I don’t think you can expect any VPN to work without sign-in for very long. Google’s playing whack-a-mole with VPNs.

I’ve never actually tried signing in with yt-dlp. How easy is it to make a throwaway google account nowadays? Do they require phone verification or something similarly onerous?

This is network-specific. It’s been going on for a few months at least. yt-dlp itself still works without sign-in, if your network is not “suspicious”.

Always worth making sure you’re updated to the latest version of yt-dlp, but this is probably a network thing.

A paper-only journal would defend against the state, but not against people you live with. A digital journal can be encrypted, but an intelligence agency could potentially gain access

A digital journal doesn’t need to be any more government-accessible than a paper journal.

Depending on your threat model, this could require special hardware, special software, or both. In order of ease of setup, I would suggest:

• Keep all your data on your own physical media. No cloud services, period.

• Keep it encrypted.

• Disable network connectivity at every level that you possibly can, such as:

  • OS level: disabling wi-fi, disable blutooth, and disable networking entirely.

  • Firmware/BIOS level: If you BIOS has options to disable networking components (especially wireless ones), do that.

  • Hardware level: If your laptop has a switch to disable wi-fi, use it. If ethernet, unplug the cable. Etc.

  • Physical level: Remove any removable wireless cards or antennas.

  • Wallet level: buy a computer than never had wi-fi or bluetooth in the first place. This could mean a retro computer, or could mean using a micro-pc like some models of Raspberry Pi.

Neither of those can stream video in real time AFAIK. They will back up the video file on some unpredictable schedule after you’re done recording. So not ideal for a situation where your phone might be seized or destroyed.

But if that works for you, there are lots of open-source options that work similarly. SyncThing can sync to any server, and all you’d need to do is make sure your sync destination is network-accessible somehow (VPN, internet-facing server, whatever). Lots of cloud drive apps can auto-upload photos and videos, and some of those are open-source.

A better off-the-shelf proprietary workflow might be a Zoom call with cloud recording enabled. Then you’d be protected against a sudden (and perhaps permanent) loss of network connectivity.

Defaults matter. Every time you open a private browsing window, that’s what you’re going to get. Every time you use LibreWolf or Firefox Focus or any other browser that disables/clears cookies by default (which is a good practice), that’s what you’re going to get.

I don’t want anything I search for going into OpenAI. Ever. I’d feel fine about this if they hosted their own models.

Generally true. You would want to use DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH) to be sure your DNS queries are encrypted in transit.

Apple has three realistic options:

1. Submit to the UK’s demands and grant them a backdoor to encrypted backups.
2. Disable encrypted backups in the UK.
3. Leave the UK market entirely.

They went with #2, which is probably the least user-hostile option available.

From 1500GMT on Friday, any Apple user in the UK attempting to turn it on has been met with an error message.

Existing users’ access will be disabled at a later date.

I am very interested in seeing what the UX around this will be. Ideally, they should give users direct notice well in advance, so they have time to plan a migration or mitigation. Of course, Apple makes it basically impossible to perform a full backup through any mechanism except iCloud, so…one more example of how vendor lock-in is inherently a security and privacy risk.

I’m not (currently) in a position where others would find it desirable to do so. Potentially in the future?

It’s hard to imagine a scenario where this would happen and your voice would not otherwise be available. For example, if you went into politics, then you’d be a target, but you’d already be speaking in public all the time. It only takes a few seconds of a voice sample to do this nowadays and it’ll only get easier from here.

Maybe just make a point to educate your family and friends on the risk of voice cloning so they don’t fall for phone scams.

I’ve noticed that Google is getting more and more aggressive with VPNs. It won’t let me load anything on VPN without logging in. This applies to third-party tools like yt-dlp too.

This probably depends on your VPN provider. Perhaps I can make a throwaway google account just to get it to stfu? I don’t know how hard it is to make a semi-anonymous Google account nowadays.

Another issue with Google Play is that there’s nothing stopping the developer from pushing out an update that doesn’t match the published source. It isn’t tied to GitHub or anything.

Developers with apps on Google Play are frequently targeted with buyout requests from scammers looking to get malware to an existing user base. Or even if it’s not explicitly malware, it could be closed-source.

For example, the “Simple Mobile Tools” app developer sold their apps a year or two ago. Now they have ads, in-app purchases, and god knows what else. If you had installed them from Google Play, you would have received these updates automatically. Those new versions don’t exist on f-droid, naturally. Anyone who was using them should really uninstall them and install the “Fossify” forks from f-droid.

Every developer ID publishing on Google Play is potentially for sale. There are no real safeguards against this, and you might never know. At least with F-Droid it’s verified as open source and malicious (or just plain crappy) updates can be identified and dealt with, either by f-droid maintainers or by end users.

Typo in your link (but not in the text). https://searx.space

8 is also a lucky number in Chinese culture. I’ve seen a lot of "88"s in Chinese social media just because of that.

It always sucks when shitbags co-opt innocent symbols and language.

Ridiculous.

He specifically started talking about American party politics, unprompted, making sweeping statements about both Democrats and Republicans. NOW he wants to blame us for…being concerned with his views on American party politics? Dude. Get real.

Saying stupid shit now and then is forgivable, but not if you take it in as the new nucleus of your public image. Why do so many public figures have this compulsion to double down combatively?

And it wouldn’t affect your ability to download torrents if you don’t have port forwarding on VPN, just your ability to upload

This isn’t quite true. Two peers who both lack port forwarding will not be able to connect to each other at all. Once a connection is established between two peers, both uploading and downloading should work just fine.

A significant portion of swarms are users like that, who can initiate connections but cannot receive incoming connections. This is especially problematic with smaller torrents. If you’re working with well-supported torrents with dedicated seeders and thousands of users, then it won’t really matter. But if you need something with just a couple seeders, you might find yourself stuck with zero accessible peers.

Looks like they deleted it. @HiddenLayer555@lemmy.ml posted these archive links above:

https://web.archive.org/web/20250115165213/https://mastodon.social/@protonprivacy/113833073219145503

https://archive.is/lBQd8

FYI, Nord no longer allows port forwarding as of a couple years ago. Proton is one of the few providers who still have that feature.

Compare:

https://support.nordvpn.com/hc/en-us/articles/19483392309649-Does-NordVPN-offer-port-forwarding

https://protonvpn.com/support/port-forwarding

Link to Mastodon thread: https://mastodon.social/@protonprivacy/113833073219145503

Tuta.com is similar to Proton Mail + Calendar.

• Location: Germany

• Governance: Private GmbH (German corporation, similar to an American LLC)

• Integrity/trustworthiness/transparency: Better than Proton IMHO. All their apps are open source and available on F-Droid. They encrypt email headers (unlike Proton, who are weaselly about this in their marketing materials).

• User Experience: Ehhhh…6? I’m not in the best position to compare because I do not have a premium plan, so I am not able to examine features like inbox rules/filters. Much like Proton, it doesn’t support full-text email search unless you have it cache your entire mailbox locally (either via the web site or app). They do not support POP or IMAP, but do offer their own desktop and mobile apps.

• Pricing: €3/month for 20GB, €8/month for 500GB. https://tuta.com/pricing

As far as I can see #ollama and #lmstudio do not provide privacy statements.

That’s because they are not online services (which is a good thing!). Online services like ChatGPT and desktop applications like LM Studio are not in the same product category.

LM Studio is more akin to, say, VLC or Notepad++ (which also do not have privacy policies). These are desktop applications that have some limited network functions (like autoupdates).

That said, LM Studio does offer details of which features require internet access and which are fully offline here: https://lmstudio.ai/docs/offline . In short: everything important is offline. It has built-in search features so you can find and download models from Huggingface, and it also has an autoupdate feature to find and download new versions. You could run it on an airgapped system (or more likely, set it up in a container/VM without network access), and simply load in model files manually if you prefer.

Personally I recommend LM Studio, because it’s super easy to set up and use but still quite powerful.

This will have no effect on torrenting or other P2P protocols. Your IP address will still be out there.

I’ve never heard of DMCA warnings based on DNS requests. That doesn’t really make sense.

This is good advice, because email is very difficult to make reliably private. However, it’s not the best you can get. Tutanota, for example, stores headers with E2EE, and still has a search function.

The goal should be to make it as private as it can realistically be. Ideally, any cloud service you use should only store end-to-end encrypted data.

I’m not trying to shit on Proton — it’s a huge step up from the popular mainstream email services, and the inclusion of cloud storage makes it a much easier transition than going piecemeal with 2-5 different services.

Not the encrypted mail, mind you, because they can’t do that

Just want to point out for anyone new that ProtonMail does not use E2EE for email headers. That means they CAN access your subject lines, to/from fields, and other email headers. That means they CAN be forced to hand it over to the government.

Source: https://proton.me/support/proton-mail-encryption-explained

Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.

Personally I am disappointed in a lot of Proton’s wording about this. They frequently promise they can’t access “your data” and “your messages” when they do, in fact, store potentially sensitive data in a format they CAN access.

Using an ad-blocking DNS server solves most of those problems.

You should still use a browser extension on top of that for pattern-based URL blocking, but a DNS-based blocker should be your first line of defense.

A good ad-blocker goes a long way. You can block all Google domains with minimal impact to non-Google services.

It’s incredibly annoying, but it gets easier over time as you fill out you whitelist.

One of the big advantages to something like NoScript is that it lets you enable scripts only from certain domains. So you can enable the functionally-required scripts while still blocking other scripts.

But yes, it’s a giant pain in the ass. It’s absurd that the web has devolved into such a state.