Privacy Portal

215 posts

Privacy Portal

@Privacy_Portal

Anonymously send and receive emails straight from your personal mail. Eliminate spam while you're at it.

เข้าร่วม Ekim 2021

257 กำลังติดตาม66 ผู้ติดตาม

ทวีตที่ปักหมุด

Privacy Portal@Privacy_Portal·9 Mar

🔥 Introducing Privacy-Kit 🔥 Our latest open-source tool aims to bring privacy to the masses. 🚨 Add a Hide-My-Email feature to your site with one line of code. 🚨 Include Subscribe-Anonymously for your newsletter in the same way. privacyportal.org/blog/enhance-u…

English

285

Privacy Portal@Privacy_Portal·16 Nis

@csmproject @Paul_Reviews It seems to be designed to support other types of proofs in the future via software updates. Next up, you might need to prove you have a certain gender and place of birth in order to have an online opinion on certain topics.

English

3.7K

The Collective Sensemaking Project@csmproject·16 Nis

@Paul_Reviews Apart from the things you highlighted, why do users only have a certain number of age verifications available? Why does proof of age have an expiration date? Once I'm over 18, I will always be over 18. I'm not turning any younger!

The Collective Sensemaking Project tweet media

English

116

1.6K

90.2K

Paul Moore - Security Consultant @Paul_Reviews·16 Nis

Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.

Paul Moore - Security Consultant @Paul_Reviews

.@vonderleyen "The European #AgeVerification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..." I did. It didn't take long to find what looks like a serious #privacy issue. The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well. But, the source image used to collect that data is written to disk without encryption and not deleted correctly. For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them. For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them. This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary. From a #GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach. youtube.com/watch?v=4VRRri…

English

670

6.2K

24.8K

3.4M

Privacy Portal@Privacy_Portal·15 Nis

@o7laurence The tech is not the issue. The issue is that your rights can now be taken away from you in a privacy-preserving way. What's next, regulating your online access based on some criteria like your age? ethnicity? Maybe men at conscription age should not be allowed to post online?

English

laurence@o7laurence·15 Nis

I know it's popular to dunk on the EU on this matter at the moment, but this actually looks like a genuine privacy attempt, unless I'm misunderstanding how they say it works: - app issues a crypto proof of age via on-device processing of documents + facial scan - it has no way of knowing where you use this hash to verify your age - verifier doesn't know who you are, so behavior attribution is not possible. though it looks like each Member State implements their own fork of this, which might introduce surveillance avenues. would love an expert to audit the code and let me know exactly what's happening here

Ursula von der Leyen@vonderleyen

It is for parents to raise their children. Not platforms. The European Age Verification App is ready ↓ twitter.com/i/broadcasts/1…

English

Privacy Portal@Privacy_Portal·15 Nis

@protocolllo @mert ZK protects your privacy not your rights. Your rights can be stripped in a privacy preserving manner.

English

protocolwhisper@protocolllo·15 Nis

@mert Isn’t this mitigated because they’re using ZK for this? github.com/eu-digital-ide…

English

mert@mert·15 Nis

awesome!! now all EU are required to hand over their identity to corrupt and incompetent bureaucrats who will certainly get hacked, leak it, or use it against you for their maniacal degrowth agenda decentralization and privacy are more important than ever before

Ursula von der Leyen@vonderleyen

It is for parents to raise their children. Not platforms. The European Age Verification App is ready ↓ twitter.com/i/broadcasts/1…

English

542

31.3K

Privacy Portal@Privacy_Portal·15 Nis

@JarekSyg When used correctly, ZK can definitely protect your privacy online. But that's not the issue here. The issue is taking away your freedoms one step at a time. With ZK, your freedoms can now be stripped from you without requiring your personal information.

English

133

jareks@JarekSyg·15 Nis

It’s incredible how much education needs to be done to explain to people how zero knowledge age verification works.

f4mi ‼️@f4micom

No, Ursula. I am not giving Reddit a copy of my ID and/or my biometric data

English

9.1K

Privacy Portal@Privacy_Portal·15 Nis

@f4micom ZK tech has great potential for good but as every other tech it can easily be used for Orwellian things. Taking your freedoms away can totally be done in a privacy preserving way. Remember it's about forcing group behavior. So ZK compatible.

English

324

f4mi ‼️@f4micom·15 Nis

just to make it clear: I don't have a problem per se with the current iteration of the EU Age Verification app, I just have zero trust that the same majority party that tried to make ChatControl a thing is going to keep it that way

English

497

20.9K

Privacy Portal@Privacy_Portal·10 Nis

This is not an attack on Signal BTW. Instant messaging simply cannot operate without notifications.

English

Privacy Portal@Privacy_Portal·10 Nis

🚨 Notifications = privacy risk. Most apps push them through Big Tech’s servers. Our promise to you: - No notifications. - No tracking. - Just pure open web tech. - Your data stays yours.

CyberInsider@CyberInsidercom

FBI retrieved deleted Signal messages from iPhone notification database #FBI #Signal #iPhone cyberinsider.com/fbi-retrieved-…

English

Privacy Portal@Privacy_Portal·3 Mar

Privacy is the shield that protects people from tyranny. Without it, democracy cannot exist.

Ludlow Institute@LudlowInstitute

Transparency is for government. Privacy is for the people.

English

Privacy Portal@Privacy_Portal·4 Şub

@Bitwarden If you'd like an additional OSS email alias option, put a thumbs up on this proposal and we're more than happy to make it happen. github.com/orgs/bitwarden…

English

Bitwarden@Bitwarden·3 Şub

Protect your online identity with the forwarded email alias generator feature in Bitwarden! Choose from 6 email alias integrations: btwrdn.com/3Omaxas #cybersecurity

English

266

14.1K

Privacy Portal@Privacy_Portal·14 Oca

@naomibrockwell We're past the point of "becomes a temptation later." 😂 Things are a bit more blunt these days.

English

Naomi Brockwell priv/acc@naomibrockwell·14 Oca

Every database built “for safety” becomes a temptation later. History says it will be abused.

English

128

603

10.9K

Privacy Portal@Privacy_Portal·14 Oca

@AlternativeTo @ProtonPrivacy @SimpleLogin 👀 Looking for the best FOSS alternative? app.privacyportal.org ✅ Anonymously send & receive emails ✅ PGP Encryption ✅ E2E Encryption for labels and notes ✅ Free while in beta (since launch in 2022)

English

AlternativeTo@AlternativeTo·13 Oca

Open source email alias service by the @ProtonPrivacy Team. Send and receive emails anonymously, add custom domains and forward mail to your inbox to block spam alternativeto.net/software/simpl… @SimpleLogin

English

275

11.3K

Privacy Portal@Privacy_Portal·29 Ara

🔥 Privacy-Kit just got better! 🔥 Try it on our demo site and integrate it into yours with one line of code. privacy-kit is free and open source bringing hide-my-email functionality to websites and newsletters. privacyportal.github.io/privacy-kit-de…

English

Privacy Portal@Privacy_Portal·30 Kas

📖 Learn why you should enable E2EE in your Privacy Portal account. privacyportal.org/blog/introduci…

English

309

Privacy Portal@Privacy_Portal·7 Kas

🚨 Announcing End-to-End Encryption for your account data. Enable E2EE on your account for maximum privacy. The labels and notes of your aliases become encrypted on-device when using the web app or browser extensions. #E2EE #PrivacyAliases

English

Privacy Portal@Privacy_Portal·1 Kas

Congratulations to everyone in Europe who stood against #ChatControl! It's off the table for now.

English

Privacy Portal@Privacy_Portal·28 Eki

With privacy, prevention is key. Email aliases are an easy first step to enhance your online privacy today.

Privacy Guides@privacy_guides

▶️ New video: Data Brokers Explained + what to do about them, featuring Yael Grauer from Consumer Reports. By popular demand we’ve put together another interview style video. This is our highest quality video yet, and we hope you learn something new! youtube.com/watch?v=Monbu9…

English

Privacy Portal@Privacy_Portal·2 Eki

When it comes to email aliases, check out our Mail Relay service. It's free of charge while in beta. ✅ Hide-My-Email ✅ PGP encryption ✅ In-Memory Processing (zero data storage) ✅ Browser extensions #mail-relay" target="_blank" rel="nofollow noopener">privacyportal.org/#mail-relay

English

Marconius Solidus #FreeSamourai@M_Solidus·30 Eyl

Start Degoogling yourself TODAY. Gmail ⇒ ProtonMail, Tuta Google Photos ⇒ Proton Drive/Ente Photos/Immich/NextCloud Google Authenticator ⇒ Aegis/Ente Auth Chrome Password Manager ⇒ Bitwarden/KeePassXC(/DX) Chrome ⇒ Brave, Zen, Mullvad, Vanadium Escape the Surveillance.

Marconius Solidus #FreeSamourai tweet media

English

100

615

20.1K

Privacy Portal รีทวีตแล้ว

Lukasz Olejnik@lukOlejnik·27 Ağu

🇺🇸 U.S. FTC warns Big Tech: don’t weaken encryption or censor Americans to comply with foreign laws. Doing so may violate U.S. law if it breaks promises to users. FTC says that tech companies should ignore any such demands of EU or UK regulators.

English

1.4K

Privacy Portal รีทวีตแล้ว

EFF@EFF·2 Haz

The EU is pushing a plan to give police "lawful access" to encrypted messages. But there’s no such thing—without breaking the encryption. eff.org/deeplinks/2025…

English

103

7.8K

ค้นพบ

@csmproject @Paul_Reviews @vonderleyen @o7laurence @protocolllo @mert @JarekSyg @f4micom