| If you care about privacy/tracking in 2024 there are basically two paths (not mutually exclusive): 1. Fight it at the polling booth and support things like the EFF. 2. Become a hard target for anyone but advanced actors with you on their short list. Door #2 depends on what you mean by “advanced actor”, short of being Moxie Marlinspike or something, if Cozy Bear or 8800 or TAO/Equation Group wants you, they’re gonna get you. They’ve got people posing as employees in all the big shops (which to their credit have whole teams devoted to finding and ejecting them but with a clean passport long-term planning it’s an uphill fight). As with all security, it’s a numbers game that comes down to three key principles: 1. Make the default flow the secure flow. 2. Decide who you trust to get the details right that your adversary understands better than you do. 3. Have multiple layers of security drawn from the list you get from #2. My infosec story is still a mess, but it’s starting to become a known mess that I’m cleaning up in an organized way. On #2: I trust Brad Fitzpatrick so I trust TailScale and run it everywhere. I trust Moxie so I trust Signal. I trust Proton for a few reasons, not least of which is that Reddit and Google and Meta and many, many others give you a bunch of grief coming in off a ProtonVPN exit node: Reddit won’t even let you connect, Google hits you with wild levels of CAPTCHA on e.g. Workspace OpenID connect, and Meta superficially connects but breaks in weird ways it shouldn’t even by “post laid everyone off” standards. Brave is my compromise between usability and privacy, it’s got decent defaults that crank up really high (per-use permissions on WideVine is a great example, most major browser vendors just opt you in silently, it also fights AMP and does a fair amount of tracker blocking). ProtonVPN is aggressive by default and has a few “sledgehammer” modes (e.g. Secure Core), and it can be configured to take down your effective connection if it fails to negotiate. It also does split WireGuard by default and so it plays nice with TailScale out of the box. DuckDuckGo and Yandex both return stuff (e.g. torrents to leaked model weights) that Google censors, though obviously with Yandex you’re trading the old boss with one agenda for the new boss with a different one. On LLMs, the Orca de-tunes of Mistral-8x7 are very operator-aligned and run just fine on mid-spec Macs or gaming-class PCs and you can build llama.cpp from a small-ish codebase you can easily grep for obvious icky shit (and I trust ggerganov). Source: worked at FB on Ads and abuse/security and IG on ranking/recommenders. |