Age Verification.
this post was submitted on 05 Sep 2025
69 points (96.0% liked)
Privacy
41525 readers
740 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Basically everything from Meta.
There was speculation that the NSA is deeply involved in Cloudflare, which wouldn’t be a surprise at all.
In fact all US services are probably infiltrated one way or another.
Even if Cloudflare wasn't a honeypot I would put in as many agents as possible as a three letter agency.
Yeah exactly. How can Cloudflare stay in business with such a huge free service? That's why.
That's not a honeypot. What does anyone think is private about Cloudflare?
If you use their DNS they see every domain you visit.
Internet providers see internet traffic. Are they all honeypots too?
That's why you should use a VPN or anonymizing traffic mixers.
Encrypt your DNS. Use only DNSEC servers. TLS 1.3, Secure SNI. Use a VPN with double hop proxy.
The issue is not all servers support TLS 1.3 and Secure SNI, so you are at the mercy of that particular server. Truth be known, there is probably zero ways to be totally secure, private, and anonymous, but that shouldn't deter you from locking down what you can. However, if your threat model is hiding from a government, then unplugging is probably your best bet.
People I talk to about security, anonymity, and privacy always ask me 'Are you hiding from the government?' which is rather hilarious to me. I send them tax forms every year. I vote once every four years and in local elections. We are in touch. If I were a person of interest, they'd come visit. However, there is absolutely no requirement to over share....with anyone.
Please beware that DNS over TLS is transport protection; the dns server itself of course still sees and knows everything.
I use my own DNS.
That's great.
Express VPN, CyberGhost, etc... Run by genocidal zios. Completely untrustable.
ISP don't even pretend not to sell your shit anymore...
that's really the only real benefit to using VPN, deny that parasite profit while shifting trust to another corpo. at least VPNs pretend to not sell your data. i mean some do it anyway
Wouldnt a vpn server be an ideal target for the NSA?
I am talking about ISP selling your traffic for marketing data.
You are talking about state actor hunting you down.
Different threat model.
You are not hiding from NSA within US or other westoid regimes.
They have legal right to do whatever they want. An individual has no chance
If you use your own DNS and also DNS over HTTPS I think they won't be able to sell that data anyway.
They still classify traffic at the very least. Watching NetFlix, playing games, browsing web etc.
With VPN they have to us e a lot of compute to figure out what is going in the tunnel.
Plus, they can't figure out that you are downloading Linux iSO 🐸
There’s been a few stories outing the feds as running most illegal porn sites on the dark net.
Anything by Meta (Facebook, Instagram, WhatsApp). Facebook literally got people killed by volunteering their location data to a tyrannical government in a third world country. Don't think they won't do that to Americans.
Android (the mobile OS) kind of is. The only reason Google bought the hobby project to put Linux on smartphones was because they could collect more data with it than they could with Gmail. You can get a Pixel device and install GrapheneOS on it, but not even 1% of Android users are turning off telemetry (which only anonymises it), let alone installing custom firmware that doesn't have it. I'm not saying iOS isn't — because it's not open source, we don't know — but I am saying Android definitely is. And I don't just mean Pixels — to use the Android brand, Google requires certain things of OEMs like Samsung, from having Gmail and/or Chrome on the main home screen, to having Google Play Services, which does the data collecting, installed. (I'm pretty sure the Play Store actually requires it. Forks that don't use the Android branding, like Amazon's Fire OS, don't have this restriction, but Amazon probably has plenty of other crap in theirs.)
Now, I never said Android was a honeypot, and it may not be. But Google was just sued for antitrust, and they made a deal to keep Chrome and Android under their banner. We don't know what the terms of that deal are. I would consider both of them to be compromised by bad actors (potentially they always were since Google was selling the data). Don't think so much about who you call (though that can be valuable) but like, your Maps data, anything you put in Health (like if you're female, like if you miss two or more periods but not eight or nine and then start back up again, I'm sure the GOP would love to know that — for the dense fellas, it could mean she got pregnant and then terminated it, or the pregnancy failed somehow). Tim Cook's advice of "get your mom an iPhone" doesn't sound so far fetched now. Your sister, too. Heck, specifically regarding Health, Samsung put out an update last year, maybe the year before — that is, before the current administration — saying if you keep using Health, they can sell your information to whoever they want. Either agree and keep using it, or disagree and they delete your data. At this point, no stock Android phone can be trusted to keep your information private. It's different if you use GrapheneOS, but that requires buying a Pixel, putting money in Google's pocket. The Pixel 10 is what, about as powerful as an iPhone 11? A 12 maybe? And it costs the same as an iPhone 16. You decide. Personally I don't think it looks like a very good deal.
We know WhatsApp and others fail to include a libre software license text file. We do not control them. They are not honeypots. They are scams!
Closed source apps
You may not like this: fediverse. Yes the site you’re on right now.
Completely public forum scrapeable by api that exposes non-scrapeable, private information to the administrators of federated servers of which there are thousands.
Even if you reject the idea that one of the thousands of “single user” servers is actually just quietly recording everything as a matter of mission, do you reject the idea that one of them hasnt been compromised? That an admin on one of the bigger ones hasn’t?
Treat this site and any others that aren’t completely behind auth as social media.
fedi is the public commons, treat it as such.
The ice watch apps
Especially those developed/maintained within US jurisdiction
Scams? Yeah, almost all of them.
Honeypots? No, always too blatant.
This privacy-centric US phone carrier may or may not be a honeypot, but seems too good to be true. https://www.cape.co/
All the others are worse.
If they are all honeypots, does calling them honeypots still mean anything?
To be fair, it is $100/mo, so there is a premium for their privacy benefits.
ANOM wasn’t until it was, and then it shut down. I recommend the Darknet Diaries episode to hear the story.
Anom failed to include a libre software license text file. We never controlled it. That's not a honeypot. It's a scam.
oracle
Stingray phone trackers and similar IMSI catchers are a kind of honeypot.
Those are in DC during protests all the time
Tor
why?
Seems weird to be heavily funded by the US gov, we are unaware of how many nodes are run by governments, and germany themselves have done traffic correlation attacks to de-anonymize users.
yeah but what is the solution?
Discord is 100% I'm only unsure if it's NSA or CCP
If it's financed by In-Q-Tel, then it is a honeypot.
proton
I'm open to listen for a rationale.
Oh wait, proton turned over email metadata when subpoenaed:
https://www.techspot.com/news/102981-proton-mail-provided-user-data-led-arrest-spain.html
ProtonMail, or the Steam game compatibility layer?
proton mail