First and above all, I personally and sincerely want to thank u/BurungHantu for his originally creating the PrivacyTools website and this subreddit, and for inviting me to be one of the Mods here six years ago.

His efforts to raise privacy consciousness, and evaluating the tools to achieve this, is an amazing legacy that he, and we, should commend.

______________

You may have noticed that r/PrivacyToolsIO has been changed to a restricted Subreddit and no longer allows general posts & comments.

Some may see this as a drastic step. We hope everyone understands that the (former) PrivacyTools team – i.e., the current PrivacyGuides team – has enjoyed our shared journey over the years. We want every one of you to be part of our future travels. Just as our site has transitioned to a new home, we sincerely hope all you join us at r/PrivacyGuides.

The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.

A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It’s not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It’s unfair to the team formed years ago. It’s unfair to you.

I’ve enjoyed – and am proud of – being a Moderator of r/PrivacyToolsIO. I’ve had help – u/Blacklight447-ptio, u/ErkTheErk, and many others. But moderating this site has been largely done by myself, especially these past four years, as it experienced most of its growth.

As we announced, first three months ago, and again a month ago, our mission – providing the best source of reliable, unbiased and non-self-interested advice to restore your online privacy – was being negatively impacted by longstanding problems established in our founding that could no longer be mitigated.

r/PrivacyGuides now exists as the Reddit home for PrivacyGuides.org. Recently, PrivacyTools.io was reverted to a personal site. We feel it engages in practices violating our norms ensuring reliability, being unbiased and not engaging in self-interested practices. This split, and what role r/PrivacyToolsIO has given this recent change, has generated confusion here. We’ve received supportive comments. We’ve been asked why we haven’t yet “ripped the bandaid off”. We’ve been asked when will we complete the migration we promised.

We’ve already done this for our site. We are now doing this for this subreddit.

We really value the community we’ve built here. All of you!

We really hope you continue our shared journey.

Please join us over at r/PrivacyGuides, and at PrivacyGuides.org!

I don't want to use fingerprint screen unlock because then the police can just force your finger onto the reader to unlock your phone if they stop you, whereas with a PIN you can just refuse to say anything to them.

However, it's very useful to use the fingerprint to unlock certain programs, like Aegis, rather than having to type a password in, which is annoying as Aegis locks every time you switch to another app, as you do when entering OTP.

As far as I can tell, there's no way to disable the fingerprint screen unlock without it deleting the fingerprint, thus making it unavailable for apps like Aegis to use. Has anyone discovered a hack to let you switch from fingerprint to PIN screen unlock without deleting the fingerprint? I'm using a Poco X3 NFC with Android 11 / MIUI 12.5.2 if that makes any difference.

Hello pros, does anyone know of an app where I can see the requests that my applications make to the network?

Example, in android I have an app: NoRoot Firewall that allows me to see the requests made by the applications, I can allow or block them a normal firewall but what I want is to see the requests of the applications, just that

​

Edit: windows 10

Recently I remember some news in my country about the police arresting some criminals carrying out their online activities on TOR network. Isn't TOR supposed to make one's internet usage entirely anonymous? How are the authorities able to monitor the activities in it and associate it with the right user?

What is the best way to spoof your OS version on Firefox without being detected?

I'm currently looking into GnuCash (as I don't trust things like YNAB to store all my financial data on their servers) and although a manual import via CSV is not too difficult, it would be very nice to automate the import to make my life a bit easier. Therefore I was thinking about connecting my online banking to GnuCash. However, I don't know much about the general technical infrastructure and the API's that are being used for this and how secure they are. Can you help? Would you recommend using that feature in terms of privacy/security?

The title basically says it all. I don't know what VPS services privacy aware individuals recommend the most. I know that the way XMPP works it basically makes it impossible for the VPS company to see what I'm doing, but still, if I'm setting up my own server to chat with my friends, might as well go the extra mile and make sure the VPS I pick is trustworthy, right? Preferably, the servers should be located outside the US.

Please explain how this would work without a phone involved, just a laptop. So there's an Authenticator on your laptop and you're signing up for a site that supports it. Now what happens?

I could go study up on it but I'm sure I'd misunderstand something.

Also: To your knowledge, do mainstream services such as Facebook, IG, Youtube, Telegram, Signal, etc. give you an option to NOT register/verify with a phone if you're using an Authenticator/TOTP 2FA if you so choose when signing up? Or will they still make you register a phone number regardless even if you elect to also do Authenticator/TOTP 2FA?

Follow up question: In a situation where you verify with both an SMS/phone verification and later use an Authenticator/TOTP, if you lose access to the phone number you used for the SMS verification, will the site/service be fine with that and simply allow you to fall back on your Authenticator/TOTP 2FA code thingy? (Assuming the site/service lets you use both and not just one or the other.)

Sorry, super new to this. It's very fascinating how this has all evolved and I am completely out of the loop, as you can tell.

I am using poco launcher. I don't get how launchers work, like do they send our data and passwords and stuff to their server. I am a bit tensed cause poco launcher is Chinese. Or do they locally store the data and clear the data on deleting the android launcher.

I’m new, could someone please answer fully in layman’s terms so no one has to answer again? Thank you so much!

Since both of them are open-sauce, are there any difference between either?

Using a laptop, there are software 2FA solutions for websites but they all seem to involve a phone also. Is there a way to do 2FA on a Linux laptop for a site without involving a phone at all? Or at least using some one-time throwaway SMS to get the 2FA accomplished to where a phone is no longer needed?

What are your guys' thoughts on Njalla (njal.la), the company that lets you fully anonymously register a domain name? They own the domain but give you full access to it. I noticed that they have some weird political bias against Epik which got me a bit confused. Would they run off with my domain name if they wanted to (without reason)?

Is xmanager , the "open source" spotify mod safe? Also vanced manager?

Hello!

I've been playing with an idea for a more aggressive anti-tracking and adblocking tool, that would not only block adds and trackers (which is something that can be kind of used to fingerprint and track you), but instead actively work to misslead and harm the fingerprinting process by feeding it false data.

It's still only a vague concept, and I suppose someone else has already come up with something like this. If someone knows about a project like this, I'd love to see it and contribute, if it's open-source.

So, what exactly I have in mind? A tool that would run in background/in a browser, and not only work as an adblocker, but actively render and click on all the adds in background (If I'm not mistaken, you pay/get money for clicks per add, right? So auto-clicking is against ToS and can hurt the advertisers and will probably get your IP banned, which is a plus). It would also constantly search for various unrelated topics, click on links, chat with bots/other fake profiles (this may be taking it to extremes), and basically run a fake Selenium in background that would try to appear as a real user that does random stuff and is trackable. Which should make it impossible to distill the "real you" from all the data, which will in turn make it worthless.

Does it make sense? The idea is to not only passively defend against fingerpringing, but actively and maliciously fight back. Have something like this been made? Is it a idea that could be worth pursing and developing? I have to admit that I don't know much about how fingerprinting exactly works, so are there any serious pitfalls or holes in the plan that could make it unfeasible? What do you think about it? It's mostly a brainstorm right now. Would anyone be interrested in developing an app like this?

Thank you for any kind of reply.

I know websites track your IP history. In particular, reddit logs your IP address for the last 100 days. But do they keep a record of which port you also used?

I downloaded a copy of my data from reddit on another account, and there was no port history.

Cheers!

I can’t seem to find a good enough youtube replacement for my iPhone. Anything helps, thanks!

In privacy focused forums you often hear the benefits of custom roms like lineage os, e os etc but these Roms lack verified boot which is a clear security problem even though it might not affect most people. The question so becomes is it worth it for most people to use these Roms. Another possible solution I don't see people talking about is just using the stock rom that comes with your phone but removing all gapps and other services by using Adb. You can basically remove all apps you don't want like gapps, system apps and just download Foss alternative. I'm not a security expert but I think it's a better strategy than using roms that don't have verified boot but if someone more knowledgeable than me knows some reason why it's not a good idea pls point it our in comments.

I use my iWatch a lot for fitness doing multiple activities. I have also got used to the convenience of such a smart watch. However, due to Apples plan to use spyware to scan and read every document on your phone, I have made the decision to change my phone. Now i will be left with an Apple watch that loses a lot of its functionality.

What are the options for:

1. Watches with regards to open source software?
2. Watches for privacy but multi-functional usability, especially regarding fitness
3. Watches that could potentially hook up with Graphine OS or some other Linux OS for Phone?

Just sitting here thinking about this issue and size of the market, I do believe that there is a niche here for Linux and other developers. I hope this becomes an interesting conversation.

I thought that Google was a privacy erode'r, not a go to. So i am confused as to why i am being suggested to buy one to install the Graphine OS. Surely Google would have some sort of sneaky work around no?

What other options are there on the market?

One thing i can safely say....... My iPhone's day is coming.

Apparently anywhere you call now , like the bank/ credit card company, cell phone company, you are being verified by your voice signature. Wtf is that shit! You can't walk on the street now cameras with ai tracking you, cell phone towers tracking you, fucking google/android/apple is tracking you. Covid fucking app tracks you Ring the doorbell , WiFi triangulation, and the feds too , just cause they can. To keep it kinda short, looking for an app to run on my degoogled calyx phone , that will change my voice when I call on an open line. Preferably something open source. Thank you

Hello, so this year I've switched from gmail to protonmail. But unfortunately protonmail was getting expensive as my requirements, so I've switched to tutanota. Also bought my first domain.

So currently I'm using tutanota with my own domain.

I'm using catchall, instead of creating alias.

eg. reddit@mail.domain.com / twitter@mail.domain.com

Is this recomendable or should i use anonaddy? Currently seeing a lot of people using catchall with anonaddy and not in the mail provider(protonmail, tutanota).

So I'm curious about you guys currently setup?

I rarely make phone calls and try to use services that don't require a phone number. However, after trying out several VoIP options, I've had mixed to bad experiences with call quality and reliability.

Is this overkill for most people? What or who would you have to be shielding yourself from to only ever use VoIP numbers?

Hey everyone,

after applying all privacy settings for firefox it became so damn slow e.g. at loading youtube videos etc...
What's the reason?

If suggesting, please try to explain why not the other two?

1. Google Authenticator ( 50 Million play store downloads : 3.9 Rating )

Link --> https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 2) Microsoft Authenticator ( 50 Million play store downloads : 4.7 Rating ) Link --> https://play.google.com/store/apps/details?id=com.azure.authenticator 3) Twilio Authy 2- Factor Authentication ( 10 Million play store downloads : 3.9 Rating ) : Link --> https://play.google.com/store/apps/details?id=com.authy.authy

My single point advantage of these apps :

1. Google Authenticator : Google trust
2. Microsoft Authenticator : Rating on play store
3. Authy : Mostly suggested by others.

My single point disadvantage of these apps :

1. Google Authenticator : Not easy transferable to new device.
2. Microsoft Authenticator : Never heard anyone suggesting this.
3. Authy : Can this be easily accessed if someone has our phone?

Do let me know your thoughts , on best app. Also please tell why not to use the other two.

Thanks folks.

Hi, I have an VPS server with Windows Server 2019 (it was used for another project, which ended but still has to be paid till the end of the year). I would like to use it to analyze the webtraffic of my mobile (Android, not rooted). To block some Ads, I use the Adguard DNS. I would like to see if this helps. So I would not like to use the VPS as DNS to log the queries. Is there another way to tunnel my non rooted Android mobile traffic through a Windows VPS Server and log the Hosts it connects to?