→ zum Artikel

#Microsoft #privacy

Fedware: 13 Government Apps That Spy Harder Than the Apps They Ban The White House app ships with a sanctioned Chinese tracking SDK, the FBI app serves ads, and FEMA wants 28 permissions to show you weather alerts.

Fedware: 13 Government Apps That Spy Harder Than the Apps They Ban
www.sambent.com/the-white-ho...

#TechSky #Privacy #CyberSecurity #Surveillance #USPol

no credit card. no account. no cloud bill.

your machine, your domain, your data.

https://mycrab.space — self-hosting finally without the sysadmin headache.

#selfhosted #privacy #homelab #zeroconf

[March-29-2026] Daily Cybersecurity Threat Report [March-29-2026] Daily Cybersecurity Threat Report The Daily Tech Feed - Cybersecurity Daily Report

[March-29-2026] Daily Cybersecurity Threat Report
thedailytechfeed.com/march-29-202...
#Ransomware #DataBreach #InfoSec #DarkWeb #IncidentResponse #CyberReport #APT #Malware #Phishing #CyberDefense #Hacktivist #Cybercriminal #Vulnerabilities #Darkweb #AI #Fraud #Privacy #Exploits #Digital #Theft

Phase 3: Profit — The GitHub Story - ByteHaven - Where I ramble about bytes Part of the ongoing Big Tech’s War on Users series. Earlier this past week, GitHub announced that starting April 24th, your Copilot interaction data will be...

Phase 1: Acquire developer trust. Phase 2: ???. Phase 3: Your code trains our AI by default. The GitHub story.

blog.ppb1701.com/phase-3-prof...
#bigtech #blog #github #microsoft #privacy #selfhosting #userhostile #opensource #ai

Hong Kong’s new border-search powers allow officers to compel device passwords from all travellers visahq.com A legal amendment that entered into force on 28 March 2026 lets Hong Kong immigration, customs and police officers compel any traveller, including those in transit, to unlock electronic devices and provide passwords. Non-compliance carries up to six months in prison and fines of HK$100,000. The change heightens data-security risks for business travellers and forces multinationals to revisit mobility and compliance policies when routing staff through the city.

visahq.com

Business travellers heading to or transiting through Hong Kong now face one of the world’s most intrusive digital-search regimes. A legal amendment …

#travel #hongkong #privacy #intrusion

OpenAI claims these checks protect GPU capacity for 'real' humans. But if you're on a VPN or a privacy-hardened browser, you’re stuck in CAPTCHA hell. We’ve reached a point where 'free' access requires a digital strip search every few prompts. #privacy 2/4

Querem gozar vendo minha esposinha fumando? Então confere o vídeo em privacy.com.br/@RainhaeDom

#rainhaedom #privacy

Ha. You're not wrong. The metadata alone is probably wild. Good reminder to change default passwords on every device you own, even smart ones. And check Lunar (https://lunarcyber.com/ if you're worried about your info showing up anywhere else. #privacy

Liability is the missing link. When the vendor isn't responsible for false positives and police have qualified immunity, there’s zero incentive to double-check the 'black box.' We've built a high-speed pipeline for civil rights violations. #privacy 3/4

Wondering why people consider #Signal a secure way to chat:

A- Because everyone says it.

B- My friends recommended

C- My friends are on Signal.

D- I have audited the code myself.

E- I don't know what metadata is.

#infosec #potatosecurity #ethicalmashing #news #privacy

Wondering why people consider #Signal a secure way to chat:

A- Because everyone says it.

B- My friends recommended

C- My friends are on Signal.

D- I have audited the code myself.

E- I don't know what metadata is.

#infosec #cybersecurity #ethicalhacking #news #privacy

Phase 3: Profit — The GitHub Story _Part of the ongoing_ _Big Tech’s War on Users_ _series._ Earlier this past week, GitHub announced that starting April 24th, your Copilot interaction data will be used to train Microsoft’s AI models. By default. Unless you find the setting and turn it off. It’s worth pausing on that word — _default_. Because in 2018, when Microsoft acquired GitHub for $7.5 billion, developers were nervous. This was Microsoft — the company that called Linux “a cancer,” bundled Internet Explorer to kill competition, and had spent decades treating developers as a captive audience. Handing them the world’s largest code host felt like handing the keys to the commons over to a landlord. Satya Nadella knew exactly what he was walking into. So he made a promise. Specific, public, on the record — from the official Microsoft blog: > “We are committed to being stewards of the GitHub community, which will retain its developer-first ethos, operate independently and remain an open platform.” And then he invited accountability — his exact words: > “When it comes to our commitment to open source, judge us by the actions we have taken in the recent past, our actions today, and in the future.” Okay. Let’s do that. ## Phase 1: Collect Underpants (2018) The acquisition announcement was a carefully managed reassurance campaign. Nat Friedman — a respected open source figure, founder of Xamarin — was installed as CEO specifically to signal continuity. The message was consistent across every channel: GitHub would remain independent. Developer-first. A neutral commons. Not a Microsoft product. It worked. Developers who had started migrating to GitLab came back or stayed. The GitHub community largely gave Microsoft the benefit of the doubt. Nadella had spent years rehabilitating Microsoft’s relationship with open source and this felt like the logical extension of that goodwill. The trust was real. It was also load-bearing. ## Phase 2: ??? (2025) Seven years later, in August 2025, GitHub CEO Thomas Dohmke announced he was stepping down. Microsoft did not announce a replacement. Instead, GitHub was folded into Microsoft’s CoreAI division under Jay Parikh, executive vice president. No fanfare. No “we’re evolving the structure.” Just a reorganization that ended GitHub’s operational independence and positioned it explicitly as a component of Microsoft’s AI infrastructure. The independence promise didn’t expire with an announcement. It just quietly stopped being true. ## Phase 3: Profit (2026) On March 25th, GitHub announcedthat starting April 24th, interaction data from Copilot Free, Pro, and Pro+ users will be used to train and improve Microsoft’s AI models. By default. Unless you find the setting and turn it off. What counts as interaction data is worth reading carefully: * Inputs sent to GitHub Copilot * Outputs accepted or modified by you * Code context surrounding your cursor position * Comments and documentation you write * File names, repository structure, and navigation patterns * Interactions with Copilot features * Feedback — thumbs up/down ratings And who gets it? GitHub, and its affiliates. Which, as they specifically note in their updated privacy statement, includes Microsoft. If you’re on Copilot Business or Enterprise, none of this applies to you. Your corporate contract prohibits it. You’re protected. If you’re an individual developer — open source contributor, indie hacker, someone who touches their employer’s codebase from a personal account — you’re in until you opt out. The responsibility to do so is entirely yours. ## The Reversal Is Documented This isn’t a new policy being introduced. It’s an old promise being broken. In November 2025 — four months ago — a GitHub maintainer answered this exact question in the community forums: > “By default, GitHub, its affiliates, and third parties do not use your data (prompts, suggestions, code snippets) for AI model training. This setting cannot be enabled — it’s off and stays off.” Cannot be enabled. Off and stays off. That answer is now wrong. As of April 24th, for 26 million users, it’s on and stays on unless you turn it off yourself. ## The Windows Connection Here’s where the timing becomes something more than coincidence. Five days before the GitHub announcement, on March 20th, Windows president Pavan Davuluri published what I called a landmark “we hear you” post — promising to fix Windows 11. Less Copilot. Fewer ads. Movable taskbar. A calmer OS. Same week. Different audience. Different message. The developer and enthusiast community responded cautiously but positively. Microsoft was listening. Things were changing. Same week. Same company. One hand pulling Copilot back from the Start menu. The other hand quietly routing your code into the Copilot training pipeline. I wrote in that post that a calmer cage is still a cage. I didn’t know quite how literal that was going to get, quite that fast. The consumer audience gets the soothing blog post. The developer audience gets the policy update. Different pressure release valves for different communities — but the same direction of travel underneath. ## The Class System Nobody Is Talking About Enough GitHub’s own FAQ explains the individual/enterprise split plainly: business and enterprise customers have contracts that prohibit this use of their data. Those agreements are honored. Individual users — the open source contributors, the hobbyists, the people who _built the community that made GitHub worth $7.5 billion_ — get opted in by default. One commenter on Hacker News framed it generously: this is standard B2B SaaS practice. Enterprise DPAs include ML training carve-outs that free users don’t get. That’s true. It’s also exactly the point. The community that was promised stewardship and independence is getting consumer-tier treatment. The enterprise customers paying the big contracts get the protection that stewardship actually looks like. The people who made this platform worth buying are not the people being protected by it. ## What The Developer Community Is Doing Migration guides to Codeberg and Forgejo started appearing within hours of the announcement. Not rage-tweets. Documentation. Step-by-step instructions for moving repositories, redirecting links, rebuilding CI pipelines. This matters because the switching cost is genuinely high. These aren’t casual users threatening to delete an app. These are people with years of commit history, issue threads, CI configurations, and public presence tied to GitHub. When developers with that much to lose start writing exit documentation rather than filing angry issues, that’s a meaningful signal. Worth noting: a significant chunk of the GitHub open source community is already on Linux or Mac. The Windows “we hear you” post wasn’t aimed at them and didn’t land for them. The Microsoft goodwill tour doesn’t apply to the audience most affected by this policy change. They were already skeptical. This confirms it. ## The Private Repository Sleight of Hand GitHub draws a careful distinction between data “at rest” and active interactions. Your private repository contents, sitting on their servers, are not used for training. But if you’re actively working in that private repository with Copilot enabled — your code context, your cursor position, your comments, your file structure — that’s interaction data. That’s in scope. Unless you opt out. If you’re an individual developer working on a personal account who sometimes touches your employer’s proprietary codebase, that’s worth sitting with for a moment. ## The Opt-Out Friction Problem Community reaction on Reddit and Hacker News has been pointed, with a consistent complaint beyond the policy itself: the opt-out instructions are confusing and inconsistent across different GitHub documentation pages. The setting is at: GitHub Account Settings → Copilot → Privacy → “Allow GitHub to use my data for AI model training” → Disabled. If you use multiple GitHub accounts, you need to do it for each one separately. Data retention if you don’t opt out: up to five years, though often shorter per GitHub’s FAQ. ## Nadella Said Judge Them By Their Actions Eight years of receipts: * 2018: GitHub will operate independently, retain developer-first ethos, remain open platform * 2021: Nat Friedman steps down, Thomas Dohmke takes over — independence maintained on paper * 2025: Dohmke out, GitHub absorbed into CoreAI, independence ends without announcement * 2026: Individual developer code routes into Microsoft AI training by default The promise was load-bearing. The trust it bought was real, and it’s been spent. Twenty-six million developers are on a platform whose terms just materially changed. Nadella said judge them by their actions. He was right to invite that. It’s the only honest standard. ## What To Do **Opt out now** if you haven’t: GitHub Settings → Copilot → Privacy → disable “Allow GitHub to use my data for AI model training.” Do it for every account. **Consider your architecture.** GitHub as a primary with no alternative is a single point of trust failure that just demonstrated it can fail. GitHub as a mirror to a self-hosted Gitea or Forgejo instance, or to Codeberg for public repos, is a different relationship entirely — you’re using their infrastructure as a utility without depending on their goodwill. For what it’s worth, my setup is self-hosted Gitea as the actual source of truth — my NixOS configs and other bits live there, with GitHub as a mirror mostly for shareability and discoverability. I’d already flipped the opt-out before writing this. But I’m now actively looking for a different public-facing home, and rethinking how I handle private repos entirely. I’ll cover what I actually decided to do in an upcoming home server post — but the short version is that this policy change is the thing that finally pushed me to treat private code like any other sensitive data on my infrastructure rather than something I hand to a third party and hope for the best. If you want to go the self-hosted route, Part 11 of my home server series covers setting up Gitea. If Codeberg is more your speed — hosted, nonprofit, EU-based, no VC money — there’s a solid practical migration guide on DEV written this week by someone who just did it. And if you want to self-host Forgejo specifically, this walkthrough covers the full process including CI setup via Forgejo Actions. The official Codeberg migration docs are also worth bookmarking — built-in GitHub import handles issues, PRs, labels and releases with checkboxes, not command line gymnastics. **Watch the policy.** It changed once with 30 days notice. The precedent is set. The commons was never really free. It was subsidized by developer trust that accumulated over decades and has now been drawn down in service of a $7.5 billion acquisition’s AI strategy. Judge them by their actions. Nadella’s words. Still good advice. _Find me on Mastodon at_ _@ppb1701@ppb.social_ _Part of the ongoing_ _Big Tech’s War on Users_ _series._

Phase 1: Acquire developer trust. Phase 2: ???. Phase 3: Your code trains our AI by default. The GitHub story.

blog.ppb1701.com/phase-3-profit-the-githu...

#bigtech #blog #github #microsoft #privacy #selfhosting #userhostile #opensource #ai

I Decompiled the White House's New App The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes, and loads JavaScript from some guy's GitHub Pages.

Fascinating read for the #infosec and #privacy nerdz:

blog.thereallo.dev/blog/decompi...

your own music cloud. scans ~/music, streams from yourname.mycrab.space.

no Spotify. no ads. no algorithm. just your library, everywhere.

https://mycrab.space

#selfhosted #music #privacy #homelab

New digital hall passes track bathroom breaks, gather data in NYC schools The tech, called SmartPass, is meant to helps educators “disrupt bathroom meetups.”

#NYC #schools #privacy

'New digital hall passes allow teachers to more closely monitor how long a student is spending in the bathroom — and who else has requested a bathroom break.'

gothamist.com/news/new-dig...

Article image

🔑 Navigating Autonomy and Privacy in Emerging AgeTech: Insights from the FPF Roundtable

As AgeTech expands into homes across the co…
#Privacy #GDPR #DataRights
Future of Privacy Forum · fpf.org/blog/navigating-autonomy...

#privacy #uspolitics #politics #savespeech #internet
call, email, never stop fighting

your weekly planner. on your own URL. accessible from any device.

not Notion. not Google. yours.

yourname.mycrab.space/plan — one prompt, done.

https://mycrab.space

#productivity #selfhosted #homelab #privacy

Your data is everywhere. The government is buying it without a warrant Data brokers buy up huge amounts of information from cell phones and browsers to sell for targeted advertising. But the government, including ICE, also buys the data.

The gov't can't collect your location data in bulk. So it just buys it instead. That's the whole story.

📍 No warrant. No court. Just a purchase order.
🤖 AI makes this exponentially worse, Dario Amodei said so publicly

www.npr.org/2026/03/25/n...
#Privacy #Surveillance #AI

Judge approves Google RTB settlement forcing new user privacy control A federal judge approved the Google RTB privacy class-action settlement on March 26, 2026, requiring a new opt-in control limiting data shared in ad auctions, with $21.8M in attorney fees.

ICYMI: Judge approves Google RTB settlement forcing new user privacy control #Google #RTB #Privacy #DataProtection #AdTech

Judge approves Google RTB settlement forcing new user privacy control A federal judge approved the Google RTB privacy class-action settlement on March 26, 2026, requiring a new opt-in control limiting data shared in ad auctions, with $21.8M in attorney fees.

ICYMI: Judge approves Google RTB settlement forcing new user privacy control #Google #RTB #Privacy #DataProtection #AdTech

Ron De Jesus, former Tinder privacy leader, joins Israeli startup Mine as chief trust officer Israeli startup Mine said Sunday it has appointed veteran privacy executive Ron De Jesus as chief trust officer and head of privacy strategy, as the company looks to expand its global footprint and strengthen customer trust. De Jesus brings nearly two decades of experience leading privacy programs at major global organizations, including dating platforms Grindr and Match Group, which owns Tinder and OkCupid, as well as financial services company American Express. He has also held roles at consulting firms Deloitte and PwC. Mine, founded in 2019 and based in Tel Aviv and Boston, develops an autonomous platform for privacy management, risk and artificial intelligence governance. The company said De Jesus will lead its trust strategy with global clients and partners and oversee initiatives spanning privacy and AI. He will also help shape the company’s messaging and align customer feedback with product development for its platform, MineOS. “Trust is the hardest thing to build in this industry, and the easiest to lose,” De Jesus said in a statement. “Effective privacy does not start and end with regulation, but in the way it is implemented in practice.” De Jesus is known in the privacy field for emphasizing ethics and trust over strict...

Ron De Jesus, former Tinder privacy leader, joins Israeli startup Mine as chief trust officer
->ynetnews | More on "Mine privacy AI governance hiring" at BigEarthData.ai | #Privacy

PSA for OF creators #onlyfans #privacy #security

Article image

🛑 Red Lines under EU AI Act: Unpacking the prohibition of emotion recognition in the workplace an…
#Privacy #GDPR #DataRights
Future of Privacy Forum · fpf.org/blog/red-lines-under-eu-...

Proton Mail did not hand over the contents of the inbox, but a Swiss legal order still led to payment data being shared via an MLAT. Privacy is not anonymity.

How many people are still confusing the two?

proton.me/legal/law-en...
#Privacy

YouTube is normalising ID-gated access. If age checks flag you wrongly, Google can ask for ID, a selfie, or a card to restore access. Today, it's age checks.

Tomorrow it's Identity by default. support.google.com/youtube/answ...

How far is too far?

#YouTube #Privacy

KadNap shows your router is part of your threat model too.

This campaign hit ASUS routers and edge devices, turning some into proxies. Update firmware, change default passwords, and disable remote admin.

Are you checking your router as often as your laptop?

#CyberSecurity #Privacy #SelfHosting

Metricool

Most founders optimize ads, not identity.

Most businesses ignore this until it’s expensive.

There is a smarter, consent-first way to handle visitor identification.

Learn more here → https://f.mtr.cool/mqgmxbdxyq

#MarTech #Founder #Privacy #DTC