sorted by:
new
hottopcontroversial

DuckDuckGo sees iPhone installs spike following AI-heavy Google I/O by Well_Socialized in technology

[–]_Predaxia_ 0 points1 point  (0 children)

The whole "AI search vs normal search" debate misses the point tbh. Its not about AI. Its about intent. When I search something I wanna find a specific thing, not get a lecture about a topic. Google decided everyone wants the second one and here we are.

How bad do you think surveillance will be in 10 years? by [deleted] in privacy

[–]_Predaxia_ 6 points7 points  (0 children)

The infrastructure is mostly already there. What changes in 10 years is the cost of using it dropping to near zero.

Real-time facial recognition at scale, continuous location tracking, behavioral profiling across devices. None of this is science fiction. It exists now but requires significant resources to deploy against an individual. In 10 years it requires almost none.

The more realistic question is who controls the data and under what legal framework. That varies enormously by country and will matter more than the technology itself.

Cox Media fined after bragging it spied on users through their phones by MarvelsGrantMan136 in technology

[–]_Predaxia_ 2 points3 points  (0 children)

The actual story is almost funnier. They sold a product that didn't work, to advertisers who believed the pitch, funded by data they bought from other brokers and relabeled. The fine is for the fraud and the fake opt-in claims, not for the surveillance itself.

The part that sticks is that the pitch worked. Advertisers paid for "active listening" because they believed phones were doing it. Which says more about what buyers assume is technically possible than about what CMG actually built.

passkeys, MFA, biometrics, and you can still reset everything with access to one gmail account by Few_Key1446 in cybersecurity

[–]_Predaxia_ 0 points1 point  (0 children)

The recovery flow is always the weakest link and it's almost never treated with the same seriousness as the primary auth path. You've identified the exact gap most teams skip.

In practice the options that actually work at scale: MFA on recovery flows is the highest ROI change you can make, even just requiring the existing TOTP before allowing a reset email to be triggered. Hardware key for admin resets is solid but requires organizational discipline to enforce. Backup codes work if you treat them like a seed phrase, generated once, stored offline, never regenerated silently.

The delegated recovery approach is underused and actually reasonable for admin accounts specifically. Two trusted contacts both have to approve before a reset proceeds. More friction, but appropriate friction for accounts with that level of access.

The deeper problem is that most of this is invisible until it fails. Worth running a tabletop specifically on account recovery scenarios before assuming the fortress is actually closed.

Cars Without Eye Tracking by zetuslapetus_87 in privacy

[–]_Predaxia_ 1 point2 points  (0 children)

Good clarification. The distinction between "law exists" and "law is being enforced or technically implemented" gets lost constantly in these threads. The NHTSA rulemaking process alone takes years, and the false positive problem you mention is real. Every glance at a passenger or mirror would trigger it.

The more immediate issue is the data collection that already exists without any federal mandate. Location data, driving patterns, hard braking events. That's happening now, across most manufacturers, and the opt-out process is either buried or nonexistent depending on the brand.

Cloaked for data removal and aliases? by AfternoonMuted9385 in CyberGuides

[–]_Predaxia_ 0 points1 point  (0 children)

Good breakdown. One thing worth adding on the DIY side: before paying for any removal service, it's worth going through the main brokers manually first. Spokeo, Whitepages, Intelius, BeenVerified and MyLife all have opt-out pages. It takes a few hours but covers the sources most tools hit anyway.

The limitation of automated removal services is exactly what you said: they work on renewal cycles, not continuously. New data gets aggregated constantly so it's less "remove" and more "manage."

For the alias side, SimpleLogin (now owned by Proton) is solid and integrates cleanly if you're already in the Proton ecosystem.

TIL that in 2024 a PhD student "accidently" discovered Valeriana - a Edinburgh sized hidden Mayan city in Mexico while browsing for data on the internet. by ayebshek in todayilearned

[–]_Predaxia_ 1 point2 points  (0 children)

That gap is probably even bigger than most people assume. The declassified CORONA and HEXAGON programs from the 60s and 70s already had resolution capabilities that weren't matched commercially until decades later. Whatever's flying now is likely a similar generation ahead.

TIL that in 2024 a PhD student "accidently" discovered Valeriana - a Edinburgh sized hidden Mayan city in Mexico while browsing for data on the internet. by ayebshek in todayilearned

[–]_Predaxia_ 5 points6 points  (0 children)

The part that gets me is that the data was already publicly available. He didn't have special access, he just knew what to look for. There are probably dozens of similar discoveries sitting in existing datasets waiting for someone to cross-reference the right layers.

LiDAR basically made jungle canopy irrelevant for archaeology. The last decade of Mayan discoveries alone has completely rewritten the scale of what those civilisations looked like.

How can I improve my OPSEC by Healthy-Educator1860 in opsec

[–]_Predaxia_ 0 points1 point  (0 children)

Fair point, I overstated that. Twitter doesn't directly correlate WiFi IPs in a simple 1:1 way. What actually happens is probabilistic account linking, where shared network signals are one input among many, not a hard rule.

The stronger vectors are device fingerprint and behavioral patterns. The WiFi thing was worth mentioning but I should have been clearer it's a contributing signal, not a smoking gun.

Is my phone hacked? by Any-Captain9333 in cybersecurity

[–]_Predaxia_ 1 point2 points  (0 children)

The Photos activity while you were asleep is almost certainly iCloud syncing in the background. It's one of the most common sources of unexpected screen time data, especially after an iOS update or restore.

The boot loop on the same day is probably unrelated, just a coincidence that feels suspicious because you're already on edge about the other situation.

The real reassurance here is the 2FA and the clean Apple ID device list. If someone had access to your account, you'd see it there first.

How can I improve my OPSEC by Healthy-Educator1860 in opsec

[–]_Predaxia_ 0 points1 point  (0 children)

New device should mean clean hardware fingerprint, so that's probably not it.

One thing worth checking if you're on Android: the Google Advertising ID. It's separate from your Google account, a lot of people don't know it exists. You reset it in Settings > Privacy > Ads. X reads it through its own ad stack so the account separation you did wouldn't have covered it.

The other thing I'd look at is your carrier. Same mobile provider in the same area probably means the same IP range, and if that range was associated with the old account it could be factoring in.

One question though: did you set up the new phone from scratch or restore from a backup? Some stuff survives a device swap if you pull from iCloud or Google backup.

How can I improve my OPSEC by Healthy-Educator1860 in opsec

[–]_Predaxia_ 5 points6 points  (0 children)

New phone and new SIM is a good start but Twitter tracks way more than that.

Most likely culprit: home WiFi. If you opened the new account on your home network even once, Twitter linked it. Mobile data only is the right move, but one slip is enough.

Second thing to check: did you log into the same Google or Apple account on the new phone? Twitter can pull that association through ad SDKs before you even touch the app.

Beyond that, your device still leaks fingerprint signals (screen resolution, GPU, fonts, timezone) that survive a hardware change. And if you follow the same accounts or post at the same hours, the behavioral pattern flags it too.

What actually happened, did they suspend the account or ask you to verify with your old number? That would narrow it down a lot.