Tip: if you find yourself using the word “safe”, “secure”, “hacked”, etc in your title, you’re probably off-topic.

Every couple of years as far back as I can remember, I download and compare my credit reports to make sure there are no surprises. This time I got an unexpected surprise. Less than 24 hours after using the same official website (AnnualCreditReport . com ) as always, I received an email from Whitepages saying my data had been updated. I immediately went in and saw what had changed and I know it was either TransUnion or Equifax that shared with Whitepages. I have since opted-out to have my information removed.

A few years back I purchased a one time credit score service to use for a car purchase so the dealers would not run my credit beforehand, and was then peppered with unsolicited offers even though I paid for a service whose privacy policy stated specifically that they would not share or sell my data.

It just seems we can't do anything anymore without our data being shared to a third party with or without consent.

Why is it so hard to control what’s online about you? I get that the internet is forever, but peoplefinder sites are such a creepy invasion of privacy. I’ve been tempted to try one of the services like Defamation Defenders or RemoveOnlineInformation, but I’m curious, do they actually work? Or is this just another internet rabbit hole to throw money at?

As per the title. I know WhatsApp “tracks” things identified to you, but all messages are encrypted and if you use it on an iPhone with “ask app not to track” enabled, then it can only get data if you purchase something through WhatsApp? Right?

I am clearly missing something - can someone explain in layman terms what the WhatsApp risk really is from a privacy point of view.

i’m toying with an idea for an automated ‘eula buster’—basically something that scans legalese in tiktok-sized increments, flags the shady bits in red, and tells you if you’re about to sign away your firstborn. because let’s be real, we all scroll to the bottom and click “agree” anyway, then pretend we skimmed it.

i know a few volunteer-driven projects (tos;dr, etc.) exist, but they’re not exactly thorough or up-to-the-minute. is there enough interest for a fully automated, constantly updated summarizer? or would big companies just out-lawyer it into oblivion? part of me thinks we deserve a fighting chance before we blindly sign everything over to whoever wrote the smallest fine print.

thoughts? does the idea sound plausible, or do we just accept that we’ll never read terms-of-service until the robot uprising forces us to?

I noticed this happens mostly in the US. I thought my medical photos are only used for medical purposes, but I found my photo being put on the patient chart/ admin chart, where the front desk and other staff can scroll the patient files and see my photo.

So i have this old acer laptop laying around, it os becoming very laggy mostly because it only has 4gb of ram while running windows 11. But i wanted to completely wipe it and install a new operating system on it for privacy. I will only use this for stuff like browsing, personal documents and storage. I have no clue what to install/uninstall all i know is that i want a laptop that focuses on privacy and local based apps.

I was looking at rugs on a website a couple of weeks ago. Now I see the same ad for that website on every webpage and every app I use , every time I open them, every day and counting. It's driving me insane!

So short story long. I’m in the market for a new phone and I’m really considering Android specifically the pixel 9 pro. Currently use an iPhone and looking for a change as I was originally an android user couple years ago and miss the flexibility of android, moved as I wanted a little more privacy focused stuff that the iPhone was offering at the time. The real reason for the post is I’m not super literate about the Ai integration in iPhones as well as android so wanted to know more to make an informed decision. I could go iPhone again but they have implemented Apple ai which works in tandem with Chat GPT which I’m not the most confident about as I constantly see posts of them getting in trouble regarding how they don’t deal with user privacy well. I know that privacy and smartphones don’t really fit together in the same sentence but all I wanna know if the is uploads my Info(pics,messages or other data )to a server and stores it.

Questions:

• How integrated is Ai into the OS.

• How much is done on device and how much is shared to a server somewhere.

• Can I turn it off ?

• which is currently better with privacy IPhone or android.

Latest Edit: Thanks for all the responses 💛. I do see that most of you vouch for Signal’s privacy. However, I did see comments stating that they had to switch back because of the absence of other contacts. I think I will try it alongside iMessage. Even though iMessage would be my dominant for obvious reasons, Signal would be there for the friend who suggested it to me. Once again, I am not going to suggest Signal to others. The onus of installing a new app is on them if they want to.

Edit: I am more interested in knowing if this switch has considerable benefits. Is there any privacy advantage in using Signal over iMessage from a technical perspective? Thanks in advance for any clarifications on this. 😊

Edit 2: I am not going to ask any of my friends to switch. It is their choice if they want to. I don't want to make suggestions. Also, I like iMessage. I posted this because I don't want to dismiss my friend’s suggestion without a reason. I know this subreddit is a decent place to get the answer.

A friend of mine predominantly uses Signal. They have suggested that I switch. As per this friend, it is a privacy boon. How logical is this switch for me? Most of my frequent contacts are on iMessage. I use Advanced Data Protection if that adds any value to my question. I am used to iMessage because of how it integrates into my life. But I didn't want to dismiss my friend’s recommendation without putting in a thought.

I decided to add a private dns "dns.adguard-dns.com" to my Android device. This definitely removed some ads, but is it safe?

I use Proton Pass Plus with SL. After some time of using different email alias for every website I feel like I'm loosing controll. I mean, I never know, what @ did I use and every time I have to rely on my password manager, so actually this is not only password manager, but also email address manager. I have many aliases that I don't even remember what did I use them for. Lately I needed to login to my mobile provider account and my acc details was not stored in PP. So, I could not even recover my password, as I didn't remember my email address.

I feel overhelmed. Isn't it a bit like an overkill?
Maybe it would be better to have let's say about 10 addresses just for different "profiles" like gaming, work, friends, government websites, banks, etc.?

What do you think?
I know it is safer and easier to block spam if we use just one alias for one service, but before I went to PP, I used just about 5 Gmail accounts and Google Password Manager and it was completely fine. So maybe I just made a mess for no real reason...

All those city, state, school vaccine sign up pages during covid.... Most of them looked like salesforce platforms, which were short-lived. There is no way to get back into many of them, let alone delete my personal info. any advice? thanks.

There has been a lot of posts recently about how text messages between android and apple phones are not encrypted.

I have the odd family member who uses an Android. Who exactly can read my text messages when we text, and where along the chain can they read them?

I don't know how it works. I imagine that my text message first goes to my ISP, then to the other person's ISP, and then to their phone.

For Apple to Apple, or Android to Android, I would hope that this is fully encrypted end to end with an exchange of public keys from one phone to the other.

For Apple to Android, apparently there is no exchange of public keys. Does that mean my text message is sent from my phone to my ISP in the clear, and from my ISP to the other ISP in the clear, and then from the other ISP to the Android phone in the clear?

Does that mean anyone anywhere on this chain can read these text messages?

I would hope that there was at the very least some encryption from my phone to my ISP, where it would be decrypted and then encrypted again for the flow from my ISP to the other ISP, where it would be decrypted and encrypted again for the flow from the other ISP to the Android phone. Thus there would still be leaks in the chain, but the blast radius would not be as large as if there was no encryption at all.

Hi there!

I’m exploring apps and websites I haven’t used before - including Replika and Kindroid - where I don’t want to use my actual information and details.

My actual emails - like for most people - are firstname lastname. Most websites and services require an account with an email (or ask to log in with Apple/FB account). What are some best practices for staying “anonymous” on websites and apps where I don’t want to use my real information?

I've been using connectbot for a while but I'm wondering is there any way for an unrooted device to cut-out the middle man?

*If I come across a bit vague, my bad but I mean is there a way to SSH into an unrooted device without using play store software as a client?

edit: Realistically I should be asking is there anyway to manipulate 'fakeroot' to allow a pass-through connection?

The email also has my first name and tells me how to find the same details that are in the email! Surely this is a massive security risk for customers.

“Whether you need the details to receive your salary, or for bank transfers from friends, your account information is always available and easy to find.

We've included your local account details here, for reference. You can find them in-app by tapping Details on the main screen — that's really all there is to it.”

Currently to click the on/off button you:

1. Open the app
2. Tap Settings
3. Tap location sharing
4. Tap the on/off switch

It is relatively easy, however, I think maybe they should promote privacy options more for users who want it. give users the option to make the on/off button more prominent.

One way would be to give users an option to have the on/off button be the first thing they see when opening the app

Another way would be to actually promote only sharing for a few seconds to minutes at a time. Yes, we can tap on and then off immediately, but I think it could give some peace of mind if there were options below the on off switch that specifically say "enable location sharing for 10 seconds only, 30 seconds, and one minute only" or something to that effect. This way, family members could get the notifications of where fellow family members are, and then if the user want privacy, they wouldn't even have to click an off button. Instead they could just get used to occasionally pressing the "on for 10 seconds" button to send out location notifications for family.

This might help sway users who are hesitant to actually download and install the app, seeing that the app respects users privacy from the get go.

They could also have a 1x2/ resizable home screen widget that says something like life360 location sharing ON or OFF etc. And then tapping that would open the app to change settings etc.

When I'm sending files/folders between computers, I typically use Magic Wormhole. A phone entering the equation changes that. Are there any solid, privacy-friendly alternatives to use in place of AirDrop and if so, what are their limitations?

I have one bank account linked with Plaid, sort of my "dirty" account for cases where there is no alternative.

As I understand it, Plaid may or may not keep my password depending on the bank. Is there a way to tell?

Here are my guesses, do they make sense?

1. If I need to re-link when my password is changed, it's more likely that Plaid has my password rather than using some other kind of connection to my bank.
2. If it's a smaller bank, it's more likely that Plaid has my password.

My bank is Chime. If anyone knows the answer specifically for Chime, I'd appreciate it.

Based on my very uninformed research, I think Chime uses OAuth and therefore Plaid does not keep my credentials. https://developer.mastercard.com/open-banking-us/documentation/financial-institution/oauth-connections/

Title. Thanks.

what strategies do you recommend for online shopping. For some reason this is throwing me.

I can use an email aliases on each site and create a different identity, but I still need delivery and to pay (though I'm going to look into credit card masking through my bank).

That's right, I've given up on privacy because it's a useless battle in the long run, for me, life is just too short to worry and I now feel free to enjoy life and enjoy communicating and getting close with my family and friends.

For years, I have avoided Facebook, that was until I truly needed it.

My father died last year, and on the urging of my brother, I created my first Facebook account and with that account, I coordinated my dad's funeral, spoke to my father's friends, my relatives and family and I sent invitations to my father's funeral through Facebook.

I also opened my own YouTube account to upload the video of my father's funeral and shared the link via Facebook to all my father's overseas friends.

Without Facebook and YouTube, coordinating my father's funeral, mass and inurnment would have been harder.

And now, I've just given up on worrying about privacy and I'm just relaxing, I'm getting updates from my friends and family and have grown more close to them by lifting all the limits that I imposed on myself for worrying, life's too short to worry and I'm now free and happy. At this point in my life, communicating with my family, relatives and friends became too important than privacy.

You guys can downvote this post all you want, but I'm lifting my tinfoil hat and enjoying my life.

So I need to have about 15-20 different profiles in a browser that should appear as coming from different PCs/Laptops. So I'd like “each profile to have its own unique fingerprint” but it should be constant (saved between sessions- so when opened tomorrow- profile A's fingerprint shd. be same as today but each profile shd. be very different from one another). Cookies will be saved in each these profiles. And I'll be running these profiles from a virtual machine with Win 10, on a host Win 10 PC to keep all isolated as well.  And I'm using good proxies for diff. IPs. For each of these profiles.

I moved to this setup after using a major Anti Detect browser, as its costs were not justified. So I'm basically trying to replicate the fingerprinting and other defenses that AD browsers have with this setup.

I’ve tested Brave and Vivaldi with some extensions but still not getting there. After many hours of research on various forums, I’m still not on a clear path! There is just 1 issue that is stumping:

1.    Each of the profiles, must have a different fingerprint (main components I think being- Navigator, Canvas, Fonts, Port scan etc.) – so I need an extension to generate that unique fingerprint and then SAVE it in that profile forever (NOT Randomized ever so often, as most extensions do).

I’ll also use extensions for WebRTC and Geolocation by Proxy- those are not an issue for chrome, e.g I could use WebRTC network limiter extn (by Google) and for timezone spoofing     link

Regardless of whether I go with Firefox or Vivaldi (or any Chrome fork)- I’d like user-agent to spoof as “Chrome on Windows”- as for every 1 other browser user, there are 60 Chrome users and I want the profiles to blend in crowd. That also is doable with extensions.

I heard that Arkenfox on Firefox  can serve – but not sure if it deals with this and if so, how? And I can test profiles using  browserleaks.com;  amiunique.org or  Bromite.org

So big issue is really – any tool/extension to generate a unique fingerprint for each of these profiles and then SAVE it in profile forever (NOT Randomly change it ever so often).

I'm surprised that in various forums I still dont see any light for this “rather simple use case” – to generate “completely new fingerprint for each browser profiles” and save it until profile is deleted.

And just FYI- I’m a “below Noob” at coding.  So sincerely hope the experts here can chime in with some direction, in language I can follow!  Thanks and looking forward. Cross-psted

I’ve decided to build a new email system that lasts a lifetime. (M, 25)

Domain: lastname.email

Mailbox: firstname@lastname.email -> Shared with family and friends -> add wife and kids should I ever have

Aliases: tax@lastname.email -> For taxes only gov@lastname.email -> All things related to government fin@lastname.email -> Banking, finance and investing insu@lastname.email -> Insurances health@lastname.email -> Doctor, dentist and other health related services like gym membership service@lastname.email -> Services e. g. car maintenance

Up until here are the addresses I will be giving out to contact me/send me information. They should not be tied to an account. Does that make sense?

Whenever possible I will order online as a guest.

For all online accounts and shopping I will use eithher Proton Pass w/ SimpleLogin or Firefox Relay. I’m not sure whether I wanna host on Proton Mail or M365.