If someone gained access to your email there’s little chance they would use it for that purpose considering it’s far easier to just create email bot accounts. Scammers rarely leave you access to your account if they’re using it for SMTP. If the scammer is using your payment info, they’d be far safer from detection by using a different email address.

It might be this is a clever spearfishing campaign, or it could be someone confused/mistyped their address (frequently happens with TLDs). Also see this a lot with more newly created accounts, where the previous owner lost/gave up the email address, then either the old owner or attacker attempt to access an account protected by 2fa.

Did you check the DKIM signature?

The Labour party is just neolibs. The most you will get is platitudes, poverty and imperialism.

Don’t use microsoft products spyware and you can safely ignore all the associated scams

Always keep in mind that Mozilla has long since been captured by google as insurance against anti-trust suits like microsoft faced back in the 90s

Sadly FF (and some of its forks) is the best browser we have, but Mozilla’s leadership is constantly sabotaging the project with ads, spyware, anti-privacy-pretending-to-be-privacy (such as this) and stupid feature bloat. Adding more advertising integrations to a browser is an anti-feature on par with the bullshit “Brave” does. But this is done as an underhanded attempt to maintain chrome as a defacto monopoly, despite chrome being designed specifically to erode privacy and being far worse.

You can’t convince me this isn’t satire; 2 hamburgers and a mcdonalds cup is a dead givaway

That’s not even coherent. You know a lot less than you think you do.

Well that’s your choice, but it’s a lot more rational to limit filesystem access by the browser, but allow a user unlimited access to the files downloaded by the browser (very easy to set that up asymmetrically with a symlink). Or at least restrict which directories a browser can or cannot access.

At the cost of security, speed and efficiency?

1. Systemd is the most egregious pile of shit poetteringware in linux, hands down. It’s a gigantic, slow, bloated mess that runs as pid0 and keeps getting bigger as it consumes all other unix services. It violates every single unix and kiss principal. The attack surface is massive and, becuase it’s pid0, has the highest level of privilege escalation attacks. The recent xz backdoor (absolutely state-sponsored btw) was made possible because of the integration of sshd (and xz) into systemd. It’s been a cve nightmare forced onto us by redhat/ibm despite our protests. It may as well have been written by the cia. Systemd alternatives like runit are superior in every respect, particularly speed and security, while adhering to unix and kiss philosophy.

2. Not all js is malicious, but it’s objectively the most vulnerable and commonly expolited component by malicious actors in browsers (webassembly will be worse). It’s also an objectively terrible and idiosyncratic language on its own. Good css can eliminate a lot of the most worthless uses of js, but in many cases it’s still a necessary evil in frontend and web design. The best compromise we have is to only use trustworthy, foss 1st-party code and restrict 2nd/3rd party code. It’s also always a good idea to run your browser in a sandbox (bsdjail, bwrap, firejail) with no access to user files or dbus.

Is it a public instance or just for you and your fam/comrades? But yeah, mandating a login requirement is what I’ve been afraid of. I would just stop using yt altogether if it came down to that.

Security and privacy are things accomplished in layers. You can implement any or all of these as you’re able to learn what they are and how they work.

At the very least a few browser tweaks and addons can prevent a lot malicious scripts and fingerprinting and are the absolute most simple, surface level things you can do. Just FF + ublockorigin will block most ads and surveillance capitalism tracking networks. noscript gives you granular control over what you do and do not want to run, and it’s a good learning experience for most users. Want ads gone, poof, there ya go.

Arkenfox is just a policy confg file (user.js) for firefox, which further helps block tracking, fingerprinting and the most awful annoyances and grievances sold as “convenience” in modern browsers. It’s well documented, easy to read and lets you configure things to your preference. The LibreWolf browser is firefox with a preconfigured arkenfox user.js for users who aren’t tech savvy or don’t like configuring things in text files. Highly recommended over FF + arkenfox if you’re getting started.

invidious is a privacy frontend for youtube that runs on instances (servers) that anonymizes users and cleans up youtube’s awful ui. Lemmygrad provides automatic invidious links when a user links to a yt video.

Running your own router firmware means owning your secure device and having meaningful control over it. Otherwise someone else has more access to your network than you do.

Finally, none of the security or privacy stuff means anything if you’re running an nsa compromised operating system, which is exactly that way by design. Opting out is free and returns speed, freedom and ownership to property held hostage by the worst excesses of capitalism and techno-fascism. This may tilt some “GaMeRs” … but people who won’t even liberate a personal computer from fascism at absolutely no risk, won’t liberate much else, either.

How easy has it been to find (presumably?) vps hosting able or willing to accommodate the IP bans from google? I feel like at some point google is going to go hard against the hosting on these ip-rotated instances.

You can block ips with firewall rules and domains using unbound dns

A router running OPNsense? Sure. You can put a firewall inside any kind of network. I don’t know what kind of hardware you have access to, but If you have something specific in mind, I can probably tell you if its fit for purpose

They’re all instances of running the same software, with a few tweaks here and there. Google has been trying to stomp out Invidious recently because google hates human rights and all that, so it’s an arms race to keep the instances running while google blocks domains, ip addresses/blocks, vps hosts, and apis. Everyone running the instances are trying to keep invidious up and some are having more success than others.

libredirect is a browser plugin that can set a customizable list of working/preferred invidious instances. If one doesn’t work, you can click a link on the video page to switch instances. I have pretty good luck with yewtu.be , inv.tux.pizza , inv.nadeko.net and invidious.drgns.space

Yep. You can use that software on just about anything with a couple nics. It serves the same purpose as an off-the-shelf router (nearly all of which run some tivo-ized, nsa-backdoored linux firmware blob) but you’ll have total control over the device.

There are a lot of ways, actually, as long as you have at least a couple nics. I always recommend openbsd since it’s very hardened for this purpose. opnsense is a free open-source distro built on openbsd, and can do virtually everything that enterprise gear can do and isn’t hard to learn or manage. Openwrt is also pretty decent and can replace firmware for some existing off-the-shelf routers, which are all backdoored anyway.

FF + Arkenfox + Noscript + uBlockOrigin (+ invidious for as long as it’s able to exist)

Legit never seen a youtube advert in my life. Even seeing 1st-party static image ads anywhere is extremely rare.

Run *BSD or Systemd-free Linux. Only use FOSS. Distrust javashit, refuse webassembly. Build your own routers. KISS. Learn to protect your privacy and security; the tools are there. No one else will do it for you.

Exactly. I’m sure they’d do the same if you could somehow ban transfers to the Caymans. They didn’t plan to give back shit anyway.