#Trump's new security doctrine gives #Putin exactly what he wants

It takes direct shot at #EU & questions main principles of #NATO, 2 pillars of #Europe's #political, #security architecture

Despite the ongoing #war in #Ukraine, the document notably avoids criticism of Russia, which has already praised it as “consistent” with its own vision.

https://kyivindependent.com/trumps-new-security-doctrine-gives-putin-exactly-what-he-wants/

#TrumpIsARussianAsset #traitor #ComradeKrasnov #dictators #DementiaDon #DictatorTrump #AmericanAggression #RussianAggression

The #DHS Data Grab Is Putting US #Citizens at Risk

As the US government rapidly merges data from across agencies in service of draconian #immigration policies, citizens increasingly risk being caught up as well.
#privacy #security #doge

https://www.wired.com/story/dhs-data-grab-putting-us-citizens-at-risk/

Why Shortened URLs Pose a Security Risk

Please don’t use them. I had a private conversation with someone where I suggested they should not be used and why.

Their response ‘they work’ deal with it.

Then blocked me.

The problem is that they can work - in the wrong way. They don’t make your toots shorter and should not be followed. Please keep yourself safe.

https://blog.acer.com/en/discussion/2367/why-shortened-urls-pose-a-security-risk

#ShortenedURLs #security #it #privacy

It's time Europe kicked the USA to the kerb...enough of the 'learned helplessness'

#Ukraine #Trump #USPOL #USPOLITICS #EUPOL #Europe #Security #Fascism #WhiteNationalism

Alt...

Nathalie Tocci, director of the Italian Institute for International Affairs, believes that Europe has the means to stand on its own, even in the short- term, to defend Ukraine. “Europe can prevent Kyiv’s capitulation, if we jolt ourselves out of our learned helplessness and stop sucking up to Trump. It'll be tough but we can do it”

⚠️ Anyone using the #YouTube client #Smarttube should better check their TVs / devices and uninstall the app or replace it with a clean release: https://www.ghacks.net/2025/12/01/smarttube-app-was-infected-by-malware-heres-what-happened/

The Smarttube dev's announcement on GitHub is kind lacking too, not mentioning the infection of his PC and officially published releases at all: https://github.com/yuliskov/SmartTube/releases/tag/notification
Keep an eye on the discussions in the issue section.

Too bad there no proper alternatives for YouTube clients on #AndroidTV available via #FDroid. Time top move on I guess? #TizenTuibeCobalt might be an alternative: https://github.com/reisxd/TizenTubeCobalt

#Security #Malware #Android #AndroidTV #GoogleTV #TV

Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more

Petco reported that the affected data included: names, Social Security numbers, driver’s license numbers, financial information such as account numbers, credit or debit card numbers, and dates of birth.

#petco #pets #retail #databreach #security #cybersecurity #hackers #hacking #hacked

https://techcrunch.com/2025/12/08/petcos-security-lapse-affected-customers-ssns-drivers-licenses-and-more/

Stop Breaking TLS https://lobste.rs/s/h7a3xy #security
https://www.markround.com/blog/2025/12/09/stop-breaking-tls/

We are reaching the end of 2025. Hand on heart – how many times have you swapped your main Linux distro this year? 🐧🔄

Drop a comment with your current daily driver. 👇 and 👉 Follow Us👈

#linux #debian #ubuntu #manjaro #fedora #askfedi #opensource #privacy #programming #security #infosec #bazzite #steam #steamDeck #proton #gaming #linuxgaming #gamedev #webdev #coding

Deutsche Bahn zwingt mich, mein Login-Passwort zu ändern: Es hat 24 Zeichen, ist zufällig, beinhaltet Groß-/Kleinbuchstaben und Zahlen und hat eine Entropie über 110 Bit. Aber weil kein Sonderzeichen drin ist, gilt es als unsicher. Sicherheitsrichtlinien von 2005 lassen grüßen. 🙄

/kuk

#bahn #db #security #sicherheit #passwort #fail

I know there are some pet owners out there.

Y'all might wanna start checking on some things.

Petco Data Breach Exposes Customer Data, Including SSNs, Credit Card Info

https://www.pcmag.com/news/petco-data-breach-exposes-customer-data-including-ssns-credit-card-info

#Petco #Data #Breach #Security #Privacy #Tech

🎉 Congratulations to Linux Vendor Firmware Service (https://fwupd.org/) (@hughsie) for securing the win in the Security category, sponsored by ControlPlane at the OpenUK Awards 2025!
#openukawards #opensource #security

Schleswig-Holstein reports €15M yearly savings by replacing Microsoft 365 with LibreOffice across most government workplaces 💶

About 80% of offices have migrated, with a €9M one-time investment planned for 2026 to finish the shift and strengthen open-source tools 🧩

@libreoffice

🔗 https://itsfoss.com/news/german-state-ditch-microsoft/

#TechNews #OpenSource #Privacy #Security #Government #EU #Data #Sovereignty #IT #PublicSector #Digital #Microsoft #Office #Software #Tech #Cloud #FOSS #Germany #German #LibreOffice

GrapheneOS is leaving France due to government pressure for encryption backdoors 🇫🇷

The move highlights risks to end-to-end encryption and user privacy when authorities demand access to secure data 🔒
Open-source privacy projects may face similar pressures globally 🌐

@GrapheneOS

🔗 https://proton.me/blog/grapheneos-france

#TechNews #Privacy #Security #OpenSource #Encryption #CyberSecurity #DataProtection #DigitalRights #UserRights #Anonymity #Internet #SecurityTech #WebFreedom #E2EE #Android #GrapheneOS #France

Have I been Flocked ?

Enter a license plate to see if it's one of the 2,207,426 plates seen in the 27,177,268 #Flock searches we know about.
#privacy #security #alpr #flocksafety

https://haveibeenflocked.com/

Your terminal text editor of choice?

Vote below and follow us for more!👍

#linux #linuxmint #fedora #debian #fedora43 #ubuntu #opensource #webdev #privacy #security #infosec #linuxgaming #bazzite #coding #vim #dev #nano #askfedi #kde #kernels #kernel #foss

@mathewi 4/
I’m going to delay elaborating my other concerns about the maturity of #SelfDriving #autonomous vehicles. For now, please consider the following:

1. #AI in general, self-driving cars in particular, are not people. These technology systems do not have our human-lived experiences, they do not think like us, even if you believe that thinking is computational. With a few exceptions, such systems have no common sense ability to reason about the world. They don’t understand human behavior the way we do.

2. They will not make the same mistakes that humans make while driving. That is not only a requirement, it follows from 1. Instead, they will make their own mistakes. We are already seeing plenty of these. Sure, engineers will grind out most of these, but not all.

3. The first two points mean that the behavior of self-driving cars will be difficult to predict in all but the most common vanilla driving situations. People complain about how rigid the current vehicles are at following the law. What? Now you want them to break the law when it is expedient?

4. There are a near infinite number of “edge cases” and those are when safe driving is the most difficult — exactly when we want self-driving vehicles to excel. There are too many to test. The complexity of the real-world, specifically edge cases, cannot be simulated in a laboratory. A decade or more experience on the road is required.

5. Cars are increasingly connected and computerized, and that makes them a new #security threat. Any modern car today can be hacked and remotely controlled. AI systems add multiple new attack vectors. Yes, companies are working on security, but so are the bad guys. #Infosec people will tell you their world is hand-to-hand combat. The more such cars are on the road, the greater the opportunity and attraction for mischief (or worse).

The big question is when will we, as a society, feel safe and convinced by the benefits of self-driving cars? That question is a trap, because most people don’t know the details. It is already happening.

Speaking as an expert and a grandfather, I will not be putting my grandchildren in the back seat of a self-driving car any time soon.

We've won security. You can all go home now.

#PixelFed #AlicePics #Locksport #Locks #Security

Alt...

A picture of a display case with a lock on it. But the lock is a Master lock. And the hardware that the Master lock is locking together isn't actually mounted to the display case, it's just taped on with clear Scotch tape.

Passport photographs *will*, not could be added to the police national database

As has been widely predicted by Big Brother Watch and others, passports will be added to the facial recognition database. This story is another in a long line of the maladministration’s floating of policies to see whether they can get awayswith it. Orwell had nothing on Labour. That is not hyperbole, Airstrip One took some years to get to

https://archive.is/20251204002800/https://www.thetimes.com/uk/crime/article/police-facial-recognition-fxcdzfjtb

#Privacy #Police #Security #Surveillance #Facism

Alt...

From the linked article, a photograph of a Police camera van with two out focus officers and the text Police could use passport photos in facial recognition roll-out Live images captured by police cameras could also be run through the driving licence database as the government paves the way for nationwide use of the technology Police forces will have access to passport and driving licence photographs under plans being considered for the mass adoption of facial recognition technology. Footage obtained from CCTV, doorbell and dashboard cameras would be matched against the databases to identify offenders more quickly. Immigration databases will also be available to police.

#India orders device makers to put government-run #security app on all #phones

#Apple reportedly won’t comply with a #government order in India to preload iPhones with a state-run app that can #track and block lost or stolen phones via a device’s International Mobile Equipment Identity ( #IMEI ) code. While the government describes it as a tool to help consumers, #privacy advocates say it could easily be repurposed for #surveillance.

https://arstechnica.com/tech-policy/2025/12/apple-will-refuse-to-preload-state-run-snooping-app-on-iphones-report-says/

Once this infrastructure exists, mission creep is inevitable.

- What starts as ‘voluntary’ becomes mandatory
- A system that is just for workers expands to everyone, including children

https://action.openrightsgroup.org/tell-your-mp-attend-debate-digital-ids

#PoliceState #SurveillanceCapitalism #ToxicLabour #DigitalID #BigData #Cyberattack #hacking #security #privacy #Orwellian #LabourLies #KierStalin #Starmer

[2/2]

We’re Doubling Down on #DigitalRights. You Can, Too.

Technology can uplift #democracy , or it can be an #authoritarian weapon. @eff is making sure it stays on the side of #freedom. We’re defending #encryption , exposing abusive #surveillance tech, fighting government overreach, and standing up for free expression. But we need your help to protect digital #rights —and right now, your #donation will be matched dollar-for-dollar.
#privacy #security

https://www.eff.org/deeplinks/2025/11/power-your-donation-week

@bagder Sounds like one heck of an attack vector. I hope all the companies benefitting from your work are paying you what they owe to keep this stuff secure! #security

Decreasing Certificate Lifetimes to 45 Days - Let's Encrypt

https://letsencrypt.org/2025/12/02/from-90-to-45#making-automation-easier-with-a-new-dns-challenge-type

"These challenges are why we are working with our partners at the CA/Browser Forum and IETF to standardize a new validation method called DNS-PERSIST-01. The key advantage of this new method is that the DNS TXT entry used to demonstrate control does not have to change every renewal."

Nice! 😍

#letsenctypt #security #web #tls #webserver #selfhosting

No, thank you, @1password@1password.social.

Can someone tell me if @bitwarden is pushing AI in their service offerings? If not, it might be time to move back or, maybe better, just get more serious about using @keepassxc@fosstodon.org.

1Password now available in Comet, the AI-powered browser by Perplexity

https://blog.1password.com/1password-now-available-in-comet-the-ai-browser-by-perplexity/

#noai #privacy #security

Mandatory ‘apps’

And many other countries are looking on with great interest. A mandatory spy on your phone

https://www.theregister.com/2025/12/02/india_mandatory_sanchar_saathi_app/

#IT #Phone #Mobile #Security #Privacy #MissionCreep #TheRegister

what exactly are they going to spend £1.8 billion - and £600 million annually for maintenance?! consultants & think tanks who will design system? https://www.theregister.com/2025/11/28/digital_id_cost/

this is so done before it even started lol

#Privacy #DigitalID #Surveillance #Security

Wow, if you search for signal messenger on DuckDuckGo using Chrome, the actual @signalapp web site is the *third* entry following ads for “Signal Private Messenger – Free Download” that leads to the site appmaus.com and “Get Signal Messenger | Install Signal App” that leads to the site filelocations.com.

DuckDuckGo should be held criminally liable for anyone who ends up downloading malware because of this.

CC @Mer__edith

#DuckDuckGo #Signal #adtech #teachingPeopleHowToGetPhished #malware #security #privacy #BigTech

Alt...

Screenshot of the state of affairs described in the post.

This is the problem of running a government with little planning beyond ‘focus groups’ and McSweeney’s admittedly effective election tactics and principles so weak they make a wet piece of tide paper look stronger.

‘Rejoining' seems nigh on impossible, as the EU would rightly be suspicious of an England likely to go off the rails at any moment but even opinion poll and focus group fixated Labour should so better.

https://www.theguardian.com/commentisfree/2025/nov/26/rachel-reeves-budget-economic-policy-brexit

#Brexit #UK #Economics #Culture #Security

Kafka for our times

While I can understand the reasons for ‘secret courts’ as constituted these appear unnecessarily draconian. From the article

‘Given MI5 was found to have given false evidence in another case earlier this year, there is an argument it should face greater scrutiny.’

https://www.theguardian.com/law/2025/nov/26/secret-courts-palestine-action-cmp-heard-behind-closed-doors

#Security #Justice #Courts #Secrecy #Kafka #MI5 #Scrutiny

I wanted to write this post because I want the Fedora project to have better security throughout their operating systems. I believe the first step to doing that, is to use another memory allocator that mitigates heap memory corruption and use-after-frees, alongside lots of other features to harden one of the most important functions in all modern systems as far as I am aware. hardened_malloc[1], by the GrapheneOS project, fits this description perfectly. Using this benefits not just the Fedora project, but it will also push other distributions to using hardened_malloc, and then the Linux ecosystem will benefit as a whole from the provided security. Good security is an essential part of good privacy, so this will also benefit the privacy of all Linux distributions.

Given the above paragraph, I want you to promote this thread[2] to anyone who is interested in security and privacy. You can also help by testing hardened_malloc on your own Linux systems and sharing your results with me through any means of contact, so that I can replicate the behaviour and make bug reports where necessary. For that, please see this page[3] for my preferred methods of contact.

I don't think I'll be able to attract a lot of people with this post on my own, so boosting will be massively appreciated. Thank you for reading this until this point. This isn't my longest toot yet but I feel like this is my most passionate, as I deeply care about security, GrapheneOS and the Fedora project. Again, thank you! (^_^)

[1]: https://grapheneos.org/features#exploit-mitigations
[2]: https://discussion.fedoraproject.org/t/migrating-to-another-malloc-implementation/173172
[3]: https://amadaluzia.is-a.dev/contact

#fedora #grapheneos #security #privacy #linux #tech

FreeBSD Now Builds Reproducibly and Without Root Privilege

We’re pleased to share that the FreeBSD Project now supports builds without requiring root privileges, removing elevated access from the release pipeline and improving overall security. This work was completed as part of a program commissioned by the Sovereign Tech Agency.

Read more: https://freebsdfoundation.org/blog/freebsd-now-builds-reproducibly-and-without-root-privilege/

#FreeBSD #ReproducibleBuilds #OpenSource #Security

When #superpowers break the rules

Relatively weaker countries are learning from #Ukraine's experience that one cannot rely on #InternationalLaw, organizations, and solidarity. One should not make the mistake, as Kyiv did, of trusting in:

- #Security assurances or guarantees
- Friendship #treaties
- #Strategic partnerships

... and the like, even if they are provided by the world’s most powerful states.

[1 of 2]

🤚 Raise your hand if you ever needed to do something "unwise" and "dangerous" in your IT job to bypass some internal "security measure" so that you could actually do your job effectively?

#IT #Security #BestPractices

This is a fascinating use of a #sidechannel timing attack against calls to an #AI model.

By capturing encrypted TLS traffic and measuring timing, they can very accurately determine which streams corresponded to an LLM conversation about a pre-selected topic.

TLS is intact. So their ability to recover the conversation is limited to their ability to break TLS. But they can, with high confidence, sift out all the TLS traffic for the only conversations that reference the thing they care about. They don't have to worry about spending resources breaking TLS on traffic that is unrelated. Neat #security research from #Microsoft.

#cybersecurity #infosec #LLM

What do you think of using Google in your life?

I use a Google Pixel 7 Pro at the moment, but I use GrapheneOS instead of OEM, and I think it is the best Android line of phones I have used so far. Their bootloader is lockable after installing custom operating systems which is much better than all other offers at the moment. The build quality, battery and design of the phone is solid as well. This phone has a lot of merits going for it which other Android phones are not replicating for the sake of a false sense of "security" or profits. I will appreciate Google for giving me a great phone to install GrapheneOS on, alongside Android for being a secure base for an operating system.

I appreciate the Chromium browser more than other browsers in the market. While Google Chrome is junk regarding user privacy, as well as shoving AI in your face, Chromium itself is actually pretty solid. It is also the most secure option, offering a malloc() implementation better than Firefox's mozmalloc, although not as secure as hardened_malloc, by GrapheneOS. Firefox is also implementing AI features into their browser, which leaves a bad taste in my mouth. MV2 is deprecated, sure, but you win more than you lose in security, as a lot of API features were exploitable. Chromium does a lot of good things, while Chrome gives the base itself a lot of bad blood. I would like to see what Servo can do, but I appreciate Google for making a secure browser.

I generally despise a lot of what Google offers, however. I feel like they lean heavily on the deception of convenience, where Google gives really good results while it uses your data for the sake of advertising. This applies with the Google Suite (Mail, Office, and Drive among others) as well. I would much rather use FOSS or nonprofit alternatives, such as Tutanota, or LibreOffice. Google is essentially the serpent from The Book of Genesis, selling you the benefit of their convenience for the sake of having your data stolen for their use. As such, I will choose not to follow Google convenience promise for my security.

Feel free to leave your opinions, and why I should consider other avenues rather than accepting a bit of Google in my life. As much as I love privacy, your privacy can't be guaranteed if there is no good security. Google may be known for piss-poor privacy, but their open source projects have a lot of security merits as well as good privacy. Do not use this as advice, but make your own conclusion.

#google #privacy #security #grapheneos #chromium #technology #FOSS

Xubuntu's website was compromised in October, with torrent links replaced by a ZIP containing Windows malware.

Now, the team share a report on how the breach was able to happen - and what they're doing to prevent a repeat.

https://www.omgubuntu.co.uk/2025/11/xubuntu-website-breach-report?v1

#security #xubuntu #linux

"We tend to assume that the younger generations online are digital natives — having grown up immersed in the online world, they possess an innate understanding of cybersecurity and its risks.

However, our research has debunked this misconception: In fact, the password habits of an 18-year-old are strikingly similar to those of an 80-year-old."

https://nordpass.com/most-common-passwords-list/

#news #TechNews #technology #security #passwords