Signal will force you into using an Android or iOS mobile device—no alternatives—and you couldn’t have 2 Android devices (like a tablet, e-reader). You are forced to have a SIM card which gives away part of your identity. Servers are centralized & closed-source (closed for 2 years, rewritten history)—so did the NSA force in a backdoor? …We may never know. On Android, by default notifications are sent thru Google Service’s Firebase (fork Molly supports UnifiedPush now tho). The ToS is questionable with “don’t break the law” language.
Your ideal chat would be free software, P2P or federated+self-hostable servers, E2EE, & the only required personal info you share is your account ID (no phone or email).
You’d think Matrix fits the bill, but its high system requirements (especially storage) & majority Matrix.org mean defacto centralization around an org that controls the spec, the largest server, reference server, & most popular client.
What you are looking for is good ol’ XMPP with OMEMO or PGP set to required in all clients. Its server options run on a toaster, has years of smart engineering & open governance guiding the project, & being extensible by nature, means it’s not purely limited to chat/conferencing. XMPP appears to be the common chat option on the dark web for a reason. You can use gateways to puppet accounts on these untrustworthy networks too (such as messlidger to puppet Facebook Messenger is needed, but also Signal, Telegram, etc.).
Alternatively, Briar & its ilk are gotos, but P2P has some downsides (brains your battery hard on Android).
XMPP sounds like a good idea, however, switching to Signal and convincing the 3 contacts I have there to switch as well wasn’t very easy and I don’t think I could pull it off again in the near future.
Yeah I am open to anyone who can prove this wrong/correct. I saw it and thought it needs sharing. I am more than willing to ask forgiveness afterwards :-) Luckily I too only use Thunderbird.
Firefoxes strict settings are okay but not perfect, have a look at librewolf for an easy solution, or my Arkenfox softening tool to modify arkenfox to be easy to use.
Did you debloat your xiaomi phone already? May help with some things, but of course not much, but
do you have google play services enabled?
what keyboard do you use
what mobile browser
Facebook messenger is cancer as its unencrypted afaik, so they read everything. Poor you.
An adblocking dns is good, do you have android tracking blocklists, to make xiaomi phones usable? But to be fair, samsung is way worse
Try shelter and isolate all these bad apps and disable them when not needed
I hadn’t thought about the keyboard! I use SwiftKey (which I now realise is a terrible choice) from way back before I started caring about my privacy. Do you have any good recommendations? The main thing I need is the three word suggestions to have dictionaries for multiple languages. I use Firefox on mobile as well, with pretty much the same settings and uBlock. I’m not sure what you mean by having Google Play services enabled, as I did say I use the store. Is there a way to use it and have the services disabled? Won’t that mess with banking apps? Also not sure what you mean by android tracking blocklists, but I think my dns blocks ads and tracking. I also don’t get any ads in system apps like settings for example. Tbh, I am a little afraid of debloating as I tried that ages ago on a Sony M5 and after uninstalling the apps, my phone started running insanely hot and slow. I had to put it right next to the air conditioner to be able to use it, reinstalled all the apps and the problem went away :D
NextDNS has presets to block OS tracking, this is different from just Ads. Any DNS with variable blocklists can use these. There is a windows one, but not sure about Xiaomi.
You dont need google services to use Aurorastore. It works currently.
Also try creating a shelter profile and then disabling the play services using adb in the main one with
Google play services spy on everything with privileged permissions (all) as they are system apps. On GrapheneOS you can install them as regular user apps, and they still work.
I recommend Mull from F-droid instead of firefox. Try adding my custom addon collection:
Its default settings are not perfect, you can theme it OLED black which is nice, it has an internal clipboard with the action bar for “mark all” “copy” “crop” “paste” “delete last entry” “show history” and even cursors. Its brilliant for privacy as its internal clipboard cant be seen by apps if you disable “sync to system”
It doesnt have autocomplete and after a quick rise and development its very rarely developed anymore. But I dont miss anything, just autocomplete and maybe Sayboars Speech to text would be nice addons
Older Sony Xperia phones support LineageOS and have a headphone jack. Normally it isn’t until their 2-warranty is up that a LineageOS build is mainlined (likely because they aren’t high volume & are expensive). I got a III recently to running LineageOS for microG (but the proprietary camera app is missing).
Be aware that the cheaper ASUS Zenfones have a headphone jack, but are nearing a year since their bootloader unlock servers “went down for maintenance”. They’ll likely never come back.
Almost every OS nowadays has some form of microphone detection right? So if this was on, you would be aware of it? And to jump ahead, even google is incentivised to prevent this company listening in, as they are direct competitor.
I wonder if this company is just trying to fleece advertisers with a made up tech? The “Claim your exclusive territory before your competitor” feels like the high pressure tactics that other scams use?
I might go disable the microphone in my TV remote anyway :/
OSes have protections built in, yup, but that’s no guarantee. we like hardware switches because there’s physically no way that the mic/cam can be in use: software is always 1 bug or exploit away from not doing what it’s supposed to
Yup, for sure, but while a nation state can risk exploitting a zero day to turn on your microphone, an ad tech company certainly can’t. As soon as it get patched they’d be ruined.
Minimal risk for them. The state of monitoring as a whole is such that they can use such an 0-day for a couple of years before anybody notices it. It’s far more likely that the vulnerability is noticed and patched without anyone even realizing that it’s been actively exploited.
They are literally publically claiming that they have a zero day (or at least a zero day level capability). Google/Apple would be all over it trying to fix it. Cyber security researchers would be all over it as well.
NSA can get away with using 0 days for years because they keep quiet about them, and dont use them frivilously.
Lol you are the only person with a brain in this thread. This entire service they’re advertising sounds like a scam.
People really think these apps are bypassing the Android OS protections that show the microphone icon when the mic is listening?
And what apps are widespread enough that it can capture a wide enough range of people to target the things their customers would want while also not getting discovered or someone working for the app disclosing it?
I don’t create anon accounts nearly as much as you say you do, but when I do I a correct-horse generator, and just pick the first two words and mash them together. It has never produced a conflict yet.
keepass2android’s password generator can generate these on mobile, and there are several for the command line.
Piped for desktop would be a better option for youtube imo, but really depends on which “Big tech company” you’re trying to hide from and what information do you want to share with them. For example, Google probably has your ip tied to your gmail account, which has whatever information you used, since you didn’t use a vpn when first creating it. Also unless you disabled the bloatware via adb that came with your xiaomi device some other third party company may also have your ip and whatever info you inputted into those apps, if at all. Again just depends on what you want so your setup might be fine.
Edit: if wanting to protect from google then your mobile device is the biggest issue. Getting an always on vpn is a must (look at proton or mullvad), remove your personal account and create a burner with fake info and use something like aurora store with that burner account should help a lot. Would be really inconvenient if you still use your personal gmail account so maybe before doing anything start migrating to a different email provider
Edit 2: if protecting from meta then facebook messenger is the biggest issue. Getting an always on vpn that comes bundled with protection from trackers/ads (mullvad and proton i think does this) maybe your best choice unless you want to recreate your account and lose all of your contacts/messages which would be really inconvenient. So just treat facebook messenger like a public forum and dont give up too much info. If its possible maybe use a hardened browser, like mull +ublock, instead to use facebook messenger again if thats possible
My goal is to reduce the information collected about me (increase my privacy) as much as possible and at the same time keep as much of my convenience as possible. I’m not sure how much of an effect this has, but I never used any of the Xiaomi bloatware apps, because when you first open any of them you have to agree to their terms & conditions and when I tap disagree the apps just close (even the calculator, for example). Piped sounds like an interesting thing I should look into, I keep seeing it being mentioned everywhere. But I would assume that if there is a way to login to my account to get all my subscriptions and recommendations the privacy aspect will still be heavily compromised.
Havent personally created an account with piped since I like to limit accounts where ever possible but I believe you create an account with the piped instance that you choose so you dont login to your google account at all. You’ll have to do a google takeout iirc inorder to get a copy of your youtube subscription which you can then import.
Good rules of measure is to do public searches on yourself. See what’s in public databases, but to answer your question depends on who/what you consider big tech? And track
By track I mean collect information about me, my browsing habits, my interests. By big tech I really mean any company, but mostly the FANG ones. Could you provide some good resources on how to do these public searches? I assume you don’t just mean to look up my full name on Google.
A lot of open source software is made by enthusiasts for free. A lot more of it is made by companies like Microsoft or Google for various reasons - I believe mostly to claim “we’re open source”, but also to entice others to contribute more code that they can leverage for free, which is a valid reason too. One thing is sure: they do pay their engineers’ salaries
Free services however… That’s different: we all know why Microsoft or Google propose free services.
Now this unknown search engine you linked to: they could be funded by idealists who want to promote privacy, like the Calyx institute for example. However, looking at their website, I see no obvious reason why they propose the service they propose: they do have a Donate button that leads to a page with 4 payment links - 3 of which crypto - and their About Us button leads to a page that just says “test”. Kinda sketchy…
Therefore, I assume it’s up to no good, because that’s the reasonable thing to assume with any unknown website that looks sketchy.
when it comes to server-side software, FOSS is of little importance unless you are self hosting. there is zero way for you to verify, unlike client software.
Open-source isn’t a guarantee that whoever makes the open-source software is privacy-respecting. Android was made by Google for example, and it was made open-source for the express purpose of creating a mobile OS ecosystem that would become so dominant it would allow Google to collect data on as many people as possible. Google invested massive amounts of money developing an entire operating system for a reason: they didn’t do it out of kindness.
Conversely, closed source isn’t a guarantee that whoever makes the software is up to no good. There’s plenty of closed source software out there that’s perfectly legit. But of course it’s harder to verify the code if you have doubts.
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.