/tech/ - Soyence and Technology

>>33764 (OP)
It's appropriate

>>33764 (OP)
It's appropriate

signal has metadata, uses a phone number as kyc, not good
use xmpp over i2p and/or tor, email too. pgp keys can be verified over a channel you can be sure is too hard to tamper with, e.g. a call on signal
mass surveillance is extremely pervasive; you need to do more than use certain services
you must compartmentalize and obfuscate your identities, add layers, use generic usernames and passwords, alternate your typing patterns to avoid stylometric fingerprinting, alternate timing
web browsers are fundamentally broken; use html only and try to find a well understood open source browser. probably something downstream of firefox, since the base has a lot of stuff built in it shouldn't have. userscripts aren't enough to get rid of it all. fingerprinting is virtually inevitable with javascript enabled, which is why you should avoid it
you should consider the vulnerabilities in your systems; sandbox and virtualize things where you can so no automated malware can get through as easy. obsessively minimize the contents of your system, understand them
build software from source because the maintainer who builds and signs it could one day be compromised, audit changes, replace the firmware on your system with something you can audit. also, if you have to use an intel cpu, obliterate ime. it is very dangerous. coreboot is a good supplier of mostly open source firmware, in the build script you can configure it to exclude proprietary blobs. arm isn't actually open despite what they portray it as; trustzone is just another ephemeral backdoor into your system.
don't even register for any websites. host everything yourself. run barely anything on your system.
also btw use throwaway emails and constantly cycle pgp keys so it's harder to track based on where what's been seen.
>

>>33771
ive been using xmpp for communication on tor but getting everybody i know to switch to it is a pain which is why i have signal made with a temp number

the one thing i do not understand is why would pgp be used (except for communication over xmpp), email just doesnt seem secure enough for actual private communication and ive never had a reason to talk to someone over email and not over any other service

in the thread i forgot to mention i have noscript installed too but
> try to find a well understood open source browser. probably something downstream of firefox, since the base has a lot of stuff built in it shouldn't have.
do you mean librewolf or something similar?

with the open source firmware, i will try to do that on my system but i couldnt find any information on obliterating AMD PSP, since that also seems like a backdoor

>alternate your typing patterns to avoid stylometric fingerprinting, alternate timing
this seems very difficult and ive thought about creating a project for this where i just feed my text to a local LLM to rewrite it and since there are masses of LLMs currently botting things it would be more difficult to track someone like this