Governments won’t scan all your pictures to figure out who you are, they are just going to ask (read: legally force) the website/hoster where you posted that picture for your IP address and/or payment info and then do the same with your ISP/payment provider to convert that into your RL info to figure out who you are.
And you might not be worried about your RL friends or coworkers but what about people you meet online? Everyone able to see your post on some social media site?
Nobody is going to scan all the pictures you post for some information that is going to be valid for a long time after it is discovered once. Governments and corporations have had the means to discover who you are once for a long time.
And you misunderstand my point, it always has been a way to compromise your privacy. Privacy matters most in the individual case, with people who know you. If you e.g. share a picture taken at your home (outside or looking out of the window in the background) with a friend online you always had to assume that they could figure out where you lived from that if there were any of those kinds of features in there.
Sure, companies might be able to do it on a larger scale but honestly, AI is just too inefficient for that right now, as in the energy-cost required to apply it to every picture you share just in case your location might be useful isn’t worth it yet.
https://www.youtube.com/@GeoWizard has a couple videos in a series where he guesses historic photo locations quite accurately too.
What is it with all kinds of companies building https://haveibeenpwned.com/ clones into their products lately?
It would literally be easier to add that capability to your own custom DNS server software. After all it is literally an “if query.name in blocklist then drop connection”. Even replacing results would be simple as long as DNSSEC is not involved. You wouldn’t have to add it though since all major DNS servers already include it because it is so simple and has legitimate uses, such as blocking malware control server names or ad blocking.
I mean the whole “put something in your profile/in a post” part that is pretty flimsy.
Also, non-techy people will not be able to use PGP at all, much less anything building on it that requires understanding of the trust relationships. Hell, even in a tech company we are having a hard time getting people to generate keys every couple of years.
As opposed to whom? Are investors in VC startups less compromised or more? What are the incentives in either case? Who do you trust to be competent and/or incompetent enough to compromise it without you noticing it? Who is likely to change a project that was well intentioned first after the fact? In what ways?
Paying for services and still not getting any privacy is largely a result of the equally naive attitude that a paid product is superior to a free one.
In reality neither free nor paid is an indicator of quality and a lot of the time enforced regulations are the only thing that can really prevent a company or organization from putting its own self-interest over that of the customer whenever possible (even though some companies and organizations might do so even without being forced to).
There is no such thing as a “VPN block”, only individual VPN protocols being blocked. “All of these protocols implement VPNs” is not something that can be recognized automatically by software. Conversely there is no such thing as a mechanism to prevent all kinds of detection of VPN traffic since it is bound to be noticeable that most of your traffic goes to a single or a small number of recipients.
DNSCrypt has been working pretty well for me.
Well, I was thinking more of the kind of anonymous comments you get on message boards like some of the *chan ones.