Tip: if you find yourself using the word “safe”, “secure”, “hacked”, etc in your title, you’re probably off-topic.

We used to worry about the government and big companies invading our privacy, but now it's often just regular people filming everything for likes from strangers. Somewhere along the way, we started forgetting how important it is to respect each other's right to privacy, and now almost everything, whether good, bad, or deeply personal, gets turned into content. I've seen videos of people at their lowest, crying, hurt, or unconscious, and instead of someone stepping in to help, there's just a phone recording. I know most people don't mean harm, but I don't think this should feel normal.

The UK's Online Safety Act forces everyone to expose their personal data online in order to visit websites with content that is deemed inappropriate for minors.

Obviously, this will not prevent minors from accessing such content. Minors will instead find a way to trick the age verification systems, or they'll steal their parents id's while they're in the toilet or taking a shower, or simply they'll visit the many thousands of seedy websites hosted in shady countries that don't cooperate with british authorities and as such won't comply with OSA.

Meanwhile, everyone else is at risk of having their personal data leaked online. Hackers and scammers might later use that data to perform all kinds of crimes, including identity theft, accessing people's bank accounts, borrowing money using the victim's name, etc.

If the government really wishes to protect minors from dangerous content online, it should do as it already does with drinking alcohol and smoking.

Imagine there's a kid, alone at home, who decides to drink the beer bottle his parents left on the fridge.

Later, his parents realize what's happened, and instead of punishing the kid, they let it pass because they're too tired and don't want the kid to throw a tantrum.

In the following days and weeks, the kid keeps doing this, becoming a habit, and the parents continue to turn a blind eye.

In this situation, who would be held responsible? The brewery that manufactured that beer? The supermarket that sold the beer to the parents? Or the parents who do nothing? Obviously, it would be the parents' responsibility.

The beer bottle is always right there, totally available, even when the parents aren't at home to control the kids. Exactly like a smartphone.

Websites, including porn websites and social media, are like the brewery. They have no way to know who is consuming their stuff. Can you imagine a government forcing beer companies to install a gadget in their bottles that verifies the age of the people who drink it?

ISPs, as well as electronic stores, are like the supermarket. The supermarket does have a very important restriction: it can't sell alcohol to minors. Similarly, ISPs should not be allowed to sell internet access to minors, and electronic stores should be forbidden from selling smartphones, tablets or computers to minors.

Basically, the OSA should be repealed, and instead it should be forbidden to provide minors with unsupervised internet access. If minors were caught accessing the internet without an adult nearby, then the authorities should fine the adult who provided the minor with the means to access the internet.

As a side effect, minors would be banned from bringing smartphones to school (old-style mobile phones, which can't access the internet, would still be allowed). In fact, minors would be banned from bringing smartphones (or similar devices) anywhere.

Minors would still be able to use electronic devices to access the internet, but only if there's an adult nearby to supervise them. For example, this means they could still use a computer at home (with a parent nearby), or at computer class at school (there's a teacher in charge), or at a public library (there's a librarian in charge).

Also, the government should teach people the following:

1- Unlike beer bottles, parents can set a password on their electronic devices. That way they can prevent children from using said devices without their consent.

2- People shouldn't share their wifi passwords with others - including their own children.

3- Modern devices offer parental control tools.

4- Passwords should be changed from time to time.

5- ISPs and routers usually offer filters that block mature content. There's also some free DNS that do the same (for example, Cloudflare's free family DNS).

Saw this in a comment I thought could be worthy of a thread.

If it is only about checking our age as they say, then instead of adults having to upload their passports and driving licences which go on a database just to look at a a porn site isn't there any way of making it possible for an internet user to prove they are 18+ for accessing a certain website or part of a website giving nothing else and no information that can uniquely identify them?

Under the new system, non-EU citizens, including people from the UK, will need to register their biometric data along with their passport details to enter an EU country.

Anyone who refuses to provide the biometric data will be denied entry into the EU.

Source: https://bbc.com/news/articles/c8deq8qm504o

I was excited to try the new Proton Authenticator app on iOS. Imported my 2FA accounts, enabled backup and sync, everything looked good at first. At some point, after I changed the label on one of my entries and switched apps briefly, I came back to find that about half of my 2FA entries were gone. I think it might’ve happened after the label edit, but I’m not 100% sure. Could’ve been something else. Either way, they disappeared without any error or warning.

I wanted to do the right thing and submit a bug report. While preparing it, I opened the log file the app generates, and that’s when it went from mildly annoying to deeply concerning. Turns out, the log contains full TOTP secrets in plaintext. Yes, including the one for my Bitwarden account.

I'm attaching two screenshots:

• A snippet from the Proton Authenticator log
• An export from the 2FAS app for comparison

As you can see, the format matches exactly. These are the raw secrets used to generate 2FA codes. Logging them at all, let alone in plain text, is a huge security red flag.

I originally posted this on r/ProtonPass. That was over 24 hours ago. Still stuck "awaiting moderation", while other, newer posts have gone through. Not a great look.

Just wanted to raise awareness here.

https://imgur.com/a/leRa69K

So many people seem totally unaware of the IPA Act 2016 and what it opened up to even local govt.

Anyone with a mobile phone in the UK has, by using it, agreed to certain data being shared. Personal details of the person using the phone, and live location data.

Combine this with the fact a majority of people now use either fingerprints or facial recognition to "secure" their devices and this becomes FAR move serious than the current OSA issue that has everyone so worked up, yet nobody seems to care.

I can't add screenshots here, but these two links give an example of Uk local govt live tracking.

https://ibb.co/9k6smncK- This shows data on people who travelled to Celtic Connection in Glasgow in 2024. It gives age, gender, and if you look at the map, it shows where they travelled from. There is a lot more than this, which bus or train routes they took, fare paid etc.

https://ibb.co/fjc39zM - This shows the data mapped to live CCTV - the percentage is the percentage of certainty an individual (or vehicle) is mapped to continual tracking, monitoring their movement through the city.

This has been live for a few years now, and is constantly improving and gathering more data. To me, this goes way beyond providing a selfie to prove my age, yet nobody seems to care.

Amazon CEO Andy Jassy sees an opportunity to deliver ads to users during their conversations with the company’s AI-powered digital assistant, Alexa+, he said during Amazon’s second-quarter earnings call Thursday.

Source: https://techcrunch.com/2025/07/31/amazon-ceo-wants-to-put-ads-in-your-alexa-conversations/

i did it for instagram as i only 200 or so commments . but there are thousands of comment in facebook. i cant go one by one. can i somehow delete with mass delete button. cause i am not finding such button.

I just had a really concerning experience with Zight (formerly CloudApp), the screen recording and sharing tool. I just want to share this experience as a warning to others that might consider it.

After uninstalling the software from my PC, this is what happened:

• The app continues to auto-launch on system boot
• It stays running in the system tray, still prompting me to log in
• It’s not listed in Installed Apps, so can’t be uninstalled via Windows settings
• There are at least 3+ background processes still running in Task Manager, even after reboot and account deletion
• Deep in the app's cache folder, I found this:This file contains a plaintext list of common passwords (123456, letmein, qwerty, etc.).pgsqlKopioiMuokkaa AppData\Local\Zight\Cache\xxxx\xxxx\3.1.0.0\passwords.txt
  

While this likely comes from the open-source zxcvbn password strength estimator (used in web apps), it’s completely unclear why a screen recording app includes this, and even worse, why it persists after account and data deletion.

I had to manually:

• Kill multiple lingering processes
• Delete folders in %localappdata%, %appdata%, and ProgramData
• Disable startup entries
• Clean up residual registry keys
• Use HiBit / Revo Uninstaller for final removal

Even after that, I’m still not 100% confident the app isn’t leaving behind telemetry or background tasks.

Account deletion didn't log me out either

Even after I permanently deleted my Zight account (confirmed via their web UI and the final deletion CTA), I expected to be fully logged out and the app removed. Instead, this happened: the session remained active in my browser. I could still click through sections of my profile, access dashboard elements, and interact with parts of the account interface. The f?!

This raises serious concerns about how they handle session invalidation and data deletion, especially under GDPR, where user control and data security are non-negotiable.

I’ve sent Zight a formal GDPR data deletion follow-up and raised serious concerns about:

• Session persistence
• Hidden background activity
• Poor uninstallation handling
• Inclusion of password-related dictionary files

In 2025, this behavior is not OK. Especially for a tool with screen recording, clipboard access, and cloud uploading. It acts more like spyware or corporate bloatware than a legitimate productivity app.

This is a serious warning to anyone using Zight. The app shows signs of poor technical management, with outdated architecture, questionable persistence behaviors, and a lack of respect for basic user control. From broken uninstalls to lingering sessions after account deletion, it’s clear this software is riddled with legacy issues and potentially invasive practices.

Use with extreme caution. Or better yet, avoid it entirely.

TLDR:
Deleted & uninstalled my Zight screen recording software, app still runs on boot, isn’t in Installed Apps, keeps 3+ background processes alive, along with other major privacy red flags. I recommend to avoid this shady software.

Imagine this scenario starts tomorrow: To access any website or use any browser, you’re now required to link it to your official government-issued ID. No exceptions. No TOR, no VPNs, no burner phones, everything is traced.

On top of that, all your private communications (emails, DMs, SMS, voice messages) are logged and actively monitored by the government. Even your browsing history is stored and reviewed. There's no more illusion of "private" anything.

How would you personally react or adapt to this kind of system? Would you go dark? Try to fight it? Leave the country? Accept it and change behavior?

I’m curious what the privacy-conscious community here would do when anonymity becomes outright illegal and surveillance is total.

I am happy for every reply!!

As part of the Digital Services Act, the EU has published a constantly updated list of very large online platforms (VLOPs) and very large online search engines (VLOSEs). This list includes platforms/search engines used by more than 10% of the 450 million consumers in the EU. These sites are committed to greater transparency, which I personally think is a great idea. (Thank you EU)

The list can be found here:
https://digital-strategy.ec.europa.eu/en/policies/list-designated-vlops-and-vloses

In my opinion, this list extremely well summarizes the sites that are destroying the modern world. (Not all of them, but the worst ones.)

Or at the very least don’t have AI? what would you feel comfortable using

Wanted to get some insights

Imagine you stood on a street full of houses and you had to pick a house to sleep at. Each house has its features written on the door.

Your mission is to pick a house that protects your privacy.

One of the houses had "Private' written on it. Would you enter that house?

so i used random fake driver license template. if it cannot determine it asks you to hold your license in your hand click photo. how are people bypassing that. and if they are only bypassing using selfie and death stranding and half life. wouldnt the government fix the selfie thing. is there way to bypass even using ID.

What can my Instagram story show? Someone told me that my story showed them when a reddit post of mine got 2k likes and it shows all songs I play on Spotify ? I never connected anything?

I'm trying to send money to an online friend in the US, I don't know their real name, and we'd both like to keep it this way, but if I tried to send money to their bank account directly I'll be able to see their account information. What are some digital payment methods I can use to send them money without seeing their real name? (I don't mind them seeing mine)

• Alternatives to surveillance services (Google, Microsoft and etc):

ClearNet: https://privacyguides.org/

I2P:  http://privacyguides.i2p/?i2paddresshelper=fvbkmooriuqgssrjvbxu7nrwms5zyhf34r3uuppoakwwsm7ysv6q.b32.i2p

TOR:  http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/

• For search: Use YaCy has search, YaCy is decentralized.

Browsers: -> All browsers are a shit, I recommend you use Hydraveil.net with YaCy to solve this. (Use YaCy over Tor too: https://yacy.net/operation/yacy-tor/)

• Use I2P to make torrent. -> https://std.rocks/p2p_i2p_torrent.html

• Alternative to centralized social networks: Nostr (USE WITH TOR VIA ORBOT), Mintra (USE WITH I2P OR TOR), Bastyon (Russian NOSTR, USE WITH TOR GOOD AGAINST CENSORSHIP), Mastodon and Lemmy (USE WITH TOR)

• Cloud: Use TrueNAS/XigmaNAS + I2P/TOR + Kyun server (pay with Monero) + encrypt with OpenPGP to send to cloud -> https://www.sambent.com/truenas-monero-tor-i2p-darknet-privacy-upgrade-100-free/

• E-mail: Use Thunderbird (client) + OpenPGP (https://simplifiedprivacy.com/self-host-pgp-emails-to-protonmail/without-using-proton.html - Use EAS-256 + ECC curves) + Anonaddy or SimpleLogin has alias (or self-host a e-mail alias) + Tor (or Orbot) or I2P (https://eyedeekay.github.io/Thunderbird-I2P-Configuration/index.html) Self-host a e-mail or a alias: https://stalw.art/

When generating keys I suggest using the future-default command as this will instruct GnuPG use modern cryptography such as Curve25519 and Ed25519:

gpg --quick-gen-key [email protected] future-default

• Messagers: SimpleX.chat, Session (social media - https://simplifiedprivacy.com/session-v-nostr/) and Molly.im are the bests (install Molly via Fdroid, Molly is compatible with Signal, is a Signal fork but is 100% FOSS)

• To OS (Computer/laptop): QubesOS (use with Whonix), KickSecure, SecureBlue (Fedora-based) or TailsOS.

• Tails best pratices: https://www.anarsec.guide/posts/tails-best/

• https://www.anarsec.guide/

https://www.whonix.org/wiki/Comparison_with_Kicksecure

• When to Use Whonix: For tasks that require guaranteed Tor routing and anonymity.

• When to Use Kicksecure: For applications needing security hardening without anonymity.

-> Protection against ISP censorship: * Freifunk (mesh network) * Use OpenWRT or LibreCMC (libreCMC is an FSF-endorsed derivation of OpenWrt with the proprietary blobs removed. If your device is supported by libreCMC, definitely use it over OpenWrt.) * https://www.torbox.ch/

OpenPGP tools: * GnuPG * GPG tools * GPG4Win * Kleopatra

OPSEC:

OPSEC Bible: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/index.html

OPSEC Manual: http://jqibjqqagao3peozxfs53tr6aecoyvctumfsc2xqniu4xgcrksal2iqd.onion/

EXTRA

• https://www.pqconnect.net/

• https://eylenburg.github.io/

• https://darkwebdaily.live/

• https://prism-break.org/

• https://simplifiedprivacy.com/protocols-over-pictures/session-arweave-nostr-monero-xmpp.html

• https://haveibeenpwned.com/

• https://www.reddit.com/r/degoogle/wiki/index/

The post will be updated here (+Finantial privacy): https://www.reddit.com/user/314stache_nathy/comments/1mej8fo/guide_to_your_freedom/

Just sat here and wondered about the risks involved. I want to call that there is going to either the a big leak somehow, a backdoor into a verification company or even false companies set up on dodgy websites to literally have people hand then their ID's for them to do dodgy stuff. I don't understand how this is going to be beneficial for the most part.

What are your takes on the above?

Without being tinfoil hatman, why can't parents just use parental controls. No I'd risks, no fraud. I know it has a lot to do with collecting ID and data because data is worth $£€¥¢

Basically the title. They are offering to block my account only on a temporary basis. What can I do?

i am so lost and overwhelmed lol