Our privacy is quickly becoming less and less our control and it's time more people start taking their privacy, if not more seriously, at least become more aware just what sort of information is at risk. This thread should serve as a good place to discuss these topics and help people understand more of what's at stake. Much of this OP is going to be grabbed from other sources on the internet as I don't have the writing skills that others possess and they put it into better words than I could. And most of this will pertain to people in the US, but there definitely are aspects that can be adopted to worldwide. Why Care About Privacy quote:- Privacy is a human right according to Article 12 of the United Nation's Universal Declaration of Human Rights. Why do I care about privacy if I don't have anything to hide? If you wear clothes, use passwords, close doors, use envelopes, or sometimes speak softly, then you do have something to hide; you're just having trouble understanding that you already do care about privacy. This link has a good amount of resources on why even if you have nothing to hide, you should still care about maintaining privacy. So where can I start? While this is a big ol' can of worms, your biggest benefit is probably by deleting social media. Next, use encryption where ever possible. Most web traffic is already encrypted, but you can also switch from something like SMS to a secure protocol like what Signal uses. Avoid using apps that ask for a bevy of device permissions and switch to FOSS alternatives. Sites like Privacytools.io, PRISM Break, or Switching.software to find ethical alternatives. You should also consider using Tor when just browsing sites you don't log into it. Tor is a fascinating project that aims to make everyone appear to data-miners as the same thing, effectively obfuscating the data that gets shared. Otherwise consider subscribing to a VPN provider to keep your ISP from knowing what you're doing online. THESE ARE NOT FOOLPROOF and it should be noted that they have their weaknesses, but that mostly stems from users misunderstanding their use cases. Lastly, stay curious and cognizant. Things are always changing and many of the resources you'll find may be outdated in some ways, but if you're at least conscious about what you're doing that will put you ahead of everyone else who seemingly couldn't care less of the current state of things. Great links and resources The New Oil - a good primer on understanding your privacy and ways to help mitigate snooping. The Privacy Subreddit - I know, reddit. But it still has a lot of traffic and some great people inside to help better understand all of this. It's a rabbit hole. Privacy Tools - Good alternatives to common sites, services, apps, etc. The Hitchhiker’s Guide to Online AnonymityVery DEEP level of retaking your anonymity, for serious tin-hatters. Intel Techniques - Site run by Michael Bazzell, ex-government FBI CTF agent, that dives deep into the world of OSINT For me, I've taken the last few months to seriously evaluate all of the usage my phone and laptops get. I don't want to be tracked or mined for someone else's profits and I don't think anyone else should either. I wish I had become more aware years ago but what better time to start than now? I'll likely modify this OP as time goes on but this should serve as a good welcome for goons who are looking to get into this.
|
|
# ? Jan 21, 2021 18:43 |
|
|
# ? May 4, 2024 16:19 |
|
At the risk of doom posting, given things like Gorgon Stare being used stateside (and the version in the video in that article is the older version, the new stuff has 4x the resolution!), we no longer have physical privacy outside, and may even start to lose privacy inside. Using Tor and stuff is definitely good, but at this point, I'm about ready to just give up.
|
# ? Jan 22, 2021 00:53 |
Volmarias posted:At the risk of doom posting, given things like Gorgon Stare being used stateside (and the version in the video in that article is the older version, the new stuff has 4x the resolution!), we no longer have physical privacy outside, and may even start to lose privacy inside. Yeah, we are absolutely hosed and it's becoming more evident by the day. Things like Gorgon Stare while seeming like a good thing at first, are absolutely terrifying once you think about it a bit more and what it could be capable of. I feel like a lot of people kind of shrug and say there isn't much they can do, but they are just afraid of leaving behind conveniences. Our daily technology has some awesome and powerful toolsets, but are absolutely luxuries that we don't need. One complaint I see a lot of is people who use their personal devices for professional work, which is not great. MDM software is very powerful and can track just about anything you do on a device. People need to start demanding work devices and refuse BYOD decisions. With Android, you can go even further with degoogling your phone with things like Lineage, CalyxOS, or GrapheneOS. iOS is a bit better out of the box in terms of privacy options, but still requires some tooling around to get it working. Even steps like disabling tracking, revoking permissions, or using adblockers is at least a step in the right direction.
|
|
# ? Jan 22, 2021 19:32 |
|
I've been thinking of making a thread like this for a long time now, thanks for actually doing it! Here's my usual list of the best, easiest steps an average Internet user can take to improve their privacy. Starting with the easiest: 1. Install an ad blocker. uBlock Origin (Chrome, Firefox) is the usual choice -- just install it and leave everything at the defaults. You'll see a lot less ads, but more importantly, it'll stop a lot of ad tracking. 2. Install a cookie clearing extension. Once you've closed the last tab of a website, all the browser cookies it set will be cleared out. I suggest Cookie AutoDelete (Chrome, Firefox). This one requires a tiny bit of management, since there are probably sites where you want to stay logged in even when you don't have it open in any tabs. Fortunately, it's really easy to whitelist any site you like; just click the extension's icon and there'll be a big button to do exactly that. 3. Step up your password game. Stop using your dog's name as a password and start using long random strings kept in (and generated by) a password manager. KeePassXC is a good one. Using it is a lot easier than it may look at first. 4. Consider spending a few bucks a month on a decent VPN service. It's certainly not a magic bullet for privacy, but it can be a big help. It'll keep your ISP from seeing every site you go to, and keep every site you go to from seeing exactly where you're coming from. (And if you're torrenting movies or doing any kind of piracy, then a VPN is a must and you should've had one a long time ago.) My top recommendation is Mullvad, runner-up is ProtonVPN. For your smartphone, get rid of everything Facebook-owned if at all possible, and try to get your social circle to switch over to using Signal for texts calls. Signal is an app that can do text messaging and voice/video calls to other Signal users. It uses extremely paranoid encryption and security, but you'd never know it from the really straightforward interface. (Having it installed doesn't stop you from using normal SMS and phone calls anytime you want, of course.) Grab a friend, install it and try it out.
|
# ? Jan 22, 2021 21:43 |
|
Another suggestion for more advanced users is to use a script blocking extension. These can often block trackers and ads from even being loaded in the first place on a site. The downside to them is that many sites require scripts to work properly, so you have to spend time configuring the blocker to allow what you want for a website to work while blocking the things you don't want. Examples of script blockers would be NoScript (Firefox, Chrome) or uMatrix, although I have heard uMatrix is no longer active development, so I"m not sure what the alternatives are out there. A more extreme step would be to buy or build a Pi-hole. This is sort of like what a script blocker would do, but it blocks ad or tracker requests for your entire network rather than just on a browser. Again, you run into the same problem of having to set up the filters correctly, but this is more useful if you have multiple people using devices on the network.
|
# ? Jan 23, 2021 06:09 |
|
Even though it can be a giant pain to use, learning how to use NoScript on Firefox has been a really good experience for me on web browsing. Works on desktop versions and on Android phone browsers. Letting you see just how much poo poo is layered on to the websites you frequently browse is kind of jarring, but finding out which ones to allow to let you see a site practically ad free can be a rewarding experience in an of itself. It's free, and they accept donations. Check your browser settings especially the privacy settings on what you want or do not want to allow, I know it's a given but a lot of times we can sometimes forget especially when reinstalling things.
|
# ? Jan 27, 2021 02:13 |
If anyone wants to get their feet wet, I'm selling a Pixel 3a XL that has GrapheneOS flashed to it in SA-Mart.
|
|
# ? Feb 1, 2021 19:33 |
|
If you’re serious about this, definitely worth looking into Yasha Levine’s work. “Why would the U.S. government fund a tool that limited its own power? The answer, as I discovered, was that Tor didn't threaten American power. It enhanced it. The FOIA documents showed collaboration between the federal government, the Tor Project and key members of the privacy and Internet Freedom movement on a level that was hard to believe: The documents showed Tor employees taking orders from their handlers in the federal government, including hatching plans to deploy their anonymity tool in countries that the U.S. was working to destabilize: China, Iran, Vietnam, Russia. They showed discussions about the need to influence news coverage and to control bad press. They featured monthly updates that described meetings and trainings with the CIA, NSA, FBI, DOJ and State Department. They also revealed plans to funnel government funds to run "independent" Tor nodes. Most shockingly, the FOIA documents put under question Tor's pledge that it would never put in any backdoors into their software. (See below.)” https://surveillancevalley.com/blog/fact-checking-the-tor-projects-government-ties
|
# ? Feb 11, 2021 06:02 |
Is there a particular browser you'd recommend? Cross-platform syncing of bookmarks, tabs, is still pretty important, but obviously if you're giving all that stuff to google or whoever they can build a social graph of you pretty effectively. Is there another browser that can do that without you having to trust the sync server holder to not misuse your data?
|
|
# ? Feb 15, 2021 18:10 |
Nitrousoxide posted:Is there a particular browser you'd recommend? Cross-platform syncing of bookmarks, tabs, is still pretty important, but obviously if you're giving all that stuff to google or whoever they can build a social graph of you pretty effectively. I usually recommend either Firefox or Chromium. There is also this extension that allows cross-platform syncing: https://www.xbrowsersync.org/
|
|
# ? Feb 15, 2021 19:13 |
|
What Google alternatives to Voice and Maps do people use?
|
# ? Feb 15, 2021 19:34 |
|
qsvui posted:What Google alternatives to Voice and Maps do people use? OpenStreetMap is competitive with Google Maps. Google Voice was never available in my area so I dunno what if replace it with if I ever had it.
|
# ? Feb 15, 2021 23:49 |
I've been looking for something even remotely close to GVoice for a few months now and there simply is nothing that comes close to it without some compromise. MySudo, Twilio or Voip.ms are probably the best alternatives but they all cost money for any sort of regular usage.
|
|
# ? Feb 16, 2021 15:32 |
|
Nitrousoxide posted:Is there a particular browser you'd recommend? Cross-platform syncing of bookmarks, tabs, is still pretty important, but obviously if you're giving all that stuff to google or whoever they can build a social graph of you pretty effectively. Plain old Firefox is still very good, especially if you give it a few privacy-enhancing add-ons and about :config tweaks -- see privacytools.io's in-depth page of browser recommendations for more detail on those. As for syncing, Mozilla claims Firefox Sync is designed in such a way that their servers never see the un-encrypted data and the password never goes beyond your own device(s): https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. If you're conducting international espionage or something, you probably wouldn't want to trust this tool implicitly. But for an ordinary Internet user trying to cultivate a healthy general-purpose paranoia, it's probably fine.
|
# ? Feb 16, 2021 17:26 |
qsvui posted:What Google alternatives to Voice and Maps do people use? Nextcloud is a self-hosted personal cloud that is trying to be a replacement to the Google cloud environment. It's licensed under the AGPL so is open source. You can add stuff to it like openstreetmap support and also use it as a webmail client and google drive replacement. In terms of a google voice replacement, honestly the way Apple allows you to receive and send calls/texts across all of their Apple devices is a compelling option, though it obviously requires you to buy into the Apple ecosystem. Apple is certainly better with your privacy than Google, but it may not be enough for someone who wants to use Tor everywhere or something. Powered Descent posted:Plain old Firefox is still very good, especially if you give it a few privacy-enhancing add-ons and about :config tweaks -- see privacytools.io's in-depth page of browser recommendations for more detail on those. Thanks, I had lost access to my old syncing because I had 2-factor on Firefox and lost the 2nd factor. I recently signed up for a protonmail account so I guess I can just sign up again with that.
|
|
# ? Feb 16, 2021 19:04 |
Powered Descent posted:As for syncing, Mozilla claims Firefox Sync is designed in such a way that their servers never see the un-encrypted data and the password never goes beyond your own device(s): https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. If you're conducting international espionage or something, you probably wouldn't want to trust this tool implicitly. But for an ordinary Internet user trying to cultivate a healthy general-purpose paranoia, it's probably fine. I assume they're still working on rewriting the syncserver in rust too, because it uses a version of Python that's now EOL. For what it's worth, this (along with the account server which is also being rewritten in rust), is what Mozilla uses to host their services.
|
|
# ? Feb 20, 2021 19:12 |
|
Cool thread!BlankSystemDaemon posted:If you're worried about syncing, there's the option of running your own syncserver, which can use either the old token and storage servers, or new ones written in rust. I think that you're going to find "you're probably safest hosting your own <thing>" is going to be the solution to a lot of problems in this area--assuming you develop a healthy paranoia, anyway.
|
# ? Feb 21, 2021 19:08 |
Insanite posted:I think that you're going to find "you're probably safest hosting your own <thing>" is going to be the solution to a lot of problems in this area--assuming you develop a healthy paranoia, anyway.
|
|
# ? Feb 21, 2021 22:23 |
Has anyone tried out the new SMS thing that was talked about on the Michael Bazzell podcast? Seems right up my alley especially with the ability to self host but I haven't had the time.
|
|
# ? Oct 9, 2021 04:53 |
|
Just wanted to thank OP for all the great information. I got some surprisingly good apps from the PRISM break website ( if you’re on iOS, Tofu authenticator is wonderful ). I care about my digital privacy and have slowly been migrating to privacy respecting services but it’s a process. Better legislation feels necessary as downloading all the little choices to users becomes overwhelming and confusing.
|
# ? Dec 4, 2021 15:37 |
Moxie is stepping down as Signal CEO:quote:It’s a new year, and I’ve decided it’s a good time to replace myself as the CEO of Signal. https://signal.org/blog/new-year-new-ceo/ Definitely going to keep a close on this, as it's my preferred method of communication. Fingers crossed it's not going to sellout, but with the backing from Moxie I'd be much more at peace if things basically continue as normal.
|
|
# ? Jan 10, 2022 22:36 |
|
I am excited to dive deep into the thread. The New Oil looks especially intriguing! I'm new to this so I guess my first interest is just figuring out how much I'm being tracked. Like are all my e-mails, texts, or website visits automatically logged to the NSA? For how long? Will they eventually just have a record of everything I've ever done? And the ability to readily search that data for their relevant hits?
|
# ? May 11, 2022 06:14 |
|
https://twitter.com/random_walker/status/1524433565668102144
|
# ? May 12, 2022 00:27 |
|
Ornery and Hornery posted:I'm new to this so I guess my first interest is just figuring out how much I'm being tracked. Like are all my e-mails, texts, or website visits automatically logged to the NSA? For how long? Will they eventually just have a record of everything I've ever done? And the ability to readily search that data for their relevant hits? Only the spooks know exactly what they have, and they aren't talking. But based on things like the Snowden documents, it's pretty clear they're hoovering up every drat thing they can and keeping it forever. And they have tools for parsing it all, so that in the event you (or I, or anyone else) should catch their attention, they can generate a pretty drat complete dossier with a few mouse clicks.
|
# ? May 12, 2022 00:52 |
Ornery and Hornery posted:I'm new to this so I guess my first interest is just figuring out how much I'm being tracked. Like are all my e-mails, texts, or website visits automatically logged to the NSA? For how long? Will they eventually just have a record of everything I've ever done? And the ability to readily search that data for their relevant hits? Best to assume you're being tracked on every single thing you do. For messaging, SMS is incredibly easy for even randos to just intercept messages and was never secure in the first place, not to mention is archaic as gently caress now. Your ISP has a record of every site you've ever visited and likely shares or sells that info. Many websites will track almost every minute detail of your browsing habits (like down to how long you are looking at a page before scrolling) and sharing/selling. Combine all of the things you've posted online with metadata receipts and you could easily identify someone and every single thing they do and what their habits are. Are agencies like the NSA doing that? Maybe for higher target individuals who pose a security or physical threat to nations. I don't doubt they have info on every mom and pop out there, but no way are they piecing together that Marge has a habit of looking at cat smut at 3am on Thursday nights or something like that. Regardless of your threat model, I think it's a good thing to just assume that anything you do online gets tracked and then proceed from there.
|
|
# ? May 12, 2022 02:00 |
|
Frontline's two part episode of United States of Secrets is a really really good primer for how far the program reaches not just Snowden. https://www.pbs.org/wgbh/frontline/film/united-states-of-secrets/
|
# ? May 12, 2022 02:33 |
|
I'm technically a federal contractor with a security clearance so I just assume I could set off a flag and be watched. I imagine the more steps I use to hide what I'm doing, the more suspicious they would be, I'd become more likely to be scrutinized. I doubt they care about occasional porn or anime or my nerdy as hell interests, but they may not like certain opinions I have. I don't do social media anyway. The thing is punishing "thought crimes" on the general population would tip their hand at how much they monitor and would piss off the whole USA.
|
# ? May 12, 2022 13:36 |
|
How are you guys feeling about having more intrusive monitoring devices installed in your vehicle? Drunkenness will have to be watched for in all new vehicles by 2026 according to the infrastructure bill. There are already gps and cell antennas as well as onstar and other services (which are terrible) but it will be getting a lot worse IMO.
|
# ? May 13, 2022 13:13 |
|
Irregardless posted:How are you guys feeling about having more intrusive monitoring devices installed in your vehicle? Drunkenness will have to be watched for in all new vehicles by 2026 according to the infrastructure bill. There are already gps and cell antennas as well as onstar and other services (which are terrible) but it will be getting a lot worse IMO. Usually I’m like hell no to these sort of things but over a quarter of all traffic deaths involve alcohol so I’m willing to listen to the proposal.
|
# ? May 13, 2022 14:20 |
|
jabro posted:Usually I’m like hell no to these sort of things but over a quarter of all traffic deaths involve alcohol so I’m willing to listen to the proposal. On top of increasing distractions due to driving while looking at your cell phone, or people STILL insisting to use one hand to hold the phone up to their ear while driving or just blasting it on speaker and talking to it while driving. Yeah it seems reasonable to at least hear it out.
|
# ? May 13, 2022 15:15 |
|
Some manufacturers already put eye monitors in their cars to track driver attentiveness, but some early ideas I’ve read about involve sweat sensors or other devices to listen for slurred speech or something. I’m under the impression that any time you take your car in for servicing they are harvesting data from your car’s black box, and I would assume that if the car can determine if the driver is impaired that it would likely signal law enforcement once the car pulled you over. I’m concerned that there could be software bugs with it, plus the possibility of them being too sensitive. Will you be able to have a beer with your meal and go home? Will people be able to get access to your microphones or cameras within the vehicle if law enforcement must have access to them at all times? Can a consumer defeat them? I’d defeat the gps antenna in my car but then the entire infotainment system shuts down. My future car purchases are starting to look like mid aughts to mid tens in the future
|
# ? May 13, 2022 17:38 |
|
Man if I had the know how I'd just take a hollowed out 80s era F-150 and just put in an early 00s engine and suspension. I currently drive a 2018 tahoe and hate how much computer poo poo and touchscreen poo poo is in it.
|
# ? May 13, 2022 19:44 |
|
Jiro posted:Man if I had the know how I'd just take a hollowed out 80s era F-150 and just put in an early 00s engine and suspension. I currently drive a 2018 tahoe and hate how much computer poo poo and touchscreen poo poo is in it. I’m with you. You don’t drive the newer cars as much as they ferry you around. In addition to the infotainment systems being intrusive and pointless (to me) you also can’t buy a decently priced manual transmission car anymore. Although the worst parts of the new cars are the privacy-intrusive “features”
|
# ? May 13, 2022 21:52 |
|
For work I was in a live chat on a major website yesterday looking to see if the company sold something in certain dimensions that I needed. I type in the chat “do you have xxxxxxx” without pressing enter so I could look over at my notes to type the exact dimensions. The person on the other end says “yes we have xxxxxxx” before I started to type the dimensions into the box. Friendly reminder most websites are seeing/logging far more of your interactions in real time than you may think about. Also, I saw this headline the other day and it’s funny how quickly I encountered it in the wild after having it come across my radar. Thousands of Popular Websites See What You Type—Before You Hit Submit https://www.wired.com/story/leaky-forms-keyloggers-meta-tiktok-pixel-study
|
# ? May 15, 2022 13:32 |
I highly encourage everyone to read the study that underpins the wired article, it's fascinating reading. Plus, the URI is very old-school cool.
|
|
# ? May 15, 2022 13:59 |
|
cage-free egghead posted:Best to assume you're being tracked on every single thing you do. For messaging, SMS is incredibly easy for even randos to just intercept messages and was never secure in the first place, not to mention is archaic as gently caress now. Your ISP has a record of every site you've ever visited and likely shares or sells that info. Many websites will track almost every minute detail of your browsing habits (like down to how long you are looking at a page before scrolling) and sharing/selling. From what I understand, state actors basically hoover up as much info as possible and archive it without necessarily analyzing it. The phrase I've heard is that you can be "put under surveillance yesterday", meaning that if there's ever a reason to look into you, then the archives can be trawled for anything useful.
|
# ? May 15, 2022 15:22 |
|
Quaint Quail Quilt posted:I'm technically a federal contractor with a security clearance so I just assume I could set off a flag and be watched. Don't kid yourself, half the USA would be cheering on the cops as they round up anybody who's posted anything remotely gay or leftist or tracked going into an abortion clinic after 2024 Pres Trump passes the maga act. That's the thing with people who say "if you have nothing to hide, blah blah blah" because you never know when something that is legal today, becomes illegal tomorrow. stratdax fucked around with this message at 00:58 on May 16, 2022 |
# ? May 16, 2022 00:53 |
|
Goon Boots posted:From what I understand, state actors basically hoover up as much info as possible and archive it without necessarily analyzing it. The phrase I've heard is that you can be "put under surveillance yesterday", meaning that if there's ever a reason to look into you, then the archives can be trawled for anything useful. I am legit concerned that any leftist politician born after, like, 1994 will have been tracked their whole lives and inevitably have at least a few things that would compromise any serious election campaign. You or I probably wouldn’t care if a leftist candidate said some dumb poo poo on Twitter as a 15 year old, or masturbates to sonic deviant art, but a significant portion of the voting population probably does poo poo sucks
|
# ? May 16, 2022 05:30 |
|
My theory is that social media sites will use or are using the private info of future or current politicians as blackmail in order to influence legislation
|
# ? May 16, 2022 06:42 |
|
|
# ? May 4, 2024 16:19 |
|
Ornery and Hornery posted:I am legit concerned that any leftist politician born after, like, 1994 will have been tracked their whole lives and inevitably have at least a few things that would compromise any serious election campaign. He's not a leftist, but he pissed off his party leaders and look at what's happening to Maddison Cawthorn.
|
# ? May 16, 2022 10:10 |