Comments

4

quandyalaterreux wrote

If the point of DuckDuckGo is to remain more private while searching the web, it doesn’t make sense to have your search terms visible to anyone with access to your computer (or your network).

  1. The claim "or your network" is absolutely false as DDG uses HTTPS.

  2. It's not even a problem, just don't record your history, or delete all duckduckgo.com/* urls from your history.

  3. Never use DuckDuckGo nor this "SearchEncrypt" instead use Tor if you want privacy by design with whatever search engine or website you want.

1

quandyalaterreux wrote (edited )

How much more? Your ISP won't know that you visited gmail but if you are using https then the local ISP would not know your account name anyway. And if you are not using https then the exit node would know your account name and that is a lot less private.

The Tor Browser includes HTTPS Everywhere and in fact gmail is preloaded in the HSTS preload list so HTTPS should be forced. In the first case the ISP will know that you visited gmail, whereas in the second the ISP won't know that - which is a net gain in privacy terms.

1

quandyalaterreux wrote

Surfing yes. Checking e-mail, no. They even talk about this in their docs. If you use an account that is tied to you you aren't getting the same kind of protection that TOR was designed for.

You can sign-up using the Tor Browser with a web email service that allows Tor (such as tutanota.com) and hence your identity won't be tied to that email (unless you leave personally identifiable information, email is unencrypted by default so don't forget about that).

2

quandyalaterreux wrote

For Tor never use it with anything besides the Tor Browser.

For something else, you can include privacy.resistFingerprinting -> true privacy.firstparty.isolate -> true and some others (but not all, ask if you're unsure): https://www.privacytools.io/#about_config Also there's another one for anti-font fingerprinting but I can't recall its name.

Don't forget to test on https://browserprint.info

1

quandyalaterreux wrote

I just learned the hard way that if you try to configure Tor to use a whole bunch of bridges at the same time, it will struggle to connect to the Tor network.

Tor never connects to a lot of bridges at the same time.

Also since Tor 0.3.0.x two bridge lines are required for normal, obfs4 bridges.

Alternatively just use Snowflake since meek will be basically gone as a pluggable transport.

1

quandyalaterreux wrote

also, and primarily, when tor users try to acesss a cloudflare page they are presented with a google captcha that they have to solve

By default that's no longer the case.

Don't get me wrong though, Cloudflare is still evil for a bunch of other reasons (see www.crimeflare.com)

1

quandyalaterreux wrote

I'm not sure why you keep bring that up as a grave issue. The one aspect of XMPP that is a privacy concern is how the roster is maintained by default.

Because with centralization Signal can make sure that their servers don't have too much metadata (see https://signal.org/bigbrother/eastern-virginia-grand-jury/) but with decentralization where's that guarantee?

2

quandyalaterreux wrote

Federated protocol: you have to keep banning IPs

That's something very easy for censors. I mean just look at the Tor Project's bridge distribution, even though there are loads of non-public bridges, China is able to keep up and block virtually all of them. But, domain fronting works in China.

Non-federated protocol: your mobile phone number, which is associated with your real name, is your ID

Federated protocol: your account on a server is your ID

I agree, a phone number isn't the best thing, but a federated protocol is worse since you're giving more metadata by associating your account with a particular instance (e.g. user@domain.com).

I don't see how is non-federated better. Best case scenario, they are equally bad.

I think Moxie did a pretty convincing case against it: https://signal.org/blog/the-ecosystem-is-moving/

2

quandyalaterreux wrote

Yes, as his employee Joshua Lund says,

An aspiring censor could also "easily connect to the broader network" and masquerade as a federated server in order to discover others. This process could even be automated.

Federated services also require an identifier, and this identifier usually indicates where the user's account is located and how to connect with them (e.g. user@domain.com). As people share these identifiers, the aspiring censor can just keep adding new entries to the blacklist.

Federated services also offer no by design solution to metadata.

4

quandyalaterreux wrote (edited )

Introduced in June 2006 in Intel’s 965 Express Chipset Family of (Graphics and) Memory Controller Hubs, or (G)MCHs, and the ICH8 I/O Controller Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip. In Q3 2009, the first generation of Intel Core i3/i5/i7 (Nehalem) CPUs and the 5 Series Chipset family of Platform Controller Hubs, or PCHs, brought a more tightly integrated ME (now at version 6.0) inside the PCH chip, which itself replaced the ICH. Thus, the ME is present on all Intel desktop, mobile (laptop), and server systems since mid 2006.

For AMD: The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013).

https://libreboot.org/faq.html

4

quandyalaterreux wrote

I just need to download the latest one..?

You can choose whichever you want. I'd say seeding 4 of them may be a good start.

The files don't have extensions though, do you know what to do with them after they download?

I never tried it (all of my traffic is proxied through Tor with Whonix, so I can't torrent since there's no UDP support for Tor), but I guess it's just a .rar file that you'll need to extract. Let me know for sure when the download finishes. ;)