gab is run by total fuckups more news at 11

"No fancy web browsers"

What about lynx?

Thanks for the share.

I am reading and trying to get my head around what is posed there.

This--> "...If you connect to a VPN over Tor, this traffic separation goes away completely..."

People go connecting to their VPN via Tor? That's not ahh bright.

Normally: Computer ---> REMOTE VPN ---> TOR

No single tunnel there like claimed. Sure VPN is, but it's a drop in replacement in essence for your local gateway. Normal pedestrian leakage of IP and you get the VPN IP instead of your actual IP. More advanced leaking, well, nothing is saving you.

Then there is this ---> there's the matter of trust to consider again. Alice must be sure her VPN provider is worthy of the trust she will be placing in it. She must have paid her VPN provider in a way that can't be traced back to her. She must be sure that the VPN provider doesn't keep traffic or connection logs. She has to trust herself to never mess up and connect to her VPN without Tor. And for this VPN to be of any benefit at all, she must convince herself that her adversary can't somehow work with the VPN provider, compromise the VPN provider, or work with/compromise ISPs and ASes near the VPN provider.

This is why you need real provider for VPN that is exercising maximum transparency and who answers the tough questions. A compatible philosophy they live by is most important. But have to implement thing, not just lip service.

Same argument made for trust thy VPN provider NOT --- can be 100% extended to your ISP and its upstreams. This is why crypto matters and everything should be encapsulated in something, ideally multiple wrappers.

Peel back a layer of this and there is another layer - if your protection is working effectively.

For VPN to work in this mix you need provider that doesn't want to intimately knows its customers.

• Zero knowledge of customers.
• Anonymous payments (prepaid cards, cash, privacy coins, barter).
• No name or info required to maintain account. No logs on the servers.
• Forced DNS that is scoured clean of fluff and abuse 3rd party noise.
• Something better than a warrant canary - how about full posting of all abuse@provider inbound emails automatically?

That's a decent start.

You will see that around here soon as a thing. Cause the VPN industry is a marketing scam most of it. Gets exploited and they toss more into ad buys and placement spots. Fake privacy niche is a real tragedy.

Of course, the actual way of fighting fire with fire is by using explosions.

Wear your web condom with a VPN, then Tor...

Please see https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h/

Where's the beef?

See the moderation log over to your right. It's public about what action is taken by mod(s) per the software.

Aside from illegal insanity it's as free here as you are going to find anywhere these days. Much freer than the big platforms.

Just drink water, it's good for your health :)

I think the recent arrest news should tell us that Tor is not completely anonymous.

Here's how to be 99.99% anonymous:

• Buy 2nd hand laptop
• Park outside a library with free Internet
• Use something like Tail OS to further hide your identity

Amen! Support small biz always. Most workers are employed by small businesses.

However, with all the tax complexity and tech infiltration, those smart registers are hell on earth.

Avoid signing up for rewards / frequent buyer stuff unless you provide them with manufactured data. A good straw man just for that is recommended. Or a few... Give the person their own VOIP number, own freebie privacy email address, etc.

So how about that Brave :)

A month ago Aspenwu was saying look out.

Rambler posted it.

Then we made this: https://ramble.pw/f/privacy/2387/brave-browser-leaks-your-tor-onion-service-requests-through

Since then Brave continues to graft garbage into their browser. Like putting NEWS reader in it. Thing constantly phoning home ET...

Brave isn't any longer allowed in my environment unless quarantined in contained machine for testing their broken stuff.

I think another good thing to be in a habit of doing is support local small businesses. You are significantly more likely to be tracked by McDonald than your local takeaway shop.

Pretty good list

Browsers leak. Utter sh!tware they are. Bloated. Bad quality control.

Tried Puppy Linux? http://puppylinux.com/

distrowatch.com is an old favorite of mine for discovering new distros.

All about color. Too bad she gets labeled as 'black' when she is equally Indian.

Indians (from India) are a minority in the US. Something significant in itself and newsworthy.

Like her father's family (who is of African descent) being prior slave owners.

Divide and conquer nonsense politics. Last time I checked a few layers deep everyone is about a shade of watermelon, even whitey.

This nonsense...

Gab downed themselves...

Why?

------------____

At 6:09pm EST Gab became aware of several accounts that were posting bitcoin wallet spam and related content. At 6:25pm out of an abundance of caution we brought the site offline in order to immediately assess the situation, solve the problem, and get Gab back online as soon as possible. Because of our quick action zero bitcoin was sent to any of the addresses posted and the affected accounts have been secured.

Because some Bitcoin crud on their platform? So pull whole site and everything in it down?

I have no faith in that site.

Correct, 17 minutes ago or so it came back, also as seen on :
https://downdetector.com/status/gab/

GAB SHUT THEMSELVES DOWN for hours! proof ::

https://news.gab.com/2021/02/19/gabs-february-19th-outage/

At 6:09pm EST Gab became aware of several accounts that were posting bitcoin wallet spam and related content. At 6:25pm out of an abundance of caution we brought the site offline in order to immediately assess the situation

Nothing is bulletproof.

OPSEC and general sanity is a process of refinement. Have to practice the craft or you just become another tool in their box.

I think it's futile to aim for 100% anonymity. We should not make it easy to track us for sure but we must also be prepared to fight in the open.

I can access it. I read some posts on Gab saying it was shutdown temporarily for maintenance.

So once again ads bite users in the rear.

Decoupling ad blocking from the browser would be darn smart (ublock origin is simply awesome - so far).

Ad blocking on browser layer should be done via plugins / addons.

Question is what is / was Brave shipping out - calling home - to check? Is Brave saying here is a domain that cleared in the browser, let's call home remotely to verify? That's what it appears.

That isn't a feature. That is Brave collecting lookups unknown to those running the browser. When I do a lookup I expect MY DNS SERVER to deal with it. I don't expect the browser to go talking behind my back.

Terrible 'feature' that should be removed. It is distributed intelligence and I understand that pursuit well. However, it is something people ought to opt into and be aware of.

So yes, Brave likely has been logging onion addresses also and internal domains and other private things they should never be seeing. What is being done with that data and where is note of handling and destruction thereof?

Funnier though is Brave should have seen these onion address lookups whenever 'bug' was introduced. Smart people know those don't belong there. Something isn't right about all of this. Doesn't pass sniff test.

It is up to Brave to prove what they are or aren't doing. I don't believe it until someone speaks and provides code and breaks it down for non coders.

We made mass media about this :) ZDNet on MSN.

https://www.msn.com/en-us/money/other/brave-browser-leaks-onion-addresses-in-dns-traffic/ar-BB1dPSnS

Brave browser leaks onion addresses in DNS traffic Catalin Cimpanu 11 hrs ago

Added in June 2018, Brave's Tor mode has allowed throughout the years access to increased privacy to Brave users when navigating the web, allowing them to access the .onion versions of legitimate websites like Facebook, Wikipedia, and major news portals.

But in research posted online this week, an anonymous security researcher claimed they found that Brave's Tor mode was sending queries for .onion domains to public internet DNS resolvers rather than Tor nodes.

While the researcher's findings were initially disputed, several prominent security researchers have, in the meantime, reproduced his findings, including James Kettle, Director of Research at PortSwigger Web Security, and Will Dormann, a vulnerability analyst for the CERT/CC team.

Furthermore, the issue was also reproduced and confirmed by a third source, who also tipped off ZDNet earlier today.

The risks from this DNS leak are major, as any leaks will create footprints in DNS server logs for the Tor traffic of Brave browser users.

While this may not be an issue in some western countries with healthy democracies, using Brave to browse Tor sites from inside oppressive regimes might be an issue for some of the browser's other users.

Brave Software, the company behind the Brave browser, has not returned a request for comment sent before this article's publication earlier today.

Over the past three years, the company has worked to build one of the most privacy-focused web browser products on the market today, second only to the Tor Browser itself.

Based on its history and dedication to user privacy, the issue discovered this week appears to be a bug, one the company will most likely hurry to address in the coming future.

Update: Minutes after this article went live, the Brave team announced a formal fix on Twitter. The patch was actually already live in The Brave Nightly version following a report more than two weeks ago, but after the public report this week, it will be pushed to the stable version for the next Brave browser update. The source of the bug was identified as Brave's internal ad blocker component, which was using DNS queries to discover sites attempting to bypass its ad-blocking capabilities, but had forgotten to exclude .onion domains from these checks.

3 hours after my last comment.. Gab still appears down... same message...

tunnel into a unwitting persons router remotely, then use their point of presence, kind of like a http proxy relay but not a open proxy

not what i use, but would work, if javascript also remote :

https://www.proxynova.com/proxy-server-list/

https://fossbytes.com/free-proxy-list/

Do we really think it's good idea to drop v2 addresses soon?

I think they should run dual address stack.

Dummies. Everyone involved.

I like Veritas. They should have been ready for all this.

We shall all escape the slave plantations by running in every direction. Chaos. Then go silently to our alt nets. Free of their commercial hell. Left we shall be to deal with the intelligence groups.

That is far better than dealing with the intelligence apparatus and the corporate owners.