Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Case]

So it's about Google's new privacy-UI-annoyance_ware-bullshit thing.

"Please tell us to back off our creepyintrusivefeelers reaching into your underwear one by one, every single time your browser connects to one of our services ...
... and did we mention that you won't have to go through our deliberately annoying consent-clicky-shitty-UI again and again if you log in with your Google account? (Don't be evil ...)" 

Please, someone - I need it to stop! There has to be some kind of plugin or whatnot that automaticaly flips those five switches. I don't know shit about HTML, but it appears the structure of the GUI is deliberately set up in a way to make it harder to do via a plugin.

But I guess it should be possible without being logged into your Google account at all times, which is what I think they're trying to pester people (Europeans?) into by making them go through the same inane shit again and again (I'm trying minimize interaction with my Google Account, and to only access it from my mobile. I don't want it active on my Desktop machine so it can rat out on me even more. Dunno if that really makes sense, but I'm losing track of the ways the American Evil Empires have turned GDPR-compliance processes into 'Annoyance-ware' meant to getting you to sign away your privacy out of sheer exasperation)

Please, dear CS-gurus of QC - This humble student seeks guidance.

[N.N. Marf]

I haven't consumed any Alphabet Soup since.. long enough to suspect they might have more things I'd never use anyway, but some might. My first suggestion would be to Not Use Them---fullstop. There's a highly-customizable Searx engine (pronounced ``sucks'') that anyone may host.
There's Cockmail, who specialize in crude---but they have some neutral---domains: registration requires only cookies and (for their Turing test) stylesheets, but their webmail interface requires client-side scripts---of course, they offer IMAP, POP3, SMTP interfaces, so you might point your favourite local mail-client programme at it, which is good practice anyway, to keep your mail on your machine, and delete it from the remote host as soon as possible. Some say to care much about the privacy policy of a service, but there's nothing stopping them from storing that data anyway---it just means they can't well use it contrary to their privacy policy---for now---unless they don't get caught. Cockmail doesn't ask too many questions: username, passcode, and enter some these 5-characters to pass their Turing test. Beware: they say that they won't reset your passcode if you lose it.
They have a convoluted account deletion procedure, where you have manually delete things in a certain order.. You can delete your account without that, but they don't guarantee all the data will be deleted unless you do it yourself.

Note: Gmail seem to filter out Cockmail. One workaround is to have the recipient email you first. Alphabet Soup claim incompetence about standard interoperability with smaller potential competitors elsewhere, too, but I'd have to consult my records to be exact.

[cybersmurf]

Sounds like we need to compile a "I want to get away from the data rake" services list.

[N.N. Marf]

I'd say that a list of better services is not enough. Convenience/ease-of-use are important, too, so how to integrate the good services should be considered, too. Some persons say that they don't switch because it's all in one place.
The Dig Deeper article comparing email services has been recommended as a good starting point, but they seem to use bad arguments and misinterpretations to defend what they say; they seem to have good principles, and approach good conclusions, but I don't think they do it well, so I'll only recommend them as not-terrible starting point---maybe as a ranked list?
One thing to beware is services heavily advertising their privacy/security/whatever. Zoom, for example, was advertised as secure/private, but their technical documentation was difficult to find---the closest thing I found was a pamphlet that looked like an advertisement, but what little it mentioned about how they keep it secure implied they can access to users' data. What sucks is that---and this happens with plenty other `secure' services---when it's discovered they're not doing what they advertised e.g. a data leak, users don't stop using it and continue claiming it's secure/private/whatever.

Global Moderator Comment

Mod edit: fixed broken link

[Thrillho]

Yeah the first time I heard of Zoom was in the context of 'don't ever use Zoom it's unsecure as shit'.

[hedgie]

Supposedly, Jitsi is better. 

[pwhodges]

Many supposed insecurities are no more than inappropriate defaults that no one noticed and corrected in time.  I believe that was Zoom's problem.

Defaults are often fine, but check, check, check should be your mantra whenever using something new.  And of course you need to be confident that the person at the other end has made the same checks - which isn't so easy!

[N.N. Marf]

Many supposed insecurities are no more than inappropriate defaults that no one noticed and corrected in time.  I believe that was Zoom's problem.

Way I see it, if something's advertised as secure, for non-savvy persons, it should be that, and only that. Non-savvy persons don't have the skills, but even savvy persons, have other things to do. If there's any way for it to be insecure, it should be as far outside the possible purview of the so-advertised product as possible. It certainly shouldn't be insecure by default.
Open-source is important, even for non-savvy, or busy savvy, persons, because it means anyone can audit it. Of course, if they don't have the skills to audit it well.. If it's sufficiently popular, and open-source, it's probably been audited. There's even more incentive there, if it's used for serious, e.g. scientific or commercial, purposes.

[FreshScrod]

For "cloud storage" I encrypt files and upload them to different free file hosting services like anonfiles (the "[email protected]" thing is hiding "file=(atpersat)filename"). I upload them to multiple places, so that if one of them deletes it, there are other copies. I think it would be nice for a program to regularly check that the file is still up, and reupload it if it's not. For example, my computer would take a file, encrypt it, upload it to one file host, to another file host, etc. Then, it would check that the file is still there, and if it's not, then my computer can download it from one of the other places, and them upload it again.
To avoid them detecting that it's the same file being uploaded multiple times, it can be encrypted with a different key each time. Maybe it would be encrypted with a different key to different places, too, so that if they're working together, they won't notice that it's the same file being hosted in multiple places. More sophisticated features against detection could be splitting the file into multiple random-sized pieces, and piecing it back together when retrieving it.
Using different internet proxies or Tor can help against detection. Doing it at random times can help against detection.
Doing it at different times can stagger file expirations, so if all file hosts use the same expiration length, the copies won't all simultaneously expire.

[Gyrre]

Firefox
Go into the 'Privacy' section of the Settings menu for some wonderful options. And, the even have data collection and site permission options that you can toggle to 'off'.

If you think that's too good to be true, double-down with the Ghostery extension. You can customize what third party webcrawlers you block and it'll even show which ones and how many are on a page.

If you want to go even further, AdBlock Plus now has an option where you can allow ads that don't collect data so you can still give some support to websites you like. Naturally, that excludes any sights using Google AdSense.


StartPage.com is a proxy-based search engine that gives you Google results without the Google data collection. They also don't record your metadaa, either.

[N.N. Marf]

USA FTC confirmed: Zoom mislead about their (in)security.