It really depends on each person’s threat model. But there are a few things everyone would benefit from. Like VPN, email aliasing, password manager, 2FA/MFA. They don’t have any convenience cost and in most cases make your life easier.

If you are interested in learning more:

• https://www.privacyguides.org
• https://thenewoil.org/en/guides/prologue/
• https://freedom.press/training/
• https://anonymousplanet.org/guide.html

If you read the blog post you would know there are 0 mentions of VPNs there. VPNs have very limited purpose, and it’s just a small tool in the arsenal of privacy.

RCS doesn’t support encryption natively. Google only has proprietary encryption for Messages app.

How about the false positives? You want your name permanently associated with child porn because someone fucked up and ruined your life? https://www.eff.org/deeplinks/2022/08/googles-scans-private-photos-led-false-accusations-child-abuse

The whole system is so flawed that it has like 20-25% success rate.

Or how about this system being adopted for anything else? Guns? Abortion? LGBT related issues? Once something gets implemented, it’s there forever and expansion is inevitable. And each subsequent government will use it for their personal agenda.

They offer integrated aliases via Proton Pass now.

Good point, but I didn’t think of it that way just because, I saw things and read stuff that made me suspect it…

There is “speculation” spread about every single “privacy” focused service for exactly that reason. If you don’t trust them, you are not using them. I’m not saying don’t be suspicious, but also look at facts that make it unlikely of it being a honeypot.

But they did, and it worked for them before, and it’ll always work unless no one start using that service, so there’s no point in keeping servers operational… time for a rebrand. plus they’re getting paid.

Right, but there are plenty of easier services to target that provide more sensitive information. If you are a honeypot, you have to be profitable and expand your services or people will move somewhere else. That all takes time and work. Buying other services like SimpleLogin or Standard Notes and integrating their staff into your scheme would be unnecessary complication.

having it outside 14 eyes countries would be the most stupid decision the government could make.

It’s not a story. So called 5 eyes, 9 eyes and 14 eyes refers to country agreements to share intelligence and make cooperation instant instead of having to go through proper channels that take time. I’m sure there are many conspiracy theories about specific things that might not be true, but there is no dispute that these agreements exist.

Government run honeypots are usually facilitated by federal agencies, INTERPOL, or EUROPOL, and if they want to run something in a country where they are not welcome it has to be court approved. Hence, it being run in 14 eyes countries, make it easy. Switzerland on the other hand not only requires everything to be approved by their courts, but also require using their specific privacy laws when making determination, which are the strongest in the world.

You only need to look at previous known honeypots to see where they originate and what they target.

You thinking it’s a honeypot is a win for the government. All they need to do is spread some propaganda instead of actually bothering to run a service that is hard to keep alive. And if they were to run a honeypot, having it outside 14 eyes countries would be the most stupid decision the government could make.

No company executive will go to jail for you. Give any company a court signed order and they will comply. Hence, the companies that orient around privacy limit the data they retain so that when they get a court order, they have nothing to give. Email is flawed by design, so some metadata always has to be stored for it to be functional.

You are absolutely right about metadata, but as far as protests, just having encryption is enough to prevent anyone from accessing the data. Extracting metadata from 3rd party companies or extracting a phone requires a lot more resources than cops can spare.

So they region locked it from US, but it can still be pre-installed as a system app from AOSP. And it’s available in EU, while was meant to be in Kenya only.

https://github.com/M66B/NetGuard
https://netguard.me

In 2020 Google claimed it was supposed to be limited to a single region in partnership with a single carrier. And was never meant to be put up on Play Store.

A spokesperson from Google reached out to clarify some details about the Device Lock Controller app. To start with, Google says they launched this app in collaboration with a Kenyan carrier called Safaricom.

Google has confirmed that the Device Lock Controller app should not be listed on the Google Play Store for users in the U.S., and they will work to take down the listing.

Source: https://www.xda-developers.com/google-device-lock-controller-banks-payments/

Of course, it was a lie since it’s still on Play Store an of today and in use.

I know they recently published the code for their clients, so that’s a plus. But I can’t find any independent audits for their architecture or clients.

While all mentioned options does have independent audits done.

In a vacuum, maybe. But there is a difference between adding new features to a paid plan and removing features from a free plan.

But I also feel that any random kid shouldn’t be able to just go to these sites and see porn freely.

So they will just go to another site that doesn’t have age verification and doesn’t implement any security measures instead. Big sites are required to age check people before they are allowed to upload anything, that is not the case for most of the internet.

All age verification does is aggregate personal information and make it easy target for bad actors to steal. Instead of needing to go thought 100 sites, now that information & identities will be tied to a single database.

It’s also a slippery slope, since the same adult content is available not just on dedicated adult sites, but mainstream social media. Lemmy, Mastodon, Twitter, TikTok, Twitch (just recently wanted to allow nudity). Do you really want to have your identity tied to your online activity?

That’s the goal of end-to-end encryption. To make it impossible to scan. With E2EE company doesn’t have the decryption key, so there is no legible content to scan.

P.S. It’s still possible to collect metadata like when or who the message was sent, which is why services like WhatsApp which have E2EE are not recommended, but the content is safe.

the fact that it is mostly noticable on E2EE apps is only a side-effect of blanket surveilance, and not the main issue with the proposition.

Isn’t it though? We moved past the non encryption communication being safe a long time ago. And just because they will phase the old law, it doesn’t remove the ability of companies to still scan the messages or cops to request that data from those companies. Those companies still have access to the server and your encryption key where your messages are stored. E2EE on the other hand makes it technically impossible even if they want to do that or court orders them to do that.

Facebook says they plan to roll out full E2EE by 2024.

The new law would have required breaking end-to-end encryption (E2EE) as the companies would be required to scan messages. CSAM is just the pretext they use to compromise all communication. Same as “think of the children” is used to steal other rights.

More likely they were forced to change course due to public lobbying allegations and “expert” list comprised of big tech and cops being exposed.

It’s not a direct democracy, but elected democracy is still democracy.

DNS blocking doesn’t affect speed, but anything that blocks elements inside a page or a script running in the background does. But it shouldn’t really be noticeable from the internet perspective.

https://archive.ph/6Fejl

Edit: Never mind, I thought you meant the link, not the forum.

Exposed is the latest one.

https://www.bleepingcomputer.com/news/security/new-hacking-forum-leaks-data-of-478-000-raidforums-members/

One key part you missed was that she got used phone, so the IMEI is not tied to her identity. It’s far from perfect execution, but for the stated goal of not being able to be identified by the phone number, it’s adequate.

NextDNS is great.

Signal messenger offers an ability to share location in real time. https://www.gearrice.com/update/how-to-share-your-location-in-real-time-by-signal-send-to-your-contacts/

There is also TICE.

If you prefer to have control instead of sharing the location, built-in parental controls on Android or iOS should cover most use cases.

DMA will only affect Whatsapp and Facebook Messenger from messengers, Apple’s iMessage manage to be excuded as they don’t have 45 million active users (10% of EU population).

Edit: I said Google Messenger when I meant Facebook.

Signal fits all of your criteria.

• Has E2EE by default
• Has most generic UI possbile that just works
• Has a bunch of users
• Has clients for Android, iOS, Windows, macOS, Linux
• Has flashy features like stickers and stories
• Run by a non profit foundation instead of a single developer or for profit corporation

They don’t pretent to be googlebot, they use their own crawler they just don’t share the name they use for it, so sites can’t exclude it with robots.txt. They just scrape the same sites that googlebot does, so if the site is excluded by googlebot they also skip it.

Brave Search fully using their own index since April 27, 2023. But they refuse to identify their crawler and rely on googlebot if sites want to be excluded. Also their search API monetization of possible copyrighted content while understandable is a bit doubious due to their public stance on transparency.

StartPage also blocks VPN usage.

DuckDuckGo by their own admission now re-rank “trusted” sites to the top when it comes to what they clasify as"misinformation" so calling their “censorship” mild is huge understatement.

GDPR has either up to € or %.

I think it’s the first law that companies will take seriously as it has % penalty instead of traditional “part of doing business” fine.

https://www.dictionary.com/browse/independent

Also it’s clearly states at the bottom of the site BrowserWorks, an independent company. Company No. 14843353.
You can look up it in the government database https://find-and-update.company-information.service.gov.uk/company/14843353

FAQ is probably just outdated.

They recently became independent again https://www.waterfox.net/blog/2023/07/03/a-new-chapter-for-waterfox

Also the service is 18+. Most likely to avoid stricter data protection around children data.

Source: https://www.beeper.com/terms

Brave is great out of the box experience with a lot of privacy toggles enabled by default. Firefox can be hardened a bit more, but it requires more of a user input. Both are great options, so it mostly comes down to which engine you prefer, Blink or Gecko.

Some people also choose to use Firefox for a simple reason if it not based on Chromium to avoid monopolization.