• 25 Posts
  • 93 Comments
Joined 3Y ago
cake
Cake day: Nov 13, 2019

help-circle
rss

The updated article is here:

http://techrights.org/2021/03/15/duckduckgo-in-2021/

There is too much censorship & shenannigans like concealing censorship from modlogs to trust lemmy.ml anymore. I just saw a post about how the admins removed a community creator and quietly put someone else in control.


There’s a lot of tor-hostile links in this post and references to untrustworthy sites and services.

It’s bad advice. Sony and Motorola are terrible recommendations. See https://neoreddit.horobets.me/post/51


wow what a blast from the past. I’m quite surprised Soulseek is still around and still actively maintained.


Is there any way around this? As this would seem to defeat the purpose. Using it as 2FA means all your 2FA codes get sent publicly. Using it is a temporary messenger means anybody can read those messages, etc.

It’s a race condition. They send a verification code, you use it to verify your account immediately, and then the one-time-use code is no longer usable. The others who see the codes coming in have no simple way of knowing which account the code is for, so the code is useless to them. Even if someone knows the number you used and how to reach the service, they would also have to know when you’re going to receive the code and they would have to know your userid (and possibly pw).

In short, a highly skilled adversary would have to be in your threat model. And if the adversary is so skilled that they’ve penetrated your system and rooted it, then you’re pawned anyway.

People who use the kinds of services that need your phone number aren’t really committed to privacy as an activist, but they care about their own privacy from a selfish standpoint. E.g. they’re willing to create a Google account and help a privacy abuser profit as long as their getting enough privacy for themselves (like not sharing their phone number).

I used to use pinger numbers to create accounts but evolved past that realizing that I was still feeding the privacy abuser by dancing for them and using their service. So I simply walk when asked for a phone number. It’s really the best solution.

Exceptionally, there are some situations where you already have an account (e.g. for your bank, school, or even Twitter), and out of the pure blue Twitter says “we think you’re a bot – for ‘your protection’ you must verify your phone number.” Then you’re trapped. Access to the profile you’ve built over the years is suddenly threatened, and your data is being held hostage until you surrender a phone number. In that case, the pinger number is quite useful… use it, download your data, and gtfo and don’t come back.



About Qwant, what is so bad about it?

I go into some of it here:

https://lemmy.ml/post/31487


While I appreciate your dismay for GitHub (which I share), I don’t think your “(shamefully)” concept would be constructive to our platform.

The precise word choice is immaterial to my thesis. The status quo needlessly promotes MS Github. One option is to use “shamefully” in cases where the project using it has core purpose to its mission that’s undermined by its use of MS github. The word would be far-fetched for projects where privacy or the environment are orthogonal to their mission, in which case “unfortunately” would suffice.

One of the main facets of ReverseEagle is to educate people on alternatives, and why they’re so much better.

Of course it educates. Neglecting to link to page of Github harms is a missed opportunity to educate.

About Gitlab.com: we have decided not to list that, as it’s hosted on Google Cloud and Cloudflare. Instead, we thought it was wiser to direct uneducated users to a wide range of alternative hosts.

You list Github precisely because it is detrimental. Yet for the very same reason, you’re choosing *not* to list Gitlab.com. Why the inconsistency? Gitlab.com is even more harmful than Github. They should both be listed and condemned together.

While I was creating the article listing alternatives to Visual Studio, I felt that the best approach to listing alternatives was to list other developer environments. It wouldn’t be appropriate to say “learn a different language”.

The stated purpose of the project is “Privacy-conscious, ethical and safer alternatives to software for developers.” Because “ethical” is mentioned, promoting unethical languages (i.e. languages that hinder free society and feed unethical tech giants) is counter-productive. To be very precise, learning the offending languages is not in itself where the harm is done. If Bob’s C# program only runs on his machine and is never distributed, and he never uses MS products to develop it, no harm is done. The harm is done when a tool in an MS-controlled language is publicly distributed because it empowers Microsoft and adds to the dominance and demand of an exclusive and oppressive language. Of course it’s appropriate to condemn polluting the commons with software that works against Reverse Eagle’s stated mission.

Who learns a language with intent to keep the works they create internal? It’s very unlikely outside the non-free software context, so learning C# will generally propagate the spread of it.

The thing is, there’s a lot of research that’s gone into UX work that makes your suggestion hard. For example, it might have the opposite effect: less people would click the link, as that’s an extra step.

Two cases:

  1. They click the link– they discover Lemmy and they make a move to it. That’s also less time that they are on Reddit, feeding Reddit and making Reddit’s ads profitable.
  2. They don’t click the link– a moment of their time was spent making their Reddit UX worse. The more frustrations experienced by Reddit users, the more the Reverse Eagle mission cause benefits.

It’s a win either way.

If I were an uninformed user on Reddit, I would much rather have the text on the page.

Are you actually trying to add value to Reddit, and make the Reddit UX positive enough to keep ppl there?

So bear this in mind: we’re a young community, we still might need to rely on platforms like Reddit to ‘spread the word’. We’ll see.

That being said, we do continue to link people to our Lemmy, from Reddit. I think I speak for everyone on the ReverseEagle team when I say: Lemmy is unanimously preferred over Reddit.

Then there’s no reason to link into Reddit from outside of Reddit. All links outside of Reddit of this kind should reference a Lemmy post.

Of course, and we don’t blindly trust them. They even say you should seek advice from other platforms on their page.

In principle it’s good that they do that, but PTIO and PRISM Break are terrible recommendations that far too often undermine their own cause. Neither of those projects have integrity and it’s harmful to mention them.

What platforms would you recommend for this? I heavily doubt immature FOSS projects have enough donations to be able to self-host a discussions platform like Discourse.

There is a huge list of alternatives, but I see no reason not to stick with git.sr.ht and framagit.org. Git is inherently decentralized, but there is a project that takes the idea further which is perhaps worth mention.

I think you’re proving a point I made the other day. As we continue to be more influential, and make waves in the FOSS world, we need to be very careful of which products we actually recommend.

I did not suggest recommending Patreon, Liberapay, and Open Collective. I suggest condemning them. Of course condemning these services is not risky, unless you consider advocating for your own mission risky.

If you want to find an alternative to endorse, there is a raw list here (some good, some bad) to review.

There is also freedomsponsors.org and villages.io. Both are hosted by Amazon but perhaps a lesser of evils.

Especially where money is concerned. Then, it gets hairy. Doesn’t Liberapay use PayPal too?

IIRC, Liberapay accommodates Paypal if a project discloses their PP acct. You should look further in case I’m confusing the three. But I think there is no choice with Patreon – it’s Paypal or nothing.

Are you offering to provide an improved version?

I did. I’ve got more dirt on MS than that, but it’s a start. Since the project is on framagit, I might be willing to contribute more directly.

If you have any more suggestions, and if you are in possesion of a Matrix account, please join our Matrix room.

Matrix seems to have a high-level dependency on CloudFlare, so I’ve not even been motivated to investigate using it yet.


I applaud your effort overall. We need more of these kinds of efforts. I do see ways to improve:

tool/service comment
reddit Reddit is bad. There’s a lot of censorship shenanigans there, privacy abuse & it’s hosted on Amazon. It should be avoided. If you post there anyway, it’s better to put your content on Lemmy and simply post the Lemmy link on Reddit. You went in the other direction. It’s better to lead Redditers to Lemmy not the other direction.
github You give one-line on the evils and probably not enough detail to be persuasive. There’s an enumeration of issues here, but note that’s on GH so I suggest copying it rather than linking to it from your page. Also, most of the projects you recommend have a line “source code: github”. Consider linking to the source code in a way that shames the project, otherwise your site promotes GH more than it discourages it. Not everyone will read the GH section. Perhaps express it this way “source code: github (shamefully)”. Also, prefix “Github” with “MS”. (edit) There is a Github link at the bottom of your page. You should certainly not be linking to it from your public website because it leads visitors in the wrong direction. It also hurts your perceived credibility because many readers won’t follow that link; they will just think “what a hypocrit”. You should set the GH issues to external and link to the framagit issues. Your readme is too short. You should use that space as an opportunity to detail all the Github issues I linked you to.
gitlab The GH page does well to condemn Gitlab service while endorsing the s/w. I would also point them to this page or cover those issues, and make sure gitlab.com is mentioned on the landing page next to github because it’s easy to miss.
visual studio Visual Studio, C#, .net, et al are all languages designed to feed Microsoft’s dominance. Even though people have hacked together free tools for them, those tools will never take the lead and projects that use those tools still end up boosting Microsoft’s influence. It’s important to condemn those languages entirely. But there’s nothing wrong with supplementing the condemnation with alternatives for those who won’t or can’t get away from MS-controlled languages.
donations FOSS projects often need donations and they’re all sending people to socially irresponsible platforms inside of privacy-abusing walled-gardens. Consider adding a section that condemns Patreon, Liberapay, and Open Collective. They are all CloudFlare sites that expose sensitive financial data to CF (the Monsanto of the web). Open Collective even allows CF to use their platform to ask for donations. It’s quite despicable that a tech giant corp is asking for donations. IIRC, Patreon forces everyone to use Paypal. Paypal should also be loudly condemned.

Most FOSS projects are vaguely aware of MS Github’s controversy, but they lack the constitution and integrity needed to abandon Github. Proponents of social responsibility are blocked from contributing bug reports to FOSS projects because they cannot or will not enter the private walled-gardens of Microsoft and Gitlab.com. So it’s important to tell developers that if they insist on using Github or Gitlab.com, they put the bug tracker in a non-controversial publicly accessible place. I find bugs that I often don’t report because of this problem. They should also be advised to at least mirror their project on a free and open alternative.

Regarding Switching Software as a partner and your plug for tycrek/degoogle: you can get good and bad advice from them. Check out my review of Switching S/w. E.g. DuckDuckGo is a terrible alternate to suggest to people. The tools Switching SW endorses need further analysis; you can’t blindly trust them. For tycrek/degoogle, there are a few lousy search engine recommendations. I suggest plugging them this way: “tycrek/degoogle (but disregard the search engine advice)”.


The wording would have to account for the fact that some regions have (will have?) privacy laws that force DNT to be honored. California may be one such place though I’m vague on this. I think the next revision of the CCPA will force DNT respect, IIRC.


Condemning DNT on the basis that some ppl don’t respect it is not sound rationale. DNT was never designed with an expectation that all websites would honor it. Some honor it, some do not. Ecosia.org is an example of a website that honors DNT. To disable DNT is to give up privacy for nothing. Two cases:

  1. Website respects DNT-- You obviously have the benefit of privacy by sending a DNT signal. If you don’t send a DNT signal, you give up privacy for nothing.
  2. Website does NOT respect DNT-- You gain nothing by using DNT, but you also lose nothing. It’s a wash; makes no difference either way.

Exceptionally, there is one reason not to use DNT: fingerprinting. Poorly designed browsers ship with DNT disabled by default. Users who proactively change their DNT setting are in a minority and thus have a more unique browser print. The asinine brain-dead decision of some browser developers to disable DNT by default ensures that those who don’t care (who don’t alter the setting) fail to serve to unify the browser print for those who do care. The users who care enough to change the DNT setting are the ones who are forced to compromise protection from one privacy intrusion (browser printing) to gain protection from another privacy intrusion (optional tracking).

So when assessing the privacy-fitness of a browser and the competency of the developers, browsers that enable DNT by default are the ones to favor.


As I understand it, the LibreSignal issue was a matter of trademark enforcement (specifically, the trademark “Signal”). Signal did try to get LibreSignal to stop using Signal’s servers, but it’s unclear to me (IANAL) if Signal had the legal or technical ability to block LibreSignal from using Signal’s servers (and I don’t think you’d accomplish this with a trademark suit).

The trademark case was the easy legal tool that OWS lawyers could intimidate LibreSignal with. The lawyers threatened F-Droid and F-Droid folded. F-Droid removed LibreSignal, and LibreSignal did not have the resources to fight OWS lawyers. Trademark infringement of course wasn’t the real reason for OWS threats. The real reason was that LibreSignal made it possible for users to violate OWS’s network protectionist ToS. OWS has no direct case against LibreSignal for that, because it’s users of LibreSignal that violate the ToS, not the LibreSignal project. The LibreSignal project isn’t bound by the ToS – only users who agree to the terms can be subject to them. OWS would have to sue each of their own users who make use of LibreSignal independently, which is highly impractical. This is why they pushed the trademark angle. It was a legal hack to impose their network protectionism.

LibreSignal was abandoned voluntarily, not because Signal forced them to.

It wasn’t ordered by a judge, but force comes in many forms. LibreSignal was abandoned because they couldn’t finance the legal battle. That’s force. To be unable to finance the cost of freedom is to not have the freedom.

It’s also unclear how much of this is relevant to Lemmy. I’m unaware of the Lemmy developers threatening any lawsuits over forks, or expressing a wish to block forks from federating with Lemmy.

It’s relevant to your claim that free software = freedom to use the network how you wish. Whether the Lemmy project would actually make good on enforcement of their Antifa agenda remains a question. But certainly they can if they want. They can trademark “Lemmy” if they want, and they can create a ToS that bans unauthorized Lemmy mods if they want. So it’s wrong to claim GPL’d s/w is the end of the story as you did.

(Edit: It’s also worth noting, Signal’s developer is openly hostile to the idea of federation and wishes to control every aspect of “his product.” I see no indication that the developers of Lemmy share that view. If they did, they would not have designed Lemmy to be federated to begin with.)

It’s also worth noting that the Lemmy project openly hostile to non-supporters of Antifa. It’s also worth noting that the Antifa has no restraint in pushing their ideology – they don’t even renounce violent protest.

It’s not clear to me that other ActivityPub servers need “permission” to federate with Lemmy at all.

Using a network without permission is trespassing. Permission need not be express; it can be implied, but ultimately the owner of a server has a right to control access to their resource.

An instance of Lemmy using a hard-coded slur filter != That instance of Lemmy assuming other peers are using the exact same slur filter

This is a bad assumption. You cannot assume that a hard-coded elements are not relied on in a design. Such an assumption is perversely stupid. If you must assume something, you should assume that a project may rely on hard-coded behaviors. This is why (as I pointed out) it’s a poor design to hard-code the slur filter.

It’s more a synonym for anti-fascist,

Antifa is far more than that.

As mentioned before, while the developers of Lemmy are communists and this particular instance is an explicitly anti-fascist instance, the slur filter targets expressions of hate, not discussion of capitalism or liberalism.

Where was this “mentioned before”? You’ll need to quote that. This instance is not simply anti-fascist – it’s actually Antifa.

I’m not sure what valuable discussion is being suppressed by this filter.

Suppression is not a significant problem with the slur filter. Other problems arise out of the poor design of the filter, like users having to become programmers to change the filter, and the interoperability risks I detailed (both legal and technical).

As I see it, with few exceptions, anyone using such language is not participating in good faith.

Not if they’re using the language to discuss the language. e.g. “I was minding my own business and someone called me a k-i-k-e”. Suppressing that would be to suppress the victim of hate. It’s profoundly short-sighted to think those words are only directly inflicted on others.


sorry, you’re right it’s not Google’s captcha. I wrote about it here but then I had forgotten: https://lemmy.ml/post/31487

/cc @resynth1943@lemmy.ml


As a Tor user, the CAPTCHAs from Qwant are frequent enough to be unusable and they’re implemented in a particularly abusive manner. That is, Qwant presents the query page without CAPTCHA every time, thus giving users an opportunity to waste their time as they compose a search query, then after submitting the search query the CAPTCHA manifests.

It’s a dark pattern. So after the user has invested some effort, the choice is throw away your effort so far or play the CAPTCHA game. If you walk, you’ve helped feed Qwant’s & Microsoft’s analytics and left with no reciprocity in return.

The CAPTCHA is actually worse than CloudFlare’s. CF uses hCAPTCHA while Qwant-Microsoft uses Google reCAPTCHA (which is more privacy abusive). (corrected- see below)


It seems like you’re arguing from a point of unfamiliarity with federated social media like Mastodon. When you’re talking about “syncing the message” being able to “crash” an instance of Lemmy, this is not based on how anything ActivityPub actually works.

I don’t know what Lemmy does, and I’m not sure how much clearer I could have been that the possible outcomes mentioned were speculative, having seen no other Lemmy code than the slur filter. I saw just one line of code and it was lousy.

Mastodon nodes certainly *do* store copies of msgs from other nodes, which is precisely why I would envision Lemmy having msg redundancy.

Below you’ve construct a straw man about how if a slur filter has been implemented one way, then that means that it must programmatically break federation if it’s variant between instances

You don’t know what a straw man is. A straw man is obviously *not* speculating on risks and outcomes. To construct a straw man is to misrepresent someone else’s argument. My reply was to @adrianmalacoda@lemmy.ml . I did not even present his arguments, so there was obviously no opportunity to misrepresent them.

Pretty radical semantic versioning you’ve got going on there if every modification requires a different project name. 🙄

This ^ is an example of a straw man. I neither said nor implied that a modification “requires a different project name”, yet you’re implying that this is my stance.

When you fork a project and modify it, and the mods are not to be integrated upstream, the new software is different and the project is yours regardless of what you name it. If the original project name isn’t trademarked and you don’t care about causing confusion, you can name it the same if you want, and even choose conflicting version numbers. The authorship is likely different as well (it’s the set of all upstream authors plus yourself).

The way these instances will interact has probably not yet been specified, so it’s ridiculous to start getting up in arms about it.

You’re apparently implying here that you think it’s wise to ignore the production of code that will likely cause a conflict in the future and wait until the problem manifests during operation time. As opposed to thinking in advance “hey, hard-coding an English slur filter for the world maybe isn’t the smartest way forward”?

This is *precisely* the time to get the design right on this-- if not sooner.

Please do not start spreading pseudotechnical FUD about the properties of this software without reference to fact.

I’m afraid state of the art software design principles are not “fact”. Sorry you have to hear this from me, but competent design prior to implementation is a subjective opinion. It’s an opinion that’s widely held in high regard across the most prestigious academic institutions in the world and has far more merit than the sloppy and reckless approach you’ve suggested. And how dare you present your “personal opinion” and then demand facts – without so much as stating what factual information you’re in need of.


No, but it creates the potential for someone else to create it if they wish.

No it doesn’t. That software doesn’t execute in a vacuum. It needs to interact with other software. A recent proven disaster is with the Signal’s so-called “free software”. It’s GPL’d but if you modify it, it is something else, and that something else is legally prohibited from connecting to the Signal network. Someone created “Libresignal” and Open Whisper Systems threatened lawsuit. Libresignal shut down and abandoned their work.

It’s a similar situation here. You can modify Lemmy all you want, which makes it something else, but that doesn’t give you permission to connect to Lemmy instances. And even if you get permission, that doesn’t mean it will function. I already detailed why.

Not to mention the software doesn’t exist. The failure to design Lemmy well puts *users* in a position of having to be *developers*, in the best case. If a *user* needs to write code, it’s a bad design. It absurdly restricts users to those with expertise and skills that a software user shouldn’t need to have.

but I hope it doesn’t assume this

Of course it does. It’s hard-coded. It’s a valid assumption, and the assumption simplifies the design. Why would they do extra work to assume the code isn’t what it is? If the design assumption is that the slur filter is changeable, then it’s a bad idea to hard-code the slur filter in the first place. You don’t hard-code something that’s presumed mutable.

that it’s possible or even desirable to be “non-political” or “neutral”

It’s actually trivial to create a communication tool like Lemmy without political bias. You simply don’t hard-code things like slur filters and you give moderation freedom to the instance operators not the developers.

or that catering to an anti-antifa audience is a worthy goal.

Let’s not conflate “anti-antifa” with “non-antifa”.

Perhaps you have the misconception that Antifa is simply a synonym for being anti racist. They are also anti-capitalist and anti-government, and they do not renounce violent protest. This makes them a relatively small fringe group. For example, most Americans (conservative and liberal) endorse capitalism and condemn violent forms of protest. That’s probably roughly ~300 million ppl who aren’t onboard with Antifa ideology. Why shouldn’t they have a voice?


Bingo. Boycotting is the real answer. Otherwise if you dance for them, you serve as an enabler. It’s not worth it.

And when it’s the public sector (i.e. talking to a government office that you can’t boycott), I write an old-fashioned letter, print it out on paper, put a fucking stamp on it, and go to the fucking mailbox like it’s the 1980s. There is satisfaction in knowing that someone has to open that shit up and perhaps manually do some data entry or scanning.


I used to think it was purely Tor users getting most of the mistreatment, but recently normies are reportedly getting hit with CAPTCHAs from Bing-sourced search engines (e.g. Qwant, Ecosia, Swisscows, etc).


Being free s/w does not automatically make s/w appear out of nowhere. Find a fork that:

  1. Has removed or soft-coded the slur filter
  2. Attests that the changes to their fork do not break compatibility with other federated nodes. (What happens when they hack the filter to allow the word “salt-w-a-ter”, and then one node tries to sync the msg with an instance that uses the stock slur filter? For all we know, it could crash in a nasty way, or it could simply circumvent the filter. Or if the filter gets applied and one copy of the msg differs from that of another node, will the next sync re-copy the msg? Could this start a loop between different instances trying to sync the same msg with different text? Will instances with a different slur filter have to sever connectivity with nodes of different slur filters? Because it was poorly designed with the absurd assumption that everyone wants the same English-based slur filter, we have to assume there would be a chain of problems. Obviously the current design wasn’t thought through.)

If you can find such a fork then you’re on to something – and whatever it is, it’s not “Lemmy”, because once you change it it’s something else. This thread is about Lemmy and you’re effectively using an “argument to the future” fallacy by bringing up software that doesn’t exist.

Had they soft-coded it, then these matters would be moot because the design would have to accommodate slur filter variation. But they didn’t. They decided to micro-dictate moderation. So the design can assume everyone is using the same slur filter. It’s their choice to do so but reflects poorly on credibility. And I happen to concur with most of the bad-word list (not the design or implementation, but simply the words).

Of course this raises the question: what else is inappropriately hard-coded as a result of this biased authoritarian tendency, and how will that break the network when ppl hack it to be politically neutral or reasonable for a wider audience than Antifa?


Peekier, Gomu, and Joshwho are all CloudFlare sites. And if that’s not embarrassing enough, Peekier and Gomu simultaneously claim to be privacy-respecting. So I won’t be looking any further at those two unless something else brings me to them. It’s appalling that they claim to offer privacy while letting the biggest privacy abuser of the web see the queries and all traffic to those sites. Either it’s profound ignorance or it’s intellectual dishonesty.

Runnaroo seems to be garbage.

Swisscows sources from MS Bing and like many engines that do that, they treat Tor users with hostility (just like Qwant and Ecosia).


Runnaroo.com claims to be a privacy-respecting search engine - but they got issues
Runaroo.com makes the following [claim](https://www.runnaroo.com/privacy): > "The Runnaroo search engine was designed from the ground up to > protect the privacy of its users." So I poked around and this is what I found: # poor transparency * They don't say who they are * They don't say where they are * They make no mention of GDPR * They don't say who their advertising partners are # Runaroo feeds privacy abusers * They source data from Google and Yelp (possibly Bing too\*) * They use Google's cloud service (that's according to my ASN check, yet the *Cloud Firewall* FF plugin flags it as AWS, which would be even worse) * The first ***four*** results of an arbitrary search were privacy-abusing Tor-hostile CloudFlare sites. Each result consumes enough screen space for four results to consume the whole screen of some users. So essentially filling the screen with CF links. They must be paying Google for cloud service, and they're very likely paying both Google and Yelp for API access. Financially feeding privacy abusers is a non-starter. An amusing side-effect of their meta-search is that if "Runnaroo" is in the search query, the results want to correct it. I was asked "Did you mean bonnaroo bing?" when I searched for "Runnaroo Bing". The reason for that search was to try to confirm a rumor that Runnaroo also sources from Bing. (\*) I have in my notes that Runnaroo sources from MS Bing, but I lost track of where I got that information so I don't know if it's true. If anyone knows plz say something. # Features (paywall flags) One cool and novel feature of Runnaroo is that they flag paywalls. E.g. next to Washington Post hits, it says "content may be behind a paywall". # Anti-features They lack links to cached or proxied versions of websites. # Conclusion: Ss is still king They're not [as bad](https://dev.lemmy.ml/post/31321) as DuckDuckGo, but [Ss](https://ss.wodferndripvpe6ib4uz4rtngrnzichnirgn7t5x64gxcyroopbhsuqd.onion) is still the most privacy-respecting search engine in the world.

from the article:

“Reddit’s source code uses bundling and minification”

Would be nice if uMatrix could detect obfuscation on any j/s it retrieves, and have 2 separate switches: one for retrieval & one for execution. Users have to guess on what to trust and this would help ppl make more informed decisions.

BTW, I will not upvote the OP b/c it sends ppl to a CloudFlare site. This is a replacement link.



Why deGoogle? Why isn't this a "deMACFANG" movement?
Google is evil but there are greater evils, like Amazon and Microsoft. The fixation with fighting Google (the "deGoogle movement") can actually worsen things if ppl turn to a competing tech giant. MACFANG is: * Microsoft (\*) * Amazon (\*) * CloudFlare (\*) * Facebook (\*) * Apple * Netflix * Google I've marked with "\*" the scumbag corps that I consider substantially more evil who have a more detrimental impact on the world than Google (all things considered- social injustice, tech freedom, privacy, environmental destruction, etc).

Privacy-centric tool advice sites -- Credibility examined -- part 3: s/w repositories (Github & Gitlab)
Why Github is harmful: [comprehensive article](https://github.com/privacytoolsIO/privacytools.io/issues/843), [Stallman's PoV](https://stallman.org/archives/2019-jul-oct.html?fbclid=IwAR06rNPjpH3Sdmiyt4F9e26dWxo45wieoCPTSaf9n0bvR0vGsae2Ty5SCyM#27_October_2019) Why Gitlab ***.com service*** is harmful: [article](https://dev.lemmy.ml/post/30312/comment/2239) S/W vs. service: It must be emphasized that there are no notable privacy or ethical issues with Gitlab's free software package. It's quite fine to host your own Gitlab instance. If you respect privacy and have a strong ethical constitution then you would not use the gitlab.com *service*. | site | implied endorsement (by example) | site's position & mission are inconsistent | notes | |---|---|---|---| | [de-Google-ify](https://markosaric.com/surveillance-capitalism/) | no | no | n/a | | [Frama](https://framasoft.org/en/) | no(\*) | no | n/a | | [PRISM-Break](https://prism-break.org/en/) | [uses gitlab.com](https://gitlab.com/prism-break/prism-break) | yes | In fact they [explicitly endorse](https://prism-break.org/en/all/#collaboration) gitlab.com despite being [well aware](https://gitlab.com/prism-break/prism-break/-/issues/2109) of the problems. ([2nd ref](https://github.com/prism-break/prism-break/issues/2033)) | | [PTIO](https://privacytools.io/) | [uses github.com](https://github.com/privacytoolsIO/privacytools.io)(\*) | yes | Very big ad on their page saying "The complete website source code is available on GitHub. Join our developer team!" despite being [aware](https://github.com/privacytoolsIO/privacytools.io/issues/843) of the issues. | | [Security Checklist](https://securitycheckli.st/) | [uses github.com](https://github.com/brianlovin/security-checklist) | yes | They urge visitors to join their github project. | | [Surveillance Self-Defense](https://ssd.eff.org/en) | [uses Github](https://github.com/EFForg/privacybadger) | yes | They neglect to condemn Github when [addressing it](https://ssd.eff.org/en/blog/moving-your-site-not-secure-secure), and in fact they say "if you’re a developer and would like to help, check us out on Github". | | [Stallman](https://stallman.org) | no | no | RMS [condemns](https://stallman.org/archives/2019-jul-oct.html?fbclid=IwAR06rNPjpH3Sdmiyt4F9e26dWxo45wieoCPTSaf9n0bvR0vGsae2Ty5SCyM#27_October_2019_(Urgent:_Stop_working_for_deportation_thugs)) Github. | | [Switching Software](https://switching.software) | no | no | They [lead](https://switching.software/support/) people to Codeberg. | | [ThinkPrivacy](thinkprivacy.ch) | [yes](https://www.thinkprivacy.ch/contact) | yes, users give up control in the registration process. | site withholds wrongdoing. | (*) Framasoft and PTIO both host their own Gitlab instances. Framasoft actually uses their own instance as a primary development tool. PTIO uses Github despite running a Gitlab instance. Shame on PTIO for not eating their own dog food, particularly when they've [been informed](https://github.com/privacytoolsIO/privacytools.io/issues/843) of the long list of Github issues. ([part 1: web search engines (DDG & Qwant)](https://dev.lemmy.ml/post/31487)) ([part 2: messaging services (Signal & Keybase)](https://dev.lemmy.ml/post/32542))

Design Lemmy to be Tor-friendly (e.g. remove archive.is)
[According](https://dev.lemmy.ml/post/30590/comment/4779) to /u/diorama, Lemmy is making use of archive.is. This site is particularly insideous and destructive to Tor users. Archive.is is a CloudFlare site, which in itself aligns it with privacy and netneutrality abuses. But worse, the usual tools Tor users use to reach the content are useless against archive.is. That is, Tor Browser normally gets past the Google reCAPTCHA on CloudWalled sites, but archive.is is an exception. Archive.org refuses to access archive.is, so Tor users also can't use archive.org to reach content held by archive.is. I'm not sure what circumstance causes Lemmy to use archive.is, but Lemmy should go a step further. That is, when anyone posts a link to a CloudFlare site, Lemmy should regard this as a link that leads from the free world into an exclusive walled-garden where access inequality arises. When a user submits a post with an offending link, they should get a warning. Whether the user has the option to override the warning should be configurable & controlled by the node admin. When such posts are made, logged-in readers should additionally have a config option to hide such posts.

Lemmy posts can't be read by archive.org
dev.lemmy.ml is unreachable most of the time. Which is fair enough since it's a test system, but in principle it should be possible to access articles via archive.org during down moments. So I went to this archived page: https://web.archive.org/web/20200319191703/dev.lemmy.ml/post/31321 and it's blank. Some will call this a feature; I call it a bug.

Startpage tries to position itself as a privacy-respecting search engine that gives you Google results. They do shield users from Google but after being bought by an ad company their credibility has become shakey. Not only should users expect exploitation by ad companies, but Startpage also *pays* Google for API access. So Google still profits from startpage.com queries, which means you still contribute by proxy to privacy abuse as well as climate denial (Google has [been caught](https://www.theguardian.com/environment/2019/oct/11/google-contributions-climate-change-deniers) financing climate denial). Anyway, the screenshot attached shows how Startpage now treats Tor users *after* entering a search query. This isn't just a DoS but it also shows disrespect for Tor users time to let them enter the query before denying access. They likely do this because the query itself has value for their data collection.
11

Can't reply to a DM ("operation cancelled" error)
someone sent me a DM and my reply is being blocked. I consistently get a "operation cancelled" popup. So all the text I wrote is just trapped in the text box. I've tried for a day now to push it through. Would someone plz DM u/Panzerfaust for me and say that I cannot reply, so he doesn't think I ignored his msg? Developers: please find the code for the "operation cancelled" popup and rewrite to state exactly ***why*** the operation is being canceled. (update) I think he got the message despite the error, because he thanked me for the msg. So it's a false error. So he probably got flooded with dupes as I kept trying to send it.

Privacy-centric tool advice sites -- Credibility examined -- part 2: messaging services (Signal & Keybase)
# Harmful endorsement: Signal Why it's harmful: * "[Problem with Signal](https://github.com/privacytoolsIO/privacytools.io/issues/779)" by a PTIO critic * "[Goodbye Signal](https://resist.berlin/goodbye_signal.txt)" by Resist.Berlin * (unchecked) Will Signal keys be stored in the cloud? ([ref](https://dev.lemmy.ml/post/33136/comment/4909)) | site | Signal endorsement | site's position & mission are inconsistent | endorsement contains misinfo or withholds pitfalls | |---|---|---|---| | [de-Google-ify](https://markosaric.com/surveillance-capitalism/) | no (but suggests another poor choice: Telegram) | no | n/a w.r.t Signal, but Telegram imposes mobile phone svc. | | [Frama](https://framasoft.org/en/) | no | no | n/a | | [PRISM-Break](https://prism-break.org/en/) | [yes](https://prism-break.org/en/projects/signal/) | yes | site withholds OWS Signal wrongdoing | | [PTIO](https://privacytools.io/) | [yes](https://www.privacytools.io/software/real-time-communication/) | yes | PTIO cautions about requiring ph#, but neglects to say non-mobile phone users are excluded and withholds most of OWS's wrongdoing & pitfalls. PTIO leads users to a page that hides the existence of an APK download. | | [Security Checklist](https://securitycheckli.st/) | yes | yes | site withholds OWS Signal wrongdoing | | [Surveillance Self-Defense](https://ssd.eff.org/en) | [yes](https://ssd.eff.org/en/module/how-use-signal-android) | yes | misinfo: "Signal is a free and open source software" ([proof](https://directory.fsf.org/wiki/Signal)) site withholds OWS Signal wrongdoing but ironically [admits](https://ssd.eff.org/en/module/problem-mobile-phones) to the harm of mobile phones. | | [Stallman](https://stallman.org) | no | no | n/a | | [Switching Software](https://switching.software) | [yes](https://switching.software/replace/facebook-messenger/) | yes, if you consider Signal an unethical alternative | site withholds OWS Signal wrongdoing | | [ThinkPrivacy](thinkprivacy.ch) | [yes](https://www.thinkprivacy.ch/messengers) | yes, users give up control with Signal as a result of OWS's network protectionism & Signal's use of Google reCAPTCHA. OWS also pushes users into a mass surveillance trap (Google Playstore) | site withholds OWS Signal wrongdoing. | ## Harmful endorsement: Keybase Why it's harmful: [article](https://github.com/privacytoolsIO/privacytools.io/issues/740#issuecomment-460076395) (May 2020 update: Zoom acquired Keybase) | site | endorsement | site's position & mission are inconsistent | endorsement contains misinfo or withholds pitfalls | |---|---|---|---| | [de-Google-ify](https://markosaric.com/surveillance-capitalism/) | no | no | n/a | | [Frama](https://framasoft.org/en/) | no | no | n/a | | [PRISM-Break](https://prism-break.org/en/) | no | no | n/a | | [PTIO](https://privacytools.io/) | [yes](https://www.privacytools.io/software/real-time-communication/) | yes | the warning is esoteric & insignificant compared to all the [serious issues](https://github.com/privacytoolsIO/privacytools.io/issues/740#issuecomment-460076395) that PTIO has actually been told of and recklessly fails to warn users about. | | [Security Checklist](https://securitycheckli.st/) | no | no | n/a | | [Surveillance Self-Defense](https://ssd.eff.org/en) | [yes](https://ssd.eff.org/en/module/key-verification) | yes | site withholds Keybase wrongdoing, and sets users up for leaky and lost communications. | | [Stallman](https://stallman.org) | no | no | n/a | | [Switching Software](https://switching.software) | no | no | n/a | | [ThinkPrivacy](thinkprivacy.ch) | [yes](https://www.thinkprivacy.ch/messengers) | yes, users give up control with Keybase, which takes copious liberties once it's installed on your system. And if you don't install the server messages to you will be black-holed. This is the opposite of giving the user control over their data. | site withholds Keybase's most significant wrongdoing and merely flags the Zoom acquisition | ([part 1: web search engines (DDG & Qwant)](https://dev.lemmy.ml/post/31487)) ([part 3: s/w repositories (Github & Gitlab)](https://dev.lemmy.ml/post/35452))

Qwant sometimes hits Tor users with this puzzle ***after*** they submit a query. Then after solving the puzzle, they're brought back to an empty form so they must re-type their query.

maybe this community is redundant
I created this before realizing the following communities already exist: * https://dev.lemmy.ml/c/lemmy_support * https://dev.lemmy.ml/c/asklemmy So, it's here for now but posts may get more notice in the above communities.

bug: Lemmy renders markup comments starting with "<!--"
[This post](https://dev.lemmy.ml/post/31321) demonstrates the bug. When a bit of text is <!-- commented out -->, Lemmy shows it anyway.

Has something changed in the past couple days to make dev.lemmy.ml a memory hog? There was never a performance issue in the past months, but now it's as fat as pleroma. I cannot use pleroma because of it's absurd amount of RAM consumption. If this doesn't improve, does anyone know of a client app that would enable users to avoid the web app?

Privacy-centric tool advice sites -- Credibility examined -- part 1: web search engines (DDG & Qwant)
This is an examination of the integrity and credibility of the following projects that attempt to advise privacy-focused consumers. | site | mission statement of purpose | |---|---| | [de-Google-ify](https://markosaric.com/surveillance-capitalism/) | "*These ethical alternatives will help you de-Google-ify your life, have a calmer and far less intrusive online experience.*" | | [Frama](https://framasoft.org/en/) | "*promotion, dissemination and development of free software, enhancement of open source culture, and an online platform of open services.*" ([full charter](https://framasoft.org/en/charte/)) | | [PRISM-Break](https://prism-break.org/en/) | "*Help make mass surveillance of entire populations uneconomical! We all have a right to privacy, which you can exercise today by encrypting your communications and ending your reliance on proprietary services.*" | | [PTIO](https://privacytools.io/) | "*You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. PrivacyTools provides services, tools and knowledge to protect your privacy against global mass surveillance.*" | | [Security Checklist](https://securitycheckli.st/) | "*An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.*" | | [Surveillance Self-Defense](https://ssd.eff.org/en) | "*our [EFF's] expert guide to protecting you and your friends from online spying.*" | | [Stallman](https://stallman.org) | (advice is tech freedom centric but RMS also has a respectible stance on privacy issues) | | [Switching Software](https://switching.software) | "*Ethical, easy-to-use and privacy-conscious alternatives to well-known software*" | | [ThinkPrivacy](thinkprivacy.ch) | "*It's your data. It's time you take control of it.*" # Harmful endorsement: DuckDuckGo ("DDG") Why it's harmful: [article](https://dev.lemmy.ml/post/31321) | site | DuckDuckGo endorsement | site's position & mission are inconsistent | endorsement or condemnation contains misinfo or withholds pitfalls | |---|---|---|---| | [de-Google-ify](https://markosaric.com/surveillance-capitalism/) | [yes](https://markosaric.com/surveillance-capitalism/#replace-google-search-with-duckduckgo) | yes, if you consider DDG an unethical alternative | site withholds DDG wrongdoing, and makes a positive claim that DDG has no filter bubble (which is disputed) | | [Frama](https://framasoft.org/en/) | no (and in fact DDG [blacklisted](https://contact.framasoft.org/wp-content/uploads/newsletters/newsletter10.html) Framabee) | no | n/a | | [PRISM-Break](https://prism-break.org/en/) | [yes](https://prism-break.org/en/projects/duckduckgo/) | yes, by economically supporting privacy abusing surveillance capitalists (direct adversaries of the PRISM-Break mission) | site withholds DDG wrongdoing | | [PTIO](https://privacytools.io/) | [yes](https://www.privacytools.io/providers/search-engines/) | yes, financing privacy abusers works against PTIO's mission. | site cautions about UKUSA, but withholds most DDG wrongdoing | | [Security Checklist](https://securitycheckli.st/) | yes | depends on user's previous tool whether DDG is an improvement | site withholds DDG wrongdoing and also makes unverifiable\* claims | | [Surveillance Self-Defense](https://ssd.eff.org/en) | [almost](https://ssd.eff.org/en/module/how-use-tor-macos) | meh, you decide | Endorsement is kind of implied by TB advocacy & presentation of default search engine without caution | | [Stallman](https://stallman.org) | [no](https://stallman.org/articles/duckduckgo-censorship.html) | no | page overlooks most DDG issues, but it was only meant to expose one issue | | [Switching Software](https://switching.software) | [yes](https://switching.software/replace/google-search/) | yes, if you consider DDG an unethical alternative | site withholds DDG wrongdoing and also makes unverifiable\* claims | | [ThinkPrivacy](thinkprivacy.ch) | [yes](https://web.archive.org/web/20200326231847/www.thinkprivacy.ch/search) | yes, financing privacy abusers works against TP's mission. | site withholds DDG wrongdoing and also makes unverifiable\* claims | (\*) DDG *claims* they do not track users, but they cannot prove it. So when a third party like [Switching Software](https://switching.software) or [ThinkPrivacy](thinkprivacy.ch) states DDG does not track you, they are asserting something they can't. They should not be endorsing DDG in the first place, but if they insist, then they should instead say something like "DDG claims not to track you" so as to avoid deceiving people about the verifiability of the claim. It's particularly interesting to note that ThinkPrivacy gives the highest endorsement to [Startpage](https://www.thinkprivacy.ch/checklist.html), which was bought by US advertising company "System1". Yet ThinkPrivacy [loudly condemns](https://www.thinkprivacy.ch/cutting-the-wire) for the very same reason. Why? Dan Arel works for Startpage. This arose out of a scandal where Mr. Arel was advising the privacytools.io project at the time PTIO was considering pulling their endorsement of Startpage. To be fair, DuckDuckGo has a much more extensive history of undermining privacy both directly and by proxy through partnerships with privacy abusers than Startpage. ## Harmful endorsement: Qwant While Qwant has some privacy strengths that make it substantially more trustworthy and privacy-respecting than DuckDuckGo, it still has noteworthy issues that undermine privacy: 1. Privacy 1. Tor hostility -- Tor users are sometimes forced to [solve a CAPTCHA](https://dev.lemmy.ml/post/31645), and it's implemented in a destructive manner. That is, the search query is collected ***before*** Qwant decides to push a CAPTCHA. Since the user has already invested effort in typing the query, the user is coerced to solve the puzzle in order to not throw away their effort to that point. Then after successfully solving the puzzle, the query is wiped out anyway and the user is forced to retype their query. 1. No proxy feature. Some search engines like Searxes and Metager give an alternative proxy or cached link that avoids directly connecting to the site in the results. This is useful for all users but it's important to Tor users because many sites block or mistreat Tor users, in which case Tor users must visit the site indirectly. Qwant neglects to accommodate. 1. Qwant's [swag store](http://store.qwant.com/) accepts Paypal, who then shares customers data with [600 companies](https://www.schneier.com/blog/archives/2018/03/the_600_compani.html) amid [other abuses](https://dev.lemmy.ml/post/30880). 1. Qwant's [swag store](http://store.qwant.com/) says "follow us on Facebook", leading users into mass surveillance and makes no mention of their [Mastodon account](https://social.privacytools.io/@Qwant). 1. Microsoft [partnership](https://betterweb.qwant.com/en/how-microsoft-tools-strengthen-qwant/) has been ongoing. 1. Qwant patronizes Microsoft for its [advertising network](https://en.wikipedia.org/wiki/Qwant) 1. Qwant claims they no longer use Bing search results, but this is disputed. (And then they [admit](https://mastodon.social/@Qwant/103692143045274520) to it) 1. Qwant [uses](https://betterweb.qwant.com/en/how-microsoft-tools-strengthen-qwant/) Microsoft Azure cloud services. 1. Qwant's [swag store](http://store.qwant.com/) sells apparel made of cotton, which is bad for the environment. 1. Qwant has [ties](https://social.privacytools.io/@Qwant/102945184291956539) to [Fight for the Future Inc](https://dev.lemmy.ml/post/31655), an organization that claims to fight for net neutrality yet uses CloudFlare themselves. We won't document all of Microsoft's wrongdoing here, but MS has a long history of privacy abuse and still today they are embroiled in privacy scandals such as financial facial recognition technology to AnyVision and violating the GDPR. | site | Qwant endorsement | site's position & mission are inconsistent | endorsement misinforms or withholds pitfalls | |---|---|---|---| | [de-Google-ify](https://markosaric.com/surveillance-capitalism/) | no | no | n/a | | [Frama](https://framasoft.org/en/) | no | no | n/a | | [PRISM-Break](https://prism-break.org/en/) | no | no | n/a | | [PTIO](https://privacytools.io/) | [yes](https://www.privacytools.io/providers/search-engines/) | yes | site withholds Qwant wrongdoing | | [Security Checklist](https://securitycheckli.st/) | no | no | n/a | | [Surveillance Self-Defense](https://ssd.eff.org/en) | no | no | n/a | | [Stallman](https://stallman.org) | no | no | n/a | | [Switching Software](https://switching.software) | [yes](https://switching.software/replace/google-search/) | yes, if you consider Qwant unethical | site withholds Qwant wrongdoing and also makes unverifiable\* claims | | [ThinkPrivacy](thinkprivacy.ch) | no | no | n/a | (\*) Qwant *claims* they do not track users, but they cannot prove it. So when a third party like [Switching Software](https://switching.software) states Qwant does not track you, they are asserting something they can't. They should not be endorsing Qwant in the first place, but if they insist, then they should instead say something like "Qwant claims not to track you" so as to avoid deceiving ppl about the verifiability of the claim. OTOH, Qwant would be violating the GDPR if they did track you contrary to their privacy policy, so perhaps it's fair enough for Switching Software to make this assertion (unlike DDG, who is bound only contractually & they've shown to violate it already). It's worth considering that sites that endorse DuckDuckGo and nothing else are actually more harmful than sites that list other alternatives like Qwant, b/c there is more likeliness that users opt to use DDG when it's the only endorsed choice. ([part 2: messaging services](https://dev.lemmy.ml/post/32542)) ([part 3: s/w repos](https://dev.lemmy.ml/post/35452))

Privacytools ("PTIO") is a project with the noble mission to "*provide knowledge and tools to protect your privacy against global mass surveillance*" Sounds useful, no? Sadly, their [website](http://privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion/) does the opposite of its claim: it leads people straight into mass surveillance centers through endorsements of bad players. The site is rife with entities that privacy seekers should be avoiding. They not only show poor judgment by endorsing privacy abusers who work directly against their mission, but they also neglect to enumerate the traps and pitfalls on the endorsement pages. Apart from the transparency problem, security experts expose lots of privacy abuses in the website bug tracker which have little influence on decisions made by the staff that's in control of commits. # Dangerous and misinformed endorsements * ***Signal*** PTIO claims to "*provide knowledge and tools to protect your privacy against global mass surveillance*", yet PTIO [knowingly and willfully](https://github.com/privacytoolsIO/privacytools.io/issues/779) sends privacy seekers directly into several mass surveillance traps via OWS Signal. * ***Keybase*** PTIO endorses Keybase despite [reckless and malicious wrongdoing](https://github.com/privacytoolsIO/privacytools.io/issues/740#issuecomment-460076395) -- which PTIO is aware of. * ***DuckDuckGo*** ("DDG") is falsely marketed (but very well marketed) as privacy-respecting. It's a popular choice among naive users. Experts know better. Sadly, PTIO does not. [Copious privacy abuses](https://dev.lemmy.ml/post/31321) are linked to DDG. PTIO betrays the public trust through this reckless and uncautioned endorsement. PTIO down plays the non-controversial and superior [alternatives](https://dev.lemmy.ml/post/29179). * ***Qwant*** Has a history of hostility toward Tor users. e.g.: ![](https://dev.lemmy.ml/pictshare/xutj2h.png) Metager and Mojeek have never mistreated Tor users, and yet they rank low in PTIO endorsements. # Incompetence and deception * ***Searx*** PTIO has a fundamental misunderstanding of what Searx is. It's smart to [endorse](https://www.privacytools.io/providers/search-engines/) searx, but not as a search "provider". Searx is not a service. Searx is free ***software*** search engine. PTIO erroneously claims "No logs, no ads and no tracking". It's a deception. Anyone can run a public searx instance and implement logs, ads, tracking, and any other anti-feature they want. There are [many instances](https://searx.space/). And some searx instances do in fact push ads to pay their bills. All but one searx instance will push privacy abusing CloudFlare results to users -- and at least half a dozen of them are evil to the extent of proxying through CloudFlare themselves. It only makes sense to endorse particular searx instances. There is one searx instance that is uniquely above all privacy respecting, which filters out CloudFlare results: searxes.eu.org. * Corruption scandal: PTIO member [met with Startpage reps](http://techrights.org/2020/01/23/relisting-for-money/) to discuss something that would personally benefit him when Startpage endorsement was being dropped. He attended the meeting without informing other PTIO insiders and only admitted to it afterwards after being probed. Of course if PTIO when opts to put their repo on Microsoft Github, the kind of talent they attract are sell-outs. # Hypocrisy- refusal of PTIO to eat their own dog food PTIO is totally blind on the importance of setting an ethical example that is consistent with their own mission. If PTIO cannot handle ethical privacy-respecting tools themselves, how can they possibly expect to give novices confidence? PTIO's credibility is in the shitter as it proudly displays branding for the following on their website: | *shameful example* | *why it's a problem* | |---|---| | **Microsoft Github** | PTIO uses a Microsoft Github repo to manage bug reports. There are [copious problems](https://github.com/privacytoolsIO/privacytools.io/issues/843) with this foolish choice. PTIO makes a failed attempt to reason that they want to be where the most people are. With that kind of rationale, they've self-defeated their mission. | | **Twitter** | PTIO [claims](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-486891131) Twitter is "for outreach". If PTIO needs to reach Twitter users, they can have a Twitter account. But to ***link into Twitter*** from their website takes the hypocrisy beyond outreach. Users who land on their clearnet website have already been reached. It's both foolish and reckless to lead people from the open web back into Twitter. | | **Facebook** | Richard Stallman gives [good advice](https://stallman.org/facebook-presence.html) to those who refuse to accept the reality that they don't really need Facebook. If you believe you cannot live without Facebook, you still cannot justify linking into FB from the free world. To link from FB to the open web is sensible. To link the other direction is to be an excessive and needless enabler of privacy abuse.| | **Microsoft LinkedIn** | same issue as Twitter and Facebook | | **Reddit** | Amazon-hosted. Same issue as Twitter and Facebook | It’s plainly evident when navigating privacytools.io that there’s a serious credibility problem.
6

Privacytools ("PTIO") is a project with the noble mission to "*provide knowledge and tools to protect your privacy against global mass surveillance*" Sounds useful, no? Sadly, their [website](http://privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion/) does the opposite of its claim: it leads people straight into mass surveillance centers through endorsements of bad players. The site is rife with entities that privacy seekers should be avoiding. They not only show poor judgment by endorsing privacy abusers who work directly against their mission, but they also neglect to enumerate the traps and pitfalls on the endorsement pages. Apart from the transparency problem, security experts expose lots of privacy abuses in the website bug tracker which have little influence on decisions made by the staff that's in control of commits. # Dangerous and misinformed endorsements * ***Signal*** PTIO claims to "*provide knowledge and tools to protect your privacy against global mass surveillance*", yet PTIO [knowingly and willfully](https://github.com/privacytoolsIO/privacytools.io/issues/779) sends privacy seekers directly into several mass surveillance traps via OWS Signal. * ***Keybase*** PTIO endorses Keybase despite [reckless and malicious wrongdoing](https://github.com/privacytoolsIO/privacytools.io/issues/740#issuecomment-460076395) -- which PTIO is aware of. * ***DuckDuckGo*** ("DDG") is falsely marketed (but very well marketed) as privacy-respecting. It's a popular choice among naive users. Experts know better. Sadly, PTIO does not. [Copious privacy abuses](https://dev.lemmy.ml/post/31321) are linked to DDG. PTIO betrays the public trust through this reckless and uncautioned endorsement. PTIO down plays the non-controversial and superior [alternatives](https://dev.lemmy.ml/post/29179). * ***Qwant*** Has a history of hostility toward Tor users. Metager and Mojeek have never mistreated Tor users, and yet they rank low in PTIO endorsements. # Incompetence and deception * ***Searx*** PTIO has a fundamental misunderstanding of what Searx is. It's smart to [endorse](https://www.privacytools.io/providers/search-engines/) searx, but not as a search "provider". Searx is not a service. Searx is free ***software*** search engine. PTIO erroneously claims "No logs, no ads and no tracking". It's a deception. Anyone can run a public searx instance and implement logs, ads, tracking, and any other anti-feature they want. There are [many instances](https://searx.space/). And some searx instances do in fact push ads to pay their bills. All but one searx instance will push privacy abusing CloudFlare results to users -- and at least half a dozen of them are evil to the extent of proxying through CloudFlare themselves. It only makes sense to endorse particular searx instances. There is one searx instance that is uniquely above all privacy respecting, which filters out CloudFlare results: searxes.eu.org. # Hypocrisy- refusal of PTIO to eat their own dog food PTIO is totally blind on the importance of setting an ethical example that is consistent with their own mission. If PTIO cannot handle ethical privacy-respecting tools themselves, how can they possibly expect to give novices confidence? PTIO's credibility is in the shitter as it proudly displays branding for the following on their website: | *shameful example* | *why it's a problem* | |---|---| | **Microsoft Github** | PTIO uses a Microsoft Github repo to manage bug reports. There are [copious problems](https://github.com/privacytoolsIO/privacytools.io/issues/843) with this foolish choice. PTIO makes a failed attempt to reason that they want to be where the most people are. With that kind of rationale, they've self-defeated their mission. | | **Twitter** | PTIO [claims](https://github.com/privacytoolsIO/privacytools.io/issues/843#issuecomment-486891131) Twitter is "for outreach". If PTIO needs to reach Twitter users, they can have a Twitter account. But to ***link into Twitter*** from their website takes the hypocrisy beyond outreach. Users who land on their clearnet website have already been reached. It's both foolish and reckless to lead people from the open web back into Twitter. | | **Facebook** | Richard Stallman gives [good advice](https://stallman.org/facebook-presence.html) to those who refuse to accept the reality that they don't really need Facebook. If you believe you cannot live without Facebook, you still cannot justify linking into FB from the free world. To link from FB to the open web is sensible. To link the other direction is to be an excessive and needless enabler of privacy abuse.| | **Microsoft LinkedIn** | same issue as Twitter and Facebook | | **Reddit** | Amazon-hosted. Same issue as Twitter and Facebook | It’s plainly evident when navigating privacytools.io that there’s a serious credibility problem.

DuckDuckGo's privacy abuses-- current, historic, and by proxy
There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spot-lighted: * ***Nefarious History of DDG founder & CEO***: * DDG's founder (Gabriel Weinberg) has a [history](https://www.reddit.com/r/privacy/comments/aqz3q8/the_history_of_duckduckgos_founder_is_disturbing/) of privacy abuse, starting with his founding of [Names DB](https://en.wikipedia.org/wiki/Names_Database), a surveillance capitalist service designed to coerce naive users to submit sensitive information about their friends. (2006) * Weinberg's [motivation](http://web.archivecrfip2lpi.onion/web/20181116102800/https://www.eyerys.com/articles/people/search-engine-and-privacy-gabriel-weinberg) for creating DDG was not actually to "spread privacy"; it was to create something big, something that would compete with big players. As a privacy abuser during the conception of DDG (Names Database), Weinberg sought to become a big-name legacy. Privacy is Weinberg's means (not ends) in that endeavor. Clearly he doesn't value privacy -- he values perception of privacy. * ***Direct Privacy Abuse***: * DDG [was caught](http://web.archivecrfip2lpi.onion/web/20130627082930/http://www.alexanderhanff.com/duckduckgone) violating its own privacy policy by issuing tracker cookies. * DDG's app [sends every URL](https://github.com/duckduckgo/Android/issues/527) you visit to DDG servers. ([reaction](https://cmpwn.com/@sir/104444543789319623)). * DDG is currently collecting users' operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the "network" tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together) * DDG is accused of [fingerprinting](https://betanews.com/2019/01/07/duckduckgo-fingerprinting-accusation/) users' browsers. * When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project [refuses](https://www.epicbrowser.com/FAQ.html) to set DDG as the default browser. * DDG [blacklisted](https://contact.framasoft.org/wp-content/uploads/newsletters/newsletter10.html) Framabee, a search engine for the highly respected framasoft.org consortium. * ***Censorship***: Some people replace Google with DDG in order to avoid censorship. DDG is not the answer. * DDG is [complying](https://stallman.org/articles/duckduckgo-censorship.html) with the "celebrity threesome injunction". * ***CloudFlare***: DDG promotes one of the largest [privacy abusing](https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-460077544) tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity: * Anonymity: CloudFlare DoS attacks Tor users, causing substantial damage to the Tor network. * Privacy: All CloudFlare sites are surreptitiously MitM'd by design. * Net neutrality: CloudFlare's attack on Tor users causes access inequality, the centerpiece to net neutrality. * DDG T-shirts are sold using a [CloudFlare site](https://duckduckgo.merchmadeeasy.com/), thus surreptitiously sharing all order information (name, address, credit card, etc) with CloudFlare despite their statement at the bottom of the page saying "DuckDuckGo is an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs." (2019) * DDG hired CloudFlare to host spreadprivacy.com (2019) * ***Harmful Partnerships with Adversaries of Privacy Seekers***: * DDG patronizes privacy-abuser **Amazon**, using AWS for hosting. * Amazon is making an astronomical investment in facial recognition which will destroy physical travel privacy worldwide. * Amazon uses Ring and Alexa to surveil neighborhoods and the inside of homes. * Amazon [paid](https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/) $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1) * Amazon runs sweat shops, invests in climate denial, etc.. the list of non-privacy related harms is too long to list here. * DDG feeds privacy-abuser **Microsoft** by patronizing the Bing API for search results and uses Outlook email service. * Microsoft Office products violate the GDPR (the Dutch government discovered numerous violations) * Microsoft finances AnyVision to equip the Israeli military with facial recognition to be used against the Palestinians who they oppress. * Microsoft [paid](https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/) $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1) * DDG hires Microsoft for email service: `torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w'` ==> "...duckduckgo-com.mail.protection.outlook.com" * DDG is [partnered](https://www.ghacks.net/2016/07/01/duckduckgo-yahoo-partnership/) with **Yahoo** (aka Oath; plus **Verizon** and **AOL** by extension). DDG helps Yahoo profit by patronizing Yahoo's API for search results, and also through advertising. The Verizon corporate conglomerate is evil in many ways: * Yahoo, Verizon, and AOL all supported CISPA (unwarranted surveillance bills) * Yahoo, Verizon, and AOL all use DNSBLs to block individuals from running their own mail servers, thus forcing an over-share of e-mail metadata with a relay. * Verizon and AOL both drug test their employees, thus intruding on their privacy outside of the workplace. * Verizon supports the TTP treaty. * Yahoo voluntarily ratted out a human rights journalist (Shi Tao) to the Chinese gov w/out warrant, leading to his incarceration. * Yahoo recently recovered "deleted" e-mail to convict a criminal. The deleted e-mail was not expected to be recoverable per the Yahoo Privacy Policy. * Verizon received $16.8 billion in Trump tax breaks, then immediately laid off thousands of workers. * (2014) Verizon fined $7.4 million for [violating customers’ privacy](https://www.huffingtonpost.com/2014/09/03/verizon-privacy_n_5760132.html) * (2016) Verizon fined $1.35 million for [violating customers’ privacy](https://www.cnet.com/news/verizon-racks-up-1-35-m-bill-for-violating-consumer-privacy/) * (2018) Verizon paid $200k to [fight privacy in CA](https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/). See also [this page](http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1) * (2018) Verizon caught [taking voice prints](https://www.reddit.com/r/privacytoolsIO/comments/ac8p1x/verizon_voice_fingerprinting_on_customer_support/)? * [more dirt](https://old.reddit.com/r/privacy/comments/62ezji/which_american_mobile_carrier_is_the_most_privacy/) (scroll down to Verizon) * (2016) Yahoo [caught](https://www.theguardian.com/technology/2016/oct/04/yahoo-secret-email-program-nsa-fbi) surreptitiously monitoring Yahoo Mail messages for the NSA. * ***Advertising Abuses & Corruption***: * DDG consumed a room at FOSDEM 2018 to deliver a sales pitch despite its proprietary non-free server code, then dashed out without taking questions. Shame on FOSDEM organizers for allowing this corrupt abuse of precious resources. * Tor Project accepted a $25k "contribution" (read: bribe) from DDG, so you'll find that DDG problems are down-played. This is why Tor Browser defaults to using DDG and why Tor Project endorses DDG over [Ss](https://ss.wodferndripvpe6ib4uz4rtngrnzichnirgn7t5x64gxcyroopbhsuqd.onion) -- and against the interests of the privacy-seeking Tor community. The EFF also pimps DDG -- a likely consequence of EFF's close ties to Tor Project. For the record, this is how Tor Project responds to criticism about their loyalty toward DuckDuckGo (their benefactor) in IRC: > 18:20 < psychil> if torbrowser is going to be recommended, it should also be open to scrutiny. in the absence of that transparency, you create an untrustworthy forum. > 18:20 < psychil> we've seen a loyalty from TB toward duckduckgo, but DDG is in partnership with Verizon, Yahoo, AOL et. al. > 18:21 < psychil> all CISPA-sponsoring companies > 18:22 < psychil> if ppl choose to trust them fair enough, but this trust shouldn't be pushed on every user weighing their choice of browsers > 18:26 -!- mode/#tor [-b psychil@*!*@*] by ChanServ > 18:27 < YY_Bozhinsky> psychil: i am using Tor (thanks to Tor Devs)... PLUS brain - good bundle. I am happy. And please, don't rush to change Reality (do it slowly with love and respect). Because it's home for many ppl. They construct their lives in it. Think twice before ruining that. Please. > 18:27 -!- mode/#tor [+b psychil!*@*] by ChanServ > 18:27 -!- psychil was kicked from #tor by ChanServ [wont stop the FUD] Indeed, Tor Project is notoriously fast to censor any discourse (no matter how civil) when it supports a narrative that doesn't align with their view / propaganda.

Keybase <-- stay away from it, seriously.
# Keybase, we have a problem. The Keybase software and service are both littered with severe bugs that create a security and legal nightmare. Here are some of the issues: * Deception: Their software is a server masquerading as a client app. They simply call it an "app" on this page: https://keybase.io/docs/the_app/install_linux but it's actually a surreptitious *server* that runs continuously in the background as a daemon. * Deception: Tor mode serves only to mislead users. The tool actually surreptitiously phones home to the central server of Keybase, Inc. without using Tor at all. This is not the usual DNS leak that Tor users are accustomed to, the connection itself takes place outside of the #Tor network. It's not incidental. This is in their _privacy policy_: "When you access or use the Service,we automatically collect and store information about your browsing habits and your use of the Service (“Usage Information”),including: a. Your computer’s IP address.. f. Session times and lengths" * Malice: Keybase is designed to reverse users' edits to the `run_keybase` script. So users who try to patch the leaks by introducing torsocks wrappers in that script will learn who really owns that tool on the next upgrade or downgrade, when the script is overwritten. The overwriting is also silent, so some users will be unaware when their traffic becomes exposed. This also means adding firejail sandboxing to that script will also be reversed. It's no accident, they enforce it in the ToS that you agree to: "We may automatically check your version of the Software. We may also automatically download to your computer or device new versions of the Software." * SoftwareFreedom: The javascript on www.keybase.io is non-free software (it fails the #LibreJS test). * Malice: There are so many security bugs that keybase developer Jack O'Connor ("oconnor663") is outright deleting some of the more embarrassing security-critical bug reports. This censorship is the most malicious variety because it blocks other users from becoming aware of pitfalls in software that they have trusted. (Hence this article, which is out of reach for Jack O'Connor to censor) * Malice: The login webform is coded as a pop-up to force users to disable their ad blockers. * Malice: Users who are wise enough to distrust the keybase server have no way to receive messages that are collected through the _Keybase Chat_ mechanism. * Deception: People who send messages using _Keybase Chat_ are not given feedback on non-delivery. So humans are actually composing messages that are silently black-holed! Nothing is more reckless and irresponsible than a messaging service that fails to deliver without telling the sender. What's even more perverse is that non-delivery is not a rare event-- it's simply a matter of the recipient not running their junk software. So it's designed to cause widespread harm, the scale of which that could provoke a class action. So they've actually written a clause in their ToS to attempt to block class actions: 'Any Claim must be brought in the respective party’s individual capacity, and not as a plaintiff or class member in any purported class, collective,representative, multiple plaintiff, or similar proceeding (“Class Action”).' They also have: INDEMNIFICATION, LIMITATION OF LIABILITY, ARBITRATION, and NO WARRANTY clauses to block all actionability of their malice. * Bug: Further exacerbating the previous two issues is the fact that the "Keybase Chat" button cannot be disabled. Users not running the dodgy software are still forced to have this blackhole-feeding mechanism on their profiles. * Hypocrisy: Keybase sends all notifications in-the-clear as plaintext despite having the recipients pubkey and having built their own software to use it. Keybase, Inc does not eat their own dog food. * Bug: If you disable the (insecure) notifications and you are not running their (insecure) software, then you have no way of knowing that someone has tried to send a message. So human-written messages are not only black-holed, but both sender and recipient are unaware of the non-delivery. * Bug: The Keybase installer creates the directory "/keybase" with all world privileges (and yes, they root it in "/"). The keybase developers have said they believe that mounting a filesystem to that directory blocks access to it (so they are unaware of bind mounts). * Malice: advertising is opt-out, not opt-in. From their ToS: "we may send you communications..promotional information and materials..We give you the opportunity to opt-out of receiving promotional electronic mail from us by following the opt-out instructions provided in the message." They are encouraging users to use an unsubscribe link in a spam message. Informed users know is a bad idea, as it signals that an e-mail address is actively in use. * Bug: Keybase does not sign their e-mail messages, thus exposing their users to phishing attacks. Keybase, Inc again demonstrates they don't eat their own dog food. * Deception: They say files are end-to-end encrypted, but this legal loophole gives them immunity for any shenanigans in that regard: "We collect and store files and information that you transmit to other parties using the Service or that you elect to store on the Service." * Deception: This appears on the Keybase website: "The Keybase website is ok, but the Keybase app is faster, safer, and more powerful than doing it in a browser." When they say the "website is ok", it's a gross oversight to imply that you can rely on the website alone when doing so entails forfeiting access to inbound messages (for which the collection cannot be disabled). And when they say the "app is safer", it's a lie.

(censored in r/enviroaction) Tell Yang his campaign t-shirt is a bad idea
This is why people should abandon Reddit in favor of Lemmy. This post exposes the rampant Reddit censorship problem. The following posts are an example of civil on topic rule-conforming posts that were censored in r/enviroaction without cause. ----- In response to [this post](https://www.reddit.com/r/enviroaction/comments/dr2f9a/tell_yang_his_campaign_tshirt_is_a_bad_idea_made/f6e2gyt/), I [wrote](https://www.reddit.com/r/enviroaction/comments/dr2f9a/tell_yang_his_campaign_tshirt_is_a_bad_idea_made/f6ehncw/) the following (which was censored): >> So just a note, all cotton is organic: C6H5O9 > > Either you're attempting [equivocation](https://www.thoughtco.com/equivocation-fallacy-term-1690672), or perhaps you're unaware of [sustainable cotton](http://aboutorganiccotton.org/faq/) which has taken the name "organic cotton". ("at present, approximately 0.51% of global cotton production is organic.") > > But thanks for mentioning Amazon's packaging waste.. I overlooked that. In response to [this post](https://www.reddit.com/r/enviroaction/comments/dr2f9a/tell_yang_his_campaign_tshirt_is_a_bad_idea_made/f6fz58s/), I [wrote](https://www.reddit.com/r/enviroaction/comments/dr2f9a/tell_yang_his_campaign_tshirt_is_a_bad_idea_made/f6g14ha/) the following (which was censored): > I was actually half tempted to criticize Amazon for using FedEx. > > FedEx is an NRA-supporting ALEC member, so using FedEx supports climate denial (among [other evils](https://www.reddit.com/r/Boycott_Boeing/comments/dr0ax7/rationale_for_boycotting_boeing/)). FedEx also ships shark fins, hunting trophies, and slave dolphins. So the toll on the environment by FedEx is quite extensive (while they advertise with claims to have a low carbon footprint to capture business from uninformed but pro-environment consumers). > > UPS is also an ALEC member but not as harmful as FedEx. > > USPS is slightly evil for blocking Tor. But in the big scheme of things any alternative to FedEx and UPS at least avoids the worst of them. Can anyone cite a legitimate reason to censor these posts under r/enviroaction rules?