Arthur Besse
link
fedilink
72M

Headline: “all trackers”

First sentence: “most third-party trackers”

I already had this website flagged in my memory as being full of shit, and this headline is another datapoint supporting that conclusion. Their recommendations are more bad than good; I mean, they recommend things like NordVPN and Signal and Threema among lots of other garbage. Their mission page says “No paid rankings, paid content, or paid linking schemes” and “We follow standard webmaster guidelines and do not accept payment for links or content in any form”… but then also admits “If you buy through links on this site, we may earn a commission, which helps support our mission.” 🤣

Obviously the reason their first VPN suggestion is NordVPN (a shady company that is most likely not only giving data to cops but also selling it to other companies), and they offer you a 68% Off Coupon for it, obviously that has nothing to do with them being paid earning a commission.

🤦 🤮

(I don’t have an opinion about the DuckDuckGo Android App Tracking Protection thing; assuming it is free software enough that it can be installed from f-droid, it might be worth looking in to.)

Joe Bidet
link
fedilink
32M

Also an Android app that blocks all trackers sounds a bit like a joke as Android itself is the one-tracker-to-bind-them-all-and-forever-rule-them…

Arthur Besse
link
fedilink
22M

true, though, i guess a lot of people use mostly (or entirely?) degoogled android things but then need/want/decide to use some shitty apps that bring back the tracking.

(i think there are android distributions that don’t actually make any connections to google? i’m not sure.)

Joe Bidet
link
fedilink
12M

Not sure there is any. There was Replicant, but…

Can I know of your grievances with threema? Genuinely curious

Arthur Besse
link
fedilink
32M

any privacy-related product that touts being in switzerland as a feature is immediately suspect. threema’s cryptography is some goofy stuff they made up themselves with numerous shortcomings documented elsewhere, but a big one which for me makes it not worth spending time looking in to further is that their forward secrecy story is this:

Threema provides forward secrecy on the network connection (not on the end-to-end layer).

This means that a malicious server can record all of your encrypted end-to-end messages, and decrypt them later if they ever obtain the key from one of the participants in the conversation. E2E forward secrecy is an extremely basic feature, invented more than 30 years ago and present in almost every new encrypted protocol released in the last decade. But threema decided to not even try!

Having FS between the user and the server, but not end-to-end between the users, only makes sense if you completely “trust” the server - which you’re supposed to do because they’re in Switzerland, I guess. But in that case, why bother with end-to-end encryption at all? 🤡

Thank you for the answer, it makes sense to me

@altair222@beehaw.org
link
fedilink
1
edit-2
2M

Can I also know of your grievances with signal, it feels like the only way I can get people off WhatsApp is selling them the idea of signal. Is it atleast better than WhatsApp in terms of metadata collection?

Arthur Besse
link
fedilink
42M

in a nutshell: imo you shouldn’t use anything that requires a phone number, and especially not things that use phone numbers as the identifier your contacts need to know to reach you. i wrote some reasons why here.

https://dessalines.github.io/essays/why_not_signal.html (by @dessalines, one of the authors of lemmy) has a lot of other reasons why not to use signal; i have mixed feelings about all of the things in their list of alternatives there but I think I’d use any of them before signal.

I’m abigg advocate for xmpp for quick messaging and matrix for communities due to their federated, decentralizef and relatively private nature, what would you personally say are the reasons to not suggest them to someone?

Arthur Besse
link
fedilink
22M

xmpp and matrix are both interesting and useful, but both were first designed to send unencrypted messages which has led to many complications/difficulties/caveats when using them with e2ee nowadays.

sorry i don’t have time to properly enumerate those issues here right now :)

I really appreciate your replies, thank you

Joe Bidet
link
fedilink
22M

Ironical that this valid list of reasons to distrust Signal is hosted on… "Microsoft Pages"™ ;)

deleted by creator

Arthur Besse
link
fedilink
12M

i can’t tell if you’re saying that you read the arguments against phone numbers (for personal communication) that i linked to and you disagree with them all, or if you’re saying you didn’t read them.

@DepressedDove@lemmy.ml
creator
link
fedilink
3
edit-2
2M

deleted by creator

Arthur Besse
link
fedilink
22M

I’m not going to give a VPN-selling privacy tips site any credit for steering people to Firefox; Firefox has been one of the top browsers for longer than a lot of web users today have been alive.

Tutanota’s encryption is not compatible with anything else, and their freemium business model seems implausible. My understanding is that when you send an encrypted email to a non-tutanota user it sends them a link to the tutanota website, where they send some javascript on-the-fly which does the decryption (and hopefully doesn’t exfiltrate the key - but good luck verifying that at the time you’re actually using it). This is security cosplay, and can be very convenient for some adversaries who might otherwise be thwarted by people using some standardized encryption with software that isn’t running in a web browser. I recommend against Tutanota.

“What VPN do you use” is a complicated and personal question :)

For accessing lemmy I am using Tor Browser, with all of its problems. Neither Tor nor any VPN are really sufficient for hiding your location from serious adversaries, but for hiding from the copyright police while torrenting I recommend Mullvad. Click here to get a 68% discount when you sign up with my affiliate code!

want to become an affiliate yourself?

you can’t, because they actually don’t play that game :)

@hfkldjbuq@beehaw.org
link
fedilink
2
edit-2
2M

Tor. VPN is not trying to be anonymous, it was not designed for that.

But it helps in certain situations.

@hfkldjbuq@beehaw.org
link
fedilink
4
edit-2
2M

Go with mulvad if you need a VPN for any other reason than anonymity then

DuckDuckGo? No thanks, its search engine based on blink, and now a browser app…

Better use Mull, or any other FF based browser…

and they started serving CAPTCHAs to Tor users…

@DepressedDove@lemmy.ml
creator
link
fedilink
2
edit-2
2M

deleted by creator

deleted by creator

@XpeeN@sopuli.xyz
link
fedilink
4
edit-2
2M
  • Mull + searxNG for general browsing +uBO
  • Chromium based browser (brave/bromite) + searxNG for websites that you feel you need process isolation while using them (so they can’t see other website’s cookies, etc.)
@DepressedDove@lemmy.ml
creator
link
fedilink
3
edit-2
2M

deleted by creator

Easily removed through config. BTW, I don’t remember if at some point I configured that myself, but I don’t get any. On settings -> homepage, you can clean the box for “sponsored shortcuts”, and even clean further the homepage…

Isn’t this basically just a local proxy that sinkholes certain domains? You can pretty easily set that up yourself.

I just have my internet traffic running through a proxy server at home that has PiHole installed, I have a few reasons for doing this instead of just setting my DNS to the PiHole (my VPN provider limits the number of logged on devices, so I have my proxy seever routing traffic into a single OpenVPN connection, this way all my devices appear as only one), but obviously you can just change your DNS for a similar effect with way less effort. Don’t want to set up PiHole? There are public DNS providers that do ad and tracker blocking.

All in all, DDG’s solution is hardly an innovation worth reporting on. It’s just packaged up more nicely and with marketing (you know, like this article).

I’ve been using https://github.com/TrackerControl/tracker-control-android which is effectively the same thing, just open-source (there’s an F-Droid link there if you don’t like Google Play)

@DepressedDove@lemmy.ml
creator
link
fedilink
2
edit-2
2M

deleted by creator

Nevermind, duck duck go is based in Pennsylvania. Quick wikipedia search.

Joe Bidet
link
fedilink
12M

So it means whatever they claim about privacy, they are submitted like gimps to the FISAAmendmentAct and will hand over our asses in a snap, leaving no trace, if we’re not born in 'Muwikaa…

Your speech will be defended by the ruzzians, let’s not worry…I’m totally assuming that duck duck go is based in ruzzia.

I’m confused, what’s the point of this comment?

deleted by creator

Trueish. Except, it’s clear when you’re at the receiving end of a bullet who the bad guy really is…compared to other things like a rock or a wall or an American or Italian person.

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 5 users / day
  • 33 users / week
  • 107 users / month
  • 321 users / 6 months
  • 8 subscribers
  • 551 Posts
  • 1.66K Comments
  • Modlog