A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 3.12K Posts
- 78.1K Comments
- Modlog
The “little steps” idea, though helpful in other places, doesn’t really apply under surveillance capitalism. If one company gets some small bit of info about you they will sell that data to everyone else, and the government has access to those data as well. Being a little safer sometimes doesn’t do much. You really have to go all the way or don’t bother
Then don’t use internet at all, all the way. And how you can live also IRL ?
Whats the step, fake death, live on island
“Welcome to Reddit! A community where you can determine what the mood and biases of the mod(s) are so you can safely post without getting banned or comments deleted.”
Unsurprising behavior from a community where the coolest person is the one who can put on the biggest tin foil hat. I appreciate the privacy community here but I think the concept itself leads to users decrying anything as insecure just because it makes them feel more knowledgeable.
proton is literally cia. they are modern cryptoAG
That’s a bold claim, I’m gonna need a proper source to believe you
[citation needed]
I’m not saying that it’s BS. I’m asking as someone who’s on the brink of dropping 300€ on a year of “proton family”. I’d like more than an unsubstantiated “they’re crap” claim before making my decision.
I literally only started hearing people say its a honeypot after that one cat pfp youtuber was reviewing its onion services when proton released it, which used https for the onion domain, which he said “is the same thing honeypots do” or whatever
I’m kind of interested on this as well. I started using proton a few months ago when my ISP stopped supporting mailservers on consumer contracts.
Should I find something else?
nah proton is perfectly fine
Only reason I’d recommend signal to anyone is that its one of the few encrypted apps that doesnt have awful onboarding. A boomer can figure it out.
What do you recommend?
If Signal was not simple, my family and friends would likely use Telegram or WhatsApp. Even switching to Signal required a number of (general) newspaper articles criticising the status quo. It’s likely not optimal, but okayish and sharing opinions and holiday impressions feels a bit better.
Switching a service is a slow, difficult process and many contacts will not follow, given they would abandon other contacts among friends, family, parents at school, sports teams, … (now, I’m here, using 4+ solutions).
If training or even curiosity for the technical process is required, very few people will follow. If it takes me (with strong IT background) more than 30 minutes to understand/implement, I may have a decent private solution, but I will feel quite lonely soon.
the other decent options are matrix and simplex chat, and mayyyybe session. matrix seems to have the most users and kick to it right now. out of those options. but yeah youre not gonna get the average tech illiterate person to get on a more complicated alternative to discord, essentially
I also got DMs asking why it’s removed or if I got banned, + someone asking and saying in topic it’s the 3rd in short time.
i can agree on a few stuff, and can’t on some others. I just choose the most private options aviable that still serve the purpose i use them for. Like if you can find something on Google Play, Aurora, F-droid, obviously, it is better to download from f-droid, but if you have a bit more time, it is even better to download from source or even compile it yourself. But it always upsets me when people ask for privacy tips when using ios or windows, like are you joking or what? ditch those lol. And obviously, as a gamer, i wouldn’t use purist linux oses, like PureOS, because it can have serious issues with games. But i won’t buy nvidia if i want to game on linux, when i can get amd with open-source drivers on distros like Garuda. So i think a reasonable privacy can’t hurt anyone, but moving on just the next little step or going into the extremes are both not good ideas
I can’t recommend downloading from sources to normal people, and the problem is no, one step after step is better, as you can’t have a perfect solution for privacy btw, but moving from one service to one service lets say in one day, week or maybe even month is not realistic. Its like recommending a password manager, great, but then saying theres immediat need to change all password… Like, technically true, but realisticly, bank and mail firsts, then step by step some passwords, without forgeting new accounts should have now strong passwords.
As I said, ie my girlfriend knowing Im interested into privacy tell me that she just installed and created a protonmail account and she used Drive a bit, if I just say thats useless because there need compartimentalization and Proton gave IP to police, thats fckd up
The most private, the most secure option isn’t for everyone, first to threat model, second to personnal daily life
A person interested can still have Gafam apps, for some needs, required, but can limit the settings.
If you are a gamer, you mostly still need Windows computer (Linux got better and better, depends on games tho), then you can choose to say fck, or you can use it with limiting the stuff you can (turning off maximum settings you can, OsU10, etc.). Thats the same with iOS… Most people wont buy right now a new phone because of privacy, but maybe the next in few months or in 2 years ; doesnt mean during this period you can’t choose apps to use, turning off iOS features, etc…
For some projects I needed TikTok, I wrote myself a guide, to use it as anonymous as possible, to TikTok and to people, instead of using it raw, defaults
It is always risky to do stuff raw…
for gaming, i will buy very capable hardware. ryzen 7 7th or ryzen 9 7th series cpu, 32gb 6000mhz ddr5 ram, 3000mb/s SSDs, rx 7800 xt. On proton db, these devices tend to have good scores. Also i don’t play with ANY competitive games at all, so don’t have to worry about anticheat. I should be fine then, right? Without dualbooting, that complicates things to an unnecessary degree
We love lemmy ❤️
The real privacy nerds: paying for a service? Leaving a paper trail? Learn how to pwn grandma computers and push all your internet through that. /s
My guess is, the people who care didn’t stick around. As s result, quality went down.
Not like the communities here are any different …
I’ve gotten downvote bombed for suggesting Brave as a Chrome replacement since they have Ublock filters built in. Sure you need to disable a few settings after a fresh install, but at least they let you. Idgaf about what their ceo did 15 yeard ago etc. – I’m not giving them money, I’m using a product which is familiar with what I used before, and has good ad blocking built in.
@red @tobogganablaze https://brave.com/blog/intro-to-brave-ads/ The ad blocker is there to give them the opportunity to pitch their own ad network.
And can be happily ignored. I’ve seen that thing just twice, once on my desktop and once on Android.
And it’s opt in, not opt out.
My point still stands: it’s a good drop in replacement for Google Chrome.
It’s not the best, but it’s better than staying with Google - a lot of people want a familiar hassle free replacement, and in that regard I don’t know what else to recommend
Literally just read Brave sucks above lol
I ditched reddit, and what’s being described in this thread is largely part if why I left. I won’t go back.
Lol brave sucks
Literally the kind of elitist response the OP was lambasting.
No, noobs need to be told what sucks and what doesn’t.
… so what doesn’t? Just saying <thing> sucks without saying why or providing a valid alternative is not helping anyone. Rather say something like
“Brave has done some shady things in the past and is based on chromium which is currently doing its best to kneecap adblockers and other privacy tools. If you want a good private browser, you might want to use librewolf instead”.
Okay, I’ll have a go, since you’re a noob with people and how they actually learn and behave: Your advice sucks.
What advice
It does, but it’s a step in the right direction.
I’m as guilty as anyone for allowing pursuit of perfection be the enemy of good.
How is allowing crypto mining in your browser or hijacking affiliate links good for privacy?
Brave has a built-in adblocker and is not Chrome. If a user is able to make the switch to Brave, they might find it easier when they try to switch to something better like Librewolf or Firefox.
Why would switching browsers twice make it any easier?
Because once you learn how to switch browsers once, you already know what the process of changing browsers looks like and what to expect, removing the barriers if you switch again.
It’s like switching from Windows to Ubuntu. Sure, Ubuntu is not perfect, but by installing Ubuntu, you have already learned the process of installing a linux distro and what to expect if you decide to install a different one.
Except brave doesn’t teach them how to block ads or mine crypto so I still fail to see how if they were to switch to brave it would make their switch to a sane browser less painful. They just have to switch twice instead of once.
By having a browser that behaves 99% like the one they used for years before. Not everyone wants to spend time learning new tools and how said tools work, if a similar better tool exists, and is switched to, that’s alredy better than sticking with Ghrome
Wait, what’s wrong with Proton Mail?
Privacy wise? Probably nothing. The company engages in shitty behavior, though, and will try to upsell you even if you’re a paying costumer. I switched to Tuta because of that, and then Tuta started doing all the same bs…
They gave meta information like IP to the government in Switzerland, where they are based, after the government forced them to with a court order. Not the encrypted mail, mind you, because they can’t do that, just the additional information they have on a user like email and IP.
Because of that, a lot of redditers on r/privacy think they spy on their users for the US government. It’s a stretch, yes, but you have to remember they take turns using the one brain they collectively have.
But… basically every email provider or hosting service is legally obliged to give the information they collect to the government. It’s not like this is exclusive to Proton in any way whatsoever. If anything, subpoenas are evidence Proton tell the truth and do at least stop themselves from having most of the important data so they can’t give it away.
I guess the issue here is overselling the safety of the service. Wouldn’t rely on them encrypting the mail for you, for example. It’s probably fine if you treat it just like you would any other email service - assuming you’re fine with being unable to use a mail client at all on the free plan and using it in a weird roundabout way on the paid plans.
the issue is that they can’t defy the law without shutting down and going into jail. proton has given the tool the activist would have needed to protect themselves: the service has an official onion site, which would have made IP collection impossible, and they could have just said they can’t know it
Yes, that was exactly my point. You would not treat any mail service like they would cover you during your unprotected use, and Proton is not an exception. So I don’t understand why people are taking issue with them cooperating with LE - but I take issue with some other qualities.
some believe they (proton) are invincible and can do whatever they want. maybe because they think that’s what swiss privacy and swiss laws mean
Just want to point out for anyone new that ProtonMail does not use E2EE for email headers. That means they CAN access your subject lines, to/from fields, and other email headers. That means they CAN be forced to hand it over to the government.
Source: https://proton.me/support/proton-mail-encryption-explained
Personally I am disappointed in a lot of Proton’s wording about this. They frequently promise they can’t access “your data” and “your messages” when they do, in fact, store potentially sensitive data in a format they CAN access.
A bit more context is important here. They aren’t E2EE, but they are stored encrypted. In the case of the person whose meta information was turned over, ProtonMail wasn’t forced to hand over the information right away, they were forced to collect it the next time that person accessed and used their email. That tells us that they didn’t store the information beforehand and could not access it without preparing to intercept it the next time their service was used.
Ultimately, though, if something like that’s a dealbreaker, it’s likely you’re doing something that would benefit from a more secure way of communicating than email.
It’s email, that’s the best you can get with email, if you want to have more privacy, DON’T USE EMAIL
This is good advice, because email is very difficult to make reliably private. However, it’s not the best you can get. Tutanota, for example, stores headers with E2EE, and still has a search function.
The goal should be to make it as private as it can realistically be. Ideally, any cloud service you use should only store end-to-end encrypted data.
I’m not trying to shit on Proton — it’s a huge step up from the popular mainstream email services, and the inclusion of cloud storage makes it a much easier transition than going piecemeal with 2-5 different services.
If all they have on you is your optional backup email and your IP, I think they’re doing pretty well in the no data-collecting part?
Well, you don’t even need to provide an email or phone number when you sign up, so if you access the site via their onion address every time, they would have no information on you at all.
Yeah I agree, sounds a bit excessive. If that’s correct, it doesn’t sound like they’re reading your data and at the end of the day they have to comply with things like warrants. Thanks for the clarification.
It is all also very clearly stated in the information they must collect in order to provide their service. There should’ve been no surprises here, as you must assume that scenarios like these will happen eventually.
I don’t think OP was trying to say Proton Mail is bad or insecure. Rather the opposite.
It’s proprietary.
I would also like to know, lol.