Introduction (to this post)

A week ago there was a discussion on Lemmy shitpost community mentioning Obscura.
It acts as first hop to Mullvad. Fairly limited number of its servers.
As someone mentioned, it only supports macOS, iOS, and whatever does Wireguard.

So I tried to pay for it.
First, I am displeased that there's no way to just upload public key, but instead it generates entire config along with private key in browser.
Second, I can't see list of servers and ports like on Mullvad's site, and the reason is...
Third, only one combination of entry + exit node per config is possible. It seems to just assign a port on selected entry node to forward it to specified Mullvad exit node.

And there's just 3 slots!!!!!!!!!!

I can use same key with other config's combination, but if I remove the config, that port gets closed. So yeah, I can't just have many configs saved for different servers with the same private key.

But then I thought, is the public key allowed on all Mullvad servers? Yes it is.

After all, it should be just a hop through them.

Setting up Mullvad VPN client for Obscura

First, once you have Mullvad VPN installed, open the GUI, and create an account. Perhaps this step can be skipped, but that's a simple way to get the config created.

Next, quit the GUI and stop mullvad-daemon:
```<>
sudo systemctl stop mullvad-daemon

<br />Now, open your Obscura Wireguard config in some text editor that you can copy from.  
Next, open ``/etc/mullvad-vpn/device.json`` as root. E.g.:  
```<>
sudo vim /etc/mullvad-vpn/device.json

Next, replace the private key, IPv4 and IPv6 with those from Obscura Wireguard config.

Here's an example of how that may look (data in example is invalid):
WG config:
```<>

Exit: Mullvad ca-tor-wg-002 in Toronto, CA

[Interface]PrivateKey = eNZ0Lr3jpE18o/KSVISHCi/wDWW5DgD6VCCEduKgkFI=
Address = 10.0.0.1/32, fc00:bbbb:bbbb:0:0:0:0:1/128
DNS = 10.64.0.1

[Peer]PublicKey = iqZSgVlU9H67x/uYE5xsnzLCDXf7FL9iMfyKfl6WsV8=
AllowedIPs = 0.0.0.0/0, ::0/0
Endpoint = 95.173.193.232:46906
PersistentKeepalive = 15

Mullvad device.json:  
```json
{
  "logged_in": {
    "account_number": "",
    "device": {
      "id": "",
      "name": "obscura key",
      "wg_data": {
        "private_key": "eNZ0Lr3jpE18o/KSVISHCi/wDWW5DgD6VCCEduKgkFI=",
        "addresses": {
          "ipv4_address": "10.0.0.1/32",
          "ipv6_address": "fc00:bbbb:bbbb:0:0:0:0:1/128"
        },
        "created": "1970-01-01T00:00:00.000000000Z"
      },
      "hijack_dns": false,
      "created": "1970-01-01T00:00:00Z"
    }
  }
}

Now you can once again start mullvad-daemon.
```<>
sudo systemctl start mullvad-daemon

<br />You should now be able to connect to servers just as usual. But we have yet to add the Obscura server. The account page won't work, as there's no account.  
![](https://sh.itjust.works/pictrs/image/55ad5a51-4261-4219-818b-a4184fc7ed4f.png) ![](https://sh.itjust.works/pictrs/image/f17377b4-6288-49e2-b51b-594dea817ee0.png)

Following the example above, we add an IP override for our exit node:
```<>
mullvad relay override set ipv4 ca-tor-wg-002 95.173.193.232

Thankfully, these ports are also valid for Mullvad, so no extra switching will be needed.
You should now be able to connect to the Mullvad exit node via Obscura server, with Obscura account.

Multi-hop within Mullvad (a 3rd hop)

As the port for Obscura's server matters, we can only use it as an entry node. But yes, you can do that too.

Hopping madness

There's no point, but it's possible.
The Mullvad SOCKS5 will allow for, yes, a 4th hop.

And you can add TOR, for 7 hops (to regular sites)

What does that do? From this:

All the way to network quality of your teammates:

"A new class action lawsuit accuses OpenAI of sharing data including user chat queries and personal identifying information like emails and user IDs with the tech giants — and targeted advertising behemoths — Meta and Google, without obtaining proper user consent.

Filed yesterday in California, the lawsuit claims that OpenAI’s data-sharing with Google and Meta violates the California Invasion of Privacy Act, known as CIPA, as well as the Electronic Communications Privacy Act. It points specifically to OpenAI’s integrations with Meta Pixel and Google Analytics, which are data-tracking and collection tools that facilitate targeted advertisements.

The data-tracking model described in the lawsuit — often referred to as “surveillance capitalism” — is the business that the modern internet is built on today. And OpenAI, like countless other tech companies, does include language in its privacy policy noting that it does collect, store, and share a range of consumer inputs and personal information."

futurism.com/artificial-intell…

#AI #GenerativeAI #OpenAI #Surveillance #Meta #Google #DataProtection #Privacy

[SOLVED]I kind of figured it out by doing some minimum amount of bank transfers, I concluded that the only needed domain in order to make push notifications work for my banking app is mtalk.google.com.

Not sure if it's totally right tho. It worked for me.

I found this post on /e/OS forum:
community.e.foundation/t/what-…

mtalk.google.com is needed by GCM (cloud messaging). For those using adblockers it was always recommended to whitelist it (not block it), otherwise one would have problems with push messaging

[OP]I'm currently using a ROM with GrapheneOS sandboxed Play Services + DNS filter with No Google list that blocks everything from Google.

But I think it's worth the trade off of whitelist just a specific domain because I really need instant push notifications from my banking app.

But since I blocked everything I think it's not reaching Google servers to handle push notifications properly.

So if anyone could help on this I really appreciate it.

I see my bank trying to reach these domains:
- firebaselogging.googleapis.com
- firebaseinstallations.googleapis.com
- firebase-settings.crashlytics.com

(I just pause the DNS filter when I need something related to Play Services)

From important information about Google's abuse of power, to fun projects like the good old Snake. My code is clean.

NO GOOGLE TRACK: Here I have written down the information I collected about Google, especially Project Nimbus, which supported genocide. All information is backed by sources. The page also lists alternatives, as well as security measures using uBlock Origin and the about:config menu in Firefox and LibreWolf.

GHOST SEARCH: A Fun-Project where it looks like you are hacking Google and Bing to get answers undetected without giving them any data. So, a search engine of my dreams 😁. Don't worry, this is just a joke. You aren't hacking anything at all. The actual search is powered by Mojeek a privacy-friendly search engine that does not engage in profiling. Ghost Search is essentially my parody of DuckDuckGo & Startpage, which claim to be secure but get their answers from Microsoft and Google.

SNAKE-RETRO: Kids from the 80s and 90s probably know this. The good old Snake. Since we live in an era of tracking, even on retro game sites, I wanted to look back to a time when games were just games. So I thought, "Come on, dare to try making a retro game without any trackers," and I succeeded. Hope you have fun! 😊

All my projects are in German. Still, I hope you'll understand everything correctly thanks to your browser's automatic translation settings.

RE: indieweb.social/@permafriday/1…

THIS IS A LABOR ISSUE

now that Google doesn't have to pretend #android is not the #backdoor #surveillance system Snowden warned us about, it has a problem:

app developers.

the app store was always a honeypot for free #labor. without #apps there is no android. so Google has to rein in app devs, if they don't want their #spyware broken.

but if you give up your encryption keys, the app isn't yours. this isn’t about #privacy.

Google wants app devs to be employees without labor rights.

𝑬𝒍𝒊𝒋𝒂𝒉🔋

2026-05-12 10:16:13

Starting September (this year), Google will require every Android app developer to register centrally, provide government ID, and submit signing keys. Apps from unregistered developers will be blocked on all certified devices worldwide. This threatens F-Droid, open-source distribution, and user autonomy. @keepandroidopen @pluralistic keepandroidopen.org

Keep Android Open

Your phone is about to stop being yours. In September 2026, Google will block every Android app whose developer hasn't registered with them.

<sup>keepandroidopen.org</sup>

Don’t send me Easter emails

Ever got the “please don’t send me Father’s Day emails”

I get the sentiment behind emails like this, but it feels like doing it in the moment keeps it raw. Ask just after I sign up if there are any sensitive dates, at the same time as asking me if I celebrate Christian or Muslim holidays. (No, I don’t know any website that does that)

Consent, at least under the GDPR, should be obtained in advance, freely given, and without prejudice. So why do you need to email me to ask if I want no emails? Ask me up front if there are any important dates, any birthdays, and include a list of common ones from the Christian, Sikh, Jewish, Muslim, Buddhist and other calendars. Include dates related to my country. Thanksgiving Day is different for the USA and Canada. And there are a lot of Independence Days.

Sure, folks won’t want to fill it in unless they see a benefit, but that’s what consent is. It’s more work up front and ongoing, but in return, you get trust, a much stronger relationship and the person feels more respected. This is a rare phenomenon in consumer data these days.

Consent matters. Informed consent in advance demonstrates commitment.
#privacy #quality #ux