Privacy

31800 readers
264 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
1
 
 

For many, this month is when gift-giving season officially begins in the United States (and several other places, I presume) thanks to Black Friday, which is quickly consuming most of November in many cases. As a result, even though online shopping is something most of us engage in year-round, now it’s particularly important to discuss how to safely shop online. Below is my now-annual updated online shopping tips, reflecting techniques and strategies I've picked up in the last year.

2
 
 

I made this post, outlining my verdict about whether or not Chromium is more secure than Firefox. At the very end of the post, I noted "GrapheneOS did not respond to my requests for a comment."

Well, after weeks with no reply, they finally responded. I don't plan to do any more research about this topic, but this information is still incredibly valuable. Keep in mind the questions I asked the GrapheneOS team were created before I had done much research about the topic. Here are the questions and GrapheneOS's replies:

Does Firefox have isolation between tabs?

incomplete

Is Firefox's implementation of tab isolation as secure as Chromium's?

no, it's incomplete and their sandbox is significantly weaker across all platforms, but it varies based on platform

Firefox uses Fission to isolate embedded content from the main website. Is Fission used for tab isolation as well?

it's incomplete

Is Fission the main cause of concern about Firefox's security?

there are many ways in which it's less secure than Chromium, but the weak sandbox particularly that's entirely not implemented on Android is one of the main issues

Are there other reasons why Chromium is more secure than Firefox, besides Fission?

Chromium uses full garbage collection for a lot of the C++ objects, has much more hardened memory allocators for native allocation, has the V8 sandbox as another layer of security missing in Firefox before the OS sandbox, has much more fuzzing, auditing, etc. and much more modern exploit mitigations implemented too

Firefox is far behind in nearly every way and laid off a lot of their security people

Isolation of embedded content is important to prevent Spectre and Meltdown exploits, but is this actually something that an everyday user will be majorly affected by? It seems that, unless you are logging in through embedded content, there is far less risk associated with this from an everyday standpoint. Again, more security is obviously better, but is this as big of an issue as it's made out to be?

yes it impacts users because browser vulnerabilities are widely exploited in the wild and the OS sandbox is one of the main defenses against it, as is the V8 sandbox feature entirely missing in Firefox

Google heavily monitors for browser exploits and catches a lot of it happening in the wild

Mozilla / Firefox has little visibility into it

therefore, it's much more widely reported for Chrome but does not mean it isn't happening with Firefox regularly

Is Firefox less secure on Linux (besides Qubes, Tails, etc.) than other desktop operating systems?

Tails is not a hardened OS at all, that's a misconception about it, and it has nearly all the problems of desktop Linux

Firefox on desktop Linux has weaker sandboxing than elsewhere

on Android they haven't even implemented a content sandbox, although the OS provides an app sandbox around it as a whole but that's not the same thing

In which ways are Fission less secure than Chromium's Site Isolation?

it's not even completed yet, the issue is still open since not everything is isolated yet and there are known ways out

Does Brave provide the same privacy against fingerprinting as the Tor Browser?

Tor Browser's anti-fingerprinting is greatly overestimated and does not really work with JavaScript enabled, which it is for most users

Brave's is not strictly better or worse

neither anti-fingerprinting approach works well

Could you provide good resources for my article about the state of Firefox security on Android?

no, but it is awful, they don't even implement any content sandbox let alone site isolation, and have almost no exploit mitigations or anything implemented

Would it be easy for a developer to create a fork of Firefox for Android that uses isolatedProcess?

no, but it's easy for them to do it relative to doing it elsewhere

Would using isolatedProcess in Firefox fix isolation issues? If not, what would still need done?

no, but it would allow them to provide a content sandbox on Android and partial site isolation to the extent they implement it overall

Is there tab isolation for Firefox on Android? Is this as secure as Chromium's?

there's an incomplete implementation, and no, it's not nearly as secure aside from being incomplete

3
4
 
 

watomatic.app

Example

🤖 Automated Reply

💬 I reply faster on example.org

⁉️ WhatsApp is anti-libre software. We do NOT control it. It withholds a libre software license text file, like GPL.

Explained

I reply faster on

Deleting the only way to reach someone online breaks your influence.

example.org

A link and only one link, so (1) they see it's an app, not some random word or typo, (2) they can download it without searching, and (3) they don't have multiple choice–they don't need to do any thinking or research. Remove everything stopping them.

anti-libre software.

Never say privacy, they've heard it all before (from you, no doubt). Say something different.

We do NOT control it.

Make it simple and direct. Think of the most retarded person you know and break it down in a way they would understand. Think about every angle it could be misunderstood.

It withholds

Libre software is normal, default. Anti-libre software is cringe, weird, dangerous. Act like it. Also, humans care less about getting and more about losing stuff.

libre software license text file

Show them what to check for, for themselves, easily, obvious. Later, show them how to spread these ideas. Then, show them how to show others how to spread these ideas, make more of you.

GPL

A keyword for them to web search for more, with better results than more complex terms like AGPL or misleading terms like 'open source'.

Don't waste a word.

Lastly, make yourself someone everyone wants to talk to.

5
 
 

By "push server" I mean something like Ntfy.sh.


Cross-posts

6
 
 

Loops is a federated alternative to TikTok created by Pixelfed. Once it first came out, users were able to sign up for early access. Confirmation emails weren't sent right away, but today they announced that emails were being sent out, and registration is now closed.

I got a confirmation email today, attached in the image. I will be loosely documenting my experience, and may (no promises) make a writeup about it.

Wiz Khalifa would be proud

7
8
9
 
 

So I'm on the market for a 4G or 5G mobile hotspot with a build-in VPN client I can carry around in my backpack and connect my cellphone to. I've looked far and wide, and really the only manufacturer that seems to make what I want is GL.iNet.

The two battery-powered models they offer that interest me are the Mudi v2 and the Puli: they only do 4G and I wish they did 5G too, but I can live with that. Other than that, they really tick all the boxes for me.

From what I could read, the GL.iNet company also seems very open and very responsive. That's a plus too.

But I have one giant problem that prevents me from whipping out the credit card: GL.iNet is a Chinese company, and those products are sensitive applications. I know I can flash OpenWRT separately on those devices to ensure they're not doing stuff behind my back, but I don't really want to do that because I'd lose the GL.iNet plugins and custom UI. Not to mention, I have no free time for that. I'm looking for a ready-made solution if possible with this one.

Anybody knows if GL.iNet can be trusted?

Also, has anybody ordered from Europe using their EU store? They say they ship direct from Europe but they give no details.

And finally, what do you think of those two mobile VPN routers if you own one. Do they work well? I read somewhere that they can be buggy with certain VPN providers. Do they work in Europe? I assume they do since they sell EU plugs but maybe there are caveats.

10
11
112
Tails 6.9 released (nice) (blog.torproject.org)
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
 
 

Happy Halloween! Tails released a small update, but it's nice to see that the software in Tails is getting updated more frequently!

Here are the major changes:

  • Update Tor Browser to 14.0.1.
  • Update the Tor client to 0.4.8.13.
  • Update Thunderbird to 115.16.0.
  • Fix automatic upgrades aborting with the error message "The upgrade could not be downloaded" even after a successful download. (#20593)

Alternative link: https://tails.net/news/version_6.9/

12
 
 

actually awesome and fast search engine (depending on which instance you use) with no trashy AI and ADs results also great for privacy, if you don't know which instance to use go to https://searx.space/ and choose an instance closest to you

13
 
 

I used Mullvad's guide to change the DNS in Linux Mint and it worked. But I have a question about Firefox's DNS over HTTPS settings. Can I turn it to off now that the whole operating system uses the Mullvad DNS?

14
 
 

I was interested in hosting my own mail server that provides a similar level of privacy for users as Protonmail, ie the server admin cannot read any emails, even those which are not E2EE with PGP. Is there a self-hostable solution to this?

I'm aware the server admin can't read emails that were sent encrypted using the user's PGP key, but most emails I get are automated emails from companies/services/etc without the option to upload a public key to send the user encrypted email. If you're with a service like Protonmail, the server admin still cannot read even these emails.

15
 
 

Introduction

Many years ago, when I was first getting into privacy and security, I wanted to see how long passwords should be in order to be secure from brute forcing. There are plenty of password strength testers already, but I wasn't sure if they accounted for the increase of cracking speeds over time. Then, the idea came to me: What is the maximum speed for a password cracker?

The Planck Cruncher

The Planck Cruncher is a theoretical supercomputer, designed to crack passwords as fast as the laws of physics will allow. Here is how it is constructed:

Imagine a little computer that can fit in the smallest possible space in the universe: a cubic Planck length. This little computer is able to test one password every Planck time, the shortest possible unit of time. Now, fill every cubic Planck length in the observable universe with these little computers, all testing passwords at the same time, and you have constructed the Planck Cruncher!

I should note here: of course this is impossible to create. This is just a fun idea I had, to test the theoretical security of passwords. Don't take it too seriously.

How fast is it?

First, you need to calculate how many of those little computers can fit inside the observable universe.

The diameter of the observable universe is estimated to be 8.8×10^26 meters in diameter. To calculate the cubic volume of the observable universe, you can use the equation for the volume of a sphere: 4/3*πr^3

A sphere 8.8×10^26 meters in diameter has a radius of 4.4×10^26 meters. Substitute that into the equation to get 4/3*π*(4.4×10^26)^3 which equals 3.6×10^80 cubic meters in volume.

A Planck length is approximately equal to 1.616255×10^(-35) meters. That means a cubic Planck length would have an area of 4.222111×10^(-105) cubic meters.

Divide the volume of the observable universe by the area of a cubic Planck length, and you get how many little computers make up the Planck cruncher: (3.6×10^80)/(4.222111×10^(-105)) which is approximately 8.52654×10^184 little computers. This is the exact number (rounded up):

85265403964983393378336097748259105456962168924502458604238495861430455049618543899011655543873668882698725826961915496774007125819288029139925501721769039231796606010595173836026575332

Next, you have to find out how many Planck times are in a second.

A Planck time is approximately equal to 5.391247×10^(−44) seconds. To find how many Planck times are in a second, you simply take the inverse of that to get: 1/(5.391247×10^(−44)) which is approximately equal to 1.854858×10^43 Planck times in a second.

If you multiply the number of little computers in the Planck Cruncher by the number of Planck times in a second, you find out how many passwords the Planck Cruncher can test every second: (8.52654×10^184)*(1.854858×10^43) is approximately 1.581553×10^228 passwords tested every second. The exact number is below (rounded up):

1581552541832778082294061053931661922686201706664570527082852925518538754570483301896790400140703419500140242637035837845567215262429787192831741927642510892782256238873773986538301349050212882962091805863577761872814550820473182

The complete equation is this:

How secure are passwords against it?

Since you know how many passwords the Planck Cruncher can test in a second, you can calculate how secure a password must be to fend it off for, say, 100 years.

There are 95 printable characters on a standard QWERTY keyboard. If you make each character of your password a randomly selected character from the 95 printable characters, you can calculate the number of possible combinations for your password using the equation 95^length where length is the length of your password. I will refer to this as the "complexity" of the password.

With that, you can calculate the bits of entropy of the password by using the equation log2(combinations) where combinations is number of possible combinations for your password. For simplicity, I will be referring to the strength of passwords by their bits of entropy. The unit used to represent entropy is the shannon unit, denoted as "Sh".

To calculate how many seconds it would take to crack a password, you divide the password complexity by the speed of the Planck cruncher. For example:

An 8 character password has a complexity of 95^8, or approximately 6.6342×10^15. That password has an entropy of log2(6.6342×10^15), or approximately 52.56 Sh. To crack the password, assuming it was the very last password tested, the Planck cruncher would take 4.1947×10^(-213) seconds. That is orders of magnitude shorter than a Planck time itself.

So, how many bits of entropy is secure against the Planck Cruncher? If you wanted a password that is strong enough to keep the Planck Cruncher at bay for 100 years, the password would need an entropy of approximately 789.66 Sh. The password would be 121 characters in length (rounded up).

A passphrase with the same entropy (assuming 7,776 words are in the wordlist, from the EFF Large Wordlist for Passphrases) would have 62 words (rounded up).

Conclusion

Obviously if the the universe is (literally) against you, you have bigger problems than a password protecting your sensitive data. This was just a fun thought experiment to see what the upper limit of password cracking is. It's interesting to see how a 1024 bit key would be resistant against even the fastest theoretical supercomputer for over a vigintillion years (assuming it has no other weaknesses). I hope you had as much fun reading this as I did writing it. Be sure to use strong passwords, and use a password manager.

16
 
 

To me, it’s gotta be the microphone

17
 
 

So I went to update my apps and was greeted with these warnings in FDroid. A quick and basic search online and in various communities yielded no news regarding a major compromise in Fennec and Mull, does anyone know more about this or have you seen any news regarding a vulnerability? Curious if this is a false positive or if there is something going on with firefox forks.

18
 
 

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay.
Tor has written about this.
Hacker News thread.

19
 
 

I honestly haven't found any good reading material other then the arch wiki which indeed vaguely outlines pros and cons, and I was wondering if the only significant advantage Is that you dont have go type your password in... Which ita a big advantage if you dont mind cold boot attacks ... Also automatic login Is handy if you dont mind privacy at all ... What do you think?

20
 
 

(I know many of you already know it but this incident I experienced made me so paranoid about using smartphones)

To start off, I'm not that deep into privacy rabbit hole but I do as much I can possibly to be private on my phone. But for the rest of phones in my family, I generally don't care because they are not tech savvy and pushing them towards privacy would make their lives hard.

So, the other day I pirated a movie for my family and since it was on Netflix, it was a direct rip with full HD. I was explaining to my family how this looks so good as this is an direct rip off from the Netflix platform, and not a recording of a screening in a cinema hall(camrip). It was a small 2min discussion in my native language with only English words used are record, piracy and Netflix.

Later I walk off and open YouTube, and I see a 2 recommendations pop-up on my homepage, "How to record Netflix shows" & "Why can't you screen record Netflix". THE WHAT NOW. I felt insanely insecure as I was sure never in my life I looked this shit up and it was purely based on those words I just spoke 5min back.

I am pretty secure on my device afaik and pretty sure all the listening happened on other devices in my family. Later that day, I went and saw which all apps had microphone access, moved most of them to Ask everytime and disabled Google app which literally has all the permissions enabled.

Overall a scary and saddening experience as this might be happening to almost everyone and made me feel it the journey I took to privacy-focused, all worth it.

21
22
 
 

Two weeks ago, I made this post. The goal was simple: I wanted to dig into the details of Chromium and Firefox to see if the claims that Chromium is more secure than Firefox are true or not. You'll notice I also started turning that post into an update log, but only one update got released. There is a reason for that. Life suddenly got extremely busy for me, I could barely make time to continue researching. However, during that time, I spent a lot of time thinking about the issue. I tried breaking down the problem in a million different ways to find a way to simplify it and start from the ground up.

I came to a conclusion today, a realization. I have no way to put this gently: I cannot conclusively determine which one is more secure. This will upset many of you, and it upsets me too considering I maintain my own list of software that relies on only providing the most secure and private versions of some software. I need to explain why there cannot be a solid conclusion.

I managed to collect many sources to be used for the research. A lot of the information is parroting this article which, despite having many sources, fails to provide sources for some of the most crucial claims made there ("Fission in its current state is not as mature as Chromium's site isolation" has no source, for example). My favorite source is this Stanford paper which I think does a great job at tackling the problem. The problem I noticed is that a lot of privacy advice is given from an echo chamber.

Think about what privacy advice you like to give, and think about where you heard that. A YouTube video? Reddit? Lemmy? Naomi Brockwell gives a lot of advice that stems directly from Michael Bazzell's Extreme Privacy book, as I found out after reading it. Her videos about convincing people to use Signal are paraphrased passages from the book itself, which has a whole section about it. People touting Chromium as more secure than Firefox, or that the Play Store is a more secure option than F-Droid or Aurora Store, often get their information from GrapheneOS. I've never seen anyone research those in depth.

The point I'm trying to make is that a lot of privacy advice is circular reporting. I'm certain that if Michael Bazzell and GrapheneOS were to provide sources as to where they got their information (they rarely do, I checked) it would come to light that it boils down to a few real sources. GrapheneOS, no doubt, likely has inspected at least some part of the Firefox codebase, but Firefox is rapidly changing, so any sources that used to be true may not be true today.

FUTO Keyboard and GrayJay get recommended often because of Louis Rossmann, but HeliBoard and FreeTube (or NewPipe) were options long before those pieces of software. The reason the former became so recommended over the latter is simply because people used a popular figure, Louis Rossmann, as a primary source. It then became an echo chamber of recommendations and best practices.

That doesn't mean the claims of Chromium being more secure are false, but as a researcher it is very hard to credit something that doesn't provide any primary sources. In the eyes of a researcher, GrapheneOS's word holds just as much weight as a random internet user, without any proof. I see it play out like this: A source like GrapheneOS or Extreme Privacy makes a claim, secondary sources such as GrapheneOS users or Naomi Brockwell present this information without providing the sources, the general privacy community sees both, and begin giving the same recommendations on Reddit or Lemmy (sometimes with sources), and eventually the privacy community as a whole starts presenting that information, without any primary sources. Even if GrapheneOS, Extreme Privacy, or Louis Rossmann provided no research or direct comparisons, their word is taken without question and becomes the overarching recommendations in the privacy community. They each gained credibility in their own ways, but there should always be scrutiny when making a claim, no matter how credible.

The main reason why I cannot give a concrete conclusion is this: the focus on the article was to compare Chromium's Site Isolation to Firefox's implementation, however there are too many variables at play. Chromium may be more secure on one Linux distro than another. Debian is an example. Firefox supposedly has worse site isolation on Linux, but then how does Tails deal with that? It's based on Debian, so does that make it insecure for both browsers? Tor is based on Firefox ESR, which is an extended support release with less security, but Tor is also deemed a better option than Chromium browsers for anonymity. Isolating iframes doesn't really affect daily use, so is it really necessary to shame Firefox for that? Some variants of Firefox harden the browser for security, but some variants of Chromium (such as Brave Browser) try to enhance privacy. No matter what limits I set, how many operating systems or browser variants I set, there is no way to quantify which one is more secure.

"Is Chromium more secure? Yes, under XYZ conditions, with ABC variants, on IJK operating systems. Chromium variants XYZ are good for privacy, but ABC Firefox variants are better at privacy..." The article would be a mess. The idea for the article came because I was truly sick of the lack of true in-depth sources about the matter, and so I wanted to create that. I now realize it was a goal that is far too ambitious for me, or even a small group of people. Tor and Brave give different approaches to fingerprinting protection (blending in vs. randomizing), and there's no way to directly compare the two. The same goes for the security of each. There is no "Tails" for Chromium, but there is no "Vanadium" for Firefox. There's no one to one comparison for the code, because some of it is outside of the browser itself.

I regret making that initial post, because it set unrealistic expectations. It focused on a problem that can't tell the whole picture, and then promised to tell that whole picture. At a point, it comes down to threat model. Do you really need to squeeze out that extra privacy or security? Is someone going to go through that much effort? You know how to spot dark patterns, you know not to use privacy invasive platforms. Take a reality check. Both Chromium and Firefox are better than any proprietary alternatives, that's a fact. Don't bother trying to find the "perfect" Linux distro or browser for privacy and security, because you already don't use Windows. Privacy is a spectrum, and as long as you at least take some steps towards that, you've already done plenty.

Be careful next time you hear a software recommendation or a best practice. Be careful next time you recommend software or a best practice. Always think about where you heard that, and do your own research. There are some problems that are impossible or infeasible to solve, so just pick what you feel is best. I really am sorry that I wasn't able to provide what I promised, so instead I will leave a few of the sources I found helpful, just in case another ambitious person or group decides to research the matter. Not all of these sources are good, but it's a place to start:

GrapheneOS responded to my requests for a comment after this post was made, here: https://lemmy.ml/post/22142738

https://www.cvedetails.com/version-list/0/3264/1/

https://en.wikipedia.org/wiki/Site_isolation

https://madaidans-insecurities.github.io/firefox-chromium.html

https://news.ycombinator.com/item?id=38588557

https://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf

https://grapheneos.org/usage#web-browsing

https://www.reddit.com/r/browsers/comments/17vy1v5/reasons_firefox_is_more_secure_than_chrome/

https://www.wilderssecurity.com/threads/security-chromium-versus-firefox.450867/

https://forums.freebsd.org/threads/why-im-switching-from-firefox-to-ungoogled-chromium.87878/

23
 
 

Think about it. It was released (read: forcibly shoved down our throats) by Google and came out of nowhere when there were zero problems with the decades old and extremely well researched incumbent image/video formats that the web was already using (i.e. jpg, png, gif, mp4, etc). Google has confirmed ties to the US three-letter agencies through PRISM, as well as AFAIK all but confirmed ties to the Israeli government. BlastPass was reportedly apart of Israel's Pegasus hacking suite for years before the vulnerability went public, and was actively exploited by Israel to track down political dissidents. It's also the worst type of vulnerability there is, a buffer overflow resulting in arbitrary code execution, meaning once you exploit it you can do literally anything to the target device, from an image format, the type of file most people would never suspect to be capable of doing that (and indeed most developers never suspected that either, considering how everyone from Mozilla to Apple seemingly just took Google source code and incorporated it into their own software, no questions asked).

Maybe I'm just overly cynical, but I'm having a really hard time believing that such a critical vulnerability in such a widespread code base would be accidental, especially in the age of automated testing, fuzzing, and when the industry generally has a very good understanding of how to prevent memory vulnerabilities. The vulnerability was there since they very beginning of the standard and we're to believe one of the largest software companies simply failed to spot it for years? I don't think Hanlon's Razor should apply to companies like Google because they have a long and shameless pattern of malice and have long exhausted their benefit of the doubt.

I have a sneaking suspicion that WebP was planned as a Trojan horse from the start to backdoor as much software as possible, and Google sold the exploit to the US and Israel govts. Why else would Google so relentlessly push an image format of all things unless there was some covert benefit to themselves? (An image format that's not even patented/licensed mind you so they're definitely not making money that way.)

What do you think?

24
87
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
 
 

I'm investigating getting off the cell network permanently to avoid at least the constant triangulation of my position. I figured I'd look into getting a VoIP number and getting calls and texts over WiFi. I don't mind being unreachable when I'm not connected to a hotspot, so it's not a problem for me.

But before looking for a good VoIP provider, I decided to check if WiFi still worked in airplane mode. And indeed it works. But to my surprise, when I connected the WiFi, my cellphone provider's name also came right back up at the top right of the screen. In airplane mode? What the hell?

Long story short, after investigating a bit, I realized I had WiFi calling enabled. So I can in fact already get calls and texts without being on the cell network.

And I'm thinking, maybe that's good enough for privacy?

I mean I know SIMs leak information like ICCID / IMSI / IMEI so obviously they have no reason not to do that over WiFi also and that's not so hot.

But on the plus side, none of that information is linked to cell towers and location anymore - at least not precise location if I'm not on a VPN - the baseband processor is off and can't do whatever shady chit-chat it does with the SIM and the cell towers, and I can still use my normal phone numbers without having to change and tell a million people that I have new numbers if I go with VoIP.

Also, I don't store my contacts on my SIMs and I use a deGoogled Android. So I figure that limits how much adversarial software can exploit the SIMs to leak data.

So it seems to me that WiFi calling may be a good solution for me for better privacy without too many compromises.

Can you think of something I missed that I should know before using this feature?

25
 
 

Basically title. How does one go about pairing third party services like streaming services to a mini PC so that you can stream it on your dumb / degoogled TV? I don't really know how TVs work, much less mini PCs, so if anybody could dumb it down for me I'd appreciate it. What does your setup look like, if you have a dumb TV (e.g running kodiTV without network connection)?

view more: next ›