Recent comments in /f/privacy

liminal said ()

The fact that I prefer to use monero to move my funds doesn't imply that I wouldn't support laws mandating a more privacy-respecting way of making bank transfers. Even if I don't support companies marketing virtual assistants, I'm not immune to surveillance through Amazon devices.

Free market doesn't exist, the money always flow from the government, they get to decide who gets the bigger slice of the pie, and then cut a little space where people who don't know better can gamble their life away. Next time you are gonna tell me communism has nothing to do with the Soviet Union and maoist China, because that's not how it was supposed to work? These are ghosts from the past wich for some reason still haunt many people.

The state is evil, the market is evil, we must contain them both. When people will start to value real privacy, it will be too late. Right now Apple is plastering cities with commercials advertising the privacy granted by their phones, this is their main slogan: "privacy, that's iphone". After all these years, we are at this point, companies are selling the illusion of privacy, that's the kind of progress the market has brought us.

Who cares if people will start looking for real privacy, if when they'll do big companies will have already ammassed decades of data of any kind, do you think that won't be enough to control and debase billion of lives? It's not like they don't have enough already, they just need to get better at extracting value from it.

I said what would be the least we should expect, if you prefer to accept this state of affairs, until the masses won't start suddenly caring, I guess you are settling for even less than me.


liminal said ()

the guy who tapes you in the shower

So the carmakers? According to the article you agree to this kind of surveillance whenever you buy a modern cars, that's fucked up.

On another note, I think the least lawmakers should do is come up with a very strict definition of what constitutes "anonymized data", since that's another expressions that gets used to justify this kind of stuff.


Wingless said ()

This is even worse than I expected. And the "solutions" are the classic BULLSHIT they feed us - "privacy" by means of not giving the data to people who don't pay money for it! ARE YOU KIDDING ME?

In order for a car to be driveable:


I added (c) because hell, there has to be an "anonymized" set of voice recordings for downloading from the same crooked auto manufacturers that set up this spy data sale!

Any company involved in PROVIDING the data resold by Otonomo needs to be named, shamed, boycotted, and obliterated. Maybe I can scrounge up an old Yugo instead, made in a free country. Otonomo isn't the problem, they're practically Chelsea Manning here. The problem is the guy who tapes you in the shower, not the one who shows you what he found on the online forum.


BlackWinnerYoshi said () (edited )

This comment is probably the longest thing I wrote on [RAMBLE], maybe the longest from all users, but the TL;DR: use LibreWolf, since it has the tweaks recommended, and install some addons, especially uMatrix, WebRTC Control, LocalCDN. And others listed on the essentials privacy addons. Besides searX, you can use MetaGer and YaCy for search results from independent indexes. I really hope this summary is enough, since this entire thing is 8 000 characters long if you render it in plain text as UTF-8. Can you imagine it took me several hours to write this? Well, mostly because I was also distracted with other things, oh well, I guess enjoy the reading, or don't, just skip past it if you want

As burnerben said, you should use LibreWolf instead of hardening Firefox, especially since arkenfox' user.js doesn't disable all connections, which werwolf proves themselves by showing what you can tweak in about:config. Sure, LibreWolf enables autoupdating uBlock Origin lists by default and it relies on the evil Mozilla, but it's still the best Firefox fork if you really need one. Anyway, let's skip the entire profile nonsense and move to search engines.

They recommend searX, which I think is a good choice, especially after they released version 1.0.0 — but it does rely on Google and other search engines, which might bother some. It does, however, support searching with Mojeek and Wiby, which have fully independent indexes, although with weak results, so it's probably a good idea to enable those and whatever else you want. What about the other, less recommended options?

  • MetaGer: not sure if I can count it as a metasearch engine, since, unlike searX, you don't get 70+ search engines, you only get four: Scopia (which is their index, and of course, it has weak results — but DuckDuckGo also has its own), Bing (like DuckDuckGo, but they also use yahoo*!*), and One News Page for both text and video (why are there two of them, especially since they're also in the News/Politics category?). That's just the Web category, of course, there's also Pictures (which exclusively uses Bing), Shopping (like how Pictures uses only one search engine, this one uses Kelkoo, which looks like it's useless), and News/Politics, but it's still nothing compared to searX. Also, I'm not sure if it's preferable over DuckDuckGo, since they: don't require JavaScreep, partially use their own indexes, have onion domains, store IP addresses, have somewhat good results, and don't share data with third parties.
  • DuckDuckGo: if you don't trust DuckDuckGo, why do you list it? Actually, whatever, if you do want to use it, use the Lite version, as shown here.
  • Qwant: is it actually private? Well, Qwant's privacy policy says that, besides the queries, it stores a “salted hash of the user’s IP address” and “the User Agent” for a week. Obviously, I remember that the only anonymous data is no data (yes, it is from DuckDuckGo, but you get my point), but it's still probably better than other search engines. Also, note the freetardist “non-free” notice because I don't know why would you want to say that otherwise, lol.
  • Mojeek: I already mentioned it has an independent index, and it neither stores your IP address nor shares it with third parties. But again, there's that stupid “non-free” notice, even though it doesn't matter at all.
  • YaCy: I think this one might be even better than Mojeek and Wiby combined, considering everyone can contribute, but I have no idea how do they compare.

Should you use any of those? Well, maybe MetaGer if you want its Scopia index and YaCy for P2P index, since the rest can be used with searX.

Now let's see their recommended addons:

  • uBlock Origin: I think that uMatrix (which is mentioned, along with NoScript, but I don't recommend that because it's malicious and dishonest and it doesn't allow blocking other than global) is better because, by default, it relies on blocking entire classes instead of lists that need to be constantly updated. Also, it has well configured rules. Although, it only does basic content blocking, which might be an issue on sites like YouTube, where the scripts to load videos and ads are on the same site. So if you have to rely on them, it's probably a good idea to get uBlock Origin too, or Disconnect as an alternative.
  • LocalCDN: like uMatrix, LocalCDN is an essential privacy addon, which supports more CDNs than Decentraleyes.
  • Password manager choices: bitwarden looks like a pretty good choice, but the problem is that they have premium membership, which, if you don't have it, locks out options like TOTP, which aren't considered essential here, for some reason. Luckily, the community came to help and made vaultwarden, which doesn't have that. If you want an instance, LavaTech has one. But if you don't want to store passwords online, KeePassXC is probably a good option too, along with Syncthing if you have multiple devices. I don't recommend pass because it requires a terminal, which is ridiculous.

That's the essentials considered by them, but I think WebRTC Control should be there too, especially for those changing IP addresses, since WebRTC reveals your real one, even with Tor over VPN. Sure, the about:config tweaks do suggest disabling it, but those two settings might not be enough. What about other addons?

  • Cookie AutoDelete: I think that first party isolation and disabling tracking cookies should be mostly enough, and you could be fingerprinted if you have many addons.
  • ClearURLs: not only UTM tracks, but it's also annoying, so definitely get it. Although, I didn't notice any breakage from that addon back when I used it.
  • Temporary Containers: this thing is just a fake initiative, and it's outclassed by uMatrix.
  • ETag Stoppa: ETags are useless anyway, so get rid of them.
  • CanvasBlocker: this one did break sites for me, but it's still useful if you need third party JavaScreep, which is what uMatrix blocks by default.
  • xBrowserSync: like how you shouldn't sync passwords with Firefox Sync, you shouldn't sync your bookmarks with that too, so use this addon instead!
  • AdNauseam: if you want to use sites like YouTube and tick off ad networks, use this along with uMatrix and hopefully, we'll destroy the cancer!
  • Privacy Redirect: a better idea would be to use Redirector and set up regex rules for redirection, which makes it superior to that because you can add other sites too.

Also, I recommend checking the essentials privacy addons to see other useful addons.

Just to end this long comment, let me talk about the buttons below for a bit. FreeBSD is, well, probably better in website hosting because it has better security practises, unlike Linux. Discord is bad, and it's good they're promoting the Online Spyware Watchdog. No idea why they don't like the <blink> HTML element, I never used it. There's this “The Bible is an Anarchist Manifesto” thing that's controversial, apparently, and this comparison of Goolag Hrom and Internet Exploder is actually funny, and… oh no, the Vim editor (remember what I said about pass?). About Mastodon… why not just not use social media and connect to people directly instead? The last button is just promoting itself as a project “which tries to mimic the 80s multi users unix machines”. That's all.


BlackWinnerYoshi said ()

To be honest, if you have an account on a just breached site and your data didn't got leaked, it's probably a good idea to change it anyway. I still use these kinds of tools, though, but mostly because I used to make accounts on lots of services, forget about them, then get reminded again by a breach, then I usually just download whatever data I had, if any, then remove the account and forget about services for however long. The shock when I found out I got my data leaked because of the Armor Games breach...


dontvisitmyintentions said ()

I had not heard of that LocalCDN fork of DecentralEyes, and I'm going to try it out. Also prefs list is short and useful. Nice. Usually these Firefox guides are so big and outdated that they're hard to find the good stuff in them.


liminal said () (edited )

It's interesting because, from what I gather, in Germany they have the same rule regarding telecommunication providers as in Switzerland, but different interpretations of it or - more precisely - of what constitutes a telecommunication provider. Maybe it's true that Switzerland is still a decent model when it comes to privacy.


Wahaha said ()

It's not something usable on random criminals. In a sense it is do-not-care. If what was possible would be used for everything, everyone would be more or less aware, making it much less useful. Like the heart attack gun the CIA has since the 1960s. It's used sparingly enough for most people to not even know that it exists. (It's basically an untraceable killing method with a disintegrating projectile that induces a heart attack int he victim.)

What you describe isn't something the people with access to the good stuff would be even aware of, I believe. Too insignificant to reveal their hand.


BlackWinnerYoshi said ()

Bromite is only for Android, but I guess Android web browsers are missed when mentioning FLoC. Also, from what I see, CalyxOS build of Chromium either has FLoC disabled by default (and it is on version 89, by the way) or I haven't been FLoC'd. Actually, since I disabled third-party cookies, I can't be FLoC'd. And also, it doesn't look like the Calyx Institute mentioned FLoC and whenever they disabled it in their build of Chromium.


ngmm said ()

At one point they started serving unsolvable captchas like google, fortunately they soon quit that fuckery and now it seems to work consistently.

It's still annoying as hell because tons of retarded webmasters block read access from Tor with Cloudflare cancer and thus also hCaptcha.

Though IMO captchas are not a fundamentally bad idea for blocking robots from having write access to a service, not malicious humans. They're just overused by idiots who have no fucking clue about what they're doing, which is mainly why half of the modern web is completely unusable on Tor. (There's also the minority which knows exactly what they're doing, aka Google.)