Tips for Using Nostr on Tor:

Nostr has horrible Tor support as it’s very slow to connect to all of these relays.  Here’s some tips:

1) Use the Gossip Client on desktop (Linux is supported btw).  We love Whonix, but you could use any other tools such as ParrotOS, Tails, or even just command line software.

Then modify the following settings in Gossip:

a) Turn off avatars
b) Turn the refresh rate for the timeline to the slowest
c) If you’re real laggy, turn off “in-line content” which is images
d) Mute people you don't actually need to see
e) Modify the relays (see the next point)

2) Gossip is great for Tor because not only can you cut out the bullshit, but the client knows which relay to find which person.  This speeds up the process by not asking extra relays

2) If you’re doing controversial speech, consider only posting on Gossip via Tor, but then using a different account on a WireGuard VPN just for general browsing/scrolling of a timeline

3) Another possibility is Primal.net, as they aggregate all the information for you like regular social media.  They have the ability to censor you from seeing stuff just like Big Tech, I’m not saying they will do this… just be aware that they can.  Primal has both a web app and mobile app.  The web app works on Tor browser as it’s NOT behind CloudFlare.  But it is hosted by Hetzner which is the largest German host

Primal is great to look up someone's relays then follow on Gossip
 

 News: Signal is now allowing usernames instead of phone numbers, but in the beta you still have to register a number I believe,
https://community.signalusers.org/t/public-username-testing-staging-environment/56866 

 Thats why I love Linux

https://nostrfiles.dev/uploads/fwNOfDqcOmtP4F0Y4fcL.jpg 

 Super useful (& legal) Tor Onion links:


Clear web: Exch.cx
hszyoqwrcp7cxlxnqmovp6vjvmnwj33g4wviuxqzq47emieaxjaperyd.onion
Swap crypto to crypto without CloudFlare or Big Tech. 0.5% fee.
Con: They get DDoS'ed a lot, but check back in a few hours if down.

Clear web: Trocador.app
trocadorfyhlu27aefre5u7zri66gudtzdyelymftvr4yjwcxhfaqsid.onion
Acts as a no-fee No-JavaScript crypto-to-crypto swap front end for supposedly "many exchanges" but you usually get FixedFloat.  Since FixedFloat uses CloudFlare and Google, it's good to not go direct for privacy and to prevent FixedFloat from being able to bounce with your funds.
(Trocador doesn't add fees, but FixedFloat charges 0.5%, same as ExCh)

Clear web: RoboSats.com
robosats6tkf3eva7x2voqso3a5wcorsnw34jveyxfqi2fu7oyheasid.onion
Peer-to-peer Bitcoin Lightning for fiat/XMR.

Clear web: WizardSwap.io
wizardswgtu2ovor7r2esg3cxdpt7tv4nrugi32lldv53zmtonbz6sid.onion
Swap cryptocurrencies (high 2.2% fees).  No Big Tech.
Con: I wouldn't use this in a browser due to fees, but it's good to have variety and you can use Particl directly via download for atomic swaps

Clear web: MetaGer.org
metagerv65pwclop2rsfzg4jwowpavpwd6grhhlvdgsswvo6ii4akgyd.onion
No-JavaScript search engine aggregator, that allows you to proxy into websites that normally block Tor and require JavaScript

Clear web: monerosms.com
xmr4smsoncunkfgfjr6xmxl57afsmuu6rg2bwuysbgg4wdtoawamwxad.onion
Get an anonymous USA SMS line for XMR

Clear web: Crypton.sh
cryptonx6nsmspsnpicuihgmbbz3qvro4na35od3eht4vojdo7glm6yd.onion
Get an anonymous European SMS line for Crypto that normally requires KYC

Clear web: Kyun.host
kyun2mtuhxm5h5pie7ixowfsersg5bpk47ym3pkcr5ajxvjhdadbrxqd.onion
Buy a tiny VPS in Romania for Monero.  No email required. No Big Tech.
Support via Session or SimpleX
Con: No Domain names

Clear web: njal.la
njallalafimoej5i4eg7vlnqjvmb6zhdh27qxcatdn647jtwwwui3nad.onion
Buy a domain name without info or Big Tech.  But they're better for domains than the VPS, which is overpriced and blocks emails. Support via XMPP or email.
Con: They will suspend you without warning for illegal stuff, which locks up your domain.  

Clear web: AgoraDesk.com
2jopbxfi2mrw6pfpmufm7smacrgniglr7a4raaila3kwlhlumflxfxad.onion
No KYC Peer-to-peer exchange to buy/sell Bitcoin/Monero for fiat. 1% fee.
No Big Tech. No JavaScript.  Mobile App is on F-Droid
Most of the liquidity is Zelle & CashApp

Clear web: SimplifiedPrivacy.com
privacypkybrxebcjicfhgwsb3coatqechwnc5xow4udxwa6jemylmyd.onion
Author of this list.  Huge amount of resources on privacy, Linux, crypto, degoogled life, and censorship resistance. 

 Linux for Life

https://nostrfiles.dev/uploads/j3gSFQhccejoUK1AKbsg.jpg 

 10 Quick Tips to become Invisible

1. Avoid VPNs that don’t accept cryptocurrency, but remember they see your home IP.  So it's not anonymous without Tor or it's alternatives

2. Avoid Big Tech, but if you have to, then use the LibRedirect browser extension and/or Farside.link service to use Tor or LibreWolf without JavaScript

3. If a website blocks you, try Vanilla Firefox with your VPN set to Port 443 TCP.  Modify Firefox to reduce telemetry by setting "block dangerous and deceptive content" and "provide search suggestions" both to off

4. Linux isn’t as hard as you think.  You don't need the command line.

5. Keep passwords in offline storage, such as KeePass.  Then keep that in VeraCrypt

6. Wear a Bitcoin logo shirt at local public events, then get the info of people who approach you, so you can buy/sell for in-person cash

7. Avoid SMS, but if you have to, then use VoIP and never the number of the SIM card you get service from, to hide your physical location

8. Avoid email, but if you have to, then go for open source software you control.
It's not as hard as people make it out to be.

9. If a friend refuses to use privacy tech (such as Signal/Session), instead of cursing them out, increase the value your friendship offers, to make it worth it to install a new app

10. Be aware that Cloudflare sees ALL content on their network, including passwords.
Check DNS record tools (such as bgp.tools) or Ombrello to see if the site uses them:
ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion

</end>
Consider sharing this so freedom doesn't die 

 Monero's Flaws Make it More Valuable

In the movie 8 Mile, the rapper Eminem attacks himself first, to leave his enemy speechless after. We replicate this strategy by openly pointing out Monero’s vulnerabilities to deprive our enemies of criticism and then weaponize their ideas against them.

We tackle Monero’s flaws including delistings, end-to-end attacks, crime, and the risk of a ban.
Enjoy:
https://SimplifiedPrivacy.com/MoneroFlaws/
 

 Farside is an amazing free tool!

Here’s how it works:

Front-ends are hosted instances of open source software that allow you to view content, which normally has surveillance, through a new interface.  Now you can use Tor and turn off JavaScript (JS is used to fingerprint and identify)

No JS
Nitter = Twitter
Scribe = Medium
SearXNG = Search engines
Wikiless = Wikipedia
Teddit & Libreddit = Reddit
LibreX = Torrents

With JS
Invidious & Piped = Youtube
Librarian = Odysee

The problem with front ends is that the real service blocks many instances of it.  (For example Twitter will block a given Nitter instance).  Farside.link not only keeps you up to date with a list of working instances, but it will automatically serve you a new instance by going to farside.link/service

So for example farside.link/nitter
Or set your homepage search to farside.link/searxng

Here’s the wicked part, you can share a specific post with a friend by filling in the rest of the URL with farside, so your friend sees a different instance of the same content.  This hides from both the services and front-ends, that you and your friend know each other!

So for example, farside.link/nitter/snowden

 

 DeGoogled Life:

Chrome Browser:
LibreWolf, Brave, Icecat, vanilla Firefox, Tor

Google Android:
GrapheneOS, Calyx, Divest/Lineage, Linux phones like Pine

Google Search:
MetaGer, Mojeek, SearXNG w/ farside.link , Brave (AWS), Yandex

Google Docs:
Nextcloud, Ente.io (Photos), onlyOffice

Google Meet:
Keet, Jitsi, Matrix (browser platform), Brave’s Video Meet (AWS)

Youtube alternatives
Peertube, Rumble, Odysee

Youtube Front-ends
Freetube (desktop), NewPipe (android), Invidious.io (browser), Piped (browser)

Gmail
Paid on VPS: Mail-in-a-box, Luke Smith Scripts, iRedMail
Free burners: Protonmail, Tutanota, Skiff (Cloudflare’d)

Google Maps
OSMand, Organic Maps, Duckduckgo (Apple maps).
And if you absolutely need Google, then use Divested Computing Group’s “Gmaps WV” F-Droid app.  It’s a front-end wrapper

Translate
LibreTranslate.org  , DeepL

You got other ones? Post in the comments!

 

 
OpenVPN vs WireGuard

__________________

OpenVPN

OpenVPN has been around much longer than Wireguard. With an initial release in 2001 and over 5 million downloads worldwide, OpenVPN has been heavily penetration-tested and stood it’s ground.

The main advantage of OpenVPN is its long history of being secure and reliable, as well as being the most anonymous VPN regarding the logging discussed below. The disadvantage is that it’s slower than Wireguard.

__________________

WireGuard

WireGuard is a relatively new competitor to OpenVPN, having initially had experimental versions released in 2018. With funding from some of the top VPN providers, as well as (ironically) the US government via the Open Technology Fund, Wireguard is able to provide much faster internet traffic speeds compared to OpenVPN because of its multi thread approach.

Wireguard has less code

Wireguard has just 4,000 lines of code, which is significantly less than OpenVPN (with over 70,000). So some consider Wireguard more secure because it can be audited more easily. Also because Wireguard has less code, it has a lower attack surface for penetration.

Wireguard’s issues

The Wireguard protocol does, however, have some requirements that, if not properly implemented by the VPN provider, could lead to it being less anonymous, and therefore less private.

Since these requirements/flaws place a larger responsibility on the VPN provider to correctly implement solutions to it, SOME criticize Wireguard for forcing VPN users to put even greater trust in the VPN provider.

__________________

Wireguard temporarily “logs” IP addresses

WireGuard requires the user’s IP address to be stored in the server’s memory, which unlike OpenVPN may persist even after the connection is closed. Some consider this a form of temporary IP address logging. Now each VPN provider handles this differently.

Some VPN providers like Mullvad and OVPN erase the map between IP addresses and encryption keys as soon as there has been no communication between the end user and the VPN server for 2-3 minutes. This is solving the problem by constantly “deleting the logs”.

Another approach is to assign users a fake 2nd internal IP address just to use WireGuard. This is the approach that NordVPN takes with its “double NAT” policy. NAT is the process of turning a public IP address private. So NordVPN claims they are doing this twice to avoid the WireGuard log issue.

There is heated debate over if WireGuard is anonymous and private enough.  Many enjoy the faster speeds and think the 2-minute logging doesn’t matter much.  But everyone agrees, Wireguard requires more discretion on the part of the VPN provider to carefully deal with this issue.

__________________

WireGuard Blocked?!

Some websites will either malfunction or block the use of WireGuard.  The exact reason for this is debated, since the website can’t see how you connect to the VPN server.  Some argue this is due to some type of compatibility error and the website is not even aware.  Others dispute that and say it’s some type of eCommerce anti-fraud detection based around their knowledge of the particular VPN provider.  We remain neutral on this issue, and bring it up just to inform you that if a webpage won’t load, try switching to OpenVPN with port 443.
 

 Virtual Machines for Beginners

This is an easy read to learn better security and resist tyranny

We all know the concept of a burner phone that you throw away.  What if you could have an electronic version of a phone to dispose of easily?  Well if it’s an electronic fake version of a computer, this is a virtual machine.

Virtual machines (“VM”) are fake recreations of a computer.  Normally when people think of this, they think of corporations creating a “cloud” in a datacenter.   But you can also use a virtual machine on your home computer to ironically resist these big cloud corporations trying to spy on you.

Did you know the CIA sponsors tracking firms and ad networks on Facebook? [1][2] Can’t delete Facebook?  Put that browser in a VM!

Rather than pay money for a whole 2nd computer, when your job asks you to download proprietary software, you can put it in a VM, to prevent it from seeing your other activity.

If you use Linux, you can make a Windows VM for Windows software.

If you want to try out a Nostr client, but don’t know if you can trust it.  Then a VM is a great place to test!  VMs contain malware.  And the part that creates this fake PC is called a hypervisor.

There is a risk of it breaking out of the VM.  How much is the risk?  Well there’s different types of VMs,

If it’s running on top of your real operating system, it’s a level 2 hypervisor.  This is Oracle’s VirtBox.

If it’s running directly on your real hardware, it’s a level 1 hypervisor.  This is VirtManager KVM.

If it’s barely even got a host OS, this is Xen.  And it’s how QubesOS works.

The lower the level of virtualization, the harder it is for malware to break out.

Remember at the start of this article, we said burner phones?  You can install Android in a VM.  This is infinite burner phones for corrupt spyware apps!

We exposed you to the concept here, now you can learn more from our website or others.

References on CIA, add the dot:
[1] cbsnews com/news/social-media-is-a-tool-of-the-cia-seriously/
[2] corbettreport com/meet-in-q-tel-the-cias-venture-capital-firm-preview/ 

 4 Tips for 2FA

2FA or 2-Factor Authentication is a great security tool if done correctly.  Here’s 4 tips.

1) SMS 2FA Sucks

Ethereum developer Vitalik Buterin mouths off about decentralization, but got his Twitter account hacked by linking it to a government phone number.  SMS texts are the easiest 2FA method for random hackers to compromise. There’s a technique known as SIM swapping which allows a hacker to switch SIM cards, so his or her device can receive your SMS texts. This can then be used to compromise your 2FA.  

Also, SMS SIM cards leak your real exact physical location when it connects to a cellphone tower. In addition, you’ve given the mobile service provider the information to know what services or websites you’re using.

Another reason SMS 2FA is horrible is that the SIM card is often tied to your identity.

________________

2) KYC is less secure

Often out of ignorance, people associate real identity verification as being more secure. But in reality this is untrue because once you associate an account with a real person, then social engineering, SIM card swapping, and identity-based password guessing become possible. In addition, the physical location of password databases can become known to violent actors.

________________

3) Reject large proprietary companies

Also many people, out of ignorance, favor technology services from large corporations because they assume them to be more secure. They presume that the large company can be trusted with their identity information.

In reality, large companies may be bureaucratic, enabling hackers to prey on their inefficiencies. For example, recently Uber and Rockstar Games were hacked with social engineering. The Uber hack released not only the financial information of customers but also to where the customers had traveled.

Microsoft’s Password database manager for government accounts was hacked by Iranians. The local governments had to pay Bitcoin as ransom to get control back. This further demonstrates that large companies like Microsoft and Google can not be trusted to safely store your data or identity.

We do NOT recommend the use of omnipotent Google Authenticator for numerous reasons. First it’s not open source, so who knows what malicious tracking Google is doing. Google’s track record regarding privacy is piss poor, so why should you trust these malicious clowns?

Second, Google Authenticator will prevent you from getting the backup phrase which can be used to transfer the 2FA account to either a different authenticator phone app or a desktop client. The only thing that Google’s app will let you do is transfer the app to a different Google Authenticator account. So essentially Google has locked you into the Google ecosystem, and once you are dumb enough to use Google Authenticator, you can’t switch to an open source one without the website giving you a brand new backup phrase.

________________

4)  Avoid Phones

You want to avoid doing 2FA on a phone that you carry around. A phone is real easy to accidentally lose or be stolen; you might leave it in an unsafe place.  Additionally, phones have unsafe hardware.  Phones have 2 “brains”, one with the CPU/RAM and another called the baseband modem that connects to cellphone towers.  Numerous studies have demonstrated that hackers can remotely access bandband modems by pretending to be the cellphone tower.

When you put a phone in airplane mode, this is just an API REQUEST from the CPU/RAM brain to the baseband modem asking it to please stop.  The baseband modem does not have to honor this request and won’t if corrupt government thugs are illegally hacking you in violation of their own constitutions.

________________

Conclusion:
2FA should be done on a Linux computer using KeePass XC with TOTP.  This avoids connecting to the internet with open source software you control.  Google Auth is just one client for TOTP, but KeePass XC will work. 

 New Tutorial Video on Nostr Clients Amethyst, Iris, and Primal:

https://video.simplifiedprivacy.com/nostrtutorial/

Help us spread adoption!  Next episode: Gossip
 

 Tips for Signal

Signal is flawed in that it’s centralized on Amazon servers, requires a phone number, and can not be self-hosted.  However regular SMS is so horrible, and Signal is so intuitive for new users, that telling people not to use it likely does more harm to privacy than good.  So here are some tips to improve:

1)  Turn off read receipts

Signal has a system called “Sealed Sender” to hide metadata, but it’s flawed.  It works by putting the metadata of who sent the message inside the encrypted packets. However, cybersecurity researchers from the University of Colorado Boulder, Boston University, George Washington University, and U.S. Naval Academy, found that Sealed Sender could be compromised by a malicious cloud host in as few as 5 messages to reveal who is communicating with who. In this paper published by NDSS, headed by Ian Martiny, these researchers found that Signal’s “read receipts”, which lets the sender know that the receiver got the message, can be used as an attack vector to analyze traffic.  This is because read receipts send data packets right back to the sender.

Source:
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-4_24180_paper.pdf

Therefore, our recommendation to increase metadata protection is turn off read receipts, which can be toggled in the security settings.

2) Don’t use an American phone number

In an earlier post on burner numbers, we talked about burner crypto text services, such as virtualsim.net which allow you to pay a tiny bit of crypto for a 1 time SMS code.  If you can be anywhere in the world, why would you pick a jurisdiction that’s hostile to privacy?  You can reach us on our Cambodian line!  Remember that spacing matters on Signal.  It’s counting +4 4 and +44 as different countries.

3) Use Signal only for people you know

Signal has poor metadata protection because your real life friends likely don’t have DeGoogled phones, so they’ll save your burner Cambodian line as your real name in their contact list, and then their contact list syncs with Google or iCloud and your anonymity is blown.

So if you want to hide that you’re even talking to someone, then use SimpleX, Session, XMPP, or one of the many other options.

4) You can have multiple profiles with different numbers

With Graphene you can have different user profiles with new numbers, or even within the same user profile on a Work one.  If you use a 2nd Work Profile number, just remember that the Amazon server can see two numbers pinging for messages from the same IP, so set your VPN to the largest city you can to disguise and don’t change cities/countries on both accounts at the same time.  You could use numbers from different countries to throw them off too, but at the end of the day, Amazon would probably see that your Cambodian and Ohio identities both wake up at the exact same time every day.

</end>
If you really want anonymity, check out our SimpleX self-host script we made for you on our website.
 

 Javier Milei Won Argentina's Presidential Election!
He's anti-Central Bank & Pro-Bitcoin!  Huge win for freedom!
 

 5 Android Apps to turn you into a Ghost

1. ClassyShark3xodus
ClassyShark3xodus is used to detect if another app you downloaded has spyware or trackers.  ClassyShark3xodus scans the app for DNS requests or communication with Big Tech.

2. Fake Traveler
Some apps require GPS location, even when you don’t want to reveal it.  Fake Traveler allows you to spoof your location to a place of your choosing to fool apps into thinking you’re there.   Smaller community banks will fall for this, but for large ones, the bank’s app won’t load.

3. Scrambled Exif
Smartphones automatically tag pictures with GPS location metadata called “Exif.”  So when you post a photo to Instagram or Facebook, the company knows where you live even though you’re using a VPN.  Scrambled Exif allows you to remove this metadata conveniently before you post or send it.

4. Duress
Duress automatically wipes your phone when you enter a particular 2nd passphrase.  Now, we discourage criminal activity, however some governments in some countries around the world may act illegally or against their own constitution to search devices they are not permitted to.  Therefore, to honor and respect these human rights laws, as well as to protect whistleblowers globally, we recommend you tell corrupt police officers asking you to unlock your phone your 2nd Duress password.

5. andOTP
Two factor authentication is often a source of leaking your geolocation.  AndOTP is way better than Google Authenticator because Google’s is proprietary and even though it works offline, may connect to Google accounts.  Google is evil and locks you in where you can’t transfer to a different app because there’s no backup code.  But andOTP works on any site that says “Google Auth” or TOTP.

(KeePass XC on Linux is better than both of these btw.)

</end>
All of these are in the open source F-Droid Store.  Follow us on Nostr for more tips! 

 When you put your phone in airplane mode, that's just an API call to the Qualcomm baseband modem ASKING it to stop.  You're not really in control of it 

 Pro/Con of Search Engines

Brave Search
Type: Engine
Pro: Good independent results that aren’t dependent on Google or Microsoft.  Brave also has less of an authoritative pro-centralized power bias than “Bigger Tech”
Con: With Tor browser, Brave has issues with Web Assembly and requires JavaScript
Solutions: Brave’s Tor Onion Service actually doesn’t need JavaScript, you can find that here:
search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion

Mojeek.com
Type: Engine
Pro: No JavaScript is required with this completely independent engine.  Mojeek gives unique results.
Con: It’s not as good at doing conceptual searches on educational topics.
Solutions: Use Mojeek when you know what you want

Duckduckgo
Type: Front end
Pro: Tor browser’s default search engine, so using it with Tor makes you blend in.
Con: Microsoft datacenters and it pulls results from Bing, which pushes pro-government propaganda.  Also when I click a search result, the browser extension uBlock Origin shows me the new website is making 3rd party JavaScript calls to “improving.duckduckgo” which doesn’t seem like such a privacy friendly thing going on.
Opinion: The image download is smooth, maybe only use it for that

SearXNG
Type: Software
Pro: Self-hosted open source search that pulls results from Brave, Duckduckgo, Qwant, Google, ect.  This way you know it’s not browser fingerprinting you or logging.
Con: Many of these search engines will block SearX instances
Solutions:  One great work-around is to use farside.link.  This service will automatically serve you up a SearXNG instance when using the URL: farside.link/searxng
Set that to your homepage and you’re set

LibreX
Type: Software
Pro: LibreX is a great No-JavaScript Tor-friendly torrent searcher, so you can get magnet links without ads across a few different torrent sites.  It’s similar to SearXNG as it’s self hosted, and also has a front end for Google, but is often less blocked than SearXNG.
Con: It’s not as popular as SearXNG, so the selection on farside is slimmer.  Auto-serve Link: farside.link/librex

Qwant
Type: Front-end
Pro: They are in France and supposedly bound by GDPR
Con: Another Bing Front end that’s less honest about being a Bing front end, with annoying captchas for Tor.   Qwant also for years sent data to Microsoft Ads.  Source:
https://web.archive.org/web/20210603110256/https://about.qwant.com/legal/confidentialite/
France is turning towards tyranny, so I question if GDPR will be upheld with VPN restrictions and digital IDs

Yandex
Type: Engine
Pro: Russian alternative to get alternative views (such as criticizing the CIA) that Bing or Google based engines may censor.  As Mental Outlaw points out, it’s also good for torrents
Con: Tor Captchas.  Requires JavaScript.  Unclear privacy policies.
Solutions: Use MetaGer as a front end...

MetaGer
Type: Front-end
Pro: Tor & No JavaScript friendly, Open Source blend of results from Yandex, Scopia, and Yahoo.  There’s also an “open anonymously” proxy option, which is serving it to you through their proxy so third party JavaScript is not called upon.  If you ever are in a situation where uBlock Origin is having issues, then this may be a great alternative to not be fingerprinted by the third party JavaScript.
Con: If you use this proxy option, you’re putting a lot of trust in MetaGer to see you navigate this site.  As opposed to just clicking on a link in a new tab with no javascript where they don’t even know what you did.

Startpage
Type: Front end
Pro: Google front end that’s never blocked
Con: Google without their AI surveillance is actually shitty results, and it’s got so much unrelated propaganda shoved in there.  Google’s “sources” are just the same few popular websites.

Ombrelo
Type: Front end
Pro: Ombrelo is a Tor onion search engine that automatically crosses out CloudFlare websites for you, since CloudFlare is not privacy-friendly
Con: Since so many websites use CloudFlare due to corrupt centralization of the internet, Ombrelo will sadly give you few results you can actually click on.  But try for yourself:
ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion

</end>
Our content is likely to be censored from nearly all search engines and banned on Big Tech platforms.  While I have strong determination to persist under any adversity, your sharing of our content is the only way this can succeed.  Please, do not let privacy die. 

 Pro/Con of Nostr Clients

Iris.to
Pro: Everyone has a web browser, so it’s easy for beginners to on-board.   Simple easy layout.
Con:  They use CloudFlare, so do NOT let the website see your private key.  You need to use the Flamingo browser extension to sign events because CloudFlare strips away httpS encryption.  Without a browser extension, it should be treated like you’re handing your private key to the US government.  You can’t view DMs using a browser extension only.  Also CloudFlare will browser fingerprint you and block Tor.  

Primal.net
Pro: Fast for Tor.  I recommend this only for Tor browser.  The reason it’s fast is because you’re not getting the content from each individual relay, but it’s aggregated to their database.
Con: Primal’s model is closer to traditional social media, where they can censor content.  Beyond using this for speed on Tor, it’s dangerous centralization.

Amethyst
Pro: FOSS Android client in the F-Droid store that works on degoogled phones.  Not only is the interface just like Twitter, but they added in “sealed sender” style DMs, similar to Signal to hide metadata.
Con: Be aware that if you’re not using a degoogled phone, then the government and Google can probably get your private key.  And for the high risk “tinfoil hat” paranoid, you can’t control the Baseband modem of ANY mobile device which hackers can remotely compromise.  But for the average memer, private keys on mobile is fine.

Gossip
Pro:  This is what I’d use for famous or controversial influences with a high threat model.  Desktop Linux is supported, and it’s programmed in Rust which could potentially add security against memory corruption for poorly vetted third party images downloaded off relays.  Password lock on posting is good.
Con: No sealed sender DMs yet.  Hard to use.
Tip: You want to first try Amethyst, then graduate to Gossip when you understand that you have to enter a relay where someone posts to find them.  (hint: lookup their relays quickly on Tor via primal.net.)

Lume
Pro: Lots of features such as mapping relationships, good widgets for hashtags and topics.  Password lock is good.
Con: There’s still Linux bugs.  I can’t recommend it for Linux, as I had issues.  However, the developer has significantly improved Linux builds from just a few months ago, but it’s not there yet.

Damus
Pro: iPhone Client for less tech-savvy users
Con: Apple (and therefore the government) can probably get that private key, but again for the average person it’s ok.

</end>
Please consider reposting this to spread adoption.  I might make video tutorials for gossip 

 Pro/Con of “Privacy” Phone Numbers/Services

JMP.chat
Type: Number
Pro: No KYC VoIP to XMPP (or Matrix) for anonymous Bitcoin, so you're using an open source client
Con: Only US and Canada numbers.  They're just reselling Twillio VoIP, which means that not only are you just paying more just for anonymity, but many services recognize these as Twillio VoIP numbers and will block you.
Solutions: There exists the possibility of buying a real world physical SIM and then transferring over service to JMP VoIP.  But you’re better off using 1 time burner services for most account registry.

Hushed
Type: Number
Pro: No KYC VoIP for Bitcoin, similar to JMP.chat
Con: Uses their proprietary client which isn’t private through the Google Play store.  I’d avoid Hushed.

Silent Link
Type: Number + Service
Pro: No KYC Crypto SIM card that separates billing and identity from the literal cell tower carrier
Con: Uses eSIM which requires Graphene’s Google Push service sandboxed.  No outgoing calls.  

Calyx Institute Hotspots
Type: Service
Pro: No KYC WiFi hotspot for Crypto
Con: It’s just reselling T-mobile service, so if you use this in your home and your home is KYC, then T-mobile will likely figure out that it’s you since celltowers see geolocation.
Solutions: You can avoid this by putting the hotspot in a faraday bag, and only using it outside your home.

MySudo
Type: Number
Pro: Multiple burner VoIP lines
Con: Requires Google Play store JUST to PAY for it, but then can be used on a degoogled phone once you add credit.
Solutions: This can be sandboxed or put on a separate old device and you can use bitrefill to buy the credits with cryptocurrency

SMS.usmobilenumbers.com
Type: Number
Pro: Quick easy cheap burner anonymous SMS verification for cryptocurrency.  It’s real SIMs and not VoIP.
Con: US only.  They resell the number for OTHER services, which MAY trigger anti-fraud for SOME services including Zelle, eBay, PayPal, LinkedIn, and others.  So you risk a ban on accounts.
Solutions: Avoid putting money in any account for a few days to see.  Use a residential proxy IP instead of a datacenter VPN, especially for eBay.

VirtualSim.net
Type: Number
Pro: Great for abusing foreign numbers in poor countries such as Cambodia or Ukraine for Signal or Telegram.  Quick easy cheap burner anonymous SMS verification and/or longer term monthly numbers for cryptocurrency.  It’s real SIMs and not VoIP.  Their customer support is excellent and we highly recommend them for Telegram verifications.
Con: They may loose access to the burner number after a period of time (like a year) where you can’t renew and someone else COULD potentially verify the number.

Crypton.sh
Type: Number
Pro: Huge amount of countries for real SMS anonymous crypto.  Get sought after Western European #s here that normally have strict KYC rules on physical SIMs
Con: Overpriced setup fee for 1 time SMS verification, but if you actually live in (or desire) that country it’s okay.  There’s no real purpose in all their “at rest encryption” advertising, because SMS is unencrypted transport.  

Follow us on Nostr for more!  Repost this if you want us to keep doing them. 

 When someone says “I don’t care about privacy”

What they mean is,
“I only consume propaganda distributed by Big Tech, so I blindly trust centralised power.” 

 Pro/Con of “Private” Email

Protonmail
Pro: Allows Tor, Many use it so network effect of proton to proton encryption
Con: Huge increases in data handoffs to governments makes you question how much data they can get, some question if it’s a honeypot.   Even if not, you’re potentially targeted for even being there, and they have a bad track record.

Tutanota
Pros: Better track record than Protonmail
Cons: Bans Tor and many VPNs.  Severe Browser fingerprinting annoyance when signing up.  They auto-delete your account if you don’t login for 6 months, but you can get around this by adding 2-factor authentication TOTP with KeePass XC

Skiff
Pro: Fast sign-ups, very easy to get a burner account
Con: They use Cloudflare.  Cloudflare intercepts all traffic, so 0% private.  This company is essentially propaganda.

Mail in a Box (software)
This is self-hosting using open source software on a VPS
Pro: More private than any provider.  It does most of the setup work for you
Con: Requires $5 to 15 a month on a VPS (but can be split among friends).  VPS provider can still access emails by snapshots of memory.  Unless you put it in a docker container, you can’t do anything else on the VPS

Luke Smith Scripts (software)
Pro: Fast way to get an email VPS setup
Con: Requires it to be put directly on the server, which can mess up OTHER things you got going on there, like using aaPanel

aaPanel (software)
Pro: Easy to manage a lot of services going on, including WordPress or databases with your email
Con: Not worth setting up this whole thing up for JUST email.

Follow on Nostr for more! 

 Seems like an obvious choice to me
https://void.cat/d/BSRdcnPVsvAmCNdsyC4piJ.webp 

 SimpleX is a private encrypted messenger that creates new identities for each conversation.  However, as we pointed out in a previous video, when you first install the app, it’s all the developer’s own servers.  This has metadata and centralization risks.  We are here to help.

We just released a tutorial video with a self-host script for any Debian/Ubuntu VPS that you can use to easily self-host a SimpleX server:
https://video.simplifiedprivacy.com/simplex/

Here is the script on our self-hosted gitlab on Kyun with an Iceland domain:
https://git.simplifiedprivacy.is/publicgroup/simplex-self-host/

If you do not wish to self-host, you can add our SimpleX servers to your app for free:

smp://BgQRXMpC_pOpm2eAWvwFAvz6o1pJMu8y6_LaxZYxAFg=@smp.simplifiedprivacy.com

xftp://YLfpIjjRjJdOHKSPHCxhHMUmB_auPkxSIkfo76cH7F8=@xftp.simplifiedprivacy.com:5443

Reach out to us if you’d like our help to setup many other services or complex configurations/support at SimplifiedPrivacy.com 

 Checkmate
https://void.cat/d/CQ3cVmWHCabjdhBEH6fnda.webp 

 =)

https://void.cat/d/FvrhJ7e5dGNgoiai76uip5.webp 

 5 Awesome Browser Extensions

1) uBlock Origin
Block 3rd party JavaScript, such as Google analytics

2) Decentralize
Recreate the Google JavaScript libraries locally on your computer that you blocked with uBlock Origin.

3) I don’t care about cookies
Block annoying cookie pop-up warnings when using European Union VPN exits

4) LibRedirect
Get an open source front end re-direct for popular spyware websites when your ignorant friends post links, such as Youtube, Tiktok, Medium, Wikipedia, Reddit.
(Twitter/Nitter usually works for profiles, but not search.  Search gets rate limited).  Reddit is NOT broken, libreddit works for me.

5) Flamingo
This Nostr web extension is great due to it being so easy and simple.  However, keep in mind that most of the Nostr websites use Cloudflare which is not private.  You can Nostr sign to comment on our website's videos w/ Flamingo (and our site doesn’t use CF or Google).  We did this to make it more like a Nostr Youtube/Reddit (for longer lasting discussion/search) and less like Twitter (where it scrolls off into irrelevance).

Reject big tech and embrace open source! 

 AntennaPod is a great example of privacy being interrelated with censorship.

AntennaPod is a great podcast app because not only is it open source for privacy, but it also uses RSS feeds to get content right from the sources to avoid a single company overseeing all your actions.  Now, RSS feeds are not as censor-proof as Nostr notes, but at least they decentralize the data sources to prevent Apple from having full say on what gets banned. 

 Pro/Con of Linux Distributions from a CypherPunk perspective

Linux Mint:
Pro: Very stable, things are likely to just work.  Updates rarely break the system.  And installs of Ubuntu versions of software usually work, but you don’t get the slow speed of Ubuntu’s snaps.
Con: Very slow update cycle, so you’re getting security updates last.  Some newer software either won’t work or you have to manually get debian packages from their website.  You can change the desktop environment, but if you leave it cinnamon then you can’t use Wayland yet. (which is a more secure display protocol)

Fedora:
Pro: Ships with Wayland and SELinux out of the box.  This is a pro if you trust the academic research on SELinux but...
Con: The NSA made SELinux and even though it’s open source, how many impartial non-US firms have audited it with enough expertise to really know if there’s a backdoor?  My questioning of this will cause controversy, but it’s a fair question.  At least be aware if you disagree with me.

Kicksecure:
Pro: Live mode let’s you erase everything.  Can be used as a VM or even the host OS.  AppArmor is default as is Firejail.  Although you could just run these things on any distro.  
Con: It’s still debian, so you are getting slower updates.  But debian has large software support

Arch:
Pro: Bleeding edge of updates.  Huge amount of software.
Con: Updates may break things and require you to roll back things.  (Luke Smith has a tutorial on this)

Void:
Pro: Faster and less attack surface by removing SystemD (the startup system for almost every other distro, btw Artix is Arch without it).  Void also has a more secure version with it’s libraries (musl and GNU libc).  And rolling release meaning faster security updates.
Con: A lot of software is not compatible with the more secure changes, but you can check their website to see which software works on which versions.

Qubes:
This is an OS that lets you run everything in virtual machines with a minimalist hypervisor
Pro: Least attack surface with a Xen hypervisor.  Some experts consider it the hardest to attack.
Con: Requires good computer specs, especially for things like fast video.  And there’s potential USB issues

(btw an alternative to Qubes is Kicksecure in live mode as the base OS with KVM QEMU machines).

Gentoo:
Pro: Can be customized to the best security settings (think all the things mentioned in this article, SystemD removed, musl vs libc, wayland, ect).
Con: Requires a large time investment to modify these things

Follow us on Nostr for more! 

 Btc 36k+

https://nostrfiles.dev/uploads/4c8o8QbyKMNCJeqk7qUi.jpg 

 Government Propaganda Dissected for Beginners

Topic: Federal Reserve
Myth: “The Fed doesn’t hand money to banks, it’s just providing liquidity”
Reality: Banks borrow at interbank, then lend outside it.  So if they borrow at 1% interbank then loan it to you at 6%, they just pocketed 5% which society bleeds out via inflation.  So it is really it’s just handing it to banks, just a complex method to reduce public outrage.

Topic: World Bank
Myth: “The World Bank provides charity to countries in need”
Reality: The World Bank guarantees loans from for-profit commercial banks to corrupt dictators of poor countries.  Then after the dictator runs off with the money, the World Bank pressures future generations of impoverished citizens to pay the loans back (usually to Citibank).

Topic: The CIA
Myth: “The CIA provides security for Americans”
Reality: The CIA conducts mass murders through illegal coups and third party contractors who kill many minorities throughout South America, the Middle East, Asia, and even Africa.  The true extent of the brutal dictators they prop up causes extreme backlash among the world is the motivation for terrorism against Americans.  The CIA’s actions are not only illegal, immoral, and corrupt, but not even practical to make Americans safe.

Topic: 9/11
Myth: “Osama-bin-laden hates Americans because of freedom and religion”
Reality: Osama-bin-laden stated he did it because of US financial support for Israel during the Lebanon bombings which leveled buildings to the ground.  These genocidal attacks were so brutal, that even Ronald Regan (one of the most hawkish presidents in US history) said it was “another Holocaust”.

Topic: Israel
Myth: “Israel has no partner in peace, Hamas is violent just because.”  
Reality: Israel specifically funded Hamas to combat the PLO.  Netanyahu is on the record officially saying that Israel needs Hamas to prevent peace deals with the official Palestinian government which would then force them to give up the West Bank settlements.  [Source: ScottHorton.org]

Spread the use of cryptocurrency and encrypted messengers to deprive government thugs of power and repost this so that others can learn! 

 New Video!  Broad overview of XMPP Clients for beginners:
https://video.simplifiedprivacy.com/xmppclients/ 

 Pro/con for each encrypted messenger

XMPP:
Pro: Speed & Decentralization. Easy to self-host
Con: Low adoption & reliant on government DNS

Matrix:
Pro: Institutional adoption
Con: Decentralized in theory, but centralized in practice to the matrix.org server with Google captchas. Like XMPP, it uses Government DNS

Session:
Pro: Uncensored Identity with onion routed delivery
Con: No rotating keys & despite rising adoption of the messenger, their cryptocurrency is dramatically falling in price, which relays have to stake

SimpleX:
Pro: Anonymous identity for each conversation, your identity is not tied to any one server, and you can self-host.
Con: No multi-device sync.  No backup of account if you lose the physical device.  Group chats don’t scale.  You have to manually find and add servers not hosted by the developer.

Briar:
Pro: Uncensored identity, no servers, Direct Peer to Peer onion routed on Tor, or works without internet via bluetooth
Cons: Other person has to be online. No phone calls. While open source, keep in mind the CIA made Briar for foreign regime change.

Keet:
Pro: Uncensored identity, no servers, peer to peer like Briar, and it’s great for video chat and large file transfers
Con: Like Briar, the other person has to be online, but unlike Briar, Keet won’t connect over Tor.

Signal:
Pro: Easy to use, wide adoption
Con: Centralized Amazon server, no self-hosting, identity is connected to government phones which leaks metadata and can be censored. “Sealed Sender” has been academically proven to leak metadata unless you turn off “read receipts”.  Group chats leak phone numbers if members accept new incoming messages. 

 Oh yeah baby

https://nostrfiles.dev/uploads/I0XBFQDMEkZTxVBisKKi.jpg 

 Almost finished guys, hang in there

https://nostrfiles.dev/uploads/BSnb6RQedCHvZvbVOrC3.jpg