12bytes Mumble meet every Sat. night!
Coronavirus information & resources
Vaccines - What You Need To Know

The Purge

For those unaware, ThemTube (aka YouTube) is in the midst of perhaps the biggest mass purge ever. Anything and anyone critical of Israel, or who questions certain historical events (holocaust), is being deleted, demonetized, deplatformed, and/or censored regardless of the validity of their claims. It's not just Israel either, it's anything and anyone critical of popular and politically sensitive mainstream narratives. Project Veirtas had a video removed for simply REPORTING NEWS and they are, by far, not the only ones.

A commenter on this site credited me recently for having "the balls to post stuff on the Zio cartel running the world". I suppose for some people having balls is a requirement for addressing sensitive topics, but it isn't for me. I simply seek the truth and i don't give a shit where it may lead or what the consequences are for me personally because it's the right thing to do.

Anyway, the point to this rather pointless post is to gripe about ThemTube, and also to claim a victory. My series of articles, Rescuing Israel: The Holocaust, has a truck load of links to 3rd party sources and many of those links are... or rather were... links to ThemTube videos and one by one those videos have been removed -- hundreds of them -- and this has forced me to find alternative sources. Just in the last few days i have had to seek out new sources for over 100 ThemTube videos and the Internet Archive has been a huge help in many cases. What scares me about the Internet Archive is that it's the only platform of it's size and scope that i'm aware of. Sure, there's the privately funded 'archive' which is great for archiving web pages, but you can't upload audio or video files and the size of the archive is way smaller.

So today i claim victory insomuch as i managed to bypass ThemTube censorship, but for how long? Freedom of speech is being continually eroded and assaulted by a lot of very powerful organizations. How long until their wrath forces websites like the Internet Archive to comply with their absurdly broad definition of "hate speech"?

"To determine the true rulers of any society, all you must do is ask yourself this question: Who is it that I am not permitted to criticize?" — Kevin Alfred Strom, All America Must Know the Terror That is Upon Us, Aug 14, 1993 (source)

Enjoy the Wild World Web friends... while it lasts.

Tor versus a VPN - Which is right for you?

This article assumes you have a basic understanding of The Onion Router (Tor) and Virtual Private Networks (VPN), as well as a desire to protect your privacy on the Wild World Web.

Having chosen to not take refuge under a large, dense object for the last several decades (not that i'd blame you), you're probably aware of how fragile privacy and freedom has become in the digital age. At the network level a lot of people (including Ed) recommend The Onion Router (Tor) in order to protect ones privacy. Others prefer using a Virtual Private Network (a VPN is really more like proxy than a network) and still others recommend using both with a VPN preceding the connection to Tor. If you're wondering what i recommend, i don't; i'll leave that up to you since it's not a one-size-fits-all thing and, more importantly, i'm not qualified to make such a suggestion and neither are a lot of other people making such suggestions. What i would like to do however is point out some of the differences between the Tor and so-called VPN's as i see them because each has distinct advantages and disadvantages.

  • Using the Tor network is free, as is the Tor Browser, a privacy and security hardened version of Firefox used to connect to the Tor network. The Tor Project source code is public and the servers can be run by anyone, including bad actors, however there is debate as to how much impact a malicious operator can have.
  • Unless you run your own VPN, which which i suspect requires a god-like level of technical prowess and secured hardware to do it right, a VPN service will cost you roughly $5 to $10 per month and a lot of the companies providing service are highly unethical. As a rule of thumb, never trust a VPN provider offering their service for "free". Personally i also avoid the big names, like NordVPN. I simply don't trust large corporations, many of which have very poor track records, including Nord.
  • Tor advocates often describe Tor a "trustless", meaning that one does not have to trust the software since it's open-source, however this is misleading since no one really knows what a malicious Tor node operator can do or what exploits exist that have never been disclosed. While it is true that no VPN can be fully trusted regarding security or privacy, the same is true for the Tor network. See for example, Tor Network Compromised by Single Hacker Stealing Users' Bitcoin: Report and 'You Are Not Anonymous on Tor' - Study Shows Privacy Network Offers Superficial Anonymity. We know there is a massive amount of money to be made in malware and vendors, many of which sell exploits to governments and intelligence communities, have little or no incentive to disclose the vulnerabilities they discover. These vulnerabilities can remain secret for weeks, months, or years. Knowing this, i think it is dangerously illogical to conclude that anything is secure, including Tor.
  • Picking a bad VPN that doesn't respect your privacy is easier than getting your drone stuck in a tree, however there is only one Tor Project and one official Tor Browser and the source code for both is public and open to auditing.
  • When using the Tor network, it is strongly suggested to use the Tor Browser (a fork of Firefox) in its default configuration. Remaining anonymous on Tor depends heavily on uniformity and so, with few exceptions, you can kiss your beloved add-ons goodbye. With a VPN one has more choices as to what browser and add-ons they use, though these choices must be weighed carefully.
  • Avoiding browser fingerprinting and tracking is much easier to achieve with Tor, while preventing fingerprinting outside of Tor is quite difficult whether using a VPN or not. In both cases however, and assuming you've taken some precautions, the websites you visit will not know your physical location and they will be less able to fingerprint and track your browser. That said, nothing can protect your privacy if you log on to privacy toxic surveillance platforms like Facebook, Instagram, Twitter, Google, YouTube, etc., using your real identity or the same credentials you used prior to using Tor or a VPN.
  • Because of the layers of encryption that Tor employs, bandwidth limitations, the load on the nodes, etc., Tor will generally provide a slower web experience, higher latency, and a less stable connection than a good VPN. This problem is exacerbated if one adds more nodes to the Tor circuit. File sharing is discouraged with Tor and latency sensitive traffic such as gaming is out of the question. Even watching high definition videos can be problematic.
  • Tor may insulate users from a malicious operator better than a VPN, partly because a Tor circuit is composed of multiple nodes whereas a VPN usually presents a single point of attack. Though some VPN providers offer an option to route traffic through more than one node, all the nodes are controlled by the same company. One could chain multiple VPNs, but at an added cost.
  • Different people require different levels of privacy. A journalist wishing to communicate privately with a source may be better off using Tails and Tor. On the other hand, someone wanting to download copyrighted content whilst avoiding nasty-grams from their ISP, or stream high resolution videos, or game, or most other non-sensitive and bandwidth intensive activities, may be better off with a VPN.
  • With Tor it is non-trivial and ill advised to choose what exit node you want to connect to, whereas any good VPN provider will allow you to swap between any of their servers and doing is usually just a couple mouse clicks away if you use their client software. One advantage of being able to choose among servers is the ability to access content which is blocked in a particular geographical region, such as certain videos.
  • VPN client software may not be open source and may not respect your privacy even if it is, however any good VPN provider will allow connections using other methods, such as with OpenVPN or, better yet, WireGuard. Setting up a connection manually to your VPN provider will require a bit of time verses using their app, though doing so is usually fairly easy. This issue is non-existent with Tor.
  • Both Tor exit nodes and VPN nodes are subject to having their IP addresses blacklisted by governments, corporate websites, and even private website owners which results in the inability to connect to them. In the case of a VPN this is fairly rare in my personal experience, however those who shop online are more likely to have trouble with either Tor or a VPN, though the problem may be exacerbated with Tor and the Tor Browser whereas with a VPN one can easily switch servers to try and solve the problem. That said, if you're shopping on-line and giving up personal information, there's probably no point in routing the connection through Tor or a VPN and in either case it is trivial to bypass them.
  • Choosing to use Tor is more of a simple yes or no decision, while choosing to use a VPN requires research in order to locate a trustworthy provider that offers a stable service. The VPN market is exploding and so are the number of ethically retarded providers. Be careful when reading VPN "reviews" because many of them are written by the providers themselves or paid bloggers. I've had several offers from VPN providers asking me to post content here in exchange for money (i always turn them down).
  • Unless you configure your network device to route through Tor, the only traffic routed through the network when using the Tor Browser is the web traffic generated by your browser, whereas with a VPN, typically all network traffic generated by your computer is routed through your VPN. With a suitable router you also have the option to set up the VPN on the router so that anything that connects to your local network is protected. This is fairly easy to do with routers which support it, such as the Peplink Surf SOHO, the Turris Omnia or the Vikings routers, or those for which you can install custom firmware, such as OpenWRT.
  • An entire Tor network, including the entrance and exit nodes, can be run on a single machine using software such as The Shadow Simulator. This may present very serious privacy/security issues that undermine network layering if such a configuration is employed by a malicious party such an ISP, law enforcement or the intelligence community.

Because of the garbage disseminated in the mainstream media, much of the public sees Tor as being synonymous with the 'Dark Web' which many believe is nothing more than a haven for criminals. Tor can be thought of simply as a service, such as your phone company provides, and, as with any service, it can be used by bad people to do bad things or good people to do good things. For the average person wanting to protect their privacy, Tor may provide a portal to access the same websites one visits every day, but in a more private and secure way. That said, yes, there is a 'dark' web that is accessible only through software like Tor and while some of the content available in it is indeed illegal and extremely offensive, there is also a lot of quality content which is otherwise censored on the open web.

Some people believe that using Tor will attract the attention of the intelligence community and that claim is not entirely unwarranted. While it is apparently true that using encryption may raise the eyebrow of 'The Man', such criminal spying on the public by governments is certainly not limited to those using Tor. More importantly, our inherent right of free speech is under severe attack not only by governments, but by ourselves as individuals who tend to self-censor simply because of the belief that we are being watched. This is a very dangerous situation because we cannot work toward a free and transparent society if our ability to communicate is compromised.

I'm hesitant to recommend a VPN provider if you decide to go that route, however in the interest of hopefully steering you away from much of the garbage out there, i will offer my personal insight.

NordVPN is a huge player in the VPN market and i have used them in the past, however the shear size of the company, their cheap prices, poor history, and a recent merger very much bother me. Nords service wasn't very good for several reasons, one being the stability of the connection and another being blacklisted IP addresses. Nord has had some serious security issues as well.

NordVPN, TorGuard and VikingVPN disclose security breaches

NordVPN, one of the most well-known VPN provider, had confirmed a security breach in early 2018. At fault, there's the data centre provider from Finland, where the server was hosted. The data centre provider used an insecure remote management system that NordVPN was "unaware" of. Although NordVPN seems to be playing down the occurrence, there's an anonymous post on 8chan, shared by Cryptostorm's Twitter account, that claims that the hacker had root access to the server. NordVPN states that the TLS key that was stolen was expired, and no VPN traffic could be decrypted.

The same 8chan user showed access to servers from two other VPN providers – TorGuard and VPNViking.

I have also personally found piles of user credentials on pastebin.com for NordVPN services.

Many speak highly of Mullvad VPN, however i have no experience with them. I have also used AirVPN which i rather liked, but it has its problems also.

After i gave up on Nord i started using AzireVPN, a smaller and somewhat unique Swedish company that focuses on the WireGuard protocol which has several distinct advantages over the older OpenVPN protocol. There are a few key reasons i switched to Azire, one being that they claim to own, secure and configure their hardware rather than lease it like virtually everyone else, Nord, Mullvad and Air included. They also claim to employ some interesting security measures to prevent tampering, including physically sealing unused ports and running everything in RAM.

More recently Michael Horowitz was kind enough to recommend OVPN to me which he writes about in his article, VPN's and Defensive Computing. The article is well worth a read. Like Azire, OVPN (they do WireGuard too) also claims to own, secure and maintain their own servers which are locked in isolated racks and run the OS in RAM. OVPN has a nice article on their Security page about all the measures they take to protect their customers.

All the hardware used to operate our service is owned by us and locked into isolated racks. All servers operate without any hard drives as the operating system only resides in the RAM memory.

Another interesting bit is that OVPN carries insurance to cover any legal fees.

Conflicts are expensive and complicated, especially when crossing country borders. We've decided to sign up for an insurance that covers legal fees as an additional layer of safety, which grants us the financial muscles to refute any requests for information.

In the case of any third party demanding information about our customers, we are fully prepared to go to court and will do everything in our power to prevent anyone from getting access to customer information.

Azire and OVPN are two of the very few companies i know of that takes these kinds of precautions, however there is no proof for some of these claims.

Regarding performance i have had next to zero trouble with Azire's service and latency and bandwidth has been excellent. Unlike Nord, i haven't had to switch server locations every few days because of network degradation or blacklisted nodes. Lastly, Azire accepts cryptocurrency so you can purchase and use their service anonymously without having to provide any personal information. If you choose Azire, please consider using my affiliate link which gives me some free time with them.

FreePN is also another interesting player in the privacy market. This project is building a free, open-source, distributed VPN service similar to the Tor network. There are caveats with this service however, so please do your homework. Read: FreePN: Free, open-source, distributed VPN.

Lastly, i recommend reading the following articles by Sven Taylor of Restore Privacy:

Regarding the article, Why Does Anyone Still Trust Tor?, it is my non-professional opinion that Sven goes a little overboard in attacking Tor. I think that you could swap out Tor with any VPN service or web browser or operating system and make several of the same arguments. There have been many bugs and vulnerabilities discovered in Tor that were patched and very likely many more that have yet to be discovered, or have been discovered but not disclosed, and the same is true for all software in general. In the end, privacy on the internet can never be guaranteed and is becoming harder and harder to achieve.

Article resources:

Miscellaneous resources:

The Thunderbird Privacy Guide for Dummies!

See the revision history at the end of this document.

hi :)

Thunderbird is a very popular, free, open source, multi-platform, extensible email client with calendar and encryption integration. Our goal here will be to further harden it against security and privacy threats by making a bazillion changes to its preferences using a custom user.js preferences file which was inspired by the popular 'arkenfox' user.js for Firefox. The fellas running the 'arkenfox' user.js project are a well connected and knowledgeable bunch regarding the inner workings of Firefox and a lot of that knowledge applies directly to Thunderbird.

junk you'll need to do

If you’re running Windows you need to unhide file extensions, and i suggest you keep them un-hidden.

You’ll need a decent code editor with syntax highlighting. For Windows, PSPad is nice, simple and free (don't use Notepad). If you’re running Linux you’ve probably got something installed already. Poke around.

While there are many forks and derivatives of Thunderbird, we want only the official release which you can grab here if you're being abused by Microsoft. For Linux users, look in your package manager.

If you have installed Thunderbird for the first time, run it and set up an email account, then close it before doing anything else. This will create the necessary profile directory we will be impregnating in a moment.

don't be a retard

If you're already using Thunderbird, you !!! NEED !!! (did you note the emphasis there?) to make a backup of your current profile. If you don't know where Thunderbird stores your profile, click the Hamburger-looking icon on the toolbar, then expand the 'Help' menu and click the 'More Troubleshooting Information' menu item. In the 'Application Basics' section, click the 'Open Directory' button next to the 'Profile Directory' label.

In your file manager you want to move up one directory where you will find your profile folder. If you haven't renamed it, the name will end in .default . Copy that folder (Ctrl+C) and then paste it in the same place (Ctrl+V). When you are prompted for a new name, just append something like -bak to it.

the not necessarily important user-overrides.js

The user-overrides.js file is where we'll be storing all our custom preferences, as well as any changes we want to make to the 'HorlogeSkynet' user.js which we'll be grabbing in a minute. The contents of this file will then be appended to the user.js file. You will save yourself many a headache if you store your custom preferences in a user-overrides.js file rather than editing the user.js.

I keep a copy of my personal user-overrides.js at my Codeberg repository if you wish to pirate it, in which case you can click on the file name, then click the 'Raw' link and, finally, press Ctrl+S to save the file to your Thunderbird profile directory (here's the direct link to the file). If you'd rather create your own, just create a file named user-overrides.js in your profile directory. If you don't wish to make any changes to the preferences in the user.js file, or add your own preferences, then you don't need a user-overrides.js at all. If you create your own user-overrides.js, you may want to refer to mine for examples and best practices.

IMPORTANT: If you are using my user-overrides.js, it is very important that you open the file in a capable code editor and go through it, line by line, to make sure you're okay with all the preferences. Again, these are my personal preferences and i do not edit them for public consumption.

the totally necessary all important user.js

Note that the 'HorlogeSkynet' user.js file is slanted toward using Thunderbird as an email client and nothing more, so chat and some other non-mail functionality is disabled by default.

Head over to the HorlogeSkynet/thunderbird-user.js repository at GitHub and click on the user.js file, then click the 'Raw' link, then press Ctrl+S to save the file to your Thunderbird profile directory (here's the direct link). To verify that you placed the user.js file in the correct place, it should be in the same place as the prefs.js file.

Now go through the entire 'HorlogeSkynet' user.js file and read everything. Again, to make updating the user.js file as painless as possible, do not edit it! Instead, copy the preferences you want to change to the 'USER CUSTOM PREFERENCES' section of your user-overrides.js file (if you're using mine).

If you're using a user-overrides.js file, Thunderbird has no idea what the hell that is and so in order to apply the preferences in the user-overrides.js, copy the entire contents of the file and then paste this at the very end of the user.js file beginning on an empty line which you can add if necessary.

the prefsCleaner scrubber script

Any time you update the 'HorlogeSkynet' user.js, or edit your user-overrides.js, you should always run the 'arkenfox' prefsCleaner.sh (Linux) or prefsCleaner.bat (Windows) script in order to reset any old/removed/depreciated preferences, otherwise they will remain active in Thunderbird's prefs.js file. More information about the prefsCleaner script and how to remove/reset custom preferences you add to your user-overrides.js or user.js file is contained in my user-overrides.js file. Also see Resetting Inactive Prefs [Scripts] in the 'arkenfox' user.js wiki. While this document pertains to Firefox, it can be applied to Thunderbird as well.

You can grab the 'arkenfox' prefsCleaner.sh (Linux) or prefsCleaner.bat (Windows) script at the GitHub - arkenfox/user.js/arkenfox/user.js repository. Click on the file name, then click the 'Raw' button, then press Ctrl+S to save it to your Thunderbird profile directory where your user.js file resides (here's the direct link for the Linux version and here's the direct link for the Windows version). If you're using Linux, don't forget to make the script executable, either from a menu in your file manager or from a terminal:

$ chmod +x prefsCleaner.sh

To run the script in a Linux environment:

$ ./prefsCleaner.sh

don't be a fossil

To keep informed of updates to the 'HorlogeSkynet' user.js, you can subscribe to the Recent Commits to thunderbird-user.js:master news feed.

To keep informed of updates to my user-overrides.js, you can subscribe to the news feed for the Thunderbird category on this website.

To check for a new version of the 'HorlogeSkynet' user.js, which you should do once a month or so, or whenever a new version of Thunderbird is released, go to the HorlogeSkynet/thunderbird-user.js repository at GitHub and click on the user.js file to compare the version with your current version.

Each time you update the 'HorlogeSkynet' user.js, be sure to exit Thunderbird and run the prefsCleaner script. The prefsCleaner script will reset any depreciated, removed, or inactive preferences and it is important that you do this.

and they all lived happily ever after

All done? Great! Your Thunderbird is now 100% hacker proof (assuming you cut your network cable and short out your WiFi, Bluetooth and cellular radios). Seriously, it will be much harder for the sender of an email to violate your privacy or compromise your computer's security provided you don't do stupid things like opening unsolicited attachments (or any attachments if you can avoid them).

revision history

7-Jul-2022

  • rewrote parts of the documents and corrected some minor errors
  • fixed an incorrect link (thanks to Damien)

3-Dec-2019

  • added info about updater.sh file for Linux
  • lots of non-critical changes and clarifications

28-Nov-2019

  • minor edits

27-Nov-2019

  • added info about prefsCleaner script
  • updated user-overrides.js

28-May-2019

  • first version published