After the exposition on ProtonMail yesterday, I got to verifying the other services I use. First was CTemplar, an email service based in Iceland, which I fully recommend using.
CTemplar has been aware of the ProtonMail vulnerability and even links the paper by Professor Kobeissi that we discussed in yesterday's post.
Although they do use the same client side OpenPGP library maintained by ProtonMail (its likely the only one in the world that works in browsers, and a whole post can be written about it), they have accounted for the concern and developed a system that allows you to compare the code in your browser with the code that they've published. Here's instructions on how to do so.
This is in stark contrast to ProtonMail's response to Kobeissi's analysis that tries to frame the vulnerability as 'his opinion' and not a real problem with their infrastructure.
As you can see, there are people out there who are dedicated to achieving the utmost privacy, instead of pretending to be. Maybe ProtonMail should be open to implementing a similar method, after all - they should have nothing to hide?
Later on today, we will see the troubling origin of ProtonMail and why they shouldn't be given the benefit of the doubt.
CTemplar has been aware of the ProtonMail vulnerability and even links the paper by Professor Kobeissi that we discussed in yesterday's post.
Although they do use the same client side OpenPGP library maintained by ProtonMail (its likely the only one in the world that works in browsers, and a whole post can be written about it), they have accounted for the concern and developed a system that allows you to compare the code in your browser with the code that they've published. Here's instructions on how to do so.
This is in stark contrast to ProtonMail's response to Kobeissi's analysis that tries to frame the vulnerability as 'his opinion' and not a real problem with their infrastructure.
As you can see, there are people out there who are dedicated to achieving the utmost privacy, instead of pretending to be. Maybe ProtonMail should be open to implementing a similar method, after all - they should have nothing to hide?
Later on today, we will see the troubling origin of ProtonMail and why they shouldn't be given the benefit of the doubt.
Telegram
Ramiro Romani's neo-network
PM openly states they have your private key, and it is only a matter of getting access to your password to decrypt the encrypted privacy key.
In addition to this, ProtonMail has no password requirements, and has been tested with passwords like '1', 'iloveyou'β¦
In addition to this, ProtonMail has no password requirements, and has been tested with passwords like '1', 'iloveyou'β¦
Forwarded from G3 News
Harris County Judge Calls Lit Up Downtown Skyscrapers in Houston Amid Outages "Maddening"
π‘@G3News: With more than 1.3 million people in the Houston area still without electricity in the bitter cold, many wondered why empty offices in downtown skyscrapers remained brightly lit Monday night.
On Monday at about 8:30 p.m., the Houston skyline was visible, brightly lit up in the night as surrounding homes and businesses were left in the dark.
SOURCE | SUPPORT G3
π‘@G3News: With more than 1.3 million people in the Houston area still without electricity in the bitter cold, many wondered why empty offices in downtown skyscrapers remained brightly lit Monday night.
On Monday at about 8:30 p.m., the Houston skyline was visible, brightly lit up in the night as surrounding homes and businesses were left in the dark.
SOURCE | SUPPORT G3
"Better to die fighting for freedom than be a prisoner all the days of your life"
- Bob Marley
- Bob Marley
Exposition: ProtonMail is Inherently Insecure, Your Emails Are Likely Compromised, Ties To Government Agencies: Part II
@neo_network
π¨π―π¨π
In Part I, we looked into the details of ProtonMail's security vulnerabilities, and we discovered that IF ProtonMail was a malicious actor, they could easily decrypt all your emails.
In Part II, we'll see why ProtonMail is very likely a bad actor, after looking at red flags with their origin, blatant lies in their privacy policies, false claims, illegal activities, and more.
Full disclosure, a lot of the primary research was performed by another investigative journalist, Privacy Watchdog who has been investigating ProtonMail for a while. Rather than retell his findings, I will iterate the main points (there are many), and add commentary on things I have researched on top of it.
1. ProtonMail was likely created under the oversight of US Intelligence Agencies being founded at MIT. Although proved through backdated articles, resumes, and twitter posts - ProtonMail denies any involvement with MIT now (look at their Wikipedia, site, etc...). This should strike you as very suspicious.
Here's the full article by Privacy Watchdog.
2. ProtonMail flat out lied to its supporters after raising 550K in crowdfunding.
Here's a direct quote from their IndieGogo (crowdfunding) page.
"We firmly believe that ProtonMail can only succeed in its mission if it remains independent. [...] There are certain powerful governments and corporations out there who are in the business of controlling and exploiting personal data that will try to hinder us."
Only 7 months after the campaign (they may have been in talks during the campaign), ProtonMail sold equity to Charles River's Ventures and FONGIT.
CRV's founder was part of the US Dept. of State under Obama and delegate to the UN.
FONGIT is financed by the Swiss Government, which has a MLAT treaty with the US government, which allows both countries to share user data back and forth.
Here's more details by Privacy Watchdog.
@neo_network
π¨π―π¨π
In Part I, we looked into the details of ProtonMail's security vulnerabilities, and we discovered that IF ProtonMail was a malicious actor, they could easily decrypt all your emails.
In Part II, we'll see why ProtonMail is very likely a bad actor, after looking at red flags with their origin, blatant lies in their privacy policies, false claims, illegal activities, and more.
Full disclosure, a lot of the primary research was performed by another investigative journalist, Privacy Watchdog who has been investigating ProtonMail for a while. Rather than retell his findings, I will iterate the main points (there are many), and add commentary on things I have researched on top of it.
1. ProtonMail was likely created under the oversight of US Intelligence Agencies being founded at MIT. Although proved through backdated articles, resumes, and twitter posts - ProtonMail denies any involvement with MIT now (look at their Wikipedia, site, etc...). This should strike you as very suspicious.
Here's the full article by Privacy Watchdog.
2. ProtonMail flat out lied to its supporters after raising 550K in crowdfunding.
Here's a direct quote from their IndieGogo (crowdfunding) page.
"We firmly believe that ProtonMail can only succeed in its mission if it remains independent. [...] There are certain powerful governments and corporations out there who are in the business of controlling and exploiting personal data that will try to hinder us."
Only 7 months after the campaign (they may have been in talks during the campaign), ProtonMail sold equity to Charles River's Ventures and FONGIT.
CRV's founder was part of the US Dept. of State under Obama and delegate to the UN.
FONGIT is financed by the Swiss Government, which has a MLAT treaty with the US government, which allows both countries to share user data back and forth.
Here's more details by Privacy Watchdog.
3. Countless lies about its activities , including conducting illegal cyber warfare, its privacy policy, deletion policy, and more.
After looking up the false claims in the Privacy Watchdog article it was actually quite astounding to me how easy it is to catch their lies.
Here's a discussion about the change in Privacy Policy, in 2018.
In their new privacy policy they say the following:
"IP Logging: By default, ProtonMail does not keep permanent IP logs. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions
Your login IP address is also kept permanently (until you delete it) if you enable authentication logging for your account (by default this is off). The legal basis of this processing is consent, and you are free to opt-in or opt-out at any time in the security panel of your ProtonMail account."
Keep in mind by Swiss law, they are legally required to keep user data around for 6 months. Swiss laws aren't as private as they seem.
Additionally, they have all your email metadata - this has always been unencrypted and ProtonMail does not offer any protection for this. This includes (from the privacy policy) "sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times."
This is incredibly helpful for law enforcement investigations, the content of the emails is usually not needed.
4. ProtonMail fully complies with Swiss authorities, and foreign requests that have been approved by Swiss authorities (MLAT treaty).
In their warrant canary, they openly show how they retained user data based on a request from the FBI via the MLAT agreement.
They've complied a little under 2,000 times with authorities since 2017, retaining data, handing over 'encrypted' emails, and the associated metadata (which can be used as evidence just as strong as the content of the emails themselves).
Conclusion
I hope this puts to bed the notion that ProtonMail can be trusted with your emails. If you're on ProtonMail, I hope you realize as the laws change, that you can and will be compromised.
Discuss here:
@neo_network_chat
After looking up the false claims in the Privacy Watchdog article it was actually quite astounding to me how easy it is to catch their lies.
Here's a discussion about the change in Privacy Policy, in 2018.
In their new privacy policy they say the following:
"IP Logging: By default, ProtonMail does not keep permanent IP logs. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions
Your login IP address is also kept permanently (until you delete it) if you enable authentication logging for your account (by default this is off). The legal basis of this processing is consent, and you are free to opt-in or opt-out at any time in the security panel of your ProtonMail account."
Keep in mind by Swiss law, they are legally required to keep user data around for 6 months. Swiss laws aren't as private as they seem.
Additionally, they have all your email metadata - this has always been unencrypted and ProtonMail does not offer any protection for this. This includes (from the privacy policy) "sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times."
This is incredibly helpful for law enforcement investigations, the content of the emails is usually not needed.
4. ProtonMail fully complies with Swiss authorities, and foreign requests that have been approved by Swiss authorities (MLAT treaty).
In their warrant canary, they openly show how they retained user data based on a request from the FBI via the MLAT agreement.
They've complied a little under 2,000 times with authorities since 2017, retaining data, handing over 'encrypted' emails, and the associated metadata (which can be used as evidence just as strong as the content of the emails themselves).
Conclusion
I hope this puts to bed the notion that ProtonMail can be trusted with your emails. If you're on ProtonMail, I hope you realize as the laws change, that you can and will be compromised.
Discuss here:
@neo_network_chat
Forwarded from D
We now return to our regularly scheduled programmingβ¦
After several days of constant DDOS attack, the Freedom Cell Network has implemented the first defense out of many, and for now it seems as if the attackers have stopped.
We would like to take this time to warn you about scam sites that have appeared recently. These sites appear to represent The Freedom Cell Network, they have a similar URLs like βfreedomcells.netβ These scam sites lure you into logging in (where they no doubt will steal your login information), and attempt to get you to purchase cryptocurrency tokens.
Please know you will always be able to visit this site through our official domain name: freedomcells.org
Welcome back, and thank you for your support. <3
https://www.freedomcells.org
After several days of constant DDOS attack, the Freedom Cell Network has implemented the first defense out of many, and for now it seems as if the attackers have stopped.
We would like to take this time to warn you about scam sites that have appeared recently. These sites appear to represent The Freedom Cell Network, they have a similar URLs like βfreedomcells.netβ These scam sites lure you into logging in (where they no doubt will steal your login information), and attempt to get you to purchase cryptocurrency tokens.
Please know you will always be able to visit this site through our official domain name: freedomcells.org
Welcome back, and thank you for your support. <3
https://www.freedomcells.org
@neo_network
I'm proud to announce my first article feature on The Conscious Resistance Network - if you haven't read it, check out Part I of ProtonMail is Inherently Insecure, Your Emails Are Likely Compromised
I'm proud to announce my first article feature on The Conscious Resistance Network - if you haven't read it, check out Part I of ProtonMail is Inherently Insecure, Your Emails Are Likely Compromised
The Conscious Resistance Network
ProtonMail is Inherently Insecure, Your Emails Are Likely Compromised - The Conscious Resistance Network
ProtonMail is inherently insecure, if you've used the Webmail client, ProtonMail has always had the ability to grab your password and private encryption key without you knowing, giving them backdated access to your emails.
Saving The World In A Decentralized Manner
@neo_network
Join the network at: @neo_network_chat
β‘οΈπ₯Άπ
Our beliefs in the current system are being challenged once more as temperatures freeze across the country.
The Electric Reliability Council of Texas (ERCOT) which manages the power generation and distribution to more than 26 million Texas customers (90% of the whole state) is on emergency alert. They have implemented "rotating outages" which are "controlled, temporary interruptions of electric service. This type of demand reduction is only used as a last resort to preserve the reliability of the electric system as a whole"
There are currently 2.7M people currently in Texas without power. Check out the live map here.
At the same time, the food supply chain has not been able to supply large parts of Texas due to hazardous road conditions and power outages. I've had first hand experience seeing cleaned out food shelves since Monday, and now we're hearing local reports of grocery store lines that stretch around the block.
Who's going to come to our aid?
We have to come to our own aid.
And that's exactly how people like Echo Colon have been handling it.
Echo organizes Austin Mutual Aid, which is a mutual aid group for the city of Austin that works with other regional mutual aid groups. Mutual aid groups are much like Freedom Cells in the sense that they're volunteer run, locally based, and bring people together.
We had the pleasure of hearing some advice from Echo on how people can organize mutual aid groups in their area and help their neighbors.
"We set up a Facebook page/Instagram/email and we created [2] online survey[s] for people who need things and people who can help. As people fill out the form theyβre added to a spreadsheet"
Echo typically uses the Google Forms & Google Sheets combo to do this. I've used Google Sheets in the past myself, its easy to use and robust.
At this point we should just be aware that our data is not ours when we submit it to cloud services. Interested in finding alternatives, I researched a few online form services and read through their privacy policies. They all tell you up front that they have full rights to any submission of data.
However, don't despair. I have also self-hosted my own form applications in the past, which store the submission data on your own server and aren't sending it off to the cloud.
If you are even a little bit technically proficient, you should look into buying a Virtual Private Server (there are many options in independent providers) and self-hosting your own applications.
You can install entire platforms on your server that allow you to locally install applications from an app store in one-click, like Yunohost and Sandstorm.
If you want to just browse all the software you can self host, here's a whole list of goodies, including document editors, photo storage tools, and of course - surveys.
If you're only interested in managing survey software, then a few solid options are:
JDHost
OhMyForm
LimeSurvey
If you're unable to set this stuff up, than don't despair, try and look for someone technically proficient to help you in your community. Voluntary collaboration under a common goal is the essence of Freedom Cells and Mutual Aid Groups. Find individuals to help you with the cause.
And don't get stuck on the technology, if you are ready to help people - by all means use Google Sheets. Just be aware of where your data could go. (mostly big corporations & world governments).
Once you have your surveys, up - you can start running the operation.
@neo_network
Join the network at: @neo_network_chat
β‘οΈπ₯Άπ
Our beliefs in the current system are being challenged once more as temperatures freeze across the country.
The Electric Reliability Council of Texas (ERCOT) which manages the power generation and distribution to more than 26 million Texas customers (90% of the whole state) is on emergency alert. They have implemented "rotating outages" which are "controlled, temporary interruptions of electric service. This type of demand reduction is only used as a last resort to preserve the reliability of the electric system as a whole"
There are currently 2.7M people currently in Texas without power. Check out the live map here.
At the same time, the food supply chain has not been able to supply large parts of Texas due to hazardous road conditions and power outages. I've had first hand experience seeing cleaned out food shelves since Monday, and now we're hearing local reports of grocery store lines that stretch around the block.
Who's going to come to our aid?
We have to come to our own aid.
And that's exactly how people like Echo Colon have been handling it.
Echo organizes Austin Mutual Aid, which is a mutual aid group for the city of Austin that works with other regional mutual aid groups. Mutual aid groups are much like Freedom Cells in the sense that they're volunteer run, locally based, and bring people together.
We had the pleasure of hearing some advice from Echo on how people can organize mutual aid groups in their area and help their neighbors.
"We set up a Facebook page/Instagram/email and we created [2] online survey[s] for people who need things and people who can help. As people fill out the form theyβre added to a spreadsheet"
Echo typically uses the Google Forms & Google Sheets combo to do this. I've used Google Sheets in the past myself, its easy to use and robust.
At this point we should just be aware that our data is not ours when we submit it to cloud services. Interested in finding alternatives, I researched a few online form services and read through their privacy policies. They all tell you up front that they have full rights to any submission of data.
However, don't despair. I have also self-hosted my own form applications in the past, which store the submission data on your own server and aren't sending it off to the cloud.
If you are even a little bit technically proficient, you should look into buying a Virtual Private Server (there are many options in independent providers) and self-hosting your own applications.
You can install entire platforms on your server that allow you to locally install applications from an app store in one-click, like Yunohost and Sandstorm.
If you want to just browse all the software you can self host, here's a whole list of goodies, including document editors, photo storage tools, and of course - surveys.
If you're only interested in managing survey software, then a few solid options are:
JDHost
OhMyForm
LimeSurvey
If you're unable to set this stuff up, than don't despair, try and look for someone technically proficient to help you in your community. Voluntary collaboration under a common goal is the essence of Freedom Cells and Mutual Aid Groups. Find individuals to help you with the cause.
And don't get stuck on the technology, if you are ready to help people - by all means use Google Sheets. Just be aware of where your data could go. (mostly big corporations & world governments).
Once you have your surveys, up - you can start running the operation.
PowerOutage.us
Texas Power Outage Map, January 2026
PowerOutage.us tracks, records, and aggregates power outages across Texas.
"People can then work remotely to connect people who are on the list of needing something to people who have supplies and can help. It takes a bunch of making calls. Also setting up hubs where people can drop off supplies. This can be house, churches, businesses who are down to help.
So for example we had requests for food for a family of five. We currently have a kitchen set up so we looked on the list of people who could help and grabbed a driver to get food from the kitchen and take it to the family. Or if someone needs a generator, etc. [...] We also created signal chats that for drivers, one for rapid response, one for general mutual aid info in Austin."
You can see from Echo's advice how much location comes into play. People are able to help others if its in their power to do so. This might be affected by what they have or how far away they live.
Its a beautiful natural order in the decentralized 'chaos'. No central power is needed to save the world.
A tool that I think could seriously help this effort is an open source collaborative mapping tool, FacilMaps. You can keep track of local business that still have food & supplies, drop off points, places with heat / power / water, and more.
If conditions worsen (all signs point in that direction), then technologies like these will become exceptionally important as we fight to stay informed, connected, and safe.
And this is not a purely physical or purely digital process. Both parts must work in tandem to save the world.
The digital side brings in money (through donations from payment providers) and local information (social media, forms), and coordinates the group through messenger apps.
The in-person side works by being the boots on the ground, building relationships, receiving & offering, helping people in need.
"during a flood we cooked a bunch of hot food and then took it out on a truck. The truck became a hub that we knew these neighborhoods didnβt have power so thatβs where we went. People didn't have internet. So as you go around and feed people who talk to them about what they need and then can bring out those items that day or the next when you have them."
The idea of the digital and the physical being so intimately connected is something I want to explore through the @neo_network - We've always had the options using these technologies for good. Its too often we get lazy and allow centralized powers to use technology for evil. But this is our way to fight back - but all it takes is a little digital & physical effort.
Lastly, you may feel like you don't have the network set up to do this.
Echo has this to say:
"We have been doing this for awhile here in terms of the homeless community so we already had a network kinda in place. But we have also done this very quickly during floods when we didnβt have the network in place."
Thanks for reading, we need to inspire each other to make a greater difference in our communities. Start your local mutual aid group right now. Form a cell on freedomcells.org - love one another. We must turn to each other when the world is coming to an end.
So for example we had requests for food for a family of five. We currently have a kitchen set up so we looked on the list of people who could help and grabbed a driver to get food from the kitchen and take it to the family. Or if someone needs a generator, etc. [...] We also created signal chats that for drivers, one for rapid response, one for general mutual aid info in Austin."
You can see from Echo's advice how much location comes into play. People are able to help others if its in their power to do so. This might be affected by what they have or how far away they live.
Its a beautiful natural order in the decentralized 'chaos'. No central power is needed to save the world.
A tool that I think could seriously help this effort is an open source collaborative mapping tool, FacilMaps. You can keep track of local business that still have food & supplies, drop off points, places with heat / power / water, and more.
If conditions worsen (all signs point in that direction), then technologies like these will become exceptionally important as we fight to stay informed, connected, and safe.
And this is not a purely physical or purely digital process. Both parts must work in tandem to save the world.
The digital side brings in money (through donations from payment providers) and local information (social media, forms), and coordinates the group through messenger apps.
The in-person side works by being the boots on the ground, building relationships, receiving & offering, helping people in need.
"during a flood we cooked a bunch of hot food and then took it out on a truck. The truck became a hub that we knew these neighborhoods didnβt have power so thatβs where we went. People didn't have internet. So as you go around and feed people who talk to them about what they need and then can bring out those items that day or the next when you have them."
The idea of the digital and the physical being so intimately connected is something I want to explore through the @neo_network - We've always had the options using these technologies for good. Its too often we get lazy and allow centralized powers to use technology for evil. But this is our way to fight back - but all it takes is a little digital & physical effort.
Lastly, you may feel like you don't have the network set up to do this.
Echo has this to say:
"We have been doing this for awhile here in terms of the homeless community so we already had a network kinda in place. But we have also done this very quickly during floods when we didnβt have the network in place."
Thanks for reading, we need to inspire each other to make a greater difference in our communities. Start your local mutual aid group right now. Form a cell on freedomcells.org - love one another. We must turn to each other when the world is coming to an end.
Privacy Checkup | A Telegram Setting Can Give People Your Exact Location
@neo_network
Discuss at: @neo_network_chat
π€πΊπ§
Didya know @Telegram just became the most downloaded mobile app in the world?
Its pretty crazy to see this kind of growth from a platform. Pavel Durov, one of Telegram's Product Managers attributes their success to a commitment with privacy.
"You β our users β have been and will always be our only priority. Unlike other popular apps, Telegram doesnβt have shareholders or advertisers to report to. We donβt do deals with marketers, data miners or government agencies. Since the day we launched in August 2013 we havenβt disclosed a single byte of our users' private data to third parties."
Well if that doesn't give me the warm & fuzzies inside. You can take Pavel at his word, but that doesn't stop the huge influx of scammers alongside the new users.
If you're unaware of your privacy settings, Telegram's feature 'richness' can turn into feature 'risks', kid. (sorry, I had to)
Let's run through the privacy checkup:
1. Is your nearby users setting on?
Well if it is - turn it off immediately. Not only will it enable random people to message you out of the blue (as the women in my family can attest to), but it can be used to find your exact location.
First reported in early January by Ahmed, the exploit works by using Telegram's nearby location feature to find the distance of your target user from a triangle of points. You can either walk around and do the measurements yourself, or use a GPS spoofer to make the process quicker. This is not unlike phone tower triangulation by law enforcement.
This feature is off by default, but even if you're feeling adventurous, I'd keep it off - you could give away your home address. (and there are never any cuties around anyways)
2. Are you sharing your phone number with everyone?
Its not uncommon to meet people on Telegram, and after some friendly back and forth you might add them as a contact. But be careful, there's a checkbox allowing you to share your number - essentially giving away your identity through a reverse phone number search.
Go to your privacy settings and select 'nobody' for 'Who can see my phone number'. Note that if someone out in the world knows your registered phone number already, they're able to find you on Telegram by searching your phone number.
In the future, I'll share ways to get anonymous & disposable phone numbers
3. Can anyone add you to their group?
By default, anyone can invite you to a group, which makes it so you automatically join a group and start receiving messages. We've seen swaths of new crypto scams, fake local marketplace groups, and fake food delivery groups take advantage of this. They have bots (or people) which go in and invite anyone they can to their groups.
To fix this go into privacy settings and click 'Group Invite' settings, then select 'My contacts' for 'Who can add me to groups and channels'.
Now, only your Uncle Lester can invite you to his yard sale... π - and there's no way to turn that off.
If this even protects one person, I'll be happy I wrote it.
Stay warm & safe,
π€πΊπ§
@neo_network
Discuss at: @neo_network_chat
@neo_network
Discuss at: @neo_network_chat
π€πΊπ§
Didya know @Telegram just became the most downloaded mobile app in the world?
Its pretty crazy to see this kind of growth from a platform. Pavel Durov, one of Telegram's Product Managers attributes their success to a commitment with privacy.
"You β our users β have been and will always be our only priority. Unlike other popular apps, Telegram doesnβt have shareholders or advertisers to report to. We donβt do deals with marketers, data miners or government agencies. Since the day we launched in August 2013 we havenβt disclosed a single byte of our users' private data to third parties."
Well if that doesn't give me the warm & fuzzies inside. You can take Pavel at his word, but that doesn't stop the huge influx of scammers alongside the new users.
If you're unaware of your privacy settings, Telegram's feature 'richness' can turn into feature 'risks', kid. (sorry, I had to)
Let's run through the privacy checkup:
1. Is your nearby users setting on?
Well if it is - turn it off immediately. Not only will it enable random people to message you out of the blue (as the women in my family can attest to), but it can be used to find your exact location.
First reported in early January by Ahmed, the exploit works by using Telegram's nearby location feature to find the distance of your target user from a triangle of points. You can either walk around and do the measurements yourself, or use a GPS spoofer to make the process quicker. This is not unlike phone tower triangulation by law enforcement.
This feature is off by default, but even if you're feeling adventurous, I'd keep it off - you could give away your home address. (and there are never any cuties around anyways)
2. Are you sharing your phone number with everyone?
Its not uncommon to meet people on Telegram, and after some friendly back and forth you might add them as a contact. But be careful, there's a checkbox allowing you to share your number - essentially giving away your identity through a reverse phone number search.
Go to your privacy settings and select 'nobody' for 'Who can see my phone number'. Note that if someone out in the world knows your registered phone number already, they're able to find you on Telegram by searching your phone number.
In the future, I'll share ways to get anonymous & disposable phone numbers
3. Can anyone add you to their group?
By default, anyone can invite you to a group, which makes it so you automatically join a group and start receiving messages. We've seen swaths of new crypto scams, fake local marketplace groups, and fake food delivery groups take advantage of this. They have bots (or people) which go in and invite anyone they can to their groups.
To fix this go into privacy settings and click 'Group Invite' settings, then select 'My contacts' for 'Who can add me to groups and channels'.
Now, only your Uncle Lester can invite you to his yard sale... π - and there's no way to turn that off.
If this even protects one person, I'll be happy I wrote it.
Stay warm & safe,
π€πΊπ§
@neo_network
Discuss at: @neo_network_chat
Hearing reports of Patreon delisting content creators, and now even Bitchute (which is home to radical / free content). Censorship on the centralized web continues to grow.
It seems that my earlier exposition posted at @neo_network and @theconsciousresistance got ProtonMail's attention. They reached out to us and want to 'correct the inaccuracies'.
Would y'all be interested in an interview with them?
Tell us here:
@neo_network_chat
@theconsciousresistance
Would y'all be interested in an interview with them?
Tell us here:
@neo_network_chat
@theconsciousresistance
Forwarded from West Coast News & Discussion
This media is not supported in your browser
VIEW IN TELEGRAM
The best example so far of the snow that burns...it sustains the flame! Arson, Chemtrails and GeoEngineering are the Lefts new Climate Change (formerly known as the global warming hoax)
@neo_network Protocols
ππ£π‘
Here are a few basic principles for this channel so our discussions can be clear, productive and helpful.
1. Focus: We will attempt to keep channel & group discussion oriented around technology. Other topics may come in based on being related to technology or breaking news, although these topics are allowed, let's try to bring the discussion back to technology & solutions. There are certain topics, like partisan politics that are more likely to get removed as they hardly ever lead to a productive discussion.
2. Substance: If you make an assertion or statement, please do some research to back yourself up. You can link to other sources of content to support your claims. When responding to other people's statements, let's analyze the sources and potential biases, the primary information, and let's research and respond with our own.
3. Solutions: Although a big part of privacy and security is focusing on danger, we should also provide a better alternative based on our findings. After all, we are trying to help each other be the best that we can be. This means balancing our negative analysis with positive solutions and having well-informed opinions.
Suggestions & recommendations are always welcomed and considered. :)
Thanks for being part of the @neo_network β€οΈ
ππ£π‘
Here are a few basic principles for this channel so our discussions can be clear, productive and helpful.
1. Focus: We will attempt to keep channel & group discussion oriented around technology. Other topics may come in based on being related to technology or breaking news, although these topics are allowed, let's try to bring the discussion back to technology & solutions. There are certain topics, like partisan politics that are more likely to get removed as they hardly ever lead to a productive discussion.
2. Substance: If you make an assertion or statement, please do some research to back yourself up. You can link to other sources of content to support your claims. When responding to other people's statements, let's analyze the sources and potential biases, the primary information, and let's research and respond with our own.
3. Solutions: Although a big part of privacy and security is focusing on danger, we should also provide a better alternative based on our findings. After all, we are trying to help each other be the best that we can be. This means balancing our negative analysis with positive solutions and having well-informed opinions.
Suggestions & recommendations are always welcomed and considered. :)
Thanks for being part of the @neo_network β€οΈ
ImgBB
cube-concept
Image cube-concept hosted in ImgBB
Forwarded from Matteo Salm
Re Protonmail: I would like to double down on 'automatic' privacy issues when going through servers based on Swiss territory! Please all be aware that Swiss Secret Services based on valid Swiss law are controlling and analyzing all communications to and from abroad. This is public knowledge and based on transparent existing laws. Any communication to a Server based in Switzerland from abroad and any communication going from Switzerland to a foreign location is automatically analyzed. Even worse there is the law called 'Vorratsdatenspeicherung' = 'data preservation' which forces all Internet Providers of all kind to preserve ALL DATA (including calls, all digital communication) for at least 6 months by law. They have to provide this data to government entities if asked. Even worse: The law (at this moment, 2021) does not force providers to delete data after this forced period, so it is possible that data is preserved for much longer. There are powerful political forces that want to increase the forced period by law to at least 12 months and they also work to further increase digital control and surveillance. Not many people know that Switzerland in fact has much worse digital privacy rights than the EU! So when you include the background of protonmail key management and founders and their ties (incl. the usual reasonalbe supicion based on further information that they too, just like google and so many more digital companies have been actually founded by the military/intelligence complex of the US and their allied and vassal states (which by the way includes Switzerland). This just shows you for one factor, communication, that you have to exit life and society in a quite extreme way, not only geographically and what concerns your supplies, etc. to eliminate your vulnerability to the forces in power, the global elite, which are expanding their grip right now with incredible mass and speed.
Ramiro's Recommended Apps SnackPack Part I
@neo_network
Discuss at: @neo_network_chat (π srsly click this π€ )
ππ π
I'm made a commitment to write for @neo_network every day this month, however I'm feeling lazy today. Here's some low hanging but delicious fruit in the form of app recommendations.
Everything has a useful FREE version (i love free) and most things are privacy minded - but not all things. Do your own research (and then share it with us on @neo_network_chat)
Productivity
CryptPad: Browser-based cloud Encrypted Office Suite With Storage, Word Documents, Spreadsheets , Presentations & More π₯
CherryTree: A Personal (Local) Hierarchical Note Taking System with rich text formatting, code blocks, links, and more. I use it like a personal wikipedia or for journals. Your CherryTree notebooks can be saved as an encrypted database file. π
Obsidian: A Graph-Based Knowledge Base & Markdown Editor: I usually compose my more serious writing here. π
YunoHost: Self-hosting platform for email, calendar, web applications & more π
Communication
Jitsi Meet: Open Source & Private Real-Time Video Conferencing With Screen Sharing, Chat & More π§ββοΈ
CTemplar: Highly Secure Email Service Based In Iceland π§I've written a bit about it at @neo_network
Technical:
FileZilla: A Really Easy Way To Transfers Files Quickly Between Any Computers within the same Network π
VSCodium: The Truly Open-Souce Fork of VSCode (now with less telemetry!) π©βπ»
Crypto:
Atomic Wallet: The Cross-Platform Wallet I've Seen With The Most Supported Tokens and Built-in Exchange (pretty trustworthy, except I can't get my monero out of there, damn it) βοΈ
CryptoWatch: Awesome Crypto-Trading Dashboard to watch coin prices & see candlestick charts π
Till tomorrow then, :)
Discuss at: @neo_network_chat
@neo_network
Discuss at: @neo_network_chat (π srsly click this π€ )
ππ π
I'm made a commitment to write for @neo_network every day this month, however I'm feeling lazy today. Here's some low hanging but delicious fruit in the form of app recommendations.
Everything has a useful FREE version (i love free) and most things are privacy minded - but not all things. Do your own research (and then share it with us on @neo_network_chat)
Productivity
CryptPad: Browser-based cloud Encrypted Office Suite With Storage, Word Documents, Spreadsheets , Presentations & More π₯
CherryTree: A Personal (Local) Hierarchical Note Taking System with rich text formatting, code blocks, links, and more. I use it like a personal wikipedia or for journals. Your CherryTree notebooks can be saved as an encrypted database file. π
Obsidian: A Graph-Based Knowledge Base & Markdown Editor: I usually compose my more serious writing here. π
YunoHost: Self-hosting platform for email, calendar, web applications & more π
Communication
Jitsi Meet: Open Source & Private Real-Time Video Conferencing With Screen Sharing, Chat & More π§ββοΈ
CTemplar: Highly Secure Email Service Based In Iceland π§I've written a bit about it at @neo_network
Technical:
FileZilla: A Really Easy Way To Transfers Files Quickly Between Any Computers within the same Network π
VSCodium: The Truly Open-Souce Fork of VSCode (now with less telemetry!) π©βπ»
Crypto:
Atomic Wallet: The Cross-Platform Wallet I've Seen With The Most Supported Tokens and Built-in Exchange (pretty trustworthy, except I can't get my monero out of there, damn it) βοΈ
CryptoWatch: Awesome Crypto-Trading Dashboard to watch coin prices & see candlestick charts π
Till tomorrow then, :)
Discuss at: @neo_network_chat
If You Want Encryption Done Right, You Gotta Do It Yourself: Using PGP
ππ¨π§₯
@neo_network
Discuss at: @neo_network_chat
"If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable "military grade" public-key cryptographic technology. Until now.
PGP empowers people to take their privacy into their own hands. There's a growing social need for it. That's why I wrote it. "
- Philip Zimmerman (Creator of PGP), 1994
In 1991, the US Senate proposed a 'Comprehensive Counter-Terrorism Act', which would force all software & communications providers to 'ensure that communications systems permit the Government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law'.
Does that sound like outlawing privacy to you?
π« Fun Fact: The senator who once proposed this bill is now the President...
Seeing this, the internet folk hero Philip Zimmerman (PRZ) wrote the first version of Pretty Good Privacy. Although it was outlawed for US citizens or companies to export strong encryption models, PRZ found a loophole and published his source code in a book, releasing it to the world. (what a legend)
Despite the 3 year criminal investigation that ensued for him, Philip's software became a weapon to fight government surveillance, leading to open source development groups & large scale adoption of encryption.
Today, given the uncertainty of how trustworthy web encryption is, I wanted to do a short tutorial on how you can use PGP.
This Is A Private Conversation π€«
How does PGP work?
If I want to send you (and only you) a message, I could encrypt the message by mixing the letters up. Key based encryption mixes the letters up in a programmatic manner derived by a cryptographic 'key'.
You could use this same key to decrypt the message, just by playing the steps backwards.
But how am I going to send you this key securely without it getting intercepted? This is why we cannot use single-key cryptography, and why public key systems were created.
With public key cryptography, I generate two keys that are counterparts to each other: the public key, and the private key.
The public key can be released to the public, and serves as a way to contact me privately if you encrypt a message with it and send the resulting ciphertext to me.
The private key must be kept secret, it can only decrypt the ciphertext encrypted with the public key.
When you create your own public keys, they are generated as part of a key certificate that include your name, timestmap, and the material of the key. This allows you to register it with a public location, where people can look you up by name or email.
The private key contains the secrets and is encrypted with an additional passcode that is entered at time of creation, in case it ever gets stolen.
The keys can also be used to sign messages, if you use your secret key to encrypt a message - you prove that you wrote that message when it is decrypted by others using your public key.
ππ¨π§₯
@neo_network
Discuss at: @neo_network_chat
"If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable "military grade" public-key cryptographic technology. Until now.
PGP empowers people to take their privacy into their own hands. There's a growing social need for it. That's why I wrote it. "
- Philip Zimmerman (Creator of PGP), 1994
In 1991, the US Senate proposed a 'Comprehensive Counter-Terrorism Act', which would force all software & communications providers to 'ensure that communications systems permit the Government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law'.
Does that sound like outlawing privacy to you?
π« Fun Fact: The senator who once proposed this bill is now the President...
Seeing this, the internet folk hero Philip Zimmerman (PRZ) wrote the first version of Pretty Good Privacy. Although it was outlawed for US citizens or companies to export strong encryption models, PRZ found a loophole and published his source code in a book, releasing it to the world. (what a legend)
Despite the 3 year criminal investigation that ensued for him, Philip's software became a weapon to fight government surveillance, leading to open source development groups & large scale adoption of encryption.
Today, given the uncertainty of how trustworthy web encryption is, I wanted to do a short tutorial on how you can use PGP.
This Is A Private Conversation π€«
How does PGP work?
If I want to send you (and only you) a message, I could encrypt the message by mixing the letters up. Key based encryption mixes the letters up in a programmatic manner derived by a cryptographic 'key'.
You could use this same key to decrypt the message, just by playing the steps backwards.
But how am I going to send you this key securely without it getting intercepted? This is why we cannot use single-key cryptography, and why public key systems were created.
With public key cryptography, I generate two keys that are counterparts to each other: the public key, and the private key.
The public key can be released to the public, and serves as a way to contact me privately if you encrypt a message with it and send the resulting ciphertext to me.
The private key must be kept secret, it can only decrypt the ciphertext encrypted with the public key.
When you create your own public keys, they are generated as part of a key certificate that include your name, timestmap, and the material of the key. This allows you to register it with a public location, where people can look you up by name or email.
The private key contains the secrets and is encrypted with an additional passcode that is entered at time of creation, in case it ever gets stolen.
The keys can also be used to sign messages, if you use your secret key to encrypt a message - you prove that you wrote that message when it is decrypted by others using your public key.