Is there any good open source browser add-on that hides local time from websites for privacy?

As you know, websites can find your local system’s time and use it to approximate your country, so i was wondering is there any good open source addon for firefox or chromium that hides this?

I have ublock but I’m not sure if it does this or not?

privacy – What settings required to privately run bitcoin core on tails?

I am running bitcoin-core on TailsOS which seems to work out of the box. I think TailsOS blocks all unsafe requests but I would like to know what settings I should enable to run it really privately. So far I start my node via

$ ./bitcoin-qt onlynet=onion

Is anything else required? In this answer I read about a bunch of other settings but feel that isn’t required on tails, correct?

privacy – Do websites ever delete data about me and my activities?

I’m going to write a short answer anyway, even though I believe this question is not relevant in this community, and it’s probably going to be closed soon (I see 2 close votes already).

Here are some relevant parts from PorhHub’s privacy policy:

Your Rights Related to Your Personal Information

You may exercise your right to access and deletion (…)

(…)

Please note that unless you have created an account with us, we may
not have sufficient information to identify you and therefore may not
be in a position to respond to your request. Additionally, in some
cases in order to adequately verify your identity or your
authorization to make the request, we may require you to provide
additional information.

Retention of Personal Information

We will only retain your personal information for as long as your
account is active, or for as long as necessary to fulfil the purposes
we collected it for
, including for the purposes of satisfying any
legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we
consider a number of factors, including what personal data we are
processing, the risk of harm from any unauthorised disclosure, why we
are processing your personal data and whether we can achieve this
outcome by another means without having to process it.

Where we no longer need to process your personal information for the
purposes set out in this Privacy Policy, we will delete your personal
information from our systems.

Where permissible, we will also delete your personal information upon
your request as explained above in the section “Your Rights Related to
Your Personal Information”.

So there’s no way to know, unless you contact them and ask for more details (and I’m not sure they will give you all the details you want, although according to the GDPR you should have the right to ask them and they might be required to give an answer). In any case, supposing they told you they delete all traffic logs after 6 months, are you going to believe them? Is there a way to know if they are lying, or if their policies are actually enforced? No (unless there’s an investigation or something).

Xvideos’ privacy policy is similar, they provide no details other than saying that they retain your personal information for as long as necessary. How long should a website keep the traffic logs for security purposes? I have no idea. It would be an interesting question to ask, but as always I have no idea whether it would be considered opinion-based here.

privacy – I almost walked away from a high-value consulting gig over passport scan requirement – am I being paranoid?

I will try to provide some context first, so please bear with me for a moment – I apologize if it’s lengthy.

A few months ago, I was approached by a UK-based recruitment agency to do an IT consulting engagement for their client (based in another EU country). After several rounds of interviews with both the agency and the end client, I was offered to do the job which would have earned me ca. 20k EUR over two months. Everything was organized over the phone, email, Skype and the like, but I had no doubts that both companies were legit and the job was real. It all looked green and I was about to start the job in a few days when things got interesting…

I got a call from the agency guy and he says that since they use a “payment provider” and all payments will go through them, someone from that (yet another) UK company will contact me to set everything up. I don’t like the sound of it, since from my experience the number of “go-betweens” of any kind directly increases the chances you will not get paid (or at least not on time), but I am not protesting yet – even though some warning lights start to go off and I start inquiring about getting any paperwork related to the engagement (contract, PO, anything really that would outline the terms for me and provide me with any legal cover since so far this is all “gentleman’s agreement”).

And now we get to the crucial part: the “payment provider”, which turns out to be one of those “umbrella companies”, sends me an email with a link to a form that’s supposed to start my “onboarding” process. I open the form (do I even have to mention that the website is operated by YET ANOTHER company which seems to be wholly owned by the “payment provider”?) and give it look – it starts with standard personal information like name, address, DOB etc. before asking you to upload you passport scan as proof of identity and a scan of another document (like drivers license) as a proof of address. This is the point where I stopped and you should have seen the look on my face – I was like “WHAAAAAT?!!”. Imagine my surprise – in 20 years of doing business internationally, this is the first time I was asked to procure my passport when dealing with anything other than banks or authorities! Quick check on their Privacy Policy and – no surprise here – it’s almost nonexistent: vague and far-reaching.

I will spare you the details of the back-and-forth that followed but I outright refused to voluntarily upload my passport scan to an Internet-accessible database. I might be overly paranoid on privacy but I have been a victim of identity fraud in the past and I am not taking any chances.

Here are a few examples of why I refused (and that’s just from last year and only in UK):

After doing some research, I now understand that they are legally required to gather this information under the provisions of the UK money laundering laws: https://www.gov.uk/guidance/money-laundering-regulations-your-responsibilities#customer-due-diligence-requirements
Moreover, they are also required to keep all those records for 5 years, in some cases even longer, which means the person I was emailing with was either uninformed or lied to me when he wrote “You have right to request to remove those documents once contract is ended and we can proceed accordingly“.

Okay, so let me be clear here: if the UK government is stupid enough to create a legislation which essentially forces UK businesses to gather and store highly sensitive personal information of their customers, employees etc. while leaving those businesses to fend for themselves in terms of storing and securing that data (making leaks all but certain and priming a sizable portion of UK population for identity fraud), and the British people are either stupid or indifferent enough to put up with it, so be it – it’s your country, so run it any way you want. But as a security-conscious individual, I refuse to do business under those regulations and I was fully prepared to walk away from the job over this – as unprofessional as it would have been at last minute. Thankfully, we found a solution that was acceptable to both parties (allowing me to prove my identity without having to turn my passport into a hacker-bait on the Internet) and went ahead with it – and I don’t really care if it was in line with UK regulations or not – they are not my problem.

As for my “question”, the purpose of this post is to provoke some discussion on the topic, so: is it just me being paranoid or do others also see a big problem here? What would you do in my shoes – would you upload your passport or would you take a pass? And if you loose money over this, would you still refuse or would you bend?

Thanks for reading and looking forward to your comments!

Bitcoin privacy metrics? – Bitcoin Stack Exchange

I’m looking for a numerical privacy scoring system that estimate the degree of linkage between the members of a key pool (or even just individual key pairs). Ideally, the method should be easy to understand and apply.

I’m aware of “taint analysis” as offered by blockchain.info. There’s also discussion in these papers:

What else has been done to quantitate Bitcoin user privacy? I’m most interested in ways to compute a benchmark score that tells a user how closely linked the the members of a key pool are, or how closely linked two individual key pairs are.

macbook pro – How to add access to the camera to one app which doesn’t appears in the system preferences ->privacy menu?

Hi I have an app which take screenshoots from my macbook, but I didn’t give access to the camera when I installed the app, that’s why I am not able to use this app now, which has very nice tools to comment and edit the screenshoots. My question is, how can I give permissions to this app if it doesn’t appears in the menu system preferences -> privacity -> camera, how can I add this app to this section or give the camera permissions? Thanks!

enter image description here

The app is lightshot I was able to use it in another mac, where I gave the permissions when I installed it, the another problem here is that when I installed it again it didn’t ask me to give permissions maybe for some kind of history.

For more clarity, what I would like to do is to be able to show the lighshot app in the privacy -> camera section, just as in the next picture.

enter image description here

Thanks!

privacy – Censorship by mining pools

Question is not an attempt to spread misinformation or FUD instead I want to understand the things involved.

Recently one mining pool announced that they will censor some transactions. I don’t agree with everything mentioned in the below link:

Miners have invested a lot of money in the mining hardware, data centers, they are paying electricity and taxes – especially large mining operations. They are mostly not cypherpunks.

http://web.archive.org/web/20201113141511/https://juraj.bednar.io/en/blog-en/2020/11/12/how-could-regulators-successfully-introduce-bitcoin-censorship-and-other-dystopias/

How can we avoid a situation in which most of the mining pools follow some compliance which censors few bitcoin transactions?

Also curious to know why do miners have so much control in a decentralized network to exclude few transactions? Is game theory the only possible solution for this problem?

This tweet by Murch also shows that miners will never allow low fee transactions even if many nodes and users want to use fee rate below 1 sat/vbyte? https://twitter.com/murchandamus/status/1326741966852386816

One user is waiting for miners to include a non-standard transaction: https://github.com/bitcoin/bitcoin/issues/20178

Recently someone was discussing about a premium in bitcoin price traded on non-kyc exchanges. Will privacy in bitcoin transactions be also at a premium and users will have to pay more fees for coinjoin transactions?

How does stratum v2 help in censorship resistance?

One more thing that maybe considered and is related to mining: Governments getting involved in Bitcoin and Mining of cryptocurrencies. Recent example was Iran changing laws to use bitcoin for imports.

complexity theory – Why is (0,δ)-differential privacy yielding very low privacy?

My question is in regards to this paper: Privacy and utility tradeoff in approximate differential privacy. The authors present a truncated Laplace mechanism and in page 6,bullet 2,state that as ε → 0, the noise becomes uniform with support of (-Δ/2δ,Δ/2δ),Δ being the sensitivity of the query function.

Now consider a deep learning setting in which we want to use dp-sgd to achieve differential privacy. The sensitivity is 1 (model parameters clipped) and we have a dataset of 1000 records. We want to use the special case of the truncated Laplace mechanism mentioned above to achieve (0,δ)-DP. Going with the rule of setting δ as around 1/number_of_records,in this case 1/10000,then the noise becomes uniform with support of (-500,500) creating noise with a very high amplitude, much higher than our sensitivity.
My questions are these: 1.Is this assumption and conclusion true? 2. If so, how can one explain the discrepancy between this result and many instances in the literature in which it is stated that the perfect situation for weak DP is when you have (0,δ)-DP? Am I missing something here?

privacy – Can a wifi router steal data?

I recently bought a D-Link router. Its vendor is Russian. When I disconnect my WAN ethernet cable from the router or the internet is unavailable, I get an error in my browser like this:

enter image description here

I heard that some routers may have a backdoor. This router also has an automatic firmware update check option which scares me more! Is it actually possible to steal data from a router?