OpSec Lounge (Security, Privacy, etc.)

Valentine

Administrator
Orthodox Inquirer
Heritage
Heirloom
Share your tips, news, discussions and more about privacy and security here.

My first recommendation: PrivacyGuides is the best all-in-one resource today for beginner-intermediate, you should probably start your journey by implementing everything relevant there.
 
What do you guys think of Rob Braxman and his channel? He promotes using Linux and also sells his own line of degoogled phones and firewalls, etc. I know he gets some criticism but I've found his videos informative and I like his approach of bringing this information to the masses in an easy to understand format.
 
What do you guys think of Rob Braxman and his channel? He promotes using Linux and also sells his own line of degoogled phones and firewalls, etc. I know he gets some criticism but I've found his videos informative and I like his approach of bringing this information to the masses in an easy to understand format.

Not familiar with him, but other than I would like to dump phones entirely even dumb phones, moving to a degoogled phone is a huge liberation.

I think there is room for a privacy sub-forum, with pinned/sticked guides on installing Linux, browsers, phones, VPNs, Tor etc.
 
How good is Brave with TOR in that respect? I use Windows for work so can't really easily switch to Linux (which I have used in the past as my main OS).
 
What do you guys think of Rob Braxman and his channel? He promotes using Linux and also sells his own line of degoogled phones and firewalls, etc. I know he gets some criticism but I've found his videos informative and I like his approach of bringing this information to the masses in an easy to understand format.

There's also Jeffrey Peterson on Telegram, who discusses such things and even holds LINUX courses. He's also a Christian, to boot.

 
How good is Brave with TOR in that respect? I use Windows for work so can't really easily switch to Linux (which I have used in the past as my main OS).
If your base OS is pozzed, there is not much you can do in terms of mitigation for your privacy and security.

Brave/TOR is not the tor browser itself, but it does have some limitations to tracking, so big corpos will have a harder time fingerprinting you and feeding you ads.
 
Has anyone noticed that the Tor browser dumps all addons except the built-in NoScript? Also, you can't save your credentials anymore, which is pretty annoying.
 
How good is Brave with TOR in that respect? I use Windows for work so can't really easily switch to Linux (which I have used in the past as my main OS).

If your base OS is pozzed, there is not much you can do in terms of mitigation for your privacy and security.

Brave/TOR is not the tor browser itself, but it does have some limitations to tracking, so big corpos will have a harder time fingerprinting you and feeding you ads.
I do not know Brave.

Instead, I use the Mullvad browser, which is based on Tor Browser, but without using the Tor network. I configured this afterwards, because I want to continue surfing with Tor.

Now you might ask, what's the point? The difference is that the Tor browser changes IP addresses very quickly, while in the configuration I use, the change is slower, as far as I have observed correctly. The difference becomes visible with RVF. With the Tor browser, every other page is an "Oops, your IP address is blocked" and I have to request a new IP, which can be quite annoying. The cause is the hosting, because Cloudflare doesn't like Tor browsers, at least in this case.

But thanks to the admins of this forum, it is not hosted by Cloudflare and the Tor browser runs here without problems.

But as Thefinalepic already noted, a browser configured to access the Tor network is not the same as the Tor browser. There is probably some difference here that I can't name yet.
 
I do not know Brave.

Instead, I use the Mullvad browser, which is based on Tor Browser, but without using the Tor network. I configured this afterwards, because I want to continue surfing with Tor.

Now you might ask, what's the point? The difference is that the Tor browser changes IP addresses very quickly, while in the configuration I use, the change is slower, as far as I have observed correctly. The difference becomes visible with RVF. With the Tor browser, every other page is an "Oops, your IP address is blocked" and I have to request a new IP, which can be quite annoying. The cause is the hosting, because Cloudflare doesn't like Tor browsers, at least in this case.

But thanks to the admins of this forum, it is not hosted by Cloudflare and the Tor browser runs here without problems.

But as Thefinalepic already noted, a browser configured to access the Tor network is not the same as the Tor browser. There is probably some difference here that I can't name yet.

That is an interesting choice, however note you've made yourself more fingerprintable compared to other Tor traffic since you're not using the plain Tor Browser like everyone else.
 
I was super into privacy and went down this rabbit hole a few years ago. I obviously don't recommend using proprietary spyware, but there isn't much point in caring this much about privacy. The bioluminescent African-Americans of the 3 letter agency have already planted too many laws and backdoors into everything nowadays. What redpilled me was the Intel-ME thing allowing processors to have full access to everything you do in your computer. I still use Debian and mostly non-spyware software, but a lot of the privacy measures are just memes. Unless you have something to hide like Club Penguin screenshots, in which case that probably justifies a few things. The counter-argument is that feds can dig your cache and find illegal stuff you did not even get close to.
The main thing is not being identifiable. Doxing, etc.


It would be the first recommendation to anyone to grab an ubuntu ISO and put it on their computer as their new OS.
Ubuntu is basically the only distro that promotes spyware and even has (or had) built in spyware features from Amazon. I wouldn't recommend it at all.
 
Discord is spyware.

View attachment 277

I believe there were/are a lot of right-wing spaces on there, with many involved likely identified.
It is proprietary and obviously spyware, but possessing and sharing CP is a crime. Someone in the server probably reported it and the people who work at Discord had to step in and give away the IP of the people involved, since it's a crime. 4chan also does that, despite being anonymous. Doesn't help that the server had nonce tags like ravioli. That's basically asking for the party van.
 
I was super into privacy and went down this rabbit hole a few years ago. I obviously don't recommend using proprietary spyware, but there isn't much point in caring this much about privacy. The bioluminescent African-Americans of the 3 letter agency have already planted too many laws and backdoors into everything nowadays. What redpilled me was the Intel-ME thing allowing processors to have full access to everything you do in your computer. I still use Debian and mostly non-spyware software, but a lot of the privacy measures are just memes. Unless you have something to hide like Club Penguin screenshots, in which case that probably justifies a few things. The counter-argument is that feds can dig your cache and find illegal stuff you did not even get close to.
The main thing is not being identifiable. Doxing, etc.



Ubuntu is basically the only distro that promotes spyware and even has (or had) built in spyware features from Amazon. I wouldn't recommend it at all.

I agree, I would recommend Arch linux, but I cannot recommend that to a complete linux noob that has never touched a command line.
 
I'm wondering if anyone can enlighten me about the security risks of posting a Youtube video to a thread. I browse YT using invidious, and a lot of time I post the invidious link thinking that it might be safer somehow (both for myself and others), but I think that a lot of people will be annoyed by that and not click the link.
 
I'm wondering if anyone can enlighten me about the security risks of posting a Youtube video to a thread. I browse YT using invidious, and a lot of time I post the invidious link thinking that it might be safer somehow (both for myself and others), but I think that a lot of people will be annoyed by that and not click the link.

People using a VPN/Tor and not logged into YouTube, or a YouTube embed replacer (that swaps videos with Piped/etc embeds) are not at any risk.

People not using either are possibly sharing their IP address with YouTube that they're trying to watch this video.

Every embed and tons of JavaScript scripts are able to do this, it's not a risk inherent to YouTube embeds. In my opinion sharing Piped embeds are ideal instead of YouTube however I don't think the forum currently has support for it. I think the onus is mainly on users to use a VPN/Tor if they want to maintain privacy and it's fine to just use YouTube embeds. Note that Invidious doesn't proxy the video unlike Piped, so they still can leak your IP to YouTube.
 
I'm wondering if anyone can enlighten me about the security risks of posting a Youtube video to a thread. I browse YT using invidious, and a lot of time I post the invidious link thinking that it might be safer somehow (both for myself and others), but I think that a lot of people will be annoyed by that and not click the link.

I will look at this at some point. I was thinking if replacing YouTube and Twitter with Invidious/Piped and Nitter. But that will likely be problematic. I think the HTTP referrer can be removed from I frames, which would pass to Google, Twitter etc. your IP and that you accessed X content from ChristIsKing. If that can be removed I think it will be OK to leave the originals. Planning on writing several guides to various privacy facets, like browsers, social media, VPNs etc.

It should probably be users' responsiblity to take precautions.

Will also message all accounts using Gmail, Yahoo, Hotmail and other spyware to suggest they follow the steps in the email privacy guide.
 
People using a VPN/Tor and not logged into YouTube, or a YouTube embed replacer (that swaps videos with Piped/etc embeds) are not at any risk.

People not using either are possibly sharing their IP address with YouTube that they're trying to watch this video.

Every embed and tons of JavaScript scripts are able to do this, it's not a risk inherent to YouTube embeds. In my opinion sharing Piped embeds are ideal instead of YouTube however I don't think the forum currently has support for it. I think the onus is mainly on users to use a VPN/Tor if they want to maintain privacy and it's fine to just use YouTube embeds. Note that Invidious doesn't proxy the video unlike Piped, so they still can leak your IP to YouTube.
I would think that most members have by now figured out how to use a VPN, so maybe that covers it. Honestly I don't know what Piped is, although I've seen the word used on some Privacy Redirect instances.

A good acronym I came accross: "X, formerly Twitter" = XFT (a good XFT link is worth more than any NFT).
 
I'm wondering if anyone can enlighten me about the security risks of posting a Youtube video to a thread. I browse YT using invidious, and a lot of time I post the invidious link thinking that it might be safer somehow (both for myself and others), but I think that a lot of people will be annoyed by that and not click the link.

Many Invidious instances still using googlevideo.com, so it depends on which one you chose.

J9qvr79.png

J9q82Lv.png

J9q8GQj.png
 
Discord is spyware

I believe there were/are a lot of right-wing spaces on there, with many involved likely identified.
Discord has a setting (default = on) where it records everything you do on your machine after you install it. Blew my mind when I saw that!
Anyway I never used it for any written content, just a live voice group for a video game I used to play. Discord released a bunch of recorded chat logs after Unite The Right--they are completely compromised.

I still recommend doing discreet things on a live linux boot--everything is in RAM and once you reboot there are no cache files, cookies, etc. of your actions. Daily machine = windows 10 with occasional live linux boot.

Bonus: the Live Linux boot typically connects to an EU VPN, and you get all the protections of a European citizen (ie Youtube always pops up a window asking if it can track me, and I can choose to REJECT ALL COOKIES)
 
Back
Top