I'm trying to decide what option I prefer here in terms of privacy. I'm curious of other's opinions on the issue, and if anyone has a better solution to offer more privacy.

Option 1: Hosting a local recursive DNS

I currently have a device running Pi-hole on my local network. I recently set it up as a recursive DNS server using unbound. This allows me to no longer rely on a public DNS such as GoogleDNS, OpenDNS, Cloudflare, etc. for my queries, and just point straight to the root servers.

Pro: I removed a "pair of eyes" (Public DNS) out of the equation

Con: All my queries are not encrypted so my ISP (and potentially others) can still see my DNS queries

Option 2: Using DNS over HTTPS (DoH) using Cloudflare's client

With this option I would use Cloudflare's cloudflared daemon they provide on their website. This would allow all my queries to be encrypted when sending them to Cloudflare.

Pro: Encrypted DNS queries from my local network -> Cloudflare's servers. My ISP can no longer see my DNS queries

Security Pro: Helps prevent MitM attacks

Con: I now have a Public DNS back in the equation, which I have to put some trust into. Also, my queries are most likely only encrypted from my local network -> Cloudflare's network. When Cloudflare has to do the recursion, those queries may be not encrypted (my assumption is they will most likely be not encrypted)

Possible Con: Does Server Name Indication (SNI) "leaking" apply to DNS queries at all? If so, then my query is revealed anyways right?

As a note, I am nowhere near an expert on the specifics of DNS, so some of my assumptions on how things work may be super wrong!

Tildes is 100% donation-supported. It sounds great but I'm doubtful it's a sustainable model. Countless sites have started this way but ended up seeking other ways to monetize, including...

1. Showing ads on the site
2. Intermingling "sponsored posts" or "promoted posts" with regular posts, basically giving preferential treatment to content from users who paid for extra visibility (native advertising)
3. Selling user data
4. Cryptocurrency mining (either with user permission or on the sly)
5. Opening a store for selling branded merch
6. Periodic "pledge drive" fundraising campaigns
7. Enacting paywalls

I've been thinking a lot about site monetization in the abstract lately. Some of these options are better than others. Personally, I'd draw a hard line against 1-4 on Tildes. I think all of those are in direct opposition to what this site is all about.

I think 5 is a "good in theory, but not in practice" idea. A merch store might generate enough revenue for the first few months but would see rapidly diminishing returns. It would have to resort to increasingly gimmicky promotions just to reach eyeballs and meet its goals.

I think 6 could be a popular option but I personally recoil from the annual hard-sell guilt trip. The recurring drama of "THIS COULD BE OUR LAST YEAR IF YOU DO NOTHING" is exhausting and paints the site's future as constantly in turmoil.

Finally we come to 7, the paywall. Traditionally I hate these too, especially when they block content like news that is available for free elsewhere. Sometimes they are "soft" paywalls that give you free access to an article (or the first few paragraphs of one) before they ask you to pony up. I feel that these are the worst form of paywall because they tease and frustrate users, and are often easily circumventable anyway.

That said, I think a "hard" paywall might actually be a good choice for Tildes. For starters, this is already a walled garden. We're actively trying to cultivate a community by not exposing the site to the wider world. That would at least make the transition to a paywall easier to swallow than if the site had been open the whole time.

It's 2018. By now it's evident to me that TANSTAAFL online. If you're not paying for something, you are the product. I'm a dyed in the wool cheapskate and I don't like opening my wallet to use a website, but at this point I'm even more tired of being treated like a commodity. If I'm going to invest in an online community, I'd much rather pay a small subscription for access than be jerked around in shady ways. I feel it's the most honest and straightforward solution for a site like this.

Caveats are that it would need to be cheap. Really cheap, like $1 a month. I don't know what the site's operating expenses are, but I would hope something in that ballpark would cover them, at scale. Also @Deimos would face the temptation to implement multiple options from the list as time goes on. Like, after we're used to the paywall, he might want to add "unobtrusive" ads too, or start selling "non-identifiable" user information. I think it's vital that the site never compromise like that. Raise the price if it comes to that, but don't get greedy. A page in the docs formalizing some promises about respecting users would be a nice thing to put on the record.

What are your thoughts? I should say that I'm talking about the future here, I think it's way too early to put up a paywall now. The community would have to be large and mature enough to justify a paid subscription to it, and we're not there yet.

Next week the EU parliament will vote for their new copyright directive. In general it contains some good ideas, but also some extremely bad ones, such as article 13. It will require all uploaded content to be scanned, and deleted if it might contain references to other copyrighted material.

The issue here is the word might. Due to the possible fines for companies that accidentally leave up something that contains a copyrighted work, they are incentivized to act more harsh than often necessary. It's safer for them to delete everything that looks like it might infringe copyright than risk the fine.

This could be disastrous for the Internet as we know it. And this is why many movements are speaking out against it. One such example would be the open letter to EU parliament. More information is available on https://saveyourinternet.eu/resources/, and you can find much more about it all over the Internet if you search with your favourite search engine.

What's your opinion on article 13, and have you done anything to make your voice heard?

~ takes privacy pretty seriously, which I’m a big fan of. Can’t say I’ve seen any other sites where even your email is hashed, but I like it.

What I’m curious about are the invite codes. Don’t get me wrong, I don’t think Deimos is going to do anything nefarious, but I did use one of my personal (albeit secondary) emails to request my invite code. Thus, would it be possible to trace the invite code used to create my account back to that email in any way? Or is the code not stored anywhere once it’s used?

Edit: yes, I realize this account uses my real name, and I’ve linked to my personal gitlab before. For the time being in a community this small, I don’t mind. I may end up creating a new account when the website opens the floodgates, but that’s neither here nor there.

Let's take Google, for example. Google tracks where you physically are - why are some people so much against it? It doesn't hurt me, google just uses it to serve me personalized ads. Why are people so concerned about it?

Google even tracks, which websites do I visit - again, why should I care? When I want to browse anonymously, I use VPN. If I wanted to do something illegal, I guess I won't use google at all and install tor? I'm not sure what should I do in that case, but I'm sure, there are ways to get away from google's sight when people need to.

I don't understand, why some people fight for internet privacy so much. Could someone help me to understand it? What's your opinion on privacy and internet tracking?

Link: https://www.eff.org/cyberspace-independence

Full Text:

A Declaration of the Independence of Cyberspace
by John Perry Barlow

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.

Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.

You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions.

You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don't exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.

Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.

We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.

We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.

Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.

Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion. We believe that from ethics, enlightened self-interest, and the commonweal, our governance will emerge. Our identities may be distributed across many of your jurisdictions. The only law that all our constituent cultures would generally recognize is the Golden Rule. We hope we will be able to build our particular solutions on that basis. But we cannot accept the solutions you are attempting to impose.

In the United States, you have today created a law, the Telecommunications Reform Act, which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us.

You are terrified of your own children, since they are natives in a world where you will always be immigrants. Because you fear them, you entrust your bureaucracies with the parental responsibilities you are too cowardly to confront yourselves. In our world, all the sentiments and expressions of humanity, from the debasing to the angelic, are parts of a seamless whole, the global conversation of bits. We cannot separate the air that chokes from the air upon which wings beat.

In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may keep out the contagion for a small time, but they will not work in a world that will soon be blanketed in bit-bearing media.

Your increasingly obsolete information industries would perpetuate themselves by proposing laws, in America and elsewhere, that claim to own speech itself throughout the world. These laws would declare ideas to be another industrial product, no more noble than pig iron. In our world, whatever the human mind may create can be reproduced and distributed infinitely at no cost. The global conveyance of thought no longer requires your factories to accomplish.

These increasingly hostile and colonial measures place us in the same position as those previous lovers of freedom and self-determination who had to reject the authorities of distant, uninformed powers. We must declare our virtual selves immune to your sovereignty, even as we continue to consent to your rule over our bodies. We will spread ourselves across the Planet so that no one can arrest our thoughts.

We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before.

Davos, Switzerland
February 8, 1996

So one of the things I really liked about the project is point 1 of the privacy section of the Mechanics (Future).

Proactive not reactive; preventative not remedial: When creating new features, think about what data will need to be stored, and consider how harmful it might be if that data was to be leaked in the future. Is it possible to reduce the amount of data being stored to lower the potential harm? Can the data eventually be aggregated or anonymized so that we're only storing recent data instead of a full history?

I think a good first step would be to not have a public comment/submission history. Users should evaluate other users contributions based on the conversation the are having/reading, not past submissions.

This doesn't make you anonymous, but at least it can prevent nosy people from knowing too much. (I get there are valid reasons to want to find other posts by the same user, but I think individual privacy is more important). At least, if not enforced for everyone, this should be an option, making your profile not display your history to others.

Now, one of my biggest problems with reddit is that it doesn't make it easy for you to stay anonymous and also keep your content on the site.

Let me explain. I don't like people being able to see my submission/comment history, because I don't want to give the chance for people to identify me if I don't choose to do so personally. It's not about reddit knowing what I like or do (I mean, I use Google, they know everything I do), it's about individuals, about other users knowing things I'm not happy sharing with them for whatever reason.

There are only two options on reddit: deleting my content (using a script or whatever or going one by one) or deleting my account. This results in me deleting all my comments and submissions on reddit every few weeks.

Now, I would love to be able to leave most of what I post on reddit online, because sometimes I have really interesting conversations and I try to be detailed and clear and other people might find (some of) my posts useful. But I don't want anyone who knows my username or anyone who sees a comment of mine going through my history. There's too many crazy people. Also, I haven't suffered doxxing, but that's just not nice.

There are many reasons why someone could prefer to not be identifiable. Just to give some examples that come to mind: people might have an ideology that other users don't like/respect, people might post pictures of themselves (think fitness groups, for example), people might post in local groups revealing their location, people might look for counsel and talk about their personal problems, etc. Putting all of that together might make it easy to identify someone.

So, what I would like to propose is a way to leave my content online if I wish to and giving other people the option to read it in the future, without it being publicly tied to my username.

How could this be done? Well, I think users should be able to anonymize their participation in a thread individually and throughout the site. There could be an button (on every thread for thread only anonymization and on your profile for full site anonymization) that you tap and your username is replaced all through each thread with a randomly generated username (it'd be great if the username is consistent within the thread, so people reading would know its the same person).

These usernames should be words, ideally, not difficult to parse by humans. Of course this would generate a great number of usernames, but there are some solutions.

One could be using something like Google Docs uses when several anonymous viewers are watching a document. Each gets a name (RedFox, whatever) which is consistently used throughout the thread. The same username (RedFox) can then be reused in another thread for any other anonymous user. (So RedFox wouldn't be referring to the same person in different threads, but to two random, anonymized persons).

I'm sure it wouldn't be difficult to generate these (similarly to how reddit gives you suggestions to new usernames when you open an account).

Also, in order to avoid the admins having to reserve many usernames in advance, these usernames could have a special mark (like *RedFox or °RedFox, or ~RedFox~, for example). This way, a new user can register any available name without interfering with these anonymous usernames. A thread could have some non-anonymized user called RedFox and an anonymized user called °RedFox (or whatever mark is used).

In any case, the user should be able to access all of their submissions and comments on their profile even after anonymizing, being able to edit or delete them if they wish to.

Ok, I think that's it, I hope I was clear. I'm also not gonna be able to log in again until tomorrow. So please, go ahead and discuss and tell me what you think and I'll come back when I can.

EDIT: User karma should not be public either. I can make an argument for it tomorrow if needed or we can discus it on another thread.

Firefox recently introduced DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) in nightly builds for Firefox 62.

DoH and TRR are intended to help mitigate these potential privacy and security concerns:

1. Untrustworthy DNS resolvers tracking your requests, or tampering with responses from DNS servers.
2. On-path routers tracking or tampering in the same way.
3. DNS servers tracking your DNS requests.

DNS over HTTPs (DoH) encrypts DNS requests and responses, protecting against on-path eavesdropping, tracking, and response tampering.

Trusted Recursive Resolver (TRR) allows Firefox to use a DNS resolver that's different from your machines network settings. You can use any recursive resolver that is compatible with DoH, but it should be a trusted resolver (one that won't sell users’ data or trick users with spoofed DNS). Mozilla is partnering with Cloudflare (but not using the 1.1.1.1 address) as the initial default TRR, however it's possible to use another 3rd party TRR or run your own.

Cloudflare is providing a recursive resolution service with a pro-user privacy policy. They have committed to throwing away all personally identifiable data after 24 hours, and to never pass that data along to third-parties. And there will be regular audits to ensure that data is being cleared as expected.

Additionally, Cloudflare will be doing QNAME minimization where the DNS resolver no longer sends the full original QNAME (foo.bar.baz.example.com) to the upstream name server. Instead it will only include the label for the zone it's trying to resolve.

For example, let's assume the DNS resolver is trying to find foo.bar.baz.example.com, and already knows that ns1.nic.example.com is authoritative for .example.com, but does not know a more specific authoritative name server.

1. It will send the query for just baz.example.com to ns1.nic.example.com which returns the authoritative name server for baz.example.com.
2. The resolver then sends a query for bar.baz.example.com to the nameserver for baz.example.com, and gets a response with the authoritative nameserver for bar.baz.example.com
3. Finally the resolver sends the query for foo.bar.baz.example.com to bar.baz.example.com's nameserver.
   In doing this the full queried name (foo.bar.baz.example.com) is not exposed to intermediate name servers (bar.baz.example.com, baz.example.com, example.com, or even the .com root nameservers)

Collectively DNS over HTTPs (DoH), Trusted Recursive Resolver (TRR), and QNAME Minimization are a step in the right direction, this does not fix DNS related data leaks entirely:

After you do the DNS lookup to find the IP address, you still need to connect to the web server at that address. To do this, you send an initial request. This request includes a server name indication, which says which site on the server you want to connect to. And this request is unencrypted.
That means that your ISP can still figure out which sites you’re visiting, because it’s right there in the server name indication. Plus, the routers that pass that initial request from your browser to the web server can see that info too.

So How do I enable it?
DoH and TRR can be enabled in Firefox 62 or newer by going to about:config:

• Set network.trr.mode to 2
  • Here's the possible network.trr.mode settings:
    • 0 - Off (default): Use standard native resolving only (don't use TRR at all)
    • 1 - Race: Native vs. TRR. Do them both in parallel and go with the one that returns a result first.
    • 2 - First: Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
    • 3 - Only: Only use TRR. Never use the native (after the initial setup).
    • 4 - Shadow: Runs the TRR resolves in parallel with the native for timing and measurements but uses only the native resolver results.
    • 5 - Off by choice: This is the same as 0 but marks it as done by choice and not done by default.
• Set network.trr.uri to your DoH Server:
  • Cloudflare’s is https://mozilla.cloudflare-dns.com/dns-query
    (but you can use any DoH compliant endpoint)
• The DNS Tab on about:networking will show which names were resolved using TRR via DoH.

Links:
A cartoon intro to DNS over HTTPS
Improving DNS Privacy in Firefox
DNS Query Name Minimization to Improve Privacy
TRR Preferences

I'm not affiliated with Mozilla or Firefox, I just thought ~ would find this interesting.

While there were numerous reasons for my exit from Reddit, privacy was a large one. This was something that when I joined here I thought was a fairly widespread view. For me my view of Reddit started to waiver a few years ago when their warrant canary was tripped. I've always been of the idea that the less of what I do online that can be traced back to me, the better. I also abhor the state of privacy online and in the US.

Despite this, what I thought was fairly universal viewpoint, there have been several threads(like here and here) where people give out identifying information about themselves. This, combined with many people using their real names as their usernames or revealing their real names in the introduction threads, made me realize that this is not an ideal that we all share to the same extent.

I guess that leads into my question, how privacy conscious are you guys online and what the the general vibe you've gotten from the ~'s community?

So I thought I’d start a little discussion after cancelling my Hulu trial here.

As a devout advertisement-hater and pihole-deploying, block-W10-analytics-at-the-firewall-level neurotic, I went for the more expensive ad-free plan thinking it got me out of the creepy tracking/analytics too. Surprise! It does not- uMatrix lights up like a Christmas tree when you load anything *.hulu.com

I don’t like being the product. I feel being tracked and analyzed etc makes me exactly that.

What do you all think? Is wanting a non-tracked video/tv streaming service too much to ask for?

Edit: Just to help exemplify my point, a little snippet from the Hulu privacy policy:

“For clarity, even if you have not consented to Hulu sharing Viewing Information together with your personal information, we may still share information collected from or about you”

https://www.hulu.com/privacy.txt

I don't need to reset my password, and I really appreciate the way that it is done to maximize anonymity. However, I think there is a bit of a problem with how it is done in terms of users getting locked out.

If you're locked out, as far as I can tell, there is no way to view the email hint associated with your account. It seems a bit counter intuitive to me that in order to see the hint for how to regain access to your account, you have to already have that access! I also think that it won't work in the case that someone has been away for a few months and has forgotten their password. I'm not sure what a good way of displaying the hint would be, however, since if it is done by username anyone who has seen your posts can look at your password hint.

Hopefully with a bit of discussion we can cook something up that can solve this catch 22!