FF + Arkenfox + Noscript + uBlockOrigin (+ invidious for as long as it’s able to exist)
Legit never seen a youtube advert in my life. Even seeing 1st-party static image ads anywhere is extremely rare.
Run *BSD or Systemd-free Linux. Only use FOSS. Distrust javashit, refuse webassembly. Build your own routers. KISS. Learn to protect your privacy and security; the tools are there. No one else will do it for you.
There are a lot of ways, actually, as long as you have at least a couple nics. I always recommend openbsd since it’s very hardened for this purpose. opnsense is a free open-source distro built on openbsd, and can do virtually everything that enterprise gear can do and isn’t hard to learn or manage. Openwrt is also pretty decent and can replace firmware for some existing off-the-shelf routers, which are all backdoored anyway.
Yep. You can use that software on just about anything with a couple nics. It serves the same purpose as an off-the-shelf router (nearly all of which run some tivo-ized, nsa-backdoored linux firmware blob) but you’ll have total control over the device.
A router running OPNsense? Sure. You can put a firewall inside any kind of network. I don’t know what kind of hardware you have access to, but If you have something specific in mind, I can probably tell you if its fit for purpose
Yeah. The main thing to keep in mind if you go this route and build your own is you’ll want atleast 2 Ethernet ports. 1 for your hand off with your ISP and 1 for a hand off to your access point or Ethernet switch.
So I’ve been looking at invidious, and like lemmy (until Apollo shut down) I was intimidated by the sheer number of instances and not really knowing what’s the difference
They’re all instances of running the same software, with a few tweaks here and there. Google has been trying to stomp out Invidious recently because google hates human rights and all that, so it’s an arms race to keep the instances running while google blocks domains, ip addresses/blocks, vps hosts, and apis. Everyone running the instances are trying to keep invidious up and some are having more success than others.
libredirect is a browser plugin that can set a customizable list of working/preferred invidious instances. If one doesn’t work, you can click a link on the video page to switch instances. I have pretty good luck with yewtu.be , inv.tux.pizza , inv.nadeko.net and invidious.drgns.space
If you host your own invidious instance on a network with a non-static IP then a ban will only ever be temporary. It happened to my private instance many times. I found that setting the channel refresh interval in the config to 2 hours makes it less likely (or basically 0% if you’re the only user) for them to block your IP.
How easy has it been to find (presumably?) vps hosting able or willing to accommodate the IP bans from google? I feel like at some point google is going to go hard against the hosting on these ip-rotated instances.
My instance is running on a Server in my homelab. The dynamic IP is just how my ISP works. I’ve been running this instance since late 2019. So far Google has only ever blocked my IP whenever I hit their Servers with too many API calls too quickly. Last time they blocked me though was probably 1/2 - 2 years ago. The current version of Invidious does try to minimize API calls which helps a lot. Honestly Google changing API calls/value names and patching the source code is more annoying to deal with than IP bans.
The only way I can see them permanently blocking instances with non-static IPs is if they go down the Twitter route where you can’t even view anything unless you’re logged in.
Is it a public instance or just for you and your fam/comrades? But yeah, mandating a login requirement is what I’ve been afraid of. I would just stop using yt altogether if it came down to that.
Systemd is the most egregious pile of shit poetteringware in linux, hands down. It’s a gigantic, slow, bloated mess that runs as pid0 and keeps getting bigger as it consumes all other unix services. It violates every single unix and kiss principal. The attack surface is massive and, becuase it’s pid0, has the highest level of privilege escalation attacks. The recent xz backdoor (absolutely state-sponsored btw) was made possible because of the integration of sshd (and xz) into systemd. It’s been a cve nightmare forced onto us by redhat/ibm despite our protests. It may as well have been written by the cia. Systemd alternatives like runit are superior in every respect, particularly speed and security, while adhering to unix and kiss philosophy.
Not all js is malicious, but it’s objectively the most vulnerable and commonly expolited component by malicious actors in browsers (webassembly will be worse). It’s also an objectively terrible and idiosyncratic language on its own. Good css can eliminate a lot of the most worthless uses of js, but in many cases it’s still a necessary evil in frontend and web design. The best compromise we have is to only use trustworthy, foss 1st-party code and restrict 2nd/3rd party code. It’s also always a good idea to run your browser in a sandbox (bsdjail, bwrap, firejail) with no access to user files or dbus.
Well that’s your choice, but it’s a lot more rational to limit filesystem access by the browser, but allow a user unlimited access to the files downloaded by the browser (very easy to set that up asymmetrically with a symlink). Or at least restrict which directories a browser can or cannot access.
Comrade this is all too much for even me, though I consider myself fairly tech Savvy, do I need to do all that ? They can have my data and put me on a list of that’s the case
Security and privacy are things accomplished in layers. You can implement any or all of these as you’re able to learn what they are and how they work.
At the very least a few browser tweaks and addons can prevent a lot malicious scripts and fingerprinting and are the absolute most simple, surface level things you can do. Just FF + ublockorigin will block most ads and surveillance capitalism tracking networks. noscript gives you granular control over what you do and do not want to run, and it’s a good learning experience for most users. Want ads gone, poof, there ya go.
Arkenfox is just a policy confg file (user.js) for firefox, which further helps block tracking, fingerprinting and the most awful annoyances and grievances sold as “convenience” in modern browsers. It’s well documented, easy to read and lets you configure things to your preference. The LibreWolf browser is firefox with a preconfigured arkenfox user.js for users who aren’t tech savvy or don’t like configuring things in text files. Highly recommended over FF + arkenfox if you’re getting started.
invidious is a privacy frontend for youtube that runs on instances (servers) that anonymizes users and cleans up youtube’s awful ui. Lemmygrad provides automatic invidious links when a user links to a yt video.
Running your own router firmware means owning your secure device and having meaningful control over it. Otherwise someone else has more access to your network than you do.
Finally, none of the security or privacy stuff means anything if you’re running an nsa compromised operating system, which is exactly that way by design. Opting out is free and returns speed, freedom and ownership to property held hostage by the worst excesses of capitalism and techno-fascism. This may tilt some “GaMeRs” … but people who won’t even liberate a personal computer from fascism at absolutely no risk, won’t liberate much else, either.
Just FF + ublockorigin will block most ads and surveillance capitalism tracking networks. noscript gives you granular control over what you do and do not want to run, and it’s a good learning experience for most users. Want ads gone, poof, there ya go.
I already do this much and will try to implement the other stuff, might switch to dual booting Linux and windows cause I absolutely need windows right now for some stuff.
FF + Arkenfox + Noscript + uBlockOrigin (+ invidious for as long as it’s able to exist)
Legit never seen a youtube advert in my life. Even seeing 1st-party static image ads anywhere is extremely rare.
Run *BSD or Systemd-free Linux. Only use FOSS. Distrust javashit, refuse webassembly. Build your own routers. KISS. Learn to protect your privacy and security; the tools are there. No one else will do it for you.
??
There are a lot of ways, actually, as long as you have at least a couple nics. I always recommend openbsd since it’s very hardened for this purpose. opnsense is a free open-source distro built on openbsd, and can do virtually everything that enterprise gear can do and isn’t hard to learn or manage. Openwrt is also pretty decent and can replace firmware for some existing off-the-shelf routers, which are all backdoored anyway.
So can I connect to the internet with it?
Yep. You can use that software on just about anything with a couple nics. It serves the same purpose as an off-the-shelf router (nearly all of which run some tivo-ized, nsa-backdoored linux firmware blob) but you’ll have total control over the device.
Can I set one up in the Philippines?
A router running OPNsense? Sure. You can put a firewall inside any kind of network. I don’t know what kind of hardware you have access to, but If you have something specific in mind, I can probably tell you if its fit for purpose
Can it block specific websites? I don’t want Tiktok and YT shorts.
Yeah. The main thing to keep in mind if you go this route and build your own is you’ll want atleast 2 Ethernet ports. 1 for your hand off with your ISP and 1 for a hand off to your access point or Ethernet switch.
You can block ips with firewall rules and domains using unbound dns
So I’ve been looking at invidious, and like lemmy (until Apollo shut down) I was intimidated by the sheer number of instances and not really knowing what’s the difference
Any quick advice
They’re all instances of running the same software, with a few tweaks here and there. Google has been trying to stomp out Invidious recently because google hates human rights and all that, so it’s an arms race to keep the instances running while google blocks domains, ip addresses/blocks, vps hosts, and apis. Everyone running the instances are trying to keep invidious up and some are having more success than others.
libredirect is a browser plugin that can set a customizable list of working/preferred invidious instances. If one doesn’t work, you can click a link on the video page to switch instances. I have pretty good luck with yewtu.be , inv.tux.pizza , inv.nadeko.net and invidious.drgns.space
Thanks for the crash course :D
If you host your own invidious instance on a network with a non-static IP then a ban will only ever be temporary. It happened to my private instance many times. I found that setting the channel refresh interval in the config to 2 hours makes it less likely (or basically 0% if you’re the only user) for them to block your IP.
How easy has it been to find (presumably?) vps hosting able or willing to accommodate the IP bans from google? I feel like at some point google is going to go hard against the hosting on these ip-rotated instances.
My instance is running on a Server in my homelab. The dynamic IP is just how my ISP works. I’ve been running this instance since late 2019. So far Google has only ever blocked my IP whenever I hit their Servers with too many API calls too quickly. Last time they blocked me though was probably 1/2 - 2 years ago. The current version of Invidious does try to minimize API calls which helps a lot. Honestly Google changing API calls/value names and patching the source code is more annoying to deal with than IP bans.
The only way I can see them permanently blocking instances with non-static IPs is if they go down the Twitter route where you can’t even view anything unless you’re logged in.
Is it a public instance or just for you and your fam/comrades? But yeah, mandating a login requirement is what I’ve been afraid of. I would just stop using yt altogether if it came down to that.
It’s a private instance. Maybe I’ll open it up, not sure.
Same. Once they go that far I’ll just
# zfs destroyInvidious and move on to PeerTube. I hope more people will move as well when that happens.What’s wrong with systemd?
I like JS and wish that lynx browser would add support for it
Systemd is the most egregious pile of shit poetteringware in linux, hands down. It’s a gigantic, slow, bloated mess that runs as pid0 and keeps getting bigger as it consumes all other unix services. It violates every single unix and kiss principal. The attack surface is massive and, becuase it’s pid0, has the highest level of privilege escalation attacks. The recent xz backdoor (absolutely state-sponsored btw) was made possible because of the integration of sshd (and xz) into systemd. It’s been a cve nightmare forced onto us by redhat/ibm despite our protests. It may as well have been written by the cia. Systemd alternatives like runit are superior in every respect, particularly speed and security, while adhering to unix and kiss philosophy.
Not all js is malicious, but it’s objectively the most vulnerable and commonly expolited component by malicious actors in browsers (webassembly will be worse). It’s also an objectively terrible and idiosyncratic language on its own. Good css can eliminate a lot of the most worthless uses of js, but in many cases it’s still a necessary evil in frontend and web design. The best compromise we have is to only use trustworthy, foss 1st-party code and restrict 2nd/3rd party code. It’s also always a good idea to run your browser in a sandbox (bsdjail, bwrap, firejail) with no access to user files or dbus.
i actually like having a unified FOSS ecosystem.
At the cost of security, speed and efficiency?
Unified ecosystem actually increases speed and efficiency, and a unified ecosystem does not have to come at the expense of security.
That’s not even coherent. You know a lot less than you think you do.
?
also, i want my browser to have write access to my user files (ESPECIALLY on mobile)
Well that’s your choice, but it’s a lot more rational to limit filesystem access by the browser, but allow a user unlimited access to the files downloaded by the browser (very easy to set that up asymmetrically with a symlink). Or at least restrict which directories a browser can or cannot access.
Comrade this is all too much for even me, though I consider myself fairly tech Savvy, do I need to do all that ? They can have my data and put me on a list of that’s the case
Security and privacy are things accomplished in layers. You can implement any or all of these as you’re able to learn what they are and how they work.
At the very least a few browser tweaks and addons can prevent a lot malicious scripts and fingerprinting and are the absolute most simple, surface level things you can do. Just FF + ublockorigin will block most ads and surveillance capitalism tracking networks. noscript gives you granular control over what you do and do not want to run, and it’s a good learning experience for most users. Want ads gone, poof, there ya go.
Arkenfox is just a policy confg file (user.js) for firefox, which further helps block tracking, fingerprinting and the most awful annoyances and grievances sold as “convenience” in modern browsers. It’s well documented, easy to read and lets you configure things to your preference. The LibreWolf browser is firefox with a preconfigured arkenfox user.js for users who aren’t tech savvy or don’t like configuring things in text files. Highly recommended over FF + arkenfox if you’re getting started.
invidious is a privacy frontend for youtube that runs on instances (servers) that anonymizes users and cleans up youtube’s awful ui. Lemmygrad provides automatic invidious links when a user links to a yt video.
Running your own router firmware means owning your secure device and having meaningful control over it. Otherwise someone else has more access to your network than you do.
Finally, none of the security or privacy stuff means anything if you’re running an nsa compromised operating system, which is exactly that way by design. Opting out is free and returns speed, freedom and ownership to property held hostage by the worst excesses of capitalism and techno-fascism. This may tilt some “GaMeRs” … but people who won’t even liberate a personal computer from fascism at absolutely no risk, won’t liberate much else, either.
I already do this much and will try to implement the other stuff, might switch to dual booting Linux and windows cause I absolutely need windows right now for some stuff.