Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
https://www.privacyguides.org/en/
You should start reading this website. It's going to answer a lot of questions.
Tor is not the absolute bastion of security! It is a tool with trade-offs both good and bad. It is not a panacea
Check the privacy guide to VPNs. They'll give you the trade-offs
PrivacyGuides is VERY valuable and respected resource. OP, trust comment above 😃
It's important to distinguish privacy, anonimity and security.
I'm pretty much also a beginner when it comes to privacy so I'd be gladly corrected, but if you read the Tor manual you'll see it works best on its own. VPNs offer very limited protection and if you're looking to reinforce Tor, you might want to look into Tails instead, since Tor is meant to work on its own.
A good first point to make is your operating system. Ditching proprietary software is a must there as well since they have back doors from which they can steal most of your data anyway. Use a Linux distro, preferably not Ubuntu based, however it might be a little harder to use and the difference is not that big afaik. Ubuntu hasn't given us reason to worry other than that it's developed by a for profit company, in addition to some additions that were not considered ideal by the open source Linux users. I am typing from memory of some videos I watched though, so if you're looking for a distro you best do your own research.
One additional necessity is encryption. Use it everywhere you can. Proton mail and other such providers encrypt your emails and allow only the recipient to read them. You can also encrypt your hard drives to protect the information inside them. De-google your devices and use as much open source software as you can. Newpipe or YouTube revanced should be installed instead of the official yt app, Lemmy(as you know lol) instead of reddit, Instagram or any other social media, however this can be hard to execute so what you might want to do instead is delete the apps from your phone and log in to your accounts from a browser that isn't Tor, since logging in with Tor defeats it's purpose completely. Alternatively you can use clients for some like frost for Facebook and, as previously mentioned, newpipe or yt revanced.
Finally, you might want to set up a Tor network server in your residence, as it helps hide your own traffic among the others using it. Additionally, the more wide the Tor network is, the more efficient blending in the crowd becomes. In fact, this is tor's biggest strength. Using any extensions and add-ons to the browser can help make you stand out from the other users and allow others to track you.
Sorry for the long response not necessarily explaining what you were originally asking for, network privacy. But if you are to make your online computing private you must shield yourself from all directions and not leave back doors open at all. It's not all or nothing but it certainly isn't a one click wonder either.
TL DR: Leave Tor as is with the strongest default privacy and security settings, replace closed source apps with open source ones(like clients) and get a privacy respecting OS for both phone and PC.
tor has it's place. you can't use tor as your only browser (unless your life depends on your anonymity). There's mull (hardened firefox) for daily needs or mullvad browser on desktop.
what os are you on?
if you're on android: I no longer use it, but blokada is simple enough to start with and learn about dns, ip &c. I thought trackerControl too was instructive but you won't stop there either.
if you're on a desktop, try piHole instead.
on Mac i've found Vallum to be the most efficient. With piHole it becomes redundant.
on windows the best solution was to install linux instead 😅
don't use your ISPs DNS server, neither google.
read other threads on this community, then follow the links to read from sources instead.
good luck
If you want a VPN I would recommended Mullvad and pay with with Crypto
TOR is the closest thing you will see to a "federated VPN". You should always trust your VPN more than your ISP. There are open source VPNs like IVPN and Mullvad.
Lots of good responses in here already. Any VPN that is reliant on the use of others resources, federated or not, will require some level of trust.
You can "roll your own" and spin up a personal VPN that you host yourself that may remove some of the trust concerns, but if you aren't building it from scratch or don't audit any source code you use from others, whether foss or not, you are right back to the issue of trust.
Everything has a tradeoff, just like people have pointed out about Tor in this thread.
My advice is to try to balance your needs and concerns by doing research and ask around until you can narrow things down to specific products or services and then dig in anf ask pointed questions about them until you reach a level of comfort and trust that satisfies you.
I know you guys are technical and smart. Can you explain to me how secure https is in terms of privacy. I heard that isps can track which domain you're hitting but not the exact endpoint, is this true ? Where can I read more about this sort of thing?
Some more info and helpful blogs from mullvad https://mullvad.net/en/help/all-about-dns-servers-and-privacy/
You can use quad9 or mullvad DNS resolvers for free to prevent DNS leaks
No all of your packets will have a destination IP address. Meta data isn't encrypted for an HTTPS.
Https is based on the web of trust. You're trusting each of the central certificate authorities not to issue a certificate incorrectly.
So if you're doing something sensitive enough that somebody might compromise their certificate authority for then HTTPS is not the be all end all.
There was a fun program that the Great firewall of China was running, they would look at where you were sending traffic, and then do a man in the middle attack giving you a different certificate so that they can see what you were actually saying unencrypted.