/pol/ - Politically Incorrect

Also:

>Qubes

>Open source with proprietary blobs,[1][2]

Lmao.

>Arch

Is ported for proprietary GPU firmwares, uses Broadcom, NVIDIA for kernel drivers which is proprietary, intel-ucode and -uco for installing microcode updates, which is proprietary, and GRUB may also support booting nonfree firmware too. Figures, since Arch users are the most insufferable personalities in the programming sphere.

>Manjaro

Same as above, except worse.

Contrast this with Gentoo, which doesn't use any wifi firmwares (like Broadcom) or drivers by default, and it's 100% free and open source from the ground-up.

Although to be fair about Arch, they at least have a PowerPC port (but it's unofficial). They also have Libre kernels (like linux-libre) from the AUR so that you can use for Arch Linux that can manually remove linux-firmware, intel-ucode/amd-ucode and proprietary drivers (like NVIDIA, although GNU doesn't use drivers), but these are unofficial also. Qubes and Manjaro I would just avoid completely. Aside from GNU + linux-libre, you could also use Parabola GNU/Linux, which is Arch-based, Guix system, Trisquel, or maybe Hyperbola, which is also Arch-based (although their repo is no longer active). Coreboot/Libreboot are also scams.

>Coreboot: only partial Intel ME neutering, depending on device, uses proprietary blobs (VGA BIOS, sometimes ME, even if only partial, microcode), is minimalistic and uses UEFI and has shit functionality (PowerPC works like a charm).

>Libreboot: is compatible with older hardware only (like Thinkpad X200, T400, etc.), which have older CPUs (pre-Spectre/meltdown mitigations), no hatdware TPM 2.0, less secure memory default protections (e.g. no SMEP/SMAP), does not currently support cryptographic boot protection (no vboot or UEFI Secure Boot, either), anyone with physical access could tamper with the bootloader or kernel disk unless you use full disk encryption with verified /boot (you could use LUKS + detached boot partition or Heads/Coreboot for signed bootchain), doesn't come with microcode updates either which leaves known CPU bugs unpatched (like Spectre, TLB Bug and errata) so you'll have to install microcode from Gentoo manually if you accept the tradeoff, and even some of the Libreboot-compatible devices come with blobbed Wifi (e.g. Intel 7260) and even if you're using a free Atheros card instead, you're still prone to metadata leaks (e.g. no MAC randomization or weak roaming protections). It also comes with TPM 2.0 or fTPM (used for disk encryption key sealing as well as integrity checke), SGX/SEV/TEE (optional for sandboxing, although not privacy-friendly anyway) and IOMMU (VT-d) (for safe device isolation i.e. USB sandboxing), and has no modern hardware security. Also, physical access = game over, because it's not immune to "evil maid" attacks so doesn't protect the BIOS/GRUB fom being tampered with, and it has no tamper-evident boot chain or disk seal unless you add external tools (e.g. Heads, USB-Key Challenge, or boot has verification). And even though it may not have any Intel/AMD PSP, uses blob-free firmware and full disk encryption may be technically possible, it however lacks a secure bootchain, as well as modern CPU mitigations, microcode updates, TPM/hardware sealing and IOMMU/VT-d/modern isolation.

In all, Libreboot is good for privacy, but not security. Coreboot is the opposite in that it's better for security than Libreboot, but not the privacy aspect. But both still suck at performance (so does RISC-V, but the difference is it's safe by default unlike this, unless you absolutely know what you're doing).

>Brave/DDG/Searx

 "Private search engine" is an oxymoron. Everytime you enter a query, that's a new page added to the web, and that's not only visible to whoever runs the search engine company or the police/NSA, but to private third parties as well. And they can pinpoint that to an IP address/cookies. Case in point: aoluser927. In 2006, there was an AOL employee who leaked thousands of user's supposedly "private" search profiles and revealed somebody who was searching some truly disturbing shit (namely, kidnapping kids and hiding bodies and stuff). I don't think they could see an IP and it remains unsolved who was making these sick ass searches, but it's still there, obviously.

Another problem: they only index 1% of the entire internet because robots.txt is a manual handshake process. Back in the day, some web browsers had these built-in keyword search features that could show you the whole web at the time you entered those parameters (namely, Nexus browser for Nextstep OS from 1994, which was the first web browser, launched by Tim Berners-Lee who created the World Wide Web, since prior, people relied on different hyperlink interfaces for accessing ARPANET/internet/WWW, and I think AOL browser also, which had a similar feature, although none of these still work anymore, because they use outdated web protocols). Although this is something only '90s internet users would mostly remember (from what I've been told, they weren't exactly user-friendly, and this was right before IE took over). But you can still do something like this today, assuming you have a Linux desktop and Python to write a custom one with current web protocols to index sites. The only exceptions are encrypted networks, like Tor/I2P/Freenet, which you could still index, assuming you designed it for those specific network protocols, although you can't if it were meant only for two computers to see (or in certain rare exceptions, like those private sites that require you to have certain cookies in order to access that would require you to email the site owner to get them to let you in manually, which'll encrypt the connection once you're in, like those private sites off that old Torrent site "Demonoid," which had some "Top Secret Torrents" on there to loophole around ISP snooping laws using a disclaimer). Point is: the internet works off of IPs/ISPs, ASNs (to which there's only 4 companies that assign these in the world, with ARIN being the American one), nodes (computers in a network), registers/DNS and VPS (which is CLOUD, such as Digital Ocean, for example). There also is no "deleting" anything off the internet either, because there will always exist backups, because that's CLOUD-BASED (meaning once it's out there, it's already on another computer and you ain't deleting it, either). In fact, you could even customize it with "nojs" filters and advanced search tools (the older ones would let you add to searches, like narrowing your searches for websites with stars in the backgroud, say for example, and it'll give you exact matches without fucking up your searches, unlike shitgle). Also, AT&T can pull-up anything that was ever uploaded to the web since at least 1996 when the CDA was passed and the DOTCOM explosion (in 1989-95, URLs didn't have ".com" suffixes, a link would instead look like "http://www.greenplants//" instead of "http://www.greenplants.com"). If it's encrypted between two computers (like self-hosted emails, if done properly) it'll just make content unreadable to another computer.

Who the fuck still falls for honeypots like Brave/DDG/Searx on here? Just script your own keyword search interface and install the extension to Firefox/GNU Ice Cat via "developer mode" extension (btw, don't use "Brave" or any other Chromium landmine either, since they're all the same).

>WireGuard/OpenVPN/Tailscore

>WireGuard

Written in C, so no.

>OpenVPN

Insecure (and written in C).

>Tailscore

Proprietary trash. Again, written in a lower level language.

When the fuck will somebody use Python to script a VPN protocol out of for a full tunnel client w/ access to iptables w/ default setting at "strict"? Plus run it on custom STUN servers, uses 10.8.0.53 instead of 8.8.8.8 (Google)/1.1.1.1 Cloudflare)/9.9.9.9 (Quad9) and blocks any connections to them for a fine-grained DNS control, and fully self-hosted w/ local only control. Everything else is too insecure. Oh, and also

>Tailscale leverages Google's OAuth2 for user authentication, allowing users to log in to Tailscale using their Google accounts

Lmao. The absolute state.

The entire reason everyone prefers to write VPNs in lower level languages in the first place is because of performance and simplicity. The only thing that C/C++/Go has on Python in those aspects is that Python's cryptography is slow. But I have yet to see anyone implement a higher level language to script a VPN client with. That's why alll the VPNs on the market are privacy scams.

>oy vey goy nothing is private just give up!

>>13640749

>One (1) post making fun of you

>Goys! Goys! See the backlash I get! It's the feds!

>>13640746

100% of DDoS attacks are feds.

>>13640753

Not to mention that POWER9/PPC architecture is not only optimal because it's open source with no proprirtary nonfree blobs and has GNU/Linux compatibility, but also because it was designed with IBM supercomputers in mind, so it's a super high-end ISA to top it off.

Offline AI bots written in Python and executed via terminal are the safest ways of connecting to the internet tbh.

>>13640813

Although RISC-V is improving recently, performance-wise.

>>13642440

Hell, you can use AI to script architectures with too (besides RISC-V).

>>13640749

Pretty sure it was the Arch/Manjaro user comments above that did it.

Should have stuck with the usual Kubuntu over Ubuntu chatter if you wanted to be filed away as normie that can be ignored.

>>13640738

>prietary, nonfree Android blobs for the GPU (Adreno), WiFi/Bluetooth, Cellular modem, Camera ISP, etc. In fact, there is no Android custom ROM that

Toss all that shit out.

Get a Thinkpad.

Replace the BIOS with Coreboot.

Install Trisquel or Debian.

You are now based.

-> No more INTEL Management Engine cucking.

-> No more "BILLIONS MUST UPDATE" Windows spyware.

-> No more games getting deactivated remotely from "the cloud".

https://doc.coreboot.org/tutorial/part1.html

I use an old laptop with an old "outdated" OS that has no forced updates or any of that shit. Got rid of any unnecessary bloatware and it works just fine for me. Updating shit is so overrated. Anything can be hacked anyway. If you are worried you need to re-consider what you use computers for and how you use them. What info you put into them. I simply use a VPN and forward secrecy, I won't put personal information into my system at all. Pretty much use it for shit posting, scrolling random websites and downloading media. If ever hacked they really won't find much on this system and all my important files are safely backed up offline on multiple copied drives. Considering I hardly use any mainstream social media services it always suits what I intended to have a computer for. Archiving. Media hoarding. Shit posting.

If I ever do anything else, like personal email, I have a completely different PC and OS to access that and it's pretty much reserved for personal use only.

>>13640738

>and some SIP softphone apps for VoIP kinda like picrel (it's a Gentoo Pinephone since GNU supports Phosh/Sway, but not Plasma Mobile though), although that wouldn't be a true smartphone experience, though

Or you could pair a ghost SIM with a Gentoo Phosh device using ModemManager and a kill-switchable baseband, add mmcli scripts to only connect when needed, avoid persistent IMSI exposure or triangulation and combine with VPN + Tor + MAC randomization.

>>13640740

>VPNs

Just use a custom proxy stack consisting of X25519, chacha20, poly1305 and kyber, which is resistant to quantum computers since you don't need a client and in fact, I advise against it because there curently are no safe VPN providers as they're all written in garbage lower level languages like C/C++/Go (and that includes OpenVPN and Wireshark) and lack full tunnel control. They're garbage.

What about PinePhone ?

https://pine64.org/devices/

I've been waiting to finally navigate off the Duopoly of Droid/Apple.

I was surprised when investigating this space that many were recommending using a Google device…defeats the entire purpose

>>13642673

Pinephone is still (((FCC-licensed))) but you're close. I like their idea of hardware killswitches (but the Librem makes theirs better accessible on the outside of the case). The only guaranteed safe smartphone is a fake phone/counterfeit smartphone (like Obama's blackberry) which are sadly illegal.

>>13640746

Although Rust is forked from Java, so use Hypha behind a VM only. Also, proxy =/= VPN, as I've already said in the last two comments.

>>13642679

Yes Rust doesn't come with all the security updates that j*va does, but it's not an optimal language as compared to Python. C is only good for making webpages.

As a finishing touch, use rkhunter, kvm/qemu, clamav, firejail and iptables together for multi-firewalled defense and wireshark or custom network tools for monitoring your network. Use xkpasswd.net, keepassxc, bitwarden and masterpassword.app for encrypted passwords and I might go into a tutorial on how to self-host emails properly in a future post to touch it up.

How to self-host properly:

>host your emails on rented VPS servers instesd of putting your own LAN at stake and routing your emails through your homeserver which requires a business plan from your ISP and migraine-inducing maintenance work and costs to handle server fees and maintaining it, and self-hosting it (like those anonymous VPSes frequented by hackers that abuse legal loopholes, like CrazyRDP/Bulletproof VPS services/bitlaunch/etc) so that way you can host a static address on another ISP.

>run your emails off African VPS servers or other countries with better privacy laws (ie Soviet Union/.su because they were registered before the dissolution and thus aren't bound by any rules either because "the Soviet Union" no longer exists, Tonga/.to, Rwanda/.rw, São Tomé and Príncipe/.st, India/.in, etc) so that way the feds won't be able to subpoena shit.

>use custom open source DDOS mitigation and firewall tools to route your traffic through (like Anti-DDoS Flood Protection and Firewall by Conor McKnight on Github or haproxy-protection, for example).

>use your open source webmail client of choice (like Mozilla Thunderbird).

>avoid using real credentials in DNS records when registering website and the same applies to your email address/password/website name/usernames/website/etc (which your email account should appear as yourname@yourwebsite.su for example). Also block cloudflare (1.1.1.1) and websites connected to it (including 4chan).

>if making a general-use website, say a forum, avoid proprietary software like Xenforo and Google ReCAPTCHA, and instead use opem source forum software that's more secure (like MyBB - I prefer the Raid Forums/Breached versions). You could even make it accessible by cookie only as I mentioned earlier so it will encrypt the connection once in and the only way to access it from the outside would be manually.

Also, use common sense while online. As in, don't reuse usernames, passwords, avoid social media (including FaceBook and Myspace), use yt-dll for YouTube, no bragging/camwhoring either, etc.

And if your browser is fully setup, it should filter out 99% of the whole internet so only basic C-written webpages are accessible (like 90s-era geocities/angelfire/tripod-style websites).

Oh, forgot to mention you'll need all the commonly recommended privacy plug-ins for Firefox/Ice Cat/Iceweasel (unless you're using a terminal browser that uses .txt instead of .html like ELinks) such as NoScript, Privacy Badger, Cookie AutoDelete, Multi-Account Containers, adblockers (uBlock Origin works best but I think Adnauseam is pretty good too), googleadservices blockers, bitminer blockers, etc.

>>13642512

Instead of Tor, use custom Linux proxy.

>>13640738

I got it wrong, Wifi vibrates in Gigahertz range (billions of hertz - that's enough to kill somebody!). Just use modulation so you don't hear the noise.

As for some trivial stuff: instead of using garbage "open sores" apps like Telegram or Signal (or God forbid, cloudshit apps like Matrix and RocketChat), use IRC or XMPP/OTR/OMEMO w/ encrypted client of choice. There are currently no distributed and popular messenger apps I can recommend. WhatsApp is owned by Faceberg and Wickr is owned by Amazon.

Also, to expand, Lokinet is garbage. It uses that god awful "Oxen" blockchain that they used for Session that costs $1000 to host a single node on the network and is hosted on Australian servers. And Jim "the DHS glownigger fed" Watkins endorses it.

>>13642730

Where'd you find this? Skidtools.io? Also, let me say this again: THERE IS MO SUCH THING AS A PRIVATE SEARCH ENGINE! There is one common denominator that virtually every webpage on the whole internet uses, and that's HTTP/HTTPS. Script your own HTTP/HTTPS sniffer toolbar using Scapy, PyShark or Socket in Python as backend sniffers to sniff out any and all HTTP traffic (just not HTTPS because it's encrypted which would require MITM access via ARP poisoning/router injection/mitmproxy in Python). Heee's how you can do it:

>Have the Python tool sniff HTTP traffic using Scapy or PyShark

>Extract URLs, POST requests, and keywords

>Match those against certain strings (e.g., "nuclear", "bitcoin")

>Serve results to the browser via a local API (e.g., Flask)

Now you just created a built-in browser keyword search tool like thd older ones have without worrying about your searches bwing everyone's business. Install it to your browser via "developer mode" option. Fuck a search engine that can uses manual suboptimal handshake protocols like robots.txt (such as what you're advertising). This'll let you search the whole web w/ a backend.

>>13642733

Also, you can even add your own "nojs" filters to it if you want.

>>13642679

Also, run Hyphanet inside a Windows VM and use Linux VM as a proxy/firewall/router. Set up proxy software (Tor, I2P, SOCKS5, VPN) on Linux and force all traffic from Windows VM through it. That way your progress will be saved behind a VM safely.

>>13642772

But as always, use custom proxies. Don't rely on preexisting infrastructure because none is trustworthy.

>>13642773

I was only using Tor/I2P/VPN and stuff as an example. You don't have to use that and in fact, shouldn't. Don't use no VPN.

>>13640738

Daily reminder: If you pay more taxes than you get returns you are literally a slave by definition. You are working for free to tyrants that force you through sheer threats of violence.

>>13642834

What is the mathematically optimal way to sustain privacy online?

This could easily be a business venture, though you would need a diversity hire to be the figurehead otherwise mossad will weak havoc on your business like they did on 9/11

>>13642873

>>13642873

The only realistic way to stay anonymous online is if you had a way to use passive reflection or signal mirroring via demodulation of another device (say a Zebra scanner because they use analog resistive touchscreens) and mirrored that onto a homemade device that you built from scratch. For making the touchscreen, use gorilla glass for the top sheet, apply silver conductive paint to the bottom of it, use a PET sheet with silver conductive paint underneath it for the bottom layer, make your circuit board out of epoxy-hardened mother's day cards stacked in multiple layers, stencil out your circuitry in pen ink, cover with thin layers of aluminum foil, epoxied in place using thin layers of conductice epoxy, then draw next to your schematic on both sides with pencil graphite and you made your touchscreen board. Mount the touchscreen on a separate frame and the board inside the phone case (made from epoxy-hardened cardstock), then use a secondary board made of stiffened cardstock but use copper tape instead of graphite/foil, lift a battery from an electric screwdriver, lift a USB charger port from a burner phone, connect the touchscreen board to the phone board via Through-Hole Vias and Flexible flat cable so that the wires will conduct through the front of the board to the other board, making sire that the copper wire doesn't touch the foil so as to prevent it from short circuiting (do this first and go over the dots in graphite carefully) so now your phone board and touchscreen board are wired together. Then use a transistorless graphene processor made by wrapping scotch tape on graphite from a pencil (one pencil should be more than enough for this purpose) and wire a pieszoelectric buzzer from a cheap digital watch to the phone board to allow analog programming. Then adapt it for 3.7v electric screwdriver li-ion/li-po battery and lift a charger port (say, type c) from another phone, and make a loop antenna to capture geosynchronous satellite for the internet connection for a satellite phone type setup. Use some rubber bands for the buttons w/ a chip bag wrap over it and foil underneath both buttons for the on/off, using analog schematics to simulate a volume up/down and power on/off that'll be synchronized with the phone, so when you press down on it, it'll tap the two foil plates together and jack the volume, using conductive epoxy and other pieces of stiffened cardstock as spacers to allow up and down movement, wire the volume buttons to an appropriate sized razor blade w/ a small earphone magnet at the front and a strip of insulative rubber band epoxied on the bottom w/ a layer of foil epoxied over it so you can connect your wires via soldering them (+/-) and epoxy it to the bottom of your case w/ holes poked through the stiffened cardstock case for the homemade speaker to emit through, and epoxy the volume and power foil sheet cardstock substrate next to the buttons to the inside of the case, and now you finished your phone.

For "programming" it, take a CRT display box tv, a RF modulator and RCA antenna and tune your receiver until you see someone's Zebra scanner android screen pop up on the TV screen using type c port to trs connector adaptor you made so it'll be connected to listen in, and the pieszoelectric buzzer should demodulate the signal onto the phone using a drawn demodulator circuit on the board. Then you make another board for the antenna and draw an envelope detector circuit w/ diode, resistor, capacitor and another pieszoelectric buzzer so you can access geosynchronous satellite internet via RF signal after mirroring the Android device's RF leakage and now you have a parasitic device that instead of recording, is interactive via touch input and uses analog as a frontend, but digital as a backend.

For making the chip, use hollowed out plexiglass (either hollowed out chip when you bought it or made w/ a screw and powerful electric screwdriver going in 1/3 the way and fill in some acetone to eat it for 30 minutes to an hour and dig out gel with a copper wire, clean out with water and cotton swap and fill in your graphene paste made with the graphene you collected from pencil lead earlier using scotch tape mixed with a drop of isopropyl alcohol or conductive epoxy and impregnated inside the plexiglass substrate via syringe, covering up the hole with epoxy and drill four holes on the bottom w/ screw and electric screwdriver, line them up with the holes in your circuit board (THVs) and solder in place for adding enough power to your circuit to connect the device to internet (it'll be transistorless).

>>13642877

Scientists have been proposing analog circuits as an alternative to digital/quantum even to circumvent Moore's Law entirely because it it mimicks real life which isn't ran on digital code (which I'm referring to regular digital, althouhh it simulates real life in that it's a simulation, but quantum simulation is different from digital; it's basically a ghost device). That's the only 100% safe way to both have a corporate-free smartpone from a trusted source, not have to worry about updating it through hardware generations via Moore's Law and be safe at the same time by impersonating another device. Now you have s corporate-free phone!

Why go through all the trouble? You might as well communicate and organize face to face than worry about privacy online. Tracking someone over the internet is stupidly easier than in person, and whatever list you are scared you might be on, you're already on it. You could make this into a wiki though, instead of a board post which will be lost to time.

>>13642878

>>13642877

Made an error, it is legal to buy blank chips, but it's not legal to have ghost SIMs and even when you do finish programming your device, it stilll has to be licensed by the FCC. Micro Center sells blank chips.