Powered Descent posted:As for syncing, Mozilla claims Firefox Sync is designed in such a way that their servers never see the un-encrypted data and the password never goes beyond your own device(s): https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. If you're conducting international espionage or something, you probably wouldn't want to trust this tool implicitly. But for an ordinary Internet user trying to cultivate a healthy general-purpose paranoia, it's probably fine. I assume they're still working on rewriting the syncserver in rust too, because it uses a version of Python that's now EOL. For what it's worth, this (along with the account server which is also being rewritten in rust), is what Mozilla uses to host their services.
|
|
# ¿ Feb 20, 2021 19:12 |
|
|
# ¿ Apr 26, 2024 06:02 |
Insanite posted:I think that you're going to find "you're probably safest hosting your own <thing>" is going to be the solution to a lot of problems in this area--assuming you develop a healthy paranoia, anyway.
|
|
# ¿ Feb 21, 2021 22:23 |
I highly encourage everyone to read the study that underpins the wired article, it's fascinating reading. Plus, the URI is very old-school cool.
|
|
# ¿ May 15, 2022 13:59 |
According to the specifications and various implementations, getting an NXDOMAIN on a query means that query won't be attempted again (until a timeout has passed, at any rate). This has pretty profound implications when doing blocklists, and is what makes it advantageous to use unbound/nsd/bind instead of simply modifying a hosts file to resolve addresses to 0.0.0.0. Another advantage of unbound/nsd/bind is that if you're tunneling your traffic from your mobile device to your home network, it also gets to avoid all of the ads without paying for it. I'm pretty sure this isn't exclusive to FreeBSD, if you avoid following the FreeBSD-exclusive steps.
|
|
# ¿ Jun 17, 2022 10:48 |
Powered Descent posted:That's not entirely true. A year ago it came out that they had handed over user IP addresses to the cops. Here's my writeup (and my hot take) when it happened, from the Infosec thread: There's precious few places where that isn't the case; Seychelles used to have no laws on this kind of thing but implemented them when they found out they were harbouring all manner of criminals in datacenters, and it's probable that any existing country without similar laws will be under significant pressure from their trade partners to implement them. In any country where such laws exist, the service providers need to keep logs to protect their own asses, as if they don't they'll be on the hook for whatever criminality their servers are being used to commit - which is ultimately why any privacy provider promising to not keep logs is probably not telling the truth or not all of it.
|
|
# ¿ Sep 2, 2022 21:31 |