New to Lemmy. A privacy advocate. Interested in number theory.
Generally, votes are overrated. Especially if you’re not mainstream, by definition most people won’t support you, won’t agree with you, won’t understand you.
Some things may be downvoted because they’re too stupid. But occasionally, you might be downvoted simply because you’re a bit too early. Like, if you’d said “being gay is not crime” or something 50 years ago, you might have got downvoted… Just a thought.
Maybe what you’re thinking is like an XMR version of Bisq’s “Get your first BTC” room?
https://bisq.wiki/Getting_your_first_BTC This dilemma is real and understandable, while it’s not clear what would be the best solution:
For new users, Bisq requires between 0.002 and 0.007 BTC for traders to make their first trade: […] It can be difficult for new bitcoiners to acquire their first coins, so this requirement is often a barrier for new Bisq users. The Get your first BTC room offers one possible way to get this initial bitcoin without signing up for a centralized exchange.
Basically the same thing for Haveno, I guess.
According to @azalty@monero.town, Cake Pay works fine if you’re fine with KYC, and otherwise you may just lose your money: https://monero.town/post/872283
If you’re a privacy advocate not fully supporting KYC but want to try this anyway, then try a small amount, because you may lose all your money. Another recent option is more privacy-friendly and KYC-free, but the fees are higher with them.
Tor Browser is planning to remove Google from the search engine options a user can choose: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41835
There some say brave onion + no JS is good: https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/
Mullvad team seems to be considering 4 possible options:
PS: Not disgussing ddg / ddg onion too much, basically because ddg is the long-time default search engine of TB. Most TB users assume ddg is a decent, standard, generic option, esp. its non-JS version.
I have a Bitcoin joke, but the fees are too expensive to deliver it
I vaguely remember I had a Tails joke, but I seem to have amnesia.
While technically a safe exit doesn’t imply a safe entry and also some might argue that I2P is better, this is good news, helping redefine the public image of Tor—it’s not shady, darknet (hidden services) and privacy tools are not for criminals, but important for everyone. That is so obvious for privacy advocates, but many people see things from the wrong perspective, saying, “I have nothing to hide.”
Agreed. It’s an option worth considering (even EFF said so)—in fact a bridge itself could be run by something like Team Cymru (Augury), removed in TB v11.5.4. On the other hand, a VPN could collaborate with “them” so you’ll have to trust them… adding yet another unknown.
There are many ways to de-anonymoze Tor users indeed. Like Keystroke fingerprinting or Deep Packet Inspection… Usually a local ISP is not a big problem but it depends. The fact remains that even in a country with heavy Internet censorship, currently a nation-state can’t block Tor (via Bridge or Snowflake).
Also, one should consider using Bridges (obfs4), so that your local ISP may not know you’re on Tor. Tails suggests that too. Using a VPS is not necessary a best option for that, though it might be a good option under some situation.
Actually, Proton + your local key = don’t work very good. Usually you’ll have to use a key pair generated by Proton—sharing your sec with the provider is not good.
Nevertheless, Proton is 100 times better than Google to be sure. Those who are trying to ditch Google, Proton and Tuta are two good options to consider, also recommended by PrivacyGuides. For those who had ditched Big Tech and now starting to wonder if Proton is okay… that’s a bit tricky, still I say Proton is nod bad. I had recommended Proton to my friends until the French activist incident, followed by a few more bad incidents. Yet it’s understandable that Proton must obey it if they get a valid court order… If you’re a normal, daily user, Proton is good enough (if not the best), albeit a bit overpriced.
Not a recommendation but I too trust Disroot pretty much. You can get a custom domain there without “buying a paid plan” once you make a donation. Would that be an option for you?
Using multiple providers (having multiple accounts) is a good idea, though. Don’t put all the eggs in one basket. I’ve never heard the two providers you mentioned, so I can’t tell. If you can sign up anonymously via Tor, if they’re Google-free + not behind CF, and (most importantly) if you feel them “good” (subjective but gut feeling…), I think they’re usable.
If their support use PGP, that’s a good sign too. (Proton even doesn’t share its pub key iirc.) If they also accept the privacy coin like Disroot and Tuta do, that’s nice too. Ultimately, though, believe your gut feeling, because everyone has different priorities, different threat models, etc.
While doing this is generally not recommended, EFF does indeed suggest this option in some context: https://ssd.eff.org/module/choosing-vpn-thats-right-you#things-to-consider-what-vpns-don-t-do
Don’t worry about e2ee: Even if you get the most expensive plan from e.g. Proton, it’s not e2ee unless both parties use Proton. There is a free, “easy” way to realize true e2e: OpenPGP in Thunderbird (convenient), GnuPG (more secure), etc.
As for mailbox.org: I used it before but it showed Google reCaptcha, which was an obvious red flag:
cf. [Security and GDPR Issue] ProtonMail includes Google Recaptcha for Login, every single time. #242
Also, technical score of mailbox.org has been relatively low, not improving: https://internet.nl/mail/mailbox.org/1080449/ (Don’t worry too much about this score, though. It’s only technical; human factors (philosophies, trust, etc.) are more important when it comes to privacy.) This is not a recommendation. DYOR; ultimately, believe your own intuition.
If you mean this article on Wired itself, it’s not pay walled, though annoying. Click the V (chevron) to hide the Subscribe Now thing.
Or if it’s indeed pay-walled in your area, open it via Germany by search this -> https://metager.org/meta/meta.ger3?eingabe=A Controversial US Surveillance Program May Get Slipped Into a ‘Must-Pass’ Defense Bill
find the article, and use the “OPEN ANONYMOUSLY” link. Many annoying things will be filtered too.
Confusing but the official site is not monero.com but www.getmonero.org, where you can see the full list of officially suggested wallets. Official GUI is a safe option. Feather is also good, Electrum-like.
Cake (Monero.com) is one of the suggested options too & is popular, but certainly not “most private“. With Feather, you can do everything over Tor, more privacy-friendly.
Most Monero users only use non-custodial wallets; so they just say “wallets” meaning that. Technically running a local node yourself is the most secure & private—though this option is not for everyone.
The monero.com domain has been taken by a for-profit company, Cake. The Monero community is not wealthy (nor motivated) enough to buy it back.
Let’s say I’m selling you a book B and accepting a crypto payment. What if you sent me your crypto C trusting me, but I exit-scammed, vanishing without sending you B you’re trying to buy? That’d be bad. But what if I sent you B first, trusting you’ll send me C as soon as you receive B? Now you could cheat and vanish without paying. That’d be bad too.
To prevent any of those things from happening, there are a few methods. One is a 2-of-3 escrow service. Another is 2-of-2. Both based on multisig. A simplified example follows.
The book costs you 100€. You’ll send, say, 200€ to address A controlled by both you and me via multi-signature. I too will send 100€ to A. Now Wallet A has 300€. When 2 persons (you and I) sign, there will be a 2-output transaction from A to you (100€) and to me (200€), but any single person can’t move fund from A. That’s multisig.
Now I must send you the book in a good condition, because I don’t want to lose my 100€. So I’ll act carefully and honestly, and sign when I ship the book. You too will be willing to sign when you receive the book, because otherwise you can’t retrieve your 100€ (you deposited 200, when the book only costs 100). Sometimes an unexpected accident may happen, but usually something like this will work pretty well. This is one way how a P2P platform works (not very accurate, but I hope you get the idea).
You’re right. Use a centralized exchange (CEX), and you’ll be KYCed and de-anonymized. That’s why most privacy-coin users prefer DEX. For normal persons, if privacy is important, using anonymous gift cards or prepaid credit cards, which you can easily buy without ID, is more practical, much better than KYC’ed crypto.
If you can somehow get KYC-free coin, maybe from DEX, i.e. if you can get it personally from your friend or peer without showing ID etc., then and only then, you have real private crypto. There are two popular ways for this (Bisq and LocalMonero). Another option called Haveno is hopefully usable soon, but that is still iffy.
Using DEX is not essentially difficult, much safer than you might imagine due to a mechanism called multisig, but maybe this option is not for normal people. When you feel experimental, you might want to try to buy a small amount via DEX, to see what it’s like. If you’re a popular programmer or artist, accepting donations in crypto is also an easy way to get no-KYC coin. Another option is p2pooling—you can get a few Euro worth of XMR relatively easily; yet this last option is time-consuming and not very effective. Many of p2pool users or full-node people are privacy-advocating volunteers, maintaining/participating the Monero network for philosophical reasons, fully aware it’s not profitable in terms of money. This might be part of the reason why Monero tx fees are almost zero (like 1/100 of that of BTC). At the same time, there are many sketchy people around crypto too 😟 Be careful and stay safe!
For those who are still on Win 7: Firefox (and so Tor Browser) will stop supporting Win 7 soon. Seriously, you better plan to migrate to Linux. Not-so-good privacy issues aside, everyone knows Windows is not very secure/safe/convenient anyway.