BlackWinnerYoshi

BlackWinnerYoshi said ()

Reply to comment by RAMBLE1 in Don't Use Telegram. by Hitler_Was_Right

Both of their websites are Clownflared and both have cryptocurrency of some sort (Session uses the blockchain for messaging, Status allows sending transactions in a message), not everyone might like that, especially with Session, since you can't technically delete your message after sending...

3

BlackWinnerYoshi said ()

The phone number requirement is a problem, but the fact that it's from USA is not. E-mail especially suffers from this.. How about those IM?

  • Threema requires paying 3.99 CHF (3.69 EUR, 4.34 USD), but at least you can pay with Bitcoin (but not Monero).
  • Wired can't be used with the Tor Browser because it blocks local storage, but maybe you can use Pale Moon with Proxy Privacy Ruler and the domain set to proxy through Tor? You can't pay for the Pro/Enterprise account with a cryptocurrency, but at least a phone number is not required in any case. It also doesn't use Clownflare, but I'm not sure about downtimes.
  • Wickr has been acquired by Amazon, so that doesn't sound good... but at least Tor works, I think. I have no idea if you can pay with a cryptocurrency, though, but it's not required. It doesn't have Clownflare and it didn't go down since last 90 days.
  • Jami is probably better to use over Tor, considering it's P2P, so your IP could be seen. There's no payment or personal data required. The website doesn't have Clownflare and there's no downtime because it's P2P.

Maybe I'd need to analyze these apps more (including paying for Threema, but who uses it?), but I think Jami would be the best from these.

3

BlackWinnerYoshi said ()

The original is actually at Luke's Videos PeerTube instance, the Based PeerTube instance is simply playing the video from that instance, which is kind of annoying when using uMatrix, but at least youtube-dl still works, which is what matters the most.

As for the shutting down message, I have already prepared for it and saved metadata from all of its local videos I could find with the sitemap.xml (which looks like it only includes 1624 out of 1640 videos? Also, when downloading a deleted video, the description and the JSON info gets downloaded, the video doesn't, and the thumbnail does, but really it downloads the error about turned off JavaScript). I haven't downloaded the videos because I don't have 543.8 GB of storage left, only 177 GB, besides, the Internet Archive (where I want to upload the metadata) probably wouldn't like the videos.

I think that proposing XMPP as an alternative isn't bad if you tell people to enable OMEMO because I think pretty much every XMPP client allows it, even if it requires installing a plugin. But yes, even with that, there's a problem with lack of usage, same with VoIP, social, or other things like that, so obviously, good luck trying to escape the Boomerbook botnet or that Macroshit Tease thing.

2

BlackWinnerYoshi said ()

You would have to make the browser engine run through the Tor proxy (socks5://127.0.0.1:9050), including DNS requests to resolve onions. But why no one forked Tor? It's probably because Firefox and its Gecko browser engine aren't dead yet, but it might be in the future, so it's probably a good idea to use Pale Moon as a replacement, especially with the Proxy Privacy Ruler, which allows for applying the proxy only for private windows and/or certain domains. But they'll probably not do that and just accept to use Chromium and its Blink browser engine (I mean, Pale Moon is bad... but it's still better than what Chromium is trying to do).

3

BlackWinnerYoshi said ()

I don't even change my user agent most of the time, so it just equals to what my browser is, but pretending to be Windows 10 while I actually have Windows 7, so it is Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 currently (this is what LibreWolf does by default, btw).

So anyway, the only time the user agent differs from the defaults is when I want to enable a desktop version on mobile and when I want to bypass getting user agent blocked because I'm using Wget, so I usually just empty it (or set it to a browser user agent because it also gets blocked).

Also, since I block third party scripts with uMatrix by default, there's not much point to constantly changing the user agent because the trackers won't see it anyway.

1

BlackWinnerYoshi said () (edited )

This comment is probably the longest thing I wrote on [RAMBLE], maybe the longest from all users, but the TL;DR: use LibreWolf, since it has the tweaks recommended, and install some addons, especially uMatrix, WebRTC Control, LocalCDN. And others listed on the essentials privacy addons. Besides searX, you can use MetaGer and YaCy for search results from independent indexes. I really hope this summary is enough, since this entire thing is 8 000 characters long if you render it in plain text as UTF-8. Can you imagine it took me several hours to write this? Well, mostly because I was also distracted with other things, oh well, I guess enjoy the reading, or don't, just skip past it if you want


As burnerben said, you should use LibreWolf instead of hardening Firefox, especially since arkenfox' user.js doesn't disable all connections, which werwolf proves themselves by showing what you can tweak in about:config. Sure, LibreWolf enables autoupdating uBlock Origin lists by default and it relies on the evil Mozilla, but it's still the best Firefox fork if you really need one. Anyway, let's skip the entire profile nonsense and move to search engines.

They recommend searX, which I think is a good choice, especially after they released version 1.0.0 — but it does rely on Google and other search engines, which might bother some. It does, however, support searching with Mojeek and Wiby, which have fully independent indexes, although with weak results, so it's probably a good idea to enable those and whatever else you want. What about the other, less recommended options?

  • MetaGer: not sure if I can count it as a metasearch engine, since, unlike searX, you don't get 70+ search engines, you only get four: Scopia (which is their index, and of course, it has weak results — but DuckDuckGo also has its own), Bing (like DuckDuckGo, but they also use yahoo*!*), and One News Page for both text and video (why are there two of them, especially since they're also in the News/Politics category?). That's just the Web category, of course, there's also Pictures (which exclusively uses Bing), Shopping (like how Pictures uses only one search engine, this one uses Kelkoo, which looks like it's useless), and News/Politics, but it's still nothing compared to searX. Also, I'm not sure if it's preferable over DuckDuckGo, since they: don't require JavaScreep, partially use their own indexes, have onion domains, store IP addresses, have somewhat good results, and don't share data with third parties.
  • DuckDuckGo: if you don't trust DuckDuckGo, why do you list it? Actually, whatever, if you do want to use it, use the Lite version, as shown here.
  • Qwant: is it actually private? Well, Qwant's privacy policy says that, besides the queries, it stores a “salted hash of the user’s IP address” and “the User Agent” for a week. Obviously, I remember that the only anonymous data is no data (yes, it is from DuckDuckGo, but you get my point), but it's still probably better than other search engines. Also, note the freetardist “non-free” notice because I don't know why would you want to say that otherwise, lol.
  • Mojeek: I already mentioned it has an independent index, and it neither stores your IP address nor shares it with third parties. But again, there's that stupid “non-free” notice, even though it doesn't matter at all.
  • YaCy: I think this one might be even better than Mojeek and Wiby combined, considering everyone can contribute, but I have no idea how do they compare.

Should you use any of those? Well, maybe MetaGer if you want its Scopia index and YaCy for P2P index, since the rest can be used with searX.

Now let's see their recommended addons:

  • uBlock Origin: I think that uMatrix (which is mentioned, along with NoScript, but I don't recommend that because it's malicious and dishonest and it doesn't allow blocking other than global) is better because, by default, it relies on blocking entire classes instead of lists that need to be constantly updated. Also, it has well configured rules. Although, it only does basic content blocking, which might be an issue on sites like YouTube, where the scripts to load videos and ads are on the same site. So if you have to rely on them, it's probably a good idea to get uBlock Origin too, or Disconnect as an alternative.
  • LocalCDN: like uMatrix, LocalCDN is an essential privacy addon, which supports more CDNs than Decentraleyes.
  • Password manager choices: bitwarden looks like a pretty good choice, but the problem is that they have premium membership, which, if you don't have it, locks out options like TOTP, which aren't considered essential here, for some reason. Luckily, the community came to help and made vaultwarden, which doesn't have that. If you want an instance, LavaTech has one. But if you don't want to store passwords online, KeePassXC is probably a good option too, along with Syncthing if you have multiple devices. I don't recommend pass because it requires a terminal, which is ridiculous.

That's the essentials considered by them, but I think WebRTC Control should be there too, especially for those changing IP addresses, since WebRTC reveals your real one, even with Tor over VPN. Sure, the about:config tweaks do suggest disabling it, but those two settings might not be enough. What about other addons?

  • Cookie AutoDelete: I think that first party isolation and disabling tracking cookies should be mostly enough, and you could be fingerprinted if you have many addons.
  • ClearURLs: not only UTM tracks, but it's also annoying, so definitely get it. Although, I didn't notice any breakage from that addon back when I used it.
  • Temporary Containers: this thing is just a fake initiative, and it's outclassed by uMatrix.
  • ETag Stoppa: ETags are useless anyway, so get rid of them.
  • CanvasBlocker: this one did break sites for me, but it's still useful if you need third party JavaScreep, which is what uMatrix blocks by default.
  • xBrowserSync: like how you shouldn't sync passwords with Firefox Sync, you shouldn't sync your bookmarks with that too, so use this addon instead!
  • AdNauseam: if you want to use sites like YouTube and tick off ad networks, use this along with uMatrix and hopefully, we'll destroy the cancer!
  • Privacy Redirect: a better idea would be to use Redirector and set up regex rules for redirection, which makes it superior to that because you can add other sites too.

Also, I recommend checking the essentials privacy addons to see other useful addons.

Just to end this long comment, let me talk about the buttons below for a bit. FreeBSD is, well, probably better in website hosting because it has better security practises, unlike Linux. Discord is bad, and it's good they're promoting the Online Spyware Watchdog. No idea why they don't like the <blink> HTML element, I never used it. There's this “The Bible is an Anarchist Manifesto” thing that's controversial, apparently, and this comparison of Goolag Hrom and Internet Exploder is actually funny, and… oh no, the Vim editor (remember what I said about pass?). About Mastodon… why not just not use social media and connect to people directly instead? The last button is just promoting itself as a project “which tries to mimic the 80s multi users unix machines”. That's all.

3

BlackWinnerYoshi said ()

To be honest, if you have an account on a just breached site and your data didn't got leaked, it's probably a good idea to change it anyway. I still use these kinds of tools, though, but mostly because I used to make accounts on lots of services, forget about them, then get reminded again by a breach, then I usually just download whatever data I had, if any, then remove the account and forget about services for however long. The shock when I found out I got my data leaked because of the Armor Games breach...

1

BlackWinnerYoshi said ()

I watched both the CringeTok and browsed the PDF, there's literally nothing mentioned about facial expressions. But hey, iPhones are still shit, so let's just not buy them, that's the only solution for now.

0