Brave browser ≠ Privacy. big big sigh... (also in the news: IceCat rocks;)

[CoffeeFiend]

I loaded Brave when I was using Ubuntu. I honestly used FireFox more, but didn't really find any fault with Brave. I think I will load it back up on my new Mint install. I don't have a Facebook or Twitter account, so what they are doing doesn't affect me. Sorry to be "that guy". But I am all about trying different browsers, so I will definitely give IceCat a try too.

[Moem]

I don't have a Facebook or Twitter account, so what they are doing doesn't affect me.

Shadow accounts are a thing. Facebook follows you around the Web, whether or not you have an account.

[CoffeeFiend]

Good point. Will update the block list when I get home.

[redlined]

I don't have a Facebook or Twitter account, so what they are doing doesn't affect me.

Shadow accounts are a thing. Facebook follows you around the Web, whether or not you have an account.

+1 to that... Data collectors don't much care if they don't know exactly who you are at time infos are gathered. It all goes into database and connected with other infos about same unknown as much as possible, waiting for the day to arrive when they determine exactly who someone is by connecting datas to some authenticated account, if learned.

so I will definitely give IceCat a try too.

lol, I like your style IceCat can be a rPITA though (I recently heard it as 'used by hard-boiled idiots' (I'm guilty of that too
one of the packaged addons I had to disable Searxes 3rd party blocker, really couldn't go anywhere on the web with that one it seemed, which sucks because I also cannot install Disconnect addon... Otherwise I find I like LibreJS more than no script even and all my other must have addons (privacy and controls mostly) work fine. It is also 60.3ESR base, and missing something I really want from further firefox dev, v64+ where encrypted SNI support was added.

Waterfox is another to consider, Moem's preferred if I recall correctly, and highly regarded by many. If I grow tired of IceCat then it is next on my list. If I venture into chromium land again I will start by look at chromium-ungoogled (failed last time I tried it), or will look for something that does not compromise it's own stated principles of privacy by circumventing blocks for trackers by internally whitelisting data brokers/lovers like facadebook and twitter (which is what Brave has done and they will never have my trust for doing it, just once...

[Faust]

.....

+1 to that... Data collectors don't much care if they don't know exactly who you are at time infos are gathered. It all goes into database and connected with other infos about same unknown as much as possible, waiting for the day to arrive when they determine exactly who someone is by connecting datas to some authenticated account, if learned.
.....

That is a vital point .

Many folks don't realize that a person's " meat-space " name is often irrelevant in the world of data-harvesting .
Collation is everything to companies in that business and even if they don't have the full name of "Person X " ,
they already have all they need to sell " the product " for targeted ads etc.

In security circles , the word around the campfire is that Facebook have the world's best cross-referencing algorithms ,
written in-house and probably better than the tools used by the various TLAs ..... or maybe they are the same
They are certainly going to be paying much higher wages to top coders , compared to what a government job could offer .

In data-structure theory , there is the concept of "fully-inverted files " .
If a file ( or data record ) is indexed on every possible data field , the original file is redundant and can be thrown away ,
it's the cross-indexing that is important .

I think there's a similarity to the situation with Facebook , Google etc. , and as you say , the person's name can be added
at anytime later if they come happen to come across it . They have no need to search for it right now .

[Mintymandy34]

Hello redlined.

Good insight.
I respect your privacy concerns and the security measures you take.
It would be nice to have a comprehensive list for applications, OS, services, .etc to use.
I'm just starting with these and I'm already lost, so much info, but little coherence.
One month one browser is the most secure, next month, we know it's leaking a lot.

It would be nice if you could provide some articles here or direct me to some good privacy guide websites that enlist all the things to do and not to do.
And things you use or prefer for the security measures.

Thanks for this post, this question was bouncing inside my head from the day you first mentioned about privacy.

Thank you.

[redlined]

hi Mintymandy34!

BLUF (bottom line up front:) I'm a disheveled mess of lessons learned since early-mid90s when it comes to considering security and privacy in the computing world. Trust nothing, question everything, also stay curious, open, and genuinely observe and listen.

After that, ima mashup of being a part of early (then matured) military computing practices and those directly related processes, combined with computer security, privacy and encryption focus (re: enthusiasm) as a personal user @home. Up until 2008 or so I was very active in a smallish nntp based newsgroup that had splintered off from a very large (and still very popular) group that just became more oppressive the more popular it got so a group of us took the challenge "if you can do it better"... and we did (imnsho

Some formal training (and OJT) I received while in the military helped, as did other leadership tasks I had to use for those 2 decades of service, including formal processes for risk awareness and control measures to identify then reduce, mitigate or eliminate risk (where risk management worksheets became the status quo for anything done, from first line supervisor level on up to high level commanders. This experience imprinted best on my brain). After that it mashes back in with operation planning (basically brainstorm, list courses of action, select best course of action, execute). Combined with (my military EO (equal opportunity) training and focus) what privacy really means in modern interwebbed age, to me, it is a discriminator at it's best and a super short hop from tailoring ads (fingerprinting you online to categorize you) to social credit new world order (happening now!) China level chit; just begging to merge that datas with databases from TLAs and all the hype and jazz from 9/11 aftermath the public bought, lock stock and barrel... and somehow it all makes sense in my brain as I use those processes to "vet" anything and everything.

For determining and mitigating computing risks I listen to voices I trust and have a few that I've been subscribed to for 10 years or more (haven't really added any source subscriptions since 2008, but do have a short ton of links to sites I check in on every so often).

My trust list subscriptions:
Bruce Schneier Crypto-gram monthly newsletter and blog (and his books, he's very well written and can take modern threat at global scale and dumb that down for what it means (or could mean) to Joe/Josie-user. Secrets and Lies, Liars and Outliers, Data and Goliath, and his most recent Click Here to Kill Everybody really helped me wrap my head around both perceived risks and actual threats. He is the Chuck Norris of Computer Security&Privacy (in my universe;)
SANS Institute (whom I've received formal training from them and Center for Internet Security, while in military and did also separately pursue from home over the years) I sub to 3 of their lists, newsbites, @risk (Ouch! is a good monthly email that I was sub'd to because it is written in a manner to enable even computer challenged folks understand better some of the threat out there, eg. something i can (and did;) forward to my mom, sisters and couple friends- until they told me they subscribed;-)
EPIC Alert is real good!
IEEE Security and Privacy Cipher newsletter another from my awesome list
EFF newsletter

This very small list represents the best of what I use to keep my ear to the ground... then an easy dirty 2-3 dozen persons/blogs I perv on, many department heads/college chairs that have community wide established cred and more awesome resources and sites linked to there as well many from the anonymity and circumvention techniques club.

After all that it seems much simpler to separate wheat from chaff, vet minimal enough to make better informed and consenting decisions (and recommendations), and determine validity, honesty, and solid theory and/or fact when consider risk and threat vs convenience and usability.

tldr version, I hang out with smart people and listen

[Mintymandy34]

tldr version, I hang out with smart people and listen

I read the whole thing, my mind is currently trying to digest all the things you have said.
I think, I can assume those smart people are a little deeper in your list.

BLUF (bottom line up front:) I'm a disheveled mess of lessons learned since early-mid90s when it comes to considering security and privacy in the computing world. Trust nothing, question everything, also stay curious, open, and genuinely observe and listen.

After that, ima mashup of being a part of early (then matured) military computing practices and those directly related processes, combined with computer security, privacy and encryption focus (re: enthusiasm) as a personal user @home. Up until 2008 or so I was very active in a smallish nntp based newsgroup that had splintered off from a very large (and still very popular) group that just became more oppressive the more popular it got so a group of us took the challenge "if you can do it better"... and we did (imnsho

Some formal training (and OJT) I received while in the military helped, as did other leadership tasks I had to use for those 2 decades of service, including formal processes for risk awareness and control measures to identify then reduce, mitigate or eliminate risk (where risk management worksheets became the status quo for anything done, from first line supervisor level on up to high level commanders. This experience imprinted best on my brain). After that it mashes back in with operation planning (basically brainstorm, list courses of action, select best course of action, execute). Combined with (my military EO (equal opportunity) training and focus) what privacy really means in modern interwebbed age, to me, it is a discriminator at it's best and a super short hop from tailoring ads (fingerprinting you online to categorize you) to social credit new world order (happening now!) China level chit; just begging to merge that datas with databases from TLAs and all the hype and jazz from 9/11 aftermath the public bought, lock stock and barrel... and somehow it all makes sense in my brain as I use those processes to "vet" anything and everything.

For determining and mitigating computing risks I listen to voices I trust and have a few that I've been subscribed to for 10 years or more (haven't really added any source subscriptions since 2008, but do have a short ton of links to sites I check in on every so often).

Good experience, thanks for sharing.

My trust list subscriptions:
Bruce Schneier Crypto-gram monthly newsletter and blog (and his books, he's very well written and can take modern threat at global scale and dumb that down for what it means (or could mean) to Joe/Josie-user. Secrets and Lies, Liars and Outliers, Data and Goliath, and his most recent Click Here to Kill Everybody really helped me wrap my head around both perceived risks and actual threats. He is the Chuck Norris of Computer Security&Privacy (in my universe;)
SANS Institute (whom I've received formal training from them and Center for Internet Security, while in military and did also separately pursue from home over the years) I sub to 3 of their lists, newsbites, @risk (Ouch! is a good monthly email that I was sub'd to because it is written in a manner to enable even computer challenged folks understand better some of the threat out there, eg. something i can (and did;) forward to my mom, sisters and couple friends- until they told me they subscribed;-)
EPIC Alert is real good!
IEEE Security and Privacy Cipher newsletter another from my awesome list
EFF newsletter

That's some list, will try them all eventually.
Is there a way to add them all to my feeds list?
I've added all of them except IEEE Cipher.
I mostly use Feeds and rarely use mails for security reasons.

This very small list represents the best of what I use to keep my ear to the ground... then an easy dirty 2-3 dozen persons/blogs I perv on, many department heads/college chairs that have community wide established cred and more awesome resources and sites linked to there as well many from the anonymity and circumvention techniques club.

After all that it seems much simpler to separate wheat from chaff, vet minimal enough to make better informed and consenting decisions (and recommendations), and determine validity, honesty, and solid theory and/or fact when consider risk and threat vs convenience and usability.

Would like to have your other recommendations too, but in time.
I'll go through all these first.

Thanks for this informative post, I didn't expect anything less.

If you don't mind, I would like to ask a question, a question about you, from the yesteryears.
This is a bit personal.
I was thinking to ask here, but now I'm choosing not to.
It's relevant, but personal, so I'm not sure if this is really the right place to ask you.
Anyways, have a great time and thanks for this.

[redlined]

hiya Mintymandy34!

appreciating your discretion I'll add alternatives for comms (I'm well behaved in pm and chat via tox/qtox, I think I fixed my broke qtox profile finally, address is in my forums profile)

btw, cool avatar- noticed it my previous reply. I want one now

edit to add: forgot to address this:

That's some list, will try them all eventually.
Is there a way to add them all to my feeds list?
I've added all of them except IEEE Cipher.
I mostly use Feeds and rarely use mails for security reasons.

I haven't used RSS in a long time so not exactly sure about setting up any/all of them. The cipher list is admin approved, iirc... but you can read thru current and past issue archive

[Mintymandy34]

appreciating your discretion I'll add alternatives for comms (I'm well behaved in pm and chat via tox/qtox, I think I fixed my broke qtox profile finally, address is in my forums profile)

PM for now, will do.
Qtox then on, I'm yet to learn that.

btw, cool avatar- noticed it my previous reply. I want one now

Thanks.
I don't think you can have it, unless you're into surgeries.

I haven't used RSS in a long time so not exactly sure about setting up any/all of them. The cipher list is admin approved, iirc... but you can read thru current and past issue archive

Thanks.
And PM coming your way.

[redlined]

Qtox then on, I'm yet to learn that.

phd21 has made installing qTox simple as run a script (I've built it a few times using this script with one mod, changed make install to checkinstall which is largely unnecessary as phd21 did an excellent job ensuring dependencies are covered and build works as expected I just prefer to use checkinstall tool over make for that final step.

see this thread: FYI: qTox (Qtox) secure multimedia messenger installation phd21 keeps the initial post updated with new info and the script to run, so refer to initial post for current infos on it.

edit to add qtox also has an appimage available:
https://github.com/qTox/qTox/releases

[Mintymandy34]

Qtox then on, I'm yet to learn that.

phd21 has made installing qTox simple as run a script (I've built it a few times using this script with one mod, changed make install to checkinstall which is largely unnecessary as phd21 did an excellent job ensuring dependencies are covered and build works as expected I just prefer to use checkinstall tool over make for that final step.

see this thread: FYI: qTox (Qtox) secure multimedia messenger installation phd21 keeps the initial post updated with new info and the script to run, so refer to initial post for current infos on it.

edit to add qtox also has an appimage available:
https://github.com/qTox/qTox/releases

Thanks, that's really great.