you should always use internet with zero trust
this post was submitted on 28 Feb 2025
22 points (86.7% liked)
Privacy
1181 readers
548 users here now
Protect your privacy in the digital world
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be nice, civil and no bigotry/prejudice.
- No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
- Stay on topic.
- Don't promote proprietary software.
- No crypto, blockchain, etc.
- No Xitter links. (only allowed when can't fact check any other way, use xcancel)
- If in doubt, read rule 1
Related communities:
founded 3 months ago
MODERATORS
TL;DR - No trust. None. For anyone or anything.
Extreme you say? Sure, maybe. But we've been burned so many times, yet we still say things like "oh but its convenient". That simply means most people dont care or dont have the time to deal with it, which is fair.
I don't blame them, in this day and age, we have PLENTY to worry about, other than our online privacy and anonimity.
Personally, I've went with the scorched earth approach. Foss, privacy respecting, self-hosted, encrypted. If I don't have control of it, I will keep it in a different place than the things I have control over.
Unfortunately, for most, this comes at a very large technical overhead. Frankly, I don't see other ways forward. Look at france, sweeden, UK, they all want backdoors and the encryption keys to everything.
The way forward will be trustless, self-hosted services. The next steps are to simply lower the technical bar, because even as a skilled engineer, sometines I hit my head against things that need a serious amount of figuring out.
Making these services easy to host and use would be amazing. Trust nothing.
Not to be a doomer, but it feels like the skill floor to protecting my privacy is unbearably high and getting higher. Does anyone have a good resource about it?
Just do one thing at a time. Here's my general process:
- switch email, and forward everything from the old one to the new one (I use my own domain name, but paid hosting)
- get into self-hosting, and slowly replace services I use w/ self-hosted ones
- get friends and family to switch to privacy-friendly services to communicate w/ me
And so on. Just do one thing at a time, and continue until you're happy with it.
convincing people to switch the hardest part
Yup, but it's possible if you get them one by one. They can keep their old stuff, just use the new one with you.
Rifles.
I have to ask: what are you going to do? Shoot Facebook? Snipe iCloud?
Start blasting Google?
Pretty sure a rifle is in no way a useful tool for any sort of online privacy.
If there was ever a time for a “touch grass” comment this would be it.
Not very private to put your name on a government list of gun owners.
That's not needed in my state.
Not everyone here lives in your state
I was suggesting the OP may live in a similar state, using mine as an example.
The assumption was: buying a gun = registration in a government database. That's not a valid assumption, so I provided a counter example.
It's a valid assumption in my state.
Not everyone here lives in your state
No, mostly because the main tenet of data security is that nobody should ever be trusted - not fully, at least.
I believe it's phrased, Trust AND Verify.
Trust but verify, if you're using the Russian axiom.
I wasn't aware of the Russian origin of the axiom. And it's been quoted to me, and I use "trust and verify." I see from wikipedia that it's a Russian proverb in Russian: доверяй, но проверяй, romanized: doveryay, no proveryay.
https://en.wikipedia.org/wiki/Trust,_but_verify
I guess I'm neither a good Russian, nor a good Reaganite. Not in the least bit surprised to know this about myself.
I'm neither Russian nor a big fan of Reagan, but I do like the proverb.
Aren't we supposed to be checking the code?
Just make sure that when you uncheck all telemetry and don't use an account, they don't send your personal data. Its open source so it should be verifiable. You don't need to "trust" them if there's no data being sent in the first place.
I suspect the codebase for modern browsers has gotten so incredibly complex that it's become difficult to audit for most people. But you're right