If this works, that’s very interesting and potentially very useful.
That’s a good point. One of the two biggest weak points of a so-called e2e provider/platform is, the e2e provider itself.
The only true e2e is e.g. Alice does gpg -ea on an offline computer, copy-pastes ascii and sends it to Bob via an online computer, who copy-pastes this ascii to his offline computer and does gpg -d there. Their seckeys are airgapped from the communication channel. Sharing your sec with a provider is especially ridiculous (e.g. Proton). At least that’s what I think.
@ride I know the background: this info could be very useful, and you commented, “Even if not directly Monero-related, this draws attention to the community when such contributions come from here.”
The problem is, !privacyguides@lemmy.one has a different set of rules than Monero.town does, explicitly stating:
This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
Hence, as you can see in https://monero.town/post/1085883 (you double-posted the same thing, too), a negative comment about this:
I feel like this might count as self-promotion, given it’s mentioning a particular website, their GitHub, their running service, etc. Regardless, it is informative
@LWD@lemm.ee is not “childish”, even stating “it is informative.” But even if this post may be useful, we should follow the rules of !privacyguides@lemmy.one when (cross-)posting here; otherwise, Monero.town may look bad.
Leave it to the cryptocurrency people to turn a simple tutorial into an ad.
I’m from the same Lemmy instance monero.town (technically a mod?) and can see your point. Initially I was vocal about perceived link-spamming, advertising this SimplifiedPrivacy thing; at least a few users there were/are feeling the same way, as you can see e.g. here. So please don’t lump crypto (esp. Monero) users as a single kind of people.
Like @leraje@lemmy.blahaj.zone pointed out, some of info provided by this user (ShadowRebel) can be useful. Perhaps some people prefer a video to text. Monero users tend to respect freedom (of speech) and advertisement is not forbidden in Monero.town anyway. Perhaps you can understand that this does not mean “the cryptocurrency people” are the same.
You’re basically using Kuno to attract potential VPN customers? That could be an interesting, new business model. Some marginalized people can get humanitarian help via Monero, while these supporters (Monero users) are likely to be interested in privacy, so they might buy your VPN service. In theory, this could be win-win-win :) A good potential.
On the other hand, it’s rather obvious that you’re not one of us, not someone privacy-aware. You can read some discussions about Kuno here:
Use Cloudflare (while saying “We protect your privacy”), and you’ll immediately lose 50% of trust. Additionally, the script via CDN in question is for Google Translation… 😓 Like this, perhaps a typical privacy advocate doesn’t even consider your VPN. The worst part is, you’re not even able to see the problem… If you were a privacy advocate, Google wouldn’t be even an option to begin with. (If you’re wondering why, perhaps you shouldn’t do VPN business.) How about LibreTranslate, for example?
Get rid of anything Google, and stop using CF (MitM) so that you might be able to rebuild credibility. Make everything Tor-friendly. That’s a minimum requirement for the “privacy industry”: even something rather iffy like Proton has a token onion. I also suggest you be transparent about Kuno. Make it clear it’s zero-fee because it’s there as a promotion for your VPN business. Such transparency doesn’t make you look bad. On the contrary, people may trust you more, if the reason why it’s zero-fee is not hidden and people behind it are honest.
Kuno could be a great website—it has already helped a few people. Some of us were even saying (thinking) that we were willing to make donation to Kuno itself (not buying your VPN, but we could send you XMR anyway “for free”). Still, I hope Kuno will become somewhat more privacy-aware, so that a typical Monero user feels comfortable with using it. Thank you for reading.
The SimplyTranslate front end has many languages, translate engines selectable: Google | DeepL (Testing) | ICIBA | Reverso | LibreTranslate. Some instances are Tor-friendly, even onion. The project page seems to be https://codeberg.org/SimpleWeb/SimplyTranslate
Refusing to use Google is just common sense. LibreTranslate itself is decent (at least not Google), except a website hosting it may have some opaque JS or Google things (Font, Analytics, TagManagers, etc.)
Either way, translation can’t be super-private in general. For example, if you use it to write a private message or love letter in a foreign language… even including real names and physical addresses…
Also, metadata like “a Danish-speaker is reading this German text about X” can’t be hidden, and if the language pair is uncommon and/or if text to be translated is specialized (not generic), the engine provider may easily guess “this request and that request yesterday may be from the same user”, etc. if they want to. A sufficiently powerful “attacker” might de-anonymize you, helped by other info about you, already gathered. In practice, maybe not a big concern, if you’re just translating generic, non-sensitive text, not showing your real IP, and clearing cookies frequently.
Just fyi: recently EFF is creating Privacy Badger browser add-on and GNU also has LibreJS. They’re technically not ad-blockers, though; apparently a tracker-blocker and a non-free-script-blocker, respectively.
kuno.anne.media started hosting this VPN’s ads, since around the end of October, 2023, also blatantly calling /cdn-cgi/apps/head/ (trying to installing some CF app(s) via .js if your browser is lenient).
Not sure which is better: zero-fee idealism + ad-supported (implicitly selling some info) vs. low-fee realism + ad-free
Thunderbird doesn’t passphrase-protect your PGP key. Though you can set a general password… For something less important, its OpenPGP may be convenient, given that if you send/receive email normally, there is metadata problem anyway. But if you need to play it safe, you may want to use gpg offline and paste ascii.
Increasingly more and more “phoning home” is not exactly comfortable, either: thunderbird-settings.thunderbird(.)net location.services.mozilla(.)com addons.thunderbird(.)net versioncheck.addons.thunderbird(.)net services.addons.thunderbird(.)net, etc. Perhaps people today, both users and developers, feel something like this is normal, because things were already more or less like this when they were born.
Re: Micro$oft - It might be that after raped by Google, the society has been desensitized and stopped feeling anything about “minor details.” Why worrying now? You use a Windows 10 passport account (what is it called?) just to log on to “your own” computer and also a Gmail account anyway, right? So bad news is, your privacy is almost zero already.
Thanks for posting the pic! So this is the source of the quotes about the kidnapping incident.
The key point is, you have the choice.
This could mean two different things. 1) You have the choice to use XMR; draw your own conclusions. [positive implications] -OR- 2) Monero is not good; there is no option to freeze it. [negative implications]
PS: Happened to find a still-working privacy instance (Tor-friendly) https://nitter.oksocial.net/cz_binance/status/1723032911278960959#m and I’ll quote:
CZ 🔶 Binance The key point is, you have the choice.
Crypto Eagles I have no choice coz I am afraid of BANKS 😅 so i am all in $BTC
CZ 🔶 Binance It's a good choice. We are lucky to have it.
That might be a good point :)
Not a recommendation but I too trust Disroot pretty much. You can get a custom domain there without “buying a paid plan” once you make a donation. Would that be an option for you?
Using multiple providers (having multiple accounts) is a good idea, though. Don't put all the eggs in one basket. I’ve never heard the two providers you mentioned, so I can’t tell. If you can sign up anonymously via Tor, if they’re Google-free + not behind CF, and (most importantly) if you feel them “good” (subjective but gut feeling…), I think they’re usable.
If their support use PGP, that’s a good sign too. (Proton even doesn’t share its pub key iirc.) If they also accept the privacy coin like Disroot and Tuta do, that’s nice too. Ultimately, though, believe your gut feeling, because everyone has different priorities, different threat models, etc.