r/PrivacyTechTalk

Why no one try to convert to signal?

Recently, I've started noticing that I'm getting a lot of random ads and promotional messages on WhatsApp. It honestly feels like Meta is tracking everything we do. Sometimes, whatever you chat about seems to show up on Instagram within minutes.

I've been using Signal for the past three years, and I still don't understand why almost no one is willing to switch. Most people already know that WhatsApp isn't great when it comes to privacy, yet they continue using it. Even many people working in IT, who understand these privacy concerns, don't seem interested in moving to Signal.

I guess convenience and network effects win over privacy for most people.

reddit.com
u/Sea_Mechanic815 — 3 days ago

WhatsApp usernames are finally here. Privacy upgrade or scammer upgrade?

After years of requiring phone numbers, WhatsApp is finally rolling out usernames. That means you can connect with someone without automatically giving them your personal number. For many people, that's a long-overdue privacy win.

But not everyone is celebrating.

Some cybersecurity professionals and tech leaders have raised concerns that usernames could also make impersonation scams easier, similar to what we've seen on platforms like Telegram. Think lookalike handles, fake support accounts, or someone pretending to be a friend or brand.

To reduce those risks, WhatsApp says:

  • There's no public username directory.
  • People need your exact username to contact you.
  • You can enable an optional username key for additional protection.
  • High-profile usernames are being reserved to help prevent impersonation.

Like most privacy features, the technology is only part of the equation.

A few good habits still go a long way:

  • Don't trust a username alone. Verify who you're talking to.
  • Be cautious of unsolicited messages, even if the username looks legitimate.
  • Never share one-time verification codes.
  • Turn on two-step verification for your WhatsApp account.

What's your take?

Do you see WhatsApp usernames as a major privacy improvement, or do you think they'll create more opportunities for impersonation and scams?

reddit.com
u/PureVPNcom — 4 days ago
▲ 13 r/PrivacyTechTalk+2 crossposts

GrapheneOS: Undocumented Google Connections and Privacy Risks

GrapheneOS is marketed as a privacy-hardened, "de-Googled" operating system. However, technical analysis by the Kuketz IT-Security Blog revealed that the OS automatically connects to Google-operated gstatic.com servers by default to perform Android's standard captive portal checks.This behavior is not documented in the official GrapheneOS FAQ, creating a transparency issue for users. From a strict privacy perspective, these automatic connections leak critical metadata, including the user's IP address, timestamp, and location data directly to Google, enabling potential tracking and device fingerprinting despite the absence of Google Play Services.

u/MindlessCry3444 — 7 days ago
▲ 0 r/PrivacyTechTalk+3 crossposts

I Built a Privacy Tool With AI (And I’m Not a Developer)

I’m not a developer, but I’ve always believed the best way to understand new technology is to experiment with it.

So I used AI to build Ghist - a privacy-first disposable email tool designed to protect your real inbox from spam, tracking, and digital clutter.

What started as a small experiment turned into a much bigger lesson in curiosity, trial and error, and what building with AI actually looks like when you’re learning as you go.

Read my story below and if you’ve been experimenting with AI yourself, I’d love to hear what you’re building!

This is my story (thanks in advance for reading!)

u/EnglishAex — 6 days ago
▲ 15 r/PrivacyTechTalk+1 crossposts

Puri.li the private search engine with its own index

Hi all. I built https://puri.li, a fully self-hosted search engine with its own index / crawler. It currently has more than 20 million pages indexed and I added quite some tools (graph calculator, conversions, sunset/weather via openmeteo, etc). Please let me know what you think. BTW Any missing pages can be added via the add site form (takes ~30 minutes to be indexed).

reddit.com
u/skillplayed — 8 days ago
▲ 36 r/PrivacyTechTalk+1 crossposts

YouTube (and Facebook) eavesdrops on my phone calls and in person conversations

And before you say "they are looking at your search content", of course they are but there are at least 20 instances where I have had conversations and absolutely zero searching that they have placed either ads or content with exact specificity to my conversation. Sick and tired of being spied on. AI suggests that I turn off my microphone which I have done on as many apps and I can. It seems to have slowed it down but this is sooooo illegal and it should be stopped.

reddit.com
u/Under75iscold — 13 days ago

Why Local-First AI is Crucial to Fixing Our Broken Internet Privacy Model

The current state of the modern internet is built on what many privacy experts call a fundamentally broken deal. As everyday users, we navigate through websites, apps, and various online services under the assumption that our personal space is respected. However, the dominant economic structure powering most traditional browsers today is surveillance capitalism. In this system, our intimate browsing histories, location data, search preferences, and even daily digital behaviors are systematically tracked, analyzed, and packaged into profiles to be sold directly to corporate advertisers. This means that our personal attention has become the actual product, turning online privacy into a luxury rather than a basic right.

To change this extractive dynamic, we desperately need a fair value exchange in the web ecosystem. Users should have absolute ownership over their data context, ensuring that their private information remains in their own hands instead of sitting on centralized corporate servers. Thankfully, the development of decentralized web architectures and specialized tools is beginning to offer a genuine alternative where the financial and structural incentives finally align with user sovereignty.

One of the most practical solutions to this data exploitation problem is the transition toward "local-first" AI processing. Traditional web tools often require users to upload their sensitive data to remote cloud networks to experience smart features or personal assistants. Local-first AI entirely flips this model by executing complex artificial intelligence processing directly on the user's physical device.

This breakthrough allows the smart system to learn your individual preferences and evolve with you over time without ever forcing your personal data to leave your local context. Embracing browsers that actively support a local-first, privacy-by-design framework is essential if we want to reject invasive tracking. It is time for internet users to collectively move away from the old server-side surveillance models and reclaim our digital freedom and sovereignty.

reddit.com
u/Valuable-Put-8175 — 9 days ago

Phone Monitoring

Hello! How can I tell if someone is monitoring my phone? Is there any way I can check whether my phone is being monitored? Thank you so much!

reddit.com
u/ryujinx2 — 11 days ago

Building deepfake defense around "prove the relationship" instead of "detect the fake." Tell me where this breaks.

I have been working on this problem for a while and want to think out loud with people who actually understand it, because I am not convinced the mainstream approach is the right one.

Most deepfake defense today is detection: analyze the media, score how likely it is fake, flag it. My worry is that this is a losing arms race. Every time detectors get better, generators get better, and the defender is always reacting to the last model. By the time you have analyzed a call, the wire transfer already went out.

So the approach we are taking flips it. Instead of asking "is this media fake," we ask "is this the person they have always been." The bet is that identity and relationship history are a more durable signal than the pixels or the audio.

Roughly how it works:

  • A device-level identity key travels with every communication and builds verified history over time. The more two parties interact and confirm each other, the stronger the trust.
  • Trust is tiered. Someone goes from an unknown device fingerprint up to a fully verified coworker through actions like confirming email and repeated real interaction. It is earned, not assumed.
  • The user never sees a dashboard or a confidence score. They see one signal during a call: green, yellow, or red. Trust, caution, stop.

The thinking is that an attacker can clone a face and a voice, but cloning a long history of verified relationship on a specific device is a much harder problem.

Where I want this sub to push back:

  • Is relationship history actually more durable, or am I just moving the attack surface to device and account takeover?
  • A green light could create dangerous overconfidence. If people stop scrutinizing anything green, does the system make them more vulnerable on the day it is wrong?
  • New legitimate contacts always start untrusted. Does the friction kill it in practice, especially for roles that talk to strangers all day (sales, recruiting, support)?
  • Is "restore trust" just "detection" with extra steps, or is it meaningfully different?
reddit.com
u/Western-Chemistry-40 — 13 days ago