Skip to main content

mastodon - Link to source

Open letter to anyone with a protest or rights-based website:

PLEASE get rid of Facebook and Google SSO login options and analytic tracking codes from your sites.

You are literally handing over your user data to unscrupulous players that are in direct opposition to your cause. These sites can and do hand over user-specific data.

To everyone, stop using these options. Set a strong password. Use an alias email. Use a VPN.

#indivisible #democrats #plannedparenthood #privacy

Screenshot of Democrats.org showing Google Tag.
Screenshot of Planned Parenthood website showing Google Tag Manager.
Screenshot shows SSO options for the Indivisible website.
#privacy #democrats #indivisible #plannedparenthood

waspfactory reshared this.

in reply to The Privacy Foundation

Forth Co-Processor
mastodon - Link to source
Forth Co-Processor

GreenMaps.us now has Oauth Login. The large button on the upper right hand corder is the old log in system, the drop down is the fediverse login system, still undergoing testing.

greenMaps.us

@theprivacyfoundation

The Mastodon Oauth drop down menu showing ClimateJustice.social, Union.place, Mastdn.social and mastodon.social

Map of State and Local Green Parties

Please click into your state and contact your local Green Party. This is a volunteer effort, separate from The Green Party of the United States.
greenmaps.us
@The Privacy Foundation
in reply to The Privacy Foundation

Lien Rag
mastodon - Link to source
Lien Rag
Source about the "do hand over user-specific data" ?
The fact that they can should be enough to convince, but people not already convinced are extremely daft about those topics, so a good source would be useful...
in reply to Lien Rag

The Privacy Foundation
mastodon - Link to source
The Privacy Foundation

@lienrag

nytimes.com/interactive/2019/0…

And SSO works by handing off data. Facebook and Google can identify users on and offline actions and whereabouts.


Tracking Phones, Google Is a Dragnet for the Police

The tech giant records people’s locations worldwide. Now, investigators are using it to find suspects and witnesses near crimes, running the risk of snaring the innocent.
Jennifer Valentino-DeVries (The New York Times)
@Lien Rag
in reply to The Privacy Foundation

D4S3
mastodon - Link to source
D4S3
Unless it's someone who knows what they're doing regular people should use the tor browser instead of relying on a VPN. There's too many sketchy-at-best and honeypot-at-worst vpns out there.
in reply to The Privacy Foundation

Karmalakas
mastodon - Link to source
Karmalakas
what does VPN do in this case? VPN companies also can and do hand over data to 3rd parties...
in reply to The Privacy Foundation

stony kark
mastodon - Link to source
stony kark
just a casual reminder that VPNs are just someone else’s network. They don’t provide any additional privacy, not by design nor by implementation. They’re really only valuable to corporations and other large entities that want to monitor what their users are doing. Well, that and to pretend you’re in another country to watch netflix, I guess. If you’re not the network admin, it’s not a private network.
in reply to The Privacy Foundation

The Privacy Foundation
mastodon - Link to source
The Privacy Foundation

On VPN usage...

Hypothetically, any system on the web that you interact with can "know" you. And while it is true that VPNs are no different, the reality is that using a paid ProtonVPN or similar non-US based service would require that service to cooperate internationally with a warrant. Proton does not store where you visited. Good luck getting that info operationally into the hands of ICE as part of a dragnet.

#Proton #Security

#security #Proton
in reply to The Privacy Foundation

The Privacy Foundation
mastodon - Link to source
The Privacy Foundation

Using an encrypted password manager + a strong password + a VPN is FAR safer security-wise than using SSO. Users of these sites are\can\will be actively targeted by the US. Every hurdle put in their way is good.

Agree that TOR is good, in fact recommend @tails which will hide identity behind additional randomized parameters. TOR can also be used incorrectly.

The goal of this post is practical in nature.

@keepassxc @protonprivacy

@Tails @Team KeePassXC @Proton
in reply to The Privacy Foundation

John K.
mastodon - Link to source
John K.
And always you should be aware of what you are defending against. Of course in the internet there is no real privacy not in front of organisations with large scale visibility of the net and advanced device fingerprinting capabilities.
in reply to The Privacy Foundation

Tariq
mastodon - Link to source
Tariq

Agree 99% with this. Thank you.

The only thing I would cautony against is Proton given their CEO's pro maga statement.

Also, how do you know proton doesn't log where you went to via their vpn?

That's a significant statement to make.

in reply to Tariq

The Privacy Foundation
mastodon - Link to source
The Privacy Foundation
@rzeta0 have seen nothing that they can or do comply with dragnet operations.
@Tariq
in reply to Tariq

Tariq
mastodon - Link to source
Tariq
Reading the other replies I'm glad to see others caution again VPNs that you personally don't know inside out.
in reply to Tariq

Tariq
mastodon - Link to source
Tariq

For non-technical activists reading this, let me put it like this.

Hey I'm offering a VPN service. Use me!

All your interactions on the web go via me. That means I know which sites you went to.

And if I were hacked, or simply handed that info to a tyrant, you're compromised. And especially if I offer a "free" service, I gotta sell something to make money. Data about YOU.

And because ALL your internet activity is via me, it's easier to build a fuller picture of you.

in reply to Tariq

The Privacy Foundation
mastodon - Link to source
The Privacy Foundation
@rzeta0 protonvpn.com/blog/no-logs-aud…

Proton VPN’s no-logs policy confirmed by an external audit

Independent security experts verified that ProtonVPN does not log user data or engage in any practices that might compromise your privacy.
Andy Yen (Proton VPN)
@Tariq
in reply to The Privacy Foundation

GeneralX
mastodon - Link to source
GeneralX
People should also know that registering for a protest is highly recommended against!
in reply to The Privacy Foundation

Catherine is not giving up.
mastodon - Link to source
Catherine is not giving up.
ooofff my mom (93 y/o) gave me her sign in because she wanted me to see what she’s been seeing.
Algorithms are promoting obvious fake information. Troll farms that have acreage Del Monte would envy. I clicked on multiple profiles and if they weren’t trolls they were bots with sketchy links.
It is another level of X with more subtle propaganda.
in reply to The Privacy Foundation

Michael Vilain
mastodon - Link to source
Michael Vilain
This is why I either don't login or I create an anonymized account using a disposable email address from Proton.