Privacy Bear

The new year has begun, and it has been quite a while since I have written anything. I have many reasons why, but the biggest has been time away from my computer, and my mental health. These two things have contributed to why I have kept away from this blog. Don't get me wrong, a break every now and then is a good thing, but I do love to write. So, for this blog entry, I will talking about what's happened, and some general privacy/security updates.

First off, mental health. Mental health is, bar none, one of the biggest challenges we face today. There are a lot of problems with the medical fields ability to handle mental health issues, and the biggest is lack of doctors. There is a lot of waiting. Waiting to find a therapist, waiting to find a psychiatrist, waiting to get in, waiting to get a diagnosis, waiting for medication to fully take effect. These all, of course, rely on your diagnosis being correct, which very often, takes multiple takes. This waiting game caused me to have a massive breakdown over the holiday season. That breakdown went into January, and still continues into February. I am still waiting on results for a test; a test that was started five months ago! The reason this has taken so long is because the system is so overwhelmed, that you will see months go by without an appointment. This is my case, and why I take this so seriously.

The second big reason is life in general. There was much travel this holiday season, and that had me away from my computer for over two weeks. During those two weeks, I could not even think of what I wanted to blog about. Add the mental breakdown, and my urge to write here was zero. That's really it.

Now, some security and privacy updates. As some of you may know, we had the Database 1-5 leaks, plus a few more since. These have lead to an insane amount of passwords and other data being out in the open. I personally had an old Google password leaked, so I changed my newer password. What did I change it to? Honestly, I have no idea. It is a randomly generated one, from the great password manager KeePass. I urge everyone to use a password manager. If you want it to work for you, use BitWarden. If you want to make it yours, use KeePass. It was also shown that the new 2080i GPU could crack an eight character password in 2.5 hours. That's any eight character password. So get a password manager, make your passwords as long as you can, and be safer.

Matrix released Riot 1.0. This is a big release that sets up the Matrix protocol 1.0 release, which will give it stable E2EE. Personally, I use Matrix to follow a few rooms, since it seems a semi-Discord replacement, and with the Riot 1.0 release, it comes closer to replacing Discord.

For now, those are some things I wanted to touch on. Soon, I will write about my journey getting rid of Facebook, and the known challenges that is going to cause. However, Facebook has become a massive blow to my mental health, so it is a much needed deletion.

Signing off, Privacy Bear

2018 is gone, 2019 is here, and now is the time to really look at how your privacy and security is. 2018 was full of privacy/security scandals, leaving millions of peoples' information out for anyone to see. Knowing this, it seems that most people honestly don't care. Getting people to switch off Facebook has been next to impossible, even though Facebook has said they don't want your information safe. However, now that the new year is here, it is finally time to get off those sites that want to use your information.

I am pledging that this is the year I quit Facebook. I have alerted people to this, and slowly have been phasing a lot of the FB functionality over to other sites/platforms. By the end of February, I will be off that platform for good. Why the long wait? Getting everyone the information on how to get a hold of me.

This is also the year I will be dropping as many Google services as possible. Google+ is being shut down after major data breaches, and that should tell you how Google handles your information. My Gmail is basically used for spam at this point, having switched over to ProtonMail. Anything in Drive I cared about is already switched over to pCloud. I haven't used Google Docs/Sheets/Slides in a while, and have plenty of ways not to. Keep is already switched out for Joplin, and an offline notes app. Two that are hard to get away from are Maps (even though it is becoming worse and worse), and YouTube. There are ways to use YouTube without Google tracking you, and I am using them more. Maps really doesn't have competition on Android, except maybe Here, as OpenStreetMaps is great, but hard to get exact addresses to work.

Make this your year to take back your data, your security, and your privacy. The companies we use every day take advantage of us, but we can make them take less advantage of us.

Best regards, and happy new year, Privacy Bear

Why Federation is the Way to Go

Now, we all know that Facebook and Tumblr are just the biggest to throw their users under the bus: creating policies that shouldn't exist, silencing minority groups, not silencing hate speech, and showing the world that sex is gross. With all that, it's time we move to a better social network, and even better yet, move to one that not one person owns and controls. For this very reason, it's time to move to a federated network.

You may be asking, “What is a federated network, and why is it better?” Well, let me say this, you already use federated networks every day, you just don't know it. Federation is, in a nutshell, networks of different kinds being able to talk to each other. A good example is email: Yahoo sends to Gmail, sends to AOL, sends to Protonmail, sends to Outlook, etc. These networks all are part of a central server, but they can talk to each other. Phone networks are the same way. If anyone remembers, in the early 2000's, mobile phone services kept promoting free calling to other (and their own) networks after a certain time. Federation is not new, but it is a growing trend, and will, I believe, be how we keep the internet free and open.

With that very brief example, let's look at some alternatives for popular social networks.

Facebook Facebook is the largest social network ever, with over 1 billion active users a month. However, with the Cambridge Analytica scandal, and now the recent privacy policy changes, it is time for Facebook to drop like Myspace. There are many wannabe networks wanting to take that crown, but to me, the best choice is Friendica. Friendica is open source, federated, and has the closest look and feel to Facebook you will get. There are other sites that claim privacy, such as MeWe, but those platforms are not open source or federated. Friendica also interacts with other federated social networks; think Facebook talking to Twitter and vice versa. Friendica can do that with Mastodon.

Mastodon Speaking of Mastodon, this my go to choice for replacing Twitter. Twitter has a history of limiting free speech, and with all the anti-sex positivity going on, Twitter will be one of the next to implement it. Mastodon has many different specialties, which is calls instances, and there are definitely NSFW and sex-positive ones. Because Mastodon is federated and not owned/controlled by one person, these instances cannot be ruined like Twitter and Facebook. These instances are self-policing, and aren't ruled by one overall privacy policy. Mastodon is perfect for replacing Twitter, not just because of it's open source nature, but because it operates and looks very similar.

Instagram Next is Instagram. This is harder, because as of yet, there is no real replacement that is open source and federated. One very promising project is Pixelfed, which is close to fully releasing. The Pixelfed preview is very close to the IG interface and operations, but, again, because it's federated, it will be much more open and free.

There are other non-open source, non-federated services, but for now, Pixelfed is the best alternative that's not released yet.

Tumblr Tumblr....oh, how the mighty fall. Their anti-sex policy has made the site see a drastic fleeing to other sites. A great looking site with many of the same features and feel of Tumblr is Plume. Again, this is another open source, federated platform. Plume works in the same way as Tumblr: social blogging. It allows pictures, words, messaging, quotes, reblogging, but in a more accepting, non-anti-sex way. There are others, like Vero, but those don't have the open nature, or cost money. For this, Plume should be the choice for a Tumblr replacement.

What does it mean to leave behind these giants of social media to come to smaller platforms? It means you get to keep your information, you are in control the whole time, and there is no chance your adult blog will disappear because some executive decided it was bad.

Now, not all these sites interact with each other, but a lot of them do. That means you can post on Plume, and someone on Mastodon can interact with it, and someone from Friendica can interact with that. It's direct, it's self-policing, it creates a more positive environment, and fosters creativity. The big social networks can't do this, because they have to police everyone, and also look out for their money.

Hopefully you take a look at the other networks, and see that you can be more free, open, and self-responsible.

Thank you for reading, Privacy Bear

With the onslaught of restricting free speech, it is past time that we work towards moving over to a more secure messaging system. There are plenty out there, some popular, but most of them are not. Here, I will go over a few.

Let me start off by saying that all of these are comparable to Facebook Messenger, which is probably the most used way to communicate today. All of them have individual and group messaging, the basic thing that Facebook Messenger touts. I will not be focusing on games, stickers, chat bots, etc., but more on how easy these are to use, how private they are, and how switching to them is easier than people think.

The first, and arguably the most popular, is WhatsApp. WhatsApp uses the Signal Protocol to encrypt their messages between users. However, WA is owned by Facebook, and recently the former head of WA left Facebook over their decision to implement ads into the platform. WhatsApp's encryption may be one of the most used now, but that doesn't stop Facebook from reading your messages. WhatsApp has voice and video calling as well, all encrypted by the Signal protocol. Their app is closed source, meaning no one can inspect the coding, and verify that the app is doing what it says it is. For these reasons, WhatsApp should be avoided.

The second, and probably first alternative app that most people hear about, is Telegram. Telegram has been growing over the years, mostly advertised as a more secure way to communicate over Facebook Messenger or even WhatsApp. They have a desktop client, which is very handy for those that aren't always on their phone. Telegram is not entirely open source, but partially is. Their encryption protocol is private, and not really tested. Telegram messages also aren't encrypted by default, you have to create private conversations for them to be encrypted. Telegram also has encrypted voice calls, but again, it uses their untested protocol. Telegram also updated their privacy policy to no longer include letting users know when the government requests their data (known as a canary warrant). This is very troubling. Adding to the fact that their protocol has not been verified, Telegram is not recommended.

The next up is Signal. Signal's protocol is the exact same one that WhatsApp uses. In fact, WhatsApp asked Open Whisper Systems (the company behind Signal), to help them implement their protocol into WhatsApp. Signal is open source, their protocol is open source and verified to be secure, but their servers aren't. What does that mean? It means that you can only use the official Signal app to use their system. Facebook Messenger and WhatsApp are like this, whereas Telegram lets you use other programs (Telegram X is a popular example.) Now, this isn't entirely bad, but for those that want to host their own Signal server, you can't. Signal is end to end encrypted by default when you talk to other Signal users, no fiddling with options, and the mobile version can even be used as a text app. Signal also has voice and video chat, all encrypted. The one downside is that they require a phone number to sign up, so if you don't have one, you can't use it. For this reason, Signal is my second recommendation, even if Edward Snowden endorses it.

Lastly, we have Wire. Wire is one of the least popular messaging apps out there, but is not new. It is open source, its servers are open source, and therefore can be used by anyone on any program they want. However, the only real program I have come across to use it is Wire's official app. Wire has all the features of the others: encrypted messaging, encrypted voice and video calls, and a desktop client. The one major bonus to Wire is that you can sign up with just a username. You do not need a phone number, so those you know that don't use a phone, can still sign up on their computer. The one big downside that I know of is that the mobile app cannot be locked with a fingerprint, passcode, or password, unlike Signal. The interface for Wire is easy to use and understand, all the encryption takes place automatically, and I personally have never had an issue with it (though I have barely used it, since no one does). UPDATE It has been shown that Wire keeps all metadata unencrypted. For this, Wire should not be used in any serious way until it gets changed.

Overall, this is, by far, not a very exhaustive list on this subject. There are other protocols and apps that have more encryption, but are less user friendly (such as XMPP or Matrix), but these are 4 of the most talked about apps today. I am currently trying out Riot.IM, a Matrix app, and it has been very enjoyable. Riot is going to have a UI overhaul soon, making it very close to Discord, and when it does, I can see more people switching to it.

The attack on freedom of speech by governments all across the world must not be overlooked. From Russia, to China, to the UK, to the US, and now to Australia, less and less things are allowed to be expressed without direct threat to your freedom. Using these Facebook Messenger alternatives is a great first step, but it must be the right alternative. Facebook owns Instagram and WhatsApp, Google is integrated into many people's lives, and while Apple seems like the privacy conscious person's dream, they aren't.

I can only hope that my message of looking for more privacy in your life starts a trickle of wonder into what is happening around you.

For a more exhaustive list on this subject, check out https://www.securemessagingapps.com/.

Take care, Privacy Bear

Here is just a first post in a journey. One that will hopefully help some people out, and others will entertain.

I am not a professional, I am only someone who is very interested in things. What things? Well, things like technology, open source, privacy, and mental health. This blog is going to cover a lot of things, and nothing will ever be in any given order.

Hopefully you come to like what I write, and feel free to follow this blog on the fediverse by looking up @privacy-bear@write.as.

Thanks for reading, Privacy Bear