Linux distros for dummies

A Linux distribution is a similar concept to a phone’s app store.  It allows you to download software that’s pre-vetted.  This reduces the chance that it’s malware and allows the different dependencies to work together to reduce redundancy.  However, you MAY optionally get software OUTSIDE of the package manager and directly from the software’s developer, through universal systems such as Flatpak, AppImage, or Snaps.

If you get software from OUTSIDE the package manager, then you’ll have double dependencies which takes up space and causes some minor delay in starting up the program.  Many in the Linux community argue and debate over if the delay, space, and security issues matter, or if it’s more important to have software that works across distributions and is released faster.  The delay on Snaps is worse than others, leading SOME to criticize Ubuntu which heavily uses them.  This is why Mint is a fork of Ubuntu but WITHOUT Snaps.  Others point out that without universal package managers, it can take YEARS for new software to make it to distributions with slower release cycles such as Ubuntu and Mint.

A Linux distribution is NOT the way Linux LOOKS.  That’s the desktop environment!  So if you like a distro’s software, you can swap it for any other desktop environment than the default.  For example Linux Mint’s “Cinnamon flavor” look, could be put on Debian or anything else!  At the end of the day, distros DON’T matter that much and anything is better than Windows…  even snaps =) 

 Showdown!
Signal, Session, SimpleX, Matrix, XMPP, Briar

Who is the...

Most adopted by everyday people:
Signal

Most adopted on darkweb:
XMPP

Most adopted by corporations:
Matrix

Most adopted by militaries:
XMPP

Least Censored for individuals:
Session

Least Censored against platform level bans:
Briar

Most likely to confuse criminal courtrooms:
SimpleX

Best for Journalists:
Session
(due to first contact metadata)

Best for political revolution:
Briar

Most vulnerable to psychological phising:
SimpleX

Most vulnerable to metadata attacks:
Signal

Most vulnerable to backdoor updates:
Signal

Most device-to-device sync issues:
Matrix

Least device-to-device sync issues:
Signal

Most audited:
XMPP

Most centralized network:
Signal

Most decentralized network:
Briar

Most decentralized development:
XMPP

Most misunderstood & untapped potential:
Session

Most likely to grow:
SimpleX
(due to corporate APIs)

My personal favorites:
Session for censorship
SimpleX to hide
XMPP for strangers/friends
Signal for family
(Because good luck getting your grandma on Briar)

Ask me in the comments any new categories or dispute! 

 Passed Senate, it goes to the House:

Quote Senator Mike Lee of Utah:

The Senate just voted to waive the point of order against the NDAA. 
35 of us opposed the motion to waive. 
We needed only 41 to prevent this outcome, and to remove FISA 702 from the NDAA. 
This is not good.

</end quote>

Select Quotes from The Hill by Brad Dress:

Vote to approve the National Defense Authorization Act (NDAA) was 87-13
$11.5 billion slated to deter China in the Indo-Pacific region and another $800 million to support Ukraine

They are also upset about a short-term extension of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows for warrantless surveillance of foreigners abroad but is controversial because Americans can get swept up in the surveillance. 

Some senators took to the Senate floor to protest the FISA extension, including Sens. Rand Paul (R-Ky.) and Mike Lee (R-Utah).  Ahead of the NDAA vote, an effort to remove the FISA Section 702 extension from the bill was defeated in a 35-65 vote. In remarks, Paul accused senators of trying to “rubber stamp this and look the other way” to allow FISA to continue without any reforms.

Lee said the American people deserve freedom from “warrantless searches.”  “The American people aren’t going to take this anymore,” he said. “The American people expect more, and the Constitution demands it.” 

 Privacy routers, phones, and computers?

At the most basic level, this “privacy” stuff just means changing the operating system!  It’s the same hardware and many of the same programs/apps are used.  The only real difference is an open source operating system that isn’t spying on you.

So with a computer, we’re ditching Windows/Apple and using Linux.

With a phone, we’re ditching the “stock version” of Android (which is the version with Google’s telemetry), and using GrapheneOS (or other choices such as Calyx, Lineage, etc)

With a router, we’re ditching the ISP or manufacturers’ version, and putting on OPNSense, (or pfSense, DD-WRT, or Open-WRT)

That’s it.   It’s not that complicated.  You can use the same cell service.  The same home internet provider.  For phones, all the same Android apps.  And for PC, most of the same software.  It’s just that the OS has no telemetry. 

 Reminder:
US Senate warrantless wiretapping vote is today!

We present a neutral pro/con view from unbiased international waters.  Some such as Utah Senator Mike Lee say to call your local Senator and demand it be removed (remove FISA 702 from the NDAA) with this contact list:
https://www.senate.gov/senators/senators-contact.htm

According to Mike Lee, if 41 Senators vote for it, it would be removed.

Others say to call and demand even more wiretapping and perhaps anal probes!  Call your Senator either way!  As we are neutral and not foreigners interfering with elections. 

 Edward Snowden’s Twitter feed is drumming up support for stopping tomorrow’s Senate warrantless wiretapping vote.  Here’s what he reposted:

You can let your Senator know how you feel about an extension of unpopular wiretapping.  Here’s the contact information:
https://www.senate.gov/senators/senators-contact.htm

Or the U.S. Capitol Switchboard operator can also connect you directly with the Senate office:
(202) 224-3121

</end>
Meme humor:
I don’t know how many people will call, when they want to be anonymous untapped phone numbers!  

Legal Disclaimer:
We are copy and pasting publicly available information from international waters, and are not interfering with elections.  We encourage communication with Senators either way!  Hooray for both sides from unbiased international waters. 

 News: Public Backlash Forces an Extension on the US Surveillance Decision

Today was supposed to be a pivotal moment where the US surveillance programs (that allow warrantless wiretapping) would either be reformed or expanded. Dual competing versions of the new bills were supposed to be voted on today in Congress, with only one moving forward. Instead surprisingly, due to public backlash, the Speaker of the House decided to pull both versions of the bills from being voted on, and moved to extend the status quo.

Get the inside scoop:
https://simplifiedprivacy.com/decision/ 

 This is old news, but our new audience doesn't know it.

Chilling Effects: Online Surveillance and Wikipedia Use
Berkeley Technology Law Journal, Vol. 31, No. 1, p. 117, 2016

Quote of Glenn Greenwald, from the Intercept April 28 2016:

"The new study documents how, in the wake of the 2013 Snowden revelations (of which 87 percent of Americans were aware), there was “a 20 percent decline in page views on Wikipedia articles related to terrorism, including those that mentioned ‘al Qaeda,’ ‘car bomb’ or ‘Taliban.'” People were afraid to read articles about those topics because of fear that doing so would bring them under a cloud of suspicion. The dangers of that dynamic were expressed well by Penney: “If people are spooked or deterred from learning about important policy matters like terrorism and national security, this is a real threat to proper democratic debate.”

Now of course, the link ironically has Cloudflare/Google, but hey, I gotta link original source:
https://theintercept.com/2016/04/28/new-study-shows-mass-surveillance-breeds-meekness-fear-and-self-censorship/
&
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2769645 

 Huge win for Epic Games in their court case against Google.

The court decided that Google’s Play app store operated as an illegal monopoly and the case also challenged the transaction fees of up to 30% that Google imposes on Android app developers.  What’s this mean going forward for Nostr apps?

Get the Fast Key Highlights:
https://simplifiedprivacy.com/epicgoogle/ 

 How to Convince Friends to Leave WhatsApp & SMS

One of the challenging aspects of privacy is getting your friends to actually use it. While Signal is very centralized and has metadata leak issues compared to Session, SimpleX, and self hosted XMPP, it’s still way better than WhatsApp or SMS. So Signal is the low-hanging fruit that can be used to transition low-tech normies in your life to freedom. In this post, we’ll focus on example psychological tactics to shift your friends off WhatsApp and SMS.

When they say:

”But I already use WhatsApp”.

You respond:

“Did you know Signal was made by the same guy who also made WhatsApp? Brian Acton sold WhatsApp to Facebook, but was so disgusted with the spyware and invasion of privacy that he made a similar thing without it. The user interface is very similar and intuitive. It’s so easy my mother uses it. Are you saying your less technically savvy than my mama?”

When they say:

“Why do I need privacy, I have nothing to hide.”

You respond:

“We all want to keep our data secure. Not only is your data sold by big tech, but you’re trusting their security which is often flawed. For example Uber was hacked and customer credit cards were sold on the darkweb. Another example is Microsoft’s emails were hacked, and the data publicly leaked and sold. Now sometimes you get some upside for giving up data, but why trust Facebook’s WhatsApp for no benefit to you, and pure downside?”

When they say:

“I don’t feel comfortable using privacy tools”

You respond:

“You phrase this like we’re hiding from the CIA to do evil stuff. Many of these encryption tools, such as Signal are sponsored in part by the US government for better security. Millions of everyday people use these tools, and they’re widely available in app stores. You know regular text messages called SMS are actually completely in plaintext? It’s a huge weakness for phishing attacks and getting into people’s accounts. Why wouldn’t you want to keep your communications safe?”

When they say:

“It’s just easier to use a regular phone call”

You respond:

“It’s not easier, I travel all the time and then my number changes area codes creating complexity to update my contact list. I don’t even get cell service in {insert other country or area}. I check Signal all the time and do all my personal connections there. I really value your friendship and I want to make sure I don’t miss a call.”

(If you register Signal with a foreign country’s burner number that you got for crypto online, this really drives this one home)

When they say:

“It’s just easier to use WhatsApp”

You respond:

“I dislike WhatsApp because scammers, bots, and strangers over and over message me to try and scam me, which forces me to disable notifications. It’s not easier for me to see your text when I can’t stand to keep filtering through this spam. On the other hand, Signal is used by wealthier and smarter people, so the spammers don’t bother because it’s not profitable to target sophisticated users.”

When they say:

“Everybody I know already uses WhatsApp”

You respond:

“Well all the CEOs and successful entrepreneurs I know use Signal. So by your own admission, this is a great way to increase your social circle for free. We’re all a product of who we know. If the people you know are poor and unresourceful peasants, then maybe they have no value to hackers trying to get corporate secrets. On the other hand, if you have this free and easy to setup app, then when the right opportunity comes, you’ll seem like the right hire for the sophisticated client. Think of Signal like a digital suit. You don’t wear a suit every day, but it’s good to own some nice clothes for when it counts.”

“We can use Signal next time, let’s just do WhatsApp quickly now”

You respond:

“Oh I’m sorry but so many scammers spammed me on the platform, that I cursed one out. Then WhatsApp banned me and my phone number for violating the terms of service with profanity. So I would but I can’t. Why use a service where you have no control?”

“Why are you doing privacy? What do you have to hide?”

You respond:

“It’s not that I’m hiding. It’s that I don’t allow large tech companies to have power over me. I want to control my own data and electronics on my own terms. There is no benefit to giving it away to Google, Facebook, Apple, ect. When it’s just as easy to install Signal and talk to me there. The question is not why am I hiding, it’s why are you for free submitting to their absolute surveillance over every word you say in chat and every thought you have through algorithmic AI monitored feeds? Replace the word privacy with power.”

</end>
This is all network effect and psychological norm.  So consider reposting this.
 

 My Controversial Tech Picks:

Mint over Ubuntu
LibreWolf over Brave
MPV over VLC
AnonAddy over SimpleLogin
Session over Telegram/Briar
MetaGer over Duckduckgo
SimpleX over Signal
Gossip over Iris
onlyOffice over LibreWriter
KeePassXC over all mobile 2FA
XMPP over Matrix
Monocles over Conversations
AntennaPod over iTunes
Trocador over exchanges with accounts
Feather over official GUI
Farside over LibRedirect
scp command over NextCloud
KVM Virtmanager over Oracle VirtualBox
And of course, Nostr over Mastodon

Add on to my list with your picks in the comments!
(Or dispute/ask why I made a choice) 

 The irony of Matrix, XMPP, and Session is the public group chats.

Matrix has encrypted group chats, while as with XMPP and Session, the large group chats are just plaintext.  This is ironic because Matrix is the most used for legal technology corporations' public help forums where nothing discussed is a secret.  So it lags down anonymous Tor users who need help with some kind of already broken software to exchange public keys with thousands of people. 

On the other hand, Session is considered a darkweb tool, but the public group chats over 100 people are just regular plain text websites that AI bots can easily scrape.  This is what our new Session bot seeks to solve for uncensored free speech.  DM our new bot, Session ID: Simple 

 Want security and privacy on Nostr?  Meet Gossip...

Our new animated tutorial covers Gossip:
https://video.simplifiedprivacy.com/gossip/
 

 Pro/Con of Anonymous VPS Hosts

The best way to take control of your privacy and security is by hosting things yourself. This could be your own website, email, NextCloud, Notstr relay, front-end service, or even your own proxy VPN. This list will compare the pros and cons of VPS hosts only if they allow anonymous sign-ups for crypto.

Servers.guru
Pro: Very cheap. Very seamless setup, easy for beginners not used to SSH keys. The backups here are reasonably priced and good. They accept Monero.
Con: While you can block their website’s Google JavaScript, you can’t evade that Cloudflare can definitely see your passwords and therefore all data. They’re just a re-seller of Hetzner, which is a huge company with questionable privacy history. Also servers guru itself is a US firm.
Note: You need to show them your DNS records to unblock email ports, which is okay because the IPs are usually not on spamhaus blacklists.

Kyun.host
Pro: Very private, no Big Tech integration. Accepts Monero & in Romania. Tor onion address.
Con: Don’t use this for outgoing email. All these IPs will get on spamhaus email list, and even if you write spamhaus, they’ll put you back on it.

Shinjiru.com
Pro: Company’s reputation for allowing free speech is good. Malaysia is a decent jurisdiction for privacy. Shinjiru also lists other countries and the prices are good. IPs are usually not on spamhaus blacklists.
Con: Overpriced backups. Layer 1 Bitcoin fees only, and a 5% processing fee makes them not as cheap as they initially appear. If you do shared hosting, you’re getting your site Cloudflare’d against your will. For the dedicated racks, they charge $50 to setup Debian, but Ubuntu is free.

OrangeWebsite.com
Pro: Iceland. Excellent reputation on both free speech and privacy. Fast customer service response times and the support is knowledgeable. They accept Monero. IPs are usually not on email spamhaus blacklist.
Con: High prices. The server hosting is real high, but the domain names are reasonable compared to other anonymous providers.

FlokiNet.is
Pro: Iceland and Seychelles based. Previous Wikileaks host. Good prices and great country selection (Romania, Finland, ect). They accept Monero.
Con: Horribly slow customer service response times, you might wait up to a week to get a reply if you have an issue. Also, they list covid-19 misinformation as a term of service for suspension. Finally, their DNS uses cPanel which is closed source and going to dragnet surveillance your browser fingerprint. But the other info you enter into the DNS is public.

Impreza.host
Pro: Great country selection, including Iceland, Switzerland, and controversial Russia*. They appear to have a privacy-friendly attitude. Tor onion address. And pre-made Tor packages, but you can host Tor yourself without paying them extra if you want to learn how. They accept Monero. IPs are usually not on email spamhaus blacklist.
Con: Support staff is retarded. They will respond quick but with bad information, so you really need to know what you’re doing. You likely will lose money due to them being so inept and time passing by. This is a bad first time host for beginners. And they have expensive pricing on some countries. They also promote left wing propaganda within the web app itself.
* = we do not advise breaking sanctions, please consult legal counsel for your specific situation.

Njal.la
Pro: Sweden. XMPP support available. Tor onion address.
Con: Outgoing email banned. More expensive VPS than the other providers on this list, but the domains are okay.
Note: They strictly ban illegal content.

IncogNet.io
Pro: Privacy friendly stance. Good prices. Tor onion address.
Con: Slow to respond customer service, especially on new dedicated racks. They’re a US company.
Keep in mind that all US servers are going to be cheaper because of the infrastructure in place. And that domain name registration is always going to be more expensive if anonymous, as you’re not paying the WhoIs privacy.

Conclusion
Almost all these providers can improve your privacy, security, and self-sovereignty. Worthless propagandists such as Vultr and Linode want to force you to submit to the tyranny of KYC.  You got other ones not covered?  Give your opinion in the comments! 

 Big Tech firms SELL data to the US government.  They aren’t pressured into it, they love it.

This data is worth more when it’s needed to get "criminals".  But what defines a criminal?

Governments define what’s criminal.  In other words, the more their biggest customer can persecute their website visitors, the more money Big Tech can make.  Now you understand why social media companies censor content with an authoritarian agenda to make more and more ordinary things illegal.

But Nostr ain't a big tech firm.  So let's light a fire under their ass 

 We posted a recent Vice article about the US government requesting nearly all Apple and Google push notifications [1].   This article discusses how these companies are now coming forward and being honest for the first time about the high quantity of requests they are getting, after a senator made it public.  One of our readers on Nostr asked “I can’t switch to Graphene, what can I do?”

Well obviously switching to an operating system that isn’t maliciously collecting the data to begin with is the ideal solution.  However, if you can’t do that, there are some steps you can take.

Step 1) Using apps that hide push metadata

Google and Apple push are connected to an identifier.  Consider using apps where your identity in the app itself, is completely disconnected from your Google or Apple ID.  Session messenger is a perfect example of this, with Google push being unable to even see what random numbers/letters your Session account is.  But Google can tell you are using Session.  SimpleX is another example of this.  Signal hides who the sender is, but to a lesser degree.  [see our previous articles on Signal].  Don’t get too comfy here, you’re still being spied on through the operating system.

Step 2) VoIP

SMS is not encrypted, but at least you’re not getting the SMS from the same cell tower giving you service.  This separates it so that one company sees the messages, and another sees just a VPN tunnel.  Powerful governments can put the puzzle together, but the phone companies can’t.  You want to use a service that is disconnected from Google/Apple push identities, so JMP.chat is a good example is as it’s routing it through your custom XMPP/Matrix account.  While as Hushed is a bad example, since the relies on Google push to deliver.

</end>
Consider sharing this, so both sides of your conversations are secure.  Original article:

[1]
https://www.vice.com/en/article/wxjbv9/apple-just-confirmed-governments-are-spying-on-peoples-phones-with-push-notifications
 

 Ok so when I write articles for years on this exact issue, I'm a conspiracy theorist.
Then Wyden writes it, and it's news.


(From Vice News)
Apple Just Confirmed Governments Are Spying on People’s Phones With Push Notifications

A U.S. senator warned that governments are spying on push notification data in a letter, which Apple confirmed. 

(By Jules Roscoe of Vice News. Copy pasted without permission because the original source has Google spyware.)

Governments are spying on U.S. smartphone users through the push notifications that they receive from apps, Senator Ron Wyden wrote in a letter to the Department of Justice on Wednesday and Apple confirmed. 

Wyden wrote that the federal government had restricted Apple and other companies’ ability to share information about this process. The Senator’s office “received a tip” last year that “government agencies in foreign countries were demanding smartphone ‘push’ notification records from Google and Apple,” Wyden, a Democratic senator from Oregon, wrote in the letter to Attorney General Merrick Garland. “My staff have been investigating this tip for the past year, which included contacting Apple and Google. In response to that query, the companies told my staff that information about this practice is restricted from public release by the government.” 

Apple confirmed in a statement to Reuters on Wednesday that, “In this case, the federal government prohibited us from sharing any information. Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”

The process by which push notifications are generated requires the phone company to serve as a “digital post office,” Wyden wrote. Push notifications are sent through Apple and Google's servers, which means that the companies “serve as intermediaries in the transmission process,” and can therefore be made to hand over information to governments that request it. 

According to Wyden’s letter, the information that can be gleaned from push notification requests is mostly metadata. This includes information “detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered,” Wyden wrote. In some cases, requesters may even receive unencrypted content such as the text that was delivered in the notification. 

The senator said that companies can therefore “be secretly compelled by governments to hand over this information.” 

An unnamed source confirmed to Reuters that both foreign and U.S. government agencies had been asking the companies for push notification data, for example to tie anonymous users of messaging apps to specific accounts. They did not say which government agencies had participated in this, or for how long. 

Apple advises its developers to encrypt any sensitive data sent through a push notification, but does not require this practice. 

An Apple spokesperson told Motherboard that the company was “committed to transparency” and had “long been a supporter of efforts to ensure that providers are able to disclose as much information as possible to their users.” The spokesperson said that Apple had updated its law enforcement guidelines and would begin to break out the requests for push notifications that it had received in its next transparency report. 

Apple’s new law enforcement guidelines now include a section on the company’s push notification service. “The Apple ID associated with a registered APNs [Apple Push Notification service] token may be obtained with a subpoena or greater legal process,” the document states.

A Google spokesperson said in an emailed statement to Motherboard: “We were the first major company to publish a public transparency report sharing the number and types of government requests for user data we receive, including the requests referred to by Senator Wyden. We share the Senator’s commitment to keeping users informed about these requests.” The spokesperson did not clarify any restrictions on publishing information relating to requests for push notification data. 

“Apple and Google should be permitted to be transparent about the legal demands they receive, particularly from foreign governments,” Wyden wrote. “These companies should be permitted to generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data. I would ask that the DOJ repeal or modify any policies that impede this transparency.” 

By Jules Roscoe of Vice News. Copy pasted without permission.

Original Vice Source with Google third party JavaScript spyware:
https://www.vice.com/en/article/wxjbv9/apple-just-confirmed-governments-are-spying-on-peoples-phones-with-push-notifications

 

 We are now running a free SearXNG Search Engine front end for your convenience:

searx.simplifiedprivacy.com

This acts as an open source proxy for your searches to a mix of search engines to guarantee no logs or browser fingerprinting.  If you forget the URL, it's on the Resources tab on our website.  Share this so others can benefit.  Remember, anonymity loves company. 

 Pro/Con of Burner Email Services

This is a review of email burners for 1-time verification codes to avoid spam and to separate different activities or identities

5july.org
Pro: Our Number 1 recommendation for burner privacy.  Based in Sweden, this reliable honest non-profit uses Bahnhof (a previous Wikileaks host). No CloudFlare, No Google analytics.
Con: Only 1 domain to pick from.  Often/sometimes it doesn’t function.  I don’t think it’s the providers blocking it.  I think 5july is just too poor for good maintenance because they have no business model.  

GuerrillaMail.com
Pro: Large userbase is good for anonymity.  It works without JavaScript (for incoming) and Tor isn’t blocked.
Con: Many websites recognize GuerrillaMail and will block you.  Google captchas on outgoing emails (at least in the past)

Emailondeck.com
Pro: This is basically a burner version of protonmail, as proton hosts their mail. Less hassle than making new burner protons.  It’s free for incoming, paid outgoing with Bitcoin accepted.
Con: This service shares and logs data like IP addresses with advertisers who want to send you junk mail.  Also they sell ads to your inbox.  Requires JavaScript and Hcaptcha.  Hcaptcha is Cloudflare, but Cloudflare can’t see emails in this case (just fingerprint you).  EmailonDeck’s site calls on Google stuff, but you can block it with uBlock Origin and the site still functions.  

10minutemail.com
Pro: Assigns email address exclusively to you via a cookie, so in theory someone else can’t get to it.
Con:  US company that sells data to advertisers.  Cloudflare is their host and can probably see all emails, and this website is more integrated with Google Analytics.

MailDrop.cc
Pro: The UI on this is nice.  They used to use Amazon, but now switched to Hetzner which is still centralized but at least not a CIA contractor.  
Con: They still use Cloudflare and openly admit to keep logs of IP addresses and the mailboxes they use.

</end>
Please reshare so others can learn.
 

 This brand new animated video goes over how our new bot for Session messenger is a game-changer for resisting censorship:
https://video.simplifiedprivacy.com/sessionbot/

To join, message the bot at Session ID: Simple 

 Big News!

After 2 months of development & decent cost,

We're ready to move forward with the alpha test of our Session bot software for the purpose of rejecting government infrastructure, DNS, routing, and therefore surveillance and censorship.  It automates Session messenger's encrypted onion-routed 1-on-1 chats, into a platform that any influencer can engage in free speech even under the harshest conditions. 

At the completion of the alpha test (like a week) to get out bugs, we will then be open sourcing this to the community for free, for anyone to setup their own instance.

The pre-existing problem we seeked to solve is that Session's group chats linked it to a single public facing server, with a complex public key for new users, and required a visible IP/domain thus defeating the purpose.

Our Session bot automates incoming follower requests made to a “single word” username to a list, and then later the creator can send content out, one by one, similar to how an email list functions, but in this case onion-routed with no government DNS.   Consider this like “push notifications for Tor”, but even better than Tor onion domains, if your server’s location is discovered, then you can re-assign the Session ID via their blockchain DNS system to a new account and server, with your wallet kept in offline cold storage.  And thus your speech is completely separated from physical locations to defy oppressive adversaries and achieve freedom.

We believe that our new system for Session to replace Telegram, perfectly compliments Nostr’s replacement of Twitter.  As Nostr is on the clearweb, but makes it easy to share content.  While as using our Session bot protects not only (Session’s version of) relays, but also who their audience is.  So we encourage the use of BOTH together.

Join the alpha test by messaging the Session ID: Simple

Need help?  Message the ID: Support
 

 In our article on Monero on nov 28, we mentioned our OPINION that Bitcoin mixers were less legal than Monero due to the third party actor nature that in our subjective opinion of the law would be more likely to trigger US KYC laws or political authority.  This hypothetical guess has become more than a guess as only 5 days later, BitcoinTalk official bans links to BTC mixers following heat from a US Treasury press conference, but they ALLOW Monero:

Official Source:
https://bitcointalk.org/index.php?topic=5476162.0

Our original article:
https://simplifiedprivacy.com/moneroflaws/

Today we ask, how many more of the predictions will come true?

These "fake monero" derivatives are used to dance around listing it.  Remember, if crypto exchanges allow short sellers of Monero to sell something that none of them even own, this is called interest rate suppression.  This has a history of only ending one way.

I say, pull it off the exchange. Bring the pain. 

 Tips for Using Nostr on Tor:

Nostr has horrible Tor support as it’s very slow to connect to all of these relays.  Here’s some tips:

1) Use the Gossip Client on desktop (Linux is supported btw).  We love Whonix, but you could use any other tools such as ParrotOS, Tails, or even just command line software.

Then modify the following settings in Gossip:

a) Turn off avatars
b) Turn the refresh rate for the timeline to the slowest
c) If you’re real laggy, turn off “in-line content” which is images
d) Mute people you don't actually need to see
e) Modify the relays (see the next point)

2) Gossip is great for Tor because not only can you cut out the bullshit, but the client knows which relay to find which person.  This speeds up the process by not asking extra relays

2) If you’re doing controversial speech, consider only posting on Gossip via Tor, but then using a different account on a WireGuard VPN just for general browsing/scrolling of a timeline

3) Another possibility is Primal.net, as they aggregate all the information for you like regular social media.  They have the ability to censor you from seeing stuff just like Big Tech, I’m not saying they will do this… just be aware that they can.  Primal has both a web app and mobile app.  The web app works on Tor browser as it’s NOT behind CloudFlare.  But it is hosted by Hetzner which is the largest German host

Primal is great to look up someone's relays then follow on Gossip
 

 Pro/Con of “Privacy” Phone Numbers/Services

JMP.chat
Type: Number
Pro: No KYC VoIP to XMPP (or Matrix) for anonymous Bitcoin, so you're using an open source client
Con: Only US and Canada numbers.  They're just reselling Twillio VoIP, which means that not only are you just paying more just for anonymity, but many services recognize these as Twillio VoIP numbers and will block you.
Solutions: There exists the possibility of buying a real world physical SIM and then transferring over service to JMP VoIP.  But you’re better off using 1 time burner services for most account registry.

Hushed
Type: Number
Pro: No KYC VoIP for Bitcoin, similar to JMP.chat
Con: Uses their proprietary client which isn’t private through the Google Play store.  I’d avoid Hushed.

Silent Link
Type: Number + Service
Pro: No KYC Crypto SIM card that separates billing and identity from the literal cell tower carrier
Con: Uses eSIM which requires Graphene’s Google Push service sandboxed.  No outgoing calls.  

Calyx Institute Hotspots
Type: Service
Pro: No KYC WiFi hotspot for Crypto
Con: It’s just reselling T-mobile service, so if you use this in your home and your home is KYC, then T-mobile will likely figure out that it’s you since celltowers see geolocation.
Solutions: You can avoid this by putting the hotspot in a faraday bag, and only using it outside your home.

MySudo
Type: Number
Pro: Multiple burner VoIP lines
Con: Requires Google Play store JUST to PAY for it, but then can be used on a degoogled phone once you add credit.
Solutions: This can be sandboxed or put on a separate old device and you can use bitrefill to buy the credits with cryptocurrency

SMS.usmobilenumbers.com
Type: Number
Pro: Quick easy cheap burner anonymous SMS verification for cryptocurrency.  It’s real SIMs and not VoIP.
Con: US only.  They resell the number for OTHER services, which MAY trigger anti-fraud for SOME services including Zelle, eBay, PayPal, LinkedIn, and others.  So you risk a ban on accounts.
Solutions: Avoid putting money in any account for a few days to see.  Use a residential proxy IP instead of a datacenter VPN, especially for eBay.

VirtualSim.net
Type: Number
Pro: Great for abusing foreign numbers in poor countries such as Cambodia or Ukraine for Signal or Telegram.  Quick easy cheap burner anonymous SMS verification and/or longer term monthly numbers for cryptocurrency.  It’s real SIMs and not VoIP.  Their customer support is excellent and we highly recommend them for Telegram verifications.
Con: They may loose access to the burner number after a period of time (like a year) where you can’t renew and someone else COULD potentially verify the number.

Crypton.sh
Type: Number
Pro: Huge amount of countries for real SMS anonymous crypto.  Get sought after Western European #s here that normally have strict KYC rules on physical SIMs
Con: Overpriced setup fee for 1 time SMS verification, but if you actually live in (or desire) that country it’s okay.  There’s no real purpose in all their “at rest encryption” advertising, because SMS is unencrypted transport.  

Follow us on Nostr for more!  Repost this if you want us to keep doing them. 

 Pro/Con of “Private” Email

Protonmail
Pro: Allows Tor, Many use it so network effect of proton to proton encryption
Con: Huge increases in data handoffs to governments makes you question how much data they can get, some question if it’s a honeypot.   Even if not, you’re potentially targeted for even being there, and they have a bad track record.

Tutanota
Pros: Better track record than Protonmail
Cons: Bans Tor and many VPNs.  Severe Browser fingerprinting annoyance when signing up.  They auto-delete your account if you don’t login for 6 months, but you can get around this by adding 2-factor authentication TOTP with KeePass XC

Skiff
Pro: Fast sign-ups, very easy to get a burner account
Con: They use Cloudflare.  Cloudflare intercepts all traffic, so 0% private.  This company is essentially propaganda.

Mail in a Box (software)
This is self-hosting using open source software on a VPS
Pro: More private than any provider.  It does most of the setup work for you
Con: Requires $5 to 15 a month on a VPS (but can be split among friends).  VPS provider can still access emails by snapshots of memory.  Unless you put it in a docker container, you can’t do anything else on the VPS

Luke Smith Scripts (software)
Pro: Fast way to get an email VPS setup
Con: Requires it to be put directly on the server, which can mess up OTHER things you got going on there, like using aaPanel

aaPanel (software)
Pro: Easy to manage a lot of services going on, including WordPress or databases with your email
Con: Not worth setting up this whole thing up for JUST email.

Follow on Nostr for more!