Show newer

Good to see: Mullvad had Cure53 audit the security of their infrastructure.

“The security awareness and overall security posture should be regarded as rather good, as expected Cure53 were not able to discover any Personally-Identifiable-Information attached to Mullvad's end-users.”

mullvad.net/en/blog/2021/1/20/

Interesting.. The search engine selection preconfigured in Ghostery's upcoming browser (based on Firefox) includes a new one called Tailcat, "The open, unbiased search engine." No privacy policy or about page yet that I can find - just that it's based in Munich, Barcelona 🤔

meow.tailcat.com

github.com/ghostery/user-agent

Splendid, looks like Ekoru (ekoru.org, a search engine similar to Ecosia) modified their privacy policy several times in Nov 2020 and now appears to log IP addresses at least...Thanks Wayback Machine!

ekoru.org/privacy/

Proton's blog posts [1] [2] don't state details on the filter lists being used, only that it's a "massive database of sites known to host malware, spyware, or any other malicious software."

But it looks like they mentioned on Reddit [3], "We have both public and proprietary lists that we maintain." 😕

[1] protonvpn.com/blog/netshield-a
[2] protonvpn.com/support/netshiel
[3] teddit.net/r/ProtonVPN/comment

Show thread

Interesting new search engine I learned about: Okeano.

okeano.com

"We spend 80% of our profit to purchase as many river interceptors we can and deploy them to polluting rivers around the world."

"...we don't know who you are and it's impossible to tie your searches to you."

okeano.com/privacy

"Currently we support domain blocklisting and !waves (similar to DDG bangs)." - news.ycombinator.com/item?id=2

Learned of another self-hostable, privacy-focused front end similar to Teddit called Libreddit.

libredd.it

Source code: github.com/spikecodes/libreddi

Differences as of now are:
- Libreddit mirrors Reddit’s redesign while Teddit mirrors the old.
- Libreddit is written in Rust while Teddit is in Node.js.

Show thread

Neat! Open-source iOS/iPadOS 14+ app for easily configuring an encrypted DNS profile.

github.com/kkk669/DNSecure

There’s also github.com/fyr77/dns-mobilecon for generating a custom, shareable profile and my own project, gitlab.com/nitrohorse/ios14-en, for some pre-made, shareable profiles.

Good to see! Standard Notes recently completed security audits for cryptography (Trail of Bits) and penetration testing (Cure53).

blog.standardnotes.org/standar

ProtonVPN on Testflight now has a “NetShield” feature. Free version can block malware, paid subscription supports ad and tracker blocking too. Interested to learn what filter lists it uses 🤔

testflight.apple.com/join/3yl2

This is helpful; a generator for creating an encrypted DNS configuration profile for you Apple device.

dns.notjakob.com

Source: github.com/fyr77/dns-mobilecon

Oh hello, if you have a and got the latest update, there’s now 2 places where Google Analytics is enabled by default where you need to opt out.

teddit.net/r/NintendoSwitch/co

Very cool -- teddit.net is a new privacy-friendly Reddit frontend, similar to Invidious / YouTube, Bibliogram / Instagram, and Nitter / Twitter.

Source code: codeberg.org/teddit/teddit

- No JavaScript or ads
- All requests go through the backend, client never talks to Reddit
- Prevents Reddit from tracking your IP or JavaScript fingerprint
- Lightweight (teddit frontpage: ~30 HTTP requests with ~270 KB of data downloaded vs. Reddit frontpage: ~190 requests with ~24 MB)

New security audit of Threema by Cure53.

“...despite dedicating sixteen days to the security-centered investigations and reaching the expected coverage, three members of the Cure53 team could only spot seven minor weaknesses on the scope. The absence of vulnerabilities and the generally low severity scores contribute to the positive verdict reached about the security standing of the Threema mobile applications during this October 2020 assessment.”

threema.ch/en/blog/posts/audit

Whoa, this will be convenient!

"We plan to add support for using a GrapheneOS release of microG this way. In the longer term, we also plan to offer a more minimal compatibility layer implemented by pretending that Google services are offline. Both will be options you can choose to install in a specific profile."

nitter.snopyta.org/GrapheneOS/

Just discovered RSS-Bridge; really helpful, open-source project.

github.com/RSS-Bridge/rss-brid

For instance Mozilla doesn't provide a feed for their security advisories page (mozilla.org/en-US/security/adv) but rss-bridge does (github.com/RSS-Bridge/rss-brid) 👍🏼

@amolith and @snopyta both run public instances too.

- NixNet: rss.nixnet.services
- Snopyta: rss-bridge.snopyta.org/

Show older
nitrohorse Ⓐ

Personal instance of nitrohorse (nitrohorse.com).