• 0 Posts
  • 9 Comments
Joined 3 years ago
cake
Cake day: November 29th, 2021

help-circle
  • rhymepurple@lemmy.mltoPrivacy@lemmy.mllive location sharing?
    link
    fedilink
    English
    arrow-up
    12
    ·
    2 months ago

    This is definitely the wrong answer for this community, but may be an acceptable answer for this post. I have never used it nor would I ever recommend using it, but the conversations I have had with others who do use it make it seem like the service is far better than any alternative. Given the OP’s requirements and willingness to both pay and sacrifice privacy, it seems like this may be appropriate for OP.

    I would still explore other options though. There are several competitors to Life360 and presumably there are some with better privacy policies (even if the service would not typically be recommended on this community). Maybe OP could use a service like https://tosdr.org or https://tldrlegal.com to better evaluate those options that would likely not get much attention on this community.

    Depending on the required features, maybe the Live Location Sharing feature of chat apps like Element may be sufficient. It could also help improve the privacy of the users’ by switching to a more private/secure messaging app in the process.


  • In terms of privacy, you are giving your identity provider insight to each of the third party services that you use. It may seem that there isn’t too much of a difference between using Google’s SSO vs using your Gmail address to register your third party account. However, one big distinction is that Google would be able to see often and when you use each of your third party services.

    Also, it may be impossible to restrict the sharing of certain information from your identity provider with the third party service. For example, maybe you don’t want to share a picture of yourself with a service, but that service uses user profile pictures or avatars. That service may ask (and require) that you give it access to your Google account’s profile picture in order to authenticate using Google’s SSO. You may be able to overwrite that picture, but you also may not be able to revoke the service’s ability to retrieve it. If you used a “regular” local account, that Google profile picture would never be shared with the third party service if you did not upload it directly. The same is true for other information like email, first/last/full name, birthday, etc.

    There are other security and operational concerns with using SSO options. With the variety of password managers available, introduction of passkeys, and increased adoption of multi-factor authentication, many of the security benefits associated with SSO aren’t as prevalent as they were 10 years ago. The biggest benefit is likely the convenience that SSO still brings compared to other authentication methods.

    Ultimately it’s up to you to determine if these concerns are worth the benefits of using SSO (or the third party service provider at all if they require SSO). I have a feeling the common advise will be to avoid SSO unless its an identity provider that you trust (or even better - one that you host yourself) - especially if you’re using unique emails/usernames along with strong and unique passwords with multi-factor authentication and/or passkeys.


  • There are a few performance issues that you may experience. For example, if you’re into online gaming then your latency will likely increase. Your internet connection bandwidth could also be limited by either Mullvad’s servers, your router, or any of the additional hops necessary due to the VPN. There’s also the situation where you have no internet connection at all due to an issue with the VPN connection.

    There are also some user experience issues that users on the network nay experience. For example, any location based services based on IP address will either not work at all or require manual updates by the user. The same is true for other settings like locale, but they are hopefully better handled via browser/system settings. What’s more likely is content restrictions due to geographic IP addresses. Additionally, some accounts/activity could be flagged as suspicious, suspended, or blocked/deleted if you change servers too frequently.

    I’m sure you are either aware of or thought through most of that, but you may want to make sure everyone on the network is fine with that too.

    In terms of privacy and security, it really comes down to your threat model. For example, if you’re logged into Facebook, Google, etc. 24/7, use Chrome, Windows, etc., and never change the outbound Mullvad server, you’re not doing too much more than removing your ISP’s ability to log your activity (and maybe that’s all you want/need).


  • rhymepurple@lemmy.mltoPrivacy@lemmy.mlCar Privacy is Shit
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    Really not sure why you got down voted so hard and it’s a shame your comment was deleted. Your comment was relevant, accurate, and focused on an issue that others aren’t talking about in here (and apparently don’t want to). You were also the only person in this thread who provided any sources.

    I’m not sure what argument can be made against what you said. Just because a piece of information “is public” doesn’t mean everyone wants that public information collected and shared with little (if any) control/input by you. If that were the case, doxxing wouldn’t be an issue.


  • rhymepurple@lemmy.mltoPrivacy@lemmy.mlCar Privacy is Shit
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    2
    ·
    3 months ago

    I did not watch the mentioned video so I am not sure if what I am about to mention is discussed there or not. Also, sorry for the really long reply!

    I am not aware of any available truly privacy respecting, modern cars. However, assuming theat you obtain one or you can do things like physically disconnect/remove all wireless connectivity from the car to make it as private/secure as possible, there still is little you can do to be truly anonymous.

    Your car likely has a VIN and license plate as well as a vehicle registration. Assuming you legally obtained the vehicle and did not take any preventative measures prior to purchasing the car, those pieces of information will be tied back to you and your home address (or at least someone closely connected to you). You would need to initially obtain the vehicle via a compsy/LLC/partnership/etc. as the owner/renter/leasee of the vehicle and an address not associated to you. Additionally, you would need to find some means of avoiding or limiting the additional information connected to you that is likely required to obtain the vehicle like car insurance and your drivers license.

    Additionally, any work that certain mechanics perform may be shared (either directly or indirectly) with data brokers - even just routine maintenance like an oil change or alignment. Hopefully you didn’t use your credit card, loyalty rewards program, etc. when you had any work done!

    There is also CCTV, security cameras, and other video recorders that are nearly impossible to avoid. Given enough time/resources and maybe a little bit of information, your car could be tracked from its origin to destination locations. This location history can be used to identify you as the owner (or at least driver/passenger) of the car. Unless your car never leaves your garage, you can almost guarantee that your car is on some Ring camera, street camera, etc.

    Furthermore, anything special or different about your car (custom decal, unusual window tinting, funny bumper sticker, uncommon color for the car, uncommon trim/package for the car, dented bumper, fancy rims, replaced tires, specific location of toll reader placement on the windshield, something hanging from your rear mirror, etc.) all help identify your car. The make/model and year of your car can also be used to identify your car if its not a common car in the area. These identifiers can be used to help track your car via the video feeds mentioned above.

    Then there are license plate readers which are only slightly easier to avoid than the video recordings. Permanent, stationary license plate readers can be found on various public roads and parking lots. There are also people who drive around with license plate readers as part of their job for insurance/repossession purposes. You may be able to use some sort of cover over your license plate(s) to hinder the ability of license plate readers to capture your plate number, but that could be used to help identify your car in video feeds/recordings.



  • the only sites I give permenant cookie exception are my selfhosted services

    This is what I was referring to. How are you accomplishing this?

    I’m still looking for the switches to block all new requests asking to access microphone, location, notification

    I can’t help with this at the moment, but if you’re still struggling with this I can provide the lines required to disable these items. However, I don’t know how to do this with exceptions (ie allowing your self hosted sites to use that functionality, but block all other sites). At minimum though you could require Firefox to ask you every time a site wants to use something. This may get repetitive for things like your self hosted sites if you have everything clearing when you exit Firefox.


  • Didn’t look at the repo thoroughly, but I can appreciate the work that went into this.

    • Is there any reason you went this route instead of just using an user-overrides.js file for the standard arkenfox user.js file?
    • Does the automatic dark theme require enabling any fingerprintable settings (beyond just possobly determining the theme of the OS/browser)?
    • How are you handling exceptions for sites? I assumed it would be in the user.js file, but didn’t notice anything in particular handling specific URLs differently.

  • tl;dr: A notable marketshare of multiple browser components and browsers must exist in order to properly ensure/maintain truly open web standards.

    It is important that Firefox and its components like Gecko and Spidermonkey to exist as well as maintain a notable marketshare. Likewise, it is important for WebKit and its components to exist and maintain a notable marketshare. The same is true for any other browser/rendering/JavaScript engines.

    While it is great that we have so many non-Google Chrome alternatives like Chromium, Edge, Vivaldi, etc., they all use the same or very similar engines. This means that they all display and interact with websites nearly identically.

    When Google decides certain implementation/interpretation of web standards, formats, behavior, etc. should be included in Google Chrome (and consequently all Chromium based browsers), then the majority marketshare of web browsers will behave that way. If the Chrome/Chromium based browsers reaches a nearly unanimous browser marketshare, then Google can either ignore any/all open web standards, force their will in deciding/implementing new open web standards, or even become the defacto open web standard.

    When any one entity has that much control over the open web standards, then the web standards are no longer truly “open” and in this case becomes “Google’s web standards”. In some (or maybe even many) cases, this may be fine. However, we saw with Internet Explorer in the past this is not something that the market should allow. We are seeing evidence that we shouldn’t allow Google to have this much influence with things like the adoption of JPEG XL or implementation of FLoC.

    With three or more browser engines, rendering engines, and browsers with notable marketshares, web developers are forced to develop in adherence to the accepted open web standards. With enough marketshare spread across those engines/browsers, the various engines/browsers are incentivized to maintain compatibility with open web standards. As long as the open web standards are designed and maintained without overt influence by a single or few entities and the open standards are actively used, then the best interest of the collective of all internet users is best served.

    Otherwise, the best interest of a few entities (in this case Google) is best served.