Privacy

1763 readers
396 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No reposting of news that was already posted
  4. No crypto, blockchain, NFTs
  5. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 4 months ago
MODERATORS
1
 
 

cross-posted from: https://lemmy.dbzer0.com/post/36880616

Help Combat Internet Censorship by Running a Snowflake Proxy (Browser or Android)

Internet censorship remains a critical threat to free expression and access to information worldwide. In regions like Iran, Russia, and Belarus, journalists, activists, and ordinary citizens face severe restrictions when trying to communicate or access uncensored news. You can support their efforts by operating a Snowflake proxy—a simple, low-impact way to contribute to a freer internet. No technical expertise is required. Here’s how it works:


What Is Snowflake?

Snowflake is a privacy tool integrated with the Tor network. By running a Snowflake proxy, you temporarily route internet traffic for users in censored regions, allowing them to bypass government or institutional blocks. Unlike traditional Tor relays, Snowflake requires minimal bandwidth, no configuration, and no ongoing maintenance. Your device acts as a temporary bridge, not a permanent node, ensuring both safety and ease of use.


Is This Safe for Me?

Short answer: Yes.

Long answer: pobably. Here is why:

  • Your IP address is not exposed to the websites they access. So, you don't have to worry about what they are doing either. You are not an exit node.
  • No activity logs. Snowflake cannot monitor or record what users do through your connection. The only stored information is how many people have connected to your bridge. Check docs for further info on this.
  • Low resource usage. The data consumed is comparable to background app activity—far less than streaming video or music.
  • No direct access to your system
  • No storage of sensitive data. Snowflake proxies do not store any sensitive data, such as IP addresses or browsing history, on your system.
  • Encrypted communication. All communication between the Snowflake proxy and the Tor network is encrypted, making it difficult for attackers to intercept or manipulate data.

You are not hosting a VPN or a full Tor relay. Your role is limited to facilitating encrypted connections, similar to relaying a sealed envelope.

Your IP address is exposed to the user (in a P2P-like connection). Be mindful that your ISP could also potentially see the WebRTC traffic and the connections being made to it (but not the contents), so be mindful of your threat model.

For most users, it is generally safe to run Snowflake proxies. Theoretically, your ISP will be able to know that there are connections being made there, but to them it will look like you're calling someone on, say, Zoom.

Historically, as far as we know, there haven't been any cases of people getting in legal trouble for running entry relays, middle relays, or bridges. There have a been a few cases of people running exit nodes and getting in trouble with law enforcement agencies, but none of them have been arrested or prosecuted as far as I know it. If you are aware of any cases, let me know so I can update this post.

Do not hesitate to check Snowflake's official documentation for further reference and to make informed decisions.


How to Set Up a Snowflake Proxy

Option 1: Browser Extension (Brave, Firefox, or Chrome)

  1. Install the Snowflake extension.
  2. Click the Snowflake icon in your browser toolbar and toggle "Enable Snowflake."
  3. Keep the browser open. That’s all.

Note: Brave users can enable Snowflake directly in settings. Navigate to brave://settings/privacy and activate the option under "Privacy and security."


Option 2: Android Devices via Orbot

  1. Download Orbot (Tor’s official Android app).
  2. Open the app’s menu, select "Snowflake Proxy," and toggle it on.
  3. For continuous operation, keep your device charged and connected to Wi-Fi.

Your device will now contribute as a proxy whenever the app is active.


Addressing Common Concerns

  • Battery drain: Negligible. Snowflake consumes fewer resources than typical social media or messaging apps.
  • Data usage: Most users report under 1 GB per month. Adjust data limits in Orbot’s settings or restrict operation to Wi-Fi if necessary.

Why Your Participation Matters

Censorship mechanisms grow more sophisticated every year, but tools like Snowflake empower ordinary users to counteract them. Each proxy strengthens the Tor network’s resilience, making it harder for authoritarian regimes to isolate their populations. By donating a small amount of bandwidth, you provide someone with a critical connection to uncensored information, education, and global dialogue.

Recent surges in demand—particularly in Russia—highlight the urgent need for more proxies. Your contribution, however small, has an impact.

By participating, you become part of a global effort to defend digital rights and counter censorship. Please, also be mindful of your threat mode and understand the potential risks (though very little for most people). Check Snowflake's official documentation for further reference and don't make any decisions based on this post before taking your time to read through it.

Please share this post to raise awareness. The more proxies, the stronger the network.

– llama

2
63
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]
 
 

It's hard to make the full switch towards a more private life, but switching your mail already fixes a big underlying issue: that being, Google or other companies having access to all your emails. So, I'll cover the basics of making your online mailing more private.

Switching Mail Providers:

Your email is a big part of your online footprint and helps you keep track of your online identity. So, in order to keep that to yourself, I encourage leaving services like:

"Gmail" or "Outlook",

for others like:

"ProtonMail" or "Tutanota".

This is already a big step towards keeping all your emails private and safe. Both of these are free and respect your privacy on their free tier, but expand in features with paid plans. This takes time, as you have to switch your email on most accounts to this new email.

For the best privacy, you should delete most accounts and create new ones with this new email or with aliases. Some people, like myself, prefer to have multiple emails over aliases. For example:

(Self-hosting your own mail domain is possible, but it’s a harder process, and custom domains are not always accepted or reliable.)

(You should keep your old email for a year or so to make sure no important service was left behind locked to that email. Once that's done, you can delete the account.)

Tips:

If you can, you should try expanding your protocol with this:

  • Adding 2FA to any online website, especially email. I use ~~"Authy" ~~for this. -> Better use Aegis, good app!

  • Switching your browser to something like "Librewolf".

  • Switching to a password manager like "Proton Pass" or "1Password".

  • Encourage your close family to do the same once you're comfortable with the process.

  • Switch social media to private alternatives.

  • If you take any efforts to switch browser or install Aegis, try to use "F-droid", or even better, "Droidify". These being a FOSS app store, and a good Material alternative frontend. For apps not in here, consider "Aurora store", a more private **"Play store" **alternative

This is about it for me, quick posts from class, feel free to add into this topic bellow.

Edit:

Important additions after reading the comments:

  • Proton is a bit disencouraged by some for some political views published by the CEO under proton's account and image. They backed down, and I believe it isn't something too bad as for users to leave such a good privacy oriented suite of apps. I encourage anyone who cares about this topic to research before making the switch.

  • Mail is not 100% private with any option, and shouldn't be used for highly sensitive information. For that use end to end encrypted apps well respected, like "signal". Still is best to just don't send very sensitive information online.

  • As a comment pointed, for a mail to be as private as possible, both the sender and reciever should have a private mail, otherwise you can be private but the other person would still be having your mail conversations stored under "gmail" or similar.

Sorry if this post didn't give the best newbie advice, I tried to track back some of my old knowledge, but I'll take more time to research the next time. Take care and stay private!

3
4
5
6
7
8
9
10
 
 

A federal judge struck down Arkansas' Social Media Safety Act, ruling it unconstitutional for broadly restricting both adult and minor speech and imposing vague requirements on platforms. Engadget reports:

In a ruling (PDF), Judge Timothy Brooks said that the law, known as Act 689 (PDF), was overly broad. "Act 689 is a content-based restriction on speech, and it is not targeted to address the harms the State has identified," Brooks wrote in his decision. "Arkansas takes a hatchet to adults' and minors' protected speech alike though the Constitution demands it use a scalpel." Brooks also highlighted the "unconstitutionally vague" applicability of the law, which seemingly created obligations for some online services, but may have exempted services which had the "predominant or exclusive function [of]... direct messaging" like Snapchat.

"The court confirms what we have been arguing from the start: laws restricting access to protected speech violate the First Amendment," NetChoice's Chris Marchese said in a statement. "This ruling protects Americans from having to hand over their IDs or biometric data just to access constitutionally protected speech online." It's not clear if state officials in Arkansas will appeal the ruling. "I respect the court's decision, and we are evaluating our options," Arkansas Attorney general Tim Griffin said in a statement.

11
12
13
 
 

Cross-posted from "It's Time to Wake Up: A Darknet Anarchist's Case for Anonymity & Digital Safety" by @Illegal_[email protected] in [email protected]


(Note: .onion links should be accessed with Tor Browser)

The main source of Anonymity: The Tor Network http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/torvsvpns/index.html

Tor Web Browser Setup (on Desktop and Mobile) http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/torbrowsing/index.html

Have you ever been afraid to speak your mind on the internet? Do you have peace of mind that you know what your electronics are doing? Is technology working for and empowering you, or has it become a tool of oppression tracking your every move and storing it on corporate/government servers to be used against you in the future?

These powerful tech companies work closely with our fascist government to surveil, track, manipulate, and scare vulnerable citizens into compliance and silence. We have been tricked into giving up all control and privacy for the sake of convenience.

This is no accident.

The state has the most sophisticated surveillance network ever known, and you are voluntarily participating in it.

The phones Americans carry in their pockets are proprietary black boxes, constantly communicating with cell towers logging your position and IMEI/IMSI tied to your real identity. They are also constantly recording the strength of wifi access points, and other devices around you, sending this back to HQ to build a map of everyone's movements. This is not even mentioning how most people are logged into a google/apple account at all times. You probably know this costs you YOUR privacy, but do you realize you are also snitching on everyone around you and contributing to this surveillance network?

Kill the Cop in your Pocket: http://uwb25d43nnzerbozmtviwn7unn7ku226tpsjyhy5n4st5cf3d4mtflqd.onion/posts/nophones/

Ask yourself how you feel about this? How much would freedom, privacy, and anonymity be worth to you? Many realize the situation is dire, but are preoccupied with trying to survive the next rent payment, and are do not have the knowledge necessary to resist.

Those organizing in the US (50501) overwhelmingly are using reddit and discord to plan protests. A few who know better use signal and consider this good enough, not thinking about how they are linked to a phone number. Signal is secure and private, but when your adversary is the US gov/tech corps that is not enough. We need ANONYMITY.**

Phone Numbers are incompatible with Anonymity: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/phonenumbers/index.html

"Laws" and "rights" are meaningless now. If the state deems you an enemy they have hundreds of ways to crush you into submission, throw you in prison, or worse. Things will only get worse over the coming years. The only hope we have is to maintain real anonymity

Here on Lemmy many are curious about digital privacy, but only have bits and pieces of the knowledge required. Without a solid understanding of how to use technology safely, misinformation, half truths, and FUD abound. There is a pervasive attitude that you have no choice at all, and that it is hopeless to stand up against your oppressors.

I am here to tell you this is NOT TRUE. I am here to tell you it is POSSIBLE, and WORTHWHILE.

You can reclaim technology to work for you instead of against you, but it will require effort and change.

Using Lemmy anonymously Is not too hard. You just need to register an email account in tor browser, and use that to verify a lemmy account. Be sure to ONLY access this account over Tor. The more privacy invasive the service, the more likely they will try to prevent you from doing this. Circumventing that is an advanced topic for another time.

How to Get an Email Account Anonymously (Emails as a Service) http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonemail/index.html

https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/

Trump wants green card applicants already legally in the US to hand over social media profiles: https://www.independent.co.uk/news/world/americas/us-politics/trump-green-card-applicants-social-media-b2720180.html

How long until similar demands are made of others? Every day the risk grows greater and less possible to ignore. The time to wise up is now! Start learning and investing in yourself today so that you can be prepared to protect yourself and those you care about before it is too late.

What is Anonymity ? Why is it Important ? http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymityexplained/index.html

Why isn’t Privacy enough for Anonymous Use? http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonuse/index.html

In this technocracy lines are being drawn. They are wielding technology to oppress and control us, and we need to decide if we are subservient data cattle, or if we are willing to learn how to use technology to empower ourselves and resist.

The relationship between average people and technology is unacceptable. Even those with advanced "tech skills" know next to nothing about how to maintain security/privacy/anonymity against the state. It does not have to be this way.

You deserve better. The people in your life deserve better. They NEED you to educate yourself so you can help teach them. The only way we can do this is together. The time for learning is limited and the clock is ticking.

Operational Security: Privacy, Anonymity and Deniability (Current and High quality) https://nowhere.moe/ http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/index.html

Anonymous Planet: Hitchhiker's Guide to Online Anonymity (Classic resource, somewhat dated) https://anonymousplanet.org/guide/

It's time to decide. Will you allow these corporations to own you, or will you rise to the challenge?


**When law enforcement subpeonas Signal for user information, all they hand over is the phone number associated with the account, and the last time they logged in. Due to the secure end to end encryption the contents of the messages are safe. No problem right? Well the cell phone number and associated metadata is more than enough for them to prosecute, imprison, and kill. Which cell towers has this phone number been around? What other numbers has it been communicating with and when? How is this cell service paid for?

It is not impossible to circumvent these issues, for instance by paying for a jmp.chat phone number with monero XMR. In this case you don't actually have the sim, but rather access it remotely over XMPP. If you do this over Tor very little can be used against you.

Ask yourself though, how many signal users actually go through these lengths? These phone numbers change law enforcement investigations from stumped, to having valuable leads and evidence. What motivations could signal have for requiring this valuable personally identifying information to be shared?

If a service requires your phone number, they are against your Anonymity http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/phonenumbers/index.html

Easy Private Chats - SimpleX (http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/privatesimplex/index.html)

(sorry for the semi off topic rant, no signal is not the worst thing or the first problem to fix, but KYC*** phone numbers are.)

***KYC: Know your Customer: https://kycnot.me/about

I was going to make some anonymity guides, but I needed to first address the issues and problems so I can follow up with solutions. Please give me your feedback and feel free to ask if you have any questions or requests for guides.

14
15
16
17
 
 

Privacy Guides is formally taking a stand against dangerous and frightening technologies.

18
 
 

cross-posted from: https://lemmy.sdf.org/post/31957116

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]

19
20
21
 
 

Hi! Just wanting to migrate from big tech and going BuyfromEU. I am trying out Posteo, which does not have an app only web interface. Since I can’t stay logged in on the web I’m using Apple Mail app as a gateway to simplify usage. To my question, is this totally counter productive to my privacy, pro-eu stance? Will apple mail collect my posteo data through the posteo now instead? Previously using outlook.

Thanks in advance!

22
23
24
25
 
 

cross-posted from: https://lemm.ee/post/59836504

A massive thanks to @LuanRT for providing the fix regarding to the extraction of the deciphering functions. Also, big thanks to @PikachuEXE for coming up with a potential alternative solution!

https://github.com/FreeTubeApp/FreeTube/releases

view more: next ›