instant messaging – Samsung Chat Service Privacy

I’m trying to find out privacy settings behind the wifi chat offered by… Samsung? Its built into my S10e as an additional chat service with little to no information about it. It’s free and enables chat over WiFi and to groups of users who have the feature enabled. It also enables Android users to see when others who have the service are typing like on the iPhone.

My concern is privacy. If it’s free, how do I know that I’m not the product here?

The Stack Exchange app won’t let me upload a 256KiB image so I’ve added a URL for the screenshot: screenshot of new messages feature

privacy – What consensus algorithm is MimbleWimble/Grin using? Does it use Zero Knowledge Proofs as well?

A Mimblewimble blockchain relies on two complementary aspects to provide security: Pedersen Commitments and range proofs (in the form of Bulletproof range proofs). Bulletproofs do not require a trusted setup. They rely only on the discrete logarithm assumption, and are made non-interactive using the Fiat-Shamir heuristic.

Pedersen Commitments provide perfectly hiding and computationally binding commitments. Since Mimblewimble commitments are totally confidential and ownership cannot be proved, anyone can try to spend or mess with unspent coins embedded in those commitments. Fortunately, any new UTXO requires a range proof, and this is impossible to create if the input commitment cannot be opened.

A Mimblewimble blockchain grows with the size of the UTXO set. Using Bulletproofs, it would only grow with the number of transactions that have unspent outputs, which is much smaller than the size of the UTXO set.

CoinJoin is a technique to aggregate multiple payments from multiple senders into one unified transaction. Dash deployed an improved version of CoinJoin earlier. Mimblewimble can do CoinJoin non interactively and verifiably in public. Hence Mimblewimble can be viewed as a privacy preserving cryptocurrency approach using Non Interactive CoinJoin technique.

privacy – How to upgrade a Trezor device without wallet.trezor.io?

It is possible to use the trezor command line client trezorctl available here to install a firmware you downloaded from trezor as described in the developer docs here.

BE SURE YOU HAVE A BACKUP OF YOUR SEED

“1) Pick version of firmware binary listed on https://wallet.trezor.io/data/firmware/1/releases.json
2) Download it: wget -O trezor.signed.bin https://wallet.trezor.io/data/firmware/1/trezor-1.6.1.bin
3) Use trezorctl dry-run mode to get the firmware fingerprint:

trezorctl firmware-update -n -f trezor.signed.bin

Step 3 should produce the same fingerprint like your local build (for the same version tag).”

Then it can be installed from the command line:

WARNING: This will erase the recovery seed stored on the device! You should never do this on Trezor that contains coins!

Build with MEMORY_PROTECT=0 or you will get a hard fault on your device.

Switch your device to bootloader mode, then execute:

trezorctl firmware-update -f path/to/firmware.bin

privacy – anonymity of Bluetooth tokens

In the context of contact tracking, I have a privacy question.

I have read some (and "few" is already a bad thing) articles on Bluetooth contact tracking, especially in the context of the Sars-Cov2 pandemic. There are huge privacy concerns in contact tracking.

One solution proposed by the researchers is to use "changing" device identifiers to prevent authorities from tracking an individual's location history by using beacons in public places or analyzing traces of other devices. The issue is particularly hot in the European Union.

The only question here: Regardless of the randomization of the device ID transmitted via Bluetooth, is it already Is it possible to listen to Bluetooth MAC addresses to identify a single device?

Example scenario: In a world where smartphone owners are encouraged to use a legitimate government-driven app (government is supposed to be democratic), a rogue provider with a high market rate can push an app Malicious Bleutooth on their consumers' phones (a big base user who just clicks "accept" anything). The malicious application continually searches for Bluetooth MAC identifiers to report home. Addresses are potentially geo-referenced. Decasonimylation may occur.

Until now, I've always learned to keep my Bluetooth invisible when I don't need it and possibly turned it off to save battery power.

A contact tracking scheme across the country or continent could be a good excuse to keep Bluetooth enabled and available for scanning.

The question is: What am i wrong

Privacy – Why does Google send screen resolution information?

Upon inspecting one of the network POST requests, I discovered that Google sends data about the screen resolution

"screenWidthPoints":XX ,"screenHeightPoints":XX ,"screenPixelDensity":XX, "clientScreenNonce":"XX"

How would Google benefit from sending information such as the width and height of the screen?

Privacy. How to prevent the transaction recipient from tracking my past transactions

I am thinking of sending some BTC to a new BTC address, but I don't have full confidence in that new one.

I am sending someone else, but I want to be sure that if I do, they cannot access other people who have used the same BTC wallet to send BTC

Privacy – Are there any mechanisms in PHP to assign "less trust" to scripts in a given directory? (not a duplicate)

Please stop redirecting my questions to an unrelated one that doesn't answer my question at all. I've already read all the answers there and it doesn't help at all. If you did, why would you ask this much more specific question?

This has been a continuing concern and problem for me for centuries:

For practical and logical reasons, I am forced to trust some third party PHP libraries. These are installed, updated and managed with Composerand live in C:PHP-untrusted-external, completely separate from my own PHP scripts, which live in C:PHP-my-own.

The scripts in C:PHP-my-own include and make use of libraries in C:PHP-untrusted-external.

Since there is no way that someone, especially me, can examine all third party code and all updates, I am looking for some way to "protect" or "sandbox" in some way, even if it is only partial.

Basically I'm concerned that someday an update will do an edit like:

unlink('C:');

OR:

phone_home_to_hacker_server($contents_of_my_harddrive);

If that happened, the scripts would run happily and perform those actions. Nothing prevents them from doing so.

Is there really no way to specify in the php.ini configuration file, something like:

security.sandbox_dir = "C:PHP-untrusted-external"

OR:

security.refuse_network_connections_for_dir = "C:PHP-untrusted-external"
security.refuse_disk_io_for_dir = "C:PHP-untrusted-external"

… or something how that?

I do not understand Stevedore. I've tried it countless times, and it doesn't make any sense to me. I don't want Docker. I don't want to deal with containers. Correction: me hypocrisy deal with it. I tried, but did not understand. Repeatedly.

I just want PHP to support this in itself, and it seems more than reasonable to me. Doesn't that seem reasonable to you?

The saying that "at some point, you have to trust other people" is too generic / vague to apply here. You are overlooking the problem. I don't trust people at all, and for good reason. It seems idiotic that (apparently) we are supposed to sit down and wait for the disaster to happen. At least if you could prevent third-party scripts from doing something with the file system and the network, that would help mitigate this problem. It still won't make the scripts unable to lie about the numbers / data they return to me, but at least they can't "call home directly" or delete random files.

Are there privacy and cookie considerations when using the Google Books API?

I am currently developing a website that uses the Google Books API to display book titles.
For testing purposes, I will rely on the Google API before transitioning to another.

I would like this service to be as free of cookies as possible. With the Google Books API, I'm already counting seven.

To be completely transparent with my users, what should I warn them about? Cookies, tracking, energy costs of relying on such an API?

privacy: is Adobe Creative Cloud uploading files from hard drive without my permission?

I tried to uninstall InDesign from my Windows 10 computer. To uninstall / update any of the Adobe programs, you must first update to the latest version of Creative Cloud, which is a hub that manages all your programs (PS, Illustrator, AfterEffects, etc. ). Once the update was complete, I uninstalled InDesign, but noticed that there was a small progress indicator in the upper right corner.

When I opened it, I saw that it said "File sync" was in progress. I thought "What file sync? I never asked to sync any files!"

enter the image description here

I immediately stopped syncing. Clicking on the settings icon, it turns out I was automatically syncing files from all my C:/Users/(UserName)/Documents/ folder, without asking permission to do this! (Since then I have created a void /Adobe subfolder so you don't have anything to load).

enter the image description here

I think I stopped him before he could load anything. Has Adobe been automatically uploading files from its users? /Documents folder without your consent, or am I exaggerating? If so, is there a way to blacklist all Internet access to all Adobe products? I don't want the next update to reset these permissions, and having to worry about automatic syncing in future releases!

confidential transactions: is a coin mixer possible to preserve privacy in Liquid?

Below, I focus on Confidential Transactions (rather than the Confidential Assets extension) for simplicity, but everything I say is also true for Confidential Assets.

yes, it is possible to use cryptographic protocols to organize the CoinJoin transaction in a way that preserves privacy. The ValueShuffle protocol is designed exactly for this purpose.

ValueShuffle in fact ensures that no third party (for example, a server that facilitates CoinJoin) knows the quantities (or assets) involved. But your privacy guarantees go beyond this requirement: Simply put, ValueShuffle ensures that the quantities of your inputs and outputs, and the relationship between inputs and output, remain private not only for third parties but also for other participants. from CoinJoin.

See the ValueShuffle document for all the details and limitations. Disclaimer: I am one of the authors.

Your intuition that CoinJoin and confidential transactions are a good combination is correct.
More specifically, we can exploit two important synergies.

  1. If we have confidential transactions, CoinJoins with different amounts of output are suddenly possible. This removes one of the main CoinJoin restrictions in practice.
  2. The combination of CoinJoin and Confidential Transaction makes it possible to mix multiple payments instead of just mixing autoship (if the payer also has a mechanism to obtain more than one possible address from the beneficiary). As a result, you can mix and pay with your coins in one transaction. This is much better than CoinJoins without confidential transactions, where you must first perform a mix transaction and only after mix can you make a real payment in a second transaction. This means that CoinJoining your payments will actually be cheaper (in terms of blockchain space and therefore transaction fees) than making individual payments. This provides a great incentive to do CoinJoins. This is notable because privacy generally comes at a cost, but in a scenario where confidential transactions are already available, CoinJoin comes at a discount.

My talk at Scaling Bitcoin 2017 provides a more detailed explanation on the benefits of combining CoinJoin and Confidential Transactions.