91
linuxxx
3y

I don't use Google/Facebook for privacy reasons (and their sub-services etc). Haven't used them for ages but noticed that google still loads a lot of domains like analytics etc. This goes for facebook as well.

I now blocked a lot of google/facebook domains through my hosts file.

It's funny to see the amount of DNS requests to those fb/google connected domains nearly go to zero and also the fact that I literally can't load google/facebook anymore!

Comments
  • 1
    I would love to see your host file. Have you got it uploaded somewhere?

    Edit: @linuxxx Thank you for the second comment! Will check all of these
  • 21
    @Letmecode Glad to hear that you find some stuff I post useful :).

    Google Maps: OpenStreetMaps (https://openstreetmaps.org). It actually does a better job than google maps for me in general!

    Google Docs: There's a kind of privacy based alternative (paid though :/) called Kolab. Also, might want to take a look at (although not really like docs but kinda different) Etherpad!

    Gmail: Either Protonmail (although that one seems to (imo, seeing the paid plans, vpn plans and the available jobs) become commercial kind of but still open source I thought) or TutaNota (https://tutanota.com or .de (yes, german based!). Both end to end encrypted. I'm personally a tutanota user for uhm.... about since it started! Love it and use it loads and loads.

    Google Analytics: Piwik. Use it for multiple sites and it works great!

    If you miss anything, surely let me know as I love recommending stuff on privacy etc!
  • 7
    @Jilano not yet but I could make a public git repo if you'd like? (gitlab though but hey public anyways :P)
  • 3
    @linuxxx Sure, works for me! Thanks
  • 3
    @Jilano No problem! Getting onto that right now.
  • 5
    @Jilano I hope this will work? Let me know please :).

    https://gitlab.com/joostlinux/...
  • 2
    @linuxxx
    Please do make and share it.
  • 2
    @Gowtham95india See the link above your comment!
  • 14
    How to Detect A @Linuxxx Post (the ultimate guide):

    Step 1.: Search for 'I'm not using Facebook or Google'

    THE END. πŸ˜‚πŸ˜…
  • 2
    @Jilano @Gowtham95india is it working πŸ˜…
  • 2
    Thank, you mister @linuxxx !
  • 1
    @linuxxx is there a special reason that you use gitlab and not github? something to do with privacy?
  • 3
    @404response Mostly privacy, yes. I want to control whether or not other people can access my code and GitHub only offers that for paying users or like 1-5 private repo's I thought. Also the general tools that GitLab offers are more awesome in comparison to GitHub and you can run your own GitLab instance!
  • 1
    @linuxxx ah ok. I also use GitLab and I even tried to run my own GitLab server on my raspberry pi. I installed it but gitlab was too much for the small pi. :(
  • 3
    @404response D'awhh that sucks :/.
    @Jilano You're welcome! And mister linuxxx, I like that. :P
  • 3
    @linuxxx Thank you kindly good sir! Bravo πŸ‘πŸ½πŸ‘πŸ½πŸ‘πŸ½
  • 1
    Have blocked most tracking stuff both in my router and in my browsers. The only Google service I use is YouTube really.
  • 9
    @Letmecode Wait. Did I just 'create' another tutanota user?! The nice thing is that the support staff (aka literally the devs) is very nice and responds as fast as they can. They don't charge much (1,20 per business/premium email account, seriously, for that amount of added privacy, that's nothing in my opinion!) and since everything (except for some metadata, they're working on that) is encrypted client side, the authorities can request information from them as much as they want but your email subjects, contents, attachments and your whole fucking address book is encrypted so good fucking luck with that!

    It just gives me a peace of mind, knowing that I still have control over some of my data :).
  • 2
    @Letmecode Also, emails sent to/from general providers to/from you are also stored in plaintext (or, accessible to them) on their servers but when you email a fellow tutanota user, the emails are actually end to end encrypted :). Also, you can encrypt an email to a regular user and share the password/secret with them through another medium!

    I use it for my business as well with a fellow friend so everything stays end to end encrypted as for business communications.
  • 2
    @linuxxx @Letmecode Wait that last comment partly did not make sense. Tutanota never has access to your encrypted contents! (some metadata though but they're looking into ways of getting that encrypted or so as well)
  • 2
    @Letmecode Also, their blog articles are great and might want to take a look at this: https://tutanota.uservoice.com/
  • 3
    @linuxxx @Letmecode Lastly (Otherwise you'll really get annoyed by me), this link explains what they can/cannot access: https://tutanota.uservoice.com/know...
  • 1
    @linuxxx which mobile os do you use?
  • 1
    @YourNemesis Android currently. Too badly not AOSP WITHOUT google services yet because my device isn't supported by custom roms but I about literally block everything googlish through a root firewall.
  • 1
    @linuxxx cool πŸ‘
    Wouldn't it be great to have an ungoogled version of Android, capable of running apks (collab idea maybe?)
  • 1
    @YourNemesis is that even possible? I mean Android was made and is being maintained by google
  • 2
    @404response I have no idea :P just an idea that came just now
  • 4
    @linuxxx real heros don't wear capes apparently
    Good work here, sir
  • 4
    @dontPanic real hero? How do I even come close to that :P. Thanks though and you're most welcome!

    @YourNemesis @404response As long as you install AOSP (Android Open Source Project) without google apps, you're pretty much fine!
  • 1
    I don't get it. If you people don't want to share/be investigated, why won't you host your own git/mail/wtf service? It's not that hard after all. Dedicated servers are quite cheap, same goes with good enough internet connection with public ip and decent uplink. You can get your own certification service (gpg/pgp) and rely on LetsEncrypt.
  • 1
    @linuxxx oh, that's nice
  • 1
    @mt3o I don't exactly get what you're referring to but I do have multiple servers and every domain I have runs on a letsencrypt cert as well. Besides that, what's your point? (not meant offensive in any way but I for real don't get it :)
  • 3
    @linuxxx you know, all people (all who i know) who 'care' about their privacy, have mobile phones, registered cars, bank accounts, they block 'some' social services (but still allow tracking by dozens of them), they don't know their server certificates, to detect counterfeit, and to send emails using some third party instead of setting something on their own. Look, you exchange emails, right? At least metadata is public (to/from/date/ip/location more or less). At the end of the day, your email goes to a regular user of a spy-company where they got you. That user has to read that mail somehow and probably this will happen right on his screen.
    Each website you visit can track you by all those presented headers they see, and by cache marked by ETAG.
  • 2
    @linuxxx would you consider putting all the non FB/Google alternatives in the GitLab repo? Maybe an .md file, where you put in the services by category. I'd love to have such a ressource.
  • 2
    @mt3o Mostly true. My mail provider strips ip addresses at least and except for to/from/date everything is encrypted with my public key.

    I block every tracker etc I can network wide on my VPN and I am always connected to my VPN with any computer I own/I am using and as well with my smartphone. I use Signal/Riot (with end to end crypto enabled) as well as Keybase (blockchain/GPG) to stay as anonymous/encrypted as possible.

    Websites tracking me? Nope. Sorry but that one isn't the case for me mostly. I use so many spoofing/privacy addons that that becomes highly unlikely.

    Bank acocunt? Yes, too badly I can't live through bitcoins yet.

    You have a point, definitely but invalidating everything someone does to protect themselves because they use one or two things that can be tracked is not appropriate in my opinion. (not attacking you personally nope!)
  • 2
    Hell, even if you use live-cd TOR dedicated system (possibly inside VirtualBox), you can be tracked by your behavior, but what sites you visit, how do you type on the keyboard. Your phone can be tracked (and MITMed) by femtocells (mr robot, season 2 if your curious)
    You are tracked by mobile phones and strip android from Google stuff. But do you know what is doing the internal modem with its processing power? It can track you down with ease.
    Learn something about TPM chips in your PCs and learn what are long term plans for huge companies regarding your devices. Google Drive is pretty safe compared to what do they plan to do. To what is NSA capable of.
    But that's digital. Let's talk about real life tracking. You have bank account. Credit card. Go to same shops use similar routes. Your car probably has GPS module and can be connected to internet.
    Each gas station has a camera, that allows tracking you. Banks track you. And big data allows them to fill in all blanks.
  • 4
    @Wack I actually feel honoured that someone would like me to make a document of such thing so of course, my pleasure! (might start out tiny but grow bigger and bigger :)
  • 2
    @Letmecode DuckDuckGo for search engine? Tho Im sure it was mentioned before
  • 3
    @mt3o I am fine with anyone giving me advice on how to stay more private and retain some privacy but please don't debunk me on everything I just said. Yes, it's very hard to stay entirely private nowadays and I actually don't intend on doing that as some form of surveillance will be needed imo (local shop with a security cam to try and keep robberies to a minimal and so on).

    But implying that the measures I take don't help in any way? Sorry but I don't accept that.

    As for cars, I don't have a drivers license and there are some things I can't live without simply because it is the way it is (public transportation, for example).

    @jckimble @jpichardo help me out here.
  • 2
    @linuxxx

    I just read your comment about making repo and instantly I replied without reading all comments. Later I saw that.

    Thanks :)
  • 2
    @linuxxx I can continue my ranting :-D
    Please, read book about Snowden by Glenn Greenwald. Read AS MUCH AS YOU CAN about Richard Stallman and way how he uses the internet.
    Also, read on how the guy from SilkRoad got caught. How carders are going down. Oh hell, read about Gestapo, Stazi or secret services in old soviet block countries before 89y. In Poland the SΕ‚uΕΌba BezpieczeΕ„stwa had a guy at each corner of the street noting car plates. Each city block had a 'janitor' who was working with the suites.
    Literally, there is nowhere to hide. At one point you can accept some level of being exposed and vulnerable and then you can profit from it. Like mail client that reminds you to add the attachment. You can benefit from this by getting a text when your kid leaves home /school or have 'pannic button' in his watch. Your dad with cardiac problems can have smartwatch watching after his condition and calling for help.
  • 2
    @linuxxx
    For me - only thing worse than being unsecured is thinking that to dropped all insecure stuff so your safe and in reality you can only 'think' you are secure.
  • 3
    @mt3o Oh I know. I am not saying you're not making valid points. I am just getting the idea that you're trying to debunk every fucking argument I make and every measure I take (which is a shitload) and that's really starting to fucking annoy me.
    Yes, there are definitely places to hide. At least, I believe so.
    Is it easy? No, definitely not but at least don't pretend like I know nothing about privacy (Yes, I am getting that feeling badly).
  • 3
    @linuxxx @mt3o while it is difficult to be completely private, saying that makes no sense to take measures is like saying there is no point in programming because tthere will always be bugs and stupid people who will make ur job harder
  • 2
    @linuxxx
    Honestly, I'm thrilled about showing you how many weak spots are in your policies/tools/ideas/lifestyle, but that's definitely not the place and time. And I'd don't want to have the reception of some stalker-geek.
    This stuff is like created for me, since I'm bipolar and from time to time I'm just a step from mental instability. You don't want to know how many ways to be tracked are there and how many new can be found out by insane man. And as wise man said, genius and insanity are the sides of the same coin.
    So if I don't want to end like Elliott Alderson, I have to eat my meds and stay in 'reasonable - and - healthy' line where regular people live. Use Google, omit FB, use TOR for shady things, remember what I'm doing with my can, where I can pay in credit card, where should I use the cash. And when to silence the phone my putting it in the microwave oven. Using Google and gmail is reasonable for me if I do backup my data.
  • 2
    @jpichardo nah, programming is not about removing bugs. It's about solving problems. Stupid people? It's getting more and more of them. You have to know how to deal with them. Without going mental.
  • 2
    @mt3o Congratulations. Glad that you're thrilled about that. But did it ever occur to you that it's useful to watch what you say sometimes? I don't mind people pointing out where I could improve privacy based stuff but the way you are/were doing it crosses a line for me. To be honest, not many people know how to piss me off for real but you managed to. I am not saying that to make you feel bad or anything but seriously, please don't try to invalidate everything I say. I do my research. Although I deffo don't know everything (who the fuck does anywyas), I already go way beyond where most people stop regarding privacy protection.

    Also I am not sure how the fact that you are bipolar fits in this conversation? No offense, just don't get it :).
  • 2
    @linuxxx sorry for making you feel uncomfortable. Maybe I'm old fashioned, but spying and data analysis and cryptography are much older than IT. If you focus on the new aspects, you have your back open for traditional investigation. Read a book by that Japanese guy who claims to be the one who catched Kevin Mitnick. Seriously, read some books about corporate espionage, investigation techniques, add your knowledge and imagination and you will know where we are now.
    Some time ago crew from OkCupid shared some insights on correlation between totally unrelated people habits and traits. Its amazing what did they had there.
    Really, there is no place to hide. Starting with no physical location and keeping a place in society.
  • 4
    @mt3o alright I'm probably going to piss off a few people by saying this but you're right, there's no way in the current state of things to be completly private. Now that thats out of the way, you can always have plausible denyability which can keep you out of jail. As for banking pull out cash at the ATM, sure they know you pulled out $100 but they don't know where you spend it even less after you break the bills into smaller ones. public vpns drive on this idea, without logs on whos doing what a judge has no proof on who did what.

    But no matter what arguements you come up with one thing always is true "privacy is picking what you share with people, security is protecting what you don't". And for this one fact makes it possible to remain private by picking little info that doesn't matter to feed to the pidgins to steer them away
  • 2
    @jckimble Fucking thank you. By the way, with saying you could remain completely anonymous I basically mean that you can make it very fucking hard to be traced back. That's all.
  • 2
    @mt3o Although I appreciate the apology, you stil keep going on with throwing in material which suggests that anything I've been saying for the past idk how long is bullshit.
  • 4
    @Linuxxx I would love to have the file @wack described. I enjoy reading all you have to say and am interested in looking into more of your suggestions
  • 2
    @QueenMorgana Currently working on that!
  • 2
  • 1
    @linuxxx why bipolar fits? It strengths some fears one day and boosts curiosity/creativity/freshness on the other day.
    If you have seen 'beautiful mind' about John Nash, it's something similar, minus seeing people. Sort of. Read about a guy, hard core mental, who was 'gonna be agent' of american and russian intelligence. He changed his profession, all habits etc driven by his mental state.
    For me - it makes EASY to spot any tracking device, someone following me, hidden microphone, etc etc, whether real or imaginary. And when you wonder that if it was imaginary then you find out that 'this was possible'.
    Once I believed that I've been watched using wifi and BTW​ radiowaves. That someone used plants as a bug (plant acts as membrane in microphone moves and that move is recorded by laser, then transformed into soundwaves) . Few years later, I found out that IT WAS POSSIBLE to do this.
    After being on meds, I keep healthy distance from such fears.
  • 2
    @linuxxx if you do have like a lot of (too much?) time, it would be awsome to include small tutorials on how to set up stuff. By now I'm pretty good with CLI in Linux, but for beginners or people just wanting to try things, that could be awsome.

    Btw. What do you think about https://pi-hole.net ? Ijust ordered a Turris Omnia (https://omnia.turris.cz/en/) and am thinking about installing it directly on the router as DHCP service for the whole network. I'm also planing to add VPN to it and maybe route all the traffic through TOR (not sure about the last one yet). Anything else you would add to it?
  • 1
    @jckimble regarding using random ATMs, its followable. Any means of transportation is trackable. Do you know how was caught the sniper shooter who used modified van, probably in NY?

    ... reading on
  • 1
    @jckimble you wrote 'judge'. Snowden provided that's completely false. Judge is, well, figure of speech these days. In my country they are creating a spec ops with more authority and allowed to do literally everything they want. Including surveillance of any kind and hacking. And some say that minister governing this is on Russia payroll... I don't trying the government.
  • 3
    @mt3o yeah, so? i pull out $300 a month to live on. You can track me one day out of a month other than that you have no way to track what i spend my money on. And on that one day a month i don't really give a damn if anybody knows what i do. Cause i blend in where tracking makes no difference
  • 2
    @Wack I don't have much time at all tbh but this is deffo something I'd put my rare spare time into! It's something I love doing (educating people on privacy/security thingies) so why the hell not! Might put it on a website we've got going on for a group FOSS (free open source software)/Linux chat as well! @QueenMorgana You'd like small tutorials as well?

    @Wack Next to that, Pi-Hole is awesome! I wouldn't install it on a router but put it between the router, your network and a firewall like a friend of mine has done. Feel free to ask my ears off my body :P
  • 2
    @mt3o plausible denyability. You set breadcrumbs where they don't snoop in your life far enough to warrant the use of the time and resources
  • 5
    @mt3o not a professional, but from the general knowledge I do have, I think your diagnosis is causing you to see the extremes. Yes, no matter what you do, it is possible to be found. But the point I see being made over and over again here is that EVERYONE HERE understands that it's damned near impossible to stay fully anonymous, especially when you work in technology.

    However, if you make shit hard enough, which is what is going on here, it makes it much less worth the effort.

    Security in general is never a guarantee, because there's no way to have one time pads for all your accounts and every transaction you perform on the internet and in real life. As long as you're computationally secure, ie- you make it take more time and effort than the "reward" Is worth, you have relative security.

    If you ever leave your house, you can be tracked by footprints, shedding hair, fingerprints, etc. You attacking someone on here and belittling them rather than CONSTRUCTIVELY giving them suggestions and pointers, is doing nothing to help others learn how to stay secure.

    I'm sure you have plenty of good suggestions, but arguing as you have been is putting a lot of people off from wanting to listen to you.
  • 0
    @linuxxx same for me and the file, since I'm currently trying to move away from Google & Co and stay more private and secure. Btw which Android Browser are you using? I'm currently using Firefox Focus and it's just great.
  • 1
  • 1
    @linuxxx if you have the time. I have very little free time to go through them, but eventually I will, and they would be most appreciated. Just don't stress over them, I'll do everything in a vm so I can delete it if I break things by leaning πŸ˜‚πŸ˜‚
  • 0
    @niederschlag Combination of Firefox Focus as well (it's fucking awesome imo!) and Firefox in general with loads of anti tracking addons :).
  • 0
    @niederschlag I'm not @Linuxxx but ddg has a browser, and tor has a mobile browser
  • 1
    @linuxxx well, we can have an agreement that whatever stuff I post, specifically not agreeing with you, or simply you dislike, you can skip,don't read, mark as offensive or sth;-)

    To b clear - I don't want to withhold you or anyone from keeping their privacy safe. I want to encourage privacy. But also make people aware of other possibilities of having privacy hijacked.
    Oh, look. Its like being healthy. You can eat clear, pure food, live in a bubble, stay away from bacteria, eat lots of antibiotics, but this will keep you more vulnerable not healthy. You should have immune system trained to deal with various pathogens and possibly force-train by vaccine in fighting nastier bacteria.(having distance, knowing how much you can expose, what are possible costs, learn how your data is being used) This still won't be perfect so you have to keep away from troubles, like from sick people and use condoms. I don't want to prove that you will get sick someday, but I want you to know how you might
  • 1
    @QueenMorgana Whatya mean with 'I'm not Linuxxx'? I am not some kinda god, I just spend a lot of time on research/testing/trying out privacy related tools :).

    I like both those browsers a lot! The thing that still bothers me about them is not having the ability to install addons that further enhance privacy. You're entirely appointed to what they provide and that level is too low in my opinion :). Even if it would be enough, they're still not giving an option to extend it to someone's specific needs and that still kinda bugs me.
  • 1
    @linuxxx I mentioned that im not yoy so couldn't answer what you personally use.

    I only use browsers for basics (looking up when something closes, etc) on my phone so they're ok for me. Anything more, I use my laptop
  • 1
    @QueenMorgana thank you!
    I for sure see extremes. And don't want to attack everyone. If anyone feels offended, sorry, that wasn't the point. Really.
    Hrmpf, about being constructive, I suggested setting up own server to keep e-mails and git and stuff.
    Perhaps I should have stopped there.
    Anyway, I love what you said.
    Thank you! You are great!
  • 2
    @mt3o again, like I said eariler you ARE right. if somebody targets you and they have more time and resources than you, you are pretty much fucked. but with you not being constructive and just saying "it's useless" in other words of course is like saying somebody might as well post their passwords in plaintext for the world to see. The point i'm trying to make aslong as you put more time and effort in keeping your data private its harder for somebody to get to. most hackers go for low hanging fruit meaning if they don't think they have any reason to spend the time and money hacking you they arn't going to waste their time and move to an easier target. as for FBI,CIA,TSA,NSA, or whatever your country has as long as you keep off their radar they are going to go after more promising suspects cause every second they waste on you is a second they could have been using to stop somebody that they know is going to start trouble
  • 1
    @linuxxx
    Going for constructive stuff...

    You only test the addons or investigate what exactly are they doing?
    Have you tried inspecting what is happening behind the scenes of such addon? Or what tracking software is installed in Android apps? And how does it work?
    You could use wireshark, setup a MITM proxy with ability to decrypt SSL and find a way to get rid of those ads/tracking stuff. Then create xposed module for that. In other topic you ranted about issues with finding a decent job due to lack of diplomas. Publication of such research might be some help. They don't replace titles but if someone knows what is happening in our industry, he might recognize you some day.
  • 2
    @jckimble haven't I suggested keeping 'privacy tools' at 'reasonable' level?
    I believe that government thinks that if you try to hide something, than you must have something to hide. Therefore being oversecure can do more harm than good.

    God, i'll have to go thru this topic figuring out how it changed from me pointing that is better to be 'in the middle' and being aware of this, down to pointing at everyone 'no sec is safe, we are all gonna die'.

    Its 1:22 where I live, it's time to go to sleep. And my English is getting shittier which means I'm getting tired!
    Thank you @QueenMorgana, thank you guys, and very sorry for everyone who i made angry. Good night!
  • 2
    @mt3o not a problem. This is a wonderful place and I want you to be able to enjoy it. I just keep in mind that everything is harsher in text, and I'm less likely to use words that are harsh to begin with. If English isn't your first language, it's even harder to do but not impossible. Sleep well!!!
  • 3
    @mt3o Thanks for becoming resonable! And @QueenMorgana spot on :).
  • 3
    @mt3o I just double checked to make sure I wasn't making an ass out of myself but no you didn't suggest keeping privacy tools as a reasonable level, everything I read was writen like an attack on everything @linuxxx was saying. If all your comments were constructive I believe the 3 of us could have had a really fun converstation just like me and @linuxxx have just about every day. As for the government problem, this is why you leave breadcrumbs keeping them from snooping deep enough into your personal information. but goodnight man, maybe we all can have a good discussion on the fine line of being private and suspect
  • 1
    It's funny how many people tend to recommend duckduckgo, but if you go to the history of it:

    https://en.wikipedia.org/wiki/...

    and look at the history of Gabriel Weinberg and follow it to the very first mention:

    https://en.wikipedia.org/wiki/...

    after what the whole database got sold to a third party ("Gabriel Weinberg bootstrapped NamesDatabase, an online directory which he sold for $10 million."), very trustworthy and much more better than google ofcourse!

    I have to sadly agree with @mt3o in a lot of points, most paranoia that is spread is nonsense, ie. it makes it harder to instantly "read your email" - but somebody will get your mail unencrypted, so what does it matter if they can just get it one step away, you're losing comfort for your own sick fetish to hide it all.
  • 1
    @JoshBent Seeing privacy as a sick fetish, sorry but nope.
    You know, privacy is slowly eradicating but I think it's very important to retain online privacy. I'd gladly get some inconvenience just to make some stuff harder for others to track/get their hands on. And I actually see it as a challenge sometimes.
    No, privacy is definitely not something to take lightly imo.
  • 1
    @linuxxx I'm not saying one should blow his data out, but most of the tips are only making it a lot harder for yourself, rather than the ones you are "trying" to hide from. And the ddg example was perfect, since it gets thrown around so much, but the founder was known to completely destroy privacy.
  • 1
    @linuxxx I have a similar approach, but I have a Linux box as my router running its own dns server (mostly forwarded to my isp dns) with google and Facebook sent to localhost.
  • 1
    @JoshBent But people can change. I was like one of those motherfuckers once as well. Didn't care about privacy, used shit tons of social media and so on.
    I'm a changed man now :P
  • 1
    @JoshBent For my own sake I might not respond to you today. (slept about three hours and pretty much feeling like crap so yah I might get very snappy)
  • 1
    @linuxxx @JoshBent to this rant MOTHERFUCKER
  • 1
    @Divisionbyzero and also phrase "ohhhhhh those matherfucking matherfuckers"
  • 2
    @linuxxx what firewall would you reccomend to set up?

    Oh and while we're talking about it, is there a way to tell an Android Smartphone and a Windows Laptop to automatically connect to VPN as soon as they have internet access?

    I'd like to have my phone redirecting all the traffic through my home router and the same with my GF windows laptop, just to give me peace of mind when using a public hot spot.
  • 1
    @Wack On what system? (android/windows/linux etc)

    And I think that would depend on the OS but I thought this was possible on a rooted android device at least :).
    But yeah sounds good :D
  • 0
    @linuxxx

    How do I see the host file?
  • 1
    @Gowtham95india You don't see it? 😐. Let me look into that soon!
  • 0
    @linuxxx
    I'm new to gitlab. Am I doing something wrong?
  • 1
    @Gowtham95india Nahh I think it's something on my side. Will look at it soon!
  • 0
  • 1
    can confirm, i also don't see any file ;)
  • 1
    @Gowtham95india @Hammster 😡😭
  • 2
    @linuxxx @Hammster @Gowtham95india Gonna bump into the shower quickly and see if I've got time left after that before going to work πŸ˜ƒ
  • 0
    @linuxxx on mobile its hard to find the source code. Maybe for the sake of easiness, you could link the hosts file inside the description?
  • 2
    @mt3o Hmm I'll take a look! Glad we're all friendlies here now πŸ˜ƒ
  • 2
    @mt3o I'll try it tonight, gotta get ready for work!
  • 1
    @linuxxx can you share the IPs you've blocked? doing similar, but they seem to change a lot

    edit: just saw this was already requested
  • 2
    @kb88 Let me get back at you after work!
  • 1
    @kb88 I don't block ip's to be honest, only domains :).
  • 1
    @sylflo True. A fun fact is though that the app code shows exactly what is done (including the crypto). As this code shows that the crypto is done right, the messaging is done right and everything else (it's been audited), in this case the conclusion is that even if they'd insert a backdoor server side, they can't get a hold of the messages' contents. This is because several open source crypto solutions are used client side which means that you don't need to trust the server (their PKI is strong as Double Ratchet (signals crypto protocol) is considered one of the most secure in the world, they use PFS and you can even verify users through QR codes.). The point is that even if signals servers get compromised, due to the user of robust crypto protocols, the server still has no clue what users are saying. Also the app strips out nearly all metadata before sending a message so it's hard as fuck to track.

    OpenWhisperSystems (non profit organization behind signal) was issued an information request with gag order (don't tell anyone about this for a year or you're fucked) but after a year, the amount of information OWS could give to the FBI was revealed.
    The only two things permanently stored are: the registration date and the last active date. Both an EPOCH cut down to the day.

    Call me crazy but that's pretty fucking privacy friendly if you ask me!
  • 2
    @Jilano @RYPTAR @dontPanic and everyone else, try the gitlab link again! Settings thingy it was :).
  • 0
    Works for me
  • 0
    Do you have such insight into Telegram?
    @linuxxx
  • 0
    @mt3o I currently use https://threema.ch/en (@linuxxx ever heard about it, if so, what do you think about it? They are not open source, so tvat's a minus, but otherwise they seam pretty ok)
  • 1
    @Wack my biggest obstacle in switching one app to another: how many people around me use your app? :-D
  • 1
    @mt3o true. I still use whatsapp to talk to most people, teöegram for university, as our "class-chat" is on there, but for all I was able to convince (2 so far...) threema.
  • 3
    @Wack Although I think the app does respect privacy, as Snowden said (I don't follow him blindly, I think he knows a lot about this though), don't ever trust closed source crypto in an age of mass surveillance. Therefore (as I agree with that statement) I don't trust threema. If they''d be forced to introduce crypto backdoors without being allowed to tell anyone about it, they very easily could because their crypto is not reviewable.

    An example is (I don't remember exactly and I am tired as fuck but do a little research and you'll find I was right) a thing that happened a while ago (read years). The NSA pushed (before the snowden leaks it was considered an agency with deep/good knowledge on quite some crypto stuff) for the use of a closed source random number generator/crypto library. Scientists where kinda weirded out because it was slow as fuck and still recommended but they took it for granted.
    A while later, crypto specialists discovered a variable in the protocol. They examined it and said that if anyone would know the value, they could crack anything encrypted throught the RSA crypto protocol. (oh I forgot to mention, it was integrated within RSA due to NSA's push). RSA quickly quit the protocol afterwards.

    Not saying it's the same with Threema but whenever a 'secure/encrypted' chat app uses closed source crypto, my alarm bells, crypto researchers' alarm bels and cyber security people's alarm bells go off like nothing ever.

    You asked for my opinion so hereby :). I personally use Signal because it's open source and the crypto has been verified over and over again!
  • 1
    @mt3o As for me using Signal, I got around 20-30 people using it by now :).
  • 2
    @mt3o Telegram. I can't say much good about that app/service:
    - They use a 'custom' crypto algorhythm. The first rule in the crypto world is to never use your own crypto algo's. It's been audited and found to contain numerous flaws.
    - They save shitloads of metadata. (from/to/what-time/ip/ and so fucking on).
    - Instead of fighting court orders (don't have good sources on this one too badly) they happily deliver the requested information.
    - 'Encrypted' messages are kept in plain text on devices' storage and in the ram. Apps like Signal keep it encrypted everywhere.

    I quit that app due to fucking privacy concerns :)
  • 3
    @QueenMorgana @Wack @RYPTAR And everyone else who'd like this (@Jilano maybe?):
    Instead of a gitlab thingy I just created a subdomain for this privacy related stuff.

    If you would find any vulnerabilites in my server or whatsoever I hope you won't exploit them but be honest and simply report them, I'd appreciate that very much!

    Here's the domain (yes, a geekish domain): https://privacy.initd.nl

    It's a very quick start right now and only contains an about section in plain html but I don't have much time so this was just a quick thing I came up with :)
  • 1
    @linuxxx From a US company owner you can't really fight information request. Even if you do it just stalls it and if you remove some of the data they want, you will be sent to jail if not being labeled as a terrorist. And once you're labeled as a terrorist all rights a person takes for granted are striped. Now as a guy that knows Security the less data a server stores and has access to the better. The US can't do anything about open source clients that use no knowledge systems
  • 1
    @jckimble I fully fucking agree.
  • 3
    @QueenMorgana @Wack I'll update the webpage step by step with easy to follow guides and so on. And don't worry, I love to educate people about privacy stuff :).
  • 3
    @linuxxx ❀❀ you're wonderful. Thank you!!!
  • 1
    @linuxxx ah ok, thanks for the reply ☺️ I've had an app once which showed outgoing connections, I created a hosts file to block the ones I've considered rougeπŸ˜‰
  • 1
    @linuxxx Thank you! Really awesome!
    (Ty for the mention too)
  • 0
    @linuxxx why did you forget me :c ? I love everything related to security and privacy.
  • 0
    @niederschlag Sorry :(. My memory sucks as hell so yeah I often forget stuffs. On the other hand, are you into linux as well or nahhhh?
  • 1
    @linuxxx @Wack the algo with NSA backdoor was DES.
  • 0
    @mt3o No I mean a different one, it was an RNG algo, not crypto but that algo was heavily used by RSA
  • 1
    @mt3o @Wack I meant Dual_EC_DRBG. That's the name.
  • 1
    @linuxxx Yeah I'm definitely into Linux, but can't really make a complete switch to Linux only, because of some games and nvidia drivers... The last time I was running only Linux was when Ubuntu 10 was brand new. Since I'll get myself a Laptop for University, I'm happy that I'll have a machine for dedicated Linux usage again. Probably gonna use plain Arch.
  • 0
    @niederschlag We've got a group chat (end to end encryptes) going on about everything in relation to linux/foss/privacy/security. If you'd like to join you'd be most welcome!
  • 0
    @linuxxx is it like open for the public? I'd love to get in if possible (haven't done much in security so far but it's an interesting topic in my opinion and I'm considering going in direction of security through academia (still in freshman year, but about 10years expirience as (web) developer))
  • 0
    @Wack Although I've gotta warn ya as we're not keen on windows/mac users (although niederschlag is a different case), closed source shit and take privacy/security very serious (and the occasional windows/mac etc hate xD), if you're comfy with all of that then you're welcome if you ask me!

    Not public, invite based :)
  • 1
    @linuxxx since my main laptop is Linux (well, I have to admit it's Ubuntu since I've switched to Linux, as I somehow crashed GRUB and kind of can't install any other Linux distro, kind of..) that shouldn't be a problem. I have worked with Windows and Mac during my live and have encountered enough problems to share your hate on them, that's fine with me (:
  • 1
    @Wack You're fine with me man! Just register at riot.im and comment me your username!
  • 1
  • 0
    @linuxxx would love to join the group chat. My name is the same as in here.
  • 0
    @niederschlag Adding as we speak! (was asleep xD)
  • 0
    @404response Try gogs.io made especially for RPi
Add Comment