

Just calling it “Dark Web” gives away you have no idea what you’re talking about.
Just calling it “Dark Web” gives away you have no idea what you’re talking about.
Anybody is visible in the moment he goes online, irrelevant if he uses …, TOR
No
TLDR; risks far outweigh the benefits. See bottom of response for recommendations.
Should you use it?
It works by setting up a proxy that intercepts HTTP requests from all applications
During the first run, Zen will prompt you to install a root certificate
Zen will be able to decrypt and analyze your entire traffic. And then it’ll encrypt what it allows before letting it leave/enter the device. This means even if you trust Zen, that one certificate is the only thing standing between your traffic staying encrypted. It gets compromised, you’re compromised.
Do not trust an app with your entire traffic, ever. Even if its not malicious there are going to be bugs, vulnerabilities, leaks, etc.
Moreover, something being open source does not mean its audited by people who know what they’re doing - neither for hidden malicious code or mistakes. I did not see any formal audits being mentioned in the readme.
https://grapheneos.org/faq#ad-blocking-apps
What can you use instead?
You should instead use ublock in the browser and system wide DNS blocking on your device. You can use an adblocking public DNS server (e.g. Mullvad) or setup pihole locally. You do not have to self host pihole, you can just set it up on your computer and use on that device only which would be the same thing as using Zen on that device.
Note that using a public, blocking DNS will block less domains because they have to make sure it does not break anything for anyone but it will make you less fingerprintable. OTOH, using a custom blocklist you can get the most out of blocking but you’re probably the only person blocking that specific subset of domains which will make you more fingerprintable. Take your poison.
What about content filtering on desktop/mobile apps DNS blocking cannot solve
DNS blocking merely stops the application from accessing certain domains. It won’t be able to block malicious content served from the same domain as the content you actually need (e.g. YouTube serves both ads and videos from the same domain so you can’t block their ads without blocking the video itself).
You should not install applications you don’t trust on your device and use them on the browser as much as you can or use and alternative FOSS frontend (e.g. Reddit, Discord, YouTube etc.)
But some applications might be circumventing system DNS
Yes, there’s nothing stopping an application from doing its own DNS resolution or using hardcoded static IPs. You should not run applications trying to be actively malicious in this way. Neither Zen, nor anything else will be able to protect you from untrusted code doing suspicious things on your machine.
Scratchcards are sold at ecommerce sites which makes them significantly more accessible. If you really want to be “anonymous” (with very big quotes) you can buy gift cards for those sites with cash then order to a collection point. Otherwise, sure, it’s not as good as paying with cash but all there’s a trail for is that you bought Mullvad credits that cannot be tied to any account.
You would be able to do this for a short while but unless you can make an agent that’s indistinguishable from you or you already have very bot-like traffic, they’d catch up pretty quickly. They aren’t going to just let a trillion dollar industry die out because some bots are generating traffic.
Aah my web client wasn’t showing any links in your original message.
good source in case anyones interested. I’m fine with them generally being available.
Not seeing where it says install arch
I’d much prefer paying cash to get a scratch card from a retailer like Mullvad does.
You’re paying for redundancies in different regions, migrations, backups, upgrades, maintenance, generally not having to worry about losing your data. The storage costs nothing.
That doesn’t address the original point which is whatever’s shared has to exist on all machines.
Either way, you would need to backup your data if you were self hosting Nextcloud or friends so you do need multiple copies of it anyway.
Malware targeting individuals rather than servers do not need privilege escalation. They just need to run as the user and swipe cookies/credentials/wallets etc. Privilege escalation would allow them to do catastrophic damage but that’s not the point in that case.
If you don’t trust an extension then you shouldn’t install it in the first place. If you think an extension might be nefarious, trying to work around that by limiting its internet connection is risky.
majority of unixporn posts are people copy pasting premade hyprland configs so…
How dare those people make and release software for free but don’t dedicate more of their time to me!
deleted by creator
Browsers allow websites to have persistent storage apart from cookies.
https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API
The user not having a choice is dumb either way. VPN users are the minority.
Browsers (except for Tor) doing this in the name of privacy is so dumb. Our timezones are already apparent due to our IP addresses. Not only does this not hide the timezone but also makes the user more fingerprintable. Now I’m the dumbass from Ohio who’s browser reports UTC timezone for some reason.
Fuck yaml. I’m not parsing data structured with spaces and newlines with my eyes. Use visible characters.