ravenheart

As far as Mullvad goes I found the service good but with so few server locations available connecting was sometimes frustrating.  Dunno about their actual security practices. CG of course has been discussed  several times before, also worth noting was I believe that one of their servers was either handed over to / seized by, authorities.  Personally with all the unknowns and knowns concerning their services and adding that into the mix def should be a cause for concern. I don't know the facts or anything but just saying.....

all I did was get the appropriate mono version via the ALA ( Arch Rollback Machine)  and built airvpn client with yaourt, always worked for me

Ok, This is just my personal preference but it has the exact same negative as does TAILS,  gnome 3 !!!  if something is designed to be run from say, a flash drive wouldn't it make more sense to use something lightweight like MATE, XFce4, or even openbox fer chrissakes? or at least as a last resort lock gnome3 into a classic mode?

Jacob Appelbaum has left the Tor project amidst more allegations of sexual mistreatment, possibly against co-workers. The fact that such allegations are "not" new to the project concerning his behvior over the years troubles me that it was not addressed earlier and either dealt with then, or that he was simply not dismissed. Definately darkens my view of the project at large.....

Read the Tor Blog Statement:  https://blog.torproject.org/blog/statement

https://duck.co/blog/post/311/yahoo-partnership

Zhang888 thanks for that! I guess I missed that memo hahaha,  when it popped up today  I just got suspicious by default

Hi,

 

Has anyone had any experience using JonDoNym?? It seems a bit like Tor.

 

https://anonymous-proxy-servers.net/

Chrisb, I would agree with Zhang888,  on the simple reasoning that jondonym has a service to sell you in the end, if you wish to use tor which is their model, you can easily  use the Tor browser and with a little tweaking and addons get the exact same results as jondonym, as far as the results go if you use their anonymity test...  Just a thought.  Adding a third party service or whatever you want to call it adds another level of possible mistrust or abuse into the equation.

Odd thing happened,

I did a clean reinstall of OS X, setup firefox with my settings and addons like usual but see something new. when I use noscript to whitelist/allow DuckDuckGo on the page I see something new,  "In Partnership with Yahoo"  and when I click to whitelist it the name is shown as Yahoo, not duckduckgo...  I really don't think this ever was the case before. Am I batshit crazy or overly paranoid in hesitating to whitelist it now?

I'm trying to get a few very close but very non techie friends to migrate to a msg'ing mechanism that has a bit more privacy than what they currently use, i.e none at all,   I was wondering if anyone here has experience using such services ,remember I need something that's simple enough that they can migrate to without causing their heads to explode. I was looking at the following options and would appreciate thoughts or personal experience or technical observations on the implementations used.

Pidgin/Jabber ( tho I don't think they would be able to make sense of OTR/keys/etc)

Torbird

Cryptocat

Bit Message

Riccochet (just found this one, looks interesting, uses Tor, client auto creates onion id)

p.s  I just went outside, wow!, when did the world happen?

thanks guys, yeah for me it needed the "no proxy" option being set.....

Disable in addons: tor launcher. Network settings: - Use system proxy settings - Uncheck remote dns.

pr1v thanks a lot for that, however it's a no workie,  is unable to access any network connection,  gonna have to investigate further heh, but thanks for the head start.....

I agree with zhang888 that if we are going to use a browser without tor and only with vpn then we should use tor browser without tor (disabling "tor launcher" addon and changing network settings)

pr1v,   hmmm I'd never even considered that option thnx,    I always like to tinker around so now off to go find a tutorial on how to change the network settings in tor browser heh. 

I was initially really interested in the whole bitmask thing, and do hope it eventually gains traction and stuff but, there seems to be still so much uncertainty in it, where are the servers, who runs them, etc etc... And as previously mentioned , the business model, sure I think they want to facilitate private and secure communication but volunteer co-ops like it seems to be always seen to raise a few questions to me, re: the ppl involved, what kind of oversight do the project leads have over the various actors? etc 

I was using twitter with tor browser without javascript (mobile.twitter.com) but now it´s impossible to login with the tor browser user agent without javascript...

prfv,  this whole javascript thing HAS to go away,  I personally get more frustrated by the day with sites needing it enabled heh.  let's start a revolution!

was curious about how others setup their browsers,  for instance some of these dns leak sites can get machine info, i.e screen size, hardware platform, etc.  For instance if I go to say, jondonym and have it scan me, I can make it green across the board except for 2 items, http session, ( which I've heard is a symptom of vpn usage?)  and the other is the authentication - unique i.d, I believe I've heard/read that that one is damn near impossible to get around but not sure, tho I know they are selling something so tests could profile you to see if yer using their product and give false results.

What addons does the assembled braintrust use here?  what about say , using 2 diff addons that sorta perform the same thing, like ghostery and privacy badger, is there a possible issue with them fighting for control?

there aren't really many cons unless you put your real name and such on the key, just make a revoke certificate that you can use if the need arise.

 

And yes you can use e-mail aliases and read it just fine when it arrives, but it highly depends whether you use your own decryption or your e-mail service does it for you, sometimes they might read for the e-mail on the private key and other times if you provide the public key to a service they might read the e-mail it's for too.

 thanks for the reply,  yes this is for a pop3 acct of mine  not an encrypted webmail service like some of those are,  so I thiink I should be fine then if I use an alias in the key and then also create a revoke cert as well, I'm trying to move away from those encrypted webmail accts so that I can control the encryption myself, call me a control freak

never thought to much about it before but ready to make keys for a new email acct and was just curious if there are any real pros or cons? I guess am not to terribly worried about publishing it, it may even up on my blog for contacting me but still,  anyone have thoughts?

Also, if I use an email aliases for the key, would it still be ok once it arrives in the main, actual address?

personally, under no circumstances do I ever use u.s, canada or u.k servers ever.....  just a weird thing I have, no matter where I am or  what I am or am not doing........

 

Karaznie,

 

I have heard lots of back and forth re: spider oak,  has it been open soucred yet? seemed to be a point of annoyance with lots of ppl, I use protonmail too, but I hate that they seem to be a fav target of attacks, I also am trying out tutanota, for an basic pop3 / smtp I have one at autistici /inventati for use with my own keys.  I would like to use veracrypt but I sorta hate if by some chance my comp gets seized and the app is noticed it'll trigger curiosity and questions heh, so I use tomb on my linux box, commandline is nice, noone knows it's there....

 

 As for your docs need, I'm not a huge wealth of information but on privacytools.io they have a few apps listed, maybe something like protectedtext could be of some use?

 

Yes, unfortunately they haven't open sourced everything yet as they promised some time ago. This really annoy people. Hope some day they'll do this some day. I - for one - somehow trust them still. I really like how they deal with ethics, how they care about not knowing anything that potentially might reveal others encryption keys (for example, they discourage logging online to their service, explicitly saying it may be dangerous). Unfortunately nothing in this category (cloud storage) comes even close.

 

I also use Duplicati for backup and store my encrypted bacups safely. It's opensource and secure zero-knowledge alternative. 

 

I use also tutanota, however I like protonmail much more. It's just matter of aesthetics . Tutanota is my secondary mail.

Althought I distrust by nature the idea of cloud storage, I think if I was going to do that I might locally encrypt my files and then use something like Tarsnap, I dunno anyone however that has had firsthand expereince of using them, seems like a solid b/u service but, my tinfoil hat starts to vibrate when I think of storing something "out there" hahahaha

giganerd,  beware if skynet becomes self aware! lol

Karaznie,

I have heard lots of back and forth re: spider oak,  has it been open soucred yet? seemed to be a point of annoyance with lots of ppl, I use protonmail too, but I hate that they seem to be a fav target of attacks, I also am trying out tutanota, for an basic pop3 / smtp I have one at autistici /inventati for use with my own keys.  I would like to use veracrypt but I sorta hate if by some chance my comp gets seized and the app is noticed it'll trigger curiosity and questions heh, so I use tomb on my linux box, commandline is nice, noone knows it's there....

 As for your docs need, I'm not a huge wealth of information but on privacytools.io they have a few apps listed, maybe something like protectedtext could be of some use?

What's been yer biggest computer related goof? Mine was an old computer with dual HDD's and after deciding to reformat the OS drive I instead formatted my data drive heh, 

Advice Sought:  I have an older mac mini in my closet, I was once running a dd format on it and the power went out scrambling the drive, I tried many things to bring it back to life but it's simply not recognized anymore, Anyone have some advice or things to try so I can dust it off and bring it back into use? It annoys me when I look in my closet and see it sitting there on the shelf next to my heels heh

With all the current talk about the need for such, govs whining and screaming about it, why we feel the need to ( the answer is simply, we do it because of you) I was curious if any of you follow this practice and how you do it. Personally my Arch setup is luks/LVM  and for personal stuff I use tomb ( linux only) as it leverages the builtin dm-crypt, etc, as well as allowing keys to be embedded in image files, tombs inside of virtual images, etc.. is a very small program with minimal deps and even has an optional super lightweignt gui for those not digging the commanadline only,  though the website says it requires root access I've found that it does not. Play safe kids!

I was curious about this as well, and reached out to CG Customer service, after asking is this a client specified implementation or server implemented and this is their exact word for word answer....  Just for anyone curious about it or for future reference.

"That happens server side. However, there is no tracking involved or needed for such situation. It's simply a parser that has a public database of malware. When something that is seen to look like a malware is identified, it's simply blocked. There is no need for storing logs here for it to work. If there would be such need, we would not implement a feature in the first point. Of course, if you do not want to use the features, simply do not use them. Privacy and security is a first priority here."

just curious if anyone else out there tends to stay within a certain geographical location regardless of server speed? or do you have any locations you flat out refuse to connect to for whatever reason? I tend to fall into both of these areas heh

cm0s,

I agree with the assertion that other distros do have their good points but nothing seems as much like home as Arch, I first found it many years ago, back when it actually had release numbers / code names, iirc I first tried it at 0.7 Vega, ( maybe Homer) Others just seem, messy? hard to explain heh... Pacman + AUR is awesome