instant messaging – Samsung Chat Service Privacy

I’m trying to find out privacy settings behind the wifi chat offered by… Samsung? Its built into my S10e as an additional chat service with little to no information about it. It’s free and enables chat over WiFi and to groups of users who have the feature enabled. It also enables Android users to see when others who have the service are typing like on the iPhone.

My concern is privacy. If it’s free, how do I know that I’m not the product here?

The Stack Exchange app won’t let me upload a 256KiB image so I’ve added a URL for the screenshot: screenshot of new messages feature

coinjoin – PayJoin privacy only works with specific output sizes?

In the specific example of PayJoin here: the wiki equates a PayJoin transaction as indistinguishable from a regular transaction.

However the transaction example itself seems a little weird and potentially misleading. In a regular transaction, if I have a UTXO of 2 btc and another UTXO of 5 btc, an attempt to send that results in an output of either 3 or 4 btc would be best served by using the 5 btc input only, as this would create a smaller transaction than needlessly using inputs of 2 and 5 btc (it would also needlessly link two addresses); we can postulate a rational coin-holder would never construct a transaction with more inputs than required.

So it would seem that to make a PayJoin transaction genuinely indistinguishable from a regular transaction, one of the PayJoin outputs must be larger than any single input. If in the example the merchant and customer wished to exchange 5 btc, then outputs of 6 btc and 1 btc could be created, which would absolutely justify combining a 5 btc and another input of at least 1 btc.

Am I correct, or have I made some oversight?

privacy – What consensus algorithm is MimbleWimble/Grin using? Does it use Zero Knowledge Proofs as well?

A Mimblewimble blockchain relies on two complementary aspects to provide security: Pedersen Commitments and range proofs (in the form of Bulletproof range proofs). Bulletproofs do not require a trusted setup. They rely only on the discrete logarithm assumption, and are made non-interactive using the Fiat-Shamir heuristic.

Pedersen Commitments provide perfectly hiding and computationally binding commitments. Since Mimblewimble commitments are totally confidential and ownership cannot be proved, anyone can try to spend or mess with unspent coins embedded in those commitments. Fortunately, any new UTXO requires a range proof, and this is impossible to create if the input commitment cannot be opened.

A Mimblewimble blockchain grows with the size of the UTXO set. Using Bulletproofs, it would only grow with the number of transactions that have unspent outputs, which is much smaller than the size of the UTXO set.

CoinJoin is a technique to aggregate multiple payments from multiple senders into one unified transaction. Dash deployed an improved version of CoinJoin earlier. Mimblewimble can do CoinJoin non interactively and verifiably in public. Hence Mimblewimble can be viewed as a privacy preserving cryptocurrency approach using Non Interactive CoinJoin technique.

Privacy – Signal: Contact people or let me contact you without giving the phone number?

Is it possible to use Signal without sharing my phone number with others?

I personally use the Signal app on Android, but of course it applies to all versions, desktop and mobile.

With Telegram, for example, I can select a user name and then release it. And people can only contact me with this username. No phone numbers involved. Is this also possible with a signal? Or I do to have to provide my phone number when someone is asked to contact me via signal?

I realize that I have to use my phone at least once to register with Signal and set up an account. Once I do that, I want to contact other signal users or let other signal users contact me without providing my phone number.

Smartphone – What additional privacy implications does the use of the COVIDsafe app have for people in Australia who use their phones normally?

I tried to encourage some people I know to install and use the COVIDsafe app. Some people have cited privacy concerns as a reason not to install the app (there are other concerns, such as allegedly interfering with diabetes apps). To the best of my knowledge, these people use smartphones with SIM cards and many apps installed.

I understand that data breaches can affect either the app's developer, malicious third parties, the Australian government, Amazon, and the U.S. government. However, I assume that the primary concern is the Australian government.

To what extent does the use of the COVIDsafe app provide the Australian government with data that it does not yet have from existing sources of information?

Privacy – Are there some mechanisms in PHP to assign "less trust" to scripts in a given directory? (no duplicate)

Please stop forwarding my questions to the unrelated, who doesn't answer my question at all. I've already read every answer there and it doesn't help at all. If so, why should I ask this much more specific question?

This has been a constant concern and problem for me for ages:

For practical and logical reasons, I am forced to trust some Third-party PHP libraries. These are installed, updated and managed Composerand live in C:PHP-untrusted-external, completely separate from my own PHP scripts that live in C:PHP-my-own.

The scripts in C:PHP-my-own involve and use the libraries C:PHP-untrusted-external.

Since no one, especially me, can ever review all of the third-party code and updates, I'm looking for a way to "secure" or "sandbox" them in some way, even if it's only partial.

Basically, I'm worried that one day changes will be made to an update, e.g.




In this case, the scripts would like to run and perform these actions. Nothing prevents them from doing so.

There is really no way to specify in the php.ini Configuration file, something like:

security.sandbox_dir = "C:PHP-untrusted-external"


security.refuse_network_connections_for_dir = "C:PHP-untrusted-external"
security.refuse_disk_io_for_dir = "C:PHP-untrusted-external"

… or something like that?

I do not understand docker. I've tried countless times and it doesn't make any sense to me. I don't want Docker. I don't want to deal with containers. Correction: i tilt Deal with it. I tried but didn't understand. Multiple times.

I just want PHP to support this in itself, and it seems more than reasonable to me. Don't you feel reasonable?

The saying "at some point you have to trust other people" is far too general / vague to be used here. It circumvents the problem. I don't trust people at all and for good reason. It seems idiotic that we should (apparently) just sit around and wait for the disaster. At least if I could prevent the third-party scripts from doing anything to the filesystem and network, it would help mitigate this problem. It still won't make the scripts lie about the numbers / dates they return to me, but at least they can't "call home" directly or delete random files.

Privacy – Can you imagine a bug that would cause a PHP script to send its own code or part of its code somewhere?

While I'm working on "Live" CLI PHP scripts that run regularly on my computer and interact with external services, e.g. B. Sending POST data to a website via HTTPS and generating the content, I often have the paranoid idea that when I do something, I make a mistake: Instead of failing with a syntax error, the source code of the script is in the POST -HTTPS request instead of the content sent by $buffer String that it builds.

Is that even possible? I can't imagine a situation myself. If I forget to add one ; here or a ( it won't run there at all. But maybe there is a situation where such a transient error would cause the script that runs at regular intervals to run before I can correct it and somehow interpret it as if I wanted to fill it out $buffer String variable with the source code of the script itself?

If you can imagine such a situation, I would very much like to hear about it. Again, it's not particularly about PHP; it is exactly what I am currently using. The exact same question can be asked for any other language.

Privacy Policy – What IMEI (s) does an ISP get when I use a mobile hotspot to connect my laptop to the Internet?

I found out today that ISPs get the IMEI code of every connected device

You can find a (very old) reference here:

So I asked myself: In the event that I connect to the Internet using a mobile phone
Hotspot with a prepaid SIM card, which IMEI (s) does the ISP receive?

Assume the setup is: laptop – mobile phone – internet

Does the ISP only get the cell phone IMEI, the laptop IMEI or both?