Nitrokey.com is a well trusted security hardware maker to my knowledge. Their 2FA key could be a good addition in the resources.

Recently Henry wrote an article on Medium - https://medium.com/@henryistaken/the-real-privacy-enemy-is-ourselves-dc2188ad7eeb .

I think supporting medium is like more towards centralization and with no Privacy.

I suggest the team to use https://Sigle.io which is decentralized Blogging platform and mostly like medium. It is getting an Big update in Weeks.

My account got disabled for a month or so, which made this issue dissappear from everyone else. After gaining the account back, this issue didn't come back for others, so I will post this suggestion again since these changes haven't yet been implemented.

My original post:

I took a closer look at all the services that still have the check for honest marketing and found two additional services that don't deserve it, in my opinion.

StrongVPN: Let's start with this statement: "Right now, your private data is at risk without a VPN. It’s not too late to take action — use StrongVPN to shield your personal information from the spying eyes of your ISP..." My biggest issue with this is their use of urgency and fear to market their service.

Here is another statement: "Anonymous Browsing" "With the protection of StrongVPN, your browsing history and activity will be virtually invisible. Stay hidden from any prying eyes by using one of our anonymous IP addresses and surf the web without a trace." A little over the top, would you say? You can find both of these on this page.

HideMyAss: This one is shorter, but using disinformation to sell your service is unacceptable. "Why get a VPN for privacy? Because without a VPN, you don’t have any. A VPN encrypts your connection to the internet, keeping your info safe from spies and hackers, while connecting you to a remote server to hide your IP address, so governments, your ISP, and more can’t see what you do online." The biggest problem is the claim that you supposedly cannot have privacy on the internet without a VPN. Even though this may seem like a relatively small thing, I think it is a big and false claim that should not be tolerated. https://www.hidemyass.com/privacy

Problematic page: https://www.techlore.tech/rss

This webpage is mostly fine, with the only issue I found so far being that the "All Techlore feeds" hyperlink links to a forum discussion thread called "Introducing ‘Techlore Feeds’ - Reviving Twitter, Telegram & Matrix", which lists Substack, Reddit and Discord as available feeds to follow for Techlore updates.

Substack isn't used to host the Techlore blog anymore, with it now being hosted using Bear blog.
Sources: https://blog.techlore.tech/
https://discuss.techlore.tech/t/techlore-new-blog-and-new-podcast-provider/8689

The Techlore subreddit is private, which should mean that the Techlore subreddit doesn't qualify anymore as a Techlore feed.
Source: https://discuss.techlore.tech/t/taking-r-techlore-private-on-reddit/4157

As for the Discord feed, the whole Techlore Discord server was shut down and therefore the Discord feed isn't available anymore for anyone.
Source: https://discuss.techlore.tech/t/welcome-techlore-discord-members/6984

Can Henry or some other forum administrator or moderator edit Henry's first comment of the mentioned forum thread to reflect the changes?
Forum thread: https://discuss.techlore.tech/t/introducing-techlore-feeds-reviving-twitter-telegram-matrix/4067

Or maybe write something like this in the Techlore feeds page (I added the bold paragraph):

"Our 'main feed' is not currently hosted by ourselves—we utilize Mastodon. This is the same stream of updates you'd otherwise receive from our own self-hosted feed.

• Main Techlore RSS Feed
• Techlore Forum RSS Feeds
• All Techlore Feeds

Note that the previously available Substack, Discord and Reddit Techlore feeds aren't available anymore and the other feeds available to use should cover all the information previously sent to the now defunct feeds."

Any other solution is welcome.

I understand if people at Techlore see this as a nonissue and decide to close this, but thank you for your consideration.

Request info

Service: https://www.1984hosting.com/
Company: 1984 ehf.

Request Bio

This issue is a request to you guys about adding "1984hosting" (1984 ehf.) to the Web Hosting/VPS selection on the resources.html page. "1984hosting" (1984 ehf.) is a company based in Iceland, that offers services like domain registration, web hosting, managed web hosting, etc. I would like for this company to be add to the list, seen as it's a company that really seems to care about protecting the civil and political rights of their customers. They only ask for an email address, password, phone number (witch is optional), and the necessary payment information on signup/use of the service. They also provide 2FA, (and i quote) "Damn fine support", and also the option for payments via bitcoin. So if you'll would be able to check it out and see if this service meets the criteria you guys have set i would appreciate it a lot.

This issue was opened by,
Mr. Muffin,
Representative of The New Oil,
(not opening this issue on behave of The New Oil)

Full URLs:
https://www.1984hosting.com/
https://www.1984hosting.com/about/
https://thenewoil.org/about.html

Links that can/should be updated (in my opinion):

Desktop browsers:
Firefox:
Current link: https://firefox.com/
New link: https://www.mozilla.org/en-US/firefox/new/

Android browsers:
Firefox/Focus:
Current link: https://firefox.com/
New link: https://www.mozilla.org/en-US/firefox/browsers/mobile/

Another option is to split the Firefox and Firefox Focus recommendations apart as two different recommendations with the following links:
Firefox: https://www.mozilla.org/en-US/firefox/browsers/mobile/android/
Firefox Focus: https://www.mozilla.org/en-US/firefox/browsers/mobile/focus/

iOS browsers:
Firefox/Focus:
Current link: https://firefox.com/
New link: https://www.mozilla.org/en-US/firefox/browsers/mobile/

Another option is to split the Firefox and Firefox Focus recommendations apart as two different recommendations with the following links:
Firefox: https://www.mozilla.org/en-US/firefox/browsers/mobile/ios/
Firefox Focus: https://www.mozilla.org/en-US/firefox/browsers/mobile/focus/

Arch Linux:
Current link: https://www.archlinux.org/
New link: https://archlinux.org/

MacOS:
Current link: https://www.apple.com/macos/what-is/
New link: https://www.apple.com/macos/sonoma/

Signal:
Current link: https://www.signal.org/
New link: https://signal.org/

Tuta:
Current link: https://www.tuta.com/
New link: https://tuta.com/

Privacy Guides' self-hosting email page (this link needs to be updated because the current link doesn't redirect to the right Privacy Guides page):
Current link: https://www.privacyguides.org/email/#self-hosting-email
New link: https://www.privacyguides.org/en/email/#self-hosting-email

OrangeWebsite:
Current link: https://www.orangewebsite.com/
New link: https://orangewebsite.com/

Privacy Guides:
Current link: https://privacyguides.org/
New link: https://www.privacyguides.org/

Opt Out:
Current link: https://www.optoutpod.com/
New link: https://optoutpod.com/

I can do a pull request myself if these changes are accepted and if clarity is given to the situation regarding the Firefox and Firefox Focus links.

The VPN Finder seems pretty bugged. No matter which options I choose, I always get the result that my criteria didn't match any VPNs. Only 5 minutes ago when I kept hitting random options to make sure that it was bugged did I get a result, but trying again? Nope. Nothing.

I don't think the answers I chose, including ones where I answered more randomly, were that crazy either. My personal criteria was that I wanted both security and to be able to download stuff, intermediate (sometimes beginner), the 14 eyes isn't black and white and I'm open to using a trusted provided located there, just a few devices simultaneously connected, and a client for Windows, Mac, and iOS. I don't think that these are that unusual haha 😅

I brought it up in the Techlore Discord server, and one other user said that they experienced the same thing, even after trying different combinations. I was redirected here by another user.

Hopefully y'all are able to get it working properly! 👍🏻

In the VPN list IVPN still has port forwarding, which is only for active customers and no new ones. Either remove it when it is officially no longer available for all or in the next update of the VPN charts.

Source: IVPN Blog Post

I like the system on the Privacy resources page where you recommend your favorite products with a star, but I believe this approach is still too general for a few cases such as Briar and Signal both having stars next to them, so these products should be properly differentiated, since Briar is a lot harder for the average person to use, while Signal is more user-friendly with less security/privacy features than Briar.

We can differentiate recommendations between ones made for maximum privacy and ones made for maximum security/privacy by prefacing in the popup that shows up when the visitor hovers over the symbol, that the software may have features that limit usability

• For Tor, this can say that the browser can be slow, some websites block tor, and/or the browser clears data on exit

• For Briar it can say that the app has to run constantly for messages to be recieved and/or this wastes battery

• For Mullvad we can potentially say it clears data on exit

Now that Proton Drive has implemented both the Windows and macOS apps and the Linux client is probably coming at some point, I think we should add Proton Drive as a recommendation. I don't think the lack of a Linux client should be the reason to exclude Proton Drive because you can still access it through the web browser, which is also the only way to access Cryptee, a current top recommendation.

There's already a question about phone number aliasing in Zone 2, but a separate question should be added for email aliasing, since email aliasing is a lot easier than phone number aliasing

This question can even be put in zone 1 because it's a decently streamlined experience to create masked emails, and duckduckgo even allows unlimited masked emails for free, for anyone that doesn't want to pay for the other alternatives

Your website is missing the following Security Header/DNS Security configurations.

• DNSSEC
• HSTS
• CSP
• X XSS Protection (Cross site scripting)
• X Content Type Options (Content sniffing)
• Referer header

Seen as your website is missing some of these important Security Header/DNS Security configurations, i would suggest you look in to fixing these miss configurations and start implementing them asap.

This issue was opened by,
Mr. Muffin,
Representative of The New Oil,
(not opening this issue on behave of The New Oil)

Full URLs:
https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
https://en.wikipedia.org/wiki/Content_Security_Policy
https://en.wikipedia.org/wiki/Cross-site_scripting
https://en.wikipedia.org/wiki/Content_sniffing
https://developer.mozilla.org/enUS/docs/Web/Security/Referer_header:_privacy_and_security_concerns
https://thenewoil.org/about.html

Source: https://support.startpage.com/hc/en-us/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing

This change should be reflected in the Startpage description in the Techlore Resources webpage.

Email with Updates:

• Nordvpn Has added a transparency report
• Nordvpn Simultaneous Devices is now 10
• Nordvpn now has honest marketing
• Nordvpn Total Countries is now 111
• Nordvpn Total Servers is now 6421
• Nordvpn is now Diskless

The new Notesnook icon should be added to the resources page and the forum.

Hello,
may i suggest that it would be great if among all the other resources you put out for this community we have a community driven Q&A section with answers to the most commons responses like "I dont care about privacy", "If giving my data means the service is free im fine with it" or "im fine with them having my data" among others.
My idea was something like Plexus where people would pitch in their counterarguments.
Im sure that the team might be busy with so many projets but it would be interesting to see this in the future, as there are probabbly more people like me that start to understand the need for privacy but cant quite explain it to people,without them loosing interst.

The idea came up after watching GoIncognito 6.9

In the Resources page, the VPN Finder Tool 'Visit' link redirects to VPN Review Tool page instead of VPN Finder Tool Page.

Please fix this.

This is a premature issue to be opened in this repository, since the feature hasn't released yet, but Brave's "forget this site" feature will make clearing cache and cookies so much easier and user friendly that I feel it has to be mentioned in Zone 1 next to "Clear device temporary data" and "frequently clear or never store browsing data"

• Different threat models may work better with using biometrics, while other threat models may be better off not using them

• Explain this to any quiz taker and allow them to decide using threat modeling

We should add a QR code for our Monero address to make things easier for people.

I envision a small little QR button to the right of where our XMR address currently lives. When a user clicks it, there is a pop-up with a larger QR code, and the surrounding area around the barcode on the site is darkened.

Please make reviews and give us an insight wheather to use Skiff Products.

Please add a column that shows which VPN has a Connect on Boot feature.

What's Connect on Boot?

• This allows the VPN program to connect during boot state, instead of connecting after the computer is successfully logged in and the VPN program launches (e.g. Connect on Launch),

Why Connect on Boot is important?

• If you have Kill Switch enabled. The standard experience of a VPN User is that they won't be able to browse the internet until the VPN program launches and connected after successfully logged in to the computer.

• This produces a disconnected state of about 5 seconds to 1 minute or more depending on the following factors
  A. If the computer hardware spec is good enough
  B. The number of startup programs on queue ahead of the VPN program

• This experience repeats on every single reboot of your computer.

With Connect on Boot, all the problem above is non-existent and you can ensure that your computer is always connected to the VPN server from the first 1 second you successfully logged in your computer.

Which VPN providers have Connect on Boot feature?

• Mullvad
  This could be enabled by going to Settings > Preferences and enable Launch app on start-up and Auto-connect. This trigger the hidden setting "Connect on Boot" to be enabled by default.

• VyprVPN
  This could be enabled by going to Settings > Startup Options > enable Connect on Boot

I offer DivestOS, an Android ROM that provides long term device support along with enhanced privacy and security.
Website: https://divestos.org
Source: https://gitlab.com/divested-mobile
Project History: https://divestos.org/index.php?page=history

I also offer Mull, a Firefox for Android fork that is hardened for privacy out of the box.
Download: https://f-droid.org/en/packages/us.spotco.fennec_dos/
Source: https://gitlab.com/divested-mobile/mull-fenix
Release Comparison: https://divestos.org/misc/ffa-dates.txt

Any questions welcome.

fwiw, I am not a company and I am not selling anything.

I suggest you guys look into adding the Neo Store to the app stores selection on the resources page.

Repo: https://github.com/NeoApplications/Neo-Store

Hello,

NordVPN has 5664 servers worldwide and 59 countries

Quoting https://nordvpn.com/servers

Choose from NordVPN’s 5664 ultra-fast servers in 59 countries.

The VPN tookit says

Total servers : 5611
Total countries : 60

So please, make this change to reflect this.

Thanks.

Keeping up with the times in the cyberworld is vital to maintaining privacy and security with accurate and up-to-date details. That being said, Mega now has an active exploit that allows people to view encrypted files.

Sources
https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/

In 2015 a server from AirVPN was seized. On kumu.io it says 0 servers were seized.

https://airvpn.org/forums/topic/56817-court-order-seizing-the-server/?do=findComment&comment=226473

• Updated links:

Proton mail non-affiliate link:
Old link: https://protonmail.com/
New link: https://proton.me/mail

Shredder non-affiliate link:
Old link: https://www.auroracorp.com/au1285md.html
New link: https://auroradirectstore.com/aurora-au1285md-compact-desktop-style-high-security-12-sheet-micro-cut-paper-and-cd-credit-card-junk-mail-pullout-basket-shredder-white-black/

• Pages not found:

MEGA affiliate link: https://mega.io/privacycompany?aff=Ki7nvbOsh6Q
MEGA still has a referral programme, if you are interested: https://mega.io/refer
Otherwise, maybe remove MEGA from the Techlore Tools and Affiliates webpage.

Linksys Wi-Fi router:
https://www.linksys.com/dual-band-ax3200-wifi-6-router/E8450.html

This router doesn't seem to be available in the current Linksys store, is it an old model? If yes, maybe the link should be changed to a more recent OpenWRT compatible Linksys router.
https://store.linksys.com/shop/shop-home/whole-home-mesh-wifi/?start=0&sz=36

Sennheiser MKE 600 (Shotgun Mic):
Amazon link: https://www.amazon.com/gp/product/B00O1LSRBS?ie=UTF8&psc=1&linkCode=sl1&tag=techlore06c-20&linkId=fa56fd200d984e5285d97eff4ee6313f&language=en_US&ref_=as_li_ss_tl

• Resource not available anymore:

LocalMonero (will shut down November 7th, 2024):
Affiliate link: https://localmonero.co/nojs/?rc=zfot
Non-affiliate link: https://localmonero.co/nojs/

• Insecure website:

When I visit the Fovitec website using the Fovitec Lightning non-affiliate link provided in the Techlore Affiliates page, my browser shows a warning saying that my connection isn't private. As such, I think this link should be removed.
Insecure Fovitec link: https://www.fovitec.com/

Also, the Amazon link shows that the previously available Fovitec Lightning product isn't available anymore, so maybe it's better to remove the Fovitec mention altogether from the Techlore Tools and Affiliates webpage.
Amazon link: https://amzn.to/3pEHdQF

• Lack of an affiliate link:

Why is Todoist mentioned in this list of tools if there isn't any affiliate link for it? Even if Todoist should stay in this list, why is there a box with "Affiliate🌟" written, if there isn't any affiliate link for Todoist? Is that box mandatory for all items of this list? Any explanation is welcome.

• Products out of stock:

Qubes compatible laptop:
Non-affiliate link: https://www.insight.com/en_US/shop/product/20QD0004US/LENOVO/20QD0004US/Lenovo-ThinkPad-X1-Carbon--7th-Gen----14----Core-i7-8665U---vPro---16-GB-RAM---256-GB-SSD---US/
Amazon link: https://www.amazon.com/Lenovo-ThinkPad-X1-Carbon-i7-8665U/dp/B0BWFRLGZF?crid=17XFQRE70V98T&keywords=thinkpad+x1+gen+7&sprefix=thinkpad+x1+gen+7,aps,97&sr=8-6&linkCode=sl1&tag=techlore06c-20&linkId=63445fdc6e765e74abb5f1fcc54b3ea7&language=en_US&ref_=as_li_ss_tl

Webcam covers for camera safety:
Newegg link: https://howl.me/cj7bhJnBVnt
Non-affiliate link: https://www.newegg.com/p/1EF-0161-000U8

Sennheiser MKE 600 (Shotgun Mic):
Newegg link: https://www.newegg.com/p/0UK-001H-005P8?Description=Sennheiser+MKE+600&cm_re=Sennheiser_MKE+600-_-9SIAKZYJH67658-_-Product&nrtv_cid=cd2b5112545eeedfcac2ea88c20cc35d05de20d9ece326e61e3b59f846e64cf2&utm_source=howl-techlore6526&utm_medium=affiliate&utm_campaign=afc-howl-techlore6526&cm_mmc=afc-howl-_-6526-_-14005829088&nrtv_as_src=1

Senheiser HD600 (Headphones):
Newegg link: https://howl.me/cj7aDmaJ22n

Google Pixel 7a:
Newegg: https://www.newegg.com/p/23B-001E-004D6?Description=google+pixel&cm_re=google_pixel-_-23B-001E-004D6-_-Product&nrtv_cid=a634d347be119ab1f4e4f136eb5c27820e840a37d541372c718dd96e4dc81457&utm_source=howl-techlore6526&utm_medium=affiliate&utm_campaign=afc-howl-techlore6526&cm_mmc=afc-howl-_-6526-_-14005648069&nrtv_as_src=1

Maybe change the link to another Google Pixel that is still in stock in Newegg, like the Google Pixel 7 Pro.

• Orange hosting question:

The Orange hosting affiliate link redirects to this link, which doesn't look like an affiliate link: https://orangewebsite.com/hosting/offshore-hosting

Is this really an active affiliate link?
If yes, nothing needs to be changed.
If not, Orange hosting still has an affiliate programme, if the Techlore team is interested.

Orange hosting affiliate programme: https://orangewebsite.com/company/affiliate-program

Otherwise, maybe remove Orange hosting from the Techlore Affiliates and Tools.

• omg.lol question:

The omg.lol affiliate link redirects to the following link (the omg.lol homepage): https://home.omg.lol/

The omg.lol affiliate link provided by Techlore isn't an affiliate link anymore or is this expected behaviour?
If this is expected behaviour, nothing needs to be changed.
If this isn't an affiliate link anymore, maybe produce a new affiliate link and change the current one, or remove omg.lol from the Techlore Tools and Affiliates webpage.

Hello Henry!

Can ente Auth be added to the resources page (2FA category). It seems like it passes all the criteria. It's all-open-source, available on F-Droid and easy to use. All with E2EE, it can even be used accountless (so without an ente account). It's from the people who created ente, the photo management service.

It's a really great alternative for people on iOS, as Raivo is no more there.

Thanks.

Emailer:

Hello there, this is a few things to add for expressvpn

Expressvpn now has transparency report https://www.expressvpn.com/trust Kind of warrant canary since it shows gag orders aswell. Updated every 6 months

Express also has 2fa now

Express also has connect on boot

Express has no logs

Simultaneous Devices its now 8

I'm a fan of Perfect Privacy, but I noticed one wrong info. It says that Perfect Privacy has Transparency Report, but this is not true. I brought this up a few months ago and it may come in the future, but isn't on the Website atm

Source: Perfect Privacy Forum (German)

We can do a transparency report, but there is really not much to report.

PS: May mention that they actually got Open source software, but for Wndows Only (and soon Linux aswell, but no eta when).

Hi, So as I was looking at the VPN review page, I saw there was an extra empty table at the bottom with 2 links: 1 link for a normal one and 2 for an Affiliate link. They both go to this page, which does not exist and looks to me like a JS Error Probloy for some reason going to a page. https://techlore.tech/undefined that's where it goes to.
I did some digging into the code and looked and tried editing the code to see if I can figure out what's going on here.
After my own research, this is what I came up with. For some reason, in the process of converting to JSON it adds a blank extra table at the bottom. Maybe in the JavaScript somewhere it's somehow adding those links. Not sure, but it's adding them. Which leads to 404.

The CSP needs to be changed to:

default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src data: https://discuss.techlore.tech 'self'; connect-src https://*.techlore.tech https://raw.githubusercontent.com 'self'; frame-src https://www.youtube-nocookie.com https://*.techlore.tech; frame-ancestors 'self'; manifest-src 'self';

The permissions policy header is completely invalid and should be set to:

accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=()

Onion Browser has had an issue with IP leaks via WebRTC since 2018. Should it really be listed under iOS browsers on Resources?
(made on behalf of one Happy Henry)

Now that we no longer do individual VPN reviews, it makes more sense to migrate our VPN Toolkit to our website's GitHub repo along with the rest of our site to keep development in a single place. This will make future updates to the Toolkit much easier to do.

Requested By:
https://fulda.social/@Snowplace/110677631826285718

I have found that the easiest step to make someone more private is getting them to start using a private web browser. For someone willing to take a privacy and security quiz, they probably want to be more private and would be willing to download a private web browser, since it's easier than buying a shredder, safe or even configuring a router

Also Zone 3 has this question, and I believe the question in Zone 3 should be "Only use Tor for web browsing" since that's such an extreme threat model

I feel like this question should be moved, but if you disagree let me know