Comrades, we need a thread on privacy. Any decent activist should try ways of staying anonymous on the web and prevent being tracked by governments and corporations.General tips===* Use free software as much as you can.* Use GNU/Linux and keep it up-to-date, to be sure that you don't have unpatched security exploits* Don't use Flash Player, use youtube-dl instead for watching streaming videos online* Do not use Google, use DuckDuckGo or StartPage instead* Use a password manager like Keepass or for GNU/Linux users keepassx. Create new passwords for every site that you visit and use a strong password as a master password. A tip for easy remembering of your master password is to use a sentence. "i fucking love cookies and tits!" with extra capital characters etc. is easier to remember than some random characters and long enough to prevent brute force attacks of any kind.* Use the Tor Browser Bundle if you really want to stay anonymous.Firefox====* Go to Preferences -> History and set History to "Never remember history". * See for additional tweaks:
https://github.com/amq/firefox-debloat and
https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-securityAdd-ons-----------* Use uBlock Origin for preventing tracking etc. Bonus: use hard-mode to manually whitelist external domains on sites. Don't use uBlock but be sure to use uBlock Origin
https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode* HTTPS Everywhere* DecentralEyes: prevents CDN hosting from tracking you (Google for Jquery etc.)* Self Destructing Cookies: only allow cookies that you choose to allowOS==* Encrypt your hard drive or home partition at least* If you use GNU/Linux, you can try to restrict systemd or syslog from logging. * Use a distribution which takes security seriously. Also, be sure that you don't install a lot of things outside the repository. It will cover most of your needs.Real life tips===* Pay with cash if you canFeel free to provide tips to each other comrades!
>>58>tfw to lazy to get luks working.Same. It's so much of a hassle. I wish that there was a single button solution that would encrypt my hard drive while letting all the data remain on it.>Also, duckduckgo has shit results. I use it, when I don't want google to notice what I'm searching forI'd recommend Startpage then. It's just a Google proxy and has almost the same results.>But I had my privacy fundemantally broken when I decided to stay at googlemail (whats a good alternative btw?Same here comr8. Protonmail appears to be good. If you live in Europa, you can also try Posteo. They seem very strong on privacy and you can even pay them with send cash.
https://posteo.de/enThere's also this other email startup, I don't know if they are any good tbh fam. But it's free at least (as in, it costs no money).
https://tutanota.com/Excellent tip you have on WhatsApp by the way. People forget about the importance of metadata leakage.
>>59>
https://tutanota.com/Looks interesting, but>made by Berndkc-tier tbh
For securer e-mailing:
https://emailselfdefense.fsf.org/en/Note that metadata isn't encrypted with GPG, but your content is however.
DO NOT use FuckFuckNo. It was made and is owned by a person who ran a site called The Names Database (or something similar) which was literally a datamine which he sold for millions.Instead use
https://searx.meFor email, Tutanota is great, especially if you use it in combination with GPG. Cock.li is also excellent if you use GPG.
A stupid question:I want full disk encryption without having to wipe my data. Is this possible? I've looked at:
http://www.johannes-bauer.com/linux/luksipc/But I'm too pussy to try. Anyone got advice?
everyone switch to STARTPAGE
https://www.startpage.com/its like duckduckgo but better and with a name that isnt stupid like 'duckduckgo'also it has proxy viewing. Very useful to read articles etc at work, if your work monitors web traffic like mines does.
not sure why this thread is on the last page, but these links definitely need to be somewhere on /tech/
https://invidious.snopyta.org/https://nitter.snopyta.org/https://snopyta.org/but also wanted to ask, what's up with archive.is not having SSL encryption? should this be concerning?
Anyone tried
https://qwant.com ?
Are they more or less trustworthy than duckduckgo? Results seem comparable.
>>2774>what's up with archive.is not having SSL encryptionIt supports SSL but doesn't automatically redirect to it
https://archive.is/>>2782You can use Youtube-dl with Tor:
youtube-dl –proxy "socks5://127.0.0.1:9050"
As for browsing for videos, use invidio.us.
>>2783If you don't have system Tor running, then you can proxy through Tor Browser, which uses socks port 9150 instead of 9050:
youtube-dl –proxy "socks5://127.0.0.1:9150"
Of course you can still pipe the output to mpv like before. I have something like this in my shell config:
youtube-mpv() {
/usr/bin/youtube-dl –proxy "socks5://127.0.0.1:9050" "[email protected]" -o - | mpv -
}
Then you just use it like this:
youtube-mpv
https://invidio.us/watch?v=y5zQTmkY7GIIf Tor is too slow add the -f worst flag.
youtube-mpv -f worst
https://invidio.us/watch?v=y5zQTmkY7GI>>2784If all you want is to subscribe or follow someone on social media, then you can use RSS feeds instead of creating an account, which is often blocked over Tor anyway. What you need is a RSS feed reader that supports socks5 proxies for use with Tor.
You can replace a lot of your browsing routines this way, which will save you a ton of time, since you'll have everything you're interested in aggregated and automatically updated in a single program.
Keep in mind though that all feed reader's connections will use a single Tor "identity". This is similar to opening everything within a single Tor Browser session, without resetting the circuits. So if you subscribe to a bunch of invidio.us channels, all of the connections to invidio.us will come from the same Tor exit relay (while connections to other sites will use different circuits). This is still way better than using an account, but it doesn't allow for total isolation of different "identities" in the OPSEC sense.
Another issue is that your feed reader will probably use its own User-Agent header. If possible change it to whatever current version of Tor Browser uses. You still won't have control over the rest of HTTP headers though, which could also be used for fingerprinting.
Of course in the end it's safer to just use Tor Browser, copy-paste URLs from some text file, and often reset the browser's session. Unless you write your own scripts there's always some compromise, most devs still have barely any idea how mass surveillance works or just don't care.
>>2125be careful installing random add-ons, as these can be used to fingerprint you.
Set up a script if you can to randomly assign your user-agent
>>2125>>2787Random user agent spoofing has little use if you don't use a proxy or public networks (then you should also spoof your MAC address).
And if you use Tor it will only make you stand out more since Tor Project's design philosophy bets on uniformity rather than randomness.
>>2788User-Agent is not the only HTTP header that they use to fingerprint you anyway. Each browser has a distinct set of HTTP headers it uses (Accept, Accept-Encoding, Accept-Language, etc.), so if you spoof just your User-Agent header you're just telling the website that you e.g. use Firefox with a user-agent-spoofing add-on.
You're only making it worse!
>>2136>I'm going to buy a new laptop soon. What model should I get if I want privacy?Something librebooted
>Also, what's a distribution?A combination of package manager and package configurations. Ubuntu, Debian, Redhat, Suse, etc.
>>2792>luks is fast and easy, friendDoesn't work that well with SSDs. Many report 50% drop in performance. There's also the TRIM dilemma: either you TRIM, which leaks some information (space usage, filesystem used), or you don't TRIM and your SSD will have shorter life-span and deteriorating performance.
https://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.htmlI guess if you don't do full disk encryption and instead only encrypt your /home then it's not such a big issue.
>>2115>Also, duckduckgo has shit results.True. I don't know what happened in the last couple of years but all of these "alternative" search engines have become complete utter shit. You use 5+ very specific keywords, looking for something specific and obscure, and it always spits out the most generic results possible based on only one or two of the terms used. Quoting keywords doesn't have any effect anymore either. It's such a pain trying to find anything, trying to make the search engine finally listen. Most of the time I just give up.
I'm seriously considering just using Google, but it blocks Tor with its stupid infinitely-looping AI-training captchas. Bing is also an improvement, but it seems heavily biased towards regional results, so it's not that useful over Tor.
Let's get into some meatspace privacy stuff. Here is a map with camera locations:
https://sunders.uber.space/You can add cameras that you see outside on openstreetmap and they will be added here.
>>3333pretty much the best most people can do.
Fact is, if they want your info/data they can and will get it.
Doesn't mean you need to make it easy, nor give them all of it.
https://n-o-d-e.net/nano_server2.htmlI'm building one of these next week to finally set up a pihole with and maybe do some other dumb stuff like keep a little local backup of my CV etc., I'm not sure if that's actually that smart though, none of the info I'd be backing up isn't already public but I don't know about keeping it on the same box as a DNS server that's probably going to be constantly hammered by ads
Thoughts?
OR should I just back up the files I want to keep onto another Micro SD card and tape it to the top of the server?
Really interested in the utility of little hobbyist hardware solutions for common privacy issues like corpo tracking, and it will be a fun project even if its only marginally effective
>>3704I'm using keepass and tbh I don't see the problem with just transferring the file around, its like 5kb, I've got into the habit of just copy/pasting it across my different machines when I update it on my main machine, it takes like 2 seconds to copy it to my phone and push it over waprinator or ssh to my laptop, if I needed to get it remotely for some reason I could just put the encrypted password file in a cloud repo or github or something and up the masterpass complexity/change the pass after downloading the file (I don't forsee ever needing this so I don't have an online backup of it, doesn't seem like the greatest idea even if a 30 character properly configed masterpassword should be virtually uncrackable)
I think the slight hassle is worth the extra comfiness of knowing its not being passed around in a cloud server by some company somewhere, and the passwords don't need to change often, since they're so strong, and they all get changed at once since force change after a certain time is enabled for them
Hello /tech/,
I will be getting a passport soon to leave the country. I want some advice on how to best obfuscate my face to defeat the facial recognition involved in the biometric photograph I need to take for my passport. What can I safely implement to do so that won't cause me grief now or in the future? I want my passport photograph to be accepted, but I don't want to then get detained in another country on suspicion of having a fraudulent passport as a result of my obfuscation measures.
The following is what I have already considered and may implement:
1. Be clean shaven. Since I cannot grow enough facial hair to cover my jaw line, I will not benefit from having any in my passport. I can begin growing my facial hair once I leave the country, but before then it is better to not provide the AI with any data on my facial hair, which alone can be used to uniquely identify me on the basis of growth pattern and hair phenotype.
2. Wax my eyebrows. Since facial recognition relies heavily on data from the brow, waxing my eyebrows to a length and width slightly different from my natural look can obfuscate this, hopefully without giving me any trouble in the future.
3. Change my hairstyle. Having a hairstyle that obfuscates its length and phenotype, such as by slicking it down with gel or ironing or curling it, can minimize the amount of reliable data on my hair that can be extracted from my photograph. This should not pose any major problem for me in the future as long as it is not obvious.
These I have considered, but rejected as too risky:
4. Wear colored eye contacts. While this can be effective, it is an obvious change that will be very difficult to believably explain in the event that anyone objects to it. Anyone closely inspecting my passport photograph will be able to determine that my eye color is different and may question me on those grounds. How am I to convince border agents in some backwater African or Asian country that those are just colored contacts that I no longer use, and not that the passport is fake, when they may not even know that colored contacts exist? Why would they believe me even if they did?
5. Remove my eyebrows. This is also too obvious a change and will also look ridiculous on my passport photo. There is little more to gain from this than can be accomplish with waxing.
6. Add/remove birth marks. This will be unlikely to help with facial recognition software and will likely just increases the chances of me being interrogated and detained at borders. Like the colored contacts, this is more useful for scenarios that don't involve a mandatory biometric facial photograph.
7. Apply makeup. This can be done to subtly change the tone and shadowing of my face to confuse the AI and cause larger error margins, but it may either be totally ineffective due to the facial recognition algorithm being used (as has happened to CV Dazzle[2]) or effective enough to cause me problems later on.
And finally, this is one I am considering but unsure about how risky it is, which is the main inspiration for this thread:
8. Use cloaking software like Fawkes[1] to subtlely distort my face in photographs to utterly defeat facial recognition while still being easily recognizable to humans. While this is very effective, it is so effective in fact that any attempt at verifying my identity by comparing my face to my passport photo will likely fail because the AI will classify them as two different people. This may not be a problem so long as I am not required to undergo facial biometric verification, such as by opting out of them where possible and avoiding countries that have no opt-out option, but that may just set me up to get completely fucked in the future in the event my only path is through a face scan.
Unlike the eyebrow waxing and other changes I mentioned above, which will likely lower the confidence of the match or even confuse it while not defeating facial recognition altogether, the morphing that will be applied to my face will be in areas considered permanent and stable without major plastic surgery (like the nose bridge, mouth corners, and jawline). It is reasonable for a person's hair style, facial hair, and even eyebrows to change over time… not so much with eye color, nose bridge, and jawline.
What do you think? Do you think any of the ideas above might work? Or do you think they are all too risky to try and that I should just bite the bullet by letting the government have an accurate copy of my face? What about morphing using Fawkes? Is that too risky?
If you have any other ideas or recommendations, I'd love to hear them.
—
[1] -
https://cvdazzle.com/[2] -
https://sandlab.cs.uchicago.edu/fawkes/>>5773I would just go for it honestly
christ your post was depressing though
>>6120People who take the privacy bullet are usually FSF enthusiasts and are slowly trying to move towards a fully FOSS setup for themselves. For most people using Google and Twitter or whatever is fine however there are best practices of privacy that should be followed when you expect to be tracked (like at a protest). Ignoring those not only puts yourself in danger but everyone you may be associating with at said protest/riot. Further reason to ditch your smartphone for a Linux or De-Googled Android phone is that apple/google surreptitiously rolled out 'contact tracing' to all devices which also tracks you in doors.
Also convincing your friends to switch from facebook to a signal group is really easy, I forced my friends over and it's a lot comfier and more personal (cuz its just 4 people).
>>6067Haven't read it, but I'm kind of skeptical of these kinds of books. They all seem like technoliberal bullshit to me, trying too hard to define this 'surveillance capitalism' without actually understanding capitalism in the first place. I had the same problem with those Netflix documentaries, "Social Dillema" and whatnot. Still, that doesn't make the book irrelevant, I'm sure it contains useful information about these matters. Have you started reading the book by now, anon? I'd like to hear thoughts.
>>6229I heard that the automatic Google Drive backups Whatsapp enforces are unencrypted, meaning both Google and Whatsapp get to see your messages. I also heard they store all the names to files you send, but can't see the actual contents of the files. Just to be clear, I have no confirmation of whether any of this is true, it might all be be FUD. In any case, Whatsapp is not to be trusted whatsoever. Remember:
>When Facebook gives you encryption, that only means they no longer need to see your messages to track you.Meaning, your metadata still allows them to know a lot about you. Think about the fact that they have all your contacts, and your contacts' contacts, and so on. They also have a log of who you talk to, as well as frequency, time, etc. Even if they don't know
what you're saying, they still know
who,
when, etc.
>>2136The best thing will be something with open firmware. Coreboot is the best one. System76 and Librem sell laptops that use coreboot. The other high security option is to buy an old Thinkpad that can run libreboot or coreboot and install that over the stock BIOS.
For browsers I would just use Firefox with add ons. As the code base is extremely well audited.
A Linux distribution is a ready to use GNU/Linux operating system. It usually comprises a kernel (Linux) basic utilities, a graphical user interface, application software, and an online software repository that is used to keep the system updated. Popular Linux distribution examples are Ubuntu, Fedora, Solus, elementary OS, Debian, POP! OS, and Linux Mint.
Some days ago
both DDG and Startpage.com stopped allowing search requests (at least) on Tor Browser with JS off, sooo…
https://searx.xyz/Just leaving this here if anyone else were looking for an alternative, I hope this is a temporary bug of some sort because Startpage images is very reliable, and I had just gotten into the groove of using "" around terms and words on DDG onion to get quite good search results…
I'm not fucking enabling JS or using Google. Only forward.
https://searx.xyz/https://searx.xyz/https://searx.xyz/>>6921>Use Searx more than twice>Rate limit exceededWat do?
Also, I tested both my default Tor install with only the security preset set to "Safest" (no js) and my IceCat install with JavaScript disabled and a custom user.js from reddit via EFF's Coveryourtracks tool (FKA Panopticlick).
Can anyone explain why my IceCat install is marked as fingerprint-protected (1 in 4000 browsers have same fingerprint) and my Tor install isn't (unique fingerprint)?
I'm trying to wrap my head around why this is possible given Tor's whole point, so maybe I misunderstood what it does and doesn't do in the first place.
>>6921html.duckduckgo.com works without JS
>>6939The TBB approach to browser fingerprinting is to blend in
https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
>Rate limit exceededChange Tor circuit, or use another searx instance
https://searx.space >>2774>not sure why this thread is on the last pageLooks to have been importantly from Bunkerchan, probably why the original posts are a bit scuffed.
>>2781Here's a non-Snopyta Invidious instance:
https://vid.puffyan.us/It's accessible through Tor:
http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/And here's a list of more instances:
https://instances.invidio.us/?sort_by=healthpiratePirate >>2779>>2781And if you want to use Searx on an instance other than Snopyta's, a /leftypol/ anon in another thread posted one he hosts through Tor:
http://z34zvdnudiq5om7v547g42nr36l4ut7pek6bx7prn4emi5ncdgo6jhad.onion/You can find plenty of others which are available through the clearnet.
piratePirate https://nitter.eu/tenacioustek/status/1434604102676271106Apparently Protonmail handed out the IP address of a French activist on demand of the Swiss Government. Should I stop using their services completely, even their VPN?
I've read this article, but I'm still doubtful:
https://beebom.com/protonmail-logged-ip-address-should-you-worry-privacy/ >>12360NTA but So? Who cares if they go through the wood door if they can't get through the steel one?
The VPN would serve it's purpose of not getting permafucked by cloudflare if browsing.
>>12360>>12361It's much worse than that, it's like using a single steel door instead of multiple disconnected ones. Tor+VPN means your streams are not isolated: for every request you're using the same circuit to the VPN, and all the targets can profile you as a single origin as well.
In short, Tor+VPN is making things much worse.
This was written by a Tor project dev:
>People usually consider doing this because they want to appear to have an IP address that doesn't change and isn't associated with Tor. Doing this throws away the vast majority of the security gains that Tor gets you. It ruins Tor so much, and you have to trust the VPN company so much, that you might as well not even use Tor at all.https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h/ >>12358>I don't want them to see my traffic, or associate that traffic with me.If using Tor they won't see where your requests are going or their content. But they will see that they're coming from you and can therefore perform a traffic analysis (size, timing).
Hypothetically speaking if they control a large number of Tor exit nodes (really doubt it) they could connect you to the requests you're making. If your requests go over TLS (e.g. HTTPS) after exiting the Tor network then they would learn only about the domains/servers you're visiting, but not the rest of the requests (URL, headers, payload) or responses.
I would worry more about the fact that you're using Tor at all - it could raise some alarms. You can mask that by using a Tor bridge. It's easy to configure in Tor browser, just look at the network settings. You can also request a publicly unknown bridge from Tor project via email.
This would still make your traffic unusual, but unless their detection system is really aggressive it shouldn't flag you.
>>12376That doesn't solve the problem, your concurrent streams are still not isolated. It's an idiotic compensation for the problem that you caused yourself for no good reason. The only benefit is that you can now feel really smart about yourself.
Just use Tor, it's both simpler and better.
>>12372>"Well, at least I'm doing something"bros, we can't stop losing.You're losing only because you're blindly following conflicting advice, usually given by people who themselves have barely any idea what they're doing. If you don't know how any of this works then follow the official documentation.
This whole thing reminds of the way consumers make their choices. More features, bigger numbers, it must be better. Just pile it all on, we don't know how it works, but it must be doing something.
Surprised barely anyone in here has mentioned PGP
https://theprivacyguide.org/tutorials/pgp.htmlGnuPG (GPG) is a recommended implementation, it's even pre-installed in some distros.
keybase.io seems like a nice place to publicly share your keys
Claws Mail is a good graphical email client that supports GPG
>>2111Bunch of security/privacy-related links here:
https://sizeof.cat/links/The blog looks pretty good too
>>14330yeah tried selecting snowflake on launch one time and left it when it didn't work and obsf4 worked first time.
Tried it again just now, errors result, searched the errors, snowflake needs more configuration. Detailed instructions available.
Thanks anon, just needed a point in the right direction.
>>14394those interest rates are set by porkies who own the bureaucrats in those central banks
also i dont think you know what capital is
>>14502If you are willing to use tor, probably the most idiot proof one step thing to do is to boot to tails on a usb.
Like anything, spend a few hours understanding it first.
>>14502cryptostorm.is
mullvad.net
njal.la
use openvpn to connect
for tor, always use the pre-packaged browser
if you're gonna set up your own VPN, look into public key encryption first and find a host in western europe or some other place that has high bandwidth and a minimum of firewalls. you can also do cool stuff like set up your own private bridge relay into the tor network
>>14545>Is the VPN situation really that bleak?Ever heard of a popular VPN available to westerners that's not based and controlled in the west?
Also has anyone else noticed disruptions in the popular free western-based VPNs over recent weeks?
>>14553 (me)
though what is their business model? is it limited bandwidth free, to get you to subscribe to paid? Or advertizing? or glow money/grants?
>>14553>lets make it exist anon….I'm available, let's do it. Got any experience in the field, if I can ask?
>Why bother trying to make money? A VPS with unlimited bandwidth is not that expensive, but I haven't looked into hosting in those countries. It could be like RiseupVPN.The thinking behind using a capitalist business model was that it would provide less of an excuse for the west to ban it, maybe. They would be more likely to ban an overtly communal entity based in those countries, idk. Ebil communism etc
Ofc it could and should be run as some kind of co-operative or whatever.
>>14554The exact same business model as any of the other popular well known VPNs.
With the unique selling point of locations outside the ~17 eyes countries. That's a pretty big selling point globally, folks.
>>14567Servers located in every one of the countries mentioned, that are outside the n+1 eyes countries, would be totally owned anyway, no matter what. Same as all the well known western vpns.
So what? There's a massive market of people outside the west who'd like access to some kind of VPN based outside the west.
It would be a great project, surprised it hasn't been done already. There's a lot more value in it than just giving people the illusion of privacy.
>>14572>it's why generally ideological service providers like riseup are so trusted They're not at all "trusted" by anyone other than anarcho-radlibs.
They had their warrant canary not updated for half a year at one point and basically came back like "everything's fine don't worry :)"
You'd have to be seriously stupid to rely on an "anarcho-communist" email service from the US that has existed "without problems" for that amount of time (decades). Their entire team are compromised is the likely possibility.
Actually now that I just quickly Wiki-searched it; the warrant canary event in 2016 actually was a gag order, and they fully cooperated with the FBI. They have since removed any pretense of securing people's data from their updated canary.
https://en.wikipedia.org/wiki/Riseup#Warrant_canary >>14557idk why i said that in a way implying i could help currently, sorry
i have experience setting up a personal vpn using openvpn and basic general server management shit, but i'm not in a good place to be starting projects right now, i dont have the money for a standalone server, and i have next to 0 web experience which would be needed
i'd be down to try setting shit up since it's been a goal of mine for some time to create some leftist run but not necessarily activisty/hackery web resources like vpn, storage, email, foss social media, etc. Anyways i can't right now, but if you're still interested in a couple months then this could happen. Though finding servers could be hard, and paying for them might be even more difficult.
Why would you use a VPN instead of Tor, except torrenting? For torrenting, why would you use a VPN instead of I2P?
>>14563There's also a need to host Tor nodes in those countries. Too many Tor nodes are in Germany.
>>14590Are you talking individual users or leftypol as a whole?
Making leftypol an onion based site would be less feasible for 3 reasons:
1.tor is slower
2.tor only sites are more vulnerable to CP spam
3.most users don't connect via tor
>>14589Well one obv reason is that the target demographic is usually liberals/proprietarians and so they would definitely not touch anything to do with heckin authoritarian socialist dictatorship Vuvuzuela
>>14590>Why would you use a VPN instead of Tor, except torrenting? That's a major reason. Also for a lot of regular stuff that needs login.
>For torrenting, why would you use a VPN instead of I2P?Because by comparison to "regular" trackers I2P is virtually unknown and barren. But I
wish this would change.
>>14591leftypol.org already has an onion server btw, I'm using it right now:
http://76i2c3hn55fcj5nut3tqlboqqbbh23zvphv7lefk3vftpx6wketlanyd.onion/tech/res/2111.html >>14592>Well one obv reason is that the target demographic is usually liberals/proprietarians and so they would definitely not touch anything to do with heckin authoritarian socialist dictatorship Vuvuzuela There should be a viable global market for this though, you're maybe looking at this from a western-centric point of view.
Mullavad is a service based in the west, available globally.
So is there some other obvious reason why there isn't already an equivalent to mullavad, except based outside the west? Venezuela was used an example, there are other suitable countries mentioned in the thread.
>>14590>Why would you use a VPN instead of Tor, except torrenting? For torrenting, why would you use a VPN instead of I2P?The discussion isn't about Tor, it's about the lack of vpn services that are based outside the west. We don't seem to be able to answer why this is, so far.
>>14588>>>14557>idk why i said that in a way implying i could help currently, sorryhey no need to apologise, we're just kinda shittalking tbh. I think there's something there though, unless I'm missing something.
Again, is there some obvious reason why there isn't already a venezuelan (or similar country) mullavad?
>>14595>the lack of vpn services that are based outside the west. We don't seem to be able to answer why this is, so far.Because internet and hosting in these countries
>>14563 is unreliable, slow and expensive.
>>14596Seriously, is that the main obstacle preventing something like a mullavad in those countries?
Isn't every country basically connected to the same internet these days? Like, this operation would be based in the capital city connected to the national backbone or whatever, so why would it be prohibitively unreliable, slow, or expensive? Everything should be cheaper in these countries, I thought.
>>14605backbone/upstream networks are only as strong as the volume of traffic in downstream networks
Europe has a whole bunch of intra-regional IP routing providers like say Portlane with massive amounts of traffic, so they have higher connectivity on the internet as a whole as a result, as opposed to a country with a smaller amount of traffic coming from its backbone routers
>>14608appreciate the reply. So it's a lack of connectivity or infrastructure that's the main reason something like mullavad doesn't exist outside the control of the west, in a country mentioned above?
Wouldn't almost anything resembling it, run and controlled outside the west, be an attractive service for many global citizens? Hosting, vpns, vps, whatever.
So it wouldn't have the same connectivity as something based in the west would have, but wouldn't some service be operable on a smaller scale?
I want to coreboot my trusty thinkpad but it seems I chose a bad time to do it.
https://www.techradar.com/news/good-luck-getting-a-raspberry-pi-anytime-soon-unless-you-want-to-buy-thousandsIs there anything else I can use to securely flash a motherboard?
>>14691As someone who tried and failed to coreboot, did you even read the most basic guides you total…comrade :)
The other option to the Pi is a chip flasher. I got the recommended one from alibaba for a few dollars. When it arrived, detailed reading (500 tabs open) revealed that some of these flashers have a manufacturing defect or something that causes them to output the wrong voltage or something.
I took a chance and went ahead. Failure happened when I couldn't actually get the pomona clip to securely attach to the bios chip so that a data connection was made.
It's probably because my sight, just could not see wtf was going on, shits too small. Spent a couple of hours but only got the connection operating one time. Planning on trying again with a magnifying glass.
Can't remember the type of pomona clip chip flasher, now but it's mentioned a couple of times in the most popular guides.
>>14697Wait I thought you needed a device (like a raspberrypi)
and a CH341A Pro with a SOIC-8 clip? Now that I read a bit it seems the CH341A Pro is an alternative to using a raspberrypi.
Lmao I feel retarded now, I do need to RTFM…
>>14595Nobody else see the value in a mullavad-style service based outside the n+1 eyes countries?
Can't understand why nothing similar exists already, even if only for PR purposes.
>>14815Can't understand the negativity and discouragement tbh.
Why would it have to be government-sponsored? The popular western vpn + hosting services aren't technically government-sponsored but very government accessible. The service would be as ostensibly distant from local government as any western vpn service.
Are there not many people outside the west, as well as many western leftist types like me, that would pay something for a service based outside the n+1 eyes countries?
Firefox is pretty much the way to go. Based off of Netscape, probably the most used browser out there so generic against potential fingerprinters, modern and sleek, etc. You probably already have it installed, or have yet to fetch it from your distro's repo, who knows.
There are countless hardening guides out there for Firefox. Generally you want to disable Pocket, WebRTC, telemetry (sending data to Firefox's servers as a sort of feedback) blah blah blah. Take a gander:
https://web.archive.org/web/20181031171622/https://www.privacytools.io/#about_confighttps://chrisx.xyz/blog/yet-another-firefox-hardening-guideJavascriptThis will probably be your biggest worry after fucking around in your settings and about:config, as it concerns privacy, unobstructed use, CPU usage, important stuff. There are several add-ons that deal with this. Definitely get LocalCDN. LibreJS deals similarly with essential Javascript code that has restrictive licenses, which might be a worry to varying degrees. Apart from that, uMatrix is fine-grain as hell. uBlock Origin also works alongside all of these as a convenient blacklist for ad-fuckers.
https://www.localcdn.org/https://www.gnu.org/software/librejs/https://addons.mozilla.org/en-US/firefox/addon/umatrix/https://ublockorigin.com/ProxyingScroll down to the bottom of General Settings. Click on the button for Network Settings. Check Manual Proxy Configuration and put 127.0.0.1 in SOCKS host and the port whatever your OpenVPN or Wireguard or TOR is running on. For TOR I think it's 9050, look it up idk. Check "Proxy DNS when using SOCKS v5", DNS is easily the biggest weakness and most common cause for slip-ups when proxying.
Search engineYou want something that doesn't collapse because you can't run their precious Javascript and to not instantaneously ping a 3- or 4-letter agency's server farm. Duckduckgo.com is alright, also poke around the instances on searx.space.
>>15518But tor explicitly allows for SOCKS5 proxying. In many cases its better than vs not doing it, also TB is extremely limited in functionality for "heavier" web applications, like even Element/matrix with a lot of people / rooms chatting (SOCKS5 proxied Element Desktop is then preferable).
Another similar area is also RSS. Most browsers, including Firefox (and TB) removed support and you're thus forced to use a standalone application. Here again its better to torify the traffic via SOCKS5 proxy than vs not doing it.
Wouldn't you agree?
>>15525torsocks doesn't work for all uses and isn't guaranteed to route everything
shell out some time and use whooonix instead
>>16110No, why?
My statement has nothing to do with tor "speeds", I know the tor network is on average several times slower than your regular connection due to onion routing. I'm talking about how fucking weird and wonky the presumably JS code is. Like you will press a button and it won't even register. Other buttons will work sometimes but also not, refresh will be unresponsive, etc.
>>16112 (me)
Even to the point where I will have a less buffer:y experience streaming video through invidious, than I do Piped, and the prior is supposedly abandoned shitware if you take the word of the Piped people.
>>14809you can set one up yourself with some server management and web programming know-how and a small amount of money capital
VPNs in five eyes countries are more desired though thanks to stable high speed ISPs and lack of serious censorship
>>2111Some tips:
* Install GNU/Linux. Start with Linux Mint. If you want to dual-boot get another SSD or use windows disk management tools to shrink a partition (reserve at least 60GB for GNU/Linux). If you want to learn more advanced GNU/Linux skills, there is a free book at:
https://linuxcommand.org/* Use Tor Browser when you can but do not log into any accounts when you are using Tor, unless you access that account always from Tor
* Encrypt your email:
https://emailselfdefense.fsf.org/en/ Also note that you can encrypt files with GnuPG (use tar to pack up files and then use gpg's –symmetric option). If you need an email client program, Claws Mail is a good free software email client that has a GUI.
* Clean meta-data from your files that you upload or send. Use exiftool or something.
* Use Firefox with arkenfox user.js or Ungoogled-Chromium
* Use SearX or SearX-ng as your search engine:
https://searx.neocities.org >>21300disroot is a good email provider if ur not willing to set up ur own
they have a tor proxy
u can set up torsocks through socks5 settings on claws mail or thunderbird/icedove
>>24720There was some shit online around Oct 7 like
>Hamas kept their plans secret using this one simple trick: Huawei phonesbut to operate on western networks they would have to have the same backdoors as western phones, right? When will chatGPT write secure firmwares for the box of old phones I got here.
>>24709glow
>>24738lol is this true? vry funny if so. however i dont see y israel/NSO needs a backdoor for the phones. they already own all the celullar towers. so in a theoretical world were hamas ain't an Israel proxy, and they rly is playin cat and mouse, can't they jus man-in-middle crack the channels and chats? is there sum insane Chinese-encryption scheme im unaware of?
>>24709Go back, feds.
>>24740Is it as safe as an i2p outproxy?
>>24744 (me)
Wait a sec. Why not just use an i2p outproxy instead of a VPN or proxychains? VPN leaks your IP address to your VPN provider and your VPN usage to your ISP provider. And VPN through i2p adds an extra performance hit. And proxychains are static unless you constantly change them yourself, neither do they provide encryption. And VPNs and proxies weren't designed for anonymity in the first place. So what do VPN through i2p and proxychains do better that an i2p outproxy does not?
>>24742>lol is this true?yeah there was some reports at the time
>they already own all the celullar towersexactly, which is why the reports seemed like bullshit
>>24745>very good tip indeed.what is a very good tip?
Unique IPs: 29