resist1984 @resist1984@social.privacytools.io

@silmathoron @jasper I wonder if #Hydroxide is the reason #Protonmail is pushing more #CAPTCHA puzzles. PM sees Hydroxide as a threat to their in-house non-gratis bridge. By pushing an #hCAPTCHA, it enables Protonmail to profit from the CAPTCHA solving.

@jasper @silmathoron indeed bug 179 explains the situation. To clarify & correct what I said, #Hydroxide does not officially depend on Firefox. If #Protonmail sends a #CAPTCHA then Hydroxide is dead in the water.. it just falls over with a error 9001. Developer "dvalter" created a hack whereby you can login using Firefox, harvest your session cookie, & pass the cookie to Hydroxide to use.

@calculsoberic a specific searx instance that I'd recommend is metasearch.nl.

@calculsoberic #DuckDuckGo would be a bad choice (see http://techrights.org/2021/03/15/duckduckgo-in-2021/) For advanced users, the most privacy-respecting search engine in the world is sercxi.eu.org. #searx can't be suggested because it's software for which there are many instances, some of which are in #Cloudflare

@Br0m3x @info_activism Drone strikes are like shrimping: 90% colatteral damage in a #droneStrike is like the 90% bycatch rate when shrimping. Boycott shrimp and drone strikes

@popolon @aw @dachary it depends on the project. If your project is a Facebook tool, there would be little correlation. But if the project is intended to serve the pro-privacy community, then of course a fedi survey would be a good statistical sample.

I'd really like an onion site that give 2 results: up/down for clearnet users, and up/down for tor users, and whether the content differs between the two

I finally found an open, #Tor-respecting alternative to the #downforeveryoneorjustme site: http://www.websitedown.info

@popolon @popolon @altlink @alcinnz well they've obviously pirated #Cloudflare's block page, which they wield against Tor users, so it's the same problem. It's a Tor-hostile walled-garden.

@popolon @altlink @alcinnz #archiveDotIs (aka #ArchiveToday) is in itself an exclusive walled-garden jailed in #Cloudflare. In principle they have an #onion site, but http://archivecaslytosk.onion/psMa6 also shows a #CAPTCHA to Tor users. So it's still a dead-end.

@popolon @alcinnz I suggest following @altlink so that you get instant warnings of bad URLs.

@alcinnz @popolon Since that site is in #Cloudflare's exclusive walled garden, I tried to reach the article via archive.org but got redirected to https://web.archive.org/web/20210629151618/https://arc.aiaa.org/action/cookieAbsent -- also a broken page. It's not a good link to share with the public.

@jasper @ashwinvis @silmathoron It's safer to use #Electronmail because the javascript is static, potentially reviewed, and you can obtain it anonymously. So if Protonmail were to serve malicious js targeted to you, you would never execute it. But note that Electronmail is broken in #Debian #Bullseye.

@silmathoron @ashwinvis I believe the risk with #Hydroxide is that it requires you to login via Firefox. That means you must trust on-the-fly javascript from #Protonmail to not leak your password. It's not likely a mass surveillance threat but if you were targeted by Protonmail you would be defenseless against that b/c they could push malicious js to your IP upon connection. /cc @jasper

@celia @telroy Ah, I think I found the answer to that: https://github.com/emersion/hydroxide/issues/179 Apparently a GUI login is needed with Firefox as a precondition to using #Hydroxide. Which BTW brings security risks because AFAIK you must run #Protonmail's on-the-fly #JavaScript (instead of #Electronmail).