SimplifiedPrivacy.com on Nostr: PrivacyGuides Loves Spyware One of our readers asked how we differ from ...
PrivacyGuides Loves Spyware
One of our readers asked how we differ from PrivacyGuides. So I wanted to outline the technology choices for your benefit.
For those of you who are unfamiliar, PrivacyGuides.org is a website run by Jonah Aragon. And although this post will heavily criticize PrivacyGuides, I must stress that I do respect Jonah and the rest of his team. They are doing a huge service by running their guides as a non-profit. And I encourage anyone who reads their stuff to continue to donate.
That being said, I have huge philosophical disagreements, and the main one is that we view Big Tech as corrupt and oppressive, because of their enormous involuntary surveillance and political censorship. On the other hand, PrivacyGuides appears to just be concerned with low level evasion, where they place large amounts of trust in the very groups we criticize. For example, their forum PrivacyGuides.net is on Cloudflare, their other forum Lemmy.one is on Cloudflare, and even his personal site JonahAragon.com is Cloudflared along with its email. And even just for text and avatar icons with their staff bios, they use Microsoft Github. You can’t afford to host 5 tiny jpegs?
While I genuinely admire Jonah for separating himself from the previous PrivacyGuides site because they sold out to commission links. I do not think his current recommendations have enough adversarial thinking in mind. For example, it’s only when Skiff email was recently bought by Notion, did PrivacyGuides remove it. They never mentioned that Cloudflare can break SSL and see the private encryption keys served to you when you first sign-up.
Over and over, I have criticized Cloudflare seeing the bulk of our traffic and breaking SSL to see data. And so it’s unfair to his readers to not even warn them that on his website, they’re being browser fingerprinted and logged for DDoS purposes when he tells them no data is collected. Especially when his readers are first consulting his website to buy a VPN in the first place. Further, users of their forums and Lemmy, don’t own their identities because CF sees the login passwords. How can you say this doesn’t matter? To quote Jonah’s own website: “Privacy is about power, and it is so important that this power ends up in the right hands”
But not owning your identity, how are readers of PrivacyGuides even supposed to know if Jonah is the one writing on the forums, or if it's really the government? Even worse, it is painful for me to see Jonah Aragon criticize Nostr. When Nostr is the very solution to his identity problem. He said: “I am trying out Nostr and so far am unimpressed. If anyone else is testing it out find me here and we’ll see if this even makes sense as a social network much less one we’d want to recommend on the site lol" [1]
Nostr is truly an amazing place and I urge him to try it again. His website says “decentralization” but I was shocked to see he does not even mention XMPP on his list of encrypted messengers. And when asked on forums, users are told to go to Matrix. [2] I could not disagree more. XMPP is the gold standard of decentralized open source communications and the primary choice for the darkweb. How can he guide us on Tor without even mentioning it?
Now we can debate XMPP’s reliance on government domains vs SimpleX & Session. Those are fair criticisms. But all of these, including Matrix, have centralized development. SimpleX got money from Microsoft. Signal is on Amazon. And while Session is on a blockchain, it’s like a corporation when it comes to changes. While as XMPP is the only one that’s pure & truly decentralized, with nobody in charge. And because hosting a Matrix server is so annoying, most people DON’T self-host, and use the official Matrix server w/ Google captchas fingerprinting your device and Gmail doing the verification. That’s right, Matrix.org is linked to Gmail, which ties your Matrix account to your real name if you were dumb enough to trust them with your real email.
And can you guess what company actually hosts Matrix.org? Can you guess what US-government compliant company sees who you talk to and when? Drum roll... Cloudflare.
Jonah, I’m not attacking you. I’m trying to make you realize that they are attacking us. And instead of being at each other’s throats, we can empower our readers to take control of their digital lives. That’s why I applied to write for you when I first started. And my offer still stands.
One of our readers asked how we differ from PrivacyGuides. So I wanted to outline the technology choices for your benefit.
For those of you who are unfamiliar, PrivacyGuides.org is a website run by Jonah Aragon. And although this post will heavily criticize PrivacyGuides, I must stress that I do respect Jonah and the rest of his team. They are doing a huge service by running their guides as a non-profit. And I encourage anyone who reads their stuff to continue to donate.
That being said, I have huge philosophical disagreements, and the main one is that we view Big Tech as corrupt and oppressive, because of their enormous involuntary surveillance and political censorship. On the other hand, PrivacyGuides appears to just be concerned with low level evasion, where they place large amounts of trust in the very groups we criticize. For example, their forum PrivacyGuides.net is on Cloudflare, their other forum Lemmy.one is on Cloudflare, and even his personal site JonahAragon.com is Cloudflared along with its email. And even just for text and avatar icons with their staff bios, they use Microsoft Github. You can’t afford to host 5 tiny jpegs?
While I genuinely admire Jonah for separating himself from the previous PrivacyGuides site because they sold out to commission links. I do not think his current recommendations have enough adversarial thinking in mind. For example, it’s only when Skiff email was recently bought by Notion, did PrivacyGuides remove it. They never mentioned that Cloudflare can break SSL and see the private encryption keys served to you when you first sign-up.
Over and over, I have criticized Cloudflare seeing the bulk of our traffic and breaking SSL to see data. And so it’s unfair to his readers to not even warn them that on his website, they’re being browser fingerprinted and logged for DDoS purposes when he tells them no data is collected. Especially when his readers are first consulting his website to buy a VPN in the first place. Further, users of their forums and Lemmy, don’t own their identities because CF sees the login passwords. How can you say this doesn’t matter? To quote Jonah’s own website: “Privacy is about power, and it is so important that this power ends up in the right hands”
But not owning your identity, how are readers of PrivacyGuides even supposed to know if Jonah is the one writing on the forums, or if it's really the government? Even worse, it is painful for me to see Jonah Aragon criticize Nostr. When Nostr is the very solution to his identity problem. He said: “I am trying out Nostr and so far am unimpressed. If anyone else is testing it out find me here and we’ll see if this even makes sense as a social network much less one we’d want to recommend on the site lol" [1]
Nostr is truly an amazing place and I urge him to try it again. His website says “decentralization” but I was shocked to see he does not even mention XMPP on his list of encrypted messengers. And when asked on forums, users are told to go to Matrix. [2] I could not disagree more. XMPP is the gold standard of decentralized open source communications and the primary choice for the darkweb. How can he guide us on Tor without even mentioning it?
Now we can debate XMPP’s reliance on government domains vs SimpleX & Session. Those are fair criticisms. But all of these, including Matrix, have centralized development. SimpleX got money from Microsoft. Signal is on Amazon. And while Session is on a blockchain, it’s like a corporation when it comes to changes. While as XMPP is the only one that’s pure & truly decentralized, with nobody in charge. And because hosting a Matrix server is so annoying, most people DON’T self-host, and use the official Matrix server w/ Google captchas fingerprinting your device and Gmail doing the verification. That’s right, Matrix.org is linked to Gmail, which ties your Matrix account to your real name if you were dumb enough to trust them with your real email.
And can you guess what company actually hosts Matrix.org? Can you guess what US-government compliant company sees who you talk to and when? Drum roll... Cloudflare.
Jonah, I’m not attacking you. I’m trying to make you realize that they are attacking us. And instead of being at each other’s throats, we can empower our readers to take control of their digital lives. That’s why I applied to write for you when I first started. And my offer still stands.