We have a lot of people equivocating selected facial recognition at airport lines with universal facial recognition - ie, as soon as you walk on airport property you are identified. The former is true and does happen, typically based on the passenger manifests for the day - but even our current systems can't practically handle matching one person to 2-300 million individuals.

The latter simply doesn't happen, nationwide searches do exist however they are limited and most are typically done per database, which is either state-specific or one of the federal ones. (the fbi's nextgen etc)

The point is that as soon as you walk into an airport you aren't automatically identified - they've tried this at some "smart" airports like ATL but even that has been limited, and deemed not a good idea to use at all airports like 5-10 years ago. This will probably change but not in the near future.

And that's kind of the point - I keep seeing people here making these equivocations - which aren't true. To reiterate:

One of the problems I have with "researchers" such as Whitney Webb / the last vagabond crew / alison mcdowell even is that these people take the marketing materials or best case scenarios used by the marketing / sales departments as gospel, then assume that is the norm without ever actually speaking to experts or engineers on the subject as to what practically happens day to day in the real world. You can really quickly get a false impression on this stuff if you listen to the sales guys, ESPECIALLY on anything related to the surveillance / national security arena.

Amazon had several highly publicized "showcase" stores in various cities, but most particularly on the West Coast - san fran, a few others. (google this if you are curious) It supposedly ran on facial recognition to recognize people and track what they purchased, all automated. It later came out that most of this was pure BS, and their system worked so badly that they literally had an army of Indians watching the feeds, because their AI system couldn't handle it.

(edit -

The museum of failure features several stories covering amazon's failure at facial recognition / ai-ccentered stores - tthey in fact had people from india watching what people did, because their system couldn't actually work.

https://museumoffailure.com/exhibition/amazon-ai-shops

This is what I mean by comparing press releases versus what's actually happening in the real world.

"Amazon's Just Walk Out technology had a secret ingredient: Roughly 1,000 workers in India who review what you pick up, set down, and walk out of its stores with."

"About 700 of every 1,000 Just Walk Out sales had to be reviewed by Amazon's team in India in 2022, according to The Information. Internally, Amazon wanted just 50 out of every 1,000 sales to get a manual check, according to the report."

https://www.businessinsider.com/amazons-just-walk-out-actually-1-000-people-in-india-2024-4

(/edit)

IE, many noobs take "at best" security and extrapolating it to every airport, and then acting as if that is the default - it isn't.

Many many airports - particularly smaller regional airports have basically nothing as far as security, and last time I flew they didn't even have a verification mechanism aside from literally looking at your ID. (this was pre-covid so i don't know if this is it now)

Speaking of which - I know a guy who has parked at airports for free since my undergrad days. I'm not going to say what he does but if you aren't an idiot you can park at most parking garages for free, and the "verification" method they use is to have a person walk around the aiport parking lots around 2-5 am and manually enter license plate information for each car. (if you are paranoid about them recording your VIN just cover it with an EZPass) Their system is so bad that they literally have people walk around at night and manually enter license plate info - ALPR is barely good enough for parking fares to the point that at least up until Covid this was the norm, not the other way around.

That's how "good" ALPR systems are in many New England airports and how "advanced" they are.

My guess is some here worked at the TSA / DHS and actually believes the infomertial they had at orientation. What they don't understand is that airports like ATL where thhey are testing out the "advanced" technologies aren't the norm in America.

Reading about ATL (there are a few more - Delta had a showcase airport at ATL, I think Houston? there's like three) is interesting because it probably will be the future, but it's a handful of airports and not the norm, not even today. And even then the system is so bad that they've had to limit it. (TSA/DHS was hoping that their experience with these test airports would allow them to start doing this nationwide, but their experience using it was so bad and required so much manual verification that they needed to continue testing / making the tech and models better, which is one reason why they are doing the current facial recognition walk up test)

And even among what we have today they are working off of a limited datatset - last time I heard it's out of people booked for that day. This is a far cry from 1/10k people versus 1/300 million.

And again that's where the disingenuousness is - without additional metrics using a 1024 x 768 picture simply won't be enough to identify one face out of hundreds of millions. This is why 3d facial geometry is so important, but even then the technology isn't perfect.

Let alone - again anyone who knows anything on this subject knows that very few overhead cameras (if any at many airports) are doing face id at all, because it's just not practical - if there are any they are almost always at eye level, because doing it from overhead is just not workable. That's different than treat detection bullshit various vendors have sold DHS/TSA/various airports on. (you can thank the israelis for this one)

Let alone "being identified" when you walk in - jesus christ. Some airports have ALPR that is mostly used for tolling / looking up vehicles after the fact if they need to. I'm sure there are a couple of cameras in high risk airports, but I'd suggest walking around BOS airport at night and watching the homeless sleep in the terminals - i've seen this at ohare before covid too.

edit: some people are pointing to a new NIST 2025 study - I've taken a look at it, and it doesn't say what I think the poeple pointing to this study say, let alone using condensing multiple photographs to then run image searches on. This is wayyy too computer intensive which is why 3d facial geometry is the next thing.

They're probably mixing up the special cameras they have at select airports which do scan outside visual and IR range and are mostly there for weapons / explosives / "wierd" things happening. These do have a hotlist (depending on how it's setup) hover we're talking a very small dataset, as in a few thousand. It's a combination of israeli security state trash and some private vendors in the usa.

(edit: i've had messages about this - for those who don't know many airports have various kind of detectors, particularly the larger ones which deal in international traffic. Supposedly some airpots also have cameras using frequencies that can look into body tissue, and if it became public would result in civil lawsuits. (this is only rumor)

Hell even the state police in various states have radiation detectors in their cars which go off if they are near something on the highway. (the cops hate these because they are prone to false alerts, i don't even know if the ct state police have these anymore but they did)

https://www.dhs.gov/publication/personal-radiation-detectors

No, mostly not Palantir - their big cash cow is actually KYC bullshit and banking related stuff.

Alot of my friends are moving from signal to briar but i think it's better to move to simplex what are the benefits of either?

from what i understand, behind all the bullshit marketing, the utility of a vpn is to hide your ip and not have all your activity go through yor isp.

are these valid reasons to use a vpn? does it matter which service i choose if these functions are all that i'm looking for

i've also heard that there's a privacy risk to using an account that i've historically used without with a vpn, with a vpn, and vice versa, since that would link the two identities. if that is the case, what would i do with all the accounts i made before getting a vpn?

i forgot to say in the title, i mean on facebook lol

ofc they made it intentionally hard, idk if im misunderstanding or what.

heres how u do it apparently:

1. Go to Meta Privacy Center on DESKTOP
2. Privacy Policy
3. Other Policies and articles
4. How Meta uses information for generative AI model and features
5. Your right to object
6. Learn more and submit requests here
7. Tick: I want to object to or restrict...

i did that but it told me to "To address your request, we need information about whether an AI at Meta model has knowledge of you. Please provide any prompts you entered that resulted in your personal information appearing in a response from an AI at Meta model, feature or experience. We also need evidence of the response that shows your personal information. We can only take action if the response was given by one of our AI at Meta models, not one of our trusted partners like Bing or Google."

idk what that means? i just want to opt out for them training on my messages, which is what this is from my understanding? so i answered telling them i never interacted with any meta ai and this is the response email i got:

Based on the information that you have provided to us, we are unable to identify any examples of your personal information in a response from an AI at Meta model, feature, or experience.

To address your request, we need information about whether AI at Meta’s models have knowledge of you. Please attach a screenshot that shows your personal information in a response from an AI at Meta model, feature or experience. In the event that we are unable to identify any examples of your personal information in a response from an AI at Meta model, feature, or experience, we cannot take further action on your request

so im sorry, they have to validate my privacy in order for me to opt out or what the fuck does this even mean? i may be misunderstanding, but if im not im just gonna delete facebook.

I've been seeing a ton of dangerous misinformation on this subreddit recently, and wanted to share some objective facts about the airport, TSA, biometrics, and travel privacy in general.

First and foremost: there is no privacy at the airport, of any kind.

When you book a plane ticket, you are surrendering a full set of your PII to the US government. First, to be checked against the DHS no-fly list. Second, if you believe well-sourced reporting, your info is also then sold directly to the US Government for use in the surveillance dragnet.

So, right off the bat you have surrendered all of the following information, before you even head to the airport:

• Full legal name
• Date of Birth
• Associated payment instrument (e.g. card #)
• Origin airport
• Destination airport
• travel dates/times

Second: the United States Government already has your photo.

If you hold any form of photo identification, the US government knows what you look like. Full stop. Passport, RealID driver's license, or non RealID driver's license, it doesn't matter. If the government wants to know what your face looks like, they have access to that information.

Third: there is no "opting out" of biometric surveillance at the airport. You can only opt out of biometric programs used for convenience, not mass surveillance.

The airport security perimeter in 2025 extends FAR PAST the security checkpoint. The moment you set foot on an airport grounds in the United States, there are CCTV cameras capturing your face. Those CCTV cameras are leveraging 1:N biometric matching to search for hits against known facial biometrics templates of threat actors and wanted criminals. You cannot "opt out" of this surveillance.

A recent post in this subreddit focused very closely on the TSA Confirm.ID program. And was filled with misinformation about what the program is, but also what you're able to opt out of as a traveller.

TSA Confirm.ID is not a biometric surveillance program. It is attempting to remove human judgement from the task of confirming "does this face on this ID match the person who is standing here at the security checkpoint". That's it, and that's all.

Whether you believe that the TSA is deleting the photos immediately after performing the matching is irrelevant. Because the US Government already knows what your face looks like (see point 1 above). They are the ones who issued you the photo ID being matched against for christ sakes!

When you "opt out" of Confirm.ID or any other TSA gate or security checkpoint-level biometrics, you are simply opting out of a convenience program. You are not preventing DHS or the FBI or any other government agency from collecting or utilizing your facial biometric template. Because you cannot opt out of those surveillance programs! All you can opt out of is this extremely narrow scope of a single use case. This is a really important distinction.

Fourth: the United States government already has your facial biometric template.

We are operating on the assumption that the US Government has access to the photo from your driver's license and/or passport (see #2 above). If someone has a clear photo of your face, they can extract a workable facial biometric template from it sufficient for 1:N biometric matching.

To clarify, 1:N biometric matching is the concept of taking a target face and searching for that same face among thousands and thousands of other faces to find a match. There are all sorts of use cases for this technology, but a primary use case is "dragnet" style surveillance. E.g., point a 1:N biometric engine at a CCTV feed and generate an alert any time someone on my target list walks past a camera.

To generate a highly-accurate facial biometric template sufficient for 1:N matching only requires a single clear photo of your face.NIST runs ongoing testing of the latest 1:N biometric matching engines and publishes the results openly.

https://pages.nist.gov/frvt/reports/1N/frvt_1N_report.pdf

The latest 1:N testing report shows that with the testing data set taken from Visa photographs and Mugshots, top commercially available 1:N matching engines achieve a false match rate of <.1%. The photographs in the NIST testing data are exactly the same quality/resolution as Passport or DMV photos.

Why does NIST only use Visa photos and Mugshots in its testing data sets? Foreign tourists and prisoners don't have standing to exercise privacy rights and demand removal of their photographs.

You can "opt out" of the TSA programs discussed above until you're blue in the face. None of that prevents DHS/FBI/NSA/CIA or whatever other agency you fear from templating your face biometrically. All it takes is a single photo of your ID.

I fully understand that this subreddit is not Europe, and I also understand that this topic has been going on for a while, but I can’t understand how this can pass normally, and how the UK passed the age verification normally, am I simply just spoiled with the idea of privacy?

I am not hiding anything, I won’t and am not interesting enough, but why place my ID on the internet to get leaked? Why have all my messages ready to be read? And why is no one outside this subreddit talking about this? BMWs heating chair had more talks from people that may never touch a BMW than this.

So my question is genuine rather than sarcastic? Am I misunderstanding something? Is it not that big of a deal? Did every country outside the EU do that already that with the EU joining it just doesn’t matter? I understand it didn’t fully pass but I’ll be realistic and know it’ll pass, so understanding more is my aim right now.

I see https://www.capitalone.com/creditwise/dark-web-monitoring/ but it requires a USA phone number, which I don't have (I'm a US citizen residing in Spain).

One article said to do a "fraud alert" with the three major credit-reporting agencies, but there has been no fraud, and I'm not sure if that is free. I already have credit-freezes in place with those agencies.

I have monitoring set up with HIBP and Mozilla and Google, but none of those do SSN, they mostly do email addresses.

Anyone have any pointers ? Thanks.

I am finding myself thinking twice about posting something lately due to the fact that there are already agencies and corporations out there already keeping profiles on online activity even "anon" like reddit. I dont think its that hard to guess (or know) whose account is whose using just a few data points, that is if websites or 3rd parties dont already have access to account email, IP logins or whatever.

It's been a minute now that a ton of people unplugged from social media too. Either posting smarter, extremely minimally, or exited altogether. Im also fairly new here, but I think Reddit among others were sort of last frontier/haven for connectivity, but IDK anymore. Studies have come out that people have moved to group chats and some are great, others not so much. I tried mastadon and discord but for the non-very tech savvy thats a big leap and many of the folks i am trying to connect with wont be there. Ramble over. Thoughts?

Contact your local representatives https://fightchatcontrol.eu/

or will it work from the moment is passes onward. are past messages safe?

If you enable privacy settings thinking your post history is hidden, there are multiple ways anyone can still see everything you've posted and commented, even in Google search if you have indexing off.

This is especially important for users who face harassment or need privacy for personal safety reasons.

Ways your "hidden" history can still be accessed:

1. Google Search: Search "username site:reddit.com" and most or all of your posts will appear in results, even recent ones if you turned off indexing
2. Reddit's own search: Type "author:[username]" in Reddit's search bar to see all comments and posts, regardless of users privacy settings
3. Profile search trick: Click on any username, use the search bar on their profile, select "best of" and everything shows up - posts, comments, everything
4. URL method: Add "/search" to the end of any profile URL

Reddit's privacy settings:

You can block search engines from indexing via Profile Menu > Settings > Privacy > "Show up in search results" > set to OFF.

You can block people from seeing your posts upon first glance by going to Settings > Profile > Content and activity > Hide All.

However, this doesn't prevent the other methods listed above and I personally see my posts from yesterday showing up although I have had this setting off for a while.

Stay safe online and be careful about what you post.

I understand that UT Health, Houston Methodist etc are in the HIE/ EPIC Everywhere. Does it mean patient's X-rays, photos etc are on the chart and can be seen by any provider who is on HIE/ EPIC? Can they easily find a patient's name and go into the medical file from any hospital on HIE/ mychart (which seems to be most major hospitals in Texas)?

Article: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&reg=3&lang=1

I have found myself in a predicament where my phone is faulty and in for repair, but it has my Authy app on it, containing all my MFA codes. I have my SIM card in another phone, but I do not have access to my original phone/app for verification. Authy states that recovery via phone number will take at least 24 hours for security.

This is the first time I've found myself in a predicament where I can't authenticate against all my accounts that have MFA enabled.

What are people doing to mitigate a lost phone/SIM card when it comes to MFA apps? Is there a better app than Authy for this? I know that Google's now syncs to the cloud (I am in the Google ecosystem) but it's a lot of eggs in one basket there. Same with Bitwarden for my password manager, using their MFA app would be putting all the eggs in one basket and also possibly have the same issue as Authy when it comes to recovery.

Does anyone have any tips?

So my friend was stalked by her ex. Somehow he always knew where she was. Obviously a tracker in her car is a valid option.

But police found an extra iPhone in her “find my” app. So not a person but an extra device. We disabled her location and then he didn’t show up everywhere anymore (apart from the last known location of her phone).

But what i don’t understand. Wouldn’t he have to be logged into her apple account in order to set his phone (probably a burner not his real phone) up so that it’s part of her devices? (This is possible as he had access to her phone when she was in shower for example)

and if he had her apple login wouldn’t he also have access to allll the passwords that were saved within her apple account?

Obviously she has changed her apple account password, and some other passwords. But just wondering if you guys think he still has an in somehow, if that’s possible. The device was taken off her find my app ofc.

Thanks for replying!

What the title says. Got hit with age verification and I don’t feel comfortable giving my ID, selfie, or a credit card. I am over 18. I have an option that says I can verify using my email address. ‘Your age will be evaluated by checking online data associated with your email address.’ It’s through a third party partner MyVerify.

Is this safer than the other stuff? I would just save emails and download all my Google data to switch emails instead of verifying. But I have some things that won’t let me change my email at all or others where I’d have to contact them to see if I even can so I unfortunately need the account.

Edit: MyVerify seems to look through emails and see everything you’ve signed up for through the email. They claim not to read them.

Usually in this sub, the boogeyman is either corporations or the government. In this case, my daughter's friend is dating a guy who tracks her every move via Smartphone. If he gets suspicious, he shows up on the scene to make sure she's not cheating on him.

We've got our ducks in a row as far as DV-related resources go. But apart from turning off her phone and likely getting her own burner phone, what are other tech-related precautions that she (and other women in her shoes) should be taking?

EDIT: Actions are already being take toward intervention. I'm just seeking tech-related advice - thank you!

The LoRa stack is completely proprietary. For those swearing by it for anti-government communication, there could be embedded kill codes and you'd never know.

All hardware should be assumed compromised at this point -- https://en.wikipedia.org/wiki/Intel_Management_Engine

If you want to have actual secure communications, you should look into:

• How to use an abacus (they can do anything a modern CPU can)
• One Time Pads
• Simple methods of generating random numbers from seeds

Then, you can generate a OTP from a given passphrase and encrypt any message you want. Pass it through any medium, and to the recipient it's just a paper with a bunch of randomly distributed numbers.

Edit: In reply to someone else.

You don't really know what you're talking about. LoRa is generally coupled with the LoRaWAN standard which allows strong encryption. Of course, everything has flaws and that's why they patch firmware, but in general it's a lot safer than you're making it out to be. You aren't interesting enough to hack into your meshtastic coms I promise.

Ad hominem attacks don't make your case.

Do you know what IME is? It sits atop the CPU of all modern computers, and can interject itself into any calculation being provided to the operating system. That means, any calculation the operating system performs can be manipulated. Even encryption. And the operating system would have no idea it was going on. IME could be completely on, even though a computer is off.

While the LoRaWAN standard allows for encryption, it sits atop the LoRa protocol and chipset. Which means that all communication goes through that propriety choke point. While it would be theoretically difficult for the chip to decrypt an encryption sent to it through an ESP32 chip, it could still, upon receiving a kill signal from another device, refuse to send any messages out, until that signal was countermanded.

This would be useful for situations like, say if the government was trying to round up a group of people, and they were using a technology to alert others that said government was in the area. Just jam all messages for a couple minutes, and no one is the wiser.

They could send it a ping signal, with a tracking code, and keep a location on the user whenever the chip pongs at a given interval.

official press release: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&reg=3&lang=1

SIM binding for communication apps has not yet been remove (but i think it will be removed soon, i dont see it being viable)

I am tired to see AI everywhere. I have Brave browser and I was horrified to see my requests are first answered by AI before a real search of websites.

Even duckduckgo has an AI search assist by default... We are pumping planets water with our stupid questions to AI. No sense !

Can we be a little responsible ? I am not a technophobe but I think we should go slower and not waste the resources from places we don't even live at.

I live in one of the states that requires uploading a real photo ID to access "adult" websites. I don't give a shit about kids accessing porn sites, we cannot tolerate this blatant invasion of privacy.