cipherpunk

joined 5 years ago
MODERATOR OF
email
sorted by: new top controversial old
1
Table of Security Features of many email providers (dismail.de)
*Permanently Deleted* in c/[email protected]
[–] [email protected] 1 points 5 years ago* (last edited 5 years ago)

Because otherwise they would have virtually no money at all, and thus shut down

ACLU, EFF, & Tor all pre-date Paypal's existence. No, they don't "need" Paypal for survival.

(see what happened when WikiLeaks when major payment providers blocked them), because, unfortunately, almost everyone uses those payment methods at the moment.

This proves my point. Wikileaks was not just blocked by Paypal, it was blocked by credit cards as well. Despite the massive blockade, Wikileaks survived.

Paypal is the biggest offender of payment blockades (particularly political in nature and biased in favor of Peter Thiel's right-wing agenda), which only advances the point that we have an ethical duty to shrink Paypal.

And if you think about the word ethical, what would you qualify as so?

By my own standard it's unethical for any org or person to accept Paypal, but I'm not applying my own standards here in the context you're replying to. I'm applying the standards of the orgs themselves. Paypal works against ACLU's own mission. Paypal works against EFF's own mission. Notice that I did not name countless vendors of electronics, bicycle parts, etc that accept Paypal, because Paypal doesn't contradict their mission.

It's one thing to hold everyone to your own standard, but if you can't hold an organization to their own ethical principles something is wrong.

I mean, their main sponsor by far is CIA, what else is here to say?

First of all, the Navy invented Tor, so if you have a problem with a nation having an intelligence agency or military then you're advocating against Tor's creator.

There are countless free software projects that operate without a dime because people who need that software have an interest in contributing maintenance code. If Tor Project were to hypothetically get zero funding, you might see little or no outreach programs, Tor stickers, and marketing frills, but the software would live on.

I don’t have a bank account, nor do I have PayPal, so I’m not really sure about that, but from what I know it’s a lot more convenient to pay with PayPal than it is to pay from a traditional bank account. But again, not sure about this…

Convenience is the top rationalization for unethical conduct and transactions. It also has the least merit.

lol what? How? I mean, you really only need to leave your Bitcoin address… that’s weird…

Things have changed, so my comment is no longer relevant. In the past, Tor Project did not publish a BTC address. Donors were forced to go to a CloudFlare site and do the transaction through a 3rd party (bitpay.com). It was an absolute embarrassment for Tor Project and there was a long bug report about it. The bug report lingered for years but it seems to have been deleted-- likely due to the embarrassment. They claimed that they could not simply let BTC enter because they need to make a tax declaration on what they receive, and the tax declaration must be in a national currency. So they used a 3rd party who instantly converted all their bitcoin donations into national currency for accounting purposes. They foolishly chose a CloudFlare site to do that. Seems to be history now. They are using btcpayserver.org and superficially i see no issues there.

It's worth noting that Tor Project has a record of not eating their own dog food. Apart from subjecting ppl to CloudFlare sites, their bug tracker has a history of mistreating Tor users, and if you try to subscribe to their newsletter using an onion email address they can't handle it.

*Permanently Deleted* in c/[email protected]
[–] [email protected] 0 points 5 years ago* (last edited 5 years ago) (2 children)

correction: these projects need as much money as they can ethically get. When their mission is inherently ethical in nature, tossing out ethics (ethics of their own mission) defeats their own purpose and undermines their credibility. They're subjecting unwitting donors to civil liberties abuses. You don't do that to your supporters -- the people trying to help out.

ACLU and EFF only need money from Americans, since they only benefit Americans. They must have US bank accounts to deposit the Paypal money into, and their US based donors also necessarily have US bank accounts. So check & ACH wire are inherently available. And in most cases credit card is also a common option for US-based donors & recipients. Adding Paypal is purely adding to the privacy abuse.

Tor Project are simply sellouts. They never turn down money. They've accepted donations from DDG and Reddit. Tor Project has a strong presence in the US and Germany. Nixing Paypal does not hinder conventional US or European payment methods. I'm not sure how much of their funding comes from Russia or Asia but at a very minimum they could restrict the Paypal option to the regions that need it. Note as well the Torproject accepts bitcoin and they do so in a manner that ironically subjects donors to a CloudFlare site (the top adversary of the Tor Project). They're simply reckless.

FSF is essentially US-based and serving the US. FSFE covers Europe. Other regions benefit incidentally from FSF, FSFE,Protonmail, & Framasoft. In any case, they too could limit Paypal to non-US-EU payments.

*Permanently Deleted* in c/[email protected]
[–] [email protected] 0 points 5 years ago (4 children)

I'm always disgusted when I see projects centered on civil liberties who accept Paypal. In particular, these organizations should be ashamed of using Paypal:

  • ACLU
  • EFF
  • Tor Project
  • FSF -- they try to discourage Paypal with: "(not recommended: requires nonfree JavaScript)", but really they shouldn't be accepting it
  • Pinephone store -- exclusively Paypal! You can't buy a phone without it!
  • Protonmail
  • Thinkprivacy -- would be foolish to donate here anyway
  • Framasoft
1
How Yandex has started treating Email users who use Tor (lemmy.ml)
 

After years of accessing Yandex email service over Tor without issues, Yandex suddenly decides they want their Tor users to have a mobile phone, and they want the users ph#.

Is Signal Messenger Secure? in c/[email protected]
[–] [email protected] 1 points 5 years ago

The client app for Signal users is also non-free software soon to be removed from the FSF Directory:

https://directory.fsf.org/wiki/Signal

Is Signal Messenger Secure? in c/[email protected]
[–] [email protected] 0 points 5 years ago* (last edited 5 years ago) (1 children)

Huge list of security problems with Signal:

https://github.com/privacytoolsIO/privacytools.io/issues/779

(and note that privacytools.io still endorses Signal even after being made aware of this)

DDG vs. Startpage vs. Searxes in c/[email protected]
[–] [email protected] 1 points 5 years ago* (last edited 5 years ago)

Mojeek does their own crawling. That's quite impressive, because unlike DDG it means they don't have to choose from a pool of privacy abusers to buy search results. I did a test search on "petition sites" and was impressed that the first page did not contain the typical privacy abusing cloudflare results (change.org, moveon.org, etc). Mojeek also does not buy hosting from Amazon/MS/Google. I should perhaps add them to the table.

I didn't know MetaGer was free software. I occasionally use metager.com but my first port of call is Searxes b/c searxes filters out cloudflare sites.

1
20+ reasons why fax is more reliable than email (lemmy.ml)
submitted 5 years ago* (last edited 5 years ago) by [email protected] to c/[email protected]
0 comments fedilink
 

The things that make fax unreliable:

The things that make e-mail unreliable:

  • the recipient's client tools decide incorrectly that the message is spam and stores the message where it will never be seen
  • the receiving mail server uses a DNSBL to...
    • ..block connections from the sender
    • ..accept and blackhole messages from the sender (ref outlook)
    • ..accept and deliver messages to a place that is never visited
  • the recipient's mail service decides for any flawed reason that the message is spam and delivers it to a folder that will never be seen
  • the recipient uses a spamgourmet.com address and forgot to update the counter thus causing the message to be blackholed or the service provider of the protected address blocks the spamgourmet.com server specifically
  • recipient's mail server may reject the message if the domain name appearing in the From: field does not correspond with the IP address of the transmitting server (e.g. MUA allows freetyping the From: field and sender uses a spamgourmet.com address)
  • the recipient uses a forwarding service like Namesilo, who refuses to forward messages from unrecognized senders because the forwarding service considers their own IP reputation more important than the actual delivery of a single message
  • the recipient's mail server uses graylisting with unreasonable delay. Time-sensitive messages can miss the deadline or sending servers can give up before the time lapse.
  • recipient's e-mail server blocks the attachment (and possibly the whole email) incorrectly flagging it as malware.
  • recipient's e-mail address is unknown because a webmaster's anti-spam effort...
    • ..is to not publish any email addresses. Senders are forced to use a contact form that's blocked by a sometimes broken CAPTCHA. And when the webform does work, PDF attachments are not possible.
    • ..is to block e-mail address disclosure until a CAPTCHA is solved, and the CAPTCHA is broken or the sender rejects the effort required
    • ..entails hiding e-mail addresses until some javascript renders them, but javascript is either unsupported or disabled by the visitor's secure browser. There is also no indication to the visitor that an e-mail address is even available if j/s were to execute.
  • recipient's e-mail address is unknown because the webpage publishing it blocks Tor and the visitor will be damned if they must give up their security to view the page
  • the sender simply cannot send the message because the corporation who handles the recipient's email (e.g. is a PRISM corp like Google or Microsoft) is not sufficiently trustworthy for the content of the message
  • large corporations use DNSBLs to force email senders to relay their mail through a static IP, and the sender with dynamic IP may not consider any third party sufficiently trustworthy to see all their emails
  • sender boycotts the recipients e-mail provider
  • recipient does not have an S/MIME cert. or PGP public key, thus failing to achieve the level of confidentiality required by the sender (some sys admins even refuse to accommodate encrypted e-mail in fear that a malicious payload will get past the organizations malware scanner)
  • recipient uses an EU-based e-mail service provider, where law obligates collection of metadata (a collection that may jeopardize the level of confidentiality required by the sender), and the recipient or sender are not using a Memory Hole-capable MUA to protect their metadata
  • recipient abandons their mailbox because they have other accounts and can't be bothered to manage all of them, and unread mail piles up
  • sender is a technologically-challenged bank or brokerage who sends multipart MIME messages and puts in the plaintext part:
    • a message saying "Upgrade your mail client" instead of the actual message
    • a large dump of unreadable machine-generated HTML indistinguishable from garbage
  • sender attaches a file in a non-standard proprietary format like MS Word and the recipient cannot view it (or does not trust it to open it for viewing).
9
DDG vs. Startpage vs. Searxes (lemmy.ml)
submitted 5 years ago* (last edited 5 years ago) by [email protected] to c/[email protected]
2 comments fedilink
 

In terms of privacy, this is how the Searxes (meta of meta searches) compares to DDG, Startpage, and Mojeek:

privacy factor DDG Startpage Mojeek Searxes
caught violating privacy policy yes no no no
bad track record (history of privacy abuse) yes (CEO founded Names DB) owned by targetted ad agency no
feeds other privacy abusers yes (Verizon-Yahoo, Microsoft, Amazon, CloudFlare) yes (Google, CloudFlare) no no
privacy-hostile sites in search results yes yes yes (but appears less frequent than ddg) no (CloudFlare sites filtered out)
server code is open source no no no yes
has an onion site yes (but Tor-hostile results still given) no no yes
gives users a proxy or cache no yes (using Anonymous View feature) no yes (via the favicons)

Superficially Metager is privacy respecting and there's even an .onion host for it. So I'll have to add it to the table in the future.

For the moment, I'll say that Metager shares the following with advertisers:

  • first 2 blocks of your IP address
  • user-agent string
  • your search query They say it's for non-personalised advertizing.