Comments

1

quandyalaterreux wrote

I'm not sure why you keep bring that up as a grave issue. The one aspect of XMPP that is a privacy concern is how the roster is maintained by default.

Because with centralization Signal can make sure that their servers don't have too much metadata (see https://signal.org/bigbrother/eastern-virginia-grand-jury/) but with decentralization where's that guarantee?

2

quandyalaterreux wrote

Federated protocol: you have to keep banning IPs

That's something very easy for censors. I mean just look at the Tor Project's bridge distribution, even though there are loads of non-public bridges, China is able to keep up and block virtually all of them. But, domain fronting works in China.

Non-federated protocol: your mobile phone number, which is associated with your real name, is your ID

Federated protocol: your account on a server is your ID

I agree, a phone number isn't the best thing, but a federated protocol is worse since you're giving more metadata by associating your account with a particular instance (e.g. user@domain.com).

I don't see how is non-federated better. Best case scenario, they are equally bad.

I think Moxie did a pretty convincing case against it: https://signal.org/blog/the-ecosystem-is-moving/

2

quandyalaterreux wrote

Yes, as his employee Joshua Lund says,

An aspiring censor could also "easily connect to the broader network" and masquerade as a federated server in order to discover others. This process could even be automated.

Federated services also require an identifier, and this identifier usually indicates where the user's account is located and how to connect with them (e.g. user@domain.com). As people share these identifiers, the aspiring censor can just keep adding new entries to the blacklist.

Federated services also offer no by design solution to metadata.

4

quandyalaterreux wrote (edited )

Introduced in June 2006 in Intel’s 965 Express Chipset Family of (Graphics and) Memory Controller Hubs, or (G)MCHs, and the ICH8 I/O Controller Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip. In Q3 2009, the first generation of Intel Core i3/i5/i7 (Nehalem) CPUs and the 5 Series Chipset family of Platform Controller Hubs, or PCHs, brought a more tightly integrated ME (now at version 6.0) inside the PCH chip, which itself replaced the ICH. Thus, the ME is present on all Intel desktop, mobile (laptop), and server systems since mid 2006.

For AMD: The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013).

https://libreboot.org/faq.html

4

quandyalaterreux wrote

I just need to download the latest one..?

You can choose whichever you want. I'd say seeding 4 of them may be a good start.

The files don't have extensions though, do you know what to do with them after they download?

I never tried it (all of my traffic is proxied through Tor with Whonix, so I can't torrent since there's no UDP support for Tor), but I guess it's just a .rar file that you'll need to extract. Let me know for sure when the download finishes. ;)

3

quandyalaterreux wrote (edited )

You can't signup on Gitlab with a throwaway email service, even Github allows you to do that (even though they flag the account soon but with a simple message they re-activate it). Generally whether a service accepts a throwaway mail for signup is a good indication of how tolerant it is.

3

quandyalaterreux wrote

First of all, the most important thing; Use the Tor Browser. If you're using regular Firefox with Tor as a proxy then Cloudflare will automatically offer you a captcha if your user-agent isn't that of the Tor Browser.

Secondly, if you do get a captcha after all try to use caching services if possible such as web.archive.org/save/ and archive.fo.

Thirdly, you can also use online proxies such as kproxy.com

Hope this helps a bit.

11

quandyalaterreux wrote

Many of those are redundant. uBlock Origin, HTTPS Everywhere, NoScript and Decentraleyes are vastly sufficient. You can get anti-fingerpriting protection such as canvas blocking by enabling privacy.rresistFingerprinting (in Nightly).

4

quandyalaterreux wrote (edited )

WebExtensions are not necessarily a bad thing, it's just that instead of phasing the old extensions out gradually, Mozilla decided to announce that within a relatively short while the extensions would be dropped completely.

Are you kidding? That's exactly what they did: They announced the deprecation of XUL/XPCOM more than 2 years ago: https://blog.mozilla.org/addons/2015/08/21/the-future-of-developing-firefox-add-ons/

6

quandyalaterreux wrote (edited )

It's only the default for 1% of new installs in Germany. And yes, I agree that they messed up with this, but we shouldn't definitely not spin up this into "Do not use Firefox, let's go to Chromium/Opera/... because they all have data collection". Firefox is really the only hope for an anti-Chromium monopoly.