blacklight447 
@blacklight447@social.privacytools.io
Admin
Localization co-leader Qubes OS project
Editor-in-chief at privacytools.io
Joined Apr 2019
@glitcher32 Another solution is using tor and by that not having to worry about dns ;)
@Mayana Think about what you just did ;)
First victem of article 13:never gonna give you up" is no longer avialable in EU countries.
https://youtu.be/dQw4w9WgXcQ
@Rediikid These days i would go with tutanota, they have opensource clients.
@oscarikea Well i was mostly aiming at browsing, for casual browsing, tbb ia amazing, no need to set config prefs, no need to download 20 addons and configure them, with the change of actully becoming more fingerprintable, and its free, one could alsoways have normal firefox with von as fallback for things like 4k netflix :)
@oscarikea Btw, about the overkill part, why settle for a worse product that costs you money, while tor gives you a free solution, that when combined eith tor browser, also prevents fingerprinting. The only "trade off" would be that you cannot watch 4k videos yet on it, which hardly anyone does anyway.
@oscarikea being government funded is nice, it provides a nice extra stream of money for the project. All funding is also disclosed in a transparency report every year. Also, almost all weakneses that apply to tor, also apply to vpn, only those weakness are a crap ton more easy to expliot on a vpn provider then to tor. So unlike vpns, where you trust a singel for profit company to protect you for 10 bucks a month, tor is the future. P.s. With onion services, most of tor weakness are gone.
@bortzmeyer Lets start a new movement #CharacterEquality
@oscarikea so you rather use multiple for profit companies, which goal is to make money, then use a network which has been researched by hunderds of studies. Has entire community looking after it, has proper stream isolation, leaves no money trail, unlike multi vpns, is free, and has likely a lot more users then those vpns, giving you alot more cover traffic, sure, go ahead :)
@bortzmeyer Becomes even more fun when people use weird chars like the sharp german s, https://en.m.wikipedia.org/wiki/%C3%9F
@oscarikea Yes and no, an exit node normally only sees https traffic, and sometimes http traffic, also, unlike a vpn, the exit does not know where the traffic came from. Thinking an exit nide is not trustworthy is the same as saying the vpn provider is not trustworthy, the vpn can see everything, all your traffic, where it came from, and where it goes, an exit node can only see where it goes. Considering that the majority of traffic is https these days, exit nodes are a non issue really.
@oscarikea Your better of using tor these days. Its fast enough to watch vids, its free, not controlled by a single party, providers better anonimity, the browser takes care of fingerprinting for you. Its pirvacy by design, where vpns are privacy by policy (meaning you need to trust the vpn provider, where with tor, this isnt the case.)
@one @supernova Tor browser for android also doesnt allow screenshots, signal has an option the disable the option to make screenshots.
@supernova @one Yh, there are way to make it harder, but when ephermal messages are used, i think they should be advertised as a data hygine feature, not a security feature, as you have no assurance whatsoever that the messages are being deleted on the other device, once a message leaves your device, you are no longer in control, anyone claiming other wise is lying, or atleast being dishonest.
@infosechandbook@mastodon.at thwse are all questions that would need to be discussed and answered first.
@infosechandbook@mastodon.at Yh, this should indeed be stated more clearly, anyhow these changes can be fairly easy to solve upstream, the server used for the connectifity check could be the lineage website. Dns might be a bit more tricky. While its easy to change the default dns, who would this dns provider be, and why would this provider be trustworthy? Maybe lineage can run their own dns? They could also include f-droid by default.
@supernova it is snake oil, once it leaves your device, its out of your controll, how do you know the other party uses a modifed client that doesnt delete the message or exports everything, how do we know the other party hasnt made a screenshot or taken a picture of the message? Ephermal messages should only be used for data hygiene on your own device, if you cannot trust the other party, ephermal messages wont help you.
@supernova to be fair, they are more likely to be intercepted during transit for later decryption, then downloaded from my device.
Admin
Localization co-leader Qubes OS project
Editor-in-chief at privacytools.io
Joined Apr 2019
