Honeypots
from QuestionMark@lemmy.ml to privacy@lemmy.ml on 05 Sep 05:43
https://lemmy.ml/post/35700742
from QuestionMark@lemmy.ml to privacy@lemmy.ml on 05 Sep 05:43
https://lemmy.ml/post/35700742
Are there any services which you believe are honeypots?
threaded - newest
Scams? Yeah, almost all of them.
Honeypots? No, always too blatant.
This privacy-centric US phone carrier may or may not be a honeypot, but seems too good to be true. www.cape.co
All the others are worse.
If they are all honeypots, does calling them honeypots still mean anything?
To be fair, it is $100/mo, so there is a premium for their privacy benefits.
The ice watch apps
Especially those developed/maintained within US jurisdiction
There was speculation that the NSA is deeply involved in Cloudflare, which wouldn’t be a surprise at all.
In fact all US services are probably infiltrated one way or another.
Even if Cloudflare wasn’t a honeypot I would put in as many agents as possible as a three letter agency.
Yeah exactly. How can Cloudflare stay in business with such a huge free service? That’s why.
That’s not a honeypot. What does anyone think is private about Cloudflare?
If you use their DNS they see every domain you visit.
Internet providers see internet traffic. Are they all honeypots too?
That’s why you should use a VPN or anonymizing traffic mixers.
Encrypt your DNS. Use only DNSEC servers. TLS 1.3, Secure SNI. Use a VPN with double hop proxy.
The issue is not all servers support TLS 1.3 and Secure SNI, so you are at the mercy of that particular server. Truth be known, there is probably zero ways to be totally secure, private, and anonymous, but that shouldn’t deter you from locking down what you can. However, if your threat model is hiding from a government, then unplugging is probably your best bet.
People I talk to about security, anonymity, and privacy always ask me ‘Are you hiding from the government?’ which is rather hilarious to me. I send them tax forms every year. I vote once every four years and in local elections. We are in touch. If I were a person of interest, they’d come visit. However, there is absolutely no requirement to over share…with anyone.
www.cloudflare.com/ssl/encrypted-sni
Please beware that DNS over TLS is transport protection; the dns server itself of course still sees and knows everything.
I use my own DNS.
That’s great.
ANOM wasn’t until it was, and then it shut down. I recommend the Darknet Diaries episode to hear the story.
Anom failed to include a libre software license text file. We never controlled it. That’s not a honeypot. It’s a scam.
Stingray phone trackers and similar IMSI catchers are a kind of honeypot.
Those are in DC during protests all the time
startupdefense.io/…/honeypots-a-comprehensive-gui…
Anything by Meta (Facebook, Instagram, WhatsApp). Facebook literally got people killed by volunteering their location data to a tyrannical government in a third world country. Don’t think they won’t do that to Americans.
Android (the mobile OS) kind of is. The only reason Google bought the hobby project to put Linux on smartphones was because they could collect more data with it than they could with Gmail. You can get a Pixel device and install GrapheneOS on it, but not even 1% of Android users are turning off telemetry (which only anonymises it), let alone installing custom firmware that doesn’t have it. I’m not saying iOS isn’t — because it’s not open source, we don’t know — but I am saying Android definitely is. And I don’t just mean Pixels — to use the Android brand, Google requires certain things of OEMs like Samsung, from having Gmail and/or Chrome on the main home screen, to having Google Play Services, which does the data collecting, installed. (I’m pretty sure the Play Store actually requires it. Forks that don’t use the Android branding, like Amazon’s Fire OS, don’t have this restriction, but Amazon probably has plenty of other crap in theirs.)
Now, I never said Android was a honeypot, and it may not be. But Google was just sued for antitrust, and they made a deal to keep Chrome and Android under their banner. We don’t know what the terms of that deal are. I would consider both of them to be compromised by bad actors (potentially they always were since Google was selling the data). Don’t think so much about who you call (though that can be valuable) but like, your Maps data, anything you put in Health (like if you’re female, like if you miss two or more periods but not eight or nine and then start back up again, I’m sure the GOP would love to know that — for the dense fellas, it could mean she got pregnant and then terminated it, or the pregnancy failed somehow). Tim Cook’s advice of “get your mom an iPhone” doesn’t sound so far fetched now. Your sister, too. Heck, specifically regarding Health, Samsung put out an update last year, maybe the year before — that is, before the current administration — saying if you keep using Health, they can sell your information to whoever they want. Either agree and keep using it, or disagree and they delete your data. At this point, no stock Android phone can be trusted to keep your information private. It’s different if you use GrapheneOS, but that requires buying a Pixel, putting money in Google’s pocket. The Pixel 10 is what, about as powerful as an iPhone 11? A 12 maybe? And it costs the same as an iPhone 16. You decide. Personally I don’t think it looks like a very good deal.
We know WhatsApp and others fail to include a libre software license text file. We do not control them. They are not honeypots. They are scams!
Signal? I don’t trust anything that’s not part of the fediverse.
It’s not social media. Why choose the worse way to decentralise it?
So you’ve built a fediverse operating system?
Also the fediverse by definition isnt private. What are you talking about.
Tor
why?
Seems weird to be heavily funded by the US gov, we are unaware of how many nodes are run by governments, and germany themselves have done traffic correlation attacks to de-anonymize users.
yeah but what is the solution?
oracle
proton
ProtonMail, or the Steam game compatibility layer?
proton mail
I’m open to listen for a rationale.
Oh wait, proton turned over email metadata when subpoenaed:
techspot.com/…/102981-proton-mail-provided-user-d…
Express VPN, CyberGhost, etc… Run by genocidal zios. Completely untrustable.
newstarget.com/2025-04-07-how-israeli-military-co…
You may not like this: fediverse. Yes the site you’re on right now.
Completely public forum scrapeable by api that exposes non-scrapeable, private information to the administrators of federated servers of which there are thousands.
Even if you reject the idea that one of the thousands of “single user” servers is actually just quietly recording everything as a matter of mission, do you reject the idea that one of them hasnt been compromised? That an admin on one of the bigger ones hasn’t?
Treat this site and any others that aren’t completely behind auth as social media.
fedi is the public commons, treat it as such.
ISP don't even pretend not to sell your shit anymore...
that's really the only real benefit to using VPN, deny that parasite profit while shifting trust to another corpo. at least VPNs pretend to not sell your data. i mean some do it anyway
Wouldnt a vpn server be an ideal target for the NSA?
I am talking about ISP selling your traffic for marketing data.
You are talking about state actor hunting you down.
Different threat model.
You are not hiding from NSA within US or other westoid regimes.
They have legal right to do whatever they want. An individual has no chance
If you use your own DNS and also DNS over HTTPS I think they won’t be able to sell that data anyway.
They still classify traffic at the very least. Watching NetFlix, playing games, browsing web etc.
With VPN they have to us e a lot of compute to figure out what is going in the tunnel.
Plus, they can't figure out that you are downloading Linux iSO 🐸
Closed source apps
Basically everything from Meta.
Discord is 100% I’m only unsure if it’s NSA or CCP
If it’s financed by In-Q-Tel, then it is a honeypot.
There’s been a few stories outing the feds as running most illegal porn sites on the dark net.
Age Verification.