Just a small heads up; ive noticed a uptick in links spread on Reddit, 4chan and even here to collaborative playlist from youtube, spotify and similar with very non or very few followers. All coming from new accounts.

Its a common way to fish for your personal data. They will make a new list and post it in only certain posts/threads and wait for you to subscribe with your account.

An easy way to protect yourself is by setting your phone or pc to open links in a second browser where you are not logged into anything. Set it to delete cookies on exit.

Thank you for coming to my ted talk.

      • deepfriedwater@lemmygrad.ml
        link
        fedilink
        arrow-up
        6
        ·
        2 years ago

        I’ve been thinking about this for some time, embedding html in comments might be fun, but it doesn’t sound safe. Especially in communities where doxing could lead to really bad outcomes for some users.

        • A lot of HTML is definitely OK, but canvases and remote loading are murkier. If/when HTML is allowed again, this is something to consider, although we can still embed images even without HTML with ![](*url*); unless we only allow images hosted on lemmygrad.ml (and possibly some other trusted websites), we may just have to warn people that they should be using Tor or something similar if anonymity is important.

    • AgreeableLandscape☭@lemmygrad.ml
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      2 years ago

      100%

      This is what Tor was made for. Political dissidents. They probably just didn’t expect for us to diss on the West and not the designated evil countries.

      • I think it was originally made (by the Amerikan government) so the NSA and the like could access the Internet without revealing their location, and they released it publicly to increase the number of nodes and users. However, the current developers certainly seem to work on it for the sake of dissidents (as you said)

    • SpaceCowboy@lemmygrad.ml
      link
      fedilink
      arrow-up
      6
      ·
      2 years ago

      Agreed. I think some younger folks on here are very cavalier about doxxing themselves.

      We are the first to go when the opportunity for right-wing purges present themselves.

    • CosmonautCat@lemmygrad.ml
      link
      fedilink
      arrow-up
      4
      ·
      2 years ago

      I agree, maybe even in the form of a more elaborate post on the basics of internet privacy, annonymity and protecting data. Anticommunists have already attacked this community with DDoS and spam accounts, it is reasonable to assume that they’ll also take any chance to dox members. We need to keep informed and practice good data hygiene.

  • darkcalling@lemmygrad.ml
    link
    fedilink
    arrow-up
    9
    ·
    2 years ago

    I would recommend not having Google accounts.

    That said. If you do and insist on subscribing to youtube channels with communist themes or interests I would keep an entirely separate one just for that. It won’t protect you if either some fascist Google employees dump it and hand it off or the increasingly mask off government demands data on communists obviously as Google knows who you are if you have an account with them (and often even if you don’t), but it’s something at least that means the casual unconnected fash can’t do anything with it.

    Other recommendations:

    • Use Firefox (with enhanced tracking protection set to strict)

    • Use ublock origin (because fuck imperialist megacorps and their propaganda serving nonsense)

    • Use multi-account containers (addon) and create containers specifically for sites you interact with communist content on and others for sites connected to your real life. I would even advocate creating one container for lemmygrad, one for reddit (for example if you use that), one for google services, etc. You can also create one container for your doxxable google personal account with your name, one for your sensitive subjects other unconnected google account though you have to remember to pick the right one when opening a new tab and going to a google site.

    • I’d also suggest setting firefox to clear all cookies on exit (you can set exceptions for sites you need to stay logged into).

    • Firefox first party isolation (set in about:config by setting “privacy.firstparty.isolate” to true) is also very useful though may be disruptive to some.

    • For those who want to “subscribe” to a channel without having a YouTube account, use RSS feeds. There are feed readers on (almost) all platforms. For browsing YouTube, you can use Piped, Invidious or another frontend. (And if you’re using a non-smartphone computer, you can just download or stream videos in your feeds with youtube-dl)

      Also, instead of modifying Firefox and potentially worsening your fingerprint, you might as well use Arkenfox, LibreWolf or something similar that’s already set up for privacy-conscious use

    • cayde6ml@lemmygrad.ml
      link
      fedilink
      arrow-up
      3
      ·
      2 years ago

      I never ever use my real name or information on any sites I use except for like Best Buy or something. I’m like a ghost. Am I doing enough?

      • immoral_hedge@lemmygrad.mlOP
        link
        fedilink
        arrow-up
        2
        ·
        2 years ago

        As long as everything you are doing is legal and wont get you in danger in your country, you are fine. My posts is directed at other users and political groups fishing for data. But without any VPN/Tor browser, ex. the goverment will have no issue linking your IP to the person who ordered/pays for the connection.

        • cayde6ml@lemmygrad.ml
          link
          fedilink
          arrow-up
          2
          ·
          2 years ago

          There is always the non-zero chance the government ignores the law and continues to persecute, so I’m wondering if I should be safe and do what you are suggesting.

      • darkcalling@lemmygrad.ml
        link
        fedilink
        arrow-up
        2
        ·
        2 years ago

        There are levels here to deal with different threat levels as well as your interest in disrupting your life. Obviously on one extreme 100 is going fully off-grid and living under an assumed identity, no social media, no online purchases, cash only, no subscriptions other than internet service under a false identity, using nothing but tor and tails and having a faraday bag for your phone which you keep with you only at home. Of course this would kind of destroy your social life and be very disruptive and difficult to maintain while holding down a job.

        The other end is not caring at all.

        I definitely think where you can, you should lie about your real name (obviously you can’t do that for certain things, bank accounts, things that can be disputed and if an invalid name is used could cause you hardship and anyways if you order online unless you’re using a giftcard bought with cash you’re using a credit card tied to your name anyways) and other aspects of yourself. False birthdays, ages, etc for non-important websites.

        The problem is being tracked around on the web is relatively easy. Obviously a site like lemmygrad isn’t intrusive and loading tracking scripts from google and facebook and so on but most sites are.

        I would suggest trying to containerize your presence online. If you use social media make sure not to use similar usernames that allow doxxing, don’t reveal personal details and even sew false ones if you’d like in your anonymous accounts.

        Use an adblocker like ublock always. I would follow the other settings I mentioned if you can and if you use firefox. If you use google chrome well you’re trusting google not to betray you.

        Privacy is not a few paragraphs or a post it’s a book-sized topic just for the online realm. Containerizing things though as I mentioned with the addons or otherwise separating your lives is highly recommended. Keep software up to date to prevent vulnerability exploitation, etc. Don’t click suspicious things, be suspicious and careful, educate yourself on privacy, basic computer security, etc.

        Have multiple emails. Avoid tying politics like this to your main email or any traceable back to your real identity (for example an email you registered to a social media with is tied to your identity even if under a false name on the email itself).