No.2111[Last 50 Posts]
Comrades, we need a thread on privacy. Any decent activist should try ways of staying anonymous on the web and prevent being tracked by governments and corporations.General tips===* Use free software as much as you can.* Use GNU/Linux and keep it up-to-date, to be sure that you don't have unpatched security exploits* Don't use Flash Player, use youtube-dl instead for watching streaming videos online* Do not use Google, use DuckDuckGo or StartPage instead* Use a password manager like Keepass or for GNU/Linux users keepassx. Create new passwords for every site that you visit and use a strong password as a master password. A tip for easy remembering of your master password is to use a sentence. "i fucking love cookies and tits!" with extra capital characters etc. is easier to remember than some random characters and long enough to prevent brute force attacks of any kind.* Use the Tor Browser Bundle if you really want to stay anonymous.Firefox====* Go to Preferences -> History and set History to "Never remember history". * See for additional tweaks: https://github.com/amq/firefox-debloat
Use uBlock Origin for preventing tracking etc. Bonus: use hard-mode to manually whitelist external domains on sites. Don't use uBlock but be sure to use uBlock Origin https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode*
HTTPS Everywhere* DecentralEyes: prevents CDN hosting from tracking you (Google for Jquery etc.)* Self Destructing Cookies: only allow cookies that you choose to allowOS==* Encrypt your hard drive or home partition at least* If you use GNU/Linux, you can try to restrict systemd or syslog from logging. * Use a distribution which takes security seriously. Also, be sure that you don't install a lot of things outside the repository. It will cover most of your needs.Real life tips===* Pay with cash if you canFeel free to provide tips to each other comrades!
Isn't the easiest make to ensure privacy to just not transmit sensitive info over the internet? Not saying this in a "NOTHING TO HIDE NOTHING TO FEAR" way, but just as a matter of simplicity, opsec and practicality. Didn't the FSB recently switch back to using good old typewriters for sensitive documents because of this?
>>55That's a very good tip indeed. Don't expose too many personal details online.
>>55> the easiest make*easiest way
>Encrypt your hard drive or home partition at leasttfw to lazy to get luks working.>Do not use Google, use DuckDuckGo or StartPage insteadAlso, duckduckgo has shit results. I use it, when I don't want google to notice what I'm searching for, but for normie stuff I'm back to google. But I had my privacy fundemantally broken when I decided to stay at googlemail (whats a good alternative btw?)>Use a password managerDoing that and still have just a bunch of passwords. Should definitely change that behaviour.>FirefoxDon't use it anymore, but I need a list of tracking services, so I can (ad)block themMy tip:Don't use WhatsApp but XMPP with OTR to comunicate. When fecesbook gives you end-to-end encryption, this can only mean they don't need the contents of your messages anymore. Metadata are already usefull enough to decide which people are gonna be killed by drones, don't give the corporations more than that you can't avoid.
>>58>tfw to lazy to get luks working.Same. It's so much of a hassle. I wish that there was a single button solution that would encrypt my hard drive while letting all the data remain on it.>Also, duckduckgo has shit results. I use it, when I don't want google to notice what I'm searching forI'd recommend Startpage then. It's just a Google proxy and has almost the same results.>But I had my privacy fundemantally broken when I decided to stay at googlemail (whats a good alternative btw?Same here comr8. Protonmail appears to be good. If you live in Europa, you can also try Posteo. They seem very strong on privacy and you can even pay them with send cash. https://posteo.de/enThere's
also this other email startup, I don't know if they are any good tbh fam. But it's free at least (as in, it costs no money).https://tutanota.com/Excellent
tip you have on WhatsApp by the way. People forget about the importance of metadata leakage.
interesting, but>made by Berndkc-tier tbh
>>60You can also look at the email providers listed at:https://www.privacytools.io/#email
For securer e-mailing:https://emailselfdefense.fsf.org/en/Note
that metadata isn't encrypted with GPG, but your content is however.
DO NOT use FuckFuckNo. It was made and is owned by a person who ran a site called The Names Database (or something similar) which was literally a datamine which he sold for millions.Instead use https://searx.meFor
email, Tutanota is great, especially if you use it in combination with GPG. Cock.li is also excellent if you use GPG.
>>>63Oops, http not https. if paranoid about non-SSL, run your own instance. The code is hosted on github and there are several other community run instances
>>54HTTPS on searx.me works fine here.
>DO NOT use FuckFuckNo. It was made and is owned by a person who ran a site called The Names Database (or something similar) which was literally a datamine which he sold for millions.One thing though, they have a Tor hidden service. I don't think that it could hurt to use that.
Another tip for my comr8s:You can use FireJail to sandbox applications like your browser.
A stupid question:I want full disk encryption without having to wipe my data. Is this possible? I've looked at: http://www.johannes-bauer.com/linux/luksipc/But
I'm too pussy to try. Anyone got advice?
>>91Looks very interesting. When having the time, I will give it a try.How about backing up your most important data and then go for it?
>>92Thanks! It would be so nice if someone could try it. I hear lots of good stories about it on the interwebz, but I'm scared that I might forget a step and lose everything.Of course, I can backup important stuff but then I could backup and reinstall Debian but encrypted with the same amount of effort. ;_;To be honest, I really wish there was an easy-step-by-step guide for encrypting partitions.
is nice for anonymizing your metadata. Suppose you write a radical text, the file itself contains some bits of identifying information sometimes.This program clears it of any metadata.
>>98Depends on how good your admin-skills are. But I think, if you keep it up to date and invest some frequent work in staying informed on current security issues as well as cryptographic knowledge, much safer than having it at gmail or microsoft.
>>99I have never administrated anything before.Cryptography is a topic I love but getting up to date with cyber security is a mystery to me.
>>101There is no absolute security, and when someone really wants to get into your server, he will find a way; especially when you're not a pro at defending it.However, I don't think somebody will make the effort to crack reasonably encrypted content.
>>98>How safe will it be to have a server in my house for my personal email and webpage?
>>98>How safe will it be to have a server in my house for my personal email and webpage?Install gentoo and run all webserver related services on their own user account so if they get hacked the attacker doesn't have root or other access to anything that would let him easily privilege escalate (e.g. graphics card access).Currently i'm trying to find a secure non-root alternative to courier-imap :/>>102>However, I don't think somebody will make the effort to crack reasonably encrypted content.encryption has nothing to do with this. if you are worried about the content of your emails then you need to pgp encrypt them, but that is unrelated to running your own mail server and unrelated to the mail server's security.reminder that all emails that aren't pgp encrypted and travel over the internet are read at least the very least by the NSA's AI.
I'm going to buy a new laptop soon. What model should I get if I want privacy? I'm going to install Qubes OS.What do you guys think of Comodo IceDragon? It's a free Firefox-based browser (so it can have the same add-ons), but it comes with some built-in security features IIRC.Also, what's a distribution?
>>159Hardware shouldn't matter for privacy purposes, but the company 'System76' has good linux compatible hardware
>>160Except for hardware-level botnet features like uefi and intel mme.>>159A distro is a compilation of software, which comes mostly as a ready-to-use operating system. The Qubes OS you have chosen is such a distro.
Attempting to post via tor
Testing, testing, 1, 2, 3.
>>86does not work
>>58>alternative to GmailI use ProtonMail and it's pretty good. They have a tiered system though, so if you have a high volume of email, it might be worth paying for the standard tier. Plus iirc they bundle in their premium ProtonVPN service for a paid ProtonMail account
>>236Throwing up your own copy of postfix and running your own mail server isn't particularly difficult. It does attract a load of pests to your connection, though.
Anyone use RiseUp services? Particularly looking for a new email to switch frm google
>>58>>236>>268I suggest just using email service from countries that don't extradite to [insert your country here] or cooperate with your law. Like, half these "suuuper private email" sites turn out to be honeypots anyway (protonmail is). Better to just use a mainstream Russian or like, Vietnamese email service I'd guess.
>>91>I want full disk encryption without having to wipe my data.Just make a backup.
everyone switch to STARTPAGEhttps://www.startpage.com/its
like duckduckgo but better and with a name that isnt stupid like 'duckduckgo'also it has proxy viewing. Very useful to read articles etc at work, if your work monitors web traffic like mines does.
Privacy is mostly not a technical issue, but a social one.What good does it do when you follow all the expert advice in how to use technology while your family, friends, coworkers, and party colleagues are constantly broadcasting to the world what you say and what you do and where you are? Privacy-protecting software has to be used by the people around you; privacy-protecting habits have to be common among the people around you. A software with the best privacy protection is useless if nobody uses it. Software that is not very competently made from a cryptography expert's point of view, but that has an an appealing and easy interface and a good meme propaganda campaign around it, so that the people around you then actually use it (when they didn't use anything protecting them and you before), can do more for your privacy protection in the big picture.People form habits that follow them for the rest of their lives while they are young. How to design privacy-protecting software that appeals to kids?
>>596>What good does it do when you follow all the expert advice in how to use technology while your family, friends, coworkers, and party colleagues are constantly broadcasting to the world what you say and what you do and where you are?That's what compartmentalization is for.
>>597You mean activities like posting on different topics on different sites under different pseudonyms and not presenting a full picture of your various interests all bundled in one place, but the point is that it isn't really up to you how much of you shows up online.Here's the kind of story that happens every day: You are a member of a party. Of course, those members elected to important positions aren't anonymous, but there is no public database of all party members and you like it that way. At a small non-public meeting, a fellow party member takes a photo of you. You politely but firmly ask that person to not publish it. The person promises not to do that. A few minutes later the picture is online (but you don't know that immediately, you only get to know it with a delay, as it makes the rounds. The comrade is an old fart who lives off a pension. You still have most working years ahead of you. This information about you is now online forever. Any neonazi or potential employer can enter your name into a search engine and see that you are in a hard-left party.There needs to be a cultural shift so that the people around you IRL don't fuck up your life.
>>598It's true, we need a professional and disciplined attitude about security in our organizations. I think that's different from saying we can't have security if our family and co-workers aren't all disciplined.
>>601I prefer not having to go through the trouble of hosting my own search engine. I want user friendliness, which is exactly what DuckDuckGo gives me. On top of that, DuckDuckGo doesn't censor the results I receive.Google has censored The Daily Stormer and 8chan, which is disgusting. I hate politically motivated search engines. Search engines should be just what they are: a program that searches the Internet for you for the content you requested.
not sure why this thread is on the last page, but these links definitely need to be somewhere on /tech/https://invidious.snopyta.org/https://nitter.snopyta.org/https://snopyta.org/
but also wanted to ask, what's up with archive.is not having SSL encryption? should this be concerning?
Anyone tried https://qwant.com
Are they more or less trustworthy than duckduckgo? Results seem comparable.>>2774>what's up with archive.is not having SSL encryption
It supports SSL but doesn't automatically redirect to it https://archive.is/
if you’re concerned with privacy just go with searx. snopyta.org has a searx instance.
archive.is blocks tor via cloudflare anyway
not smart to put all your eggs in the same basket. using everything via snopyta instances means they technically have access to an aggregated collection of your browsing activity. and you should never rely just on trust.
You can use Youtube-dl with Tor:
youtube-dl –proxy "socks5://127.0.0.1:9050"
As for browsing for videos, use invidio.us.
I can't login to my account with invido.us for some reason; never been able too.
If you don't have system Tor running, then you can proxy through Tor Browser, which uses socks port 9150 instead of 9050:
youtube-dl –proxy "socks5://127.0.0.1:9150"
Of course you can still pipe the output to mpv like before. I have something like this in my shell config:
/usr/bin/youtube-dl –proxy "socks5://127.0.0.1:9050" "[email protected]" -o - | mpv -
Then you just use it like this:
If Tor is too slow add the -f worst flag.
youtube-mpv -f worst https://invidio.us/watch?v=y5zQTmkY7GI>>2784
If all you want is to subscribe or follow someone on social media, then you can use RSS feeds instead of creating an account, which is often blocked over Tor anyway. What you need is a RSS feed reader that supports socks5 proxies for use with Tor.
You can replace a lot of your browsing routines this way, which will save you a ton of time, since you'll have everything you're interested in aggregated and automatically updated in a single program.
Keep in mind though that all feed reader's connections will use a single Tor "identity". This is similar to opening everything within a single Tor Browser session, without resetting the circuits. So if you subscribe to a bunch of invidio.us channels, all of the connections to invidio.us will come from the same Tor exit relay (while connections to other sites will use different circuits). This is still way better than using an account, but it doesn't allow for total isolation of different "identities" in the OPSEC sense.
Another issue is that your feed reader will probably use its own User-Agent header. If possible change it to whatever current version of Tor Browser uses. You still won't have control over the rest of HTTP headers though, which could also be used for fingerprinting.
Of course in the end it's safer to just use Tor Browser, copy-paste URLs from some text file, and often reset the browser's session. Unless you write your own scripts there's always some compromise, most devs still have barely any idea how mass surveillance works or just don't care.
be careful installing random add-ons, as these can be used to fingerprint you.
Set up a script if you can to randomly assign your user-agent
Random user agent spoofing has little use if you don't use a proxy or public networks (then you should also spoof your MAC address).
And if you use Tor it will only make you stand out more since Tor Project's design philosophy bets on uniformity rather than randomness.
User-Agent is not the only HTTP header that they use to fingerprint you anyway. Each browser has a distinct set of HTTP headers it uses (Accept, Accept-Encoding, Accept-Language, etc.), so if you spoof just your User-Agent header you're just telling the website that you e.g. use Firefox with a user-agent-spoofing add-on.
You're only making it worse!
luks is fast and easy, friend
>>2136>I'm going to buy a new laptop soon. What model should I get if I want privacy?
>Also, what's a distribution?
A combination of package manager and package configurations. Ubuntu, Debian, Redhat, Suse, etc.
>>2792>luks is fast and easy, friend
Doesn't work that well with SSDs. Many report 50% drop in performance. There's also the TRIM dilemma: either you TRIM, which leaks some information (space usage, filesystem used), or you don't TRIM and your SSD will have shorter life-span and deteriorating performance.https://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
I guess if you don't do full disk encryption and instead only encrypt your /home then it's not such a big issue.>>2115>Also, duckduckgo has shit results.
True. I don't know what happened in the last couple of years but all of these "alternative" search engines have become complete utter shit. You use 5+ very specific keywords, looking for something specific and obscure, and it always spits out the most generic results possible based on only one or two of the terms used. Quoting keywords doesn't have any effect anymore either. It's such a pain trying to find anything, trying to make the search engine finally listen. Most of the time I just give up.
I'm seriously considering just using Google, but it blocks Tor with its stupid infinitely-looping AI-training captchas. Bing is also an improvement, but it seems heavily biased towards regional results, so it's not that useful over Tor.
Let's get into some meatspace privacy stuff. Here is a map with camera locations:https://sunders.uber.space/
You can add cameras that you see outside on openstreetmap and they will be added here.
I'm finally starting to take my privacy seriously. I've already been doing a lot of the easier/lazier stuff in this thread for a long time, but I've been stuck in the google ecosystem for like 10+ years(email and youtube mostly). I'm gradually cutting all ties with it. I'm sure the profile they've built will still be able to identify me when I pop up on their radar, but not spoon-feeding them my data directly should be an improvement. Between my VPN usage and general browser security I should have a little more privacy.
pretty much the best most people can do.
Fact is, if they want your info/data they can and will get it.
Doesn't mean you need to make it easy, nor give them all of it.
i like this blog, was fun to read through. The author tends to emphasize how opsec is more than just the software you usehttps://grugq.github.io/blog/2013/12/01/yardbirds-effective-usenet-tradecraft/
I'm building one of these next week to finally set up a pihole with and maybe do some other dumb stuff like keep a little local backup of my CV etc., I'm not sure if that's actually that smart though, none of the info I'd be backing up isn't already public but I don't know about keeping it on the same box as a DNS server that's probably going to be constantly hammered by ads
OR should I just back up the files I want to keep onto another Micro SD card and tape it to the top of the server?
Really interested in the utility of little hobbyist hardware solutions for common privacy issues like corpo tracking, and it will be a fun project even if its only marginally effective
>>2111>Use a password manager like Keepass
is it alright if i use bitwarden? i like the easy sync across multiple devices
If you're talking about their cloud offering then its enough to deal with reducing password reuse but because the database is stored on their server and is encrypted/decrypted via a webpage they control you should not expect any protection whatsoever from anyone with serious resources. If three letter agency wanted access to your passwords on a self controlled keepass database then they would have to either thoroughly compromise your computer (to the point nothing would help) or get the password via other means, for something like bitwarden they could potentially walk into the office with a subpoena and have them change the web page so it sends your password to the server and decrypts your db for them, since there is no warrant canary assume this has already occured.
I'm using keepass and tbh I don't see the problem with just transferring the file around, its like 5kb, I've got into the habit of just copy/pasting it across my different machines when I update it on my main machine, it takes like 2 seconds to copy it to my phone and push it over waprinator or ssh to my laptop, if I needed to get it remotely for some reason I could just put the encrypted password file in a cloud repo or github or something and up the masterpass complexity/change the pass after downloading the file (I don't forsee ever needing this so I don't have an online backup of it, doesn't seem like the greatest idea even if a 30 character properly configed masterpassword should be virtually uncrackable)
I think the slight hassle is worth the extra comfiness of knowing its not being passed around in a cloud server by some company somewhere, and the passwords don't need to change often, since they're so strong, and they all get changed at once since force change after a certain time is enabled for them
I really hate that I can't post on fourchins with my vpn. I want to basically fight every right wing post that they shoehorn into any thread.
anyone virtualize whonix on debian: what version of virtualbox do you use?
I will be getting a passport soon to leave the country. I want some advice on how to best obfuscate my face to defeat the facial recognition involved in the biometric photograph I need to take for my passport. What can I safely implement to do so that won't cause me grief now or in the future? I want my passport photograph to be accepted, but I don't want to then get detained in another country on suspicion of having a fraudulent passport as a result of my obfuscation measures.
The following is what I have already considered and may implement:
1. Be clean shaven. Since I cannot grow enough facial hair to cover my jaw line, I will not benefit from having any in my passport. I can begin growing my facial hair once I leave the country, but before then it is better to not provide the AI with any data on my facial hair, which alone can be used to uniquely identify me on the basis of growth pattern and hair phenotype.
2. Wax my eyebrows. Since facial recognition relies heavily on data from the brow, waxing my eyebrows to a length and width slightly different from my natural look can obfuscate this, hopefully without giving me any trouble in the future.
3. Change my hairstyle. Having a hairstyle that obfuscates its length and phenotype, such as by slicking it down with gel or ironing or curling it, can minimize the amount of reliable data on my hair that can be extracted from my photograph. This should not pose any major problem for me in the future as long as it is not obvious.
These I have considered, but rejected as too risky:
4. Wear colored eye contacts. While this can be effective, it is an obvious change that will be very difficult to believably explain in the event that anyone objects to it. Anyone closely inspecting my passport photograph will be able to determine that my eye color is different and may question me on those grounds. How am I to convince border agents in some backwater African or Asian country that those are just colored contacts that I no longer use, and not that the passport is fake, when they may not even know that colored contacts exist? Why would they believe me even if they did?
5. Remove my eyebrows. This is also too obvious a change and will also look ridiculous on my passport photo. There is little more to gain from this than can be accomplish with waxing.
6. Add/remove birth marks. This will be unlikely to help with facial recognition software and will likely just increases the chances of me being interrogated and detained at borders. Like the colored contacts, this is more useful for scenarios that don't involve a mandatory biometric facial photograph.
7. Apply makeup. This can be done to subtly change the tone and shadowing of my face to confuse the AI and cause larger error margins, but it may either be totally ineffective due to the facial recognition algorithm being used (as has happened to CV Dazzle) or effective enough to cause me problems later on.
And finally, this is one I am considering but unsure about how risky it is, which is the main inspiration for this thread:
8. Use cloaking software like Fawkes to subtlely distort my face in photographs to utterly defeat facial recognition while still being easily recognizable to humans. While this is very effective, it is so effective in fact that any attempt at verifying my identity by comparing my face to my passport photo will likely fail because the AI will classify them as two different people. This may not be a problem so long as I am not required to undergo facial biometric verification, such as by opting out of them where possible and avoiding countries that have no opt-out option, but that may just set me up to get completely fucked in the future in the event my only path is through a face scan.
Unlike the eyebrow waxing and other changes I mentioned above, which will likely lower the confidence of the match or even confuse it while not defeating facial recognition altogether, the morphing that will be applied to my face will be in areas considered permanent and stable without major plastic surgery (like the nose bridge, mouth corners, and jawline). It is reasonable for a person's hair style, facial hair, and even eyebrows to change over time… not so much with eye color, nose bridge, and jawline.
What do you think? Do you think any of the ideas above might work? Or do you think they are all too risky to try and that I should just bite the bullet by letting the government have an accurate copy of my face? What about morphing using Fawkes? Is that too risky?
If you have any other ideas or recommendations, I'd love to hear them.
 - https://cvdazzle.com/
 - https://sandlab.cs.uchicago.edu/fawkes/
Does no one have any input on this? I need to get my passport ASAP and I'm still unsure about whether to use Fawkes to break facial recognition on my passport photo.
As someone who's never traveled outside I had no idea it was THIS fucked.
Every day I feel like giving up and just hope that eventually things are going to get better. I applaud you for trying so hard to fool algorithms.
I would just go for it honestly
christ your post was depressing though
I would advise against changes that might look suspicious. Getting your eyebrows done is as much as I'd go with. Maybe having long hair.
Lads how the fuck do I make it so I don't look like I'm showing as a tor poster? I'm tired of the endless captchas
Keep switching circuits until you get one that isn't blacklisted by the pozzed admin.
Is there any point in caring about privacy when using a smartphone? I barely use it so perhaps I'm just wasting my time (and possibly money) by wondering if I should get an iphone (probably more private than stock android but expensive, not so much if bought used), a google pixel (expensive as fuck but the most secure) or just give up and keep using my android smartphone. Or downgrade my phone and get some older android device.
There's also whoever being at the other end not using a secure/privacy-concerned device, rendering this issue even more moot.
You'll still have some kind of footprint, shoe size will be smaller though.
Get a Pinephone if you really must have a shitty touchscreen device to do things you can do better on a computer anyway.
>The best option for privacy/security on Android is to get a Pixel >=3 and flash GrapheneOS. GrapheneOS does not contain any tracking unlike the stock OS on most devices and includes many hardening enhancements such as a hardened memory allocator, hardened C library, hardened kernel, stricter SELinux policies and more.
Save up some money and get a used Pixel if you actually care.
Search engines are all data mining, and even the privacy focused engines have backendes built on other search engines and sketchy glowey companies operate them.
Uninstall the games.
yeahhhh ddg uses a tracking pixel, although they do provide a .onion service which is what i use
How about using DDG without JS?
Is the focus on privacy overrated? It's fundamentally an individual thing which shifts the responsibility onto the consumers, risking distraction from the fixing of problems that were caused by capitalism's normal operation. What's the purpose of willfully self isolating from the majority of people who cannot afford pricy boutique devices or must use proprietary software and online platforms? Shouldn't directly attacking the capitalist corporations by labour organization be better than doing basically bunker tactics? That is far greater protection provided than trying to dodge the glows by technical methods.
obviously privacy itself should not function as praxis but ignoring privacy as countermeasure to advanced police state would be a mistake for any leftism movement organizers.
I was wanting to do this with a corebooted hardrockpro from pine for a FOSS (no proprietary blobs!) email and media server. Should be versatile enough to end my youtube and gmail use outright.
People who take the privacy bullet are usually FSF enthusiasts and are slowly trying to move towards a fully FOSS setup for themselves. For most people using Google and Twitter or whatever is fine however there are best practices of privacy that should be followed when you expect to be tracked (like at a protest). Ignoring those not only puts yourself in danger but everyone you may be associating with at said protest/riot. Further reason to ditch your smartphone for a Linux or De-Googled Android phone is that apple/google surreptitiously rolled out 'contact tracing' to all devices which also tracks you in doors.
Also convincing your friends to switch from facebook to a signal group is really easy, I forced my friends over and it's a lot comfier and more personal (cuz its just 4 people).
oh i forgot to mention the best practice (turn off your phone or remove the SIM card) for protests
Or use a pocket faraday cage.
What does it mean by “don’t install lots of things outside of the repository”? I though on Linux you could only download stuff from the repository.
you can download shit from wherever you can get it
Does Whatsapp's E2EE actually mean Facebook can't see your messages/audio/video? I've heard they only get your metadata.
they advertise that their protocol is based on signal's p2p encryption and they cannot observe or store exchanged keys but it's not open source and we don't know how to capture and analyze their protocol yet so nobody can verify it.
Even if it was true Google still sees everything you do, unless you're using whatsapp on a custom ROM.
Haven't read it, but I'm kind of skeptical of these kinds of books. They all seem like technoliberal bullshit to me, trying too hard to define this 'surveillance capitalism' without actually understanding capitalism in the first place. I had the same problem with those Netflix documentaries, "Social Dillema" and whatnot. Still, that doesn't make the book irrelevant, I'm sure it contains useful information about these matters. Have you started reading the book by now, anon? I'd like to hear thoughts.>>6229
I heard that the automatic Google Drive backups Whatsapp enforces are unencrypted, meaning both Google and Whatsapp get to see your messages. I also heard they store all the names to files you send, but can't see the actual contents of the files. Just to be clear, I have no confirmation of whether any of this is true, it might all be be FUD. In any case, Whatsapp is not to be trusted whatsoever. Remember:
>When Facebook gives you encryption, that only means they no longer need to see your messages to track you.
Meaning, your metadata still allows them to know a lot about you. Think about the fact that they have all your contacts, and your contacts' contacts, and so on. They also have a log of who you talk to, as well as frequency, time, etc. Even if they don't know what
you're saying, they still know who
The best thing will be something with open firmware. Coreboot is the best one. System76 and Librem sell laptops that use coreboot. The other high security option is to buy an old Thinkpad that can run libreboot or coreboot and install that over the stock BIOS.
For browsers I would just use Firefox with add ons. As the code base is extremely well audited.
A Linux distribution is a ready to use GNU/Linux operating system. It usually comprises a kernel (Linux) basic utilities, a graphical user interface, application software, and an online software repository that is used to keep the system updated. Popular Linux distribution examples are Ubuntu, Fedora, Solus, elementary OS, Debian, POP! OS, and Linux Mint.
>>6287>System76 and Librem sell laptops that use coreboot.
Just buy a thinkpad and flash the mobo yourself. You'll save at least $100 by doing that.
Dragnet makes me sick to my stomach, saved.caCanadien
System76 laptops turn off system management mode in the processor, or, ring level -2. That's part of their appeal.
there is a simple privacy manual? that can be translated to the masses?
Hello comrades, I have a quick question and I hope this is the proper place to ask.
plebbit spacing in honor of the ongoing gamestop short squeeze
Are there any good, privacy-respecting (but also free) www whiteboard services? Ease of use is a high prio since I need to get normies in on it.
Some days ago both
DDG and Startpage.com stopped allowing search requests (at least) on Tor Browser with JS off, sooo…https://searx.xyz/
Just leaving this here if anyone else were looking for an alternative, I hope this is a temporary bug of some sort because Startpage images is very reliable, and I had just gotten into the groove of using "" around terms and words on DDG onion to get quite good search results…
I'm not fucking enabling JS or using Google. Only forward.https://searx.xyz/https://searx.xyz/https://searx.xyz/
DDG disallowing searches from tor w/o JS is alarming if true.
I have to disagree with everyone else in this thread, my experience has been that DDG has provided superior search results for almost five years now, and Google’s results have been in steady decline since 2007, becoming particularly shitty in 2003. My personal stance is that if Google provides you better results than DDG, you are the cancer that’s killing /b/, the algorithms were designed around you.gentooGentoo
>>6921>Use Searx more than twice>Rate limit exceeded
Can anyone explain why my IceCat install is marked as fingerprint-protected (1 in 4000 browsers have same fingerprint) and my Tor install isn't (unique fingerprint)?
I'm trying to wrap my head around why this is possible given Tor's whole point, so maybe I misunderstood what it does and doesn't do in the first place.
html.duckduckgo.com works without JS>>6939
The TBB approach to browser fingerprinting is to blend in https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
>Rate limit exceeded
Change Tor circuit, or use another searx instance https://searx.space
>>2774>not sure why this thread is on the last page
Looks to have been importantly from Bunkerchan, probably why the original posts are a bit scuffed.>>2781
Here's a non-Snopyta Invidious instance:https://vid.puffyan.us/
It's accessible through Tor:http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/
And here's a list of more instances:https://instances.invidio.us/?sort_by=healthpiratePirate
And if you want to use Searx on an instance other than Snopyta's, a /leftypol/ anon in another thread posted one he hosts through Tor:http://z34zvdnudiq5om7v547g42nr36l4ut7pek6bx7prn4emi5ncdgo6jhad.onion/
You can find plenty of others which are available through the clearnet.piratePirate
Literally the only thing they're useful for. They will still sell your data.
It reminds me that no matter how secure you might make your phone it is all useless if the people you're contacting are retarded and have their shit filled with spyware.
Apparently Protonmail handed out the IP address of a French activist on demand of the Swiss Government. Should I stop using their services completely, even their VPN?
I've read this article, but I'm still doubtful: https://beebom.com/protonmail-logged-ip-address-should-you-worry-privacy/
Also a lot of the .onion Invidious instances such as IncogTube are down, the timing seems fishy, only the ones that connect to googlevideo services remain.
>>11553>not assuming every email provider is pozzed or will become pozzed in the future>not taking precautions based on that assumption>not compartmentalizing by default>not using Tor by default
c'mon anon, it's not that hard
Well it's not like I use protonmail for anything particularly sensitive and I do use Tor+VPN for browsing, just not for email since I barely use it.
Best VPN that can be used on at least two devices and has a shitton of IPs to choose from?
Tor, nothing beats it.
I live at an institution whos main specialization is computer science and cybersecurity. I have to use their internet 24/7. They have their own ISP, I'm on their ethernet that I had to log in with my own ID to access. I don't want them to see my traffic, or associate that traffic with me. Is there any hope for me? I already use have a VPN that I trust, and I also use Tor too. I also use custom DNS server.
>>11558>I do use Tor+VPN
that's like putting a wooden door in front of a steel one
NTA but So? Who cares if they go through the wood door if they can't get through the steel one?
The VPN would serve it's purpose of not getting permafucked by cloudflare if browsing.
It's much worse than that, it's like using a single steel door instead of multiple disconnected ones. Tor+VPN means your streams are not isolated: for every request you're using the same circuit to the VPN, and all the targets can profile you as a single origin as well.
In short, Tor+VPN is making things much worse.
This was written by a Tor project dev:>People usually consider doing this because they want to appear to have an IP address that doesn't change and isn't associated with Tor. Doing this throws away the vast majority of the security gains that Tor gets you. It ruins Tor so much, and you have to trust the VPN company so much, that you might as well not even use Tor at all.https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h/
>>12358>I don't want them to see my traffic, or associate that traffic with me.
If using Tor they won't see where your requests are going or their content. But they will see that they're coming from you and can therefore perform a traffic analysis (size, timing).
Hypothetically speaking if they control a large number of Tor exit nodes (really doubt it) they could connect you to the requests you're making. If your requests go over TLS (e.g. HTTPS) after exiting the Tor network then they would learn only about the domains/servers you're visiting, but not the rest of the requests (URL, headers, payload) or responses.
I would worry more about the fact that you're using Tor at all - it could raise some alarms. You can mask that by using a Tor bridge. It's easy to configure in Tor browser, just look at the network settings. You can also request a publicly unknown bridge from Tor project via email.
This would still make your traffic unusual, but unless their detection system is really aggressive it shouldn't flag you.
Do what I did, befriend someone and steal their credentials.
"Well, at least I'm doing something"bros, we can't stop losing.
So restart tor and switch up your VPN. It aint that hard mate.
That doesn't solve the problem, your concurrent streams are still not isolated. It's an idiotic compensation for the problem that you caused yourself for no good reason. The only benefit is that you can now feel really smart about yourself.
Just use Tor, it's both simpler and better.>>12372>"Well, at least I'm doing something"bros, we can't stop losing.
You're losing only because you're blindly following conflicting advice, usually given by people who themselves have barely any idea what they're doing. If you don't know how any of this works then follow the official documentation.
This whole thing reminds of the way consumers make their choices. More features, bigger numbers, it must be better. Just pile it all on, we don't know how it works, but it must be doing something.
Unique IPs: 8