According to the Google Play Store, there are 467 reviews (4.8 stars) but “0+” downloads. Like everything else about the White House, it doesn’t add up.

And maybe most people know to keep it off their phones.

This is definitely the best protection. If the provider drops you, you move your domain to another provider. But, as far as I know, while almost all email providers will host your personal domain, none that I know of will do it on the free plans. But your email is your identity. You should be willing to pay for it, especially if you host it on a provider that otherwise won’t make any money on you.

There are a couple of downsides. If you forget, or are unable, to renew your domain, you lose it and your emails. Make sure another family member or friend can pay the renewal for you if, for some reason, you cannot.

While your own domain makes it far less likely that your email will be canceled (because you can move it), abuse of your domain can result in your losing your domain name and your email, especially before it has earned a reputation.

Which brings up another IMPORTANT point. If you use your own domain name, then you must set up your DNS records to protect your domain from spoofers and spammers so it doesn’t get blacklisted or, worse, doesn’t cause cancellation of your domain name. Scammers and spammers WILL try to send email using your domain name. You need to tell email clients to toss these rogue emails and give them the means to determine spoofing and unauthorized use. Read this: https://www.valimail.com/blog/dmarc-dkim-spf-explained/

Also, be aware that SpamAssassin considers .com, .net, and .org TLDs to be far safer than .world, .online, .blog, and most others. Using one of these newer TLDs results in a higher spam score, and your email is more likely to end up in the spam folder if it reaches the magic score of 5. A new age TLD can add as much as 1 point to the spam calculation depending on the email provider receiving your email.

So your own domain name is safer but costs money and requires more work.

I deleted what I wrote before. If it federated, ignore it.

Your browser is trying to find startpage.com on your local machine instead of the Internet.

While on the VPN, open a command window and ping startpage.com. Does it return localhost or the real IP address? If it returns the real IP address, then the problem is related to the browser. Try another browser to see if it’s Vivaldi-related.

If it returns localhost then maybe it’s a setting in protonVPN?

This is strange. Just try to find clues.

deleted by creator

Proton Mail, Tuta mail, runbox.com, to name three.

Yes, well stated. This is why I usually skip reading people’s comments. The vast majority see everything through their own agendas and just echo words they hear.

It’s worse than you think. An IMSI catcher is not even needed to find out what phones are in an area:

Section 3.4.1: Presence Testing in LTE
https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks

Passive Presence Testing

The simplest way to do presence testing in LTE doesn’t actually require someone to have what we usually consider a CSS (e.g. a device that pretends to be a legitimate cell tower). Instead, all that’s required is simple radio equipment to scan the LTE frequencies, e.g. an antenna, an SDR (Software Defined Radio), and a laptop. Passive presence testing gets its name because the attacker doesn’t actually need to do anything other than scan for readily available signals (Shaik et al, 2017).

RRC paging messages are usually addressed to a TMSI, but sometimes IMSI and IMEI are also used. By monitoring these unencrypted paging channels, anyone can record the IMSIs and TMSIs the network believes is in a given area . In the next section, we’ll see how an attacker can correlate a TMSI to a specific target phone, as right now collecting TMSIs simply means recording pseudonyms.

There are descriptions in the article of other ways to find phones without using an IMSI Catcher or fake tower.

My Mastodon instance is on the list. I try hard to block them.

The problem with the list is that it’s a target list, but not a list showing how much content, if any, they manage to process from any of the sites.

This tells me that you’d be in a lot of trouble if you lost your phone or had to wipe it because someone got into it. It’s probably good then that you’re now thinking about this so you can prepare for a time when you won’t have your phone for other reasons.

All sites supporting 2FA usually allow you to use a second method. Email is usually an alternative. Assuming that your email is your universal second OTP method, you just need to make sure you will always have access to your email account and you’ll be fine. So just solve for the OTP problem for your email account.

Pre-buy your burner phone and make it a second OTP device for your email account. For more assurance, buy a couple of physical keys (like Yubikey) that can be used with your email account. These can also be set up for some of your other accounts that support it, which may be more convenient than email when accessing them.

This better be an April Fools joke

Well said

I see no legitimate reason for not using a User Agent string, like all the other crawlers use, other than the desire to hide the crawler and make it difficult to block.

I don’t accept his explanation. I see it as gaslighting.

Yes, it’s worth it. I own mine for just the reason you give. You can take it to any other provider. And there’s no danger of the email provider deciding to close your account or cutting you off unexpectedly. Imagine losing your email access. At least with your own domain, you can switch it that same day to someone else.

Unsure about whois lookup privacy. My registrar hides my details as an option. Anyone looking up the domain just sees them as the contact for the domain.

You can go to https://hear-me.social and click on the register button. This puts up a Cloudflare managed challenge screen which endlessly loops when using Pale Moon. It would be interesting to see if Waterfox has the same issue.

I just duplicated this. I downloaded Pale Moon and went to https://hear-me.social and clicked on “Register”. It puts up a Cloudflare “managed challenge” which loops endlessly when using Pale Moon, but not the other browsers I’ve tried it with, including Zen, another Firefox fork.

It’s a problem, for sure.

Have you tried asking in helpers@forum.friendi.ca, the Friendica support group?

In smaller instances, you can easily reach the Admin and are much more likely to get a response. Also, the moderation is likely done completely by the Admin and not by a less-invested person who might be enjoying the power and control of being a moderator.

From my experience, about 80% of opened reports are self-resolvable and don’t need Admins or moderators and is just someone seeing the world through a biased lens, so everything they don’t believe becomes misinformation, and they start opening reports for vengeance. When many of these keep coming, it wears Admins and moderators down, and they are more likely to just ban than respond. This fatigue is not something a small instance Admin experiences. They give more thought to the situation.

I was banned on mastodon . social because someone who disagreed with me perfectly crafted a complaint (they apparently had a lot of experience doing this) that took what I wrote out of context to seem like I was saying something else, and .social banned me instantly and denied the appeal. The claim was total fiction. They didn’t care. They had a stack of reports to get through. I had no hope of reaching an Admin.

I never used a large instance again.

Just something, maybe, to think about.