It’s good for all of us to be privacy literate, given that things can take a turn for the worse in many places, or already are bad. There was a post a few days ago that highlighted how the vast majority of trans people rely on internet access 🤔

I’ll start by saying that matrix seems to be a solid solution for communication, and tor for accessing information. It’s worth it to get familiar with them before you need them yourself, but also to understand them as a community so we can support each other globally 🏳️‍⚧️

I am also wondering if any of you are familiar with getting around network restrictions. For example a DIY mesh network? 📡

  • Ha!! You’ve triggered my trap card. Now, I turn Special Interest face up and it uses its ability Info Dump.

    Bad jokes aside, I’ve done a good bit of research and fiddling in my own time to try and put together a more digestible guide to some privacy and infosec basics. I’ve got somewhat of a background in tech/computers, but I’m coming to the issue as more of a layperson than a lot of the talking heads are. My express goal has been to demystify digital security in order to make those tools more accessible, particularly to overly surveilled minorities. I’m going to shamelessly plug my own website with my writings on the topic, but I’ll also give a condensed version here.

    Basically I went through each service I used that was any of the following:

    • a paid service
    • a “free” service requiring an account to use it
    • a service owned by any of the large tech corps

    And then researched how to replace them with privacy respecting alternatives. Here’s what I’m using to replace the core functionality you’d expect from, say, the google suite. Gmail, drive, passwords, ect.

    Let’s start with email as it needs a little discussion with it. First and foremost, if a service is “free”, you are the product. Just having you signed up for Gmail is making google enough money to offer you the service for free. Between scanning emails to train AI and selling your personal info to advertisers, google is making all of the profit it needs to operate Gmail “for free”. With this in mind I strongly, strongly, encourage you to PAY FOR EMAIL. Hell, just in general try to form a new found appreciation for well made, paid software. I realize not everyone is in a position to pay monthly for something like email, but this way I know the company is making all they money they need to from actual paying customers.

    I personally use Fastmail, but Proton also has a pretty good reputation and offers some other products with it.

    “Cloud storage” also needs a bit of a breakdown. In my opinion there is no such thing as a “private cloud” that isn’t entirely self hosted. If a company is offering you a “private cloud storage” option, free or otherwise, you have to remember that you are putting your data on their computer. That data is theirs now. There’s a hard drive somewhere in a data center with your data on it a government agent could go take. Or the company itself is just doing whatever they want with your files. That is not private, at least not relative to you. I suppose it’s probably private between you and the company, but who is to say where bits and pieces of your data are being sold.

    My solution isn’t really a cloud in the usual sense. I use Syncthing, which just keeps files in sync across devices, it does not provide a lump storage solution to offload data from your devices. All files are present and take up space on each device they are synced between. I personally prefer this, but I realize the functionality is different. If you really need to free up space on say a phone, you can set up things like one way sync, but I would look into NextCloud if you have a computer you can set up as a small home server.

    Everything else I can kind of zoom through.

    For passwords I suggest KeePassXC with the password database shared across devices with Syncthing. I personally use a command line based tool called UNIX Pass, but I’m not sure I’d suggest it to everyone.

    Messaging is in a bit of an odd place right now, and basically if you seriously need secure messaging assume any “app” or even remotely mainstream messaging platform is insecure compared to the truly best options, but adoption is a big issue here. You could pick the best, most secure messenger, but that’s not helpful when none of your contacts use that service. Signal, Telegram, Matrix ect. are all pretty decent and have different perks, but if you’re seriously concerned you should be looking into different tools and protocols entirely.

    Finally, get a VPN. This is another example where you should expect to pay a few dollars a month for this, else you’re probably just feeding data to a honeypot. Mullvad is basically the standard at the moment, but I also keep a Proton VPN account active as I’ve found the speeds to be much better for gaming and such. I’ve got a Mullvad account I keep handy for special occasions. Much beyond that and Tor becomes necessary.

    Even just a good ad blocker, Ublock Origin, can go a long way.

    I think those are some of my go to starting points, I go into much more depth on a lot of this and more in the link below.

    Arkhive Digital Footprint Post/

  •  Elise   ( @xilliah@beehaw.org ) OP
    link
    fedilink
    8
    edit-2
    4 months ago

    Upvotes but no comments? Let me improve that a little 🙂

    It’s a deep rabbit hole but here are a few ideas for you 📝

    You’ll want to have up to date hardware and software, because vulnerabilities will become known and this means it is possible to access your system. Maybe think of it as having a healthy diet for your tech, so it has a strong immune system 🥕

    A VPN can help, but you should know that the company behind it can theoretically still see what connections you are opening and analyze Metadata. However, your ISP will have a lot less to work with. They won’t see that you are connecting to a trans related server, but only a single connection to your VPN. Just ensure you trust the company and consider the jurisdiction it is in ⚖️

    If you want to go the extra mile you might want it give Tails OS a spin. It’s free and can run from a DVD or USB drive, and won’t leave a trace when switched off. It runs the tor browser out of the box 📀

    Don’t try to disappear and hide everywhere, this is very noticeable. You’ll want to create secondary accounts for your trans related activities. For example you could remember the logins and only use it on Tails, but you would still have your every day stuff like maybe Instagram, so all appears normal 😇

    The next step would be to have privacy focused hardware. For example System 76 will disable the IME (Intel Management Engine), which is built in to every Intel CPU and provides a massive vulnerability 💻

    As far as I am aware this also applies to phones with a SIM. The sim is like a little computer on its own, just like the chip on your bank card. It has memory and a processor and it runs a special version of Java. It has full access to the hardware and can be trivially patched from the cell network. Personally I have not investigated how to circumvent this, but just be aware that this is a major vulnerability of most phones 💳

    Keep in mind that using ANY closed source software is going to pose a beefy vulnerability. Be that Windows or an Nvidia driver. It simply can’t be audited for vulnerabilities, which might be left in on purpose. Furthermore, if you are checked by authorities and they take your phone or laptop, you have to assume it is compromised. Many corps will simply get rid of hardware when this happens 🤷🏻‍♀️

    It’s better not to store sensitive data locally, but rather in an encrypted form online. Encrypted data can attract attention if it is found, such as a harddrive, thumbdrive or dvd. Same considerations as with the VPN company. Think of it as e2ee (end to end encryption, such as matrix and signal), but for your data when it is stored and not actively being used. You can search online how to do this. All in all it is probably best to simply not store any data at all by yourself, and stick to trusted online services only 😌

    A little on the internet. Let’s say you are royally screwed and the internet is switched off or you are blocked from accessing it entirely. At this point you’ll want to understand how to make your own network, perhaps with some gateways that are still connected to the internet. This is a large topic which ranges from HAM radio to satallite connections. There is also a risk in being detected. Just know that there is software that can leverage everyday tech in your hardware such as Bluetooth and Wi-Fi to create a grassroots mesh network. In Berlin there is one day a year where such a network is set up just for fun, and it’s good training, so maybe give it a try in your local community 📻

    Twice I’ve mentioned using companies, for a vpn or for storing data. But you should know that it is quite common for people to host all sorts of services on their own from home, just like many instances on Lemmy. You can assign someone in your local community to be responsible for this. It can be entirely local and part of your mesh network, so it does not rely on the internet. Or it could be in another country. Just know that it’s possible and it’s flexible 🏡

    As you can see, there is endless stuff to keep in mind, and you will always be taking risks. It’s a full time job for many people. I am certain I forgot something. And I haven’t even mentioned the social aspect, for example how to handle strangers. But as long as we remain connected and have a few people who invest effort into this, we can stay reasonably safe, even if your area turns into Uganda 🫣

    And lastly, keep in mind that all good people are friends and you are not alone ❤️

  • Privacy is a spectrum. Your privacy needs may vary; depending on your personal situation.

    But good first steps are pretty easy.

    • Leave your email accounts at services like GMail, Yahoo, or any other big corporation. Find a privacy respecting provider such as Tuta or ProtonMail.
    • Log into all accounts you have online; switch them over to the new email.
    • Minimize your use of ‘Corporate’ social media. Delete any accounts you can live without. (Meta/Instagram/Pinterest)
    • For any of the “Social Media” accounts (like Facebook) you choose to KEEP; you must log into them and lock them down, and make sure all the privacy settings are configured to minimize invasive tracking. Repeat this step on a monthly basis.
    • Seek out alternate social media. (Lemmy/Mastodon/Fediverse)
    • Use 2FA. For everything. No Exceptions. This will cut down on problems later if your data gets leaked.
    • Set a unique password for everything, and use a password manager to help you do this! Seriously. Bitwarden is good.
    • Switch messengers. Matrix, Signal and the like are good; but understand you may not be able to get everyone around you to switch, so don’t rush this too quickly.