Another option would be to make a deal on #Greenland — a sale or lease, with expanded access to #mineral rights, & #US role in #security. In the event of a crisis, “the rest of #Europe will lean on #Denmark to make some kind of arrangement with the #US,” Rahman said.

#Trump #MafiaState #imperialism #geopolitics #NATO #NewWorldOrder #law #Congress #WarPowers #NaturalResources #oil #minerals #sovereignty #ShippingLanes #ClimateChange #theft #piracy #InternationalLaw

Gizmodo: Disney to Pay $10 Million After Feds Say It Broke Kids’ Privacy Rules on YouTube. “Disney has agreed to pay $10 million in civil penalties to settle allegations that it violated federal data-collection laws designed to protect children. The Department of Justice (DOJ) announced on Tuesday that a federal court has entered a stipulated order resolving a case against Disney Worldwide […]

Wayland is replacing X11 as Linux’s display protocol, offering lower latency, simpler design, and stronger security. 🖥️
By restricting app access to input and screen data, it reduces long-standing privacy risks. 🔐

Gains are clear, but compatibility and tooling still slow full adoption. ⚖️

🔗 https://hintnal.com/the-great-display-revolution-how-wayland-is-reshaping-linuxs-graphical-future/

#TechNews #Linux #OpenSource #Privacy #Security #Software #Developers #Freedom #Technology #Computing #Wayland #X11 #Debian #Fedora #Ubuntu #Arch #FOSS #OS

https://youtu.be/uB0gr7Fh6lY

#Flock #FuckFlock #Security #Privacy #hacking #FlockSux

Apple is allowing alternative browser engines on iOS in Japan with iOS 26.2, ending the WebKit-only rule in response to antitrust law. 🧭

The change expands browser choice but applies only regionally, with Apple retaining control via entitlements and privacy rules. ⚖️

Will similar openness reach Europe under the DMA? 🇪🇺

@mozilla

🔗 https://www.webpronews.com/apple-opens-ios-to-alternative-browser-engines-in-japan-via-ios-26-2/

#TechNews #Apple #iOS #Antitrust #Competition #Privacy #DigitalRights #OpenWeb #Regulation #Innovation #Mobile #Japan #Europe #DMA #Security

Decorative Cryptography

https://www.dlp.rip/decorative-cryptography

#HackerNews #DecorativeCryptography #Cryptography #ArtTech #Innovation #Security

@briankrebs This is one of the reasons I keep all the IoT/customer surveillance devices on their own network and block access from that network to other internal spaces It's not a perfect and doesn't prevent that network from becoming a cesspool, but at least it isolates the blast radius.

I do periodic checks of the outbound traffic from that network looking for suspicious activity but it's tough given how chatty even legitimate boxes are.

#Security

Reminder: You better hurry!

@monocles and #Conversations_im are available for free on your Android device since Dec 24th and until the 31st on Google Play!

Get your friends and family and don’t miss out on the opportunity to install and onboard them in one (or both) of the most featureful #XMPP clients on Android!

Set them free from invasive, data harvesting, centralized IM communications networks!

#RunJBR #Privacy #Security #Decentralization #PrivacyIsAHumanRight #DigitalSovereignty #Jabber

A hacker-turned-source turns up dead. A secret order to allow U.K. officials to spy on users. And who could forget the Trump administration accidentally texting its war plans to a reporter. These are just a few of @Techcrunch’s best cybersecurity stories from 2025 that were originally reported on by other organizations. Quite an informative and gripping batch.

https://flip.it/ZhRZ_4

#Tech #CyberSecurity #Technology #Security #Hacking

The Linux Foundation’s 2025 Annual Report highlights growth across AI, global standards, security, education, and community participation.
Here are the main takeaways from this year’s report.
Link:https://www.linuxfoundation.org/resources/publications/linux-foundation-annual-report-2025?hsLang=en
#OpenSource #FOSS #LF2025 #AI #Security #OpenStandards #Collaboration

Inquiry ongoing after UK government hacked, says minister

Cyber security officials have confirmed they are aiding an investigation after a minister said the UK government had been hacked.

It is understood a Chinese affiliated group is suspected of being behind the attack.

#UK #NCSC #GCHQ #China #security #cybersecurity #hackers #hacking #hacked

https://www.bbc.com/news/articles/cj4qpwprw9vo

@Tutanota I've mentioned this before but SimpleX is more private secure and anonymous that signal threema and session.

SimpleX is decentralised meaning taking down a single group of servers or org wouldnt destroy the simplex network, people can run completely anonymous simplex servers over tor, this puts simplex ahead of Signal and Threema

SimpleX has quantum resistant encryption which puts it ahead of Threema and Session, the UK military[1] and NATO[2] both consider quantum computers to be a threat now because of store now decrypt later attacks

SimpleX has no user identifiers not even random strings, its essentially like having a "burner phone for every contact". Two or more compromised contacts could corroborate your messages by linking them to your signal username or your session id, but with simplex your contacts can't prove your identity even between eachother. This fact puts SimpleX above Signal Threema and Session

These technical details about the simplex protocol can all be found on the project website including the whitepaper[3]

[1]
https://www.ncsc.gov.uk/whitepaper/preparing-for-quantum-safe-cryptography

[2]
https://www.nato.int/docu/review/articles/2021/06/03/quantum-technologies-in-defence-security/index.html

[3]
http://isdb4l77sjqoy2qq7ipum6x3at6hyn3jmxfx4zdhc72ufbmuq4ilwkqd.onion/

#SimpleX #Threema #Signal #Session #PSA #Privacy #Security #Anonymity #NATO #UnitedKingdom #Tor #QuantumResistantEncryption

@obscuravpn
I mean, is it possible to generate my keypair locally and upload it to @mullvadnet, or how is it securely handled?

#privacy #security #VPN

The Linux Foundation’s 2025 Annual Report reflects a year of global collaboration and steady growth across open source, AI, security, standards, and education.

Here are the highlight moments from this year’s report.

Read more: https://www.linuxfoundation.org/resources/publications/linux-foundation-annual-report-2025?hsLang=en
#OpenSource #FOSS #LF2025 #AI #Security #OpenStandards #Collaboration

Node.js devs, so picture this: you run `npm install` and you get a bunch of packages with audit errors.

The only thing I want to know at that point is what’s the root package that these dependencies belong to? (Running npm audit fix is a last resort as I don’t like it fiddling around with the dependencies of nested packages.)

It’s also not a straightforward thing to do, but it’s nothing jq and a bit of piping can’t fix:

```bash
npm audit --json | jq -r '.vulnerabilities[].name' | xargs -n1 npm ls
```

If you’re using fish shell, add an abbr(aviation) or an alias to that with a name like npm-audit-tree and you’re golden ;)

```bash
abbr --add --global npm-audit-tree 'npm audit --json | jq -r '.vulnerabilities[].name' | xargs -n1 npm ls'
```

(I usually prefer abbreviations to aliases as I like to remember/see the actual command being executed.)

Enjoy 💕

#NodeJS #npm #audit #security #JavaScript #JSON #jq #xargs #dev #tip

Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier is a 1997 book by Suelette Dreyfus, researched by Julian Assange. It describes the exploits of a group of Australian, American, and British black hat hackers during the late 1980s and early 1990s, among them Assange himself.

You can get it free
https://underground-book.net/

https://en.wikipedia.org/wiki/Underground_(Dreyfus_book)
#book #ebook #underground #hackers #hacking #exploits #blackhat #computers #security #suelettedreyfus #julianassange #readers

Alt...

Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier is a 1997 book by Suelette Dreyfus, researched by Julian Assange.

Just updated Node Pebble to support latest release version of Let’s Encrypt’s Pebble testing server.

https://codeberg.org/small-tech/node-pebble

Enjoy!

💕

#LetsEncrypt #Pebble #testing #tls #ssl #security #NodeJS #JavaScript

💡 Read the final post of the From Beginner to Builder blog series, where we highlight free courses that help contributors build confidence across AI/ML #security, policy & compliance, ethics, inclusion, & community leadership and more!

Read now: https://openssf.org/blog/2025/12/12/from-beginner-to-builder-free-openssf-and-linux-foundation-education-courses/

Signal’s reputation for secure messaging rests on strong E2EE using the open-source Signal Protocol 🔐

The app collects minimal metadata, but concerns remain around SGX reliance, AWS hosting, and past CDN-based deanonymization research 🛰️
Useful, but not flawless, for privacy-focused users ⚖️

@signalapp

🔗 https://proton.me/blog/is-signal-safe

#TechNews #Privacy #Security #Encryption #Messaging #FOSS #Cybersecurity #DataProtection #OpenSource #Safety #Metadata #Apps #DigitalRights #Tech #SecurityNews #Signal

looks like Synergy had a security oopsy-daisy

at least seems like there was no data leaked. They say they have checked the audit logs to verify this.

I do appreciate how forward they are about this though, even though they seem to believe nothing was leaked, it's good habit to be open in the face of breaches. More companies should be like this.

#Security #Synergy

Alt...

Hi [censored], We identified unauthorised access to one of our application servers. The issue was contained and the server was rebuilt. The system involved did not store customer data, and no data breach occurred. No action is required from you. All customer account information, including your email address and hashed password, is stored in a separate database that remained protected throughout the incident. We reviewed application, network, and database audit logs for the full period. These confirm that the attacker did not access, query, or copy any customer data. Payment card information is not stored on our systems and was never at risk. At 19:46 UTC on Friday 5 December 2025, an attacker reached one application server through an incorrectly exposed network path and triggered a flaw that allowed a command to run, causing the server to stop responding. The server restarted repeatedly due to automatic recovery, resulting in intermittent service disruption. The incident was contained at 02:17 UTC on Saturday 6 December 2025. Some services, including checkout, remained disrupted for a further twenty-four hours while we applied changes across our infrastructure. We corrected the network issue that allowed direct access and patched the software vulnerability on the affected server. Based on all evidence, no customer data was accessed. You can contact us if you have any questions by replying to this email or by using our contact form.

@Tutanota
Be careful, if the product is too secure, the user may be a criminal. This is how some parts of the EU think about security and data protection.

#grapheneos #freedom #security

The German #BSI has made 2025 the Year of #Email #Security

Great initiative - and great rating for Tuta ❤️ - your secure email provider from Germany. 🇩🇪

https://www.bsi.bund.de/DE/Themen/Kampagne-einfach-absichern/EMSJ/Eckpunkte_EMSJ/Eckpunkte-EMSJ.html

Alt...

Screenshot of BSI website with Tuta results: achieved 7 out of 7 possible points.

Activating new health insurance app:
- let's use the password manager to create a secure password.
⛔ "password must be at most 8 characters long"
- unsafe, but OK...
⛔ "password must begin with an uppercase letter"
- what!? 😡

#passwords #security

Is there any point in using a vTPM2 module with VMs? As near as I can tell, you're left with two options:

1. Pass through the host's TPM2. So, you're effectively pinned to the host?
2. Use a virtual TPM2. You can optionally specify your own seed value. Your secrets are at increased risk of leaking to the rest of the host. I assume vTPM entropy is /dev/urandom on the hypervisor.

Could a hardware security module (HSM) help? Am I missing anything? #sysadmin #security #qemu

Why you should #support W3C? We work to support the community that develops web standards, the building blocks of our digitally connected world.

Show you care about the long-term growth of the open, interoperable web that caters for accessibility, privacy, security, and internationalization. #Donate today https://www.w3.org/support-us/

#GivingTuesday #a11y #i18n #privacy #security #openweb #training

https://www.youtube.com/watch?v=6bXp8Eet0HM

Alt...

circular shape of lines and nodes with text "We are global"

#Quote of the day: "Gutta cavat lapidem" is a Latin proverb meaning "a drop hollows out a stone" or "the dripping water hollows the stone. Let's hollow out #SurveillanceCapitalism :D #privacy #security Join the democratic penguin republic 🐧 🫡 ❄️ #linux #FOSS

Democratic Penguins Republic - Trade War (Official Music Video) #yt

https://youtu.be/HJ8qGOe2K0o

🔥 #BLACKFRIDAY DEAL 👇
We've already marked these classes down 50% in the Ivy Cyber store, so you don't even need a promo code!

Meet @JohnKiriakou and @profdiggity in 3 live sessions and get a ton of great #privacy & #security content for your life online *and* offline.

https://ivycyber.com/kiriakou

Wow, if you search for signal messenger on DuckDuckGo using Chrome, the actual @signalapp web site is the *third* entry following ads for “Signal Private Messenger – Free Download” that leads to the site appmaus.com and “Get Signal Messenger | Install Signal App” that leads to the site filelocations.com.

DuckDuckGo should be held criminally liable for anyone who ends up downloading malware because of this.

CC @Mer__edith

#DuckDuckGo #Signal #adtech #teachingPeopleHowToGetPhished #malware #security #privacy #BigTech

Alt...

Screenshot of the state of affairs described in the post.

RE: https://todon.eu/@MediaActivist/115565069276609507

For those interested, I may have some news on this in the next week! #tech #coop #cooperative #nonprofit #privacy #security #sustainability #inclusion #ethics

🔭 Modern systems demand real-time insight and resilience — and eBPF has become essential for today’s DevOps and cloud teams.

In “eBPF Essentials: Security and Observability (LFWS304),” a 1-day instructor-led workshop, you’ll deploy eBPF programs, build observability pipelines, and enforce runtime security in Kubernetes.

Finish the day with practical, verifiable skills — and a badge to prove it.

🔗 Enroll today: https://training.linuxfoundation.org/training/ebpf-essentials-security-and-observability-lfws304/

#CloudNative #Linux #Security #DevOps #eBPF

I don't trust syncthing-fork anymore.

1. App ID changed with version 2.x, seemingly for no reason.

2. catfriend1, the original maintainer has disappeared with no public announcement.

3. Apparently the Play signing keys were transferred to a Github user with a 5 day old account.

4. The old repo does redirect to this new user's repo.

It could be benign and another case of FOSS devs "moving on," quietly. But my paranoia prevails.

https://github.com/researchxxl/syncthing-android/issues/16
#syncthing #privacy #security #fdroid

Reason 5: in July of this year, copilot-instructions.md appeared, and commits from GitHub Copilot were allowed.

Does @fdroidorg have a stance on the usage of Copilot or GenAI code?

https://github.com/researchxxl/syncthing-android/commits/main/.github/copilot-instructions.md
#AI #copilot #foss #genai #syncthing #syncthingfork #privacy #security #fdroid

⏰ The deadline to submit a proposal for the @w3c workshop on Smart Voice Agents (Feb 2026, virtual) is 27 Nov 2025!

Smart voice agents need clearer use cases, stronger #interoperability, better #LLM -based interaction, and improved accuracy, #accessibility, and multilingual support. Broader concerns include device coordination, #privacy, #security, regulatory gaps and emerging business models.

Don’t miss your chance to present your work and submit now: https://www.w3.org/2025/10/smartagents-workshop/

Alt...

W3C Workshop on Smart Voice Agents - February 2026, Virtual on zoom