What are /r/europrivacy's favorite Products & Services?

From 3.5 billion Reddit comments

Apparently he uses Qubes OS.

It's an operating system that essentially allows you to spin up a separate, lightweight VM for different tasks and programs, like work, entertainment, communication etc. You can then delete that VM and spin up a new one based on a template once you need it again.

It keeps your set up consistent. If any part of the system is compromised it will be contained to that VM which will likely be deleted and overwritten anyway.

They literally write this on their website...

>NordVPN is based away from the EU and US jurisdiction and is not required to collect your personal data and information – it means nothing is recorded, monitored, stored, logged or passed to third parties.

wtf

Try DeepL next time. It works better than Google Translate most of the time:

> The Antwerp Court of Appeal ordered Skype on Wednesday to pay a fine of 30,000 euros for refusing to cooperate in a judicial investigation. The court thus confirms the verdict of the correctional court in Mechelen. Skype had asked for the acquittal.

> In September 2012, a Mechelen investigating judge had asked the software company to transfer certain account details in the context of a judicial investigation and to provide technical assistance in tapping the user's conversations. Skype was willing to provide registration data as long as they would not be used as evidence, but stated that it was technically impossible to intercept communication.

> An operator or service provider who is addressing Belgian consumers on the Belgian economic market must comply with Belgian legislation and must organise itself in such a technical way that it is able to easily satisfy the claims of the court ", the Court ruled. According to the Court of Appeal, there was no material impossibility or force majeure, because Skype itself had admitted that it was possible to intercept conversations, provided that the necessary technical adjustments were made.

> As a recent victim of Google, we [ProtonMail] are glad the EU is doing more to enforce accountability and transparency in search

> https://twitter.com/ProtonMail/status/879679144484851712

Google's search results nearly pushed Protonmail (a provider of encrypted email) into oblivion

> https://protonmail.com/blog/search-risk-google/

It's hardly a secret what France uses: They use a fork of matrix and riot which is an open source end to end encrypted federated protocol. It uses megolm for encryption, which is an implementation of the double ratchet algorithm signal uses.

Matrix is the shit, it's awesome. I don't know how France is implementing this, since there's precious little information out there about what they're doing in detail, but the base they're using is great.

LineageOS for microG - the project /e/ is based off is a better choice - at least it's up to date. But still, If you are using /e/ or microG to get notifications, those notifications are going trough google.

They're obligated to provide a clear explanation in their privacy policy of how to rescind permission for processing and demand deletion of your information.

https://www.whatsapp.com/legal/?lang=de#privacy-policy

If you can't find the instructions you're looking for (whether because they're using confusing language or simply not mentioning it), or if you have reason to suspect that deleting your account via the app did not have the desired result, then you can make a complaint, with BFDI because you're German: https://www.bfdi.bund.de/DE/Service/Beschwerden/beschwerden_node.html

An online security starter pack, I'm using adBlocker (I guess everybody does), Kaspersky for antivirus and NordVPN for encryption. Unfortunately none of these would defend against the mentioned Facebook data leak, but it's about time people just stop trusting big companies and upload their data like it was nothing. There's lack of info, but my guess is that stolen data might be used for phishng email's so I'm keeping my NordVPN turned on, they implemented cybersec feature some time ago to blacklist potentialy harmful websites.

I am more interested in seeing how companies that are directly involved in dealing with user data would respond to GDPR. Specifically VPN companies like Nord, Express, Windscribe and Ivacy who have till now garnered a good reputation; how would they be addressing things to their customers would be something to observe.

I made a service for platforms to do link previews in a privacy friendly way and launched it recently.

https://www.producthunt.com/posts/peekalink

On our website we explain how we do this and we even provide platforms information on wether the previewed link contains trackers and automatically upgrade all connections to HTTPS.

you can't delete messages already sent from your firends' devices.

But if you are interested by such a functionality for photos and videos, you can try Poltreder, https://play.google.com/store/apps/details?id=com.orange.labs.poltreder&hl=fr&gl=US

Poltreder allows you to share your photos and videos without storing them in any cloud server to preserve your privacy. Sharing is secure and end-to-end encrypted between mobile terminals, and photos or videos are transferred directly from device to device (P2P) without any intermediate server. No matter if you and your friends are not in the same network or in the same location. You can share anywhere with your friends. Only your friends have a copy of your photos and videos, but they cannot access them to save elsewhere (screenshot is also disabled). If you delete a photo, it will also be deleted from all your friends' devices.

Mycroft is working together with Jaguar and Land Rover. It is an open source, private voice assistant.

You're talking email provider? Because there are "virtual" physical mailboxes, too. Suppose you mean email. There are actually quite a few in the EU and Europe. Protonmail as someon suggested is very popular, best UI, lots of good functionalities. Personally, i don't trust them because USA money and some dodgy people on their board (for mer US agency people). Tutanota, Germany - going through a serious questioning of their ability to run the business they have but technically probably top-notch. Time will tell what they are worth.

Mailbox.org, Posteo, Germany - work well, mature services.

Runbox, Sweden, liked by many, I have no experience of it.

ctemplar, Island - a yound tutanota which I find more promising as they seem smarter in their way to go about it (clear roadmap, will interface with a client).

Startmail, NL - don't know much about it, coming from startpage.

In fact, Europe and EU seem to have the most reliable and trustworthy mail providers at the moment.

Encrypted mailbox doesn't make any sense to me. As if the feds would only scan/check my mailbox once per month. Its already saved somewhere before it even arrives in my mailbox. You could also download them over POP3 onto your encrypted HDD. Encrypting a mail that was send unencrypted may "feel" secure, but it just isn't.

I would anyway pick mailbox.org over posteo, because they allow to use your own domain. Also Peer Heinlein - CEO of mailbox.org - is THE german specialist, when it comes to mailserver.

I'm in two minds about this whole situation. It is quite sad that some American news outlets became unavailable for those without a VPN or a proxy and that Super Monday Night Combat closed because I kinda liked that game. On the other hand, I adore GDPR and all the extra security and privacy it provides since I'm a privacy freak (always with Privacy Badger, Incognito mode, NordVPN, uBlock, Duck Duck Go etc.).

Speaking about the article, lol libertarians. Complaining about Google taking 95% of the EU ad market, but secretly rooting for big corporations. It is really fun how companies have become so desperate. Though I have to admit it that e-mails from companies begging to be on their spam list was quite hilarious.

You are always going to have privacy issues with Facebook/Whatsapp if you want it or not...

i'd recommend all of you move to Signal, and sleep calmly.

The Guardian | Is it time to leave WhatsApp – and is Signal the answer?

As always: before doing this like this READ THE LUKS FAQ, and make sure you know the possible consequences:

​

>5.21 Why is there no "Nuke-Option"?
>
>If somebody can force you to reveal passwords, then they can also do bad things to you if you do not or if you enter a nuke password instead. Think locking you up for a few years for "destroying evidence" or for far longer and without trial for being a "terrorist suspect".

> Google’s DoubleClick/Authorized Buyers ad business is already under investigation by the Irish Data Protection Commission (DPC) for suspected infringement of the GDPR, as a result of a formal complaint by Brave’s Chief Policy & industry Relations Officer, Dr Johnny Ryan

> The Irish DPC is Google’s primary GDPR regulator. New evidence gathered by Brave gives the Irish DPC concrete proof that Google’s ad system did broadcast personal data about Dr Ryan, which infringed the GDPR. In addition, Brave has uncovered what appears to be a GDPR workaround that circumvents Google’s own publicly stated GDPR data safeguards.

> https://brave.com/google-gdpr-workaround/

Errm I think these people are violating the GDPR as is: This is personal information and if they do not have a justifiable reason (which specifically does not include marketing/aggregation) they are not even allowed to collect it, let alone publish it.

These are a site of known scammers: https://www.trustpilot.com/review/apollo.io

And I would suggest you notify your nation's GDPR authority: https://edpb.europa.eu/about-edpb/board/members_en and file a complaint.

Regarding the password part. Make sure to change the password on every site he used it on. While you're at it, get him to use a password manager and make the password for each site unique and generated by the password manager.

Arguments against a backdoor in encryption:

> (...)

> Now, we sympathise with the authorities’ predicament here: we utterly abhor child abuse, terrorism, fascism and similar - and we did not build Matrix to enable it. However, trying to mitigate abuse with backdoors is, unfortunately, fundamentally flawed.

> - Backdoors necessarily introduce a fatal weak point into encryption for everyone, which then becomes the ultimate high value target for attackers. Anyone who can determine the secret needed to break the encryption will gain full access, and you can be absolutely sure the backdoor key will leak - whether that’s via intrusion, social engineering, brute-force attacks, or accident. And even if you unilaterally trust your current government to be responsible with the keys to the backdoor, is it wise to unilaterally trust their successors? Computer security is only ever a matter of degree, and the only safe way to keep a secret like this safe is for it not to exist in the first place.

> - (...)

> - Governments protect their own data using end-to-end encryption, precisely because they do not want other governments being able to snoop on them. So not only is it hypocritical for governments to argue for backdoors, it immediately puts their own governmental data at risk of being compromised. Moreover, creating infrastructure for backdoors sets an incredibly bad precedent to the rest of the world - where less salubrious governments will inevitably use the same technology to the massive detriment of their citizens’ human rights.

> (...)

> https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix-without-backdoors

first, please note i also believe Signal is more secure than telegram, but /u/maqp2 was suggesting that WhatsApp is better

> Citation needed.

there is link to the signal 2017 blog article where they explain all, but here again: https://signal.org/blog/private-contact-discovery/

> have massive public groups with invite links, than to have small groups with E2EE by default > [...] > It's not enough in 2017 they allowed you to hide your phone number from third parties

I double check, it was always hidden for people not in your contact list, that article was just explaining how it works.
The issue you talk about is real but telegram says it has countermeasure, you can see here explanation of the attack and telegram answer up there: https://www.zdnet.com/article/hong-kong-protesters-warn-of-telegram-feature-that-can-disclose-their-identities/

> This wasn't fixed by Telegram

according to that article Telegram did nothing to "fix it", if you have other source please link it

@lizMcintyre - The choice we can give people is an important thing. But if the results is just the same as on Google (StartPage), Bing/Yandex (DDG) and Yahoo (Oscobo) - we are still in the hands of the big Search engines - and SEO will mean the same, at least the non-profiled

The fear and mistrust we can call for when explaining how the big search engines monitor peoples behaviour, will make people want to use private search engines, but if no-one uses the big search engines - the Meta search engines mentioned in this article will not be worth using anyway....

I'm totally support the Privacy Agenda- we need more awareness, and we need search engines to choose from.

I need to mention I'm not unbiased since I work for Findx.com - the independent European search Engine. https://www.reddit.com/r/FindxOfficial/

It's really simple: put a custom rom in your phone that doesn't have the Google Apps included.

For example, LineageOS.

If you need the GApps because some apps break, then try LineageOS+MicroG or flashing MicroG in your actual rom (if it supports it, if not you must patch it).

> they have to respect the laws

But do they?

I found this Swiss firm, but I know nothing about them: https://www.exoscale.com/compare/

I guess I am glad you are considering privacy at all in regards to your startup. :)

That's just definitely not true.

From https://about.gitlab.com/terms/ :

> 5. > GitLab Newsletter > > By creating an account on GitLab.com you give us permission to add your email address to the GitLab newsletter. You can unsubscribe at any time by using the link at the bottom of the newsletter.

Automatically subscribing somebody to a newsletter is not "opt in". Please go and look up the term if you don't know what it means.

Webmail? What do you mean? I would choose mailbox.org over runbox. But thats just my personal preference. I am german and therefor its easier to get support from a german company. Also I believe that the owner of mailbox.org know what they are doing. The CEO even teaches other companies about mailserver and security. But like I said - thats just personal preference.

About runbox: Like I said, I never used it. Looking at their website makes me believe I probably won't ever use them. I don't like that kind of make-up. They show that big vault/safe to manipulate you. They also use a lot of pictures of locks and things you expect to see in a sci-fi movie. Their frontpage says "as seen in [List of newspaper]". That doesn't tell anything about their service or reliability. Just because they were mentioned somewhere doesn't make them good or even better than others.

Your second question: Not sure if traffic route is a thing. I do believe that feds get access everywhere. Rumors say that even german NIC tapped by NSA (if not directly, than with some help from german agencies).

If you really need privacy, don't use mails at all or make sure they are encrypted local BEFORE you send them and decrypted local after you downloaded them. Don't believe that anything else is more or less safe just because of the provider you choose/pick. Some of them may make it harder for law enforcement to get your data, but finally they all will hand out everything they have, in case they are forced to.

For future reference: When you're asking for feedback from a privacy-minded community, know that you are preventing a part of the community to participate by using tools from surveillance capitalist companies like Google. It's better to use alternatives that don't collect data like https://cryptpad.fr/ for example.

NordVPN is not a great choice either, some notes I have about them:

No one knows who is behind them, but they suddenly appeared with a huge server network and an exaggerated advertising campaign that has only increased.

Their advertising is misleading or false, they often claim to be the best in the world and do things like adding a countdown to get a discount that restarts when you delete your cookies.

They were hacked and tried to hide it for over a year (if I remember correctly).

They use a multitude of google services, even their mac client pings google every 20 seconds. The android app has several crawlers.

Lastly they don't even offer open source or audited apps.

I don't think they are worthy of a minimum of trust, a basic requirement for a VPN. Even less so when there are alternatives such as mullvad, azireVPN or airVPN.

Mullvad, for the simple reason that you can literally mail them cash with an anonymous (even throwaway) numeric account name and they'll credit your account. No digital trail at all. Plus it's from a non-Five Eyes nation.

> ProtonVPN is also recommended but does not accept cash and so will not be recommended by this guide.

They do: and scroll down to the "Cash" section.

I've tried visiting Marktplaats with several other VPN providers, and haven't run into that problem. VPN exits are often blacklisted, which means VPN services have to cycle their addresses or get them removed from blacklists to prevent what you are encountering now. Could be that NordVPN fails to do this.

For recommendations for other VPNs, see: