No. My accounts are not compromised despite China hacking my phone twice.

I'm using uBlock Origin, uMatrix, Cookie AutoDelete, Privacy Badger, Privacy Possum, Multi Account Containers, Facebook Container, Temporary Containers, ClearURLs, LocalCDN, Invidition, Redirector (for redirecting to Teddit). My setup is overkill lol

Good question.

I think most people are aware of the privacy aspects, at least subconsciously. Even those who are just your normal, every day, average internet users who have zero technical background make jokes about, "Wow, I was talking about this with a friend and now I'm seeing ads for it everywhere." So, in a sense, they're aware but they they think it's coincidental or not a big deal that they're receiving targeted ads. Some, may even find it convenient.

For fun, here is a list of some large data breaches in the recent years that would impact your normal, every day internet user:

(List below made from https://www.upguard.com/blog/biggest-data-breaches )

• CAM4, an adult streaming website, data breach with 10.88 billion records including: Full names, Email addresses, Sexual orientation, Chat transcripts, Email correspondence transcripts, Password hashes, IP addresses, Payment logs.

• Yahoo. The data breach of 2017 with an impact of over 3 billion users. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.

• Aadhaar data breach of 2017 impacted over 1.1 billion people. This massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details.

• First American Financial Corp. In May 2019, First American Financial Corporation reportedly leaked 885 million users' sensitive records that date back more than 16 years, including bank account records, social security numbers, wire transactions, and other mortgage paperwork.

• Verifications.io data breach. In February 2019, email address validation service verifications.io exposed 763 million unique email addresses in a MongoDB instance that was left publicly facing with no password. Many records also included names, phone numbers, IP addresses, dates of birth and genders.

• Facebook, impacting 540 million users.. In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more.

So, you asked:

You think this topic will be important for general public in years to come? Why?

It absolutely should be. 110% should be. But some people just don't care. A lot of the, "Well I have nothing to hide" crowd will willingly give away their information and not be absolutely outraged when it's misused or made available to the public through negligence or through malicious intent (or a combo of both).

Good call on Ghostery, I just looked into it, and you're right. I left it in the post but striked it out and added a warning.

HTTPS Everywhere, Privacy Badger, uBlock Origin + Nano defender and violentmonkey for some scripts.

For what I've known, Ghostery sells info, or had a polemic about that, I suggest you to check it and uninstall it, sometimes less is more.

I think it is! Even information that isn't new for some is new for others and it doesn't hurt!

Thank you. Do you think it's worth it to put together a similar article for all the major products and services?

Thank you. I will add those, I just hadn't gotten around to it at the point when this screenshot was taken.

Speaking more broadly, if there was an article like his on most major services and products (Facebook, iOS, Amazon) would that be an useful resource?

You dont have to. But personally I will just simply comply because it is far more convenient and less time consuming than fighting the law enforcement over such a minor issue especially when you know that you have done nothing illegal. The purpose of me encrypting my data is to prevent it from falling into criminals' hand, not to give law enforcements a hard time when they are trying to strike my name off the suspect list.

Bruh if they ask for passwords just delete and remove everything than providing that shit to those government stooges.

Looks well written and thorough.

There were a couple other cases like this (one in the UK IIRC): https://arstechnica.com/tech-policy/2020/02/man-who-refused-to-decrypt-hard-drives-is-free-after-four-years-in-jail/

The dissenting opinion was interesting, I wonder if this got kicked upstairs or did the prosecutors have other fish to fry.

Key Disclosure Law

within the united states your passwords are protected by the 5th amendment.

fyi at the border it's more of a grey area and they are trying to coerce and compel you to including some possible notion of holding the device for a week or so to inspect it before returning it. You still do not legally need give them the password or entry into the device.

keep in mind, fingerprints and other biometrics are not passwords and for a long time were not protected in the same way. In 2019 it was ruled in Cali to get the same protection, but I'm not sure how far that runs Link

From what I gather, judges usually rule key disclosure when the government already knows the information in the device and it's not for getting new evidence but making the evidence available to the court. In any case I don't think the cops can just lawfully request your key, like they can't search your house without a warrant on normal occasions. My question is what happens if you forgot your password for real? Is there any possibility for them to deny that you forgot it except rubber-hose cryptanalysis?

Source: https://en.wikipedia.org/wiki/Key_disclosure_law#United_States

In the USA i think they are free to take your stuff if you dont provide them the encryption password. But dont know for how long they can keep it...

I'd suggest

• A section for blocking internet access/trackers of apps w/ Netguard or Trackercontrol
• Adding Briar & Conversations to the texting section
• Maybe adding a link to using signal without giving out your phone number
• Mention of GrapheneOS

Otherwise seems good to me. Well done!

LOL of course they did.

just the common sense stuff adblock,password manager and a open source os or applications.

thats the way. also always think twice and give a small research time before joining any service. You can probably also benefit of a digital Detox.

I think setting up a pihole for them is a safe bet since they don't have to do anything. Other than that maybe a password manager with an add-on would be also low on convenience reduction. Or changing their browser to SecBrowser might be a good idea.

I recommend switching to a more secure browser (brave, firefox,...). Also i would recommend installing pihole on your network if you have a raspberry pi laying around. (Raspberry Pi 0 is about 5 dollars each + its really easy to set up).

Isn't it a security risk?

don't use brave they track your data thats how you earn crypto if you dont wanna use tor or I2P use firefox. firefox gives you the best privacy setting as far as clear net browsers

Your account(s) would be stored in users.json in the data directory.

I love ZeroNet.

The passwordless feature is neat but I have more than one device and I've not used ZeroNet enough to know how (or if possible) to sync the data between, say, a laptop and a desktop if I want the same ID. I'm sure it's just a stored key file or something, just haven't looked into it.

I'm not sure how to initiate ZeroNet on anything other than a Linux machine, and I can't see someone like most my relatives or friends doing that. Probably a desktop shortcut or app on Windows, I'd imagine?

I'm thinking of ways that just your normal person can experience the internet in a way that isn't too off putting to them, as an end user, but also in a way that values their privacy.

Testing with javascript disabled... Appears to work as well. Please let me know via PM or in /f/ramble of any errors you encounter so we can get them ironed out. Thanks!