No matter what browser I use, every time it states my browser has unique fingerprint for Mull with uBlock and Badger installed and "randomized" with Brave. I don't even know if there are any other than unique or randomized. It will be more of an OPSEC post rather than referring to Cover Your Tracks in particular.

I got the worst results in

1. Screen size and colour depth

• one in 92k with Mull
• one in 200 with Brave and Vanadium

2. Http_accept headers

• one in 3k with Mull
• one in 6k with Brave
• one in 2,1k with Vanadium

3. Language and time zone (target's community is located in the same country as mine, so score above 200 doesn't bother me much)

4. Touch support

• one in 143 with Mull
• one in 4.35 with Brave and Vanadium

5. User agent

• one in 151.26 with Mull, probably bad, cause Chrome and Chromium browsers have nearly 70% market share in my country.
• one in 44 with both Brave and Vanadium

6. WebGL Vendor & Renderer

• one in 8.58 with Mull
• one in 314 with Brave
• one in 604 with Vanadium

7. Hash of WebGL fingerprint

• one in 8.81 with Mull
• one in 3.27 with Brave
• one in 939 with Vanadium

The rest of categories has score <10. If you think others will be crucial in my case, feel free to ask what score they got. The post would get too long if I were to list all results.

Device:

• Pixel 6 Pro with GrapheneOS
• Optionally I can look up for my good old Oppo A52 (slow af but has OEM Android 12 if remember right)

Browsers I tried:

• Vanadium 131.0.6778.104
• Mull 132.0.0 with uBlock Origin and Privacy Badger
• Brave 1.73.91, Chromium 131

Is there any way to make sure I am not recognisable by my browser data? I can't block every single cookie or data requests, as I am sure too many rejections of them will probably result getting flagged as a shady user, then admins will personally inspect fingerprints of all my accounts. This is just a downward spiral to me getting banned for making multiple accounts (my target). The goal is not to make me as anonymous as Snowden, but to spoof my fingerprint so good to get unrecognisable from the typical mouth-breathing internet users who don't give a flying fuck about so called, broadly understood online privacy. Ironically, that's pretty much reverse goal than when I was installing GrapheneOS.

Threat actor: discussion forum with invite-only registration. Something like Reddit, but they take multiple account prevention seriously. I am 99,9999% sure they ban all access via VPN, proxies and TOR in advance, so those are out of discussion. Burner SIM cards with internet access are the solution here, both for getting unique IP from LTE provider and for SMS verification during registration. Furthermore, different providers will probably give every single account's fingerprint a pinch of uniqueness (if admin staff has any way to see which mobile comm provider I used)

There's a catch: if I switch my SIM card to another one and the second one will get the same IP address as the previous one - I have to get in radius of another BTS and get different IP, or It will look like one person is using the 2 (or more) accounts. The inviter and all his invitees will get banned. Tbh I don't know how big chance there is for this making happen.

from the no-disassemble dept

Archived, if you prefer that: https://ghostarchive.org/archive/Bif16

"Between 2009 and 2012, iPhones had a built-in "Send to YouTube" button in the Photos app. Many of these uploads kept their default IMG_XXXX filenames, creating a time capsule of raw, unedited moments from random lives."

One of these good examples of failed privacy, have fun...

So many people seem to recommend this app, but its obviously not open source and requires an email to signup, which seems unnecessary. Are there any good open source alternatives that are a one-stop-shop of sorts rather than a bunch of mottled scripts?

https://redact.dev/

from the the-real-agenda dept

Hi guys As title says there is no add Button or anything. How can i add hidden items?

Archive link: https://ghostarchive.org/archive/hWxVX

Owners of newer iPhones should turn on Bluetooth and check their settings to ensure they’ll receive notifications. Under Settings, go to Privacy & Security, and toggle Location Services on. Scroll to the bottom of that page, tap on System Services, and activate Find My iPhone. Also, search for the Find My app, visit Me in the bottom right corner, then tap Customize Tracking Notifications to double-check that notifications are enabled. Also, make sure that you don’t have Airplane mode activated, or you won’t receive any notifications.

When you click on the iPhone alert for an unrecognized AirTag, you may be given the option to play a sound on the AirTag to help locate it. If you own a more recent smartphone from Apple, you might be able to use precision location data to find the hidden device.

Months after the release of the AirTag, Apple launched the Tracker Detect app for Android phones, where users had to initiate the scan. Google and Apple since have continued working together to make it easier for Android phones to detect unwanted AirTag trackers and for Apple phones to spot Android trackers. Recently, Google rolled out automatic smartphone alerts for unknown Bluetooth trackers, similar to what iPhone owners receive for AirTags.

Which printer (not 3d) is safe to use and does not have privacy risks? Transfering files via usb only without any internet connection? Should I avoid any brand or model? Namaste.

Everything I say will be generally speaking for all privacy communities so not specific to this community or another one unless I say otherwise in a short section.

Almost every single time I start a topic or make a reply and also many of the posts I read because they are interesting, there's always this one guy or several guys who have to say the same old argument about "that's tin foil, feds don't do that, unless you are a president or something like that then you don't need to have that in your threat model".

That's the divide I'm talking about because the privacy community can be split into two categories that are opposed to each other on that point. And it's a big issue because it becomes core in the types of discussions we can have.

For example in techlore's community they are very much against people who take privacy seriously. If you go to there community and start talking about leaving phone at home, using grapheneos, qubesos, intel me, etc, you will get run over by lots of angry people telling you not to talk about that and then you get censored and maybe banned. Techlore himself have made several videos recommending against grapheneos and he prefers Google. I mentioned that community because I think it's at the extreme end of the spectrum of this divide.

The problem with all the people on that end of the divide is they can't know what they're saying is true but they are saying it like its a fact. Where are they even getting those ideas from? Are they insiders working high up in the ranks for intel agencies like fbi, cia, nsa? Are there basically hundreds of Edward Snowdens out there? I don't think so.

I think the cause for the divide is unfortunately political. It's about where are you getting your news from and which political party do you prefer. We're not going to talk about that in this topic more than to say I think that is the cause of the divide.

Technology is great to discuss because it's just logic and facts and objective arguments. But bring in politics and it becomes a mess and that's the problem with this divide in the privacy community.

There's also another possible cause which is actually very likely as well, which is that at least some of the people on that side of the divide are feds spreading propaganda to get us to lower our guard against them.

The problem with both sides of the divide trying to talk to each other is all the unknown data we deal with in privacy and security discussions. And there is a lot of those unknown data. Those black holes get filled with arguments based on the political ideas from their side of the divide. It's just not possible to have discussions with people on the other side of the divide.

With all that said I think privacy@lemmy.ml is one of the best privacy communities and have done a good job trying to get both divides together but personally I mostly just try to ignore the ones from the other side of the divide and listen to only those on the same side of the divide.

Make your voice heard. Tell your government that chatcontrol is not something that we will agree on!

Links: EU document Links:patrik breyer website

Hello, while I use frontends where possible in place of the original websites/apps I do find it interesting that some of them, mostly referring to the Youtube ones still allow you to login normally? I understand this is to bypass blocks and that in theory the frontend still tries to limit what it sends back to Google but in practice how does this work without killing the privacy aspect?

It's so difficult with so many options and all these bullshit "discounts", coupled with the fact that different VPNs charge different prices based on what country you're connecting from...

What is the cheapest functional VPN you've come across? Bonus points if it supports IPv6.

Hi guys,

do you know a good and privacy friendly way to pay with your phone (like Google Pay)? I am using Graphene OS on a Pixel 8 and lice in Germany so some services might not be available here 🙈

from the new-breed-of-surveillance-statists dept

Introduction

8 days ago I made this post asking for the most controversial privacy topics. My first post answering a controversial question got so few upvotes that it was almost my worst post to date. I don't do these for upvotes, though. I do them for fun :)

So, with that, here is the second post demystifying some controversial privacy topics. @TranquilTurbulence@lemmy.zip asked "VPN: essential or snake oil?"

I try to avoid topics that have been thoroughly answered multiple times, or has such a direct answer that it would be too short to make a post about. This topic is a bit of both, but worth writing anyway, because I do have my own insights.

Some people didn't like that I break the main question down into multiple sub questions. It is valid criticism, but it's my style of writing, so I will stick to what I'm good at.

What does a VPN do?

A Virtual Private Network (abbreviated "VPN") is a way of proxying your internet traffic through a third party. There are many reasons why you would want this:

Hiding your IP address: VPNs will replace your IP address with a random IP address assigned by the VPN provider. IP addresses are unique to your router, meaning you can be uniquely identified. IP addresses are usually static, meaning it never changes, but sometimes your ISP may assign you a dynamic IP address, which will change every few months or so. If you open up ports on your router (for various purposes), it can leave your network vulnerable to certain attacks as long as the attackers know your public IP address.

Hiding your location: Your IP address can narrow your location down to the city you live in. In some cases, such as shared Wi-Fi (like on a college campus) or public Wi-Fi, the IP address can be more easily identified to the specific block or building you are in. Any internet connection made can see your IP address, and can automatically use that to attempt to locate you.

Encrypting your traffic: VPNs can allow your traffic to be encrypted, so that your ISP or other people connected to the same network can't see which sites you visit or (in some cases) what data is sent. The reasons why this is important are too long to list, but you can work it out on your own.

Network based ad blocking: Some VPN providers allow you to block ads before they even reach your device, which can increase your loading times and save you data on metered connections. This can be achieved without a VPN through your own DNS filters, but it is a feature of VPNs too.

Access blocked content: VPNs can be used as a way to bypass censorship if your network regulates your traffic (such as at an office or school). A VPN can bypass these restrictions, allowing you to access content freely.

Accessing region-specific content: Content on streaming services such as Netflix, video sharing sites such as YouTube, or many other services may restrict what content is available to you based on your country. A VPN can allow you to bypass these restrictions in some cases.

Those can all be ways to enhance your privacy, security, anonymity, and freedom while browsing the internet. VPNs do come with some downsides, though.

What are the downsides of using a VPN?

When you browse the internet without a VPN, you are placing your trust in your ISP or cellular provider to uphold your privacy, and placing trust in the network devices such as your router to uphold your security. In practice, that is almost never the case. Using a VPN doesn't automatically make it more trustworthy, but it does place that trust in the hands of your VPN provider instead. Some VPN providers are more trustworthy than others, but there are good options to choose from. You still have to trust an entity to uphold your privacy and security, but VPNs can be a much better place to keep that trust.

Not everyone may want to use a VPN though. Besides distrust, VPNs have other downsides. VPNs will slow down your internet speeds, may block certain functions such as torrenting, and may incriminate you in some countries. Ultimately, the choice to use a VPN is yours.

If you believe the upsides outweigh the downsides, then a VPN is a good tool to have. If your threat model requires anything a VPN provides, it's an essential tool. Some functions of a VPN can be achieved through careful setup of a DNS and elite anonymity proxy, but VPNs will always be the easiest option.

Which VPN providers are the best?

There are currently 3 top VPN providers for privacy. All of them are open source, and all of them have their pros and cons. I haven't listed every feature for each, but here are the notable differences:

Proton VPN

Proton VPN provides a free tier VPN with some functionality limited, as well as a premium tier if you have a Proton subscription. If you already have a Proton subscription already, and don't mind putting all your eggs in one basket, Proton VPN is a good option.

Mullvad VPN

Mullvad VPN is probably the most private VPN available. It is only paid, but it allows you to pay any way you want, including cash and cryptocurrencies. No signup is required, because you are given a randomly generated account number for payment. You can regenerate the number at any time.

IVPN

IVPN is unique and relatively unknown. The main benefit I see is that it is the only VPN of these three that is available on Accrescent for Android, allowing you to have extra confidence in the integrity of the app. Eventually Mullvad VPN and Proton VPN will be available on Accrescent.

These VPNs will uphold your privacy and security, and won't log your internet traffic. VPNs in the past have been used to aide law enforcement by handing over those logs, so it is good that these don't.

Conclusion

VPNs can be an essential tool if you need them, and there are options that respect your privacy. Always be aware of the risks, no matter how trustworthy a VPN provider may be. Thank you for reading!

- The 8232 Project

Has anyone else received stuff like this?

I knowledge there is a lot of dns filter available on the internet. I use a lot of them in my pihole system, next dns, and adblocker .But in some way i found that they don't contain a lot of domains. Maybe they are not tracking or ad but i found that if you block them there is no effect. So I'm making a list of them. So do you have your own list? That one i made is too strict most Google services don't work without them but I'm good without it. So i want to know if you known about any of these unnecessary domains. If you known please share for everyone.

Which one will you choose ? Also what you guys think about the adguard https filter in the view of privacy ?

I can’t use them because I can’t convince anybody to switch with me. I talk to most people on discord and I’d rather move to using Matrix, but I can’t convince any of my friends or family or anyone I know to use anything else.

I'm thinking of getting a fairphone in the future. I like that they are modular and last a while. Are they easily customizable to where I can flash a different ROM? Is the default configuration private?

They all have iPhones and Google Android. Since all my calls and text messages are monitored on their phones, am I causing any additional harm to myself by using Google Messages on GrapheneOS? That way I could at least use RCS messaging.

Supposedly, he sells out of his phones but I haven't seen any review or unboxing videos for the Brax 3. I know that you can ask for iodeOS or Ubuntu touch.