今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#Privacy

找到 129 篇相关文章

AI 资讯

I Trusted My AI Coding Assistant. It Turned My Computer Into a Surveillance Server.

You think your AI is just helping you write code. In reality, it's built a logging system on your machine that you never knew existed. Every conversation. Every code snippet. Every file path. Every time you asked "what was my password again?" — permanently archived, without your knowledge. How It Started: An Accidental Discovery I was about to sell my old laptop and decided to clean up my data first. I opened Claude Code's config directory — ~/.claude/ — intending to just remove my API key. Then I saw this: history.jsonl 243 KB / 695 lines sessions/ conversation metadata session-env/ environment variables shell-snapshots/ command execution snapshots telemetry/ 63 telemetry files projects/ 19 project directories ├─ interview-prep/ 31 sessions / 20 MB ├─ spring-ai/ 11 sessions / 13 MB └─ ... 17 more I thought I was just writing code. My computer thought it should record everything. What's Inside These Files history.jsonl — Everything You Ever Asked 695 entries. Every single thing I typed into Claude Code. Including: "I forgot my database password — can you check what passwords were configured in the project files?" "How do I view the database password?" Pasted code snippets Every /model , "who are you?", and project path You casually ask about a password once. It's permanently stored. projects/ — Full Conversation Transcripts (43 MB) If you think history.jsonl only storing user input isn't so bad — you haven't seen this yet. Inside ~/.claude/projects/ , every project directory contains .jsonl files. Opening one 2.3 MB session file: Content Count AI responses 590 AI internal thinking blocks 272 Tool calls 101 Tool call results (including file paths) 100 File history snapshots 208 Every conversation. Every AI response. Every internal reasoning step. Every file operation — what was read, what was modified, what was executed — all written to this file. shell-snapshots/ — Traces of Everything You Ran Your system PATH. Installed tools. Java version. All sitting in command s

2026-06-18 原文 →
AI 资讯

I built an Aadhaar QR reader that works 100% offline — no server, no data leak

Every time I handed my Aadhaar card to someone for KYC, one thought kept nagging me: Where is this data actually going? Most "digital Aadhaar verification" tools out there silently upload your card details to their servers. You have zero visibility into what gets logged, stored, or sold. For something as sensitive as a national biometric ID, that's a pretty terrible default. So I built AadhaarQRCodeReader — a web app that scans the Secure QR on any Aadhaar card, decodes all the identity details, and does the entire thing inside your browser . No backend. No API calls. No data leaves your device. Ever. PtPrashantTripathi / AadhaarQRCodeReader 🇮🇳 Offline Aadhaar QR Reader — scan or upload any Aadhaar card, no server, no data leak. 🇮🇳 Aadhaar QR Code Reader Scan the Secure QR on any Aadhaar card to instantly verify identity details — 100 % offline, no server, no data leaves your device. ✨ Features Feature Details 📷 Live camera scan Uses the rear camera on mobile, front on desktop 🖼️ Image upload Pick any photo containing an Aadhaar QR from your gallery 🔒 100 % offline All decoding happens in the browser — zero network requests 🪪 Full card details Name, DOB, gender, address, mobile last-4, email (if present), issue date 🃏 3D card flip Front (personal) ↔ Back (address) card flip animation 🔗 Shareable URL Result is encoded in ?data= so links can be bookmarked 📱 Mobile-first Works on iOS Safari, Android Chrome, and desktop browsers 📸 Screenshots Scanner Verified Result (Front) Verified Result (Back) Point camera at any Aadhaar QR Personal details on the front face Address & reference date on … View on GitHub 🤔 Wait, what even is the Aadhaar Secure QR? UIDAI added a Secure QR Code to modern Aadhaar cards (and letters) — it's that big QR, not the small one. It's essentially a compressed, binary-encoded snapshot of your Aadhaar record containing: Name, DOB, gender Full address (house no., street, locality, district, state, PIN) Last 4 digits of your linked mobile Email (if yo

2026-06-16 原文 →
AI 资讯

The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity. The proposed change would drastically shake up how people obtain phone plans in the U.S., and have all sorts of privacy and cybersecurity knock-on effects. The FCC is proposing the data collection partly as a way to combat scammers, with telecoms being required to collect other information on business and foreign customers like the intended use case of their bulk phone plan purchase and their IP address. But the changes would mean telecoms collect data on all new and renewing customers, and the FCC provides a long list of other things that the collected data could help authorities with...

2026-06-15 原文 →
AI 资讯

Making "files never leave your browser" verifiable with DevTools and CSP

"Files never leave your browser" is becoming standard copy for PDF tools, image editors, and document converters. But a trust claim and a verifiable fact are different things. Here's how to turn "zero upload" into something any user can audit in about two minutes, and how to enforce it at the browser level so it isn't just a promise. Step 1: Read the Network panel Open DevTools → Network, enable "Disable cache", reload. While processing a file, filter by "Fetch/XHR" and "Doc". A genuinely client-side tool should show only HTML/CSS/JS/WASM asset loads — no POST requests, no GETs carrying file content in query parameters. The non-obvious trap: third-party analytics, Google Fonts, and CDNs all show up as outbound requests. If you claim zero uploads, those count too. The honest move is to self-host fonts and scripts and drop analytics entirely, so the request list is genuinely short enough to eyeball. The Network panel is the human-readable check. The next part is what actually makes it hold. Step 2: Enforce egress with CSP connect-src This is the piece people get backwards, so it's worth stating precisely. CSP's connect-src is an egress allowlist the browser enforces before the request is sent . A fetch /XHR to an origin that isn't on the list is blocked by the browser and never leaves the machine. You'll see it fail in the console as a CSP violation, with no entry in the Network tab going out to that origin. This includes no-cors requests. no-cors is sometimes assumed to be an escape hatch, but it isn't one for this purpose. All no-cors does is let you issue a cross-origin request while making the response opaque (you can't read the body). It does not bypass connect-src : if the target origin isn't in your connect-src allowlist, the no-cors request is blocked exactly the same way — it never goes out. So you can't smuggle a file out to a third party with no-cors under a tight CSP. That's what makes CSP the actual proof, not just documentation. Tighten connect-src to 's

2026-06-15 原文 →
AI 资讯

rclone crypt: encrypt files client-side before they touch any cloud

If you want files encrypted before they ever reach a cloud provider — so the provider only ever sees ciphertext — rclone crypt is the simplest tool that works with almost any backend (S3, Google Drive, Dropbox, pCloud, Backblaze B2, a plain SFTP box…). This is client-side, zero-knowledge-style encryption you fully control. Here's a clean setup. The idea rclone crypt is a wrapper remote : it sits on top of a normal remote and transparently encrypts file contents and file/dir names on the way up, decrypts on the way down. Your passphrase never leaves your machine. local files -> [crypt remote: encrypt] -> [storage remote] -> cloud (sees ciphertext only) 1. Install curl https://rclone.org/install.sh | sudo bash # or: sudo apt install rclone rclone version 2. Configure the underlying storage remote rclone config # n) New remote -> name it e.g. "drive" -> pick your provider -> OAuth/keys Test it: rclone lsd drive: 3. Add a crypt remote on top rclone config # n) New remote -> name "secret" -> storage: "crypt" # remote> drive:encrypted # a subfolder on the storage remote # filename_encryption> standard # also encrypts file names # directory_name_encryption> true # password> (generate a strong one) # password2> (salt - optional but recommended) Back up the passphrase + salt in a password manager. There is no recovery if you lose them — that's the whole point of zero-knowledge. 4. Use it # Upload (everything is encrypted client-side first): rclone copy ~/Documents secret: -P # List (decrypted view, local only): rclone ls secret: # Mount as a normal folder: rclone mount secret: ~/CloudCrypt --vfs-cache-mode writes On the provider's side you'll see only opaque names like a1b2c3d4... — no filenames, no content. 5. Verify the provider sees nothing rclone ls drive:encrypted # raw view = encrypted blobs + scrambled names If you can read filenames here, filename encryption isn't on — recheck step 3. Gotchas crypt encrypts content + names, not the number of files or their sizes. A m

2026-06-14 原文 →
AI 资讯

I built a document converter that never uploads your files

Every time you use an online PDF converter, your file travels to a server somewhere — processed by a company you don't know, stored temporarily on hardware you don't control. For a random meme? Fine. For a payslip, a contract, or a medical document? That's a real privacy problem. What I built ConvertiZen is a document converter that runs 100% in the browser using WebAssembly and modern JS APIs. Your file never leaves your device. Ever. Verify it yourself: open DevTools > Network tab > run a conversion. Zero outgoing requests containing your file data. What it supports 40+ format pairs: PDF ↔ Word, JPG, PNG, Text, HTML, Markdown Excel ↔ CSV, JSON, HTML Images: JPG ↔ PNG ↔ WebP, GIF/BMP → PDF JSON ↔ CSV, Markdown ↔ HTML, XML → JSON How it works PDF.js for PDF parsing docx library for Word generation SheetJS for Excel/CSV Canvas API for image conversions Everything client-side — no server required Pricing 3 free conversions/day, no account needed. Beyond that: €0.69/conversion, €4.99 for a pack of 10, or €4.99/month for unlimited Premium. Feedback welcome What formats are missing? What would make you trust a browser-based tool over a server-based one? 👉 https://convertizen.netlify.app

2026-06-13 原文 →
AI 资讯

A warrantless wiretap law is about to expire — but surveillance networks aren’t actually ‘going dark’

Congress has failed to pass a three-week extension of Section 702 of the Foreign Intelligence Surveillance Act (FISA), with the House voting 218-198 against reauthorizing the controversial warrantless wiretapping authority through July 2nd. After a short-term extension earlier this year, the spying program now appears set to lapse for at least a week. This is […]

2026-06-12 原文 →
AI 资讯

How We Built a Zero-Upload PDF Editor in WebAssembly to Beat the $108/yr Paywalls

For years, whenever I needed to merge two PDFs or compress a file to upload to a government portal, I would Google "compress PDF", click the first result, and inevitably hit a paywall. "You have reached your 2 free files per day limit." Worse, I was uploading sensitive documents—tax returns, medical records, and NDAs—to random servers in God-knows-where just to strip out some heavy images. I decided to build an alternative. I wanted it to be 100% free, have absolutely no daily limits, and most importantly: zero server uploads . Here is how we built PDF Pro using Next.js and WebAssembly to process PDFs entirely natively inside the user's browser. The Architecture: Why WebAssembly? Traditional PDF tools (like Smallpdf or iLovePDF) use a monolithic server architecture. You upload your file to their AWS bucket, their backend runs a Python or C++ script (usually using Ghostscript or a proprietary library) to manipulate the PDF, and then you download the processed file. This architecture is expensive (high bandwidth and compute costs) and creates a massive privacy liability. By compiling a C++ PDF manipulation library down to WebAssembly (WASM) , we inverted the architecture. 1. The Build Process We took pdf-lib and custom C++ compression algorithms and compiled them to a lightweight .wasm binary. When a user visits PDF Pro Compress , their browser downloads the ~2MB WASM file once and caches it. 2. Client-Side Processing When you drag and drop a 50MB PDF into the UI, it never hits our server. Instead, the browser's JavaScript engine passes a Pointer to the file data directly into the WebAssembly memory buffer. The WASM module executes native C++ speeds directly on your local CPU to compress or merge the document. Performance Benchmarks Because there is zero upload and zero download time, the performance metrics are staggering: 10MB PDF Compression (Cloud): ~15 seconds (Upload) + 4 seconds (Process) + 5 seconds (Download) = 24 seconds . 10MB PDF Compression (PDF Pro WASM)

2026-06-11 原文 →
AI 资讯

33+ Free Developer Tools That Never Send Your Data

The Problem with Most Online Formatters You know the drill. You paste some JSON into a random online formatter, or convert a CSV to Markdown, or format a WeChat article. The tool works fine, but have you ever stopped to think about what happens to your data? Most "free" online tools send your content to their servers. Some store it. Some log it. Some sell aggregated data. You have no idea where your sensitive JSON payload, proprietary CSV data, or internal documentation ends up. The Client-Side Alternative I built tools.pixiaoli.cn — a collection of 33+ developer utilities that run entirely in your browser . No server uploads. No data collection. Your content never leaves your machine. What's Inside Here's a taste of what's available: JSON Formatter & Validator — Format, minify, validate, and tree-view JSON instantly CSV Converter — Convert between CSV, JSON, and Markdown tables WeChat Markdown Editor — Write Markdown and preview it exactly as it appears in WeChat articles Base64 Encoder/Decoder — With file upload support URL Encoder/Decoder — For query parameters and path segments Hash Generator — MD5, SHA-1, SHA-256, SHA-512 Color Converter — Between HEX, RGB, HSL, and named colors Regex Tester — Live pattern matching with highlighted results Diff Viewer — Side-by-side text comparison Code Formatter — JavaScript, CSS, HTML, SQL, and more UUID Generator — v4 UUIDs for APIs and databases QR Code Generator — Customizable with logo support Markdown Preview — Live split-pane editor Image Format Converter — PNG, WebP, JPEG, GIF, BMP, AVIF Text Case Converter — camelCase, snake_case, kebab-case, and more Lorem Ipsum Generator — Customizable paragraph count and word limits HTML Minifier — Remove whitespace and comments CSS Minifier — Compress stylesheets JavaScript Minifier — Obfuscate and compress JS XML Formatter — Pretty-print XML documents YAML Formatter — Validate and format YAML HTML to Markdown — Convert rich HTML to clean Markdown Markdown to HTML — Render Markdow

2026-06-11 原文 →
AI 资讯

Bulk Password Breach Check: Safe & Local Vault Auditing

Audit thousands of passwords against data breaches — completely in your browser with zero-knowledge privacy. Published: June 9, 2026 TL;DR Most bulk password checkers require you to upload your entire vault. Utilora’s Bulk Password Breach Checker uses HIBP’s k-anonymity + local hashing so your passwords never leave your device . The Hidden Risk Most People Ignore Using a password manager is excellent, but it’s not enough. Many users unknowingly reuse or slightly modify passwords that have already been leaked in massive breaches (LinkedIn, Adobe, Yahoo, etc.). Manually checking hundreds or thousands of passwords is impractical — which is why people turn to bulk checkers. The problem? Most bulk checkers ask you to upload your password list . That creates a massive new privacy risk. How Utilora’s Zero-Knowledge Breach Checker Works We built this tool using a privacy-preserving technique called k-anonymity (popularized by Troy Hunt of Have I Been Pwned). Step-by-Step Technical Process: Local Hashing — Your browser uses the WebCrypto API to create a SHA-1 hash of each password locally. Prefix Only — Only the first 5 characters of the hash are sent to HIBP’s Range API. Server Response — HIBP returns hundreds of matching hashes that start with the same prefix. Local Comparison — Your browser checks if your full hash exists in the returned list. Result: HIBP knows someone checked a password starting with ABC12 , but has no idea which specific password it was. Why You Should Audit Your Entire Vault Regularly Discover weak or compromised passwords you forgot about Clean up old reused passwords Respond quickly after major breaches Maintain good password hygiene across all accounts Real-World Scenarios You exported your Bitwarden / 1Password / KeePass vault You want to check 500+ passwords before a security audit You just heard about a new major breach and want to verify impact You’re helping a family member or client secure their accounts How to Use the Tool Go to the Bulk Pas

2026-06-11 原文 →