My firewall varies from installation-to-installation, as it’s always client-side with a custom DNS provider. Right now, I’m using YaST Firewall on my main machine, iptables on my old ThinkPad, and my other machines are currently between operating systems. In the past, I have also dabbled in ufw, pf, and awall.

In addition to that, I generally use NextDNS (though I also get excellent results with Mullvad DNS).

My policy is simple: reject all incoming connections, except for Torrent and Syncthing.

This was mentioned in Little Brother by Cory Doctorow. So, what do we do about it?

Yeah, this is so fucking annoying. I’ve been banging on about Signal for years, but everyone except a small handful of my wisest friends insist upon using WhatsApp and Discord.

Almost everyone I know also uses Instagram, and no other social media. I am yet to meet someone in real life who even has Mastodon.

Whoa, whoa, whoa! What the actual fuck, Google‽

I swear to Hephaestus, at this point I’m considering switching to UBPorts or Sailfish OS or something…

I2P is brilliant, yes, but I can’t use it for clearnet sites.

Besides, in this case I would be using it purely for tunneling without detection by my ISP. Anonymity would be more of a bonus.

I’m already using the Shadowsocks bridge in Mullvad. If things get more serious, I’ll do some research and consider switching to Tor with either obfs4 or WebTunnel on Tails, and Snowflake on mobile.

I got on very well with it. You don’t get a lot of storage on the free tier, and it functions exclusively as a web app/PWA, but it was quite seamless.

Same here. I started buying CDs in 2015, and I haven’t been back to streaming since.

Honestly, this sounds like a job for Tor. Install Orbot, possibly enable a bridge, and you should be good to go. Onion Browser is recommended for use with Tor, but Safari will work just fine.

I have never tried calling over Tor, but I have never had an issue with the speed before (although it is inherently slower than a VPN).

This Invidious instance still works. Don’t push it too hard, though: it’s all we’ve got.

Also, if you log in to YouTube in Chromium or something (assuming you’re on desktop) and then use yt-dlp with the --cookies-from-browser chromium argument, it should work. This is also possible on Android via Termux and iOS via iSH if you copy ~/.config/chromium to the app.

Definitely neither. Epic is not private, and Maxthon is Chinese. Both are based on Chromium anyway.

Mullvad VPN if you’re prepared to pay; ProtonVPN or Windscribe if you aren’t.

None of the services keep logs or require any personal info.

With one exception, all of my machines have 8GB or less, and I use a Firefox-based browser on desktop (Goigle deliberately slows down their services on non-Chrome browsers). Also, YouTube does have server-side tracking, and I need to be able to manage my subscriptions. I could use RSS, but I already have a reader installed for news and I don’t want it getting cluttered.

uBlock and Mullvad is a great combo, and I am known to use the main site if both Invidious and yt-dlp aren’t working; but the fact remains that Invidious is the inherently more private option.

Well, I don’t need recommendations for a start. I can see the appeal, but my subscription feed is good enough for me.

Also, YouTube is incredibly heavy in comparison, and I personally believe it’s better to avoid tracking in the first place than to jump through hoops to cripple or block it, so Invidious and yt-dlp are the obvious solutions for me.

It gives you an estimate. I haven’t used actual YouTube in a while, though. Just Invidious and yt-dlp.

I’d say use the website through Safari. Install AdGuard, SponsorBlock, and Vinegar, and it should be smooth sailing. Return YouTube Dislike is available as a UserScript.

Brave and DuckDuckGo also provide nice experiences with YouTube, but thry sadly do not have SponsorBlock or Return YouTube Dislike.

If you really need an app, though, give uYouPlus a try.

Y’all are seriously still using the internet?

I believe Librewolf and Mullvad Browser change your timezone, either to UTC or to Atlantic/Reyjavik (for some reason; probably a bug on my end). Tor Browser likely does the same, but I’m not sure.

I’ll probably switch to LineageOS and harden it myself if GOS starts floundering, but that would be purely to get my money’s worth out of the hardware.

After that, I’d go for my alternative setup of dumb-ish phone + laptop + refurbished iPod.

Fairphones and TeraCubes are ethical hardware. Fairtrade, repairable, and possibly open-source (I’ll have to double-check that).

GrapheneOS is customisable, yes, but LineageOS is moreso.

Magisk is a tool used to root Android devices (essentially adding an su binary to give the user root access). However, this makes the system inherently less secure, and undermines the whole point of GrapheneOS.

The only real downsides of GOS are that it only supports Pixels, and that it doesn’t support microG (I can see the appeal of Sandboxed Play Services, but I would personally have preferred microG).

• Privacy: GrapheneOS
• Security: GrapheneOS
• Customisability: LineageOS
• Functionality: (Subjective)

I would only recommend three groups of devices:

• Pixels
• Fairphones
• TeraCubes

Will this affect Matrix? I use g24.at as my homeserver.

Sorta. It’s the same engine, but it is generally less private and less secure than actual Chromium.

DivestOS used to have some handy tables, before they shut down the website.

Huh, I didn’t know that. I wonder if any of the rest have implemented that since…

See also:

Firefox-based

• Tor Browser
• IceRaven

Chromium-based

• Brave (controversial)
• Vanadium (GrapheneOS-only)
• Cromite

WebView-based

• DuckDuckGo
• Privacy Browser
• FOSS Browser

• uBlock Origin
• NoScript
• JShelter
• CSS Exfil Protection
• Libredirect
• Indie Wiki Buddy

I also sometimes use the IceCat extensions, too:

• LibreJS
• LibrifyJS
• Reveal hidden HTML
• Searxes’ Third-party Request blocker
• Workarounds for nonfree JS

Matrix is the only one I actually use other than the rest.

There is also XMPP, SimpleX, Threema, Briar, cwtch, Tox, and Delta Chat.

Transcribro is pretty good, and available on Accrescent, but only for English (and American spelling only, at that).

According to the tests I’ve run, IronFox, Brave, and Tor Browser are the only options (in my opinion).

Cromite also works, as does Vanadium, but they’re… basic, and the fingerprinting resistance could be better.

I use SearXNG. I would highly recommend.

Yeah, I’m pretty sure System1 divested themselves of it.

They still own Startpage and Startmail, though.

• Yewtube is hosted by unixfox, who also happens to be one of the main developers behind Invidious.
• I’ve talked to the person behind Nadeko on Matrix., and they seem nice.
• Not sure about the rest, but a poison Invidious instance is unheard of. Still, doesn’t hurt to ask questions like this once in a while!

ffs. Guess I’d better move everything off and close my account, then.

KTrip’s not bad.

When did they stop being Kiwi?

Posteo is probably what you’re after. Only €1 per month!

There are also:

• Nebula
• Floatplane
• media.ccc.de

Thanks, but I’ll pass. Currently, it’s just a random house; but if I blurred it, it would stick out like a sore thumb and possibly attract attention.

Ah, I stand corrected.

• DAITA adds noise to your traffic, in order to prrvent AI packet analysis. However, most people don’t need this, and it limits your server options as well as increasing your bandwidth usage. Leave it off unless you need it.
• Multihop routes your traffic through two Mullvad servers, in order to further obscure your IP address. Turn it on for added privacy, unless you have problems as a result.
• Local network sharing means you can still connect to devices on your home network while using Mullvad VPN. This includes things like networked printers, network attached storage, and the web interface on your router. Turn on unless you’re sure you don’t need it.
• API access just checks to make sure you can connect to Mullvad at all. The API is what gives you the list of servers and provides your computer with the connection info. Have a look if you’re interested, but you shouldn’t need to change anything.
  • If you are on a hostile network, this part of the settings also lets you enable bridges, which can help to circumvent local VPN blocks.