Everything I say will be generally speaking for all privacy communities so not specific to this community or another one unless I say otherwise in a short section.

Almost every single time I start a topic or make a reply and also many of the posts I read because they are interesting, there's always this one guy or several guys who have to say the same old argument about "that's tin foil, feds don't do that, unless you are a president or something like that then you don't need to have that in your threat model".

That's the divide I'm talking about because the privacy community can be split into two categories that are opposed to each other on that point. And it's a big issue because it becomes core in the types of discussions we can have.

For example in techlore's community they are very much against people who take privacy seriously. If you go to there community and start talking about leaving phone at home, using grapheneos, qubesos, intel me, etc, you will get run over by lots of angry people telling you not to talk about that and then you get censored and maybe banned. Techlore himself have made several videos recommending against grapheneos and he prefers Google. I mentioned that community because I think it's at the extreme end of the spectrum of this divide.

The problem with all the people on that end of the divide is they can't know what they're saying is true but they are saying it like its a fact. Where are they even getting those ideas from? Are they insiders working high up in the ranks for intel agencies like fbi, cia, nsa? Are there basically hundreds of Edward Snowdens out there? I don't think so.

I think the cause for the divide is unfortunately political. It's about where are you getting your news from and which political party do you prefer. We're not going to talk about that in this topic more than to say I think that is the cause of the divide.

Technology is great to discuss because it's just logic and facts and objective arguments. But bring in politics and it becomes a mess and that's the problem with this divide in the privacy community.

There's also another possible cause which is actually very likely as well, which is that at least some of the people on that side of the divide are feds spreading propaganda to get us to lower our guard against them.

The problem with both sides of the divide trying to talk to each other is all the unknown data we deal with in privacy and security discussions. And there is a lot of those unknown data. Those black holes get filled with arguments based on the political ideas from their side of the divide. It's just not possible to have discussions with people on the other side of the divide.

With all that said I think privacy@lemmy.ml is one of the best privacy communities and have done a good job trying to get both divides together but personally I mostly just try to ignore the ones from the other side of the divide and listen to only those on the same side of the divide.

Make your voice heard. Tell your government that chatcontrol is not something that we will agree on!

Links: EU document Links:patrik breyer website

Hello, while I use frontends where possible in place of the original websites/apps I do find it interesting that some of them, mostly referring to the Youtube ones still allow you to login normally? I understand this is to bypass blocks and that in theory the frontend still tries to limit what it sends back to Google but in practice how does this work without killing the privacy aspect?

It's so difficult with so many options and all these bullshit "discounts", coupled with the fact that different VPNs charge different prices based on what country you're connecting from...

What is the cheapest functional VPN you've come across? Bonus points if it supports IPv6.

Hi guys,

do you know a good and privacy friendly way to pay with your phone (like Google Pay)? I am using Graphene OS on a Pixel 8 and lice in Germany so some services might not be available here 🙈

from the new-breed-of-surveillance-statists dept

Introduction

8 days ago I made this post asking for the most controversial privacy topics. My first post answering a controversial question got so few upvotes that it was almost my worst post to date. I don't do these for upvotes, though. I do them for fun :)

So, with that, here is the second post demystifying some controversial privacy topics. @TranquilTurbulence@lemmy.zip asked "VPN: essential or snake oil?"

I try to avoid topics that have been thoroughly answered multiple times, or has such a direct answer that it would be too short to make a post about. This topic is a bit of both, but worth writing anyway, because I do have my own insights.

Some people didn't like that I break the main question down into multiple sub questions. It is valid criticism, but it's my style of writing, so I will stick to what I'm good at.

What does a VPN do?

A Virtual Private Network (abbreviated "VPN") is a way of proxying your internet traffic through a third party. There are many reasons why you would want this:

Hiding your IP address: VPNs will replace your IP address with a random IP address assigned by the VPN provider. IP addresses are unique to your router, meaning you can be uniquely identified. IP addresses are usually static, meaning it never changes, but sometimes your ISP may assign you a dynamic IP address, which will change every few months or so. If you open up ports on your router (for various purposes), it can leave your network vulnerable to certain attacks as long as the attackers know your public IP address.

Hiding your location: Your IP address can narrow your location down to the city you live in. In some cases, such as shared Wi-Fi (like on a college campus) or public Wi-Fi, the IP address can be more easily identified to the specific block or building you are in. Any internet connection made can see your IP address, and can automatically use that to attempt to locate you.

Encrypting your traffic: VPNs can allow your traffic to be encrypted, so that your ISP or other people connected to the same network can't see which sites you visit or (in some cases) what data is sent. The reasons why this is important are too long to list, but you can work it out on your own.

Network based ad blocking: Some VPN providers allow you to block ads before they even reach your device, which can increase your loading times and save you data on metered connections. This can be achieved without a VPN through your own DNS filters, but it is a feature of VPNs too.

Access blocked content: VPNs can be used as a way to bypass censorship if your network regulates your traffic (such as at an office or school). A VPN can bypass these restrictions, allowing you to access content freely.

Accessing region-specific content: Content on streaming services such as Netflix, video sharing sites such as YouTube, or many other services may restrict what content is available to you based on your country. A VPN can allow you to bypass these restrictions in some cases.

Those can all be ways to enhance your privacy, security, anonymity, and freedom while browsing the internet. VPNs do come with some downsides, though.

What are the downsides of using a VPN?

When you browse the internet without a VPN, you are placing your trust in your ISP or cellular provider to uphold your privacy, and placing trust in the network devices such as your router to uphold your security. In practice, that is almost never the case. Using a VPN doesn't automatically make it more trustworthy, but it does place that trust in the hands of your VPN provider instead. Some VPN providers are more trustworthy than others, but there are good options to choose from. You still have to trust an entity to uphold your privacy and security, but VPNs can be a much better place to keep that trust.

Not everyone may want to use a VPN though. Besides distrust, VPNs have other downsides. VPNs will slow down your internet speeds, may block certain functions such as torrenting, and may incriminate you in some countries. Ultimately, the choice to use a VPN is yours.

If you believe the upsides outweigh the downsides, then a VPN is a good tool to have. If your threat model requires anything a VPN provides, it's an essential tool. Some functions of a VPN can be achieved through careful setup of a DNS and elite anonymity proxy, but VPNs will always be the easiest option.

Which VPN providers are the best?

There are currently 3 top VPN providers for privacy. All of them are open source, and all of them have their pros and cons. I haven't listed every feature for each, but here are the notable differences:

Proton VPN

Proton VPN provides a free tier VPN with some functionality limited, as well as a premium tier if you have a Proton subscription. If you already have a Proton subscription already, and don't mind putting all your eggs in one basket, Proton VPN is a good option.

Mullvad VPN

Mullvad VPN is probably the most private VPN available. It is only paid, but it allows you to pay any way you want, including cash and cryptocurrencies. No signup is required, because you are given a randomly generated account number for payment. You can regenerate the number at any time.

IVPN

IVPN is unique and relatively unknown. The main benefit I see is that it is the only VPN of these three that is available on Accrescent for Android, allowing you to have extra confidence in the integrity of the app. Eventually Mullvad VPN and Proton VPN will be available on Accrescent.

These VPNs will uphold your privacy and security, and won't log your internet traffic. VPNs in the past have been used to aide law enforcement by handing over those logs, so it is good that these don't.

Conclusion

VPNs can be an essential tool if you need them, and there are options that respect your privacy. Always be aware of the risks, no matter how trustworthy a VPN provider may be. Thank you for reading!

- The 8232 Project

Has anyone else received stuff like this?

I knowledge there is a lot of dns filter available on the internet. I use a lot of them in my pihole system, next dns, and adblocker .But in some way i found that they don't contain a lot of domains. Maybe they are not tracking or ad but i found that if you block them there is no effect. So I'm making a list of them. So do you have your own list? That one i made is too strict most Google services don't work without them but I'm good without it. So i want to know if you known about any of these unnecessary domains. If you known please share for everyone.

Which one will you choose ? Also what you guys think about the adguard https filter in the view of privacy ?

I can’t use them because I can’t convince anybody to switch with me. I talk to most people on discord and I’d rather move to using Matrix, but I can’t convince any of my friends or family or anyone I know to use anything else.

I'm thinking of getting a fairphone in the future. I like that they are modular and last a while. Are they easily customizable to where I can flash a different ROM? Is the default configuration private?

They all have iPhones and Google Android. Since all my calls and text messages are monitored on their phones, am I causing any additional harm to myself by using Google Messages on GrapheneOS? That way I could at least use RCS messaging.

Supposedly, he sells out of his phones but I haven't seen any review or unboxing videos for the Brax 3. I know that you can ask for iodeOS or Ubuntu touch.

If I created a Udemy account with my Gmail, then what's the difference between signing in with email and signing in with Google? Thanks in advance.

I've been play around with ollama. Given you download the model, can you trust it isn't sending telemetry?

This is not a long post, but I wanted to post this somewhere. This may be useful if someone is doing an article about Google or something like that.

While I was changing some things in my server configuration, some user accessed a public folder on my site, I was looking at the access logs of it at the time, everything completely normal up to that point until 10 SECONDS AFTER the user request, a request coming from a Google IP address with Googlebot/2.1; +http://www.google.com/bot.html user-agent hits the same public folder. Then I noticed that the user-agent of the user that accessed that folder was Chrome/131.0.0.0.

I have a subdomain and there is some folders of that subdomain that are actually indexed on the Google search engine, but that specific public folder doesn't appear to be indexed at all and it doesn't show up on searches.

May be that google uses Google Chrome users to discover unindexed paths of the internet and add them to their index?

I know it doesn't sound very shocking because most people here know that Google Chrome is a privacy nightmare and it should be avoided at all times, but I never saw this type of behavior on articles about "why you should avoid Google Chrome" or similar.

I'm not against anyone scrapping the page either since it's public anyways, but the fact they discover new pages of the internet making use of Google Chrome impressed me a little.

Edit: Fixed a typo

Hi,

I'm looking for a E2EE and decentralized (or self hosted) videoconferencing that would have the following feature

• video or voice-only call
• share screen
• files transfer (optional)
• text chat

( all of it E2EE )

I'm considering Jitsi meet, that seem the meet those requirements

Do you know better alternatives or do you have remarks about Jitsi ?

Thanks.

Mornin' Been wondering if I should install GOS on my Pixel8 or keep my present setup with TC. I'm not conversant with the mechanics behind TC but it feels right to me. I don't use Google Apps and have been on F-Droid more often then Google Play. I do have a few apps which require net access hence using TC.

What say you..?

I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can't just "install Linux" on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP's latest version, imptoves upon it's security and significantly hardens it. There's hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you're using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can't work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn't the friendliest but you can get help. Just don't try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let's have a discussion!

EDIT: Just thanking everyone for the thoughtful responses. Really enjoyed reading everyone's takes here and will definitely think on things moving forward and try various configurations out!

Hi all, interested in your thoughts here. Recently signed up for Proton Unlimited via Black Friday sale mainly for email/VPN/drive. For passwords I've been happy with Bitwarden and DDG for email forwarding (plus you get a duck.com address which is just fun).

If you were me would you move over to ProtonPass to streamline, or keep these things broken up? On one hand I don't want all my eggs in one basket, on the other hand I feel like it means I am trusting my info to one Swiss-based org vs Proton + DDG/Bitwarden which are US based. Plus if I am paying for a service I feel a little less like the product in the long term.

Feel pretty ok with both options as my main objective is de-Googling, but interested to hear what has worked well for others. Appreciate any input!

Up until like a year or two ago, YouTube links always used to be pretty clean. The format was youtube .com/watch?v=[video_ID]. A year or two ago, they started adding a tracking suffix on, so it would be youtube .com/watch?v=[video_ID] &si=[tracking_ID].

Over the last day or so, I've noticed links with a different format, youtube .com/watch?v=[video_ID]&pp=[tracking_ID] - only the pp= string is much longer than the si= string. This can only be because they're including more information in it. What that information is is anyone's guess.

This is basically a PSA to watch YouTube links more carefully, as people are by and large complacent with them (moreso than other links) and never even realised the si= change, let alone this new pp= change.

It could also be that the change to pp= is meant to circumvent communities, like this one, which automatically filter out the si= suffix. They may have decided to address that, then took the opportunity to make their tracking more severe.