I created a 5-week degoogling plan PDF based on the steps in my book DISENGAGE: Escape the Leash of Big Tech, Scams and Surveillance—Everyday Resistance for the Digital Underdog.

Before I finalize and post it to my site, I'd love some feedback from people who have degoogled or are in the process of doing so.

The final package will be a single PDF, and I've pasted images of the pages below. The final infographic has a link for each product. Please don't worry about formatting issues, I'll get those fixed. But in general, I'm wondering.

• Does this seem motivational/doable?

• Are the tips clear?

• Is there anything that is now incorrect? I wrote the book originally two years ago and updated it in February, so some of my suggestions may already be out of date.

• At the bottom I mention that full instructions for each step are available in DISENGAGE, which is a free book. Is that enough? Or should I instead either note which chapter/page to look at for each step, or directly include links to instructions/tools online?

• The infographic at the end...is it weird to be sideways? I created it a while ago and don't want to have to redo it to fit the orientation. I could offer that separately, OR I could redo the whole PDF to be landscape instead of portrait (which I don't love).

• I'm thinking of turning this into a group challenge (also no cost). If there's enough interest, it could be the checklist, the book, and a Signal group (maybe with a weekly call). I don't know nearly everything about the topic, but I did degoogle myself, and everyone in the group/on the call can share questions and suggestions. What do you think of this idea?

Thanks!

Hi, I'm looking for a mail client that is well suited for managing multiple identities and can easily handle routing everything over an anonymity network.

I would use Thunderbird, but I think when you take it online, it downloads from all your connected email accounts. I want to "go online" at will toward particular email addresses, in other words I do not want my upstream mail provider to be able to associate my accounts in any way, including access time, assuming there is a large enough other pool of people using the same client/anonymity network.

Are there any that are well made for this purpose? Otherwise I will use the mail frontend over Tor or something, but it would be nice to have a lightweight client-side application too so I can keep my emails downloaded and delete them from the server.

Hello, I just wanted to share my story regarding having a domain with Njalla using ProtonMail/SimpleLogin's services.

TLDR (full story below): You may not be able to send emails from your domain with ProtonMail/SimpleLogin if your domain is registered with Njalla (or any other "privacy-friendly" domain registrar).

Full-story:

I had a domain with Njalla (njal.la) for a couple of years, and at the same time, I was using this domain with ProtonMail (to send emails from my domain) and SimpleLogin (catch-all aliases with my domain). I never had any issues during the last few years until recently:

• A few months ago, beginning of 2025, I suddenly wasn't able to send emails from my domains/aliases: They were rejected ("Undelivered Mail Returned to Sender") because I was listed on Spamhaus (a service which lists domain reputation, check.spamhaus.org). I contacted Proton's support, and they advised me to reach out Spamhaus directly to resolve this issue. I was able to request a delisting of my domain "automatically" (through a form), and a few days later, my domain had been "automatically" delisted and I was thus able to send emails again.
• A month ago, my domain has suddenly been re-listed on spamhaus, again. This time, I wasn't prompted with the automatic delisting form like the first time. I had to contact through a form Spamhaus and I had to write a small text requesting to be delisted and explaining to them how I was not using my domain for spamming/scaming/bulk email sending/etc... This time, spamhaus refused to delist my domain because my domain was considered as an Internet neighbourhood with “poor reputation” that has shared (or inevitably will share) its negative reputation. (...) The domain is not eligible for removal while being associated with this neighbourhood. We recommend moving your domain to a hosting network with good reputation.. I was talking with Njalla's support and ProtonMail's support at the same time, and they basically both told me that there is nothing they could do. I was basically forced to transfer my domain to a new domain hoster provider. And not any other domain hoster, but one with a "good" reputation (when I asked if transfering to 1984 (https://1984.hosting/), a privacy-friendly domain provider, Spamhaus discouraged me to do so.

To sum it up, by having your domain with any privacy-friendly service (like Njalla, 1984, ...), there is a chance that your domain will be listed on Spamhaus, preventing you from using your domain with ProtonMail/SimpleLogin.

I find it ironic from Proton, as they even encourage using Njalla/1984 in one of their blog article: https://proton.me/blog/professional-domain-and-email. At the end, I'm a bit pissed by Spamhaus's behaviour and also ProtonMail for using such services.

Here are screenshots of my discussions with ProtonMail, Njalla and Spamhaus support if anyone is interested enough in reading the whole discussions: https://postimg.cc/gallery/phgVK4M

Just wanted to share my story to help other people know about this issue and the issues they might encounter with ProtonMail based on their DNS provider choice.

I know the generall guidance for private phones was Pixel with graphene OS. I was financially planing on buying a 10th gen pixel when they come out later this year to only put gos on it. However with the recent news, I am wondering if this is still the recommended best practice from this community.

I am worried that if the gos team needs to spend tonnes of ressources on maintaining basic drivers and stuff then they won't have any time to work on the privacy and security features they are best known for.

What is your oppinion?

Also does anyone have a way to dpam feedback to google? I couldn't finf a generall feedback form, but if they know that people aren't buying their hardware because of this decision, they might back down. (I really fell in love with gos researching it lately so I would hate to have to switch to something like /e/ os or calyx or something)

May be a stupid question, but it occurred to me that when renewing official IDs, fingerprints are registered, and of course, there's a clean shot of your face. Kinda makes me uncomfortable, since fascism seems to be on the rise pretty much everywhere. How do you guys deal with this? Necessary evil?

Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.

This is the process through which Meta (Facebook/Instagram) managed to link what you do in your browser (for example, visiting a news site or an online store) with your real identity (your Facebook or Instagram account), even if you never logged into your account through the browser or anything like that.

Meta accomplishes this through two invisible channels that exchange information:

(i) The Facebook or Instagram app running in the background on your phone, even when you’re not using it.

(ii) Meta’s tracking scripts (the now-pulled illegal brainchild uncovered last week), which operate inside your mobile web browser.

Or a fork of Firefox like fennec

How bad is Android Auto for privacy on a stock Pixel phone. What can the car and car vendor get access to.

I'm on android

So i downloaded fennec today and it seems to be pretty good, and quick aswell. But the settings are kinda confusing, for now tho!

I have already enabled ublock, Clearurls and Privacy Badger.

What other settings would you recommend to make fennec even more privacy hardened?

I'd appreciate any insight ppl can offer, especially relative to mullvad VPN: could a casual privacy valuer benefit from this over mullvad now or in the future?

Has anyone seen this one listed on VPN comparison sites?

Same:

They take straight monero and generate accounts from no personal info

Pros:

It's something like 1$/device/mo, so sometimes cheaper than mullvad.

Doesn't use gmail or centralized servers like mullvad, argued here; went over my head

Something about improving browser privacy

Cons:

Beta; small project; haven't found credible endorsements

There is no forum for this service and it's privacy related so I think it's best sub when I can ask. When I try to loggin there is yellow error which says "there seems to be an error logging you in. please try again shortly"

Dark Web Interdiction Act of 2025

Here is the text of a bill introduced to Congress (US), ostensibly to combat the trafficking of opioids over "The Dark Web". There's a nice definition of "The Dark Web" at section 4.

I like the part where it says people are using "The Dark Web" both within the United States and "at the international border".

This is for pedagogical purposes. Please do not cypher actually important messages with this.

Anyway I think it can bring with little ones, and adults alike, interesting conversations around :

• secrecy
• privacy
• cryptography as counter-power
• mathematics, starting with modulo
• the duration a message can stay undecipherable and thus the kind of message to share
• computational complexity, how many permutations are available

... and a lot more!

I recently have been playing around with GPG (its pretty fun!) And decided to make a hat with my public key on it!

Its a fun conversation starter at walmart, when somebody asks what it is? It activates my tism, and i get to talk about computer science! Its also important to teach others the importants of encryption especially as of one day ago the EFF made a post talking about yet another bill trying to go after encryption.

The keen eyed among you see i have blocked out certain parts of my key, this is because i have a key for this hat exclusively and would like to see if anybody i talk to about encryption in real life bothers to email me. I know its not much but i enjoy it!

I laser etched the leather, and hand stitched it to the hat.

I know this is more kinda clothing stuff, but it just didnt feel right posting a hat with a gpg key on a fasion/clothing community.

Hope you enjoy My little project >:) hehe

I'm aware that carrying a phone means that I can be tracked with cell towers and that's fine.

But is there some sort of tracking that can be done on modern dumb-phones that make relevant ads show up(on spotify/youtube) that are based on where the phone has been?

Thanks I'm a newb

Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more

Like what the title says. There's always a catch unless it's FOSS. So, what is the catch with them giving games for free that you can keep forever? What will the developers of the games get as a thank you?

Please help promote the hashtags #Deadline2025, #BigTechWalkout2025 and #Reclaim2025 to reach those still using big tech platforms.

And share this great video that a friend of mine made showing how lame the big techbros really are.

If we starve big tech of data, their power diminishes.

So i downloaded Brave on windows 10 a few months ago and i remember that it was pretty easy without any hiccups but last week when i tried to download librewolf a message poped up saying that it may be harmful for your computer even tho i downloaded it from the official source

Is it just me or is microsoft getting more and more desperate to collect our data?

*Edit: Sorry it wasn't bitdefender it was something like Antimalware service executable or something like that which i think is a microsoft product

Everyone talks about how evil browser fingerprinting is, and it is, but I don't get why people are only blaming the companies doing it and not putting equal blame on browsers for letting it happen.

Go to Am I Unique and look at the kind of data browsers let JavaScript access unconditionally with no user prompting. Here's a selection of ridiculous ones that pretty much no website needs:

• Your operating system (Isn't the whole damn point of the internet that it's platform independent?)
• Your CPU architecture (JS runs on the most virtual of virtual environments why the hell does it need to know what processor you have?)
• Your JS interpreter's version and build ID
• List of plugins you have installed
• List of extensions you have installed
• Your accelerometer and gyroscope (so any website can figure out what you're doing by analyzing how you move your phone, i.e. running vs walking vs driving vs standing still)
• Your magnetic field sensor AKA the phone's compass (so websites can figure out which direction you're facing)
• Your proximity sensor
• Your keyboard layout
• How your mouse moves every moment it's in the webpage window, including how far you scroll, what bit of text you hovered on or selected, both left and right clicks, etc.
• Everything you type on your keyboard when the window is active. You don't need to be typing into a text box or anything, you can set a general event listener for keystrokes like you can for the mouse.

If you're wondering how sensors are used to fingerprint you, I think it has to do with manufacturing imperfections that skew their readings in unique ways for each device, but websites could just as easily straight up record those sensors without you knowing. It's not a lot of data all things considered so you likely wouldn't notice.

Also, canvas and webGL rendering differences are each more than enough to 100% identify your browser instance. Not a bit of effort put into making their results more consistent I guess.

All of these are accessible to any website by default. Actually, there's not even a way to turn most of these off. WHY?! All of these are niche features that only a tiny fraction of websites need. Browser companies know that fingerprinting is a problem and have done nothing about it. Not even Firefox.

Why is the web, where you're by far the most likely to execute malicious code, not built on zero trust policies? Let me allow the functionality I need on a per site basis.

Fuck everything about modern websites.

"Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session."