this post was submitted on 17 Sep 2023
97 points (97.1% liked)

Privacy

31939 readers
660 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

For transparency sake, I'm the new maintainer of this website. Just wanted to share it here. I was thinking of creating a community for it, but I don't know if it is worth it.

I hope someone find it useful. If you want to contribute, collaborate or just share your opinion, you're more than welcome! The repository for the website is here https://codeberg.org/ThePrivacyRaccoon/website

all 32 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 1 year ago (1 children)

You say that one of the services "recommend[s] Thunderbird which is spyware and bloated." This is the first I'm hearing about this. Can you cite a source? If this is true, I have some juggling to do.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (2 children)

Edit: read here https://privacy.awiki.org/fake-privacy-initiatives/thunderbird.html not as in depth as I would have liked it, but I'll do for now

It is easy to check by yourself by reading their privacy policy and analyzing the automatic connections that Thunderbird makes using Wireshark or mitmproxy.

I can't find any in depth analysis right now, I might have to write it myself. But this page, although a bit outdated, gives some information about it:

https://spyware.neocities.org/articles/thunderbird

Thunderbird has also been vulnerable to a lot of email attacks because it has JavaScript enabled by default. See efail for the most notable one.

The email client that is recommended, Claws Mail, does not make any automatic connection and by default has no HTML renderer which improves security.

Edit: forgot to mention that Thunderbird supports cookies, which IMO are totally unnecessary for a email client and just add another way of tracking the user.

[–] [email protected] 16 points 1 year ago (1 children)

It would easy for a technical individual, maybe, but not to the layman, which is the person that privacytoolsio was designed for. I appreciate the link, by the way.

A small suggestion: if you're going to make a statement, such as "Thunderbird which is spyware and bloated", you should add sources that helped you come to this conclusion. Making a statement without citing your sources, isn't super helpful, as we don't know you and whether you're actually knowledgeable or more like those "covid shots have nanobot tracers" people. Regardless, super nice repo! It seems like a labor of love, and I really appreciate you sharing it. I look forward to how it develops.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)

Thank you! I do research for myself so why don't share it with others.

And you're completely right, sources are needed. I'll try to add them tomorrow to the website, for now, I'll leave some of them here, just in case anyone is interested:

From Thunderbirds Privacy Policy, the most interesting bit is that they share your IP with Amazon:

Thunderbird uses Amazon Web Services (AWS) to host its servers and as a content delivery network. Your device’s IP address is collected as part of AWS’s server logs.

source: https://www.mozilla.org/en-US/privacy/thunderbird/

Thunderbird has had various security flaws in the past, most notably efail. A table noting the email clients affected by this vulnerability:

efail

source: https://efail.de

I'm sure there's more, this is just what I found with some fast searches.

[–] [email protected] 1 points 1 year ago (1 children)

Thunderbird also is very user friendly and is full of functionality

[–] [email protected] 3 points 1 year ago

I didn't say otherwise. If the focus of the site was user friendliness and moderate privacy, Thunderbird would be the first on the list.

But our privacy standards are higher than that and we avoid software that has telemetry especially when there are other options available.

[–] [email protected] 6 points 1 year ago (1 children)

Don't forget opnsense for router firmware

[–] [email protected] 2 points 1 year ago (1 children)

There are already a lot of router firmware options, I considered it, but I thought that pfsense offers almost the same things.

Any feature that makes opnsense preferable over pfsense? I have experience with pfsense only.

[–] [email protected] 1 points 1 year ago (1 children)

Opnsense has an arguably better UI, and more frequent updates.

You can look into the drama about the pfsense devs when opnsource forked it but the tldr is the pfsense devs were openly hostile in a variety of unprofessional and uncalled for ways to opnsense.

More recently, pfsense devs rushed the wire guard integration which turned out to be so problematic that the wire guard devs had to publicly comment that it shouldn't be included inorder to prevent it from shipping. One of the reasons why opnsense forked a few years prior was due to bad code quality of pfsense.

Also my two cents, if you're going to create this list to benefit the community and you don't want to include too many options, then you'll need to make informed decisions on which projects to include and why. Relying on the community is fine, and crowed sourcing knowledge is powerful, but don't ignore large projects without researching them

[–] [email protected] 1 points 1 year ago

Oh thank you for the information! I'll swap pfsense with opnsense.

Yeah I try to make informed decisions, that's why every recommendation is something I use or I have used, listed I used to have a pfsense firewall for a few years and it worked great for my use case, but yeah, the issues you comment make opnsense a much better option.

[–] [email protected] 6 points 1 year ago (1 children)

I just want to say that all of your efforts put into this are not going unrecognized. This is really awesome.

It's even so organized too. If I could make recommendations in the future, I'd look at private OS' designed for smart watches. And I might've missed it, but I was curious about your opinion on pine devices, and Ubuntu Touch.

[–] [email protected] 3 points 1 year ago

thank you so much! It's been a fun run to put everything together. There's still a lot to do, but I'm getting closer to the point I want the website to be.

I don't know a lot about private smart whatches since I don't own one, but I'll make a note to take a look at it. I appreciate the feedback.

[–] [email protected] 4 points 1 year ago (1 children)
[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

it's already there, just below Linux Mint. I mention that Qubes is best used with Whonix. I didn't have that link tho, I'll add later, thanks!!

[–] [email protected] 3 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago

thanks! I'm glad someone found it useful.

[–] [email protected] 3 points 1 year ago (2 children)

I see you recommend Mulch instead of Bromite. Have you considered Cromite?

[–] [email protected] 2 points 1 year ago (1 children)

oh I know about Cromite, but it's pretty new and I'm waiting to see if the project lasts and if it's well maintained. Mulch has been around for longer so I opted for recommending that for now.

[–] [email protected] 2 points 1 year ago

Okay. Just wanted to mention it since I'm pretty sure the team behind Mulch recommend using Bromite instead (last I checked at least).

[–] [email protected] 1 points 1 year ago (1 children)

Bromite got shut down or something too. I mean it hasn't been updated in a while.

[–] [email protected] 1 points 1 year ago

Yeah, Mulch devs recommended using Bromite as far as I remember and Cromite is an up to date fork. That's why I mentioned it specifically.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Okay so I've updated the website based on everyone's feedback. Thanks for your comments!

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

they don't support email clients, just their own. They don't support PGP encryption, just their own and because it's done with JavaScript, no matter if in the web client or their "desktop" client (which is still the web), could be injected with malicious scripts and steal the encryption key and send it to their servers.

Oh and it blocks VPNs and Tor registration:

[–] [email protected] 2 points 1 year ago (1 children)

I disagree with a lot of the software listed but I respect the effort

[–] [email protected] 2 points 1 year ago
[–] [email protected] 1 points 1 year ago (1 children)

Are you open to contributing without needing to open a Codeberg account (or sign in with Github/lab)?

[–] [email protected] 1 points 1 year ago (1 children)

of course, you can send me your contributions through email if you wish. But it's better to talk about them a bit, just to make sure we don't disagree and don't waste anyone's time.

[–] [email protected] 1 points 1 year ago

Yes agree it's much better to discuss first! I just wanted to send in a couple of patches for typos initially :)

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I saw thw "Shadow wiki" link on the side, went to check it out to see what kind of edgy shit I'd find, and boy was I not disappointed.

Feel free to check it out If you need a laugh.

[–] [email protected] 2 points 1 year ago

oh that was added by the previous maintainer. I should probably remove it tbh.