Not an answer, but a clarification. You seem to be messing up two things. DoH is basically encrypted DNS, i.e. no one other than your DNS provider can see what domains you ask for. It’s orthogonal to ad blocking; there are various service that provide one, or another, or both.
Yup I understand that. I’m primarily asking what the community thinks is a better DNS blocker between Aha Blitz and Mullvad’s, both of which provide DNS blocking over https.
The plan was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.
Tutanota was (at least) compromised from the moment that they were ordered by German courts to spy on anyone that they were ordered to. Including skipping encryption upon email arrival. Why the hell they are suggested in the privacy space after that just proves how retarded most privacy bros are.
Why, what else could have they done with laws? Protonmail and literally every other provider on the clearnet is also susceptible to this. The only thing they can do is have lawyers to find what the absolute most minimum they are required to do and only do that, but that’s all.
Proton can be legally ordered to start recording the IP address of a specific user. That’s why they recommend that you always connect through their Onion site.
Other than that and if that’s possible, I think it may also be possible to legally order Proton to keep the unencrypted form of incoming emails for a specific user, but Proton did not said it in the article, and Swiss laws might protect them against that. It’s certainly possible technically, and good to be aware of it, I think.
Sorry but I can’t open the second link, as it actively resists it. I suspect though that the problem with Tutanota was not their encryption, but their legal system, which required them to keep a copy of the incoming emails.
Also, don’t mistake me, I’m all for protonmail, and I mean this. But did you know they only encrypt the email contents? Metadata like title, sender recipient and other things in the mail header don’t get encrypted.
you’re right about the IP thing. that’s a good clarification rather than just “spy”. i suppose it’s less dire than Tutanota not encrypting incoming mails if you use tor and vpn by default.
yeah basically it more or less proves that swiss privacy is a bit stronger in this case vs Germany.
on the proton encryption, i did know about this but does that apply to proton-to-proton, proton-to-NonProton, or both? if you have details on this let me know.
either way the fact that they dont makes me feel that proton is a similar honeypot to signal and telegram, where they make a compromise with the five eyes, to give them metadata even if actual contents are safe. metadata can be much more powerful than contents often times
in general email is just the worst protocol when it comes to privacy. sadly.
on the proton encryption, i did know about this but does that apply to proton-to-proton, proton-to-NonProton, or both? if you have details on this let me know.
As I know it applies to both. Formerly they were asking (among other things) about the titles of your latest emails for account recovery. (after I have put all the links here I realized that these don’t give a details on whether this also applies to inter-proton messages…)
either way the fact that they dont makes me feel that proton is a similar honeypot to signal and telegram, where they make a compromise with the five eyes, to give them metadata even if actual contents are safe. metadata can be much more powerful than contents often times
Yeah, might as well be. But if it is, I’m afraid we won’t get to know for a few decades, if ever. And I think it’s still better than the alternatives… the alternative email providers, that is.
If it comforts you, in their reddit comment I linked they mention (in 2019…) that there’s a proposal they support for openpgp to be able to have an encrypted subject line.
I found out also that Tutanota is essentially the same, except that they do E2EE subject lines between tutanota users, but I am guessing that is because they don’t use PGP unlike Proton. In which case, Proton is in the right in this case because they are increasing E2EE interoperability beyond just their own users. So, my comment about honeypotting was really uncalled for I think, and I apologize for that.
The OpenPGP proposal is interesting, but I couldn’t find anything on it. All I found was this below, which explains that email headers can’t be/aren’t encrypted, and subject is one of those, so that’s why. I have no clue what Proton was talking about, or where they got that info
The SimplyTranslate front end has many languages, translate engines selectable: Google | DeepL (Testing) | ICIBA | Reverso | LibreTranslate. Some instances are Tor-friendly, even onion. The project page seems to be codeberg.org/SimpleWeb/SimplyTranslate
Refusing to use Google is just common sense. LibreTranslate itself is decent (at least not Google), except a website hosting it may have some opaque JS or Google things (Font, Analytics, TagManagers, etc.)
Either way, translation can’t be super-private in general. For example, if you use it to write a private message or love letter in a foreign language… even including real names and physical addresses…
Also, metadata like “a Danish-speaker is reading this German text about X” can’t be hidden, and if the language pair is uncommon and/or if text to be translated is specialized (not generic), the engine provider may easily guess “this request and that request yesterday may be from the same user”, etc. if they want to. A sufficiently powerful “attacker” might de-anonymize you, helped by other info about you, already gathered. In practice, maybe not a big concern, if you’re just translating generic, non-sensitive text, not showing your real IP, and clearing cookies frequently.
Yes, and it is very feature complete. It’s what I use.
The paid plans are largely just a way to support development, but specifically it allows you to use custom domains, not just automatically generated ones. There’s some other benefits like PGP and wildcard domains, but the custom domains seems like the biggest draw to a paid plan in my book.
Don’t worry, you’re not breaking it to me 😄. I’ve never found the need for more than 10 aliases myself and I could be wrong but I think that needing more than 10 functioning aliases at a given time is a bit of a fringe case when it comes to the average user. It sounds like your comments are based on pretty heavy usage.
I’m not saying that Simple Login is better than the other two services (which I’ve never used so can’t compare) However, from using the free tier of the service for years now the free version of Simple Login is feature complete and does not make you bump in to pay walls.
Leave it to the cryptocurrency people to turn a simple tutorial into an ad.
I’m from the same Lemmy instance monero.town (technically a mod?) and can see your point. Initially I was vocal about perceived link-spamming, advertising this SimplifiedPrivacy thing; at least a few users there were/are feeling the same way, as you can see e.g. here. So please don’t lump crypto (esp. Monero) users as a single kind of people.
Like @leraje pointed out, some of info provided by this user (ShadowRebel) can be useful. Perhaps some people prefer a video to text. Monero users tend to respect freedom (of speech) and advertisement is not forbidden in Monero.town anyway. Perhaps you can understand that this does not mean “the cryptocurrency people” are the same.
@ride I know the background: this info could be very useful, and you commented, “Even if not directly Monero-related, this draws attention to the community when such contributions come from here.”
The problem is, !privacyguides has a different set of rules than Monero.town does, explicitly stating:
This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
Hence, as you can see in monero.town/post/1085883 (you double-posted the same thing, too), a negative comment about this:
I feel like this might count as self-promotion, given it’s mentioning a particular website, their GitHub, their running service, etc. Regardless, it is informative
@LWD is not “childish”, even stating “it is informative.” But even if this post may be useful, we should follow the rules of !privacyguides when (cross-)posting here; otherwise, Monero.town may look bad.
privacyguides
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.