Obviously a lot of people here hide a lot of information. What is keeping you all from extreme stress considering the possibility that a government is spying on your actions despite strict privacy practices? Considering my current situation and my extreme threat model it feels like the privacy walls around me are closing in. I'm very paranoid. I do a lot of risky and dangerous shit on the internet. Every knock on my door and phone call feels like the police. I don't talk with others about what I do and I'm always hiding my internet activity from others. Any thoughts would be helpful

IMPORTANT NOTE - READ FIRST:

This is still a work-in-progress and a close-source project (This is what a honeypot would look like). To view the open source MVP version see here. NONE of my projects have been audited or reviewed. I provide them for testing and demo purposes only. NOT to replace your current messaging app (or any other app you use).

BE RESPONSIBLE WHEN USING UNAUDITED SOFTWARE... DO NOT USE FOR SENSITIVE PURPOSES.

Now that I've hit you over the head with caution...

Want to send encrypted WebRTC messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses WebRTC to establish an encrypted browser-to-browser connection. Everything is ephemeral and cleared when you refresh the page - true zerodata privacy!

Check out the pre-release demo here.

• Website: https://positive-intentions.com/
• Mastodon: https://infosec.exchange/@xoron

After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.

Providers

• AirVPN
• IVPN
• Mozilla VPN
• Mullvad VPN
• NordVPN
• NymVPN
• Private Internet Access (abbreviated PIA)
• Proton VPN
• Surfshark VPN
• Tor (technically not a VPN)
• Windscribe

Notes

• I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
• Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
• Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
• Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
• The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
• Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
• All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
• Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
• Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.

Takeaways

• If you don't mind the speed cost, Tor is a really good option to protect your IP address.
• If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
• If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.

ODS file: https://files.catbox.moe/cly0o6.ods

Let's imagine we live in a world the American government is not the American government so you can trust what American companies say when they talk about protecting your privacy and so on...

I'm turning 41, but I don't feel like celebrating.

Our generation is running out of time to save the free Internet built for us by our fathers.

What was once the promise of the free exchange of information is being turned into the ultimate tool of control.

Once-free countries are introducing dystopian measures such as digital IDs (UK), online age checks (Australia), and mass scanning of private messages (EU).

Germany is persecuting anyone who dares to criticize officials on the Internet. The UK is imprisoning thousands for their tweets. France is criminally investigating tech leaders who defend freedom and privacy.

A dark, dystopian world is approaching fast - while we're asleep. Our generation risks going down in history as the last one that had freedoms -and allowed them to be taken away.

We've been fed a lie.

We've been made to believe that the greatest fight of our generation is to destroy everything our forefathers left us: tradition, privacy, sovereignty, the free market, and free speech.

By betraying the legacy of our ancestors, we've set ourselves on a path toward self-destruction - moral, intellectual, economic, and ultimately biological.

So no, I'm not going to celebrate today. I'm running out of time. We are running out of time.

In a compelling, entertaining and accessible format, we present these negative awards to companies, organisations, and politicians. The BigBrotherAwards highlight privacy and data protection offenders in business and politics, or as the French paper Le Monde once put it, they are the “Oscars for data leeches”.

I can really recommend Digitalcourage and the event. I am not directly involved.

Our country needs more privacy conscious communities in order to resist against surveillace capitalism. Join to discuss Mexico-specific privacy discussions!

!privacidadmx@lemmy.ml 💚🤍❤️

For several years, I've entertained the idea of creating an online portfolio, but it's remained only an idea since I am not sure what I should put on it. What's a good way to decide what goes on the personally-identifiable portfolio and what should remain under pseudonyms?

These are some practices which worked for me, You can adjust them to match your preferences. Feel free to add your own in the comments

1. If you are forced to use something that is privacy invasive, Make it isolated from your actual profile. (Ex- Using a 2nd Browser profile, Using an alias to signup)

2. Always use the services that you use from their official clients. Don't blindly trust 3rd party clients just because they claim that they are "more private", Do some research before using it.

3. Don't mix up your work life with your personal life. Consider getting a second phone just for work purposes or you could use a second profile for work purposes if your phone has the ability to create multiple user profiles.

4. Keep a habit of clearing the browser data once in a while. (You can make your browser automatically clear the browser data when closing but it can be kinda annoying when you have to log back into websites everytime)

5. Strip away the metadata of your photos and documents when sharing them.

6. Check connected apps/services regularly and revoke unused ones. (on Discord, GitHub, Matrix and etc.)

7. Audit app permissions regularly (Some apps adds in new permissions or re-enables permissions over updates)

The old #3 tip got removed (The password one) because it served no additional protection and was pretty annoying. It was a mistake by me, sorry

I made a spreadsheet comparing different open source VPN providers.

Part 2 here

Providers

• IVPN
• Mozilla VPN
• Mullvad VPN
• NymVPN
• Proton VPN

Notes

• Please do not start a flame war about Proton.
• Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
• The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
• IVPN has two differing plans, which is why "Standard" and "Pro" are sometimes differentiated.
• For accounts, "Generated" means a random identifier is created for you to act as your account, "Required" means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
• Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
• All prices are in United States Dollars. Tax is not included.
• Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
• The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
• The Proton VPN Flatpak is unofficial, but based on the official code.
• Availability on secureblue is based on the ujust install-vpn command. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages.
• I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.

Takeaways

• NymVPN is very very new, but it's off to a strong start. It wins in almost every category. I actually hadn't heard of it until I started this project.
• If you want a free VPN, Proton VPN is the only one here that meets that requirement.
• If you want to pay week-by-week, IVPN is the only one that allows that.
• If you're paying month-by-month on a budget, Mullvad VPN is the cheapest option.
• NymVPN is the cheapest plan for anything past 1 month.
• If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
• If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
• Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn't even matter.

Nowadays, a majority of apps require you to sign up with your email or even worse your phone number. If you have a phone number attached to your name, meaning you went to a cell service/phone provider, and you gave them your ID, then no matter what app you use, no matter how private it says it is, it is not private. There is NO exception to this. Your identity is instantly tied to that account.

Signal is not private. I recommend Simplex or another peer to peer onion messaging app. They don't require email or phone number. So as long as you protect your IP you are anonymous

Have you had any privacy wins recently? Anything you've tried or tweaked to improve your privacy? Anyone who's listened to something you've said? Do you have any privacy enhancing projects or changes you're working on implementing

I managed to convert someone to Signal this week. Was having reception difficulties with a phone call (both of us in spotty areas) and after a drop out, managed to get them on board with Signal. A very notable quality improvement in the call which helped reinforce to them it was a good idea.

I'm going to work on setting up Pihole over the weekend.

Note: I did steal this topic idea from Techlore.

I’ve recently “moved” countries! And by that I of course mean the country I exit from online. I’m trying to keep a perma-VPN situation going.

YouTube loaded for me on my computer, where I’m logged in, even through uBlock Origin. But no luck on their locked down phone app, where I’m also logged in. Very weird. Shuffled servers a bit and still nothing. And I’m not talking about sports content which is always super locked down.

Anyone else facing this problem? Has this been the norm for a while in some exit countries? Is this just one of those wait for it to tide over situations that works itself out in the end?

Weirdly it loads shorts just fine.

I wonder at what point it would end up being better to just rent a VPS and wireguard into that.

In case your answer is “Just use Peertube!” my reply is Inshallah I will

This app has been under development for a few months now and is ready for use.

Should be available on Google play first. IOS in the works and released soon.

If your a developer who can contribute and make it even better that is welcomed it's still very early.

The EU built a system called CounterR that essentially performs pre-crime thought surveillance. The TLDR is that an AI company, with direct input from half a dozen European police forces, built a tool that scrapes social media, forums, and other sources to assign citizens a score based on what they think as opposed to what they've actually done. The EC also has not released details of the project..

The report itself acknowledges that this sort of automated system "can trigger new fundamental rights risks that affect rights different than the protection of personal data and privacy."

The European Commission's White Paper on Al observes that Al-related processing of personal data can trigger new fundamental rights risks that affect rights different than the protection of personal data and privacy, such as the right to freedom of expression, and political freedoms - in particular when Al is used by online intermediaries to prioritise information and for content moderation.

The police were active co-developers, sitting in meetings to define the criteria and feeding real, anonymized data from their investigations to train the LLM. So now you have a feedback loop where police define the threat, the LLM learns it, and the police validate the results, with zero external oversight.

And of course, it's all shrouded in secrecy. The whole thing is confidential, the source code is proprietary so even partners can't audit it, and the ethics board is made up of the same people building the thing. There's no clear requirement to track false positives, so you could be flagged as a potential radical and never know why.

Regarding transparency of funded research, it must be noted that generally research proposals foresee Confidentiality of some results is often necessary, especially in the realm of security.

The cherry on top? The core technology, developed with public funds, was recently acquired by a private company, Logically, who can now sell this dystopian scoring system to whoever they want.

The citizens of the EU literally paid to build our own panopticon. The whole project is about normalizing the idea that the state gets to algorithmically monitor and judge your political beliefs before you ever commit a crime.

Let's say I want to bridge from WhatsApp or telegram to Matrix, have I gaibed something in terms of privacy? In which case would it make sense? Public group chats? Direct chats?