Kazani

📨 Thunderbird will have its own email Yes, the popular email client has expansion plans and not a few, several things have been confirmed to be coming ThunderMail: Email service confirmed to have German infrastructure. It will also have custom domains: @thundermail.com and @tb.pro ThunderBird Appointment: Scheduling tool that will be integrated to insert appointment links directly into email, to support different meeting formats. Thunderbird Send: File storage and transfer service, encrypted and up to 500GB of storage. All this would be part of its "Thunderbird Pro" package and it is confirmed that its services are open source and self-hostable. The services are optional and do not affect the free functions of its Thunderbird client. https://blog.thunderbird.net/2025/08/tbpro-august-2025-update/

🧊 Hidden Firefox AI process consuming CPU resources? Firefox browser users have encountered serious performance issues after the release of version 141. Initially, suspicion fell on the new "Smart Tab Grouping" feature using AI, but an official Mozilla investigation (Bug 1982278) showed that the abnormally high CPU load is caused by another component, namely the hidden pilot experiment "Semantic Search in History" (places.semanticHistory). The "Smart Tab Grouping" has nothing to do with this. Everything was fine just yesterday. Today I opened Firefox, and as a result, there were sharp spikes in CPU load and power consumption. My fans shouldn't be this loud if I don't have more than 15 tabs open. After unsuccessfully restarting Firefox, I opened the task manager and found that a process called "Inference" fluctuates from 0.05% to 130% CPU usage, which explains the spikes in CPU load and power consumption. Killing the process solves the fluctuation problem but causes Firefox to crash, requiring a restart. What is going on? This problem never existed until today. — users complain on Reddit. 😱 Official Mozilla representatives have acknowledged the issue. The fix will be included in Firefox 143 (ctodea writes Target Milestone: → 143 Branch). 💡For full control and disabling of all local AI services, advanced users should experiment with some settings: In about:config the parameter browser.ml.enable is set to false. *The browser.ml.enable parameter is the main, kind of master key to all under-the-hood machine learning in Firefox. Setting this value to false completely deactivates the local AI engine (Inference process), making it impossible for any dependent features to work, including smart tab groups and the chatbot. In about:config the parameter browser.tabs.groups.smart.enabled is set to false. *Disables only the smart tab grouping feature. This step is not a guaranteed solution to the CPU overload problem, as the main source of the error lies in another component. Meanwhile, the AI engine itself (Inference process) remains active for other potential tasks. In about:config the parameter browser.ml.chat.enabled is set to false. *The browser.ml.chat.enabled parameter is a direct system switch that controls the activation and visibility of the AI chat integrated into Firefox. Source: Telegram | Russian OSINT

Many people have heard of onion routing in Tor and have a rough idea of how it works. However, fewer people know about garlic routing. That's why I decided to write a short note about what it is and how it works in I2P🚥 How is a message sent? ✉️ In I2P, your message travels through a tunnel—a chain of randomly picked computers (nodes) on the network. Each node only knows where to send the data next, not the message content, thanks to garlic encryption🧄. Your message is first encrypted for the recipient using end-to-end encryption. Asymmetric encryption🔐 uses a public key to encrypt and a private key to decrypt. How are encryption layers created?🔒 Now the process of wrapping the message in layers begins. Imagine that you have a tunnel with three nodes: A, B, C. The encrypted message (already protected for the recipient) must be passed through these nodes so that each one knows only the next step. To do this, I2P creates encryption layers one for each node. Each layer is additional encryption with instructions for a specific node, such as “forward to node B” or “send to recipient.” It works like this: you encrypt the message with the public key of node C, adding the instruction “forward to node B.” You encrypt this packet again with the public key of node B with the instruction “forward to node A.” Then the entire packet is encrypted with the public key of node A with the instruction “send to recipient.” When you send the packet, it goes to node A. Node A opens its layer with its secret key, sees the instruction “forward to node B” and forwards the data. The data remains encrypted for other nodes. Node B opens its layer, sees the instruction “forward to node C” and forwards it. Node C opens the last layer, sees that it needs to be sent to the recipient, and does so. Each node only knows its own step and does not see the content of the message, its sender, or its recipient. Why is encryption called garlic?🧄 Now, let's talk about “garlic” encryption in detail. In I2P, your message is packed with others into one encrypted packet🗂, called garlic. This packet may include your message, others’ messages, and network data like tunnel commands⚙️ All these messages are encrypted together, and each layer of encryption (for nodes A, B, C) covers the entire large packet, not each message individually. When node A opens its layer, it sees the instruction for the entire packet, such as “forward to node B,” and sends it on. It does not know how many messages are inside, whose they are, or where they are going. Node B does the same, opening its layer and forwarding the packet to node C. Node C, opening the last layer, can send the entire packet or parts of it (depending on the instruction) to the recipients, but it does not know how many messages are inside and to whom they are addressed. This makes it impossible to determine whose message is where, even when observing the network. Each message in the packet is protected by individual encryption for its recipient🔑 so that no one but the intended person can open it. The messages inside the packet are not explicitly separated they are sort of stuck together into one continuous encrypted piece of data. I2P can also add “garbage” data🗑 fake messages that masquerade as real ones but mean nothing. In addition, I2P mixes♻️ your packet with other data on the network and can add random delays during transmission. This makes it difficult to analyze traffic. Tunnels change every 10 minutes, and the nodes in them are selected again, so it is impossible to track the path. How does garlic encryption differ onion encryption?🧅 In onion encryption, each message is encrypted separately and transmitted through its own chain of nodes. Garlic encryption not only wraps your message in layers of encryption, but also combines it with other messages and fake data into a single encrypted packet.

Nextcloud vs. CryptPad Which Privacy-First Collaboration Tool is Right for You? https://itsfoss.com/nextcloud-vs-cryptpad/

Trust Score: 87 https://profilestr.com/profile/npub1vm68u0w0uhyjsx6rd062u3pufzfa8sd30njsxg3lsppa80aalvhs8gsrrc

Interesting thread! ChatGPT quietly scrubbed today nearly 50,000 shared conversations from Google's index. https://fixupx.com/henkvaness/status/1951252284953763844 https://nitter.poast.org/henkvaness/status/1951252284953763844 ChatGPT quietly scrubbed today nearly 50,000 shared conversations from Google's index after our investigation. They thought they'd solved the problem. They were wrong. (1/5) A new Digital Digging investigation, conducted with @ osint77760, has uncovered 110,000 ChatGPT conversations preserved in http://Archive.org's Wayback Machine—a digital time capsule OpenAI can't touch. (2/5) @ osint77760 While OpenAI scrambled to de-index conversations from Google, they forgot the internet's most basic rule—nothing truly disappears. http://Archive.org had already captured everything. (3/5) @ osint77760 In one particularly damning conversation, an Italian-speaking lawyer for a multinational energy corporation laid bare their strategy to displace indigenous Amazonian communities. (4/5) @ osint77760 Read the full story here https://www.digitaldigging.org/p/chatgpt-confessions-gone-they-are

Proton Mail https://www.cnbcevents.com/wef2024/ https://intelod.net/reports/proton-mail/ https://digdeeper.love/articles/email.xhtml#protonmail

If anyone is looking for a new search engine with good privacy, have a look here and find one of your choice. (I'm using Disroot BTW) And have a look in the settings (wheel, upper right side). There are nice options. https://searx.space/

The intuitive introvert sees too much. This archetype is so rare, even Jung found it challenging to define. In his words: “Lives in a world that is only indirectly accessible to others… immersed in symbolic content, archetypes, and images which may seem foreign or irrational to most.” They don’t just observe life, they decode it. While others look at what is, they feel what’s becoming. This depth is a gift, but it often feels like a burden, because when you see beyond the veil, it’s hard to unsee.

Weekly feed of 140+ Security Blogs https://securityblogs.xyz/

Did you ever wonder how QR codes work? Reading QR codes without a computer: https://qr.blinry.org/

Investigate phishing emails https://chatgpt.com/share/6884ea26-4e8c-8000-bd78-3b9d9b75be83

EU age verification app to ban any Android system not licensed by Google Reddit: https://www.reddit.com/r/BuyFromEU/comments/1mah79o/eu_age_verification_app_to_ban_any_android_system/ The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui. Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means: • The operating system was licensed by Google • The app was downloaded from the Play Store (thus requiring a Google account) • Device security checks have passed While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems. This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it. The issue has been raised here https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now. In short: You can only be a full citizen of the EU if you accept the ToS from Google.

Do not download the app, use the website What is it that the browser can't do? The 2010s was the Wild West of the mobile world. "Mobile-first" was the buzzword, much like "AI-first" is today. Every company, from the biggest social media giants to your local pizza parlor, seemed to be pestering you to download their app. There was a genuine hype train, and everyone was on board. The apps, frankly, were always mediocre, and a far cry from the full functionality of their website counterparts. But the message was clear. If you weren't on mobile, you were falling behind. Fast forward to 2025, and that hype hasn't entirely faded. In fact, it's evolved into something a little more… persistent. If you've ever opened Reddit, LinkedIn, Pinterest, or practically any popular service on your phone's web browser, you've likely encountered it. A relentless push to download their app. They use every dark pattern in the book, subtly nudging you, sometimes even tricking you, into clicking that "Get the App" button. It feels inevitable, doesn't it? Like you're constantly fighting against the current. But if you're already a regular user, happily browsing their service through your phone's web browser, why are they still so desperate for you to switch to the app? • Beyond the Hype: The Real Reasons Companies Want You on Their App The answer, in short, is data. A lot of it. And access. A whole lot more of that too. Think about it this way. What can a website on your browser really get from you? Unless you manually upload your contact information, or there's a serious security vulnerability, a website's access to your phone's deeper functions is quite limited. Apps, on the other hand, are a different beast entirely. They are designed to integrate much more deeply with your device. When you download an app and want to use a particular feature, you're often prompted to grant various permissions. And let's be honest, how many of us meticulously read through every single permission pop-up? Most of the time, we just tap "Allow" to get to what we want to do. This seemingly small action can grant companies a treasure trove of information and control: - Your Contacts: Want to find friends on the app? Grant access to your contacts. Just like that, your entire network might be uploaded. - Location Tracking: GPS and even your phone's accelerometer can be used to track your precise movements and identify patterns in your behavior. Websites can try to estimate your location, but it's far less precise and requires explicit permission each time. - Microphone Access: Some apps can even record audio. - Installed Apps: Yes, apps can often detect what other applications you have installed on your phone. This information can be used to build a more comprehensive profile of you and your interests. All of this data extraction and deeper device interaction is significantly more difficult, if not outright impossible, for a website running in your browser. The web browser, in its own right, is a powerful and increasingly capable operating system. It can play video and audio, support WebGL for advanced graphics, and even has USB support. Most companies aren't even scratching the surface of what's possible with a modern web browser. Their primary motivation for pushing the app, more often than not, seems to boil down to gaining more access to your personal data and behavior. • The Unseen Cost of Convenience Even if you're not particularly "paranoid" about your data, it's worth asking: what can they possibly want to do in their app that they can't already do in the browser? Often, the answer is nothing that truly benefits you more. The perceived "convenience" of an app often comes at the cost of your privacy and control. It's incredibly easy to give information away. But once that data is out there, it's nearly impossible to take back. While regulations like GDPR can ensure that data is deleted from a company's database, they can't guarantee that data which has already been sold or shared with third parties will also be erased. So, the next time you're met with that insistent prompt to download an app, take a moment to consider what you might be giving up. For me, I'm sticking to the website. My browser offers all the functionality I need, without inviting a constant digital spy into my pocket. And that, in my book, is a win for privacy and control. https://idiallo.com/blog/dont-download-apps

FMD Android: secure open source alternative to Google's Find My Device https://gitlab.com/fmd-foss/fmd-android

New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities. https://cybersecuritynews.com/esim-hack/

https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md TL;DR matrix.org and vector.im receive a lot of private, personal and identifiable data on a regular basis, or metadata that can be used to precisely identify and/or track users/server, their social graph, usage pattern and potential location. This is possible both by the default configuration values in synapse/Riot that do not promote privacy, and by specific choices made by their developers to not disclose, inform users or resolve in a timely manner several known behaviours of the software. Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver: The #Matrix ID of users, usually including their username. Email addresses, phone numbers of the user and their contacts. Associations of Email, phone numbers with Matrix IDs. Usage patterns of the user. IP address of the user, which can give more or less precise geographical location information. The user's devices and system information. The other servers that users talks to. Room IDs, potentially identifying the Direct chat ones and the other user/server. With default settings, they allow unrestricted, non-obfuscated public access to the following potentially personal data/info: Matrix IDs mapped to Email addresses/phone numbers added to a user's settings. Every file, image, video, audio that is uploaded to the Homeserver. Profile name and avatar of users. See below for a detailed analysis.

123000

Seriously 😂