Banning online anonymity tools like Tor won’t stop crime. It will only drive people underground and normalize government control over the internet

“You are not the customer, you are the abandoned carcass. The real customer is the market that trades in your future behaviour.” - Shoshana Zuboff

Zuboff’s The Age of Surveillance Capitalism has been on my list for a long time - finally diving in. It’s unsettling, brilliant, and painfully relevant. I wrote a short piece distilling her core message and what it means for digital freedom today.

Please share with friends and family who are being a bit slow to up their privacy game 😁

Over the past few years I have gone through a bunch of different apps and protocols to find the best one for "securely" communicating with my family and friends.

I ended up with the amazing XMPP protocol and my family/friends frequently use its clients to contact me.

Monal for IOS and Cheogram/Conversations/Quicksy for Android. The android app I install depends on if I can get F-Droid on their phone or not.

It's been great with OMEMO encryption and the clients/apps available for XMPP. But sometimes I have issues introducing people to it.

Jabber (friendly name for xmpp) sounds silly to say. The clients all have weird names. And after trying the Signal mobile app it feels more focused than what anyone in the XMPP community has whipped up.

But the capabilities of XMPP makes it better.

Signal Cons (immediete)

• Centralized
• Single app
• Phone numbers

XMPP/Jabber Cons

• Picking server
• Apps are sort of less friendly

What really scares me about Signal is the centralization. Any nerd can easily host an XMPP server these days. But Signal from what I've heard really wants us to use their server.

If XMPP gets more attention I'm sure we can get people supporting projects and creating better apps.

I keep seeing people recommended Signal instead.

This is a bit of a tired ramble. What I wanna know is why anyone is preferring Signal over XMPP apps. I assume it might be not knowing about it. Tell me what you use to message people.

Found this AI art block list recently and thought I would share it with you guys. It definitely comes in handy!

This makes a world of difference. I know many people may know of it but may not actually do it. It Protects your files in case your computer is ever stolen and prevents alphabet agencies from just brute forcing into your Laptop or whatever.

I found that Limine (bootloader) has the fastest decryption when paired with LUKS at least for my laptop.

If your computer isn't encrypted I could make a live USB of a distro, plug it into your computer, boot, and view your files on your hard drive. Completely bypassing your Login manager. If your computer is encrypted I could not. Use a strong password and different from your login

Benefits of Using LUKS with GRUB Enhanced Security

• Data Protection: LUKS (Linux Unified Key Setup) encrypts disk partitions, ensuring that data remains secure even if the physical device is stolen.
• Full Disk Encryption: It can encrypt the entire disk, including sensitive files and swap space, preventing unauthorized access to confidential information.

Compatibility with GRUB

• Unlocking from Bootloader: GRUB can unlock LUKS-encrypted partitions using the cryptomount command, allowing the system to boot securely without exposing sensitive data.
• Support for LVM: When combined with Logical Volume Management (LVM), LUKS allows for flexible partition management while maintaining encryption.

"The problem in a nutshell. Surveillance agency NSA and its [UK counterpart] GCHQ are trying to have standards-development organizations endorse weakening [pre-quantum] ECC+PQ down to just PQ."

Part of this is that NSA and GCHQ have been endlessly repeating arguments that this weakening is a good thing... I'm instead looking at how easy it is for NSA to simply spend money to corrupt the standardization process.... The massive U.S. military budget now publicly requires cryptographic "components" to have NSA approval... In June 2024, NSA's William Layton wrote that "we do not anticipate supporting hybrid in national security systems"...

[Later a Cisco employee wrote of selling non-hybrid cryptography to a significant customer, "that's what they're willing to buy. Hence, Cisco will implement it".]

What do you do with your control over the U.S. military budget? That's another opportunity to "shape the worldwide commercial cryptography marketplace". You can tell people that you won't authorize purchasing double encryption. You can even follow through on having the military publicly purchase single encryption. Meanwhile you quietly spend a negligible amount of money on an independent encryption layer to protect the data that you care about, so you're actually using double encryption.

So I just started messing around with the settings in my windows and account tied to it. And good Lord, this thing's just as bad as Android. 😒 ? The thing is literally saving all my inquiries and everything to my Microsoft account. I can't even turn off some of these features as far as trying to stop them. Many privacy settings are also buried all over the place. When did this happen?

You're welcome I'll share even better books later.

Obviously a lot of people here hide a lot of information. What is keeping you all from extreme stress considering the possibility that a government is spying on your actions despite strict privacy practices? Considering my current situation and my extreme threat model it feels like the privacy walls around me are closing in. I'm very paranoid. I do a lot of risky and dangerous shit on the internet. Every knock on my door and phone call feels like the police. I don't talk with others about what I do and I'm always hiding my internet activity from others. Any thoughts would be helpful

After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.

Providers

• AirVPN
• IVPN
• Mozilla VPN
• Mullvad VPN
• NordVPN
• NymVPN
• Private Internet Access (abbreviated PIA)
• Proton VPN
• Surfshark VPN
• Tor (technically not a VPN)
• Windscribe

Notes

• I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
• Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
• Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
• Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
• The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
• Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
• All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
• Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
• Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.

Takeaways

• If you don't mind the speed cost, Tor is a really good option to protect your IP address.
• If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
• If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.

ODS file: https://files.catbox.moe/cly0o6.ods

IMPORTANT NOTE - READ FIRST:

This is still a work-in-progress and a close-source project (This is what a honeypot would look like). To view the open source MVP version see here. NONE of my projects have been audited or reviewed. I provide them for testing and demo purposes only. NOT to replace your current messaging app (or any other app you use).

BE RESPONSIBLE WHEN USING UNAUDITED SOFTWARE... DO NOT USE FOR SENSITIVE PURPOSES.

Now that I've hit you over the head with caution...

Want to send encrypted WebRTC messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses WebRTC to establish an encrypted browser-to-browser connection. Everything is ephemeral and cleared when you refresh the page - true zerodata privacy!

Check out the pre-release demo here.

• Website: https://positive-intentions.com/
• Mastodon: https://infosec.exchange/@xoron

Let's imagine we live in a world the American government is not the American government so you can trust what American companies say when they talk about protecting your privacy and so on...

I'm turning 41, but I don't feel like celebrating.

Our generation is running out of time to save the free Internet built for us by our fathers.

What was once the promise of the free exchange of information is being turned into the ultimate tool of control.

Once-free countries are introducing dystopian measures such as digital IDs (UK), online age checks (Australia), and mass scanning of private messages (EU).

Germany is persecuting anyone who dares to criticize officials on the Internet. The UK is imprisoning thousands for their tweets. France is criminally investigating tech leaders who defend freedom and privacy.

A dark, dystopian world is approaching fast - while we're asleep. Our generation risks going down in history as the last one that had freedoms -and allowed them to be taken away.

We've been fed a lie.

We've been made to believe that the greatest fight of our generation is to destroy everything our forefathers left us: tradition, privacy, sovereignty, the free market, and free speech.

By betraying the legacy of our ancestors, we've set ourselves on a path toward self-destruction - moral, intellectual, economic, and ultimately biological.

So no, I'm not going to celebrate today. I'm running out of time. We are running out of time.

In a compelling, entertaining and accessible format, we present these negative awards to companies, organisations, and politicians. The BigBrotherAwards highlight privacy and data protection offenders in business and politics, or as the French paper Le Monde once put it, they are the “Oscars for data leeches”.

I can really recommend Digitalcourage and the event. I am not directly involved.

Our country needs more privacy conscious communities in order to resist against surveillace capitalism. Join to discuss Mexico-specific privacy discussions!

!privacidadmx@lemmy.ml 💚🤍❤️

I made a spreadsheet comparing different open source VPN providers.

Part 2 here

Providers

• IVPN
• Mozilla VPN
• Mullvad VPN
• NymVPN
• Proton VPN

Notes

• Please do not start a flame war about Proton.
• Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
• The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
• IVPN has two differing plans, which is why "Standard" and "Pro" are sometimes differentiated.
• For accounts, "Generated" means a random identifier is created for you to act as your account, "Required" means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
• Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
• All prices are in United States Dollars. Tax is not included.
• Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
• The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
• The Proton VPN Flatpak is unofficial, but based on the official code.
• Availability on secureblue is based on the ujust install-vpn command. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages.
• I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.

Takeaways

• NymVPN is very very new, but it's off to a strong start. It wins in almost every category. I actually hadn't heard of it until I started this project.
• If you want a free VPN, Proton VPN is the only one here that meets that requirement.
• If you want to pay week-by-week, IVPN is the only one that allows that.
• If you're paying month-by-month on a budget, Mullvad VPN is the cheapest option.
• NymVPN is the cheapest plan for anything past 1 month.
• If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
• If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
• Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn't even matter.

These are some practices which worked for me, You can adjust them to match your preferences. Feel free to add your own in the comments

1. If you are forced to use something that is privacy invasive, Make it isolated from your actual profile. (Ex- Using a 2nd Browser profile, Using an alias to signup)

2. Always use the services that you use from their official clients. Don't blindly trust 3rd party clients just because they claim that they are "more private", Do some research before using it.

3. Don't mix up your work life with your personal life. Consider getting a second phone just for work purposes or you could use a second profile for work purposes if your phone has the ability to create multiple user profiles.

4. Keep a habit of clearing the browser data once in a while. (You can make your browser automatically clear the browser data when closing but it can be kinda annoying when you have to log back into websites everytime)

5. Strip away the metadata of your photos and documents when sharing them.

6. Check connected apps/services regularly and revoke unused ones. (on Discord, GitHub, Matrix and etc.)

7. Audit app permissions regularly (Some apps adds in new permissions or re-enables permissions over updates)

The old #3 tip got removed (The password one) because it served no additional protection and was pretty annoying. It was a mistake by me, sorry

For several years, I've entertained the idea of creating an online portfolio, but it's remained only an idea since I am not sure what I should put on it. What's a good way to decide what goes on the personally-identifiable portfolio and what should remain under pseudonyms?

Nowadays, a majority of apps require you to sign up with your email or even worse your phone number. If you have a phone number attached to your name, meaning you went to a cell service/phone provider, and you gave them your ID, then no matter what app you use, no matter how private it says it is, it is not private. There is NO exception to this. Your identity is instantly tied to that account.

Signal is not private. I recommend Simplex or another peer to peer onion messaging app. They don't require email or phone number. So as long as you protect your IP you are anonymous

The EU built a system called CounterR that essentially performs pre-crime thought surveillance. The TLDR is that an AI company, with direct input from half a dozen European police forces, built a tool that scrapes social media, forums, and other sources to assign citizens a score based on what they think as opposed to what they've actually done. The EC also has not released details of the project..

The report itself acknowledges that this sort of automated system "can trigger new fundamental rights risks that affect rights different than the protection of personal data and privacy."

The European Commission's White Paper on Al observes that Al-related processing of personal data can trigger new fundamental rights risks that affect rights different than the protection of personal data and privacy, such as the right to freedom of expression, and political freedoms - in particular when Al is used by online intermediaries to prioritise information and for content moderation.

The police were active co-developers, sitting in meetings to define the criteria and feeding real, anonymized data from their investigations to train the LLM. So now you have a feedback loop where police define the threat, the LLM learns it, and the police validate the results, with zero external oversight.

And of course, it's all shrouded in secrecy. The whole thing is confidential, the source code is proprietary so even partners can't audit it, and the ethics board is made up of the same people building the thing. There's no clear requirement to track false positives, so you could be flagged as a potential radical and never know why.

Regarding transparency of funded research, it must be noted that generally research proposals foresee Confidentiality of some results is often necessary, especially in the realm of security.

The cherry on top? The core technology, developed with public funds, was recently acquired by a private company, Logically, who can now sell this dystopian scoring system to whoever they want.

The citizens of the EU literally paid to build our own panopticon. The whole project is about normalizing the idea that the state gets to algorithmically monitor and judge your political beliefs before you ever commit a crime.