What small, easy things can the average person do to start protecting their privacy today?
“Just do what you can without overburdening yourself. So, use #ProtonMail, use #Signal or #Threema, use #DuckDuckGo — these are very good alternatives. And whenever you can, say no to cookies.
@sergeant Solid advice 👍
@ilyess @sergeant When Protonmail sends you a notice that you have a msg waiting, there's apparently no way of knowing if the msg that's waiting is actually just an announcement from Protonmail themselves. So you could be forced through hoops like Protonmail's #CAPTCHA only to find spam waiting. CAPTCHA has ruined #Protonmail as far as I'm concerned. I wouldn't want to lead someone their CAPTCHA trap
@sergeant @ilyess #Signal is not a good recommendation either: https://github.com/privacytoolsIO/privacytools.io/issues/779 And #DuckDuckGo is also quite lousy: http://techrights.org/2021/03/15/duckduckgo-in-2021/
@sergeant @resist1984 you’re right. Unfortunately, as it stands today #Signal remains the best #privacy preserving messaging service out there for novice users. I’m thinking of users who just wanna put in their phone number and find all their contacts and start conversations, just like they did on Whatsapp.
We might not all agree with Signal’s move to introduce crypto but we don’t have proof that it makes the messaging service less secure or less private.
@sergeant @resist1984 @dhfir Users are like electricity - they don’t like friction and always choose the path of least resistance. If one service requires more steps, more configuration, or even more decisions, it’s systematically “inferior” than the “one click and you’re set” kind of alternative.
@ilyess @dhfir @sergeant That electricity can be manipulated. There are people who want to reach me without crypto (out of laziness, incompetence, impatience, whatever). But I have imposed a more secure path.. one with more friction. I'll walk them through the steps if needed, but I will not allow for gmail correspondence, for example.
@sergeant @dhfir @ilyess It makes sense that if 2 parties need to communicate, they agree to the higher security requirements of the 2 ppl. #Signal is a perverse inversion of that, whereby people are pressured to /relax/ security under the pretext of good security. That is, Signal forces users to obtain mobile phone service which has a *huge* undeniable attack surface.
@resist1984 I understand you might feel discriminated against by #signal since they still rely on phone numbers. I think they started with phone numbers back in the day, even before it was called Signal and rolled with that. Signal is clearly not for people that are ready to go to extreme lengths to preserve their privacy like yourself. But I stand by my position that for the billions of users on WhatsApp and Messenger and the like, Signal it’s still the best alternative.
@ilyess It's not only discrimination-- it's bad security. That is, forcing someone to *compromise* their security by increasing their sensitive data & growing their attack surface is a Bad Idea™, particularly when it entails a demand that the other party proactively enter the marketplace to buy something they don't need, which will be used against them & only serve to track them.
