SearchVoatBot ago

This submission was linked from this v/QRV comment.

Posted automatically (#4106) by the SearchVoat.co Cross-Link Bot. You can suppress these notifications by appending a forward-slash(/) to your Voat link. More information here.

SearchVoatBot ago

This submission was linked from this comment by @skywalker7777.

Posted automatically (#1738) by the SearchVoat.co Cross-Link Bot. You can suppress these notifications by appending a forward-slash(/) to your Voat link. More information here.

SearchVoatBot ago

This submission was linked from this comment by @skywalker7777.

Posted automatically (#1639) by the SearchVoat.co Cross-Link Bot. You can suppress these notifications by appending a forward-slash(/) to your Voat link. More information here.

SearchVoatBot ago

Bleep bloop, someone mentioned this submission!

'Now Chrome Doesnt Delete Google Cookies Even If You Clear All Cookies' was posted in v/technology and includes this reply from skywalker7777:

Protonmail is a honeypot https://voat.co/v/whatever/2683626

Searx uses Google

Hooktube doesn't work anymore

This notification (#1351) was posted automatically by the SearchVoat.co Cross-Link Bot. You can suppress this notification by appending a forward-slash(/) to the Voat link. More information here.

SearchVoatBot ago

Bleep bloop, someone mentioned this submission!

'Google Chrome Begins 'Syncing' All Browser Data to Your Identity Without Asking' was posted in v/news and includes this reply from skywalker7777:

https://voat.co/v/whatever/2683626

h o n e y p o t

This notification (#1250) was posted automatically by the SearchVoat.co Cross-Link Bot. You can suppress this notification by appending a forward-slash(/) to the Voat link. More information here.

alele-opathic ago

Then you didn't look. The provided source cites his sources, which are all publicly and freely accessible. You can run the whois lookups, review the binary certs for the droid apk, review the Lithuania business directories, as well as review the thread where the CEO was called out on hackernews (Ycombinator's forum) and all of his misdirecting responses.

Got a link to any actual data regarding this?

Every claim is cited and freely provided as publicly available information on the internet. You can doublecheck everything stated for free easily.

If this is a thing then it should be common knowledge

I'm helping make it common knowledge. It is accurate to say it is more common knowledge now. This will only improve in the future; as I said, these claims are easily verifiable.

GlassSmith ago

It's based out of Germany, if you have been following just how repressive the regime is there then you would be hard pressed to say anything in that country is secure other than the "rights" of the Muslim invaders to do whatever they want.

coinphrase ago

This seems like astroturfing folks. Nobody is curious why a wordpress site is the only source. In true fake news fashion refers to itself as proof and hackernews, which is notoriously liberal, worse than reddit imo? If you go to the post on hackernews you can see that this claim was refuted and is definitely not proven.

Read the hackernews thread: https://news.ycombinator.com/item?id=17258203 [http://archive.is/yrtp1]

alele-opathic ago

Nobody is curious why a wordpress site is the only source. In true fake news fashion refers to itself as proof and hackernews

Classic misdirection. The site refers to four business registries in 3 countries (which you can verify yourself), the official APK data (which you can also verify yourself), a few whois lookups, and the CEO's own misdirection in a comment thread.

If you go to the post on hackernews you can see that this claim was refuted

If you actually went to the thread, you'd see the guy is talking through his teeth, contradicting himself multiple times ("we don't work with Tesonet" -> "we only outsourced some HR tasks" [poor excuse] -> "we outsource everywhere" -> both companies have the same CEO). The whole exchange is enough to break any credibility the companies had.

This seems like astroturfing folks.

Your response seems like weak damage control.

boekanier ago

In other words, don't trust the internet.

meaoaoaoaoa ago

If company A is established in country A (has headquarters and is paying taxes there), and company B owns it (holds 100% of shares) but is established in country B, the B laws apply to only company B. That's because company A is operating from country A.

Turn_Coat ago

You may be right, but I could also see this as a blackpill campaign. The original article, posted on vpnscam http://vpnscam.com is detailed. However, the website only has a total of 6 articles all targeting the vpns that people frequently own.

Easiest idea; some one proxy an email address from a .gov email, contact tesonet, and see if they'd be willing to sell you access to their data. If they are, then there's a problem. If they aren't, then there isn't. This creation of political uncertainty can serve our enemies ends.

This feels like a 10 xanatos pileup.

oc_taov ago

tl;dr: i avoid "the cloud" as much as possible and try to limit my options to foss.

i come from the position of not trusting anybody. i try to avoid corporations and businesses with corporate ties. i don't use email for anything but work, financials, and junk mail. i constantly push client to client messaging on my contacts. i use a vpn when necessary. seedboxes may be useful for me if i can find the right host and want to pony up for the cost. i try not to leave a trail, be it, handles, emails, ip addy, etc. i like the approach of adnaseum and trackmenot that spams big brother, though i'm not sure of the effectiveness.

without these, i use gray man theory and blend in.

i2p and zeronet or something similar would be a more anonymous internet but the entry-level is higher than opening a browser. they offer similar services but they must remain in their respective networks to keep their level of anonymity. also, because they are p2p, the speeds vary depending on the traffic and your ip addy might be at risk. also, there isn't much activity on these networks yet.

modsrcuntz ago

Thanks for that Info! I would never have thought of any of that. Do u have network security background or something?

Do u know any good private phone apps, or all they all a bust too?

alele-opathic ago

Do u have network security background or something?

This isn't original research - I stumbled upon this whilst researching VPNs for my own personal use.

modsrcuntz ago

Cool dude thanks for the info. You are very helpful.

HulkInformation ago

What are they going to do with all that encrypted data until the new crypto-breaking quantum computers come into vogue.

GlassSmith ago

You are assuming they have to break the encryption, the companies that provide the service have the keys so no cypto-cracking is required if the source is whats compromised.

whatisbestinlife ago

do you run background checks on all the sites that correspond with voat?

boredTech ago

I run bgc's on a couple. Usually when looking for spammers.

heygeorge ago

@discoball there is a note to you at almost the bottom of OP

mattsixteen24 ago

Good find. I always suspected protonmail due to its popular push.

mrnicegoy ago

if you dont pay for it, how do they make money to stay operating? I use hushmail, not sure how great it is either but I at least have to pay a modest amount for it yearly, passes the sniff test.

meaoaoaoaoa ago

nord vpn is not free and you have to pay for it

BlackOwl ago

Could anyone give us a list of proven viable alternatives?

GlassSmith ago

Good post, saving this for later. Thank you, alele-opathic.

Now the only question is where the fuck do I go for a non-compromised email?

The big problem is that any email provider that has any power will be inevitably compromised either by the state or (((internal forces))), while any email provider that could stay off the radar of the (((powers that be))) would likely be small and thus easy to be pushed around by larger companies with fat wallets, squadrons of lawyers, and government support.

alele-opathic ago

Now the only question is where the fuck do I go for a non-compromised email?

Again, this is the same question that attracts astroturfing (which I'm trying to encourage people not to ask), but I've been looking into this myself, and I think the problem is twofold. Any email 'provider' provides a central point of failure, and thus a trust issue, regardless of their fancy encryption schemes. Additionally, the protocols themselves (IMAP/POP) are in no way secure at all, even if the provider is trustworthy.

I think that it may turn out to be most practical/secure/cost effective just to buy your own domain, run your own web-facing email server on a pi variant, and use PGP until someone comes out with a better protocol. This sounds like it requires a lot of effort (it's easier than it sounds), which makes it less likely people will do it - most people would rather just switch providers.

Turn_Coat ago

Where does some one who isn't quite that tech literate, and doesn't have the time, go for a non-compromised email?

Kill-Commies ago

someone once told me as a rule of thumb: the "E" in e-mail stands for evidence.

ShineShooter ago

Yep, their sales were too good to be true.

Syndicalism ago

I might forward this thread to the staff and see if I get a response. Just to see if they come back with anything substantial.

Goathole ago

Does anyone have that article posted a couple of months ago about VPN and which ones actually keep no logs? Avast, which is weird to me, scored number three or something.

The article sort of said the same thing as you but not quite. Dammit, I wish I would have saved it.

Syndicalism ago

Dang it. Well, its still gotta be better than the 11 year-old yahoo account I moved to Proton from. If I ever decide to communicate something nefarious I'll get a pidgen I guess. I don't even want to ask for alternatives at this point.

modsrcuntz ago

So what are truely the best email and search engines...any?

alele-opathic ago

This is the exact question which can't have any trustworthy answer. Although I expound on why here, the gist is that you have no way of discerning genuine replies from shill answers. Additionally, shills target these questions because they directly impact consumer decision making, meaning there is a very high likelihood noise will exceed signal in a question like that.

Just set aside 3 or 4 hours this upcoming weekend, and put the topic to rest for yourself.

modsrcuntz ago

Is signal a good app or is that not what we have been told either?

alele-opathic ago

I hadn't heard of Signal before you mentioned it, but decided to look into it. Here's what I found.

  • The front page is a substance-less advert heavy on rhetoric and testimonial -> minor suspicion
  • The first recommendation is by spook Edward Snowden, from the massive limited hangout that drove everyone into DDG in the first place. You should look more into his background if you are curious why this is a -> major suspicion
  • The owner, Moxie Marlinspike is really (((Moxie Rosenfield))). This will either be of major suspicion to you, or none at all. For me, it is of -> major suspicion
  • Supposedly they are entirely financed by 'charitable donations' and grants, which are funneled through foundations (the most common way money is laundered into these new ops) -> minor suspicion
  • The foundation supposedly started for Signal is never disclosed (Signal Foundation), and no information on it is given/can be found around the web -> minor suspicion
  • The IRS nonprofit search (all non-profit records are public records) returns 3 signal foundations. I searched the three respective states' business license registries and all are long dead (i.e. it doesn't exist) -> major suspicion

To me, this WAY fails the smell test. This ignores a number of other circumstantial problems with Signal.

1F4A9 ago

  • Design choices that are anti-anonimity. There is no good reason for an app like Signal to require that you register with your phone number, other than that is what it's meta-data collecting financiers want -> major suspicion
  • Receives financing from US goverment -> major suspicion
  • It's company and foundation are founded under American jurisdiction. That's like starting a platform comitted to free speech in North Korea. If you're serious about privacy you don't primarily operate from a country that is known for extensive data collection programs and a legal obligation to cooperate and shut up about it -> major suspicion
  • Initially Signal refused to provide an APK, basically encouraging you to use the Google Play store -> minor suspicion

t3soro ago

Run your own mail server. There are easy ways to do it without being a leet hacker. I won't list the names here so people can do their own research.

GlassSmith ago

Just set aside 3 or 4 hours this upcoming weekend, and put the topic to rest for yourself.

I tried that before (only I spent a lot more than 4 hours) and came up with nothing, I couldn't find any concrete evidence that pointed me in one direction or another. My conclusion was that short of having your own email server in some shithole country there is no way to ensure security... and even then it's useless because you would still be forced to communicate with people who haven't taken such measures so your efforts are in vain; this is on top of the fact that your private email is likely to be filtered out by just about every major email provider.

alele-opathic ago

I tried that before (only I spent a lot more than 4 hours) and came up with nothing

This is part of the problem - there really isn't an easy way to know whether or not some entity can be trusted anymore.

My conclusion was that short of having your own email server in some shithole country

The server doesn't need to be located elsewhere, if it is, then you are relying on trust and reputation again. It's easy enough to run your own with a domain (and an ISP that'll assign you a static IP), like what this reply describes.

there is no way to ensure security

The problem is twofold - the first is all of the email being stored on external servers (which you can mitigate by running your own), and the second is the protocols themselves, which have no ideal solution at the moment. The best idea would be to use PGP with your friends who will tolerate it, and look/wait for a solution/better protocol for those who won't (there are some ideas out there, if you feel like looking around).

draaaak ago

That is the longest TL;DR I've ever seen, so, feeling misled, I didn't read it.

RugerLCP_2 ago

Any email service, where you don't encrypt the email before it leaves your computer is a honey pot.

white_male30 ago

AFAIK their IMAP "bridge" still blocks emails that are PGP-encrypted by you ie. not encrypted by protonmail itself.

ribble ago

son of a bitch

jewd_law ago

that's what I'm saying. what's the alternatives then? I moved all my Jewmail to Proton.

HulkInformation ago

There is no way to know one way or the other, could be just as likely op is trying to dissuade you from using these services because they're a jew trying to confuse. They don't know anything about it same as you or me. The email is encrypted, in fact they were struggling for a while with a bug that would encrypt it twice. So that the message that was sent and decrypted was gobbeldygook. If they're going through that much trouble just to collect data for the Lithuanian government then they earned it.

At least your email isn't being outright read by google anymore, analysed, and catalogued so that they can build an AI assisted human profile of you.

Turn_Coat ago

You make an excellent point. If this company is operating as a Lithuanian company and not a proxy, i'm ok with that government gaining access to my data. If, on the other hand, they're a proxy for a western conglomerate, we may have a problem. I am suspicious of OP's motives due to the url posted not actually showing up; https://i.imgtc.com/FSzFXt6.png

... however some of my own research does indicate that-

... and your account is 1 month old, roughly as old as it was that first information on this subject began coming out. Fantastic.

HulkInformation ago

I nuke my accounts. :) At the cost of credibility, because I'm overall fairly paranoid like that.

Turn_Coat ago

It doesn't help tho I do understand the motivation.

bothrubberandgum ago

Tesonet is a data mining company, the last line is not true.

Flour ago

Conspiracy hat: this is an astroturfing post used to discredit secure services

Conspiracy aside, looks pretty legit that they are both compromised. Also, always wondered whether or not it’d be better to just use the big tech services and attempt to be lost in the web of traffic using coded language and such.

RugerLCP_2 ago

might be better to use competing country's email service that would never let the cia spy on it.

Flour ago

To be honest, if you wanted to beat the snooping agencies, why don’t people just communicate in an online moba game or something in a coded language?

Runescape always comes to mind that it would be easy to do. VPN your connection to the game and yea?

alele-opathic ago

They thought of that - a half decade back or so, they claimed terrorists were using COD lobbies to shoot messages into the walls to each other. Given that this was raised as a national security threat, I am all but sure there is monitoring for this sort of thing now.

See also: https://duo.com/decipher/debunking-myths-do-terrorists-use-game-consoles-to-communicate-with-each-other Btw notice that they call it 'debunking', when all that they do is show it to be hard, vis a vis impossible. Some interesting info in the comments on their article.

alele-opathic ago

Conspiracy hat: this is an astroturfing post used to discredit secure services

Well, this is why I advocate you do your research. Astroturfing only works if your recipients only plan to skim the surface.

Also, always wondered whether or not it’d be better to just use the big tech services and attempt to be lost in the web of traffic

IMO, blending in assumes that they expend equal resources monitoring each person, which can only be true if you can enforce anonymity. If you can, as Google/Facebook has, make everyone use their 'Real Name' online, then you can profile-build and triage them, and watch only the 'maybes' intensely for key words or key phrases. Look into an AI natural language concept called 'Sentiment Analysis', it is this triage I speak of, by a different name.

There isn't any way out except widespread forced anonymity.

Turn_Coat ago

That'd mean war...

Empire_of_the_mind ago

it's important to always consider astroturfing but the answer is revealed by the evidence. In the case of both DDG and ProtonMail there is real evidence connecting them to shady operators. The biggest piece of evidence is of course media attention and resources. Both managed to get major media press and both managed to handle huge growth without a hick-up. They were established as "brands" intentionally by people who had access to media hype and access to resources to backstop their technical operations.

No mail service you're not paying for is secure.

For internet searches, there are a number of options. My recommendation is to spread out your searches across them all. You don't really care that they know someone, even you, once searched for "Hitler did nothing wrong." What you care about is that they know you searched that as well as other unrelated interests that allow them to figure out what topics people with certain political views are also interested in.

Conspirologist ago

Thanks. They said ProtonMail was a serious company run by Swiss scientists. They can be sued for false advertising.

alele-opathic ago

They can be sued for false advertising.

How? According to Wikipedia, only the UK, US, Australia, and NZ have laws forbidding deceptive advertising. The only reason Google is about to go down over lying about location tracking is because they are headquartered here. Usually these guys run with impunity.

alele-opathic ago

Cheers pal.

alele-opathic ago

It's also worth pointing out that the growth of both Proton/VPN and DDG can be attributed to very successful astroturfing campaigns. Very little conventional marketing was used - it was mainly shills sitting on imageboards/forums/social media that would respond to "are there any good VPNs/Emails/Search engines?" with "Idk, but my buddy has NordVPN/ProtonMail/DDG and he says its pretty good". After some time, an artificial reputation is built that is indistinguishable from companies actually having a good reputation.

In other words, don't ask questions like these - they are flawed in a way that makes it impossible for you to tell whether or not you are getting genuine information back, especially considering astroturfing shills specifically target questions like this. The only way is to do the research yourself (or at least parts of it).

SearchVoatBot ago

This comment was linked from this v/technology comment by @PapShamir.

Posted automatically (#9978) by the SearchVoat.co Cross-Link Bot. You can suppress these notifications by appending a forward-slash(/) to your Voat link. More information here.

Empire_of_the_mind ago

this was the single biggest red flag - ALWAYS pay attention to this. if it's a household name, chances are it's crap.