Just a small heads up; ive noticed a uptick in links spread on Reddit, 4chan and even here to collaborative playlist from youtube, spotify and similar with very non or very few followers. All coming from new accounts.
Its a common way to fish for your personal data. They will make a new list and post it in only certain posts/threads and wait for you to subscribe with your account.
An easy way to protect yourself is by setting your phone or pc to open links in a second browser where you are not logged into anything. Set it to delete cookies on exit.
Thank you for coming to my ted talk.
Seriously: if being a communist is dangerous where you live, use Tor Browser and never log into any other account in the same browser session
also, unless there’s a proxy on Lemmygrad for remote content loaded through Markdown in posts and comments, your browser will be sending requests to untrusted parties like Google
I’ve been thinking about this for some time, embedding html in comments might be fun, but it doesn’t sound safe. Especially in communities where doxing could lead to really bad outcomes for some users.
A lot of HTML is definitely OK, but canvases and remote loading are murkier. If/when HTML is allowed again, this is something to consider, although we can still embed images even without HTML with
![](*url*)
; unless we only allow images hosted on lemmygrad.ml (and possibly some other trusted websites), we may just have to warn people that they should be using Tor or something similar if anonymity is important.
Is Tor browser on the app store or are they all bullshit and you need to do it another way?
The iOS/Mac App Store? IIRC, not officially; there’s an unofficial (AFAICT) app for iOS called Orbot which makes all (?) traffic go through Tor, but I can’t vouch for it personally. For non-mobile OSes and Android, you should only download it from torproject.org (or build it yourself, if you’re a masochist)
I’m no techxpert like some comrades here, so yea I’ll probably just use the iOS one like a noob, thx for giving a good start point
In case you missed @panic’s comment, Onion Browser is the recommended equivalent on iOS
Perfect thank you!
Tor Project recommends Onion Browser for iOS (link)
I forgot about that one. Orbot is in case you want all traffic to go through Tor, but using Orbot with another browser is nowhere near as good at preventing fingerprinting as using Tor Browser
Also it probably isn’t actually a great idea to torify all of your connections (as I think Orbot for iOS does? Or maybe it can be per-app? I haven’t ever seen it on an iPhone myself.) including those from various apps that already know lots of things about you… it does hide your current IP from those services, but they already know what it was before so now they additionally know that you also use Tor.
So yeah, better to use Tor Browser (or Onion Browser on iOS) so you know what you are and aren’t routing through Tor (and also benefit from its other privacy features like antifingerprinting and forgetting history/cookies/etc).
deleted by creator
They will want a phone number, selfie of your full face and/or photo of goverment ID. Very invasive.
Yeah, there’s
absolutely novery rarely any benefit to using Tor (or a VPN) when logged in to some account tied to your personal informationi disagree, i think it’s actually reasonable to decide you’d rather tell big social media sites that you’re a tor user than let them know where you’re physically located all the time (especially if you travel).
100%
This is what Tor was made for. Political dissidents. They probably just didn’t expect for us to diss on the West and not the designated evil countries.
I think it was originally made (by the Amerikan government) so the NSA and the like could access the Internet without revealing their location, and they released it publicly to increase the number of nodes and users. However, the current developers certainly seem to work on it for the sake of dissidents (as you said)
This really ought to be pinned
deleted by creator
My info hygiene is so bad I just live at all times assuming the worst lol
I agree, maybe even in the form of a more elaborate post on the basics of internet privacy, annonymity and protecting data. Anticommunists have already attacked this community with DDoS and spam accounts, it is reasonable to assume that they’ll also take any chance to dox members. We need to keep informed and practice good data hygiene.
deleted by creator
deleted by creator
Worth mentioning that in most browsers, incognito mode just keeps cookies separate; Google, etc. do lose some information, but your IP address will still be visible
deleted by creator
Yeah, it’ll hide your IP address. On the other hand, you have to trust that your VPN isn’t logging, but it’s definitely better than nothing. Also, even with a VPN, you might have DNS (domain name system – it’s what maps “lemmygrad.ml” to whatever IP address its server has) leaks, and you might also have IP leaks if you haven’t disabled WebRTC support in your browser
deleted by creator
yeeaaah, when I was learning about online security, things did feel kind of hopeless for a while
If you want to access something anonymously, Tor Browser is the easiest alternative (it’s possible for someone to track you across Tor as well if they have a shitload of public Tor nodes, but it can’t be done reliably)
It’s not just if they have public tor nodes. If they have enough information to fingerprint you, they can identify you that way. Also, if the person is determined enough, things like style of writing and the way your mouse moves can be used to figure out who you are. Essentially, nothing you do on the internet is completely private.
Of course; Tor doesn’t guarantee anonymity, especially if you’re not careful w.r.t. fingerprinting.
deleted by creator
Depends on the proxies.
torsocks
is certainly better for anonymity, but it’s usually significantly slower than using a VPN. Other SOCKS5 proxies may be faster than VPNs, but AFAICT they’re often less secure.Yup, its the encryption in the VPN that usually slows you down. SOCKS5 does not have that, thereby faster.
That was my understanding, too. As long as you use HTTPS and trust the proxy provider, I guess it can be fine, but they seem more suitable for bypassing regional restrictions rather than for security (excluding
torsocks
and the like)
Good luck googling for “Awoo” fuckers.
Which one is you?
Only just saw this. Heh. Very good. 😉 But that’s retired now.
I would recommend not having Google accounts.
That said. If you do and insist on subscribing to youtube channels with communist themes or interests I would keep an entirely separate one just for that. It won’t protect you if either some fascist Google employees dump it and hand it off or the increasingly mask off government demands data on communists obviously as Google knows who you are if you have an account with them (and often even if you don’t), but it’s something at least that means the casual unconnected fash can’t do anything with it.
Other recommendations:
-
Use Firefox (with enhanced tracking protection set to strict)
-
Use ublock origin (because fuck imperialist megacorps and their propaganda serving nonsense)
-
Use multi-account containers (addon) and create containers specifically for sites you interact with communist content on and others for sites connected to your real life. I would even advocate creating one container for lemmygrad, one for reddit (for example if you use that), one for google services, etc. You can also create one container for your doxxable google personal account with your name, one for your sensitive subjects other unconnected google account though you have to remember to pick the right one when opening a new tab and going to a google site.
-
I’d also suggest setting firefox to clear all cookies on exit (you can set exceptions for sites you need to stay logged into).
-
Firefox first party isolation (set in about:config by setting “privacy.firstparty.isolate” to true) is also very useful though may be disruptive to some.
For those who want to “subscribe” to a channel without having a YouTube account, use RSS feeds. There are feed readers on (almost) all platforms. For browsing YouTube, you can use Piped, Invidious or another frontend. (And if you’re using a non-smartphone computer, you can just download or stream videos in your feeds with youtube-dl)
Also, instead of modifying Firefox and potentially worsening your fingerprint, you might as well use Arkenfox, LibreWolf or something similar that’s already set up for privacy-conscious use
I never ever use my real name or information on any sites I use except for like Best Buy or something. I’m like a ghost. Am I doing enough?
There are levels here to deal with different threat levels as well as your interest in disrupting your life. Obviously on one extreme 100 is going fully off-grid and living under an assumed identity, no social media, no online purchases, cash only, no subscriptions other than internet service under a false identity, using nothing but tor and tails and having a faraday bag for your phone which you keep with you only at home. Of course this would kind of destroy your social life and be very disruptive and difficult to maintain while holding down a job.
The other end is not caring at all.
I definitely think where you can, you should lie about your real name (obviously you can’t do that for certain things, bank accounts, things that can be disputed and if an invalid name is used could cause you hardship and anyways if you order online unless you’re using a giftcard bought with cash you’re using a credit card tied to your name anyways) and other aspects of yourself. False birthdays, ages, etc for non-important websites.
The problem is being tracked around on the web is relatively easy. Obviously a site like lemmygrad isn’t intrusive and loading tracking scripts from google and facebook and so on but most sites are.
I would suggest trying to containerize your presence online. If you use social media make sure not to use similar usernames that allow doxxing, don’t reveal personal details and even sew false ones if you’d like in your anonymous accounts.
Use an adblocker like ublock always. I would follow the other settings I mentioned if you can and if you use firefox. If you use google chrome well you’re trusting google not to betray you.
Privacy is not a few paragraphs or a post it’s a book-sized topic just for the online realm. Containerizing things though as I mentioned with the addons or otherwise separating your lives is highly recommended. Keep software up to date to prevent vulnerability exploitation, etc. Don’t click suspicious things, be suspicious and careful, educate yourself on privacy, basic computer security, etc.
Have multiple emails. Avoid tying politics like this to your main email or any traceable back to your real identity (for example an email you registered to a social media with is tied to your identity even if under a false name on the email itself).
As long as everything you are doing is legal and wont get you in danger in your country, you are fine. My posts is directed at other users and political groups fishing for data. But without any VPN/Tor browser, ex. the goverment will have no issue linking your IP to the person who ordered/pays for the connection.
There is always the non-zero chance the government ignores the law and continues to persecute, so I’m wondering if I should be safe and do what you are suggesting.
-
I use tor for most things
Joke’s on them, I never use logged in accounts on those platforms!