|
|
|
|
|
|
by wakkaflokka
2098 days ago
|
|
|
I thought a lot of people use VPNs specifically to avoid DMCA requests? From what I understand, it works extremely well in those cases and I imagine that most VPN use-cases stem from region check bypassing and DMCA request avoidance (but I could be wrong). In all seriousness, what would be the best way of increasing both anonymity and privacy online? Not from nation-states, but hackers/data breaches/ad-tech/local law enforcement? It's an interesting but frustrating topic. It seems like every potential solution has some major caveat that someone will invariably point out as making the solution useless. For example, I am wanting to export all of my data from my social media (texts, posts, location data from Google, etc) for posterity and then delete the accounts. But I also want to keep it safe and secure. So I use VeraCrypt containers. But then what if my Kinesis keyboard has some firmware embedded reading my passwords? Now I'm screwed. And if I backup online with Backblaze, and use their E2E encryption but one day they change their software so that it records the password when typing it in. It almost feels helpless. |
|
|
You have to come up with a threat model. You have to decide what threats are the most important to you.
I'd group them into three domains, based on the amount of effort involved in mitigating the threat. From the most work to the least: Threats you absolutely and utterly must avoid at any cost and effort. Threats you want to avoid, but you're not willing to the extent of fighting a state-level actor. Threats where it would be nice to have them mitigated, but it's not worth exceptional effort or cost.
For your backblaze (BB) example, your threat is "BB's client can't be trusted" and the sanctity of the data falls in bucket two.
To mitigate your distrust of BB's client, you'd want to make sure it never sees unencrypted data. And so, you'd do something like encrypt the data with your own key, and then send it to BB. You'd want to use a second computer (or a dual boot system) to ensure that the OS which hosts BB's client is not running when the encryption is happening, and share the resulting encrypted binary files with the computer that will do the upload.
The keyboard on the encrypting computer could still be a threat, but that's getting into the "state-level actor" levels of effort to counter.