|11 days ago||5 months ago|
|GNU General Public License v3.0 only||-|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
I know Privacy Guides is the new version of Privacy Tools, but even if so, do the recommendations (or at least most of them) in the old site still apply today?
1 project | reddit.com/r/PrivacyGuides | 30 Jul 2022
Signal isn't falling behind and Tox is an old service that has had issues with messages being spoofable since day 1
Shadiness in the Privacy Space: Jonah Aragon's (PrivacyGuides) Failed Attempt to Takeover PrivacyTools.io
5 projects | reddit.com/r/privacy | 2 Apr 2022
E2E encrypted voice and chat service similar to Discord/Slack?
2 projects | reddit.com/r/PrivacyGuides | 25 Oct 2021
You could use a Tox front end like qTox or Toxic. It is a fully encrypted end-to-end communication protocol that allows text, voice, and video chat. The github page for the Tox protocol has some useful caveats about the its security.
Tox: Decentralized and Encrypted Instant Messaging
6 projects | news.ycombinator.com | 5 Oct 2021
It links to a bug report discussion where one of the developers states that they don't understand the security properties of tox very well.
I find that worrying.
Why developers use IRC instead of XMPP?
1 project | reddit.com/r/i2p | 28 Jun 2021
They're vulnerable to Key-Change-Interception attacks in a case where a key is stolen from somebody who you're already contacted with. That's a pretty big "if" for people who's concern is dragnet surveillance and not targeted surveillance. https://github.com/TokTok/c-toxcore/issues/426 Also up-to-date Tox clients have a fix for it, apparently, looks like they're holding off on closing the issue until every official client has the fix.
Is using Signal through Tor bad opsec?
1 project | reddit.com/r/privacytoolsIO | 13 Jun 2021
Tox is experimental and has very concerning issues.
7 projects | reddit.com/r/privacytoolsIO | 12 Apr 2021
Ouch! Yeah, that was around the time I tried out Tox – did not know about this, though. It's been four years since they were made aware of that crypto hazard, and it seems they have eliminated it.7 projects | reddit.com/r/privacytoolsIO | 12 Apr 2021
3 projects | reddit.com/r/privacy | 28 Feb 2021
Tox has experimental crypto and major vulnerabilities. I wouldn't recommend using it and expecting reasonable security.
aTox 0.6.0 released (and aTox is now also available on F-Droid!)
3 projects | reddit.com/r/projecttox | 28 Feb 2021
aTox also uses an unmodified version of the version of Toxcore that Toxic, uTox, qTox, etc all use: https://github.com/TokTok/c-toxcore/ TRIfA uses its own fork of Toxcore: https://github.com/zoff99/c-toxcore
4 projects | reddit.com/r/ich_iel | 9 Feb 2022
Matrix: An open network for secure, decentralized communication
2 projects | news.ycombinator.com | 6 Feb 2022
So disclaiming this with the warning that I haven't really kept myself too up to date the last year or two with the latest in private communications so please correct me if I'm wrong or outdated about any of this.
Also remember that privacy and security are never a silver bullet, and anyone claiming that something is, is probably not being genuine about their intentions. Privacy and security are about making things harder, not impossible - how difficult is entirely based on what you're trying to protect, and from who or whom you're trying to protect it.
Right, with that out of the way.
In this case, tapping is less of a concern with anything E2EE encrypted and using proper cryptography suites - which is usually a given these days with most privacy-focused applications. Signal, Matrix, and Briar come to mind. But "censorship resistance" being the key term here, means that the infrastructure used to actually send the messages cannot be tampered with or otherwise taken offline.
You want to make sure that automatic updates can't be pushed to the app by a third part. App signing helps but making sure that automatic updates are off and that you update frequently enough and ensuring that each release is properly released by the author is important. There are other modes where this still isn't bulletproof (system OTA update with a backdoor, app author is compromised, etc.) but these are typically not within your model.
Telegram is not censorship resistant, and while it's E2EE in secret chats, it's not E2EE by default. This is a common misconception by a lot of people.
Signal by design isn't censorship resistant but they do a lot of work to make it effectively so - when they're not fighting amongst themselves. Signal is also quite aggressive when it comes to antiestablishment sentiments historically, which depending on where you are can work against you or be in conflict with your goals.
Matrix is a decent enough protocol at a higher level, though admittedly I'm not super acquainted with its internals. I do use it quite a bit, however, and generally like it, but it's very unapproachable to all but the savvier tech enthusiasts, and has a pretty young ecosystem when it comes to clients, phones, etc. It's also wildly underused compared to other platforms. I myself am a long time IRC user and get very confused with Matrix at times.
Finally there's Briar, which I've not used but it was mentioned not too long ago here on HN. It can use other means of communication on phones to send messages securely.
As always, Tor can be a great way to obfuscate your internet usage and in some cases even bypass state-enacted blockages of certain sites, but it's not foolproof and can actually make things worse if you don't understand how it works and when not to use it. Make sure to research first.
By the way, threat modeling can be fun and is applicable to a lot of situations, including your own personal safety. The five functions are a fun place to start. Read up on it if you want!
Hope this is a decent enough overview!
Tip: If you have an iPhone but don’t have a VPN, here is how to hide your internet traffic from Cornell on safari
1 project | reddit.com/r/Cornell | 22 Jan 2022
Cornell can still track what you browse: https://github.com/net4people/bbs/issues/87
European carriers seek to block iPhone Private Relay feature
1 project | reddit.com/r/privacy | 10 Jan 2022
I got immediately suspicious upon hearing "private relay" there need's be honestly more details in their whitepaper to be fair you could set up a simular thing for yourself if you have a spare VPS laying around with some OSS stuff's. There are other research group's who appear to have some similar question's see here and here
AdBlocking as a Service
4 projects | reddit.com/r/dns | 12 Sep 2021
China just blocks ESNI entirely, possibly Iran too, and I'd assume once ECH becomes popular they'd do just that. The paper points out it's trivial to defeat the blocking, but there needs to be at least a client or server-side modification, which is kinda out of scope for your app & service. Would Cloudflare join the cat & mouse game? Probably not, considering in China they choose to cooperate with the local entity.
Session App vs Signal
2 projects | reddit.com/r/privacy | 16 May 2021
And you could ask and get the information first instead of commenting without knowing, It's not like Oxen team is some secret team you can't contact, or they ban you from their forums and close your issues for asking (like happened to some members of the Anti-Censorship Community for asking stuff to signal about their bad proxy implementation back in February https://github.com/net4people/bbs/issues/63).
Why is Threema better than Signal?
1 project | reddit.com/r/Threema | 21 Mar 2021
What are some lesser known services that have made your life better?
19 projects | reddit.com/r/selfhosted | 21 Mar 2021
Signal Proxy is broken according to people working on keeping Iran afloat the global internet: https://github.com/net4people/bbs/issues/63
Will the outline transition to v2ray?
2 projects | reddit.com/r/outlinevpn | 3 Mar 2021
V2Ray is a suite of protocols and a way to combine them. Not all setups are helpful, so you need to be specific about what exact setup you believe it would be helpful.
If my phone screen is locked, the screen never lights up when a Threema call is incoming. Why?
2 projects | reddit.com/r/Threema | 27 Feb 2021
proxy For areas where there is a filter: How? It seems is a shitty proxy a lot of people can see it, but the moxie guy blocked the bad comments. It is just "bypass", is not for censorship really, either way it seems shitty. You can read more here https://github.com/net4people/bbs/issues/60 and other technical blogs.
What are some alternatives?
aTox - Reasonable Tox client for Android
pivpn-docker - Run PiVPN in a Container!
serverless-dns - The RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, and Fly.io
qTox - qTox is a chat, voice, video, and file transfer IM client using the encrypted peer-to-peer Tox protocol.
Xray-core - Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
Invoice Ninja - Invoices, Expenses and Tasks built with Laravel and Flutter
berty - Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network
oxen-mobile-wallet - A Mobile Wallet for Oxen
openvpn-install - Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
TextSecure - A private messenger for Android.
Signal-Server - Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS