I've heard of these but haven't given them a long look. What is it about mullvad or librewolf that people prefer over Firefox?
Thanks. I currently use hardened Firefox (Arkenfox) and yes I do use unlock.
Newb question: what does it really mean when I click "Reject Nonessential Cookies"? Am I really being any more private by rejecting these? Just feels greasy like it's a workaround for websites to get my information anyway? Should I navigate away from any sites that suggest this cookie configuration?
If you don't think Mozilla cares about your privacy anymore, yet you use Qwant, you're probably not going to want to hear that the two partnered up last month.
I've been using Startpage with positive results.
There's also hardened Firefox solutions.
I second Proton... I love 'em. I use them for email and VPN. I always have a hard time putting all my eggs in one basket though, and try to avoid using any one ecosystem for all my organization. For example, I use an offline app for my calendar, and a self-hosted home solution for file management.
Great to see another person giving the one finger salute to big tech. Not sure about your ideas on Apple respecting your privacy though - they haven't given me that impression but maybe I'm misinformed.
After your post I did some digging and indeed it does appear as though Parrot OS can be installed through UTM. Thanks for the heads up!
Is SELinux enabled by default in Fedora? I've tried researching it but everyone seems to be wanting to do the opposite and disable SELinux (presumably because it restricts ease-of-use)?
I've looked at this and would love to but as is my (limited) understanding, Qubes is next to (if not entirely) impossible to implement on Mac M1
Thank you. Again, excuse my ignorance but, I don't see Parrot on the UTM list... Can Parrot be loaded on top of one of those OS's? Or are you suggesting Parrot in general, regardless of UTM's capabilities?
I'm new to the cyber-security/privacy space. I am interested in teaching myself about it, as well as dabbling in OSINT and general linux-type-stuff too. ATM this is all a hobby so while it is not crucial to have everything air-tight, I would like to do my best to follow best practices.
That being said, I am currently using a Mac M1 so my VM capabilities are (AFAIK) limited to the OS's provided by the UTM virtual machine software. For those who are unaware, the OS's they provide can be found here:
https://mac.getutm.app/gallery/
From a security/privacy perspective, which of these OS's would you consider to be the most secure or, able to be the most secure with configuration? At first glance and with my limited knowledge, I want to say Kali, but I feel this may be cliché as it's what your stereotypical-hacker-type would use.
Any guidance would be appreciated.
N.B., ease of use/convenience is not a top priority for me, as I'm using this as a learning experience and I'm open to trying different things and making mistakes along the way.
Thanks!
***EDIT: Thank you to all who provided information. I learned a lot. I've decided to try a few different distros that work with UTM namely, Parrot OS (both home and security editions for different purposes), as well as Kali and Debian.
Is there a logistical/technological reason why I can register for a protonmail account on my desktop without issue but when I try on mobile it tells me "there has been suspicious attempts from your server and we have stopped sending new codes"?
GrapheneOS on mobile MacOS on desktop Both running through protonVPN
Valid point. I do prefer the UI with Proton, I find it nicer to click through. Also, Tuta usually makes you wait 2-3 days before you can use it - not a big deal really, unless you're trying to sign up for something new.
I don't know if what I do is the right way around this but, as stated Proton will reject disposable verification emails and you cannot use another proton account to verify a new one.
My workaround for this is to verify proton with a Tutanota account which is also created with as little to no identifiable information as possible.
TLDR: Proton accepts Tuta emails for verification and Tuta emails can be created anonymously.
You say you use ProtonPass with a free Proton account? Do you know if they have a limit for creating these new emails? I've seen ProtonPass advertised but I just assumed it was a premium feature. When I say its tedious, its because when I create new ProtonMail accounts you first have to verify it with another non-Proton account which I find a bit annoying as I dont use services like Gmail etc , but more importantly, Proton has been blocking signups on newly created emails (if you just created the email and then use it to verify a service sign up it gets blocked).
Perhaps I haven't used it to its full capacity but, I have a free proton account and I still have access to simple login
I used to use Protonmail, however the verification steps become tedious when creating unique emails for sign ups. I've switched to Tutanota despite it contravening their one account policy. What do you all use for one off emails (for sign ups etc )? Or do you prefer one of those 10 minute email sites?
Thanks for the info. You'll have to forgive my ignorance as I'm not super well-versed but, I was of the impression that alias software like anon and simple login were more for avoiding spam and unwanted emails from sign ups. Is it also effective as a security tool?
Does it make sense to have separate emails for each individual financial account (banking, credit cards) or is that overkill? I'm just thinking that if a hacker got access to one email they'd have all account information?
I was referring more to ID required for the sim card set up but, you bring up a good point, there will always be video surveillance. I'm also looking at this more from a privacy perspective, and less from a secrecy or detection perspective so I have no real concerns that a government agency will be trying to track me down.
Where I am, its perfectly legal to purchase a one time sim card. You can walk into the corner store, purchase a prepaid visa (with cash), and buy a sim card (with cash) at the same store. You can then go online, enter the sim card number into the site, add your prepaid visa as payment and whatever details you want. I've done it before and there is no ID verification whatsoever - I literally put in John Smith and it worked... As long as they have payment up front, I guess they don't care. If I'm just using it for one time account verification, I'm not really worried about keeping the sim card long term.
I've tried a few of the SMS services online now. They either don't work or are paid. I don't mind paying for the service but I find it tedious and cumbersome.
Wondering if perhaps a prepaid sim card paid for using a prepaid credit card would do the trick? I've used prepaid sim cards in the past and was able to get one without providing any real information on myself.
Possibly, but other than that there aren't any real verification steps when entering info to create an account (you can just add bogus info).
If there is a phone number required, I have used burner numbers in the past which may work.
I use GrapheneOS ony phone and a Mac with the security options as optimized as possible. For most of my emailing etc, I use Tuta and Proton. There are instances however, where having a Google account is beneficial (some apps for example won't download from Aurora store in anonymous mode).
Is it advisable/possible to create a dummy Google account with minimal ID/credentials? And if so, what are some best practices for doing so?
Or, do I resign myself to the fact that with more control over my data, I have to sacrifice more?
I feel like this may be a bit of a counterintuitive question considering Graphene's privacy features but, is there a way to remote erase or find my phone with GrapheneOS in the event the phone is lost?
I'm currently running Grapheme OS on a pixel. One thing that I've had trouble finding is a secure video chat option. I'm assuming that its because such a thing in a secure environment is hard to come by / impossible.
The only options I've found are things where you must self host like element etc. Is this the only way?
I realize there may be nuanced answers to this question that I may be overlooking as I'm still relatively new to online security/privacy so I apologize in advance if this is a moot question.
This argument (to me at least) assumes that the other 4 non-voters would have all voted for ice cream which, by just using basic logic, is false. If 3 out of 5 have already voted to drive off a cliff, one has to assume that at least 2 of the remaining 4 would also vote to drive off a cliff. Now this argument is back to square one... How do we find a solution which doesn't give 'driving off a cliff' as an option in the first place?