dngray

dngray, 1 month ago

Seems like a step up from “Covenant Eyes” with weirdo politicians sharing their porn habits with their children.

dngray, 1 month ago

Just be mindful decentralization doesn’t inherently mean there is privacy.

dngray, 1 month ago

It is, which is why I’m removing it. You can expect this from CNET, Techradar and bullshit outlets like that.

This is VPN marketing material mouth pieces 101.

dngray, 2 months ago

At this point I have to wonder whether the “Signal is CIA funded” narrative is not just butthurt Russian trolls mad at the fact it’s also used by spies and informants for secure communication.

dngray, 9 months ago

It’s probably also media’s fault for this. They only publish when a bad person does a bad thing on the internet with it, not all the millions of users who don’t do bad things. That would be boring.

dngray, 9 months ago

I don’t. I just run prefsCleaner each release and then updater.

dngray, 9 months ago

Not unless websites require certain features to be visible, that’s the major concern.

dngray, 9 months ago

Download Navi from F-Droid. It does not have as much web functionality as Vanadium

From the looks of it Navi is just a download manager, not an actual web browser.

For that reason, I use IceCat on computer.

But do you actually compile those binaries yourself. A lot of browsers are open source.

dngray, 9 months ago

Keep in mind Google Workspace has a significantly different privacy policy to Gmail and other consumer services. Data is not used for advertising purposes and is owned by you. They also warn you if you leave to a consumer service like YouTube.

Best bet would be to simply have a separate browser you’re not logged into your account with. Don’t do personal browsing with a company owned/educationally owned institution device.

• workspace.google.com/…/education_privacy.html
• edu.google.com/why-google/privacy-security/

dngray, 9 months ago

I know with standard setttings my isp see everything, but if i will use some encrypted dns what they will see exactly

Basically the same thing.

Encrypted DNS is not for privacy, it is for stopping someone from altering your queries basically, because normal DNS is not encrypted. Domains are exposed through other various methods we explain. Please see our website where we’ve gone to the effort to explain this www.privacyguides.org/en/advanced/dns-overview/ we have a flow chart that characterizes the above methods of obtaining the domains you’re requesting.

dngray, 9 months ago (edited 9 months ago)

GrapheneOS, CalyxOS, /e/OS, etc

I’m not sure that /e/ is as degoogled as you might think:

• web.archive.org/web/…/e-foundation-first-look/
• web.archive.org/web/…/e-foundation-second-look/
• web.archive.org/web/…/e-foundation-final-look/

We do think their phones are very pricey for what they are and not nearly as secure as something like GrapheneOS, ie lack of verified boot etc. Their cloud service is also not E2EE as far as I can tell, which you’d really expect from a “privacy service”.

Better to focus on using good products than be obsessive about Google.

dngray, 9 months ago

Skiff is another option to replace Gmail

Make sure you don’t depend on features like email clients. You also can’t use encryption like PGP so, that will mean that you’ll only have E2EE if you’re sending to other Skiff users. (There is no external E2EE with Skiff).

dngray, 9 months ago

Delete your accounts. Get a relay service (Firefox Relay, SimpleLogin, AnonAddy, etc.). Create new accounts with alias emails.

Also suggest reading this: www.privacyguides.org/…/common-misconceptions/#co…

For “known identity” do not use cloaking services, you’ll end up banned. Amazon does this for example.

dngray, 9 months ago

This 100%. It’s also worth looking at www.privacyguides.org/…/common-misconceptions/#co…

Don’t be obsessive about “degoogling” to the point where you pick worser alternatives that don’t have the features you require. Always test something out before doing a mass migration of “all your email” for example.

dngray, 9 months ago

Nordlocker is neither open source nor has it been audited. Tresorit at least has audits.

dngray, 9 months ago

You’ll still need email hosted by someone else, even if you are self hosting, in order to sign up to domain registrar etc.

It’s very poor idea to use the same domain for contact from a registrar.

dngray, 9 months ago

If you’ve got your own server imapfilter is perfect for this.

It can periodically log into multiple accounts and move/delete do anything with emails.

dngray, 9 months ago

No, they do not read your email, they’re very clear about this, that is mostly FUD pushed by privacy providers who lack ethical marketing standards.

We do not scan or read your Gmail messages to show you ads

If you have a work or school account, you will never be shown ads in Gmail.

When you use your personal Google account and open the promotions or social tabs in Gmail, you’ll see ads that were selected to be the most useful and relevant for you. The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you’re signed into Google, however we do not process email content to serve ads.

To remember which ads you’ve dismissed, avoid showing you the same ads, and show you ads you may like better, we save your past ad interactions, like which ads you’ve clicked or dismissed.

The place where Google makes the money is on the sites you visit with Google Adsense and your search terms being associated with a logged in Google account. Most people want to stay logged into their email (and thus their Google account), so that’s where the behavioral/adsense analytics comes in. Much fewer people use email clients these days.

dngray, 9 months ago

I always understood it as they don’t parse the actual details of emails (the body) to generate an add profile. It doesn’t mean they don’t track what websites you’re visiting whilst logged in though.

My guess to this is that it’s not accurate, for example email chains, or someone mentioning something that you have no intention of buying. As the email body is very unstructured it would be quite difficult to interpret whether those keywords should be added as an interest, having said that, with advanced AI that can parse context of a sentence they may just start doing that again if they can with accuracy.

dngray, 9 months ago

KeyPassXC is super easy

One of the things I dislike about KeepassXC is that it exports to a unstructured CSV file, whereas Bitwarden exports to JSON. It’s a lot easier to use something like jq to parse a JSON structure, if you want to import it somewhere as opposed to dealing with CSV files.

I also found the importer for Keepass CSV in Bitwarden didn’t import my “notes” and I had to individually check that for each record.

dngray, 9 months ago

We have a website too www.privacyguides.org/en/real-time-communication which has decisions based on a privacy and security related context.

One of the main requirements there is that recommended instant messengers undergo auditing.

dngray, 9 months ago

ungoogled chromium exists

The reason is they have proper build infrastructure managed by the Brave. With Ungoogled Chromium the binaries are produced by third parties, vary in version etc. People claim they would only use “open source software” but they do download binary versions nevertheless and don’t compile that code themselves. This increases the risk of a supply chain attack, where a malicious binary is submitted and nobody has really knows until it is too late. The other issue is they disable CRLSets because of “google hate” which we think actually increases the likelihood of a MiTM attack occurring because rogue certificates are not detected and invalidated as quickly as they could have been.

This article describes a few other things qua3k.github.io/ungoogled/

dngray, 9 months ago

Ungoogled Chromium is my current favourite

The reason we don’t recommend Ungoogled Chromium and instead recommend Brave on the privacyguides.org website is because they have proper build infrastructure managed by the Brave. With Ungoogled Chromium the binaries are produced by third parties, vary in version etc. People claim they would only use “open source software” but they do download binary versions nevertheless and don’t compile that code themselves. This increases the risk of a supply chain attack, where a malicious binary is submitted and nobody has really knows until it is too late. The other issue is they disable CRLSets because of “google hate” which we think actually increases the likelihood of a MiTM attack occurring because rogue certificates are not detected and invalidated as quickly as they could have been.

This article describes a few other things qua3k.github.io/ungoogled/

dngray, 9 months ago

Except we’re transparent as to why and Burung Hantu (Marco Wollank) (current owner of PTIO) is not.

dngray, 9 months ago

Brave is still Chromium in a new coat of paint and you’re still aiding Google in their domination of web standards.

That is a little unfair tbh, they do quite a lot, such as their privacy shields, including the script blocking one which is basically like NoScript.

They also do some work on anti fingerprinting tech and other things along that vein.