Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
cage-free egghead
Mar 8, 2004

Ready to eat me, sir!


Our privacy is quickly becoming less and less our control and it's time more people start taking their privacy, if not more seriously, at least become more aware just what sort of information is at risk. This thread should serve as a good place to discuss these topics and help people understand more of what's at stake. Much of this OP is going to be grabbed from other sources on the internet as I don't have the writing skills that others possess and they put it into better words than I could. And most of this will pertain to people in the US, but there definitely are aspects that can be adopted to worldwide.


Why Care About Privacy

quote:

- Privacy is a human right according to Article 12 of the United Nation's Universal Declaration of Human Rights.

- The US Government (and others) have been proven to spy on their own citizens, even peaceful, positive movements.

- The US Government has been known to leak personal information of citizens who express dissenting opinions, effectively discouraging people from exercising their freedom of speech.

- According to the Bureau of Justice: "During a 12-month period an estimated 14 in every 1,000 persons age 18 or older were victims of stalking" and "Approximately 1 in 4 stalking victims reported some form of cyberstalking such as e-mail (83%) or instant messaging (35%)."

- Statistics show that lack of privacy leads to a population who is afraid to ask questions or educate themselves, even if the issues are important and the motives are pure. People are afraid to stand out lest they be mistaken for troublemakers, even if the cause is just.

- When you collect enough metadata, you can start to infer things that the person didn't necessarily want to reveal.

- On a large enough scale, the profiles compiled on individuals by mass surveillance can reveal unethical and personal information, such as how to successfully deceive people into doing things they wouldn't normally do. In 2016, Cambridge Analytica was accused of convincing entire countries to vote in ways they wouldn't normally vote, compromising democracy and literally changing the course of the future permanently

- In the United States, the fourth amendent of the Bill of Rights guarantees protection against search and seizure without a warrant based on probable cause. Mass surveillance collects information indiscriminately where US citizens have a right to expectation of privacy, thereby violating the constitutional rights of every American citizen. Additionally, the program has been proven to be expensive and yields almost nothing in return.

- The United States Government's surveillance program is about control, not stopping crime. This is most obviously demonstrated when the Federal Bureau of Investigation dropped charges against members of a group of pedophiles in 2017 because continuing the case would've required them to reveal the vulnerability they used to track the pedophiles, which would have inevitably led to the exploit being fixed eventually.

- Multiple industries are now keeping "surveillance scores" on people, which can be used to determine employability, overall consumer trustworthiness, insurance rates, and even whether you're a good person to rent to.

- Tech companies have been known to sell your data to law enforcement agencies. In 2011, GPS data was sold to local police so they could issue traffic tickets.

- Financial institutions have been known to penalize you financially because they don't like your shopping habits. For example, AMEX lowered a person's credit limit because they shopped at "deadbeat" establishments like Walmart.

- A Los Angeles man was killed after accidentally posting his address to Facebook and Instagram. He had taken pictures of some goods he ordered online and the address was visible in the packaging.

- The US military (and probably others) purchases location data from popular apps that track weather, exercise, and even Muslim prayer to help target drone strikes.


Why do I care about privacy if I don't have anything to hide?

If you wear clothes, use passwords, close doors, use envelopes, or sometimes speak softly, then you do have something to hide; you're just having trouble understanding that you already do care about privacy. This link has a good amount of resources on why even if you have nothing to hide, you should still care about maintaining privacy.


So where can I start?

While this is a big ol' can of worms, your biggest benefit is probably by deleting social media. Next, use encryption where ever possible. Most web traffic is already encrypted, but you can also switch from something like SMS to a secure protocol like what Signal uses. Avoid using apps that ask for a bevy of device permissions and switch to FOSS alternatives. Sites like Privacytools.io, PRISM Break, or Switching.software to find ethical alternatives.

You should also consider using Tor when just browsing sites you don't log into it. Tor is a fascinating project that aims to make everyone appear to data-miners as the same thing, effectively obfuscating the data that gets shared. Otherwise consider subscribing to a VPN provider to keep your ISP from knowing what you're doing online. THESE ARE NOT FOOLPROOF and it should be noted that they have their weaknesses, but that mostly stems from users misunderstanding their use cases.

Lastly, stay curious and cognizant. Things are always changing and many of the resources you'll find may be outdated in some ways, but if you're at least conscious about what you're doing that will put you ahead of everyone else who seemingly couldn't care less of the current state of things.


Great links and resources

The New Oil - a good primer on understanding your privacy and ways to help mitigate snooping.

The Privacy Subreddit - I know, reddit. But it still has a lot of traffic and some great people inside to help better understand all of this. It's a rabbit hole.

Privacy Tools - Good alternatives to common sites, services, apps, etc.

The Hitchhiker’s Guide to Online AnonymityVery DEEP level of retaking your anonymity, for serious tin-hatters.

Intel Techniques - Site run by Michael Bazzell, ex-government FBI CTF agent, that dives deep into the world of OSINT



For me, I've taken the last few months to seriously evaluate all of the usage my phone and laptops get. I don't want to be tracked or mined for someone else's profits and I don't think anyone else should either. I wish I had become more aware years ago but what better time to start than now?

I'll likely modify this OP as time goes on but this should serve as a good welcome for goons who are looking to get into this.

Adbot
ADBOT LOVES YOU

Volmarias
Dec 31, 2002


At the risk of doom posting, given things like Gorgon Stare being used stateside (and the version in the video in that article is the older version, the new stuff has 4x the resolution!), we no longer have physical privacy outside, and may even start to lose privacy inside.

Using Tor and stuff is definitely good, but at this point, I'm about ready to just give up.

cage-free egghead
Mar 8, 2004

Ready to eat me, sir!


Volmarias posted:

At the risk of doom posting, given things like Gorgon Stare being used stateside (and the version in the video in that article is the older version, the new stuff has 4x the resolution!), we no longer have physical privacy outside, and may even start to lose privacy inside.

Using Tor and stuff is definitely good, but at this point, I'm about ready to just give up.

Yeah, we are absolutely hosed and it's becoming more evident by the day. Things like Gorgon Stare while seeming like a good thing at first, are absolutely terrifying once you think about it a bit more and what it could be capable of.

I feel like a lot of people kind of shrug and say there isn't much they can do, but they are just afraid of leaving behind conveniences. Our daily technology has some awesome and powerful toolsets, but are absolutely luxuries that we don't need. One complaint I see a lot of is people who use their personal devices for professional work, which is not great. MDM software is very powerful and can track just about anything you do on a device. People need to start demanding work devices and refuse BYOD decisions.

With Android, you can go even further with degoogling your phone with things like Lineage, CalyxOS, or GrapheneOS. iOS is a bit better out of the box in terms of privacy options, but still requires some tooling around to get it working. Even steps like disabling tracking, revoking permissions, or using adblockers is at least a step in the right direction.

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.



I've been thinking of making a thread like this for a long time now, thanks for actually doing it!


Here's my usual list of the best, easiest steps an average Internet user can take to improve their privacy. Starting with the easiest:

1. Install an ad blocker. uBlock Origin (Chrome, Firefox) is the usual choice -- just install it and leave everything at the defaults. You'll see a lot less ads, but more importantly, it'll stop a lot of ad tracking.

2. Install a cookie clearing extension. Once you've closed the last tab of a website, all the browser cookies it set will be cleared out. I suggest Cookie AutoDelete (Chrome, Firefox). This one requires a tiny bit of management, since there are probably sites where you want to stay logged in even when you don't have it open in any tabs. Fortunately, it's really easy to whitelist any site you like; just click the extension's icon and there'll be a big button to do exactly that.

3. Step up your password game. Stop using your dog's name as a password and start using long random strings kept in (and generated by) a password manager. KeePassXC is a good one. Using it is a lot easier than it may look at first.

4. Consider spending a few bucks a month on a decent VPN service. It's certainly not a magic bullet for privacy, but it can be a big help. It'll keep your ISP from seeing every site you go to, and keep every site you go to from seeing exactly where you're coming from. (And if you're torrenting movies or doing any kind of piracy, then a VPN is a must and you should've had one a long time ago.) My top recommendation is Mullvad, runner-up is ProtonVPN.


For your smartphone, get rid of everything Facebook-owned if at all possible, and try to get your social circle to switch over to using Signal for texts calls. Signal is an app that can do text messaging and voice/video calls to other Signal users. It uses extremely paranoid encryption and security, but you'd never know it from the really straightforward interface. (Having it installed doesn't stop you from using normal SMS and phone calls anytime you want, of course.) Grab a friend, install it and try it out.

Goon Boots
Feb 2, 2020





Another suggestion for more advanced users is to use a script blocking extension.

These can often block trackers and ads from even being loaded in the first place on a site. The downside to them is that many sites require scripts to work properly, so you have to spend time configuring the blocker to allow what you want for a website to work while blocking the things you don't want. Examples of script blockers would be NoScript (Firefox, Chrome) or uMatrix, although I have heard uMatrix is no longer active development, so I"m not sure what the alternatives are out there.

A more extreme step would be to buy or build a Pi-hole. This is sort of like what a script blocker would do, but it blocks ad or tracker requests for your entire network rather than just on a browser. Again, you run into the same problem of having to set up the filters correctly, but this is more useful if you have multiple people using devices on the network.

Jiro
Jan 12, 2004



Even though it can be a giant pain to use, learning how to use NoScript on Firefox has been a really good experience for me on web browsing. Works on desktop versions and on Android phone browsers. Letting you see just how much poo poo is layered on to the websites you frequently browse is kind of jarring, but finding out which ones to allow to let you see a site practically ad free can be a rewarding experience in an of itself. It's free, and they accept donations.

Check your browser settings especially the privacy settings on what you want or do not want to allow, I know it's a given but a lot of times we can sometimes forget especially when reinstalling things.

cage-free egghead
Mar 8, 2004

Ready to eat me, sir!


If anyone wants to get their feet wet, I'm selling a Pixel 3a XL that has GrapheneOS flashed to it in SA-Mart.

Head Bee Guy
Jun 12, 2011

Retarded for Busting

Grimey Drawer

If you’re serious about this, definitely worth looking into Yasha Levine’s work.

“Why would the U.S. government fund a tool that limited its own power? The answer, as I discovered, was that Tor didn't threaten American power. It enhanced it.

The FOIA documents showed collaboration between the federal government, the Tor Project and key members of the privacy and Internet Freedom movement on a level that was hard to believe:

The documents showed Tor employees taking orders from their handlers in the federal government, including hatching plans to deploy their anonymity tool in countries that the U.S. was working to destabilize: China, Iran, Vietnam, Russia. They showed discussions about the need to influence news coverage and to control bad press. They featured monthly updates that described meetings and trainings with the CIA, NSA, FBI, DOJ and State Department. They also revealed plans to funnel government funds to run "independent" Tor nodes. Most shockingly, the FOIA documents put under question Tor's pledge that it would never put in any backdoors into their software. (See below.)”

https://surveillancevalley.com/blog/fact-checking-the-tor-projects-government-ties

Nitrousoxide
May 30, 2011

do not buy a oneplus phone





Is there a particular browser you'd recommend? Cross-platform syncing of bookmarks, tabs, is still pretty important, but obviously if you're giving all that stuff to google or whoever they can build a social graph of you pretty effectively.

Is there another browser that can do that without you having to trust the sync server holder to not misuse your data?

cage-free egghead
Mar 8, 2004

Ready to eat me, sir!


Nitrousoxide posted:

Is there a particular browser you'd recommend? Cross-platform syncing of bookmarks, tabs, is still pretty important, but obviously if you're giving all that stuff to google or whoever they can build a social graph of you pretty effectively.

Is there another browser that can do that without you having to trust the sync server holder to not misuse your data?

I usually recommend either Firefox or Chromium. There is also this extension that allows cross-platform syncing: https://www.xbrowsersync.org/

qsvui
Aug 23, 2003
some crazy thing

What Google alternatives to Voice and Maps do people use?

xtal
Jan 9, 2011
Hi, I'm an obnoxious prick. If you see me posting outside of CSPAM, please tell me to go back where I belong.


qsvui posted:

What Google alternatives to Voice and Maps do people use?

OpenStreetMap is competitive with Google Maps. Google Voice was never available in my area so I dunno what if replace it with if I ever had it.

cage-free egghead
Mar 8, 2004

Ready to eat me, sir!


I've been looking for something even remotely close to GVoice for a few months now and there simply is nothing that comes close to it without some compromise. MySudo, Twilio or Voip.ms are probably the best alternatives but they all cost money for any sort of regular usage.

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.



Nitrousoxide posted:

Is there a particular browser you'd recommend? Cross-platform syncing of bookmarks, tabs, is still pretty important, but obviously if you're giving all that stuff to google or whoever they can build a social graph of you pretty effectively.

Is there another browser that can do that without you having to trust the sync server holder to not misuse your data?

Plain old Firefox is still very good, especially if you give it a few privacy-enhancing add-ons and about :config tweaks -- see privacytools.io's in-depth page of browser recommendations for more detail on those.

As for syncing, Mozilla claims Firefox Sync is designed in such a way that their servers never see the un-encrypted data and the password never goes beyond your own device(s): https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. If you're conducting international espionage or something, you probably wouldn't want to trust this tool implicitly. But for an ordinary Internet user trying to cultivate a healthy general-purpose paranoia, it's probably fine.

Nitrousoxide
May 30, 2011

do not buy a oneplus phone





qsvui posted:

What Google alternatives to Voice and Maps do people use?

Nextcloud is a self-hosted personal cloud that is trying to be a replacement to the Google cloud environment. It's licensed under the AGPL so is open source. You can add stuff to it like openstreetmap support and also use it as a webmail client and google drive replacement.

In terms of a google voice replacement, honestly the way Apple allows you to receive and send calls/texts across all of their Apple devices is a compelling option, though it obviously requires you to buy into the Apple ecosystem. Apple is certainly better with your privacy than Google, but it may not be enough for someone who wants to use Tor everywhere or something.

Powered Descent posted:

Plain old Firefox is still very good, especially if you give it a few privacy-enhancing add-ons and about :config tweaks -- see privacytools.io's in-depth page of browser recommendations for more detail on those.

As for syncing, Mozilla claims Firefox Sync is designed in such a way that their servers never see the un-encrypted data and the password never goes beyond your own device(s): https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. If you're conducting international espionage or something, you probably wouldn't want to trust this tool implicitly. But for an ordinary Internet user trying to cultivate a healthy general-purpose paranoia, it's probably fine.

Thanks, I had lost access to my old syncing because I had 2-factor on Firefox and lost the 2nd factor. I recently signed up for a protonmail account so I guess I can just sign up again with that.

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Powered Descent posted:

As for syncing, Mozilla claims Firefox Sync is designed in such a way that their servers never see the un-encrypted data and the password never goes beyond your own device(s): https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. If you're conducting international espionage or something, you probably wouldn't want to trust this tool implicitly. But for an ordinary Internet user trying to cultivate a healthy general-purpose paranoia, it's probably fine.
If you're worried about syncing, there's the option of running your own syncserver, which can use either the old token and storage servers, or new ones written in rust.
I assume they're still working on rewriting the syncserver in rust too, because it uses a version of Python that's now EOL.

For what it's worth, this (along with the account server which is also being rewritten in rust), is what Mozilla uses to host their services.

Insanite
Aug 30, 2005


College Slice

Cool thread!

BlankSystemDaemon posted:

If you're worried about syncing, there's the option of running your own syncserver, which can use either the old token and storage servers, or new ones written in rust.
I assume they're still working on rewriting the syncserver in rust too, because it uses a version of Python that's now EOL.

For what it's worth, this (along with the account server which is also being rewritten in rust), is what Mozilla uses to host their services.

I think that you're going to find "you're probably safest hosting your own <thing>" is going to be the solution to a lot of problems in this area--assuming you develop a healthy paranoia, anyway.

Adbot
ADBOT LOVES YOU

BlankSystemDaemon
Mar 13, 2009

System Access Node Not Found



Insanite posted:

I think that you're going to find "you're probably safest hosting your own <thing>" is going to be the solution to a lot of problems in this area--assuming you develop a healthy paranoia, anyway.
That's almost invariably true, but the main issue is that for a lot of these things, it's setup and configuration hasn't really been run past anyone but the people who set it up first time around, so it usually involves a lot of arcane wizardry that comes about when someone designs something by themselves, or in some cases, when there's one main person in charge of the design, and it's ultimately up to their approval if things get in.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply