Post got deleted, posts removed…
The “little steps” idea, though helpful in other places, doesn’t really apply under surveillance capitalism. If one company gets some small bit of info about you they will sell that data to everyone else, and the government has access to those data as well. Being a little safer sometimes doesn’t do much. You really have to go all the way or don’t bother
“Welcome to Reddit! A community where you can determine what the mood and biases of the mod(s) are so you can safely post without getting banned or comments deleted.”
Unsurprising behavior from a community where the coolest person is the one who can put on the biggest tin foil hat. I appreciate the privacy community here but I think the concept itself leads to users decrying anything as insecure just because it makes them feel more knowledgeable.
proton is literally cia. they are modern cryptoAG
proton is literally cia. they are modern cryptoAG
[citation needed]
I’m not saying that it’s BS. I’m asking as someone who’s on the brink of dropping 300€ on a year of “proton family”. I’d like more than an unsubstantiated “they’re crap” claim before making my decision.
I literally only started hearing people say its a honeypot after that one cat pfp youtuber was reviewing its onion services when proton released it, which used https for the onion domain, which he said “is the same thing honeypots do” or whatever
I’m kind of interested on this as well. I started using proton a few months ago when my ISP stopped supporting mailservers on consumer contracts.
Should I find something else?
Only reason I’d recommend signal to anyone is that its one of the few encrypted apps that doesnt have awful onboarding. A boomer can figure it out.
What do you recommend?
If Signal was not simple, my family and friends would likely use Telegram or WhatsApp. Even switching to Signal required a number of (general) newspaper articles criticising the status quo. It’s likely not optimal, but okayish and sharing opinions and holiday impressions feels a bit better.
Switching a service is a slow, difficult process and many contacts will not follow, given they would abandon other contacts among friends, family, parents at school, sports teams, … (now, I’m here, using 4+ solutions).
If training or even curiosity for the technical process is required, very few people will follow. If it takes me (with strong IT background) more than 30 minutes to understand/implement, I may have a decent private solution, but I will feel quite lonely soon.
the other decent options are matrix and simplex chat, and mayyyybe session. matrix seems to have the most users and kick to it right now. out of those options. but yeah youre not gonna get the average tech illiterate person to get on a more complicated alternative to discord, essentially
I also got DMs asking why it’s removed or if I got banned, + someone asking and saying in topic it’s the 3rd in short time.
i can agree on a few stuff, and can’t on some others. I just choose the most private options aviable that still serve the purpose i use them for. Like if you can find something on Google Play, Aurora, F-droid, obviously, it is better to download from f-droid, but if you have a bit more time, it is even better to download from source or even compile it yourself. But it always upsets me when people ask for privacy tips when using ios or windows, like are you joking or what? ditch those lol. And obviously, as a gamer, i wouldn’t use purist linux oses, like PureOS, because it can have serious issues with games. But i won’t buy nvidia if i want to game on linux, when i can get amd with open-source drivers on distros like Garuda. So i think a reasonable privacy can’t hurt anyone, but moving on just the next little step or going into the extremes are both not good ideas
I can’t recommend downloading from sources to normal people, and the problem is no, one step after step is better, as you can’t have a perfect solution for privacy btw, but moving from one service to one service lets say in one day, week or maybe even month is not realistic. Its like recommending a password manager, great, but then saying theres immediat need to change all password… Like, technically true, but realisticly, bank and mail firsts, then step by step some passwords, without forgeting new accounts should have now strong passwords.
As I said, ie my girlfriend knowing Im interested into privacy tell me that she just installed and created a protonmail account and she used Drive a bit, if I just say thats useless because there need compartimentalization and Proton gave IP to police, thats fckd up
The most private, the most secure option isn’t for everyone, first to threat model, second to personnal daily life
A person interested can still have Gafam apps, for some needs, required, but can limit the settings.
If you are a gamer, you mostly still need Windows computer (Linux got better and better, depends on games tho), then you can choose to say fck, or you can use it with limiting the stuff you can (turning off maximum settings you can, OsU10, etc.). Thats the same with iOS… Most people wont buy right now a new phone because of privacy, but maybe the next in few months or in 2 years ; doesnt mean during this period you can’t choose apps to use, turning off iOS features, etc…
For some projects I needed TikTok, I wrote myself a guide, to use it as anonymous as possible, to TikTok and to people, instead of using it raw, defaults
We love lemmy ❤️
The real privacy nerds: paying for a service? Leaving a paper trail? Learn how to pwn grandma computers and push all your internet through that. /s
My guess is, the people who care didn’t stick around. As s result, quality went down.
Not like the communities here are any different …
I’ve gotten downvote bombed for suggesting Brave as a Chrome replacement since they have Ublock filters built in. Sure you need to disable a few settings after a fresh install, but at least they let you. Idgaf about what their ceo did 15 yeard ago etc. – I’m not giving them money, I’m using a product which is familiar with what I used before, and has good ad blocking built in.
@red @tobogganablaze https://brave.com/blog/intro-to-brave-ads/ The ad blocker is there to give them the opportunity to pitch their own ad network.
And can be happily ignored. I’ve seen that thing just twice, once on my desktop and once on Android.
And it’s opt in, not opt out.
My point still stands: it’s a good drop in replacement for Google Chrome.
It’s not the best, but it’s better than staying with Google - a lot of people want a familiar hassle free replacement, and in that regard I don’t know what else to recommend
Literally just read Brave sucks above lol
I ditched reddit, and what’s being described in this thread is largely part if why I left. I won’t go back.
Lol brave sucks
Literally the kind of elitist response the OP was lambasting.
No, noobs need to be told what sucks and what doesn’t.
… so what doesn’t? Just saying <thing> sucks without saying why or providing a valid alternative is not helping anyone. Rather say something like
“Brave has done some shady things in the past and is based on chromium which is currently doing its best to kneecap adblockers and other privacy tools. If you want a good private browser, you might want to use librewolf instead”.
Okay, I’ll have a go, since you’re a noob with people and how they actually learn and behave: Your advice sucks.
What advice
It does, but it’s a step in the right direction.
I’m as guilty as anyone for allowing pursuit of perfection be the enemy of good.
How is allowing crypto mining in your browser or hijacking affiliate links good for privacy?
Brave has a built-in adblocker and is not Chrome. If a user is able to make the switch to Brave, they might find it easier when they try to switch to something better like Librewolf or Firefox.
Why would switching browsers twice make it any easier?
Because once you learn how to switch browsers once, you already know what the process of changing browsers looks like and what to expect, removing the barriers if you switch again.
It’s like switching from Windows to Ubuntu. Sure, Ubuntu is not perfect, but by installing Ubuntu, you have already learned the process of installing a linux distro and what to expect if you decide to install a different one.
Except brave doesn’t teach them how to block ads or mine crypto so I still fail to see how if they were to switch to brave it would make their switch to a sane browser less painful. They just have to switch twice instead of once.
Wait, what’s wrong with Proton Mail?
Privacy wise? Probably nothing. The company engages in shitty behavior, though, and will try to upsell you even if you’re a paying costumer. I switched to Tuta because of that, and then Tuta started doing all the same bs…
They gave meta information like IP to the government in Switzerland, where they are based, after the government forced them to with a court order. Not the encrypted mail, mind you, because they can’t do that, just the additional information they have on a user like email and IP.
Because of that, a lot of redditers on r/privacy think they spy on their users for the US government. It’s a stretch, yes, but you have to remember they take turns using the one brain they collectively have.
I guess the issue here is overselling the safety of the service. Wouldn’t rely on them encrypting the mail for you, for example. It’s probably fine if you treat it just like you would any other email service - assuming you’re fine with being unable to use a mail client at all on the free plan and using it in a weird roundabout way on the paid plans.
the issue is that they can’t defy the law without shutting down and going into jail. proton has given the tool the activist would have needed to protect themselves: the service has an official onion site, which would have made IP collection impossible, and they could have just said they can’t know it
Yes, that was exactly my point. You would not treat any mail service like they would cover you during your unprotected use, and Proton is not an exception. So I don’t understand why people are taking issue with them cooperating with LE - but I take issue with some other qualities.
So I don’t understand why people are taking issue with them cooperating with LE
some believe they (proton) are invincible and can do whatever they want. maybe because they think that’s what swiss privacy and swiss laws mean
Not the encrypted mail, mind you, because they can’t do that
Just want to point out for anyone new that ProtonMail does not use E2EE for email headers. That means they CAN access your subject lines, to/from fields, and other email headers. That means they CAN be forced to hand it over to the government.
Source: https://proton.me/support/proton-mail-encryption-explained
Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.
Personally I am disappointed in a lot of Proton’s wording about this. They frequently promise they can’t access “your data” and “your messages” when they do, in fact, store potentially sensitive data in a format they CAN access.
A bit more context is important here. They aren’t E2EE, but they are stored encrypted. In the case of the person whose meta information was turned over, ProtonMail wasn’t forced to hand over the information right away, they were forced to collect it the next time that person accessed and used their email. That tells us that they didn’t store the information beforehand and could not access it without preparing to intercept it the next time their service was used.
Ultimately, though, if something like that’s a dealbreaker, it’s likely you’re doing something that would benefit from a more secure way of communicating than email.
It’s email, that’s the best you can get with email, if you want to have more privacy, DON’T USE EMAIL
This is good advice, because email is very difficult to make reliably private. However, it’s not the best you can get. Tutanota, for example, stores headers with E2EE, and still has a search function.
The goal should be to make it as private as it can realistically be. Ideally, any cloud service you use should only store end-to-end encrypted data.
I’m not trying to shit on Proton — it’s a huge step up from the popular mainstream email services, and the inclusion of cloud storage makes it a much easier transition than going piecemeal with 2-5 different services.
If all they have on you is your optional backup email and your IP, I think they’re doing pretty well in the no data-collecting part?
Well, you don’t even need to provide an email or phone number when you sign up, so if you access the site via their onion address every time, they would have no information on you at all.
Yeah I agree, sounds a bit excessive. If that’s correct, it doesn’t sound like they’re reading your data and at the end of the day they have to comply with things like warrants. Thanks for the clarification.
It is all also very clearly stated in the information they must collect in order to provide their service. There should’ve been no surprises here, as you must assume that scenarios like these will happen eventually.
I don’t think OP was trying to say Proton Mail is bad or insecure. Rather the opposite.
It’s proprietary.
I would also like to know, lol.
I like how the original OP mention in passing that Reddit is bad for privacy.
Like, no shit? How can a privacy community be even remotedly healthy in such an environment?
It’s like having a club for how to avoid the police within a prison, regulated by the guards.
OP is the original OP. Probably. Reddit poster’s name is the same as the Lemmy poster’s name.
If you only talk about privacy on already private platforms, it will become a circlejerk in no time. You need to tell people who have no interest/experience in online privacy about it so you can further the cause. This is similar to why the FSF is on Twitter/X.
I guess having something in there is good but it’s inherently an issue when the topic at hand is acting outside survelliance.
Let’s say, for example, things escalate and reddit get fully weaponized for the benefit of one side, and they start pushing for known compromised VPNs. How can you fight that if pepole got into the habit of trusting such platform?
You tell them Reddit is not trustworthy and they should move out, of course. I am not denying that. I am saying the r/privacy community should not be dead because Reddit is a popular platform whether you like it or not, and people need to be informed about their right to privacy even on a known hostile platform.
We can agree to agree.
While I hate Reddit isn’t the fediverse basically horrible for privacy? It’s super easy to see everyone’s posts and IP addresses no? I thought anyone could basically download everything with very little effort and do whatever they want with it.
Yea, that is a good thing, nobody owns the info like this, it is public domain, as a place like this should be, in my opinion.
If you want private communities, I think matrix spaces are a great independent solution.
Yep. Still going in a better direction than Reddit though.
better direction for what?
Reddit was open source until 2017, and one of the founders was Aaron Schwartz. So it didn’t look like that for a long time.
I guess we all know it, since we are interested in Privacy and not clueless enough to be on Reddit (anymore?).
The degeneration from a “safe” place to what it is now is what makes it particoularly egregious a place to avoid for anybody serious about privacy…
2017 was 7 year ago, Aaron died 11 years ago. There are a lot younger users who can’t remember these things.
Let’s see a 20 years old university student was 13 when the source was closed down, I think it’s not easy to find a 13 years old who is familiar with such legal things.
Reddit basically has a completely new userbase. It’s not only by age of user. I don’t think people have really appreciated the rate of attrition has been near total. The old userbase of tech savvy STEM college degree holders have effectively abandoned the platform.
They’ve managed to sell the platform on a whole new set of users. So it looks like the site has kept on plugging along. But really reddit has successfully relaunched itself. Based on the idiosyncratic lingo I see most often. The bulk of users came from Facebook. They don’t know the traditional redditisms so they use vernacular from the platforms they’ve migrated from.
in 2017 my biggest concerns were that whether i can play PS3 with broken hand or not (i could)
No but it’s much easier to find the 20 years old student interested in privacy that realyze right now that reddit is not open source…
Browsing reddit while using a VPN is verboten.
Good grief I despise that smug, winking snoo with a effing fedora that goes along with the error page.
I could’ve written a Tailscale App Connector to route it through the home connection, but I ended up blocking their domains outright and writing some CSS rules to hide Reddit from SearXNG results. It’s better than that annoying page.
wut? I do it all the time (for niche stuff Lemmy’s not there yet with).
woah there pardner!
Better than me getting shadow banned from reddit for using one, I appealed back then
first time? I was banned from reddit entirely 8 times
Were you banned or shadow banned?
I was only shadow banned once, however never banned normally.
yeah, seems like they really don’t want site visits or something! oh well, its cooler here.
Untraceable visitors are worth nothing. From a cynical point of view, better off without them.
A lot of reddit’s most popular content is stuff like TrueOffMyChest from throwaway accounts. Robust privacy protection would result in more of those posts, and more traffic overall, but reddit doesn’t care about making the site work, they’ve dedicated themselves to milking the individual users for all they’re worth. It’s a bit like killing the goose that lays the golden eggs. Because look, now we’re all here, generating content on a competing platform