write.privacytools.io

Reader

Read the latest posts from write.privacytools.io.

from zeninstaller

Zen Installer 4/30

The newest version of the Zen Installer is now officially released. This version includes the ability to connect to a VPN prior to the installation process to allow users to maintain the utmost privacy. You will get asked which server you want to connect to and then a terminal window will open showing the VPN connection. You MUST close this window or else the installation will not start. I wanted to have a log window so you could verify that the connection was successful. You can download it on sourceforge at https://sourceforge.net/projects/revenge-installer/files/ or via Linuxtracker at https://linuxtracker.org/index.php?page=torrent-details&id=319e70818ccda328bdebd0740e8de0489c5e4c90 You can get support at https://reddit.com/r/zeninstaller

VPN servers were provided by https://sigavpn.com. SigaVPN is a free VPN service dedicated to keeping users as private as possible with no-logs, an adblocking DNS server and DDOS protection. In addition, there's no account needed. You can download Siga configs at sigavpn.com and get support at https://reddit.com/r/sigavpn

 
Read more...

from Jonah

We're excited to announce the launch of Tor connectivity to the privacytools.io homepage, and we hope to get Tor working on the rest of our services as soon as possible.

Update 5/6: Some people asked me for a more detailed post and guide on how to set this kind of thing up on their own servers, so I went ahead and did that. Hopefully if you're a service operator or you just like that kidn of stuff it'll be helpful to you!

The Homepage

The homepage is now accessible via our new Tor hidden service: privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion! This setup in particular is a pretty standard Tor setup, so I won't go into too many details. We're using a v3 hidden service (as you can tell by the enormous domain) with the following options:

HiddenServiceNonAnonymousMode 1
HiddenServiceSingleHopMode 1

Why are we using non-anonymous mode and single-hop mode, you ask? It's mainly to optimize latency: By enabling single-hop mode, we're able to cut two hops out of the connection. This is not in any way detrimental to the anonymity or security of our users, it merely reduces the anonymity of our own server. This is of course fine, because we operate our servers over clearnet domains anyways with public IP addresses.

The main thing we are now accomplishing is not anonymity for ourselves, but increased security for our users. Your connection to the privacytools.io homepage is now completely secured end-to-end, no relying on exit nodes that could meddle with your traffic. It'll also be a bit faster, since we're reducing the load on the Tor exit nodes.

Other Services

With the rest of our services, we're going to be taking a different approach to the traditional .onion domain. Remember Cloudflare's Onion Service? We're basically recreating their setup on our own servers to create secure Tor connections without using .onion domains, at least visibly. That means that if you go to write.privacytools.io in the Tor Browser, for example, you'll see https://write.privacytools.io/ in your browser, but the connection will actually be over the Tor network without the use of any exit nodes!

alt-svc

How can we do this exactly? We're using an HTTP header called alt-svc. Originally designed to facilitate HTTP/2 and SPDY connections, and now commonly used for QUIC, alt-svc allows us to tell your browser that the website you're visiting is also accessible via Tor. The Tor Browser in response, makes a connection to our servers using the information within that header rather than connecting the normal way with DNS lookups and exit nodes.

The drawback to this is you need to actually connect to our websites once, so your browser has a chance to download the header and recognize that it should be using an onion connection. Because we use HTTPS with HSTS preloading this shouldn't be a security issue, since your initial connection will be made over HTTPS. That does mean that the initial connection will still take place over an exit node. After it receives that header, the information is cached, and the browser will continue to make any future connections solely over the Tor network.

When will this happen?

We've already enabled alt-svc support for this WriteFreely instance, for Searx (search.privacytools.io), for our Matomo analytics platform, and for the homepage. (Yes, that means that connections to our homepage will be made over Tor regardless of whether you use the new .onion domain or the standard clearnet domain).

In the future we'll enable alt-svc on all our services, after we finish initial testing on the ones we enabled today.

Is it working?

The issue with alt-svc at the time of writing is how new it is to the Tor network. The Tor Browser has supported connections to hidden services in this manner since Tor Browser 8.0, but doesn't make it obvious whether or not the connection actually works. So at this time, the circuit UI doesn't show the current route correctly. This is currently an open issue in the Tor bug tracker, #27590, that I hope will be resolved in the coming weeks.

Tor for Android also supports alt-svc, but I have not been able to test whether or not it displays the circuit graph correctly. I assume it also does not, until #27590 is resolved.

We will most likely not roll out Tor using alt-svc among the rest of our services until it's better implemented in the Tor Browser.

Discuss

You are welcome to discuss our new Tor integration on our forum!

#tor

 
Read more...

from Jonah

Update 5/15: I'm keeping a higher-priority/more up-to-date copy of all my keys at https://www.jonaharagon.com/keys/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello! These are my [Jonah's] Matrix/Riot devices as of May 1st, 2019.
This list is available at https://write.privacytools.io/jonah/my-matrix-devices in case of any future updates.

Device Name:	MacBook Pro
Device ID:	EXJTBNXCZS
Device key:	1Dib DsVg ySVi DhJT a8je jvnq npO7 GLtI C2XQ oTR3 cxg

Device Name:	iPhone XS
Device ID:	ODAVRGVMMF
Device key:	FFPM pDrl /xmG MEEU l2oA KXAY L6r0 6nPz woZm k2xt 9VA

My PGP key is publicly available at https://keybase.io/jonaharagon/pgp_keys.asc
Fingerprint: 9BD822880E2784EE5C929CD6DB49BB255B868219
You are welcome to use this key to encrypt emails to me as well.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERjBGUu9XhvHgoq9T/aH9tkCG9LEFAlzKAmQACgkQ/aH9tkCG
9LGWkA//ZIePCDR1NebiosnGhpCl3EiKBYzorBcOw0ohJWXHFOuDx9OCnnBoEDvq
NO8ag33EBW3oM2asiGcKuqaaNUCQkxpn7MqKnbwcl1xqK5FWQ/DidbMYCZqWGX1u
+i2jM0pOaVe5f0IO8Lb+riPCGeutpRjhPePEJy3t0TZ6ngqdvDMNKnAhBM4YkjLA
UGgvVaXelyQjzaUm6Kl+f8MchawLXl0J+nIHu3gBgfcC4WWb8l+krFshARFJrcco
8+mimnO5rYfOqnDcI5q8u7luQqd7LQOylsYsmXO6L/Ga5Oi+dBzgPAUcIUI+VgIv
+Io1VXte43xqXa34X8kUS25pp0jRpH0ScqSEPa1NTVyILrIy41MN6924ZD30OGmz
IkfRsplYyIv4moWqKZL+hnsc6UoxRDt92tdUafB0mzrREw+EdTYA+2mw5hxrxk1c
/tzV6OnSyimsIJ2sWp21RqKbv6K0yM5OVFi5G48V394FdTUineKdj1t6OOA4fbAy
+bSp8Qeqiibx462ZQ5vQcsRECCap/wC0peOd9G3bDdyiUNoN4IjcL4f0zyBGbm5N
/yPQCxDBBW/nA7Kp1ziU5n4LyDi7y00Gm/TOSjNgjdhg61YX7EbHgpQQCntosCWD
E1A+JhPJgKyksUXVaPP1w0RcXQliCTcs+fwaJoJf/kReTgaA3LA=
=cURb
-----END PGP SIGNATURE-----

Here's as much proof as I can provide that the PGP key that signed this message in question belongs to me, without meeting you in person. It should be tied to the majority of my online identities, at least a few of which you should be familiar with: https://keybase.io/jonaharagon

Want to verify this was signed by me easily? Visit https://keybase.io/verify and paste in the message above! Of course, that shouldn't replace verifying the signature yourself on your own hardware for more than just casual security :)

#personal

 
Read more...

from WorldWideWebWizard

Don't Expect Facebook To Fulfill Their Promises

Recently, Facebook has come under pressure, again. This time, it involves Facebook, blocking others from exploring their ad platform. This is a clear example, of why Facebook can't be expected to fulfill their promises. No matter what, Facebook will only focus on what they want. To maliciously spy and profit off of the user. This is why I'm currently using, and promoting, decentralized social networks. The current problem we face with getting people to join, involves the bad dependence that people have with Facebook. Most assume, that there is no other alternative out there, to replace Facebook. That is where the average Facebook user is wrong. Mastodon has proven to becoming a great alternative to using Facebook. The problem, also lies providing people with the proper information to using these services.

Once again this incident only proves one thing, Facebook is the big enemy in the tech triangle (Google, Facebook, and Microsoft).

Source: https://techcrunch.com/2019/04/29/facebook-accused-of-blocking-wider-efforts-to-study-its-ad-platform/

 
Read more...

from WorldWideWebWizard

Tor Browser

Hello, I am here to explain the Tor Browser, and how it can benefit you. I am also here to ease any concerns you might have about Tor. Lets get started.

First, what is the Tor network? The Tor network, is a network started by the U.S Naval Research Group. Onion routing passes information through what are called nodes, also called relays. The information is encrypted at least three times and travels through many nodes and relays run by volunteers. As the information passes, each node is given the information on where to send the information to next. This happens until the information is fully decrypted after leaving the exit relay. This process is like peeling back the layers of an onion, hence why it's called onion routing.

Now onto the Tor Browser. The Tor Browser is a modified fork of Firefox ESR (Extended Support Release) that allows anyone to easily utilize Tor. The Tor browser is modified to prevent websites from fingerprinting and trying to DE-anonymous the user. When using the Tor browser, its best to leave the browser with the default configuration. Any change can result in the user becoming identifiable, thus defeating the purpose of the Tor Browser.

Bridges are ways for a user to connect and use Tor when you can't connect directly to Tor because you ISP blocks Tor, Your system administrator blocks Tor, or your nation censors Tor. Bridges work by connecting through, for example, a meek-azure connection. This tactic is called domain fronting. This allows a user to circumvent the censorship put in place and use Tor.

Now to talk about the downsides. Because the Tor network encrypts your connection, browsing the web will be much slower, so patience is key when using the Tor browser. Using any services like BitTorrent can use up a lot of the bandwidth and cause the Tor network to slow down much more for everyone. Using BitTorrent with Tor can also leave you vulnerable for being identified.

Some common fears about the Tor Browser is the Dark Net. These domains end with a .onion, which is the a domain with the purpose with remaining anonymous and accessible to everyone. This domain is meant for access through the Tor browser. While there are illegal services out there that use these domains. There are a majority of pages that are ethical legal to use, such as the DuckDuckGo onion site.

For more information visit the Tor Project FAQ here: https://www.torproject.org/docs/faq.html.en

 
Read more...

from Paula's blog

Click here for Part 1. Click here for Part 2.

Productivity

Clouds & Sync

➡️

  • Nextcloud is what you use if you need a cloud. Mine is empty – I only use it in rare occasions so someone can send me a file which I delete from the cloud once I downloaded it. So I don't have much to say here.
    • DAVx⁵ is a mobile app that let's you sync your contacts & calendar to your Nextcloud.
  • /e/ cloud is the cloud that comes with the /e/ mobile operating system. You can use it to automatically sync all your important data.

Office

➡️

  • Libre Office is a full office suite for desktop. I use it everyday and never missed a feature.
  • Framasoft is an awesome free software community from France that offers a lot of free online tools for collaborative work on documents among many, many other things. If you know French and another language please help them with translations.

Finance

Payment

➡️

  • Faircoin is a socialist cryptocurrency. If you want privacy during online payments there is probably no way around cryptocurrencies and since this article is about avoiding surveillance capitalism, why not go with an anti-capitalistic currency? Faircoin's growth rate is controlled and steady to avoid speculations. It is not mined and energy consumption during transactions is low to minimize the ecological impact which is very high for other cryptocurrencies.
  • Liberapay would be a great option for recurring payments/donations, but as it depends on Paypal and/or Stripe I can't recommend it (yet?).

Online Stores

➡️

  • OpenBazaar is an online marketplace where you can buy and sell anything using cryptocurrencies.
  • FairMarket for now is a very small online marketplace using FairCoins.
  • Avocado Store (Environmental Tip) is once again an ethical choice I'm throwing in here. It is a shop for eco-fashion and home supplies where each product must fulfill at least one principle (like bio, long-lasting, recycled & recycleable, vegan,...) ❗️ Unfortunately the site contains Google tracking and all pictures are stored on the Amazon cloud.
  • For movie–, music– and book-stores jump back to Part 2.

Development

I'm not a developer. Not even slightly. So I'll keep this short.

Collaboration Platforms

➡️

  • Savannah (Freedom and Privacy Tip) is the right choice for 100% free software.
  • Gitlab.com (Beginner Tip) is a collaboration platform often recommended, e.g. by Prsim-break and it is the one F-Droid trusts with their data. ❗️ Beware though, Gitlab.com it is hosted on the Google cloud. The community edition is free software and can be used to power platforms hosted on other clouds. E.g.:
  • Notable mention: Gitea

Captcha

I passionately hate Google reCaptcha. There is so much tracking going on on the web that I can just block away – many sites will still work. But once a website developer chooses to use reCaptcha for a site where you need to register to use that's game over.

➡️

Other

  • ➡️ Matomo is an open alternative to Google Analytics. Or here is a thought: Just don't analyze your customers/community at all!
  • ➡️ Font Squirrel is a collection of free fonts you can use to replace Google Fonts.
  • ➡️ Exoscale is an open source cloud hosting platform to replace all the evil clouds that you can block with Cloud Firewall.

Hardware

Generally: You'll want to go with hardware that runs the software we discussed before. If you already have a device where you can flash one of the privacy friendly operating systems I'd recommend you do that instead of buying a new device: Consider e-waste and resources! Also consider buying a used device and/or resell your old device.

Smartphones

➡️

  • Replicant-enabled devices (Freedom and Privacy Tip) are the first choice for privacy. They recommend the GTA04.
  • Fairphone (Environmental Tip) is my personal choice and recommendation. Their focus is on conflict-free resources, good working conditions and circular economy, but e.g. the FP2 also comes (came) with an unlocked bootloader, so many of the OSes mentioned before run on it. Also there is an active community avoiding Google which I am a part of.
  • Notable Mentions: Purism, Shift , Necunos

Computers

➡️

  • Freedom Tip: First choice for full freedom should be a device certified as Respects Your Freedom by the FSF. Second choice would be to get a device from h-node
  • Purism (Beginner Tip) is one of the manufacturers with devices available on h-node. Their Librem devices come with their before mentioned and FSF-endorsed PureOS. They are definitely high up on the list for my next device, not that that's anytime soon. I also recommend them for GNU/Linux beginners because compatibility between device and OS is surely not an issue if both come from the same company.
  • why! (Environmental Tip) is a Swiss company that makes repairable computers running Ubuntu. For Linux beginners I can really recommend them. My next computer (which will be in many, many years) will probably be something different though.

Other Devices

➡️ 🚫

  • First up: Avoid smart devices, especially home assistents like Amazon Echo, Google Home, Apple HomePod and smart watches like the Apple watch. You don't need them. You really don't, but if I can't convince you then get a Mycroft Mark.
  • For other devices check out the FSF recommendations and Mozilla's Privacy Not Included Guide.
  • Generally just avoid devices with sensors & an internet connection unless you can definitely trust them, which is only the case if they run free software.
  • Devices – even smart ones – without any sensors, without an internet connection and that don't require you to download a proprietary app on your phone where you need to log in with your personal data should be fine.

Some General Considerations

This concludes the main body of my guide on surveillance capitalism (though updates will follow). Since I got lots of feedback on other aspects of privacy and related topics I'm adding this general section.

The following is a categorized list of articles by people, organizations and communities who have more knowledge on these things than me. I added my thoughts every now and then as well as related tools that are mentioned in the articles and/or I can recommend. Links in the bold categories are to Wikipedia articles. Please let me know if important authors are missing.

Changelog

  • 2019-04-08: Start of drafting
  • 2019-04-13: Publication and initial edits based on great and numerous feedback (e.g. about Fedilab, Telegram, Signal, Tor Browser... )
  • 2019-04-14: Added uMatrix, added other suggestions as notable mentions while explicitly not recommending others that are proprietary software.
  • 2019-04-15: Added Video, Audio and Photo sections.
  • 2019-04-16: Added Mojeek and a few Linux distributions.
  • 2019-04-17: Had to split article into two parts, because too many images; started replacing icons hosted on evil clouds and removed Brave (see motive).
  • 2019-04-22: Finished replacing icons hosted on evil clouds – some are not really icons of the subject, but just images from Wikimedia that look somewhat similar.
  • 2019-04-27: Added a Books section and more adds to Part 2
  • 2019-04-29: Published Part 3.
  • 2019-05-01: Revamped the Desktop Operating Systems section with some new additions. Also started replacing words the FSF says to avoid.
  • 2019-05-02: Added highlights for Beginner, Freedom, Privacy, Environmental and Overall tips in some sections.
  • 2019-05-03: Added General Considerations section.
  • 2019-05-06: Removed link to AlternativeTo. Here is why.
  • 2019-05-10: Updated invidio.us with a tip from @kuketzblog.
  • 2019-05-16: Added a few more browser addons.
  • 2019-05-22: Updated the browsers section in celebration of the first stable release for the mobile Tor Browser.
 
Read more...

from zeninstaller

New Addition to Zen

I am currently working with the owner of SigaVPN to integrate a VPN connection into the Installer. As a part of startup, you will get asked if you would like to use a VPN and then you will be allowed to connect to the Siga server you think is closest to you. I feel this is a great addition for users who want to maintain the utmost privacy and anonymity. This was very easy work, so you should definitely see the new ISO before the week is out.

SigaVPN is a free OpenVPN service that aims to protect user privacy, with strong encryption, no logs, and an ad-blocking DNS server. You can find more information and download configs at sigavpn.com, as well as find various ways to donate to him. You can also join his subreddit at r/sigavpn

 
Read more...

from zeninstaller

What is Zen?

The Zen Installer is an Arch linux installer. The name has a double meaning. First, all of the dialogs are generated by Zenity. Second, My purpose is to keep you as calm and Zen as possible during the installation. You just choose the options presented from you and sit back and relax while everything is installed exactly the way that you specified If you want to get started with Zen or use the Revenge Repo, a package repo with various aur packages I find interesting, you can start at: sourceforge.net/projects/revenge-installer sourceforge.net/projects/revenge-repo/ gitlab.com/spookykidmm github.com/spookykidmm

Thank you all for joining me!

 
Read more...

from zeninstaller

Zen installer Changes

For the future of the Zen Installer, I am officially moving away from the Revenge OS banner. It doesn't feel right to use the name without Jody around in addition to the fact that I haven't been maintaining Revenge OS. In the future, the Zen Installer will be treated as it's own, distinct project. If you're new to Revenge OS or Zen, Zen is an installer for Arch Linux, plain and simple. It was started by Jody James a number of years back and it eventually became my project, as Jody took it upon himself to be my coworker, my boss, and my mentor all wrapped into one. He gave me the Zen Installer and the Revenge OS projects because he knew how much passion I had about all the projects he started. I am disappointed in myself that I couldn't maintain Revenge OS, but I am very passionate about the Zen Installer and the Revenge Repo. In the spirit of moving out from under the Revenge OS umbrella, I have created all new social presences for myself. Blog: write.privacytools.io/zeninstaller Telegram: t.me/zeninstaller Reddit: reddit.com/r/zeninstaller Mastodon: social.privacytools.io/@zeninstaller Email: zeninstaller@tutanota.com I will create new donation gateways as well as post links to all relevant github repos. Thank you to all who have been with me in the past and a warm welcome to any new users

 
Read more...

from CryptoPaper

Finally, I am able to say that The Crypto Paper is complete! It is a huge achievement for me to say that. Writing this paper has taken countless hours, lots of research, and one too many discussions with people who have more knowledge and experience than myself. One of the older fellows that I have nightly coffee with made a comment to me that it was nearly impossible for him to keep up with the advancements we are making in technology and the way he talked about it, it was almost like he was just trying to stay afloat. This hit me as rather concerning. If we are moving this fast into a digitized world, where will my parents be in 5, 10, 20 years time? Would they be able to keep up? Or would they feel just as helpless? I got a lot of the inspiration for writing this paper from the amount of people I talk to who have zero clue how to keep up, stay secure, and even properly run a business in our Internet world today. But because I have been involved in, and always really interested in learning about security, privacy, and anonymity, I wasn’t just going to stop with the basics. I have had a fair amount of previous experience with the areas covered in this paper. So I figured it would be a great challenge to take on and I definitely had fun.

Even if you were only able to get through the first category/section before being completely lost, I hope you were able to take something away from The Crypto Paper. And if you made it all the way to the end and had some concerns with things I have written about or views that I have, I encourage you to get in touch and discuss them with me. I mentioned in the introduction that this is largely a construction of the experiences and knowledge I have had and acquired over the last few years being a part of this “scene” so I know it will definitely not be perfect. Everyone who is well versed in these fields will have their own views on the topics discussed and many will have a lot more knowledge than myself. So if you are one of these individuals, please don’t be shy. Out of all of this, I want it to be a learning tool for not only those reading, but also myself. I will work on and improve this paper as I have time and as I receive criticisms and suggestions.

Please feel free to contact either of us with any and all concerns, questions, or feedback. We look forward to hearing from you! Official Subreddit: https://reddit.com/r/cryptopaper

Thanks so much for reading. I encourage you to link to this paper, print it off, share it in any way you see fit. Just please do not alter the paper in a way that would discredit the many hours I have put into developing and writing it and the many hours others have spent reviewing it before it went public.

Seb

 
Read more...

from CryptoPaper

Read more...

from CryptoPaper

PrivacyToolsIO – https://www.privacytools.io/

VPN Comparision Chart – https://thatoneprivacysite.net/vpn-comparison-chart/

IVPN Privacy Guides – https://www.ivpn.net/blog/privacy-guides

OSX Security Guide – https://github.com/drduh/macOS-Security-and-Privacy-Guide/blob/master/README.md

Electronic Frontier Foundation – https://www.eff.org/

Crypto World – https://cryptoworld.is/

Defuse.ca – https://defuse.ca/

OpenSSL Name Mapping – https://testssl.sh/openssl-rfc.mappping.html

SSL Test/Scan – https://www.ssllabs.com/ssltest/

IM Observatory – https://xmpp.net/

VPN Anonymity (2016) – https://torrentfreak.com/vpn-anonymous-review-160220/

Infiltrate The Vault – https://eprint.iacr.org/2012/374.pdf

FileVault2 Analysis – https://www.cl.cam.ac.uk/~osc22/docs/cl_fv2_presentation_2012.pdf

Open Crypto Audit (TrueCrypt) – https://opencryptoaudit.org/ Use VeraCrypt Tho..

Panopticlick – https://panopticlick.eff.org/

SSL Browser Test – https://www.ssllabs.com/ssltest/viewMyClient.html

eCryptFs Audit – https://defuse.ca/audits/ecryptfs.htm

/r/privacy – https://www.reddit.com/r/privacy

Shitlocker – https://www.schneier.com/blog/archives/2015/03/can_the_nsa_bre_1.html

Bruce Schneier – https://www.schneier.com

Privacy101 – https://www.privacyinternational.org/privacy-101

iOS Security – https://www.apple.com/business/docs/iOS_Security_Guide.pdf

iCloud Security – https://support.apple.com/en-ca/HT202303

Creating Strong Passwords – https://support.apple.com/en-ca/HT202303

Metadata – https://www.priv.gc.ca/information/research-recherche/2014/md_201410_e.asp

PrivateBin – https://cryptoseb.pw/message/

Let’s Encrypt – https://letsencrypt.org/

CryptoCat – https://crypto.cat/

Tor Project – https://www.torproject.org/

DNSLeakTest – https://dnsleaktest.com/

SearX Search Engine – https://searx.me

Surveillance Self-Defense – https://ssd.eff.org/en

Reset The Net – https://www.resetthenet.org/

Blockchain.info – https://blockchain.info/

Prism-Break – https://prism-break.org/en/

Security In a Box – https://securityinabox.org/en/

Watched – https://theintercept.com/2015/07/14/communicating-secret-watched/

Footnote *: I, Phone – https://www.youtube.com/watch?v=e-ZpsxnmmbE

 
Read more...

from CryptoPaper

The Final Section… Spoookie. You might notice that the section header is “Edward Snowden?” with a question mark at the end. I did this because of my uncertainty with my ability to write a section dedicated to people needing his level of security. I’m not experienced enough and can really only comment on what I would were I in a position like his. So please understand that the next “category” here isn’t at all from an experienced standpoint (that I am going to admit in a formal paper lol) and more-so from just someone whom has acquired some in-depth knowledge from reading online and befriending individuals with more security/privacy/anonymity related experience than myself.

Edit (April 27th, 2016): Spoke with one of the founders of IVPN over email today about ideas I had and the potential to introduce some of them into their company. During this email discussion, he made a VERY GOOD point about doing too much as a service provider to gain trust from your intended audience and then further discussed how companies that present themselves as providing strong anonymity can be a killer. This links in with my discussion about not trusting one service, company, product, etc with your life. They can very well do their best and even then that often won’t be enough for everyone’s threat model. Copy pasta: > I think there is a point at which it seems like you're pushing too hard for their trust which can be interpreted suspiciously. Clearly the ultimate goal is not to have to trust the VPN service but the requirement for trust is dependant to the threat model of the user. IVPN was never designed to provide strong anonymity, especially where the adversary has significant resources e.g. the ability to monitor traffic flow across large portions of the net (even Tor, a far more capable tool for anonymity is vulnerable to such an adversary). The vast majority of VPN users are not aware of the significant effort involved in achieving anonymity and promoting a VPN service as providing strong anonymity is careless and potentially dangerous in my opinion. IVPN was designed for privacy, specifically to counter the threat posed by the increasingly pervasive data retention laws and practices. ISP's are a credible threat due to them relaying all your traffic and they do retain records for various periods, in some cases by law. So when using a VPN, you're effectively trusting them not to perform any of those activities. However, this only requires that you trust them more than you trust your ISP. Given that a VPN's reputation depends on respecting customer privacy, not an unreasonable assumption.

The Issues With FOSS Once you get down to this level, you almost need to reevaluate everything about your threat model and what you are doing to protect yourself. Even the littlest of things can bring a whirlwind of issues if you are up against the wrong people. Just in the previous section, we are discussing how open source software is a really, really good thing. And now, we need to discuss some issues with it and what you can do to combat these issues and stay safe.

FOSS is great because it allows us to look at the code in its entirety and verify that what we are seeing is doing what we are being made to believe it is doing. But in order for this to be a true statement, we need to understand everything about the published code. I for one do not understand how to code anything apart from a simple website in HTML so I have to rely on the word of others. This word is only as good as the people checking it though. So say we are planning on using ServiceX (just as an example) to communicate securely with someone else but ServiceX is pushing out updates on a pretty timely (monthly) basis. Unless we know how to read, understand, and validate the code ourselves, we need to have another trusted person who is able to do this. Furthermore, that person needs to be doing this when every update is pushed. Then we raise the question on whether one skilled person looking at the code is enough? If this person misses something that has the potential to compromise us, we would be using ServiceX up until the point and time where someone else does notice this fault. Even though that timeframe might only be a matter of days, those are days where everything we do in association with this service is compromised, which by association, compromises us and our entire model of security, privacy, AND anonymity we have worked so hard to build up.

Another issue with Free, Open Source Software is mobile platforms. On most operating systems for desktop computers, we can take the source code from the GitHub (or other code publishing website) and build/compile them ourselves if they have been written to work with our OS. But on mobile operating systems, we can’t do that easily. And even in the cases where we can do it, we still face a huge challenge that doesn’t yet have a magical solve. To download an application onto my iPhone, it needs to be published to the App Store by the company who developed said application. I can’t go to the Open Whisper Systems website and download Signal straight to my phone. So even if we are checking the source code of the service/application (or having someone else do it for us), we still can’t validate that the same application is being sent to the App Store for us to download. If the company was compromised by a body of law enforcement and forced to comply, they could publish a clean update to the GitHub, making slight UI changes to avoid suspicion, but then send a backdoored version of the same application to the App Store for thousands of users to download. This holds true in a sense for Android devices and the Google Play Store as well. The only way around this with the Google Play Store is to submit reproducible builds for the public to see and make use of. Open Whisper Systems has just pushed this out for Signal and it would be really nice to see other services do the same (Hint Hint: ProtonMail, Tutanota, ChatSecure) https://github.com/WhisperSystems/Signal-Android/wiki/Reproducible-Builds. So since we can’t easily verify that the application we are using on our phones isn’t doing malicious things, it should be a fair assumption that ditching mobile devices and using strictly desktop versions of programs, ones we can compile from source and monitor ourselves, is the best route to travel down.

Code Audits Even after reading all of the above about Open Source Software, there still lays a huge issue that needs to be hurdled before we can be certain that the software we are using is secure. It isn’t fair to assume that 100% of the people reading this section are going to be able to check through the code of an application themselves. Hell, it isn’t even fair to assume that 5% of the people reading this could perform such a daunting task. Take TrueCrypt for example. The code audits performed to make sure it was secure took months, from people light years ahead of me in the field of encryption; some of these people holding master’s degrees in the area with years of experience under their belts (cough, cough @matthewdgreen). So assuming that one individual can do this sort of thing to keep his or herself secure is silly. Code audits on the applications and services we are trusting with our security at this level is crucial. And once this code audit is complete, you then have to consider that the audit won’t be valid for further versions of the application. The second they send out an update and you install it, you have gone back to square one unless someone is viewing the changes and verifying them with every update.

Virtual Private Networks & Tor The issue once you get to need such a level of security that you find yourself categorized in a paper like this is you are really the only person who knows what you need to keep yourself safe. That presents an issue in itself because you are hopefully reading this paper to gain some knowledge. I however, am not the type of individual to be able to relate very well with you but I can tell you a philosophy a friend told me a few years back that has stuck with me since. “When you are literally fighting for your life online, NEVER put all your trust into one company or service”. To attain maximum security, privacy, and anonymity, one needs to be sure they aren’t putting all their cards down in one area and not focusing on others. An example of this would be just using the Tor network to attain Internet anonymity. This is an “okay” model to follow if we assume the Tor network is as secure as it is made out to be. However, recent events have unfolded that claim otherwise (http://gizmodo.com/judge-confirms-carnegie-mellon-hacked-tor-and-provided-1761191933). Instead, you could purchase 2 very reputable VPN providers like say IVPN and CryptoStorm, and then chain them together in succession before using the Tor Browser Bundle. You would need to be cautious that no IP leaks were happening in the process but say if you connected to the first VPN on your host OS and then ran Debian from a VirtualMachine, you would be able to connect to another VPN provider within the Virtual Machine and attain a very high level of anonymity and security. Not only would this really limit your attack vector, but it would be like making your own little Qubes by compartmentalizing that section and keeping it separate from the rest of your system.

IVPN provided a really great tutorial on using Virtual Machines, VPNs, and Tor together to acquire pretty complete network anonymity. I would highly recommend their “Privacy Guides” section of their website here: https://www.ivpn.net/privacy-guides/ These guides are very well written and provide a second perspective from my own.

Password Management & Storage In the beginning sections of this paper, I talked a bit about creating strong passwords and how to store them securely. However, if your threat model fits you into this final category, you pretty much need to ignore all of that and redesign your system for password management. I highly recommended LastPass because it is incredibly easy for all kinds of Internet people to use but also very secure from a malicious person trying to steal your information and identity. There are quite a few issues with LastPass when your life depends on security and privacy. The first of those issues being the fact that it isn’t Open Source. Our data is stored inside a vault that is fully encrypted with our password, but we can’t confirm that there are no backdoors because we can’t see the source code for ourselves. Secondly, LastPass stores your passwords in the cloud and I would probably avoid all cloud-based password managers if I fell into this category of people. Lastly, what if they are provided with a subpoena or warrant for our information? Then what?

So to begin, we should probably consider my form of password creation that is available at https://cryptoseb.pw/passwords.png to be too “amateur” for what we need. The created passwords are secure, but they don’t have enough randomness to them to give us a high enough level of security. Instead, I would recommend creating or generating passwords 19-20 characters of length for most of your online accounts, and 40-50 characters for services that are dealing with sensitive information/documents (SpiderOak, VeraCrypt, etc). To create this longer 50 character passwords, one should be using Diceware and adding in symbols & numbers at the beginning/end. An example of a strong random word password could be:
%[<Humming Greek slider for Timothy star@\@182
Something like this uses 5 randomly generated words and the connecting word “for” to make a fairly memorable sentence of them and adds some symbols and numbers to increase the strength. An alternative method I came across when doing some reading was to use the traditional Diceware method but to generate 5 words and put a symbol with 2 spaces in between each word. The result would be something like this:
good * waterfall / Cambodia ; finances [ again
You would be acquiring the password strength offered by the randomness of diceware, but adding to it by throwing in 4 symbols and 2 spaces for each one. But if you are the kind of individual who can remember a 35, 40, or even 50-character random password, all the power to you!

Since we shouldn’t store our passwords in a cloud-based service, we need to look at getting one that provides the same security requirements, but keeps everything in a local format that we can encrypt. Probably the best password management software out there right now in terms of security would be KeePassX. Originally an application just called KeePass was developed (back in early 2000s), but it only worked/works properly on Windows based machines. So because of this KeePassX was created as an open source fork of the program in 2005. It uses either 256-bit AES or 256-bit TwoFish for the encryption of your KeyPass Vault, but because the file is portable, it can be stored on an encrypted SD card very easily. Like LastPass, it requires a master password for encrypting and decrypting the data but also allows a user to add a keyfile for added security (much like how TrueCrypt and VeraCrypt do). Because KeePassX doesn’t need access to any sort of a server with all the password management being done locally, you can firewall/block all connections to and from the program for added assurance. Check it out here: https://www.keepassx.org/

Encryption… Again I know, I have already discussed different areas of encryption in varying levels of detail. But I think an aspect that needs to be highlighted even further is a point I made shortly above. “When you are literally fighting for your life online, NEVER put all your trust into one company or service”. This applies to encryption on every level as well. Say you have a folder with 6-7 top-secret files in it and you need to make sure this folder is secure from all forms of compromise. You would want to make sure this folder was stored on a system that was completely encrypted and away from prying eyes. I personally would FDE a USB with VeraCrypt and a 45-50-character password. I would make sure the encryption algorithm was cascading like AES(Serpent). I would then mount the encrypted USB and place say 400 random files (pictures, random .txt files, etc) on the root directory. Then VeraCrypt (or MacOS with encrypted .dmg) would be used to create an encrypted container on the same USB using a different 50-character password and 3 keyfiles selected from the 300 images. The folder container sensitive information would then be stored within the VeraCrypt container on the encrypted USB. To attack this setup, one would first need to break into the USB by attacking VeraCrypt; either by bruteforcing the password (not easily done with length of password), or attacking the encryption itself (which is also not happening due to cascading mode used). To put things bluntly, the FDE on the USB isn’t getting broken into unless they can steal your password. Furthermore, this adversary would also need to then successfully break into the VeraCrypt container being stored on said USB. Another feat that is pretty much impossible due to the 50-character password and added security of using 3 keyfiles from a 400 choice lot. 'apt-get install overkill —fix-missing'

When we take this same sort of thinking and apply it to securely communicating with someone, we should find ourselves looking for a method that would allow us to employ our own encryption over top of the encryption provided by the service we are using to communicate. Ideally, something like XMPP (using OTR and your own server of course) using Tor Messenger to keep things anonymous would be a good and secure method to communicate. On top of this, we could write our messages locally in a .txt document and then encrypt the text with the other person’s PGP key before sending it to them. An adversary would first have to break OTR (Off-The-Record) or attack the client we are using AND crack the PGP encrypted messages. The OTR protocol should make use of perfect forward secrecy to assure that even if you lose your private key, no previous messages can be compromised. No matter what form of communication you use, I would make sure it employs strong PFS, and has an easy way to add a form of encryption on top of it (like PGP). I am with Snowden when he says that Signal is a very secure way to communicate with someone. BUT, one would ideally need a true burner phone that doesn’t link to their identity or they have to give out their personal phone number to the other party. AND they need to be able to verify the source code on the device they are installing it on; a feature that is not yet available for iOS.

Another big issue we run into when we look at communicating securely with someone is how we chose and deploy this “method” of communication. If the FBI, CIA, GCHQ, or another big name organization knows we are using name@myserver.com over XMPP to initiate our secret communications with someone, they know what to attack. However, if we meet someone in a random TeamSpeak server, private message them the details for an encrypted IRC server employing good SSL and not logging connections, then initiate an OTR chat with the person on that IRC server to exchange XMPP usernames, OTR fingerprints, and PGP key information, we would be seriously decreasing the chance of those government organizations being able to attack us. Since they are unable to actively determine how we are communicating (if we are routing all connections through Tor and VPNs), we have used some obscurity to our advantage.

Where to Communicate You might never think of physical security coming into play too much if you have a very high level of Internet/Device security. But it is actually a lot more important than one would think. If we are “important” enough to need the security online, we definitely need the security in real life. So the question to ask ourselves is: “where is an acceptable places to communicate securely with another party.” One might think that the comfort of their home would be the best place to do this but I would argue against it. I argue against this because it isn’t difficult for a skilled adversary or Government level body to place physical tools for spying (like cameras or hidden audio recording devices) inside of the places you frequent. They break in when you aren’t there and hide devices meant to capture your every word. If this were to happen, and then you held a very private conversation over Signal with another individual, your entire conversation may be compromised. Jumping onto the other side of the fence, if you are going somewhere very public and not someplace you frequent often to do the communicating, like a coffee shop, you also have a fair amount of physical obstacles to jump. Being careful that people are not recording you in that setting is likely even more difficult and most of these places would have cameras that you need to be avoiding.

So how do we acquire the “perfect place” to communicate with someone else? The best answer I think is: in person. Meeting up with someone in person has the added benefits of not needing a bunch of digital security but it comes with the drawback of ease and usability. It isn’t always easy to just meet someone and have a private conversation with them. You also need to be in complete trust with the person you are meeting. If they turn out to be an adversary under cover, you could have your entire model of security destroyed in seconds. But what if we did the communicating digitally from a location that was removed from our personal life, not very public, and only semi-permanent. An example could be an apartment you are purchasing with cash and a fake name (to keep your identity anonymous). You could take a different route to get here everyday to avoid being followed by anyone, and make use of tools like bug sniffers (http://www.spytechs.com/bug_sweep_equip/) to make sure the space around you is clean from digital recording equipment. Because this location is not common to your real identity, it isn’t easily compromised.

One thing you should be cautious of though when employing methods like this is how our devices can track our every move if we aren’t careful. Having our phone turned on could disclose our every move to someone who is able to track it. Even an installed application with too many permissions could reveal our location. So keeping your mobile devices under a strict watch is good, but turning them off and considering a Faraday Bag to stop all ingoing and outgoing signals from the device (https://www.amazon.ca/Black-Hole-Faraday-Bag-Isolation/dp/B0091WILY0) is even better. Seems like a spookie thing to do but Farday Bags and Cages are very common tools for law enforcement that want to make sure devices stay in the state they were taken in. Nico Sell, the Founder of Wickr, talks about “Tricking Google Maps” and providing disinformation Online (http://www.dailydot.com/technology/online-privacy-tips-from-wickr-ceo-nico-sell/). I’m not the only one promoting these “crazy” ideas and I am sure it isn’t just the two of us either. Geolocation is a killer and many of the services you use, alongside your mobile device, are lovers of it.

Data Integrity Pretty much the only thing left to do is to make sure that our data is not being changed or altered without our prior knowledge or consent. We can do this on our systems by using what is known as File-Change Detection or Integrity Monitoring Systems. They are very common server-side but also important to consider for your personal systems as well. These applications/services for your system work by monitoring certain files or sections of your system for any sort of read or write changes. So if we had a system like this configured on our server and someone were to break into it without our permission, we could be alerted by email if certain files were to be accessed or changed. This would give us a heads up that one of our systems has been compromised.

I am not really an expert in using these types of tools but I have done a bit of reading on them and have found 2 popular ones that you can do your own research into. + OSSEC – https://ossec.github.io/ + Tripwire – https://www.tripwire.com/solutions/file-integrity-and-change-monitoring/

As a side note, I have a friend who has developed a rootkit that is able to bypass OSSEC in its default state on Debian 7. I am unsure on whether this works on a Debian 8 system but can confirm that it is NOT streamlined for any other OS. The reality is that even with File-Change Detection Systems, it is still possible to completely roll your system onto its back if someone is experienced enough. Nonetheless, adding these security measures into your setup isn’t a bad thing and will only work to increase the security you have. For further reading see: https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps and https://www.alienvault.com/solutions/pci-dss-file-integrity-monitoring.

Emergency Preparedness If we were to place security, privacy, and anonymity onto a sliding scale from 1-100, nobody is going to be able to achieve all 100s. It is just not feasible to attain a perfect score of safety. Knowing this, we need to be ready for the “What ifs” and the scenarios when shit hits the fan and we are literally dealing with the repercussions of something serious. I’m not going to comment on what may have gotten you into this position, but I will try and help you get out of it.

For starters, this entire section (like most of what is included in this Edward Snowden? category) is going to be speculation. I would love to give you so much more information and write without restrictions, but my safety has to be included. I’ll leave it at “legal”.

We have to think about what might happen in the worst possible scenario and then REALLY think about what would happen in that scenario. Maybe it includes a swat team and the sentence “You have the right to remain silent…” or maybe it just means getting fired from your job. In any situation, it is important to think ahead and have a plan of action ready for when you need it.

The first step I think is going to be revisiting (AGAIN), how important Full-Disk Encryption is on your devices and being able to turn those devices off in a hurry. A device that is properly encrypted is the strongest when it is off without any keys being left in RAM. This also includes your mobile devices, but thanks to Apple, your iPhone is already secure even if it is powered on; so long as it is locked of course. A few pages above, I talked about DBAN and how I always like to keep a USB formatted with it handy for those “just in case” scenarios. It isn’t going to be a quick wipe by any means, but at least with a fully encrypted drive, you could just pop in the USB, set it to wipe everything, and leave. You wouldn’t have to worry about someone halting the process because your drive was already full disk encrypted to begin with.

Another neat tool that you should check out is “swatD”. I won’t do really any explaining about it and leave all the reading/research up to you but will say this. Imagine what you could do with this program and some cameras in your computer room? See: https://github.com/defuse/swatd and https://thetinhat.com/blog/2015/01/24/get-swatd.html

But what are the consequences of actually going through with a tactic like this and purging all of your data. You would literally lose everything on the devices you wiped! This includes things like your PGP Keys, SSH Keys, and encrypted containers. In knowing this, it might be a good idea to have an external hard drive that is fully encrypted where you can backup a lot of crucial files every month and then store it in a secure place (maybe even off location incase the unthinkable does happen). You could also consider encrypting your sensitive files in say a VeraCrypt container or with your PGP key and then backing up those files to a cloud service. This would give you access to them virtually anywhere as long as you had access to a computer where you could install VeraCrypt. If you chose to encrypt them with your PGP key, it might add some security, but wouldn’t be as easy to decrypt them if needed (taking into account that your private key would have to be backed up somewhere completely different).

 
Weiterlesen...

from aisyk's thinking

C'est un petit témoignage de mon parcours linuxien. De ma curiosité à mon adoption finale. Je préfère préciser quelques trucs : mes usages. J'utilise le logiciel OpenModplugTracker, qui comme son nom ne l'indique pas, est certes open-source mais non disponible sous Linux. J'ai dû utiliser Wine pendant quelques années avant que la team du logiciel indique que Wine était supporté (et testé) par leurs versions... toujours pas de version Linux à l'horizon, pour la team il s'agirait d'un travail de réécriture trop important à réaliser. J'ai aussi quelques usages jeux vidéos, mais pas de manière intensive. J'ai commencé à installer Steam (via Wine, puis nativement) alors que j'étais déjà un utilisateur de Linux.

La genèse

C'est la phase d'expérimentations diverses et variées, celles des tests et le mûrissement de la démarche. – 2001: Tests sur un PC P266MMX 32Mo de Ram (PC “Portable”, Acer Extensa 503) –> installation d'une Slackware 7.0 puis 8.0 – 2002-2003 : Différents tests sur mon PC principal en live-CD par dessus mon installation de Win2K. (Knoppix, Fedora...) – 2004 : Passage à Win XP, puis installation en dual-boot de Ubuntu 5.04 (je ne suis plus passé par Win après).

Le passage

C'est la phase où j'ai commencé à prendre mes aises avec le système et où je me suis senti suffisamment assuré pour me lancer “sans filet” dans l'aventure. – 2005 : Installation de Kubuntu – 2006 : Suppression du Dual-Boot (c'est quoi déjà cette partition qui me prend des Go inutilement ?)

L’assurance

Se sentir de mieux en mieux, gagner en assurance, aider la communauté, apprendre... – 2006 à 2012 : Je suis tous les versions de Ubuntu (LTS comme intermédiaires) jusqu'à la 12.04, en changeant entre Kubuntu, Xubuntu et Ubuntu.

La stabilisation

Devenir un “référent linux” auprès des amis ou proches. – 2013 : ElementaryOS (+ installation chez beaucoup de personnes). – 2016 : Xubuntu 16.04 (PC fixe comme portables) – 2019 : Réflexions pour passer à Manjaro.

Finalement, il m'a fallu près de 4 ans pour être si à l'aise avec le système que je n'avais plus besoin d'un “refuge Windows”. J'ai commencé à devenir une référence “linux” auprès de mes proches 6 ans après que je me sois senti “en sécurité” avec mon système.

Comme quoi, il est à mon sens compliqué de dire à des personnes qui viennent juste d'installer linux qu'elles peuvent être à l'aise et en sécurité tout de suite avec ! ;)

#monparcourslinux

 
En savoir plus...

from thiago's personal blog

Persona

Persona pode ser considerado uma das obras primas do século XX. Ingmar Bergman escreveu este filme em nove semanas, enquanto se recuperava de uma grave pneumonia. No começo, ele queria que o nome do filme fosse “Um Pouco de Cinema”. Mas seus colegas cinéfilos o aconselharam a colocar um nome mais acessível. Sendo assim, e pela história do filme, ele colocou o nome de Persona.

Persona conta a história de Irmã Alma e Sra. Elisabet Vogler. Esta última, enquanto atuava em Elektra, uma peça clássica, perde totalmente a sua voz. Desde então ela vai para uma clínica se tratar. Quem começa a cuidar dela é a Sister Alma, uma jovem mulher que logo se torna íntima da Sra. Vogler. Por sugestão da diretora do hospital, as duas vão para uma casa de verão no interior da Suécia para que a recuperação da Sra. Vogler seja mais agradável e rápida. A vida das duas mulheres encontram um aspecto em comum: Alma abortou um filho e vive sofrendo por causa disto, enquanto Elisabet tentou e não conseguiu abortar o filho. Portanto, sente culpa por sua falta de afeto por ele. Alma é noiva de um homem que a critica muito e Elisabet é casada com um homem extremamente dedicado e louco por ela. O nome da personagem é Alma exatamente por causa do seu significado em espanhol e português. E “Vogler” para Birdly, por ser uma ave típica do inverno intenso na Suécia. Isso simboliza o filme: a jovem e ingênua Alma encontra a amarga e fria Elisabet provocando uma gravíssima crise existencial.

A iluminação é quase toda favorecida por causa da luz do sol da praia onde estavam. Cidade dos Sonhos (Mulholland Drive, 2001) é fortemente influenciada por Persona, por causa de uma atriz que tem questões semelhantes relativas à identidade. Algumas cenas foram “copiadas”, como a sobreposição de rostos das personagens principais para sugerir que são a mesma pessoa ou parte uma identidade.

O filme propõe uma reflexão sobre a necessidade de adequar-se aos diferentes papéis que uma pessoa exerce na vida. Enquanto que Sra. Vogler simplesmente desiste disso, Irmã Alma descobre caminhos semelhantes, frustrando suas falsas expectativas de fazer uma casamento feliz. Então, as duas manifestam muitas facetas de uma só personagem, fazendo com que Ingmar Bergman usasse a técnica de fundir o rostos das duas atrizes para simbolizar esta ideia.

Bergman (1996) escreveu em seu livro “Imagens”:

“Quando lemos o texto de Persona, talvez dê a impressão de ser uma improvisação. Mas não. Esse texto foi rigorosamente concebido. Apesar disso, nunca repeti tantas cenas em minha vida como nesse filme. E quando digo que repeti cenas, não quero dizer filmagens de uma e mesma cena, no mesmo dia, mas sim de novas filmagens por não ter ficado satisfeito com as sequências reveladas de cada dia.” (pag. 64)

Certamente, Persona dividirá opiniões de muitas pessoas. É necessário assisti-lo com bastante paciência e entender que, devido a crise existencial e a uma doença que lhe afligia, Bergman escreveu o filme como uma forma de desabafo, questionando sua então atividade como diretor do Teatro Nacional de Estocolmo.

 
Leia mais...

from Paula's blog

Click here for Part 1.

Video

Video Players

➡️

  • Kodi is a great universal media player for desktop and mobile. Play music, movies, TV shows, podcasts etc from your own Kodi database or stream them. ❗️ But beware of proprietary addons. Unfortunately Kodi doesn't display licenses of addons.
  • VLC is another great universal media player for desktop and mobile, only not with such a fancy design.

Video Streaming

➡️

  • Peertube is a video streaming service that is part of the fediverse. There is not a lot of quality content there yet, but quite a lot of videos that look like clear cases of copyright infringement. Of course one is only allowed to upload their own or freely licensed videos. In theory Peertube is great and I hope a lot of creators join and make it big.
  • Invidious is a great site for streaming videos from Youtube while keeping Google tracking to a minimum – with the proxy feature (find the tiny ⚙️ Preferences button in the top right corner and don't forget to save) you can watch videos without any connection to Google at all.

  • Newpipe is one of many mobile apps that also lets you watch Youtube videos without sending too much data to Google.

Movie/TV Streaming

➡️ ❔

  • ❔ I never used Netflix or any other similar streaming service for TV shows or movies and I never missed it. So I probably never will test an alternative thoroughly either. But since I mentioned FAANG in the beginning of the article and Netflix is the “N” in FAANG I'd really like an alternative here. Please send me your suggestions.
  • Internet Archive: Moving Image Archive has a collection of public domain movies and other videos.
    • If you don't like the design of the Internet Archive try kino.social which is basically a categorized list of freely licensed films from the Internet Archive and Peertube.
  • You'll find some sources for DRM-free content at DefectiveByDesign.

Audio

Audio Players

➡️

  • The before mentioned Kodi and VLC are great for audio too.
  • Banshee is the desktop music player I use, because it has all the functions I need and most other players lack. Unfortunately it is no longer maintained and it does have a few little issues every now and then. Since I don't need any function that would let Banshee access the internet I think the security risk is minimal.
  • For mobile use Simple Music Player or literally any music player on F-Droid that you like and isn't marked with anti-features.
  • Notable mentions: Lollypop
  • If your favorite music player doesn't come with a plugin for music tagging, or you don't like it use MusicBrainz Picard.
    • It uses the MusicBrainz database that I contribute to. If you want to contribute too, watch out ❗️ logging in depends on Google reCaptcha (for now) and the forum is stored on the Google cloud.

Music Stores/Streaming

➡️

  • Funkwhale is a great music streaming service that is part of the fediverse. Anyone can upload music if it is under a license that allows sharing or the uploader owns the copyright. I love the idea and design, but like Peertube it just doesn't have a lot of content yet.
  • ❗️ Unfortunately the rest of the sites I like all have various Google trackers. There is Free Music Archive (FMA) which only stores freely licensed music and you can filter the catalogue by license. Bandcamp has a very large catalogue and also a lot of Creative Commons music, that is marked with the exact license, but unfortunately you can't filter by license. Same for Jamendo and Soundcloud.
  • For more sources that might not care about licensing, but at least avoid DRM check out the list at DefectiveByDesign.

Photo

Gallery Apps

➡️

  • Shotwell is a simple, yet versatile desktop photo library.
  • Simple Gallery is my recommendation for mobile, but once again any gallery app from F-Droid will do.

Camera Apps

➡️

  • Open Camera is a mobile camera app I'd even recommend if I didn't care about privacy at all. There is simply nothing missing in this app.

Image Editing

➡️

  • Gimp is a powerful and yet simple raster graphics editor. For vector graphics Inkscape is probably the first choice.

Image Hosting Services

➡️

  • Wikimedia Commons is a great source for freely licensed images. Most of the icons I'm using in this article link to Wikimedia.
  • Internet Archive: Images also contains lots of freely licensed, public domain or fair use images.

Books

➡️

Environmental Tip: Generally prefer eBooks and Audiobooks over physical books – except second hand. Digitization – if done right – reduces used resources, used energy and waste.

...continue at Part 3

 
Read more...