Just be aware you WILL be tracked by license plate readers and/or other means, if you are concerned about it. There are multiple Flock cameras at the most popular protest site in our area, undoubtedly aimed at the protest and at license plates of people attending the protest.

404 Media: Cops Used Flock to Monitor No Kings Protests Around the Country

https://www.404media.co/cops-used-flock-to-monitor-no-kings-protests-around-the-country/

#privacy #protests

Flock Hardcoded the Password for America's Surveillance Infrastructure 53 Times

https://nexanet.ai/blog/53-times-flocksafety-hardcoded-the-password-for-americas-surveillance-infrastructure

#HackerNews #FlockSafety #Surveillance #Infrastructure #Password #Breach #Cybersecurity #Privacy #Issues #America

WA state governor demonstrating that people hate AI slop so much they are willing to turn each chatbot into flock camera for teens.

Just watch, if conservatives are ever in power this will be used to detect queers, brown kids asking historical questions and women looking for abortions.

AI slop is bad, not so bad I'm willing to force mass surveillance on teens.

#BobFerguson #Liberals #AISlop #cybersecurity #privacy #flock #surveillance #teens #freedomofspeech #mentalhealth

https://proton.me/blog/2025-lifetime-fundraiser-results

Proton's 2025 Lifetime Account Charity Fundraiser generated over $1.27 million to directly support organizations defending privacy, free expression, and a freer internet.

#InternetFreedom #Proton #Charity #Privacy #FreeSpeech

"Illinois Department of Human Services data breach affects 700K people"

"[...] The Illinois Department of Human Services (IDHS), one of Illinois' largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings."

https://www.bleepingcomputer.com/news/security/illinois-department-of-human-services-data-breach-affects-700k-people/

#Privacy

Permissions meet groups

• You can control who can see the profile of the forum, i.e. what it is all about. For example, you can only allow confirmed members to see it. Or, in fact, you can only allow certain members to see it by assigning a specific contact role to them. Or you could make it Fediverse-specific: Only those who can be recognised as logged-in Fediverse users can see the profile. Or you can hide it altogether.
• You can control who can see the contacts, i.e. the forum members, all the same. Like, for example, only a chosen inner circle may be allowed to see the list of forum members, but Joe Average Forum Member is not.
• Likewise, you can control who can see what has already happened in the forum when visiting the group profile.
• You can choose to hide the whole forum from the directory, the place where people go to find new contacts (the mastodon.social equivalent is https://mastodon.social/directory), to keep the forum secret altogether by keeping people from finding it accidentally or by searching.

• Normal: public, group members may upload media to the group's file storage
• Limited: public, but group members may not upload media to the group's file storage
• Moderated: like Limited, but by default, posts and comments by new group members have to be approved by the admins; members may have their permissions upgraded and post and comment without approval once they've proven themselves worthy
• Restricted: private, profile is only visible to group members, stream of posts and comments is only visible to group members, posts and comments are only sent to group members, but group members may upload media to the group's file storage

As I've already said, you can grant individual permissions to your contacts on your personal channel. But you can grant individual permissions to forum users on a forum channel just the same. You can have regular users. You can have users with certain extra privileges. You can use the permissions system to silence users without kicking and blocking them.

And you can use the permissions system to appoint extra forum admins/mods. You can grant contacts permission to administer your forum. Now, this requires for your channel to recognise visitors and their identities to see what permissions they shall have and to grant them these permissions. And this requires OpenWebAuth. So right now, you can only make forum members from Hubzilla, (streams), Forte, Friendica, Mitra and Tootik additional admins/mods. But you can.

(9/9)

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Hubzilla #Streams #(streams) #Forte #Privacy #Security #Permission #Permissions #Groups #FediGroups #FediverseGroups #PrivateGroups

Permissions, part 3: At post level

Let's translate this to Mastodon again.

You know the toot visibility button, I guess. Let's assume it looks and works somewhat different. Especially the visibility options.

"Public" still exists. It does what it says on the button: It makes your toot public. Oh, and now, it also makes all replies public. There's no replying to your toot with a DM.

The other three don't exist.

Instead, as the second option, you have "Only me".

Right below, all your lists are listed up. You can pick one of them. You can send your toot to everyone on one specific list of yours and to only those on that list, all without having to mention them. Better yet: Only those on that list are permitted to see your toot. And only those on that list are permitted to see any reply to your toot. Killer feature: They can see each other's replies, and they can reply to each other.

Below that, all groups that you follow are listed up. Again, you can pick one of them. This will have the effect that your toot will go to the group, and it will be forwarded by the group to all its members, but it will not go to your followers unless they're also in that group.

Below that, there's "Custom selection". This opens another window with each one of your lists and each one of your followed accounts, each with a green "Allow" button and a red "Don't allow" button. Here, you can put together a choice of lists and single accounts whom to send your toot to and a choice of lists and single accounts whom not to send your toot to. Again, only those who receive the toot are also permitted to see it, and only them are permitted to see any of the replies, and no-one can ever change these permissions.

What sense this makes?

Imagine you have a list with a certain group of friends in it. One of them will soon celebrate their birthday, and you want to organise a birthday surprise for them. So you send a toot to that list with everyone in it, but without that person who'll soon celebrate their birthday so you won't ruin the surprise for them.

Or: Imagine you have lists according to which languages people speak. Like, you have a German list, and you have an English list. Then you can put together an audience for a German toot from lists and single followed users, but exclude the English list so that those who don't understand German anyway won't receive that toot.

By the way: This also covers DMs. And this means that DMs are actually private.

As Mastodon is right now, you can DM Alice, you can have a conversation with Alice, but Alice could mention Bob and pull him into the conversation. This also gives Bob the opportunity to read the whole thread because he has access to it now. Mastodon only defines to whom a message is sent, but not who is allowed to see it.

In this version of Mastodon, when you DM Alice, you only grant Alice permission to see your toot and everything else in the thread. Now, Alice can mention Bob all she wants, but she can't pull him into the thread. Bob won't even receive the toot with his mention in it. He is not permitted to see it. You have not granted him permission to see the start toot, and thus, you have not granted him permission to see any of the replies, including the one in which Alice mentions him. Alice cannot change any permissions in the thread. Neither can you, by the way. The moment you send the start toot, all permissions are permanently set in stone for the whole thread.

This also makes dogpiling by extra mentions in DMs impossible.

Also, this provides for very effective quote-post control. It isn't allowed to boost posts that aren't public, including replies. It isn't allowed either to Mastodon-style-quote, as in quote-post, posts that aren't public, including replies.

These DMs have another advantage of DMs on Mastodon-as-it-is-now: If you send a DM to Alice and Bob, Bob receives Alice's replies, and Alice receives Bob's replies, and the two can reply to one another.

Oh, by the way, there's another nifty button. A speech bubble. With this button, you can allow or disallow replies to your post. Mind you, again, this only works when you start a thread. You cannot allow or disallow replies to a reply that you post.

Now, how does Mastodon-as-it-is-now handle DMs from Hubzilla, (streams) and Forte? It sees them as Mastodon DMs, and it treats them like Mastodon DMs. The downside is, if I send a restricted-permission post to Alice on Mastodon and Bob on Mastodon, both perceive it as a Mastodon DM. Both can only reply to and converse with me. They can't see each other's replies, and they can't reply to each other.

(8/9)

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Hubzilla #Streams #(streams) #Forte #Privacy #Security #Permission #Permissions #ReplyControl

Permissions, part 3: At contact level

If Mastodon was like Hubzilla, you'd have the possibility to create permission templates which you can then assign to those whom you follow. (Hubzilla calls them "contact roles", by the way.)

Like, you could make one template for those whom you really trust. You grant all permissions in that template.

Then you could make one that's more privacy-oriented. You only grant permission to send you toots, fave and reply to your toots and send you DMs.

In theory, you could also make one for those whom you absolutely must follow, but whose toots you don't want. In this one, you only grant permission to fave and reply to your toots and send you DMs. This, however, only makes sense on something that works like Facebook, something like Hubzilla, where you can only confirm follow requests by also following back because connections are always mutual by default.

Then you could go to your list of followed accounts. And you could edit and configure them, one by one. You could choose which of these permission templates is assigned to them and thereby what you allow them to do. While you're already there, you could also, for example, add them to lists or remove them from lists.

There's one catch, though: If you grant a permission for your whole account, you automatically grant it to everyone whom you follow. You cannot forbid one of your followed something your account generally allows. So if you want to be able to choose whether someone is allowed to do something or not, you must not allow it for your whole account, and instead, you must allow it followed by followed.

(streams) and Forte make things a great deal easier than Hubzilla, by the way: They don't require such templates anymore. Instead, when you go edit a contact, you'll see one on-off switch for each permission, and you can turn each permission on or off right there, right then (provided it isn't inherited from the channel). You still have such templates, but they only serve to grant the same set of permissions to a whole lot of contacts without having to click single permissions on or off for all of them.

(7/9)

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Hubzilla #Streams #(streams) #Forte #Privacy #Security #Permission #Permissions

Permissions, part 2: At channel level

Translated to Mastodon again, for each of the above permissions, your account would have seven or eight choices whom to grant the corresponding permission:

• Anyone on the internet (only available where this makes sense, it's mostly viewing permissions, but it also includes "Can fave and reply to your toots")
• Anyone in the Fediverse
• Either anyone on Mastodon or anyone using ActivityPub*
• Anyone on the same server as you (mastodon.social in your case)
• Anyone who follows you**
• Any mutual followers
• Only those of your mutual followers whom you've explicitly granted that permission
• Nobody but you yourself

**This translates to Mastodon badly. Basically, Friendica, Hubzilla, (streams) and Forte know three states of connection. Either a Mastodon follow request, that's a "contact". Or a mutual follower, that's a "confirmed contact" because it's listed on your connections page, and you have control over that connection. Or only you follow someone, that's a "confirmed contact", too, because, again, because it's listed on your connections page, and you have control over that connection. The concept of confirmed follower doesn't exist because confirming a connection request will automatically make it a mutual connection. Remember we aren't talking about Twitter followers and Twitter followed, but about Faceboook friends.

The choices on (streams) and Forte, translated to Mastodon, are:

• Anyone on the internet (only available where this makes sense, it's mostly viewing permissions, but it also includes "Can fave and reply to your toots")
• Anyone in the Fediverse
• Any mutual followers
• Only you and those of your mutual followers whom you've explicitly granted that permission

I guess you already know the switch that hides your account from Google and other search engines and the switch that makes your account automatically accept follow requests.

You know that you can mention anyone out of the blue on Mastodon, regardless of whether they follow you or you follow them or not, and they're always notified? Imagine this being notified is optional. And off by default. On Hubzilla, both is the case.

Okay, so, next, you don't allow anyone on the internet to reply to your toots. But there's an option that "half-allows" this: Anyone on the internet can send replies to your toots, even if they don't have any Fediverse account at all. Now it comes: You have to approve these replies. You have a green button that you can click, and the reply becomes visible, and it's added to the thread to which it belongs. Before then, nobody can see the reply but you. You also have a red button, and when you click it, the reply is rejected and deleted.

There are two clear use-cases for this. One is when you want absolute control over who replies what to you. Then you don't allow anyone to reply to your toots, but you activate this option. When someone does reply, you can choose whether to let the reply through or delete it.

The other one is a use-case that doesn't work on Mastodon, namely when you want to run a Hubzilla channel as a fully public long-form blog with a target audience that isn't limited to the Fediverse, and you want everyone to be able to comment on your posts, even without having some Fediverse account and following you first, but you want to keep spam out.

Lastly, there's the option that if you don't allow everyone to see your images and other media at https://mastodon.social/@jasperb/media, these images and other media can still be seen attached to toots by those who are allowed to see the toots that they're attached to.

(6/9)

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Friendica #Hubzilla #Streams #(streams) #Forte #Privacy #Security #Permission #Permissions

Permissions, part 1: Introduction

Hubzilla's permission system works on three levels. In Mastospeak, the first level is your entire account.

The second level is everyone whom you follow, individually. Like, you can go to your list of followed accounts and click on them and configure them. Among other things, you can assign to them a set of permissions that, usually, you'll first define. You'll probably have multiple such sets of permissions.

(Yes, this completely leaves out those who only follow you, and whom you don't follow back. Such a thing does not exist on Friendica, Hubzilla, (streams) and Forte. That is, it does, but you don't have a list of these, and you can't configure these, because they can't do much anyway as long as you don't follow them.)

And the third level is each toot that is not a reply, and then that toot forces its own permissions hard upon all toots that reply to it. If you reply to someone else's toot, your toot will have the same permissions as the start toot with no way for you to change them.

Translated to Mastodon, Hubzilla offers the following permissions:

• Can see your toots when visiting your Mastodon account at https://mastodon.social/@jasperb
• Can send their toots onto your timeline (I'm being serious here, you can literally follow someone and forbid them to send you their toots)
• Can see your profile
• Can see your lists of followers and followed when visiting your Mastodon account at https://mastodon.social/@jasperb
• Can see both the images and other media in your toots and the images and other media you've tooted at https://mastodon.social/@jasperb/media
• Can fave and reply to your toots (those of your toots that aren't replies)
• Can send you DMs

• Can upload images and other files and modify existing files at https://mastodon.social/@jasperb/media
  (because https://mastodon.social/@jasperb/media is not a managed cloud file storage, and the only way to add images or other media there is by you tooting them)
• Can see the webpages you've built on your account
  (because Mastodon doesn't have webpages)
• Can see the pages in the wikis you've built on your account
  (because Mastodon doesn't have wikis)
• Can edit the webpages you've built on your account
  (because Mastodon doesn't have webpages)
• Can edit the pages in the wikis you've built on your account
  (because Mastodon doesn't have wikis)
• Can send you a toot by visiting your Mastodon account at https://mastodon.social/@jasperb and using the toot editor that's present there to send a toot straight to your "wall"
  (because Mastodon doesn't have a wall, Mastodon doesn't have a toot editor on your account page for people who aren't you, and Mastodon doesn't have this entire feature)
• Can like or dislike any element in your profile at https://mastodon.social/@jasperb
  (because liking or disliking things in profiles is not possible on Mastodon)
• Can chat with me
  (because Mastodon doesn't have a chat)
• Can automatically repost my toots through their account
  (because Mastodon doesn't have this feature either)
• Can do absolutely anything on my account that I can, just by visiting https://mastodon.social/@jasperb
  (not possible for a whole lot of reasons)

• Automatically confirm follow requests (yes/no)
• Allow replies on your start toots from
• Manually allow disallowed replies (yes/no)
• Only allow replies on your start toots for so many days (number)
• Allow DMs from
• Allow to see your followers and followed
• Allow to full-text search your account
• Allow non-followed-non-followers to fave your toots (yes/no)
• Be notified about non-followed mentioning you (yes/no)
• Not if at least so many accounts are mentioned (number) (this is spam prevention)
• Receive toots from non-followed if they contain any of these hashtags (same as following hashtags, only that this is one text field and not a bunch of followed "accounts")
• Not if at least so many hashtags are in the toot (number) (again, this is spam prevention)
• Don't allow replies to replies from non-followed (yes/no) (reply guy filter)
• Show a timeline of your own toots (yes/no)
• Add your account to the directory (yes/no)
• Hide your account from Google and other search engines (yes/no)
• Delete toots and their replies from your timeline if you haven't interacted with them after so many days (number)
• Allow toots from your followed accounts that are replies in threads starting with toots from accounts that you don't follow

Consent is the most important concept you can learn about to understand better data privacy rights.

And I'm not specifying free and informed consent here, because if it's not free and informed, it's not consent.

#Privacy #Consent #HumanRights

(1/3) I have the greatest sympathy and empathy in regards to #thehated one; he is correct about the compartmentalization aspect — always compartmentalize. Always diversify your portfolio of security and privacy tools. Yet his assumption and suggestive tone bother me quite a lot in this video, and all e-mail providers have the metadata issue because e-mail as a protocol is flawed garbage from the past, and Soatok has many times called it out — can't be made secure. #proton #privacy #security

We wrote this piece last year, and in 2026 it’s still worth a spot on your radar:
DuckDuckGo gets all the attention, but several private search engines offer real alternatives — some with different privacy trade-offs and capabilities. If you’re thinking about reducing data exposure or diversifying defaults, this is a good read.
👉 https://medium.com/@biytelum/duckduckgo-isnt-alone-the-private-search-engines-you-should-actually-be-using-in-2025-fc0b5a025999
#Privacy #DataProtection #Search

Hackers are developing open-source tools like OUI-SPY and crowdsourced maps (deflock.me, alpr.watch) to detect and counter ICE's automated license plate readers and surveillance cameras. 🔍
These counter-surveillance efforts aim to protect communities from mass tracking, though legal risks remain. ⚖️

@eff

🔗 https://www.eff.org/deeplinks/2026/01/how-hackers-are-fighting-back-against-ice

#TechNews #Privacy #Surveillance #Data #Security #Rights #OpenSource #Policy #DigitalRights #Tech #Ethics #Freedom #Hackers #Hacking #ICE #USA #US #Trump #DonaldTrump

EFF warns new online age‑verification mandates risk expanding surveillance, censorship, and exclusion for adults and kids alike. 🪪
They’ve launched a resource hub to track these laws and defend privacy, anonymity, and free expression online. 📚

@eff

🔗 https://www.eff.org/deeplinks/2026/01/effecting-change-human-cost-online-age-verification

#TechNews #Privacy #Surveillance #Censorship #Data #Rights #Security #AI #Policy #Regulation #DigitalRights #FreeSpeech #Internet #USA #EFF #AgeVerification #Exclusion #Inclusion

Wegmans is now scanning shoppers’ faces, eyes, and voices in NYC stores—with no opt‑out or clear data deletion policy. 🛒
The grocery chain cites “security,” but privacy groups warn of lasting biometric risks and disproportionate impacts. ⚠️

🔗 https://www.gadgetreview.com/theres-no-opt-out-wegmans-is-now-scanning-your-face-at-the-grocery-store

#TechNews #Privacy #Surveillance #Data #Biometrics #AI #Security #Rights #Ethics #Accountability #Technology #Policy #DigitalRights #USA #BigData #Retail #US #NYC #NewYork #NewYorkCity #Wegmans

Ireland plans to lead an EU push for ID‑verified social media accounts under Tánaiste Simon Harris. 🇮🇪
The proposal aims to curb online abuse, bots, and disinformation—but may test privacy norms, anonymity rights, and platform accountability. ⚖️

🔗 https://extra.ie/2025/12/28/news/simon-harris-social-media-regulations

#TechNews #Privacy #Policy #DigitalRights #EU #AI #Security #Technology #Data #Regulation #SocialMedia #Accountability #Ethics #Democracy #Ireland #Law #Europe

Texas AG Ken Paxton wins a TRO blocking Samsung’s smart TV ACR “surveillance” in Texas, citing deceptive data collection and a major win for digital privacy. 📺🛑🔐 Full story: https://cyberinsider.com/texas-blocks-samsung-smart-tv-surveillance-over-privacy-violations/ #Texas #Samsung #Privacy #SmartTV #Newz

Roblox begins global age verification for chat features.

Facial age estimation and ID checks aim to protect minors, but raise privacy and data security concerns.

https://www.technadu.com/roblox-begins-global-age-verification-for-chat-features/617927/

#Privacy #OnlineSafety #CyberSecurity

Alt...

Roblox Begins Global Age Verification for Chat Features

Signal massively downloaded amid rising tensions, number one in Denmark

Rising tensions between Greenland, Denmark, and the United States are increasing awareness of privacy and security. The globally recommended app by privacy and security experts, Signal, is now being downloaded massively and tops the Danish Google Play Store.

https://aboutsignal.com/news/signal-massively-downloaded-amid-rising-tensions-number-one-in-denmark/

#Signal #privacy #messaging #technology #Denmark #Greenland #USA

How #Hackers Are Fighting Back Against #ICE

ICE has spent hundreds of millions of dollars on #surveillance technology to #spy on anyone—and potentially everyone—in the United States. It can be hard to imagine how to defend oneself against such an overwhelming force. But a few enterprising hackers have started projects to do counter surveillance against ICE, and hopefully protect their communities through clever use of technology.
#privacy

https://www.eff.org/deeplinks/2026/01/how-hackers-are-fighting-back-against-ice

Just published: Apple Health + ChatGPT: The Privacy Tradeoff.

OpenAI’s new ChatGPT Health feature can connect to Apple Health (and even medical records). The convenience is real, but so is the expanded attack surface. With healthcare breaches hitting millions of records, my blunt take is: if you care about privacy, don’t use it. Full stop.

If you do use it anyway, I break down what “not used for training” does and doesn’t mean, why HIPAA isn’t a force field here, and the practical steps to reduce your blast radius.

https://www.kylereddoch.me/blog/apple-health-chatgpt-the-privacy-tradeoff/

#CyberSecurity #Privacy #Apple #OpenAI #Healthcare #ThreatModeling #DataProtection