Should I Disable WebSocket Connection on My Web Browser (in terms of privacy)?

Considering disabling WebSocket connections for security reasons. Any experience or thoughts? Have you disabled WebSockets? Any notable issues or performance changes?

Browser Timezone & Privacy Concerns

How can I hide my "timezone" from sniffing sites?

From my understanding, websites can access both the timezone of my browser (without using javascript) and the timezone of my local machine (using javascript). my question being

• If a website has access to my local machine's timezone, does it mean it has access to other information on/about my local machine?
• According to Privacy - How can I hide my "timezone" from sniffing sites? - Super User, we must disable JavaScript to block timezone access. However disabling javascript is not really feasible as it breaks most of websites. Is there a workaround that allows us to block JavaScript from running specific commands?
• Maybe my understanding of JavaScript is incorrect, but if a website has the privilege of running any program on my computer through the web browser, it can retrieve all the information it needs. If I don't disable JavaScript while using the browser, I don't see the point in resisting fingerprinting, like spoofing my device info.

appreciate any help!

According to a post online, Thunderbird email client makes connections to sites that have nothing to do with sending and receiving email, for "telemetry" and other questionable reasons

Is this something we should be concerned about? Is there a good alternative to Thunderbird given that it seems to have telemetry implemented inside it?

I use Thunderbird heavily and I'm really worried about this problem. Can someone clarify whether if thunderbird is trustworthy?

Below is the post https://support.mozilla.org/en-US/questions/1381543

In case it gets taken down, a user asked this:

I would like to know why, when Thunderbird first starts up or shortly thereafter, it attempts to connect to the following sites:

detectportal.firefox.com

status.geotrust.com

thunderbird-settings.thunderbird.net

It does not need to connect to any of these to send or receive email, so I would like to know why it's attempting to connect to those addresses. Little Snitch is blocking them for now but if one of them is important I can remove that block.

Also, at some point every day, Thunderbird complains that it can't get the latest version, and every day I have to dismiss that popup. I bring this up because it may be related to me blocking the connections but until I know what they are for I'd like to know if it is possible to make Thunderbird stop checking for updates.

They all concern me but the one that really concerns me is thunderbird-settings.thunderbird.net, first because it is listed as a bad address on one of the malware sites, and second because I don't want my settings being sent off my computer. Really the only reason I want Thunderbird to connect to the Internet is to send and receive mail, and maybe to check for updates if it can do ONLY that, and not send any other data from my computer back to the mothership.

And this was the response, from a "Top 10 Contributor"/"Moderator" (emphasis added):

Firefox.com is owned by Mozilla corporation.

Thunderbird.net is owned by the Thunderbird project / Mzla technologies

GeoTrust is an Audited encryption certificate purveyor with a huge web presence that is a subsidiary of DigiCert, a larger certificate and PKI company.

If you have software identifying either an malware sites or some other imagined bad sites then I suggest you get rid of it. This is course unless you suspect Thunderbird or Mozilla of nefarious intentions in which case you probably want to remove their products and use another mail client and browser.

Why does Thunderbird try and connect to the web? Because significant part off it are web pages. That is why there are so many external preferences loaded in the defaults.

Another response on this site states https://support.mozilla.org/en-US/questions/1251590 detectportal.firefox.com is used to detect captive portals on public wifi networks to be able to redirect you to their logon screen, so you don't just get page loading errors in firefox (set network.captive-portal-service.enabled to false in about:config in order to disable that feature). Thunderbird ises the Fireofx code base and will be doing the same of web pages.

I would guess without trying that status.geostruct.com is an attempt to verify the legitimacy of a geotrust SSL/TLS certificate issued by probably your mail server as Thunderbird.net uses lets encrypt and Firefox uses Amazon. I assume your connections are encrypted. Probably prompted by the setting Query OSCP responder servers to confirm the current validity of certificates.

I clicked the link you posted to thunderbird-settings.thunderbird.net which gave me a link to https://docs.kinto-storage.org/en/stable/overview.html where I read

At Mozilla, Kinto is used in Firefox for global synchronization of frequently changed settings like blocklists, experimentation, A/B testing, list of search engines, or delivering extra assets like fonts or hyphenation dictionaries.

Given Thunderbird is built on the Mozilla platform, I think we have an answer.

All I can say is in this day and age, software calls home extensively to report telemetry, load web pages and download settings appropriate for certain actions like configuring an account. TRying to prevent that is really limiting the software ability to function as a fairly basic level.

You have listed three of perhaps twice that number of sites Thunderbird will regularly connect to.

On startup it will load a web page from

https://live.thunderbird.net/

Opening the addon page will load Thunderbird.net pages as will viewing the release notes, or any of the entries on the help menu except about. Some open in a browser window, others open internally to Thunderbird. I have no idea what exact connections are made and I am not aware of any list or page that monitors them.

Checking for updates is not optional, The team do not want folk using old versions of the software as it exposes them to increased security risks as each version contains security enhancements. Updates can be managed in corporate situation using group policies. Otherwise stand alone users are limited in their options options to automatic install or not.

I won't post the user's reply to that (it is a bit lengthy) but he's not happy with the response. He just wants an email client that will connect to Google' email service using oAuth. As he says, he already has several web browsers and doesn't need another. He just wants his email program to do email and that's all, apparently.

I think maybe the Thunderbird developers have some explaining to do, particularly with regard to why they are forcing telemetry on users and giving them no way to opt out.

I’m curious about how DuckAI is able to stores chat conversations.

How it is able to store my conversation for over a month?

At this point it not about passive collection, corporations are going to extreme ends to get our data.

https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

I am interested in what people are doing to enforce their privacy while using the web.

I have some things in place, looking to compare with the community.

(btw, I am new here, this is my first post. So uh… Hi )

GrapheneOS vs LineageOS vs iodéOS

According to Comparison of Android-based Operating Systems, GrapheneOS seems to be better than LineageOS and iodéOS in every aspect.

I'm wondering if there is any downside of GrapheneOS. What am I giving up for using GrapheneOS instead of LineageOS and iodéOS (besides GrapheneOS only support pixel)?

In terms of privacy, security, customizability and functionality, which OS would you recommend and on what device would you recommend using it?

Answered questions

• Does LineageOS supports muti profile like GrapheneOS (I thought all AOSP supports multiprofile feature)
  • yes https://lineageos.org/Introducing-the-LineageSDK/
• Does LineageOS supports full device encryption using some open source app? (like veracrypt)
  • @https://lemmy.world/u/who@feddit.org Yes, full-device encryption is built in to Android these days.
• Can LineageOS supports Sandboxed Google Play with some tweaks?
  • no

Some questions

• If there is backdoor planted in pixel (which in my opinion is very likely), then I guess the “risk of an adversary gaining physical access to the phone” is quite equal for both of OS?
  • https://lemmy.world/u/upstroke4448@lemmy.dbzer0.com - It is highly unlikely there is a backdoor in the Pixel. It’s just not worth the risk for Google. Not only are the phones highly scrutinized by experts but Google has a million other legal ways to get info off your phone for 99% of users who use the stock OS.
• @benjaminoakes https://lemmy.world/u/benjaminoakes (how do I @ another user in lemmy???) and I qoute "Graphene is likely to run into issues soon. They were relying on the AOSP source tree including Pixel-specific files. Google isn’t releasing those anymore, so GrapheneOS would have to reverse engineer or extract the needed files somehow."
  • should I be concerned about this issue? Will it affect my experience in the next 5 years ? (I usually update my device in 5 year cycle)

thanks a million

Why do we need to sign in zotero account to use WebDAV

Zotero 7 Lost WebDAV - Zotero Forums

Is zotero trustworthy given that it forces people to create a zotero account and possible forces people to sync their data to their server?

Recently, I can't access any GitHub repositories without having to sign in. This is becoming frustrating.

I'm looking for an alternative to switch to that has good git push/pull speeds (I've visited one which speeds are slow for me).

Any good options? Would one of the following be good?

• Codeberg
• Gitlab

been tracking the ORBs along with TrashFuture. not good.

cross-posted from: https://lemm.ee/post/67352766

Looking for Privacy-Oriented Open-Source Android Browsers

I'm looking for a privacy-focused, open-source Android browser. Here are some options I've found:

• IronFox
  • recommended by LibreWolf
• Fennec
  • no repo
• Waterfox
• Vanadium
  • only available on GrapheneOS
  • better security
• iceraven
  • most stars
  • https://lemmy.world/u/Thetimefarm@lemm.ee - As far as I know ironfox supports any extensions normal firefox mobile does, but neither give you access to the full full extensions store. Iceraven is the only mobile browser I know of that lets you use all the extensions that you can on desktop firefox.
• bromite
  • no longer maintained
  • Bromite has a fingerprint randomization and Vanadium doesn't. But Vanadium has better security if you use Graphene. So yeah, for privacy Bromite might be better
• cromite
  • Bromite fork
• brave
  • controversial
• duckduckgo

Is there any other browser out there that fits this criteria? Is there an even better choice? I’m particularly interested in ones that focus on privacy.

EDIT: in terms of popularity, privacy and functionality I guess the best choices are iceraven (based on firefox) as it has most stars on github and cromite (based on chromium) as brave is controversial

Solved Questions

I know that Brave is a bit controversial, but If Brave does something behind our backs wouldn’t we be able to know it since all the source code is out there? If it has some features we don’t like can’t we simply modify the source code?

@slackness

re: open source In theory: yes. In practice: maybe. It’ll probably eventually be caught by some researcher but unlike popular belief all open source code bases are not constantly being audited by the community. A random person can’t just read Brave source code for all platforms and accurately gauge if they’re doing something nefarious. It is very easy to hide stuff in code or misuse a protocol for evil purposes, etc.

You can modify the source code but as evident by the fact that there’s no Brave fork with crypto removed (there was one but their branding was too similar to Brave’s so they got sued), it’s not an easy feat to maintain that.

few questions

• What is the difference between IronFox, Fennec, Waterfox and iceraven?

As far as I know ironfox supports any extensions normal firefox mobile does, but neither give you access to the full full extensions store. Iceraven is the only mobile browser I know of that lets you use all the extensions that you can on desktop firefox.

cross-posted from: https://lemmus.org/post/13908976

By Jen Sorensen.

“To facilitate this vetting, all applicants for F, M and J non-immigrant visas will be asked to adjust the privacy settings on all their social media profiles to ‘public’”, the official said. “The enhanced social media vetting will ensure we are properly screening every single person attempting to visit our country.”

Recently, I came across Preveil, which is a service that can provide end-to-end encryption to either your Outlook, Gmail, or Apple Mail email accounts. It’s free, but if you want more storage, obviously, you will need to pay.

It looks very interesting as this could get others to use end-to-end encryption for the emails without having to move to another provider. However, I haven’t really seen any reviews (besides this one from PC Mag) or others expressing their experience with Preveil, so I am unsure if it’s a good service to use or recommend.

Has anyone used it or is familiar with Preveil? Does anyone know if there are similar services to Preveil, preferably those that are open source?

Is there a privacy-focused accurate handwriting-to-text option for android? Ideally it would run locally on device with no required connection to the internet.

Thanks for any recommendations in advance.

The Minnesota shooter apparently used data broker websites to find the home addresses of the people he shot and murdered.

Congress has had years to do something about data brokers and they've sided with the tech lobby over and over again.

Their inaction is deadly.

By Evan Greer

Cock.li confirmed the validity of the breach based on sample data and column structure, stating that the exposed dataset includes roughly 1,023,800 user records. The compromised fields include email addresses, timestamps of first and last webmail logins, failed login attempt data, language preferences, and serialized Roundcube user settings such as webmail signatures and interface configurations. Additionally, approximately 93,000 contact entries associated with around 10,400 users were leaked, containing names, email addresses, comments, and vCard data.

Not sure why people ever trusted a meme email provider in the first place...

I'm looking to direct people to message me on Signal, Matrix, etc. Any suggestions? Thanks in advance

Hi, I'm looking for a mail client that is well suited for managing multiple identities and can easily handle routing everything over an anonymity network.

I would use Thunderbird, but I think when you take it online, it downloads from all your connected email accounts. I want to "go online" at will toward particular email addresses, in other words I do not want my upstream mail provider to be able to associate my accounts in any way, including access time, assuming there is a large enough other pool of people using the same client/anonymity network.

Are there any that are well made for this purpose? Otherwise I will use the mail frontend over Tor or something, but it would be nice to have a lightweight client-side application too so I can keep my emails downloaded and delete them from the server.

Hello, I just wanted to share my story regarding having a domain with Njalla using ProtonMail/SimpleLogin's services.

TLDR (full story below): You may not be able to send emails from your domain with ProtonMail/SimpleLogin if your domain is registered with Njalla (or any other "privacy-friendly" domain registrar).

Full-story:

I had a domain with Njalla (njal.la) for a couple of years, and at the same time, I was using this domain with ProtonMail (to send emails from my domain) and SimpleLogin (catch-all aliases with my domain). I never had any issues during the last few years until recently:

• A few months ago, beginning of 2025, I suddenly wasn't able to send emails from my domains/aliases: They were rejected ("Undelivered Mail Returned to Sender") because I was listed on Spamhaus (a service which lists domain reputation, check.spamhaus.org). I contacted Proton's support, and they advised me to reach out Spamhaus directly to resolve this issue. I was able to request a delisting of my domain "automatically" (through a form), and a few days later, my domain had been "automatically" delisted and I was thus able to send emails again.
• A month ago, my domain has suddenly been re-listed on spamhaus, again. This time, I wasn't prompted with the automatic delisting form like the first time. I had to contact through a form Spamhaus and I had to write a small text requesting to be delisted and explaining to them how I was not using my domain for spamming/scaming/bulk email sending/etc... This time, spamhaus refused to delist my domain because my domain was considered as an Internet neighbourhood with “poor reputation” that has shared (or inevitably will share) its negative reputation. (...) The domain is not eligible for removal while being associated with this neighbourhood. We recommend moving your domain to a hosting network with good reputation.. I was talking with Njalla's support and ProtonMail's support at the same time, and they basically both told me that there is nothing they could do. I was basically forced to transfer my domain to a new domain hoster provider. And not any other domain hoster, but one with a "good" reputation (when I asked if transfering to 1984 (https://1984.hosting/), a privacy-friendly domain provider, Spamhaus discouraged me to do so.

To sum it up, by having your domain with any privacy-friendly service (like Njalla, 1984, ...), there is a chance that your domain will be listed on Spamhaus, preventing you from using your domain with ProtonMail/SimpleLogin.

I find it ironic from Proton, as they even encourage using Njalla/1984 in one of their blog article: https://proton.me/blog/professional-domain-and-email. At the end, I'm a bit pissed by Spamhaus's behaviour and also ProtonMail for using such services.

Here are screenshots of my discussions with ProtonMail, Njalla and Spamhaus support if anyone is interested enough in reading the whole discussions: https://postimg.cc/gallery/phgVK4M

Just wanted to share my story to help other people know about this issue and the issues they might encounter with ProtonMail based on their DNS provider choice.