Of course some people go too far. I think a lot of folks on here grossly overestimate / overstate their threat model, but I think the discussions are good for the limited few who really do need to cover their asses.
Me personally, I hate the idea of companies bidding for my attention without my consent, so I try and make it as hard as possible for them to get it. This just so happens to overlap nicely with the goals of the privacy community much of the time.
The advantage of Tile and AirTags is that they’re relatively dumb devices that leverage passing cell phones to snitch on their location. This means they can last months on a single charge while the phones do the heavy lifting.
There may be more and less private ways to do what they do, but they’ll all have similar tradeoffs.
A device that tracks its own location and reports it out over a cell network would basically require all the complexity and size of a smart phone minus the screen and cost similarly
There are Bluetooth trackers that can be run privately and with enough creativity can be used to identify the location of something within the confines of your home (or know if something is not home), but won’t be much help if you’re trying to track down lost luggage or want to know if you left your wallet at work or the coffee shop. (e.g. https://www.youtube.com/watch?v=-fmBwINdsxQ)
save you a click: it’s in-app tracking and device screenshots. Don’t install apps that have a working website. Also don’t use Facebook.
“There were no audio leaks at all – not a single app activated the microphone,” said Christo Wilson, a computer scientist working on the project. “Then we started seeing things we didn’t expect. Apps were automatically taking screenshots of themselves and sending them to third parties. In one case, the app took video of the screen activity and sent that information to a third party.”
Out of over 17,000 Android apps examined, more than 9,000 had potential permissions to take screenshots. And a number of apps were found to actively be doing so, taking screenshots and sending them to third-party sources.
For those who maybe breeze past it in the article linked, here’s an unofficial tool for searching all of the zillions of Kagi bangs: https://kbe.smaertness.net/
They have all the usual, !g for Google, !gi Google Images, !b Bing, !ddg, !brave, etc, plus like a billion niche ones.
If that’s true, why bother “monitoring” a search engine? This whole list screams of somebody who knows nothing about tech put out a vague RFP and a contractor pulled a list of “top sites” and used it to justify an egregious proposal cost.
DOGE, if you’re looking for waste and fraud, perhaps here’s a good source.
Personally, my wife and I each have a version of firstname@fundomain.vanitytld, as well as a shared house@fundomain.vanitytld where all of our bills and shared expenses go to.
For some modicum of privacy, we also have a forwarding domain connected to SimpleLogin that allows us to do website.catchall@forwardingdomain.com for each website where we have little trust in the owner respecting our privacy.
The roles I’ve hired for require formal presentation of work/studies with a certain level of attention to detail, and more internal politics than I care to admit.
So while its never the sole deciding factor in a resume I do put weight on spelling, formatting, and general professionalism. If your email is firekitten22@aol.com, or jon@sirfapsalot.net I’m not immediately binning it, but you are starting from a disadvantage. stephanie@harmlessdomain.com is always gonna be just fine though.
-
People don’t like the idea of paying for stuff they’re used to getting for free
-
Privacy Guides does not include Kagi in their recommendations because an account is required in order to search, despite it being against their privacy policy to log, and despite the fact that they allow “no-log” VPNs, messaging apps, etc. which all require accounts. They’re starting to soften to Kagi with their new Privacy Pass feature, however they seem hung up on the fact you need an account to generate private tokens. Accounts can be made with burner emails and paid with crypto.
-
Kagi leadership has had some controversial opinions on search censorship (they’re fairly blanket opposed to it) and other social issue in the past
-
In addition to search, Kagi offers AI tools, which is a turn-off for a lot of people
To me, none of these things are deal breakers, but some folks are eager for an excuse to complain.
I mean sure, if you ignore the first 20 or so relevant links before that, you’re right, that one does show up when searching for monkey (proof)
You can add literally any other word to the search and that one result disappears. Even bear monkey. Regardless of the fact that no one searches for just the word monkey, I find Kagi’s rankings consistently prioritize more quality and informative content.
Comparing to other search engines, Google is obsessed with the movie The Monkey, Bing really wants you to watch Monkey Baby Bon Bon live what looks like a nightmare life, Brave gives an OK mix of content, still with a The Monkey focus, and Kagi gives you a really solid mix of results across the monkey spectrum for such a vague query (plus one whole link to an article about polar bears).
If the polar bear result specifically bothers you, you can report it to Kagi and I’m sure they’ll fix it. I’m still happy with my choice though.
Edit: decided to check DDG as well - I’d written it off in my head as just Bing, but the results were slightly different - the Monkey Bon Bon nightmare fuel was pretty significantly demoted, and for better or worse, DDG was blissfully unaware of the movie The Monkey. Not a bad result overall.
I know it’s a controversial take around these parts, but I’ve fallen in love with Kagi.
If I had to rank search engines by results, in my opinion/experience:
Kagi > Brave > Startpage/Google > DDG/Ecosia/Bing
Kagi/Brave/Startpage/DDG all offer privacy to some degree. I haven’t really fucked with SearXNG though I’m sure its awesome.
.com is $15/yr for most domains, .place is $22/yr for renewals. Not sure where you’re shopping or if you’re eyeing some sort of premium domain, but generally it’s cheaper.
I have both, a domain on “new” TLD (like .place) that is my main but has hiccups on certain websites, and a cheap .com that I have tied to SimpleLogin for generating per-site throwaway addresses. This setup works great for me.
Cool story bro. There was (and likely still is, because you clearly haven’t found it) a keylogger on your system when you logged into Steam at some point.
You can continue in denial if you want, it literally makes no difference to me - I’m not the one getting HIBP Stealer Log emails. Just trying to warn you, I wouldn’t log into anything you care about getting hacked until you find out what caused the breach.
Man, the denial runs deep.
HIBP works by finding big databases of stolen information on the dark web. Usually these databases are attributed to websites that have been breached.
In the case of “stealer logs” though, the databases are full of logins to a bunch of different websites, instead indicating it comes from hacked computers.
They, and I, can’t truly say for certain that your computer was hacked, so instead they have to make vague statements like “someone attempted to log into your account on a compromised computer”. That information went to the hackers who developed the virus, and they posted it online. They don’t know your computer is infected, just that your information ended up in a pile with a bunch of other people’s whose computers were infected.
The person logging in could be you, could be anyone, they may not have even gotten in, but the #1 most likely scenario is you logged into your account on your computer while a virus was running in the background capturing information.
Your computer being the one with the virus is made 1000x more likely because you mention in previous posts that you use pirated software.
If you pirate software, and you get a HIBP stealer log notice, I’d wager there’s a 99.7% chance someone snuck a keylogger into one of the programs you downloaded.
Nasty stuff, stealer logs. I’ve written about them and loaded them into Have I Been Pwned (HIBP) before but just as a recap, we’re talking about the logs created by malware running on infected machines. You know that game cheat you downloaded? Or that crack for the pirated software product? Or the video of your colleague doing something that sounded crazy but you thought you’d better download and run that executable program showing it just to be sure? That’s just a few different ways you end up with malware on your machine that then watches what you’re doing and logs it, just like this:
These logs all came from the same person and each time the poor bloke visited a website and logged in, the malware snared the URL, his email address and his password. It’s akin to a criminal looking over his shoulder and writing down the credentials for every service he’s using, except rather than it being one shoulder-surfing bad guy, it’s somewhat larger than that.
Seriously, read the article you posted. YOU probably attempted to log in and the virus on YOUR computer you seem to be in HEAVY denial about captured your info. You’re lucky the 2FA probably prevented the people who are are logging activity from your PC from accessing your Steam account.
The article you posted clearly defines stealer logs, and the email you screenshot clearly says your info is in a stealer log breach - I don’t know what more to say. You clearly have all the information you need, you just don’t want to process it.
YOU LOGGED INTO STEAM ON AN INFECTED COMPUTER AND ARE PROBABLY STILL USING THAT SYSTEM. YOUR COMPUTER HAS A VIRUS.
I think you missed the entire premise of the article you linked - the “stealer logs” mean someone logged into your account on a system that had been breached (infected with malware), and the “stealer” “logged” those credentials.
Also, SteamDB and Steam are two very different things. SteamDB is an independent third party offering that just tracks Steam data via their API.
A custom domain is $12/yr, and SimpleLogin lets you do automatic regex emails, so I can just make a quick website.spam@customdomain.com email for each website. Would recommend.
The core focus of early crypto was decentralization, not anonymity. Bitcoin is totally decentralized, but the entire premise is the blockchain contains a permanent irrefutable ledger of transactions. Basically everyone knows if Wallet A paid Wallet B. If you refill your wallet with anything remotely traceable, that means everyone knows YOU paid Wallet B, and similarly if wallet B has any ties to the real world, the lines are easy to connect.
That’s not to say you can’t use it anonymously, but that was not the intent and thus it does anonymity poorly.
It looks like you’re missing the “Manage shared info” section and “Personalized Shopping” link, which yields the above toggle for me (CA, US)…
The question is, is it gone because your privacy laws make it impossible to even offer, or because your privacy laws don’t require them to care about your opinion at all?
You can set uBlock to run in incognito tabs, so it’ll hold if you let it.