Where I disagree with Privacy Guides regardless of being a team member

[Mikaela]

Preface: there is an actual criteria things have to fullfil, search for the software in either issue tracker or your favourite search engine and you will likely agree with why something is listed.

[Mikaela]

Case Matrix: a match that doesn't exist in this world. https://mikaela.info/blog/english/2021/08/03/matrix-perfect-privacy-not.html & privacyguides/privacyguides.org#50

Note: this is somewhat my fault for not having submit a PR still, but I may be a bit overwhelmed or swamped with the different things I need to do, and Privacy Guides is a bit of lower priority hobby than work try-out practice, getting employed in a paid job, hobbies that give more to me (language learning).

[Mikaela]

Case XMPP:

Privacy Guides:

• there is no good client on every platform, there is no E2EE by default everywhere including groups

Me:

• I am very thankful that I don't have to deal with "Elemenent for XMPP", especially dealing with Element iOS on daily basis and how much it differs from Element Web (and then there is Element Android), practically I prefer three apps with different names to three apps with the same name (and nothing else in common other than maybe the dev).
• I have a lot of cases where I don't want to have E2EE or technical restrictions prevent me from doing that or I even tranport to protocols not doing E2EE.
• Matrix is also metadata heavy (and issues in previous post) and conditional on encryption by default (target needs to have it enabled also)
  • additionally by seizing a single server you get a lot wider view into the unencrypted parts (drawback of rooms on every server)
• then again I also blog: Modern IRC, a lightweight option still worth considering for your team chat #243

TL;DR for private messaging, I wouldn't close XMPP out entirely and would mention it as worth mentioning (which Privacy Guides again is phasing out)

[Mikaela]

Case encrypted DNS. At the time of writing the section is yet to be removed, but I have mindset that it will be removed soon.

Privacy Guides: encrypted DNS will not hide what sites you are accessing it is additional place to trust in addition to your VPN (or ISP).

Me:

Privacy Guides begins from the assumption that the ISP cannot be trusted, which may be the case in places with weaker legislations. It's also assumed that the reader cannot configure their system to only use encrypted DNS when there is no VPN or to use encrypted DNS that is provided by the VPN provider. Privacy Guides also assumes that everyone needs and wants a VPN. Privacy Guides appears to go Privacy first and forget Security.

I don't think everyone needs a VPN and it's enough to encrypt everything including HTTP(S) and DNS.

A lot of devices nowadays allow configuring encrypted DNS, but not plaintext DNS for all networks, for example Android and iOS. There are also a lot of routers around that don't allow configuring what DNS server to send over DHCP. Additionally the routers may never get security updates or the user may not install them.

Encrypted DNS will prevent the router or malicious hotspot from hijacking DNS queries and encrypted DNS is made less obstructive than a VPN from point of view of end-user. There are no prompts to disable encrypted DNS unlike with VPN ("always-connected VPN is unreachable").

This may also be a factor for people responsible of family tech support (speaking of which, VPNs, especially reputable ones that don't pay themselves to every VPN list, are expensive, especially if you are getting one for every family member, encrypted DNS generally doesn't cost).

I also keep saying that security is done in layers and encrypted DNS can be one of them. Configure family and similar to use Quad9 and they will benefit from malicious domain filtering.

So encrypted DNS will not hide what domains you are visiting from your ISP/VPN (which becomes your ISP from the moment you connect to it until you disconnect the VPN). Do you or your family need to hide the fact that you are visiting domain facebook.com or twitter.com or similar that "everyone" uses? Are you doing something that needs to be hidden from your ISP (but not a VPN provider that may be selling the information unlike a proper European ISP)? If so, I think Privacy Guides agrees that you should be using Tor (which is at https://torproject.org/ direction. PS. don't enable DoH within Tor Browser or similar, that is a different subject).

[Mikaela]

Encrypted DNS - https://github.com/privacyguides/privacyguides.org/discussions/197 mentions TXT records and brings in ad blocking which may also be good to mention.

[Mikaela]

Encrypted DNS - Privacy Guides is concerned about IP based tracking. I am concerned about the internet centralizing to VPN provider network (in addition to internet giants).

Note: I am also using a VPN, but only on desktop computers with which I have reason to believe would kill my router otherwise. For example IPFS.

[Mikaela]

Minor disagreements that don't deserve so many words? I am not sure if there are any, there is SailfishOS, but to my knowledge it has buggy IPv6 privacy extensions and thus I cannot recommend it in context of privacy. PrivacyTools used to say it was too close to Russia before I joined and I never brought it up again.

[Mikaela]

Case PrivacyGuides conflict handling: I have previously left them with StartPage and the Conflict of Interest case where nothing was made until it became public.

Now there is PrivacyGuides abandoning the requirement of everything being reviewed by two team members, not a personal opinion site. privacyguides/privacyguides.org#358 privacyguides/privacyguides.org#356 & privacyguides/privacyguides.org#274.

There is an acknowledgement that a mistake has been done, but there appears to be no interest in taking a step back to analyze whether software was supposed to be listed or relisted.