Em Adespoton

https://birdsarentreal.com/

The US already does that :D

One clarification: carrier towers can still find a phone; GPS is passive; your phone locates itself in relation to the GPS satellites.

Most phones are also broadcasting WiFi MAC IDs and Bluetooth MACs, plus hardware and capability strings over Bluetooth. And then any apps you’ve got loaded may also be calling home with your location unless you have that disabled and rotate your ad ID regularly.

[edit] also worth pointing out that even if you turn a smartphone “off” it still pings the local cell towers with its IMEI regularly. Surprised me the first time I witnessed that.

Exactly; email is digital post cards and always has been.

Of course, that means I can encrypt a message and use someone else’s email account to send it :)

I have a LinkedIn account. It has the list of recent jobs I’ve held and my education.

That’s my social media presence.

Things like Lemmy are my secondary presence that I keep anonymous.

It’s never been an issue during my background checks. But then, if anyone ever dared to ask me about my lack of presence, I’d give them a level stare and tell them that I practice what I preach.

It’s about the traffic shape and size; the packets are all encrypted, but unless you’re filling the gaps with random noise, there’s a pattern to the randomness, in terms of packet size and density, and to the shape of the traffic volume over time.

If you’re streaming video AND torrenting at the same time, that will cover up some of the torrent fingerprints, but not all.

And if someone has the fingerprint of a torrent from a non-VPN source, they can pretty reliably figure out exactly which torrent you’re connected to. Pretty much nobody goes to that level of analysis for a random person though; they’d have to already have some reason to be watching your network traffic AND find it worthwhile.

Torrenting means you’re sending copies of the files to anyone with a magnet link. Great for quickly sharing legitimate software with a wide group. If you’re trying to download stuff you don’t have a license for, torrenting is a bad solution. Better to find a small community where you can just share files directly, peer to peer or on a private server.

Torrenting has a very obvious digital fingerprint, so even if you’re using a VPN, your ISP knows you’re torrenting. And if your VPN provider gets served with a notice and their country is a member of any international trade agreement, they know who you are and have a responsibility to take action against you.

I keep all my traffic encrypted, use my own DNS, and run a VPN so that anytime I’m away from my place, my traffic is tunnelled through my home setup, which includes a piHole.

If I need more than that to obscure the traffic source, it goes through TOR.

I also run a few public web services off the same IP, so the traffic coming out of my address has plausible deniability.

Plus, I use tracker and ad blockers in all my browsers/devices, of course, as well as block JavaScript by default.

Generally, it’s best to go by capability, not by policy.

Any company has to do what the government of its country says. This goes both for the VPN company, AND any exit node country. So you have to always assume that whatever country your exit node is in has full access to the data exiting the VPN there.

Then there’s the technology being used, the expertise with which it is configured, and finally the policies in place for handling and storing your PII.

Mullvad has a strong record on all accounts, even as far as just giving a year’s notice that it will stop supporting OpenVPN.

AirVPN has virtually no track record, fewer details on hardware, configuration, expertise and PII handling, and it’s in the EU, so has to comply with EU laws as well as Italian laws.

Being in the EU means it has to comply with the GDPR, which does have its benefits. But it also means an EU member state could put a gag order on your account and be monitoring all your data without you ever knowing.

So it all comes down to who you want your data to be private from and why.

Personally, I avoid all public VPN services as much as possible, and assume that the only thing they’re really doing is tricking the next service in the hop as to what country I’m connecting from.

It won’t be gone. How else will they make good on their threat of shutting down media companies that say things they don’t like?

It’s worth noting that a sizeable number of Tor exit nodes are actually run by the German government. Meaning: they know exactly what’s going through those nodes.

So all they need to do to unmask a Tor source IP is control the first hop too. They’re in a position where they can narrow searches down to activity they’re actually interested in without significantly decreasing the privacy of other Tor users, and then they can peel back the onion.

This has been the case since shortly after Tor was created.

Google implemented WebP because they can control it without having to pay anyone else. Apple then bungled the client-side implementation.

Funny… I did the same thing. Chose Grand Central as my provider… who were then acquired by Google and became Google Voice :-/

These days I still have my GV number as it’s a known number, but I never call out on it. When possible I use Signal; I’ve also got burner talkatone numbers that change regularly, and Matrix/Element for any regular communication.

I figure the combination means that no provider has a full picture and all of those providers are unlikely to aggregate to the same databases.

The Beelink ones come with Windows 11 Home; since this is a privacy community, it should be obvious that that’s not all that great for privacy.

For wireless keyboards; I just got a cheap Bluetooth one with a trackpad because I knew it would be abused.

Take a TV, strap a mini PC like one of those BeeLink ones to the back (it comes with mounting hardware), plug an HDMI cable between them. Connect a wireless keyboard with trackpad, and congrats! You’ve got a big screen computer.

The next bits really depend on your technical know-how. What I did was wiped Windows from the PC and installed Linux, then installed Jellyfin and Firefox.

Jellyfin works as a media server so I can stream my own collection of videos/images anywhere im my home, and Firefox with uBlock Origin means I can log in to any streaming service I want, without the ads. And I can log into my (on-device) Jellyfin server the same way.

I’ve tried all the interfaces like XBMC/Kodi and Plesk etc. and find it’s more of a headache than just having a keyboard handy.

I had this experience once in an Ikea, of all places. I calmly told the clerk that according to local laws (which I cited), it was illegal for them to demand that information from me (phone number and post code) to sell me anything, and if the computer wouldn’t let them do it, then they should call a manager for an override.

When the manager came, the clerk said “this person refuses to give me their info” — to which I added, “your computer refuses to comply with the law; please override and then notify HQ that they are in contravention of the law and liable for significant fines.”

The next time I went in, they still asked me for the info, but the clerk was able to override. I suspect they just put in fake info for everyone who refused to supply it.

Tor is indeed about providing cover. US Military and US and German covert operations use it, and hide in the noise. But in those situations, it’s a win/win, as they provide funding and everyone gets to have a somewhat secure channel.

I’d argue though that in any case where you don’t control the exit node, you have no expectation of real privacy. So it becomes a question of how much you’re willing to trade.

How do they know your phone number? Only a cryptographic hash of it is sent to their servers.

Signal is designed to collect meta-metadata. They don’t hold any information that can tie a person to their account, but they definitely know how those accounts interact via their servers.

Some people realized when Signal removed SMS support on Android that Signal is a private org that can make changes as they see fit, and there’s nothing you can do about it.

Other people get stuck on the fact that Signal requires a legitimate phone number in order to operate.

In both of these situations, the people up in arms usually don’t understand WHY the changes were privacy and security improvements and make Signal a better platform. But the argument about not being fully in control still stands.

So it could be argued that Signal may keep you safer than if you try to roll your own Matrix or SimpleX server, and it’s definitely a better platform for anyone who wouldn’t have a clue how to set up and secure their own server. But people have definitely had reasons for leaving it.

Personally, I use both Signal and Matrix, and push average people towards Signal.

I thought people had been moving OFF signal lately?

Personally, I’m on signal, but never signed up for a Meta property because, well, it was obvious from the start that they had bad privacy controls that depended only on corporate promises.