What small, easy things can the average person do to start protecting their privacy today?
“Just do what you can without overburdening yourself. So, use #ProtonMail, use #Signal or #Threema, use #DuckDuckGo — these are very good alternatives. And whenever you can, say no to cookies.
@sergeant Solid advice 👍
@ilyess @sergeant When Protonmail sends you a notice that you have a msg waiting, there's apparently no way of knowing if the msg that's waiting is actually just an announcement from Protonmail themselves. So you could be forced through hoops like Protonmail's #CAPTCHA only to find spam waiting. CAPTCHA has ruined #Protonmail as far as I'm concerned. I wouldn't want to lead someone their CAPTCHA trap
@sergeant @ilyess #Signal is not a good recommendation either: https://github.com/privacytoolsIO/privacytools.io/issues/779 And #DuckDuckGo is also quite lousy: http://techrights.org/2021/03/15/duckduckgo-in-2021/
@sergeant @resist1984 you’re right. Unfortunately, as it stands today #Signal remains the best #privacy preserving messaging service out there for novice users. I’m thinking of users who just wanna put in their phone number and find all their contacts and start conversations, just like they did on Whatsapp.
We might not all agree with Signal’s move to introduce crypto but we don’t have proof that it makes the messaging service less secure or less private.
@sergeant @resist1984 @dhfir Users are like electricity - they don’t like friction and always choose the path of least resistance. If one service requires more steps, more configuration, or even more decisions, it’s systematically “inferior” than the “one click and you’re set” kind of alternative.
@ilyess @dhfir @sergeant That electricity can be manipulated. There are people who want to reach me without crypto (out of laziness, incompetence, impatience, whatever). But I have imposed a more secure path.. one with more friction. I'll walk them through the steps if needed, but I will not allow for gmail correspondence, for example.
@sergeant @dhfir @ilyess It makes sense that if 2 parties need to communicate, they agree to the higher security requirements of the 2 ppl. #Signal is a perverse inversion of that, whereby people are pressured to /relax/ security under the pretext of good security. That is, Signal forces users to obtain mobile phone service which has a *huge* undeniable attack surface.
@ilyess @dhfir @sergeant #Signal creates an insideous network effect such that when someone chooses to use it, their choice isn't taking place in a vacuum. They then become an enticing incentive for other people to subscribe to mobile phone service in order to stay in touch. So Signal drives people to relax security.
@resist1984 @dhfir @sergeant It’s hard for me to see that as a real problem tbh. I don’t think phone numbers are going away any time soon. I don’t know in which part of the globe you live but around here you can’t do basic things without a phone number - things like calling an ambulance or law enforcement.