I might be late to the party, but I think I can point out some crucial things here.
- It is not just USA, but Five Eyes services in general which should be avoided. Try to bring in 14 Eyes if you can. (Five Eyes for example straight up discriminates against things like Tor use for masses.)
- AirVPN and NordVPN might not be good choices for privacy, just geoblock bypassing. The only handful VPN choices good would be Mullvad, Riseup and 1-2 others I forgot.
- Privacy Badger is a useless redundant addon. Recommend an auto cookie deleting addon over it.
- Qwant is an excellent search engine. Someone (wink) exposed StartPage last year https://teddit.net/r/StartpageSearch/comments/djshn3/hello_reddit_startpage_mod_team/f49krhw/ , use it very sparingly as they hate Tor users too.
- Firefox should be hardened with a custom user.js (refer to https://spyware.neocities.org/guides/firefox.html) or zero.js (found on 4chan /g/)
- Privacytools.io is an immensely horrible website to recommend actual privacy tools or advice, as they were stopped short by some folks like me, from deploying this recommendation page for Pixels and iPhones: https://deploy-preview-1713--privacytools-io.netlify.app/hardware/ (Github ticket: https://github.com/privacytools/privacytools.io/pull/1713)
They recommend a billion other bad things, like most VPNs that either track you by lying about policies, or have been hacked in the past. Privacy may be a gradient, but it is not a partial or full thing.
I was apparently silenced on r/privacytoolsio when I enquired about this page deployment: https://old.reddit.com/r/privacytoolsIO/comments/frz365/privacytools_delists_the_great_cloudwall/fm08anu/?context=10000
Digdeeper, a friend of mine lists more things. https://digdeeper.neocities.org/ghost/fake_initiatives.html#ptio
I do not know why I typed all this. Nonetheless maybe it can help.
AirVPN and NordVPN might not be good choices for privacy, just geoblock bypassing. The only handful VPN choices good would be Mullvad, Riseup, Disroot, Snopyta and 1-2 others I forgot.
What do you mean ?
Disroot and Snopyta don’t have VPNs, do they ?Seems Disroot and Snopyta no longer have VPNs. Editing it out. Thanks for alerting me.
I dont think a 10 word passphrase for Keepass is necessary. Just 4 or 5 words already give plenty of entropy (assuming they were chosen randomly from a long enough list). Even better if you take words from different languages.
Here is another solution:
- generate a full random 12 char password, write it down on a piece of paper that you keep safe
- after a week or two of unlocking the password manager with it everyday you should be able to remember it
- burn the paper, and you have the safest setup you can ever have.
It’s less secure than or at most equally secure compared to a diceware passphrase though.
yup. 12 characters is too few
Yeah I already type that shit ten times a day, I won’t make it use double the time I already waste 😃
wasn’t startpage bought by system1 (some weird mix between data analytics and advertising agency) 🤔?
Hrm I think it was… I haven’t kept up to date on it tho. duckduckgo has lots of problems too iirc. Basically searx is the only good one privacy-wise and its barely functional imo.
yup, unfortunately the search engine niche is in bad shape to say the least: duckduckgo has gaslighted everyone into believing they are private and even bullied the tor devs to use as default search engine somehow lol
There’s also Infinity Search which is completely libre, it’s based in the USA, but I think it’s a start and it’s way better than the rest of the competitors and more functional than Searx IMO, it has some usability issues but they aren’t that big of a deal.
interesting, thanks, i’ll definitely check it out
You could test MetaGer.
It was. Its parent company is based in Florida.
What’s the issue with duckduckgo? Care to share? Thanks
yeah wow that’s awful stuff. Been using Qwant a lot more recently, any takes on it?
Not sure, haven’t read anything on it yet.
You know, I coulda also sworn I read that it was started in the US (New York)… but now it says it is the main branch is in the Netherlands. I do still use it ocassionally though.
I was using startpage for a while but when using Vpn and searching a lot with it, it suddenly stops working and asks you to fill out a form explaining what you were searching for lmao with your email attached to it or something like that. Given that I wasn’t even looking for anything remotely illegal, I dumped them after the incident.
why there is no tutanota in your list? Do you know something compromising it? upd: tutanota is among recommended by https://www.privacytools.io/providers/email/
I don’t have any email providers in there, seems kinda risky because nearly every one after a few years seems to get compromised. Email wasn’t really designed with encryption in mind like all of these new comms platforms like matrix.
Tutanota, anyways, is propietary in server side.
Tutanota is very trustworthy in my opinion. Many people in the dark web use it as their to-go email service there (I learned this while searching for places to buy THC online).
I don’t understand how being used makes it better.
I would prefer to recommend Riseup or even Disroot instead.
I don’t know about Riseup. After what happened in 2016 (click), I’ve been kind of wary of them.
Ah, good to know. Thanks.
What about Posteo?
They promote to use clean energies but as far I know, their services are provided with propietary software or it is mostly unknown.
Edited: At least in their e-mail service they promote to be fully open source, the only issue is that they references to the client side later when referencing js licenses which makes it a bit sad.
I didn’t see any other mention to FLOSS.
you know, after reading several posts on c/privacy I have such an impression that one can trust nothing: either closed-source servers or OTF funding or wrong location :)
And it is right but you can still choose the lower bad thing and even try to obtain that ideal step by step.
one of currently popular/active posts regarding funding of privacy oriented tools staggered me. I have never heard of OTF and BBG before and was really surprised that briar got funding 3! times from them. What do you personally think, is this fact corrupts briar itself?
Never trust - verify. And services that depend on proprietary server-side solutions are not verifiable. You can’t verify that they run the code on their servers - not even if the code is openly available. That’s why people self-host.
dess you recommend protonvpn but like… protonmail
takes money fromgives money to CIA-backed orgs & talks about “freeing” hong kong…also what about git hosting? i see this is on github pages (which is mad convenient, no doubt) but is there a hosting provider you recommend?
*edited to fix misinformation
I didn’t know that abt proton, I’ll remove. I use mullvad myself.
For code hosting, codeberg.org seems okay, I have all my repos mirrored there. Otherwise self-hosted gitea. I don’t have a good recommend for a VPS, except for maybe OVH.
I’ll add this stuff.
Mullvad has been pretty good so far!
wireguard is wonderful for phone battery life too.
I have set up a wireguard tunnel on my VPS (german so I can’t use it for torrents) and it works very well. Way better than openvpn,
cool, thank you for the recommends! and i love your essays, btw. i think you do a really good job of summarizing socialist ideas in a way that is easily accessible.
Thank :heart suit:
Mullvad (Sweden) and AirVPN (Italy) seem to be the best for respecting privacy from my research. The AirVPN guys are a bit dogmatic though.
I didn’t know that abt proton,
Wait, what? Didn’t know what about Proton? I don’t see that there is anything in that wall of text that established any harm from Proton.
I think people are just seeing a big wall of text and being overwhelmed by it, and concluding that it must prove somethingorother. But I did my best to squint and read through line by line, word by word, argument by argument, and either I’m just a crazy person or there’s no real concrete connection to the CIA, no anti-privacy behaviors alleged, no anti-competitive practices claimed. There’s a lot of hand waiving and speculation related to CRV and MIT, which is quite intangible and several degrees removed from any direct thing Protonmail is doing.
Contrast that with, say, Google: you can look at their privacy policy or an article about them disabling adblocking extensions, and know immediately that Google is up to shady stuff. None of it depends on speculating about their associations with second or third parties which may or may not be doing something that isn’t proven.
Where are people seeing any proof of wrongdoing on Protonmail’s part? I feel like I’m either crazy or I’m the only one here that read through the whole wall of text.
dess’ comment wasn’t a response to the long comment but response to my first comment, where i had originally said this:
dess you recommend protonvpn but like… protonmail takes money from CIA-backed orgs & talks about “freeing” hong kong…
and then realized i had mixed something up so i commented this:
i’m sorry – i mixed up two facts. it is protonmail who monetarily (and publicly) supports CIA-backed orgs, not the other way around (afaik).
and edited my first comment accordingly.
dess had responded prior to my edit, but i suspect knowing political leanings, proton would not be recommended regardless. i’m happy to be corrected. @[email protected]
I don’t know anything about the protests in honk kong, why is it a problem? (it’s a real question, not a troll)
the protests are a color revolution. it is very clear when you look at who the protesters support & where their funding comes from. hong kong is has already been freed - it is no longer a colony of britain.
any more info on where protonmail gets their money?
i’m sorry – i mixed up two facts. it is protonmail who monetarily (and publicly) supports CIA-backed orgs, not the other way around (afaik). protonmail does have a big US backer but i forget who it is so i will do some digging (and fix my original post) sorry again!!
Protonmail is a little sketch, too. Much of their funding comes from Silicon Valley, and they, in turn, are all in bed with the intelligence services. When it comes to Protonmail, it does sound too good to be true, but they may be the real deal. See: https://www.ic3.gov/Media/Y2021/PSA210115
That link doesn’t have anything to do with funding though, right? And “Silicon Valley” is extremely vague, exponentially so when you attach the claim of connections to intelligence services. You’re not necessarily wrong, but to me this is way too vague to establish anything.
You sound like a shill for ProtonMail. Are they paying you for each post you make in their defense? As all things in life, nothing speaks louder than the people who sponsor you and sustain your operation, and when it comes to that, ProtonMail is highly suspicious, even if there are no clear indicators that they are compromised. Given the evidence provided you should, at the very least, be a bit skeptical of their operation. Unless, of course, you are shilling for them here, or benefit in other way or form by making people believe that they are legitimate.
Certainly some of their funding comes from paid memberships. Beyond that, here is what my (not remotely extensive) research found:
In 2014 ProtonMail is listed as a Boston finalist for MassChallenge, (the same MassChallenge Boston who runs a US Air Force Lab), through whose programs start-ups
participate in a four-month, industry-agnostic accelerator where they receive:
- Hands-on support from top mentors and experts
- Free co-working space
- Access to MassChallenge’s unrivalled network of corporate partners
- Tailored workshops and office hours
- The opportunity to win a portion of more than $2M in cash prize
I am unsure if the MassChallenge application resulted in a grant, though there are finance sites that suggest it did.
Also in 2014, they raised $550,377 from backers on IndieGoGo In their campaign they said this:
We firmly believe that ProtonMail can only succeed in its mission if it remains independent. By raising money through crowd funding, we can ensure that our first and only priority is protecting the privacy of our users.
There are certain powerful governments and corporations out there who are in the business of controlling and exploiting personal data that will try to hinder us. If we want to live in a future where privacy on the internet is respected, we must stand together now and fight for those rights. With your support, we can make this brighter future a reality.
And yet…
They took 2 Million USD from venture capitalists at Charles River Ventures (CRV) and from FONGIT, described by ProtonMail as “a foundation supporting innovation on behalf of the State of Geneva and the Swiss Federal government”. The head of ProtonMail’s Advisory Board also serves as Director of FONGIT.
There have been people who claim to connect CRV to In-Q-Tel, the venture capital arm of the CIA, but my (very brief) research only came up with a loose connection through an employee. I did, however, find out an unrelated piece of information I would not have otherwise: In-Q-Tel lists GitLab in their portfolio. There is another (stronger) connection to the US government through CRV; a partner was appointed by Obama in 2012 to represent the US at the UN General Assembly.
It is also of note that Protonmail is advised by the MIT Venture Mentoring Service which is exclusively for the MIT community. I mention this because Protonmail has scrubbed much of the MIT influence, presumably because they think it will harm their business. This is the “about” now:
ProtonMail was founded in 2013 by scientists who met at CERN and were drawn together by a shared vision of a more secure and private Internet. Since then, ProtonMail has evolved into a global effort to protect civil liberties and build a more secure Internet, with team members also hailing from Caltech, Harvard, ETH Zurich and many other research institutions.
And this was that same page in 2014:
ProtonMail was founded in summer 2013 at CERN by scientists who were drawn together by a shared vision of a more secure and private Internet
ProtonMail is developed both at CERN and MIT and is headquartered in Geneva, Switzerland. We were semifinalists in 2014 MIT 100K startup launch competition and are advised by the MIT Venture Mentoring Service
Okay, a lot of information that helps me know more detail about various relationships Protonmail has had for fundraising.
But in terms of having any clear takeaways, this is kind of a mess. IT sounds like the connections to CIA are largely speculative, derived from possible connections of CRV and MIT, right?
that is correct.
my biggest takeaway from the search was the venture capital funding. not because i think it means 3 letter agencies are involved (which i don’t, to be clear) but because i think it compromises being committed to the best interest of their users. also on a personal level i hate that they crowdfunded with the promise they were going to remain independent and then broke that promise. it feels really slimey. how can one trust their word that they won’t break more promises in the interest of $$$?
There’s a huge huge elephant in the room here, which I feel like nobody is talking about. And it has to do with how scatterbrained, speculative, and disconnected all of these details are, and how far short they are of establishing, like really establishing anything at all. If you ask me why I shouldn’t use Amazon, I can immediately point you to an article about anti-competitive practices. Same with Google Chrome, I can instantly point you to some article about how they’re pulling adblock extensions from the chrome store or how they’re misbehaving at the W3C. It’s a straight shot to a clearly expressed problem with no speculation needed.
Normally, in everyday life, if I’m in a room with people I know, I could explain something like what I just said above and people would instantly know what I mean. But in internet comment sections, people appear to be completely unable to distinguish between speculative and concrete allegations of harm.
i don’t disagree. i only mentioned the CIA connection because if you look it up, you will find claims. hell, you can find a bunch of claims in this very thread. it is unsurprising, as any US involvement in a privacy project makes people skeptical.
facts (that can be verified on protonmail’s own website):
- proton received the funds i listed (crowdfunding, EU grants, CRV, FONGIT, possibly additional grants)
- they had teams both in the US + switzerland
- they receive counsel from MIT
- they have openly promoted orgs who have concrete connections to the CIA
that last point is why some think they are compromised. especially because they are always on the side of the CIA. even though they claim they fight for “freedom of speech everywhere” somehow that has not included censorship which is not advantageous to the US gov’t
i will never pay for protonmail’s services because i refuse to give money to an organisation that supports CIA-backed causes. as someone who cares deeply about others, proton’s support to me is what google pulling adblock is to you.
ProtonMail is a commonly acceptable email provider, and for normies it might be good to use. That said, it does a lot of privacy posing and certainly does not make you immune to 14 Eyes spooks as the email header is unencrypted on transit, and you cannot use your own PGP keys properly.
P.S. People who believe UK-USA funded HK insurrection was a protest are scared of being cancelled for criticising mainstream propaganda and/or keep their mouths shut about the past 20 years of MEA stuff. I can see this from India, though I get called “a certain party” shill for it.
Just tried OpenBoard and I love it. I used Anysoft Keayboard before but the spell checking was a disaster.The only thing I will miss is the ability to have buttons to go back and forward one character:
I just noticed that it is possible to go back and forward with by sliding on the spacebar !
So this is no by far my favourite keyboard!
I used anysoftkeyboard for the longest time, but switched to openboard after like 5 minutes of using it, the auto-correct works really well, just no swipe.
yeah I’m using anysoft right now and I mainly use it for the swipe, though without good autocorrect it isn’t as useful as gboard swipe was.
That sums up my experience pretty well!
Absolutely love it!
Any idea how we can get an option to search gifs?
was going to fork and do a spanish translation and add some libre apps I use for terminal but is on github… one will think at least they will use gitlab or gitea etc. :(
I would recommend Riseup VPN here.
how’s the speed on riseup?
The test at max speed I know was a friend with 100 Mbps who told me he didn’t notice any slowdown.
Also in LTE I made tests in the mobile version without issues.
deleted by creator
Some solid recommendations here, a lot overlaps with my own research. Good to know I’m on the right path.
Very nice
This is amazing! Thank you! (I love Lemmy btw <3) I’m just wondering about github, as mentioned by @[email protected]. I love github, but the idea of foss code being hosted by Microsoft is weird… I’m gonna give gitea a try, but how do you think gitlab compares to github?
in my research about protonmail i discovered that GitLab is in In-Q-Tel’s portfolio (In-Q-Tel is the venture capital arm of the CIA) so if that is concerning to you for any reason, i would stay away from GitLab. dess did mention codeberg as an option
Man, whoever this Dess guy is, it looks like he knows what he’s talking about.
EDIT: I suppose an /s is in order.