I posted a rant about wireless earbuds recently. I never quite understood the appeal.

Both of their websites are Clownflared and both have cryptocurrency of some sort (Session uses the blockchain for messaging, Status allows sending transactions in a message), not everyone might like that, especially with Session, since you can't technically delete your message after sending...

Session

Status

The phone number requirement is a problem, but the fact that it's from USA is not. E-mail especially suffers from this.. How about those IM?

• Threema requires paying 3.99 CHF (3.69 EUR, 4.34 USD), but at least you can pay with Bitcoin (but not Monero).
• Wired can't be used with the Tor Browser because it blocks local storage, but maybe you can use Pale Moon with Proxy Privacy Ruler and the domain set to proxy through Tor? You can't pay for the Pro/Enterprise account with a cryptocurrency, but at least a phone number is not required in any case. It also doesn't use Clownflare, but I'm not sure about downtimes.
• Wickr has been acquired by Amazon, so that doesn't sound good... but at least Tor works, I think. I have no idea if you can pay with a cryptocurrency, though, but it's not required. It doesn't have Clownflare and it didn't go down since last 90 days.
• Jami is probably better to use over Tor, considering it's P2P, so your IP could be seen. There's no payment or personal data required. The website doesn't have Clownflare and there's no downtime because it's P2P.

Maybe I'd need to analyze these apps more (including paying for Threema, but who uses it?), but I think Jami would be the best from these.

The original is actually at Luke's Videos PeerTube instance, the Based PeerTube instance is simply playing the video from that instance, which is kind of annoying when using uMatrix, but at least youtube-dl still works, which is what matters the most.

As for the shutting down message, I have already prepared for it and saved metadata from all of its local videos I could find with the sitemap.xml (which looks like it only includes 1624 out of 1640 videos? Also, when downloading a deleted video, the description and the JSON info gets downloaded, the video doesn't, and the thumbnail does, but really it downloads the error about turned off JavaScript). I haven't downloaded the videos because I don't have 543.8 GB of storage left, only 177 GB, besides, the Internet Archive (where I want to upload the metadata) probably wouldn't like the videos.

I think that proposing XMPP as an alternative isn't bad if you tell people to enable OMEMO because I think pretty much every XMPP client allows it, even if it requires installing a plugin. But yes, even with that, there's a problem with lack of usage, same with VoIP, social, or other things like that, so obviously, good luck trying to escape the Boomerbook botnet or that Macroshit Tease thing.

Use "Conversations" (via F Droid) on Android and use some random free XMPP Server to register at. As far as i've seen OMEMO is on by default. And the client is smooth and simple. Pretty much like Threema. You could obviously also host your own Server or even host it partially or entirely on i2p. Unfortunately most are now either stuck with Telegram or refuse to leave or use anything other than their Whatsapp in the first place.

The ability to create multiple accounts for free might win over some people to XMPP tho.

I think they need more development I tried Jami but it was too bad for me to use I am not in USA so I think Signal will do the trick for me but you got a point

Video shows this banner at the top so not sure if that is going to be there soon?

"Instance has been shadow banned and delisted from PeerTube network. Will be shutting down in shame shortly"

Actually proposing XMPP though as an alternative is just as bad, as by default XMPP does not have OMEMO or other E2EE on by default. Telegram is one of the few mainstream messengers though that does let you hide your phone number from all other users. My reality is that although I'm on many networks such as Threema, Wickr Me, XMPP, IRC, etc I only have one or two of my real life friends / family there...

Signal requires our phone numbers to register and is in the USA. Threema, Wired, Wickr Me, and Jami are probably better.

Use Signal Instead

https://protonmail.com/blog/cryptographic-architecture-response/ https://eprint.iacr.org/2018/1121.pdf https://protonmail.com/blog/protonmail-has-raised-2m-usd-to-protect-online-privacy/ https://protonmail.com/privacy-policy https://protonmail.com/support/knowledge-base/protonmail-israel-radware/ https://cryptome.org/2015/11/protonmail-ddos.htm https://techcrunch.com/2018/09/06/protonmail-names-one-of-the-attackers-behind-a-major-ddos-this-summer

That does not look like the correct link to the source? It is posts about the Tor Project standing up with rights of the LGBTQIA+ community. Where is the reference to any paedophile community? They're standing up for pride and privacy, which is a good thing for freedoms.

Perhaps regional geo-blocking through a CDN like Cloudflare, or whoever it is they use. Just a guess.

Very illuminating. Great research. Time to leave ProtonMail I think. The immediate alternatives aren't that great.

Tutanota I've had massive problems with them in the past. I've actually lost accounts there because of their so called 2FA security, the Belgian company Mailfence appears to be security-oriented but it comes at a small nominal cost. What about Rise Up? that is if you can get an account there.

Are there say three or four links you can give to us? I fully realise they have to permanently scan for a face to keep the screen alive, to unlock, etc but sounds like you have some evidence in links about them actually storing and using those photos elsewhere, in other words zero of it is AI present on the device?

Are there say three or four links you can give to us? I fully realise they have to permanently scan for a face to keep the screen alive, to unlock, etc but sounds like you have some evidence in links about them actually storing and using those photos elsewhere, in other words zero of it is AI present on the device?

Many people were listed with this, but what does it actually tell us? He may have been a target, we are not even sure if his phone was actually penetrated, and whether they found Telegram's secret description key? It seems really all conjecture at this point until we know anything definate?

Telegram is supposedly not in the business of selling user data or metadata (no hint of evidence to that effect yet) and does at least allow you to hide your phone number from all contacts. Problem is mainstream users only otherwise use WhatsApp (knowingly leaks metadata inc location to Facebook whom we all know about with their dropped balls on user privacy and advertising), and Signal which requires a phone number to register, it can't be hidden, and is hosted in the USA.

Again we sit with the problem, which is the lesser of all evils that mainstream users actually 'can' use?

Exactly the same question I was thinking, and looking forward to the answer. I know of Tutanota but what's the point of doing a massive mail migration, only to find that Tutanota is worse than ProtonMail.

You can use your own OpenPGP key with Gmail (then Google cannot see the content) but 99% of your contacts receiving it (inc businesses etc), are clueless how to decrypt it.

I will post some links with helpful information but some of it might be flawed.

It also depends of what you want to do, some need security, others need anonymity while others need invisibility.

https://reclaimthenet.org

https://restoreprivacy.com

https://www.privacytools.io

https://prism-break.org/en/

https://freedom.press/training/

https://epic.org/privacy/tools.html

https://www.eff.org/issues/privacy

https://choosetoencrypt.com/category/privacy/

https://v2.incogtube.com/watch?v=S4E4yAktjug

https://www.deepwebsiteslinks.com/best-privacy-tools/

The question is, then, who do you trust for secure email? Is email, by design, inherently 'bad' or 'flawed'?

What options does your average Joe have, outside of setting up his own mail server, and expecting his contacts to use PGP Encryption, which, may or may not be crackable by the big agencies.

Protonmail’s False Claim List

Lie: “Protonmail obeys the law”

In 2017 Protonmail seems to have used illegal cyber warfare capabilities to unlawfully break into a suspected phishing server. You can see the tweet and read about it here. They soon deleted the tweet and said: “We cannot confirm nor deny if anything happened.” In 2013 the European Union parliament voted to make hacking a crime that carried a prison sentence of 2 years. “Hacking back” is also illegal under Swiss law.

Lie : Protonmail offers “Zero Access” or “End to End Encryption”

A professor who teaches computer science and cryptography Nadim Kobeissi proved that Protonmail does not provide End to End Encryption. Protonmail has since publicly acknowledged that they can decrypt anyone’s encrypted content by obtaining their password/passphrase.

Lie: Protonmail protects free speech

Protonmail has stated on Reddit that they are “controlled by the politics of the community that dominates the ProtonMail userbase”. So if a majority of their users wanted to ban an innocent minority group, Protonmail has stated they would “yield to community pressure” and ban all those users from their platform even if their terms of service are not broken. So Protonmail protects free speech as long as it agrees with the majority of their users. Protonmail is not safe for any minority group including Jews, activists or missionaries. If Protonmail has a majority group ask them to ban a minority group of users then Protonmail has stated explicitly that they will do it even if no terms of service are broken. Read Protonmail’s statements here.

Lie: “Protonmail is open source code.”

Their front end code is open source. Their back end code and mobile code is kept private. This can be confirmed by reviewing their open-source code here

Lie: “By default, we do not keep any IP logs”

Protonmail’s Privacy Policy States: “This includes, the sender & receivers, the IP addresses were emails originated from, message subject, messages sent & received times, storage space, total emails and login times.” Protonmail is also legally required to store all users data for 6 months in Switzerland.

Lie: ProtonMail does not require any personally identifiable information to register.

If a user tries to signup without personal information, via VPN or TOR, they detect it and require a “donation” with a credit/debit card or a confirmation with your personal phone.

Lie: “When a ProtonMail account is closed, data and emails are immediately deleted from production servers”

By Swiss law, Protonmail is required to record all data for 6 months. When a user deletes an email, the email and all meta-data must legally be retained for 6 months

Protonmail Claims to be “Independently Audited”.

There is only 1 company listed as conducting an Audit of Protonmail, Cyberkov.com. Cyberkov’s website says it’s connected to Harvard, MIT & CERN. And their team is full of Harvard and MIT grads, exactly like Protonmail. So Protonmail’s audit was probably done by Protonmail’s college friends or colleagues. Protonmail also shows a list of people who’ve audited their code, but anyone can email Protonmail to add their name to the list. Years later Professor Kobeissi did a real independent audit and proved Protonmail doesn’t provide “end to end encryption Privacy Watchdog

https://privacy-watchdog.io/protonmails-false-claims/

HAHAHAHAHAHHAHAHHAHAHAHA imagine trusting webp, a bullshit “standard” created by Google.

I'm already using that one for a long time, since webp generally sucks. But it only works if there's a choice between webp and jpg, if there is no choice, I'll get to see webp.

no time to go through all solutions, but this plugin from 12 months ago should do the trick at a perfect brute force way, but I dont know if a bad actor can use browser fingerprint to shove it in anyway.

https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/

This extension monitors and edits request headers using the onBeforeSendHeaders API

TRY THAT PLUGIN.

If it works, vile web sites like youtube should show blank white squares for video previews.

many http web development tools including free ones, can do ANYTHING with any data sent or received from firefox and have persistent scripts. "ModHeader" is one fun one.

I don't even have image.http.accept and network.http.accept.default in my about:config for FF90.