Any business that isn’t willing to be as anonymous as Mullvad, I assume has a compromised business model that I don’t really like. Assuming there aren’t obvious reasons for needing the data, like tax filing, or various regulatory requirements.

I don’t understand why any company would want the liability of holding on to any personal data if it wasn’t vital to the operations of the business, considering all the data breaches we’ve seen over the past decade or so. It also means they can avoid all the lawyers writing complicated and confusing privacy policies, or cookie approval pop-ups.

What scares me is that the more privacy oriented you are, the easier you are to fingerprint. At what point does privacy mean blending in with the crowd and not sticking out?

Maybe ironically - just going on the title because I can't read the rest as a result - it's behind a cloudflare gate.

I would much rather have privacy with e2e encryption than have anonymity. The way that works is a direct connection between two parties without use of a central server, like webRTC.

Sadly, everybody using a browser from a massive ad company and an idp (not to mention a company with an interest in crawling the entire web for AI at the same time site owners are dealing with better scrapers) means the entire web will be login-only over time.

This was authored using an LLM, wasn't it. The style is unmistakable. Stop wasting our time with this slop.

tl;dr “Privacy” = the data is private i.e. only on your devices. Or if the raw data is public but encrypted and the key is private, I think that qualifies.

“Anonymity” = the data is public but not linked to its owner’s identity.

If you’re sharing your data with a website (e.g. storing it unencrypted), but they promise not to leak it, the data is only “private” between you and them…which doesn’t mean much, because they may not (and sometimes cannot) keep that promise. But if the website doesn’t attribute the data except to a randomly-generated identifier (or e.g. RSA public key), the data is anonymous. That’s the article.

Although a server does provide real privacy if it stores user data encrypted and doesn’t store the key, and you can verify this if you have the client’s unobfuscated source.

Also note that anonymity is less secure than privacy because the information provides clues to the owner. e.g. if it’s a detailed report on a niche topic with a specific bias and one person is known to be super interested in that topic with that bias, or if it contains parts of the owner’s PII. But it’s much better than nothing.

There is no such thing as anonymity. With the number of bits required to ID a person and the fact that you are leaking such bits all the time you can simply forget about anonymity.

Many people online seem to think that they are anonymous and so were emboldened to do stuff that they might not have done if they had realized this. They continued to feel extremely good at this right up until the knock on the door.

What I was wondering after reading the article: How does Mulvad actually decouple banking data from the account ID? Or is it as simple as verify transaction once but never log?

Europe is currently being tormented by this exact contradiction: on one hand, it has the GDPR—the world's strictest privacy law, supposedly protecting personal data; on the other, a flood of new regulations under the banners of "child safety," "counter-terrorism," and "anti-money laundering" are systematically strangling real anonymity.

At first I thought it was a blog. No, this is a company. So, their privacy page (https://servury.com/privacy/):

> Server Logs > Like all web services, our servers may log: > IP addresses of visitors > Request timestamps > User agent strings > These logs are used for security and debugging purposes and are not linked to your account.

That's already a huge breach in comparison to mullvad privacy page. (https://mullvad.net/en/help/no-logging-data-policy)

How tf are you supposed to provide working authentication without storing the email somewhere? Should i just disable password resets and tell the users to fuck off if they forget theirs? Cant even use passkeys as they make users identifiable too.

One difference with Mullvad is VPN traffic is ephemeral. Here, a VPS has a persistent disk attached, that could contain identifying information (if it is necessary to do useful work).

The very premise is false, privacy does mean something, and anonymity doesn't really exists. This is an advertisement.

Glad I had to do a Cloudflare turnstile captcha to see this page

Apparently neither does spelling. "anymore" -> "any more"

"privacy" or not sharing your space with a creepy room mate, and reading the internet without adds ar3 parallel

running three flavors of the same off brand browser, each optimised for different segments of online content is what seems to be the minimum.

they are so desperate to sell me something, (a truck) that it's wild, as it is one of the few monitisable things I consistently look for (parts, service procedures), the , pause, when I do certain searches gives me time to predict that yes, the machinery is grinding hard, and will ,shortly, triumphantly, produce, a ,truck.

According to article, the whole authorization system is flawed. But we haven’t invent a new one and the one we’ve got never meant to be private, it is just a way to separate users from each other. We need something unique, a "primary key" for our DB, and that’s email or phone or username that has to be stored somewhere. A server, someone else’s computer, call it what you want. It has good privacy between users, but the admin can see everything, because otherwise management of the service would be impossible.

There is no anonymity, there is always someone you have to trust in the chain of WAN networking (DNS,ISP,VPN). If you want anonymity and privacy, you selfhost (examining the code is also a prerequisite). There is no other way to do it.