Just a heads up that the way you've started quoting text does work in the
mailing list making this very difficult to read.
> Nothing wrong at all. I just wanted to accent...
I think we basically agree here. I brought this up to explain why invoking
'freedom 0' was not effective in the Mozilla thread, and we're past that.
> Hence my idea about a new network.
This is probably worth starting a new thread over.
> You can also try wireshark.
Will do.
> That is in no way different from Ubuntu's case or from Mozilla's telemetry.
Yes, I avoid Ubuntu and Firefox as well. I use modified versions (Trisquel
and Tor Browser) by more privacy- and freedom-friendly developers. I would
also be open a similarly modified version of Chromium but am not aware of
one.
> Chromium does not send packets to any third party on startup.
Am I missing something? You filed a bug report because it does, right?
> Why are you more concerned about licensing while your browser is sending
packets to company X, Y, Z?
I am concerned with both. While software freedom and privacy are two
different issues, lack of software freedom makes it easier for software to
abuse its users, including by invading their privacy. I would be interested
to know what packets are sent from Tor Browser and how. If they contain no
identifying information and are sent through the Tor network then they do not
invade my privacy because the information has nothing to do with me and no
one knows it came from me. Of course, I would feel more comfortable with it
not being sent at all, but it's certainly not worth switching to Chromium
over.
I suggest that you approach the Tor developers as you have with Mozilla,
Google, and RMS. I can do it myself if you don't have time, but you'd be able
to do it much more quickly because you've already learned how to run these
tests and articulate your findings.
> Purism's phone...
> It is still not produced, so nobody can possibly evaluate it.
If the device connects to the cell network, we do not need to evaluate the
device to know that it will track you.
> But from what I know there will be complete hardware separation between the
modem and the rest of the system. So you can use it as a pocket libre
computer, hopefully without any coreboot or whatever firmware blobs,
otherwise it won't be much different from a Samsung + Replicant.
If they made a pocket libre computer with no modem I'd be fine with them
saying it doesn't track you. If it's a phone it does. Good modem isolation
can limit the amount of information that your modem accesses, but the modem
only needs to connect the cell network for you to be tracked.
> So basically the only tracking will be possible through the location of the
phone based on nearby mobile stations (which perhaps cannot be avoided if one
wants to talk to anybody).
...
> I don't but thanks for the info. What you describe is similar to Librem5.
No, it's completely different. I won't lengthen this message by explaining
JMP since you don't live in North America and the information won't benefit
you right now, but unlike what Purism is proposing, JMP requires no modem or
connection to the cell network. Purism's marketing for their phones hasn't
really been on my radar until now, but many people are already ignorant of
the issues with cell phones and Purism could do some real damage if they
spread misinformation just to sell their product.
> FB (and many other sites) won't allow you to sign up/in with a disposable
email address (they seem to recognize the domains).
As an experiment I tried making a Facebook account through Tor with a
disposable email address. It rejected the first domain I tried but accepted
the second one. However, it eventually wouldn't let me advance without
uploading a picture of my face, at which point I gave up. Anyway, the fact
that Facebook rejects some disposable email address is far from the only
reason to avoid Facebook. I avoid any site that prevents me from accessing it
anonymously.
> I can't find any site which gives disposable email without JS, so there is
still no possibility for complete untraceable anonymity
The one's linked to from the FSF use libre JavaScript. If you don't trust the
FSF's evaluation of the code, you can review it yourself or find someone who
can. JavaScript is a programming language like any other. Avoiding every
single instance of JavaScript is unnecessary. We don't need to avoid every
single instance of C just because some proprietary and/or malicious software
is written in that language. Unless the JS on those sites compromises
anonymity (which it might. I never learned JavaScript and have not audited
the code, relying on the FSF's judgement) it is not an obstacle to anonymity.
> So far I haven't found a single online service provider who can guarantee a
clean and completely tested system
Sure, really the only way to be certain is to use your own server. But if you
can't do that, some are certainly better than others. You're right that parts
of the FSF page are out of date. Here's some recent discussion of email
providers on this forum, if you're interested.
https://trisquel.info/en/forum/what-service-do-you-recommend-replace-openmailbox
https://trisquel.info/en/forum/posteo-vs-tutanota-vs-openmailbox
> we still need to communicate with the majority who use PRISMed services
and have no idea what end-to-end encryption is.
Totally.
> So considering the mid-man is always flawed (in one way or another) and
that end points are already infected, freedom/privacy for one's own computer
becomes a petty little affair.
If you are freedom- and privacy- focused you can greatly mitigate risk and
harm to yourself. The fact that we can't at this time perfectly solve every
problem does not make those actions petty.
> My previous comment was... Our current approach to security is through
isolation and isolation itself creates separate conflicting sides.
I basically agree with your point about isolation, but feel like it's a
stretch to apply it to what we are talking about. It comes across as if you
are trying to dismiss the importance of anonymity by arguing that privacy is
antisocial. I'm sure that this is not what you mean, since you obviously care
about privacy and it was the fact that Chromium and Firefox were transmitting
information that you wanted to keep to yourself that got you involved in this
thread.
> It is amazing how very few good designed sites are out there.
Right?! I see otherwise static pages that make navigation impossible without
JS by using cute buttons that look identical to an image with a link, because
why? You aren't getting your money's worth unless the web developer you hire
uses JS in your ugly webpage? You're afraid that if your page loads too
quickly people won't have time to emotionally prepare themselves to have to
click 8 more links to find the information they were looking for?
What I'd like is a browser that has no JS by default, and when you visit a
page with JS it says
"asshats.com would like you to install
- nonsense.js (proprietary license, no source code available)
- slightly-more-ethical-nonsense.js (GPLv3, view source code)
Would you like to install this software?"
That way sites wouldn't be able to control the narrative with crap like
"Whoops! we think you're a bot because you aren't letting us install
something on your personal computer. Maybe your browser sucks? Try installing
a *modern* browser like Google Chrome. Remember kids: don't jailbreak your
device and don't use encryption. Without us you wouldn't know what to buy!"
"Aw, shucks. I don't want to have an Incomplete Browsing Experience(tm).
Better enable this futuristic JavaScript so that Facebook can manipulate my
dopamine levels and more efficiently insert itself into my personal
relationships. I know, I know, but it's just so convenient!"
https://nonfree.news/2017/10/27/full-stack-developer-discovers-language-that-isnt-javascript
