Last two weeks every time I use Piped I am getting error "Sign in to confirm you are not a bot". It happens on every instance and videos work very rarely. It seems like Google enforces you to log in if you try watch lot of videos from one IP. I hope this will not be end of Piped and there will be solution for this problem.

Upd. I got similar problem on Invidious recently

Do i need to wipe the private volume for the template vm if so how?

EDIT: I figured it out was because the template vm changes dont take effect until the template is shutdown. Took me way to long to figure that out.

A lot of services support passkeys. Microsoft even has an option to make my account "passwordless". Since they are more secure than passwords, will you be switching some / most of your accounts to passkeys any time soon? Interested to hear everyone's thoughts on passkeys. 🔑

Did you know? Despite claiming to block all cross-site cookies out of the box, Firefox automatically allows Google to use them in your browser should you log in to one of their services.

The browser only lets you know about this once it happens, and it's on you to notice the permissions icon appearing in the URL bar. There is a link to a paragraph on a help page explaining this behaviour, but it seemingly goes unmentioned pretty much everywhere else on the internet.

This surprised me, especially considering Firefox's stance on privacy. I was even more surprised that this is done without consent. If this is for usability, Firefox should at least warn the user before this happens.

I highly recommend disabling JavaScript by default in your browser and then whitelisting the websites that you use frequently and need JavaScript to function.

The privacy benefit of this is that when you read articles online or visit new websites, most of the time it will not need JavaScript to function which will stop loading a lot of ads and tracking scripts.

The security benefit here is massive, first if you visited a bad link that contains a malware that is dependent on JavaScript it would not work, secondly if you visited a link for a service that you use and JavaScript did not work there, then you can see in real time that this is a fake page and not the real websitewebsite you intended to visit.

Bonus tip: try to replace the unnecessary websites that can't work without JavaScript and you need by JavaScript free websites or open source apps.

Disclaimer: Stay cautious. This recommendation will improve your privacy and security, but it does not protect you from everything.

https://github.com/umutcamliyurt/FaradayTester

Yesterday I purchased a custom .eu domain, only to find out that eurid does not redact the owner's email address. Obviously I'm not comfortable with using an actual email address on a secondary domain.

Any opinions on using an alias as the domain owner's email address? Or should I simply switch to another TLD which does support full whois privacy?

Thanks for feedback.

It seems like Michael Bazzell's new book edition was released without much fanfare. I like the reorganization but have to say there isn't a lot that is "new" for me in the first half (computer, mobile device, firewall, virtual machines)--although, full disclosure, I already had all of the topic-specific supplements for these chapters, which were released over the last year. I am just getting to chapter 20 now and found the sections on mailing addresses and trust / estate management much improved. I really hope the podcast comes back. I am curious for the thoughts of others.

Hi,

anyone come across and used the Polycentric + Harbour option for managing digital ID? What do you think about it? Does it really manage IDs in a private and secure way? I came across FLUTO who seem to be great promoters of "software for the benefit of humanity" but you always wonder how much you can trust these thrid parties ... when they decide to sell your data?

https://content.govdelivery.com/accounts/USDODDC3/bulletins/2e03518

Molly has at rest encryption with a password

A little old but interesting non the less

Does anyone have experience with a good privacy-focussed VPS provider? What do you recommend?

I've been using 1984 for quite a while and they have been solid but they have just put their prices up. It's still affordable but I thought it would be a good time to have another look at what else is out there.

"Signal is being blocked in Venezuela and Russia. The app is a popular choice for encrypted messaging and people trying to avoid government censorship, and the blocks appear to be part of a crackdown on internal dissent in both countries..."

"The United Nations approved its first international cybercrime treaty yesterday. The effort succeeded despite opposition from tech companies and human rights groups, who warn that the agreement will permit countries to expand invasive electronic surveillance in the name of criminal investigations. Experts from these organizations say that the treaty undermines the global human rights of freedom of speech and expression because it contains clauses that countries could interpret to internationally prosecute any perceived crime that takes place on a computer system..."

I'm thinking of configuring a VPN in my router so that all traffic runs via Mullvad, just trying to consider if there are any downsides to this?

If I buy Mullvad via the onion site with Monero, obviously there's no link to me, and they appear to keep no logs, as has been tested. In any case I trust them to keep no logs more than my ISP and government.

I do already have ProtonVPN but it's attached to my debit card details, my email address, and name etc. No need to give them all my traffic too.

I know I can still be tracked by browser fingerprint and IP but I'll be one of many users using the same Mullvad IP and I also employ adguard DNS, anti fingerprinting on my browsers etc.

My threat model is generally removing as much passive data gathering and tracking as possible, corporate or state. My threat model does not include active investigation from the law enforcement or state

I see quite a few people claiming that Graphene OS is the only way to stay private on Android or that anything but Graphene OS is insecure. In this post, I will describe why I personally do not care for Graphene OS and some alternatives I would suggest.

First off, let's address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself. In fact, AOSP has a very good track record. If you get malware on your device, you most likely can just uninstall it. For reference, here is the Android security page: https://source.android.com/docs/security/features

There are some Graphene OS unique security features. For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven't seen a need for it much in the real world. The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP. It is also nice that device identifiers are restricted from a privacy perspective. However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.

One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn't going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn't a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.

Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn't mean it isn't private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.

I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.

One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don't like.

Here is a page that isn't written by me that sums it up: https://opinionplatform.org/grapheneos/index.html I think their take is fairly extreme, but I agree with them in many ways. I also understand how upsetting it can be to be censored.

I know the title sounds like a paradox, but let me explain:

In Feb '21 I deleted all my Meta related accounts in a first step towards moving away from big tech. Removing whatsapp was kind of a big deal over here but I managed to get close family and friends over to Telegram and Signal and resorted to text messages with other contacts. I've been enjoying the peace and quiet but it's been a hassle for everyone around me. Invites to parties, big news or announcements always had to be relayed through somebody else. Last week a dear friend passed away and because that news had to be rleayed to me too i think its time to go back again.

And now for my question: is there a way to run whatsapp on your phone while respecting privacy? I know it sounds crazy but I was thinking there might be a way to run it in a sandbox or closed environment of some sort. Im running LineageOS on my phone and I dont mind tweakin around a bit.

Because I live in the EU i was putting my money on the DMA, it was my understanding that the DMA would make it possible to send telegram messages to whatsapp, whatsapp messages to signal and in this way get in contact with anyone on any platform you'd like. When the DMA went into action in the beginning of this year it became clear pretty soon it would only be a one way street; all messenger services would be able to contact whatsapp, because that is the biggest player. Half a year down the line and I havent been seeing any news about it anymore. Does anyone have an update? Will it ever be possible to chat crossplatform?

Banking apps seem to be a motif among things that don't play well with privacy ROMs. My bank's website does everything I could want out of it. I think I might be ignorant to something.

• What about banking apps is especially compelling?
• How often do banks put must-have features behind an app?
• And should I be concerned that banks might move away from offering services through browsers?

I know, its not really something with privacy but, I want to get people more involved in or getting more interest in privacy, and maybe advertise for privacy with stickers. Well mostly to give to people and to stick on my laptop. Do you know some website (in the EU) where to get those?

I've been reading through Signal's government requests and couldn't find a similar section on Mullvad's website. I'd be curious to read about them if there are any. It would seem unlikely to me that Mullvad has never received any kind of court order for information about a user.

(Please don't downvote just because I need some help.)

I was once a privacy nut. But it's getting so hard nowadays, and there are so many more important problems -- global warming, AI, the inevitable collapse of the current world order... how does privacy improve the world? Please help remind me.

I do approve of privacy, of course. All this protect-the-children flak is bullshit. I just can't remember why I thought it was something worth fighting for and preaching about.

I'll start by stating my threat model is avoiding corporate tracking, profiling, and analytics. For anything beyond that scope I believe tor is ideal.

Correct me if I'm wrong but my understanding is that Newpipe is a frontend to provide an alternative to the awful YouTube app and/or youtube account. However, your IP along with other device information may still be exposed to google servers. Any ideas as to what info beyond IP is sent to google?

Whereas invidious instances act as a proxy in addition to what is offered by Newpipe, but you are trusting your privacy to the instance owner.

My idea for utilizing these services is the following: Newpipe for managing subscription based YouTube viewing. Google would have my IP, but this IP would be a VPN IP address that periodically changes. Much more reliable than invidious and better quality. App is great.

Invidious for random video searches as well as content I may want to be slightly more cautious about associating with.

I'm looking for feedback on this conceptual setup. I've also been considering making a public invidious instance that I can use but hopefully obfuscates my viewing through its usage by others.