No Cloudflare. No DDoS.

It’s live!  Our new website is a solution to Cloudflare.  Let’s break it down:

Problem:
Cloudflare breaks SSL encryption and acts as a man-in-the-middle to see all passwords.  And by seeing the bulk of all traffic, they are able to do mass surveillance.

Issue:
When you bring up getting off Cloudflare with website creators, they say “But what about DDoS?”.  And then you’re just directing them to less centralized alternatives, which could become the “next CF” if they got popular.

Solution:
Arweave is on-chain data storage functioning similar to Bitcoin Ordinals (but it scales).  There's a brand-new testnet of global gateways for Arweave, to serve this content: For example I’m “Privacy”

So you just put the name “Privacy” then a dot, in front of the Gateways.

Germany
ISP: Skylink
https://privacy.arweaveblock.com

France
ISP: OVH
https://privacy.arnode.xyz

New York, USA
ISP: Nubes, LLC
https://privacy.exodusdiablo.xyz

Los Angelos, USA
ISP: Internet Access Company
https://privacy.ardevpark.com

United Kingdom
ISP: Contabo GmbH
https://privacy.flexibleee.xyz

Turkey, Istanbul
ISP: Yunus Emre
https://privacy.thecoldblooded.online

Singapore
ISP: Lucidacloud Limited
https://privacy.araoai.com

China, Hanoi
ISP: VNPT
https://privacy.adn79.pro

Brazil
ISP: Redemetro Teleaco
https://privacy.arbr.pro

India
ISP: Logiclabs Tech
https://privacy.satoshispalace.xyz

Pick one close to you, and try it out! 

 Israeli Lawmaker Says Raping Palestinian Prisoners Is ‘Legitimate’

Hanoch Milwidsky, a member of the Likud party, made the comments in a debate about the arrest of Israeli soldiers at the Sde Teiman prison 

https://news.antiwar.com/2024/07/31/israeli-lawmaker-says-raping-palestinian-prisoners-is-legitimate/ 

 This is gonna be epic

nostr:nevent1qqsqqqqphjazvt7uu3guyk3yktyvwguapqxg3t4pw0ggff0ve5m7nccpzpmhxue69uhk2tnwdaejumr0dshszrnhwden5te0dehhxtnvdakz7qg4waehxw309ahx7um5wghx77r5wghxgetk9uyjgjyk 

 YouTube now lets creators appeal partner program suspensions before the action is taken

Quote: "We will allow creators to appeal YPP suspensions for certain policy violations before they take effect"
Source: https://support.google.com/youtube/thread/288348587

Shouldn't allowing for an explanation before demonetizing people and ruining their lives, have been the policy THIS WHOLE TIME?!

“We suddenly decided after decades, to offer a basic reply text box before we starve their family” 

 I would like to thank Reddit for banning me

Because on that account, I made outlandish promises just to get web traffic, and now I don't have to keep my word as they erased the record.

Further, this obfuscates from my enemies and competition my marketing strategies of how to extract fans off the platform.  And now that Reddit blocks all search engines from using the content except Google, those strategies won't even work.

So from the bottom of my heart, thank-you Reddit for improving my life,
While erasing my liabilities, fooling my competitors, and degrading Google search. 

 Big Privacy Ruling in US Federal Court:

Customs agents now need a warrant to search your phone...

Quick Recap:

--New York Airport agents identified a man as a "potential" child abuse purchaser
--The agents forced him to unlock his phone.
--They found he did indeed have four videos of child sexual abuse [1]
--Despite an earlier 2021 ruling that border agents can search without a warrant, this federal judge ruled the other way. [2]

Quote:
“In light of the record before this Court regarding the vast potential scope of a so-called ‘manual’ search, the distinction between manual and forensic searches is too flimsy a hook own which to hang a categorical exemption to the Fourth Amendment’s warrant requirement. And it is one that may collapse altogether as technology evolves.” [2]

In other words,
If we continue like this, then as the tech changes, the Fourth Amendment is gone.

Final Thoughts:
This is a mixed bag right?  Because it's good legal news, but doesn't make you want to get that excited about it because they did find child abuse content.  However, ultimately it's still a win for freedom because this same ruling will carry over to our cryptocurrency wallets, our private messages, and all aspects of our digital lives globally.  While it's bad that child abuse went free today, it would have been far worse if there was no 4th amendment, and we have no right to privacy.

Sources:

[1] https://www.techspot.com/news/104041-judge-rules-warrantless-phone-searches-customs-agents-violate.html
[2] https://www.theverge.com/2024/7/29/24209130/customs-border-protection-unlock-phone-warrant-new-york-jfk 

 I misread this, I read what I wanted to see.  I thought "orange pill" meant purple pill.  

And actually now that I think about it, using the words "orange revolution" would be a horrible way to convince Scott Horton and Dave Smith to come on Nostr.  Because that was the 2014 CIA coup in Ukraine that they speak out against.

That would make a Libertarian think Bitcoin's orange pill was a CIA coup to make self-custody blockchain unusable as real world cash... we wouldn't want that now would we? blackrock

nostr:nevent1qqs9k0kv7xmp8fl8eta25upfy3lnxss0h8ez8v33nfpqvw65g2d03ucpzpmhxue69uhk2tnwdaejumr0dshszrnhwden5te0dehhxtnvdakz7qg7waehxw309ahx7um5wgkhqatz9emk2mrvdaexgetj9ehx2ap0vl3k2e 

 @TheGuySwann & @Nichro

About time on Dave Smith getting orange pilled, our team has been nagging Horton & crew to use the account.  it was only a matter of time.  Free minds can't live in fenced gardens

nostr:nevent1qqsv0ysg3kqjglxvjtwzujkd5l4j8l78g6e6mtckjulqxntrsxz42gcpzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctcjn2a2m 

 Although many internet services are blocked for Russians,

The average Russian knows more about American politics than Americans do.

In fact, maybe the only way for the lazy USA couch potatoes to learn about the dangers of trusting politicians, would be to block Facebook, Twitter, Google News, and Instagram. 

 We're ditching WordPress,
Our New Tor Onion uses Hugo!

What's New?

--New Design
--Hugo is faster
--No pictures, for speed
--It's on a new VPS for just Tor

Q&A

Q: Why should people have a separate VPS for just Tor Onions?

A: First, because if the government knows where your clearweb site is, then they know where your Onion private key is too.  So you get no censorship benefit.

Second, if the Tor network knows that your Onion is at a certain IP address, then you're doxxing the immediate hops to the onion.  In other words, you lose some of the benefits of the darkweb, because the destination is known in the clear.

Q: What's coming next?

A: This version has no pictures for Tor.  Next we'll be doing the full clearweb site.  As well as teaching everyone how they can make their own Hugo site, with rich educational materials on the bloat of WordPress.

Q: Where can I view the magic and wonder?

privacyy3tsy4mge4qmg4nsid2vnhl7szzupphhkfsxvayx5tl2ztbqd.onion 

 Huge thank you to everyone who came through off Nostr

If it was for a server setup, a phone, or just sharing your thoughts in one of the group chats,

Me, Adam, Zen, Digital Hug, & the whole crew, genuinely appreciate you

We got some original stuff coming down the pipeline, I can not be more excited 

 Best XMPP & Matrix Clients!!!

Matrix,

A lot of people use Element,
And there's a new ElementX being rolled out for Matrix 2.0 that has speed benefits.

But my personal favorite is FluffyChat, which allows for multiple accounts at once and has less sync issues with encryption keys on VMs.

Another decent choice is Nheko which has a slick interface.

Consider joining our Matrix room,
public:matrix.simplifiedprivacy.is

~~~~

With XMPP it depends a lot on your OS.

If you’re using Linux,
Then Dino. But Gajim is a 2nd option.
Gajim audio calls work for Linux only, and NOT on Windows.

If you’re using Android,
Monocles has good texting sync with Linux Dino.
But Cheogram is excellent on it’s own.

If you’re using Windows,
Gajim is great for texts, but can’t do audio call for Windows. You have two audio call options:
Option 1) Mov.im in a Web browser, the pro is this is easy. The con is they see your password because it’s in a browser.
Option 2) Unofficial release of Dino for Windows, which I haven’t personally tried and may have problems:
https://github.com/LAGonauta/dino/releases

If you’re using iPhone,
You have two choices
Option 1) Snikket’s iOS app,
https://snikket.org/app/ios/
Option 2) Siskin, which Snikket is based on,
https://siskin.im/

If you’re using Apple/Mac computers,
Your 2 choices are:
Option 1) the same mov.im in a browser as Windows
Option 2) Beagle.im

Consider joining our XMPP room,
simplifiedprivacy@subscribe.simplifiedprivacy.is 

 No way dude,
Most popular encrypted messenger of all time?!

It’s true… Matrix is blazing above 100 million active users, with some reports saying 115 million, and others way more.  Signal only has half that (like 40-60 million).  And now Linux distros such as Mint are including Element in the default programs.

I have bitched many times about Matrix’s centralization with matrix.org on cloudflare, using Google captchas, and Gmail verification of accounts.  But here’s the thing about life man, you can either sit around complain or you can be part of the solution.

To help combat the Big Tech monopoly, Simplified Privacy is now hosting a Matrix Server.

Join our public group:
#public:matrix.simplifiedprivacy.is

You can join the room with an account from ANY server, but if you want an account just DM me from ANY protocol or platform till we get a proper DDoS web captcha setup (that isn’t google)  @support:matrix.simplifiedprivacy.is 

 So @crypt0cranium is asking how spam email reputation works for self-hosting email.

First off, it's NOT true that self-hosting doesn’t work, or that there’s no way to avoid spam block lists.  And for the email setups we do, we guarantee you're off spam or your money back.

There's 2 main aspects to avoiding spam lists,

1. Having the correct domain name (DNS) entries, and using a program that gives you those entries.

Mail-in-a-box is good for beginners, it’s a script that does the setup and then spits out the DNS information.  But the downside is that uses the whole VPS for just email.  Luke Smith has scripts as well.  For the setups we do, we put Mailu in a docker container, so it can be moved from VPS to VPS easily, and other services can be using the same VPS.

2. Having a provider that isn't on the block lists.

This is a tough game because the KYC providers are more likely to be off the list than the anon crypto ones, but it does exist.  Also with most providers, even if you're on the spam list, you can request to get off it.  Spamhaus will demand you fill out a form on their site, and you have to use a residential proxy, and not a datacenter VPN.  Further, not only does the VPS provider matter, but also the domain name registrar, and their nameservers.  Make sure to ask them before you buy it, and then check in the Spamhaus database as soon as you get the IP to complain/dispute.

Important point: ALL domains will be on the spam list for 1 month when they are first registered.  This is NOT a permanent ban, it’s an unavoidable 1-month thing.  So if you’re doing it on your own, first buy the domain, and then the VPS a month later.

And if you don’t feel like reading the docs, consider our program, you get email, XMPP, Cryptpad docs, and whatever else you want (Nostr relays, SimpleX relays) on there, and then we hand the whole thing over to you, https://simplifiedprivacy.com/email-cloud-combo/index.html

nostr:nevent1qqsr53q5qwhwt5p3k6eql2nqvz8adgl78udz4nm6l57a2p3kxwj7uxqpzpmhxue69uhkztnwdaejumr0dshsz9mhwden5te0vf5hgcm0d9hx2u3wwdhkx6tpdshszyrhwden5te0v5hxummn9ekx7mp0ujaf7s 

 Protonmail has a BTC wallet?!

Yup it's Bitcoin-only Layer-1-only tied to your email.

So now all I need is your email and I can see all your transactions.  They claim it makes a new address, but this is propaganda if the input/outputs are being used together.  This is the worst of both email and Bitcoin privacy.

You shouldn't be using a web app in a browser for your L1 Bitcoin, it should be in a local wallet like Electrum.  Just like their email, you don't know what's going on in the cloud.  They write "not your keys, not your coins", but they don't even let you use your own PGP key for email.

Further, they called everything else other than Bitcoin a shitcoin.  Even if we ignore Monero, they still don't even accept lightning for their vpn/email.  Lightning is far better at privacy than L1, and more economical.

This shows they are basically a honeypot propaganda outlet, with a World Economic Forum rep on their board, that hands over thousands of emails a year.  Now they can add bitcoin transactions to give context to those compromised emails.

Once again, I urge you to consider self-hosting your email.  Any small VPS is barely more money than proton's paid plans, and we have cheap plans to set it up for you if you're uninterested in reading technical docs,  https://simplifiedprivacy.com/email-cloud-combo/index.html

Stop living in web apps.  You can really be self-sovereign. 

 Facebook screws over Google and Microsoft

Of all CEOs to go open source with AI, it’s Zuck

Meta is releasing the largest OPEN SOURCE AI model, that cost billions to develop.

Llama 3.1, which he claims can beat ChatGPT and Google’s bullshit, on multiple benchmarks.  And now he’s completely just giving it away.  And it’s cheaper to setup server-side also. [1]

Quote Wired,
“Meta CEO Zuckerberg compared Llama to the open source Linux operating system. When Linux took off in the late '90s and early 2000s many big tech companies were invested in closed alternatives and criticized open source software as risky and unreliable. Today however Linux is widely used in cloud computing and serves as the core of the Android mobile OS.

“I believe that AI will develop in a similar way,” Zuckerberg writes in his letter. “Today, several tech companies are developing leading closed models. But open source is quickly closing the gap.” [2]

Sources:
[1] https://www.theverge.com/2024/7/23/24204055/meta-ai-llama-3-1-open-source-assistant-openai-chatgpt
[2] https://www.wired.com/story/meta-ai-llama-3/ 

 Monero Nostr Client Out

It's not made by our team, it's Retrnull doing a fork of Amethyst for Android, he's named Garnet.

I can't vouch for this because I didn't make it.  I tried it w/ a burner, but I could not fund the burner:
"Failed to construct transaction: Invalid destination address"

https://github.com/retrnull/garnet

Ask him questions or complain:
https://bounties.monero.social/posts/94/42-420m-nostr-client-for-monero

He has multiple tipping modes for different privacy options (public, anon, ect), and it can search bios for XMR addresses. 

 Get News on the Internet and Avoid Cable Television

The goal of Cable Television is to force-feed you content, instead of having you actively decide or evaluate choices.  This trains you to accept authority, as eventually the two choices can turn to one.  

In his famous book from 1928 titled “Propaganda”, Edward Bernays, who produced media for the United Fruit Company (and therefore the CIA), to overthrow Latin American governments, pushed the idea that propaganda ought to reduce the choices the consumer make. He promoted the idea that propaganda should push the consumer down to binary thinking.

Even if you were to decide between which websites to stream from, that would be better than just turning on the Cable TV and consuming whatever is on. Because the internet forces you to research options from an infinite dataset and then make a choice, which is training your mind to question and consider alternatives. 

 I know you’re sick of hearing about this, but right now is the time to speak out.

CrowdStrike is Operating System level surveillance, that reports back to this single company, the actions of ALL these different devices around the world, even when they are offline.

If your job forces you to use it, you got 3 options:

a) You can use KVM Linux and do your job in a CrowdStrike Windows VM.  It can't do cross-OS AND breakout.

b) Rent a VPS physically near you, put CrowdStrike on it, and remote into it.

c) Stand your ground and make them pay for the 2nd PC up-front.

I can help you set A or B up.  I’m not shilling Linux tech support because there’s a Windows crisis today.

I’m shilling Linux support because every day is a freedom crisis, but you only realized how centralized the data collection is today because it went wrong. 

 Huge Microsoft Outage leads to Global Closed Businesses

Banks, Airlines, Businesses Worldwide Shut Down.

London Stock Exchange’s news service was down.
In the US, many 911 and non-emergency call centers weren’t working properly.
Many television channels around the world have been hit by the outage, with Sky News in the UK broadcasting from a phone after its studio equipment failed.
The Paris Olympics organizing committee also said it had been hit by the outage, but that it had contingency plans in place. 
In Europe, Amsterdam Schiphol Airport—one of the continent’s biggest connecting hubs—was shut to all arrivals due to the issues, according to Eurocontrol, Europe’s air-traffic-control agency. KLM Royal Dutch Airlines said it had suspended most of its operations.

This story not only shows the horrible dangers of Microsoft’s operating system, but also proprietary software that constantly and unnecessarily monitors systems that otherwise could be offline.  CrowdStrike is a corrupt pro-Democrat firm that supposedly does cybersecurity.  And it’s their software going down has caused Microsoft operating systems globally to have the blue screen of death.  Thousands of airlines globally have delayed flights, and millions of people are being inconvenienced.  

CrowdStrike’s bloated proprietary software is morally corrupt and forced upon workers.  The software monitors all activity on a computer, even when offline actions are performed such as copying a file.  Then this data is all sent back to CrowdStrike to be monitored for their supposed security purposes.

But what is never discussed is that CrowdStrike now has complete surveillance over all documents in organizations that could have otherwise been kept offline, and is now a centralized point of failure for incidents exactly like this.  Further, it’s a massive invasion of privacy for employees, and is often pushed on them for all their devices.

CrowdStrike’s invasive software is difficult to remove, and hijacks the system at the OS-level.  It’s not something employees can just toggle on and off.  While as if employees were just using Linux and end-to-end encrypted communication systems, this would not only save companies money, but has a more reliable track record for reducing security inncidents.

CrowdStrike is famous for lying about Wikileaks.  Even though they had no special knowledge, these supposed experts mouthed off malicious lies that Wikileaks was a hack, and not leak.  Their goal was to create trust in Hillary Clinton, which they failed to do because they provided zero proof.

Between Microsoft and CrowdStrike, they have invaded all corporate computers with surveillance of all OFFLINE activity, that has now brought corporations globally to a screeching halt.  Now is a great time to switch over to Linux, using our rich educational resources. 

 On September 11th the World Trade Center skyscrapers collapsed at the speed of gravity,

By the laws of physics, this would be impossible without internal explosions, according to the thousands of members of the architects and engineers for 9/11 Truth.

The same people who dismiss this, are the exact same people who with covid-19, tell me to “just FOLLOW THE SCIENCE” 

 How you can be deanonymized through Tor

Tor is an excellent tool for privacy, and we do not recommend you avoid it. However, there are many limitations to be aware of and ways of using it that can compromise your anonymity on Tor. This post will discuss just a few of the ways, but there may be others that the public is unaware of. For example in 2017, the FBI dropped a case against a school worker accused of downloading child pornography because the FBI would have rather let him go than reveal the source code for how they deanonymitized him through Tor. [1]

The techniques we will cover include:

1) JavaScript based attacks

2) Cookies

3) Compromised Exit Nodes

4) Compromised Middle Relays

5) Compromised Entrance Guards

6) Opening Files Outside Tor

7) Ultrasonic Sounds

JavaScript Attacks

JavaScript can be used to identify a user through Tor in a number of different ways. This is why Tor Browser comes pre-bundled with the “NoScript” plugin. This plugin can either reduce or disable JavaScript’s ability. When the plugin is set on the “Safest” setting, JavaScript is completely disabled. This level of security is required to completely stay anonymous and secure on Tor.

The first way that JavaScript can identify a user is if a malicious website were to inject code into Mozilla Firefox (the foundation upon which the Tor Browser bundle is built). An example of this exploit was demonstrated as recently as 2022 by Manfred Paul at a Pwn2Own hacking contest of getting a user’s real IP address through Tor. [4a] [4b]

But this is not a one time bug or incident, as Mozilla Firefox has a history of being vulnerable to these types of malicious JavaScript injections. Malicious script hacks caused Tor to have to patch to correct them in 2019 [5], 2016 [6], and 2013 [8].

Back in 2016, cybersecurity researcher Jose Carlos Norte revealed ways that JavaScript could be used to identify Tor users through its hardware’s limitations. These advanced techniques fingerprinted the user’s mouse movements, which are tied to hardware restrictions and potentially unique operating system settings. Norte additionally warned how running CPU intensive code could potentially identify the user’s PC based on how long it takes to execute. [7]

The point of all of this is that all of these vulnerabilities did not work when NoScript was set to the safest mode of disabling JavaScript.

Browser Alone doesn’t stop cookies

Another security issue with Tor is pre-existing cookies, which could compromise your anonymity. For example, let’s say you previously signed on to your Amazon account from the same computer you are now using Tor Browser in (but using a different browser). If you now visit an Amazon page using Tor Browser (or maybe even receive a forwarded Amazon URL), you could potentially be connected to the Amazon cookie already on your computer and be deanonymized instantly. This would immediately connect the Tor traffic with you.

Remember though that Tor Browser is only one of a few options for using Tor. The way around this cookie issue is to use Tor in a virtual machine with the Whonix operating system or the USB operating system version of Tor called Tails.

Compromised Tor Exit Nodes

Your traffic enters Tor encrypted and stays encrypted through its journey throughout the mixnet until it gets to the final stop, which is the exit node. Here the exit node communicates with the “regular” clearnet without Tor’s onion encryption to access a website on your behalf.

Outside of Tor on the “regular” clearweb internet, most websites use httpS encryption. This is shown with a padlock in the top by the URL. If the website is http, without the “s,” then it’s unencrypted plain text data. Anything you do using an unencrypted http website with a Tor exit node can be snooped on and seen. However, this risk is relatively low because of the high percentage of websites that use httpS.

The biggest risk is that the httpS encryption can be removed using SSL stripping. This is when the Tor Exit node acts as a man in the middle, faking the server with which you’re trying to authenticate and downgrading the connection to httpS. For example in 2020, a malicious actor took control of over 23% of all Tor exit nodes and started doing SSL stripping to steal Bitcoin being sent on mixing websites. [9] [10]

To prevent against these types of attacks, upgrade the Tor security level to safest, which requires the use of HTTPS encryption with “HTTPS-Only”. Also pay attention to the top icon by the URL bar, to make sure there’s always a padlock showing it’s using this encryption.

You can click on the icon to see your Tor connection route and the certificate authority. Certificate authorities are the entities that validate the authenticity of the HTTPS encryption to this IP address. On a side note, these certificate authorities can act as a censor by removing an entry’s IP address, and this is one of the flaws that many cryptocurrency blockchains are actively working to solve.

Another way to prevent malicious Tor exit nodes from stealing your data or cryptocurrency is to avoid using exit nodes by using primarily Onion services. If you only login to Onion websites, then you never exit Tor. This doesn’t mean completely avoiding clearweb sites, but try to only browse them and not login. It’s the login/password credentials that malicious exit nodes steal with SSL stripping.

Malicious Middle Relays

The next type of risk is malicious middle relays — the hop between an entrance guard and an exit node. For example, the malicious group KAX17 had been identified as having run up to 35% of the middle relays and 10% of the overall Tor network before the official Tor project removed 900 of its servers. [15] [16]

While malicious exit nodes often want to steal Bitcoin or data, the goal of malicious middle relays is to deanonymatize users by seeing the path of their traffic. This is especially true on Onion hidden services because it doesn’t even use exit nodes.

There are a few things you can do to reduce this risk. We will go over them in the entrance guard section, because they are the same methods.

Malicious Entrance Guards

Entrance guards can see what IP address is connecting to the Tor network, but can’t see the traffic itself as it’s onion layer encrypted. However, they can gather some information, such as the time, size, and frequency of the data packets.

Researchers from Massachusetts Institute of Technology and Qatar Computing Research Institute wrote in a 2015 paper that if one of their malicious machine learning algorithm servers gets randomly picked to be a user’s entrance guard, then it may be able to figure out what website that user is accessing. The MIT researchers are able to do this by analyzing the patterns of packets from a pre-determined list of websites and seeing if they match the traffic their malicious entrance guard snoops. [17] [18]

According to MIT News, the MIT machine learning algorithm has above an 80% chance to be able to identify what hidden services a given Tor participant is hosting, but there are two conditions. First the host has to be directly connected to its malicious entrance guard and second the hosted site was on MIT’s predetermined list. [18] And finding who is the host of controversial materials is often of more interest to oppressive regimes than just who are the website’s visitors.

How can you avoid this?

There are a few ways you can reduce your risks with malicious entrance guards and middle relays.

First, use your own hosted ob4s bridge as an entrance guard to avoid ever having both a malicious relay and guard. Our company can help you set this up on a cloud server (VPS) or you can do it on your own.
And second, you can enter Tor with a VPN first.

Opening Files Outside of Tor

If files are opened outside of Tor Browser, they could have code that executes and reveals back to an adversary your real IP address. To avoid this, one can use a dedicated virtual machine like Whonix, which forces all traffic in the VM through Tor. Another option is the Tails operating system on a USB stick, which automatically erases everything after you’re done.

However, if you want to use a PDF outside of Tor, then you’ll need to convert it to plain text. One great Linux tool to do this inside Whonix’s command line is PDFtoText. You can install it with this command:

sudo apt install poppler-utils

Then use it with this:

pdftotext -layout input.pdf output.txt

The -layout flag keeps the original layout. input.pdf is the original file, and output.txt is what you want the output to be named.

Ultrasonic Cross Device Tracking

As University of California Santa Barbara cybersecurity researchers presented at a BlackHat European conference, malicious websites can identify users through Tor using sounds invisible to the human ear. [20]

The way this works is that many popular phone apps use Silverpush’s ad system, which can receive high frequency audio without the phone’s owner being aware of it. Audio of this type could be broadcast maliciously from a Tor website.
Silverpush enables the sale of your location data

These doctoral researchers warned of the dangers Silverpush presents by being connected to wide-spread platforms such as Google Ads. To demonstrate this, the researchers played video of their lab experiment, which de-anonymatized a laptop through Tor Browser, as a result of an Android’s mic next to the laptop’s speakers, while being signed in to a Google account. [34]

While the researchers presented a Chrome browser app that can stop this, we do not recommend it for Tor use because of fingerprinting (and Tor Browser is Firefox based). The best solution is to turn off the speakers and any phones around you when visiting controversial or private websites. Also consider a degoogled phone with a custom operating system, such as Graphene or Calyx, which would allow you to modify when apps have microphone privileges.

Conclusion

In this article, we covered a variety of different ways your identity can be revealed through Tor. To summarize your best defenses are:

1) Disable JavaScript with Tor’s Safest Setting

2) Use a custom private entrance bridge (ob4s) for an entrance guard that you control. Our company can help you set this up, or do it on your own.

3) Use Whonix or Tails when you need JavaScript or for doing anything outside a browser, such as opening unknown software or files

4) Before connecting to Tor, first use a high quality VPN with OpenVPN (Wireguard won't be faster for Tor)

5) Avoid resizing Tor Browser because of fingerprinting

Consider sharing what you learned.  And of course, here's the sources:
https://simplifiedprivacy.com/how-you-can-be-deanonymized-through-tor/index.html 

 @Sparrow , I’m going to answer publicly, so others can benefit to hear.

Ctemplar was an iceland email provider that shut down due to refusing to hand over data.
But Protonmail stays open because they hand over thousands a year.

When we designed our VPS combo, we did so with the intention that each customer gets a different account that is not related to us or other customers.  This prevents any government from forcing us to hand over data or compromise privacy because we are not tied to any particular location,  And it’s unclear who is even our customer.

This is the only way for us not to share the fate of Ctemplar or Protonmail.  Because while a VPN company can say they don’t log, there’s no way for an email provider to dodge that they have emails coming in.  

And with Nostr, Tor Onions, SimpleX, Session, cryptocurrency, and other tools, this makes us even so more independent of even any particular website server to advertise.  Or any fiat bank to collect.

While it is less profitable for us to setup a VPS with a third party and walk away (because we don’t collect monthly fees), it gives me a sense of purpose to provide something of value that the market lacks.

As far as your 2nd question of public recommendations, please refer to: simplifiedprivacy.com/vps which has our list, although some providers need to be updated.

nostr:nevent1qqsrdsy2nkhzqr6345xcyffn9h8aehu0ux9cekak06tvcvskxgmrc2qpzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctcpzpmhxue69uhk2tnwdaejumr0dshszrnhwden5te0dehhxtnvdakz7tlt3h3 

 This list of breaches shows the importance of giving out minimal information.

Some tips:
a) Use a different random password for different accounts
b) Use an email alias service like AnonAddy or burners

As once a data breach happens and data is sold on the darkweb, the buyer will automate testing the password with that email, on OTHER services.

nostr:nevent1qqsxcn6cw68u7r4dysz2g2zv2wjerkmunn3canfw8geuy8v0jw2vtfsppemhxue69uhkummn9ekx7mp0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7lkmf6n 

 Let’s be honest, that same outer ear shot would have killed Joe Biden

In fact, even just loud noise and the weight of secret service guys going on top of him might have 

 Donald Trump was Shot

Poll: Who do you think did it?

a) Random angry democrat

b) Deep State

c) Deep State but not to kill, just to scare

d) Lee Harvey Oswald's ghost

e) Trump faked it for sympathy 

 Why BitcoinTalk forums suck:

--Cloudflare sees your password.  People invest so much time here to own nothing.

--Tor & VPN restrictions (that require payments) for a borderline illegal grey market

--Google Captcha for Tax Evasion & Bitcoin Mixing

--Payments for Ads in Signatures, based on the quantity of posts, leads to low quality spam

--There's no sense of community like Nostr has, just calling each other scams.  And the criteria for not being a scam is having spent a lot of time using this Cloudflare password to spam.

--People don't even trust the escrow moderators.

--Applicants to job ads often have no presence or website besides BitcoinTalk.  Oh you're a web dev with no website?

Anyone who is self-employed should be self-hosting a VPS.  If your only presence on the internet is Cloudflare seeing your password, Gmail, and Telegram... then you're basically homeless. 

 User: I'd like to install software from apt

Linux: I need to see your sudo credentials, do you have authorized access to install stuff from the most heavily monitored package manager?

~

User: I'd like to install software from Python pip.

Linux: Come on down!  No sudo required! BLIND TRUST IN DEV SOFTWARE!  Just flag it with "--break-system-packages" and you can DESTROY YOUR SYSTEM! 

 Leaked: Google Pixel 9 info

It's unclear if this is a real leak, or Google purposefully marketing their stuff (likely the 2nd).  From the leak, a random Russian websites got images and dimensions: [1]
Pixel 9: 6.24"
Pixel 9 Pro: 6.34"
Pixel 9 XL: 6.73"

The Verge is reporting the Pixel 9 will have AI scan screenshots similar to Microsoft's Recall.  Wiping this with a custom ROM may end this OS-level feature, although it's unclear yet if it will be integrated with the hardware. [2]  As a reminder, Google's newer models (8+) already include the "Find My Device".  This and price are why I recommend the 6a.

AndroidAuthority is reporting on the leak as well, saying there will be a price increase.  Vanilla models going up 100 euros in France. [3]

Sources:
[1] https://rozetked.me/news/33304-eksklyuziv-fotografii-vseh-modeley-google-pixel-9-ot-rozetked
[2] https://www.theverge.com/24196571/google-pixel-9-pro-xl-9a-fold-rumors-leaks-camera
[3] https://www.androidauthority.com/pixel-9-series-france-prices-3459857/
 

 BraveNewPipe just pushed an update!

I tested it and it works.  You can get it right now via Obtainium!

Beginner Q&A:
Q: What are you talking about?
A:  Youtube broke a lot of privacy frontend apps with an update.  This is the fix

Q: What is Obtainium?
A: An android app you can get via F-Droid that lets you install any other app via the developer’s Github, so you avoid having to wait for slow groups like F-Droid

Q: How do I do it?
A: First get Obtainium via F-Droid, then copy-paste the Github link:
https://github.com/bravenewpipe/NewPipe 

 Despite it being easier to self-host XMPP and less expensive on resources, Matrix is more popular.  Why?

The real reason Matrix is popular is because corporate and FOSS developers like the encrypted group chats for their internal use.  (XMPP is NOT encrypted group chats).  So then devs host a Matrix room to answer end-user questions, and having all these rooms encourages overall adoption.

The part that's not usually mentioned, is that only the devs usually use self-hosted Matrix servers, and the vast majority of the public uses Matrix.org which is on Cloudflare with Gmail verification.

In theory Matrix is decentralized, but in the real world, everyone gets Cloudflare metadata surveillance, and uses the same Element client.

Here's my core message:
Try to be Self-Sovereign with what you're doing.
If you're hosting a website, 1 core VPS for email, whatever.  Then host your own XMPP/Matrix.  XMPP uses so little resources, it's near free.

If a VPS is really not for you, even if you pay someone like me $100 to set it up:
https://simplifiedprivacy.com/email-cloud-combo/index.html

Then public SimpleX/Session servers are right for you.  That's fine.  This isn't about me trying to force you to use my favorite protocol.  It's about you not using Cloudflare (and Protonmail seeing your metadata) and thinking you're "doing privacy".