A subpoena can still reveal the owner’s information to the world. Even if it’s a frivolous lawsuit that ends up getting tossed.

NFC payments that require my unlocked phone to use are a lot more secure than a physical card that can be stolen.

No access to google pay is a non-starter for me, I use it constantly to pay for lots of things.

you don’t have to load the code every time, you can save it and run locally, this is exactly what the Element desktop app does, it’s just an electron loader for a local copy of the website, and you can choose to update it whenever you want

We can see you totally didn’t do that. Also how would you even get the update?

Japan has been requiring fingerprints AND photographs for all incoming visitors for the better part of two decades now.

If a foreign national who is required to be fingerprinted and photographed refuses to comply with this requirement, he/she will be denied entry to Japan.

https://www.mm.emb-japan.go.jp/profile/PDF file/newime.pdf

Open Technology Fund

Which is funded by US Congress, and they also funded Signal.

For those do not wish to use privacy-related projects funded by a world government, what is a good (in your opinion) alternative? Both with and without Tor involvement (since US govt funded that too).

Yes I realize encryption, computers and the internet are all also govt-funded, but everyone is free to pick their battles.

For those who actually think I said clock instead of cloak :)

https://voidsec.com/vpn-leak/

Yes there is a risk of bugs being exploited just like any other feature in a browser. Another example is WebRTC being used to de-cloak VPN users. I think WebGPU and/or WebGL also had exploits that allowed remote code execution or escaping the browser sandbox.

What is a “shared unique similarity”? Sounds a lot like something that isn’t unique to me…

Are you saying Tails has a custom fork of TBB that spoofs the OS? Do you have a link to that patch?

Right, even the most secure/private browser cannot help opsec failures… if only one person visits the same website(s) at the same time every day, you are not anonymous. But we all must define our own threat models and apply what’s realistic for us individually.

I would be very careful about saying Tor/Mullvad/Brave are anywhere near approaching k-anonymity… Tor Browser cannot even hide your real OS when queried from javascript, and there are current ways to detect all of those browsers independently.

I think one problem is that most people’s (general non-tech population) browser setups are completely bone-stock, and so by definition “random like everyone else” is likely already excluding all the stock users and placing you in a much smaller box to compare against.

Just FYI You would have to be using the same exact browser configuration you normally browse with, otherwise the fingerprint it has will be different.

They ask the push providers (Apple/Google) for data on the push token from e.g. a messaging app. This way they associate the account from an app with an identity.

Very overlooked point. You can find privacy guides online but very few even suggest that FCM etc. might have privacy issues, let alone explain exactly why. It seems this has already been used by law enforcement in the past: https://www.wired.com/story/apple-google-push-notification-surveillance/

The Molly-FOSS fork of Signal (which aims to be even more secure/private) actually supports self-hosted push notifications using UnifiedPush.

It’s also possible the number of people who like it do not outnumber the people who don’t like it

plot twist the poster is Empress

If you care about security, don’t put a Sim card in your phone.

Depends on what you mean by security… or privacy. You need to define a threat model before any suggestions can be made.

If you’re worried about someone hacking into your phone via an app, a sim card likely won’t make a difference.

If you’re worried about your location being tracked… that can often be done without a sim card or any cellular service on your device.

Then there are malicious carriers (or ones compelled by a government) that could track you without even having legitimate service activated. All phones at least in the US now are mandated to have (A)GPS receivers.

All depends on what your concerns are.

I wasn’t trying to do that, just making a general statement

this could be said about many popular open source projects