CallMeAl (Not AI)

I agree with the idea of debloating and hardening your systems.

It helps to have some context as the approach I would take depends on what kind of system I’m running. I think its also good to identify your priorities to hone your approach.

When I want stability, fast security updates, minimal install size, I usually use Alpine which indeed uses the lighter busybox bin/sh instead of bash.

When it comes to my workstation shell I’m more focused on utility than size. So bash or zsh or fish, or whatever you find the most useful, makes sense to use.

If you want to be extreme, you only use devices that you control all the software on and you are very careful about what software you run. You always use a killswitch vpn. You choose carefully the websites you use and you use all the standard counter measures (ublockorigin,DoH,uMatrix,pihole,etc) at all times. You keep another laptop that has whatever you need to install to be able to use your bank and the online shopping you can’t live without. You use it for nothing else.

Even then its not perfect. I’m pretty sure that all Android, iOS, and Windows devices track the wifi access point name and mac address of all the ones you use. They also track the location of all the access points as seen by everyone elses location enabled devices. Easy for them to combine that to basically know where every visible wifi in the world is.

They can tie it to you by cross-referencing all the signals they have about you with data collected from other data collectors and aggregators. With enough data they can connect things like browser fingerprints and so-called anonymous ad IDs with your real identity.

Keep in mind that there is a good number of technical people whose job it is everyday to continuously figure out new ways to track everything they can about every person they can. These data collector and brokers have demonstrated time and again that they don’t really care about following the rules either. Here’s a good resource for more info https://noyb.eu/en

In terms of how they use it against you, this is some good info and it applies even if you aren’t American https://epic.org/issues/consumer-privacy/data-brokers/

Like a dossier which identifies you only by some ID which is used to compile data about you but never includes your direct personal info (name, email, home address, mobile number) so they don’t have to tell you or ever delete it, even under laws like GDPR.

Everything you type in the chat box is sent to the LLM provider but they get Duck Duck Go’s IP instead of yours.

So if you type personal things its mostly just like typing them directly to ChatGPT. However, with duck.ai your IP, Browser info, Location (if shared), etc is seen by Duck Duck Go instead of OpenAI.

I don’t think DuckDuckGo is lying when they say that they don’t use your chats to train models. However, that leaves plenty for OpenAI and Duck Duck Go to do with your chats, like building shadow profiles.

I suggest that if you want to be anonymous to Duck Duck Go, then use duck.ai via vpn or tor. Always assume the content of your chat session is being logged by the LLM provider.

Perfect for those late night Zork sessions!