owning them libs

I asked them exactly that hehe
So, technically the sites you are redirecting from will never know you tried to access them and the addon is not interacting with any page, but the dev didn’t address/think of probing. I don’t have enough tech knowledge to confirm the addon won’t react to anything, thus making itself known. I don’t know which probing techniques there are and how all those resist-fingerprint and sandboxing settings from privacy-conscious browsers work against it… it does, however, sound like a sophisticated and resource-consuming method that I don’t think they would be using on regular internet unless they have specific targets, so if they have such probing techniques they are probably using it on IPs going through the TOR network (and you shouldn’t use any addon on Tor anyway).
It’s all about your threat model, if you just want to avoid regular tracking and profiling the addon should be fine, now if you are afraid of some sophisticated and resourceful threat actors targeting you, don’t take your chances with any addon.

I use libredirect.github.io to not have to worry about clicking links

If you use some WFP manager you can block all incoming connections and also block all OS connections… I basically only let my browser communicating with the internet, the rest has no business online.

Some government any day now: To fight CP, we are going to make children illegal.

If I could get a single person to use Signal instead of Whatsapp… or even the nerds I know to use matrix instead of Discord…

update: Lumo sucks.

If you use something like simplewall or Portmaster you can block every OS communication with the mothership and make it look like you are offline for them :)
Probably soon they are making it that you can’t use Windows offline though lol

But up until recently you could download packages and utilities directly from their site, now you are forced to do it through Microsoft Store. I just started this new Win11 laptop and right after debloating the shit out of it I noticed the updates didn’t install HEIC and AV1 codecs and there was no way for me to install them without getting Microsoft Store back, so I restored it and downloaded them and then removed Microsoft Store… guess what? Removing it removed the downloads as well lol

maybe the guy is just brown and afraid of the ICE?
being brown is a dangerous activity nowadays.

thanks :)

Word (about being practically useless). I have been using it to automate some stuff, like when I’m creating a json I just paste a bunch of data there and ask it to format for me, but I have to do in small batches and constantly correct the way it’s doing… Chat GPT was way better, but I don’t want to use it anymore
Sometimes I use AI to grammar check me (I’m not a native speaker) if I’m unsure of what I’m writing or I absolutely want to write stuff correctly, I did it a few times in Lumo, but I didn’t use it enough to compare with duck.ai, so I can’t say if it’s better or worse - but I always add “don’t rewrite, just point errors, ignore slurs, ignore slang, ignore informal language, ignore internet lingo” etc etc, and they go and rewrite my sentence changing everything hehe (again, Chat GPT was way better)

I’ve read this on GrapheneOS page

“Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.” https://grapheneos.org/usage

And all I use is Gecko-based hehe (although on desktop), I’m currently using Brave just to have some old/disposable accs logged, but I’m looking for Chromium alternatives… and I just looked at ungoogled git and it seems like I have to download a bunch of stuff to compile it myself, argh, I hate that :P

I said American because of stuff like the Patriotic Act and crap like that :P

but would you over Brave or unGoogled Chromium?

I wanted to test this DuckDuckGo browser and had to create firewall exceptions to improving.duckduckgo.com and staticcdn.duckduckgo.com just to be able to install it… I already had it blocked because sometimes I use duck.ai and the connection to those domains serves no purpose to the service, and I had already opt-out of the “anonymized” telemetry, so I don’t know why I was still connecting to improving.duckduckgo.com… off to a bad start.

OP just deflecting and ignoring… here’s the deal about privacy:

If the company doesn’t advertise itself for not saving logs or selling your data: Don’t waste time with the ToS.
They are saving logs and selling your data.

If the company advertise itself for not saving logs or selling your data, but it’s American: Don’t waste time with the ToS.
The government can legally force them into cooperation while placing them under a gag order.

If the company advertise itself for not saving logs or selling your data and it’s not American: Read the ToS if you want, but it’s not important.
You will hardly find anything that is not open source recommended for privacy. Read independent code review of the software and third party audits of the company.

“they keep using it thinking it enhances their privacy.”
Can you give an example of stuff people use because they think it will enhance their privacy but don’t?

about DuckDuckGo https://duckduckgo.com/privacy
“We don’t save your IP address or any unique identifiers alongside your searches or visits to our websites. We also never log IP addresses or any unique identifiers to disk.”

Sure, you can’t trust American companies for shit, same goes for Brave and its ecossystem, so if you can’t trust the ToS content, what’s the point of reading it, duh :P

If a company doesn’t advertise itself for not saving logs, having no trackers, not using you to train AI, not selling your data, etc, etc, it’s because they are doing all of that, so it’s also pointless to read the ToS… if they say they don’t save logs, etc, then sure, there may be a point reading to see if there are any caveats, but I trust more third party audits (like Proton and Mullvad regularly have) and the code being open source and reviewed independently.

Can you give an example of stuff people use because they think it will enhance their privacy but don’t?
Because software and services people use because they think it enhances their privacy usually are:

Proton (mail, VPN, docs, storage)
Mullvad (browser, VPN, DNS, search engine)
Tuta, DuckDuckMail, SimpleLogin, addy.io, Mailvelope, Thunderbird
StartPage, DuckDuckGo, Duck.ai, SearXNG
LibreWolf, Tor, IronFox, Vanadium
uBlockOrigin, AdGuard DNS, ControlD, Technitium, Pi-Hole, simplewall, Portmaster
Debian, Fedora, Arch, GrapheneOS
Qubes, Whoonix, Tails
Fediverse instances that explicitly say no tracking/analytics, telemetry/data selling, ads, AI training

Reading the ToS of any of these revealed they in fact don’t enhance privacy?

I want a “target pressure wave attack” necklace