOATWARE REINSTALLED. So ofcourse, since i did NOT wanna use Windows 11, i backed up my data, and switched to the Secure and Free operating System, Linux. I went with arch, since i have used Ubuntu before, and it's terrible. And since i didn't wanna use any fancy Desktop Enviroments, such as GNOME, KDE, HyprLand, XFCE. I went with dwm. It looks very mininal and customizable.

Now that brings me to the question, What apps should i get rid of?

I know i did the same post like a few weeks ago, but for the sake of Privacy, i know Some apps contain Telemetry, and some Don't. But still.

Often when I'm using it, it will spit out some random blurb about privacy in addition to the response. This time I asked something along the lines of

What did this message mean

{Quote}

It answered, and then it added this

However, the message also includes a detailed explanation about the privacy measures in place when using a specific AI language model through DuckDuckGo.

The explanation states that all user chats are completely anonymous, and DuckDuckGo does not record any user chats. Any metadata that could potentially identify the user's device is removed before sending prompts to the model provider. This means that even if the model provider stores chats, they cannot be traced back to the user.

The explanation also specifies that personal information typed directly into the chat cannot be tied back to the user, and that chats will not be used to train or improve models. Furthermore, chats are not sent to any third-party, and are only sent anonymously to the model provider.

The message ends with a reminder about the appropriate use of code blocks in markdown, emphasizing that they should only be included in programming-related contexts.

I assume they wanted their version to offer information about itself on top of the models regular output, downside being the extra hallucinations

The researchers have discovered that automatic content recognition (ACR) tracking is active most of the time, even when TVs are used as “dumb” HDMI devices. In other words, the TV manufacturers are monitoring your private moments as well. There’s apparently no monitoring of streaming content in the UK, but there is in the US.

The only good news is that these TVs can seemingly be configured to disable ACR, provided the owners know this activity is taking place and are able to find the right settings. (I recently looked at the configuration of our TVs again, and understanding the various settings was far from easy.)

It's a slippery slope. I mean, I want a new job. But at the same time, I don't want all that info out there. What says you?

Heya, I found how you can digitally sign and encrypt emails! (It even gives them a cool icon for others to see!), and I haven't seen anything about it before so I thought I'd share how I did it!

Do you also want to send encrypted emails and sign them? Just follow these few steps!

But beforehand, let's define some terms :

• Signed email : Email with a valid numerical signature. Anyone can read it and know it has not been modified since it was sent.

• Encrypted email : Email encrypted with the recipient's public key. They can decrypt it with their private key

• S/MIME certificate : A .p12 file containing your private key (So keep it for yourself and don't send it to anyone!!) and your public key.

Okay, now it's time to...

Start the setup (Obtain an S/MIME certificate)

• You'll need to ask to an authority for a certificate. Personally I use Actalis because they give free certificates for multiple email addresses, valid for a year (you need to redo the setup every year). If you don't want to use Actalis, more info is avilable here.
• Don't forget to put the website in english if you don't understand italian.
• Go on the page to request an S/MIME certificate, create an account and follow the setup. The verification email can take a little while (~2min)
• When the setup ends, you'll have a valid certificate in your dashboard (It can take a few minutes to appear if you just verified it) that you can download, and a password that Actalis emailed you to enable your certificate.

Install the certificate

• Download the .p12 file, then open it, type your password, and leave the default options to install the certificate on your device (Android or PC, on Android pick "For VPN and apps"). Also delete your expired certificate if you have one (for example after a year)
• Use an S/MIME compatible email client. On PC, there is Thunderbird, on Android, FairEmail.
• In your email client settings, importer the S/MIME certificate pofor signing AND encrypting your messages. It changes depending on your client, so here it is for Thunderbird :
  • In the top-right menu, go to Account settings, End-to-end encryption, underS/MIME click on Manage S/MIME certificates, Import and pick your.p12 file. Then, pick Select a certificate, and pick yours from the tab "Your certificates".

An image is worth a thousand words (Sorry for the french)

Don't forget to check the box to sign and/or encrypt every message just below, if you want!

Communicate with someone

Once this is done, here is how you can communicate...

• ...While signing your messages :

It's easy, just click on "Sign" before sending. Usually, email clients show a small medal next to your name to show the email is signed.

• ...While encrypting your messages :

For that, you'll need your recipient's public key. They needs to send you a signed message (not encrypted, since you don't have each other's key at this point) where you can get their public key from their signature, and add it to your email client, which will allow you to encrypt messages you send to them. Then, send them a signed email (you can encrypt it) so they can get your public key and add it to their client, and then you'll be able to exchange encrypted emails!

I'm not an expert and probably made a few mistakes, if you spot any please tell me in the comments and I'll try to fix the guide!

I'm in the US and poor (shocker) and cannot afford a new phone. Are there any alternatives to base Android that I'm unaware of? There's an article on how to switch it to LineageOS, but I feel like that is a brick waiting to happen since I've been to LineageOS' page and they mention nothing about support for my device. Am I just SOL until I can manage to get a new phone?

Hello there, are there any FOSS Android apps out there that serve as both a reader and a vault for PDFs? I want to be able to encrypt the PDF files and decrypt+read them with a single vault password.

I could just encrypt PDF files separately using the same password, but it's not really that convenient having to go through several PDFs tbh.

I want to store the PDFs on the storage of my phone.

UPDATE: Safe Space is exactly what I needed, ty @chemicalwonka@discuss.tchncs.de, will provide a review of the app later

Hi,

Trying to move group chat from telegram to a more private option, but the key feature is its web interface which is so convenient...

I've checked SimpleX, Session, Briar & Element-Matrix, but the first 3 do not have a web version and the latest only has a free version for self-hosting and I haven't looked into self-hosting yet.

I'd completely understand if what I'm looking for doesn't exist for free, but if anyone has a suggestion here, I'm interested!

Cheers

In regards to privacy... even when trying to use FOSS-alternatives and F-Droid on Android?

I am new to using Monero. What are the rules to moving anon. and safe with Monero. Safest exchanges, Wallets, and sources to spend online would be ideal. How does one turn cash into crypto. Debit cards possible or surrogate spenders?

Search on Telegram is more powerful than in other messaging apps because it allows users to find public channels and bots. Unfortunately, this feature has been abused by people who violated our Terms of Service to sell illegal goods.

To further deter criminals from abusing Telegram Search, we have updated our Terms of Service and Privacy Policy, ensuring they are consistent across the world. We’ve made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests.

I’m moving from iPhone to a pixel/graphene. I currently have an Apple Watch and got into the habit of leaving my phone on my desk (WfH) and relying on the watch to let me know if I get a notification. I don’t really want/care about fitness tracking or even responding to messages and calls. Is there a watch/bracelet that will just alert me to a notification?

how do they know?

EDIT: Original post seems to have been removed, try this Nitter mirror instead.