- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
A lot of practical steps, which is nice to see in an article like this.
That iphone drama might actually lead to proper interest from normie core?
I doubt somebody running from a government is taking their tips from wired.com
I read through the whole list, and monero was the only decent privacy recomendation I could find. Everything else was US-hosted. A lot of it was just recommendations from Apple and Google on “privacy” services they offer.
No mention of syncthing, matrix, xmpp, even with sections dedicated to those categories.
I read that monero is different from other cryptocurrencies and makes it harder to identify the individual to/from whom a transaction in is sent
What is the difference and why do other cryptocurrencies not implement it?
The core focus of early crypto was decentralization, not anonymity. Bitcoin is totally decentralized, but the entire premise is the blockchain contains a permanent irrefutable ledger of transactions. Basically everyone knows if Wallet A paid Wallet B. If you refill your wallet with anything remotely traceable, that means everyone knows YOU paid Wallet B, and similarly if wallet B has any ties to the real world, the lines are easy to connect.
That’s not to say you can’t use it anonymously, but that was not the intent and thus it does anonymity poorly.
Monero is built as a privacy first crypto. Essentially it’s like cash in many ways. You spend it in the shop and nobody knows where the cash you’re handing over came from. When you get your change at the till you know nothing about who had the cash before you that you just got handed. It’s just money.
This is all handled by a bunch of very complex cryptography. If it comes to it there are ways to prove you sent the money etc but only you have that capability to decide to share.
Zcash’s shielded transactions can do smiliar things
You’re right, ha, I’m totally not… they, I mean they are totally not! You got it guy! Everyone listen to this guy! I’d go as far as to say anyone reading this article is innocent of ALL crimes!
People commenting however…
Don’t challenge me
Too bad private email access is essentially dead. Any service not requiring another email or phone number to sign up gets quickly shut down. A casualty in the war on whistleblowers.
email is never private, if its that sensitive it just shouldn’t go on the internet
Exactly; email is digital post cards and always has been.
Of course, that means I can encrypt a message and use someone else’s email account to send it :)
You can sign up for Proton mail without providing email or phone number, as far as I recall.
Nope. Try doing it through a Tor node.
tor isn’t email or phone
No shit, Sherlock.
you still can, it was a bug in past that they fixed long ago
it’s not a bug and it’s still not possible, it’s for tracking who created the account of course.
It is possible, I just signed up for one recently while using Tails. I was not required to use either email or phone number. Stop spreading misinformation.
Doesn’t work for me: https://0x0.st/Xkw4.png
Maybe it only works for some people.
They said any service gets shut down. I registered a ProtonMail account without email or phone number. Proton also does not cooperate with anyone but Swiss authorities. It is obviously still possible.
You can also register without one on cock.li, if you don’t mind them being edgy middle-aged teenagers.
Try it now. Load up a tor tab in the Brave browser, and try signing up for an email without providing any info.
yes I just did, not brave but tor browser and I was able to create account
I just loaded up a Linux vm with Brave, and tried to sign up in a tor window. It requires a verification email to sign up.
Maybe you’re using a browser or OS that it’s tracking.
yeah I’m using tor browser, also don’t forget you can get fingerprinted even on tor
It does not, this is misinformation. Do not believe this person, I recently did it on Tails while using Tor and did not need email or phone number.
I did that recently while using Tails, and it let me register without either an email or phone number. This is misinformation.
I don’t know what to tell you. Tried it yesterday, and it required an email to verify.
Proton requires email?
Not in my experience
Yes, tho it days it dosent store it, ill leave it up to you what you do whit that.
They do store it and have provided it to authorities in the past. In their defense, modern laws require you to hand over any data you have or get shut down. But they already knew that, yet choose to ask for it anyways knowing that they have to give it away if asked to.
i guess corpos gonna corpo folks… even the “good” ones
i did not realize you needed anything to create rando emails. i know google started that shit 5 years ago tho
I don’t think you are required to provide a secondary email, but you get less features without it.
i see… that is a dark pattern in of itself, why does proton need this info and why are they willing to incentiveze users sharing it.
How is offering users the option to set a backup/recovery email a dark pattern?
They provided it to Swiss authorities, with a notice that it happened to their customers. They do not have any requirement to share it with other governments.
As far as I understand it, this is only recovery emails and I think it explicitly has some sort of warning about this when setting it. This is different than the email prompt on sign up.
I didn’t even know it asked for an email for sign up. I just remember the recovery email.
You don’t have to have one, this is misinformation.
I wouldn’t trust them not to store the initial one as well tbh. Nothing technically stops that and it’s in their interests.
They don’t ask for one on signup. I just signed up recently while using Tor on Tails, and was not required to provide an email for any reason. The only thing that happens is you get a warning in the account panel saying you won’t be able to recover your account if you lose the recovery codes.
They do not, I didn’t need either when I signed up recently.
anyone dunking on the article, this is pretty far away from a how-to-lilst; it’s more of a “think about these things if you haven’t up until now” and as such a net positive. wrong community for it, though.
I’m glad they mentioned Monero in the article, but sad that they mentioned it alongside Zcash since Zcash is not private by default and not many people opt into the privacy and Zcash has shown willingness to be bad to their users by helping exchanges. Primarily because they are run by the Electric Coin Company, which is registered in the United States, and therefore they have to obey the laws of the United States. So, Zcash is not a good option.
I also have not seen Zcash accepted as payment nowhere nearly as frequently as Monero.
Same
Shielded addresses & transactions are private using zero-knowledge proofs like Monero. You can also have transparent addresses & transactions like how Bitcoin operates on Zcash as well which is true. But there isn’t a default, some wallets autoshield by default making your comment misinformation.
Some wallets shielding their transactions by default is still not nearly as strong as everything being shielded by default at the protocol level, but they couldn’t have that because then they would not be on exchanges.
It does add a level of convenience for the type of transaction you might want to actually be tracked all being on the same currency. Most don’t even offer the option. Zcash can do the thing—it’s just not the only way.
Monero has view keys for exactly this reason, so that if you need to make a transaction public for like an audit or something, you can do so. But on the protocol level, absolutely everything is always private.
That’s good too. Not a Monero hater or a Zcash fanboy—I just think we need to be honest about the capabilities even if the methods of getting there are different.
Switch phone service to VoIP, cancel cell service, all tracking capabilities is gone.
A lot of organizations now block VOIP numbers thanks to stringent KYC laws.
It is possible to get a real cell number from a big name carrier and then port the number to VoIP company to use VoIP service with an original cell number.
In a lot of places, cell carriers enforce KYC too though.
If you get a cell number with a SIM, then port that number to a VoIP, how does KYC matter since you are going.to have to give that number to people with your name, so businesses or offices can call you through VoIP service?
Maybe, but if anything bad happens to originate from that number, the port history is still visible and now they have a suspect.
Stick with only having a landline until you can get over yourself and your self aggrandizment.
That’s just wrong when you’re dealing with the government
Iirc any cell phone is still capable of dialing 911(or equivalent) even without a sim. So id imagine carrier towers and gps could still find it. You’d basically have to keep the device in a ferriday bag. Which complicates actually using it.
That is correct. Any cell phone sold in the United States by law is supposed to be able to dial 911 no matter whether they have a SIM card inserted or not and no matter whether they have service on a SIM card or not and also no matter whether one specific carrier in your area has no signal it will use the others instead. You may be a Verizon customer, but if you dial 911 and an AT&T tower picks up the call first, the AT&T network will serve that call instead.
One clarification: carrier towers can still find a phone; GPS is passive; your phone locates itself in relation to the GPS satellites.
Most phones are also broadcasting WiFi MAC IDs and Bluetooth MACs, plus hardware and capability strings over Bluetooth. And then any apps you’ve got loaded may also be calling home with your location unless you have that disabled and rotate your ad ID regularly.
[edit] also worth pointing out that even if you turn a smartphone “off” it still pings the local cell towers with its IMEI regularly. Surprised me the first time I witnessed that.
Why does a phone need to be in a ferriday bag when phone does not have a SIM card because it uses web-based VoIP service? The phone only needs an internet connection, like wi-fi, and can’t talk to cell towers. Remove SIM from phone, connect phone to wi-fi to get online to access phone service through the internet, GPS can’t function. If a phone without SIM calls 911, it will go through, but dispatch sees no number, no location, no name.
Yeah, but the operator would see an identifiable IMEI.
-
any carrier within range can still potentially track you, maybe not with airplane mode but Snowden says don’t trust that
-
GPS still “works” without any signal, service or net access
-
AGPS mandate forces 911 calls to reveal your location
For max privacy without going completely analog you’d want a device with NO cellular radio at all
You have way too much time of doing nothing of significance and fill it with meaningless chatter. Spend more expanding job skills and still listening to so many inexperienced opinions.
-
A sim or cell service has nothing to do with gps. Gps signals arrive from satellites in orbit around the earth…
You’re just shifting trust though - may be good in some cases, but not universal. Aldo does nothing about the cell tower connections tracking the location.
How can cell towers track your location if phone does not have a SIM due to using web-based VoIP service?
An IMEI moving around.
I think you’re mainly speaking from a place of percieved opinion than tech knowledge but I would suggest for you that you only use a landline for phone service. Have you ever had a job working with various network services for random customers and speak to customers to answer questions?
From the context of your previous comments, it seemed like you were talking not about not having a mobile phone in general, but rather a SIMless phone. Using it over Wi-Fi only is indeed doable - but you’d need an Airplane Mode on an OS you can trust, just having no SIM would not be enough.
Also no, I did not have such a job - I don’t understand how this question relates to the conversation.
Any AOSP ROM would suffice.
The queation pertains to having a sense from how someone talks if they sound like they can configure network services or if they only read about it but not having the skills/experience to work for random customers and explain the work to them.