evujumenuk

Income tax doesn’t do anything to the 1%. You have unrealized gains, and borrow against your assets? You owe zero tax.

A wealth tax, or income tax on yet unrealized gains, would be better. Of course, that comes with its own set of issues. But, I don’t think they are insurmountable.

It kind of has to be, if you’re trying to be persistent about the whole thing. It’s easy to feel overwhelmed and burn out over all of the different threats we’re trying to defend against. I don’t see how you can keep at it for months or years if you feel no joy over it. But maybe being deathly, relentlessly afraid of the dangers around us is enough after all.

If you don’t even like doing this stuff, wouldn’t it be better to focus on measures that require little upkeep? This is what my example suggestion was getting at, something that’s as close to set-and-forget as possible, while getting you 90% of the way there. (Depending on your threat model, sure. If yours says that the sky is falling if Tim Apple gets your iCloud data, it certainly doesn’t apply.)

I’d sure hope so! Many of the things that privacy nuts like us do are not efficient uses of one’s time.

They might require constant vigilance. They might need recurring work for continued effectiveness. They might necessitate exposure to intrusive negative emotions (“what is Google doing this week?!”).

If you’re not having fun, focus on measures that you implement once and then never have to think about again.

For example, I wouldn’t recommend GrapheneOS to a journalist in an authoritarian regime. It might be “more secure”, but they have a job to do and can’t keep dicking around with obscure pointer authentication settings or whatnot. They should just get a current iPhone, enable Lockdown Mode if its tradeoffs are acceptable to them, and continue doing their best job, which isn’t “phone administration”.

LARPing as Jason Bourne, or prepping for the Rokobasiliskocalypse, is a hobby. It’s okay, I do it too. However, it’s not approachable or understandable to people who don’t share that hobby, or are not as alarmed at the general state of things as we are.

I used to run unbound on my laptop just so I could configure stuff like forwarding zones with more precision than what a stub resolver normally gives you.

It can also be your validating DNSSEC resolver, which also satisfied that sort of morbid curiosity in me.

In the age of DoT and DoH, with endpoints hardcoded in browser binaries, that sort of thing has a lot less punch than it used to. Even back then Go binaries would start ignoring your nsswitch.conf…

As long as everyone is having fun, I see no problem.

If you’re not having fun switching mail providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably stop doing those things.

It’s a gross approximation, but…

Your desktop or laptop computer is probably toast, your phone probably isn’t.

There’s no easy answer to your questions. It depends on what threats you’re trying to defend against. If your primary concern is adversarial law enforcement with Cellebrite et al., a current iPhone, especially with Lockdown Mode enabled, is certainly the next best thing to Graphene that we have.

Personally, I have access to Private Relay, but never use it. That’s not because I don’t trust it, but because I only ever use VPNs to spoof my GeoIP. And you can’t do that with Private Relay.

Just “encrypted”? Probably iMessage.

Anti-abuse measures such as this are generally designed to not provide that kind of feedback. The website developer is modeled to be an adversary, and you don’t volunteer valuable information on what has worked against your countermeasures, and what hasn’t, to your designated enemy.

Tello gives you a real (US though) number, E911 and all, for 5 USD a month. You get an eSIM you can activate from anywhere in the world via Wi-Fi Calling. Send and receive unlimited texts and get 100 minutes a month for the odd service that insists on verification calls rather than texts. I’ve had zero issues.

Session disables forward secrecy for no reason.

Personally, I assume it’s a honeypot.

If you only ever use services that let you sign up with arbitrary addresses, then sure, you gain resilience against mail provider shenanigans at the expense of exposing a non-agile identifier — the domain name you bought — to any third party you provide with an address.

However, in a confused attempt to stamp out single-use mail services, some sites are rejecting mail addresses that don’t originate from one of the big mail providers, like Gmail, iCloud, Outlook. ‘Please provide your real mail address’, they’d say.

If you aren’t using any such service, you can use your own domain. Be wary of services that bounce messages to your “actual” inbox without rewriting the involved addresses (Cloudflare offers something like this, I don’t get why though), as that can lead to deliverability issues due to DMARC.

The IAB publishes some Gmail-specific guidance on how to ‘normalize’ plus-addresses to ‘real’ inboxes, so that’s something that doesn’t really do anything for you anymore. Out of the large mail services, iCloud is somewhat notable for offering single-use addresses under the same @icloud.com domain name they use for standard addresses, without having to register extra accounts or other annoying requirements. So websites that want to lock out single-use iCloud addresses would have to block iCloud addresses entirely, which is something they’ll most probably refrain from doing.

Like basically all cloud providers, Oracle publish their public-facing IP address ranges.

https://docs.oracle.com/en-us/iaas/Content/General/Concepts/addressranges.htm

Many services block these because, as you are pointing out, standing up VPN tunnel routing on a cloud instance is sort of trivial. Cloud providers publish these ranges specifically so anyone can block them easily. If lemmy.world is not blocking Oracle Cloud already, it’s only because they just haven’t come around to it.

Mullvad has a 30-day money back guarantee.

Apart from that, some payment methods (like crypto) allow transmitting arbitrary amounts. At least, paying for years in advance works without issue. You could pay a few cents and try it out, but be mindful of fees.

Almost all extensions will weaken your security posture. In fact off the top of my head there are basically only two kinds of extensions that could improve it:

• ad blockers
• (maybe!) password manager integrations

Anything else is questionable at best. Maybe you could create browser profiles where you install extensions somewhat more liberally, with decreased expectation of safety.

I’d like to imagine their pineapple pizza was the absolute best there is on planet Earth, but in spite of (or maybe because of) that they just fucking hate making it.

Basically, the Ronnie O’Sullivan of pie shops.

“I’m allowed to do this… This place is literally named Chinatown”