I’m not entirely sure what you’re trying to say here. To clarify, telegram uses a store-forward architecture, meaning that it deletes messages from the server once they have been received by everyone. Until that time, the messages are stored on the server in plaintext, unless you’re using a secret chat. They do this to avoid having to exchange keys between different clients, but what that really means is that it isn’t actually private most of the time.
By default, yes. It is possible to create a so-called secret chat, which is standard for signal and similar, but that’s something you have to manually do. Furthermore, it’s not even possible to make secret chats for groups. When it was initially released, I was cautiously optimistic that it could turn into a good, secure application, but knowing it’s been this long and it hasn’t, I wouldn’t consider that likely.
First off, I would be careful around browser-based VPNs, especially free ones. If it’s in the browser it’s often just a proxy (as opposed to wireguard or openvpn), which is potentially bad for normal functionality or privacy. Also, if it’s a free service then it almost certainly collects your data itself, and won’t necessarily be allowed by sites either.
That being said, there are two ways to layer the two type of tunnels:
Connecting to the VPN first is relatively common. This means that your ISP can’t see you connecting to Tor. Furthermore, VPNs are designed to tunnel your entire system, while Tor generally is not. Thus, you can have some traffic that is merely VPN protected and some that runs through the Tor network as well. In this situation my ISP knows which VPN provider I use, my VPN provider knows (1) my identity and (2) my network activity outside of Tor, and sites that I visit can only see that I use Tor.
The other direction is to connect first to Tor, and tunnel the VPN connection through there. This is very much not intended: Tor only tunnels TCP, while most VPN protocols use UDP (only, or more efficiently). The reason is that it’s actually quite difficult to hide your identity from your VPN provider. If the VPN is the innermost tunnel, then that means that it has access to all your network traffic. I’ll assume that all of it is encrypted with TLS (but be careful because a single error is bad). Then, the VPN only knows which domains you visit, how long, how much data, and at what times. This is still quite significant. Then there’s the issue of payment. If you choose a free service, it almost certainly means it’s selling your data. I will say that this is better than most other uses for free VPNs, but it’s still pretty sketchy. If you’re paying, then you need one which accepts payments in monero (or zcash or another private cryptocurrency) or cash by mail.
Overall, Tor over VPN is relatively normal. I use this configuration regularly. VPN over Tor is highly unusual, and you should consider if you need it. If you need a recommendation for a VPN though, Mullvad supports both monero and cash by mail (sweden), and is generally a good all around VPN (as long as you don’t need port forwarding). One final thing to note: If for some reason you want to use a VPN on both sides, do not use the same VPN, even with separate accounts. Probably, they won’t check, but at that point you might as well just use straight Mullvad VPN.
One thing that’s worth keeping in mind: physical retailers may have cameras, but they (in general) rotate their recordings and don’t provide an API for law enforcement. By contrast, any data that an online service gets is probably stored forever, possibly across multiple companies. If you do pick up the online package at a physical store, then you’re losing most of the benefits, so you also need to provide an address.
That being said, much of China and some of the US have significant outdoor surveillance camera networks. These usually do provide law enforcement with real time, AI search, and may keep recordings for a very long
For me, as a Canadian, I’d consider physical stores more private, maybe putting on generic clothing and a mask if it’s really important. If your city has its own surveillance system, that might be different for you. Though really, in that case, you should be more concerned about pushing for the cameras to be removed, or failing that looking into moving elsewhere: it is not sufficient to have privacy only online, only from major storefronts.
Is there a good one for Canada in specific though? As far as I can tell the Orbic only works in the US, and as a result I’m not sure if I can trust the other devices, even if they’re the same ITU region. Would the TP-Link work? The docs suggest it should work in the US as well as Europe.
That’s not a bubble. AI is a bubble, other people wanting your data will go on until there is cultural and political will to prevent it, and there’s no guarantee we’re moving in the right direction. See the recent situation with chat control: it was postponed, but it will be back; and even when this particular attack is well and truly destroyed, there will be another. Privacy and digital rights are a never-ending fight, but a necessary one for the sake of human rights in general.
Signal allows you to speak confidentially, therefore it is private. It is not, by default, anonymous. Yes, this plus the centralized server mean that potentially dangerous metadata, like relationship maps, can be collected. All indications are this isn’t the case, but that’s not something you can count on.
If you need anonymity, which you probably do at least a bit, use simplex. And yes, having more people using anonymous services like simplex is a good thing for the community as a whole. That said, I’m not going to try to convince all of my friends to use simplex. It’s just too far from the mainstream, missing too many features. Signal is a sufficient compromise for most people, and it’s sufficient for me for most purposes.
It would certainly be preferable to use two devices in this context, but first verify that the apps in question actually use the Play Integrity API, and that you can’t replace them with websites. For myself, I use a Pixel with a custom ROM, and I’ve never had any problems. Of course, it could get worse over time, it depends on the policies of the developers.
Taking your requirements at face value though, iPhone is definitely the correct choice. For the longest time, it was google wants your data but doesn’t care about control, while apple wants control over what you do (to force you to buy their other products) but doesn’t care about your privacy one way or the other. Of course, in the past few years, they’ve both taken some of each other’s worst attributes, but I still think iPhone is marginally better on privacy in stock configuration.
There are definitely ways in which apple is worse: they track your location while your device is powered off, not merely whenever it’s connected to a cell tower or wifi network, and I think they still scan photos uploaded to icloud (but that last point could be out of date, somebody correct me if so). But all that can be worked around if necessary, and in any case it’s not as bad as stock android.
Finally, consider how much has to be tied to your phone at all. Maybe your government apps need to be on the phone, but maybe social media and wikipedia can be primarily used on your laptop, loosening the requirements somewhat. Maybe email can go to your x86 boxes only, even if facebook messenger doesn’t. It depends on your situation.
Do you know of any zero-knowledge providers that are both (a) trustworthy for my own purposes, and (b) unlikely to go to spam?
Like you said, the incoming messages aren’t encrypted, so “zero-knowledge” is always sort of false advertising. Also, if I have to use some weird client, that isn’t good. I do value convenience, especially for email; chasing diminishing returns just isn’t worthwhile, and if possible I’d like to not use both, as I am now.
Consider if a theme could accomplish what you want: It seems like they all use firefox under the hood, and if all you want is appearance, you shouldn’t need to change your entire browser. Keeping in mind that a smaller fingerprinting pool is less anonymous, if you care about that.
I haven’t actually used any other than librewolf though, so if switching provides any features you care about, go for it.
This is so cool, yet another great advantage of the Netherlands.
Finding previously existing services is a great idea, thanks for the link. Here’s hoping I don’t get too much spam as a result. (but at least I can block individual customers addresses)
Aren’t AI tools supposed to be bad with adversarial examples? Someone could make an app that generates an image which (independently) appears to be you and also appears to be old enough.
I’m glad they at least tried to make an alternative to the stupid AI estimation. Even if this is hardly any better. I wonder if a VISA Debit card would pass muster, or do they have those in the UK.
Of course, the primary harm of kids not being able to use social media is also pretty significant—but there’s only so much you can do when you’re actually breaking the law. Except switch to dread, I guess.
To the extent that you still need to use standard apps, consider disabling your advertising ID. EFF has a guide to this at https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now
This won’t stop google of course. You should probably also install a firewall, like other people here have suggested. And keep in mind, disabling features entirely is different from not using them. For example, if location services is turned off, then even google maps doesn’t know your location (in theory anyway), whereas if it is merely unused then google will still check periodically.
For the sake of accuracy: Incoming emails from external services are initially not encrypted. It’s only truly zero knowledge for either emails sent by another tuta user, or for emails that have already been received.
That being said, they don’t record this information unless specifically required by a court order, which to my knowledge has never happened. I understand that they make the decision of whether your account is spam within 48 hours, and after that it is in the clear. I created my account over Tor, didn’t use it much at all for the first few days, and have been using it fine since. That’s only one data point of course.