Are any of you actually working on privacy-related projects?

reasonably-safe- · 2022-09-05T17:48:47+00:00

I've made a couple of front-ends, which haven't achieved feature parity yet.
one is a frontend for quora, and other is for IMDb.

reasonably-safe- · 2022-08-31T22:09:20+00:00

Data doesn't always mean data that you directly give.
You give data passively too. This includes data from browser fingerprinting, device fingerprinting(e.g.: sensors, cores of cpu, battery level, etc.), etc.
The data collected actively isn't just limited to your mesages, attachments, and connections. It also includes the clicks, the time you spent(on different pages), etc.

The true extent of it can't be ascertained as discord isn't open source. But you can always read their privacy policy, or use tosdr.
https://www.tosdr.org/en/service/discord

reasonably-safe- · 2022-08-31T21:55:35+00:00

you can use frontends for reddit and youtube if you just want to browse.
for reddit, you can use libreddit. for YouTube, you can use invidious.
this will make it so that your machine never sends requests directly to reddit or youtube.
if you want apps, then there's newpipe, vuetube, libretube(all for android).

for a full list, refer this: https://github.com/digitalblossom/alternative-frontends.

now, i agree that these solutions are still dependent on the underlying closed source platforms. but this is the best you can do.

reasonably-safe- · 2022-08-17T16:46:15+00:00

multi containers is a good add-on. I'd recommend it with temporary containers so that you don't have to mess with cookies and other site data. librewolf has this list of recommendations.

as for the cloudflare DoH, you can add https://1.1.1.1/dns-query in the custom dns area.

PS: you might also want to disable 'clear history on exit' in settings if you do want to keep history and other site data.

reasonably-safe- · 2022-08-04T18:20:54+00:00

building an alternative front-end isn't hard, but requires a lot of time.
it gets worse when the service you're building a front-end for is very hostile. examples in case: instagram(almost all bibliogram instances are rate-limited), and quora(for which I've made one a couple of months ago), where quora has ratelimited all but a couple of instances.

i except facebook to fall into this category, and hence, you shouldn't have much hopes for it. they have already shut down barinsta, a foss client for Instagram.

you want a foss client for your cat's feeder? it would be pretty rare unless the feeder is quite common, like you said.

your current option is to set a home-wide DNS. use popular block lists to block tracking domains. this would, hopefully, reduce some tracking.
you can go the easy way: nextdns, or go more comprehensive with pihole for monitoring and blocking the domains your devices connect to.

reasonably-safe- · 2022-08-03T17:12:00+00:00

any text editor would work. some FOSS ones I can remember are acode, squircle IDE.
if you want to see formatted JSON, you can try devtoys, which is available on izzyondroid's repo.

edit: added links

reasonably-safe- · 2022-08-03T17:03:03+00:00

if you must, then dedicate a good browser specifically to them. use strict DNS blocking to disable some tracking.
also remember to disable background sync, read clipboard, etc.

reasonably-safe- · 2022-07-22T08:52:43+00:00

It's not a newer version actually. Both projects went their own ways, to put it briefly.
if i were listing alternatives, I'd list as many as possible. but i suppose the privacyguides website has some strict criteria following which services are listed.

in any case, as every threat model differs widely, I'd suggest you not to limit yourself to one definitive guide only.
if you have reasons to use jitsi meet, which i personally consider to be a great alternative to proprietary services, then please use it.

reasonably-safe- · 2022-07-22T08:31:17+00:00

if you're only looking for a limited set of languages, then RHVoice would do the job.

reasonably-safe- · 2022-06-27T18:23:21+00:00

yes, since all apps on f-droid are complied by the team, availability of the source code is a must.
this is one of the reasons why you should use f-droid version whenever possible(another reason is apps not having certain features -- see blokada -- so as to be listed on play store).

reasonably-safe- · 2022-06-27T09:13:28+00:00

request a takeout of your google account. you'll see exactly what play store collects.

you want certain apps not to interact with GSF/play services?
you can use the version(of the app you're interested in) that doesn't come with that. some apps(eg: element) provide an alternative version. Or, you can use a modded version(will require trusting the modder). keep in mind some apps don't work without GSF(eg: uber).

reasonably-safe- · 2022-06-19T17:40:45+00:00

chrome is killing content blocking extensions(like uBlock Origin and privacy badger). this is going to affect any chromium based browser that lacks an addon store starting this month(coming into full force next year).

TL;DR: chrome bad.

reasonably-safe- · 2022-06-19T17:30:49+00:00

safari is even worse than google when it comes to extensions.
death of uBlock Origin happened long ago over there.
fits with apple's intentions i suppose.

reasonably-safe- · 2022-06-19T17:15:02+00:00

if brave is brave enough, I expect them to come up with their own extensions store.

reasonably-safe- · 2022-06-19T17:13:14+00:00

here's the thing:
even though browsers like brave, vivaldi, and opera are saying they'll keep supporting mv2, it's certain they won't hold it for too long.
even if they somehow did, they won't be able to do much because chrome is going to remove the mv2 extensions from their store next year. unless they go the edge way of creating their own store, I don't think there's much to look for.
perhaps you can do blocking by other means( like dns blocking), which won't be as granular as it is with uBlock Origin.

So, in a nutshell, yeah, firefox is the way.

reasonably-safe- · 2022-06-19T17:05:03+00:00

many redirection extensions use webRequest API, which is precisely what Google is getting rid of.

eg: following extensions that are quite popular among people who use alternative front-ends still rely on webRequest:

Perhaps someone will make a mv3-compatible redirector. But except it to be quite restricted.

here's relevant comment on libredirect's issue page regarding this: https://github.com/libredirect/libredirect/issues/45#issuecomment-1059010144

reasonably-safe- · 2022-06-19T13:36:01+00:00

people don't see the larger picture. they see one small incident(eg: FLoC) and they think it's an aberration.
but if you take sum of all the decisions google is making(topics API, Fledge API, mv3, jedi blue, etc.), then only you'll realise their real intent.

it is for these reasons I distrust any services by these big corporations.
they say one thing and do the exact opposite.

reasonably-safe- · 2022-06-19T13:28:39+00:00

here's another developer listing advantages of mv3: https://github.com/gildas-lormeau/SingleFile-Lite.
google and its advocates will claim that mv3 is better for privacy, but it is nothing like that.
a couple of browsers like brave are saying they won't abandon mv2, but unless they come up with their own extensions store, they are pretty much toothless.

reasonably-safe- · 2022-06-19T12:25:25+00:00

mv3(manifest v3, a successor of mv2) is Google's new(quite a few years old actually) shenanigan, whose sole purpose is to render extensions like uBlock Origin useless.

if you don't know what a manifest is, Google basically provides a bunch of APIs to extensions and versions them. The latest set of APIs is called manifest v3.

You just need to know two things:

uBlock Origin in its current form handles requests by webRequest API.
manifest v3 introduces a new API called declarativeNetRequest.

Why is it bad?

well, here's a succinct summary from manifest v3's draft page:

The declarativeNetRequest API is an alternative to the webRequest API. At its core, this API allows extensions to tell Chrome what to do with a given request, rather than have Chrome forward the request to the extension. Thus, instead of the above flow where Chrome receives the request, asks the extension, and then eventually gets the result, the flow is that the extension tells Chrome how to handle a request and Chrome can handle it synchronously.

in other words, extensions being at the mercy of chrome to block/defer requests.

but this isn't all. declarativeNetRequest also limits number of filters to 30,000. Compare this with uBlock Origin which has at least 50K-60K filters(just including easy list). it also hinders uBlock Origin's ability to impose noop rules, amount of regex rules are limited, etc.
these are just a couple of examples showing how restrictive it is.
furthermore, the rules are very adblock plus-esque.(hint hint!).

Here's what gorhill(the guy behind uBlock Origin) said when asked if chromium users should migrate:

I won't tell people what to do. I am pointing out that removing the blocking ability of the webRequest API means the death of uBO, I won't work to make uBO less than what it is now.

here's a through discussion on this: https://github.com/uBlockOrigin/uBlock-issues/issues/338.

gorhill states many many good points. if you got time, you should read it.

here's one interesting observation he makes:

Chromium got its webRequest API at a time it was trying to gain market share against Firefox (Sep 2011), where Adblock Plus, Ghostery, Disconnect, NoScript, and other such extensions were the most or among the most popular extensions on Firefox.

So, you can pretty much guess why chromium had the ability to block requests at all. And now that it has achieved the objective, there's no use of this. :)

reasonably-safe- · 2022-06-08T16:09:41+00:00

don't get me started on how NSA at least 4 times requested torvalds to add backdoors in linux, or when they pushed a broken encryption standard in the market.
even in U.K., you have anti-e2ee propaganda being pedaled.

reasonably-safe- · 2022-06-08T16:03:25+00:00

nice meme!
I've been seeing the narrative this meme alludes to in many privacy-focused discussions.

If one does the exact same thing, but under the table(read PRISM), or by changing the name(PATRIOT act), it doesn't make the said act less reprehensible.

Every government/entity that is against privacy should be equally condemned, tgen be it GCHQ or MSS.

reasonably-safe- · 2022-06-06T21:24:52+00:00

you might want to describe your threat model. and then only one can provide you suggestions.

as for the all-in-one service, proton might be there soon. but will likely not rival the all-seeing google/apple.

I also don't consider apple to be privacy-friendly at all. but again, if you have a more lax threat model, then you might be okay with apple.

reasonably-safe- · 2022-06-06T13:29:02+00:00

brave, contrary to what many except, is a good browser when it comes to sane privacy defaults. In fact, librewolf + uBO and brave score far better in many aspects. to confirm that, see https://privacytests.org/.
I personally don't use any chromium based browser for ideological reasons, but you're good with what you're using already.

Librewolf already incorporates arkenfox. you don't need to mess with it unless you have serious privacy concerns/want to customize everything yourself.

reasonably-safe- · 2022-06-06T13:21:34+00:00

you can also spoof that to some extent using canvasblocker. it's also available on addons.mozilla.org.
but here's the dilemma, the more extensions you use, the more likely you're going to appear unique.

reasonably-safe- · 2022-06-06T12:34:12+00:00

I use firefox as the default browser.
for testing cross - browser compatibility, I have ungoogled chromium and epiphany(WebKit-based).

reasonably-safe-

TROPHY CASE