Melody Fwygon

I personally use Firefox still; and keep a fresh copy in a (Pixel only feature) Private Space (Basically an implementation of Android alternate user profile) as well. It works and accepts any privacy addons I throw at it.

Currently using:

• uBlock Origin
• Chameleon
• Privacy Badger¹
• LocalCDN
• Decentraleyes¹
• CanvasBlocker¹

¹ - May duplicate functions of other plug-ins; but provide additional protection layers and cover for the limitations of other addon(s)…

Being worried about addons adding to your fingerprint is something that I quite honestly find is not a significant issue usually…unless you’re explicitly doing something truly spooky if found out…then you should use Tor Browser ONLY.

As someone who formerly modded on reddit for over a decade; I do know what trips the alerts typically. The steps I give are important to establish a fresh account with nothing an idle internet sleuth can link back to you; as well as preventing Mod(Bots) from detecting you. Reddit Automoderator has ‘Admin eyes’…even if it lacks the permissions to act like one. It can, and will use algorithms on those eyes to assess your ‘threat level’. Knowing the trajectory of reddit when I quit; it probably uses AI now. Before it was a dumb blackbox of algorithmic rules the Admins never really made fully clear about how it worked. This dumb blackbox made frequent mistakes.

I’d say you can try do it; but I caution you on doing so. It will be problematic

You cannot be completely undetected if using the reddit app. You must avoid using a mobile device; these are too easily trackable and the browsers on mobile devices lack sufficient privacy protections.

• First and foremost you’ll have to setup to access reddit from a completely unique device. I recommend a virtual machine on a computer using a privacy respecting browser like Librewolf.
• Secondly, you’ll need a good paid VPN…I recommend Mullvad. Do not create your account with this VPN! It will trip alarms.
• Third, you’ll need a laptop with a similar private browser. do not use your main Windows user account. Create a new local account. This is to enforce that you do not access reddit for account creation using a “known” browser fingerprint.
• Fourth, you will need to travel. It must be somewhere out of town; and you should be using a public wifi network when creating the reddit account. Be aware of the ISP coverage in your area and travel far enough that you do not use the same ISP as your own. If you don’t know their coverage area; look it up online. Travel to a place they don’t offer service.
• Fifth, Once you have traveled, use the clean windows account you created to create the new reddit account. Do not name your account similar to your banned account, or subscribe to any subreddits that are outside of /r/popular.
• Farm some karma. Ideally 1k is enough. 100 will do in a pinch but you’ll need to keep farming it; which is a dumb idea to do on a VPN.
• Verify a fresh email address. Use only tuta.com as your mail provider.
• Stay off the reddit account on your home PCs and network. Use reddit only in a public wifi setting on the laptop as described above. Do this for no less than 30 days while farming karma. No need to travel out of town; local public/private wifi will do. (Just not yours).
• Once the account has aged a month; you can log in with the VPN as mentioned above at home using the virtual machine at home. Continue using the VPN for the foreseeable future. Enjoy sticking it to Spez.

1. Get help. Your mental health and physical health must always come first.
2. Privacy is not an all or nothing thing. Your mental health and physical health must always come first.
3. Continue practicing good privacy habits at a rate, level and depth that fits your situation and needs. No need to constantly adhere to Snowden levels of privacy seeking and hiding under rocks. There never was a need for this unless you are in a situation like Snowden. Your mental health and physical health must always come first.
4. It’s totally fine to be as genuine or as pseudonymous as you feel as your needs and wants demand. However, Your mental and physical health must always come first.
5. Relax. Current events have a way of making you paranoid but there truly is not usually a state level actor hovering over you waiting for your tiniest of mistakes. If you usually obey the law and do no significant harm to others, I doubt you have any significant worries. Your mental health and physical health must always come first though. Don’t obsess over it if it makes you feel mentally unwell.

And this is why Fwyfwy refuse to move away from Windows 10. Fwy refuse to use any version of Windows that truly integrates their AI bullshit…and Fwy actively breaks and blocks installation of it too; during updates via NTFS security, policies and other tactics to otherwise deny or break their store app from installing anything automatically. If I need some shitty UWP packaged app; I will pull it down and manually install it myself using PowerShell kthx.

Fuck your AI shit Microsoft. If I want AI; I’ll choose the models and run it locally on my own hardware and train it to my needs. If I need a screenshot; I have several app options to do so on command with a single keypress. I don’t need my PC taking timelapse photos of what I’m doing.

Network is standard double NAT grade B. [ISP <-> Router <-> Firewall <-> Client] with all necessary port forwards in place (TCP/UDP 1025-65535 to Firewall). Firewall is standard pfSense CE; and will forward invisibly and does automatically perform necessary UPnP and port forwarding as detected. STUN may be necessary but does function and establish the route(s) and the ports your application selected would ordinarily be invisibly NAT’ed quickly by the firewall as long as the packets are solicited. ICE Candidates udp <Public IPv4>:65359 srflx udp <Public IPv6>:65363 srflx udp [<Public IPv6 /64 issued by ISP>]:54597 srflx udp [<Public IPv6 /64 issued by ISP>]:58798 srflx Error: No active TCP candidates were found

To my knowledge your application does not appear to opinion or declare if it uses STUN. (Perhaps it should, there are valid reasons to offer STUN or not offer STUN). The application provides no meaningful errors so I can’t tell what might need adjusted or allowed network-wise.

Obfuscated code is not “Source Available”. You will need to provide the code without obfuscation; though I don’t personally blame you if you’re choosy about what reasons you will release the source for.

I’m of the opinion that you should probably provide Source Code on a “Source Available” basis to people who ask and have a need to see it to audit or self-compile. The lack of “Open-ness” in your code is disturbing.

I won’t comment or judge on your decision to refuse to offer this software on a Libre basis. You absolutely have the right to monetize as necessary; especially if this code is speaking to a backend infrastructure that you maintain for it. Even if all you do is aim to break even and pay for those servers.

The experience is extremely unintuitive. I couldn’t get your app to work at all on my privacy enforcing browser within the confines of my privacy enforcing LAN. (Yes; I do/did enable WebRTC and the other required technologies, however they’re enabled in a privacy respecting manner.) Neither of my devices would show or remain connected once added. There were no popups or information given to me by the app to troubleshoot the issue; and I’m not going to crank open a Dev Console for something that I can’t contribute to anyways. If your software is going to remain closed in source; “It should just work™”.

Actually it’s not that hard and it’s even probably possible to even host SearXNG on the same hardware, or kind of hardware, that you’ve hosted your Pi-Hole or DNS server on.

I actually self-host my own SearXNG and Invidious instances and customize the settings on both, and it’s super useful. (Example: My SearXNG instance is aware of my Invidious instance on my network and will use it to load videos when Invidious is queried via the !iv bang. By doing this I’m not relying on public invidious instances so much; which oftentimes experience downtimes…because youtube hates those more, and frequently bans the public instances.)

This is all doable with a little bit of Docker or Podman action and a bit of editing the appropriate YAML files prior to composing the containers.

So you might be able to spin up a SearXNG instance locally on your network for her to use and configure it to use Google and any other search engines she might prefer. Then use something like LibRedirect (Firefox and Chrome plugin) to redirect her to the local SearXNG instance. (instead of using Google)

A video about setting up SearXNG: https://www.youtube.com/watch?v=UBLypfM9U-g

In general Fwy does not agree with the Privacy Guides assessment; and feels that the concerns about the project are simply not credible without stronger evidence of excessively slowed or missed updates.

Project devs do have lives and I’m not personally going to punish that; so long as the software remains reasonably maintained and free of bugs while still considering the project’s number of devs.

Is it better than Mullvad Browser? Probably not in the strictest sense; but I’m also not happy with “Mullvad Browser” either; as this browser makes more choices that breaks functionality than Librewolf does in the pursuit of privacy.

Additionally; I cannot trust that “Mullvad Browser” will not enshittify; it is maintained by a company who is REQUIRED to some extent to make profits. That breeds enshittification. Mullvad would be one bad CEO or core executive team shift away from potentially being targeted as a profit vehicle and it’s privacy benefits weakened or removed entirely so the company can make money.

In general I trust Librewolf on a pretty regular basis to protect my privacy when my Addon-driven version of manually hardened Firefox breaks up a websites functionality too badly. It provides essential privacy protections without breaking too many things and serves as a good baseline browser.

As a rule; I keep several different browsers installed to mitigate lack of website function and isolate away any websites that would be more invasive in what privacy protections must be disabled to use properly. “Setting-Hardened and Privacy-Addon-driven Firefox” is what I use day to day, but “a semi-Amnesic* Librewolf (Incognito windows if untrusted website)” is second and is used daily in trusted website scenarios or in case a website is breaking too badly from plugin interactions. Finally; a fairly vanilla and infrequently used copy of Ungoogled Chromium is kept on hand for situations where Chromium is just required; where I can spin up empty profiles easily for anything I don’t trust and configure it to just flush everything on exit.

FreeTube is a useful project as it allows you to “fallback” on a non-preferred frontend.

https://github.com/FreeTubeApp/FreeTube

This allows you to continue to use Youtube irregardless of which frontend is (potentially not) working.

In ‘Settings > General’ you’ll want to select “Invidious API” as your “Preferred API backend” and specify your favorite invidious instance in the “Current Invidious Instance” field and click “Set Current Instance as Default”. This locks FreeTube into the specified instance.

Then, when you notice that FreeTube is issuing notices to you about your favorite Invidious Instance being down, you can wander back to ‘Settings > General’; hit the “Clear Default Invidious Instance” Button and wait as FreeTube magically contacts the “https://api.invidious.io/” page for you and selects a new, and hopefully online and working Invidious instance. (You may have to hit this button several times to roll a working instance, Hit the button, check the subs page and see if everything loads, repeat if it falls back on the Local API.)

When you run into instances where you can’t roll up a good Invidious instance; the built in Local API is running a NewPipe Extractor like API directly from your FreeTube client. Not the best; but at least it keeps things working while you wait for the Invidious devs to fix things up; and it still reasonably preserves as much of your privacy as it can while doing this to the best effort it can.

…Sadly this doesn’t work when Google manages a double combo of breaking both Invidious and NewPipe; but I have found that this is less often the case and the devs of either project are usually fairly quick about getting fixes out. Bless their hard work with a donation sometime maybe, if you can.

Further tip; Simple Login offers premium domains that aren’t listed and therefore have less negative reputation; as well as offering “Subdomains”.

I urge anyone who feels they can afford to pay for what SimpleLogin can offer to do so for those features; they’ve given me a pretty flexible subdomain which I use frequently. Wildcards are another helpful feature; particularly for subdomains; which allows you to “make up email addresses” on the fly and have them routed appropriately depending on whatever keywords you include.

lol you are so wrong.

TL;DR: I think this video oversimplifies the analysis according to the cards and gives Graphene OS undue weight without going into sufficient detail as to why each scored under each category.

I actually don’t agree with this video; and firmly believe it is more than a little biased.

For example, the Pixel, AOSP and Android are given several undeserved points due to lack of proper information or understanding of how certain features work. I imagine this is the case too for the iPhone; if a bit less so.

The review apparently doesn’t deep dive into settings or attempt to maximize privacy by turning off unwanted ‘features’ when settings switches are available to the user; nor does it assume that you set up accounts in as private of a manner as reasonably possible or toggle off as many default-on consent switches as needed.

While I would support scoring and dinging each case or instance for “Privacy Settings that don’t actually work”…this video really doesn’t do a lot of legwork and leans on the anecdotal evidence of scary news stories too much.

Worse was the fact that the entire video felt like they were shilling for Graphene OS; which is known to have a slightly unfriendly maintainer and community surrounding him to say the least.

No mention of Lineage or other privacy oriented Android ROMs were analyzed. AOSP too, was unfairly lumped in and dinged for specific points of the Default Pixel configuration…and yes there are major differences between AOSP and Pixel Android; even though Google tries to be less in-your-face invasive than the other OEMs. Not enough credit is given for the “On-Device” smart features implemented properly on the Pixels.

Out of personal experience; I’d actually rate a proper Lineage OS install of 4 whole Android versions ago to be more private than stock. Not quite as private as Graphene; but not quite as invasive and much more enforcing of privacy. The debloating provided by a clean AOSP-like ROM, such as Lineage, as opposed to a “Stock Android” configuration from a major OEM is stark.

Most importantly I personally feel that the privacy model chosen for the video is far too thickly detailed for an average person. Most of the privacy concerns listed on each card contained concern points that might only tangentally apply or don’t apply at all to mobile phones. The way that each card was scored and applied felt low effort. None of the points on any of the card(s) were weighted with average users in mind.

I really hope someone goes into a much deeper dive; this video is basically clickbait that parrots the commonly parroted advice in the privacy community; which isn’t even good advice, it’s just ‘One-Size-Fits-All’ style advice which gives the user no room to make necessary ‘Privacy vs Convenience’ tradeoffs that they themselves could have made if they understood proper threat modelling.

They certainly make it easier to do so; by making it a switch you can toggle; which allows you to generate an identity; or choose not to and roll with the identity they’ve already seen.

Agreed.

Without concepts of privacy; things will soon fall into fascism.

(People can’t DM you)

This is false. However, you must generate an “identifier / group / channel” for them and share that link out-of-band to them." Basically it means nobody can slide into your DMs unless you yourself consent to it and forge a connection with them to do so. It does offer a way to invite other users to chat; but the other user must consent as well…which makes it far safer usually.

Personally there’s just certain controls in a car I firmly believe should NEVER be digitized anyways.

I mean; there’s nothing stopping you from using a car from an earlier era; and bodging in an Android Tablet into your dashboard as an infotainment system.

The thing doesn’t need to be concerned with your climate controls or anything else on your CAN bus for security reasons anyways. So you can leave those controls as they are and just let the tablet replace your Radio effectively for 100% DRM free media enjoyment with your favorite fully rooted and flashed tablet running whatever FLOSS version of Android firmware you like.