People are starting to wake up to the fact that they have control and ownership over their data, and governments are moving quickly to legislate these rights. John K. Thompson has written a new book on the topic that is a must read! We talk about the new book in this episode along with how practitioners should be thinking about data exchanges, privacy, trust, and synthetic data.
New versions of Brave will hide—and, where possible, completely block—cookie consent notifications. Brave’s approach is distinct and more privacy-preserving than similar systems used in other browsers (such as the “auto-consent” systems used in other browsers), and helps keep the Web user-first.
Unlike other approaches, this won’t simply automate the process of clicking “no” in cookie-banners, Brave will block the cookie-banners themselves.
Nitasha Tiku writes on The Washington Post:
The only way to escape technology that makes money off your data is by paying for products that don’t, Whittaker says. An alternative to data collection only exists if the community of people who rely on it “kick in a little bit,” she said.
Signal is one of the few successful tech products, like the Firefox browser, led by vociferous critics of Big Tech. The app offers end-to-end encryption on group text, voice and video chat, does not collect or store sensitive information and does not store backups of your data on its servers — a viable alternative to relentless data gathering at the center of tech industry critiques.
In the world of messaging (today), you have behemoths like WhatsApp and iMessage, and they are “backed by some of the richest companies in the world.” And then there’s Signal. It’s run by a nonprofit and pretty much operates as the exact opposite — they are committed to end-to-end encryption, does not collect or store sensitive information, or backups of user data.
This post from Nitasha Tiku on The Washington Post gives a detailed backstory on Meredith Whittaker, former Google manager, and her arrival to Signal as President (and board member since 2020), as well as why Signal “hopes to support itself with small donations from millions of users.”
maps.earth is a planet-scale installation of Headway, but you can easily set up your own server on a smaller scale for your own personal use by running just a few commands.
This is the first I’ve heard of Headway, but I love their mission:
The Headway Project was born out of a frustration with the need to send current and future location data to a corporation in order to figure out how we’re getting from A to B. Offline-only maps apps can be frustrating to use, and sometimes suffer from performance problems, poor data coverage, or other technical limitations.
Headway aims to remedy these issues by bundling industry-standard software into a web app that’s easy to set up for yourself or your friends. No need to send your location data to anyone you don’t trust, not even maps.earth.
In this Fully-Connected episode, Daniel and Chris discuss concerns of privacy in the face of ever-improving AI / ML technologies. Evaluating AI’s impact on privacy from various angles, they note that ethical AI practitioners and data scientists have an enormous burden, given that much of the general population may not understand the implications of the data privacy decisions of everyday life.
This intentionally thought-provoking conversation advocates consideration and action from each listener when it comes to evaluating how their own activities either protect or violate the privacy of those whom they impact.
DuckDuckGo is extending their push for greater digital privacy to email protection with DuckDuckGo Email Protection. Here’s what they shared today on the official DuckDuckGo blog at spreadprivacy.com.
DuckDuckGo Email Protection is a free email forwarding service that removes multiple types of hidden email trackers and lets you create unlimited unique private email addresses on the fly. You can use Email Protection with your current email provider and app – no need to update your contacts or juggle multiple accounts. Email Protection works seamlessly in the background to deliver your more-private emails right to your inbox.
Email tracking and spam is at an all time insanity level. As someone who gets a ton of email daily, most of which is noise and not signal, the problem of email tracking could not hit closer to home
Large data-hungry corporations dominate the digital world but with little, or no respect for your privacy. Migrating to open-source applications with a strong emphasis on security will help stop corporations, governments, and hackers from logging, storing or selling your personal data.
AppleInsider explains Apple’s new Private Access Tokens (PAT) tech announced at WWDC:
Using a new HTTP authentication method called PrivateToken, a server uses cryptography to verify a client passed an iCloud attestation check.
When the client needs a token it contacts an attester — in this case, Apple — which performs the process using certificates stored in the device’s Secure Enclave.
I’ve been waiting for someone to kill CAPTCHAs for us, but this will be an Apple-only solution for now:
The company is working to help make Private Access Tokens a web standard, but there is no mention of tokens working on Android or Windows. People on those platforms may have to put up with CAPTCHAs, for now — or wait for Microsoft’s and Google’s work on the matter.
I believe this is the draft of the standard that they’re referring to. Cloudflare also has a nice article on their work in this space.
Bunny Fonts is an open-source, privacy-first web font platform designed to put privacy back into the internet.
With a zero-tracking and no-logging policy, Bunny Fonts helps you stay fully GDPR compliant and puts your user’s personal data into their own hands. Additionally, you can enjoy lightning-fast load times thanks to bunny.net’s global CDN network to help improve SEO and deliver a better user experience.
All font in the collection are fully open source, which means you can use them without fees even in commercial offerings.
Total Cookie Protection is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site.
Kev Quirk:
DuckDuckGo, the privacy centric search firm have been found to be allowing Microsoft trackers through their browser. It’s dishonest, and I’m really disappointed.
Noteworthy: this is the DDG browser, which I’ve never used. Not the search engine. But still, this is concerning like Kev says:
DuckDuckGo tout themselves as being highly transparent and privacy respecting in everything they do. So to discover that they have been keeping this tidbit of information from their users — one that goes against the very fibre of the company — is a little concerning for me.
This week we’re talking with Bruce Schneier — cryptographer, computer security professional, privacy specialist, and writer (of many books). He calls himself a “public-interest technologist”, a term he coined himself, and works at the intersection of security, technology, and people.
Bruce has been writing about security issues on his blog since 2004, his monthly newsletter has been going since 1998, he’s a fellow and lecturer at Harvard’s Kennedy School, a board member of the EFF, and the Chief of Security Architecture at Inrupt. Long story short, Bruce has credentials to back up his opinions and on today’s show we dig into the state of cyber-security, security and privacy best practices, his thoughts on Bitcoin (and other crypto-currencies), Tim Berners-Lee’s Solid project, and of course we asked Bruce to share his advice for today’s developers building the software systems of tomorrow.
With the recent events relating to Google Analytics platform, it’s becoming very clear that the time has come for many of us to migrate from Google Analytics to different platforms.
In this article we will go over both the “Why?”, so that you can make an informed decision whether you need to migrate of not, as well as the “How?” of migrating from Google Analytics - that is, quickly and easily taking your data and moving to different analytics platform without too much hassle.
Brave is rolling out a new feature called De-AMP, which allows Brave users to bypass Google-hosted AMP pages, and instead visit the content’s publisher directly. AMP harms users’ privacy, security and internet experience, and just as bad, AMP helps Google further monopolize and control the direction of the Web.
The Brave team is really doubling down on privacy and security. I don’t think that strategy would’ve won users a few years ago, but in 2022 and beyond…
Mike Lapidakis thinks Apple’s Hide My Email feature that debuted in iOS 15 is “one of the most under-rated privacy launches of the past year.”
I’m a huge fan of the service and think the practice of a unique email per site is nearly as essential as using a unique password. When it’s this easy, you have no excuse.
You might not need this curated checklist of 300+ tips for protecting digital security and privacy (you probably do), but I bet there’s someone in your life who does (you probably do, too).
This episode is a follow up to our recent Fully Connected show discussing federated learning. In that previous discussion, we mentioned Flower (a “friendly” federated learning framework). Well, one of the creators of Flower, Daniel Beutel, agreed to join us on the show to discuss the project (and federated learning more broadly)! The result is a really interesting and motivating discussion of ML, privacy, distributed training, and open source AI.
Get Google search results, but without any ads, javascript, AMP links, cookies, or IP address tracking. Easily deployable in one click as a Docker app, and customizable with a single config file. Quick and simple to implement as a primary search engine replacement on both desktop and mobile.
Includes quick deployment to Heroku, Replit, and Fly. Or you can run it locally, of course via standard Python tooling or Docker.
Henrik Fricke:
Indiepen lets you embed HTML, CSS, and JS code examples on a website. We built it because we wanted to embed code examples on our blog, but many existing solutions set cookies, have a ton of features or just come with a bad performance.
😎 No cookies, no tracking, no external requests
⚡️ Small footprint with less than 20 KB
❤️ Features built for everyone
Congrats, Henrik, on shipping your first open source project! 👏
This sounds too good to be true, because it kind of is. There is no escaping the cloud (because of email trust) or the requirement of sysadmin’ing this setup (sending/receiving email is critical). If you slack on the details or upkeep, it’s your email.
I have been on an ongoing quest to free myself from cloud services for years now. During this time, I have hosted my personal email (
@bloomqu.ist) on aGoogle AppsG SuiteGoogle Workspace account, which, while convenient, also means that my personal emails are at the whims of one of the world’s most privacy-hostile companies.
Don’t get me wrong – what Zach shared is quite possible, but it’s still too time consuming and difficult to host your own email. It’s untenable long-term. There’s a billion dollar business there waiting for someone to seriously compete with Google on email, and not be evil. Fastmail comes to mind. I could be wrong, but I would characterize them as being an alternative, not seriously competing with Google.
Brave Search has some similarities to DDG (which has been my default for a couple years now), but it’s different in that it builds its own index vs relying on Bing and Yandex. Brave’s principles:
If those resonate with you, it’s worth a try. Not a Brave Browser user? You can still use search.brave.com.
This is an opinionated list that goes so far as to tell you what to avoid and some options to use instead. I’d love if they’d also tell you why to avoid things. For example, under the Photo Editing and Management section they say to avoid VSCO. Yeah but why?!
ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers.
This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be found here.
A solid primer on using openssl to encrypt all the things, which in this day and age is a skill that shoiuld be taught in secondary school right alongside how to bake a cake and change a tire.
This is a solid move in protecting people’s privacy, especially for those completely unaware. Sounds like WordPress is considering the same and a helpful Hacker News commenter typed up how to accomplish it on a bevy of popular web servers.
Related: I just deployed this to changelog.com as well. 😎
