>The 2024 Tesla Model 3 has some of the most advanced navigation, autonomous driving, and safety features currently on the market, meaning it’s full of equipment that can record and track your surroundings—and you. How much data does Tesla collect? Where is it stored? And can you trust them to protect your sensitive information? WIRED decided to investigate.

cross-posted from: https://programming.dev/post/26136291

> > > > > > Mozilla has just deleted the following: > > > > > > > > “Does Firefox sell your personal data?” > > > > > > > > “Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. " > > > > > > Source: Lundke journal.

cross-posted from: https://lemmy.sdf.org/post/30014811

> cross-posted from: https://lemmy.sdf.org/post/30014783 > > > U.S. Federal Trade Commission urged to investigate Google’s RTB data in first ever complaint under new national security data law. > > > > > > > > Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by Enforce and EPIC. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act. > > > > The complaint (open pdf) targets a major part of Google’s business: Google’s Real-Time Bidding (RTB) system dominates online advertising, and operates on 33.7 million websites, 92% of Android apps, and 77% of iOS apps. Much of Google’s $237.9 billion advertising revenue is RTB. > > > > Today’s complaint reveals that Google has known for at least a decade that its RTB technology broadcasts sensitive data without any security, according to internal Google discussions highlighted in today’s complaint. > > > > The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls (example) to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. > > > > The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. Even Google’s so called “non personalized” data contains dangerous data. > > > > [...]

*With ‘better’ I mean that an encrypted solution is adequate in these cases because the mails are on other servers, and the companies/servers depend on the jurisdiction where they are located. But by hosting a mail server at home, even unencrypted, we are 100% in control of our data.

PS: is there a self-hosting mail server solution that stores everything encrypted? I already self-host almost everything I use, but not email.

From the new terms: > When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

Mozilla deletes promise to never sell Firefox data.

cross-posted from: https://lemmy.blahaj.zone/post/22523265

> >There’s a reason that cookies and privacy policies (in the EU at least) have become such an online nuisance. These assurances of your safety and privacy are nothing more than a pretext to get consent. Your “anonymised” data is sold to an infinite regress of third parties, analysed, correlated and de-anonymised again. Any smart device you use, your browsing habits, banking transactions, your GPS position are all used to deduce fine grain information about you. Then weaponised against you for as much profit as possible.

cross-posted from: https://lemm.ee/post/56769139

> cross-posted from: https://sopuli.xyz/post/23170564

cross-posted from: https://lemmy.blahaj.zone/post/22470723

> The DHS quietly updated its policy manual earlier this month, removing LGBTQ+ identities from the section prohibiting surveillance based solely on immutable characteristics.

> It may seem like AI chatbots are taking over every digital application, whether we like it or not. You might have noticed more AI note-taking bots in online conferencing platforms, some of which offer end-to-end encryption (E2EE). Then Apple Intelligence plans were announced, promising application redesigns to offer AI features across its phone and laptop operating systems. The latest changes have come from Meta AI’s integration in WhatsApp, replete with “bots nobody wants.” > > Any time new features are added to an E2EE messaging app, it raises concerns about privacy and security. So, what concerns are raised by the addition of AI bots? How can we evaluate those concerns? As AI becomes more embedded into encrypted services, is it possible to resolve the tension between the privacy users expect from E2EE and the data access needed for AI functionality? With our colleagues at Cornell and NYU, we set out to answer these questions. > > We uncovered several facets of this question from both a technical and legal perspective and published a paper laying practical recommendations for E2EE messaging platforms and regulators. It’s also important that we outline the practical solutions and recommendations for the public. You can read the full preprint paper here.

cross-posted from: https://lemmy.world/post/26088944

> >Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans. > > >She made the claims in an interview with Swedish media SVT Nyheter which reported the government could legislate for a so-called E2EE backdoor as soon as March 2026. It could bring all E2EE messenger apps like Signal, WhatsApp, iMessage, and others into scope. > > > >Whittaker said there is no such thing as a backdoor for E2EE "that only the good guys can access," however. > > > >"Either it's a vulnerability that lets everyone in, or we continue to uphold strong, robust encryption and ensure the right to privacy for everyone. It either works for everyone or it's broken for everyone, and our response is the same: We would leave the market before we would comply with something that would catastrophically undermine our ability to provide private communications." > > >Sweden launched an investigation into its data retention and access laws in 2021, which was finalized and published in May 2023, led by Minister of Justice Gunnar Strömmer. > > > >Strömmer said it was vital that law enforcement and intelligence agencies were able to access encrypted messaging content to scupper serious crime – the main argument made by the UK in pursuing its long-term ambition to break E2EE. > > > >The inquiry made several proposals to amend existing legislation, including the recommendation that encrypted messaging must store chat data for up to two years and make it available to law enforcement officials upon request. > > > >It would essentially mirror the existing obligation for telecoms companies to provide call and SMS data to law enforcement, as is standard across many parts of the developed world, but extend it to encrypted communications providers.

FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data By Zak Doffman, Contributor. Zak Doffman writes about security, surveillance and privacy. Feb 24, 2025

The furor after Apple removed full iCloud security for U.K. users may feel a long way from American users this weekend. But it’s not — far from it. What has just shocked the U.K. is exactly what the FBI told me it also wants in the U.S. “Lawful access” to any encrypted user data. The bureau’s quiet warning was confirmed just a few weeks ago.

The U.K. news cannot be seen in isolation and follows years of battling between big tech and governments over warranted, legal access to encrypted messages and content to fuel investigations into serious crimes such as terrorism and child abuse.

As I reported in 2020, “it is looking ever more likely that proponents of end-to-end security, the likes of Facebook and Apple, will lose their campaign to maintain user security as a priority.” It has taken five years, but here we now are.

The last few weeks may have seemed to signal a unique fork in the road between the U.S. and its primary Five Eyes ally, the U.K. But it isn’t. In December, the FBI and CISA warned Americans to stop sending texts and use encrypted platforms instead. And now the U.K. has forced open iCloud to by threatening to mandate a backdoor. But the devil’s in the detail — and we’re fast approaching a dangerous pivot.

While CISA — America’s cyber defense agency — appears to advocate for fully secure messaging platforms, such as Signal, the FBI’s view appears to be different. When December’s encryption warnings hit in the wake of Salt Typhoon, the bureau told me while it wants to see encrypted messaging, it wants that encryption to be “responsible.”

What that means in practice, the FBI said, is that while “law enforcement supports strong, responsibly managed encryption, this encryption should be designed to protect people’s privacy and also managed so U.S. tech companies can provide readable content in response to a lawful court order.” That’s what has just happened in the U.K. Apple’s iCloud remains encrypted, but Apple holds the keys and can facilitate “readable content in response to a lawful court order.”

There are three primary providers of end-to-end encrypted messaging in the U.S. and U.K. Apple, Google and Meta. The U.K. has just pushed Apple to compromise iMessage. And it is more than likely that “secret” discussions are also ongoing with the other two. It makes no sense to single out Apple, as that would simply push bad actors to other platforms, which will happen anyway, as is obvious to any security professional.

In doing this, the U.K. has changed the art of the possible, bringing new optionality to security agencies across the world. And it has done this against the backdrop of that U.S. push for responsible encryption and Europe’s push for “chat control.” The U.K has suddenly given America’s security agencies a precedent to do the same.

“The FBI and our partners often can’t obtain digital evidence, which makes it even harder for us to stop the bad guys,” warned former director Christopher Wray, in comments the bureau directed me towards. “The reality is we have an entirely unfettered space that’s completely beyond fully lawful access — a place where child predators, terrorists, and spies can conceal their communications and operate with impunity — and we’ve got to find a way to deal with that problem.”

The U.K. has just found that way. It was first, but unless a public backlash sees Apple’s move reversed, it will not be last. In December, the FBI’s “responsible encryption” caveat was lost in the noise of Salt Typhoon, but it shouldn’t be lost now. The tech world can act shocked and dispirited at the U.K. news, but it has been coming for years. While the legalities are different in the U.S., the targeted outcome would be the same.

Ironically, because the U.S. and U.K. share intelligence information, some American lawmakers have petitioned the Trump administration to threaten the U.K. with sanctions unless it backtracks on the Apple encryption mandate. But that’s a political view not a security view. It’s more likely this will go the other way now. As EFF has warned, the U.K. news is an “emergency warning for us all,” and that’s exactly right.

“The public should not have to choose between safe data and safe communities, we should be able to have both — and we can have both,” Wray said. “Collecting the stuff — the evidence — is getting harder, because so much of that evidence now lives in the digital realm. Terrorists, hackers, child predators, and more are taking advantage of end-to-end encryption to conceal their communications and illegal activities from us.”

The FBI’s formal position is that it is “a strong advocate for the wide and consistent use of responsibly managed encryption — encryption that providers can decrypt and provide to law enforcement when served with a legal order.”

The challenge is that while the bureau says it “does not want encryption to be weakened or compromised so that it can be defeated by malicious actors,” it does want “providers who manage encrypted data to be able to decrypt that data and provide it to law enforcement only in response to U.S. legal process.”

That’s exactly the argument the U.K. has just run.

Somewhat cynically, the media backlash that Apple’s move has triggered is likely to have an impact, and right now it seems more likely we will see a reversal of some sort of Apple’s move, rather than more of the same. The UK government is now exposed as the only western democracy compromising the security for tens of millions of its citizens.

Per The Daily Telegraph, “the [UK] Home Office has increasingly found itself at odds with Apple, which has made privacy and security major parts of its marketing. In 2023, the company suggested that it would prefer to shut down services such as iMessage and FaceTime in Britain than weaken their protections. It later accused the Government of seeking powers to 'secretly veto’ security features.”

But now this quiet battle is front page news around the world. The UK either needs to dig in and ignore the negative response to Apple’s forced move, or enable a compromise in the background that recognizes the interests of the many.

As The Telegraph points out, the U.S. will likely be the deciding factor in what happens next. “The Trump administration is yet to comment. But [Tim] Cook, who met the president on Thursday, will be urging him to intervene,” and perhaps more interestingly, “Elon Musk, a close adviser to Trump, criticised the UK on Friday, claiming in a post on X that the same thing would have happened in America if last November’s presidential election had ended differently.”

Former UK cybersecurity chief Ciaran Martin thinks the same. “If there’s no momentum in the U.S. political elite and US society to take on big tech over encryption, which there isn’t right now, it seems highly unlikely in the current climate that they’re going to stand for another country, however friendly, doing it.”

Meanwhile the security industry continues to rally en masse against the change.

“Apple’s decision,” an ExpressVPN spokesperson told me, “is deeply concerning. By removing end-to-end encryption from iCloud, Apple is stripping away its UK customers’ privacy protections. This will have serious consequences for Brits — making their personal data more vulnerable to cyberattacks, data breaches, and identity theft.”

It seems inconceivable the UK will force all encrypted platforms to remove that security wrap, absent which the current move becomes pointless. The reality is that the end-to-end encryption ship has sailed. It has becomne ubiquitous. New measures need to be found that will rely on metadata — already provided — instead of content.

Given the FBI’s stated position, what the Trump administration does in response to the UK is critical. Conceivably, the U.S. could use this as an opportunity to revisit its own encryption debate. That was certainly on the cards under a Trump administration pre Salt Typhoon. But the furor triggered by Apple now makes that unlikely. However the original secret/not secret news leaked, it has changed the dynamic completely.

cross-posted from: https://fosstodon.org/users/notesnook/statuses/114059550980301173

> Choose your warrior: > > - @StandardNotes > - @notesnook@fosstodon.org 🛡️ > - @joplinapp > > All of these are open source, private and encrypted. Of course, Notesnook is still the best 😉 > > #notetaking, #privacy, #security, #notesnook, #opensource

cross-posted from: https://fedia.io/m/firefox/t/1847796

> > > > > > We’re introducing a Terms of Use for Firefox for the first time, along with an updated Privacy Notice. > > > >

cross-posted from: https://lemm.ee/post/56591279

> Swedish government wants a back door in signal for police and 'Säpo' (Swedish federation that checks for spies) > > Let's say that this becomes a law and Signal decides to withdraw from Sweden as they clearly state that they won't implement a back door; would a citizen within the country still be able to use and access Signals services? Assuming that google play services probably would remove the Signal app within Sweden (which I also don't use) > > I just want the government to go f*ck themselves, y'know?

cross-posted from: https://lemmy.world/post/26006683

> This really hit home for me: > > What now? Companies need to do a better job of only collecting the information they need to operate, and properly securing what they store. Also, the U.S. needs to pass comprehensive privacy protections. At the very least, we need to be able to sue companies when these sorts of breaches happen (and while we’re at it, it’d be nice if we got more than $5.21 checks in the mail). EFF has long advocated for a strong federal privacy law that includes a private right of action.

Alternative article: 'Silicon Valley’s Favorite Mattress, Eight Sleep, had a backdoor to enable company engineers to SSH into any bed'

• https://www.bloomberg.com/news/newsletters/2025-02-21/silicon-valley-s-favorite-mattress-might-pose-privacy-risk

A lot of people seem to be confused so to clear up: They haven't broken encryption. They are phishing using malicious QR codes.

Russia-backed hacking groups have developed techniques to compromise encrypted messaging services, including Signal, WhatsApp and Telegram, placing journalists, politicians and activists of interest to the Russian intelligence service at potential risk.

Google Threat Intelligence Group disclosed today that Russia-backed hackers had stepped up attacks on Signal Messenger accounts to access sensitive government and military communications relating to the war in Ukraine.

Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram.

So, I want to encrypt my files with Cryptomater before they go to my cloud based backup service. Lets say I use Dropbox.

So I know I create a Cryptomater vault and give the location as a folder in Dropbox.

I can't see that Vault until I open it in Cryptomater, right? This means I can't add anything to that Vault unless its open on my machine. As its open, I'm assuming that the data I'm adding is unencrypted until I close the Vault?

Lets say I add a plain text file to an open Vault.

So, at what point does Dropbox upload that file? Is it the minute its added to the Dropbox environment? Because that would mean its unencrypted.

Or is it not uploaded until the moment the Cryptomater vault is closed? Because that would mean I'd either have to leave the Vault open the entire time I was on my device and possibly have to do one (potentially) big upload at the end of the day maybe or keep opening and closing the Vault every time I wanted to work with the Vault (edit an existing document, add a new one, delete one etc).

Or have I misunderstood the process? I hope so because it either sounds not very secure or not very usable.

Are there any reputable online banks in Switzerland or Germany that provide virtual credit cards, serving as alternatives to UK-based services such as Revolut or Wise? We recognize that the UK has certain privacy challenges, in contrast to Switzerland or Germany.

> Tech group says it can no longer offer advanced protection to British users after demand for ‘back door’ to user data https://archive.is/NI01z

<Tap for article>

Apple withdraws cloud encryption service from UK after government order Tech group says it can no longer offer advanced protection to British users after demand for ‘back door’ to user data

Apple said current UK users of the security feature will eventually need to disable it © REUTERS Apple is withdrawing its most secure cloud storage service from the UK after the British government ordered the iPhone maker to grant secret access to customer data.

“Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature,” the US Big Tech company said on Friday.

Last month, Apple received a “technical capability notice” under the UK Investigatory Powers Act, people familiar with the matter told the FT at the time.

The request for a so-called “backdoor” to user data would have enabled law enforcement and security services to tap iPhone back-ups and other cloud data that is otherwise inaccessible, even to Apple itself.

The law, dubbed a “Snooper’s Charter” by its critics, has extraterritorial powers, meaning UK law enforcement could access the encrypted data of Apple customers anywhere in the world, including in the US.

This is a developing story

> This simple guide explains how to identify and remove common spyware apps from your Android phone.