this post was submitted on 22 Nov 2024
61 points (95.5% liked)

Privacy

32130 readers
1093 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

If you don't know me, I make frequent write ups about privacy and security. I've covered some controversial topics in the past, such as whether or not Chromium is more secure than Firefox. Well, I will try my hand again at taking a look at some controversial topics.

I need ideas, though. So far, I would like to cover the controversy about Brave, controversy around Monero and other cryptocurrencies, and controversy around AI. These will be far easier to research and manage than Chromium vs. Firefox, for example. I'd like to know which ideas you have!

Which controversial privacy topics do you know of that you would like to see covered?

PLEASE DO NOT ARGUE ABOUT THEM IN THE COMMENTS!

Please save any debate for if/when I make a write up about the topic. Keep the comments clean, and simply upvote ideas you would like to see covered. I won't be able to cover everything, so it helps bring attention!

Above all else, be kind, even if you don't agree with an idea or topic :)

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 29 points 2 days ago* (last edited 2 days ago) (2 children)

Matrix is defacto centralized around Matrix.org & servers they provide (where the cost of hosting makes it largely inaccessible to low-spec & medium-sized servers causing them to inevitably shut down & recommending users back to Matrix.org). All the metadata gets synced back to the mothership that was funded by Israeli intelligence. Avoid it.

Cloudflare is a CIA front. They offer “free” DDoS protection + static proxy thereby giving Cloudflare the ability to MitM all TLS connections thru their servers. They convinced so many ‘developers’ via ‘influencers’ that every tiny site needs Cloudflare in front of it as a precaution/optimization, but it is an entirely premature optimization that doesn’t need to so widely deployed, but it is. 🤔

Microsoft has always been an enemy but somehow managed to Trojan horse their way into the minds of developers again (neo-EEE) trying to centralize how software is created. Like we avoid Microsoft Windows, the rest of the Microsoft ecosystem should equally be avoided: Copilot, LinkedIn, Outlook, Exchange, Office, Teams, Azure, VSCode, npm, GitHub (Sponsors, Codespaces, Copilot). Literally none of these projects/services can’t be replaced to help protect the privacy of your clients, coworkers, contributors.

[–] [email protected] 8 points 1 day ago

Cloudflare is a CIA front. They offer “free” DDoS protection + static proxy thereby giving Cloudflare the ability to MitM all TLS connections thru their servers.

I just started to learn about privacy in depth this year, and this little fact about Cloudflare has sat with me more than most things that I've learned. I feel like very few people think about the implications of Cloudflare's practices. Even if its not a CIA front (I feel like it is), we should feel uncomfortable giving any private entity such power. Unrelated, but their crazy lava-lamp wall, as cool as it is, kinda gives me bad vibes lol.

[–] [email protected] 4 points 1 day ago* (last edited 1 day ago)

Matrix originating in Israel made me decide not to use it. No way anything from that place isn't spyware.

[–] [email protected] 43 points 3 days ago (5 children)

Step 1 of installing GrapheneOS for de-googling your life: Buy a Google Pixel phone

Look - I know, I know. I get it. Google allows you to unlock the bootloader while maintaining the phone's unique and excellent hardware security features. The argument makes sense. It is compelling. Other manufacturers do not give you this freedom. I am not arguing about that. I have a Pixel phone running GrapheneOS myself.

However... It is just so very obviously ironic that one needs to trust Google's hardware and purchase a Google product to de-google their life through GrapheneOS. I think that it is a perfectly valid position for someone to raise their eyebrows, laugh, and remain skeptical of the concept either because they do not want to support Google at all, or because they simply will not trust Google's hardware.

The reason why I think that this is "controversial" is because I have seen multiple instances of someone pointing out the irony, followed by someone getting defensive about it and making use of the technical security arguments in an attempt to patch up the irony.

[–] [email protected] 5 points 2 days ago

Bought a second hand Pixel 7 in like new condition at the time for $250 on back market (dropped it, bought another, still cheaper than the equivalent iPhone 14 lol). That at least means I am not financially contributing to Google, but I do agree that I don't think there is a way to verify that the hardware is completely foolproof even if its the best option we currently have.

I guess that's true of any hardware though, and we have to make our assumptions based off known quantities such as Pixels' unique hardware security features?

But yeah, it's a minefield out there. Let's get carrier pigeons.

[–] [email protected] 10 points 3 days ago (1 children)

It's obvious to me the blackbox radio contains an inscrutable backdoor that negates all privacy aspects.

[–] [email protected] 6 points 2 days ago (1 children)

Yeah, there is a whole "separate OS", but, to my knowledge, there hasn't been evidence of it casually being able to collect arbitrary data from the actual phone's OS.

load more comments (1 replies)
[–] [email protected] 9 points 3 days ago

My issue with that is that Pixels are expensive, and in some places are not sold officially (meaning they can only be bought from smaller resellers with usually much less generous return policies). The newest models are outright unaffordable new. The only ones below $150 are either secondhand or out of support, so that's what poor people are left with? Plus, no headphone jack.

I use Graphene myself, but I dislike absolutism. I don't in the slightest regret buying my Pixel even though $300 is a painful sum to spend on a phone (and it was on the cheaper end if we're talking about up-to-date models!), but I know that my mother would never spend this much on a phone - so I look into Divest or Lineage on more common and affordable phones.

load more comments (2 replies)
[–] [email protected] 14 points 2 days ago (1 children)
  1. Whether phones are listening or not

  2. What is the redacted part in the rationale to ban Tik Tok

A note on the latter, it is presented as national security threat. They won't say what it is. I presume because some of the shit they don't want a foreign power doing is sth they very much do themselves.

[–] [email protected] 3 points 2 days ago (2 children)
[–] [email protected] 2 points 1 day ago

See, I am not the guy who will stop thinking for myself because experts say there is no evidence of sth. I am not saying that there is real time eavesdropping at all times, but I have not seen convincing arguments that a working microphone cannot be used for pushing ads by simple and widely available mechanisms. In fact, the sheer amount of people who complain about this should be considered evidence in itself, especially when they never had thought of a given topic before discussing it with someone. I have considered phone proximity and shared IP address but they don't seem to make an exhaustive explanation. I think that some stories point to Meta doing this extensively, and that disallowing microphone access for Meta products alleviates the effect. Many privacy communities I believe they are infested by spooks and trolls pushing disinformation narratives, and one of them is that phones are NOT listening as a smart thing to say and/or believe. I might as well think that this is itself can be related to the redacted part in the rationale to ban Tik Tok. Having said that, I think that the only feasible to do this technically is by a regularly updated list of keywords, rather than other ways that would leave a processing or networking footprint.

[–] [email protected] 2 points 2 days ago

Wasn't there a leak recently where an executive said they were listening?

[–] [email protected] 22 points 3 days ago* (last edited 3 days ago)

F-Droid not being trusted. They build and sign a developer's code on their behalf, so there is a chance for injection there.

There are reproducible builds, but I would argue it's not taken seriously enough. Like right now nobody is publicly verifying Signal's supposed reproducible Android builds and they've historically had problems keeping it working.

Also how most (or all?) Play Store apps (including FOSS) contain proprietary code.

[–] [email protected] 27 points 3 days ago (1 children)

Browsing with JS disabled by default and expecting most sites to have basic functionality like "display this text"

[–] [email protected] 1 points 2 days ago

How dare you‽ 😂

[–] [email protected] 24 points 3 days ago (3 children)

VPN: essential or snake oil?

[–] [email protected] 5 points 2 days ago (1 children)

Neither. A VPN is a tool. It's useful for bypassing geo-restrictions, allows you to act as a local device in the server's local network which is really useful, and can have a benefit to privacy when paired with other tools.

A lot of VPN ads however are overblown with the "VPNs keep you safe online" and "Don't use the internet without a VPN", these are dishonest marketing practices which should be seen as a massive red flag.

[–] [email protected] 3 points 2 days ago (1 children)

Deceptive marketing and straight up lying is so prevalent that people have all sorts of wild ideas about VPNs. That’s why it’s high time someone cleared things up.

[–] [email protected] 13 points 3 days ago (1 children)

There is no such thing as too many layers of obfuscation. At least until we abolish all empires, states, religions and corporations.

[–] [email protected] 9 points 3 days ago (1 children)

…when the last king is hanged on the entrails of the last priest.

[–] [email protected] 5 points 2 days ago

Now THAT's my kind of party.

[–] [email protected] 7 points 3 days ago
[–] [email protected] 26 points 3 days ago (6 children)

Signal as a centralized meta-data honeypot.

[–] [email protected] 6 points 3 days ago

💯 but can it be a honeypot when the OG promise was connection not meta security?

load more comments (5 replies)
[–] [email protected] 15 points 3 days ago (1 children)

Its not private if it needs a phone number (cough SIGNAL cough)

"Its to protect the kids", "Its to fight terrorism"

That one ~~filthy~~ muslim country banning VPN's with the guise of it being impermissible ("haram")

[–] [email protected] 7 points 3 days ago

I don't even care about the privacy aspect per se. Phone number as user ID is a crappy UX that fundamentally does not work when international travel, multiple devices, or needing to get a number changed. It also doesn't work for shared accounts or people who might want multiple identities.

Some of these relate to privacy, secondarily, but my primary concern is the UX.

[–] [email protected] 25 points 3 days ago (2 children)

There is no expectation of privacy in public.

By which I mean that things like blurring a house from Street View are unreasonable.

[–] [email protected] 14 points 3 days ago

IMO, blurring a house in Street View could lead to the Streisand effect, especially when 99% of all other property is unblurred.

If you want to remain private, in the case of Street View, your best bet is to keep it as inconspicuous as possible, otherwise people will start looking closer and ask questions; the exact opposite of what you want, even if you have nothing to hide.

load more comments (1 replies)
[–] [email protected] 11 points 3 days ago (4 children)
[–] [email protected] 11 points 3 days ago* (last edited 3 days ago)

Genitals pics, NOW

load more comments (3 replies)
[–] [email protected] 10 points 3 days ago (2 children)

Whether this guy should be forced to turn over his passwords or not:

https://www.theregister.com/2017/03/20/appeals_court_contempt_passwords/

The appeals court found that forcing the defendant to reveal passwords was not testimonial in this instance because the government already had a sense of what it would find.

[–] [email protected] 11 points 3 days ago

Boy, I'm not a lawyer, but that sure feels like being forced to incriminate yourself.

[–] [email protected] 3 points 3 days ago

Others take issue with the idea that technology might be allowed to trump legal process. In a 2015 California Law Review article arguing that forced decryption is necessary to balance individual rights and government power, Dan Terzian, presently an associate at Duane Morris LLP, argues that the EFF's view is too expansive.

"Scores of companies now encrypt their data," Terzian wrote. "In the EFF’s alternate universe, these companies are effectively immune from discovery and subpoenas."

Only if you consider corporations persons. They’re not.

Excellent suggestion, btw.

[–] [email protected] 8 points 3 days ago

For me an AI topic is the hottest

[–] [email protected] 8 points 3 days ago (7 children)

Browser extensions aren’t the answer to preventing tracking (as apps and other processes outside the browser aren’t blocked)

load more comments (7 replies)
[–] [email protected] 6 points 3 days ago

JavaScript canvas blocker add-ons (this one specifically comes to mind, because I've recently had to disable it since it makes life harder; is it worth the cost of admission, or is it a lot of effort for not a lot of reward?) Other types of privacy add-ons would be good to explore as well.

load more comments
view more: next ›