He’s outspoken and the youtube algo seems to be pushing his content to everyone now. He used to be focused on Right To Repair, but has since branched out to privacy and FOSS
He’s not particularly “bro”-y, but with the direction his rhetoric is headed, I wouldn’t be surprised if we see him making guest appearances in the conspiracy corner of the grift-o-sphere
references sexual assault when talking about the behavior of software vendors with their customers
Yeah, that kinda pushed me away too. I get it, it’s an apt comparison for people who feel entitled to completely invade your privacy and do whatever they want inside your home, and it grabs the attention of the people who have just accepted no privacy as the norm… But it still makes me really uncomfortable
I’ll give you the most extreme solutions I can think of, and let you decide how much of each you want to enact.
First and foremost: use a secure and privacy friendly OS—Qubes on a burner pc or GrapheneOS on a burner phone—with secure and privacy-friendly networking—use DNS-over-HTTPS, or self-host as much of the infrastructure as you can, consider a VPN, keep the device on an isolated VLAN—use a secure/private web browser like LibreWolf.
General rules of online interaction apply for maintaining privacy within the servers: e.g. don’t talk specifics about your location, your age, your physical appearance, your childhood, your employer, etc.
As with most modern apps, the web app is necessarily less intrusive than the installable binary. Use the web app when you can, and limit your usage to only when you can use the web app on a computer and network you own—privacy enforcing habits are more important than all the software stopgaps in the world.
If you absolutely must use a binary, consider breaking Discord’s TOS and using a modified front-end: I know some people who use Aliucord for Android, and I just this moment learned about GoofCord for desktop
don’t install/run any software without verifying the integrity of the developers/distributors and binaries yourself, or building from source and verifying the code
It’s better to have Discord stealing your browsing data to sell you shit than have some random github malware rootkitting your phone.
I’m seeing a few comments suggesting OpenWRT, which is what I use and love: the correct response to this level of capitalist tomfoolery should absolutely be to 1. buy hardware that supports FOSS out of the box, or 2. install FOSS firmware.
BUT: OpenWRT isn’t for everyone. Installation on supported devices is usually pretty easy, but it does require being invested in setup, maintenance, and understanding of the software. There is little built-in handholding, and most setup beyond basic functions requires reading the docs and wiki; sometimes, some functionality requires running commands directly on the device rather than the LuCI web-interface.
This kind of understanding and investment should be the end-goal of all privacy-oriented tech users. Technology is complicated, and each layer of handholding that devs add also necessarily obfuscates behind-the-scenes functionality, which runs counter to privacy and security. That being said, the barrier for entry to privacy-respecting tech shouldn’t be “a masters in CompSci,” and thus any alternative to major tech brands is still a step up from just accepting what they give you. Just be aware that your current firmware may be a stepping stone towards software freedom, instead of a stopping point.
OpenWRT is really hard to get onto routers
I bought the Nanopi R4S, and it was extremely easy to switch out their modified OpenWRT for vanilla (literally just use a command/program to install the image on an SDcard). Granted, I did have to find a solution for wifi, but even that was easy with the Belkin RT3200s and the instructions (more in-depth, but still hand-holding). I also flashed it onto a Netgear AC1200 using nmrpflash, which sounds imposing, but really just entailed installing the pre-reqs, hooking the router’s ethernet port directly to my PC’s and running the command.
I did have to do my research to arrive at my decision to buy these specific models for their compatibility with OpenWRT. If you don’t, you might end up with something that requires popping open the shell and setting up serial comms, which is a pain.
As far as I could find, out of the three Wifi6 enabled Asus models (RT-AX###) that are compatible with OpenWRT, 2 require ssh and running commands that are given in the guide; the other one, and all of the supported AC### models, seemed to work using ASUS’s built-in web-app to upload the OWRT image. I wouldn’t say any of it is easy, but I also can’t agree with “really hard.”
Another consideration is setup and maintenance. Proprietary firmware tends toward being as “click here to set and forget everything, here are the only 3 pieces of info you need to know from now on”; OpenWRT is definitely more hands on and requires a lot of RTFMing and routine maintenance.
Louis Rossman is my Alex Jones. He’s angry, compelling, and talking about something that makes him seen like a conspiracy theorist to normies. Unlike Jones, though, he’s usually right (if not always, I haven’t fact checked everything he’s ever said). It’s extremely cathartic to see someone use such extreme rhetoric to talk about privacy and software ownership and right to repair; e.g. it’s not “advertiser’s entitlement,” it’s “rapist mentality.”
Ironically, youtube’s inability to completely differentiate between people at the same IP has accidentally gotten my non-techie roommate into him too. I never shared his videos with her, never said anything about him, and one day I hear his voice as she browses the web. I’m so proud of her.
My least favorite thing about the “engagement friendly” slop in youtube’s search results is that it takes up HALF of the results. Because clearly what I expect from SEARCHING for something is to dredge up a bunch of shit that ranges from tangentially related to completely unrelated.
For example, I too just searched a song. Let’s see how that went:
7 results
4 “people also watched” videos
5 results
2 “More from [band name]” videos
2 results
3 “people also searched for” suggestions
2 results
3 “For you” vids (IS IT THE FUVKING SEARCH RESULTS I ASKED FOR??? BECAUSE IF NOT, IT’S NOT REALLY “FOR ME,” IS IT?)
2 Results
3 “From related searches”
2 results
That’s 20 results to 15 irrelevant pieces of ADHD triggering visual clutter. Luckily the results were actually relevant, unlike whatever you’re getting.
To all the commenters saying “I have X, I don’t have this problem”: I have adblock, I don’t have this problem, YOU’RE MISSING THE POINT:
YOUTUBE SEARCH IS BROKEN BY DEFAULT. The largest video sharing site on the internet is BROKEN BY DEFAULT. It shouldn’t require extra software to function properly when functioning properly requires less work on the server’s side
also want to say that this is illegal in most places. The store may or may not press charges, but they have the right to and they will win that case if they do. So only do it if you know you can get away with it or have permission or don’t mind having the stain on your legal record and whatever fine they hit you with
From Graphene’s FAQ
Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree. Device support repositories for the Android Open Source Project can simply be dropped into the source tree, with at most minor modifications within them to support GrapheneOS. In most cases, substantial work beyond that will be needed to bring the support up to the same standards. For most devices, the hardware and firmware will prevent providing a reasonably secure device, regardless of the work put into device support.
To get down to your actual reservations about privacy: when you flash a new Graphene ROM onto your phone, you’re replacing all the software down to the low level stuff. The AOSP devs, google devs, XDA devs, and graphene devs refer to it at flashing the firmware. The only google code you’re running is the Android bootloader, which goes for any smartphone.
Further, if you look into it, “Google” pixels aren’t actually manufactured by Google. This means their hardware is about as trustworthy as any other phone’s. As to why Graphene only officially supports Pixels, I do not fully understand their needs/reasoning, just that they have determined it is the best for them.
Basically my point boils down to: if you have issues with the hardware, the same should go for any smartphone. If you’re bothered by google software, you needn’t worry insofar as you trust the Graphene devs. If you consider the Pixels “tainted” by association to Google, then the same should go for Graphene and any other ROMs, since the kernel is based off of the AOSP—a google run project—and any android phone, for the same reason.
All that being said, CalyxOS supports a slightly wider variety of devices.
Most likely it works on others, you just need to spoof the agent.
I have both Mull and vanilla Firefox on Android, they use all the same headers (including User-Agent) according to DuckDuckGo’s “what’s my user agent” tool.
My guess is that the same defaults that makes Mull more private also disables either cookies or scripts that Duolingo expects to be able to use.
Too early to tell for sure, but it looks like the current theory is that it’s some combination of aggregating existing breach data and information gleaned from credential stuffing attacks.
It’s more plausible than some absurd number of websites all had the same 0-day leading to 26,000,000,000 accounts leaked. The people selling these aren’t exactly trustworthy and are just as likely to repackage old leaks to rip each other off with.
there is no such thing as a zero-trust society (although I now want to write that scifi story and tease that idea out). As such, the cost of living in a society will always be some amount of infringement of privacy beyond complete anonymity. Even you were comfortable giving your address and name to 4 other parties (under the presumption that only they would use that information), and even then how many individuals within those organizations have access to that information?
Thus privacy cannot be thought of as an all-or-nothing battle. Privacy is a compromise between total anonymity (un-people) and convenience (you can’t get public utilities to your house if they don’t know where you live). The fact is that we have the level of privacy we do right now because of a lot of resistance and hard work. If it wasn’t for all the survivalists and conspiracy theorists and paranoid software devs and whistleblowers and tech journos and anti-authoritarian content creators and anti-surveillance artists and even ordinary joes like me who just want to use online services withouth the digital equivalent of the weird kid in class who stood over your shoulder and watched everything you did (x1000), things could and would be much worse.
If you must think of it as a war, consider it to be analogous to state-vs-collective wars of history: our “opponents” are organizations that are constrained by their hierarchical nature to certain unspoken rules of engagement, and we are a guerilla collective bound only by our shared value(s). Think the Texas Revolution, Vietnam, African National Congress, Zapatistas, IRA, Black Panthers or pretty much anything the Romans did with northern European Barbarians. I won’t sit here and lie to you that the devastation that happened to these peoples and their homelands was “winning,” but I can tell you that the dominators certainly didn’t get their way either.
This is a myth that’s been addressed by the project. For starters, there are no disclosures about the amount of nodes owned by the Government/NSA/CIA/etc. You’re probably thinking how the project, in 2012, received 80% of its funding from the US Gov source.
You may make the argument of “follow the money”, or you could also make the argument that this type of tech this widely distributed benefits the government too (field agents for some agencies allegedly use Tor, as do foreign defectors) and compromising the network would lead to a potential vector to compromise their interests.
It’s also worth noting that Tor uses 3 hops (entry, relay, and exit nodes) and you can check the location/IP of your current route at any time to ensure geographic diversity. An actor would have to own all 3 to know what you were visiting and trace the traffic back to you.
What would happen if Render changes their plans and I lose access to the database? Will I still have access to the last-stored cache on my browser extension and mobile phone?
Yes, the bitwarden client will simply treat it as being offline. You should check the docs on how to migrate to a new server so you can be prepared.
And since I’m running a Rust infrastructure, would it use less of the free plan bandwidth that Render assigns?
No. Bandwidth is up to the network stack to determine, not the programming language. Generally, your app and OS will use as much as avalable unless otherwise throttled.
I just looked it up, and their “bandwidth” is not a measure of bandwidth, but a data quota. The answer is still “no” because it’s about how much data is transferred in total, which has also little to do with the language in this case. Despite the difference of some negligible amount of bytes of overhead, vaultwarden’s limited by the format the database is in. To lower data usage, try reducing how often you automatically sync the clients with your server.
I’m planning to run Vaultwarden on a free instance of render.com, and I wanted to know if this was a good idea? Has anyone over here tried this?
I have not tried this, but i am opinionated: on one hand, self-hosting will always be your most reliable and private option. However, if you have judged other pursuits a more valuable use of your time and mental energy, then it’s probably worth the $20/month (or whatever) if and when your server lands in reorganization jail.
The biggest issue would be your privacy, which almost always goes out the door when money comes into the picture.
Since someone brought up Obsidian
You want Joplin. It’s a markdown-based note-taking app, so it uses the same formatting as Discord. It’s locally installed so it works offline. It has a mobile version for iOS and android, but also has windows and linux apps. You can have multiple notebooks and multiple pages per notebook, so organization is easy as pie.
Did I mention that it uses markdown, so it exports into multiple common formats; that I’m aware of: JEX (their own) which is just a TAR of the text files and some other metadata, RAW which is the untarred version, HTML, and PDF. It also embeds images, audio, video and PDFs.
It’s also FOSS, and written in javascript using Electron, so it’s more-or-less easy to rewrite any part of it to suit your needs. It is also easy to work with plugins if need be, either from the community or writing your own.
It syncs across clients using some common cloud data stores: Dropbox, onedrive, NextCloud, WebDAV, s3, and their own self-hosted Joplin Server to name the ones I know. Make sure to encrypt. The local files (resources) that are linked in the notes sync across devices too. Web resources stay as links.
It also has a bajillion other features, but I’ll spare you.
No, I’m not getting paid for this comment (Joplin Team, hmu), I just really like this app.
The relevant gist is
- The information is usually not identifying beyond general geographic regions (at best)
- if your threat model is that strict, there are other ways you should be obfuscating your IP than relying on VPNs, ISPs, and the apps/servers you’re accessing/using.
Why are we conforming to fit the software’s needs instead of vice-versa? Fuck the devs who can’t be assed to make it work for proton at the least. This isn’t my job, I’m not being paid to use software that goes against my values. There’s tens of thousands of games out there and I’m gonna let myself get so hung up on the few hundred that don’t work that i just go back to m$?
Fuck. That. They deserve to get left behind. No piece of media is worth compronising on my values to consume.