Another good piece by the EFF. Its an important message to write about to your gov’t representatives if it resonates with what you feel is the way forward with regards to the misguided “internet safety” laws so many countries are trying to pass right now
Brave plus privacy badger seems to be the strongest anti-fingerprint that you can lay your hands on at the moment.
I have waded waist deep through about 15 anti-Brave posts where people have told me to try different combinations of plugins and browsers. Somebody claimed duckduckgo would do it, but once I installed it and found out it didn’t support plugins, I walked away immediately.
Everybody seems to direct most of their hate toward the CEO and the crypto. As far as I’m concerned those two things don’t bother me anywhere near as much as their thirst for funding. I’m pretty sure they wouldn’t have any qualms about selling 100% of my data off to anyone willing to pay to stay afloat. But in the end that’s probably not all that different from Microsoft or Google.
Brave is keeping up with the Joneses for YouTube ad blocking. It’s reasonably quick and supports all of my Chrome plugins.
I absolutely cannot get Firefox to pass the fingerprint test. If I could convince Firefox to pass that test I would strongly consider backing off my usage of brave.
It's very telling when the only criticism you really see leveled against Brave is that same article everybody posts as some kind of trap card, despite the fact it can be boiled down to "don't use Brave because the CEO is a bigot or something, and you have to opt out of their crypto stuff." Cool. I don't care about those things, I care about the browser's ability to do what I need it to, and Brave does. Are you putting your trust in a company that could be selling your data? Sure, that's always a risk, but until it's been confirmed, I'm happy to stick with it. I mean shit, it even beats out GrapheneOS's Vanadium in the fingerprinting test, and that's the browser I use on my phone.
imo, the hate against Brave is unfounded and seems to be coming from the anti-Chromium crowd. There are valid arguments to be made against it, but I honestly couldn't give less of a fuck what their CEO believes as long as the product works as advertised, and Brave consistently scores highly in privacy and security tests.
Brave has been thoroughly tested from many privacy advocate organizations EFF and more known names using default settings and ranks as the highest overall rated fingerprint resistant and anti tracking protected browser, again at default settings I have ran many tests once configured and get even better results even against librewolf with and without extensions and vanilla Firefox with privacy badger and ublock ect as well as without. (I use librewolf on desktop for those who are gonna down vote this) Gecko based browsers are advised against on Graphene and is spoken in length about on reddit from one of their Devs. Chromium and google is a bad combo sure reliance on Google and all to begin with, but so is supporting Google to degoogle with a pixel device. Could brave be a honeypot? Sure and many other services. So could VPN providers and any service for that matter. The biggest advantage I see using Firefox is promoting a non google alternative and balancing the scale against googles monopoly. In some cases Tor adds risk due to it being a giant vacuum for govt or other malicious entities looking to snoop. Its like taping a sign to your traffic. I think it serves a purpose but that varies from each persons use case.
Yeah, TOR in particular seems to give a lot of people a false sense of security. I live out in a very remote area, I'm certainly not going to be using TOR, for obvious reasons.
Exactly, it’s childish cancel culture for completed unrelated nonsense. It’s one thing to be anti Chrome, but being anti Chromium is stupid, let alone that brave did a good job about it.
I’d like to see what peoples personal opinions are on every single Firefox dev, as well as the complete Mozilla corporate hierarchy… Oh ya, they don’t know, so it’s cool. Then of course the completely history and belief system of the devs of every browser addon they use as well. That type of stupidity has no end.
First things first, there is no app like you describe. You have to take my word for it. Let’s say a certain country’s law enforcement might be very interested in taking to me if it knew role in certain events.
I examined many messaging and chat platforms, and the closest to what you’re asking for are custom Telegram clients that go a longer way to ensure that TG’s local data gets deleted properly (by default it doesn’t, easy peasy to get data from the local DB, half cleansed chats from 6 months ago pop up in exports or even the UI, etc).”, has a built in double bottom for accounts, etc. An example of what I am talking about is here: github.com/wrwrabbit (check the repos yourself).
Secondly, you must understand that when the law enforcement seizes a phone, upon initial quick examination (sometimes using brutality to force you to unlock it), they will shut it down to ensure it is not connected to the Internet. And then criminalists will use a special black box device sold by an Israeli cybersec firm (its name always escapes me, but I think the product might be called Pegasus) to extract all data for offline analysis.
So thirdly, you must not rely on any app that conditionally removes data from a device. You must not entrust your well-being to it. Which leaves you basically the only choice: only ephemeral messaging capabilities which are available only when you are in the app, through the server over which you have full control.
Or your messaging sessions must take place only when you’re in a secure location. And even then you should have a “wipe all button” in case the police come after you unexpectedly.
It’s on my plans to dive a bit into self hosting, but for now only inside LAN. Still reading on it. On a VPS I wouldn’t be capable of securing and doing good administration in the next few months. But definitely on my roadmap (especially since I want to move careers for something more technical)
would you consider 1984 above orange for instance? The only ones I’d like to avoid are the likes of godaddy stuff
You can set up an account over Tor in case of 1984. Haven’t used Orange but mainly due to bigger costs. Iirc the only time my 1984 Wireguard VPN was facing issues was when trying to edit Wikipedia, so not a big problem. Searxng was also working fine.
Seconded. Subscribed to it a month ago in my mission to cut my dependence on Google products. So far I’m loving it. Calendar is a bit basic but it is encrypted.
Between the 500gb provided with the proton suite and using backblaze for backups, I’m pretty covered with data.
Thanks for the feedback! Ah for the 500GB it’s the higher plan. Already gets somewhat expensive.
Regarding backblaze for backups, it’s basically a way of dropping all the stuff and leave it there right? It’s not a cloud service (in the sense of filen and others) but for keeping data right? How are you ensuring that you have all the backups encrypted?
You could actually use Backblaze for both scenarios: as a normal cloud storage where you can access stuff back n forth or for long term backups and storage.
I use Duplicacy to copy and encrypt my main folders once a week. But you can set schedules for backups as you wish. Depending on how much you’re backing up it may get a bit pricey though. I have a little under a couple terabytes backed up and pay around $6 for Backblaze. They have a client I’ve never used that might be helpful as well.
One thing I wanna look into is using Duplicacy to also back up really important documents to my proton storage.
an option for data backups that I will only access/move when managing backups or restoring data in computer (I’d need at most 300-500GB)
an option for repeated access for files that I’d plan to use / change weekly.
So with duplicati you’re able to send the backups to backblaze bucket in an encrypted way? What would I need to retrieve the data and unencrypt on computer if mine would break? How would you use backblaze as daily cloud? I thought it was mostly a bucket to drop stuff. Is there any way to mount it as a network drive while having everything encrypted ?
right now I have Filen with 100GB and it’s more than enough for me right now. However, from what I’ve read it’s not compatible with cryptomator and I cannot mount it as drive. Moreover the app is only for syncing data, which is not my aim
I’ve never looked into backing it up. I do know they make it easy to import emails from other services so maybe they’d make it easy to export to other providers too? You’d have to look into it.
You can use matrix/element and if someone loses her phone, you can remove her from the room. The room will disappear from the other phone if it’s connected to the internet
I’ve been interested in looking at matrix due to its decentralyzed nature, and self host capability. But as much as I love to self host certain things. Self hosting isn’t always the shining example its portrayed as. That comes with its own security/privacy flaws. I will do some reading on matrix and learn about the features. Thanks for shedding some light on the actual topic at hand.
Edit for matrix info which can be found here for those wanting to learn more. -> matrix.org
You don’t have to selfhost. You can use anyone’s server. It’s all e2e. The social graph may be visible. Selfhosting is easy. Look for an install with docker.
Will do thanks. I don’t care about social graph being visible so long as there isn’t identifiable info during sign up. I’d much rather self host as needed. But what if matrix was self hosted on a hostile network. Under VPN from both sides. Say matrix was running from a hotel WiFi. How would one secure the service.
I don’t care about social graph being visible so long as there isn’t identifiable info during sign up. well said
you can also look into hosted services like EMS but I don’t know if you have to provide identifiable info.
But what if matrix was self hosted on a hostile network.
it’s all encrypted on the client -> e2e. even if it was http and no SSL
Say matrix was running from a hotel WiFi.
you have to provide a domain, I’m not sure how easy it would be to run it without and only locally on a LAN. IT’s possible but the experience wont be good. you also can’t federate. It’s much easier to use a hosted server.
How would one secure the service.
the same way like you’d do it with a publicly exposed host.
BUT I think I’d go with p2p matrix before going the LAN route.
The f-droid version should be ok for now, but if you installed this from the malware distribution channel aka the Playstore I would recommend to deinstall them before the next update hits.
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.