OnePhoenix

joined 8 months ago
MODERATOR OF
[–] OnePhoenix 1 points 6 months ago (1 children)

I've heard of these but haven't given them a long look. What is it about mullvad or librewolf that people prefer over Firefox?

[–] OnePhoenix 1 points 6 months ago (3 children)

Thanks. I currently use hardened Firefox (Arkenfox) and yes I do use unlock.

14
Cookies (self.privacyguides)
 

Newb question: what does it really mean when I click "Reject Nonessential Cookies"? Am I really being any more private by rejecting these? Just feels greasy like it's a workaround for websites to get my information anyway? Should I navigate away from any sites that suggest this cookie configuration?

[–] OnePhoenix 22 points 6 months ago (1 children)

If you don't think Mozilla cares about your privacy anymore, yet you use Qwant, you're probably not going to want to hear that the two partnered up last month.

I've been using Startpage with positive results.

There's also hardened Firefox solutions.

I second Proton... I love 'em. I use them for email and VPN. I always have a hard time putting all my eggs in one basket though, and try to avoid using any one ecosystem for all my organization. For example, I use an offline app for my calendar, and a self-hosted home solution for file management.

Great to see another person giving the one finger salute to big tech. Not sure about your ideas on Apple respecting your privacy though - they haven't given me that impression but maybe I'm misinformed.

[–] OnePhoenix 1 points 6 months ago

After your post I did some digging and indeed it does appear as though Parrot OS can be installed through UTM. Thanks for the heads up!

[–] OnePhoenix 5 points 6 months ago (1 children)

Is SELinux enabled by default in Fedora? I've tried researching it but everyone seems to be wanting to do the opposite and disable SELinux (presumably because it restricts ease-of-use)?

[–] OnePhoenix 4 points 6 months ago (2 children)

I've looked at this and would love to but as is my (limited) understanding, Qubes is next to (if not entirely) impossible to implement on Mac M1

[–] OnePhoenix 2 points 6 months ago (1 children)

Thank you. Again, excuse my ignorance but, I don't see Parrot on the UTM list... Can Parrot be loaded on top of one of those OS's? Or are you suggesting Parrot in general, regardless of UTM's capabilities?

11
Which OS/Distro? (self.cybersecurity)
submitted 6 months ago* (last edited 6 months ago) by OnePhoenix to c/[email protected]
 

I'm new to the cyber-security/privacy space. I am interested in teaching myself about it, as well as dabbling in OSINT and general linux-type-stuff too. ATM this is all a hobby so while it is not crucial to have everything air-tight, I would like to do my best to follow best practices.

That being said, I am currently using a Mac M1 so my VM capabilities are (AFAIK) limited to the OS's provided by the UTM virtual machine software. For those who are unaware, the OS's they provide can be found here:

https://mac.getutm.app/gallery/

From a security/privacy perspective, which of these OS's would you consider to be the most secure or, able to be the most secure with configuration? At first glance and with my limited knowledge, I want to say Kali, but I feel this may be cliché as it's what your stereotypical-hacker-type would use.

Any guidance would be appreciated.

N.B., ease of use/convenience is not a top priority for me, as I'm using this as a learning experience and I'm open to trying different things and making mistakes along the way.

Thanks!

***EDIT: Thank you to all who provided information. I learned a lot. I've decided to try a few different distros that work with UTM namely, Parrot OS (both home and security editions for different purposes), as well as Kali and Debian.

2
Desktop vs. Mobile (self.protonmail)
 

Is there a logistical/technological reason why I can register for a protonmail account on my desktop without issue but when I try on mobile it tells me "there has been suspicious attempts from your server and we have stopped sending new codes"?

GrapheneOS on mobile MacOS on desktop Both running through protonVPN

[–] OnePhoenix 9 points 6 months ago (1 children)

Valid point. I do prefer the UI with Proton, I find it nicer to click through. Also, Tuta usually makes you wait 2-3 days before you can use it - not a big deal really, unless you're trying to sign up for something new.

[–] OnePhoenix 17 points 6 months ago (8 children)

I don't know if what I do is the right way around this but, as stated Proton will reject disposable verification emails and you cannot use another proton account to verify a new one.

My workaround for this is to verify proton with a Tutanota account which is also created with as little to no identifiable information as possible.

TLDR: Proton accepts Tuta emails for verification and Tuta emails can be created anonymously.

[–] OnePhoenix 1 points 6 months ago (1 children)

You say you use ProtonPass with a free Proton account? Do you know if they have a limit for creating these new emails? I've seen ProtonPass advertised but I just assumed it was a premium feature. When I say its tedious, its because when I create new ProtonMail accounts you first have to verify it with another non-Proton account which I find a bit annoying as I dont use services like Gmail etc , but more importantly, Proton has been blocking signups on newly created emails (if you just created the email and then use it to verify a service sign up it gets blocked).

[–] OnePhoenix 10 points 6 months ago (2 children)

Perhaps I haven't used it to its full capacity but, I have a free proton account and I still have access to simple login

 

I used to use Protonmail, however the verification steps become tedious when creating unique emails for sign ups. I've switched to Tutanota despite it contravening their one account policy. What do you all use for one off emails (for sign ups etc )? Or do you prefer one of those 10 minute email sites?

[–] OnePhoenix 1 points 6 months ago (1 children)

Thanks for the info. You'll have to forgive my ignorance as I'm not super well-versed but, I was of the impression that alias software like anon and simple login were more for avoiding spam and unwanted emails from sign ups. Is it also effective as a security tool?

 

Does it make sense to have separate emails for each individual financial account (banking, credit cards) or is that overkill? I'm just thinking that if a hacker got access to one email they'd have all account information?

 

I use GrapheneOS ony phone and a Mac with the security options as optimized as possible. For most of my emailing etc, I use Tuta and Proton. There are instances however, where having a Google account is beneficial (some apps for example won't download from Aurora store in anonymous mode).

Is it advisable/possible to create a dummy Google account with minimal ID/credentials? And if so, what are some best practices for doing so?

Or, do I resign myself to the fact that with more control over my data, I have to sacrifice more?

69
Find My Graphene? (self.privacy)
 

I feel like this may be a bit of a counterintuitive question considering Graphene's privacy features but, is there a way to remote erase or find my phone with GrapheneOS in the event the phone is lost?

15
Video chat options? (self.privacyguides)
 

I'm currently running Grapheme OS on a pixel. One thing that I've had trouble finding is a secure video chat option. I'm assuming that its because such a thing in a secure environment is hard to come by / impossible.

The only options I've found are things where you must self host like element etc. Is this the only way?

I realize there may be nuanced answers to this question that I may be overlooking as I'm still relatively new to online security/privacy so I apologize in advance if this is a moot question.

1
Getting Started (self.zodiac_killer)
submitted 8 months ago* (last edited 8 months ago) by OnePhoenix to c/zodiac_killer
 

Many of the questions newcomers have may be found within one of the links below. This list is by no means exhaustive and will be updated as necessary.

  • Check out the Wikipedia Page for a brief overview.

  • Tom Voigt's comprehensive Zodiac Killer site can be found here.

  • Richard Grinell lays out the information in a very easy-to-read format and has a lot of pictures, etc. to peruse through at www.zodiacciphers.com.

  • The FBI case file on the Zodiac can be found at the FBI Vault website by searching for "Zodiac Killer" here.

1
Community Rules (self.zodiac_killer)
submitted 8 months ago* (last edited 8 months ago) by OnePhoenix to c/zodiac_killer
 

The goal of this group is to have thoughtful, relevant discussion on the topic of the Zodiac Killer. The safety of our community is of the utmost importance. As such, the following rules will be followed. Failure to follow these rules will result in posts being removed and, if necessary, users being banned.

  1. Treat others with respect. Hate speech, discrimination, insults, etc. will not be tolerated and will result in an immediate ban.

  2. Healthy debate is encouraged, however if a moderator feels that a discussion is devolving, they reserve the right to remove the post and enforce disciplinary action on those involved in the form of warnings or bans. This will be done at the moderator's sole discretion.

  3. There will be no advertising or promotion of any kind on this channel unless it has been otherwise approved by moderators. Any posts/links of this kind will be removed without notice.

  4. This channel is meant to be a forum for real, relevant, and thoughtful discussion on the topic of the Zodiac Killer, and while everyone loves a good Ted Cruz meme from time to time, this is not the forum for it. Shitposts, memes, trolling, etc. will not be tolerated and any such posts will be removed without notice.

  5. Please make every effort to create thoughtful posts. When asking a question, please check to see if it has already been asked. Posts that do not appear to show any effort or do not provide any relevant or novel information to the topic will be removed without notice.

  6. As this is still an active and ongoing investigation in some jurisdictions, do not provide any personal information of anyone involved in the case. Anything that could be construed as interfering with an investigation will be removed and if necessary, reported to authorities. The exception to this rule would be any information that is already made available to the general public (e.g., police department general phone numbers, etc.).

view more: next ›