soc.octade.net is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
Stop sending your API keys to the cloud! π
postctl keeps your Mastodon, Bluesky, and Threads tokens securely stored on your local disk. Using AES-256-GCM encryption derived from a custom passphrase, your credentials stay encrypted inside a local SQLite database. Zero telemetry, zero cloud intermediate servers.
100% open source and local-first:
π https://github.com/aeon022/postctl
π https://postctl.sh
#privacy #security #selfhosted #localfirst #opensource #cryptography
Secure messaging is about much more than end-to-end encryption. Metadata collection, open-source transparency, independent audits, default encryption, account requirements, backups, and jurisdiction all influence how private a messaging platform actually is. This comparison examines the major privacy-focused messaging apps and discusses the trade-offs each one makes instead of trying to crown a single βbestβ option.
Everyone talks about end-to-end encryption, but that's only one piece of the privacy puzzle.
I compared 14 messaging apps using the LINDDUN privacy threat modeling framework, evaluating them across seven privacy threats:
β’ Linkability
β’ Identifiability
β’ Non-repudiation
β’ Detectability
β’ Data disclosure
β’ Unawareness
β’ Non-compliance
The results challenge many common assumptions about apps like WhatsApp, Telegram, Signal, iMessage, Discord, Threema, Session, SimpleX, Briar, Cwtch, Matrix, Wire, and others.
If you care about metadata, anonymity, surveillance resistance, or privacy by design, this guide is for you.
π https://thecybersecguru.com/online-privacy/most-secure-messaging-apps-2026/
#Privacy #CyberSecurity #Infosec #Encryption #Signal #SimpleX #Briar #Threema #Messaging #OpenSource #LINDDUN #DigitalPrivacy
Everyone talks about end-to-end encryption, but that's only one piece of the privacy puzzle.
I compared 14 messaging apps using the LINDDUN privacy threat modeling framework, evaluating them across seven privacy threats:
β’ Linkability
β’ Identifiability
β’ Non-repudiation
β’ Detectability
β’ Data disclosure
β’ Unawareness
β’ Non-compliance
The results challenge many common assumptions about apps like WhatsApp, Telegram, Signal, iMessage, Discord, Threema, Session, SimpleX, Briar, Cwtch, Matrix, Wire, and others.
If you care about metadata, anonymity, surveillance resistance, or privacy by design, this guide is for you.
π https://thecybersecguru.com/online-privacy/most-secure-messaging-apps-2026/
#Privacy #CyberSecurity #Infosec #Encryption #Signal #SimpleX #Briar #Threema #Messaging #OpenSource #LINDDUN #DigitalPrivacy
Iβm ideologically transparency extremist. This means I want absolute openness for everyone. Overwhelming majority of people on lemmy and other places disagree with me, which means that statistically Iβm wrong.
I have some strong arguments for my side and most argumentation from your side is just common trolling or logical fallacies, which makes me think that Iβm correct.
Even with that, the software I use is probably more private than solid portion of members of this community, becuase almost everything I use is open source.
I want to give your side another chance. I hope for polite and fruitful discussion.
Il podcast di Marcoβs Box #220 β Chat Control 1.0 Γ¨ tornato dalla finestra (come i ladri)
#podcast #linuxnews #opensource #privacy
Nuova puntata del podcast di Marco's Box, questa volta dedicata a commentare le principali notizie dal mondo di linux e del software libero e open source.
sitebehavior.org
"a free, opensource scanner that opens any public website in a controlled browser and records what it actually does, not what its privacy policy says it does. Every request, cookie, storage key, and tracker, with the exact scan conditions attached."
Claude Code Is Steganographically Marking Requests
I inspected Claude Code for privacy reasons and found hidden system prompt markers based on API base URL and timezone.
#security #reverse-engineering #ai #privacy
https://thereallo.dev/blog/claude-code-prompt-steganography
Claude Code Is Steganographically Marking Requests
I inspected Claude Code for privacy reasons and found hidden system prompt markers based on API base URL and timezone.
https://thereallo.dev/blog/claude-code-prompt-steganography#security #reverse-engineering #ai #privacy
the list of #ArcaneChat channels in #Russian grew quite a lot! 15 channels listed now, thanks a lot to @gluek for bridging the #Telegram channels!
#DeltaChat #chatmail #Russia #news #Π ΠΎΡΡΠΈΡ #Π½ΠΎΠ²ΠΎΡΡΠΈ #decentralization #opensource #privacy #encryption #memes #channels #bot #bridge
WinterGate Intelligence Collectiveπ€ Β» 🌐
@WinterGateIC@infosec.exchange
π OSINTNova 2026 β WIC Investigation Report
Date: 2026-07-11
Status: Concluded β Observation Period Ongoing
Classification: Public Intelligence
Prepared by: WinterGate Intelligence Collective (WIC)
----------------------------------------------------------------
β οΈ COMMUNITY WARNING
OSINTNova sells access to your personal data without your consent.
OSINTNova is a commercial OSINT platform offering "PRO" services that allow users to look up:
- People by name
- Phone numbers with country codes
- Vehicle information (VIN/license plate)
- Discord IDs
- Social media profiles (Instagram, Facebook, YouTube, Steam)
- Breach data and dark web intelligence
- Financial and crypto wallet information
- Behavioral profiling via "Oracle"
WARNING: Purchasing from this platform may expose your own information to criminal actors.
THIS IS NOT OSINT. THIS IS A DATA BROKER OPERATING WITHOUT CONSENT.
----------------------------------------------------------------
Executive Summary
OSINTNova (app.osintnova.com) is a commercial OSINT platform offering intelligence-gathering tools. A direct copycat, LittleNuan, has appeared on BuiltByBit, branding itself as a "cheaper version of OSINTNova."
Key Finding: OSINTNova aggregates and sells access to Personally Identifiable Information (PII) through its "PRO" tier, with no visible privacy policy, terms of service, or consent mechanisms.
Status: Concluded | Risk Level: HIGH (Legal violations identified)
----------------------------------------------------------------
Platform Overview β High Risk Services
People Intelligence: Direct PII sales without consent
Phone Intelligence: Federal crime (18 U.S.C. Β§ 1039)
Breach Intelligence: Potentially trafficking stolen data
Vehicle Intelligence: Location tracking without consent
Discord Intelligence: ToS violation + PII scraping
Oracle: Algorithmic behavioral profiling
DorkGPT: Automated exposure of sensitive data
Dark Web Intelligence: Commercializing illicit data access
Crypto Wallet Analysis: Financial surveillance
WhoAmI: Comprehensive PII aggregation
----------------------------------------------------------------
LittleNuan β The Copycat
Listed on BuiltByBit (May 3, 2026). Price: $47.88 (one-time). 0 purchases, 1 download. Explicitly says: "cheaper version of OSINTNova." Likely scam or same service rebranded. No evidence of functional platform or active user base.
----------------------------------------------------------------
Alarming Questions That Must Be Asked
1. Is LittleNuan the same service under a different name?
2. Where does OSINTNova source its data? (Discord data is scraped, phone records are illegal)
3. Are users unknowingly breaking the law? (CFAA, 18 U.S.C. Β§ 1039, CCPA)
4. Why no privacy policy, ToS, or consent mechanisms?
5. Who is behind OSINTNova? (Young domain, anonymous, low trust score)
6. Is it an unregistered data broker?
7. What happens to data users submit?
----------------------------------------------------------------
Legal Violations (Summary)
18 U.S.C. Β§ 1039 β Selling confidential phone records (FEDERAL CRIME)
CCPA/CPRA β Sale of PII without consent or opt-out
CFAA (18 U.S.C. Β§ 1030) β Unauthorized scraping of social media platforms
FTC Act Β§ 5 β Unfair or deceptive trade practices
California Civil Code Β§ 1724 β Unlawful sale of data obtained via crime
Platform ToS β Discord, Meta, Google, Steam scraping violations
GDPR β Processing EU citizen data without compliance
Regulatory Exposure:
- Federal Trade Commission (FTC) action possible
- State Attorney General investigations
- Department of Justice (DOJ) criminal exposure
- Civil lawsuits from affected individuals
- Platform enforcement actions
----------------------------------------------------------------
Red Flags Summary
1. PII sales without consent
2. Phone record sales (federal crime)
3. Breach data commercialization
4. No privacy policy or ToS
5. No opt-out mechanisms
6. No data source disclosure
7. Social media scraping (ToS violations)
8. Algorithmic doxing
9. Dark web data access
10. Defensive/hostile response to questions
11. Unregistered data broker
12. Copycat product exists
13. No ownership disclosure
14. Young domain
----------------------------------------------------------------
Associated User Investigation
A user named Goofisded (guns.lol/goofisded, GitHub: Goofisded) was observed holding root and sudo roles in OSINTNova's Discord server, being defensive, dismissive, and hostile when questioned about the platform's legality, and timing out an investigator who asked legitimate legal questions.
Assessment: Likely staff or close affiliate. Defensive behavior indicates awareness of legal exposure and inability to defend the platform.
----------------------------------------------------------------
The Bigger Picture
OSINTNova Is Not a Legitimate OSINT Tool β It's a Data Broker. Legitimate OSINT tools help investigators find publicly available information. OSINTNova sells access to private phone records, scraped Discord data, breach data, and behavioral profiles. This is not OSINT. This is commercialized surveillance.
The Community Is at Risk. OSINT practitioners who use this platform may be violating platform ToS, breaking federal and state laws, exposing themselves to legal liability, and funding the commercialization of stolen data.
The Pattern Is Clear: Create a platform that looks like an OSINT tool, aggregate PII from questionable sources, sell access to that data, offer no transparency or consent, and act defensive and hostile when questioned.
----------------------------------------------------------------
What's Not Being Said
- Is OSINTNova the same as LittleNuan? If yes, they're operating under multiple names to evade scrutiny.
- Where does the data come from? If it's from breaches, it's stolen. If it's scraped, it's ToS violations.
- Who owns the platform? Anonymous ownership makes accountability impossible.
- Is this legal? Multiple federal and state laws suggest it is not.
- Why is there no privacy policy? Because they don't want to disclose what they're doing.
- Why are they defensive when questioned? Because they know they're operating in a gray area.
----------------------------------------------------------------
Recommendations
For Community Members:
- DO NOT use OSINTNova for OSINT work
- DO NOT enter personal or client information
- DO NOT purchase services from the platform
- REPORT suspicious activity to the FTC or state Attorney General
- CHANGE any passwords or credentials shared with the platform
For Regulators and Investigators:
- Review the platform's service offerings
- Verify the lack of privacy policy, ToS, and consent mechanisms
- Investigate potential violations of CCPA, CFAA, and 18 U.S.C. Β§ 1039
- Consider enforcement action
- Warn the public
----------------------------------------------------------------
Resources
Platform: https://app.osintnova.com
LittleNuan: https://builtbybit.com/resources/littlenuan.105653/
ScamAdviser: https://www.scamadviser.com/check-website/osint.nova-saas.com
Associated User: https://guns.lol/goofisded
FTC Report: https://reportfraud.ftc.gov
California AG: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
DOJ: https://www.justice.gov
----------------------------------------------------------------
Status: Concluded | Evidence: Complete | Community Notified: Yes
----------------------------------------------------------------
βββββββ βββββββββββββββ ββββββββββββββββ βββ βββββββ βββ βββ ββββββ
βββββββββββββββββββββββββ βββββββββββββββββ βββββββββββββββ βββββββββββ
βββ ββββββββββββββββββββ βββ βββ ββββββ ββββββ ββββββ βββββββββββ
βββ ββββββββββββββββββββββββ βββ βββββββββββββ βββββββ ββββββββββββ
βββββββββββββββββββββββ ββββββ βββ βββ βββββββββββββββ βββββββ βββ βββ
βββββββ ββββββββββββββ βββββ βββ βββ βββββ βββββββ βββββ βββ βββ
----------------------------------------------------------------
WINTERGATEIC βοΈ
----------------------------------------------------------------
Reviewe Lumo 2.0 : Proton's privacy-focused AI assistant, to see how it compares with ChatGPT and Claude.
The review covers its strengths, limitations, privacy claims, and whether it's ready for everyday use.
Read the review: https://digitalescapetools.com/reviews/lumo-2-0-review.html
#politics #privacy #europe #chatcontrol
β οΈ Chat Control 1.0, une dΓ©rogation temporaire aux rΓ¨gles ePrivacy a Γ©tΓ© adoptΓ© jeudi par le Parlement europΓ©en.
Le règlement restera en vigueur jusqu'au 3 avril 2028,
Cela veut dire que l EU (par n'importe quel moyen technique) va scruter tous les messages et emails !
La seule solution pour y échapper est est d'utiliser des solutions décentralisées ou très sécurisées (Messagerie SimpleX . Email tutamail....)
Fort Firewall gives you detailed control over which Windows apps can access the network with custom rules, blocklists, bandwidth limits, and traffic statistics.
β οΈ Note: On Windows 10+, it currently requires disabling HVCI (Memory Integrity), so check the requirements first.
More details: https://digitalescapetools.com/tools/tool.html?id=fort
#Windows #Privacy #OpenSource #Firewall #SelfHosted #CyberSecurity
The European Parliament has failed to stop platforms from scanning private messages for child abuse material until 2028 after a motion to reject the rules fell short of the 361 votes required.
The EUβs Chat Control message-scanning regime will continue despite the fact that most lawmakers who cast a ballot want the rules gone.
Former MEP and Pirate Party privacy campaigner Patrick Breyer, revealed that during the recent European Parliament vote, 314 members voted against the EUβs chat control rules while 276 backed it.
There were 17 abstentions, and because rejecting the measure needed an absolute majority of the full chamber rather than a simple majority of those present, the 314 opposing votes were not enough.
A separate amendment to limit message scanning to suspects flagged by courts also drew more support than opposition, 322 to 255, and similarly the majority lost.
Due to the outcome of the vote, βChat Control 1.0,β which was temporarily paused after EU institutions could not agree to extend it, will now be revived[β¦]
Exit Chat Control Β· Guida pratica per sfuggire a #ChatControl e rivendicare la tua #privacy digitale (in inglese, francese, tedesco e olandese) https://exitchatcontrol.org/
In italiano c'Γ¨ "facciamo" di cisti: https://facciamo.cisti.org/#/
Alla fine, con qualche aggiornamento legato all'avanzamento tecnologico, sono le stesse cose che diciamo da trent'anni (cfr. Joe Lametta, "Kriptonite - Crittografia, anonimato e privacy nelle reti telematiche", 1998) evidentemente con scarsi risultati.
β For Australian voters: Federal Parliament AI & Data Centre inquiry accepting submissions until 1 September 2026.
π¦Ί Data centres are connected to social and environmental damages and net loss of local jobs.
β οΈ They are also responsible for facilitating IP theft, erosion of privacy and privacy-degrading business practices.
#privacy #privacymatters #intellectualprivacy #mentalprivacy #physicalprivacy #datacentres #australia
π© Chat Control 1.0 passed the European Parliament β through the back door βΌοΈ https://www.euronews.com/next/2026/07/10/chat-control-10-passed-the-european-parliament-through-the-back-door
#Europe #EU #privacy #MassSurveillance #HumanRights
#SphèrePrivée #Surveillance #DroitsHumains
#PrivatsphΓ€re #Menschenrechte #Γberwachung
The Brave browser:
Some cheery reading from Cambridge Analytics on the Brave browser, and on other βprivacy-firstβ products and services:
βBrendan Eichβs 2015 promise was seductive in its simplicity: a browser that blocks trackers, ads, and the entire apparatus of surveillance capitalism. Seven years later, Brave has attracted 60 million monthly active users with that vision. What those users largely donβt understand is that Brave replaced Googleβs tracking with its own.β
Unrelated to the ad tracking, some years ago Brave was collecting (Brave cryptocurrency) donations on behalf of others, without prior permission or even knowledge of those it claimed to be collecting the donations for:
There was the affiliate-link interception scheme implemented by Brave, too.
Searches will find other privacy and policy discussions involving Brave.
This whole Google and the Wannabes β great band name, that β is headed in the entirely wrong direction for my own privacy preferences, though.
And so the surveillance society continues to expand as retailers deploy facial recognition technology (that triggers immediate police alerts) into the high street.
The technical problems with FR systems are well known as are the challenges to privacy - the UK's road to becoming a police state continues (no, we're not there yet, but the direction of travel is pretty clear).
#politics #privacy
https://www.theguardian.com/technology/2026/jul/10/facewatch-facial-recognition-uk-shops-instantly-alerts-police-civil-liberties
The Drive: How Flock Cameras Wrongly Tracked Me for Days Over βStolenβ Plates and Sent Police After Me. “The Plymouth Police Department had been tracking me for days using Flock license plate cameras, waiting for the right moment to strike, because they thought Iβd stolen the Range Rover. And the reason I was IDβd as a dangerous car thief was a simple data error made 2,000 miles away in [β¦]
https://rbfirehose.com/2026/07/11/the-drive-how-flock-cameras-wrongly-tracked-me-for-days-over-stolen-plates-and-sent-police-after-me/First itβs a scan. Then itβs a standard. Then itβs simply how things are. Privacy is a right, and a right you canβt exercise is one you soon no longer have in the EU. Enjoying how Keet makes fun of this.
How to turn off #FaceID on #iPhone β and when you should
The campsite weβre visiting uses facial recognition at the pool entrance. You βneedβ to upload a selfie so they can grant you access to the pool. Absolute madness.
I enquired about an alternative and luckily they can also give you a card with a QR code to scan at the gate. #privacy
The #House Passed The #KIDSActβThe #Senate Should Reject It
https://www.eff.org/deeplinks/2026/07/house-passed-kids-act-senate-should-reject-it
"We Want Texans to Know Their Rights": Q&A with #MaydayHealth on the Impact of #Surveillance on #Abortion Care
Zerion 3.0 marks our transition to a fully independent protocol stack.
Briar has been an excellent foundation, but our goal is to be fully independent. Weβre replacing the remaining Briar/Bramble protocols with our own transport, wire format, sync layer and message model.
One focus: resisting traffic analysis with constant-rate polling and cover traffic.
EXIT CHAT CONTROL_
βChanging tools is an act of individual responsibility, one that belongs to each of us: it is how you refuse an illegitimate mass surveillance."
Chat Control wants to scan your private messages. Here is how to take back control of your conversations, your data and your tools... https://exitchatcontrol.org/#menace
π΄ Delete
WhatsApp (Meta)
Messenger (Meta)
Instagram (Meta)
Gmail (Google)
Google Drive / Photos (Google)
Outlook (Microsoft)
OneDrive (Microsoft)
Teams (Microsoft)
Snapchat
Discord
TikTok
Telegram
π½ Adopt
πΈGrapheneOS
πΈSignal
πΈSimpleX Chat
πΈElementX (Matrix)
πΈProton Mail
πΈTutaMail
---
This post was created using the following applications: Vanadium, Markor, Pachli. Operating system GrapheneOS.
---
____
#surveillance #chatcontrol #eu #politics #privacy #opensource #foss
I've installed the Firefox extension Page Assist, an "AI" and RAG sidebar which can be configured to use a local LLM server.
It's much more powerful than I expected, and I've yet to explore embeddings and RAG features.
The hardware I'm using is "garage sales grade": an old Lenovo T460 (6th gen i5, 16 GiB RAM) and an old gaming PC downgraded to a 10th gen Core i3 ($25) with 8 GiB RAM and a Geforce RTX 3060Ti with 8G GiB VRAM (broken for gaming).
That's sufficient for running Gemma-4-E4B QAT q4 with a full 128K context at > 90 tokens/s.
The compute power of the old machine is sufficient for a household (or even for a team of 10-15 people).
The takeaway is this: no one needs to sacrifice their privacy to use large-language models for summaries or text analysis. Operating such systems at is cheap and easy. Google's tiny open-weights Gemma-4 is much more powerful than I expected.
1/2
In the past 30 days we pushed over 1.6 PB of data on our network.
All to help people protect their right to privacy and help everyone access the open Internet.
If you don't want to chat with an AI bot, but with real friends and family, privately and securely...
Use Signal: https://signal.org/install π
No AI bots. No ads. No tracking. Just your conversations.
If your friends aren't on Signal yet, invite them this summer. Let the blue sky be your reminder βοΈ
Just a quick rant: I prefer to support small businesses, but it bugs me when a companyΚ»s βweb siteβ is just an #Instagram or #Facebook page. I understand that many folks may not have the time nor talent to put together a simple site, but by not doing so these small businesses are demanding that every potential customer turn over data to Zuckerberg - and to every broker and marketer that he sells our data to. So please folks, donΚ»t force us potential customers to avoid your biz. #tech #privacy
π¨ NEWS: Meta rimuove la funzione AI di Instagram dopo le critiche per la privacy
Ecco i punti chiave in breve:
π‘ Meta ha fatto marcia indietro su una controversa funzione di intelligenza artificiale su Instagram, lanciata solo pochi giorni fa e ora rimossa dopo le proteste di utenti e agenzie...
#aIGenerativa #instagram #intelligenzaArtificiale #meta #privacy
Local AI privacy tip: treat prompts like logs. If an assistant helps with ops, invoices, customer notes, or source snippets, keep the default path local and make cloud calls an explicit choice. Boring architecture, very useful habit. #LocalAI #Privacy #SelfHosted