I can’t use them because I can’t convince anybody to switch with me. I talk to most people on discord and I’d rather move to using Matrix, but I can’t convince any of my friends or family or anyone I know to use anything else.

I'm thinking of getting a fairphone in the future. I like that they are modular and last a while. Are they easily customizable to where I can flash a different ROM? Is the default configuration private?

They all have iPhones and Google Android. Since all my calls and text messages are monitored on their phones, am I causing any additional harm to myself by using Google Messages on GrapheneOS? That way I could at least use RCS messaging.

Supposedly, he sells out of his phones but I haven't seen any review or unboxing videos for the Brax 3. I know that you can ask for iodeOS or Ubuntu touch.

If I created a Udemy account with my Gmail, then what's the difference between signing in with email and signing in with Google? Thanks in advance.

I've been play around with ollama. Given you download the model, can you trust it isn't sending telemetry?

This is not a long post, but I wanted to post this somewhere. This may be useful is someone is doing an article about Google or something like that.

While I was changing some things in my server configuration, some user accessed a public folder on my site, I was looking at the access logs of it at the time, everything completely normal up to that point until 10 SECONDS AFTER the user request, a request coming from a Google IP address with Googlebot/2.1; +http://www.google.com/bot.html user-agent hits the same public folder. Then I noticed that the user-agent of the user that accessed that folder was Chrome/131.0.0.0.

I have a subdomain and there is some folders of that subdomain that are actually indexed on the Google search engine, but that specific public folder doesn't appear to be indexed at all and it doesn't show up on searches.

May be that google uses Google Chrome users to discover unindexed paths of the internet and add them to their index?

I know it doesn't sound very shocking because most people here know that Google Chrome is a privacy nightmare and it should be avoided at all times, but I never saw this type of behavior on articles about "why you should avoid Google Chrome" or similar.

I'm not against anyone scrapping the page either since it's public anyways, but the fact they discover new pages of the internet making use of Google Chrome impressed me a little.

Lets try to keep this topic around a basic-intermediate level when you try to explain things.

What I mean in the most simple words is a way for me to know if my laptop or any of the accessories such as charger, mouse, keyboard, camera, mic, etc, have been tampered with while I left them in my hotel room while I went out on some tourist attractions.

Adversary could be a local gang with hackers hired as hotel maid, or the adversary could be a corrupt/over reaching authority/intel who thinks citizens and tourists shouldn't have privacy and if they put a lot of effort into privacy then that means they are extremists and must mean they have something to hide.

I know of 3 ways to check for tampering:

1. AEM or Trenchboot or Heads.
2. Glitter nail polish.
3. A device which monitors your room for intrusion.

If there is proof of tampering then the solution is to destroy the hardware and throw in the trash because it's practically impossible with 100% certainty remove any tampering that was done. Better to buy new hardware.

Now to elaborate on each of the 3 ways...

1, Trenchboot is better than AEM or at least it will become better when it supports TPM 2. The plan is for it to replace AEM completely. So to make this simpler we can keep this discussion about trenchboot vs Heads and leave out AEM.

TPM 2 is good and something we should want depending on how important this method of tamper proof is. Because TPM 1.2 is old and weak encryption.

But I've read so many arguments about Trenchboot vs Heads, it's very difficult to understand everything and requires very deep and advanced knowledge and I just don't know, maybe I just have to keep on reading and learning until I eventually begin to understand more of it.

Glitter nail polish is supposed to make it practically impossible to open up the laptop (removing screws) to access the ROM chip and any other hardware. That makes this method of tamper proof perfect and simple and works on all laptops. But there are vulnerabilities:

USB is not protected by glitter nail polish. And if any malware compromises your system it could flash the ROM.

I don't think the malware is much of a threat if we are using QubesOS because it's too unlikely for the malware to escape the Qube, it would mean a 0-day vulnerability in Xen hypervisor.

But an adversary could easily use a bad usb when they have physical access to the computer and glitter nail polish doesn't detect that. I guess that this is why nail polish isn't sufficient on its own and why we need also either trenchboor or Heads.

One downside of Heads is that it's Static Root of Trust for Measurement (SRTM) which means it only checks for tampering when you boot the computer. But I think if the only threat is a bad usb attack because glitter nail polish protects against everything else that can tamper with the hardware, then this Heads downside of being SRTM doesn't matter.

This could be an app on the smart phone which uses the sensors to check for sound, movement and light changes, vibrations. Or it could be a more professional device as a surveillance camera or motion detector.

This way of tamper proof solves all problems if you assume that someone entering the room means that the hardware has been tampered with. But unfortunately this is not a good assumption to make if you are traveling or sharing accommodation. There are plenty of dumb people who would enter your room even if you told them not to even if they have no malicious intentions and are not an adversary. That means this method would give a lot of false alarms.

But if you are using video surveillance the you would know exactly what they did while in your room and you can clearly see if they even touched your hardware. So, with video surveillance you maybe don't need trenchboot or Heads and glitter nail polish.

Another reason to have this tamper method is in case they put any camera in your room to watch what you're doing or watch your enter passwords. If you have for example a motion detector giving an alarm, you can spend some time looking for hidden cameras. There are cameras that are good for this, I think they are called infrared cameras, they can find the heat which a hidden camera would give.

Summary: You probably want all 3 methods because they complement each others weaknesses. Question remains regarding trenchboot vs Heads in the scenario I've explained here I suspect Heads is a better choice but I am mostly guessing. Maybe I'm not as lost in this rabbit hole as I feel like I am. I hope the more advanced and experienced people can give some comments and help.

Another point I almost forgot to make: This whole scenario is meant to be practical, a realistic lifestyle. For example, it's not realistic for most people to be able to bring all their hardware with them everywhere they go such as work. It also makes you a big target to be robbed if they get a hint of how much valuable equipment you have in your backpack. So this means we are leaving the hardware at home which could be a hotel room or a shared accommodation.

Also last point which I forgot to make as well: The accessories need to be tamper proof as well. I don't know if trenchboot or heads is capable of doing that, such as if they replace the charger or something. Maybe the only way to protect against this is one of two ways:

1. Bring the accessories with you but leave the computer at "home". This isn't great though because you might not be able to keep your eyes on your backpack at all time.
2. Have a box filled with lentils which you put the accessories inside when you leave your room. Then you can take before and after picture and compare them to see if the lentils have moved around or not. This would mean we actually have to use 4 methods to keep all hardware tamper proof. It's not so fun to have to pack all accessories into a lentils box every time you leave your room, and check pics of both glitter nail polish and lentils. It's a lot of work but maybe that's the only way?

Hi,

I'm looking for a E2EE and decentralized (or self hosted) videoconferencing that would have the following feature

• video or voice-only call
• share screen
• files transfer (optional)
• text chat

( all of it E2EE )

I'm considering Jitsi meet, that seem the meet those requirements

Do you know better alternatives or do you have remarks about Jitsi ?

Thanks.

Mornin' Been wondering if I should install GOS on my Pixel8 or keep my present setup with TC. I'm not conversant with the mechanics behind TC but it feels right to me. I don't use Google Apps and have been on F-Droid more often then Google Play. I do have a few apps which require net access hence using TC.

What say you..?

I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can't just "install Linux" on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP's latest version, imptoves upon it's security and significantly hardens it. There's hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you're using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can't work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn't the friendliest but you can get help. Just don't try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let's have a discussion!

Inspired by the discussion in 'they already have your data' I was reminded that AdNauseam exists. I rarely see it mentioned in privacy circles but the idea seems attractive to me, I've used it before and since it's based on uBlock Origin it was just as effective in adblocking and the "poisoning" itself unobtrusive. How do you guys feel about it? Are there reasons it should be avoided?

EDIT: Just thanking everyone for the thoughtful responses. Really enjoyed reading everyone's takes here and will definitely think on things moving forward and try various configurations out!

Hi all, interested in your thoughts here. Recently signed up for Proton Unlimited via Black Friday sale mainly for email/VPN/drive. For passwords I've been happy with Bitwarden and DDG for email forwarding (plus you get a duck.com address which is just fun).

If you were me would you move over to ProtonPass to streamline, or keep these things broken up? On one hand I don't want all my eggs in one basket, on the other hand I feel like it means I am trusting my info to one Swiss-based org vs Proton + DDG/Bitwarden which are US based. Plus if I am paying for a service I feel a little less like the product in the long term.

Feel pretty ok with both options as my main objective is de-Googling, but interested to hear what has worked well for others. Appreciate any input!

Up until like a year or two ago, YouTube links always used to be pretty clean. The format was youtube .com/watch?v=[video_ID]. A year or two ago, they started adding a tracking suffix on, so it would be youtube .com/watch?v=[video_ID] &si=[tracking_ID].

Over the last day or so, I've noticed links with a different format, youtube .com/watch?v=[video_ID]&pp=[tracking_ID] - only the pp= string is much longer than the si= string. This can only be because they're including more information in it. What that information is is anyone's guess.

This is basically a PSA to watch YouTube links more carefully, as people are by and large complacent with them (moreso than other links) and never even realised the si= change, let alone this new pp= change.

It could also be that the change to pp= is meant to circumvent communities, like this one, which automatically filter out the si= suffix. They may have decided to address that, then took the opportunity to make their tracking more severe.

Installed #GrapheneOS several days ago on my Pixel 8. It works great without any Google services! https://grapheneos.org/

Hi. Has anyone had experience with Riseup? How are they as opposed to Tuta or Proton? Iam just wandering if anyone did an analysis esp for activist. Thank u in advance.

I'm impressed at how obvious of a lie this is and how hard they're trying to do mental gymnastics to justify their argument.