Melody Fwygon
- 0 Posts
- 59 Comments
Unsurprisingly, Brave will try to profit from privacy seeking users…I hope their company dies a horrible financial death.
I’ve always disliked Brave for their carelessness in pursuing their business needs, adding stupid things like worthless crypto to try to buy out the advertisers and selling out their search indexing to the highest bidder.
Instead of just going the meta-search route by indexing by themselves; spreading out queries to multiple services; caching results; and just providing the results to users privately like a real company offering privacy would; they just gave up and let Bing do all of it.
They could’ve even negotiated their API usage and allowed for relevant ‘in-result list ads’ that were clearly marked as Ads without compromising the privacy of their search services to help defray costs of hitting the APIs of bigger players like Google, Yahoo or Bing and allowing advertisements relevant to queries to flow without compromising on user’s privacy or letting big advertisers know who’s searching what.
Additionally Brave has done a number of other shady things that on the surface might be advertised as helping your privacy; but really isn’t. In my opinion they should have hard-abandoned Chromium over Manifest v3 and rebased onto Firefox to keep their browser from becoming less privacy respecting overall.
I think I can explain some of the “inexplicable creepy” moments you mention here. Note that I’m not advocating for YouTube’s favor; I’m just explaining how things tend to work in general.
-
Your spreadsheet seems to contain two key words or terms that are trending in the current year/week/month/day in your area. I wouldn’t be too creeped out about this, it’s just a lucky guess; Firefox cannot access your clipboard history, nor does it allow websites to do so. Furthermore websites cannot read your clipboard unless you have them focused as the active window and you click on a text field in that web page. Once again Firefox here is protecting you and most browsers behave the same way anyways. They don’t get data about clipboard contents at all until they’re focused. CAVEAT: If you were using Google Sheets or a spreadsheet application ONLINE that IS IN YOUR BROWSER then we have a different story. For sake of simplicity I assume you are using something like LibreOffice Calc or Microsoft Excel.
-
Second verse, same as the first! Your musical tastes are probably highly similar to many people in your vicinity and Google is using that to suggest content to you. This can even get spookily accurate if it even only knows your gender and age range based on what you watch. RECOMMENDATION: Clear your Watch History and keep it Paused.
-
Discord actually does load the video embed / information from the YouTube API. But unless you’re living in SF; this is not linking back to you unless you are clicking on those videos at all. However, if you are loading Discord in your Browser; YouTube might be able to make some weird fingerprinting connections. The solution is simple: Download Discord Desktop and install it…or if you don’t like Discord software you can always use Beeper ( https://www.beeper.com/ ) which is slightly more privacy preserving, but has limitations. Alternately you can isolate Discord tabs to a Private Window.
Personally I think there are possible federal wiretapping laws that might have something to say about a telecom that is offering an E2EE secure phone line to someone who is not on duty as a police officer (cop), federal agent (glowie), or other authorized federal, state or local employee (bureaucrat, with data that has legitimate need to be protected).
That’s not even considering the entitled political hand-wringing about terrorists, spies, drug dealers, pedophiles and other so called “EVIL” people who “should not have access to such a powerful tool” because “it’s our law enforcement’s right to catch them in the act.” Unfortunately it’s a nuanced problem and we can’t wave away all of that hand-wringing, even if we think most of it is dramatic and performative. They do have some points.
But…even if we were to suppose for a moment that all of the above issues are not a problem… because something likely happened to wake people up to the need for privacy…we would be facing an entirely new set of technical challenges to hurdle over.
As our current cell networks are structured; we would need to deploy cell phones with phone numbers that do not typically allow routing of outbound unencrypted calls…instead all phone calls would need to be routed over cellular data (AKA LTE or 5G). These calls could definitely be nominally routed by an existing application such as Signal and would require that remote recipients also install the Signal app to receive encrypted calls.
Essentially you’d have a phone which is a Data+SMS only line with a phone number for ease of access. You wouldn’t be able to make outbound unencrypted calls or send SMS messages except to emergency services.
and I read various posts they said that this app spy location and do lot of other stuff.
The source(s) you heard these things from are blatant misinformation. They fail to correctly understand the technology; which is “Federated Learning”. Basically it’s a form of AI training that obscures the data from the operator(s) so that it cannot be read, but the AI can learn from it privately. Bits and pieces of work are assigned to devices to “train” the AI privately, on the device using it’s AI focused hardware. Your device never allows your data to leave the device; even if your data is used to train the AI.
I tried to disable it but it again activates when I restart phone?
This is a core system component of Android and you cannot disable it. It is the core function of Android System Intelligence module. The Private Compute Services is what is allowed to read your data; and if you’ve not opted out, can train bits of AI on your data without revealing or sharing that data to anyone. I repeat, your data does not leave the device, it is only used as training material. Yes, that has some privacy implications that they do try to address.
Please see this comic first: https://federated.withgoogle.com/
and then feel free to read up on Wikipedia about it to learn more. https://en.wikipedia.org/wiki/Federated_learning
In Android 14, at least on a Pixel, it’s possible to opt out of these functions easily in Settings > Security & Privacy > More Security & Privacy. Similarly this menu can also “forget” everything your device has “learned” locally about your data and habits…which might help you with battery drain issues.
This is why I generally ensure my phone is configured ahead of time to block ads in most cases. I don’t need this garbage on my device.
As for how they could listen? It’s pretty easy.
By waiting until the phone is completely still and potentially on a charger, it can collect a lot of data. Phones typically live on the nightstand by your bed at night; and could be listening intently when charging.
Similarly it could start listening when it hears extended conversations; simply by listening to the microphone for human speech every x minutes for y minutes. Then it can record snippets; encode them quickly and upload them for processing. This would be thermally undetectable.
Finally it could simply start listening in certain situations; like when it detects other devices (via BT). Then it could simply capture as many small snippets of your conversation as it could.
I’m mentioning that it’s a bad idea to Only use that account for Aurora Store and microG services.
You need to log it into a few other apps on the web too. This gives the account more “livelihood”. Of course nothing you use the account for should be anything you care about; you just need to occasionally log into it through a browser and browse YouTube while pretending to be someone entirely different from yourself for a bit and check emails or compose a Google Doc, full of nonsense of course, for it.
Realistically I’ve never been banned, rate-limited or affected when using Aurora. I would recommend at least using microG installation as well though. I suspect that phones that look most suspicious would be ones that never formally “logged into” Google Play Services normally as well, so make sure you’ve logged into your chosen Google account once with the phone in it’s stock full OEM Google Play Services configuration.
Critically, Do Not Use the “Built in Anonymous Accounts” In Aurora! That’s just painting a target on your backside and would probably make your device look even more suspicious to whatever AI is swinging the banhammer these days.
Setting up a fresh, new, Google account is critical. Then go about “hardening” the account by setting up TOTP 2FA and disabling all the unwanted tracking options in your Google Account page. You can even generate “app passwords” here that can work for logging into Aurora.
My advice to you is to use this one new Google account across any Google Services you need to log into. Do not just log into microG and Aurora with your new account! Throw it a bone and log into a Youtube page or some other Google Service like GMail every once in a while, even if you do so from the phone’s browser only.
The more suspicious and single purpose the account appears to be; the less it blends in and could potentially be suspended by some wayward AI.
I’ve got really good scores. I’m grading a bit on a curve due to mitigations/spoofs already in place for both browsers that fool the scripts effectively.
4.45 bits from Firefox. [“System Fonts” is the worst score]
4.47 bits from LibreWolf. [“AudioContext Fingerprint” is the worst score
Some Measurements are Ignored; reasons within.
User Agent - Flawed. This contains no personally identifiable information and spoofing this often causes compatibility and functionality issues. It is OK to spoof for -MORE- functionality if needed.
WebGL Vendor & Renderer - Spoofed/Blocked Firefox spoofs this via CanvasBlocker and LibreWolf blocks this from being accessed at all. Spoofing allows some websites to feel “satisfied” they have some fingerprint that is otherwise patent nonsense and CanvasBlocker will present the same value to the website/script later if it’s loaded in the same Container/Context.
Screen Size and Color Depth - Spoofed/Blocked Both Firefox and LibreWolf will spoof/randomize/standardize these viewport values back to scripts to preserve privacy. For functionality reasons my LibreWolf installation is my minimal plugin environment. This allows me to quickly and temporarily load a website I might NEED to use without compromising on Privacy while not being forced to troubleshoot which plugins might be preventing the site from loading in Firefox.
System Fonts - LibreWolf Only Spoofed/Blocked Value is Randomized
Asking this question on a privacy community really doesn’t look good on you.
We shouldn’t have to go to these extremes to protect ourselves… But at the same time if we don’t do this and defend our rights to do so…there will be attempts to legislate against it and make modifying your tech to protect your privacy illegal!
**DAP = Distributed Aggregation Protocol (for privacy preserving measurement)
They’ve already screwed up. This is another way they’re trying to sneak unwanted bullshit into the fabric of the internet.
Next I want you to look closely at this author.
Jana Iyengar VP, Product, Infrastructure Services
Uhuh. First problem is he’s a VP. This man’s job demands that what he sells makes MONEY first.
Next let’s have a look at the mini bio. (Emphasis added)
Jana Iyengar is VP of Product for Infrastructure Services at Fastly, where he is responsible for the core hardware, software, and networking systems that constitute Fastly’s platform. Prior to this, he was a Distinguished Engineer at Fastly, where he worked on transport and networking performance, building and deploying QUIC and HTTP/3, and serving as editor of the IETF’s QUIC specifications. He chairs the IRTF’s Internet Congestion Control Research Group (ICCRG). Prior to Fastly, he worked on QUIC and other networking projects at Google, before which he was an Associate Professor of Computer Science at Franklin & Marshall College.”
It’s easy to miss because they LITERALLY gloss right over it. This dude is an ex-Googler.
Hell. To. The. No. No. No. No. No!
This is Telemetry, analytic and tracking crap BUILT RIGHT IN AT THE FUCKING PROTOCOL LEVEL
NOPE! NOPE! NOPE! FUCK NOPE!
Today’s unreadable hashes are tomorrow’s GUUIDs with Quantum Computing right around the fucking corner.
What is confirmed as cryptographically sound for now, may not be for even the remainder of the decade.
YES, IT IS!
You should NOT trust Brave to not play fast and loose with your privacy. They already operate an advertising network (it operates on those stupid little BAT tokens) and they DO inject ads and affiliate links.
I strongly recommend Firefox1 or Librewolf.
1 - You must install plugins and apply user.js fixes yourself to properly harden Firefox completely against tracking; but this is doable.
Yes. Both countries have highly invasive laws and will demand access to many things.
DO Bring a completely clean and clear Burner Phone. Do not log into anything on it, do not download any apps, or sideload necessary apps when you can, do not do anything besides basic activation.
DO invest in personal private cloud storage but make sure it’s hosted somewhere SAFE and that you won’t have issues getting through the Great Firewall (China) to it. Make sure you paid up to host it for the duration of your stay BEFORE you leave your home country.
You are not freaking out! It’s perfectly fine to protect your privacy and it is NOT illegal. You cannot predict when or if you will have a run-in with local authorities in some countries. It’s best if those authorities have nothing to hold you on.
Having a clean, secure, and private device which does not leak any unnecessary information about you when seized is ideal.
Personally I agree with the OP; and I refuse to use Brave. This isn’t based in dislike of cryptocurrency in general; but I DESPISE both ADVERTISING AND SHITCOINS (Basically any token or sub-token of a main standalone blockchain that has no real, significant, usable real world value).
Therefore Brave DOES NOT reflect my values. I don’t care if advertising networks make any money, I actively hate them enough I want to deprive them due to their behaviors anyway for being so violently anti-user.
I don’t use Chrome or Brave because they DO NOT reflect my beliefs regarding web standards either, and I refuse to allow Google and the Chromium and Chrome project to dictate standards either. Particularly of note is their utter failure with both FLOC and WEB-INTEGRITY; both of which are stupidly retarded anti-user and anti-privacy features which are horrible.
The act of paying for something directly violates user privacy too. Modern businesses use Trust-based National Currency. They are REQUIRED to do so.
Thank you modern anti-money-laundering laws. /s
The best privacy defense is “Nobody Knows Who”. Any company that profits explicitly from asking “Who?” is a problem.
The best software asks “Who?” as little as reasonably possible. Companies in general would profit significantly more from software as a service if they did not have to bear the burden of answering “Who?” every time the government asks, or bear the fears of being tied up in legal proceedings for ages for simply upholding the right of privacy for another.
Facebook and it’s other related social networks is horrendous software. It’s company is actively exploiting “Who?”. Advertisements are a largely unwanted fact of life and people are beginning to draw lines and demand ‘moderation of Advertisement placement, levels and density’ as well as ‘more privacy respecting’ businesses and services.
TL;DR: If your business model is to invade people’s privacy to sell advertising and you charge exorbitant prices to “respect my privacy” in any shape, form or manner; then you have no morals, ethics or scruples and you should fully expect to be censured and shunned by people who value those things in the companies they do business with.
I might recommend using something like tape. Extra Strong Clear Tape.
You may also want to invest in a phone case; preferably an opaque and waterproof one that is difficult to remove.
There are apps available on F-Droid like PrivateLock which might help too; this will automate locking your phone if it’s snatched from your hands suddenly.
- PluckLockEX: (No longer maintained) https://f-droid.org/packages/xyz.iridiumion.plucklockex
- PrivateLock: https://f-droid.org/packages/com.wesaphzt.privatelock
Last thing I can say is to use a short screen timeout and a strong password to unlock the phone.
Hot take here; so PLEASE do not reply unless you’re the OP.
Maybe you don’t have to switch. At least not immediately. Ultimately someone will make a stink out of switching. Again!
MProto isn’t the best cryptography around; but it does provide some implementation of some low level privacy. I wouldn’t trust a credit card number to it; but it’s not worthless. It is however heavily disliked by people who understand cryptography and value privacy. But Your friends don’t care! That fact is irrelevant to them emotionally.
And this is where the problem starts…Your friends have gotten accustomed and attached too much to Telegram and it’s many eye-candy features and smooth polish.
This is where you need to “Sour The Milk” and wean them off Telegram.
Perform your usual setup of a new group. Use Signal or Matrix (usually this will be though Element). Then Force anyone who decides to be stubborn on Telegram to use the “Secure Chat” feature on Telegram. At least then the stubborn holdouts won’t be causing you excessive privacy issues.
Then lastly just transition to your new platform and pay exclusive attention to the new one and let people trickle in.
I don’t know the exact requirements but I’m literally running a locally hosted one on a much more previous generation CPU (i7-7820HK) and I appear to be using no more than 4GB of ram including Podman Desktop, WSL and the Docker image itself not seeming to consume that much RAM.
I don’t feel as if you could possibly lack the system resources needed to do it comfortably if you have at least 12GB of ram (for locally hosting on Windows 10) or 4GB of ram (Any flavor of Linux probably, if you wanna throw an old PC or rPi/rPi-like at it.)
You should look closely at https://github.com/searxng/searxng and find out what the exact requirements could be by asking the maintainers.
I’ve been using a SearXNG locally-hosted instance using WSL/Podman. Behind a VPN of course; and also using TrackMeNot to generate a steady slow stream of garbage searches to block general query tracking.
I’m loving it to bits; as I don’t have bullshit in my search results and I immediately find what I need; as I can query all the engines I want.
You Will NOT Find A Search Engine That Does Not Geo-Locate You. They DO NOT Exist.
Why am I so bold in my statement? Because they don’t exist. Please oh please try to prove me wrong, it will be very entertaining, and I promise I will find that every engine you recommend will be caught red-handed doing this by the time I complete 100 searches specifically crafted to bait this behavior out.
How do I know? Been accessing the public internet since 2004. They all have been doing so since then; and those who failed to do so have ceased to exist.
How do I evade it? Unfortunately, you don’t I recommend using either Tor; or a VPN. Then you’ll know what region and possibly city your accesses will appear from; and the blatantly localized results will be irrelevant to you.
But XYZ has an option!~ No, they do not. You will still receive data relevant to your language and country as determined by your IP Address’ Geo-Location. You can’t turn that off; and engines won’t give you the ability to ignore fine-grained IP location either if you ask for something local; which still localizes you to the city level.
Geo-Location is a core feature of all search engines. So good luck trying to avoid it.
Not gonna lie; everyone seems to be over-reacting to what is common practice in law documents; terms are overly broad for a reason, and undoubtedly if you dig in the case histories; you’ll probably find an absurd lawsuit or two on the books.
That said; I doubt the car is capable of collecting this data; but they can collect information you freely volunteer to them.
Not going to lie; Google is largely not as bad. I don’t see Google being as intrusive as they are just simply BIG. This does have some concerns to be worried about; and it can be seriously bad for your privacy. I don’t notice any significant privacy issues; particularly since the worst of Google’s offenses can be either blocked or mitigated somehow. They rely on your inaction, and most of the time do not try to override your actions to preserve privacy. Yes there are some exceptions; like with Youtube attempting to force users to watch ads; but these are few and far between when you look into all of Google services in general.
Most of the time if you’re using a paid “Workspace” account; there’s even a complete lack of ads…as all your usage is paid for anyways.
Assuming you’re right and you have this level of compromise; assume that all of your current computing devices are compromised. This means your computer, smartphone, smartwatch, other Smart IoT devices all need to be shut down and shoved into a bin or drawer.
Your best solution is to scrap all your current computers and start from scratch…build your own PC and install your favorite flavor of Linux on it. Kill your postpaid wireless service; and buy prepaid service line(s) instead; after buying a new unlocked phone that you have flashed something like LineageOS on to.
Furthermore you need to completely kill your internet identity and come back on with an entirely new identity online. New username, new interests, new emails, new everything. Ideally you’d set everything up using Tor…and pay for everything you’d need; such as a VPN; with bitcoin or cash. Never pay with a card; as that can be traced.
In the meantime; While you are scrapping your current tech for more secure and privacy respecting tech and slowly cycling your identity online out for a new one…Please seek a counselor or therapist. I’m not going to say that you are mentally unwell; but I think you need to seek some guidance on your state of mind to ensure you’re not going to end up jumping at your own shadows. Anxiety can be a bitch; especially social anxieties. Work with your medical care providers to rule out any instability you could be facing.
Once you’ve replaced all your tech with tech that respects your privacy; I would hope that would remove a load off of your mind and give you less reason to be afraid or paranoid when online…which will help you to seek more healthy communities which can also help you aim to improve your life in general, share your struggles safely with, and aren’t filled with dangerous individuals who get you placed under unwanted scrutiny.
Really all you need to do is quit visiting the communities that are filled with the extremist rhetoric. I get that you may not be an extremist yourself; and that you may be trying to subconsciously escape a very toxic community and get out from under unwanted legal scrutiny so you can start fresh.
As long as you can avoid becoming a regular of these problematic communities; you can typically avoid being in the crosshairs of overzealous Law Enforcement Agencies.
If you are not OP read before replying...
Don’t reply. I only want to hear from the OP as a reply.
To the OP: Before you reply
If you disagree about your mental state; don’t reply. Downvote and move on. I only seek to provide advice and be empathetic to both you; and the ones who are concerned for your well being, but are communicating it poorly.
- It is not unsafe.
- It is not 100% private. Admins can read your messages if they choose to investigate your messages.
- It will not get blasted out to the whole fediverse; just to the recipient you indicated. (Unless an admin from the previous point reads your message and publishes it publicly on the fediverse)
- You do not get to do anything naughty with it; expect to be caught if you break the rules.
people start ranting about how you don’t have an expectation of privacy at school or work.
That my dear, is patent bullshit. Anyone who does this is absolutely 100% WRONG and you should not be shy about it. Tell them to stfu and block them if needed.
You always have a basic expectation and right of privacy. What actually changes, is “what invasions of that privacy is common and accepted as necessary”. 95% of the time you do have every right to be aggrieved, pissed, upset, and perfectly right to have a discussion about those rights being invaded.
Do not suffer fools who would shout you down to shut your objections down.
HAHAHHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHHAAAA
No.