This was sent to me privately by kfm27917, and I found it very interesting. I'm not sufficiently geeky to evaluate it, but I felt I should share the information here. :thumbsup:
Printable View
This was sent to me privately by kfm27917, and I found it very interesting. I'm not sufficiently geeky to evaluate it, but I felt I should share the information here. :thumbsup:
Hi Bill. I came across prism-break.org several years ago after digesting the Snowden revelations. While many of their suggestions are good, there is a "woke" slant to their recommendations. Let me give you some examples:
• For email & productivity they recommend Riseup. First of all, Riseup is the home for left wing activists. From the top of their homepage:
Riseup retains the encryption keys to your email. Is that what you want? Second, email is INHERENTLY not private. Riseup does not encrypt their email and does nothing to strip the metadata from the email header. From their own help page:Quote:
Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications.
https://riseup.net/en/security/messa...iseups-webmail
Now, thunderbiird is a great email client, but to use it effectively, you will need to use a PGP addon (the email receipient will also need a PGP addon), BUT your metadata is still sent in the clear. As Snowden said, the metadata- who is talking to who and when are they talking- is extremely important to the intelligence services and to your privacy.Quote:
Can I send and receive encrypted email using riseup’s webmail?
At the moment this is not possible. It is much better for riseup users who want to use encrypted email to utilize an Email Clients (such as Thunderbird) to send and receive email, while keeping your private key stored safely on your local machine.
For search they recommend DuckDuckGo. Yes really they do. DuckDuckGo is woke as well. Here is an article describing how they are combating Russian disinformation:
"The DuckDuckGo Users Furious at Its Response to the War in Ukraine"
https://slate.com/technology/2022/03...wnranking.html
For Instant Messaging, they recommend Signal. Signal has good end-to-end encryption, BUT they know your phone number- NOT private. When you setup Signal, if you are not careful with the settings, it will grab all of your contacts- NOT private. From a Signal support page:
"Does Signal send my number to my contacts?"
https://support.signal.org/hc/en-us/...o-my-contacts-
Hmmm. that seems like a lot of technospeak for saying we analyze your contacts and see of they are Signal users. As privacy tech guru Rob Braxman said, Signal is good for friends and family, BUT NOT for people you don't know nor for privacy conscious groups.Quote:
How does Signal know my contact is using Signal?
Signal developed a private contact discovery process that enables Signal clients to efficiently and scalably determine whether the contacts in their address book are Signal users without revealing the contacts in their address book to the Signal service. Once your phone knows which of your contacts is a Signal user, it can optionally notify you when a new contact has started using Signal.
For secure messaging without metadata, I think Session is the app. You can research it for yourself here:
https://getsession.org/
It has a learning curve, but it is a robustly secure messaging platform. Interestingly, I could not find Session listed anywhere on Prism-Break.org.
For VPN they recommend Mullvad, and I think that is the preferred choice for crypto users. KeepPassXC is also a good password manager, but to use it really securely you probably want to couple it with a hardware key like YubiKey and configure the Yubikey for Local Authentication using Challenge Response, otherwise know as "HMAC-SHA1 Challenge-Response". Here is an article on how to use a YubiKey with the KeepPass password manager for Local Authentication:
https://support.yubico.com/hc/en-us/...y-with-KeePass
MacOS Catalina and LATER users are out of luck, as Apple has changed login entitlements which PREVENT the use of a YubiKey for Local Authentication using Challenge Response [Explanation is listed in red bold letters at the top of this article]:
https://support.yubico.com/hc/en-us/...guration-Guide
Rob Braxman recently said that the big tech companies want to move the masses to SERVER based 2FA using your phone, which means they will know PRECISELY who you are (UNLESS you have a secondary phone JUST for server based 2FA, which is NOT tied to anyone's identity). Looks like it is time to decentralize and move to GNU/Linux.
So, my take on Prism-Break.org is use it as a starting point and understand their woke bias. To get a higher level of security discernment listen to Rob Braxman's podcasts. He can be a little long winded sometimes, but he knows his stuff. You can find Rob Braxman on YT, Rumble Odyssey:
YT
https://www.youtube.com/c/BraxMe/videos
Rumble
https://rumble.com/c/robbraxman
Odyssey
https://odysee.com/@RobBraxmanTech:6?
Note- Each platform has a different group of commenters, which leads to different discussions and insights.
For your privacy conscious Avalon members, here are two very pertinent podcasts from Rob Braxman:
"2 Factor Authentication: How to Counter its Abuse by Big Tech"
https://www.youtube.com/watch?v=nbnWdA2JBik
The Hidden Networks: Onion Routing, TOR, Lokinet, I2P, Freenet
https://www.youtube.com/watch?v=Ygxuwec1BsI
Very informative Kuperkai, many thanks.
I agree with point about using 2FA via phone. Though better than having no 2FA at all, the codes are sent through unreliable third-party mediums and the safety of sending a code through an SMS message can depend on the mobile provider.
Twitter recently got rid of the 2FA via mobile phone option, with Elon Musk saying that many telecommunications companies are not being very honest and are just playing with the system:
Quote:
And they run like text SMS two-factor authentication over and over again, and just get millions of bot accounts to actually run tabs so Twitter will text them. Twitter will just pay them millions of dollars"
Funny how I have all-ways been an advocate for keeping your data in your hands.
For Entreprise suite, they suggest Nextcloud. I use it and would recommend it if you can.
https://nextcloud.com/
About: We help you achieve a safe home for all your data. Secure, under your control and developed in an open, transparent and trustworthy way. We are Nextcloud.
It does it all, document editing, all levels of messaging, calendaring, contact management. You can add to it from a library of add-ons.
I think it is best.
Not an easy one since I have my own Debian servers, and understand that it is not for everyone.
I don't recommend keeping your data online. What happens when the cord to the internet is cut from under your feet at once. You've just lost it all.
Keep your data in your hands and back it up.
An easy solution for everyone is using pocket USB drives, store your data onto those devices and keep multiples of them, that way you will never lose a syllable!
I worked with cloud data solutions for years in my previous career roles - yet I also choose to keep all my backups on USB drives, usually 1-3 Terabyte ones which can hold multiple systems' data.
When I leave home all of my important home data travels with me in one of these drives. (Which I keep in a faraday case when not in use at home.)
Me too. I joke that "The Cloud" is actually "Someone Else's Computer", but not while I am an active technical specialist helping companies with their cloud solutions. Ok, I do sometimes.Quote:
Posted by mountain_jim
We went from Mainframes to Personal Computers, because people found they liked having the sovereignty of data processing at their fingertips with a PC, rather than have to negotiate for centralised processing power on a mainframe. Now it's gone back to centralised processing, with people giving up their local power and becoming hostages to the service health and cloud costs that never decrease. Stick the word Enterprise on the front and the costs increase by a factor of crazy.
I also don't often joke that we will cycle back to local processing before too long, after everyone is sick of feeling like a hostage.
My understanding is that there are no devices available to the general public which can be made secure by apps, operating systems, or firmware, because they are all designed at the hardware level to be insecure.
Digital electronics are intrinsically insecure.
Billions are stolen from the banks each year, by low tech digital means alone. A few hundred dollars and anyone can get in on the action too! It's simple.
The only way to keep data secure digitally is never to share any of the info with anyone, never access that data in any way, and basically just forget there is data on a disk somewhere. Because as soon as the data is hooked to a computer it becomes vulnerable to attack. Even the disk or stick or outboard memory can be stolen...
1)"While many of their suggestions are good, there is a "woke" slant to their recommendations. Let me give you some examples:"
2)" For search they recommend DuckDuckGo. Yes really they do. DuckDuckGo is woke as well. Here is an article describing how they are combating Russian disinformation:
"The DuckDuckGo Users Furious at Its Response to the War in Ukraine"
https://slate.com/technology/2022/03...wnranking.html"
post from Kuperkai https://projectavalon.net/forum4/sho...=1#post1544778
*First topic freeze me on track! wherever the term "woke" appears I kiss all goodbye...
*Second topic is the grave stone for DuckDuckNO
Now they make updates only up Win. 10 huuummm...
I remember and posted somewhere in this forum, that when Win 10 came out, Kaspersky (Russian anti/everything)
was elected best anti virus, etc. 5 years in a row world wide. And they send a warning to Microsh1t about too many "holes" in that system, holes that compromise your Pc, laptop, etc. from the go...
And how respond Microsh1t? they demonize Kaspersky world wide because... it is Russian!
And this list don't recommend Telegram and Yandex too because...what? because they are Russian products too!
"They" cant control Russia in anyway! therefore... :sherlock:
damn right!Quote:
Posted by gord
The above is when you have intel ME on board.Code:intelmetool]$ sudo ./intelmetool -b
Bad news, you have a `QM77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...
MEI found: [8081:1d3b] 7 Series/C217 Chipset Family MEI Controller #1
ME Status : 0x1e000245
ME Status 2 : 0x63000106
ME: FW Partition Table : OK
ME: Bringup Loader Failure : NO
ME: Firmware Init Complete : YES
ME: Manufacturing Mode : NO
ME: Boot Options Present : NO
ME: Update In Progress : NO
ME: Current Working State : Normal
ME: Current Operation State : M0 with UMA
ME: Current Operation Mode : Normal
ME: Error Code : No Error
ME: Progress Phase : Host Communication
ME: Power Management Event : Global reset after an error
ME: Progress Phase State : Host communication established
ME: Extend SHA-256: 054a7f0413fct4e8084236cf6ee64c9bqa2298b175b9kb6b8cb7219332714bu9
Error mapping physical memory 0x0000004065546240 [0x2000] ERRNO=1 Operation not permitted
Could not map ME setup memory.
Do you have kernel cmdline argument 'iomem=relaxed' set ?
Bad news, you have a `QM77 Express Chipset LPC Controller` so you have ME hardware on board and you can't control or disable it, continuing...
IO error couldn't read MSR.: Input/output error
Could not read the BOOTGUARD_SACM_INFO MSR.
Here is a nice presentation of the issue, worth the time reading.