nitrohorse Ⓐ @andreas@nitro.horse
- 📍
- Occupied Duwamish territory
Admin
anarchist, privacy advocate, & software developer • he/they • Black Lives Matter • ACAB • #nobot
Joined Aug 2018
Very cool -- https://teddit.net is a new privacy-friendly Reddit frontend, similar to Invidious / YouTube, Bibliogram / Instagram, and Nitter / Twitter.
Source code: https://codeberg.org/teddit/teddit
- No JavaScript or ads
- All requests go through the backend, client never talks to Reddit
- Prevents Reddit from tracking your IP or JavaScript fingerprint
- Lightweight (teddit frontpage: ~30 HTTP requests with ~270 KB of data downloaded vs. Reddit frontpage: ~190 requests with ~24 MB)
New security audit of Threema by Cure53.
“...despite dedicating sixteen days to the security-centered investigations and reaching the expected coverage, three members of the Cure53 team could only spot seven minor weaknesses on the scope. The absence of vulnerabilities and the generally low severity scores contribute to the positive verdict reached about the security standing of the Threema mobile applications during this October 2020 assessment.”
Whoa, this will be convenient!
"We plan to add support for using a GrapheneOS release of microG this way. In the longer term, we also plan to offer a more minimal compatibility layer implemented by pretending that Google services are offline. Both will be options you can choose to install in a specific profile."
https://nitter.snopyta.org/GrapheneOS/status/1331409642426142721
Just discovered RSS-Bridge; really helpful, open-source project.
https://github.com/RSS-Bridge/rss-bridge
For instance Mozilla doesn't provide a feed for their security advisories page (https://www.mozilla.org/en-US/security/advisories/) but rss-bridge does (https://github.com/RSS-Bridge/rss-bridge/blob/master/bridges/MozillaSecurityBridge.php) 👍🏼
@amolith and @snopyta both run public instances too.
- NixNet: https://rss.nixnet.services
- Snopyta: https://rss-bridge.snopyta.org/
"When you click on a sponsored tile, Firefox sends anonymized technical data to our partner (https://www.admarketplace.com) through a Mozilla-owned proxy service (https://github.com/mozilla-services/topsites-proxy). This data does not include any personally identifying information and is only shared when you click on a Sponsored Top Site."
There's a new "experimental feature" being tested in Firefox 83: sponsored sites in the URL bar.
"Mozilla works with advertising partners to place sponsored tiles on the Firefox home page (or New Tab) that would be useful to Firefox users. Mozilla is paid when users click on sponsored tiles."
https://support.mozilla.org/en-US/kb/sponsor-privacy
You can disable this by setting `browser.newtabpage.activity-stream.showSponsoredTopSites` to `false`.
Found via https://old.reddit.com/r/firefox/comments/jybx2w/uh_why_is_firefox_showing_me_sponsored_links_in/
Looks like Ghostery will be launching a desktop browser based on Firefox and search engine powered by Bing early next year.
https://www.wired.com/story/ghostery-browser-search-ad-free/
Neat, Blokada now has a public DNS over HTTPS resolver.
https://dns.blokada.org/dns-query
https://community.blokada.org/t/the-benefits-of-blokada-dns/6646
Huh, does Signal rely on Cloudflare for any infrastructure like domain fronting or something? Just noticed in my DNS logs when opening the iOS app a connection was made to cdn2.signal.org.cdn.cloudflare.net 🤔
New IVPN update:
“Generating an account for our VPN service no longer requires an email address, and we dropped renewing subscriptions by default in favor of a pre-paid system.”
Source code for website: https://github.com/ivpn/ivpn.net/
https://www.ivpn.net/blog/new-open-source-ivpn-website-subscribe-without-email/
“Microsoft (owner of Hotmail, Yahoo!, Outlook, Live.com, Office360, etc.) is rejecting all emails originating from Disroot.org servers.”
Very cool, the Guardian Firewall team is working on a proof-of-concept for configuring a jailbroken AppleTV w/ a VPN profile.
https://guardianapp.com/blog/2020/11/appletv-showcasing-vpn-feature-via-jailbroken-tvos/
No surprise, Firefox appears to have Google set as the default geo provider for location services for some installations.
You can change this manually to use Mozilla's location services via `about:config`'s geo.provider.network.url by updating the URL string to:
https://location.services.mozilla.com/v1/geolocate?key=test
Or even a hard-coded longitude/latitude.
More here: https://old.reddit.com/r/privacytoolsIO/comments/jpgbdm/firefox_uses_google_geo_api_by_default/
TIL, you can proxy images through DuckDuckGo via
- https://external-content.duckduckgo.com/iu/?u=<url>
- https://proxy.duckduckgo.com/iu/?u=<url>
Like twice/week MySudo pushed these spammy notifications with no option to opt out without disabling notifications altogether. 😠
“According to records recently released by the Seattle Police Department (SPD), a detective working for SPD signed up for and used facial recognition app Clearview AI, which appears to be in violation of the City of Seattle’s Surveillance Ordinance.”
Neat! The Privacy Redirect web extension merged my addition for redirecting to the old or compact Reddit design 👍🏼
The Bridgefy app has been updated to use the Signal protocol for end-to-end encryption.
https://bridgefy.me/press-release-major-security-updates-at-bridgefy/
From SnowHaze VPN:
“You can recreate our server infrastructure and verify for yourself that the code running on our servers is the same that we published.”
Nice, Njalla now has a DNS over HTTPS resolver:
https://dns.njal.la/dns-query | 95.215.19.53
- 📍
- Occupied Duwamish territory
Admin
anarchist, privacy advocate, & software developer • he/they • Black Lives Matter • ACAB • #nobot
Joined Aug 2018
nitrohorse Ⓐ's choices:
