Thanks for the detailed reply :)
I agree with all your points, it is misleading and potentially harmful to use a strong term like spyware to refer to all of those things, without further context. I guess I’m still used to a couple of tech circles where people would jokingly throw ‘spyware’ around to describe anything and everything, so I didn’t realize how misleading it really is. Especially when it’s applied to things like automatic updates, which only the most extreme security models consider more of a risk than a security feature.
That website has a very strict, unusual interpretation of ‘spyware’. Even if all the telemetry and unprompted connections made by Mozilla Firefox are in good faith and legitimate features, that website still labels it ‘spyware’, as it is revealing unnecessary information without your consent.
The same website gives Tor Browser a ‘Not Spyware’ rating, as it (necessarily!) removed the default features of Firefox that concerned them.
Side note - I think you may have accidentally marked your account as a ‘bot account’ in the settings.
That website is […] full of verifiably false information
Could you please provide and example or two? I wish to verify it, since I didn’t notice any last time I checked the site.
they act as if any and all [unprompted] connections a browser makes are automatically bad and “spying”.
They’re very clear that this is their approach (bold text on the home page). Even if you disagree with their definition, that doesn’t make the site bad. And there are many valid situations where a threat model should be this strict, consider anti-government activists in any country.
They even claim that Tor Browser is a “spyware”.
It says “Not Spyware”. https://spyware.neocities.org/articles/tor
The book Manufacturing Consent has an excellent analysis of how advertising is one of the major filters which affect the content of news. Regardless of whether it is surveillance ads or not, the model of advertising, while lucrative, profoundly compromises the integrity of news.
Of course, I understand (and I believe the book also suggests) most news can’t be expected to self-sustain and compete without having ads in their economic model. So this isn’t a rebuttal to the article’s discussion on “Non-creepy” contextual ads.
As a quick introduction to the idea of Linux phones vs. Android ROMs, this post (updated about a year ago) gives an introduction from a security perspective. Depending on your adversary’s capability, security can be an important dependency of privacy.
It sounds like you’re suggesting Linux phones are more private and secure than GrapheneOS. Given their current state and limitations, it is extremely unlikely that any of them are more secure than GrapheneOS against a typical hacker or malicious app.
with the downside that is limited to one single phone brand In terms of security, this is also a benefit. It means they aren’t trying to aim at fifty different targets which may behave different or even unexpectedly. The software developers have far far far more confidence that their security features will work on your device if they test it on theirs.
Again, there is no such thing as “full privacy and security”. It is unpragmatic idealism. Not only does it misinterpret privacy and security as concepts, it is an unconstructive attitude for creating an effective security model, and just encourages burnout for no benefit. We don’t limit “full”. There is no full. There is no perfect answer. It’s an undefined and unachievable idea.
“[Someone made] a laptop, encased in foam in a full Faraday cage, wrapped by alternating metal foils, and finally covered by a 1” layer of reinforced concrete."
"It had been billed as the most secure computer ever. Right until two research papers had come out that showed it was possible to decipher processing by the amount of power being consumed and by pulling the slight RF signal being carried by the ground line. "
Now, I’m not saying you can’t effectively secure your device adequately against big-tech and corporate capitalism. I say you can! It’s achievable. But it’s unconstructive to hold the illusion that there is some absolute “full privacy” against them.
Who are you hiding from? “Increasing privacy” means nothing without context.
My adversaries (well, when I’m not at a protest) are not likely to be tracking my phones location, and my phone is set up that no app or website can, so to me personally it’s a large sacrifice for no benefit.
But for someone else, it could be good advice!
Thanks.
An interesting post linked in that thread (note: from 2014. I have no idea how they responded to this): https://lists.torproject.org/pipermail/tor-dev/2014-December/007999.html
I like the I2P project (despite not using it) and according to the official site “there are several bittorrent clients and trackers on I2P.” I’m sure they’d love you for it! Like you said, slow, but how much of the library do you expect the average user to download? A few MB? A couple of GB? Is the library a cohesive whole that needs to be one piece, or can you request people redistribute your library or its pieces onto the clearweb?
I see something mentioned about BiglyBT’s bridging (aka Network Mixing [github wiki link]), which allows I2P users to download clearnet torrents so long as a bridging user is seeding. I wonder if it works in the other direction: a BiglyBT seeder allowing clearnet users to download and I2P torrent. Maybe not.
Safe from who? ISPs? Copyright trolls? State law enforcement? Different problems may have different solutions.
People are often safe pirating without a VPN either because of ‘safety in numbers’ (essentially just obscurity) or by living in a region that doesn’t care much about it. But as a distributor, I would assume there is a higher risk if you’re distributing something that will make copyright owners seek a take down.
Further, what is the reason you’re open to onion routing and I2P but not VPNs?
and there’s people who have gotten in trouble because someone else downloaded child pornography through their network.
I doubt that, it sounds like a violation of safe harbor (similar to ISPs and hosting sites not getting in trouble unless they are made aware and fail to act) which is admittedly a gray area. Got a source?
Tor itself isn’t Tor Browser/TBB. You can use the Tor service to proxy applications through.
For example, I can simply run a program on terminal through torsocks, like torsocks git clone https://github.com/grassmunk/Chicago95 , or torsocks wget http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/favicon.ico
I haven’t checked how but you can probably configure a program or network that allows you to pick a proxy to go through the Tor network too.
Edit: If a virtual machine is appropriate (if you want a whole leak-proof Tor-only environment for browsing, email, software, etc. without rebooting), consider running https://www.whonix.org/ . You do need to launch the Workspace and Gateway OSs which will take a few seconds (a shortcut to a shell script can launch both at once) but if you are using Tor for security purposes then it might be more useful in your threat model.
It’s less a dogwhistle and more just explicit symbolism, just substituting the swastika so that it’s not a swastika.