You can play youtube without ads via adguard, but you’ll have to do it everytime you watch a video (via options). Kind of a hassle, but it works. Firefox Focus also seems to be able to avoid ads most of the time.

I have one of their travel routers. Is there an alternative that ships with vanilla openwrt out-of-the-box?

Yes that’s the gist of it. You can even visualize it by using tables or charts. The goal is to identify the assets you want to protect and what threats you are protecting them against.

Am I missing something in the link? I see the url yes, but I only see the quote of him endorsing startmail. Is there any other info on what kind of partnership they have? Genuinely curious because I use startpage a lot and will definitely stop if this is true.

It looks like they got that list of tips from the EFF, who created Privacy Badger. So it’s not surprising they only recommended theirs. I agree though that they should include uBO in the list.

Choosing Norway as my location seems to work. Note that I’m using rdx to browse, but the vpn blocking affects it all the same.

Mullvad for VPN, Bitwarden for password manager.

Oh wow I think I had an account with them but it was so long ago I don’t remember my account details nor any of the photos I uploaded.

The EFF also has merch: https://shop.eff.org/

It sounds to me you are dealing in absolutes. When someone gives advice saying you don’t need to worry about that based on your threat model, that’s exactly that, nothing political about it. That’s the point of a threat model, so you can balance privacy with convenience and allow yourself to prioritize what you need to protect. It doesn’t mean you don’t care about privacy at all.

You also need to remember that security/privacy is only a fraction of the tech industry. Not everyone involved in tech is privacy conscious, just like why there are appsec teams to make sure devs code securely.

When you start talking about “grapheneos, qubesos, intel me” to the average person, you will obviously be looked at as either a nerd or a paranoid person depending on how you approach the subject. Imagine a non-techie person posts in this community saying they want to start taking steps to improve their privacy and asking for advice. Responding with a wall of text about “grapheneos, qubesos, intel me” will just scare them away. That’s why the first thing people respond with is “What is your threat model?”, because you want context to give proper advice to fit their needs. Going nuclear on the first step is overkill and unnecessary.

Taking tiny steps to improve privacy and not going full hermit doesn’t mean you don’t care about privacy. Don’t let perfect be the enemy of good.

I never said I used AhaDNS. I just mentioned it because the last time I checked (years ago), they had a lot of filters to choose from. I personally use Mullvad’s DoH now.

I don’t have a personal list, but Aha DNS has a good collection of lists that you can mix and match.

When they realized they DO actually have something to hide, they moved the goalposts to now say nothing is private online anyway.

The conditions would be that all the controls that are in place to prevent it from happening are bypassed, which no one has proven yet. For example, Apple has developed their devices (assuming not jailbroken) in such a way where the camera and microphone usage indicators are hardwired and can’t easily be bypassed by software hacks. So if your phone was listening to you all the time, then the microphone indicator light would always be on. Listening 24/7 would also drain the phone’s battery and use up so much data it would be noticeable. Another example is Siri. It is actually designed in a way where there are 2 components. The first one is local on the phone and separate from the actual Siri component. It is what’s actively listening for you to call it. Once you call it, it then activates the actual Siri that transmits your voice inputs online.

No, your phone doesn’t listen to you 24/7. With that out of the way, there are a number of places where youtube may have gotten that info. One possibility is that someone in your household looked up the movie and maybe checked if stuff ripped from netflix is indeed full HD. And since everyone in your family is using the same NAT IP, then it’s easy for youtube to target recommendations at everyone in that household.

Are you sure you’ve NEVER shared the qr code with anyone? If so, what is it actually for? Because a qr code’s purpose is to be shared. If you’ve ever shared it before, people can have copies of it. I myself take a picture of a qr code and load it from my camera roll instead of directly opening the link from my camera, because I want to keep a copy of it.

Now if you truly haven’t shared it to anyone, then it is either a bug with whatever app, website, or mechanism you generated the qr code from and it’s alerting you; or it’s an IOS bug; with the former the more likely. Like others have said, this is absolutely not normal behavior on a non-jailbroken iphone. And to Apple’s credit, the iphone is pretty secure. This should be the order of steps before going nuclear:

• Find out if the source of the issue is the app or mechanism the QR code is using to alert you. Check if it’s a bug or it’s actually a malicious/rogue app.

• If that’s all good, clean up your phone. Check which apps have access to your camera and microphone, and disable anything you don’t need or trust. Delete apps if necessary.

• If that still doesn’t stop it, hard reset your phone.

cheap as hell

Is it really? For hosting your content, sure. But once you stand up a public instance, I can imagine storage costs would climb pretty quickly.

Orion is the only other choice. And to be fair, Safari with content blockers works fine too; but obviously it’s not an in-built adblocker that you are specifically asking.

Don’t use the mobile app and only use it in a FF container with uBO. This will limit your posting options though, as some stuff like reels are only available on the mobile app I believe.

Yep, my score went down when I paid off my car way earlier. So I get penalized for actually being better with managing my money, because they earn less in interest.

I use eufy as well. The only issue they recently had was that thumbnails were stored in their cloud if you chose to enable them on notifications. If you just select the text option, none of the footage is stored online and everything is local.

They download apps for all kinds of bullshit because all their friends and people they follow are on there. They won’t install a messaging app if none of the people they interact with are there. It’s not specific to messaging. I was able to convince my immediate family to move to Signal just for our family group chats. It’s not much but it’s a start.

+1 for veracrypt. Very convenient.

I use a box cutter to to cut a shallow square around the label, then tear it off. It’s much easier than peeling it off with your fingers.

Same, except I use Mullvad’s DoH for my phone and router.

Not a direct answer to your question, but you can use passphrases instead to make it easier and faster to type. This is assuming your only option to log on to your computer and unlock your screen is to type in your password (e.g. no biometrics or hardware token options).

I posted this before when another user posted a similar problem. Obviously yours is particular with google so some parts may not apply, but the gist is that you need to figure out your threat model.

You need to step back and review your threat model, then figure out the balance point between privacy and convenience/QoL. There is no such thing as complete privacy unless you go completely offline and live like a hermit. So something has to give, and your threat model will help you identify that. Figure out first what exactly you’re protecting, and from who. Then you can assess which ones you will deem non-negotiable when it comes to privacy, some where you can relax a bit in exchange for covenience (and this has levels as well), and lastly the ones where you have no choice because blocking something will make it cease to function. Having this threat model will also help you figure out what extent you would want to expose yourself depending on the service. Don’t put everything into the same tier because that will be impossible. Good luck.

This is the same for most businesses that offer customers to delete (or stop selling) your data. You have to fill out forms with a bunch of very personal information for them to delete your data, which is a hassle. You don’t even know what data they have on you and may very well be providing even more info than what they have just by requesting to delete it. IMO they should just ask for a name. Hell, if you have an account with them, then it should be straightforward to proceed if it’s requested by a user who is logged into their account. They can even send a confirmation email or something to ensure the account wasn’t compromised.

Not small, but I think you’ll have better chances with the mid level commuter cars. You’ll probably get some error messages on some of them, but if you can ignore them, they wouldn’t stop the car from running.It’s the high end ones and EVs that have a higher chance of bricking if you disable the antenna.

You need to step back and review your threat model, then figure out the balance point between privacy and convenience/QoL. There is no such thing as complete privacy unless you go completely offline and live like a hermit. So something has to give, and your threat model will help you identify that. Figure out first what exactly you’re protecting, and from who. Then you can assess which ones you will deem non-negotiable when it comes to privacy, some where you can relax a bit in exchange for covenience (and this has levels as well), and lastly the ones where you have no choice because blocking something will make it cease to function. Having this threat model will also help you figure out what extent you would want to expose yourself depending on the service. Don’t put everything into the same tier because that will be impossible. Good luck.

For people in this community, sure. Compared to the general population, not really. Imagine an international airport on a typical busy day. The number of people going through that aiport who are using burner phones is almost negligible.

While using a clean phone with nothing on it sounds like a good plan, it also looks very suspicious and can attract more attention. So take that into account when traveling regardless of the destination. Just like anonymization on your browser, the goal is to blend in, not stand out.

Honestly, it depends a lot on where you’re coming from and what you look like. And to be frank, it’s a little overblown to be paranoid enough to go that far, unless you are a high profile person of interest like a journalist or someone involved in politics. If you’re just an ordinary bloke going on vacation or attending a conference, you will be fine with basic precautions.

What about the IPv4 versions? I use Mullvad and ControlD on my router that only accepts IPv4 for DNS configuration.

You can maybe add a residual risk section as a way to assess what level of risk remains after implementing a control.

Not the exact (and only) solution, but some manufacturers may have a Do Not Sell My Information request form. Subaru has it on their website and I submitted a request for myself. Obviously we won’t know if they actually follow through, but it’s worth a shot. Some people have experimented with going in and actually disabling the antenna that the car uses for telemetry, but that’s at your own risk and likely voiding warranties in the process.

I think using carplay/android auto isn’t as bad since the infotainment system is just projecting your phone’s display, so your phone’s privacy policies apply. Whether you trust those policies is of course up to you. Cars that force their own systems (like GMC I think) are more risky because you are using it directly.

The first one (ads). I’m not a heavy user, but I don’t think I’ve ever seen ads or sponsored messages even in unencrypted chats. I use Mullvad’s DNS blocker.

Huh, I clicked the link and it’s blocked by my DNS content blocker. Have you tried using an adblocker on your phone?

I’m imagining cars like Framework laptops and you can install an open source OS of your own choice to operate it.

Unless they ask you for your reddit/lemmy account during the background check process and you willingly give it, I imagine they only go as far as checking social media accounts that are searchable with your known names, email addresses, and phone numbers on the major social media platforms. That’s if you keep your lemmy account relatively anonymous of course.

Same. I’m admittedly mostly a freeloader right now but this definitely will convince me to buy in.