Privacy Guides

Basically the title.

I'm interested in any opportunity to inprove the way I navigate the internet. What I've been for a few years now is DDG, which works fine. Not great, not amazing, just fine. And that's ok considering how they opperate.

I just heard about kagi and was really cosidering it. Makes sense as a business model (pay so we don't have to sell you data), seems privacy respecting, and claims to strive for best search results in the market. Some test searches from the trial seem promising.

If you've used it for any amount of time, what has your experience been with it? What plan are you using? What are you mostly searching for?

Even you haven't used it, any thoughts / opinions are welcome.

A) Is there a central thread to compile updated list of privacy software and settings on lemmy?

B) should there be one?

I have several domains that I use for email aliases and I no longer need all of them. I'm worried if I let one expire and someone else purchases the domain, they will be able to set up a catch-all email address and intercept any emails that I don't specifically migrate accounts/unsubscribe from newsletters. What are my best options for preventing this?

I noticed that "incoming.telemetry.mozilla.org" is blocked by NextDNS when using Firefox with Arkenfox installed every time I start up the browser. Even though it's being blocked at the DNS level I thought Arkenfox removed all telemetry?

Is Nautilus data privacy friendly ? If not, what file manager would you recommend on Ubuntu for data privacy respect ?

From the article:

"I know for a fact that Wikipedia operates under a CC BY-SA 4.0 license, which explicitly states that if you're going to use the data, you must give attribution. As far as search engines go, they can get away with it because linking back to a Wikipedia article on the same page as the search results is considered attribution.

But in the case of Brave, not only are they disregarding the license - they're also charging money for the data and then giving third parties "rights" to that data."

Thought people might be interested in seeing a project I've almost completed.

Purplix.io is a open source end-to-end encrypted survey system & warrant canary manger / viewer.

Would love some feedback or to answer any questions anyone has!

(Ignore the Nav not expanding to the bottom on some of the screenshots, thats just due to the screen shotting tool i use for full page screenshots.)

Assisted GNSS is pretty handy. My phones gets my approximate location very fast. If I want to plan a route from where I am, I don't have to wait a couple minutes for the GNSS signal to be received (if I'm in a location where I can receive it).

But obviously, waiting a couple minutes before starting a journey is acceptable to avoid being tracked by Google, so I disabled the Enhanced Location mode on my Android phone.

Is there a private alternative for A-GNSS?

From my understanding new pipe falls back to internal API or web scraping if the official API fails. Is skytube doing the same thing? Just checking what are the options available out there and see how are they different from each other.

Yes, I'm fully aware that the best way to have a streaming box is to run Linux on a Raspberry Pi, and if anyone has a guide for how to best set that up, connect to various streaming services, and allow casting from a phone then I'm very happy to check it out. However, I've heard Android TV boxes/sticks are still relatively customisable so I'd really just like something I can run SmartTubeNext on and cast YouTube to the TV without any ads. I'm not going to be putting much in the way of personal data on it so it's obviously doesn't need to be the most secure/hardened thing in the world, but I'd still rather avoid the dodgiest of boxes. Any recommendations for something cheap-ish and private-ish?

cross-posted from: https://lemmy.dbzer0.com/post/609404

I mean, exactly how invasive are default operating systems? (Like Windows, Mac, Chrome OS, Android, iOS) Do they log your keystrokes, log passwords, capture screen, upload your photos, videos, or audio? (Assuming you aren't a target of government) Is it even possible for the average person who doesn't feel comfortable messing with installing operating systems to have any privacy?

Red Hat has made RHEL closed source. This sparked much controversy and Oracle did a write up to accuse Red Hat's actions.

Do we consider Red Hat to be on some anti-open-source scheme? Should we boycott Fedora and other Red Hat-sponsored distros that are used to create this closed source distro? (And I'm not sure if RH's actions has violated the GPL.)

Maybe community-made distros like NixOS or Debian secured with Kicksecure will be better recommendations?

I'm currently using Yattee, but it relies on Invidious to access YouTube, so I always have to switch instances around to get videos to load. It's also pretty unstable.

I’m not sure whether this is the right channel to ask. Please let me know where to direct my question if you think of one more appropriate.

I tried to create an account on DigitalOcean, but I got “Unable to authorize access” after I tried with my credit card. I opened a ticket and tried to see how to get my account activated.

After answering some questions about my Github account and what I would use the service for (basically just web hosting and personal projects, my Github account is filled with research projects), they just flat out rejected within the next email.

So I asked them to delete my account and data, because I prefer not to keep whatever they have on me if I’m not going to be able to utilize the service (e.g. some info for registration, email, my Github account name). They responded with

Unfortunately, once an account is locked, it cannot be deleted or deactivated

While I understand they might keep such info to avoid future spam, they haven’t gotten back to me in terms of what I need to get it unlocked. But from the tone of the customer support, I’m afraid there is no resolution but my account details just being locked there.

Any tips? I’m in the US but not in any state that has solid privacy law to appeal.

I love the idea of having privacy in independence from all the tech giants' services. I have a server at home that hosts my storage, media, synchronization, and backups, along with some other random services. Since all these services are basically my life, I sometimes read about better security practices to replace whatever I do. Although sometimes, I feel like I can't figure out what practices are actually bad and really put me in a bad spot, and if they are good enough for me.

For example, I use a Keepass database to store my passwords. I want to sync them across all of my devices immediately. So I saved it in my VPS, and made the android client fetch it every time I sync. I also made a script that uploads the local database every time it is changed. However, I don't want it to override remote changes that I may have not saved on my local machine. To solve that, I made the script download the remote database and compare it to the local one before uploading. To compare, I made the script read from a PGP encrypted file that has the password to my database, and input that to keepass-diff. However, I read that using PGP is bad from this article. I can't say I completely understand what the author is saying, but I trust that they know their stuff. However, I feel like this is a bit nitpicky. Would using GPG make me exposed to massive risk as opposed to using any other service? I guess it's not that hard to move over to something like ccrypt or whatever, but why bother? Besides, I can tell GPG to keep my key in the session for a long time so that I don't have to input it every time. I don't know if ccrypt can do that.

Another example is using F-Droid. I came across this article and this one went way over my head since I'm not really well versed on android. But the gist I got is that F-Droid is not only insecure but is also bad for getting timely updates. I checked and some apps are something like 7 patches behind which is unacceptable for me.

One last example and this one is kinda petty no lie. The fact that RSA is trash. I read here and there that RSA is an old and deprecated encryption algorithm that no one should use this is another article that (surprise surprise) also went over my head. But what I could understand is that it is too easy to make mistakes using RSA and it should be in the history books. But I already made many SSH keys without choosing the encryption algorithm, so it's gonna be a bit inconvenient to change all of those.

So my question to yall is that, how do I find the line between using an acceptable albeit non optimal practice, and using an unacceptable practice for security?

Of course, I also have to put in mind the convenience, so I can't just change up my practices every 8 seconds when I find out that whatever program I'm using is a ticking time bomb.

As we know, buying an older phone can be a big security risk, as it might not get updates anymore. How about laptops? i would install Linux on the laptop. Is it a security risk to buy a used and refurbished computer from maybe 2019?

This idea is interesting to me because hell making my own stuff is fun. I have access to quite a few usb keys already so technically I might have the material available. Also my threat model is pretty low so I'm interested in security mostly for fun.

Most methods I have found talk about making a key to secure a computer but I would really like to make something that would do WebAuthn.

There is a neat Git project that shows how to turn a few specific devices into 2FA code prompters/automatic fillers. But in my naive mind that falls short of what I would truly wish to be able to accomplish ie. Stock USB --> WebAuthn/Passkey device.

Has anybody seen anything on the subject?

Hello wonderful people of PrivacyGuides, I hope my question is relevant to this community.

I couldn't find if this question has been asked before, but I'm looking for a more privacy friendly way to get notified when my favourite artists are gonna have show somewhere near me.

Things to mention: Convinience is not an issue. I'm not currently selfhosting so no server solutions unfortunately.

Thanks in advance.

You may or may not have stumbled across my comment on a post from a few days ago, mentioning how I fake banned my account on WhatsApp (attached below) when in reality I just deleted it.

Well, it worked like a charm. I got my close friends and my significant other to switch to Signal, I told them we have no choice since I got banned and won't get my account back, and told them that Signal was developed by the same people who once worked at WhatsApp before Facebook bought them. And it worked.

Just for your information, I am a zoomer in the US, the group which is probably the hardest to do this with, yet I did it (although granted we all used Whatsapp before which is also not very common in the US especially among zoomers who love Snapchat and Instagram DMs)

Hey everyone, I recently learned about Aurora Store, a platform that allows you download Play Store apps even if you don't have Google services, like on Graphene OS. I'm curious if there's any benefit to using it on my non-rooted device. Any thoughts?

https://lemmy.one/post/903499

Hello! I'm in the process of slowly de-googling my life and taking my privacy more seriously.

I currently use Google Authenticator for 2fa at the moment.

I am currently dreading swapping those to Aegis, which requires a password every time I want to use it (that's very inconvenient, to be honest) while with Google's I can just open the app and get the necessary code right away; no password required.

Should I just stop being lazy, suck it up, and make the switch? I know I'm being a bit of a baby.

Edit: Okay, apparently I can use my fingerprint scanner instead, which is a LOT better, so I'll stop being a lazy shit and do the swap tomorrow. Cheers!

Final Edit: I made the switch to Aegis. Already made a backup, and I have Biometrics setup. Ty everyone!

So. I tried bitwarden for a while with 2fa. I absolutely did not realize that if you lose your 2fa you are done in that service. So yeah. Time to rebuild.

I'm attempting to go all in on proton stuff ATM. Drive, email, vpn and password manager.

What's the easiest way to set everything up in a way that the whole system is safe and that minimizes the chance of me locking myself out ?

Stuff like. Do I bother with 2fa? What are yubikeys. Are these the answer? Do I 2fa all.accounts other than the protonmail one ?

Long single use case passwords or memorizable ones ?

Do I do throwaway emails or everything signs up to my main one ?

Sorry if I overloaded questions. But id love go get insight from people with more experience.

Edit. And oh. Threat model.

Id love yo not lose accounts if someone physically steals one of my devices.

I'd love to not get hsckdd online by someone random that is not targeting me specifically

And in broad strokes. I'd like to keep all my accounts as private as possible from private companies and governments. But im flexible on this one if its too much hassle.