Many people probably won’t be bothered by these things, but I am. I don’t want to pay full price for something that I don’t truly own. I miss the familiarity. I miss the reliability. I miss feeling like it’s mine. Dependable. Trustworthy.

Picking my old guitar up again has never looked so appealing. I think I want to go back to investing more time, money, and energy into things that aren’t connected to the internet

Upvoted.

Yup.

Buy any domain name, doesn’t matter what.

Suggested to OP and others that self-hosting email is easy and reliable is a bad idea in my opinion.

Instead I suggest the OP to let go of the “free” requirement. There are at least three email providers that provide email for 1 Euro a month including a few email aliases. Another option is to find a web hosting company that also provides email with web hosting. For example Gandi used to do that though I read they made some changes with their hosting options.

Sure, but what random psycho would go through all your comments collecting data like weather on a specific day, car, job, etc… just to mess with you in real life. That’s like one in a billion unless you specifically seek out those kind of people.

Scraping experiments have been done in the Fediverse several times and with the booming A.I. such an action does not seem very unlikely to me.

• https://digdeeper.club/articles/email.xhtml#Summary

I saddens me that it feels like the multi-billion dollar data harvesting companies are winning, but I no longer know if this is a hill that I’m willing to die on.

It is a very sad thing indeed :(

What are your thoughts on what we have to give up in our lives just to stay in control of our personal information?

I guess it depends whether you want to be reachable 24/7 on mobile or not.

With Signal and with things like WhatsApp and for that matter Telegram a phone number is only required to sign up. And you do not have to restrict yourself to one phone number.

Actually that is not correct because contacts syncing is another thing. If you are willing to have a private life without Meta and a second life which includes Meta Zuck it is technically possible. Buy a cheap smartphone with another SIM card for signing up and for syncing contacts and then link it to desktop apps that you can check a few times a day to check in with your friends via the Meta Zuck channels. The cheap smartphone can stay off unless you need to sync contacts.

That is true to some extend (Though search engines would afaik correct 404 pages and delete the old fetched data), but the automatic deletion does stop part of the audience of having a lot of data to create a fingerprint.

I’ve read on several websites that Nokia comes with pretty much stock Android.

On Mastodon (and maybe also Akkoma/Pleroma/Misskey/firefish and so on) there is an option in the settings to auto delete your posts (formerly known as toots) with fine tune options if you for instance want to delete your posts but save your favorites and boosts. Several people have their toots older than one month automatically deleted. Before this was an option in Mastodon, people already did this with help of other software.

Lemmy is not very similar as StackExchange/SuperUser/Quora but in some threads Lemmy resembles a Q&A site so it makes sense to leave the conversations as is.

Regarding the most private social media question I’d think of Friendica, Hubzilla, and Pixelfed as best.

Well, people in the USA probably do know one German name related to NASA :

• https://en.m.wikipedia.org/wiki/Operation_Paperclip (Link found yesterday in a comment somewhere else on Lemmy)

https://blog.paulbiggar.com/meta-and-lavender might be worth reading.

You’re welcome.

What ? You did not obey the surveillance capitalism overlords ? :-) /j

Thanks for sharing, good to know!

Is PixelFed https://pixelfed.org a good alternative for privacy minded people out there ? I know that PixelFed users can be followed from Mastodon which seems nice to me.

Cool, that works. Thank you.

Exactly. What makes this a bit complicated and maybe interesting from a historical point of view is that this is about Spain. A country which has been very slow with removing some of the “relics” from the fascist Franco era (Franco died in 1975) and at the same time having regions that long for independence like Basque country and Catalunya (and the post topic is related to that, Catalunya aiming for independence). Since the Twin Towers attacks in 2001 the words “terror suspect” and “terrorists” have been used much more often (also by ordinary “normies” people that I knew) and maybe not always rightly so.

👍 Here’s a written piece from Lavabit founder : https://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email

Except with a VPN you’re not identified by the servers you connect to, so they can safely not log any traffic and as such, law enforcement can’t ask to hand out data about a specific account because they don’t know which account did it. Same goes for logging the IP of the account, because again, they don’t know which account it is, and can’t force a service to log all users for the sake of finding one.

VPN and Tor and I guess i2p can disguise your IP address indeed.

It’s not true for mail services however, as the email address is your login and/or is linked to a specific account, forever and exclusively.

I’m not following what you mean by this ?

Source: the 3 first words of my comment…

https://disroot.org/en/privacy_policy Section 4.1

You’re the ones defending a service yet you don’t know that. Seems like someone who just found out the service can do better research. But hey, thanks for not being overly aggressive and claiming to know everything like this other guy.

I simply asked you a question and thanks for pointing out more details. I have decided to trust Riseup and Disroot for reasons in the past. It is up to me to care about my privacy and security when there is the need for it. Other people will use Google Gmail with GnuPG, that up to them.

“helped” is very misleading. Companies can’t refuse to provide information they have when served a search warrant / court order. These companies DID NOT choose to provide the info on their own.

You are suggesting all these companies are completely helpless against legal requests. That is not correct. A company should first make clear that the legal request is actually completely legitimate and correct. After that they can look at whether they should provide the information or not.

See the data here :

• https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain
• https://cdn-resprivacy.pressidium.com/wp-content/uploads/2024/05/Proton-Mail-logs.png

Serious topics like privacy and self improvement have become very similar in people’s perception. They are also just another thing to consume, as unhinged as it sounds. Everything must be consumed, everything must be rented. Everyone must live in a distorted perception of “safety”, whose harbingers are fucking western corporations. It is insanity and it must be prevented from taking over Lemmy’s communities atleast on main .ml instance, and I will do what is needed to prevent that, in places I moderate.

👍

Law can be different per country and when there is nothing to hand over, then there is nothing. Here is an example of Mullvad : https://mullvad.net/sv/blog/update-the-swedish-authorities-answered-our-protocol-request

Their privacy policy. They log IP addresses and are not immune to legal actions, and as such, are not really better than Proton in terms of legal actions

They log IP addresses ? Source ?

PGP doesn’t protect anything but message contents.

Indeed, be careful with choosing your email subject line when using GnuPG to encrypt.

Additionally, if you key it compromised all of your messages are compromised.

Yes, maybe for some people it is. I once knew a person who created a new GnuPG key every few months. It is also recommended in some howtos that making your key never expire is a bad idea.

By the way, for all readers interested in using GnuPG, FSF updated their Email Self-Defense guide this week. https://hostux.social/@fsf/112405348416810419

It is very strange to me that Lemmy users are behaving in a reverse manner to how they should. Are they too young? Or are they too bad at privacy game, believing all this Proton/Graphene/Brave and whatever else is trendy?

It is indeed probably a new and young generation preferring to watch videos on their smart phones rather than reading from a desktop computer. YouTube (with its influencers and content creators) is very popular and that is unlikely to change any time soon. Problem is that getting privacy and also security right is not that simple. Take for example the Riseup and Disroot comments in this thread. I trust Disroot and Riseup to do the right thing, and I bet that handing over personal data would be about the last thing they would ever do. I guess this is difficult to understand for people who have nothing at all in common with activism and for that matter anti-capitalism.

I just used gThumb recently to try to post something I had inverted, but posting it to sopuli/lemmy scrubbs the exif data and it was posted as if I didn’t do anything.

Yes, uploading to Mastodon and Lemmy will likely automatically wipe EXIF data by those sites.

So, gThumb uses exif data to modify pictures which is likely what is added.

*What alternative are you using?

For image cropping I’ve switched to Gwenview which I’m pleased with.

Exactly! I am not saying that Proton is some kind of virus but lots of folks are screaming “Proton! Proton!” (and “You have to think for yourself!” - Life of Brian) as if it is the only answer for privacy and security.

Riseup exists since about 1999 and is like Disroot non profit with focus on activism. Proton is like some other companies, I think, a response to the Snowden revelations, which is iirc 2013, a time after which self-hosting email (e.g. Mail in a box) became topical for a while and several other new email companies started to pop up.

Your email relay or Beehaw could be “hacked”.

I’ve never heard of those 2 providers and they don’t seem to be any better.

You never heard of the other two providers but yet you already draw the conclusion that they don’t seem to be better. What does “better” mean to you in this context ?

All the commenters suggesting that Proton is just a company and would always give in to legal requests and all other companies and any email provider would do the same, here’s some more to add. Yesterday I saw a now invalid toot comment from ProtonPrivacy on Mastodon Social where they wrote that it was Apple who was to blame and that Proton gave the recovery email address only because this was a case of a terrorism suspect suggesting that if that (terrorism) was not the case they would not have given in to the request. Today their comment sadly gives a 404 error. Searching a bit further this article comes up mentioning Proton and Wire :

• https://www.elnacional.cat/en/politics/judge-garcia-castellon-accuse-mossos-police-officer-tsunami_1202609_102.html

In the new resolution, the National Audience judge recalls that in January, in a judicial report he issued on the case, he highlighted a conversation from July 12th and 13th, 2020, about the king’s visits, which was included in the Tsunami investigative evidence, and of which he admits that until that point he had not made reference in his investigation which extends over the period from 2016 to 2022. Specifically, one of the people under investigation, the Girona businessperson Josep Campmajó, spoke to the figure named Xuxu Rondinaire, with profile @marietadelulllviu, about mobilizations in 2019, using the Wire messenger app. The judge has asked for the identification of this person, information now obtained by the Civil Guard, which details that they used Europol to ask the Swiss authorities for the Wire firm to identify the person behind this pseudonym, with a profile that is also used in Proton Mail, an encrypted email system. In the police cooperation form requesting the information, the Spanish officers indicate to the Swiss authorities that the investigation is for the crime of terrorism.

https://www.theguardian.com/technology/article/2024/may/07/jack-dorsey-quits-bluesky-board-urges-users-stay-elon-musk-x-twitter

Earlier on Saturday, he unfollowed all but three accounts on X: Edward Snowden, Stella Assange, the wife of the WikiLeaks founder Julian, and Musk.

“Don’t depend on corporations to grant you rights,” Dorsey tweeted. “Defend them yourself using freedom technology. (you’re on one).”

Despite his promotion of alternatives to the site he founded, Dorsey has publicly shared his admiration for Musk. In 2022, he called the multibillionaire the “singular solution I trust” for the future of Twitter, though a year later he criticised Musk for his “fairly reckless” moves after taking control of the site.

This comes a few days after Jack Dorsey confirmed that he had left the board of Bluesky and then starting to use Tw(X)tter and calling Tw(X)tter “freedom technology”. Coincidence ?

The moment your VPN app starts it will change gateway and name servers for your host. If the virtual NIC of your VM is bridged with your host I would expect it to work fine for the VM. Is this with KVM or Qemu or VirtualBox or something else ? How is networking configured ?

Proton is the only one I know of who takes mailed cash.

Proton accepts payments via postal mail you mean ? Posteo and mailbox.org do that.

the two you suggested though are US based though.

Disroot is in Europe.

• https://disroot.org/en/about
• https://disroot.org/annual_reports/AnnualReport2023.pdf

Apparently it’s (by default) everything that doesn’t explicitly specify a license (especially a FOSS one) within the javascript code of the page, which is a ridiculously huge portion of JS on the internet.

It is never to late to start something and make people aware of problems and as far as I am concerned not only about software licenses but JavaScript as a security problem.

Disroot stopped using RainLoop long time ago when people became aware of a security bug in RainLoop and the fact that the RainLoop project appeared to be dormant. I think Disroot switched to SnappyMail, and then to Roundcube.

Long time ago Riseup, focused on activists, required two invite codes, probably to avoid abuse. They’ve relaxed it with asking for only one invite code. You should imho not be asking for invite codes on the Internet but ask your activist friends or read this : https://support.riseup.net/en/knowledgebase/1-accounts/docs/13-how-do-i-get-an-account

https://www.gnu.org/software/librejs/

um I don’t use a vpn. Please tell me why I should use a VPN.

It is up to you to use a VPN or not. Some people use a VPN to watch regular TV series which are blocked in their own country. Some people, like myself, despise the ad- and tracking- exploitation industry, other people may want to download e-books from anna’s archive or simply do not trust their ISP. Other people live in countries where their government is very oppressive and intends to arrest and torture any critical voices.

I have nothing to hide.

Reminds me of : “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

Recommended viewing : https://piped.video/results?search_query=Shoshana+Zuboff

That reminds me : Last time I tried Garuda Linux it came with a local Whoogle instance.

No need to have an account. https://packages.debian.org/search?keywords=riseup