It's pretty sad that most schools require Zoom despite them being pieces of shit. I don't really get why. It's not like Zoom has amazing functionalities that trump over stuff like Jitsi. I've been using Jitsi for a while now and I've literally lost zero functionality. I just send the students the meeting link and they open it on their browser and voila.

Tor Browser. I like not having to think about the stuff you mentioned. If you don't want to route over Tor for some reason, I'd suggest SecBrowser. It's Tor Browser without the Tor routing. With this, while having security, you don't even have to worry about fingerprinting since it's the same as regular Tor and you won't be making yourself unique with the addons you'd need to install on other browsers.

I moved from Firefox to Palemoon a while back and use it with a few extensions, including Secret Agent. Quite nice for poisoning any fingerprinters. It's Firefox with a few settings for privacy set by default.

The only issue I have with it is it's default homepage points to https://palemoon.start.me/start which is powered by startme.com. But that's easily changed.

Palemoon Homepage: https://www.palemoon.org

Secret Agent Homepage: https://www.dephormation.org.uk/?page=81

Let's use curl. Or socket programming for it? :D

I think so, yes. I think the privacy wiki as a one-stop shop is a great idea. I'd be willing to lend a hand when it comes online too.

I think privacy will be overshadowed by big tech antitrust lawsuits, people will care more about breaking up facebook and google than to introspect about why they are hostile by definition.

No. My accounts are not compromised despite China hacking my phone twice.

I'm using uBlock Origin, uMatrix, Cookie AutoDelete, Privacy Badger, Privacy Possum, Multi Account Containers, Facebook Container, Temporary Containers, ClearURLs, LocalCDN, Invidition, Redirector (for redirecting to Teddit). My setup is overkill lol

Good question.

I think most people are aware of the privacy aspects, at least subconsciously. Even those who are just your normal, every day, average internet users who have zero technical background make jokes about, "Wow, I was talking about this with a friend and now I'm seeing ads for it everywhere." So, in a sense, they're aware but they they think it's coincidental or not a big deal that they're receiving targeted ads. Some, may even find it convenient.

For fun, here is a list of some large data breaches in the recent years that would impact your normal, every day internet user:

(List below made from https://www.upguard.com/blog/biggest-data-breaches )

• CAM4, an adult streaming website, data breach with 10.88 billion records including: Full names, Email addresses, Sexual orientation, Chat transcripts, Email correspondence transcripts, Password hashes, IP addresses, Payment logs.

• Yahoo. The data breach of 2017 with an impact of over 3 billion users. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.

• Aadhaar data breach of 2017 impacted over 1.1 billion people. This massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details.

• First American Financial Corp. In May 2019, First American Financial Corporation reportedly leaked 885 million users' sensitive records that date back more than 16 years, including bank account records, social security numbers, wire transactions, and other mortgage paperwork.

• Verifications.io data breach. In February 2019, email address validation service verifications.io exposed 763 million unique email addresses in a MongoDB instance that was left publicly facing with no password. Many records also included names, phone numbers, IP addresses, dates of birth and genders.

• Facebook, impacting 540 million users.. In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more.

So, you asked:

You think this topic will be important for general public in years to come? Why?

It absolutely should be. 110% should be. But some people just don't care. A lot of the, "Well I have nothing to hide" crowd will willingly give away their information and not be absolutely outraged when it's misused or made available to the public through negligence or through malicious intent (or a combo of both).

Good call on Ghostery, I just looked into it, and you're right. I left it in the post but striked it out and added a warning.

HTTPS Everywhere, Privacy Badger, uBlock Origin + Nano defender and violentmonkey for some scripts.

For what I've known, Ghostery sells info, or had a polemic about that, I suggest you to check it and uninstall it, sometimes less is more.

I think it is! Even information that isn't new for some is new for others and it doesn't hurt!

Thank you. Do you think it's worth it to put together a similar article for all the major products and services?

Thank you. I will add those, I just hadn't gotten around to it at the point when this screenshot was taken.

Speaking more broadly, if there was an article like his on most major services and products (Facebook, iOS, Amazon) would that be an useful resource?

You dont have to. But personally I will just simply comply because it is far more convenient and less time consuming than fighting the law enforcement over such a minor issue especially when you know that you have done nothing illegal. The purpose of me encrypting my data is to prevent it from falling into criminals' hand, not to give law enforcements a hard time when they are trying to strike my name off the suspect list.

Bruh if they ask for passwords just delete and remove everything than providing that shit to those government stooges.

Looks well written and thorough.

There were a couple other cases like this (one in the UK IIRC): https://arstechnica.com/tech-policy/2020/02/man-who-refused-to-decrypt-hard-drives-is-free-after-four-years-in-jail/

The dissenting opinion was interesting, I wonder if this got kicked upstairs or did the prosecutors have other fish to fry.

Key Disclosure Law

within the united states your passwords are protected by the 5th amendment.

fyi at the border it's more of a grey area and they are trying to coerce and compel you to including some possible notion of holding the device for a week or so to inspect it before returning it. You still do not legally need give them the password or entry into the device.

keep in mind, fingerprints and other biometrics are not passwords and for a long time were not protected in the same way. In 2019 it was ruled in Cali to get the same protection, but I'm not sure how far that runs Link

From what I gather, judges usually rule key disclosure when the government already knows the information in the device and it's not for getting new evidence but making the evidence available to the court. In any case I don't think the cops can just lawfully request your key, like they can't search your house without a warrant on normal occasions. My question is what happens if you forgot your password for real? Is there any possibility for them to deny that you forgot it except rubber-hose cryptanalysis?

Source: https://en.wikipedia.org/wiki/Key_disclosure_law#United_States

In the USA i think they are free to take your stuff if you dont provide them the encryption password. But dont know for how long they can keep it...

I'd suggest

• A section for blocking internet access/trackers of apps w/ Netguard or Trackercontrol
• Adding Briar & Conversations to the texting section
• Maybe adding a link to using signal without giving out your phone number
• Mention of GrapheneOS

Otherwise seems good to me. Well done!

LOL of course they did.

just the common sense stuff adblock,password manager and a open source os or applications.

thats the way. also always think twice and give a small research time before joining any service. You can probably also benefit of a digital Detox.

I think setting up a pihole for them is a safe bet since they don't have to do anything. Other than that maybe a password manager with an add-on would be also low on convenience reduction. Or changing their browser to SecBrowser might be a good idea.