• CCCP Enjoyer@lemmygrad.ml
    link
    fedilink
    arrow-up
    7
    arrow-down
    2
    ·
    5 months ago

    FF + Arkenfox + Noscript + uBlockOrigin (+ invidious for as long as it’s able to exist)

    Legit never seen a youtube advert in my life. Even seeing 1st-party static image ads anywhere is extremely rare.

    Run *BSD or Systemd-free Linux. Only use FOSS. Distrust javashit, refuse webassembly. Build your own routers. KISS. Learn to protect your privacy and security; the tools are there. No one else will do it for you.

      • CCCP Enjoyer@lemmygrad.ml
        link
        fedilink
        arrow-up
        5
        ·
        5 months ago

        There are a lot of ways, actually, as long as you have at least a couple nics. I always recommend openbsd since it’s very hardened for this purpose. opnsense is a free open-source distro built on openbsd, and can do virtually everything that enterprise gear can do and isn’t hard to learn or manage. Openwrt is also pretty decent and can replace firmware for some existing off-the-shelf routers, which are all backdoored anyway.

      • CCCP Enjoyer@lemmygrad.ml
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago
        1. Systemd is the most egregious pile of shit poetteringware in linux, hands down. It’s a gigantic, slow, bloated mess that runs as pid0 and keeps getting bigger as it consumes all other unix services. It violates every single unix and kiss principal. The attack surface is massive and, becuase it’s pid0, has the highest level of privilege escalation attacks. The recent xz backdoor (absolutely state-sponsored btw) was made possible because of the integration of sshd (and xz) into systemd. It’s been a cve nightmare forced onto us by redhat/ibm despite our protests. It may as well have been written by the cia. Systemd alternatives like runit are superior in every respect, particularly speed and security, while adhering to unix and kiss philosophy.

        2. Not all js is malicious, but it’s objectively the most vulnerable and commonly expolited component by malicious actors in browsers (webassembly will be worse). It’s also an objectively terrible and idiosyncratic language on its own. Good css can eliminate a lot of the most worthless uses of js, but in many cases it’s still a necessary evil in frontend and web design. The best compromise we have is to only use trustworthy, foss 1st-party code and restrict 2nd/3rd party code. It’s also always a good idea to run your browser in a sandbox (bsdjail, bwrap, firejail) with no access to user files or dbus.

    • FlihpFlorp@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      So I’ve been looking at invidious, and like lemmy (until Apollo shut down) I was intimidated by the sheer number of instances and not really knowing what’s the difference

      Any quick advice

      • CCCP Enjoyer@lemmygrad.ml
        link
        fedilink
        arrow-up
        4
        ·
        5 months ago

        They’re all instances of running the same software, with a few tweaks here and there. Google has been trying to stomp out Invidious recently because google hates human rights and all that, so it’s an arms race to keep the instances running while google blocks domains, ip addresses/blocks, vps hosts, and apis. Everyone running the instances are trying to keep invidious up and some are having more success than others.

        libredirect is a browser plugin that can set a customizable list of working/preferred invidious instances. If one doesn’t work, you can click a link on the video page to switch instances. I have pretty good luck with yewtu.be , inv.tux.pizza , inv.nadeko.net and invidious.drgns.space

        • FuckBigTech347@lemmygrad.ml
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          If you host your own invidious instance on a network with a non-static IP then a ban will only ever be temporary. It happened to my private instance many times. I found that setting the channel refresh interval in the config to 2 hours makes it less likely (or basically 0% if you’re the only user) for them to block your IP.

          • CCCP Enjoyer@lemmygrad.ml
            link
            fedilink
            arrow-up
            1
            ·
            5 months ago

            How easy has it been to find (presumably?) vps hosting able or willing to accommodate the IP bans from google? I feel like at some point google is going to go hard against the hosting on these ip-rotated instances.

            • FuckBigTech347@lemmygrad.ml
              link
              fedilink
              arrow-up
              2
              ·
              5 months ago

              My instance is running on a Server in my homelab. The dynamic IP is just how my ISP works. I’ve been running this instance since late 2019. So far Google has only ever blocked my IP whenever I hit their Servers with too many API calls too quickly. Last time they blocked me though was probably 1/2 - 2 years ago. The current version of Invidious does try to minimize API calls which helps a lot. Honestly Google changing API calls/value names and patching the source code is more annoying to deal with than IP bans.

              The only way I can see them permanently blocking instances with non-static IPs is if they go down the Twitter route where you can’t even view anything unless you’re logged in.

              • CCCP Enjoyer@lemmygrad.ml
                link
                fedilink
                arrow-up
                2
                ·
                5 months ago

                Is it a public instance or just for you and your fam/comrades? But yeah, mandating a login requirement is what I’ve been afraid of. I would just stop using yt altogether if it came down to that.

                • FuckBigTech347@lemmygrad.ml
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  5 months ago

                  It’s a private instance. Maybe I’ll open it up, not sure.

                  mandating a login requirement is what I’ve been afraid of. I would just stop using yt altogether if it came down to that.

                  Same. Once they go that far I’ll just # zfs destroy Invidious and move on to PeerTube. I hope more people will move as well when that happens.

    • Ozmanthius@lemmygrad.ml
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      Comrade this is all too much for even me, though I consider myself fairly tech Savvy, do I need to do all that ? They can have my data and put me on a list of that’s the case

      • CCCP Enjoyer@lemmygrad.ml
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        Security and privacy are things accomplished in layers. You can implement any or all of these as you’re able to learn what they are and how they work.

        At the very least a few browser tweaks and addons can prevent a lot malicious scripts and fingerprinting and are the absolute most simple, surface level things you can do. Just FF + ublockorigin will block most ads and surveillance capitalism tracking networks. noscript gives you granular control over what you do and do not want to run, and it’s a good learning experience for most users. Want ads gone, poof, there ya go.

        Arkenfox is just a policy confg file (user.js) for firefox, which further helps block tracking, fingerprinting and the most awful annoyances and grievances sold as “convenience” in modern browsers. It’s well documented, easy to read and lets you configure things to your preference. The LibreWolf browser is firefox with a preconfigured arkenfox user.js for users who aren’t tech savvy or don’t like configuring things in text files. Highly recommended over FF + arkenfox if you’re getting started.

        invidious is a privacy frontend for youtube that runs on instances (servers) that anonymizes users and cleans up youtube’s awful ui. Lemmygrad provides automatic invidious links when a user links to a yt video.

        Running your own router firmware means owning your secure device and having meaningful control over it. Otherwise someone else has more access to your network than you do.

        Finally, none of the security or privacy stuff means anything if you’re running an nsa compromised operating system, which is exactly that way by design. Opting out is free and returns speed, freedom and ownership to property held hostage by the worst excesses of capitalism and techno-fascism. This may tilt some “GaMeRs” … but people who won’t even liberate a personal computer from fascism at absolutely no risk, won’t liberate much else, either.

        • Ozmanthius@lemmygrad.ml
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          Just FF + ublockorigin will block most ads and surveillance capitalism tracking networks. noscript gives you granular control over what you do and do not want to run, and it’s a good learning experience for most users. Want ads gone, poof, there ya go.

          I already do this much and will try to implement the other stuff, might switch to dual booting Linux and windows cause I absolutely need windows right now for some stuff.