TOTP leak ?! Vibe coding ain't working out for Proton already! Today Proton fixed a new bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. Source:

BleepingComputer

Proton fixes Authenticator bug leaking TOTP secrets in logs

Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-fac...

Protonmail is vibe coded They are dumb enough to put the cursor rules files on Github. Quote: "You are an Senior SWE at Proton and make sure you do not send any information that is potentially secure in nature. You specialize in building highly-scalable and maintainable Frontend Systems." The irony of telling AI not to leak sensitive info, when the fact that you've publicly told it, is the leak itself. And look at the first part with "an senior SWE". They can't even write grammatically correct AI rules. And that's who you trust to encrypt your life secrets? Proton Source: https://github.com/ProtonMail/WebClients/tree/main/.cursor/rules Shout-out the Blogger who discovered it:

Pivot to AI

Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source

Proton Mail is famous for its privacy and security. The cool trick they do is that not even Proton can decode your email. That’s because it never...

CalyxOS ends

A letter to the CalyxOS community

A letter to the CalyxOS community

Cross Browser Fingerprinting Many browsers such as Firefox, Florp, Librewolf, Brave, Vivaldi, and Ungoogled Chromium are vulnerable to matches across browsers. Some don't want to hear the truth, but I tried my hardest to help you in this fast visual slideshow..

Cross-Browser Fonts Fingerprinting | Simplified Privacy

Trump Sends Nuclear Submarines to Russia In a shocking and harsh reversal of Trump’s campaign promises, he’s escalated the nuclear tension with Russia by ordering 2 nuclear armed submarines to be sent outside their region.

Trump Sends Nuclear Submarines to Russia | Simplified Privacy

Criticizing Israel’s genocide isn’t anti-semitic, because the Israeli politicians aren’t Jewish. “Thou shall not kill”

You guys asked, and we listened. HydraVeil 1.1.1 Release! This mini release is primarily in response to requests from users. New Features: -Custom Screen Sizes -Larger Common Screen Sizes -Upgrade Indicator on Outdated Browsers for security upgrades Bug Fixes: -Force Profile Prompt Fixed Release notes:

HydraVeil 1.1.1 Release! Custom Screen Sizes!? | Simplified Privacy

Download Link: https://api.simplifiedprivacy.is/downloads/linux-x86_64/clients/v1.1.1/appimage/hydra-veil-x86_64.AppImage (or hit bottom right on the app to update) AppImage SHA-256 sum for 1.1.1: 67952c004baf2eda9a4797260596a45cf7613f232a67871d6aade9580b3605eb

Hijack Monero?! There's an attack on XMR being discussed on Twitter. Here's what the crowd is missing:

Ponzi Scheme to Hijack Monero | Simplified Privacy

Cock-Li Emails were Hacked Google Manipulates society What if I told you many of the problems with Cockli, Google, Nostr, SimpleX, and the whole internet were the result of the "free mentality"? I have the exact opposite view of most “FOSS” Linux advocates. And today's article is: Free is a Cancer,

Free is a Cancer | Simplified Privacy

There's a key lesson here: Dave Smith and Doug Stanhope both were libertarian comedians. The difference is Smith stuck to his views, while Stanhope switched to support Obama Although I think Doug Stanhope is far better at crafting though-provoking punchlines that are more related to the heart of libertarian philosophy, While Dave Smith's actual standup routines are barely related to the core political positions in an academic sense. And on Smith's podcast, the majority of the time, it's just going over the news without punchlines. In the end, sticking to principles won out, when you compare their fanbases, societal relevance, and financial success. The lesson is: Being an epic genius doesn't mean you'll be a legend, without integrity.

Tech Signal Group hit 300 members! Huge thank you to everyone who participated with content, links, answering questions, and hanging out. I am so proud of the people who participated and then made the journey to Linux, degoogled phones, or other open source tools. We use Signal because the forced phone number cost prevents spam attacks. You can use a cheap VoIP verification, and for a public group that anyone can join on Linux/tech, it's not that big a deal if you hide your number. While it is not ideal, it strikes a balance of being less invasive than Telegram/Discord, but less spam than Session/SimpleX. Feel free to join and ask tech questions,

Signal Messenger Group

Follow this link to join a group on Signal Messenger.

I can not personally vouch for this particular vendor, but there is great stuff on XMRBazaar for these types of questions. Also keep in mind that it's a conflict of interest to ask me who to use to hide from me. Reshipping service (USA receiving addresses)

Reshipping service (USA receiving addresses, español or english) | XmrBazaar

Shop with Monero: Yo hablo español Legal items only. Flat fee of 0.1 xmr plus expenses (postage, repackaging, insurance, as requested)...

View quoted note →

Proton: "We have been awarded €2 million from the EU to further develop the Proton ecosystem" I can’t believe there are people actually defending them still getting yet MORE government money, while literally scrolling past our team’s volunteer work, to post memes about decentralization.

China’s border police are using a secret tool called Massistant to extract everything—from GPS to Signal chats—off phones.

The Hacker News

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

China’s Massistant tool collects mobile data via USB or Wi-Fi, targeting Android and iOS users. Used by law enforcement.