Just a fair warning to other people navigating the page, the links the article provides all contained referral links. Not that it matters too much, but it put a sour taste in my mouth that a privacy oriented post would contain these without prominently disclosing them
edit: looking again they do somewhat disclose they are there, but are insistent that they don’t have anything to do with affiliation, so not as bad but, I still don’t like that they are there.
Instantly, I don’t trust whoever this is. That’s a red flag. Matters a great deal to me, thanks for pointing it out so I don’t give the site a click.
I just wanted to let you know, I was wrong/just blind,
I reopened on my desktop to have it another read on an easier to use screen, and they have them listed under the list header, but it uses the term “affiliate” instead of referral, and claims they make no money on the links.
I don’t fully understand why referral links are necessary if they make no money off of it though, so I’m still on edge about the integrity of it.
Thanks for coming back around about it. Still, I agree with you and consider it a red flag, it is antithetical for a privacy person that claims to support FOSS.
I’m also trying to avoid as much American tech as possible.
- Vivaldi/qwant instead of Firefox/Google
- Proton instead of gmail
- Waiting for WERO impatiently until then virtual card from wise instead of PayPal
- Void Linux instead of windows/macOS
- Surfshark for VPN
Can’t change everything though. I have a company phone. I could get an extra private phone, but I’d still need to use the company phone for company related stuff. Same is true for the company laptop, but I do have my own computer.
It’s not perfect, but the important thing to me is trying as best as I can.
- Chromium forks are troublesome. I’d suggest Mullvad Browser or LibreWolf instead.
- Qwant is nice, but SearXNG aggregates qwant together with several other engines. Then there’s a new up-and-comer called Mwmbl.
- Proton is yet another ecosystem that pretends to be for privacy while actually doing the opposite. Instead, Tuta or Mailbox (only downside to mailbox is no free accounts).
- No comment on payment systems, I don’t trust any of them except maybe a local Credit Union.
- Practically any Linux, don’t limit suggestions to one distro when there are many with varied support and out-of-the-box options.
- Mullvad VPN + Mullvad Browser were made for each other, browser being co-developed with Tor Project, and is the highest rated in terms of defeating browser fingerprinting (even over Tor), and they have pioneered DAITA. I see many, many mixed thoughts on Surfshark. It is mainly a cheap and better alternative to Nord or Proton, but Mullvad is only $5/mo and you get so much more.
None of the above are USA-based apart from Mwmbl, but it is non-profit and wholly FOSS.
Test your browser fingerprints:
I listed the stuff I use and what I changed. There’s also a reason why I chose this specific Linux distro as I try to avoid as much as I can with the jurisdiction in the US, which means a lot of Linux distros are not an option anymore.
But that does not mean everyone needs to do the same. Do whatever you think is best.
jurisdiction in the US, which means a lot of Linux distros are not an option anymore.
Please elaborate and provide some receipts to what you mean.
I know your list is what you use, my list is more data for you to DYOR and find even better, privacy respecting alternatives than what you suggested. As you say, do whatever you think is best.
Just a couple of examples
Red Hat Developed by a U.S.-based company.
Fedora A community-driven project sponsored by Red Hat.
Debian Originally founded in the U.S., with some legal ties to US regulations.
Slackware developed by Patrick Volkerding in the US
Since these distributions are developed or registered in the United States, they are subject to US laws, regulations, and export restrictions.
When I have a look at what’s happening right now in the US I’m not sure what kind of laws will suddenly appear which might affect privacy and security of any kind of software from there. That’s why I decided to avoid them as much as possible.
I will certainly go through your suggestions and have a look if I should change stuff (apart from proton, I’m sure about changing this one).
Just because something is developed in the USA does not mean it will follow authoritarianism. These projects are open source, and many USA based open source projects are fighting back against this stuff. Besides, the internet is the internet, and these open source projects will live on beyond any USA law. This is the very point of the licensing. Having said that, I do agree with you on the RHEL/Fedora side of things.
I’m not sure about the Debian legal ties, I’ll have to look further into that since you didn’t give me anything to reference. Still, the key point here is open source, which means you can review the source code and security experts will, too. Signal is also a USA based company; France and Sweden are trying to force backdoors on them, yet Signal has vehemently said, “No. Fuck Off.” So, clearly it’s not just the USA doing shitty things.
I get that the current political situation in this shithole country is absolutely horrifying, but that does not immediately mean that the entire population of the country is with the fascists by default. Starlink being used for election purpose should be the number one red flag indicator that the citizens of the USA did not actually vote for what’s happening and it was manipulated. Because of the fascist playbook and money, it is difficult for the proletariat to do much without seriously violent actions.
I just don’t agree with your sentiment on this US jurisdiction idea when it comes to open source, non-profit projects. And to be clear, it’s OK that we might disagree. I’m just providing discourse with a healthy dose of skepticism.
Im trying to find a replacement for Proton, as the new CEO likes trump and seems pretty far right…
I am afraid that they will start enshitification soon
I’m also not that happy with proton. Maybe tuta could be a replacement.
Do y’all know how Fastmail measures up in regards to privacy?
I’m happy with the service, but I don’t know how it compares in this particular domain, compared to the likes of Proton, Tuta, et al.
Fastmail: Privacy & Security Overview
+Encrypted storage & transit (TLS 1.3, Perfect Forward Secrecy).
+No ads, no data selling – user-funded.
+2FA & Passkey support for added security.
-Based in Australia – subject to laws like the Assistance and Access Act (2018).
-No built-in end-to-end encryption (E2EE) – requires third-party PGP/S/MIME.
https://www.fastmail.com/features/security
https://www.fastmail.com/policies/privacy
Good for privacy, but jurisdiction risks & lack of E2EE make alternatives like tuta (or proton) a better choice.
It’s Trump-proofish
- I approve of Matrix and Nextcloud.
- Proton unfortunately is probably the easiest option for now. We need better self hosted / anonymous email servers, but spammers and scammers have probably ruined that for everybody forever and fuck them all to hell for that. Best option is to just abandon email for anything sensitive.
- All the alternative social media is better, but they can still absolutely feed the lot of it into an LLM and then ask the LLM to print out a list of “likely dissidents.” I would be shocked if this isn’t coming soon to a United States near you - then again, I’m one to talk posting this on Lemmy, using a username I’ve used for close to two decades, from an instance that runs on a server I rent from a corporate cloud host.
- OS should be Whonix, Tails or Qubes.
- Browser should be Tor Browser (or at least get a mention). PRACTICALLY, for most people, I would recommend Brave over LibreWolf (for reasons of stability, compatibility, more frequent security patches and the fact that the Mozilla project has been unfortunately going to shit lately). Yes the company sucks, but the browser consistently scores top marks on real world privacy and security tests.
- No mention of FDE or post quantum crypto. Quantum chips are coming effing fast, if they’re not already here. I have reason to believe both the US and China can currently make practical use of Shor’s algorithm, although only in a targeted and VERY expensive way… but Moore’s Law man, plus I can’t prove it and I can’t say more. Post quantum doesn’t seem to be on most people’s radar (most troublingly, the Tor project).
- Anything to do with phones is literally fucked, like “This is fine” dog level fucked. If you MUST be mobile (like basically everybody trying to do basically anything), you must accept you’re probably NOT really fascist proof, unless you go to some pretty extreme lengths and REALLY know what you’re doing.
As far as your average normie (or even above average competence tech saavy user) goes, this is close to as Trump proof as you’re likely to get right now without help and support. So great, but it has holes in it a fascist regime could drive a brigade of tanks through, and unless you EITHER have that help and support OR really know what you’re doing, you should be thinking about that REALLY hard, every day.
We collectively decided decades ago that centralized services are more convenient and better able to connect us to the people and content we want to be connected to (although we were very deliberately herded in that direction by oligarchs). Now we will pay the price.
tl:dr; The only infrastructure we can trust is our own. Not liking that, and not having the skills or resources to do anything practical about it (tragically, terrifyingly) doesn’t make it not true. Plus needing to stay connected to the people and resources we can ONLY access through third party services and infrastructure, continues to make us reliant on those services and infrastructure, unto our own ruin.
While [Trump-supporting] CEO Andy Yen’s recent public statements have raised my hackles more than a little, Proton remains structurally committed to privacy, encryption, and user control, ensuring its ecosystem stays independent of political shifts.
That’s a pretty weak definition of “Trump-proof”.
deleted by creator
That right there is going to kill any chance of me getting any of my friends to use it. Which is unfortunate and a side effect of not having a centralized server.
But when you’re trying to get someone to start using your app, trying to convince them to at least open the app once a day to make it so it’s able to be open in the background is a pretty hard ask of a lot of people
Proton?
