Security and privacy professional. Currently testing and evaluating Signal username staging application.
One of the most useful features of Google Forms is automatically transferring the form input to a spreadsheet. Any of FOSS alternatives have that ability?
Problem with new Tailscale install to bypass ISP CGNAT
I have a cloud VPS running Ubuntu with Tailscale installed directly. I also have Tailscale installed on my home server.
I'm trying to access my self-hosted applications from outside my home network which I did easily until I switched to fiber internet that uses CGNAT.
Tailscale is working locally but not outside my home network. A suggestion was to disable IP v4 on Tailscale since it conflicts with the CGNAT IP my ISP is using. However when I add the "disableIPv4": true to the config file in the access control area of Tailscale, I keep getting various errors.
Any help would be appreciated.
Best option I can think of is privacy.com
You can create virtual cards linked to your bank account and the transaction data is masked when processed by you bank. All my bank transactions show up as NSA Gift Shop. My bank doesn't know where I'm spending my money. Yes you have to trust privacy.com...
Similar question: Android smart watches only connect to one phone. I like receiving silent notifications on my watch from my android phone. However I also have an Apple phone for work and would like a ring or some other small wearable (not a second watch) to receive notifications from my Apple phone.
I use Eufy doorbells, locks, and cameras. I realize they are a Chinese company, but that is almost unavoidable until the US gets back to actually manufacturing tech.
The reason I like Eufy is the local storage and no required subscription fees.
First quick check of the app with classysharkExodus shows the following trackers built in:
- Google AdMob - "AdMob makes earning revenue easy with in-app ads, actionable insights, and powerful, easy-to-use tools that grow your app business"
- Google Firebase Analytics - This logs user language preference and user location
Permission Slip by Consumer Reports
The October issue of Consumer Reports has a full page ad for their app called "Permission Slip". The tagline reads "Companirs collect and sell you personal data. Our easy to use app helps you take back control."
Anyone have any experience with this? I haven't heard of it before but plan to install and do some testing.
I think Graphene OS was commenting about them on Twitter. I'll see if I can find the posts.
We need an online guide, based on make and model, on how to disable the transmission of this data.
Apparently not, I have a Pixel 8 Pro that I got free on a promotion from AT&T. The bootloader is locked on it and grayed out.
Not in the US. A phone "purchased" on contract is carrier locked and you can't unlock the bootloader, which needs to be done in order to install a different OS.
I believe NetGuard will act as a VPN. This will prevent you from using an actual VPN.
Since it is a free phone from a carrier it will be locked until the phone is "paid off" by keeping their service for a specified amount of time. Once that time has passed, then your best option is to have the carrier unlock it and install Graphene OS. Until then, there is not much you can do.
As someone who has worked fraud and online investigations, and both written and served search warrants; it is not an option. A probable cause affidavit is presented to a judge and if the judge agrees there is sufficient probable cause, a search warrant is issued. This is an order by the judge and not optional. The judge can hold the company in contempt if they refuse to obey his/her order.
"helped" is very misleading. Companies can't refuse to provide information they have when served a search warrant / court order. These companies DID NOT choose to provide the info on their own.
Can I add it to my Amazon wish list?
Why would you want to??
Regarding: "On Android you can use [Stealth] . That's what I use for searches that pull up Reddit posts."
The stealth protocol does not have anything to do with accessing individual sites or services. The purpose of stealth is when trying to estata VPN connection to a provider that does not allow VPNs. For example, a public wifi that blocks VPN connections or some countries that require ISPs to block VPN connections.
Anytype has responded and I had a couple other clarifying questions. Their first response:
"Hi! In our privacy policy we include Amplitude & Sentry & explain why we work with them: anytype.io/app_privacy. Currently, you can opt-out by electing local-only or self-hosted network Mode"
Sentry is only used for bug tracking and I don't have any issue or privacy concerns with that.
I had already looked on their website for a privacy policy and the only one I could locate was a website only privacy policy. I learned later that the application privacy policy is buried as a link somewhere within the website privacy policy. This is not very easy to find.
I reviewed the application privacy policy and it conflicted with their answer stating that a user could opt out of information sharing with Amplitude by using "local only" or "self-hosted". So I pointed this out and posted this reply to them:
"Also, app privacy policy section for Amplitude states: Amplitude Analytics Purpose: deliver behavioral and app usage data. Opt-out possible: NO"
This is the response I received:
"Indeed this is outdated information, as it was written before self-hosting and local-only mode were properly configurable. Opt-out is now possible using these methods, and we will be updating the policy accordingly."
Reach out to the job sites directly and report these as fraudulent. Ask them to remove the resume postings.
Also consider making accounts for her on these sites, may make it easier to prevent future posting and to remove any that do appear.
Then, since it sounds like you are her lawyer. Subpoena these sites for information on account, email address, IP address used for the fraudulent posts.
Hulu ad blocking
I've had some luck blocking ads on Hulu but it seems to be an ever evolving situation. Is anyone having decent success blocking Hulu ads with pi-hole? What domains do you block and which ones are required?
Why isn't there any white laser markings ink/powder/paste/spray?
I recently purchased my first laser. I'm interested in adding color to my engravings. Specifically I want white text engraved on black metal. However I've searched online and can't find any white marking materials.
The Irish government wants to pass a law that could see you or your loved ones jailed for possession of memes, cartoons or any content that could be deemed "hateful".
The Bill includes no definition of hate and is wide open to abuse by bad actors. Defend free speech – say no to this legislation, and any legislation of is kind... Anywhere!
Xbox wireless controller pairs but will not connect. (SOLVED)
I purchased a brand new Xbox wireless controller. It paired with my steam deck easily but it will not connect and the "X" button on the controller keeps flashing. I've hit every button on the controller and can't get it to actually connect. I've also rebooted the steam deck.
Any help would be appreciated...
Protections gained using GrapheneOS
Quoted from GrapheneOS:
Cellebrite and others in their industry use logical extraction to refer to extracting data from a device after unlocking it, enabling developer options (requires PIN/password), enabling ADB and permitting access for the ADB key of the attached device. See https://cellebrite.com/en/glossary/logical-extraction-mobile-forensics/ The baseline doesn't involve exploitation. The next step up is exploitation via ADB to obtain more data than ADB makes available.
Obtaining data from a locked device requires an exploit. If it was unlocked since boot, the OS can access most data of the currently logged in users.
GrapheneOS includes our auto-reboot feature to automatically get data back at rest so that it's not obtainable even if the device is exploited. Can set this to a much lower value than the default 72 hours. 12 hours won't cause inconveniences for most users, but you can go lower.
User profiles that are not currently active have their data at rest. GrapheneOS prov