Ah, of course, blaming the victim. Totally not Boomerbook's fault that they force you to give your phone number. Seriously though, why those 533 million people won't move out of Facebook at this point? I bet fifth of the monthly active users switching to decentralized social networks, such as Friendi.ca, will have a quite big impact on this centralized not-social network.

I already use dns.watch . Doesn't block anything but everything is uncensored and they keep no logs so I kinda like it . But for my phone , your DNS would be useful ( kinda hard to get adblock on ios !) . And for your VPN , I just have some questions ( I actually use Mullvad , very good vpn btw) : Would you have P2P dedicated servers ? Do I need any personal informations to register ? What is one-month price ? Can I pay in cryptocurrencies or Cash ? Thanks for answering !

I have a feeling that this was done intentionally: to hide the fact they're integrating some weird crypto thing into their (not) private messenger. I mean, Monero already exists, so why not make people learn about that? Instead, they're asking for your phone number, and they probably do a million other things wrong. It's just awful.

So of course, they don't care about the phone number leak, which is the only thing in this leak that is not public. At least I'm not affected by this.

I personally use opennic for dns and mvps hosts for blocks, so I wouldn't need it. But keep up the good work.

Dumb ingscoc. The only way to "end" encryption is to pretend it doesn't exist, and bombard proles with artificial non-issues like covaids, so they wouldn't have chance to learn about it. Now they're basically advertising it, and pointing at corporate cocksuckers not to be trusted.

For all invidious instances , they are all listed here : invidio.us

And yes, I'm aware of a bug with this site (RAMBLE) and linking to my invidious install. It fails to fetch the thumbnail / description / favicon from the site/pages linked and spits out a 500 Internal Server Error. It does it with a couple other sites too, so it's something I'm looking into.

Lmao after he want us to use whatsapp or FB messanger

That is a terrible landing page which doesn't explain anything about the project and the picture comparisons are so tiny, they might as well not have bothered.

proud to be a virginian for the first time in a while.

Wasn't sure whether to post this in /f/privacy or /f/technology. Posted it here to discuss potential privacy implications since Israel is known to have a very close relationship with the NSA. The US even shares raw intelligence data with Israel that contains information about US citizens

https://www.haaretz.com/nsa-putting-israel-ahead-of-u-s-1.5248376

I hate instagram and the like. My gym posts updates on facebook and instagram. Every time I just want to figure out if their open or if anything changed it wants me to log in. I'm not giving my information to some evil company so I can just get status updates for a gym too small to justify hiring a web dev to keep their site up.

OMEMO[1]

[1]https://en.wikipedia.org/wiki/OMEMO

That's why I kept my old printer from the 1980s or so. Can only print black and white and no bullshit added. Though, these days, I rarely print. Maybe once a year.

I knew about metadata but this was new to me

The different sensitivities of the photosites creates a type of imperceptible image watermark. Although unintentional, it acts like a fingerprint, unique to your camera’s sensor, which is imprinted onto every photo you take. Much like snowflakes, no two imaging sensors are alike.

In the digital image forensics community, this sensor fingerprint is known as "photo response non-uniformity". And it's "difficult to remove even when one tries", says Jessica Fridrich of Binghamton University in New York state. It's inherent to the sensor, as opposed to measures, such as photo metadata, that are "intentionally implemented", she explains.

This is good to know too. I always suspected that printers had something like this.

When considering these privacy issues, we might draw parallels with another technology. Many colour printers add secret tracking dots to documents: virtually invisible yellow dots that reveal a printer's serial number, as well as the date and time a document was printed

I have heard that the Thinkpad X200 is a good laptop for people who want to install libreboot and disable the Intel Management Engine.

This is another article about the IME. It lists libreboot compatible computers

Despite all Intel's efforts to make the Management Engine inescapable, software developers have had some success with preventing it from loading code. For instance, the Libreboot project disables the Management Engine by removing all the code that the Management Engine is supposed to load on some Thinkpad computers manufactured in 2008, including the R400, T400, T400s, T500, W500, X200, X200s, and X200T.

Also, many Intel computers manufactured in 2006 have the ancestor of the Management Engine which is disabled from the start, such as the Lenovo Thinkpads X60, X60s, X60 Tablet and T60, and many more.

https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom

You know, I generally don't like the whole "throw the book at the hacker" mentality the legal system has sometimes, in this case, the prison time is due to the financial fraud component of this. He hacked those accounts... To trick people into giving him bitcoin. I'm ok with the years for that. His life isn't ruined.

Well, it has been previously blocked in Iran as well, so I think we can expect additional TLS proxies set up to avoid censorship. Or maybe you will be able to use existing TLS proxies, I don't know.

By the way, why did no one learn that centralized instant messaging apps can easily be blocked in this world of censorship? I really don't understand.

I recommend XMPP than Signal, especially for Chinese people. I think XMPP's main features are anyone can select from many servers and it have easy to use End-to-End Encryption implementation.

"Is Jabber accessible from China?" - reddit
libreddit. (webproxy frontend for reddit) URLs: clearnet, Tor

I'm in China and can access many XMPP servers, e.g. xmpp.jp, swissjabber.ch, chinwag.im, yax.im, disroot.org, member.fsf.org.

From what I understand about China's GFW, and I am American so no direct experience, it'll work at the beginning if you use TLS. Maybe not STARTTLS?

However, I do know that all VPNs will eventually stop working, forcing you to switch IP or protocol - the GFW has some basic machine learning. If all you do is connect to a specific IP, it'll start throttling connections to said address. It may do the same if it can't scrutinize the encrypted Jabber connection.

The bigger issue is that Jabber is still more complex to set up securely. That's probably why it doesn't have as much mindshare. Given that reputation, and the state of clients across platforms not all implementing the same features (not even equally well), it's harder to convince someone to deal with all of the headaches involved.

I actually had a plane get delayed in Shanghai, and I had no phone plan so the internet was my only option for communication back to the US. Couldn't use Facebook or Instagram. Forget Gmail, because even the Google homepage couldn't be accessed there. Hotmail said it delivered, but I found out the message didn't get received until about 3 weeks AFTER I arrived back in the US. Jabber was the only thing that DID actually work.

By comment on "Signal's open sourced server code hasn't been updated for over a year. Should we be concerned?"

Well, while open source does not mean it's secure, this is still a weird thing to do.

I would simply recommend to stop using Signal and start using XMPP with OMEMO encryption, since this is the gold standard of instant messengers, at least for me. You should especially stop using Signal because it requires your phone number, which immediately disqualifies it for a private messenger.

I'd like to point out that the "A Hacker Got All My Texts for $16" is clickbait. wow, as if that never existed

But yes, stop using insecure SMS. Start using XMPP with OMEMO encryption.

This site uses Clownflare (clear net only), visit it in archive.org (clear net only) instead.

TL;DR: the "safest apps" are the most dangerous apps, including Etsy.

---

Now, I don't care about most of the article - we all know big corpos collect as much of our data as possible. I care about the so called "safest apps", while in reality, they're dangerous.

They're also saying that:

Even with video calling service Zoom’s conferencing flaw from last year, it managed to crack the top 10.

Well, what are you doing, Komando? Defending Zoom? This piece of rubbish? And what about the "safest apps"?

• Signal and Telegram - they require your phone number. You really claim to be private with this?
• Clubhouse - this app is kind of obscure to me, and I can't even visit their Clownflared website because Wayback Machine doesn't like its JavaScript (so no reading their privacy policy there - although, I obviously know that Clownflare will collect your data from the shadows), but what if I check their App Store listing (clear net only), what do I see there? Contact info, identifiers, contacts, usage data, user content, diagnostics? And you call it private, Komando?
• Netflix - this attempts to enslave you with Digital Restrictions Management. Obviously, those are only attempts, and I refuse its usage. I hope you are doing this too.
• Teams and Skype - they're owned by Microsoft, and Skype works with the PRISM and also used to redirect Chinese people to an even more censoring version of Skype. Next!
• Classroom and Shazam - owned by big corpos. Google and Apple, respectively.
• Boohoo - Uses Clownflare. Good luck trying to make me think you're private with a MITM attacking me, boo hoo.

So it doesn't look great at all. But wait, I skipped Etsy. Why? Well, here goes a long section about it.

Let's see what the situation with Etsy is, in terms of privacy:

• Tor support - no onion domain, but it looks like you can log in without getting your account terminated. Not sure about registration or shopping, though.
• Monero acceptance - no cryptocurrency to select in the bottom left corner, or anywhere else.
• No personal data required for registration - obviously requires your e-mail address and password, but also your first name, but it's not that tragic.
• Compatibility with established standards - Etsy doesn't have OpenSearch, but you can use the Mycroft Project search engine plug-in (clear net only) if you use a web browser derived from Firefox, like LibreWolf. You can't receive e-mail notifications encrypted with PGP, though.
• No Cloudflare - obviously, if it had Clownflare, BCMA would automatically redirect to an archived version of the website, and I would say to bail immediately.
• As little downtime as possible - not a privacy issue, but it's still important. It doesn't look like Etsy has much downtimes, really.

So, by looking at those points alone, Etsy seems to be okay. But what about the privacy policy? Let's see another six points:

• IP addresses - paragraph two, point three, says that it will receive them from your web browser, mobile app, and Internet of Things (a thing you can give up). There is no duration on how long they are stored.
• Content data - paragraph two, point six, says it stores your location to "improve" search results. So probably not storing search results itself, but there is still no duration on how long the location is stored.
• System info - paragraph two, point three, says Etsy will store your device-specific information such as the operating system, with no duration attached.
• Metadata - there doesn't seem to be a mention of it. However, looking at all of the other points, it's likely it is collected.
• Interaction data - paragraph two, point four, says the information collected from their vendors and suppliers includes customer service interactions. You should know what duration is attached by now.
• Third party sharing - paragraph two, point eight, says that your information will be shared to third parties like Twitter. Only if you actually connect your accounts, I guess, but still.

So, no, it doesn't look great at all. Bail.

Use Session?

surprised twitter doesn't collect tons of data, especially if you configure your settings properly.

This news site uses Clownflare (clear net only), view it with archive.org (clear net only) or archive.is (.fo clear net mirror, .li clear net mirror, .md clear net mirror, .ph clear net mirror, Tor v2 mirror, Tor v3 mirror) instead.

Also, I have a feeling that even if Goolag phases out third-party cookies (which are mentioned in this article), they're still going to track their users, even across sites. I mean, do you really think third-party cookies is the only thing tracking you? Yes, they are responsible for most tracking, along with third-party scripts (that's why I should learn uMatrix...), but first-party scripts and cookies can also collect your data. Do I really need to also mention the fact Goolag Hrom is the most used browser in the world, and it's also filled with spyware?