[ overboard / sfw / alt / cytube] [ leftypol / siberia / hobby / tech / edu / games / anime / music ] [ meta / roulette ] [ GET / ref / booru]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Flag
File
Embed
Password (For file deletion.)

New Announcement: IRC<=>Matrix bridge #leftypol on Rizon
Feedback Wanted! : Designing Transparency by Default
Proposals done until Monday : /meta/


File: 1608526010241.jpeg (573.58 KB, 1140x500, cyber_security.jpeg)

 No.2111[View All]

Comrades, we need a thread on privacy. Any decent activist should try ways of staying anonymous on the web and prevent being tracked by governments and corporations.General tips===* Use free software as much as you can.* Use GNU/Linux and keep it up-to-date, to be sure that you don't have unpatched security exploits* Don't use Flash Player, use youtube-dl instead for watching streaming videos online* Do not use Google, use DuckDuckGo or StartPage instead* Use a password manager like Keepass or for GNU/Linux users keepassx. Create new passwords for every site that you visit and use a strong password as a master password. A tip for easy remembering of your master password is to use a sentence. "i fucking love cookies and tits!" with extra capital characters etc. is easier to remember than some random characters and long enough to prevent brute force attacks of any kind.* Use the Tor Browser Bundle if you really want to stay anonymous.Firefox====* Go to Preferences -> History and set History to "Never remember history". * See for additional tweaks: https://github.com/amq/firefox-debloat and https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-securityAdd-ons-----------* Use uBlock Origin for preventing tracking etc. Bonus: use hard-mode to manually whitelist external domains on sites. Don't use uBlock but be sure to use uBlock Origin https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode* HTTPS Everywhere* DecentralEyes: prevents CDN hosting from tracking you (Google for Jquery etc.)* Self Destructing Cookies: only allow cookies that you choose to allowOS==* Encrypt your hard drive or home partition at least* If you use GNU/Linux, you can try to restrict systemd or syslog from logging. * Use a distribution which takes security seriously. Also, be sure that you don't install a lot of things outside the repository. It will cover most of your needs.Real life tips===* Pay with cash if you canFeel free to provide tips to each other comrades!
83 posts and 6 image replies omitted. Click reply to view.

 No.5932

>>5906
>>5919
>>5931
https://madaidans-insecurities.github.io/linux-phones.html
https://madaidans-insecurities.github.io/android.html

>The best option for privacy/security on Android is to get a Pixel >=3 and flash GrapheneOS. GrapheneOS does not contain any tracking unlike the stock OS on most devices and includes many hardening enhancements such as a hardened memory allocator, hardened C library, hardened kernel, stricter SELinux policies and more.

Save up some money and get a used Pixel if you actually care.

 No.5954

File: 1608526398681.png (447.36 KB, 834x646, NSAiphone2.png)

>>5906
>iphone
Old but still relevant.
https://privacysos.org/blog/nsa-calls-the-iphone-using-public-zombies-who-pay-for-their-own-surveillance/

They collect BSSIDs and GPS data for their network location service.
https://consumerist.com/2010/06/21/privacy-change-apple-knows-your-phone-is-and-is-telling-people/

They neglected fixing a security vulnerability for three years so law enforcement could use it as a backdoor. Who says they don't the same with iOS?
https://www.telegraph.co.uk/technology/apple/8912714/Apple-iTunes-flaw-allowed-government-spying-for-3-years.html

They also have a backdoor to remotely wipe phones.
https://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html

Apple proposed integrating the fingerprint scanner into the screen so you can't use the phone without giving away your fingerprint.
https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen

Apple collects all your call history.
https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/

We had the fappening happen because it uploads all your images to iCloud. It even sends the files to the cloud without asking for permission.
https://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud

Most iCloud data and some data from passcode-locked devices can be provided.
https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/

https://www.hongkongfp.com/2017/06/08/china-uncovers-massive-underground-network-apple-employees-selling-customers-personal-data/

 No.5970

Search engines are all data mining, and even the privacy focused engines have backendes built on other search engines and sketchy glowey companies operate them.

 No.5971

Uninstall the games.

 No.5974

>>5970
yeahhhh ddg uses a tracking pixel, although they do provide a .onion service which is what i use

 No.6066

>>5974
How about using DDG without JS?

 No.6067

Did someone read the age of surveillance capitalism by Shoshana Zuboff here? I heard good things about it, plan to read it asap.

 No.6120

Is the focus on privacy overrated? It's fundamentally an individual thing which shifts the responsibility onto the consumers, risking distraction from the fixing of problems that were caused by capitalism's normal operation. What's the purpose of willfully self isolating from the majority of people who cannot afford pricy boutique devices or must use proprietary software and online platforms? Shouldn't directly attacking the capitalist corporations by labour organization be better than doing basically bunker tactics? That is far greater protection provided than trying to dodge the glows by technical methods.

 No.6121

>>6120
obviously privacy itself should not function as praxis but ignoring privacy as countermeasure to advanced police state would be a mistake for any leftism movement organizers.

 No.6122

>>2130
I was wanting to do this with a corebooted hardrockpro from pine for a FOSS (no proprietary blobs!) email and media server. Should be versatile enough to end my youtube and gmail use outright.

 No.6123

>>6120
People who take the privacy bullet are usually FSF enthusiasts and are slowly trying to move towards a fully FOSS setup for themselves. For most people using Google and Twitter or whatever is fine however there are best practices of privacy that should be followed when you expect to be tracked (like at a protest). Ignoring those not only puts yourself in danger but everyone you may be associating with at said protest/riot. Further reason to ditch your smartphone for a Linux or De-Googled Android phone is that apple/google surreptitiously rolled out 'contact tracing' to all devices which also tracks you in doors.

Also convincing your friends to switch from facebook to a signal group is really easy, I forced my friends over and it's a lot comfier and more personal (cuz its just 4 people).

 No.6124

>>6123
oh i forgot to mention the best practice (turn off your phone or remove the SIM card) for protests

 No.6146

>>6124
Or use a pocket faraday cage.

 No.6147

>>2111
What does it mean by “don’t install lots of things outside of the repository”? I though on Linux you could only download stuff from the repository.

 No.6149

>>6147
you can download shit from wherever you can get it

 No.6229

Does Whatsapp's E2EE actually mean Facebook can't see your messages/audio/video? I've heard they only get your metadata.

 No.6232

>>6229
they advertise that their protocol is based on signal's p2p encryption and they cannot observe or store exchanged keys but it's not open source and we don't know how to capture and analyze their protocol yet so nobody can verify it.

 No.6256

>>6229
Even if it was true Google still sees everything you do, unless you're using whatsapp on a custom ROM.

 No.6275

>>6067
Haven't read it, but I'm kind of skeptical of these kinds of books. They all seem like technoliberal bullshit to me, trying too hard to define this 'surveillance capitalism' without actually understanding capitalism in the first place. I had the same problem with those Netflix documentaries, "Social Dillema" and whatnot. Still, that doesn't make the book irrelevant, I'm sure it contains useful information about these matters. Have you started reading the book by now, anon? I'd like to hear thoughts.

>>6229
I heard that the automatic Google Drive backups Whatsapp enforces are unencrypted, meaning both Google and Whatsapp get to see your messages. I also heard they store all the names to files you send, but can't see the actual contents of the files. Just to be clear, I have no confirmation of whether any of this is true, it might all be be FUD. In any case, Whatsapp is not to be trusted whatsoever. Remember:

>When Facebook gives you encryption, that only means they no longer need to see your messages to track you.

Meaning, your metadata still allows them to know a lot about you. Think about the fact that they have all your contacts, and your contacts' contacts, and so on. They also have a log of who you talk to, as well as frequency, time, etc. Even if they don't know what you're saying, they still know who, when, etc.

 No.6287

>>2136
The best thing will be something with open firmware. Coreboot is the best one. System76 and Librem sell laptops that use coreboot. The other high security option is to buy an old Thinkpad that can run libreboot or coreboot and install that over the stock BIOS.

For browsers I would just use Firefox with add ons. As the code base is extremely well audited.

A Linux distribution is a ready to use GNU/Linux operating system. It usually comprises a kernel (Linux) basic utilities, a graphical user interface, application software, and an online software repository that is used to keep the system updated. Popular Linux distribution examples are Ubuntu, Fedora, Solus, elementary OS, Debian, POP! OS, and Linux Mint.

 No.6289

>>6287
>System76 and Librem sell laptops that use coreboot.
Just buy a thinkpad and flash the mobo yourself. You'll save at least $100 by doing that.

 No.6290

>>2136
>What do you guys think of Comodo IceDragon? It's a free Firefox-based browser (so it can have the same add-ons), but it comes with some built-in security features IIRC.
https://spyware.neocities.org/articles/browsers.html

 No.6566

>>5617
Dragnet makes me sick to my stomach, saved.caCanadien

 No.6567

>>6289
System76 laptops turn off system management mode in the processor, or, ring level -2. That's part of their appeal.

 No.6606

there is a simple privacy manual? that can be translated to the masses?

 No.6619


 No.6660

Hello comrades, I have a quick question and I hope this is the proper place to ask.
plebbit spacing in honor of the ongoing gamestop short squeeze
Are there any good, privacy-respecting (but also free) www whiteboard services? Ease of use is a high prio since I need to get normies in on it.

 No.6921

Some days ago both DDG and Startpage.com stopped allowing search requests (at least) on Tor Browser with JS off, sooo…
https://searx.xyz/
Just leaving this here if anyone else were looking for an alternative, I hope this is a temporary bug of some sort because Startpage images is very reliable, and I had just gotten into the groove of using "" around terms and words on DDG onion to get quite good search results…

I'm not fucking enabling JS or using Google. Only forward.
https://searx.xyz/
https://searx.xyz/
https://searx.xyz/

 No.6929

>>>>6921
DDG disallowing searches from tor w/o JS is alarming if true.

I have to disagree with everyone else in this thread, my experience has been that DDG has provided superior search results for almost five years now, and Google’s results have been in steady decline since 2007, becoming particularly shitty in 2003. My personal stance is that if Google provides you better results than DDG, you are the cancer that’s killing /b/, the algorithms were designed around you.gentooGentoo

 No.6939

>>6921
>Use Searx more than twice
>Rate limit exceeded
Wat do?

Also, I tested both my default Tor install with only the security preset set to "Safest" (no js) and my IceCat install with JavaScript disabled and a custom user.js from reddit via EFF's Coveryourtracks tool (FKA Panopticlick).

Can anyone explain why my IceCat install is marked as fingerprint-protected (1 in 4000 browsers have same fingerprint) and my Tor install isn't (unique fingerprint)?
I'm trying to wrap my head around why this is possible given Tor's whole point, so maybe I misunderstood what it does and doesn't do in the first place.

 No.6940

>>6921
html.duckduckgo.com works without JS
>>6939
The TBB approach to browser fingerprinting is to blend in https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead

>Rate limit exceeded

Change Tor circuit, or use another searx instance https://searx.space

 No.6978

>>6921
You know there is a tor instance, too, right, anon?

http://upzhip7hatfbsi5xcwyw6n2bpappt3j4gkvwjmyb7qo6urcyhmlekpad.onion/

 No.6994

File: 1615027317921-0.jpg (193.49 KB, 719x1351, WhatsApp Privacy.jpg)

File: 1615027317921-1.jpg (295.3 KB, 713x1351, WhatsApp Privacy 2.jpg)

>>2111
What must I do, comrade?

 No.6995

>>6994
Get telegram

 No.6996

>>6994
>>6995
use signal

 No.6997

File: 1615043552743.png (573.12 KB, 3462x1884, anti-signal.png)

>>6996
Use Matrix/Element, or GNU Jami

 No.7869

>>2774
>not sure why this thread is on the last page
Looks to have been importantly from Bunkerchan, probably why the original posts are a bit scuffed.

>>2781
Here's a non-Snopyta Invidious instance:
https://vid.puffyan.us/

It's accessible through Tor:
http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/

And here's a list of more instances:
https://instances.invidio.us/?sort_by=healthpiratePirate

 No.7870

>>7869
>importantly
imported*piratePirate

 No.7871

>>2779
>>2781
And if you want to use Searx on an instance other than Snopyta's, a /leftypol/ anon in another thread posted one he hosts through Tor:
http://z34zvdnudiq5om7v547g42nr36l4ut7pek6bx7prn4emi5ncdgo6jhad.onion/

You can find plenty of others which are available through the clearnet.piratePirate

 No.7957

File: 1618901364189-0.jpg (337.8 KB, 720x1682, Truecaller.jpg)

File: 1618901364189-1.jpg (394.97 KB, 720x1612, Truecaller 2.jpg)

What do you think about this app?

 No.9225

File: 1623712279029.jpg (3.35 MB, 4032x3024, IMG_20210614_130913.jpg)

Privacy 'woke' people are always saying "VPNs are a scam and do nothing :3 uwu" and I'm over here with no more ISP letters despite torrenting shit all the time

 No.9227

>>9225
Literally the only thing they're useful for. They will still sell your data.

 No.9228

>>7957
It reminds me that no matter how secure you might make your phone it is all useless if the people you're contacting are retarded and have their shit filled with spyware.

 No.9236

File: 1623720867276.png (5.41 KB, 257x196, lunge.png)

>>9227
wouldn't an ISP be as likely to sell your data as a VPN?

 No.9238

File: 1623721937707.jpg (80.86 KB, 720x720, 1623717280902.jpg)

>>9236
Yeah, so unless you live in a country that regulates torrenting you're paying extra to just get datamined.

 No.10952

Bump

 No.11553

https://nitter.eu/tenacioustek/status/1434604102676271106
Apparently Protonmail handed out the IP address of a French activist on demand of the Swiss Government. Should I stop using their services completely, even their VPN?

I've read this article, but I'm still doubtful: https://beebom.com/protonmail-logged-ip-address-should-you-worry-privacy/

 No.11554

Also a lot of the .onion Invidious instances such as IncogTube are down, the timing seems fishy, only the ones that connect to googlevideo services remain.

 No.11556

>>11553
>not assuming every email provider is pozzed or will become pozzed in the future
>not taking precautions based on that assumption
>not compartmentalizing by default
>not using Tor by default
c'mon anon, it's not that hard

 No.11558

>>11556
Well it's not like I use protonmail for anything particularly sensitive and I do use Tor+VPN for browsing, just not for email since I barely use it.


Unique IPs: 3

[Return][Go to top] [Catalog] | [Home][Post a Reply]
Delete Post [ ]
[ overboard / sfw / alt / cytube] [ leftypol / siberia / hobby / tech / edu / games / anime / music ] [ meta / roulette ] [ GET / ref / booru]