nitrohorse Ⓐ @andreas@nitro.horse
- 📍
- Occupied Duwamish territory
Admin
anarchist, privacy advocate, & software developer • he/they • ACAB • #nobot
Joined Aug 2018
It would be interesting to compare 3rd party trackers used on government websites across countries.
Went to check the air quality at https://www.airnow.gov/ and saw an attempted connection to https://www.googletagmanager.com. Looking at a few more, Google is able to track users across
- https://www.usa.gov/
- https://www.whitehouse.gov/
- https://www.fema.gov/
- https://www.usps.com/
- https://www.noaa.gov/
- https://www.archives.gov/
- https://www.ssa.gov/
- https://www.usgs.gov/
🤢
https://send.firefox.com is dead.
“Firefox Send was a promising tool for encrypted file sharing... Unfortunately, some abusive users were beginning to use Send to ship malware and conduct spear phishing attacks. This summer we took Firefox Send offline to address this challenge.
In the intervening period, as we weighed the cost of our overall portfolio and strategic focus, we made the decision not to relaunch the service.”
https://blog.mozilla.org/blog/2020/09/17/update-on-firefox-send-and-firefox-notes/
Good list of statements about why privacy matters.
Source code: https://github.com/milesmcc/whyprivacymatters
“Apple granted the FBI access to the iCloud account of a protester accused of setting police cars on fire in #Seattle this summer, according to court documents.”
https://www.businessinsider.com/apple-fbi-icloud-investigation-seattle-protester-arson-2020-9
TIL Cookie AutoDelete [1] silently breaks when Chromium is launched with the "--disable-reading-from-canvas" flag [2].
[1] https://github.com/Cookie-AutoDelete/Cookie-AutoDelete
[2] https://wiki.archlinux.org/index.php/Chromium#Canvas_Fingerprinting
Added a new column to my search engine comparison table for IP address sharing.
Noticed that some engines say they don't log your IP address but then go around and share it to retrieve search results or advertisements which isn't very clear to end users (calling you out, https://www.ekoru.org/privacy).
Whoa, this is great. "Privacy Redirect" is an open-source web extension that redirects YouTube->Invidious, Twitter->Nitter, and Instagram->Bibliogram.
> Camp [senior vice president of Firefox at Mozilla]: “We have this advantage of we don’t have to serve everyone,” he said. “Because we are a smaller, independent player, we can do things that serve the right set of users, without needing to feed a giant search monopoly.”
> “Monopoly’s the wrong word,” Camp said, correcting himself instantly, but also failing to find an alternative.
https://www.forbes.com/sites/barrycollins/2020/09/03/is-there-a-google-free-future-for-firefox/
Helpful tool for assessing the security and privacy impact of web extensions on the Chrome Web Store. Before installing a new extension get an idea of its permissions and external requests it can make.
Huh, Swisscows is working on a VPN and apparently now a "WhatsApp alternative."
https://nitter.snopyta.org/swisscows_ch/status/1298303563358244864
Still won't take them seriously due to their forced, over-filtering of search results, and endorsing the drivel of a psychotherapeutic
counselor in their marketing.
FYI from gorhill (maintainer of uBlock Origin) regarding DuckDuckGo's Privacy Essentials web extension (https://addons.mozilla.org/en-US/firefox/addon/duckduckgo-for-firefox/):
> Regarding 3rd-party exposure, I find that uBO protects you better... For instance, while DDG reports that ad.doubleclick\.net was blocked on CNBC, the network pane reports that not ALL requests to ad.doubleclick\.net were blocked, and as a result, ad.doubleclick\.net still gets to know which page you are visiting. - https://nitter.snopyta.org/gorhill/status/1273263804911140865
"Here's a little weekend project dedicated to digital security trainers. If you are doing phishing education, you can use this resource to mimic real phishing sites from a dataset of tens of thousands, updated daily."
https://phishing.securitywithoutborders.org/
From Security Without Borders: https://nitter.snopyta.org/botherder/status/1282443186363932672
WTF!
"If you have uBlock or similar, it appears medium logs all analytics pings into HTML5 LocalStorage and will keep retrying to send them (and apparently periodically change domains and subdomains to try and send them).
I had tens of thousands of entries in localStorage, wasting quite a bit of space, all of them at least 400-600 characters or more. Each time I scrolled it'd add a few dozen more in, to the point where devtools was freezing. Ridiculous."
“This manual explains how to protect yourself from hackers, in layman’s terms. Six professional hackers 👨💻 helped create this guide.”
Found an interesting ad block test page (https://rednoise.org/adntest/googleAdSenseCases.html). If you want to self-host it or view the code, you can find it here:
Oh neat, Blokada provides a hosts file parsed from DuckDuckGo's Tracker Radar data set which you can use with Pi-hole/uBlock Origin/AdGuard/etc.
More: https://community.blokada.org/t/introducing-duckduckgo-tracker-radar-to-blokada/469
> Mozilla and Google are expected to extend their current search deal for another three years, multiple sources have told ZDNet.
> The new search deal will ensure Google remains the default search engine provider inside the Firefox browser until 2023 at an estimated price tag of around $400 million to $450 million per year.
https://www.zdnet.com/article/sources-mozilla-expected-to-extend-its-google-search-deal/
Yael Grauer recently updated her excellent research piece, “The Best VPN Service.”
> Mullvad is our new pick because it’s inexpensive, fast, easy to use, and designed to work across devices. IVPN is our new runner-up.
https://www.nytimes.com/wirecutter/reviews/best-vpn-service/
ProtonVPN is keeping servers in Hong Kong for now.
“...we think that preemptively abandoning Hong Kong to its fate without even a symbolic resistance sends the wrong message to authoritarian governments around the world that would seek to deny people their fundamental rights.”
Some VPN providers are removing their Hong Kong servers due to China’s new national security law.
- TunnelBear: https://www.tunnelbear.com/blog/tunnelbear-removes-hong-kong-servers-to-safeguard-vpn-network-infrastructure/
- PIA: https://www.privateinternetaccess.com/blog/private-internet-access-shuts-down-vpn-servers-in-hong-kong-due-to-new-national-security-law/
- AirVPN: https://airvpn.org/forums/topic/46904-servers-withdrawal-announcement-hong-kong-hk/
- 📍
- Occupied Duwamish territory
Admin
anarchist, privacy advocate, & software developer • he/they • ACAB • #nobot
Joined Aug 2018
nitrohorse Ⓐ's choices:
