<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title>Privacy on Trafotin.com</title>
    <link>https://trafotin.com/tags/privacy/</link>
    <description>Recent content in Privacy on Trafotin.com</description>
    <generator>Hugo -- 0.163.3</generator>
    <language>en</language>
    <lastBuildDate>Fri, 26 Sep 2025 00:00:00 +0000</lastBuildDate>
    <atom:link href="https://trafotin.com/tags/privacy/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Trafotin Watches: Meta Connect 2025</title>
      <link>https://trafotin.com/v/trafotin-watches-meta-connect-2025/</link>
      <pubDate>Fri, 26 Sep 2025 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/trafotin-watches-meta-connect-2025/</guid>
      <description>Facebook returns from their political apology tour to bring us glasses that extend the reach of their surveillance and unnecessary features of your phone straight into your eyes. To top all of that, you can now text people as long as you transmit all of your muscle movements to boot. At least all the live demos failed, but it&amp;rsquo;s only downhill from here&amp;hellip;</description>
      <content:encoded><![CDATA[<p><img alt="Mark Zuckerberg and me wearing the Facebook glasses and Zuckerberg is choking me with a blue beam emerging from his wrist band." loading="lazy" src="/i/trafotin-watches/trafotin-watches-meta-connect-2025.webp">
<em>Want to hear my raw opinions outside of my videos? Patrons and YouTube Members get access to full commentaries on for major big tech event. Thanks to viewer support, I can refuse sponsors and create art/videos to equip you with independence to survive in an ever-changing tech landscape.</em></p>
<center>
<button class="button button1">
<a  href="/donate"  >
	
Donate

</a>
</button>
</center>

<center>
<button class="button button1">
<a  href="https://www.youtube.com/watch?v=xXhva_Yyp0o"  >
	
YouTube (Members only)

</a>
</button>
</center>

<p>

<div style="position: relative; padding-top: 60%;"><iframe title="The Meta Neural Band Epic Fail" width="100%" height="100%" src="https://spectra.video/videos/embed/oZ1gTu944Qd4tKXUH3poFS?subtitle=en" allow="fullscreen" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="border: 0px; position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://youtube.com/watch?v=ObbrI_8F1jU"  >
	
YouTube

</a>
</button>
</center>
</p>
<p>

<div style="position: relative; padding-top: 60%;"><iframe title="Facebook Runs Away From Failed Demos" width="100%" height="100%" src="https://spectra.video/videos/embed/9jfHQJz9XeqJY4v8rGJAWT?subtitle=en" allow="fullscreen" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="border: 0px; position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://youtube.com/watch?v=_B70-0oSivI"  >
	
YouTube

</a>
</button>
</center>
</p>
<h1 id="references">References</h1>
<p>Streamed on September 17th at 8pm EST, the original livestream from Facebook&rsquo;s website was in 360p. A 1080p version was simultaneously streamed to YouTube, which Winward and I watched. Later, Facebook edited their site&rsquo;s livestream to use the 1080p version.</p>
<ul>
<li><a href="https://www.facebook.com/Meta/videos/1927325824791552/">Original Video (Facebook Live)</a></li>
<li><a href="https://www.youtube.com/watch?v=D97ILdUbYww">Original Video (YouTube)</a></li>
</ul>
<h1 id="sources">Sources</h1>
<ul>
<li>The initial demonstration of the Neural Band is from <a href="https://www.facebook.com/events/630799378660649/">Meta Connect 2022</a></li>
<li><a href="https://www.youtube.com/watch?v=1Wy-6z17up4">Mark Zuckerberg vs Lex Fridman in Jiu Jitsu</a></li>
<li>The song that originally played was Diplo &amp; Sleepy Tom - Be Right There. Due to copyright, this song has been replaced with <a href="https://soundcloud.com/soulection/02-before-you">J-Louis - Before You (Rachel Foxx flip)</a></li>
</ul>
]]></content:encoded>
    </item>
    <item>
      <title>Tor Has Problems, But Mental Outlaw Has Multiple Too.</title>
      <link>https://trafotin.com/blog/2025-09-13-tor-issues/</link>
      <pubDate>Sat, 13 Sep 2025 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/blog/2025-09-13-tor-issues/</guid>
      <description>Mental Outlaw made an inaccurate video. A couple actually. Plus some announcements for the next 2 months.</description>
      <content:encoded><![CDATA[<p>A <a href="https://www.youtube.com/watch?v=QDDkfKPmD8c">little</a> <a href="https://odysee.com/@AlphaNerd:8/the-tor-project-is-ignoring-these-issues:d">birdie</a> named Mental Outlaw whispered into my ear that the Tor Project has failed to fix BGP routing problems, issues with the NoScript settings, and the static user agent.</p>
<p>First of all, BGP routing problems don&rsquo;t just affect Tor. They affect all kinds of network architecture like VPNs and certificate authorities. While I don&rsquo;t have a complete understanding, <a href="https://collaborate.princeton.edu/en/publications/counter-raptor-safeguarding-tor-against-active-routing-attacks">the attacks presented by Princeton University&rsquo;s team against Tor</a> are not unique. A similar attack was documented by <a href="https://www.certik.com/resources/blog/bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the">Certik against the crypto exchange KLAYswap</a>. By that point, this seems out of scope of Tor when all of us could be hit.</p>
<p>Second, I&rsquo;m not familiar with the specifics of what NoScript is doing, but the team has expressed that they need more data for building more up-to-date NoScript profiles. Seeing as I&rsquo;m one of the only people on the planet who uses uBlock Origin advanced mode, I don&rsquo;t know what the expectation is here nor what should be blocked in each mode except Default. The Tor security settings made sense back when NoScript was the only game in town, but there are <a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43365">plans integrating uBlock Origin</a> into Tor and it&rsquo;s going to take some time.</p>
<p>Third, on <a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43292">the Tor Browser no longer changing the user agent to Windows</a>, user agents have long been broken. I constantly get questions on old videos and I&rsquo;ll say it here, stop using user agent switchers. As long as you know what user agent you want (e.g. Chrome on Mac), you can use the responsive design mode in Firefox or &ldquo;Inspect Element&rdquo; in Chromium to change it. This feature exists for people who are web designers or app makers to test compatibility and responsiveness of their sites or apps.</p>
<p>Changing your user agent can fool certain scripts, but other scripts easily bypass it using fonts/CSS detection and find some way to detect your true operating system. Since Apple created Apple Silicon, the Tor Browser has reported the accurate &ldquo;Firefox ESR on Mac&rdquo; user agent because they mostly still are the only ARM users of the Tor Browser. When you think about it this way, it makes changing your user agent detrimental to your privacy because only weirdos and web devs change their user agent.</p>
<p>Fourth and finally, maybe consider not trusting sources that only show their sources in screenshots and make me go down rabbit holes online and yank things out of my brain. He clearly doesn&rsquo;t know anything about Fair Use when he watched Reddit videos in a livestream with no meaningful commentary, <a href="https://odysee.com/@AlphaNerd:8/is-proton-mail-really-private,-secure,:f">previously claimed Proton is a honeypot without provided substantial proof</a>, <a href="https://social.lol/@hen/113319889528790158">stole thumbnails from other YouTubers to use in videos</a>, or <a href="https://linuxreviews.org/File:Mental_Outlaw_-_Politically_Correct_Tech.webm">complained about politics/open source</a> rather than helping people or fixing problems. I hope one day the feds would pay me the money some people will likely accuse me of making. Maybe consider not getting your news from YouTubers, including me, especially when they use awful sources like Linuxiac, the Register, Tech Radar, Reddit, and X (formerly Twitter). This kind of critical thinking is taught in school to fifth graders or students in primary school.</p>
<p>Oh and happy Saturday to you all. I realized Meta Connect is this Wednesday, so I&rsquo;ve had to slow down video production until it&rsquo;s over. Shorts will be out for the last 4 tech events I&rsquo;ve watched over the last 2 months, commentaries are out for Patrons/YouTube members, and the groundwork for 2 videos have been laid out, including one about the mythical Windows 12.</p>
]]></content:encoded>
    </item>
    <item>
      <title>Verify Your Downloads like a PRO!</title>
      <link>https://trafotin.com/v/gnupg/</link>
      <pubDate>Fri, 16 Aug 2024 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/gnupg/</guid>
      <description>PGP keys, hashes, vendor certificates&amp;hellip; there&amp;rsquo;s so many ways to verify a file! And all of them are like pulling teeth.</description>
      <content:encoded><![CDATA[

<div style="position: relative; padding-top: 56.25%;"><iframe title="Verify Your Downloads Like a PRO!" width="100%" height="100%" src="https://spectra.video/videos/embed/fb438752-a012-4c10-80d8-2387eb2a4a84?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://www.youtube.com/watch?v=GtEk8bOb0cI"  >
	
YouTube

</a>
</button>
</center>

<p>Verifying downloads is something that should be ingrained into every
computer user. Unfortunately, the process is very complicated and very
few services make this easy for people. It’s intimidating to be told to
use the terminal, especially if you are on Windows or Mac.</p>
<h1 id="paid-signatures">Paid Signatures</h1>
<p>What’s more, why bother when a lot of the programs you use are probably
verified already? Windows and macOS have a built-in mechanism to
identify whether or not a program was created by the manufacturer that
claimed to make it. If you use Snaps or Flatpaks on Linux, both
implement a checkmark system to show the developer was verified by the
Snapcraft and Flathub developers.</p>
<p>Signed applications are necessary to ensure the file wasn’t tampered
with on the way from the developer to your computer. If you use a
package manager like Winget, Homebrew, or the one in your Linux
distribution, this process is also automatic. What’s more on Linux, the
vast majority of packages on Linux are not verified. Even within the
average distribution repository, most packages are not officially
sanctioned by the original developers. This doesn’t mean a application
is malware, but it can often introduce more problems.</p>
<p>The problem is signing systems like Apple’s notarization process or
Microsoft certificates are costly for developers, requiring at least a
couple hundred dollars up front just so the program you made won’t get
blocked by the default antivirus.</p>
<ul>
<li><a href="https://developer.apple.com/support/compare-memberships/">Apple’s crazy developer
fees</a></li>
<li><a href="https://learn.microsoft.com/en-us/windows/win32/seccrypto/hashes-and-digital-signatures">Microsoft’s explainer about
certificates</a></li>
<li><a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/code-signing-cert-manage">Microsoft’s list of code signing certificate
providers</a></li>
</ul>
<p>Unsigned applications don’t suggest they are malware, but it’s important
to pay attention to where you got the program to begin with.</p>
<h2 id="bypassing-signature-checks-on-macos">Bypassing Signature Checks on macOS</h2>
<p>Like Microsoft, Apple has a robust verification system. Unlike
Microsoft, Apple is more proactive at blocking unverified downloads.
When you open an application for the first time, Apple will prompt you
if you want to open the application.</p>
<p><a href="https://support.apple.com/guide/mac-help/open-a-mac-app-from-an-unidentified-developer-mh40616/mac">If you need to open an unsigned
application</a>
(e.g. LibreOffice, Alacritty, etc): navigate to <code>/Applications</code> and
<code>Ctrl + Click</code> the application you want to open. Then select “Open.”</p>
<p>If you are on <a href="https://developer.apple.com/news/?id=saqachfa">macOS Sequoia or
higher</a>, you will need to
go to the Settings, “Privacy &amp; Security” and manually allow an unsigned
app.</p>
<h1 id="manual-verification">Manual Verification</h1>
<p>Naturally, people aren’t accustomed to verifying their downloads.</p>
<p>A couple years ago, <a href="https://blog.linuxmint.com/?p=2994">Linux Mint was
hacked</a> and the ISO was modified to
mine cryptocurrency off the unlucky souls who downloaded it. Thankfully,
Mint’s team shut down the attack very quickly, but it goes to show how
important it is to verify your downloads.</p>
<p>The attack was easily prevented if users verified their downloads.
Unfortunately, verifying downloads is something that doesn’t get enough
attention. The hacker of the Linux Mint, Peace, made the bold, but
accurate claim:</p>
<blockquote>
<p>Who the f**k checks those anyway?</p>
<p><a href="https://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installing-linux-mint-backdoor/">Peace, to ZDNET’s Zack
Whittaker</a>
February 21, 2016</p>
</blockquote>
<p>We’re going to have to go and prove him wrong. It’s not going to be easy
and maybe this is something that we need to start developing.</p>
<h1 id="gpg-signatures">GPG Signatures</h1>
<p>One of the most popular ways files are verified is PGP keys. Pretty Good
Privacy (PGP) keys are often necessary for verifying other files using a
central server for trust. Some projects also require verifying
additional files.</p>
<p>PGP was originally only available to the government in the 1970s and PGP
was developed to make file and text encryption more accessible to
average people. Almost 40 years later, PGP is very unfriendly and is far
too complicated to use. Encrypted messaging apps automate this message
verifiability and security process, so they fill this void better.
Despite its shortcomings, many open source projects and packaging
utilities rely on PGP, because nobody has been able to break it.</p>
<p>PGP is typically handled with a command line application called <a href="https://gnupg.org/">GNU
Privacy Guard (gnupg)</a>. There are various graphical
front-ends:</p>
<ul>
<li>Windows: <a href="https://www.gpg4win.org/index.html">Gpg4win</a></li>
<li>macOS: <a href="https://gpgtools.org/">GPG Suite</a> (Mail encryption is paid)</li>
<li>Linux: <a href="https://apps.kde.org/kleopatra/">Kleopatra</a></li>
</ul>
<p>Of course, like most GNU applications, using gnupg or any of its
frontends is not particularly straightforward.</p>
<h3 id="verifying-gpg-signatures">Verifying GPG Signatures</h3>
<p><em>I will be using the instructions for Kleopatra and Gpg4win. The
instructions are similar for GPG Suite.</em></p>
<p>First, download the files you wish to verify. This will be your desired
file and a signature file with the extension .sig or .asc.</p>
<p>Typically, these files are named something similar. If you download
openSUSE Tumbleweed’s ISO and verify the checksums, the files we need
here are the signature file
<code>openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256.asc</code> and file we want
to verify <code>openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256</code>.</p>
<p>Make note the folder where the files you downloaded are (e.g.
Downloads).</p>
<ol>
<li>In your GPG program, navigate to “Decrypt/Verify.”</li>
<li>Select the signature file first and the file that needs to be
verified.</li>
<li>If you are told the certificate is unavailable, select “Search” to
download the key from a known key server. Otherwise, skip to #6.</li>
<li>Once the key server has found the certificate, click on it and
select “Import.”</li>
<li>Accept the next dialogue once the certificate was imported.</li>
<li>Repeat the process of “Decrypt/Verify” and select the files again.</li>
<li>Select “Show Audit Log.” If you see “Good signature from…,” the file
has been verified as the authentic file.</li>
</ol>
<p>Ignore any warnings that tell you the signature cannot be verified. This
often confuses people who are trying to verify files when they aren’t
trying to encrypt files themselves.</p>
<blockquote>
<p>Since PGP keys aren’t designed for humans, you need to move them
electronically. But of course humans still need to verify the
authenticity of received keys, as accepting an attacker-provided
public key can be catastrophic.</p>
<p>PGP addresses this with a hodgepodge of key servers and public key
fingerprints. These components respectively provide (untrustworthy)
data transfer and a short token that human beings can manually verify.
While in theory this is sound, in practice it adds complexity, which
is always the enemy of security.</p>
<p>Now you may think this is purely academic. It’s not. It can bite you
in the ass.</p>
<p><a href="https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/">What’s the matter with PGP? - Matthew D. Green, Johns Hopkins
University</a></p>
</blockquote>
<h3 id="command-line">Command-Line</h3>
<p>gnupg can also be used from a terminal to verify keys. As a GNU utility,
it’s best utilized on Linux, macOS through Homebrew, or Windows
Subsystem for Linux. It’s also preinstalled in many Linux distributions.</p>
<p>First, verify your file using the signature file first, then the
downloaded file.</p>
<pre><code>gpg --verify openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256.asc openSUSE-Tumbleweed-DVD-x86_64-Snapshot20240806-Media.iso.sha256
</code></pre>
<p>If the certificate is not yet added, we need import it into our GPG
keyring. You will get presented with a dialogue similar to this:</p>
<pre><code>gpg: Signature made Tue 06 Aug 2024 09:04:47 AM EDT
gpg:                using RSA key 35A2F86E29B700A4
gpg: Can't check signature: No public key
</code></pre>
<p>Next, import the certificate from a remote server. This is the blob of
letters and numbers after the key type. In this example, openSUSE uses
an RSA key and the key is <code>35A2F86E29B700A4</code>.</p>
<pre><code>gpg --recv-keys 35A2F86E29B700A4
</code></pre>
<p>You should get an output informing you if the signature was imported to
your keyring. Rerun the <code>gpg --verify</code> command from earlier. If you see
“Good signature from…,” the file has been verified as the authentic
file.</p>
<h1 id="check-out-those-checksums">Check Out Those Checksums!</h1>
<p>Often times, software makers will provide checksums, which are verified
using GPG keys. This ensures the files you downloaded aren’t tampered
with or corrupt in some way.</p>
<p>Checksums are alphanumeric representations of files or data—every file
has one. There are many different algorithms to check files and it’s
different for every operating system. For example on Linux, there’s a
nice GUI called <a href="https://apps.gnome.org/Collision/">Collision</a>. There
are also command-line options.</p>
<p>An alternative is uploading the file to
<a href="https://www.virustotal.com/">VirusTotal</a>, but this may be privacy
invasive as VirusTotal will receive a copy of your file.</p>
<p>At any point if you need to navigate to a folder or type a file name,
you can drag the folder or file into your terminal instead of typing it
out.</p>
<h2 id="popular-algorithms">Popular Algorithms</h2>
<ul>
<li>SHA1</li>
<li>SHA256</li>
<li>SHA512</li>
<li>MD5</li>
</ul>
<h2 id="gnu-coreutils-linux">GNU coreutils (Linux)</h2>
<p>Linux has the most comprehensive and commonly used hash verification
tools by the GNU Project. The commands also have a built-in checker to
formatted checksums from a file.</p>
<pre><code>sha256sum openSUSE-Tumbleweed-DVD-x86_64-Snapshot20240806-Media.iso
</code></pre>
<p>Running the command will give an output that looks like this:</p>
<pre><code>3b55f6f88c0a64f0e4e2abe19e106c40578ef60a9d97b5be149736e83154b0ce  /var/home/user/bin/mullvad-browser/Browser/Downloads/openSUSE-Tumbleweed-DVD-x86_64-Snapshot20240806-Media.iso
</code></pre>
<p>If you have a .sha* file, you can verify the file with the -c command.</p>
<pre><code>sha256sum -c openSUSE-Tumbleweed-DVD-x86_64-Snapshot20240806-Media.iso.sha256
</code></pre>
<p>If you were not provided a .sha* file, you can manually verify by
opening the file in a text editor or word processor, then manually
comparing the hashes.</p>
<h2 id="macosbsd-shasum-and-md5">macOS/BSD: shasum and md5</h2>
<p>On Mac, the process is slightly different than Linux, because macOS
still maintains BSD tooling. <a href="https://formulae.brew.sh/formula/coreutils">The GNU version from
above</a> can be downloaded
from Homebrew if you prefer the Linux commands.</p>
<p>Apple briefly discusses SHA checksums in their <a href="https://developer.apple.com/library/archive/documentation/Security/Conceptual/Security_Overview/CryptographicServices/CryptographicServices.html">developer
documentation</a>.
<a href="https://developer.apple.com/documentation/cryptokit/insecure/md5">MD5 is deprecated due to its
insecurities.</a></p>
<p>Open Terminal (or an alternative like iTerm2) and enter the desired
commands.</p>
<h3 id="shasum">shasum</h3>
<p>For SHA checksums, use the <code>shasum</code> command. Below is an example for
SHA256 sums.</p>
<pre><code>shasum -a 256 subscribe.pkg
</code></pre>
<p>The output will look like this:</p>
<pre><code>baaeeedffc7ef4a4f65ec8015699a5c95db91d131d253f1eb2ebc469557344c2 subscribe.pkg
</code></pre>
<h3 id="md5">md5</h3>
<p>For MD5 checksums, use the <code>md5</code> command.</p>
<pre><code>md5 likethevideo.dmg
</code></pre>
<p>The output is very different from the Linux version, but it’s
functionally the same.</p>
<pre><code>MD5(likethevideo.dmg)= 20665acd5f59a8e22275c78e1490dcc7
</code></pre>
<h2 id="windows">Windows</h2>
<p>Windows has a PowerShell utility called
<a href="https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash">Get-Filehash</a>,
which is a catch-all command for all signatures and algorithms.</p>
<p><code>Get-Filehash</code> is always following by your file, then the algorithm you
wish to use.</p>
<pre><code>Get-FileHash C:\Users\user1\Downloads\Contoso8_1_ENT.iso -Algorithm SHA256
</code></pre>
<p>All common algorithms are supported by Windows like SHA and MD5.</p>
<h2 id="did-it-work">Did It Work?</h2>
<p>Regardless of operating system, if the file is verified, you should just
get an “OK.” Now your file is ready to use!</p>
<p>Now that you know, verify your downloads every time. You’ll keep
yourself safe from the nasty things out there. All we need to do is pray
for better tooling.</p>
<h1 id="resources">Resources</h1>
<ul>
<li><a href="https://help.riseup.net/en/security/message-security/openpgp/best-practices">Riseup’s tutorial on GPG key
management</a>.
The guide is outdated, but the format of commands and best practices
are still true.</li>
<li><a href="https://simonsingh.net/books/the-code-book/"><em>The Code Book: The Secret History of Codes and Code-breaking</em> by
Simon Singh</a>. If you
want to read specifically about key exchange, PGP, and quantum
computing, it’s chapter 6 and onward.</li>
<li>Damon Garn’s blog post for Red Hat <a href="https://www.redhat.com/sysadmin/hashing-checksums">“An introduction to hashing and
checksums in
Linux”</a></li>
</ul>
<h1 id="track-listing">Track Listing</h1>
<ul>
<li><a href="https://dova-s.jp/EN/bgm/play287.html">Takashi Waraya (稿屋 隆) - With watching the donkey
(ロバでも眺めながら)</a></li>
<li>Yu-Gi-Oh! Power of Chaos: Kaiba the Revenge - Card List</li>
<li><a href="https://dova-s.jp/EN/bgm/play20829.html">えだまめ88 - chocomint
(チョコミント)</a></li>
<li>Outro: <a href="https://soundcloud.com/khaimmusic/free-neon-lamp-charlie-puth-x-bruno-mars-type-funky-guitar-pop-instrumental/s-uqEQff1liFX">Khaim - Neon
Lamp</a></li>
</ul>
]]></content:encoded>
    </item>
    <item>
      <title>The Biggest Threats of Generative AI</title>
      <link>https://trafotin.com/v/ai-philosophy/</link>
      <pubDate>Fri, 02 Aug 2024 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/ai-philosophy/</guid>
      <description>Hey there, fellow human beings! Today let&amp;rsquo;s talk about the next eugenics disaster—generative AI. That&amp;rsquo;s right, those fancy algorithms that can create images, videos, and even entire YouTube descriptions with just a few clicks. Sounds cool, right? Well, it gets complicated when the big corporate players like OpenAI, Google, and Facebook get involved. To them, creativity and the human experience is a problem to be solved. We&amp;rsquo;ll explore the importance of open-source, interoperable, and human-centered generative AI in today&amp;rsquo;s world. From the dangers of corporate-controlled AI to the potential for creative freedom, we discuss why it&amp;rsquo;s essential to adopt AI that respects human dignity.</description>
      <content:encoded><![CDATA[

<div style="position: relative; padding-top: 56.25%;"><iframe title="The Biggest Threats of Generative AI" width="100%" height="100%" src="https://spectra.video/videos/embed/3ca9f0fb-f8ec-4cb3-84a0-367787c68ce4?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://www.youtube.com/watch?v=KCiNap5wcew"  >
	
YouTube

</a>
</button>
</center>

<p>Let’s have a frank conversation about only the biggest buzzword in tech
right now—AI. More specifically, generative AI, because it’s all the
rage right now, everything from the next piece of corporate vaporware to
the next thing to ruin a profession of service workers, creatives, and
all coding as we know it.</p>
<p>AI has dominated conversation of tech for a long time, but no matter who
talks about it, it’s always divisive. You’re either shaking your fist at
that AI cloud in the sky or you’re a tech bro praising the almighty
robot and praying in the hope of Roko’s Basilisk.</p>
<p>I can’t help, but feel there’s much more nuance to the issue of AI.
People will be quick to blame our culture for the extremism, but I think
this sphere of tech has a bigger problem: the personification of AI.</p>
<p>Personifying AI removes accountability and responsibility from the
entities that create it. Despite claims of valuing safety in generative
AI, the larger tech firms and companies will use this to maintain their
hegemony.</p>
<p>Today, 1 year into the AI craze, I want to cast vision on what we can do
to navigate AI, how we can discuss it intelligently, and why we should
advocate for AI that serves people first.</p>
<h1 id="corporate-control">Corporate Control</h1>
<p>Let’s start off with the one that looms over everything in generative
AI—corporate influence. Every big tech company wants to get their greasy
tendrils into generative AI because they believe they can use it to get
more money.</p>
<p>Money is an easy thing to blame, but big tech controls much more in AI
than we’d like to admit:</p>
<p>OpenAI, one of the largest AI players in the AI industry, <a href="https://www.semafor.com/article/01/09/2023/microsoft-eyes-10-billion-bet-on-chatgpt">has 49% of
their for-profit stake owned by
Microsoft</a>.
This not discounting for Apple’s push for OpenAI <a href="https://www.bloomberg.com/news/articles/2024-06-12/apple-to-pay-openai-for-chatgpt-through-distribution-not-cash">by bribing them with
exposure</a>.</p>
<p>While perceived to be behind, Google’s no slouch despite what media
outlets and public perception is. Google has used the vast amount of
data they harvest to power their AI models, including things most of Big
Tech can’t achieve. This includes in video generation (Veo), real-time
audio/image recognition, and strong contribution to open source AI
projects.</p>
<h2 id="the-ai-creep">The AI Creep</h2>
<p>The biggest problem with corporate AI, much like OpenAI’s ChatGPT and
Google’s Gemini, is privacy and surveillance. It’s no shocker that every
single Big Tech company has struggled with privacy. When Google tells
you that they care about your privacy, you know in your heart that
privacy and Google go about as well as peanut butter and tuna fish.</p>
<p>The important thing to remember here is surveillance capitalism, where
access to your data is sold as a commodity more valuable than the actual
money. Even if you don’t willing provide information to or use these
tools, your data will be fed into them because all of these companies
have a stranglehold on the majority of the internet’s contents that we
all use.</p>
<h2 id="ai-wont-steal-your-job-but-companies-sure-will">AI Won’t Steal Your Job, But Companies Sure Will</h2>
<p>hidden=&quot;&quot;</p>
<p>An important thing about AI is acknowledging that human rights are
valuable, including privacy. There are some tasks that absolutely need
to be replaced of AI because these tasks are just unsuitable to be done
by human beings. Nobody wants to work in a retail warehouse. Workers are
strictly monitored and kept on a strict track to pack and load things
to/from a boarding area. Wouldn’t it be great if we had robots do this
instead so people could just operate them instead?</p>
<p>Most people would balk at a statement like this, but if companies are
just going to fire you and replace you of AI, maybe you shouldn’t have
been working with that kind of job to begin with. You might be better at
working someplace else if you’re just going to be abused in the
workplace when your employer is just going to replace you with an
artificial intelligence unit.</p>
<p>In a different universe, your job would have been replaced with
something else because that company clearly thinks your job is
worthless. Great example is <a href="https://www.theinformation.com/articles/google-plans-ad-sales-restructuring-as-automation-booms">Google’s major software development
layoff</a>
(<a href="https://techcrunch.com/2024/05/01/google-lays-off-staff-from-flutter-dart-python-weeks-before-its-developer-conference/">No
Paywall</a>)
this year before Google I/O. It’s no different than any other kind of
“-ism” in the workplace.</p>
<p>This is the final goalpost of artificial intelligence and the growing
trend of artificial general intelligence (or the dreaded AGIs).
Companies prioritize money, certain types of work, and building the
“everything” machine. Sound familiar? A machine that does everything is
in effect a disposable human being. Even when said machine is a
glorified mimicry writer, raising money towards this reality will
advantage corporations in power and disadvantage those with little.</p>
<p>It’s important that we acknowledge that some people have certain jobs
because of their privilege or background. The problem is not LLMs; LLMs
are merely tools and the cat is out of the bag at this point. It’s now
about what we are going to do protect people caught in the crossfire.</p>
<p>Generative AI is not the end of civilization. We can’t judge it as
intelligence, we judge as software. Right now, generative AI is a part
of that idealistic fantasy corporations want to sell.</p>
<h2 id="all-the-reach-no-way-to-leave-enshittification">All the Reach, No Way to Leave (Enshittification)</h2>
<p>hidden=&quot;&quot;</p>
<p>Being subject to the whims of advertisers means these new AI platforms
will face the same twisted market incentives that allowed Big Tech to
gain the position of oligarchs these companies hold today.</p>
<p>The other problem is lock-in. Many companies safeguard the data of their
models carefully and refuse to answer any questions about it.</p>
<p>Even the former interim CEO/now CTO of OpenAI, Mira Murati, refuses to
answer to Joanna Stern of <em>The Wall Street Journal</em>.</p>
<blockquote>
<p>STERN: What data was used to train Sora?</p>
<p>MURATI: We used publicly available data and licensed data.</p>
<p>STERN: So, videos on YouTube.</p>
<p>MURATI: I’m actually not sure about that.</p>
<p><a href="https://www.wsj.com/video/series/joanna-stern-personal-technology/openai-made-me-crazy-videosthen-the-cto-answered-most-of-my-questions/C2188768-D570-4456-8574-9941D4F9D7E2">Joanna Stern and Mira Murati, “OpenAI Made Me Crazy Videos—Then the
CTO Answered (Most of) My
Questions”</a>
10:36</p>
</blockquote>
<p>You can’t control many models in web-based services. Big tech knows that
the open model is the most successful. A <a href="https://www.semianalysis.com/p/google-we-have-no-moat-and-neither">leaked internal document at
Google</a>
warned that smaller, more manageable, and free AI tools would become the
norm in computing.</p>
<h2 id="accountability--accessibility">Accountability &amp; Accessibility</h2>
<p>In order for real safety mechanisms to be put into place, the process
would need to involve real people, politicians, and the rest of the
world. The proprietary nature of most mainstream generative AI programs
means everyone who isn’t part of these companies is locked out of making
it safer.</p>
<p>To prevent this, generative AI should be interoperable and democratized.
It should be made available to everyone and allow its users to whatever
they want with it, the same way we would use a hammer. Because of harm
that can be done, the same real world consequences and protections need
to be put into AI as well.</p>
<p>When there are no safeguards in place, AI will become more regulated by
governments, which is a good thing. What’s not a good thing is when said
regulation removes agency and power from people.</p>
<p>As much as flack as they get, Facebook has been at the forefront of
pushing people to <a href="https://about.fb.com/news/2024/07/open-source-ai-is-the-path-forward/">adopt open source solutions to
AI</a>.
While Google has their <a href="https://ai.google.dev/gemma">Gemma models</a>,
their Gemini models by contrast are closed source. Artificial
intelligence needs to be widely available for everyone</p>
<h2 id="free-expression-in-ai">Free Expression in AI</h2>
<p>No matter where you fall on the political spectrum, we’ve seen the
disastrous results of legal processes that threaten our freedoms,
whether it’s copyright law or allowing big tech to self-regulate. If
current trends continue, generative AI will only perpetuate what’s
happening in the real world in the digital one.</p>
<p>People need these tools because they can often empower someone who lacks
certain abilities to invent or achieve something they wouldn’t
otherwise.</p>
<p>People who remix music gets hit the hardest by copyright. On YouTube,
playing more than 8 seconds of audio is enough to get your video
demonetized. YouTube doesn’t do this because they want to, but they are
beholden to the laws of the land, including copyright.</p>
<p>Remixing music is a very complex area to address, but if done right, a
remix can make a certain song or multiple songs into a song nobody
expected or has ever heard before.</p>
<p>There needs to be protections in our own legal system that protects
things like Fair Use or fair dealing because people who remix music
don’t get rich. They’re normal people like you and me. And when they get
hurt, we do too.</p>
<h1 id="i-cheat-because-im-smart">I Cheat… Because I’m Smart!</h1>
<p>When I was younger, I considered myself a fairly good student, except in
one area: math. All the way from middle school to college, I never got
anything higher than a D on a math test. When I was in my college
calculus, I intentionally bought the teacher’s edition of the book, just
so I could copy the answers and barely pass the class.</p>
<p>Today, I’m not surprised when people use generative AI to write their
essays or do their homework. Schools are just broken and disrespectfully
ask their students to learn things they may never use in real life. If I
were a student today, you bet I would be asking something like
<a href="https://huggingface.co/collections/microsoft/phi-3-6626e15e9585a200d2d761e3">Microsoft’s
Phi-3</a>
to solve my algebra homework or calculus proofs.</p>
<h2 id="abilities-are-personal">Abilities Are Personal.</h2>
<p>But hang on, is this advocating for cheating? Yes, I advocate for
cheating, but I ask you: if you’re going to use AI in schoolwork, you
better be smart about it.</p>
<p>It’s no coincidence that AI may have unintentionally made writing
better. Lots of organizations from
<a href="https://vanderbilthustler.com/2023/02/17/peabody-edi-office-responds-to-msu-shooting-with-email-written-using-chatgpt/">colleges</a>
to <a href="https://www.youtube.com/watch?v=vszf1mwyAfw">video game companies</a>
have been caught or accused of using generative AI to write things.</p>
<p>When I cheat by having AI do algebra, that’s not something
mathematicians need to accomplish their work, it’s just labor.
Mathematicians still need to come up with systems to identify patterns
and craft new new theories or ideas. AI cannot do that effectively and
it’s a lie that big tech continues to sell.</p>
<p>Writing and art on the other hand is different because it’s inherently
personal. Coding and math are not personal; it’s just a bunch of numbers
and letters. This is the real difference that people need to accept.</p>
<h2 id="your-work-and-ai-isnt">Your Work and AI Isn’t</h2>
<p>I’m expecting some angry license-enslaved programmers to lose their
minds, so let me clarify this a bit. A mindset too many people allow
themselves to get stuck in is their work is important and it is.</p>
<p>An easy trap people get stuck in is valuing their work over their skill.
If you’re going to let yourself be defined by something like your coding
work or your art, you should instead pride yourself on the fact your
mind is better at these things than most other people.</p>
<p>This doesn’t excuse you in copying work from a generative AI. Generative
AI, given enough data, just repeats the corpus of information it’s been
fed in an intelligible way. If you’re going to write a paper purely
using generative AI, you’ll get caught real fast.</p>
<p>On the other hand, researching a topic can be very painful for some
people. Imagine feeding something into an AI summmarizer instead. It
might help someone better understand what they are reading or point the
reader to key points. AI is a tool and it’s no different from how people
would use SparkNotes or CliffNotes.</p>
<p>We don’t value art because of the intricacies of a paint brush. We don’t
gush over the verbs in an author’s writing. We value art, writing, or
coding because of the skill of an individual or a group of people.</p>
<h1 id="abuse-is-inevitable">Abuse Is Inevitable</h1>
<p>Let’s speak into a fear that needs to be said: abuse of AI systems.
Everything from <a href="https://www.iwf.org.uk/about-us/why-we-exist/our-research/how-ai-is-being-abused-to-create-child-sexual-abuse-imagery/">AI-generated
porn</a>,
<a href="https://www.npr.org/2022/03/16/1087062648/deepfake-video-zelenskyy-experts-war-manipulation-ukraine-russia">presidential deep
fakes</a>,
and theft of all “publicly available data” from every big company and
budding AI startup.</p>
<h2 id="the-threat-to-free-expression">The Threat to Free Expression</h2>
<p>Let’s return to writing again, specifically to journalism. Here we see
how an industry is adapting or in some cases, merely perpetuating what
was always happening. Here’s some examples:</p>
<ul>
<li>Reputable outlets like <a href="https://www.404media.co/why-404-media-needs-your-email-address/">404
Media</a>
have been forced to paywall or login wall their content so AI can’t
scrap it.</li>
<li>Bad outlets like
<a href="https://www.seattletimes.com/business/local-business/microsoft-is-cutting-dozens-of-msn-news-production-workers-and-replacing-them-with-artificial-intelligence/">MSN</a>,
<a href="https://www.theverge.com/2024/5/16/24158531/gannett-ai-generated-overviews-usa-today-memo">USA Today’s parent company
Gannett</a>,
and <a href="https://futurism.com/cnet-ai-journalist-essay">CNET</a> completely
lost all integrity by abusing their employees and replacing
journalists with AI.</li>
<li>There’s also some rich irony when Forbes, an <a href="https://www.niemanlab.org/2022/02/an-incomplete-history-of-forbes-com-as-a-platform-for-scams-grift-and-bad-journalism/">outlet that summarizes
other
outlets</a>,
<a href="https://www.forbes.com/sites/randalllane/2024/06/11/why-perplexitys-cynical-theft-represents-everything-that-could-go-wrong-with-ai/">is upset that a startup company like
Perplexity</a>
is summarizing their summaries of actual news sources.</li>
</ul>
<p>News outlets with lots of reach or big parent companies like <a href="https://www.nytimes.com/2023/12/27/business/media/new-york-times-open-ai-microsoft-lawsuit.html">The New
York
Times</a>
and <a href="https://www.theinformation.com/articles/cond-nast-sends-cease-and-desist-letter-to-ai-search-engine-perplexity">Condé
Nast</a>
(<a href="https://www.engadget.com/the-morning-after-conde-nast-is-the-latest-media-company-to-accuse-ai-search-engine-perplexity-of-plagiarism-111559877.html">No
Paywall</a>)
(owner of The New Yorker, Vogue, Wired) now want a piece of the AI money
pie. In the case of Wired, articles like <a href="https://www.wired.com/story/perplexity-is-a-bullshit-machine/">“Perplexity Is a Bullshit
Machine”</a>
are written to get people on their side.</p>
<p>The dangerous side of cases from The New York Times and Condé Nast is
the rammifications on the aforementioned freedom of expression and
abuses our broken copyright system. Even if The New York Times or Condé
Nast were to win their lawsuits, they prove that the copyright system is
too easily abused because anybody who remotely reports information from
another new outlet, is a violation of copyright.</p>
<h2 id="vilification-in-vain">Vilification in Vain</h2>
<p>News reporting, even if it’s a summary of another news outlet, is
protected under <a href="https://www.copyright.gov/fair-use/summaries/swatchgrp-bloomberg-2dcir2014.pdf">Fair
Use</a>.
Equivalent laws like fair dealing exist in Canada, Australia, and the
United Kingdom. Other countries are more gray like China and Japan.</p>
<p><em><a href="https://fairuse.stanford.edu/overview/fair-use/cases/">Learn more about what qualifies as Fair Use from Stanford University’s
Copyright and Fair Use
Center</a></em></p>
<p>What’s more, if the Times and Condé Nast have their way, they aren’t
really solving a problem. They have only joined OpenAI, Perplexity, or
the newest AI boogeyman of the week in weakening journalism. Big outlets
will be able to afford this protection, but smaller outlets and
independent journalists will not.</p>
<p>Demonizing generative AI will only hurt everyone and innovation. What we
need to aim for is <em>democratizing</em> generative AI. When we have
interoperable, open source AI, everybody wins.</p>
<h2 id="on-public-data">On “Public” Data</h2>
<p>It’s worth pointing out that web scraping should be allowed and no
Wired, <a href="/robots.txt">a robots.txt file</a> is not a sufficient means to
block robots nor should they be obligated to listen to it. <a href="https://blog.archive.org/2017/04/17/robots-txt-meant-for-search-engines-dont-work-well-for-web-archives/">The Wayback
Machine doesn’t listen to
robots.txt</a>
on military/government webpages for preservation purposes.</p>
<p>People deserve the right to do what they want to publicly available
information. It’s overreaching regulation <a href="https://techcrunch.com/2022/04/18/web-scraping-legal-court/">like the Computer Fraud and
Abuse Act</a>
that threatened web scraping in the past.</p>
<p>That being said, you’re not going to get my data. In my position as a
creator who uses a platform that gives all my data to Google (they use
my videos for training AI per the terms of service) and writes on a
public website, I block all artificial intelligence bots from scraping
my content. The only way the behavior of these companies ends is if you
cut off the source of their data. It means discovering open source
alternatives that won’t harvest your information for neural networks or
line their pockets.</p>
<h1 id="closing">Closing</h1>
<p>The bottom line is your skills are personal. Generative AI is not and
nor is your work, whether it’s creative or technical. If we lose sight
of this, we lose our freedoms and the little guy is hurt.</p>
<p>We can’t stop the abuse that
<a href="https://arstechnica.com/information-technology/2023/12/metas-new-ai-image-generator-was-trained-on-1-1-billion-instagram-and-facebook-photos/">Facebook</a>,
OpenAI,
<a href="https://www.wired.com/story/youtube-training-data-apple-nvidia-anthropic/">Apple</a>,
<a href="https://www.techspot.com/news/99281-google-policy-update-confirms-itll-scrape-everything-you.html">Google</a>,
and
<a href="https://support.anthropic.com/en/articles/7996885-how-do-you-use-personal-data-in-model-training">countless</a>
<a href="https://x.com/JonLamArt/status/1741545927435784424">others</a> have
committed. Instead, we need to make use of these tools, specifically
generative AI that’s open-source, interoperable, and respects human
dignity.</p>
<p>If people don’t learn to adopt AI, it will fall by the wayside for
normal people and become controlled by corporate interest. We’ve seen
what happens the failure of open-source software in the automotive
industry, virtual reality headsets, and creative software. If there
isn’t enough manpower to work on the free, private, interoperable
generative AI, it will fall by the wayside and remain inferior to its
closed ecosystem counterparts.</p>
<p>Everyone needs open source AI today and I am an AI believer.
Unfortunately, <a href="https://www.nytimes.com/2023/12/06/technology/ai-regulation-policies.html">our laws have a long way to go and favor the
powerful</a>.
I just might not use it very much because it’s still just a glorified
echo machine.</p>
<h2 id="resources">Resources:</h2>
<ul>
<li><a href="https://www.dair-institute.org/tescreal/">The TESCREAL bundle: Eugenics and the promise of utopia through
artificial general
intelligence</a>
<a href="https://firstmonday.org/ojs/index.php/fm/article/view/13636">Paper</a></li>
<li><a href="https://www.eff.org/deeplinks/2024/05/podcast-episode-ai-artists-palette">Nettrice Gaskins on the EFF’s How to Fix the Internet: AI on the
Artist’s
Palette</a></li>
<li><a href="https://www.schneier.com/blog/archives/2024/03/ai-and-the-evolution-of-social-media.html">AI and the Evolution of Social
Media</a></li>
<li><a href="https://dl.acm.org/doi/10.1145/3442188.3445922">On the Dangers of Stochastic Parrots: Can Language Models Be Too
Big? 🦜</a></li>
<li><a href="https://about.fb.com/news/2024/07/open-source-ai-is-the-path-forward/">Mark Zuckerberg’s blog post: Open Source AI Is the Path
Forward</a></li>
<li>Emily Bender and Alex Hanna’s <a href="https://peertube.dair-institute.org/c/mystery_ai_hype_theater/videos">Mystery AI Hype Theater
3000</a></li>
</ul>
<h1 id="referenced">Referenced</h1>
<ul>
<li>The clip at 0:36 is from the Simpsons episode “The Old Man and the
Key”</li>
<li>The clip at 0:40 is from <em>THX 1138 (1971)</em>.</li>
<li><a href="https://www.youtube.com/watch?v=N5c2X8vhfBE">Emily Bender’s presentation “On the dangers of stochastic
parrots：Can language models be too
big？🦜</a></li>
<li><a href="https://www.youtube.com/watch?v=P7XT4TWLzJw">Timnit Gebru’s presentation on TESCREAL at SaTML
2023</a></li>
<li><a href="https://www.wolframalpha.com/problem-generator/">Wolfram Alpha’s Problem
Generator</a></li>
<li><a href="https://www.youtube.com/watch?v=U620XzQWiVs">We Replaced Our Tech Journalism Website With
AI</a> from 404 Media’s
YouTube channel.</li>
<li><a href="https://blog.cloudflare.com/ai-bots/">Cloudflare’s blog post about managing AI
bots</a></li>
</ul>
<h1 id="track-listing">Track Listing</h1>
<ul>
<li><a href="https://zukisuzukibgm.com/everyday/">zukisuzuki BGM - Everyday</a></li>
<li><a href="https://zukisuzukibgm.com/simple/">zukisuzuki BGM - Simple</a></li>
<li><a href="https://dova-s.jp/bgm/play20730.html">alaki paca - refreshing
breeze</a></li>
<li><a href="https://soundcloud.com/lukrembo/lukrembo-green-symphony">Lukrembo - Green
Symphony</a></li>
<li>Outro: <a href="https://soundcloud.com/khaimmusic/free-neon-lamp-charlie-puth-x-bruno-mars-type-funky-guitar-pop-instrumental/s-uqEQff1liFX">Khaim - Neon
Lamp</a></li>
</ul>
]]></content:encoded>
    </item>
    <item>
      <title>The Ultimate Guide to VeraCrypt: Creating Cross-Platform, Encrypted Files</title>
      <link>https://trafotin.com/v/veracrypt/</link>
      <pubDate>Fri, 05 Jul 2024 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/veracrypt/</guid>
      <description>Ever have to share files across computers? Have sensitive documents to safeguard? Protect them by encrypting them with VeraCrypt!</description>
      <content:encoded><![CDATA[

<div style="position: relative; padding-top: 56.25%;"><iframe title="The Ultimate Guide to VeraCrypt: Creating Cross-Platform, Encrypted Files" width="100%" height="100%" src="https://spectra.video/videos/embed/69c207cf-640e-4574-9633-b31f3bcda226?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://youtube.com/watch?v=QaQYRcZzrBI"  >
	
YouTube

</a>
</button>
</center>

<p>Do you have external storage like USB drives or portable hard drives?
Unfortunately with external storage like USB drives or portable hard
drives, your data is totally unprotected and can be accessed by anybody.</p>
<p>What would you do if you lost that device? Some devices come with
software you could use, but most of these demand too much trust or might
not work on Mac or Linux. Many of these programs are also upsold to you
on top of the device you bought.</p>
<p>If you want assurance that you can password protect a device, VeraCrypt
is the way to go. VeraCrypt is one of the most reliable ways to
guarantee the ability not only encrypt devices, but seamlessly transfer
that device’s data to other operating systems.</p>
<p><a href="https://veracrypt.fr/">VeraCrypt&rsquo;s Website</a></p>
<h1 id="history">History</h1>
<p>VeraCrypt is a rewritten version of a program called TrueCrypt.
<a href="https://archive.is/yreQ">Initially for Windows</a>, TrueCrypt was
exclusively for Windows users and provided a substitution for
Microsoft’s Bitlocker full-disk encryption.</p>
<p>The TrueCrypt developers were anonymous, but seemed genuine in their
goals and gave the source code to anyone (we’ll get back to that one
later).</p>
<p>But one day, during the height of the Snowden leaks and NSA paranoia,
<a href="https://truecrypt.sourceforge.net/">the TrueCrypt website</a> was replaced
with big red text demanding their users immediately stop using and
uninstall TrueCrypt from their computers.</p>
<p>Enter VeraCrypt, a full rewrite of TrueCrypt. The process was a large
undertaking and it was because the <a href="https://github.com/FreeApophis/TrueCrypt/blob/master/License.txt">source code’s
license</a>
was <a href="https://lists.freedesktop.org/archives/distributions/2008-October/000276.html">very
problematic</a>
to develop with and to root out the alleged issues.</p>
<ul>
<li>The TrueCrypt license does not legally absolve the developers or
distributors.</li>
<li><a href="https://blog.cryptographyengineering.com/2015/04/02/truecrypt-report/">An audit from Johns Hopkins University in
2015</a>
revealed TrueCrypt is vulnerable to key extraction from live memory.
This means if someone gains access to a computer with TrueCrypt
turned on, data from volumes could be extracted.</li>
<li><a href="https://ostif.org/the-veracrypt-audit-results/">Another audit by
QuarksLabs</a> was
completed in October 2016.</li>
<li>TrueCrypt was for Windows only, although a Linux version was in the
works. VeraCrypt is cross platform rewrite for Windows, Mac, and
Linux.</li>
</ul>
<p>The restrictions and lack of legal protection are the reasons most Linux
distributions do not package VeraCrypt.</p>
<h1 id="why-not-veracrypt">Why Not VeraCrypt?</h1>
<p>The first thing you will need to consider is whether VeraCrypt is the
right decision for you or not. VeraCrypt is best geared for cross
platform file encryption on physical hardware.</p>
<h2 id="lack-of-platform-diversity">Lack of Platform Diversity</h2>
<p>If you need to access a file across different devices, for example,
Windows and Linux or Linux and Mac, VeraCrypt is good for you.</p>
<p>If you share an encrypted device with somebody who doesn’t use the
operating system you use, VeraCrypt will help maintain the encryption of
your data while being available across operating systems.</p>
<p>VeraCrypt isn’t good if you only use one operating system or if only you
use it. Windows, Mac, and Linux all offer much better integrated
solutions (<a href="https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/faq#bitlocker-to-go">Bitlocker To
Go</a>,
<a href="https://support.apple.com/guide/disk-utility/file-system-formats-dsku19ed921c/mac">encrypted
APFS</a>,
and
<a href="https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md">LUKS</a>
respectively) at the cost of platform lock in.</p>
<h2 id="no-official-mobile-clients">No Official Mobile Clients</h2>
<p>VeraCrypt has no official mobile apps. Despite having a page on their
<a href="https://veracrypt.fr/en/Android%20%26%20iOS%20Support.html">website</a>,
it is horribly out of date and none of the programs listed are
officially by the VeraCrypt team.</p>
<p>A better alternative is <a href="https://cryptomator.org/">Cryptomator</a>. Unlike
VeraCrypt, Cryptomator has an official, paid mobile app.</p>
<p><strong>Do not use any mobile app for VeraCrypt.</strong> You risk the compromise or
loss of data if you do so.</p>
<h2 id="not-cloud-friendly">Not Cloud Friendly</h2>
<p>Since mobile isn’t supported, this is where end-to-end encrypted cloud
storage serves a better purpose. Cloud servers can easily sync to mobile
devices more easily while still retaining full encryption at rest. I use
Proton Drive personally.</p>
<p>VeraCrypt isn’t a good fit if you use cloud storage. You have to upload
a large file with all of your encrypted belongings every time you sync.
If that file is 16 GB, you need upload 16 GB each time.</p>
<p>Not to sound like a shill, Cryptomator stores your data is many
different encrypted blobs. This way, it’s easier to sync only what gets
changed will be synced properly to cloud storage.</p>
<p><a href="https://www.youtube.com/watch?v=Phiqff3VtYI">I made a video on Cryptomator 2 years
ago</a> (<a href="https://odysee.com/@Trafotin:4/conceal-cloud-contents-with-cryptomator:a">Odysee
Link</a>).</p>
<h1 id="installing-veracrypt">Installing VeraCrypt</h1>
<p>Because of TrueCrypt’s legacy, VeraCrypt is first and foremost a Windows
program. You download the installer, verify it, and run it. On Mac and
Linux, things get a bit more complicated.</p>
<h2 id="mac">Mac</h2>
<p>On Mac, in addition to downloading the installer, you must download
<a href="https://osxfuse.github.io/">macFUSE</a> so macOS can mount external
volumes properly.</p>
<h2 id="linux">Linux</h2>
<p>On Linux, VeraCrypt comes officially in 3 packages, a Debian/Ubuntu
.deb, a Fedora/CentOS/openSUSE .rpm, and a generic tarball installer.</p>
<p>There’s also <a href="https://archlinux.org/packages/extra/x86_64/veracrypt/">a third party package in the Arch Linux extra
repository</a>, but
it’s not officially maintained by the VeraCrypt developers. The reason
Arch allows packaging VeraCrypt is because their philosophy doesn’t
discriminate against the TrueCrypt license, unlike the vast majority of
Linux distributions.</p>
<h3 id="generic-archive">Generic Archive</h3>
<p>Unpack the generic archive and run the GUI x64 installer in the
terminal.</p>
<h3 id="fedora-atomic-desktops">Fedora Atomic Desktops</h3>
<p>If you use Fedora atomic desktops or Universal Blue, you can layer the
.rpm with rpm-ostree. Since VeraCrypt is mounting drives, it requires
access to your host system and cannot be installed with Distrobox.</p>
<h1 id="usage">Usage</h1>
<p>After VeraCrypt is installed, you can choose to use either the GUI or
the command line. I’ll focus more on the Windows GUI, since there is
more options, but will include the relevant terminal commands to do the
same things on Mac and Linux.</p>
<p><strong>Much of this tutorial comes from the <a href="https://veracrypt.eu/en/Beginner%27s%20Tutorial.html">VeraCrypt Beginner’s
Guide</a>, including
the screenshots.</strong></p>
<p>Unfortunately, VeraCrypt’s website looks like it was made at least 10
years ago and could be rewritten to make this information more
accessible. There is also little documentation on the command-line
options.</p>
<h1 id="creating-a-volume">Creating a Volume:</h1>


<img src="/i/veracrypt/Beginners_Tutorial_Image_001.webp" loading="lazy"
alt="The main VeraCrypt window with the button “Create Volume” highlighted in a red square" />


<pre><code>sudo veracrypt -t -c
</code></pre>
<p>After installing VeraCrypt, click on “Create Volume” to get started.
Then you will be presented with 3 options:</p>


<img src="/i/veracrypt/Beginners_Tutorial_Image_002.webp" loading="lazy"
alt="The VeraCrypt Volume Creation Wizard with the “Next” button highlighted in a red rectangle." />


<ul>
<li><strong>Create an encrypted file container:</strong> This creates a digital file
that will encrypt your data. This is the default option.</li>
<li><strong>Encrypt a non-system partition/drive:</strong> If you need to encrypt
portable storage, select this option.</li>
<li><strong>Encrypt a non-system partition/drive:</strong> (Windows only) VeraCrypt
is capable of operating as a substitute to Bitlocker. However, with
the system requirements of Windows 11, this is not recommended.</li>
</ul>
<p>Encrypting your Windows installation is not recommended. It is easier
and less hassle to use Bitlocker or <a href="https://www.youtube.com/watch?v=qfcYckw_FNM">follow a guide to enable it for
free on Windows Home</a></p>
<ul>
<li>Using VeraCrypt has a major downside of going through <a href="https://www.veracrypt.fr/code/VeraCrypt-DCS/tree/SecureBoot/readme.txt">various
hoops</a>
to enable Secure Boot and signing the VeraCrypt bootloader.</li>
<li>Sometimes Windows Update will delete the VeraCrypt bootloader and
you will need to use the VeraCrypt Rescue Disk to unlock your system
and reinstall the bootloader.</li>
</ul>
<h2 id="hidden-volumes">Hidden Volumes:</h2>


<img src="/i/veracrypt/Beginners_Tutorial_Image_003.webp" loading="lazy"
alt="The VeraCrypt Volume Type menu with the options “Standard” and “Hidden”" />


<pre><code>Volume type:
 1) Normal
 2) Hidden
Select [1]: 1
</code></pre>
<p>A standard or normal VeraCrypt container is a file that houses all of
your data. A hidden file creates another section within that file that
can be opened with a second passphrase.</p>
<p>Despite what the command-line menu says, it’s much more intuitive to use
the GUI to create a hidden volume. Using the command line requires you
to create a normal VeraCrypt volume with no filesystem, then modify it
after the fact.</p>


<img src="/i/veracrypt/Beginners_Tutorial_Image_024.webp" loading="lazy"
alt="The VeraCrypt Volume Type menu with the options “Standard” and “Hidden”" />


<p>Hidden volumes can also store decoy files. In the event you are <a href="https://www.schneier.com/blog/archives/2008/10/rubber_hose_cry.html">forced
to reveal the
contents</a>
of the VeraCrypt container, these files can be used to placate or
mislead people.</p>
<p>Hidden volumes require a lot of maintanance. Your operating system has
the potential <a href="https://www.schneier.com/academic/archives/2008/01/defeating_encrypted.html">to reveal the presence of a hidden
volume</a>
through things like file caching and “recent files” menus.</p>
<p>If you chose to use a hidden volume, especially if you regularly store
files inside it, you need to have the discipline to update the files
inside the outer volume regularly as well.</p>
<p>Your decoy files should be regularly updated to keep up the illusion
they are valuable. Examples include financial information, journals, or
photos.</p>
<p>If you aren’t prepared for this kind of maintenance, it is for extreme
threat models. Most people shouldn’t have to resort to this and it
reduces your overall storage for valuable files.</p>
<p><em>Using a hidden volume by default could result in data loss <a href="https://veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html">unless
specific mounting options are
checked</a>.
By default, your hidden volume files will be deleted to free up space
for the outer volume, so give the illusion it is a normal container.
Better safe than sorry!</em></p>
<h2 id="volume-location">Volume Location</h2>


<img src="/i/veracrypt/Beginners_Tutorial_Image_007.webp" loading="lazy"
alt="The VeraCrypt Volume Location menu with the option “Select File” outlined in a red rectangle." />


<p>Enter the location where you want to store the file. If you use the
command-line, this must be an absolute path.</p>
<pre><code>Enter volume path: /home/user/Documents/test.hc
</code></pre>
<h2 id="encryption-algorithms">Encryption Algorithms</h2>


<img src="/i/veracrypt/Beginners_Tutorial_Image_008.webp" loading="lazy"
alt="The VeraCrypt Encryption Options menu with the option “Next” outlined in a red rectangle." />


<p>VeraCrypt comes with various standard encryption algorithms. Most people
should just stick with the default settings.</p>
<pre><code>Encryption Algorithm:
 1) AES
 2) Serpent
 3) Twofish
 4) Camellia
 5) Kuznyechik
 6) AES(Twofish)
 7) AES(Twofish(Serpent))
 8) Camellia(Kuznyechik)
 9) Camellia(Serpent)
 10) Kuznyechik(AES)
 11) Kuznyechik(Serpent(Camellia))
 12) Kuznyechik(Twofish)
 13) Serpent(AES)
 14) Serpent(Twofish(AES))
 15) Twofish(Serpent)
Select [1]: 1

Hash algorithm:
 1) SHA-512
 2) Whirlpool
 3) BLAKE2s-256
 4) SHA-256
 5) Streebog
Select [1]: 1
</code></pre>
<p>A warning for the command-line, the order is the swapped between the
encryption algorithms and the volume size. Consistency!</p>
<h2 id="volume-size">Volume Size</h2>


<img src="/i/veracrypt/Beginners_Tutorial_Image_009.webp" loading="lazy"
alt="The VeraCrypt Encryption Options menu with the option “Next” outlined in a red rectangle." />


<p>Specify how big you want your volume to be. If you are using a hidden
volume, you will need to allocate space for the decoy files in addition
to your hidden files.</p>
<pre><code>Enter volume size (sizeK/size[M]/sizeG.sizeT/max): 1M
</code></pre>
<p>As another knock on inconsistency, you will be prompted to <a href="/v/veracrypt/#volume-format">pick your
volume format here</a>.</p>
<h2 id="volume-password">Volume Password</h2>


<img src="/i/veracrypt/Beginners_Tutorial_Image_010.webp" loading="lazy"
alt="The VeraCrypt Encryption Options menu with the option “Next” outlined in a red rectangle." />


<p>Enter a strong passphrase to protect your volume.</p>
<h3 id="pim">PIM</h3>
<p>

<img src="/i/veracrypt/pim.webp" loading="lazy"
alt="The Volume PID menu" /> Personal Iterations Multiplier (PIM) is a


value that will run an algorithm for multiple iterations. For extreme
threat models, volumes will mount slower, but the more the algorithm is
run, the more secure your data is.</p>
<p>Normal users can leave this at its default setting.</p>
<h3 id="keyfiles">Keyfiles</h3>
<p>

<img src="/i/veracrypt/keyfiles.webp" loading="lazy"
alt="The Keyfile menu" /> In addition to a password, keyfiles can be


added as another file required to unlock your volume in addition to a
password.</p>
<p>You can add file paths to any file you want or have VeraCrypt generate a
keyfile for you.</p>
<pre><code>Enter keyfile path [none]: /var/home/user/like.txt
Enter keyfile path [none]: /var/home/user/subscribe.txt
Enter keyfile path [finish]:
</code></pre>
<p>It’s imperative you backup and store your keyfiles in a safe place. If
you cannot access them, you will lose access to the data within a
VeraCrypt volume.</p>
<p>By default, no keyfiles are used.</p>
<h2 id="volume-format">Volume Format</h2>
<pre><code>Filesystem:
 1) None
 2) FAT
 3) Linux Ext2
 4) Linux Ext3
 5) Linux Ext4
 6) NTFS
 7) exFAT
Select [2]:
</code></pre>
<p>Formatting your container dictates where your container can be shared or
what kind of files can be stored inside. In general, using these
filesystems outside of VeraCrypt is the same.</p>
<ul>
<li>Ext: One of the oldest file formats on Linux. Do not pick the other
options, just pick Ext4. Can only be opened on Linux.</li>
<li>FAT: A filesystem universally supported across Windows, Mac, and
Linux. Maximum of 4 GB per file.</li>
<li>Mac OS Extended (APFS): The macOS filesystem. It can store files
larger than 4 GB, but is only supported on macOS. Some Linux
distributions like <a href="https://www.kali.org/">Kali Linux</a> come with a
driver called <a href="https://github.com/sgan81/apfs-fuse">apfs-fuse</a> to
read it, but Windows cannot open it.</li>
<li>NTFS: The Windows filesystem. It can store files larger than 4 GB
and decent support on Linux as well. However, macOS doesn’t behave
well and often will not let you write files to it.</li>
<li>exFAT: Yet another Windows filesystem. It can store files larger
than 4 GB, but plays better with macOS. Works across Windows, Mac,
and Linux.</li>
<li>BTRFS: A newer Linux only file format with special repair functions.</li>
<li>None: This option is only available in the command-line and used if
you use hidden volumes. This will prompt you to create a hidden
volume. The rest of the space will become the outer, decoy volume.</li>
</ul>
<h2 id="finalizing-your-volume">Finalizing Your Volume</h2>
<h3 id="entropy">Entropy</h3>


<img src="/i/veracrypt/Beginners_Tutorial_Image_011.webp" loading="lazy"
alt="The VeraCrypt Volume Format menu with the option “Format” outlined in a red rectangle. The GUI contains the previous options for filesystem picking." />


<p>Once you have made it here, it’s time to collect some random noise. This
further protects your VeraCrypt volume.</p>
<ul>
<li>In the GUI, you will be prompted to shake the mouse as randomly as
possible within the window.</li>
<li>In the command-line, you will be prompted to type 320 random
characters on your keyboard, then hit Enter when you are done. If
you still have characters remaining, you will be prompted to
continue typing.</li>
</ul>
<p>Click “Format” and then your volume will be created to specification.</p>
<h1 id="access-your-veracrypt-volumes">Access Your VeraCrypt Volumes</h1>
<p>Now that you have created your first volume, let’s open it.</p>
<h2 id="unlocking">Unlocking</h2>
<h3 id="gui">GUI</h3>
<p>Select a drive letter (Windows) or a number (macOS/Linux), then click
“Mount.” Then a password prompt will appear. Enter all information
relevant to your container.</p>


<img src="/i/veracrypt/Beginners_Tutorial_Image_018.webp" loading="lazy"
alt="The VeraCrypt password prompt with the “Password” box outlined in a red rectangle." />


<p>If you stuck with the default settings, they are the defaults here too.
VeraCrypt will auto-detect which format your container is.</p>
<h3 id="command-line">Command Line</h3>
<p>To unlock a VeraCrypt volume, here are some sample commands:</p>
<pre><code># File
sudo veracrypt -t --mount /home/user/hitthebell.hc

# External Device (Linux, match letters)
sudo veracrypt -t --mount /dev/sda
</code></pre>
<p>After either option, you will be prompted to use your administrative
password on macOS and Linux. On Windows, VeraCrypt is able to bypass UAC
for admin users.</p>
<p>Once your volume has been unlocked, it can be accessed the same way you
access a USB drive. Files can be interacted with in real time.</p>
<h2 id="dismounting">Dismounting</h2>
<p>Similar to thumb drives, VeraCrypt has a procedure that needs to be
followed to remove disks.</p>
<p>To dismount a VeraCrypt volume, select the volume you want to remove,
click “Dismount” in the menu and enter an admin password.</p>
<pre><code>sudo veracrypt -t -d /dev/sda
</code></pre>
<p>If you need to dismount multiple volumes, click “Dismount all”</p>
<pre><code>sudo veracrypt -t -d
</code></pre>
<h1 id="updating-veracrypt">Updating VeraCrypt</h1>
<p>VeraCrypt doesn’t have a mechanism to auto-update. Newer versions of
VeraCrypt often fix issues or serious security vulnerabilities.</p>
<p>The only way to see if there is an update is to subscribe to the
VeraCrypt GitHub releases. You can track VeraCrypt releases using an RSS
feed, where you will repeat the installation process again once you are
notified of a new release.</p>
<p>To follow VeraCrypt’s updates, add the following to your RSS feed
reader:</p>
<pre><code>https://github.com/veracrypt/veracrypt/releases.atom
</code></pre>
<h1 id="referenced">Referenced:</h1>
<ul>
<li><a href="https://fosstodon.org/@sponsorblock/112603139898164385">YouTube to insert server-side ads to break skipping sponsors and
adblocking.</a></li>
<li>The footage from the Snowden leaks is from <em>Citizenfour (2014)</em>.</li>
<li>“Come with me if you want to live” is from <em>Terminator 2: Judgment
Day (1991).</em></li>
<li><a href="https://xkcd.com/538/">xkcd 538: Security</a></li>
<li>The clip shown at 29:18 is from <em>Keijo!!!!!!!!</em> Episode 2</li>
</ul>
<h1 id="track-listing">Track Listing</h1>
<ul>
<li><a href="https://dova-s.jp/bgm/play18719.html">Kei Morimoto - Utopia</a></li>
<li>The music for the sponsor segment is “Blizzard in DC” from the game
Arctic Thunder. Heavily edited to remove the interposed America
bits.</li>
<li><a href="https://dova-s.jp/bgm/play17163.html">yuhei komatsu - Bump!</a></li>
<li><a href="https://dova-s.jp/bgm/play17188.html">crepe (くれっぷ) - Fairy Lullaby
(妖精の子守歌)</a></li>
<li><a href="https://dova-s.jp/bgm/play17650.html">crepe (くれっぷ) - Fairy Gift
(妖精の贈り歌)</a></li>
<li><a href="https://dova-s.jp/bgm/play16439.html">yuhei komatsu - Scattered Sakura
(桜が散る時)</a></li>
<li>Outro: <a href="https://soundcloud.com/khaimmusic/free-neon-lamp-charlie-puth-x-bruno-mars-type-funky-guitar-pop-instrumental/s-uqEQff1liFX">Khaim - Neon
Lamp</a></li>
</ul>
]]></content:encoded>
    </item>
    <item>
      <title>The PR DISASTER of Microsoft Recall!</title>
      <link>https://trafotin.com/v/microsoft-recall-panik/</link>
      <pubDate>Thu, 06 Jun 2024 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/microsoft-recall-panik/</guid>
      <description>Microsoft Build has come and gone, but the new Windows Recall feature has made everyone upset. Some of the reasons are good, others are not. Let&amp;rsquo;s talk about it.</description>
      <content:encoded><![CDATA[

<div style="position: relative; padding-top: 56.25%;"><iframe title="The PR DISASTER of Microsoft Recall!" width="100%" height="100%" src="https://spectra.video/videos/embed/2cea8627-72f1-4400-ae80-a0b8a7886dff?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://youtube.com/watch?v=hCOPAHIWwnY"  >
	
YouTube

</a>
</button>
</center>

<p>Did you know Microsoft Build happened? It’s one of the biggest days for
Microsoft every year, including announcing the new features of Windows
like the new Windows Recall. Unfortunately for Microsoft, their PR team
was quite up to snuff and has been greeted with hostility about Recall
since the moment of its inception.</p>
<p>People who know me know I’m far from the biggest fan of Microsoft. As a
company, Microsoft is rotten to its core and has few redeeming
qualities. When I was reading the news and listening to opinions last
week, I was very disappointed in new outlets and online influencers at
spreading the narrative Recall is a privacy disaster (which to be fair,
it probably will be in the future).</p>


<img src="/i/2cea8627-72f1-4400-ae80-a0b8a7886dff-1.webp#center"
loading="lazy"
alt="Minecraft running on Windows 11, with a small voice call menu showing the AI assistant" />


<p><em>From the Microsoft Build keynotes, Microsoft showcasing a rigged
Minecraft game and a gamer AI chatbot.</em></p>
<p>In addition to making a video and hopping on the bandwagon of recent
news, I waited and did some reading about Microsoft documentation.
Recall does a lot of things that will negatively impact your Windows
computer, but let’s also be realistic about what those things are, so we
don’t spread any panic, moral or otherwise.</p>
<h1 id="what-is-windows-recall">What is Windows Recall?</h1>
<p>At Microsoft Build this year, Microsoft announced Recall, a system
powered by the artificial intelligence processors in the Qualcomm
Snapdragon X computers, dubbed Copilot+ PCs. Recall is powered by a new
API system in Windows called Windows Copilot Runtime, which empowers
other non-Windows applications to take advantage of the newfound power
and features of the Snapdragon X chips.</p>
<p>Inside the Snapdragon chips are what’s called language models, which
give the Windows Copilot Runtime to caption dialogue, translate it, or
run other types of local, onboard processing. Recall is also not as
intelligent of a system as Microsoft’s engineers would have you believe.
In order to make use of the on-board AI of a Snapdragon X chip and
Windows Copilot Runtime, Recall needs to take screenshots of your screen
every 5 seconds.</p>
<h1 id="ensuingensured-outrage">Ensuing/Ensured Outrage</h1>
<p>Over the last month, many people decried the feature, but we encounter
the first problem with the presentation with Recall and the Windows
Copilot Runtime in general—it’s Microsoft’s inability to communicate.
Not just any woman, Joanna Stern from <em>The Wall Street Journal</em> got to
interview the CEO of Microsoft and the answer only instilled panic in
people because it was poorly worded.</p>
<p><em>After watching the <a href="https://www.wsj.com/video/series/joanna-stern-personal-technology/satya-nadella-on-microsofts-new-copilot-and-the-future-of-ai-pcs/199D08C0-FFBD-44B8-A750-82D445B63EEB">paywalled
interview</a>,</em>
The Wall Street Journal <em>should have interviewed a lower level engineer
or a different PR rep for Microsoft, because Satya did an awful job at
giving Stern a straight answer to any of the questions she asked. The
free interview also warps the conversation in 2 cuts and hides some of
the information Satya said.</em></p>
<blockquote>
<p>STERN: There could be this reaction from some people that this is
pretty creepy. Microsoft is taking screenshots of everything I do.</p>
<p>NADELLA: Yeah, I mean, that’s why that it can only do it on the edge,
right? …So this is, you have to put two things together. This is my
computer, this is my Recall, and it’s all being done locally, right?
…So that’s the promise. So, that’s one of the reasons why Recall works
as a magical thing, because I can trust it that it is on my computer.</p>
<p>Joanna Stern &amp; Satya Nadella, <a href="https://www.wsj.com/video/series/joanna-stern-personal-technology/microsoft-ceo-satya-nadella-on-how-ai-copilot-pcs-beat-macs-exclusive/772F3497-ECBE-4F27-804B-4C3820BDD364">Microsoft vs. Apple: Satya Nadella Says
AI-Focused Copilot+ PCs Beat Macs | WSJ (the free
version)</a>
4:16</p>
</blockquote>
<h1 id="how-does-windows-recall-work">How does Windows Recall work?</h1>
<p>What’s interesting here in this interview is the distinction between
offline language models versus large, cloud-based language models, like
Windows Copilot or ChatGPT. While machine vision AI models are not
something new, the dedication of neural processing units (NPUs) like
what we see in the Snapdragon are going to become commonplace because of
Microsoft’s insistence to their hardware makers.</p>
<p>Since Windows Recall is a very simplistic system. But it does prompt the
question—does it violate user privacy? First, we need to put what
Microsoft tells us about Recall under a microscope. As there is
requirements and compliance for businesses, in light of potential
privacy concerns, Microsoft documents the process.</p>
<p>Unfortunately, the most useful is scattered across 5 pages: Microsoft
Support, the Microsoft Learn page about Copilot, the Microsoft Learn
page about Windows Copilot Runtime, and the landing page for Copilot+
PCs. This is all the information for app developers and IT admins, but
it’s arranged in multiple places.</p>
<h2 id="about-windows-recall">About Windows Recall:</h2>
<p>Microsoft fails to communicate anything clearly if there’s no place to
consolidate this information.</p>
<ul>
<li><a href="https://learn.microsoft.com/en-us/windows/ai/apis/recall">Recall Overview | Microsoft
Learn</a></li>
<li><a href="https://support.microsoft.com/en-us/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c">Consumer Information (i.e. the Windows support
site)</a></li>
<li><a href="https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1#hmc">Copilot
FAQ</a></li>
<li><a href="https://learn.microsoft.com/en-us/windows/client-management/manage-recall">Manage Recall for Windows clients - Windows Client Management |
Microsoft
Learn</a></li>
<li><a href="https://learn.microsoft.com/en-us/windows/ai/overview">Microsoft Copilot Runtime Overview | Microsoft
Learn</a></li>
</ul>
<h2 id="the-appbrowser-bottleneck">The App/Browser Bottleneck</h2>
<p>The first thing to return to is the Windows Copilot Runtime. In order
for the search to be the AI enhanced search like Microsoft shows in
their demos, app makers need to write their applications with these
features in mind. If an application is not supported, Windows Copilot
will capture this data and it cannot be automatically filtered out.</p>
<p>As of time of writing, it’s not clear what non-Microsoft applications
that don’t support Windows Copilot Runtime. It appears they will be
indiscriminately captured and collected because of the <a href="https://learn.microsoft.com/en-us/windows/client-management/manage-recall#supported-browsers">section in
Microsoft Learn about browser
support</a>,
so let’s try to read between the lines here.</p>
<p>The mainstream browsers for Windows: Edge, Chrome, Firefox, and Opera
all support the Windows Copilot Runtime and already filter out private
browsing, DRM-protected content, or user-specified websites. The only
time that private browsing will be collected is when the user explicitly
presses <code>Win + j</code> to manually take a Recall snapshot or if a browser is
not supported.</p>
<h2 id="opting-out">Opting Out</h2>
<p>Since we know how browsers work and what makes Recall’s search to be
effective, what can we, as users or businesses, do about Recall? How can
we turn it off?</p>
<p>To configure Recall, in the Settings app, navigate to <strong>Privacy &amp;
security</strong> → <strong>Recall &amp; snapshots</strong> → uncheck <strong>Save snapshots</strong>.</p>
<p>To configure Recall’s storage of screenshots, in the Settings app,
navigate to <strong>Privacy &amp; security</strong> → <strong>Recall &amp; snapshots</strong> →
<strong>Storage</strong> → <strong>Maximum storage for snapshots limit</strong>. There is a <a href="https://learn.microsoft.com/en-us/windows/client-management/manage-recall#storage-allocation">table
of the storage minimum requirement for Recall on Microsoft
Learn</a>.</p>
<p>To delete Recall snapshots, in the Settings app, navigate to <strong>Privacy &amp;
security</strong> → <strong>Recall &amp; snapshots</strong> → <strong>Delete snapshots from a specific
timeframe</strong> or <strong>Delete all snapshots</strong>.</p>
<p>The most comprehensive way is to use Windows Pro or higher, where you
get access to Group Policy Editor. There is likely an undocumented
registry key for Windows Home users.</p>
<p>In Group Policy, navigate to User Configuration &gt; Administrative
Templates &gt; Windows Components &gt; WindowsAI &gt; Turn off saving
snapshots for Windows</p>
<h1 id="justified-outrage">“Justified” Outrage</h1>
<p>An important thing I want to touch on is what I call “justified”
outrage. It’s fine to be angry about something our oppressive corporate
overlords do, but if you’re going to pick something, it better be
something with demonstrable, substantial evidence and based in reality
and technical feat.</p>
<p>The point being—<strong>Windows Recall cannot be tested right now and we
should reserve judgement until it can be</strong>. There’s a common myth that
proprietary software cannot be analyzed, but that’s far from true. It’s
harder, but it’s not impossible.</p>
<p>Most importantly, let’s critically analyze why you should reserve your
judgement about Recall, but also what can you be angry about now. To be
clear and given Microsoft’s track record, there is a high likelihood
that Recall will be used by invade your privacy, but this will need to
be subject to experimentation.</p>
<h2 id="the-npu-requirement">The NPU Requirement</h2>
<p>Recall requires a Snapdragon X processor. Additionally, hardware makers
AMD and Intel have promised to release Copilot+ PCs in the future. The
key thing here is none of these devices are in the hands of journalists
or consumers (as of time of writing). Since nobody has any of these
computers handy, you can’t do any of the testing.</p>
<p>The annoyance introduced by Recall is Microsoft’s requirements for it
that screws over people who have computers capable of AI operations. I
have a Nvidia 4060 in a gaming laptop. I can already run AI that runs
speech inference or large language models like Google’s Gemma or
Facebook’s Llama 3.</p>
<p>According to Microsoft’s arbitrary system requirements, my computer,
fully capable of AI programs, cannot run Recall. I can only guess that
it’s because they want to sell me more computers…</p>
<ul>
<li>a NPU (Qualcomm Snapdragon X, Intel, AMD)</li>
<li>a minimum of 256 GB of storage</li>
<li>16 GB of RAM</li>
<li>8 processor cores</li>
</ul>
<h2 id="recalls-allocated-storage">Recall’s “Allocated Storage”</h2>
<p>While Recall allows you to turn it off, Recall will perpetually eat up
at least 10% of drive. There’s a full table in Microsoft’s documentation
about <a href="https://learn.microsoft.com/en-us/windows/client-management/manage-recall#storage-allocation">how much storage is taken up by
Recall</a>.</p>
<ul>
<li>If you have storage higher than 1 TB, 150 GB will eaten up out of
the box.</li>
<li>This is in addition to the 27-28 GB part of the base Windows 11
installation.</li>
<li>The amount cannot be customized beyond the set amounts Microsoft
prescribes.</li>
<li>All future snapshots will stop when Recall is disabled or if the
<code>C:/</code> has 25 GB or less space.</li>
<li>Snapshots will only commence if 50 GB is available.</li>
<li>Since snapshots are stored in the temporary files, all data is
deleted upon resetting Windows or installing an alternate operating
system.</li>
</ul>
<h2 id="peering-deeper-in-the-crystal-ball">Peering Deeper In the Crystal Ball</h2>
<p>Recall is a PR nightmare. Microsoft is vague about actual information
people are looking for and distrust for Microsoft is at an all time high
as a result. Privacy will be a concern for some, but Windows itself and
Microsoft have greater problems that will eventually ruin the good parts
of Recall.</p>


<img src="/i/2cea8627-72f1-4400-ae80-a0b8a7886dff-2.webp#center"
loading="lazy"
alt="A laptop running Windows 11 showing a Window of Microsoft 365’s Copilot. In the taskbar are the icons for Outlook, Edge, File Explorer, Google Chrome, some program I don’t know, Settings, Excel, OneNote, and the (new) Teams. Google Chrome is blurred out." />


<p><em>On the Build Day 2 Keynote, Microsoft showed an ad for Lumen. For a
brief moment within the ad, a Windows desktop is shown, but Google
Chrome is blurred out in the taskbar. Microsoft traditionally has tried
to make switching to alternative browsers like Google Chrome more
difficult.</em></p>
<ul>
<li>Windows has a nasty habit of resetting your settings to default
settings after updates. Such a feature could be enabled again after
an update.</li>
<li><a href="https://x.com/thebookisclosed/status/1793779204871553128">Recall is enabled by default, according to The Verge’s Tom
Warren.</a>
Microsoft claims it is opt-in. We need to wait and see which one.</li>
<li>While Windows may process and store your Recall data offline,
there’s nothing to stop Microsoft from running not-so-private
telemetry on it after the fact. This will need to be subject to
experimentation.</li>
<li>Microsoft has a problem with
<a href="https://pluralistic.net/2023/01/21/potemkin-ai/#hey-guys">enshittifying</a>
Windows by adding advertisements or promoting their own products.
Recall has the potential to be next.</li>
<li><a href="https://doublepulsar.com/how-the-new-microsoft-recall-feature-fundamentally-undermines-windows-security-aa072829f218">Storing this data brings up the possibility that law enforcement
will start requesting it, hackers will steal it, or people will
sabotage
it.</a></li>
<li>The snapshots are not synced to the cloud. Yet.</li>
<li>What is the power draw of the NPU accelerated tasks like Recall?
It’s probably terrible.</li>
</ul>
<p>As someone who has a deep distrust of Microsoft, I don’t recommend
anybody use Recall. The greater problem is how the “choice” of using
Recall or not is handled by Windows. This outrage over the last month is
distraction from real questions people should be asking and where
Microsoft has been light on answers.</p>
<p>We need to wait until Recall becomes generally available so it can be
tested and prove/dispel rumor. The next time you read the news, hold off
on sounding the alarm. Think before you act and as always, just buy a
Mac or install Linux already.</p>
<h1 id="referenced">Referenced:</h1>
<ul>
<li><a href="https://www.youtube.com/watch?v=aZbHd4suAnQ">Microsoft Build 2024 Monday Keynote: Introducing Copilot+ PCs
(Journalists only)</a></li>
<li><a href="https://build.microsoft.com/en-US/sessions/b49feb31-afcd-4217-a538-d3ca1d171198">Microsoft Build 2024 Tuesday
Keynote</a></li>
<li><a href="https://www.lesswrong.com/tag/rokos-basilisk">(Disinformation Warning) The origin of Roko’s
Basilisk</a></li>
<li><a href="https://www.windowscentral.com/software-apps/windows-11/what-is-windows-11-ai-explorer-everything-you-need-to-know-about-microsofts-upcoming-defining-ai-pc-feature">What is Windows 11 ‘AI Explorer’? Everything you need to know about
Microsoft’s upcoming defining AI PC feature - Zac
Bowdin</a>
It’s important to note this information came out before the
announcement and Bowdin says the leakers were insistent the data was
stored locally.</li>
<li><a href="https://www.tiktok.com/@shanselman/video/7371534434736082219">Scott Hanselman’s (VP at Microsoft) TikTok about the local
processing of
Recall</a></li>
<li><a href="https://web.archive.org/web/20160804211026/https://www.cnil.fr/en/windows-10-cnil-publicly-serves-formal-notice-microsoft-corporation-comply-french-data-protection">Windows 10: CNIL publicly serves formal notice to Microsoft
Corporation to comply with the French Data Protection Act within
three months
(Archive)</a></li>
<li><a href="https://www.autoriteitpersoonsgegevens.nl/uploads/imported/public_version_dutch_dpa_informal_translation_summary_of_investigation_report.pdf">Microsoft Windows 10 Home and Pro investigation by the Autoriteit
Persoonsgegevens (Dutch DPA), August
2017</a></li>
<li><a href="https://twit.tv/shows/windows-weekly/episodes/884">Windows Weekly 884 and Paul Thurrott’s angry rant about Recall
sensationalism at
33:57</a></li>
<li><a href="https://x.com/neuralink/status/1770563939413496146">The Neuralink livestream featuring the first patient Noland
Arbaugh</a></li>
<li><a href="https://neuralink.com/blog/prime-study-progress-update-user-experience/">Neuralink’s silent blog post about the setbacks of Arbaugh’s
surgery</a></li>
</ul>
<h1 id="bonus-content">Bonus Content</h1>
<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;">
			<iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube-nocookie.com/embed/Ey_Z_OswJZY?autoplay=0&amp;controls=1&amp;end=0&amp;loop=0&amp;mute=0&amp;start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"></iframe>
		</div>

<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;">
			<iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube-nocookie.com/embed/9e6a6x41jMQ?autoplay=0&amp;controls=1&amp;end=0&amp;loop=0&amp;mute=0&amp;start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"></iframe>
		</div>

<h1 id="track-listing">Track Listing</h1>
<ul>
<li><a href="https://dova-s.jp/bgm/play4655.html">KK - ordinary landscape
(いつもの風景)</a></li>
<li><a href="https://dova-s.jp/bgm/play20437.html">Kurippu (くれっぷ) - Skip of the Beginning
(始まりのスキップ)</a></li>
<li><a href="https://dova-s.jp/bgm/play12652.html">Moppy Sound (もっぴーさうんど) -
Escort</a></li>
<li><a href="https://dova-s.jp/bgm/play10961.html">Sharou (しゃろう) - Weekend Kyoto Reality Escape
(週末京都現実逃避)</a></li>
<li><a href="https://dova-s.jp/bgm/play16623.html">yuhei komatsu - Holiday</a></li>
<li>Outro: <a href="https://soundcloud.com/khaimmusic/free-neon-lamp-charlie-puth-x-bruno-mars-type-funky-guitar-pop-instrumental/s-uqEQff1liFX">Khaim - Neon
Lamp</a></li>
</ul>
]]></content:encoded>
    </item>
    <item>
      <title>Setting up a Pixel Tablet with GrapheneOS for My Mom</title>
      <link>https://trafotin.com/v/pixel-tablet/</link>
      <pubDate>Mon, 25 Mar 2024 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/pixel-tablet/</guid>
      <description>I helped my mom set up GrapheneOS on the Google Pixel Tablet. Are Android tablets ready now?</description>
      <content:encoded><![CDATA[

<div style="position: relative; padding-top: 56.25%;"><iframe title="Setting up a Pixel Tablet with GrapheneOS for My Mom" width="100%" height="100%" src="https://spectra.video/videos/embed/2841d5fe-dacd-4f54-b60e-d232b1e86184?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://youtube.com/watch?v=_-CAaJOnN_c"  >
	
YouTube

</a>
</button>
</center>

<p>Today, I’m here to talk about my mother. My mom has also been looking to
downsize the amount of technology in her life. My mom daily drives an
iPhone and has for a long time, but has no concern for the Apple
ecosystem. My dad still handles most of the tax collecting duties and my
mom has also completely dropped using a computer altogether and only
uses her iPhone. After all, most things are done in a web browser just
fine.</p>
<p>But as my parents starting to get up there in the years and their senses
are start to get weaker. My mom in particular has wanted a device with a
screen larger than her iPhone and initially suggested an iPad. Not
wanting her to fall deeper into the Apple ecosystem, I pushed her to get
<a href="https://store.google.com/us/product/pixel_tablet">Google’s first generation Pixel
Tablet</a>. You have the
ability to use a tablet fully free of the Google ecosystem through
GrapheneOS and a mobile device with more software longevity than an
iPad. Google has had a rough reputation with Android tablet support, but
have leapt into action to try to catch up to iPads. So going in, I’m
going to be focusing on the Android Tablet experience for a “normal”
user–my mom.</p>
<p>I do a lot of paranoid things with my own devices, but the priority is
for my mom to what she needs done done; open source and respect for her
privacy are secondary priorities. Don’t get too excited about a hardware
review because there isn’t a whole lot to say.</p>
<p><em>As a reminder, I receive nothing from Google except your ad revenue (if
you watch the video on YouTube). The tablet was bought at a Best Buy
with my parents’ retirement fund.</em></p>
<h1 id="hardware">Hardware</h1>
<p>The Pixel Tablet comes in a large box with the “charging speaker dock,”
some manuals, and the tablet itself. In terms of hardware, the Pixel
Tablet uses and shares similarities to Samsung’s Galaxy Tab. A
difference is the Pixel Tablet uses the Exynos chip, which Samsung
appears to be returning to with their phones.</p>
<p>If wasn’t clear by the video footage, the Pixel Tablet isn’t very
visible in bright lighting conditions. The display is quite capable, but
not ideal. It works great in dark environments like during the evening,
but leaves a bit to be desired during the day.</p>
<p>On the charging speaker dock, it’s an interesting idea, but the speakers
are kind of middling. There is also no charging cable included, so you
will need to provide your own. When charging the tablet, the tablet
comes with dots which allows you to magnetically attach it to the dock.
The magnets are pretty sensitive, so you have to make sure the dots are
properly aligned or you risk the tablet falling. She also purchased <a href="https://www.amazon.com/dp/B0CF5NT3PF">a
synthetic leather Fintie case from
Amazon</a>.</p>
<p>In terms of hardware, the Pixel Tablet is pretty unremarkable, but not
overtly cheap. The price comes in at $500, frequently discounted 1 year
in. In some ways, the Pixel Tablet provides a worse app experience than
an iPad, but outperforms an iPad in offering more freedom and features
Apple refuses to give users.</p>
<h1 id="grapheneos">GrapheneOS</h1>
<p>The very first thing that I did was install GrapheneOS. On this tablet.
However, one thing I want to make obvious is my mom is not a technical
user–far from it actually. I chose to use GrapheneOS because of the
security features, but also the “extended” support cycle. Since moving
away from Qualcomm, Google has extended their hardware to <a href="https://support.google.com/googlepixeltablet/answer/13399216">3 years of
feature updates (or Pixel Feature Drops) and 5 years of security
updates</a>.
After June 2028, the Pixel OS will be out of support and ROMs like
<a href="https://grapheneos.org/">GrapheneOS</a> <del>and
<a href="https://calyxos.org/">CalyxOS</a></del> will be the top picks. GrapheneOS is the
winner for me because of their frequent updates and the constant
innovation of features to making Android better, including <a href="https://grapheneos.social/@GrapheneOS/112056847328196636">assisting
Google and the Android community in detecting serious vulnerabilities
and bugs</a>.</p>
<p>There are some post installation steps you can do, which I never touched
on in <a href="/v/grapheneos/">my original GrapheneOS video</a>. I want to cover
some of GrapheneOS’s extra apps and features.</p>
<p>Following the <a href="https://grapheneos.org/install/web">esoteric guide on GrapheneOS’s
website</a> (seriously, this thing is
way too technical for normal people) and used my Pixel 7 Pro as the
installation device. I jacked in with a USB-C cable and pressed all the
buttons the installer told me to.</p>
<p>If you don’t have another Android device, you will need to use one of
the supported operating systems, download the <a href="https://developer.android.com/studio">Android debugging
bridge</a> from Google’s website or
from a supported Linux distro’s repos, and the Chromium browser from
their list. Then you enter what is basically a cheat code to unlock the
bootloader and click 3 buttons.</p>
<p>The installation took about 20 minutes, but at the end, the Google was
ripped out and GrapheneOS was in. Afterwards, you follow more
<a href="https://grapheneos.org/install/web#post-installation">post-installation
steps</a>.</p>
<h2 id="the-grapheneos-app-store">The GrapheneOS App Store</h2>
<p>GrapheneOS comes with an app store for independently updating their
secure Camera, PDF Viewer, the default Vanadium browser, and the
Auditor.</p>
<p>Separate from the stock apps, GrapheneOS includes downloads for various
Google products compatible with GrapheneOS: Android Auto, Markup, and
the Play Store. Typically, Google’s apps get much more visibility into
your device and could potentially use this to collect more information
about you.</p>
<p>GrapheneOS levels the playing field by forcing these apps to be
installed and treated as normal apps you might download from another app
store. They don’t get the special access, but are still able to do what
most people expect them to do.</p>
<h2 id="google-play-store">Google Play Store</h2>
<p>Unlike other Android ROMs, GrapheneOS provides <a href="https://grapheneos.org/usage#sandboxed-google-play">a fully functional copy
of the Google Play
Store</a>. This is the
standard of way of getting apps on Android, but also necessary for
specific services. For example, when you use apps that receive
notifications, most apps call for the Google services because it’s more
battery efficient.</p>
<ul>
<li>To download the Play Store, you need to download all of the
pre-requisite libraries. At the end, you should only get the Play
Store available. The Play Store and the Google services are required
if you wish to use Android Auto.</li>
<li>Some apps require Google services in order to function properly.
Others will have features missing, like passkey support or specific
banking apps. Great resources for seeing app performance are
Techlore’s <a href="https://plexus.techlore.tech/">Plexus</a>, which documents
various apps with(out) Google services and <a href="https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/">PrivSec’s list of
working banking
apps</a>.</li>
<li>There are some apps like Tuta or Signal, which do not use Google’s
services and provide a redundant service instead for privacy
reasons.</li>
</ul>
<h1 id="usage">Usage</h1>
<p>Using an Android tablet like the Pixel Tablet is pretty similar to
running an Android phone, but there are some differences. My mom also
has very different uses than most of the target audience of something
like GrapheneOS–she needs to use all of the spyware apps in her life.</p>
<h2 id="user-profiles">User Profiles</h2>
<p>A feature Android possesses is user profiles. User profiles allow
Android users to have a separate profile where they can store data or
install things separate from their main profiles. User profiles are
similar to users on computers.</p>
<p>On most Android ROMs, you are limited to 4, but GrapheneOS bumps this
limit up to 32 and makes various enhancements to these profiles,
including a secure “end session” feature, which shuts down all running
apps.</p>
<p>While not typically seen as a business device, using a profile is much
more valuable when a tablet is a family device. Suppose my dad wants to
use the Pixel Tablet. He can create a user profile for himself to
install apps just for him, completely separate from my mom. My mom is
also given the “owner” account, which allows her to retain full control
of the Pixel Tablet. What if you have a child who want to hop in on the
latest mobile game? You can install the game in a separate profile so
the game doesn’t get access to all my personal app data.</p>
<h2 id="to-google-or-not">To Google or Not?</h2>
<p>My mom has very specific needs and uses her tablet only for using
streaming services and social media apps. This already encompasses a
wide variety of apps like YouTube, Netflix, and Amazon Prime.</p>
<p>As a result, I linked her Google account to the Tablet and we got the
Play Store up and running. YouTube requires Google services to function,
plus my mom was just going to sign in anyway.</p>
<p>I said earlier that GrapheneOS locks these apps down more, but they are
still very much functional. This includes spying on you, so with higher
threat models, Google Services will still capture your notifications.
Google account information is also kept if you choose to login, so it
would be prudent to disable your advertising ID.</p>
<h3 id="disable-your-advertising-id-grapheneos">Disable your advertising ID (GrapheneOS)</h3>
<p>hidden=&quot;&quot;</p>
<p>In the Settings app, navigate to Apps &gt; Sandboxed Google Play &gt;
Google Settings &gt; Ads &gt; Delete advertising ID</p>
<h2 id="android-tablet-support-exists">Android Tablet Support Exists…</h2>
<p>When I set up the Pixel Tablet last year, my mom and I came across our
biggest hurdle–incompatible apps. The long and short is despite the
budding interest in Android tablets, not every app will work with
Android tablets properly, if even at all.</p>
<h3 id="fixing-the-aspect-ratio">Fixing the Aspect Ratio</h3>
<p>Similar to iPads, some apps like Reddit are limited to a phone-like
window to preserve the app’s intended aspect ratio. If you are bothered
by this, Android 14+ allows you to stretch these apps to match your
tablet’s screen ratio. It’s pretty seamless.</p>
<h3 id="early-woes-with-signal">Early Woes with Signal</h3>
<p>Thankfully, I have convinced a good portion of my family to adopt the
secure messaging app <a href="https://signal.org/">Signal</a>. However, when we
first got the Pixel Tablet, there was a major issue: Signal would not
work on Android tablets at all. Today, Signal works flawlessly on
Android tablets, but this was not always the case.</p>
<p>With Signal in particular, there was a workaround I found that worked. I
installed <a href="https://molly.im/">Molly</a> using their F-Droid mirror. Molly
is a fork of Signal Android client that implements some anti-forensic
features not present in Signal. For a long time, Molly was the only way
to use Signal’s service on an Android tablet.</p>
<p>Molly is generally a day behind Signal with updates (which is pretty
reasonable) and I personally prefer the main Signal app as using Molly
requires you trust their developers in addition to Signal’s. Molly is
also great if you need to access more than one Signal account on a
single Android profile.</p>
<p>While Signal works today, I feel it is too much friction to get my mom
to switch away from Molly.</p>
<h3 id="airpods-on-android">AirPods on Android</h3>
<p>As an Apple refugee, my mom has 2nd generation AirPods as her headphones
of choice. However, as Apple products, controlling them without an Apple
device is difficult. I discovered a project by <a href="https://github.com/adolfintel">Frederico
Dossena</a> (the creator of
<a href="https://librespeed.org/">LibreSpeed</a>) called
<a href="https://f-droid.org/packages/com.dosse.airpods/">OpenPods</a>. It lets you
control your AirPods, gives connection notifications, and monitor their
battery life of both ears.</p>
<p>OpenPods must be downloaded from F-Droid as they were mysteriously
banned from the Play Store.</p>
<h3 id="viki--vanadium">Viki &amp; Vanadium</h3>
<p>In the United States, there’s been a surge in people seeking to stream
Korean dramas and my mom is no exception. The most popular app to watch
K-dramas is an app called <a href="https://www.viki.com/">Viki</a>. However, Viki
is incompatible with Android tablets and they still refuse to make a
compatible app.</p>
<p>The solution was actually fairly simple–using a web browser. Using a web
browser is not only possible, but we can also create a home screen
shortcut so it can be used similar to an app. However using a web
browser opens up the can of worms that is browser choice.</p>
<p>GrapheneOS’s default browser,
<a href="https://grapheneos.org/features#vanadium">Vanadium</a>, supports Google’s
Widevine DRM. GrapheneOS also takes your connection to Google’s DRM and
puts it through a proxy to limit what Google can collect about you.</p>
<p>The one disappointment with Vanadium doesn’t support blocking static or
cosmetic ads and I really do not want my mom clicking on malicious ads.
Instead, my mom uses <a href="https://brave.com/">Brave</a>. I know there are some
who swear by Vanadium, but Vanadium has weaker fingerprinting protection
and content blocking. Brave is the only other browser endorsed by
GrapheneOS and my second choice anyway.</p>


<center>
<blockquote class="mastodon-embed" data-embed-url="https://grapheneos.social/@GrapheneOS/111966180001152300/embed" style="background: #FCF8FF; border-radius: 8px; border: 1px solid #C9C4DA; margin: 0; max-width: 540px; min-width: 270px; overflow: hidden; padding: 0;"> <a href="https://grapheneos.social/@GrapheneOS/111966180001152300" target="_blank" style="align-items: center; color: #1C1A25; display: flex; flex-direction: column; font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Oxygen, Ubuntu, Cantarell, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', Roboto, sans-serif; font-size: 14px; justify-content: center; letter-spacing: 0.25px; line-height: 20px; padding: 24px; text-decoration: none;"> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32" height="32" viewBox="0 0 79 75"><path d="M74.7135 16.6043C73.6199 8.54587 66.5351 2.19527 58.1366 0.964691C56.7196 0.756754 51.351 0 38.9148 0H38.822C26.3824 0 23.7135 0.756754 22.2966 0.964691C14.1319 2.16118 6.67571 7.86752 4.86669 16.0214C3.99657 20.0369 3.90371 24.4888 4.06535 28.5726C4.29578 34.4289 4.34049 40.275 4.877 46.1075C5.24791 49.9817 5.89495 53.8251 6.81328 57.6088C8.53288 64.5968 15.4938 70.4122 22.3138 72.7848C29.6155 75.259 37.468 75.6697 44.9919 73.971C45.8196 73.7801 46.6381 73.5586 47.4475 73.3063C49.2737 72.7302 51.4164 72.086 52.9915 70.9542C53.0131 70.9384 53.0308 70.9178 53.0433 70.8942C53.0558 70.8706 53.0628 70.8445 53.0637 70.8179V65.1661C53.0634 65.1412 53.0574 65.1167 53.0462 65.0944C53.035 65.0721 53.0189 65.0525 52.9992 65.0371C52.9794 65.0218 52.9564 65.011 52.9318 65.0056C52.9073 65.0002 52.8819 65.0003 52.8574 65.0059C48.0369 66.1472 43.0971 66.7193 38.141 66.7103C29.6118 66.7103 27.3178 62.6981 26.6609 61.0278C26.1329 59.5842 25.7976 58.0784 25.6636 56.5486C25.6622 56.5229 25.667 56.4973 25.6775 56.4738C25.688 56.4502 25.7039 56.4295 25.724 56.4132C25.7441 56.397 25.7678 56.3856 25.7931 56.3801C25.8185 56.3746 25.8448 56.3751 25.8699 56.3816C30.6101 57.5151 35.4693 58.0873 40.3455 58.086C41.5183 58.086 42.6876 58.086 43.8604 58.0553C48.7647 57.919 53.9339 57.6701 58.7591 56.7361C58.8794 56.7123 58.9998 56.6918 59.103 56.6611C66.7139 55.2124 73.9569 50.665 74.6929 39.1501C74.7204 38.6967 74.7892 34.4016 74.7892 33.9312C74.7926 32.3325 75.3085 22.5901 74.7135 16.6043ZM62.9996 45.3371H54.9966V25.9069C54.9966 21.8163 53.277 19.7302 49.7793 19.7302C45.9343 19.7302 44.0083 22.1981 44.0083 27.0727V37.7082H36.0534V27.0727C36.0534 22.1981 34.124 19.7302 30.279 19.7302C26.8019 19.7302 25.0651 21.8163 25.0617 25.9069V45.3371H17.0656V25.3172C17.0656 21.2266 18.1191 17.9769 20.2262 15.568C22.3998 13.1648 25.2509 11.9308 28.7898 11.9308C32.8859 11.9308 35.9812 13.492 38.0447 16.6111L40.036 19.9245L42.0308 16.6111C44.0943 13.492 47.1896 11.9308 51.2788 11.9308C54.8143 11.9308 57.6654 13.1648 59.8459 15.568C61.9529 17.9746 63.0065 21.2243 63.0065 25.3172L62.9996 45.3371Z" fill="currentColor"/></svg> <div style="color: #787588; margin-top: 16px;">Post by @GrapheneOS@grapheneos.social</div> <div style="font-weight: 500;">View on Mastodon</div> </a> </blockquote> <script data-allowed-prefixes="https://grapheneos.social/" async src="https://grapheneos.social/embed.js"></script>
</center>


<p><em>I’d be open to exploring <a href="https://nextdns.io/">NextDNS</a> in the future,
but have not had adequate time to test whether the free plan would work
with my mom or not. If it doesn’t, I would have to pay and have her
piggyback off my plan.</em></p>
<h3 id="gboard">Gboard</h3>
<p>I installed Gboard, the stock Google keyboard and the keyboard for the
Pixel Tablet’s stock ROM. I disabled the internet connection for the app
to limit Google’s data collection. As much as I like GrapheneOS, the
AOSP keyboard is borderline unusable. Since my mom uses Google services
anyway, I figured it would be a better experience.</p>
<h1 id="misc">Misc</h1>
<ul>
<li>There’s a phone app in GrapheneOS’s Tablet ROM. The Pixel Tablet
can’t use eSIMs or a SIM card, so I don’t know why this is here.</li>
<li>I enabled button navigation opposed to gesture navigation. My mom
has a strong preference for buttons.</li>
<li>I disabled all touch/tap sounds. My mom is so angry whenever my dad
types on his phone.</li>
<li>Adaptive brightness can sometimes be very aggressive.</li>
</ul>
<h1 id="should-you-buy">Should you buy?</h1>
<p>After 5 months with the Pixel Tablet, my mom has been very satisfied
with its performance and rarely commented on the differences of
GrapheneOS. It very much is the stripped down Android experience for the
vast majority of people, but they will need help setting it up, whether
it’s a custom ROM like GrapheneOS or because of lack of app support.</p>
<p>Setting up a custom Android ROM is not overly difficult, but if you
don’t have that knowledge, it can difficult. While GrapheneOS has made
lots of great changes to make the installation experience pretty
painless, it could stand to hold the less technical user’s hand a little
bit. Most people will see the wall of text on that installation page and
lose their minds. In my mind, unless you set up GrapheneOS or CalyxOS,
the Pixel Tablet isn’t worth your time.</p>
<p>There’s also the issue of identifying problematic apps because Android
tablets have been treated like third-class citizens for years. The
Android tablet app experience leaves a bit to be desired, complicated
more by the “fragmentation” of the Android ecosystem. If you won’t
install a custom ROM or you have apps you know will not work, you’d
probably be better off with the tried and true iPad.</p>
<p>I think that if you are willing to learn and follow that ultra-technical
guide on GrapheneOS’s website, the Pixel Tablet is the best choice for
you for a tablet device that respects your privacy, freedom, and
ownership of the device. This, combined with user profiles, proper
split-screen, and freedom to use alternate app stores are all amazing
reasons to consider a Pixel Tablet. It would also be cool to see if
Google keeps making tablets and what the next generation has in store.</p>
<h1 id="summary">Summary</h1>
<p>🚫 Not recommended, due to poor Android tablet compatibility and <a href="https://www.androidauthority.com/pixel-tablet-2-canceled-3502094/">Google discontinuing future prospects</a> for this form factor (but will continue device security updates until 2028). Installing GrapheneOS is necessary to last beyond end of life, but not encouraged.</p>
<h2 id="pros">Pros</h2>
<ul>
<li>Allows installation of a custom OS (GrapheneOS)</li>
<li>Best choice for Android tablets in terms of updates (5 years of
support), legacy support on custom ROMs</li>
<li>Tablet experience offers things Apple will not: calculator, split
screen, user profiles, third party app stores</li>
<li>Good performance</li>
<li>Great as media or emulation device</li>
</ul>
<h2 id="cons">Cons</h2>
<ul>
<li>Comes with privacy invasive stock OS</li>
<li>Android tablet experience (while functional for most) leaves a bit
to be desired</li>
<li>Screen does not perform well in bright conditions</li>
<li>No headphone jack</li>
<li>Forces you to buy a gimmick speaker dock with a proprietary cable
and does not include a USB-C charger</li>
</ul>
<h1 id="track-listing">Track Listing</h1>
<ul>
<li><a href="https://dova-s.jp/bgm/play9965.html">kinono - Peaceful Days
(平穏な日々)</a></li>
<li><a href="https://dova-s.jp/bgm/play12439.html">Sharou (しゃろう) - 10°C</a></li>
<li><a href="https://dova-s.jp/bgm/play4656.html">KK - Oya oya (おやおや)</a></li>
<li><a href="https://dova-s.jp/bgm/play098.html">Takashi Waraya (稿屋 隆) - Cats
(カッツェ)</a></li>
<li>Outro: <a href="https://soundcloud.com/khaimmusic/free-neon-lamp-charlie-puth-x-bruno-mars-type-funky-guitar-pop-instrumental/s-uqEQff1liFX">Khaim - Neon Lamp</a></li>
</ul>
]]></content:encoded>
    </item>
    <item>
      <title>Firefox</title>
      <link>https://trafotin.com/v/firefox/</link>
      <pubDate>Wed, 22 Nov 2023 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/firefox/</guid>
      <description>&lt;div style=&#34;position: relative; padding-top: 56.25%;&#34;&gt;&lt;iframe title=&#34;Installing Firefox... With Custom Profiles!&#34; width=&#34;100%&#34; height=&#34;100%&#34; src=&#34;https://spectra.video/videos/embed/5e31914e-3119-4ded-ab93-af08f36eae3c?subtitle=en&#34; frameborder=&#34;0&#34; allowfullscreen=&#34;&#34; sandbox=&#34;allow-same-origin allow-scripts allow-popups allow-forms&#34; style=&#34;position: absolute; inset: 0px;&#34;&gt;&lt;/iframe&gt;&lt;/div&gt;


&lt;center&gt;
&lt;button class=&#34;button button1&#34;&gt;
&lt;a  href=&#34;https://youtube.com/watch?v=OGC5CwEgr_g&#34;  &gt;
	
YouTube

&lt;/a&gt;
&lt;/button&gt;
&lt;/center&gt;

&lt;p&gt;Firefox is one of the longest living browsers still with us today (good
riddance Internet Explorer) and is arguably the most customizable
browser when comes to protecting your privacy. I have made lots of
videos about Firefox, but lots has changed to Firefox since then and I
want to take my time to take a step back to review the basics, update
some of the configuration files I have, and why I still use Firefox as
my daily browser.&lt;/p&gt;</description>
      <content:encoded><![CDATA[

<div style="position: relative; padding-top: 56.25%;"><iframe title="Installing Firefox... With Custom Profiles!" width="100%" height="100%" src="https://spectra.video/videos/embed/5e31914e-3119-4ded-ab93-af08f36eae3c?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://youtube.com/watch?v=OGC5CwEgr_g"  >
	
YouTube

</a>
</button>
</center>

<p>Firefox is one of the longest living browsers still with us today (good
riddance Internet Explorer) and is arguably the most customizable
browser when comes to protecting your privacy. I have made lots of
videos about Firefox, but lots has changed to Firefox since then and I
want to take my time to take a step back to review the basics, update
some of the configuration files I have, and why I still use Firefox as
my daily browser.</p>
<h1 id="browser-battles">Browser Battles</h1>
<p>The undisputed point is Firefox is Mozilla has always been at odds with
the current browser at the time (Netscape in the old days and now
Chromium). Firefox has also become the heart of many important open
source projects: Thunderbird, the Tor Browser, Web Assembly, and nss.</p>
<p>Mozilla has diverged from many other browser makers because of their
nonprofit status and has been more proactively for the end user than
many other web browsers.</p>
<ul>
<li>It’s easier to switch your default search engine in Firefox and
access multiple search engines in the address bar.</li>
<li>It’s easier to change it to the default browser on Windows 11.</li>
<li>Firefox has one of, if not the most, robust screenshooting utilities
in a web browser, full stop.</li>
<li>Also has a built-in color picker and my favorite developer mode.</li>
<li>Firefox has also been faster to accept hardware acceleration on
Linux and macOS than Chromium has. For example, Firefox’s initial
Apple Silicon support was much better than Chromium’s, as they got
the secret sauce directly from Apple. Similarly, Wayland support on
Linux is much stronger than Chromium.</li>
<li>Firefox also offers Total Cookie Protection, blocking websites from
viewing your other websites by further isolating the cookie jar.</li>
</ul>
<p>Mozilla has also been much more forgiving in regards to the dreaded
C-word, and you know, the C-word that blocks things on websites. That’s
right, I’m talking about cont—Containers to compartmentalize multiple
logins and data. Want to stay logged into work and personal accounts at
the same time? Firefox Containers have you covered!</p>
<p>Unlike Chromium, Mozilla has been much more of ManifestV2, soon to be
replaced by ManifestV3. To be fair, ManifestV3 is absolutely a security
win: browser extensions will be much more limited in what they can do.
This comes at the drawback of traditional content blockers not being as
good as they used to be die to rule limits of 500,000, far too low for
most common content blockers.</p>
<p>Mozilla’s response to this has been to continue support for ManifestV3,
especially because of the number 1 most downloaded extension on Firefox
that starts with the letter U. The bottom line is this: Chromium is
largely maintained by companies that rely on surveillance capitalism and
have incentive to neuter content blockers. Firefox doesn’t and is able
to users this choice.</p>
<p>Unfortunately, most people fall victim to the tyranny of the default.
The decline of Firefox has been obvious for multiple reasons.</p>
<ul>
<li>Firefox has little mobile market share. By default, phone users are
presented Google Chrome on Android and Safari on iPhone. Even if you
do install it, it’s a crippled browser. It’s also more insecure, but
that’s a topic for another day.</li>
<li>Most browsers are based on Chromium, which is for the most part
largely controlled by Google. Lack of browser competition among
giants is harmful for users in the long run.</li>
</ul>
<p>That also doesn’t even account for Firefox has some cheap imitators. I
would advise you stay away from most of them. A lot of them struggle to
receive updates in a timely manner.</p>
<h1 id="installing-firefox">Installing Firefox</h1>
<p>Installing Firefox is about what you’d expect: visit your software store
or Mozilla’s FTP server to get it and avoid the unique identifier
planted in the installer. If you are on Mac, consider using homebrew.</p>
<h2 id="special-note-for-windows-users">Special Note for Windows Users</h2>
<p>An important thing to note is Windows users are going to need to take
some extra steps:</p>
<ol>
<li>While you can download Firefox from the Microsoft Store (not
winget), this version doesn’t include various hacks to automatically
set Firefox as your default browser when you ask it to. This is
because Microsoft hates your freedom, plain and simple. The primary
benefit of using the Microsoft Store is to get UWA apps, which
Mozilla isn’t anyway.</li>
<li>Firefox installs a scheduled task to constantly check if Firefox is
your default web browser. Mozilla, it’s none of your beeswax what I
use as my default browser. Go into Task Scheduler and delete it.</li>
</ol>
<h1 id="profile-manager">Profile Manager</h1>
<p>Now you have Firefox and we’re going to configure it, right? Hold your
horses there sport! We’re going configure profiles. While not as easy to
use or as forward facing as Chromium, Firefox supports profiles to
separate different identities and configurations of Firefox. I’m going
to cover some in a future video, but it’s all about ensuring we only use
one browser that we know works in various different ways.</p>
<p>First, you have to run a Firefox command, then we can append an argument
to open the profile selector by default. This varies based on operating
system. In the video, I cover Linux and Windows, but the principal is
the same on macOS as it is on Linux.</p>
<h2 id="windows">Windows</h2>
<pre><code>C:\Program Files\Mozilla Firefox\firefox.exe -p
</code></pre>
<h2 id="macos">macOS</h2>
<p>Make sure you open Firefox normally first to bypass Gatekeeper prompts.
Then you can create an alias with the following:</p>
<pre><code>/Applications/Firefox.app/Contents/MacOS/firefox -p
</code></pre>
<h2 id="linux">Linux</h2>
<p>If you are on Linux, consider using the snap package on Ubuntu or the
Flatpak if you don’t use Ubuntu.</p>
<ul>
<li><strong>Snap/Flatpak:</strong> Both the snap and Flatpak are maintained by
Mozilla’s developers. The snap and Flatpak are also sandboxed, so
you can configure permissions using Snap Store or Flatseal.</li>
<li><strong>Your distro’s native package:</strong> While behind on updates, native
packages can offer stronger sandboxing than what Flatpak provides.</li>
</ul>
<p>You’ll need to make a decision:</p>
<h3 id="native">Native</h3>
<h4 id="pros">Pros</h4>
<ul>
<li>Stronger security</li>
<li>Can include special fixes for your distro</li>
</ul>
<h4 id="cons">Cons</h4>
<ul>
<li>Slower to deliver security updates and bug fixes</li>
<li>Might not even be available at all due to licensing conflicts</li>
</ul>
<h3 id="snapflatpak">Snap/Flatpak</h3>
<h4 id="pros-1">Pros</h4>
<ul>
<li>Universal package</li>
<li>Officially maintained by Mozilla, no middlemen</li>
<li>Fast updates and bugfixes</li>
</ul>
<h4 id="cons-1">Cons</h4>
<ul>
<li>(Flatpak only, snap untested) Weaker sandboxing and isolation</li>
<li>(Snap only) Requires AppArmor for proper isolation</li>
</ul>
<pre><code># Native/snap
firefox -p
# Flatpak
flatpak run org.mozilla.firefox -p
</code></pre>
<p>Uncheck the box <code>Use the selected profile without asking at startup</code>,
now every time you launch Firefox as such, you will be presented with a
menu to choose which profile you want. The first profile you create is
called <code>default-release</code>, but you can rename it or create a different
one.</p>
<h1 id="stock-firefox">Stock Firefox</h1>
<p>Out of the box, Firefox isn’t all that great. The search engine is a bit
invasive and has sponsored links. Pocket is lurking around at the top.
Mozilla collects telemetry which they never cite as helpful. Rather than
fix this right now, I might get some hate for this, but there’s an
argument to not configure Firefox at all. Configuring Firefox in extreme
ways can cause websites to be much more suspicious of you. You must be
doing something wrong if you used the about:config, obviously!</p>
<p>Keeping a stock Firefox with no configuration is great for a browser
where your anonymity isn’t as important. Services like banks and
critical work or business functions are great examples of this. You
could get on your high horse and say that you are doing your duty by
configuring it, but I would argue it’s not worth the hassle when these
services probably know you by your real name anyway, so it’s not a big
deal.</p>
<h1 id="configuring-firefox-the-easy-way">Configuring Firefox the Easy Way</h1>


<div style="position: relative; padding-top: 56.25%;"><iframe title="The Basics of Configuring Firefox Settings: New Tab Page, Search Engines, Privacy &amp; Security" width="100%" height="100%" src="https://spectra.video/videos/embed/fb778622-ed89-4cff-8052-963566a259de?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<p>Firefox has a lot of configurability, especially when configuring
Firefox offers a lot benefits protecting your privacy, security, and the
occasional weird Mozilla feature. If you’re looking to configure
Firefox, but don’t want to have to deal with the fuss of a user.js file,
this is the place for you!</p>
<h2 id="why-bother">Why bother?</h2>
<p>Firefox has a lot of settings and these are the only ones that most
people have access to! If you haven’t already, I strongly recommend
setting up custom profiles if you haven’t already. I maintain at least 4
Firefox profiles at once, each of them serving a different purpose. I
typically name this profile “PrivacyFox,” because we’re going to
configure Firefox to a minimal degree. Scripts like Arkenfox turn off a
lot of features and while features that break websites are marked, many
others indirectly cause websites to break.</p>
<p>And even if you’re an advanced user and use privacy-hardened Firefox
with a custom user.js and fancy userChrome.css, you still need to be
aware of the GUI settings because scripts like Arkenfox won’t configure
these for you most of the time. They often leave the GUI settings open
for users to configure it themselves.</p>
<p>The benefit is you can customize Firefox to resemble the behavior <em>you</em>
want and you can choose how you want Firefox to look. Unlike most other
browsers, Firefox truly lets you claim it as your own, and no, it won’t
break upon updates unlike Vivaldi!</p>
<p>We’re going roll through all of the default Firefox settings and give a
quick rundown of each one.</p>
<h2 id="home">Home</h2>
<p>You can toggle your homepage by changing it something else. And for the
last time Josiah, I’m not making your homepage Google if you can just
type in the search bar to use Google!</p>
<p>Popular options include:</p>
<ul>
<li>DuckDuckGo</li>
<li>Startpage</li>
<li>Brave Search</li>
<li>Google</li>
<li>Bing</li>
<li>Yandex</li>
<li>Baidu</li>
</ul>
<h2 id="search">Search</h2>
<p>The search settings are where you can configure Firefox’s search engine.
I would be remiss not to tell you that Firefox gets paid millions of
dollars by Google to be the default search engine. There have even been
rumored talks of a bidding war with whether or not Bing would replace
Google as the default. If you have preference for a different search
engine here, you can change it here.</p>
<p>Alternatively, if your search engine is not listed, you can visit your
favorite search engine and right-click on the Address Bar, then click to
add it to these options.</p>
<ul>
<li>Disable “Provide search suggestions”</li>
</ul>
<p>Firefox will also proactively search with autocomplete enabled by
default. This means that anything you type into your Address Bar will be
sent to your search engine provider. I recommend turning this off.</p>
<h2 id="privacy--security">Privacy &amp; Security</h2>
<ul>
<li>Select “Strict” Enhanced Tracking Protection</li>
</ul>
<p>Firefox offers Enhanced Tracking Protection (ETP) against common threats
on the web. It will not protect you from everything, but it’s designed
not to negatively impact your browsing at all, even on Strict.</p>
<p>Navigate to “Address Bar,”</p>
<ul>
<li>Disable “Suggestions from the web”</li>
<li>Disable “Suggestions from sponsors”</li>
</ul>
<p>In America, us Firefox users are pestered with sponsored links in the
autocomplete. Just turn them off.</p>
<ul>
<li>Navigate to “Cookies and Site Data” and select “Delete cookies and
site data when Firefox is closed”</li>
</ul>
<p>Cookies are used to track things across the web like login sessions and
cached information. However, most websites abuse this and use this as a
mechanism to track you.</p>
<blockquote>
<p>[Advertisers] capture the “cookies” that your computer automatically
deposits into your Web browser, creating an indelible of every site
you visit and every page you view, then use that information to send
you personalized advertisements… “Cookies are used by virtually all
commercial websites for various purposes, including advertising,
keeping users signed in and customizing content… Bad as it was to be
stalked by shoes…”</p>
<p><a href="https://www.martinlindstrom.com/our-books/brandwashed/">Martin Lindstrom,
<em>Brandwashed</em></a></p>
</blockquote>
<p>But naturally this leads to a question: how do you stay logged into
accounts you always use and you want the convenience of staying signed
in?</p>
<ul>
<li>Under “Manage exceptions,” you can add an exception by typing in the
site, and selecting “Allow”</li>
<li>Visit the site you want to save your credentials for, then press
<code>Ctrl+i</code> (<code>⌘+i</code> on Mac) Navigate to “Permissions” -&gt; “Set
cookies” -&gt; “Allow”</li>
</ul>
<h2 id="https-only-mode">HTTPS-Only Mode</h2>
<p>Back in the old days, websites thought it was a good idea to use
unencrypted websites, which allow your ISP to snoop on what you do. Most
of these things have been eradicated from the Internet today, but for
those who couldn’t figure out how to do it, you want to be presented
with a full-screen warning to protect your privacy.</p>
<ul>
<li>Enable “HTTPS-Only Mode in all windows”</li>
<li>You can also “Manage Exceptions”</li>
</ul>
<h2 id="dns-over-https">DNS over HTTPS</h2>
<p>DNS over HTTPS (DoH) is one of the newest web standards for secure DNS
connections, which translate your URLs like “trafotin.com” into the
corresponding servers on the internet and IP addresses.</p>
<p>DoH changes the DNS paradigm by using HTTPS packets to call the websites
you want to visit. By using DoH, in junction with encrypted DNS, your
internet service provider can still see sites you visit, but they aren’t
allowed to tamper with any of the content, because yes, they have done
this before.</p>
<p>I previously enabled the US default of Cloudflare’s DoH server as the
default, but I’m taking a step back and letting you guys decide what you
want. I think Cloudflare is a great default and the other, NextDNS, is
also very handy. Other providers like Quad9 offer their own servers.</p>
<h3 id="enable-secure-dns-using">Enable Secure DNS using:</h3>
<p>Lastly, Firefox now has the ability to force all traffic through DoH,
which is really cool. In Chromium and previously in Firefox, DoH would
be the default, but if websites rejected it, it would just fall back to
normal DNS.</p>
<ul>
<li>Select “Increased Protection” or “Max Protection” for DoH.</li>
</ul>
<p>If you select “Max Protection,” if you can’t connect to your DoH
provider or if the connection is routed back, you will get a full screen
warning.</p>
<p>If you are interested in learning more about DNS, I recommend <a href="https://www.irongeek.com/i.php?page=videos/nolacon2019/nolacon-2019-d-03-dns-strategies-for-reducing-data-leakage-protecting-online-privacy-jim-nitterauer">a talk
from Jim Nitterauer about compliance and protecting your privacy with
DNS</a>.</p>
<h2 id="telemetry">Telemetry</h2>
<ul>
<li>Disable “Allow Firefox to send technical and interaction data to
Mozilla”</li>
<li>Disable “Allow Firefox to install and run studies”</li>
<li>Disable “Allow Firefox to send backlogged crash reports on your
behalf”</li>
</ul>
<p>While Firefox is fairly respectful of your rights, one of the things I
am the most suspicious of is their telemetry collection. The telemetry
being opt-in isn’t a crime, but they don’t make it clear whether this
information is useful or not, nor is it published anywhere publicly. It
also doesn’t help that Mozilla places ads everywhere.</p>
<p>Even if you believe Mozilla is in the right, I’m a paranoid weirdo who
would turn it off anyway. If you use an account, Mozilla collects more
information about you and ties it to your Firefox account, so you might
have more reason to turn it off given Firefox accounts demand an email.</p>
<h1 id="customizing-firefox">Customizing Firefox</h1>
<p>Firefox allows users to customize the UI to their liking. For example,
if don’t like the “wide” address bar, you can remove the spaces. If
you’re a front-end dev, you can add the developer tools to the toolbar.
If you want to add back the extension icons to your taskbar, you can pin
them near the puzzle piece icon. Be creative and make Firefox your own.
You can make it look like Chrome, old school Firefox/Opera, or Safari.</p>
<ul>
<li>Right-click on the top bar or window decorations and select
“Customize Toolbar”</li>
</ul>
<h1 id="new-tab">New Tab</h1>
<p>Firefox also allows users to customize the New Tab page, including using
a custom website as one. Still, with the vanilla New Tab page, there are
things to be done.</p>
<ul>
<li>Right-click and unpin all preinstalled shortcuts. These are all
sponsored links for companies who paid to be here.</li>
<li>Gear -&gt; # rows here</li>
<li>Gear -&gt; Sponsored Shortcuts -&gt; Disabled</li>
<li>Gear -&gt; Pocket</li>
</ul>
<h1 id="mullvad-browser">Mullvad Browser</h1>


<div style="position: relative; padding-top: 56.25%;"><iframe title="STOP Using Firefox Forks! Use Mullvad Browser Instead." width="100%" height="100%" src="https://spectra.video/videos/embed/bf36a951-8276-4341-a3b4-89ed06ff93cc?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<p>You could configure Firefox by going through the settings, but the easy
way to get a privacy-hardened Firefox is using the Mullvad Browser.
Since my very first video with Arkenfox, this has been what I consider
the most radical change to Firefox forks. Ordinarily, I never recommend
Firefox forks because most of them have trouble updating in a timely
manner or don’t have a good enough reason to exist.</p>
<h2 id="the-problem-with-firefox-forks">The Problem With Firefox Forks</h2>
<p>The problem with most Firefox forks is you need to not only trust
Mozilla, you need to trust the other people who are touching the fork,
and trust that they will keep it up to date. With something as important
and unfortunately resource heavy like a web browser, you need to ensure
you get updates promptly and most smaller browser forks aren’t able to
do this well.</p>
<h2 id="why-the-mullvad-browser">Why the Mullvad Browser?</h2>
<p>The exception has been the Mullvad Browser. Mullvad Browser doesn’t use
the normal Firefox, but the Extended Support Release or ESR of Firefox.
It’s much slower to adopt features, but the core security and engine of
Mullvad Browser is the same.</p>
<p>In fact, Mullvad Browser was developed in conjunction with the foremost
popular fork of Firefox, the Tor Browser. The Tor Browser has worked
with Mozilla for years to fine tune Firefox against the invasive
practice of surveillance capitalism and protecting your anonymity on the
internet. Mullvad Browser inherits all of the Tor Browser’s work and it
basically the Tor Browser, just no dark web functionality.</p>
<p>Well if you can’t connect to the dark web, what’s the point? Because
Mullvad Browser is perfectly privacy-hardened by default and has all the
extensions you might need in it, you don’t even need to pay for a
Mullvad subscription to use it; you can use it as is. Everyone who uses
Mullvad Browser is now lumped into the same pool of people and if you
use a VPN (commercial, self-hosted, etc), you are now part of the same
army of people using this browser.</p>
<h2 id="limitations-to-the-mullvad-browser">Limitations to the Mullvad Browser</h2>
<p>There are some caveats where you might want to avoid Mullvad Browser:</p>
<ul>
<li>You can&rsquo;t use some newer features of Firefox. Previously this included screenshots, but also things like AI integration and vertical tabs. This is because Mullvad is based on Firefox&rsquo;s extended support release (ESR).</li>
<li>You can’t save logins. All data is deleted upon closing Mullvad
Browser. You run this in Private Browsing/Incognito mode all the
time.</li>
<li>You are stuck with the extensions they give you and you shouldn’t
configure them beyond their default values. In order to blend in,
everyone needs to have the same uBlock Origin settings and the same
NoScript settings.</li>
<li>There are what some would consider bloat features like the Mullvad
extension or the Mullvad Leta search engine, especially if you don’t
use/like Mullvad.</li>
<li>Some websites might not work correctly, because of the Tor Browser
configurations. You can’t watch DRM-protected content for example or
some website elements might not work.</li>
<li>There’s also the pain point of the Mullvad Browser is pretty young
and not as many people use it.</li>
</ul>
<h2 id="the-easy-way-out">The Easy Way Out</h2>
<p>And that’s why I’m recommending it. I’m selfishly recommending it
because it is the easiest way to get privacy-hardened Firefox and you
can join me in the sea of people using it. It’s the newest kid on the
block, so we need to make this pool of people bigger and more normies
use it.</p>
]]></content:encoded>
    </item>
    <item>
      <title>Installing Custom Android ROMs Is Easier Than Ever!</title>
      <link>https://trafotin.com/v/grapheneos/</link>
      <pubDate>Fri, 20 Oct 2023 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/grapheneos/</guid>
      <description>This September, I underwent the experience of installing my first custom Android ROM, installing a customized version of Android on a Pixel 7 Pro. This was my experience.</description>
      <content:encoded><![CDATA[

<div style="position: relative; padding-top: 56.25%;"><iframe title="Installing Android ROMs Is Easier Than Ever!" width="100%" height="100%" src="https://spectra.video/videos/embed/3880d0c4-b38d-41fc-af7b-61ca53835046?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://youtube.com/watch?v=b949BaPnRzw"  >
	
YouTube

</a>
</button>
</center>

<p>Remember the last time I made a video on Android? It was over a year ago
(and on Airguard)! Now that changes. I have right here a Google Pixel 7
Pro, which I pawned off a relative. I mean, if it were me, I would have
waited for the Pixel 8! But this is something I’ve been excited for: an
Android operating system that truly puts your rights first and foremost.
This has now become my daily driver phone and I have never been more
exicted for a Phone since my LG VX-5400! Buckle up guys, Android ROM
flashing time!</p>
<h1 id="what-is-grapheneos">What is GrapheneOS?</h1>
<p>GrapheneOS is a custom Android ROM, but what does that actually mean?
Android ROMs are the same as when you choose to run operating systems on
your computer. Few Android phones grant you the ability to install
custom operating systems and many manufacturers refuse to provide you
such a freedom or will hamper your efforts to run custom Android ROMs.</p>
<p>But why would someone choose to do this? It really comes down to control
or functionality. Since many manufacturers maker it difficult, they are
effectively taking away your freedom to do or run exactly what you want
on your device. It’s important because compared to Apple for example, at
least you are given the choice (on certain phones) to do what you want.</p>
<p>That being said, there are risks and I can’t go without mentioning them.
In the past, installing a custom Android ROM could result in bricking
your phone, but times have changed. As long as you choose to run a
reputable Android ROM, the chances of you bricking your phone are
telegraphed to you. As long as you play it safe and stick to big name
ROMs, it’s hard to mess up.</p>
<h2 id="custom-rom-insecurity">Custom ROM Insecurity</h2>
<p>While I am all about encouraging software freedom and running what you
want on you device, I want to warn you against rooting your device.
Rooting usually gives you as the end user the same ability to run
dangerous command that could your damage your system. “But Trafotin, I
made it this far and I haven’t gotten in trouble yet!” Rooting your
phone has dangerous consequences especially if you are downloading files
outside of the Google Play Store. Sure you can do you get your whiz-bang
battery enhancing apps, but newer innovations prove using an unrooted
device is great. You can install an Android ROM and not be constantly
using your phone with administrative privileges. It’s a bad practice for
computers and it’s just as much a bad practice for phones.</p>
<h1 id="the-grapheneos-solution">The GrapheneOS Solution</h1>
<p>This is why I am firm proponent of GrapheneOS. GrapheneOS is a custom
Android ROM, designed to not compromise on user security while still
respecting your rights. It’s the most robust custom Android ROM, but
that polish comes at a cost. GrapheneOS can only be installed on Google
devices. Google makes the best smart phones when it comes to keeping
your phone up to date and not flooding your phone with crapware that
other Android manufacturers throw in. Inevitably, people will fear
Google kills off their phone line, but I am doubtful that this will
happen. The state of manufacturers providing timely security updates on
Android is so bad Google is willing to go into debt and force their OEMs
to do the same. Sure Google is one of the Big Tech companies, but they
recognize they are responsible for the biggest phone operating system in
the world.</p>
<p>And I know the irony of using a Google phone to get more privacy, but
Google’s phones are legitimately the easiest phones to install custom
Android ROMs on and they have been for years. The entry level devices,
like the Pixel 7a and the Pixel Tablet are less than $500 and pretty
affordable.</p>
<h1 id="installing-grapheneos">Installing GrapheneOS</h1>
<p>So you’re sold on using a custom Android ROM and you have a nice fresh
Google phone. I’m doing this with a Pixel 7 Pro, but all of Google’s
newest product line is compatible with GrapheneOS. I normally recommend
buying a phone on sale, but I got a $200 discount for 4 years of updates
and I wanted a model with an actually decent camera because anyone who
has seen videos filmed with my iPad are atrocious. But how do we install
GrapheneOS?</p>
<p><em>The following entails a guide on how to install GrapheneOS. The project
has been in some drama because their former head developer didn’t like
publishing guides, even if you supply the same or more depth
instructions than on their website.</em></p>
<h1 id="prerequisites">Prerequisites</h1>
<p>I’m not going to get into detail, but the first step is to</p>
<ul>
<li>a Google device that is carrier unlocked</li>
<li>use a computer from one of their supported operating systems to
reduce as much error as possible. This can be a computer or even
another Android phone.</li>
<li>use a Chromium-based browser from the list</li>
<li>connect your Google device with a USB cable and trust the device you
plug it into</li>
</ul>
<p>If you do the computer method, you need to make sure to have the Android
SDK tools. I used a spare computer with Ubuntu and Brave and the
instructions are pretty reliable with Linux and Windows, but pretty
vague overall. If I had criticize the installation process, there could
be a little pulldown menu with some extras instructions.</p>
<h1 id="oem-unlocking">OEM Unlocking</h1>
<p>But that’s the hard part, let’s do something more fun–OEM unlocking.
This is one of the coveted features of Android phones that allow custom
ROMs. But how do we configure this?</p>
<ul>
<li>Go to <em>Settings</em>→<em>About</em>→<em>Build number</em> then smash that button until
you become a developer.</li>
<li>Go to <em>Settings</em>→<em>System</em>→<em>Developer options</em>→<em>OEM unlocking</em>
enabled.</li>
</ul>
<p>You might also need to connect to Wi-Fi at least once.</p>
<h1 id="rebooting">Rebooting</h1>
<p>After you enabled OEM unlocking, you need to turn off the Google device.
In my case, it’s the sleep button and the volume up button at the same
time. This took me more attempts than I would like to admit.</p>
<p>When you turn on the device, then hold the volume down button while the
phone turns on and you get a spooky tiny text menu. This means we are in
business for the hardest step of all…</p>
<h1 id="doing-the-deed">Doing the Deed</h1>
<ul>
<li>Go to your nice Chrome browser and click the button to identify your
Google device and unlock the bootloader.</li>
<li>Click the button to download the corresponding release for your
device.</li>
<li>Click the button to wipe Google off your device. <strong>Do not touch your
device or unplug it while it is working.</strong> It will reboot multiple
times and you know when you succeed when the Google logo shows up,
only for the GrapheneOS logo to jumpcut in front of it just like
having in movies.</li>
</ul>
<p>You still see a hash appear as your phone boots up and compare this with
the hash on GrapheneOS’s website. This ensures you’re running an
official GrapheneOS image.</p>
]]></content:encoded>
    </item>
    <item>
      <title>Trafotin Watches: Meta Connect 2023</title>
      <link>https://trafotin.com/v/trafotin-watches-meta-connect-2023/</link>
      <pubDate>Fri, 06 Oct 2023 00:00:00 +0000</pubDate>
      <guid>https://trafotin.com/v/trafotin-watches-meta-connect-2023/</guid>
      <description>Zuckerberg is back with some new AI chicanery! Cheaper VR headsets, glasses souped up with their AI assistant, and the desperation for his products to be loved by literally anyone.</description>
      <content:encoded><![CDATA[

<div style="position: relative; padding-top: 56.25%;"><iframe title="Trafotin Watches: Meta Connect 2023" width="100%" height="100%" src="https://spectra.video/videos/embed/6fb8c03f-ab01-4a2c-8b34-f5e7eb141d17?subtitle=en" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>


<center>
<button class="button button1">
<a  href="https://youtube.com/watch?v=SVzeormmjfo"  >
	
YouTube

</a>
</button>
</center>

<p>Zuckerberg is back with some new AI chicanery! Cheaper VR headsets,
glasses souped up with their AI assistant, and the desperation for his
products to be loved by literally anyone.</p>
<h1 id="takeaways">Takeaways</h1>
<ul>
<li>All Facebook products are now equipped with an AI assistant powered
by ChatGPT and with the likeness of celebrities. They will weirdly
react as you read your prompt.</li>
<li>Posts and DMs can now be composed by AI. Just in case you thought
the latest post from grandpa was real.</li>
<li>Instagram now has AI picture filters.</li>
<li>The Meta Quest is now more affordable. It’ll still spy on you of
course.</li>
<li>You get to play your 2008 looking games on your Quest, but that’s
about it. Since the games must designed with the Quest in mind, it’s
likely it will stagnate.</li>
<li>Partnering with Ray-Ban, Facebook has engineered camera glasses and
no doubt will humiliate streamers, let creepers creep, and grant
Facebook the ability to data harvest your vision.</li>
<li>Llama and other Facebook products received improvements stolen from
other open-source learning models.</li>
</ul>
<h1 id="referenced">Referenced:</h1>
<ul>
<li><a href="https://x.com/elonmusk/status/1671364992665264131">Elon Musk “promises” to fight
Zuckerberg</a></li>
<li><a href="https://www.amnesty.org/en/latest/news/2022/09/myanmar-facebooks-systems-promoted-violence-against-rohingya-meta-owes-reparations-new-report/">Facebook helped instituionalize violence against a religious
minority in
Myanmar</a></li>
<li><a href="https://youtu.be/AMN10c4NO2o">Christopher Wylie, the Cambridge Analytica whistleblower, is
interviewed by UK Parliament</a></li>
<li><a href="https://www.cbsnews.com/news/facebook-whistleblower-frances-haugen-misinformation-public-60-minutes-2021-10-03/">Frances Haugen accuses Facebook of prioritizing incendiary posts
for
profit</a></li>
<li><a href="https://www.instagram.com/p/BYmE4O-Dc4g">A picture of Zuck with his third
daughter</a></li>
<li><a href="https://www.instagram.com/p/COq6ziphDJm">Zuck with his other 2 kids and
Priscilla</a></li>
<li><a href="https://youtu.be/xK0RwubFi-U">Zuck tries to spin privacy into his companies and fails horribly,
F8 2019 Keynote</a></li>
<li><a href="https://www.facebook.com/Meta/videos/1038522214125952">Meta Connect 2023
Keynote</a></li>
</ul>
]]></content:encoded>
    </item>
    <item>
      <title>Telemetry Is Bad: A Measured Response</title>
      <link>https://trafotin.com/v/telemetry/</link>
      <pubDate>Thu, 03 Aug 2023 17:34:21 -0500</pubDate>
      <guid>https://trafotin.com/v/telemetry/</guid>
      <description>&lt;p&gt;&lt;em&gt;T-E-L-E-M-E-T-R-Y! What does that spell? EVIL!!!&lt;/em&gt; Hey guys, it&amp;rsquo;s that guy who can&amp;rsquo;t talk about the news on time! Corporations are all collecting data about you, most of the time covertly! Time to grab those tinfoil hats because it&amp;rsquo;s time to raise our pitchforks and get ready to rumble! But hang on, before you go light your torches, I want to take a step back and view real world telemetry for what it is. We&amp;rsquo;re going to be diving into privacy policies, source code, and how telemetry can affect your privacy and if it can be done ethically.&lt;/p&gt;</description>
      <content:encoded><![CDATA[<p><em>T-E-L-E-M-E-T-R-Y! What does that spell? EVIL!!!</em> Hey guys, it&rsquo;s that guy who can&rsquo;t talk about the news on time! Corporations are all collecting data about you, most of the time covertly! Time to grab those tinfoil hats because it&rsquo;s time to raise our pitchforks and get ready to rumble! But hang on, before you go light your torches, I want to take a step back and view real world telemetry for what it is. We&rsquo;re going to be diving into privacy policies, source code, and how telemetry can affect your privacy and if it can be done ethically.</p>
<h1 id="case-1-windows-10">Case 1: Windows 10</h1>
<p>Windows telemetry can&rsquo;t be turned off and you only get 2 options: Full and Basic. No matter which version of Windows you use, <a href="https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services">the GUI won&rsquo;t give you a way to deal with this</a>. You can use Group Policy Editor of course, but in order for you to get access to the real Group Policy Editor, you need Windows 11 Pro or higher and pay through the nose to get.</p>
<p>Telemetry collected in both cases appears to be useful, but it&rsquo;s ruined by the ethical quandary. Users are never given the proper means to consent except that big Terms of Service box when they bought their Mac or PC and clicked &ldquo;I Agree.&rdquo; Arguably, Windows&rsquo;s telemetry is worse because Windows&rsquo;s team continues to smear their name by ripping out existing features and the overreliance on siphoning user information. All of this compounded by the fact that Microsoft sells off your information to advertisers in their Bing network and has been doing so since the Sinofsky era of Windows.</p>
<p>But wait! Even if you use Windows Pro, <a href="https://learn.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-off">you still can&rsquo;t turn off the telemetry</a>! The only way to avoid it is to:</p>
<ul>
<li>get a Windows Education/Enterprise license</li>
<li>In order to get the license, you need to contact a Microsoft sales rep and give Microsoft business-relevant/mostly accurate information.</li>
<li><a href="https://learn.microsoft.com/en-us/windows/deployment/deploy-enterprise-licenses">Then you need to pay for volume licensing or a subscription fee for its activation</a>, which also might involve hosting a Azure AD server.</li>
<li>Then you can turn off the telemetry.</li>
<li>Screw Microsoft and just use anything else except ChromeOS.</li>
</ul>
<h1 id="case-2-opting-out--vs-code">Case 2: Opting Out &amp; VS Code</h1>
<p>But let&rsquo;s say a program that lets you turn off the telemetry, what do you do? You could of course trust them, but we need operate with &ldquo;distrust, but verify.&rdquo; Let&rsquo;s take one of my favorite examples: VS Code. If I haven&rsquo;t already, I hope I&rsquo;ve drilled into your skull that Microsoft is one of the most evil and privacy invasive companies on the planet, so because Microsoft is evil, that must mean VS Code is evil!</p>
<p>Indeed, at a glance when you review the documentation for VS Code, <a href="https://code.visualstudio.com/docs/getstarted/telemetry">VS Code is subject to Microsoft&rsquo;s privacy policy</a>, the same legalese privacy policy that allows Microsoft to market off your information. But there&rsquo;s a few important differences between VS Code and Windows: VS Code includes a toggle for users to turn off telemetry collection. Unlike Windows, this toggle fully disables VS Code&rsquo;s telemetry.</p>
<h2 id="theres-no-way-you-could-know-that">There&rsquo;s no way you could know that&hellip;</h2>
<p>Now, the keen-eyed keyboard warriors are going to pounce on this and say &ldquo;Aha! But there&rsquo;s no way you can actually know that!&rdquo; But there is, dear commenter, and it&rsquo;s the GitHub page, you know, where they publish most of the source code, <a href="https://github.com/microsoft/vscode/tree/main/src/vs/platform/telemetry">including the code for the telemetry bits</a>! &ldquo;But the backend for VS Code&rsquo;s extensions are proprietary!&rdquo; If you don&rsquo;t want VS Code to track your extensions, simple, <strong>don&rsquo;t use VS Code</strong>. You can go crawl over to VS Codium, but it isn&rsquo;t going to change Microsoft gets to monitor the VS Code Marketplace and all the silly AI extensions you install.</p>
<p>The other reason VS Code wouldn&rsquo;t help is also obvious: you don&rsquo;t trust the telemetry being turned off when you uncheck the box? Consider that <a href="https://survey.stackoverflow.co/2023/#technology-most-popular-technologies">VS Code is the IDE of choice for developers</a>, some of whom have to be savvy enough to read the source code, and would type an angry message on Twitter and Mastodon that VS Code was spying on everyone even if the box was unchecked? Come on, use your noggin. Who knew that if you used an online service, you have to trust they won&rsquo;t do anything bad?</p>
<h1 id="case-3-the-preceding-reputation">Case 3: The Preceding Reputation</h1>
<p>Let&rsquo;s talk about the most spicy one: Ubuntu. Ubuntu has garnered a long history of being called spyware by the famous Richard Stallman (sucking his toe) and the Electronic Frontier Foundation because of the Amazon search integration into their operating system. However, Ubuntu suffers from not what they are actually doing, but they dragged their reputation was dragged through the mud for years. Ubuntu removed the Amazon searching, but continued to include an Amazon icon that would redirect people with a referral link, just like if you were to visit the description of my video and click on a link. The problem is because the Amazon incident with search queries, people held that against them.</p>
<p>This reputation also may have further damaged another part of Ubuntu, the introduction of operating system telemetry in Ubuntu 18.04. Now we get into the realm of what telemetry is harmful and what&rsquo;s benign. Canonical&rsquo;s developers have always been open about <a href="https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040139.html">what information about what will be collected</a>. In practice, Canonical collecting this telemetry is purely to improve Ubuntu and some fairly common settings that can&rsquo;t really be used to identify people as it&rsquo;s largely impersonal.</p>
<p>When poor Will Cooke announced this on the mailing list, people piled in complain online and how Ubuntu was continuing down a dark path, even though the data is pretty harmless. Why? Because Ubuntu 18.04 continued to package the Amazon icon and the baggage of the Amazon incident. Even though it&rsquo;s pretty clear how to disable it by unchecking a box. Once again, because Ubuntu is open-source, we can verify unchecking the box does as it claims.</p>
<h1 id="playing-devils-advocate">Playing Devil&rsquo;s Advocate</h1>
<p>But let&rsquo;s wrap this up. I spoke in an entire video defending telemetry and trying to understand it, but what about the normal person? What about someone who wants to protect their privacy? If you want to help the developer and you feel that you are helping them by providing telemetry, then by all means provide them that data; it&rsquo;s your prerogative.</p>
<p>On the other hand, you are an extremist when it comes to privacy. We&rsquo;ve seen studies about how easily information <a href="https://www.forbes.com/sites/thomasbrewster/2017/12/19/120m-american-households-exposed-in-massive-consumerview-database-leak/?sh=4b52f71f7961">can</a> <a href="https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html">be</a> <a href="https://dspace.mit.edu/handle/1721.1/96321">deanonymized</a> and it helps that the information is impersonal, but I want all the help I can get and that includes turning it all off.</p>
<p>And by the way, if you need to resort to using Little Snitch or Portmaster to clam up telemetry if you&rsquo;re given no opt-out, maybe you should consider using something else.</p>
]]></content:encoded>
    </item>
    <item>
      <title>Digital Privacy in a Post-Pandemic World</title>
      <link>https://trafotin.com/v/digital-privacy-post-pandemic/</link>
      <pubDate>Fri, 07 Apr 2023 23:34:21 -0500</pubDate>
      <guid>https://trafotin.com/v/digital-privacy-post-pandemic/</guid>
      <description>&lt;iframe id=&#34;odysee-iframe&#34; width=&#34;560&#34; height=&#34;315&#34; src=&#34;https://odysee.com/$/embed/@Trafotin:4/protecting-your-digital-privacy-in-a:8&#34; allowfullscreen&gt;&lt;/iframe&gt;


&lt;p&gt;Hey guys, it&amp;rsquo;s always good to avoid controversial subjects, so let&amp;rsquo;s talk about the pandemic! The 2020 Coronavirus Pandemic fundamentally changed the way we go about our lives, but I want to address some of this today. One of the things greatly affected by the pandemic was the right to privacy.&lt;/p&gt;
&lt;h1 id=&#34;the-pandemic-problems&#34;&gt;The Pandemic Problems&lt;/h1&gt;
&lt;p&gt;Working from home and doing so privately has become more difficult with things like employee monitoring software, constant video calls with mandatory rules that your camera is on at all times, and the use of personal computers and &amp;ldquo;bring your own device&amp;rdquo; are now commonplace.&lt;/p&gt;</description>
      <content:encoded><![CDATA[

<iframe id="odysee-iframe" width="560" height="315" src="https://odysee.com/$/embed/@Trafotin:4/protecting-your-digital-privacy-in-a:8" allowfullscreen></iframe>


<p>Hey guys, it&rsquo;s always good to avoid controversial subjects, so let&rsquo;s talk about the pandemic! The 2020 Coronavirus Pandemic fundamentally changed the way we go about our lives, but I want to address some of this today. One of the things greatly affected by the pandemic was the right to privacy.</p>
<h1 id="the-pandemic-problems">The Pandemic Problems</h1>
<p>Working from home and doing so privately has become more difficult with things like employee monitoring software, constant video calls with mandatory rules that your camera is on at all times, and the use of personal computers and &ldquo;bring your own device&rdquo; are now commonplace.</p>
<p>But this goes beyond the workplace and education. Many other facets of our lives are now done at home on video conferencing software ranging from therapy sessions, telehealth visits, and town hall meetings. The question is, how are we going to keep our computers clean and maintain our privacy in a post-pandemic world?</p>
<p>Schools, workplaces, and medical services require you use a personal computer, where you keep all sorts of things you&rsquo;d like private, and they install all sorts of invasive video calling programs, anti-cheat rootkits for online classes, and bossware playing Big Brother to make sure you are working.</p>
<p>Instead of complaining, I want to take this time to either improve what we can do or more importantly, prepare us for the next pandemic. The next time this happens, let&rsquo;s be ready.</p>
<h2 id="a-disclaimer">A Disclaimer</h2>
<p>Before I proceed with any of this, I want to you to be aware I do this for fun and games because I value my own privacy, but <strong>if this is critical to you getting a job, educational opportunity or healthcare treatment, do NOT do anything I say</strong>; your well-being is more important than the content I make on my YouTube channel. Pick the hill you will die on wisely and know which battles you can win. Be smart about this and don&rsquo;t break the law or any guidelines set by work or school.</p>
<p>That being said, your employer or university might be kind enough to offer <em>accomodations</em>, let&rsquo;s say that, so you can work from home and not have the privacy invasive technology wreck havoc on your personal computer. All of this is also a lesson on <strong>social engineering</strong> and while social engineering might have negative connotations because of the infosec world, it&rsquo;s all about everyone getting what they want in the end. They get a good worker and you get your privacy at home and with your data. Think of it as professional excuse making.</p>
<p>I&rsquo;m not going to go into deep detail, but I&rsquo;m also going to go over price or potential costs. I understand, especially for broke zoomer students that price is an important consideration.</p>
<h1 id="the-work-computer">The &ldquo;Work&rdquo; Computer:</h1>
<p>Obviously the cheapest solution is to have a dedicated computer. You could use an old computer you have lying around, buy a new one, or convince your employer/school to provide you one.</p>
<ul>
<li>Tell your employer providing you a computer will have everything all preset and it&rsquo;s more secure as it&rsquo;s hardware the company controls.</li>
<li>Say how technically illiterate you are and installing all that VPN software and monitoring software is too difficult for you to do.</li>
<li>If it&rsquo;s a university, they often allow students to rent out laptops like library books and most other types of schools provide Chromebooks or iPads for younger age groups.</li>
<li>Tell them you&rsquo;re an Arch Linux user and frequently get kernel updates that break PulseAudio and Arch doesn&rsquo;t natively support Zoom or Teams. (Don&rsquo;t tell them Flatpak or Snap exist!)</li>
</ul>
<p>Also when you make excuses like this: do not be hostile or say how much you disapprove of their practices. Your employer or university might feel they don&rsquo;t have to do anything for you and you are the one on the short end of the stick here. You will get more accomplished by being agreeable and demonstrating the willingness to be a good worker.</p>
<h2 id="the-home-routerfirewall">The Home Router/Firewall</h2>
<p>The con of being issued a computer is many schools or workplaces forbid you from installing software on your computer and this is where a home firewall becomes your first line of defense. A home firewall can be a spare computer or a dedicated piece of hardware to control what happens on your network. This also protects your back if a skilled adversary targets your company or university, <a href="https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819">like what happened with LastPass</a>.</p>
<p>To prevent any unsavory connections, system calls, or third-party IT software tracking your home address, I use a pfSense firewall on a Protectli firewall when I&rsquo;m at home . I have had bad luck with OPNSense, but many others tell me it&rsquo;s great. Both pfSense and OPNSense allow you to set up custom VPN connections with a VPN provider through OpenVPN, Wireguard, or IKE2.</p>
<h2 id="the-most-expensive-potentially">The Most Expensive (Potentially)</h2>
<p>Unfortunately, this is a steep price hike. Buying dedicated hardware for this is at least $300 and paying a subscription fee to a trustworthy, commercial VPN provider, which can be up to another $10 per month. You also need the know-how to setup a firewall or acquire hardware to run it.</p>
<p>But using this setup ensures you never download any programs on a work device. Having a dedicated machine also makes it easier to mentally and digitally compartmentalize your work activities from your personal activities. I know when I crack open my Windows laptop I&rsquo;m there to get work done. I believe with the right investment, this setup is incredibly effective at achieving privacy while working from home.</p>
<h1 id="using-your-own-computer">Using Your Own Computer</h1>
<p>So let&rsquo;s say you can&rsquo;t get your hands on a device; there&rsquo;s no budget for you or the school cheaped out on you, what now?</p>
<h2 id="virtual-machines">Virtual Machines</h2>
<p>The next solution is if you have capable hardware, run a Linux virtual machine. VirtualBox or HyperV on Windows, UTM on Mac, and KVM on Linux through GNOME Boxes or virt-manager will separate your work life from your personal machine through a strong sandbox.</p>
<p>Interestingly enough, all of the video conference software most businesses use, like Zoom, WebEx, Google Meet, and Microsoft Teams, all work on Linux and Windows. I strongly recommend installing Windows 11, Fedora, or Debian because Zoom, WebEx, and Teams all offer .deb and .rpm packages. You also might want to consider using X11 as your display manager as screensharing is not as functional as it is on Wayland.</p>
<h3 id="the-cons-of-virtual-machines">The Cons of Virtual Machines</h3>
<p>The issue with virtual machines is USB passthrough, which varies wildly from device to device. This means you pass a USB webcam or microphone to a virtual machine so you can use it with video conference software, the same way you do on a physical computer.</p>
<p>Some might argue VM escapes are a threat, but the reality is business software from official sources won&rsquo;t contain such exploits. HyperV and KVM especially are enterprise level software and Microsoft and the Linux Foundation will do everything in their power to stop that from happening.</p>
<p>This also requires you have a half-competent gaming computer in order to run a virtual machine effectively. You also need to be sure you can allocate enough storage and if you do something like animation or video editing, this is progressively more difficult. <a href="https://support.respondus.com/hc/en-us/articles/4409604116123-I-receive-a-warning-The-browser-cant-be-used-in-virtual-machine-software-such-as-Virtual-PC-VMWare-and-Parallels-">Anti-cheat software and security programs might also alert your proctors or your IT department you are using a virtual machine</a>.</p>
<h2 id="live-usbs">Live USBs</h2>
<p>If you can&rsquo;t get a virtual machine working or you have a low-spec computer, use a live Linux USB. The live USB ensures you can use a separate operating system, but still using the same computer. The problem is removing the USB stick will cause you to lose your setup and lose all of your data. There&rsquo;s also the issue of performance. Especially on low spec hardware, live USBs are limited in their read speed and running off the RAM of your computer.</p>
<h2 id="secondaryportable-drives">Secondary/Portable Drives</h2>
<p>To avoid your files getting erased, you could use a portable hard drive or a second drive. If you have a second SSD or hard drive, you can boot into it when you need to get work done. And since you have full control of your hardware, you can use VPN software on your device. Using Windows on a portable hard drive isn&rsquo;t very feasible (<a href="https://learn.microsoft.com/en-us/windows/deployment/planning/windows-to-go-overview">it was discontinued in 2020</a>), but it will if you use a PCI or SATA connection. Debian, Fedora, and Ubuntu should work fine regardless of your situation.</p>
<h2 id="progressive-web-apps">Progressive Web Apps</h2>
<p>Many programs today are also done in progressive web apps, and using a Chromium-based browser like Brave, you can use many websites the same as you would on Windows. I did a full video on running Discord as a progressive web app and you can apply the same blocking techniques to other web-based software like Google Meet or Slack.</p>
<h1 id="webcam-rules">Webcam Rules</h1>
<p>Now we also have mandatory webcam rules. Some workplaces, online classes, and telehealth visits require interviews or your work day with your camera on all day. Of course, you could raise a stink about it (and some would argue you should), but it&rsquo;s far easier to play stupid than say you don&rsquo;t like something. Whenever you appear in a video call, always have an excuse ready, especially when you take your computer to get setup with your employer.</p>
<h2 id="desktop-computers">Desktop Computers</h2>
<p>The most successful one I have had is say your main computer is a desktop computer. Most monitors for desktop computers don&rsquo;t include webcams or microphones and it&rsquo;s impossible to use video conferencing programs without one. Don&rsquo;t tell them you use your USB webcam for running a secret Vtuber YouTube/Odysee escapade though!</p>
<p>And notice this: I never lied to my employer; my main computer is a desktop computer and my poor Asus E403NA laptop isn&rsquo;t good enough to run Zoom. When I told them about my situation, they were happy to provide a Windows laptop with Microsoft Office and monitoring software preinstalled.</p>
<p>Part of making a good excuse is you express that you are trying your best to do what they want. Also pick something that is the most true for you.</p>
<h2 id="my-internet-is-bad">&ldquo;My Internet is bad&rdquo;</h2>
<p>But let&rsquo;s say your employer or school isn&rsquo;t as accommodating. They give you a webcam and tell you to get to work. You can also claim you live in an area with low-bandwidth. You know what takes up a lot of bandwidth? It&rsquo;s the pictures and videos in video calls!</p>
<p>If you were to say, your first couple of calls, disconnect yourself from the network from your settings rather than hanging up in the middle of a call, it will help sell your story. This way, participants in a video call will see you disconnected and you come back, but tell them &ldquo;Oh my call works better with my webcam off,&rdquo; they just want you to get work done and will be more likely to adapt to this change.</p>
<h2 id="what-about-your-phone">What about your phone?</h2>
<p>One question I heard once from the doctor&rsquo;s office was &ldquo;why don&rsquo;t you use &lt;&lt;our video conferencing app&gt;&gt; on your phone?&rdquo; But I was prepared. I bought a cheap phone from Best Buy, hit the screen a few times with a hammer, used the Android Debugging Bridge to rip out all Google apps, and brandished it in front of the receptionist and said &ldquo;Oh, but my Android phone has trouble downloading apps.&rdquo; And that ended conversation really quick, with my iPhone safely in my pocket.</p>
<h2 id="a-little-bit-of-tape">A Little Bit of Tape</h2>
<p>Another weird alternative is putting layers of scotch tape or using a dedicated room in your home for work. Now hear me out: the layers of scotch tape diffuse the mass surveillance and facial recognition done by platforms like Zoom and Microsoft Teams, but it allows people to loosely see the detail of you and your workspace.</p>
<h2 id="a-dedicated-space">A Dedicated Space</h2>
<p>The other reason why I recommend a dedicated room or space is as a last resort if they demand you remain on camera, you can limit how much of your home they see. Make sure important sentimental or controversial things are not in frame like:</p>
<ul>
<li>pictures of you, your family, or friends</li>
<li>certificates or trophies</li>
<li>items unrelated to work</li>
<li>religious imagery</li>
<li>alcohol or smoking products (depending on culture)</li>
<li>adult or NSFW material</li>
</ul>
<p>The reason you need to do this is because first, your coworkers and supervisors will judge you based on your Zoom room, so it&rsquo;s to be conscientious of this. The other reason it&rsquo;s easier to mentally be in a room you know you&rsquo;re going to be working. This tells you mentally, I&rsquo;m in this room, so I&rsquo;m going to be working.</p>
<p>The other reason is some anti-cheat proctors will demand you move your computer around and show them the entire room. This way, if you are forced to do so, you can limit what they see.</p>
<h1 id="takeaways">Takeaways</h1>
<p>The culture of working from home may be a new one, but the situation is not entirely hopeless and we have a wide variety of options at our disposal.</p>
<ul>
<li>You can use a dedicated computer or a work device.</li>
<li>You can use a Windows or Linux virtual machine to separate your work activity on your main machine.</li>
<li>You could use a live USB or a portable drive to boot into Linux and do your business.</li>
</ul>
<p>You provide sufficient excuses to get your work done and play dumb.</p>
<ul>
<li>You have bad internet.</li>
<li>Your computer can&rsquo;t run the software.</li>
<li>The webcam provided isn&rsquo;t Linux-friendly.</li>
<li>That you&rsquo;re too stupid or tech-illiterate to download their stuff</li>
</ul>
<p>And hopefully this provides some hope in our ever-connected cyberpunk dystopia.</p>
]]></content:encoded>
    </item>
    <item>
      <title>Whonix Gateway/Workstation: Debian, Tor, and Virtual Machines</title>
      <link>https://trafotin.com/v/whonix-gateway-workstation/</link>
      <pubDate>Thu, 22 Dec 2022 01:58:52 -0500</pubDate>
      <guid>https://trafotin.com/v/whonix-gateway-workstation/</guid>
      <description>&lt;div style=&#34;position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;&#34;&gt;
			&lt;iframe allow=&#34;accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen&#34; loading=&#34;eager&#34; referrerpolicy=&#34;strict-origin-when-cross-origin&#34; src=&#34;https://www.youtube-nocookie.com/embed/aRm1dotfNnY?autoplay=0&amp;amp;controls=1&amp;amp;end=0&amp;amp;loop=0&amp;amp;mute=0&amp;amp;start=0&#34; style=&#34;position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;&#34; title=&#34;YouTube video&#34;&gt;&lt;/iframe&gt;
		&lt;/div&gt;

&lt;p&gt;One of the coolest staple operating systems to always have in your toolkit is Whonix. Whonix has always been one of my personal mainstays in my arsenal of Linux operating systems, especially since it&amp;rsquo;s so different. So strap yourselves in, since people love them distro reviews, let&amp;rsquo;s learn about Whonix.&lt;/p&gt;</description>
      <content:encoded><![CDATA[<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;">
			<iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube-nocookie.com/embed/aRm1dotfNnY?autoplay=0&amp;controls=1&amp;end=0&amp;loop=0&amp;mute=0&amp;start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"></iframe>
		</div>

<p>One of the coolest staple operating systems to always have in your toolkit is Whonix. Whonix has always been one of my personal mainstays in my arsenal of Linux operating systems, especially since it&rsquo;s so different. So strap yourselves in, since people love them distro reviews, let&rsquo;s learn about Whonix.</p>
<h1 id="what-is-whonix">What is Whonix?</h1>
<p>Whonix is not your traditional Linux operating system. Most people install Linux on real computers, virtual machines, or servers, but Whonix exclusively works on virtual machines. Also it requires that your computer supports virtual machines, and not just 1, but 2.</p>
<p>Whonix is incredibly distrustful of their &ldquo;Workstation&rdquo; virtual machine, which is where you conduct all the normal activities that you&rsquo;d expect to do on Linux. To protect your privacy (and from all those loser sellouts with VPN sponsors), Whonix filters everything through the Tor network using a second lighter-weight virtual machine, the Gateway virtual machine.</p>
<p>Now if you were running Whonix with just one virtual machine, a virus or phishing email could in theory turn off the anonymity protections that Tor gives you, and deanonymize you. In fact, we know this <a href="https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez">has been done before by companies and governments in targeted attacks before</a>.</p>
<p><em>Even if it was a child predator, Facebook is so messed up that they are willing to pay for 6 figure research to develop a cyber weapon for a government agency.</em></p>
<p>By using multiple virtual machines, malicious programs can&rsquo;t just &ldquo;turn off&rdquo; Tor, they need to get past the virtual machine system you use, KVM or VirtualBox. In fact, if you use KVM, which I covered on the channel before, <a href="https://www.flickr.com/photos/linuxfoundation/52376667751/in/album-72177720301957202/">companies like Red Hat, Google, and Amazon</a> have a vested interest in preventing people from doing just this to their data centers.</p>
<p>So you need to have not the most amazing computer, but one decent enough to run 2 other operating systems. And if you are going to use it, <a href="https://www.whonix.org/wiki/MacOS#M1">you can&rsquo;t use an Apple Silicon Mac</a>, and you need to use Linux and KVM to make the most out of it.</p>
<p>Another oddity for people who know me well is Whonix is based on Debian. The Whonix developers have mitigated a lot of the security issues that exist in Debian&rsquo;s default installation and implemented further kernel hardening measures on top of it; so in my mind, if you&rsquo;re going to use Debian, this is one of the ways to use it best.</p>
<h1 id="installation">Installation</h1>
<p>Whonix has a page for installing VirtualBox, but I want to focus on KVM, which stumped me years ago getting into it. Whonix&rsquo;s current KVM maintainer, HulaHoop, provides very in-depth instructions based on operating system.</p>
<h2 id="downloading-the-qcow-files">Downloading the .QCOW files</h2>
<p>Download Whonix Xfce.</p>
<p>Verify you received the authentic archive using the OpenPGP Signature by downloading it.</p>
<p><code>cd [the directory in which you downloaded the .libvirt.xz and the .asc]</code></p>
<p>Download HulaHoop&rsquo;s <a href="https://www.whonix.org/keys/hulahoop.asc">OpenPGP key</a>.</p>
<p>Import HulaHoop&rsquo;s key to your GPG keyring.</p>
<pre tabindex="0"><code>gpg --keyid-format long --import --import-options show-only --with-fingerprint hulahoop.asc
</code></pre><p>Next, we need to verify the PGP key.</p>
<pre tabindex="0"><code>gpg --verify-options show-notations --verify Whonix*.libvirt.xz.asc Whonix*.libvirt.xz
</code></pre><p>If the download is authentic, we want to see:</p>
<pre tabindex="0"><code>gpg --verify-options show-notations --verify Whonix*.libvirt.xz.asc Whonix*.libvirt.xz
</code></pre><p><em>Do not continue if the verification fails. Try downloading Whonix again</em></p>
<h2 id="the-whonix-license-agreement">The Whonix License Agreement</h2>
<p>Extract the archive:</p>
<pre tabindex="0"><code>tar -xvf Whonix*.libvirt.xz
</code></pre><p>First we need to read the Whonix License Agreement. Unlike Microsoft&rsquo;s end user license agreement, you can do whatever you want to Whonix, but you are 100% responsible for whatever you do, not them nor I am responsible for whatever happens.</p>
<p><code>more WHONIX_BINARY_LICENSE_AGREEMENT</code></p>
<p>To agree, enter the following:
<code>touch WHONIX_BINARY_LICENSE_AGREEMENT_accepted</code></p>
<p>If you don&rsquo;t accept, you can&rsquo;t continue with the installation.</p>
<h2 id="importing-the-kvm-templates">Importing the KVM Templates</h2>
<p>First add the virtual machine networks:</p>
<pre tabindex="0"><code>sudo virsh -c qemu:///system net-define Whonix_external*.xml
sudo virsh -c qemu:///system net-define Whonix_internal*.xml
</code></pre><p>Next activate the virtual networks and import the images.</p>
<pre tabindex="0"><code>sudo virsh -c qemu:///system net-autostart Whonix-External
sudo virsh -c qemu:///system net-start Whonix-External
sudo virsh -c qemu:///system net-autostart Whonix-Internal
sudo virsh -c qemu:///system net-start Whonix-Internal
sudo virsh -c qemu:///system define Whonix-Gateway*.xml
sudo virsh -c qemu:///system define Whonix-Workstation*.xml
</code></pre><p>Finally, let&rsquo;s move them in place. Don&rsquo;t be alarmed that they are 100GB, they will be much smaller at first and will expand as you put more in them.</p>
<pre tabindex="0"><code>sudo mv Whonix-Gateway*.qcow2 /var/lib/libvirt/images/Whonix-Gateway.qcow2
sudo cp --sparse=always Whonix-Workstation*.qcow2 /var/lib/libvirt/images/Whonix-Workstation.qcow2
</code></pre><p>If the move is successful and you can dispose of the files.</p>
<h1 id="first-setup">First Setup</h1>
<p>If you open virt-manager, you&rsquo;ll see there&rsquo;s two new entries:</p>
<ol>
<li>Whonix Workstation: This is where you conduct your browsing and desktop activities.</li>
<li>Whonix Gateway: This is where you configure your connection to the Tor network.</li>
</ol>
<p>There&rsquo;s a specific order to launching the virtual machines. You can also make duplicates of the Workstation, but there isn&rsquo;t much value into making duplicate Gateways.</p>
<p>There&rsquo;s also a live boot mode, which allows you to boot into a completely disposable desktop session that will delete your files when powered off.</p>
<h2 id="logging-in">Logging In</h2>
<p>First boot up Gateway. This will kick you into a TTY environment.</p>
<p>Default username: <code>user</code></p>
<p>Default password: <code>changeme</code></p>
<p>Next, change your password using <code>passwd</code>. You shouldn&rsquo;t use the default password.</p>
<p>Connect to the network using <code>sudo whonixsetup</code>. Then wait for Tor to connect.</p>
<p>Finally, run updates. Whonix&rsquo;s devs created a script which manages apt without root privileges:</p>
<pre tabindex="0"><code>upgrade-nonroot
</code></pre><p>Then repeat the same steps with Whonix Workstation, but no <code>sudo whonixsetup</code>. You will also need to open the Tor Browser and allow it to be fully updated.</p>
<h1 id="using-whonix">Using Whonix</h1>
<p>Whonix also places priority on your security first and foremost. That doesn&rsquo;t mean that other operating systems don&rsquo;t protect you, but in addition to being locked into a virtual machine, you can&rsquo;t just install and use the same programs you like to use on Linux.</p>
<ul>
<li>Wine does not work <a href="https://github.com/Kicksecure/security-misc/blob/73f6523e09f12fc56da0ed3555d050686ff441f3/etc/sysctl.d/30_security-misc.conf">due to a modified kernel parameter</a>.</li>
<li>The kernel hardening has made it harder to run Flatpaks in the past.</li>
<li>Using other programs that use Tor within Whonix (OnionShare, Brave, etc) makes you stand out amongst others in the Tor network. This is because your traffic is being bounced twice as much as everyone else.</li>
<li>Tor is not a place for illegal activity. Do not rely on it for protection.</li>
</ul>
]]></content:encoded>
    </item>
  </channel>
</rss>
