Ah; yeah. Mullvad Browser is what I mean clearly; as I mentioned it’s maintained by a company, which while they are currently trusted by most people; are always a few management changes away from becoming corrupt and abusing customer trust.
In general Fwy does not agree with the Privacy Guides assessment; and feels that the concerns about the project are simply not credible without stronger evidence of excessively slowed or missed updates.
Project devs do have lives and I’m not personally going to punish that; so long as the software remains reasonably maintained and free of bugs while still considering the project’s number of devs.
Is it better than Mullvad Browser? Probably not in the strictest sense; but I’m also not happy with “Mullvad Browser” either; as this browser makes more choices that breaks functionality than Librewolf does in the pursuit of privacy.
Additionally; I cannot trust that “Mullvad Browser” will not enshittify; it is maintained by a company who is REQUIRED to some extent to make profits. That breeds enshittification. Mullvad would be one bad CEO or core executive team shift away from potentially being targeted as a profit vehicle and it’s privacy benefits weakened or removed entirely so the company can make money.
In general I trust Librewolf on a pretty regular basis to protect my privacy when my Addon-driven version of manually hardened Firefox breaks up a websites functionality too badly. It provides essential privacy protections without breaking too many things and serves as a good baseline browser.
As a rule; I keep several different browsers installed to mitigate lack of website function and isolate away any websites that would be more invasive in what privacy protections must be disabled to use properly. “Setting-Hardened and Privacy-Addon-driven Firefox” is what I use day to day, but “a semi-Amnesic* Librewolf (Incognito windows if untrusted website)” is second and is used daily in trusted website scenarios or in case a website is breaking too badly from plugin interactions. Finally; a fairly vanilla and infrequently used copy of Ungoogled Chromium is kept on hand for situations where Chromium is just required; where I can spin up empty profiles easily for anything I don’t trust and configure it to just flush everything on exit.
Freetube is a useful project as it allows you to “fallback” on a non-preferred frontend.
https://github.com/FreeTubeApp/FreeTube
This allows you to continue to use Youtube irregardless of which frontend is (potentially not) working.
In ‘Settings > General’ you’ll want to select “Invidious API” as your “Preferred API backend” and specify your favorite invidious instance in the “Current Invidious Instance” field and click “Set Current Instance as Default”. This locks FreeTube into the specified instance.
Then, when you notice that FreeTube is issuing notices to you about your favorite Invidious Instance being down, you can wander back to ‘Settings > General’; hit the “Clear Default Invidious Instance” Button and wait as FreeTube magically contacts the “https://api.invidious.io/” page for you and selects a new, and hopefully online and working Invidious instance. (You may have to hit this button several times to roll a working instance, Hit the button, check the subs page and see if everything loads, repeat if it falls back on the Local API.)
When you run into instances where you can’t roll up a good Invidious instance; the built in Local API is running a NewPipe Extractor like API directly from your FreeTube client. Not the best; but at least it keeps things working while you wait for the Invidious devs to fix things up; and it still reasonably preserves as much of your privacy as it can while doing this to the best effort it can.
…Sadly this doesn’t work when Google manages a double combo of breaking both Invidious and NewPipe; but I have found that this is less often the case and the devs of either project are usually fairly quick about getting fixes out. Bless their hard work with a donation sometime maybe, if you can.
That’s not third person; those are specific pronouns that Fwy uses personally.
If I can’t buy it, and own it, for a reasonable price - Piracy is acceptable. Copyright holders are required to sell/license their product in an accessible and reasonable manner in order to assert their copyright over consumers.
If I can’t legally obtain a copy for a period of time longer than a year - Piracy is acceptable. Withholding copyrighted products to make them artificially scarce or to manipulate sales of other products is the same as the previous scenario; it is a failing to sell your product in an accessible manner.
If the only manner of sale is ‘a streaming license of the content’ - Piracy is acceptable. If I cannot go to any retailer and buy a physical copy legitimately, expect users to ignore unreasonable terms of sale to access their content in a format of their choosing. This physically sold copy may be reasonably more expensive than the digital license edition; but not over significantly in excess of the cost of box/media/cover art. Make a profit; not a mint.
If the only version of physical media is over-encumbered with Rights Management or other digital restrictions - Piracy is acceptable. Sold physical copies must be playable on any compatible device as determined by the media format with minimal exceptions. We shouldn’t need to connect our BluRay players to the internet every month to pull fresh certs down and lose the ability to play new BluRays when the player runs out of cert storage or becomes unsupported.
Wireguard can be configured to proxy specifically only any requests across the DNS and Encrypted DNS ports and protocols. It is extremely capable of being lightweight and not carrying all your traffic.
Fwy would recommend it; if you feel you can afford what they charge for their paid usage plan(s).
Fwy has used it for our own house; and it serves as the main DNS resolver for our PFSense box running in forwarding mode. Fwy is however transitioning to PFBlockerNG; and it’s own ability to block things via DNS locally; but will still be using NextDNS and probably Adguard’s DNS servers as backup/bootstrap resolvers once the plan Fwy has paid for is expired…assuming our house does not vote to keep NextDNS.
Either way; it’s only like about $25 a year if I recall correctly. Fwy doesn’t hate using NextDNS and it is a very good resolver; with lots of useful controls and portability as well as offering proper encrypted DNS service; which is invaluable on weird networks you may encounter when using cellular service or on the go via WiFi.
Further tip; Simple Login offers premium domains that aren’t listed and therefore have less negative reputation; as well as offering “Subdomains”.
I urge anyone who feels they can afford to pay for what SimpleLogin can offer to do so for those features; they’ve given me a pretty flexible subdomain which I use frequently. Wildcards are another helpful feature; particularly for subdomains; which allows you to “make up email addresses” on the fly and have them routed appropriately depending on whatever keywords you include.
lol you are so wrong.
TL;DR: I think this video oversimplifies the analysis according to the cards and gives Graphene OS undue weight without going into sufficient detail as to why each scored under each category.
I actually don’t agree with this video; and firmly believe it is more than a little biased.
For example, the Pixel, AOSP and Android are given several undeserved points due to lack of proper information or understanding of how certain features work. I imagine this is the case too for the iPhone; if a bit less so.
The review apparently doesn’t deep dive into settings or attempt to maximize privacy by turning off unwanted ‘features’ when settings switches are available to the user; nor does it assume that you set up accounts in as private of a manner as reasonably possible or toggle off as many default-on consent switches as needed.
While I would support scoring and dinging each case or instance for “Privacy Settings that don’t actually work”…this video really doesn’t do a lot of legwork and leans on the anecdotal evidence of scary news stories too much.
Worse was the fact that the entire video felt like they were shilling for Graphene OS; which is known to have a slightly unfriendly maintainer and community surrounding him to say the least.
No mention of Lineage or other privacy oriented Android ROMs were analyzed. AOSP too, was unfairly lumped in and dinged for specific points of the Default Pixel configuration…and yes there are major differences between AOSP and Pixel Android; even though Google tries to be less in-your-face invasive than the other OEMs. Not enough credit is given for the “On-Device” smart features implemented properly on the Pixels.
Out of personal experience; I’d actually rate a proper Lineage OS install of 4 whole Android versions ago to be more private than stock. Not quite as private as Graphene; but not quite as invasive and much more enforcing of privacy. The debloating provided by a clean AOSP-like ROM, such as Lineage, as opposed to a “Stock Android” configuration from a major OEM is stark.
Most importantly I personally feel that the privacy model chosen for the video is far too thickly detailed for an average person. Most of the privacy concerns listed on each card contained concern points that might only tangentally apply or don’t apply at all to mobile phones. The way that each card was scored and applied felt low effort. None of the points on any of the card(s) were weighted with average users in mind.
I really hope someone goes into a much deeper dive; this video is basically clickbait that parrots the commonly parroted advice in the privacy community; which isn’t even good advice, it’s just ‘One-Size-Fits-All’ style advice which gives the user no room to make necessary ‘Privacy vs Convenience’ tradeoffs that they themselves could have made if they understood proper threat modelling.
I’ve always hated Crustyroll.
Crustyroll got it’s start by standing on the backs of good noble fansubbers who provided their subs for free; and now they’ve come full circle. They became an enemy rather quickly when it profited them.
Actually; (basically) SIP over (basically) IPSec sounds pretty correct. Wish the dense technical manuals I read had explained it that way; makes a lot more sense to me as a Net Admin type of IT person.
I do remember reading that the protocol was basically encapsulated. Dunno about any encryption; probably there’s not any at the IPSec level. I do know that the SIMs themselves probably contain certs that have some value; I just don’t know if they handle any encryption or if they’re just lightweight little numbers for authentication only.
If I’m understanding how 'WiFi Calling" works; it’s still “identifying you” to the cell provider the same way; via your SIM. The only difference is they don’t get an exact location because you’re not using any cell towers typically.
I do suspect SIMs and eSIMs are still doing all the heavy cryptographic signing done on a typical phone network though…they’re just not screaming your IMEI/IMSI all over open or even encrypted airwaves; nor is a WiFI signal triangulate-able typically due to it’s short range.
They certainly make it easier to do so; by making it a switch you can toggle; which allows you to generate an identity; or choose not to and roll with the identity they’ve already seen.
Agreed.
Without concepts of privacy; things will soon fall into fascism.
(People can’t DM you)
This is false. However, you must generate an “identifier / group / channel” for them and share that link out-of-band to them." Basically it means nobody can slide into your DMs unless you yourself consent to it and forge a connection with them to do so. It does offer a way to invite other users to chat; but the other user must consent as well…which makes it far safer usually.
Keybase is better than Signal. You may not like it’s current owners but it still works, still functions, and can be used to chat privately. It’s entirely OSS on the client side; and server-side software isn’t provided; but with an open Client; it’s likely trivial to reverse and re-implement your own. (Keybase itself doesn’t provide their server code; it’s private due to abuse constraints)
Keybase is End to End Encrypted. It may not be as “feature rich” but all features are private.
I’m not sure if it’s indev anymore though; and it does allow you to be as public or as private as you’d like to be about your identity.
Actually it’s not that hard and it’s even probably possible to even host SearXNG on the same hardware, or kind of hardware, that you’ve hosted your Pi-Hole or DNS server on.
I actually self-host my own SearXNG and Invidious instances and customize the settings on both, and it’s super useful. (Example: My SearXNG instance is aware of my Invidious instance on my network and will use it to load videos when Invidious is queried via the !iv bang. By doing this I’m not relying on public invidious instances so much; which oftentimes experience downtimes…because youtube hates those more, and frequently bans the public instances.)
This is all doable with a little bit of Docker or Podman action and a bit of editing the appropriate YAML files prior to composing the containers.
So you might be able to spin up a SearXNG instance locally on your network for her to use and configure it to use Google and any other search engines she might prefer. Then use something like LibRedirect (Firefox and Chrome plugin) to redirect her to the local SearXNG instance. (instead of using Google)
A video about setting up SearXNG: https://www.youtube.com/watch?v=UBLypfM9U-g