TL;DR: it takes little effort to use ungoogled-chromium, searX has average results, DDG might be hiding something.

---

I don't think you need to put any effort to use ungoogled-chromium - it's literally just a drop-in replacement for Goolag Hrom and Chromium.

Actually, never mind, you do need to put a bit of additional effort if you want to install more add-ons than you had before when transfering your user data from Hrom to ungoogled-chromium. But it's not a lot, really: https://github.com/NeverDecaf/chromium-web-store

And about searX having good results... no, I don't think so. I think searX results are average because

1. search engines block searX instances,
2. even if they're not blocked, the results are weak, even when you choose big providers/violators such as Google, Bing, Yahoo,
3. even if the results are not weak, they are mixed in weird ways, such as a full page with only one search engine.

I think the third problem is especially serious because searX has (or at least used to have) a bug where the results don't go beyond the first page. Of course, it depends on the instance you use, settings, and time of usage, but still.

And yeah, we might not know everything about DDG, but unless it turns out DuckDuckGo has been bought by Macroshaft (or some other big corpo), I'll continue using it. And if that thing happens, I'll just privately host a searX instance because both Mojeek and Wiby.me suck, unfortunately.

I'd scour the offers out there for cheap dedicated servers (if your budget allows the luxury). There are a number of companies offering ARM platform which will work just fine for most uses. Some of those can be had for $10-20 a month. Downside is you aren't going to do lots of nested virtualization on those. Maybe Docker.

I'd find cheapest ARM offerings and use them for single task sort of chores.

There is older generation gear piled up all over and it can be cheap rental. Straight Intel and AMD gear. Can slice and dice your server up real good and do everything.

Like here (no clue about their general reliability or private customer tolerance): https://billing.dacentec.com/hostbill/index.php?/cart/dedicated-servers/

There dedicated servers start at $20 a month.

Other companies out there like OVH which host a lot of sketch on their big fat network, but may be a sign up issue.

Fappening did NOT BREAK apples 100% perfect cloud cryptography, it brute guessed famous peoples phones via their phone numbers to start, plus a dictionary attack.

Not even APPLE EMPLOYEES or ENGINEERS can ever ever EVER see your private photos stored in Apple's Cloud for iOS, without a password.

This was proven in federal court cases by FBI.

The reason is simple a password, or access to cypto hardware key on Phone are needed.

The Fappening of Apple was because the REMOTE login to Apple icloud allowed thousands of guesses per second per IP, instead of one guess per second, and all the so-called hacked people had 5 digit or 5 letter or less passwords and a simple dictionary attack was used.

The Fappening can happen again, but not a risk from apple engineers, it requires a person to store entire phone backup as a giant dmg on icloud (like before) and request a full restore to a new ios device or virtual device (like before in first Fappening)... but also still a PASSWORD or access to original hardware, but now the password is barely once per second with a cuttoff per day of XXX guesses.

Apple iCloud is the most secure cloud in the History of Technology!

That said, I do not nor ever have used Apples iCloud and rip iCloud out forcefully out of laptops to prevent accidental app usage. If you open a word processor document, and paste a bitcoin wallet password momentarily in a open text window WITHOUT SAVING, the 2021 macs will shadow copy it in case power goes out, to a fucking goddamned evil iCloud unless you rip out this so-called MOSSAD feature.

Apple iCloud has never been hacked and is 256 bit unhackable and always has been. 128 bit for most other nations of Apple iCloud... no comment for Chinese Apple iCloud.

https://support.apple.com/en-us/HT202303

The Fappening be like

forget cloud, forget VPS. Always rent a discrete private little server on a rack, with a dedicated IP, with all of machine for your use, and test to make sure you are not "virtualized" and being lied to using low level tools.

this just happened this week with OpenVZ template for Debian 10 - and from the official source allegedly - meaning many providers were backdoored).

TRUE! shocking and true !

Vulnerability in Plesk SolusVM Debian 10 template - "debianuser" backdoor/default user:
https://www.lowendtalk.com/discussion/169685/vulnerability-in-solusvm-debian-10-template-debianuser-backdoor-default-user

From that :

Please check your servers for a debianuser user. If so, you're probably best off wiping the whole thing and restoring from backups.

Thousands of VPNs now hacked by the NSA paying a engineer cash to make a "mistake" in Plesk SolusVM Debian 10

Other hacks harder to find than that though. That was comically easy to explain away as a mistake.

Apples' subverted SSL source code is far more evil nation-state sabotage of code by the NSA paying apple engineer to delete a couple key lines of source code.

Some say I am suspicious.

nah, you are properly woke. Good reply.

The spying I am discussing is

• the bluetooth probe of nearby devices deep in firmware
• the Wifi antennae name probe of nearby wifi devices deep in firmware
• the Assisted-GPS (A-GPS) of your location within 15 feet, to locate video cameras the next day.
• the microphone transcribing speech to text legally without court order and streaming text of all people whispering near your phone
• the remote spy query of all urls you might have used that phone for, and list of cookies , but only a fool uses a burner phone for anything except feeding it money (required to go online on alcatel to do this and other burners)

A burner phone should always be used for one single purpose , for one or two sites maximum. One being google mail setup, not google mail use.
If feeling adventurous... you might use the voicemail feature of your burner phone to reveal your phone number to your colocation host of your server, after all, you already gave them the google email tied to that burner anyways. use different burner for domain registrations. use different email too.

google requires a SMS every 90 days from suspicious people.

Some say I am suspicious.

"... SMS, or if waiting for new funds to appear on burner phone... KEEP IT OFF!!! Turning it on too long starts a mammoth remote series of Google Android complete firmware/OS/baseband updates to downgrade your phone/spydevice. NEVER USE the burner except to keep gmail alive..."

They still make flip phones.

I get the Android convenience of phone + browser to check the email address.

That Droid should ideally have some sort of firewall / blocking app installed. To regulate its chit chatting with the world.

Rambler made a lot of good points, here are more.

Best bet is ignore VPS, and is a colocation site and a rented device, allowing a real HTTPS SSL domain cert to a specific IP, then protect from DDOS using a service. It mainly prevents your RAM from being probed by other OSes on a machine: 8 different cpu chip exploits in 3 years allowed ram reading on shared servers.

Use a colocation rack host in .ru or use one that is used by some of the following :

dailystormer.su
vnnforum.com
www.stormfront.org
www.whitedate.net
nationalvanguard.org
unz.com
davidduke.com
niggermania.co
ostarapublications.com
jihadwatch.org

use two colocation locations by two providers, that way if one is taken down, your site can continue until you find yet another backup alternative colocation site that rents cheap machines

To get a colocation site, you need a google mail sometimes, not a "garbage email", but to get a google email you must have a SMS burner cell phone purchased in cash and maintained for 6 dollars a month with 90 day pre pay cards.

You use the SMS not just for gmail, but to activate the zipcode field of the new fucked up VISA Vanilla 100 dollar and 50 and 25 dollar gift cards that in May 2020 started banning setting a zip code on the card without a SMS text to an american domiciled A-GPS located cell phone. You can skip the zipcode setting if using a visa gift for www.expressvpn.com... for now. Buy gift cards in cash at small convenience stores far from home using a covered up face of a buddy , walking to store the last 300 feet. Your buddy will have a different "walking gait" than you in forensic stored videos.

never ever travel in a car with burner near another turned on cell, never charge it ever at your home, only use it to feed money into, via 90 day refill cards) 15 miles from your home... most will never work more than 15 miles from point of purchase for feeding money (I mapped out a circular pattern on my most recent burner) . use the burner to respond to 5 minute timeout SMS, while sitting in car at mcdonalds not near you using wifi after making a cash burger purchase. mcdonalds wifi in many areas allows VPN connections, some block all https in 2016 but no longer in 2021.you might have to use a VPN tunneling app, but most real VPNs allow app-less raw true VPN setup using scripts or field entry. Never visit the same mcdonalds twice. You must make one phone call on a burner cell once per 90 days of the cell will die and you lose all your effort. Just call a information service line , listen for at least 10 seconds and hang up... once per 90 days... far from home... when feeding it a card. Sometimes you need to wait for money to appear over an hour, and some phones auto self "update" with spy software if left on more than 4 hours. Turn phone off immediately if not making a call, or waiting for a 5 minute delay SMS, or if waiting for new funds to appear on burner phone... KEEP IT OFF!!! Turning it on too long starts a mammoth remote series of Google Android complete firmware/OS/baseband updates to downgrade your phone/spydevice. NEVER USE the burner except to keep gmail alive, and to allow storage of phone VOICEMAILS. Sites that want a phone number get your burner number, and use a buddies voice to record a non-suspicious "leave a message for XXXX" greeting on your phone.

Absolute true fact : NO BURNER NEEDED and NO ZIPCODE NEEDED for 2021 and 2020 purchases of EXRPESSVPN. NO VISA ZIP CODE FIELD NEEDED for EXRPRESSVPN via VISA gift 100 dollar prepay, the best and most private and fastest VPN there is :

https://www.expressvpn.com/

I use three VPNs and I recommend that one for all stages of setting up your colocation server and domain registration.

Paypal will bounce a visa gift card funding if you use it to create a colocation payment in usa or a VOIP phone account in USA... paypay lets it go through, but them later via FBI policy rescinds it and cancels it on the VOIP or Colo host in 2021 and 2020. This is why yu cannot use paypal, even with a working burner phone and a working google mail.

Bitcoin is traceable and makes you look suspicious. Monero is not traceable but no one takes that.

WARNING!!! Sometimes a colocation large facility will pull just your machine for 18 minutes and image its storage device, looking for who knows what, and then lie about why just your machine had power pulled for 18 minutes! This happens to me even if I rent colocation in large BANKING FACILITIES!!!! (I usually rent space in buildings where multinational banks house their machines on all coasts) Somehow the most corrupt and shady colocation farms are the ones that house international bank computers.

Fortune 500 firms and banks avoid this by renting entire "locked cages", and requiring armed guards to babysit their field contractors when unlocking a locked cage. I only rent racks not cages of racks, so I sadly get my machines imaged by spooks. Storing your entire OS encrypted helps a bit. Renting a cage is actually not too expensive, but looks silly if you only use two racks in a whole height locked cage. Apple and other companies make/made servers that wipe all RAM if someone tries to cut a hole into a server lid to attach a bus probe vampire tap to a SATA or NVMe line, then shut down. In 2021, you would merely place two foreward and rearward facing cheap web cams, looking for frame-difference video movement, and a vibration sensor on a usb line, together as a logical sequence, to force a mayday outbound and a forced double-bus-fault instant reboot. Nothing in OSX/Linux/Windows can stop a double-bus-fault instant reboot. It cannot be delayed even one microsecond. The spooks pull your TCP/IP switch a minute prior to tampering with your machine, always, so you need a once every two minute special ping to a external watchdog service that sends you SMS/Email on the infiltrated machines behalf if not seen for XX minutes. I choose 5 minutes, with https two way non-faked payloads every 2 minutes, some colofacilities go 18 months between anomalies (chicago, germany, los angeles, but others drop every 6 months for entire multibackbone failures : UK, Atlanta, New York) No colocation goes over 18 months without a packet total drop, even if they all claim 2 weeks of autonomus zombie apocalypse diesel fuel. The root cause? ALWAYS A MINORITY HIRE IT VP. A Negro (atlanta, new york) or a muslim half wit (UK). The root cause of triple backbone failures at a massive building of thousands of machines is always a nigger minority hire. I spend a whole day researching after a city blackout to confirm. It is no consequence to me other than me having to re-image my machines for paranoia, because I have machines in 7 countries, and one retarded negro vice president of IT at a massive firm fucking up cannot make me suffer from Niggertopia.

NAME TO USE?

NAME? ADDRESS? use zaba search for a legit address and legit name of a generic famous last name 20 miles from you (https://www.zabasearch.com/), choose an apartment dweller. In USA case law, unless you are using a name for FRAUD of any form, it is not illegal yet in most states to misrepresent your identity. It it not illegal. visa gift cards goes through using ANY NAME YOU TYPE on any site. In the years prior to 2016 you had to type GIFT CARD RECIPIENT but no longer.

You cannot guarantee this with a VPS, no matter what the provider says

You have a lot of attack vectors as a customer using a VPS.

Providers can really easily peek on what you do with stuff like OpenVZ virtualization.

So I'd avoid OpenVZ if privacy is necessity (it rocks for other stuff though).

KVM is likely what you will want to use.

Best to get ISO install of OS from legit distro. Pre bundled easy to install options providers have there for 1 click style installs should be avoided. Might find users in there already by default as backdoors (this just happened this week with OpenVZ template for Debian 10 - and from the official source allegedly - meaning many providers were backdoored).

You also want a provider who is accustomed to and appreciative of privacy conscious customers. Most providers want nothing to do with such. They are all about in creepy way often knowing their customers too well (but they never say to you that are profiling and spying on you).

For payment, shield yourself with prepaid cards (Visa, Mastercard, etc.).

Drop your personal details. Create a persona with info that checks out long before signing up. Give your little foot soldier their own Twitter and randomly pile stupidity in there. Create a free privacy email address just for this use.

Location is another thing. 5/19/14 eyes are to be avoided. However, there is legal nexus between any business doing biz anywhere and then also doing biz in one of those countries. Meaning the shop with 5 locations, one of which is private while 4 are in 5/9/14 countries has little to do but comply with 'authorities'.

Basically on provider side you end up dealing with either totally privacy focused companies or one of a handful of long time in the trench companies. Those companies can be good. But know you are moving into a sketchy neighborhood. If you are hosting legit content there, might be algorithmic bias and rank drop in search and other punishments from the corporate net controllers.

As far as naming a company, not endorsing anyone freely or otherwise. I have a few I have used for a decade plus. Emphasis on long term existence and durability of shops vs. cheap hobby hosts that come and go and are useless unless downloading piracy and bulk data and onto the next one quickly.

Storage - that's big deal with VPS. Make sure your OS is boot time encrypted so it's not simple to spin it up. LUKS is solution for this and baked into many OS installs today as option.

BUT! That's solution for boot. You need a second volume otherwise encrypted for your critical data. Isolation is a thing. Different crypto, different keys.

Providers that offer mapable storage - block or other forms of storage are good for your use. Confuses things a bit more and can bring those up and down often in short notice. So you decouple to some extent your vital stuff from the OS itself.

Lots to consider.

i mean the vps doesnt see wat i do

What specifically are you looking for?

Privacy in the registration process, privacy friendly VPS location(s)? Not many providers (willingly) allow you to sign up without non-identifiable information. Most of the "privacy web hosts" think that just allowing BitCoin as a payment option is somehow "privacy" but then ask you for your name, address, phone number, etc.

Find a server location outside of the 5/9/14 eyes ( https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/ ) and a provider offering KVM or Xen based Virtual Servers (Though KVM is more popular nowadays). Don't use their premade Linux images, install your own ISO and VNC in and encrypt the disk via LUKS.

I plan on writing up a guide for /f/webguides eventually on installing Debian 10 on a VPS with LUKS disk encryption which will be the same process for virtually any KVM VPS provider. It's been on the to-do list with like 500 other items.

... unless you are using tor's transparent proxy feature.

tor browser is free too, you are the product. :^)

I kind of meant not to run any browser or if so avoid javascript. but... Lynx?

for safety, Lynx doesn't support Javascript, but many web sites, including dark net ones, idiotically require javascript.

Links...?

Lynx and elinks does not support JavaScript, but Links does: sudo apt-get install links then to compile Links with JavaScript support, use the configure option --enable-javascript ... etc

https://softwarerecs.stackexchange.com/questions/11678/text-based-browser-that-runs-javascript

I would avoid the javascript entirely if possible, or use a remote proxy doing all the javascript and rerendering back through tor to your location

Thank you!!!!!!

This is quite brazen of them.

Some of it might be laziness of checking out mods to chrome source they depend on, rather than their possibly obfuscated source alterations.

No way to tell probably without compiling or downloading chromium yourself and confirming what they try to patch over : https://github.com/brave/brave-browser
and https://github.com/brave/brave-core

And now I think you are on to a money avenue they are seeking....

.... if a program is Free... then YOU are the Product

DNS LEAKAGE spotted 23 hours ago from ramble research and formally reported 23 hours ago !:

.onion request in regular window should also avoid DNS leakage #14261:
https://github.com/brave/brave-browser/issues/14261

"No fancy web browsers"

What about lynx?

Thanks for the share.

I am reading and trying to get my head around what is posed there.

This--> "...If you connect to a VPN over Tor, this traffic separation goes away completely..."

People go connecting to their VPN via Tor? That's not ahh bright.

Normally: Computer ---> REMOTE VPN ---> TOR

No single tunnel there like claimed. Sure VPN is, but it's a drop in replacement in essence for your local gateway. Normal pedestrian leakage of IP and you get the VPN IP instead of your actual IP. More advanced leaking, well, nothing is saving you.

Then there is this ---> there's the matter of trust to consider again. Alice must be sure her VPN provider is worthy of the trust she will be placing in it. She must have paid her VPN provider in a way that can't be traced back to her. She must be sure that the VPN provider doesn't keep traffic or connection logs. She has to trust herself to never mess up and connect to her VPN without Tor. And for this VPN to be of any benefit at all, she must convince herself that her adversary can't somehow work with the VPN provider, compromise the VPN provider, or work with/compromise ISPs and ASes near the VPN provider.

This is why you need real provider for VPN that is exercising maximum transparency and who answers the tough questions. A compatible philosophy they live by is most important. But have to implement thing, not just lip service.

Same argument made for trust thy VPN provider NOT --- can be 100% extended to your ISP and its upstreams. This is why crypto matters and everything should be encapsulated in something, ideally multiple wrappers.

Peel back a layer of this and there is another layer - if your protection is working effectively.

For VPN to work in this mix you need provider that doesn't want to intimately knows its customers.

• Zero knowledge of customers.
• Anonymous payments (prepaid cards, cash, privacy coins, barter).
• No name or info required to maintain account. No logs on the servers.
• Forced DNS that is scoured clean of fluff and abuse 3rd party noise.
• Something better than a warrant canary - how about full posting of all abuse@provider inbound emails automatically?

That's a decent start.

You will see that around here soon as a thing. Cause the VPN industry is a marketing scam most of it. Gets exploited and they toss more into ad buys and placement spots. Fake privacy niche is a real tragedy.

Wear your web condom with a VPN, then Tor...

Please see https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h/

I think the recent arrest news should tell us that Tor is not completely anonymous.

Here's how to be 99.99% anonymous:

• Buy 2nd hand laptop
• Park outside a library with free Internet
• Use something like Tail OS to further hide your identity

So how about that Brave :)

A month ago Aspenwu was saying look out.

Rambler posted it.

Then we made this: https://ramble.pw/f/privacy/2387/brave-browser-leaks-your-tor-onion-service-requests-through

Since then Brave continues to graft garbage into their browser. Like putting NEWS reader in it. Thing constantly phoning home ET...

Brave isn't any longer allowed in my environment unless quarantined in contained machine for testing their broken stuff.

Pretty good list

So once again ads bite users in the rear.

Decoupling ad blocking from the browser would be darn smart (ublock origin is simply awesome - so far).

Ad blocking on browser layer should be done via plugins / addons.

Question is what is / was Brave shipping out - calling home - to check? Is Brave saying here is a domain that cleared in the browser, let's call home remotely to verify? That's what it appears.

That isn't a feature. That is Brave collecting lookups unknown to those running the browser. When I do a lookup I expect MY DNS SERVER to deal with it. I don't expect the browser to go talking behind my back.

Terrible 'feature' that should be removed. It is distributed intelligence and I understand that pursuit well. However, it is something people ought to opt into and be aware of.

So yes, Brave likely has been logging onion addresses also and internal domains and other private things they should never be seeing. What is being done with that data and where is note of handling and destruction thereof?

Funnier though is Brave should have seen these onion address lookups whenever 'bug' was introduced. Smart people know those don't belong there. Something isn't right about all of this. Doesn't pass sniff test.

It is up to Brave to prove what they are or aren't doing. I don't believe it until someone speaks and provides code and breaks it down for non coders.

We made mass media about this :) ZDNet on MSN.

https://www.msn.com/en-us/money/other/brave-browser-leaks-onion-addresses-in-dns-traffic/ar-BB1dPSnS

Brave browser leaks onion addresses in DNS traffic Catalin Cimpanu 11 hrs ago

Added in June 2018, Brave's Tor mode has allowed throughout the years access to increased privacy to Brave users when navigating the web, allowing them to access the .onion versions of legitimate websites like Facebook, Wikipedia, and major news portals.

But in research posted online this week, an anonymous security researcher claimed they found that Brave's Tor mode was sending queries for .onion domains to public internet DNS resolvers rather than Tor nodes.

While the researcher's findings were initially disputed, several prominent security researchers have, in the meantime, reproduced his findings, including James Kettle, Director of Research at PortSwigger Web Security, and Will Dormann, a vulnerability analyst for the CERT/CC team.

Furthermore, the issue was also reproduced and confirmed by a third source, who also tipped off ZDNet earlier today.

The risks from this DNS leak are major, as any leaks will create footprints in DNS server logs for the Tor traffic of Brave browser users.

While this may not be an issue in some western countries with healthy democracies, using Brave to browse Tor sites from inside oppressive regimes might be an issue for some of the browser's other users.

Brave Software, the company behind the Brave browser, has not returned a request for comment sent before this article's publication earlier today.

Over the past three years, the company has worked to build one of the most privacy-focused web browser products on the market today, second only to the Tor Browser itself.

Based on its history and dedication to user privacy, the issue discovered this week appears to be a bug, one the company will most likely hurry to address in the coming future.

Update: Minutes after this article went live, the Brave team announced a formal fix on Twitter. The patch was actually already live in The Brave Nightly version following a report more than two weeks ago, but after the public report this week, it will be pushed to the stable version for the next Brave browser update. The source of the bug was identified as Brave's internal ad blocker component, which was using DNS queries to discover sites attempting to bypass its ad-blocking capabilities, but had forgotten to exclude .onion domains from these checks.