• Different threat models may work better with using biometrics, while other threat models may be better off not using them

• Explain this to any quiz taker and allow them to decide using threat modeling

The VPN Finder seems pretty bugged. No matter which options I choose, I always get the result that my criteria didn't match any VPNs. Only 5 minutes ago when I kept hitting random options to make sure that it was bugged did I get a result, but trying again? Nope. Nothing.

I don't think the answers I chose, including ones where I answered more randomly, were that crazy either. My personal criteria was that I wanted both security and to be able to download stuff, intermediate (sometimes beginner), the 14 eyes isn't black and white and I'm open to using a trusted provided located there, just a few devices simultaneously connected, and a client for Windows, Mac, and iOS. I don't think that these are that unusual haha 😅

I brought it up in the Techlore Discord server, and one other user said that they experienced the same thing, even after trying different combinations. I was redirected here by another user.

Hopefully y'all are able to get it working properly! 👍🏻

Onion Browser has had an issue with IP leaks via WebRTC since 2018. Should it really be listed under iOS browsers on Resources?
(made on behalf of one Happy Henry)

I like the system on the Privacy resources page where you recommend your favorite products with a star, but I believe this approach is still too general for a few cases such as Briar and Signal both having stars next to them, so these products should be properly differentiated, since Briar is a lot harder for the average person to use, while Signal is more user-friendly with less security/privacy features than Briar.

We can differentiate recommendations between ones made for maximum privacy and ones made for maximum security/privacy by prefacing in the popup that shows up when the visitor hovers over the symbol, that the software may have features that limit usability

• For Tor, this can say that the browser can be slow, some websites block tor, and/or the browser clears data on exit

• For Briar it can say that the app has to run constantly for messages to be recieved and/or this wastes battery

• For Mullvad we can potentially say it clears data on exit

We should add a QR code for our Monero address to make things easier for people.

I envision a small little QR button to the right of where our XMR address currently lives. When a user clicks it, there is a pop-up with a larger QR code, and the surrounding area around the barcode on the site is darkened.

Hi, So as I was looking at the VPN review page, I saw there was an extra empty table at the bottom with 2 links: 1 link for a normal one and 2 for an Affiliate link. They both go to this page, which does not exist and looks to me like a JS Error Probloy for some reason going to a page. https://techlore.tech/undefined that's where it goes to.
I did some digging into the code and looked and tried editing the code to see if I can figure out what's going on here.
After my own research, this is what I came up with. For some reason, in the process of converting to JSON it adds a blank extra table at the bottom. Maybe in the JavaScript somewhere it's somehow adding those links. Not sure, but it's adding them. Which leads to 404.

Keeping up with the times in the cyberworld is vital to maintaining privacy and security with accurate and up-to-date details. That being said, Mega now has an active exploit that allows people to view encrypted files.

Sources
https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/

Hello Henry!

Can ente Auth be added to the resources page (2FA category). It seems like it passes all the criteria. It's all-open-source, available on F-Droid and easy to use. All with E2EE, it can even be used accountless (so without an ente account). It's from the people who created ente, the photo management service.

It's a really great alternative for people on iOS, as Raivo is no more there.

Thanks.

In the Resources page, the VPN Finder Tool 'Visit' link redirects to VPN Review Tool page instead of VPN Finder Tool Page.

Please fix this.

I'm a fan of Perfect Privacy, but I noticed one wrong info. It says that Perfect Privacy has Transparency Report, but this is not true. I brought this up a few months ago and it may come in the future, but isn't on the Website atm

Source: Perfect Privacy Forum (German)

We can do a transparency report, but there is really not much to report.

PS: May mention that they actually got Open source software, but for Wndows Only (and soon Linux aswell, but no eta when).

This is a premature issue to be opened in this repository, since the feature hasn't released yet, but Brave's "forget this site" feature will make clearing cache and cookies so much easier and user friendly that I feel it has to be mentioned in Zone 1 next to "Clear device temporary data" and "frequently clear or never store browsing data"

Please make reviews and give us an insight wheather to use Skiff Products.

In 2015 a server from AirVPN was seized. On kumu.io it says 0 servers were seized.

https://airvpn.org/forums/topic/56817-court-order-seizing-the-server/?do=findComment&comment=226473

Hello,
may i suggest that it would be great if among all the other resources you put out for this community we have a community driven Q&A section with answers to the most commons responses like "I dont care about privacy", "If giving my data means the service is free im fine with it" or "im fine with them having my data" among others.
My idea was something like Plexus where people would pitch in their counterarguments.
Im sure that the team might be busy with so many projets but it would be interesting to see this in the future, as there are probabbly more people like me that start to understand the need for privacy but cant quite explain it to people,without them loosing interst.

The idea came up after watching GoIncognito 6.9

Recently Henry wrote an article on Medium - https://medium.com/@henryistaken/the-real-privacy-enemy-is-ourselves-dc2188ad7eeb .

I think supporting medium is like more towards centralization and with no Privacy.

I suggest the team to use https://Sigle.io which is decentralized Blogging platform and mostly like medium. It is getting an Big update in Weeks.

In the VPN list IVPN still has port forwarding, which is only for active customers and no new ones. Either remove it when it is officially no longer available for all or in the next update of the VPN charts.

Source: IVPN Blog Post

Nitrokey.com is a well trusted security hardware maker to my knowledge. Their 2FA key could be a good addition in the resources.

I suggest you guys look into adding the Neo Store to the app stores selection on the resources page.

Repo: https://github.com/NeoApplications/Neo-Store

My account got disabled for a month or so, which made this issue dissappear from everyone else. After gaining the account back, this issue didn't come back for others, so I will post this suggestion again since these changes haven't yet been implemented.

My original post:

I took a closer look at all the services that still have the check for honest marketing and found two additional services that don't deserve it, in my opinion.

StrongVPN: Let's start with this statement: "Right now, your private data is at risk without a VPN. It’s not too late to take action — use StrongVPN to shield your personal information from the spying eyes of your ISP..." My biggest issue with this is their use of urgency and fear to market their service.

Here is another statement: "Anonymous Browsing" "With the protection of StrongVPN, your browsing history and activity will be virtually invisible. Stay hidden from any prying eyes by using one of our anonymous IP addresses and surf the web without a trace." A little over the top, would you say? You can find both of these on this page.

HideMyAss: This one is shorter, but using disinformation to sell your service is unacceptable. "Why get a VPN for privacy? Because without a VPN, you don’t have any. A VPN encrypts your connection to the internet, keeping your info safe from spies and hackers, while connecting you to a remote server to hide your IP address, so governments, your ISP, and more can’t see what you do online." The biggest problem is the claim that you supposedly cannot have privacy on the internet without a VPN. Even though this may seem like a relatively small thing, I think it is a big and false claim that should not be tolerated. https://www.hidemyass.com/privacy

The CSP needs to be changed to:

default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src data: https://discuss.techlore.tech 'self'; connect-src https://*.techlore.tech https://raw.githubusercontent.com 'self'; frame-src https://www.youtube-nocookie.com https://*.techlore.tech; frame-ancestors 'self'; manifest-src 'self';

The permissions policy header is completely invalid and should be set to:

accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=()

Request info

Service: https://www.1984hosting.com/
Company: 1984 ehf.

Request Bio

This issue is a request to you guys about adding "1984hosting" (1984 ehf.) to the Web Hosting/VPS selection on the resources.html page. "1984hosting" (1984 ehf.) is a company based in Iceland, that offers services like domain registration, web hosting, managed web hosting, etc. I would like for this company to be add to the list, seen as it's a company that really seems to care about protecting the civil and political rights of their customers. They only ask for an email address, password, phone number (witch is optional), and the necessary payment information on signup/use of the service. They also provide 2FA, (and i quote) "Damn fine support", and also the option for payments via bitcoin. So if you'll would be able to check it out and see if this service meets the criteria you guys have set i would appreciate it a lot.

This issue was opened by,
Mr. Muffin,
Representative of The New Oil,
(not opening this issue on behave of The New Oil)

Full URLs:
https://www.1984hosting.com/
https://www.1984hosting.com/about/
https://thenewoil.org/about.html

Now that Proton Drive has implemented both the Windows and macOS apps and the Linux client is probably coming at some point, I think we should add Proton Drive as a recommendation. I don't think the lack of a Linux client should be the reason to exclude Proton Drive because you can still access it through the web browser, which is also the only way to access Cryptee, a current top recommendation.

Requested By:
https://fulda.social/@Snowplace/110677631826285718

There's already a question about phone number aliasing in Zone 2, but a separate question should be added for email aliasing, since email aliasing is a lot easier than phone number aliasing

This question can even be put in zone 1 because it's a decently streamlined experience to create masked emails, and duckduckgo even allows unlimited masked emails for free, for anyone that doesn't want to pay for the other alternatives

I offer DivestOS, an Android ROM that provides long term device support along with enhanced privacy and security.
Website: https://divestos.org
Source: https://gitlab.com/divested-mobile
Project History: https://divestos.org/index.php?page=history

I also offer Mull, a Firefox for Android fork that is hardened for privacy out of the box.
Download: https://f-droid.org/en/packages/us.spotco.fennec_dos/
Source: https://gitlab.com/divested-mobile/mull-fenix
Release Comparison: https://divestos.org/misc/ffa-dates.txt

Any questions welcome.

fwiw, I am not a company and I am not selling anything.

Your website is missing the following Security Header/DNS Security configurations.

• DNSSEC
• HSTS
• CSP
• X XSS Protection (Cross site scripting)
• X Content Type Options (Content sniffing)
• Referer header

Seen as your website is missing some of these important Security Header/DNS Security configurations, i would suggest you look in to fixing these miss configurations and start implementing them asap.

This issue was opened by,
Mr. Muffin,
Representative of The New Oil,
(not opening this issue on behave of The New Oil)

Full URLs:
https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
https://en.wikipedia.org/wiki/Content_Security_Policy
https://en.wikipedia.org/wiki/Cross-site_scripting
https://en.wikipedia.org/wiki/Content_sniffing
https://developer.mozilla.org/enUS/docs/Web/Security/Referer_header:_privacy_and_security_concerns
https://thenewoil.org/about.html

Now that we no longer do individual VPN reviews, it makes more sense to migrate our VPN Toolkit to our website's GitHub repo along with the rest of our site to keep development in a single place. This will make future updates to the Toolkit much easier to do.

I have found that the easiest step to make someone more private is getting them to start using a private web browser. For someone willing to take a privacy and security quiz, they probably want to be more private and would be willing to download a private web browser, since it's easier than buying a shredder, safe or even configuring a router

Also Zone 3 has this question, and I believe the question in Zone 3 should be "Only use Tor for web browsing" since that's such an extreme threat model

I feel like this question should be moved, but if you disagree let me know

Hello,

NordVPN has 5664 servers worldwide and 59 countries

Quoting https://nordvpn.com/servers

Choose from NordVPN’s 5664 ultra-fast servers in 59 countries.

The VPN tookit says

Total servers : 5611
Total countries : 60

So please, make this change to reflect this.

Thanks.

Please add a column that shows which VPN has a Connect on Boot feature.

What's Connect on Boot?

• This allows the VPN program to connect during boot state, instead of connecting after the computer is successfully logged in and the VPN program launches (e.g. Connect on Launch),

Why Connect on Boot is important?

• If you have Kill Switch enabled. The standard experience of a VPN User is that they won't be able to browse the internet until the VPN program launches and connected after successfully logged in to the computer.

• This produces a disconnected state of about 5 seconds to 1 minute or more depending on the following factors
  A. If the computer hardware spec is good enough
  B. The number of startup programs on queue ahead of the VPN program

• This experience repeats on every single reboot of your computer.

With Connect on Boot, all the problem above is non-existent and you can ensure that your computer is always connected to the VPN server from the first 1 second you successfully logged in your computer.

Which VPN providers have Connect on Boot feature?

• Mullvad
  This could be enabled by going to Settings > Preferences and enable Launch app on start-up and Auto-connect. This trigger the hidden setting "Connect on Boot" to be enabled by default.

• VyprVPN
  This could be enabled by going to Settings > Startup Options > enable Connect on Boot