Privacy Guru Michael Bazzell retires, what can we learn?

We liked his content a lot, and it’s a shame he stopped doing his podcast. One of our readers on Nostr asked us how our content differs.  We respect him greatly and this is not a critique, but simply we are targeting a different audience.

His content targets a more novice user and our content is a little more anti-authority, more global, and less trusting of low-end consumer privacy products.  For example Bazzell advocates for the use of Protonmail, while as we promote self-hosted email on a VPS. This is more decentralized and private, but requires more effort.

Bazzell suggests the use of Privacy.com cards, which mask your info to the vendor and your bank. This is convenient but ultimately not anonymous, which never was Bazzell’s goal or intent. On the other hand, at Simplified Privacy, we reject fiat money as legitimate, and only use cryptocurrency. We recommend crypto gift card vendors such as CakePay, CoinCards, and Bitrefill to avoid KYC. Some of these even have debit cards. Ultimately, we follow the philosophy of Agorism, and our goal is to create a parallel society outside the control of big tech and banks.

Bazzell is more focused on Signal using a Google Voice or Twillio number. This is practical for many users and his target audience. While as our philosophy is more focused on the broader picture, and we dislike Signal’s centralization and reliance on Amazon’s servers. Instead, we recommend Session for censorship and socialization with strangers, while as SimpleX or XMPP are preferred for pure security. We thought Bazzell’s statement in his book of “I like Session, but it’s not popular” to be reflective of his attitude of purely pragmatic low-level evasion. While as our philosophy is to actively influence society for individuals to self-realize their technological freedom.

Bazzell recommends NextDNS, because of their ability to block or evaluate your traffic. While we see the benefits of this, it’s not right for our particular audience, because then you’re trusting just one company to oversee all traffic. For example if you were to use Tor Browser, you’d be getting a new identity each time. While as NextDNS on one VPN would correlate all traffic as you.

When it comes to phones, Bazzell’s recommendations are a reflection of his focus on convenience to the end user and practicality for the most amount of people in their daily application. For example, he recommends SIM cards INSIDE GrapheneOS phones, and on a podcast he replied to a listener question about external hotspots and routers that it wasn’t that important.

While we acknowledge the practicality and appeal of this to the majority of users, our philosophy is very different and focuses more on those with a higher threat model. We completely dislike SIM cards inside phones because of malware and baseband modem vulnerabilities. Instead, we promote solely EXTERNAL hotspot/router WiFi with VoIP and keeping the hotspot in a faraday bag when you are home. Additionally, we view Google as so hostile, that they can’t even be trusted to manufacture the hardware required for GrapheneOS, so we’re open to non-Google phones with CalyxOS and VM phones on desktop to completely isolate spyware.

Bazzell on his podcast said he only uses OpenVPN, and never WireGuard because of WireGuard’s 2-minute logging of IPs in memory. We respect his decision to recommend this, but we believe it’s not really appropriate for his target audience of novice users. This type of recommendation be more appropriate for Tor users, anti-government journalists, or hackers under extreme or oppressive countries with VPN restrictions. In our subjective opinion, for the vast majority of average Americans (his target audience), the faster speed of WireGuard outweighs the 2-minute IP log.

Bazzell has done numerous podcast episodes discussing System76 Linux computers with PopOS. We think this is great, and would like to add on that System76 is our main recommendation for those coming from Mac/Apple. Not only is this specific audience used to getting both the hardware and operating system bundled together from the same vendor, but Apples can’t dual boot with Linux (easily) like Windows can. Additionally, Chris Titus has a guide on making PopOS aesthetically look like a Mac.

Regarding Bazzell’s pfSense recommendation, this was a good idea up until pfSense switched licenses and is shifting away from FOSS. Now we recommend OPNsense. But this happened AFTER Bazzell’s podcasts/books, so he gets no blame.

Wherever you are Bazzell, you will be missed. I listened to nearly every episode. 

 It can be challenging to convince people to abandon tyranny technology

One of our readers wrote the following about why should he bother switching from Google products. We will try to convince him otherwise.  He said:
“I keep thinking, to what extent does it matter that Google will know my interests to show me targeted ads? I don’t care, I actually prefer to see relevant ads if I have to see ads”

First of all, you don't have to see ads. If you use uBlock Origin browser extension or Brave Browser for example you won’t see them. Another option is a DNS block on Google. Even with a regular stock android any of these options work.

Second, you assume that the advertiser will charge you a fair price regardless. Our previous article on browser fingerprints, demonstrated from numerous academic sources that many retailers will abuse their knowledge about you to charge a higher price. For example Target charged a higher price on the mobile app when shoppers were physically closer to a store, because alternatives were much less convenient. Other examples include airlines knowing you will buy tickets because you checked the flight multiple times, and then jacking it up for you. You can find this article here:
https://simplifiedprivacy.com/browser-fingerprints-lead-to-price-discrimination/

He continues: “That Google will delete my account one day because they dislike something I said online? That would be bad, but by far less likely and, I can protect myself from this, I think, simply by having backups of my data and an email address in my own domain, using proton mail or alike, right?”

Yes, that’s exactly what we’re saying. Google can and will ban you for speech they dislike and by heavily using their services, you’ve become dependent on their will. This isn’t just about privacy, but it’s about power and self-sovereignty.

Now you might say, “oh well I’m not speaking out, and I’m not a controversial public influencer”. But what today may be normal speech or actions, may change in the future. For example, 10 years ago, would you have thought you might be forced to take a vaccine to enter a restaurant? Who knows what drugs future Google will require for accounts you’ve become dependent on.

He continues:

“What else can Google do to me? Denounce me to a dystopian government for being interested in Bitcoin, do that they can try to confiscate it? Sure but, first of all, hopefully extremely unlikely, and secondly, it’s “too late” already. I’m signed up in Gmail to many Bitcoin newsletters. They already know.”

If your Bitcoin can be taken, what is even the purpose of it? That sounds like a bank account, and Google can see all private keys kept on Android. So you never really own self-custody Bitcoin with Google, you only have temporary access.

It’s not unrealistic to think the government will confiscate your Bitcoin or try to do ridiculous tax hikes such as unrealized capital gains. Not only are people such as Elizabeth Warren actively pushing for this in Congress, but past precedent has shown the steps governments will take when their currency experiences heavy devaluation.

For example, in 1933 FDR confiscated Americans gold . Another example is India literally going door-to-door to confiscate cash, to force people in digital surveillance. Yet another recent example is in Nigeria, the forced CBDC program, which tried to end physical cash.

The idea that they “already know” and therefore you should never change is ridiculous. The knowledge about your past activity becomes less and less relevant, the sooner you stop surrendering all future data to a malicious surveillance firm such as Google. Bitcoin can be sent to an empty wallet on a Linux computer or DeGoogled phone and now you “don’t have it anymore” in the eyes of the empire.

There’s the old expression of the boiling frogs. That if you turn up the heat suddenly, they hop out. But if you slowly dial it up, they boil to death, not realizing there’s a way out.

Then again, you may not know about this example if Google AI is deciding everything you see.
 

 Agorism: Improve your mindset with this philosophy.

Agorism is an amazing philosophy for improving your life. But it’s often misunderstood and I disagree with the majority. Let’s first look at the official definition.

Textbook definition:

“Agorism is a social philosophy that advocates creating a society in which all relations between people are voluntary exchanges by means of counter-economics, engaging in a nonviolent revolution. Agorism has similar elements to anarcho-capitalism, but unlike some anarcho-capitalists, most agorists are strictly opposed to voting as a strategy for achieving their desired outcomes.”

My definition:
Agorism is rejecting a government-run society (which is violence) through self-action (which is voluntary entrepreneurship). In other words, fixing yourself first and opting out of the current system.

To quote Jose Nino, from libertasbella.com ,

“The ultimate agorist goal is to gradually get people to engage in black and grey market economic activity in order to starve the state of revenue and keep it from harassing people. That means building businesses that make the state irrelevant and develop parallel institutions

But I think Jose Nino is an idiot. Because his website uses Google and Cloudflare which is government cheerleader infrastructure. So agorists disagree…

Disagreement:
Almost all agorists agree that a government run society is bad, but where agorists disagree is what action the person has to do to “opt out”. Some view the problem is purely taxation and economics, while others view this as interacting with technology, food, weapons, land, passports, or other forms.

Types of Agorism:

Digital Agorism:
This focuses on self-reliance in technology and rejecting large big tech companies for software, operating systems, and even sometimes hardware or networking.
(This is what we focus on at Simplified Privacy)

Crypto Agora:
This focuses on self-reliance with cryptocurrency and rejecting the fiat banking system
(For example Sal the Agora and Juraj Bednar)

Permacultural Agora:
This focuses on either directly growing your own food or interacting with local farmers to reject large government-controlled multinational GMO firms that make you dependent on the system
(For example Derrick Broze)

Arms Agora:
This is someone who advocates for self-made firearms using 3D printers to avoid government gun registration.
(For example Sean Aranda)

Nomad Agora: (could also be referred to as “Crypto Anarchy”)
This is someone who advocates for individual freedom through getting multiple passports and to reject a single government controlling you.
(Pavol Luptak of Liberation Travel uses the words “Crypto Anarchy”, while Mikkel Thorp of ExpatMoney just says “Digital Nomad”)

Agora Cities:
This is someone who advocates for literally making physical locations where people go for private governance or community.
(This is what Próspera’s Erick Brimen and Liberland’s Vít Jedlička focus on)

So whose right?
The answer is you educate yourself on the different ways and decide for yourself.
After all, how can I tell you how to decentralize? 

 How can you make risk-free, legal, no-KYC money?

Anyone can buy Bitcoin and hope it goes up.

But what if you can capitalize on a unique arbitrage opportunity involving Bitcoin Lightning vs On-chain, that reduces your risk to near zero, while having a clear-cut catalyst to rocket your profits to the moon?

Does this sound like a scam?  Well, this article isn't selling anything.  It's free for you to read these clever words, and I get no benefit if you use the idea or not.  In fact, because this privacy website can be viewed without JavaScript on Tor, I won't even know if you clicked it.

Clearweb:
https://simplifiedprivacy.com/risklessbitcoin/

Tor Browser Onion:
http://privacypkybrxebcjicfhgwsb3coatqechwnc5xow4udxwa6jemylmyd.onion/risklessbitcoin/ 

 We don’t have to allow to these big tech algorithms to dictate what we see.
We don’t have to allow these governments to violate their own laws and tap our communications.

Fuck Google
Fuck SMS
Fuck email
Fuck fiat money
Fuck DNS

I do not accept things for the way they are.

I stand for encryption as identity to deprive tyranny of power and create a parallel society.

I seek to systematically train and aid those who wish to learn about self-empowering technology.

My why is freedom.  And my passion is to help you.

Happy new years, let’s get it! 

 The year has been a wild ride.  Looking back, here's 7 articles we got the most positive feedback on.  Maybe you missed something and you're missing out...

7) Big Tech Abuses Medical Privacy 
They are selling your problems, you won't believe this,
https://simplifiedprivacy.com/big-tech-abuses-medical-privacy/

6) SimpleX vs Session (animated video)
The animation helps make this crystal clear, so you can get the most benefit,
https://video.simplifiedprivacy.com/simplexsession/

5) Facebook is Corrupt Evil Spyware
Did you know they are tracking you OFF the platform?  Even whose standing next to you?
https://simplifiedprivacy.com/facebooks-corrupt-off-platform-surveillance/

4) Pro/Con of DeGoogled Phone Operating Systems
If you're thinking of DeGoogling, this is the best place to start,
https://simplifiedprivacy.com/degoogledphones/

3) VPN Mistakes to Avoid 
People think they are getting more privacy than they are.  Don't be that guy,
https://simplifiedprivacy.com/vpn-mistakes-to-avoid/

2) Pro/Con of “Privacy” Phone Numbers/Services 
Where do you go to get those burner numbers?  These aren't blocked,
https://simplifiedprivacy.com/burners/

1) Google’s Surveillance: The Shocking Truth
How much data can Google really see?  You'd be really surprised to learn,
https://simplifiedprivacy.com/googles-surveillance-the-shocking-truth/

Happy New Year 

 2023 CypherPunk New Years Wrap-up:

17 Huge, Suppressed, or Wicked Stories of the Year

(fast, light, and fun read with just 2-3 sentences on each)

17. Tutanota suddenly stopped supporting Tor Browser, leading to potential fingerprinting, as Canadian police allege it’s a honeypot in court.  Tutanota denies this claims.

16. Microsoft’s Email Software was hacked by the Chinese, becoming my favorite talking point to promote self-hosted open source email

15. Reddit failed to ban front-ends.  After a long blackout battle in which many third party apps broke, I still use farside link/teddit on a regular basis

14. Signal is beta testing usernames, to hide your phone number. Although right now though you still need a phone number to use it.

13. Tor adds Proof of Work to Onions to reduce DDoS.  And Tor expands their browser’s width, making it more useable for a daily driver as less websites break

12. Canada begins forcing podcasts to register with the government to stop "misinformation", which is really just criticism of the government

11. United Kingdom says they would arrest the Rumble creators if they don’t demonetize Russell Brand, despite him not being convicted of any crimes.  Separately, Rumble blocks Brazilian IPs instead of giving in to the Brazil government’s censorship requests

10. Thankfully the European Union’s “chat control” FAILED to pass, this WOULD have essentially banned end-to-end encryption. However they DID pass the “Digital Services” act which forces big tech to stop using targeted advertising and holds them accountable for content on the platform.  This has a chilling censorship effect, since if you post something on a platform, the platform is responsible

9. Apple bans Glenn Beck from their podcast store, and I’m only listing this story to highlight the need for people to switch to AntennaPod and RSS feeds.

8. The Jan 6 footage was revealed, to surprisingly show that security guards had given a peaceful welcoming guided tour to the supposed insurrection riot leader.

7. Right before publishing an interview with the Jan 6th Ex-Capitol Police Chief stating that a large part of the crowd was government informants, Tucker Carlson was abruptly canceled from Fox News.  He then moved over to Twitter and his audience grew even larger, representing a big change in the dynamics of power for media.

6. Amethyst, 0xchat, and others launch gift wrapped DMs on Nostr, giving metadata privacy to those that use it.  A new version of gift wrap DMs (v3) has been coded and will be coming in the future to all clients, including gossip, but it has to be externally audited first.

5. Nostr’s Gossip client plans to add Tor Onion Node support, as Gossip’s developer told Simplified Privacy in first-hand conversation.  This would be a game changer for censorship because it would eliminate nodes reliance on government DNS

4. The United Kingdom is among the countries with the most surveillance cameras per person.  Protestors took to the streets to smash these cameras to reject a climate bill that would use the cameras to get the license plates of car models that pollute more to fine the owners.

3. Argentina elects Libertarian-leaning Javier Milei to abolish the central bank and peg to the USD.  Supporters point out that anti-fiat sentiment is spreading, while critics point out that he would strengthen the US dollar empire.

2. Nigerians protest in the street to reject their CBDC.  The corrupt government tyranny known as eNaria, has failed in Nigeria

1. Colorado state court removes Donald Trump from the ballot, despite him not being convicted of a crime.  This will now go to the Supreme Court and will be a big decision, because once one state can remove him, they all can.  Will Democrats allow democracy?

Happy new years from Simplified Privacy!  Sources for this article can be found here:
https://simplifiedprivacy.com/cypherpunk2023/
 

 Pro/Con of Decentralized peer-to-peer WiFi or LoRa networks

The idea of buying WiFi or messaging communication on a layer 2 internet or No KYC peer-to-peer internet that completely reject’s the government’s infrastructure and surveillance is very appealing.  The ideal situation is using some kind of no-government DNS messenger such as Briar with bluetooth or LoRaWAN messengers with layer 2 internet.  However, many projects have implementations of this that are either not yet ready for real use, or I disagree with their approach.

This is a general overview of SOME of the projects in this space.  Please keep in mind that mentioning a cryptocurrency does NOT mean I’m endorsing their coin.  Many of our readers dislike shitcoins.  But this isn’t an investment article, it’s a tech article to benefit YOU and not to promote the coins, so you can someday use these concepts in whatever currency you do like.

Helium
https://www.helium.com
Pro: Largest LoRa (Long Range Wide Area Network) out there.  This is bluetooth based coverage for IoT.  The technology can potentially be used for LoRaWAN messengers which is basically a full-blown off-grid 2nd internet type mesh networks
Con: It’s not WiFi, we’re talking about IoT bluetooth.  The range on WiFi is much lower.  They may be developing something similar for WiFi in the future

Pollen Mobile
pollenmobile.io
Pro: Peer-to-peer WiFi, this is basically like a reseller market.  People buy physical infrastructure and erect it on a satellite thing on their roof.  It’s teamed with multiple providers, but one is Starlink, providing a secondary market for Starlink.
Con: They will be doing PCN crypto payments in the future, but right now, it’s temporarily only US dollars.  It’s unclear when they will shift.  Their test pilot involved government officials voluntarily agreeing in California, so not exactly crypto-anarchy but still progress.

Chirp
https://www.chirpstack.io/
Pro: This is real LoRa off-grid, and not a reseller like Pollen.  150+ cities.  Hardware is original.
License-free 2.4 GHz LoRa frequency so fuck regulation.
Con: Managed by AI.  That’s lame bullshit for decentralization.  I can’t find the white paper on their website, but I can find the influencers program.  That’s a bad sign.

WiFi Map
https://www.wifimap.io/
Pro: Crowdsourced WiFi mapping funded by crypto.  In other words, people map out where you can get free WiFi for a reward for updating the map.
Con: Proprietary AI technologies help manage the map.  Socialist purpose, to provide “free coverage to all”.  This is NOT about defying the government.  They’re hosted on Amazon and use Google.


Drop Wireless
https://dropwireless.io
Pro: Blockchain w/ LoRaWAN, WiFi, Bluetooth, GPS, and more services.  A lot of options for users.
Con: They openly WANT to collect metadata and use it for AI machine learning.  This company should stop pretending to care about blockchain and just be a gig economy company.  Maybe they’re trying to get around laws by masquerading as decentralized.

Karrier.One
https://karrier.one/
Pro: WiFi and cell service peer to peer
Con: Tries to comply with telecom regulations by tying blockchain identity to government phone numbers.

ThreeFold
Pro: GrapheneOS phones with decentralized service network.
Con: Spread out too thin on capital.  Why are you selling pre-orders of phones if you need millions of dollars to do a network also?  We already got Graphene phones, just sell/give us the new tech.

Resources

Where can you learn more about Decentralized infrastructure?
Check out this site listing projects, https://depinhub.io/

As one of the MANY examples of LoRaWAN messengers.  Here’s TheNico14’s github:
https://github.com/TheNico14/LoRaMessenger
 

 9 Dangers of Google’s Power

1) The government is their data customer, so you’ve lost your civil liberties.  Google can now act on the government’s behalf to do things that otherwise would be illegal

2) Supposedly you have a choice in this, but the more powerful they are, the harder it is to avoid.  How many reCaptchas are on essential websites?  Do a DNS lookup on employers’ emails, and you’ll find that you will truly struggle to get a job without it going to a Gmail server.  The employer having a vanity domain doesn’t change it being Gmail.

3) Google profited from covid’s stay-at-home work, so they are motivated to (and did) help politicians promote lockdowns by suppressing contrary information with the goal of preventing you from going outside.  For example, they literally took down Google docs from physicians presenting research critical of the government’s policies. [1]

4) Google search is the largest and most influential source of research for many, but also a US military cloud contractor.  That’s a conflict of interest for them to promote endless war.  As Julian Assange points out, during the Syrian civil war, they put John Kerry’s pro-intervention propaganda right below the front page’s search bar. [2] Why even wait till they search for Syria?  Get em now!  But no mention of Wikileaks cables showing the US encouraged ethnic violence to do regime change despite Assad making reforms.

5) While we’re on the subject of Wikileaks, guess what company John Podesta’s leaked emails were?  So people mouth off about Google cloud’s supposed security, but these are the same Democrats that insist that Wikileaks was a Russian hack and not an organic inside leak like Assange says it is.  So either Gmail is insecure or your political worldview is wrong.  Which is it?

6) Having your data stored with Google is a huge risk you’ll lose it.  For example a father uploaded a picture to send to a physician of his son’s groin medical issue.  Google’s AI labeled it child porn, froze his accounts, and notified the police. [3] Even after the police and physician both cleared him of wrong-doing and wrote letters, Google still refused to give his accounts back to him.  “He was cut off not only from his Google email but also his mobile provider and Google Fi – and he also lost all of his emails, contacts, photos and even his phone number.” [3] Even if we ignore the Orwellian automated notification of the police based on your private data, why can’t he get it back after the police completely clear him of wrong-doing?

7) You don’t really own things.  As our previous article on this issue covered, Google can see ALL activity on stock Androids, such as 2FA or passwords.  This means that often Google can access accounts off their platforms.  Not your keys, not your coins.  Remember the World Economic forum saying?  “You will own nothing and be happy... because we have your 2FA and passwords”

8) Google isn’t even really a fully private company.  It openly had one of the largest revolving doors of staff with the White House in history. [4]  And as journalist James Corrbett points out, there are deep-rooted connections between the CIA’s money and Google. [5]  Corbett’s article points to a 2006 interview, with ex-CIA agent Robert David Steele, who said “I think Google took money from the CIA when it was poor and it was starting up,” Steele said in the interview. “They’ve been together for quite a while.” [5]

Many companies SELL to government.  But Google is one of the few that get favors FROM the NSA.  According to the Washington Post, Google enlisted the NSA to help it ward off cyberattacks. [6] Since when is the NSA supposed to be the IT department for a PRIVATE company?!

9)  Given the massive bias, conservatives and libertarians can’t even functionally communicate on top of a corrupt infrastructure. Youtube, organic search, paid advertising, Email, docs, maps, and more.

And what benefit do you get in return for using Gmail over other providers?  Nothing, email can cross communicate.  You’re a bitch slave to the empire for free

The sources for this can be found here:
https://simplifiedprivacy.com/googledangers/
 

 Why does Session messenger have the strongest censorship resistance known to man?

Explain it to me like I’m 11,

1) Encryption has a public key and a private key.
2) Nostr, Tor Onions, and Session all use encryption as identity, with the public key as your username, and the private key as your password
3) If the government obtains your private key for Nostr or Tor Onion, it’s game over. You lost.
4) But if the government gets your Session private key, you then re-assign your username on the blockchain to another account with a 2nd key.  So your speech and delivery to your followers is not realistic to stop.

_____________________________

Explain it to me like I’m a tech-savvy crypto journalist:

1) Session has unique DNS based on the blockchain.
2) Session is like Nostr, with a public/private keypair for identity, where decentralized permissionless relays host content
3) UNLIKE Nostr, where it goes to the POSTER’s chosen relay out in the open.  Session’s relays put 1-on-1 messages on the RECIEVER’S assigned relays using a distributed hash type system on a darkweb.  This presents extreme challenges for both censorship and surveillance since the delivery is both hidden and distributed.
3) Unlike Nostr which is on the clearweb, Session routes the messages through an onion mixnet like Tor.  So we can think of Session with the analogy of a combination of Nostr, Telegram, and Tor.
4) Unlike Tor Onions, where the encryption key for identity is in the server’s memory and therefore the location is critical to hide.  Instead, Session has 2 sets of keys, 1 for the actual messages, and a 2nd keypair for a cold storage crypto wallet that owns the username, and can then re-assign it on the blockchain to another public key.

_____________________________


Explain it to me like I’m a crypto anarchist:

1) These government thugs want to censor speech.  They can’t ban Monero or “No KYC” Bitcoin if we can transact freely.  We can transact freely if we can speak freely.
2) Tor onions are vulnerable to be seized because the Onion’s private key is at the physical location of the content delivery.  If these violent .gov thugs seize the Tor server, it’s game over.
3) Instead, Session divorces physical locations from your push notification speech, by both delivering content through distributed decentralized nodes, and allowing you a 2nd cold storage wallet key to re-assign the username to another public key if discovered.  By completely separating physical locations from identity, we deprive  corrupt tyranny from the ability to use violence which is their only power.
4) Nostr is on the clearweb, meaning we can see who hosts the content. Cloudflare and Hetzner host more than half of the relays and can like take content down on government requests to just 2 entities.
5) Instead Session not only protects the sender and relays, but also the receiver. This protects your audience which is critical.

_____________________________


Explain it to me like I’m a business entrepreneur:

1) Uncensored free speech has more value in a corrupt society
2) We are moving towards totalitarianism
3) Session allows self-custody of your audience in the same way that Bitcoin or Monero allow self-custody of your funds.
4) Domain names from the government have limited value to conservatives, libertarians, crypto companies, CBC cannabis, gambling, and whatever else is controversial if you can’t say anything on them
5) Session usernames have more value to the relevant stakeholder and when they are easy to spell
6) You can speculate on Session usernames for huge relevant stakeholders now for pennies, and sell them later for a huge profit if humanity realizes the true potential for self-custody of social media identity

_____________________________


Explain it to me like I’m a Bitcoin Maxi:

1) Session has it’s own token in order to function.  The system can’t function without the darkweb relays being paid.
2) These “tokens” should not be thought of as money but coupons or shares in a corporation. Because they are only used to buy one product (names on a blockchain) and are not used for anything else.
3) Rather than view this as a competing crypto or challenger to Bitcoin, it should be viewed as a way of bypassing the stock market for a controversial company that’s defying the government.
4) The primary purpose of Bitcoin is to separate money and the state.  This should expect a violent response from the state.  Other tools are needed beyond the money itself for a marketplace under these totalitarian conditions.
5) Therefore because Session’s crypto is not competing with Bitcoin, and in fact adds to Bitcoin’s value proposition, by allowing for the organization and speech of no KYC transactions to occur.
6) If I were a government thug, I would try to smear Session’s adoption by playing Nostr Bitcoin maxis against Session.  This is an age-old tactic of divide and conquering slaves.  It’s been used in the Middle East with arming both Sunnis and Shiites.  It’s been used in Africa with the Tutsi and Hutus of the Rwandan genocide.  And I beg you to realize my brother, it’s being used on you now.

_____________________________


Join the rebellion.
Experimental 2-way bot serving content, Session ID: Freedom
Stable 1-way sending only: Simple 

 VM Burner Phones: Complete Guide

Did you know that you can create a virtual machine of a degoogled android on your desktop Linux PC, to create infinite fast burner phones to isolate spyware apps?

WhatsApp, Telegram, CashApp, Hushed Bitcoin SMS, Facebook,
These apps all worked for me on a VM of LineageOS.

Research by Amnesty International and the Intercept have presented significant evidence that apps such as “WhatsApp” by Meta are vulnerable to “0-click” Pegasus malware that can completely take control and do surveillance your phone without you ever even clicking a link.  This presents the dangers of trusting many apps that do not take the same security precautions as privacy-focused apps from F-Droid.  

However, telling readers of our website to “never install WhatsApp because of corrupt government malware” is usually a non-starter.  So instead, we suggest putting known vulnerable spyware in a virtual machine.

Any Linux distro will do.
You have 2 main choices for virtual machine, Oracle Virtbox and QEMU KVM.
And for the phone OS, you want to do LineageOS.

For VMs, we recommend Lineage, and NOT Graphene and NOT Calyx.
Lineage is better suited for VMs because it’s got an x86 build, while as GrapheneOS has ARM builds that won’t work in a VM without a rebuild from source.  CalyxOS won’t work in a traditional VM, but you could potentially use an Android Studio Developer Kit to recreate it in a test environment.  We do NOT recommend doing this with Calyx as you likely will face technical hurdles with the Android Dev Studio configuration settings, while not getting any clear benefit over just using Lineage.  Remember, the reason people want Calyx over Lineage for physical phones is to lock the bootloader.  This isn’t relevant for a VM.

Virtual Machines

Let’s compare and contrast the 2 VM choices:

Choice 1) Oracle Virtbox
Pro: Oracle is more convenient and easy to setup.   Also it’s easier to have a VPN outside the VM, to prevent IP leaks and manipulate your identity.  While as VirtManager QEMU is forcing you to put it on the router, which is not convenient for the average user.
/
Con: Oracle’s Virtbox is open source for the VM itself, but the copy-paste functionality in the extension pack is not open source.  Even with that “FOSS sacrifice”, I personally had copy-paste issues setting it up.  Also Oracle is a shady company.  They got their company’s name from selling database services to the CIA, and they are heavily involved with the US government’s mass surveillance program.  Previous CEO and current chairman Larry Ellison criticized Edward Snowden saying essentially “nobody was being wrongfully hurt by the surveillance”.

Choice 2) VirtManager QEMU KVM
Pro: KVM is more private being more fully free and open source.  Also this option is more secure.  Technically malware will have a harder time escaping KVM (a level 1 hypervisor), but you’re very unlikely to face VM breakout with malware originally designed for phone baseband modems.
/
Con: Harder to setup.  Even harder to get copy-paste functionality.  And you won’t be able to put a VPN on your desktop, you’ll need an open source router to manage your identity.

Managing Identities

In my personal opinion, VPNs INSIDE the VM phone itself are bullshit and too high risk because these apps all jockey for higher level privileges.  I want the VPN OUTSIDE the VM.  But I’m sure that the internet has enough people who will disagree to curse me out.

Let’s talk about snapshots real quickly.  So while snapshots are convenient, they are NOT good for getting a new identity.  If you don’t believe me, try taking a snapshot, installing Hushed and registering an account, and then rewind the clock by restoring from the snapshot.  When you reinstall Hushed, you’ll find that it recognizes and remembers you.

Instead, the best way to get a new identity, is through the VM’s storage file.  When you first setup Lineage, then save a copy of the file itself (with the same name or it messes up setup) and put it in a different folder.  Then when you want a new identity, delete the original file and setup the VM to point to the new location.  If you want both identities at the same time, for Oracle you need to modify where the entry your VM manager points to.  For KVM, I found it more intuitive to spin up new VMs with different datasets without snapshots.

In summary, if you use Oracle without copy-paste extension pack, you can probably get this up and running in a single day.
Linux → VPN → Oracle Virtbox → Lineage

Or if you hate Oracle, then:
VPN Router → Linux → QEMU VirtManager KVM → Lineage

Reach out to us for help. 

 3 Solutions to Linux Mint’s Problems

Distributions such as Mint and Ubuntu are easier for beginners because of the low amount of effort or knowledge required to set up and maintain the system.   These are stable release distributions, so rarely does new software break the system or cause problems.  However, the downside of this stability for the most widely used software, is that newer software or even just less popular software may cause issues because you can’t get the newest version with some feature you want.

Mint is even worse than Ubuntu in this regard, because Mint is based off Ubuntu, and Ubuntu is based off Debian.  So it goes first to Debian, then Ubuntu, and last Mint.  

How can you solve this?

On Mint, there’s a few ways to deal with the fact that your package manager has old versions of software.

Solution 1) Get the newer version via a Flatpak, AppImage, or even Snap
Very often software is released in other formats that work cross-distro.  For example the video tools Kdenlive or OBS may likely have a much older version in your package manager using “sudo apt install”, than their Flatpak versions.   Don’t forget to update your Flatpaks as well as the main system!

Solution 2) Get the required packages and dependencies that are missing from the Debian repository
Debian’s repos are on their website:
https://www.debian.org/distrib/packages
Very often these underlying files can be used on Mint to get newer software to work.  For example I did this for Kleopatra PGP, where I got the Debian version of these cryptographic libraries to get it to work on my old version of Mint.

Solution 3) You could spin up a VM of a different rolling release distro, such as Arch, for the newer software you want.
Some will scoff at this as silly, why not just run the rolling newer distro on the bare metal then?  The reason is that you might NEED stability for your core computer functioning like a tight schedule dayjob, but only be willing to tolerate breaking packages and problems for this new software.  By limiting the software in this new VM, you limit how many things might go wrong or break. 

 One of our readers asked “Is it okay to use GL.inet routers?”

For those of you unfamiliar, these are tiny “micro” travel routers that fit in the palm of your hand with a VPN/Tor toggle switch on them.  Most Glinet routers are smaller that your phone.  And my answer is that it depends what the Gl.inet router is being used for.  

If it’s INSIDE your home as a replacement for a home router, then NO, because it’s not really open source.  Glinet’s software is based on OpenWRT, but they modified it and aren’t releasing the real deal.  So in this case, there would be no benefit to not using the REAL OpenWRT (or DD-WRT) on a larger router for WiFi.  However, I trust Glinet way more than an ISP’s router, so don’t let perfection scare you into nothing.

Another disadvantage of Glinet is that both VPNs and Tor are both going to be much slower than the same VPN/Tor on a computer, enterprise firewall, or home router.   This is because this tiny travel router has barely any processing power compared to a PC or larger full sized router.  Just for an example, my 100 mbp/s home internet connection was ordinarily reduced to roughly 75 with a VPN on my desktop PC.  But when I used Glinet’s WireGuard, it got cut down to roughly 35 with the same VPN and same city and under 25 on Glinet’s OpenVPN.  That’s why even ignoring the open source issue, I wouldn’t use it in your home.

If you’re using it OUTSIDE your home to connect to a USB modem or some type of insecure thing, then its far better than an ISP hotspot or not having the protection of a firewall between your phone and the foreign router or cell tower.  So in this case, YES it is good.  But try to encrypt the traffic on your phone first, so it’s only passing through Glinet as jibberish.  So for example Tor on your phone, VPN on Glinet, so the ISP doesn’t think you’re using Tor.

All routers have a WAN (whole internet) and a LAN (local area network) port.  The traffic coming out the WAN is considered more hostile and harder to hack.  The Local traffic or LAN, gets it’s DNS or domain names from the router’s authority.  So having your phone trust a foreign router or cellphone tower directly is very dangerous IF you’re an active hack target.  If you’re just looking at cat memes whatever.  But if you’re a journalist in an oppressive country, do not ever touch a hostile LAN.  Glinet is tiny so you can use it for a trusted LAN on the go.

Another advantage of Glinet is you can easily spoof your MAC address via mobile on the go.  Now Androids by default do this automatically, so you might say “who cares”.  But one cool thing about this is you can get past hotel, airport, coffee shop, and mall WiFi captchas on a burner phone with no valuable data, when normally these captchas require you to turn OFF any VPN to complete.  Spoof that burner phone’s MAC to the Glinet.  And then get on your real phone now behind Glinet’s firewall.  This avoids you having to take down a VPN and trust DNS from a hostile LAN on a high risk sensitive device, all for a stupid captcha.

Yet another perk of Glinet is evading Tor bans on mobile, for tyranny apps such as Telegram.  Telegram doesn’t outright ban Tor, but they’ll discriminate with sending the registration SMS, and if people don’t reply to you, then they’ll arbitrarily ban.  You should try to avoid Telegram, but if you have to use it then you can urinate on Telegram’s censorship by putting Tor on the Glinet router and then a new VPN on your phone.  Make sure to use a new VPN that you’ve never had see your real IP or there is no purpose.  

Just remember that when you consider anything, it should be compared to the alternatives.
Glinet is based on OpenWRT, and the real open source OpenWRT on a home router can do Tor, will be faster for Tor, and is fully open source.  You can just copy and paste commands from the OpenWRT Tor guide here:
https://openwrt.org/docs/guide-user/services/tor/client
But you will need to know enough Linux to even get to SSH and basic setup for copy-paste.

Rasberry Pi is the #1 competitor.  OpenWRT can be put on a Rasberry Pi using a USB modem, which would be more trusted and private than Glinet.  But an OpenWRT Pi would be a serious pain for a new user to setup compared to just getting Glinet and works out of the box.

Glinet’s website uses tyranny providers such as China’s Tencent for support emails, Amazon web host, and Cloudflare.  But since these routers sell on Amazon, so you can get it for Monero anonymously using AnonShop.app.  And then rather than having your support email go to China’s state level surveillance company Tencent, you can reach out to us at Simplified Privacy via your favorite encrypted messenger for $30/hr and we can help you set anything up remotely (Glinet vpn configs, openWRT rasberry pis, OPNsense, pfsense).

We are NOT sponsored by GLinet.  They offer it to influencers.  We thought about it, but then it would then bias our opinions.  So to keep us independent, if you value our work, please consider some zaps =)
https://void.cat/d/29TQ7DNQzG92PCcoL93mxo.webp 

 Poll:
How do you guys feel about governments funding freedom tech?

Governments (US/EU) have funded the following projects:

Briar
Peertube
WireGuard
Signal
Prosody (XMPP)
Dino (XMPP)
SearX (search)
Stubby (DNS)
ipfs-search.com
QubesOS (support for disabilities)

At least in some part
Source: nlnet.nl

Clearly these things make our lives better.  But it was paid for with stolen money.  Do the ends justify the means?  Comment below. 

 Flare.pub is supposed to be a decentralized video app for Nostr

It is unclear how Flare prevents Flare itself from deleting your videos, as Nostr’s protocol doesn’t store videos, the relays store messages.  Even worse than Nostr’s regular images being on 1 random server with government DNS, Flare centralizes that to a single entity.  And even worse than that, Flare has chosen Amazon AWS with Google 3rd party JavaScript on his main website.  It’s unclear what the purpose of Flare is, if it’s not to defy Big Tech companies.

There are a few approaches one could take instead.  One approach is federation, where users self-host websites.  This is how our website works with Nostr signing integration for video comments.  This is also how Peertube works.  Our website vid.simplifiedprivacy.com is basically Peertube but with Nostr subscriptions/comments.

Another approach is to have content stored either directly on a blockchain or coordinated by one.  IPFS and Arweave are two examples of this.  IPFS isn’t perfect because it counts on your followers torrent sharing your controversial content, which can’t defy a serious adversary.

Yet another approach is a decentralized CDN with docker containers.  Akash, Flux, Golem, and many others take this approach.  Here you’d either self-host, blockchain host, or you could even have the videos on the docker containers themselves, and then the random nodes push forth your message.

Because all of these solutions involve non-bitcoin solutions, instead Nostr’s community has settled on images and videos being just regular government controlled single URL servers.  Hornet Storage is being developed currently to offer a lightning marketplace using a similar but different style to IPFS Merkle trees.  That’s great, I wish them the best.  I WANT them to succeed.  I’m rooting for you my brother.  But until you have a minimum viable product we can actually use, then it’s just shit talking.  They are comparing real world solutions to hypotheticals because being a bitcoin maxi has blinded you into ignoring new tech.  Maxis are essentially the new Amish.

This article does NOT advocate for any particular method, only that they are all better than Flare. 

 In case your want to share it or reference the URLs again, yesterday's article on the Tyranny of Microsoft is available on IPFS and Tor

IPFS on Brave Browser:
ipfs://bafybeig5jzh26a7bfqw3mosiupnf2gch7beiqaniqbrf4umrlm23o2z7je/microsoft/index.html

(you gotta enable IPFS, but you could use either a local node or a gateway)

Onion with Tor Browser:
http://privacypkybrxebcjicfhgwsb3coatqechwnc5xow4udxwa6jemylmyd.onion/microsoft/
 

 Microsoft’s agenda is very clear, they want control and surveillance over the flow of information on the internet.  

Rather than allow websites to host the content themselves, Microsoft will subvert websites’ authority and post it on MSM .com.  Then promote their bullshit proxy copy on their ad-revenue site via their Bing search.  For example you search “Coindesk Bitcoin ETF” and it gives you “Coindesk via MSM”.

This has quite a few effects:
1) Microsoft leaches ad revenue
2) It creates dependency and submission from the websites that they can’t cut off the traffic from Bing, because the other search engines such as Google and Brave are now ranking the MSM version, and not the original.
3) Microsoft sees all data, not just that you searched then went to the site, but what you clicked or did after.
4) Microsoft controls the content, by picking what to proxy and then promote as trending news.  This is a form of thought control.

Some will say this thought control is benign, but Microsoft’s left leaning censorship agenda is very clear with a partnership with NewsGuard.  As ZeroHedge and the Daily Wire report, NewsGuard uses Microsoft’s Edge browser to display trust rankings like a nutrition label, and no surprise, it gives horrible ratings to conservative websites and flawless ranking to left leaning ones.  One example of the danger of this type of censorship is that NewsGuard openly has financial ties to Pfizer partners and then downranks websites critical of the vaccine, calling them fake news.

Microsoft will insert their left-leaning propaganda into the Windows start menu, innocently pretending it’s just trending news.  Brainwashed Democrats don’t even realize that it’s normalizing an authoritarian society through unquestioned acceptance of government authority.  In fact, Democrats are so shielded from criticism, that when they later read proven, factual, and academic criticism of the government for the first time, their knee-jerk reaction is that it’s “crazy conspiracy theory” because they’ve been so conditioned to never question or criticize top-down control.  This assumption is reinforced literally every time they open a program on Windows.

Sadly many other search engines just get results from Bing, and then mislead people into thinking they are getting privacy.  For example people tolerate Duckduckgo and Qwant getting the bulk of their results from Bing, to try to avoid the data collection of going to Bing directly.  

What they don’t realize is that Qwant feeds user data into Microsoft’s ads.  And even more chilling is Duckduckgo being physically hosted on Microsoft’s servers and serving them all the same MSM links with kick-back surveillance on them.  Duckduck is masquerading as a privacy alternative, when they insert 3rd party JavaScript such as “improving.duckduckgo.com” onto the links themselves.  This allows Duckduckgo to learn how long you stayed on even the non-MSM articles, or what your reaction to it is.  They will likely claim this is supposedly to improve the search engine, but considering Duckduckgo is the default on Tor browser, training AI on my choices is hardly the choice for anonymous browsing.

What can you do about it?  Here’s our solutions:

1) Use a variety of search engines such as:
a) MetaGer.org
b) Mojeek.com
c) Farside.link/SearXNG
d) Simplified Privacy even hosts a SearXNG instance for you
e) Brave Search, although it’s hosted on Amazon AWS.  Although Brave does use Amazon, they have LESS propaganda.

2) Try and find the original links and avoid MSM.  For example MetaGer will serve you the originals.  You can also go to the company’s site and see the trending links.

3) If you’re going to use Duckduckgo for variety, then use it for mundane research topics or images, but avoid news.  It’s news topics that get MSM propaganda links more often.

4) Use Linux and not Windows, it’s not as hard as people make it out to be.  You don’t need to learn the command line.  You can learn in under 2 weeks.  Most apps are in a browser now so there’s not the same software compatibility issues there were 10 years ago.  I believe in you.  Now you have to believe in you.
 

 Quad9 DNS has blacklisted SimplifiedPrivacy.com

This is a domain level ban, which coincidentally is occurring as we are developing Session software to reject government DNS.

We do not know yet if this is malicious censorship or just some automated mistake.  We’re waiting for a support reply.  In the meantime, you can fully access the website and all it’s related services (searx, simplex servers), as long as your DNS isn’t set to 9.9.9.9.   (at least at the time of writing this)  You can switch to 9.9.9.10 without the blacklist, or change DNS on the VPN you’re using.  Tor browser should work if the random exit node you get isn’t using quad9. 

 Pro/Con of DeGoogled Phone operating systems

Graphene
Pro: Good optional sandbox for Google push.  And advanced security features such as:
1) Hardened to resist memory attacks
2) Better sandboxing (access policies)
3) Enhanced verified boot
4) Attestation tool to diagnose Pegasus malware
5) Browser reducing “just in time” JavaScript
/
Con: Only Google manufactured hardware, which is the most likely to have hardware backdoors. Titan-M security chip is closed source and therefore untrusted to protect me from Google/Government

Calyx
Pro: Similar DeGoogled experience to Graphene, but supports a wide group of phone manufacturers outside the 5 eyes including Fairphone, OnePlus, Vivo, Xiaomi, ZTE, and Huawei.  LOL, Do you trust Google or the Chinese?  Calyx also has a great built in Firewall app to cut off apps from the internet
/
Con: While Calyx is better for avoiding Google’s unknown hardware backdoors, it doesn't have Graphene's advanced security against known targeted attacks.  Additionally, if you need Google push notifications, then it uses MicroG instead of Graphene's sandbox, which isn't as good at isolating Google from the core system data.

Lineage
Pro: Works on an even larger variety of hardware, so you got a lot of choice.  Lineage is also great for fake android virtual machines on your desktop PC. You can easily spin up a VM with this and use spyware apps.  While as Graphene won't allow this under current builds, and Calyx requires "annoying to use" Android developer kits to do it.
/
Con: Can't lock the bootloader. Controversial security issues.

Pinephone (Linux phone)
Pro: It's good to see alternatives to Android. Hardware "brains" are open source.
/
Con: Low amount of apps because it's not using Android's ecosystem.  Not as good performance as Android.  Lacks Android's good security model, and it still uses closed source hardware to communicate: WiFi and LTE modem (they had to)

Purism's Librem 5
Scam.  They won't ship it, don't buy it.

Summary,
Graphene - Extra Security, IF you trust Google's hardware
Calyx - Good for non-Google hardware & app firewall
Lineage - Great for VMs
Pinephone - Boycott Google

</end>
SimplifiedPrivacy has lowered custom consultations to $30/hour. Reach out and we'll help you with flashing phones, routers, Linux, any tech support. 

 Many busy people turn to “influencers” to tell them about new platforms (ie. Nostr for Twitter, Session for Telegram, Peertube, ect)

The problem is the influencers are already big on the tyranny platform and usually making money off that.  So they become entrenched with the same interests as Big Tech itself, where they don’t want to jeopardize their moat.  Unfortunately, the only way to break the cycle is when the big influencers get censored.  But by then it might be too late. 

 Privacy Tech Resources!

Here's a list of the active Session, SimpleX, and XMPP Public Groups where you can ask questions on tech.

Session

Simplified Privacy Official Group
https://session.simplifiedprivacy.is/simplified?public_key=ed33150048005a9237708314785af91f5dfe0d9eafd8a66df6e9977cc9619431

Privacy
http://sog.caliban.org/privacy?public_key=118df8c6c471ac0468c7c77e1cdc12f24a139ee8a07c6e3bf4e7855640dad821

QubesOS
http://sogs.cosmicnation.co/qubesos?public_key=c7940d53c81ac95430fd6d4af4a51630a0231218716366110d9fdb3fe5d78966

Modern Survival
http://sog.caliban.org/modernsurvival?public_key=118df8c6c471ac0468c7c77e1cdc12f24a139ee8a07c6e3bf4e7855640dad821

GrapheneOS
http://sogs.cosmicnation.co/grapheneos?public_key=c7940d53c81ac95430fd6d4af4a51630a0231218716366110d9fdb3fe5d78966

Linux
http://sog.caliban.org/linux?public_key=118df8c6c471ac0468c7c77e1cdc12f24a139ee8a07c6e3bf4e7855640dad821

System & Network Security
http://sog.caliban.org/security?public_key=118df8c6c471ac0468c7c77e1cdc12f24a139ee8a07c6e3bf4e7855640dad821

Tech
http://116.203.217.101/tech?public_key=2054fa3271f27ec9e55492c85d022f9582cb4aa2f457e4b885147fb913b9c131

SimpleX

Simplified Privacy Official Group:
https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2FenEkec4hlR3UtKx2NMpOUK_K4ZuDxjWBO1d9Y4YXVaA%3D%40smp14.simplex.im%2Fz2BKiaUdB6O7KwOBy4IXGNnz3oWyNss7%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAENfGMNmw6fjxMjNt5GQaj5VYOxeOmVZiDkd3NROiqCU%253D%26srv%3Daspkyu2sopsnizbyfabtsicikr2s4r3ti35jogbcekhm3fsoeyjvgrid.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%222qsQUeR1KhcP3tJuztWwvw%3D%3D%22%7D

Privacy, Security, Anonymity.
https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2FPQUV2eL0t7OStZOoAsPEV2QYWt4-xilbakvGUGOItUo%3D%40smp6.simplex.im%2F3EDHk8oiLEW-IxrKACWNCv9YVO7JiLyy%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAGRUp7ar8_M58-dPjBqno1IiWrvKVZ6TEuBWF71f-WWM%253D%26srv%3Dbylepyau3ty4czmn77q4fglvperknl4bi2eb2fdy2bh4jxtf32kf73yd.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22E_qexehgVUGlPv2f3neZPQ%3D%3D%22%7D

Monero XMR
https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2Fh--vW7ZSkXPeOUpfxlFGgauQmXNFOzGoizak7Ult7cw%3D%40smp15.simplex.im%2FEmRhJbsEq3sHw2_i7mA92BY545Y5RvNd%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAp94qy7ZhPEgIBpymfG8-aPHDC9EJ4nSvMLXjCWxMx3Q%253D%26srv%3Doauu4bgijybyhczbnxtlggo6hiubahmeutaqineuyy23aojpih3dajad.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22-_hQq6m3Xk-cdQIiwmSDHw%3D%3D%22%7D

Bitcoin & Lightning Network
https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2Fu2dS9sG8nMNURyZwqASV4yROM28Er0luVTx5X1CsMrU%3D%40smp4.simplex.im%2F6dNk57UTVN7EF6r1O9LaOyI9Opx7Az9s%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEASuPrFrvyC44b-tgZpEu5dfDhN2HX1kKLOzIoR8UrBzY%253D%26srv%3Do5vmywmrnaxalvz6wi3zicyftgio6psuvyniis6gco6bp6ekl4cqj4id.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22GvuLoG20itjrTh8rVzR8Ig%3D%3D%22%7D

privacy security anonymity group of Switzerland
https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2FPQUV2eL0t7OStZOoAsPEV2QYWt4-xilbakvGUGOItUo%3D%40smp6.simplex.im%2FFHiv5_94tP8wxeva32KO7c0sCPa_ojcx%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEA3IWe4TzZs7Y306h07xE1B-_T6pv70OBqWKpvdrP3vQ4%253D%26srv%3Dbylepyau3ty4czmn77q4fglvperknl4bi2eb2fdy2bh4jxtf32kf73yd.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22Gx96MuO6PFtVeL9zWJ0zFA%3D%3D%22%7D

Nostr
https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2Fhpq7_4gGJiilmz5Rf-CswuU5kZGkm_zOIooSw6yALRg%3D%40smp5.simplex.im%2FRlICV6V4cT9grtbkuZnOffCcuZgFqTsr%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAru--JZy-eVm8KjE3K9U9U4Wwk-xBaiKy-_1xeOcy_RQ%253D%26srv%3Djjbyvoemxysm7qxap7m5d5m35jzv5qq6gnlv7s4rsn7tdwwmuqciwpid.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22C6CH60nh8xeM4-7rto19Ug%3D%3D%22%7D

Nostriches
https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2FPQUV2eL0t7OStZOoAsPEV2QYWt4-xilbakvGUGOItUo%3D%40smp6.simplex.im%2Fj5M4aet7oFpiw8xKG4YMql6PihNA2qRW%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAkXpa1gSjfzbmUxMJQRie79owG3NZH3P1vAyzNbAK3zs%253D%26srv%3Dbylepyau3ty4czmn77q4fglvperknl4bi2eb2fdy2bh4jxtf32kf73yd.onion&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22rqMPdqj4SuWTbiGL5frnxA%3D%3D%22%7D

XMPP:

Simplified Privacy Official Group:
simplifiedprivacy@subscribe.simplifiedprivacy.is

Privacy & Security:
privacy-and-security@muc.loqi.im

Linux:
angrytux@conference.trashserver.net

Snikket (learn about XMPP)
general@channels.snikket.org

Soprani (learn about XMPP)
discuss@conference.soprani.ca



 

 Nostr and Session are both public/private keypairs generated locally that then send messages across nodes/relays.  Nostr is to Twitter, what Session is to Telegram.  The two compliment each other perfectly, as Nostr is on the clearweb, making it easier to share content.  While as Session is on the darkweb w/ blockchain DNS making it much more censorship resistant.

With Nostr, you post to YOUR relays.  With Session, you send TO THEIR relays, making surveillance of outgoing content so hard, that it's not even feasible to stop.  On the clearweb with Nostr, it’s far easier for content to go viral.  However Nostr only protects the creator, while as Session also protects the relays and who is your audience.

Governments will weigh the costs vs the benefits of censoring Nostr.  Our thesis is that when combined with Session, they will back down.  Join the experiment, hit up our bot w/ the Session ID: Simple 

 What is Pegasus?

Pegasus is targeted cellphone malware by the NSO Group sold to governments.
It's regularly used against human rights activists.

How can you stop Pegasus?

Well, you can't stop it per say (except step 6 below). But you can reduce risk with SOME of the steps below:

1) GrapheneOS reduces buffer overflows with a hardened memory malloc

2) Always use a VPN for the DNS.  Avoid trusting ISP DNS

3) Don't activate SMS from cell towers and use VoIP only via WiFi

4) Avoid a SIM card, then use an external WiFi FOSS router that you own such as:

In your home: DD-WRT, Open-WRT, (w/) OPNSense or pfSense
Tiny on the go: Rasberry Pi with OpenWRT, or GL.inet,

You can put a USB modem on GLinet then you'd have portable WiFi access, but with physical isolation from the internet source.   Then you only flow encrypted VPN traffic through the router.

If you're too lazy to do this, then an external ISP-provided hotspot over in-phone SIM.

5) Pegasus can work off being sent a link.  When your friends send you random website links on mobile, then look at it without JavaScript.  Privacy Browser & Tor mobile both have a good toggle switches.  (or look at it on PC)

6) You could consider a tiny PC w/ WiFi such as LattePanda or Rasberry Pi INSTEAD of a phone because these have no internal cell tower baseband modem.  The default Pi distro can do Signal, or for example:
lattepanda.com/lattepanda-sigma

Some will think this is extreme, but you can only do SOME of the choices depending on your situation
 

 We highly recommend you read this even if you already agree or don't particularly care about foreign policy, because it arms you with the facts to be able to convince others on this critical issue.  

Elizabeth Warren seeks to ban Bitcoin to stop terrorism financing, but it’s Israel’s Netanyahu that funded Hamas:
https://SimplifiedPrivacy.com/BanBitcoin 

 Elizabeth Warren seeks to ban Bitcoin to stop terrorism financing, but it’s Israel’s Netanyahu that funded Hamas.

https://SimplifiedPrivacy.com/BanBitcoin/ 

 Nostr Phising 101:
How to Avoid Getting Your Bitcoin Stolen

Nostr’s privacy flaw is that anyone can see the metadata in real time of who is messaging who.  Ameythst client currently lets you literally login as them, just the DM itself is jibberish.  When you combine this with the fact that most Nostr users have Bitcoin and are constantly downloading or trying out new clients, this makes Nostr the ultimate place for phishing scams.  Even if Bitcoin is not gotten directly, simply tricking someone into entering their private key into a scam client can be used to make them pay Bitcoin to not wreck their account.

In this post, I will give you some example scams I came up with, so you can immediately recognize real ones in the wild.

Scam #1) Target Developer accounts
Hacker watches the incoming messages of a developer account.  For example if I were doing this, I’d target Lume, since his code has bugs and people are likely writing him to complain about it.  Then when the incoming message comes in, I’d write from a different account claiming to be the dev on the desktop, not mobile, and link them to a scam download link with the bug fix.

Scam #2)  Fake SimpleX.
Many people on Nostr list their SimpleX URL in the profile.  Whenever this person sends an OUTGOING message, I’d fake being the recipient and immediately message them on SimpleX saying to talk here it’s safer.  

Scam #3) Snowden’s DMs
Edward Snowden is among the most popular Nostr influencers.  I’d watch Snowden’s incoming DMs.  Literally anyone that contacts him, I’d immediately message from a different account saying that I’m trying to avoid surveillance with this burner account and let’s talk on SimpleX.  Then after a lot of back and forth, I’d tell them about a new privacy client to download.

</end>
Spread the word to prevent this kinda stuff before they are real. 

 Linux distros for dummies

A Linux distribution is a similar concept to a phone’s app store.  It allows you to download software that’s pre-vetted.  This reduces the chance that it’s malware and allows the different dependencies to work together to reduce redundancy.  However, you MAY optionally get software OUTSIDE of the package manager and directly from the software’s developer, through universal systems such as Flatpak, AppImage, or Snaps.

If you get software from OUTSIDE the package manager, then you’ll have double dependencies which takes up space and causes some minor delay in starting up the program.  Many in the Linux community argue and debate over if the delay, space, and security issues matter, or if it’s more important to have software that works across distributions and is released faster.  The delay on Snaps is worse than others, leading SOME to criticize Ubuntu which heavily uses them.  This is why Mint is a fork of Ubuntu but WITHOUT Snaps.  Others point out that without universal package managers, it can take YEARS for new software to make it to distributions with slower release cycles such as Ubuntu and Mint.

A Linux distribution is NOT the way Linux LOOKS.  That’s the desktop environment!  So if you like a distro’s software, you can swap it for any other desktop environment than the default.  For example Linux Mint’s “Cinnamon flavor” look, could be put on Debian or anything else!  At the end of the day, distros DON’T matter that much and anything is better than Windows…  even snaps =) 

 Showdown!
Signal, Session, SimpleX, Matrix, XMPP, Briar

Who is the...

Most adopted by everyday people:
Signal

Most adopted on darkweb:
XMPP

Most adopted by corporations:
Matrix

Most adopted by militaries:
XMPP

Least Censored for individuals:
Session

Least Censored against platform level bans:
Briar

Most likely to confuse criminal courtrooms:
SimpleX

Best for Journalists:
Session
(due to first contact metadata)

Best for political revolution:
Briar

Most vulnerable to psychological phising:
SimpleX

Most vulnerable to metadata attacks:
Signal

Most vulnerable to backdoor updates:
Signal

Most device-to-device sync issues:
Matrix

Least device-to-device sync issues:
Signal

Most audited:
XMPP

Most centralized network:
Signal

Most decentralized network:
Briar

Most decentralized development:
XMPP

Most misunderstood & untapped potential:
Session

Most likely to grow:
SimpleX
(due to corporate APIs)

My personal favorites:
Session for censorship
SimpleX to hide
XMPP for strangers/friends
Signal for family
(Because good luck getting your grandma on Briar)

Ask me in the comments any new categories or dispute! 

 Privacy routers, phones, and computers?

At the most basic level, this “privacy” stuff just means changing the operating system!  It’s the same hardware and many of the same programs/apps are used.  The only real difference is an open source operating system that isn’t spying on you.

So with a computer, we’re ditching Windows/Apple and using Linux.

With a phone, we’re ditching the “stock version” of Android (which is the version with Google’s telemetry), and using GrapheneOS (or other choices such as Calyx, Lineage, etc)

With a router, we’re ditching the ISP or manufacturers’ version, and putting on OPNSense, (or pfSense, DD-WRT, or Open-WRT)

That’s it.   It’s not that complicated.  You can use the same cell service.  The same home internet provider.  For phones, all the same Android apps.  And for PC, most of the same software.  It’s just that the OS has no telemetry. 

 Pro/Con of “Privacy” Phone Numbers/Services

JMP.chat
Type: Number
Pro: No KYC VoIP to XMPP (or Matrix) for anonymous Bitcoin, so you're using an open source client
Con: Only US and Canada numbers.  They're just reselling Twillio VoIP, which means that not only are you just paying more just for anonymity, but many services recognize these as Twillio VoIP numbers and will block you.
Solutions: There exists the possibility of buying a real world physical SIM and then transferring over service to JMP VoIP.  But you’re better off using 1 time burner services for most account registry.

Hushed
Type: Number
Pro: No KYC VoIP for Bitcoin, similar to JMP.chat
Con: Uses their proprietary client which isn’t private through the Google Play store.  I’d avoid Hushed.

Silent Link
Type: Number + Service
Pro: No KYC Crypto SIM card that separates billing and identity from the literal cell tower carrier
Con: Uses eSIM which requires Graphene’s Google Push service sandboxed.  No outgoing calls.  

Calyx Institute Hotspots
Type: Service
Pro: No KYC WiFi hotspot for Crypto
Con: It’s just reselling T-mobile service, so if you use this in your home and your home is KYC, then T-mobile will likely figure out that it’s you since celltowers see geolocation.
Solutions: You can avoid this by putting the hotspot in a faraday bag, and only using it outside your home.

MySudo
Type: Number
Pro: Multiple burner VoIP lines
Con: Requires Google Play store JUST to PAY for it, but then can be used on a degoogled phone once you add credit.
Solutions: This can be sandboxed or put on a separate old device and you can use bitrefill to buy the credits with cryptocurrency

SMS.usmobilenumbers.com
Type: Number
Pro: Quick easy cheap burner anonymous SMS verification for cryptocurrency.  It’s real SIMs and not VoIP.
Con: US only.  They resell the number for OTHER services, which MAY trigger anti-fraud for SOME services including Zelle, eBay, PayPal, LinkedIn, and others.  So you risk a ban on accounts.
Solutions: Avoid putting money in any account for a few days to see.  Use a residential proxy IP instead of a datacenter VPN, especially for eBay.

VirtualSim.net
Type: Number
Pro: Great for abusing foreign numbers in poor countries such as Cambodia or Ukraine for Signal or Telegram.  Quick easy cheap burner anonymous SMS verification and/or longer term monthly numbers for cryptocurrency.  It’s real SIMs and not VoIP.  Their customer support is excellent and we highly recommend them for Telegram verifications.
Con: They may loose access to the burner number after a period of time (like a year) where you can’t renew and someone else COULD potentially verify the number.

Crypton.sh
Type: Number
Pro: Huge amount of countries for real SMS anonymous crypto.  Get sought after Western European #s here that normally have strict KYC rules on physical SIMs
Con: Overpriced setup fee for 1 time SMS verification, but if you actually live in (or desire) that country it’s okay.  There’s no real purpose in all their “at rest encryption” advertising, because SMS is unencrypted transport.  

Follow us on Nostr for more!  Repost this if you want us to keep doing them.