Hacker News with Generative AI: Privacy

Ask HN: For the privacy minded, How do you prepare for gadget Border Searches? (ycombinator.com)
This is coming up a lot these days in the news- but Customs and Border Patrol have increased the amount of searches they do for travelers coming to and leaving the US. I find this fascinating- because it feels like an area that should have answers -but that there are only some.
It's Unreal Just How Awful 'Real ID' Is (2020) (zocalopublicsquare.org)
Do you love this country, this state, and your freedoms?
23andMe is potentially selling personal survey data, etc., beyond genetic data (theconversation.com)
As soon as the genetic testing company 23andMe filed for bankruptcy on March 23, 2025, concerns about what would happen to the personal information contained in its massive genetic and health information database were swift and widespread.
Hacking the call records of millions of Americans (evanconnelly.github.io)
Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.
HP printers try to send data back to HP about your devices and what you print (robertheaton.com)
Last week my in-laws politely but firmly asked me to set up their new HP printer. I protested that I’m completely clueless about that sort of thing, despite my tax-return-job-title of “software engineer”. Still remonstrating, I was gently bundled into their study with an instruction pamphlet, a cup of tea, a promise to unlock the door once I’d printed everyone’s passport forms, and a warning not to try the window because the roof tiles are very loose.
Cell Phone OPSEC for Border Crossings (schneier.com)
I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones.
2.8B Twitter IDs Leaked (forbes.com)
Elon Musk’s social media platform, X, is no stranger to the news. What with the reported purchase of X by xAI for $33 billion, attackers claiming responsibility for platform outages, and X password scams targeting users. Now, another shock awaits the users of what used to be Twitter: a self-proclaimed data enthusiast has just given away what is claimed to be a database containing details of some 200 million X user records. Here’s what we know so far.
DEDA – Tracking Dots Extraction, Decoding and Anonymisation Toolkit (github.com/dfd-tud)
Document Colour Tracking Dots, or yellow dots, are small systematic dots which encode information about the printer and/or the printout itself. This process is integrated in almost every commercial colour laser printer. This means that almost every printout contains coded information about the source device, such as the serial number.
FTC: 23andMe buyer must honor firm's privacy promises for genetic data (arstechnica.com)
Federal Trade Commission Chairman Andrew Ferguson said he's keeping an eye on 23andMe's bankruptcy proceeding and the company's planned sale because of privacy concerns related to genetic testing data.
Breach of X allegedly leaks over 200M users' email addresses (mashable.com)
An alleged X data breach has leaked the email addresses of more than 200 million users.
Discover European alternatives to popular SaaS (xwiki.com)
Let’s face it: Big Tech companies will always put their interests first. If Europe truly wants digital sovereignty, we need to stop handing over our infrastructure to Silicon Valley giants. Yet, despite all the talk, many businesses and governments still sign contracts with Microsoft, Google, and Atlassian, locking themselves into foreign control. We can’t afford to keep making the same mistake.
New in Gmail: Making E2E encrypted emails easy to use for all organizations (workspace.google.com)
At Google, we believe that secure, confidential communication should be available for organizations of all sizes. However, end-to-end encrypted (E2EE) email was historically a privilege reserved for organizations with significant IT resources, due to the complexity of S/MIME and proprietary solutions.
Over 200M Records Allegedly Belonging to X Leaked Online (safetydetectives.com)
Self-Hosting like it's 2025 (kiranet.org)
In recent years, self-hosting has emerged as a popular alternative to data-collecting, big-brother services.
Kagi for Kids (kagi.com)
The Kagi Family Plan is perfect for families wanting to search smarter, emphasizing learning over consumption while respecting your family's privacy.
Honey has now lost 4M Chrome users after shady tactics were revealed (9to5google.com)
Late last year the popular Chrome extension Honey (owned by PayPal) was revealed for employing a few shady tactics, and the extension has since lost around 4 million users on Google’s browser alone.
France fines Apple €150M for “excessive” pop-ups that let users reject tracking (arstechnica.com)
France's competition regulator fined Apple €150 million, saying the iPhone maker went overboard in its implementation of pop-up messages that let users consent to or reject tracking that third-party applications use for targeted advertising.
Privacy died last century, the only way to go is off-grid (theregister.com)
From smartphones to surveillance cameras to security snafus, there's no escape
ToS;DR (tosdr.org)
"I have read and agree to the Terms" is the biggest lie on the web. Together, we can fix that.
Cover Your Tracks (coveryourtracks.eff.org)
Test your browser to see how well you are protected from tracking and fingerprinting:
Moving 18 years of comments out of Disqus and into my 11ty static site (sachachua.com)
I've been thinking of getting rid of the Disqus blog commenting system for a while. I used to use it in the hopes that it would handle spam filtering and the "someone has replied to your comment" notification for me. Getting rid of Disqus means one less thing that needs Javascript, one less thing that tracks people in ways we don't want, one less thing that shows ads and wants to sell our attention.
Pixelfed leaks private posts from other Fediverse instances (fokus.cool)
Due to an implementation mistake, Pixelfed ignores this and allows anyone to follow even private accounts on other servers. When a legitimate user from a Pixelfed instance follows you on your locked fediverse account, anyone on that Pixelfed instance can read your private posts. You don’t need to be a Pixelfed user to be affected.
FBI raids home of prominent computer scientist who has gone incommunicado (arstechnica.com)
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.
Samsung Galaxy AI features can be set to on-device-only processing (tomsguide.com)
What no one is saying about the first city-wide facial recognition zone [video] (youtube.com)
Kink and LGBT dating apps exposed 1.5M private user images online (bbc.com)
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.
Everyone knows all the apps on your phone (peabee.substack.com)
Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.
'Audible enclaves' could enable private listening without headphones (techxplore.com)
It may someday be possible to listen to a favorite podcast or song without disturbing the people around you, even without wearing headphones.
The Candid Naivety of Geeks (ploum.net)
Amazon recently announced that, from now on, everything you say to Alexa will be sent to their server.
When the physicists need burner phones, that's when you know America's changed (theguardian.com)
At international academic conferences recently, one sees an interesting trend. Some American participants are travelling with “burner” phones or have minimalist laptops running browsers and not much else. In other words, they are equipped with the same kind of kit that security-conscious people used to bring 15 years ago when travelling to China.