Excellent post. I agree entirely.
There absolutely must be an elegant solution to the problem. However, in my opinion, the issue is that not enough people are interested in having the security you mention. Don't the statistics say that over 50% of people don't use a password manager, reuse passwords and those passwords are things like password123?
This apathy towards security presumably means that there is very little money in designing the elegant solution to the problems raised in your post and many of the brightest and best in the field will simply seek alternative employment in the online data collection and advertising field where all the money is.
As it stands, so many people have so little concern about online security or privacy that it seems to be slowing progress in both fields.
Thanks. Is Tor browser as effective if not used over tor? My tracking blocking is via a VPN that I trust and want to continue using so I wasn't thinking of using tor. I think I read somewhere that using VPN over tor or tor over VPN somehow became less private (I'm not technical so this might not be right - maybe someone could explain it). I was going to use Mullvad as I believe it has many of the same qualities as Tor browser but is more focused on use with a VPN rather than Tor.
The question of browsers
So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn't the tightest and could best be described as "I don't see why they should have my data if I am blocking the ads they use it to try to deliver to me". This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser's terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I'm on debian-based linux.
Thanks for any help in advance.
Thanks for this. It is very helpful. To be honest, I had forgotten about Exodus.
I think it needs camera and microphone in case you want to take photos and video and save directly to an encryted volume. That is not in my use case so I will just deny those permissions.
Thanks. I had noted the lack of internet permission as a positive. I guess that I was just puzzled at the lack of coverage within the community. Maybe the app simply hasn't been around long enough to attract the attention it seems to warrant. Or maybe I am being overcautious.
How private is DroidFS?
Hi.
When considering the privacy credentials of an android app, I would usually search for reviews by well-known privacy advocates or recommendations from common privacy websites. However, with DroidFS I am unable to find much information and no recommendations from common sites. The little information I can find is that it is an efficient, easy-to-use implementation of gocryptfs and cryfs for android. This is what I am looking for but was wondering whether anyone had any further insight on the app from a privacy point of view please.
Thanks.