Privacy

Police in the south-western German state of Baden-Württemberg are to be allowed to use the analysis software from US firm Palantir, which is controversial among data protection advocates

The software was specifically developed for security agencies and is used by intelligence services, the military and police.

Palantir was founded in 2003 in the United States, notably by tech billionaire Peter Thiel. He is known for his libertarian and conservative positions, his closeness to US President Donald Trump and his criticism of liberal democracies.

Newgrounds, a gaming forum, has some clever ways for non-intrusively complying with the shambling disaster that is the "UK Online Safety Act".

For years, I've been doing something similar to this when generating internal reports on DNA Lounge demographics: e.g., if someone bought a ticket for an 18+ event 5 years ago, they must be at least 23 years old now.

Newgrounds: Here is our current plan for UK users:

1. If your account is more than ten years old, we will assume you are currently over 18. This is in line with one of the methods of effective age assurance, which involves paying a third party to match your email address against some sort of database of scraped data, which determines if your email has been in use for a long time. We have our own long-term data, so we'll use that instead.

2. If your account ever bought Supporter status with a credit card and we can confirm that with the payment processor, we will assume you are over 18 because you need to be 18 in the UK to have a credit card.

3. If your account ever bought Supporter status more than two years ago, we will assume you are over 18 because you need to be at least 16 to have a Paypal or debit card in the UK (assuming we are right about this).

4. If none of the above applies, you will have the opportunity to pay a small one-time fee via credit card as confirmation of your age.

We are not planning to offer things like ID checks or facial recognition because these require us to pay a third party to confirm each person.

OQB @Confidant6198@lemmy.ml

With a rapidly changing political landscape in the United States, Canada must move quickly to safeguard valuable Canadian health data, argue the authors of a commentary published in the Canadian Medical Association Journal.

The rise of artificial intelligence (AI) and its reliance on massive amounts of data has increased the value of these data and created new risks on top of pre-existing concerns about health data being used by other countries for national security purposes.

"Serious privacy, security, and economic risks arise when companies in other countries hold and use Canadian data. Given the rapidly changing political climate in the United States, preserving the sovereignty of Canada's health data—notably, ensuring that the data are subject to Canadian laws and legal systems—requires renewed focus," writes co-author Dr. Michael Geist, a Canada Research Chair in Internet and e-Commerce Law, and professor at the Center for Law, Technology and Society, University of Ottawa.

Canada's health system is largely reliant on US providers that manage electronic medical record systems for hospitals and store encrypted data on servers or cloud servers. Although these servers are located in Canada, they are owned by the US companies Microsoft Azure, Amazon Web Services, and Google Cloud.

Europe has expressed similar concerns for their region. For example, the recent Clarifying Lawful Overseas Use of Data (CLOUD) Act in the US that potentially allows US law enforcement to access data held by US companies in other countries could be a threat.

cross-posted from: https://lemmy.dbzer0.com/post/50162198

From my understanding, an EU Council position doesn't necessarily mean the legislation will be adopted? This really feels like it'll be the time when it'll be adopted. The worst timeline.

Presumably, there is some kind of way I can work around it, I saw something about clearing the cache because of stored failures of handshaking, but it seems like on the whole maybe it is time to start fuckin' with Peertube or something instead.

A group representing several major airlines alongside travel companies and airports is opposing a Senate bill that would require the Transportation Security Administration (TSA) to generally use manual ID verification at security checkpoints instead of facial recognition.

The bill, introduced by Sen. Jeff Merkley (D-Ore.), would broadly restrict TSA’s ability to use biometrics and facial recognition, carving out a few exemptions for the agency’s PreCheck and other Trusted Traveler programs. Passengers may still opt in to the use of facial recognition at the checkpoint.

In a letter Monday to Sens. Ted Cruz (R-Texas) and Maria Cantwell (D-Wash.), the air industry groups said the law was a “step backward” and that facial recognition technology made security screenings far more efficient.

• App: https://chat.positive-intentions.com/

• Code: https://github.com/positive-intentions/chat

• Mastodon: https://infosec.exchange/@xoron

• Reddit: https://www.reddit.com/r/positive_intentions

How it works: https://positive-intentions.com/docs/projects/chat

TLDR: im working on a p2p messaging webapp. webapps are generally not considered secure because of the nature of serving satics over the internet. this is correct, but not a limitation of this project. (selfhosting options: https://positive-intentions.com/blog/docker-ios-android-desktop).

as a webapp, i can provide the app with zero-installation and no-registration. the storage is local-only from your browser/device. so “the cloud”, but the cloud storage capacity is made up of your devices. this allows for things like p2p authentication: https://positive-intentions.com/blog/security-privacy-authentication.

Future: im aiming to create the most secure messaging app out there... (more than signal, simplex, etc). i know i have a have a long way to go to get there. the UI is fairly ugly for the average user, but i think the mechanics are working as expected. i think javascript is underrated in what you can do with it. i actively investigting improving the encryption approach further to align to how the signal protocol works (currently using the classic diffie-helman key-exchange).

Support: i would like to keep this project open source, but open-source funding is not working for me. i dont want your donations because it isnt sustainable for a long-term project. i have so far only experienced grant-funding rejections. i have no idea what im doing in trying to get funding for this project, so any support/advice is appriciated. in recognition of the project in its current state not able to get funding... (sorry) i will have to go close-source (which id like to avoid because it undemines several cybersecurity claims id like to make.)

Their Matrix Chat post goes like this:

We have updated our Homeserver Terms and Privacy Policy. We strongly encourage you to read these documents in full, but for clarity these are some of the main changes:

• Updated the minimum age requirements for use of the Matrix.org Homeserver to be 18 years old;
• Introduced new measures to comply with our obligations under the Online Safety Act and the Digital Services Act;
• Introduced new payment terms to support paid plans on the Matrix.org Homeserver;
• Describe the new data processors to support paid plans on the Matrix.org Homeserver.

Each of the documents has a detailed version history which we encourage you to review. The updated Homeserver Terms and Privacy Policy take effect on ~~14 August~~ 7 August, 2025. These terms apply to you by continuing to use the homeserver after that date. If you have any questions please drop us an email to legal@matrix.org

Source: https://old.reddit.com/r/privacy/comments/1mdgbi4/matrix_homeserver_the_default_one_set_in_the_uk/

Couldn't find an official blog post from Matrix, if someone has one, feel free to share