Mozilla Drops Onerep

“The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.”

“Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus.”

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

#privacy #mozilla #onerep #ThatWasFast
#

WordPress Firehose

Reply to 404 Media article via Fediverse post:

My previous understanding of the firehose is that it’s basically an aggregation of what you’d see in a bunch of blogs’ public RSS feeds. Which, OK, fine. Analyze your heart out. Display my posts in your RSS reader. Just make sure private posts and comments don’t leak.

But LLM training isn’t the same as analytics, or showing a properly attributed post in a reader. And quietly changing the terms to allow more kinds of re-use on something most people using the service don’t know about? Not cool.

And not making it clear what is and isn’t included for which purposes? That breaks down trust.

Before this, I wasn’t worried about the Firehose. But now I’m not sure I can trust Akismet, never mind Jetpack, and I’m looking for a new spam filter.

#

 

And this is why I’m finally replacing Chrome with Vivaldi as my backup mobile …

And this is why I’m finally replacing Chrome with Vivaldi as my backup mobile browser. (Currently using Firefox as primary on both desktop & mobile, already using Vivaldi as secondary on desktop, which is why I started there for the mobile replacement.)

#privacy #google #vivaldi #chrome #GoogleTopics #adware #tracking #SurveillanceCapitalism

https://vivaldi.com/blog/news/alert-no-google-topics-in-vivaldi/

On Wandering.shop

Thinking about different aspects of location tracking in terms of…

Thinking about different aspects of location tracking in terms of

1. Your device figuring out where it is.
2. Others figuring out where your device is.
3. Your device telling others where it is.

1 would include GPS, or just listening for cell/wifi signals.
2 would include IP geolocation, or seeing which towers your calls go through, or tracking which map tiles you download while moving around.
3 would include telling a website, or an app uploading your location

1/

On Wandering.shop

Pinging hotspots or cell towers is both 1 and 2, figuring out your own location while revealing clues.

So you’ve sort of got passive sonar, active sonar, communications metadata, and actual reporting.

As for tracking:
Passive sonar isn’t a risk
Active sonar’s risk is inherent to being active
Metadata’s risk is inherent to actually using a connection
You can obfuscate it by things like onion routing, vpns, extra requests, pulling location-specific info ahead of time, etc.

2/

On Wandering.shop

And then there’s the issue of when your device explicity sends your location once it’s figured it out. Like when you search for the nearest coffee place or bank branch, or you’re using navigation software, or updating an online map in real time. Or when an app or website just wants the data.

Fortunately, OSes and browsers have decent access controls for letting apps and websites know your location (as determined by your device). But an app or website can still try to infer from other info

3/

On Wandering.shop

An app with online ads could look at which CDN endpoint you end up connecting to. Or make connections to sites with known locations and see which is faster, just like a speed test app or site choosing the nearest server to make a proper test. It’s a lot less precise, but it’s not like the OS can block the upload as easily as it can just refuse to hand detailed location to the app.

And of course it can be correlated with other metadata like geolocation

4/

On Wandering.shop

And of course anything you *intentionally* report — online navigation, check-ins, Pokestops you spin, the nearest ATMs on the bank site — you have to trust that the service at the other end isn’t going to misuse it.

Your bank isn’t going to care. They already know which branches and ATMs you visit.

I wouldn’t trust an ad network with a 10-foot pole.

Something big like Google or Microsoft or Amazon? That’s where you get into trade-offs.

5/

On Wandering.shop

Offline maps & navigation definitely have an appeal to them. Especially if you aren’t sure you’ll have reliable network access where you’re going. It’s doable. The only downside is you can’t add live traffic info. You could probably download typical traffic per day/hour along with the map and get rough esimates, butof course not be able to know there’s a 10-mile slowdown because a truck jacknifed, fell over, spilled an entire load of cheese and caught on fire

6/

On Wandering.shop

or maybe grab traffic data for a wide area, quantized so that it only reveals which large rectangles you’re passig through, not which roads. Like iNaturalist does with obscuring locations of observations.

Anyway, I don’t know why I’m still writing this. I just wanted to write down the active/passive sonar analogy, and i kind of rambled on from there.

7/7

On Wandering.shop

Why did I just uninstall Shareaholic?

Because the extension added contextual advertising to the PayPal login screen. That means (a) I can’t trust my browsing, even on HTTPS sites, to be private (yeah, I know DNS and Chrome’s anti-malware filter already get this info), and (b) I can’t trust secure sites to not be modified as long as the extension is installed.