Privacytools (“PTIO”) is a project with the noble mission to “provide knowledge and tools to protect your privacy against global mass surveillance”
Sounds useful, no? Sadly, their website does the opposite of its claim: it leads people straight into mass surveillance centers through endorsements of bad players. The site is rife with entities that privacy seekers should be avoiding.
They not only show poor judgment by endorsing privacy abusers who work directly against their mission, but they also neglect to enumerate the traps and pitfalls on the endorsement pages. Apart from the transparency problem, security experts expose lots of privacy abuses in the website bug tracker which have little influence on decisions made by the staff that’s in control of commits.
Dangerous and misinformed endorsements
-
Signal PTIO claims to “provide knowledge and tools to protect your privacy against global mass surveillance”, yet PTIO knowingly and willfully sends privacy seekers directly into several mass surveillance traps via OWS Signal.
-
Keybase PTIO endorses Keybase despite reckless and malicious wrongdoing – which PTIO is aware of.
-
DuckDuckGo (“DDG”) is falsely marketed (but very well marketed) as privacy-respecting. It’s a popular choice among naive users. Experts know better. Sadly, PTIO does not. Copious privacy abuses are linked to DDG. PTIO betrays the public trust through this reckless and uncautioned endorsement. PTIO down plays the non-controversial and superior alternatives.
-
Qwant Has a history of hostility toward Tor users. e.g.:
Metager and Mojeek have never mistreated Tor users, and yet they rank low in PTIO endorsements.
Incompetence and deception
-
Searx PTIO has a fundamental misunderstanding of what Searx is. It’s smart to endorse searx, but not as a search “provider”. Searx is not a service. Searx is free software search engine. PTIO erroneously claims “No logs, no ads and no tracking”. It’s a deception. Anyone can run a public searx instance and implement logs, ads, tracking, and any other anti-feature they want. There are many instances. And some searx instances do in fact push ads to pay their bills. All but one searx instance will push privacy abusing CloudFlare results to users – and at least half a dozen of them are evil to the extent of proxying through CloudFlare themselves. It only makes sense to endorse particular searx instances. There is one searx instance that is uniquely above all privacy respecting, which filters out CloudFlare results: searxes.eu.org.
-
Corruption scandal: PTIO member met with Startpage reps to discuss something that would personally benefit him when Startpage endorsement was being dropped. He attended the meeting without informing other PTIO insiders and only admitted to it afterwards after being probed. Of course if PTIO when opts to put their repo on Microsoft Github, the kind of talent they attract are sell-outs.
Hypocrisy- refusal of PTIO to eat their own dog food
PTIO is totally blind on the importance of setting an ethical example that is consistent with their own mission. If PTIO cannot handle ethical privacy-respecting tools themselves, how can they possibly expect to give novices confidence? PTIO’s credibility is in the shitter as it proudly displays branding for the following on their website:
| shameful example | why it’s a problem |
|---|---|
| Microsoft Github | PTIO uses a Microsoft Github repo to manage bug reports. There are copious problems with this foolish choice. PTIO makes a failed attempt to reason that they want to be where the most people are. With that kind of rationale, they’ve self-defeated their mission. |
| PTIO claims Twitter is “for outreach”. If PTIO needs to reach Twitter users, they can have a Twitter account. But to link into Twitter from their website takes the hypocrisy beyond outreach. Users who land on their clearnet website have already been reached. It’s both foolish and reckless to lead people from the open web back into Twitter. | |
| Richard Stallman gives good advice to those who refuse to accept the reality that they don’t really need Facebook. If you believe you cannot live without Facebook, you still cannot justify linking into FB from the free world. To link from FB to the open web is sensible. To link the other direction is to be an excessive and needless enabler of privacy abuse. | |
| Microsoft LinkedIn | same issue as Twitter and Facebook |
| Amazon-hosted. Same issue as Twitter and Facebook |
It’s plainly evident when navigating privacytools.io that there’s a serious credibility problem.
deleted by creator
deleted by creator
Signal app is open source
Signal app is certainly not free software, and it is thus being removed from the FSF Directory. It may* pass for “open source” as you say, but that’s a low standard. It’s also worth noting paragraph 7, which calls out OWS’s network protectionism that renders free software moot anyway. Given all the issues, the open source characteristic is only useful for creating a free software analogue that corrects the problems of Signal. Otherwise there’s little value to an open source project that subjects users to mass surveillance.
(*) I say “may” because it’s also possible that the Google libs that Signalapp depends on are strictly binary… I’ve not checked.
APK is accessible Via direct download on website
Have a look at paragraph 3; you apparently missed it.
Signal website is viewable through TOR for me, so that entry is also wrong
Which entry?
but the linked issue posts are formatted in an annoying point by point list
If you prefer pictures there is a diagram.
Enumerating paragraphs in a heirchy is how legal text is written so that lawyers can efficiently refer to the various points they want to address. It’s a appropriate here because it is a debate, and it wouldn’t be practical for people to say “I have a problem with the 153rd sentence from the top”. When you say “that entry is also wrong”, you neglected to take advantage of the itemization by calling out the paragraph you find incorrect, so I can’t see what you’re reacting to.
deleted by creator
We aren’t free to modify the app to fit our needs, but we are free to audit it and make sure it is doing what it claims to be doing. Not being free-software does not mean something is insecure.
Open source s/w is a take it or leave it proposition. That’s not good for security. Specifically w.r.t. Signal, the calls to Google’s libraries cannot be removed. The option to leave the app untouched and remove the libraries themselves is not available if someone needs those libraries for something else. The network protectionism blocks users from making modifications to the app. There is no firewall/Netguard type of layer to control library availability outside of apps.
So the fallout of having to walk then limits users to OWS competitors, which may be less secure than a modified Signalapp would offer for a given user’s particular threat model. That’s the problem with open source without software freedom. I have to admit this is somewhat of a philosophical red herring, because there are so many significant problems with Signal (e.g. forced mobile phones) to make it a poor choice even if we could modify the app and use it on OWS’s network.
deleted by creator
Whether a set of software is privacy respecting or not as is is not a matter of free vs proprietary.
You’re not making sense. Software can be privacy respecting or privacy abusing independant of whether it’s free software or not. But if it’s free software you can do something about it – but not so if it’s non-free open-source. And also not so if network protectionism is in force. Privacy abuse arises out of the misplaced power you’re advocating. Even if a user can’t write code due to technical inability, they can still benefit from the rights given by free software.
Once, again. That’s just not true. “Langis is an unofficial version of Signal and provided without waranty, it is Free Software” https://langis.cloudfrancois.fr/
That’s been tried. When “Libre Signal” emerged as a free software replacement for Signal, OWS threatened to sue them and also threatened F-Droid. F-Droid didn’t have the legal resources so they had to give in and drop Libre Signal. The Libre Signal project became a ghost town. Langis users violate OWS ToS (network protectionism). Will Langis get away with it? Perhaps. OWS used a technicality to attack Libre Signal, claiming that “Libre Signal” was close enough to “Signal” to violate the trademark. The Libre Signal project opted not to simply rename because they still lacked the legal resources to take on the OWS legal team. OWS behaves very much like a profit-driven corporation, using its non-profit status merely as a token of perceived credibility. Even if Langis gets away with surviving a legal challenge (as it’s the users not the tool that are legally actionable – and the project also seems to be in France), you can’t claim the liberty is there when in fact liberties have been taken.
A project with legit legal standing which might interest you is “Session.” It’s a free-software fork and it escapes the network protectionism issue by not using the OWS network. It is in fact a different project, tool, and network entirely… and also eliminates the requirement to register a mobile phone. It’s founded by alt right people, so it’s sketchy in that regard.
deleted by creator
lol