Privacy

There are at least a dozen people spending at least several hours attacking GrapheneOS across platforms on a daily basis. It's a very strange situation. How do these people have so much time and dedication to keep making posts across platforms attacking us? It's relentless.

Every day, dozens of new accounts join our chat rooms to spread the same fabrications about GrapheneOS including via direct messages.

On Hacker News, one of the accounts making personal attacks based on fabrications in most threads about GrapheneOS has been doing it for 8 years.

Y Combinator has a financial stake in numerous surveillance and exploit development companies. Hacker News is a platform they own and the moderators on it have permitted years of vile harassment towards our team which they'd normally remove if others were targeted.

Hacker News mods micromanage it enough to repeatedly ask us not to reuse a bit of text across our comments. Meanwhile, they do nothing about disgusting personal attacks and harassment content consistently being spread in threads about GrapheneOS on their heavily moderated site.

The largest privacy community on Reddit /r/privacy bans any discussion or mentions of GrapheneOS. A bot automatically removes any post mentioning GrapheneOS they'll very actively ban people who evade their filters. The mods of the subreddit misrepresent this as something we want.

Many privacy subreddits have mods who are hostile towards GrapheneOS. We were banned from posting on /r/Android for multiple years. The mod who banned us said our official project account on Reddit was ban evading because they once unjustifiably banned one of our team members.

On Wikipedia, a company attacking GrapheneOS project made years of edits to the site pushing false narratives about us. They cited articles based on their own press releases. Other content was made paraphrasing Wikipedia which ended up being cited by it. It continues to this day.

Articles about GrapheneOS on most platforms often have comments engaging in baseless personal attacks towards our team, linking to harassment content and making many clearly inaccurate claims about it. We've found chat rooms coordinating this including attacks on the X platform.

Privacy projects are more vulnerable to these attacks because the userbase and supporters largely avoid social media and other platforms where it happens. Many people believe what they read on social media if it isn't countered and it builds echo chambers hostile to GrapheneOS.

Many people think these must be state sponsored attacks. However, our experience is these attacks are primarily orchestrated by companies selling dubious products marketed as private and secure. We did get targeted by state sponsored smear campaigns in France and Spain though

Apple Support page

I have been testing Tor Browser and Mullvad Browser using fingerprint.com. I get unique persistent identifiers that are unique per machine and persist over rebooting sessions. Javascript was on during this test.

This could be very dangerous to people using Tor Browser and Mullvad Browser.

For example, if someone visits Rainbow Railroad, an organization for leaving repressive countries with hostile LGBT policies, and then watches a video about the organization on YouTube, and then also does something, like create a Discord Server, and use Tor Browser to get around geoblocking but link it to their personal phone number, then a hostile regime buying data from data brokers could possible determine that user is considering using rainbow railroad. Even if this exact example isn't realistic or plausible (although governments do buy form data brokers), users should be aware that persistent identifiers in Tor Browser and Mullvad Browser allow for continuous tracking of a user using the same machine.

I posted this information on privacyguides forum and they deleted my account after, leading me to wonder if the forum is a giant honeypot that curates acceptable privacy discussions and unacceptable private discussions. I honestly wonder if they are infiltrated by the government. They repeatedly delete the posts of other people as well and the whole thing is starting to not sit well with me

OC write up by @someone@lemmy.today

cross-posted from: https://mander.xyz/post/49367302

Hong Kong police can now demand phone or computer passwords from those who are suspected of breaching the wide-ranging National Security Law (NSL).

Those who refuse could face up to a year in jail and a fine of up to HK$100,000 ($12,700; £9,600), and individuals who provide "false or misleading information" could face up to three years in jail.

It comes as part of new amendments to a bylaw under the NSL that the government gazetted on Monday.

The NSL was introduced in Hong Kong in 2020, in wake of massive pro-democracy protests the year before. Authorities say the laws, which target acts like terrorism and secession, are necessary for stability - but critics say they are tools to quash dissent.

The new amendments also give customs officials the power to seize items that they deem to "have seditious intention".

Monday's amendments ensure that "activities endangering national security can be effectively prevented, suppressed and punished, and at the same time the lawful rights and interests of individuals and organisations are adequately protected", Hong Kong authorities said on Monday.

...

The city has seen the arrests of hundreds of protesters, activists and former opposition lawmakers since the introduction of the NSL.

...

An investigation by journalists working with Republik magazine may have struck a nerve by suggesting the company has failed in Switzerland

I was fiddling with some nixos Raspberry Pi images to try the distro out (along with clan) and noticed on first boot they reach out and connect to a tor relay to setup tor ssh.

It's a pretty neat concept, I think it's cool and maybe a quick way to get connected to a new device.

But the idea of connecting to tor relays at all puts me a little on edge. Feels like it'll potentially draw attention to my IP by either relays gather analytics or my ISP for noticing the traffic at all.

Am I being overly paranoid? Am I just completely ignorant to how tor works? Do you use tor on the regular for legit traffic?

GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.

Even State Department-funded Human Rights Watch admits that authorities combine legal and illegal methods to obtain convictions: https://text.hrw.org/report/2018/01/09/dark-side/secret-origins-evidence-us-criminal-cases

Combining dragnet surveillance with device hacking is intended in the design of both tools. Hence, State Department-funded Signal dupes you into handing over your identity as part of the population-centric mapping. In custody, your phone will be hacked when it is taken away if it's important.

https://xcancel.com/hannahcrileyy/status/2034273723667161480#m

Not to mention that they locked the unpopular pull request from reactions.

Like, we all know they're listening , but can we provide proof?

My friend was complaining about all the new super surveillance that will be government required in cars after 2027, and I said to him dude you have a stock android, you use every AI slop feature, you use a smart TV on your unsecured network, and uses x every day. They have everything they could possibly need on him. Oh and he posts questionable things to fb daily under his real name.

OQB @bridgeenjoyer@sh.itjust.works