The most common argument used in defense of mass surveillance is ‘If you have nothing to hide, you have nothing to fear’. Try saying that to women in the US states where abortion has suddenly become illegal. Say it to investigative journalists in authoritarian countries. Saying ‘I have nothing to hide’ means you stop caring about anyone fighting for their freedom. And one day, you might be one of them.

In recent weeks, I’ve noticed a rise in censorship regarding SMS communication that’s not being discussed. At all. I’m concerned that it may become a slippery slope that eventually effects us all. I don’t have any dramatic, prose-ridden introduction this week. Just some news, facts, and observations I wanted to share. So this week, follow me down the rabbit hole as I explore an existing but rising threat to our free speech and what we can do about it.

Email aliasing is one of the most underrated privacy techniques that has yet to go mainstream. For the privacy-conscious user, it offers a degree of separation between all your accounts, making it harder for data brokers to correlate your various accounts across different services by not using the same email address to sign up. For security, the same technique can also help defeat credential stuffing while obscuring your true email address, which is the central hub where all your identities can be managed (and the email address itself is literally half of the login information a would-be attacker would need to attempt to login). Your inbox is a critical thing to protect since a breach can offer information about additional accounts you have (via the emails already sitting in your inbox like updates, notifications, sign-in verifications, etc) as well as allowing an attacker to simply hit “reset password” on websites where you already have an account and thus take them over. As for mainstream users, the biggest advantage is probably the ability to manage spam more effectively – particularly from companies who refuse to respect opt-out links – from a single inbox, rather than having one inbox for professional use, then logging out and back into another for online shopping, then another for personal or newsletters, and so forth or simply having to give up and hope the spam filters don’t falsely flag anything important (or let junk though). Email aliasing makes effectively managing and controlling your inbox incredibly easy. With that in mind, this week, let’s examine some popular email aliasing services that the privacy community has to offer.

When I announced I would be closing my communities earlier this year, a curious thing happened: a surprising number of regulars replied with some variation of “I think this is my exit.” While some were specifically talking about Matrix, claiming that mine was the only room they were really active in and therefore they saw no point to having a Matrix account anymore, at least one specifically announced they would be quitting privacy entirely, save for a few basic techniques like using a password manager and being mindful of what to post online. While I didn’t expect the number of people responding that way, I was expecting that response from one or two people. If you check any given privacy forum – especially the ones with a heavy overlap of mainstream users such as Reddit – you’ll find no shortage of people asking “is all this work worth it?” and/or announcing that they’re giving up privacy because it’s too much work. So what gives? Is privacy worth the work?

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

cross-posted from: https://lemmy.zip/post/14903482

Finland's Transport and Communications Agency (Traficom) has issued a warning about an ongoing Android malware campaign targeting banking accounts.

Simple steps to take before hitting the streets

Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the current reality. In light of that reality, I believe that an encrypted email provider is a must-have for everyone in today’s age of rampant data breaches, insider threats, warrantless police access, and targeted advertising. If I can get access to your emails, I can get a range of sensitive information including where you bank (to craft more convincing phishing attacks), information about pets (I get notifications each year from the vet for my cats’ annual checkups), calendar reminders, news announcements from family, support tickets from services you use, and more. In a worse case scenario, if I get access to the account itself, it’s trivial to simply issue password reset requests for nearly any of those accounts, have it to sent to said compromised email account, and gain access to a wide number of other accounts you use – from banking to shopping and more – for any number of reasons. So this week, let’s look into the top encrypted email providers The New Oil recommends and their features to help decide which one is right for you.

This is why people say the open source ecosystem sucks.

Defending Mastodon from Donald Trump's social media

This weekend in the United States, taxes are due. For the more responsible readers – aka “everyone but me” – this was probably already done weeks – if not months – ago. But don’t worry. Taxes will roll around again the same time next year, as inevitable as death itself as the famous philosopher noted, and our financial lives are year-round. So in other words, this is merely a good excuse to discuss some ways that you can protect your financial life – both online and off – and keep your funds, identity, and credit safe.

Making the application open-source could help the government quickly export it to other countries, Digital Transformation Minister Mykhailo Fedorov says.

GitHub: https://github.com/diia-open-source