I’ve kind of come full circle on all this to where I no longer care. The slippery slope arguments are largely hypothetical imo…Google knows some stuff about me and attempts to show me ads, the vast majority of which I block, so what?
I pay taxes, have a social security number, my bank and credit card companies know my purchase history, the credit bureaus know my mortgage payment and lender, etc…
The myth of an off the grid life is exactly that, a myth. And what does it achieve for you other than some vague sense of idealistic pride?
Google provides tremendous utility to the world essentially for free; its search engine, maps, mail client apps, browser, etc. are tools billions of people use every day. How do they maintain a global network of data centers and localize their products to hundreds of languages…none of that is free. If big companies want to give them money in an attempt at to get me to pay attention to them then so be it, let them finance it. Imagine if only those who could afford to pay could use these tools.
Google provides tremendous utility to the world essentially for free; its search engine, maps, mail client apps, browser, etc. are tools billions of people use every day. How do they maintain a global network of data centers and localize their products to hundreds of languages…none of that is free.
Pretty much this. I get the “you don’t know what the bad guys will criminalize next” argument, but I have a hard time seeing it, when it comes to my browsing patterns.
It doesn’t have to be black and white. As many comments have already mentioned, it all depends on your threat model. Sure, it’s literally impossible to be completely private or anonymous unless you never go online and live like a hermit, but that doesn’t mean you can’t take steps to minimize what personal information companies get from you. You can still care about your private data while at the same time not sacrificing convenience.
I’ve kind of come full circle on all this to where I no longer care.
I’m at a similar point. I saw how people who don’t think about privacy handle the world and realized its not so bad.
In the end its all datamining for targeted ads, which only works if I can see the ads they’re trying to target me with.
It also helped that I had a job directly working with the kind of data I worked so hard to block and saw both how unreliable the data was, and how much companies struggle to actually put that data to use
Haha yes! People assume data brokers “know” a lot about a person, but really it’s fuzzy signals. It is far from a crystal ball or a perfect record of every website you’ve ever visited, etc…
At some point it is not about individuals but big corporations that need their services, and they buy them.
They should have built their business model as per their financial requirements from the outset then, if that was the problem for them.
But that should not justify or excuse them for doing things that are immoral and unethical.
Sounds more like a greedy approach than anything.
If I was an ethical and moral CEO of Google, and sought it costly to maintain such a huge infrastructure for millions of people around the world that are using their services freely, I would have made measures to shut them down or close them, instead of maliciously inserting things and harvesting stuff from them.
Then if they have such data, then they should be held accountable and responsible in the future for any damages as a result of their work processes, and that happened many times historically speaking. And any crime that happens, they either offer evidence or be complicit to hiding fugitives. Which alone is a process that will cost them alot, just having to do it, and cooperate w them any governmental party.
If I get in trouble in the future, I sure would love to have Google assist me in proving that I was innocent, by providing evidence through data that it has. But would they be willing to do so?
This is very interesting in a way to think about, as it shows where their weakness lies in their business model, and where they are strong.
But it goes to show how monopolistic they are, and, if anything, neglectful to basic human rights. Where I’m from, privacy is a human right. So there are many dimensions to take into consideration here - but ultimately they are only a small aspect of this whole complex dimension to boot.
Ultimately, it is their fault for not setting up their business model to meet up with their own financial requirements. And not ours.
Forgot to turn off Bluetooth. Apple phones activate it automatically to keep up their tracking network anywhere.
Just going from your home to anywhere and coming back with a burner phone doesnt make sense. You have to turn it off before going anywhere near your home.
Connecting your identity based on the co-location of your burner and personal phones would generally require access to data from multiple sources and may not be easily achievable without your consent or cooperation.
Okay just no.
Do not use standard SMS or iMessage.
Good advice. Flight mode too. Also disable 2G and 3G, which poorly still is impossible in Germany.
Apple’s iMessage uses end-to-end encryption, which means that messages sent between Apple devices are encrypted and can only be decrypted by the sender and the recipient. This provides a high level of security.
Now advise for that messenger again? Trust me bro.
WhatsApp, which are available on both platforms, offer end-to-end encryption for text messages and voice/video calls.
Trust me bro 2.
Both Android and Apple devices allow users to control app permissions, including access to contacts, location, and other sensitive data. If you really want to enhance your security and privacy, it’s crucial to review and manage what permissions apps have.
On Stock Android all the spyware is already installed, as system apps. They have no permissions and you are already fucked.
Advanced tracking methods can link your activity to your IP address
No that is not advanced, that is the most basic possible.
Use a VPN to mask your IP address.
“a VPN”, very good tip thanks
Overall the article is okay though, lots of good tips. We have to see people dont know shit so they need to start somewhere.
But why they dont recommend a single app apart from Signal is insane.
General
no stock Android or iOS ever!
GrapheneOS
Google Pixels (probably not having a backdoor?)
preregistered SIM cards
good email and VPN provider
Software
Mull, Arkenfox, Brave
SimpleX, Briar, Anonymous Messenger
Onionshare
Torbrowser
Orbot
or i2p alternatives that work
Monero
a privacy friendly Keyboard like Florisboard and Openboard
no google play services (they are a way for carriers to install malware how they like)
…
Settings
anonymized MAC
encryption without fingerprint and scrambled layout
email aliases for everything
Fakeaccounts with your real name and matching fake pictures
Heads up, I had to remove this extension on my browser because some websites would get stuck in a redirect loop because it’d remove the tracking stuff it’d use in a redirect chain. Took me months to figure out what was causing it
I’ve been using Telegram enough to understand that such allegations are useless. The first link is literally not about Telegram but about its 3rd party fork that original developers can’t do anything about. The second link is about piracy, and any app owner would handle any data they could in similar situations.
Telegram is not just a messaging app but a public platform with channels and public chats. Any app with these properties will eventually have the same issues. If you don’t want to risk, you just use it as a personal messaging app and that’s it - in this way it’s not much different from other “secure” messaging apps.
The way for apps like Signal to remain “truly secure” in “careful” users’ eyes is avoiding the introduction of the public communication part, which could lead to all the same problems some people don’t like Telegram for.
That said, Telegram actually has a history of being a “bad actor” if you want to call it so. Namely:
At first it was possible to steal someone’s account by faking a SIM card (any government can do this). Later Telegram introduced cloud password that helped to prevent such cases.
At various points Telegram wrongfully banned and marked as “fake” various channels and bots used by opposition in Russia.
But I can’t agree that either of that makes Telegram an insecure messaging platform. It’s either about bad management decisions in specific situations (e.g. Durov being worried about Telegram getting banned) or technical aspects of how user reports are handled (basically any channel can get marked “fake” if enough user reports are received).
If you’re ready to put on tinfoil, signal is not the way to go too
Phone number requirement is a big no-no in privacy community, plus signal wants to centralize more and more, when they could actually make it possible to selfhost signal
I don’t agree with you. so far Signal is the most mature and feature-rich messenger of the rest. yes, it provides privacy, not anonymity. but all new people are used to the algorithm of adding people, unlike SimpleX, Matrix, etc.
42 million user IDs and phone numbers for a third-party version of Telegram were exposed online without a password. The accounts belong to users in Iran, where the official Telegram app is blocked.
How is that a state exploit of Telegram? It’s not even about Telegram. It’s a third party app.
You can de-Google an Android phone with a custom ROM and have a phone that you have control over and know nobody is spying on you by running a firewall on the phone.
Actually, you can, with Lockdown for iOS or Lulu for macOS. There are other alternatives available, these are just a pair of FOSS examples. You can totally block *.apple.com if you really want to.
It’s not quite the same though. With a custom android ROM, you can be pretty confident that everything kernel-and-up is not spying on you. On iOS and macOS, you don’t have the same level of verifiability, as the OS could just circumvent any VPN/firewall you might have configured. They might pinky promise not to, but without running another external firewall it’s not really verifiable.
It said that Google put it in their aggregated report. Not that they disclosed it. There is a big difference between ‘we got 100 requests’ and ‘we got 10 requests for X info, 30 for Y info’.
ETA: I just looked at the data again, it’s broken in to categories like FISA NSL etc, then it just gives a range of requests 0-1000 etc.
if you’re a developer, there’s a very easy and practical way of testing this without trusting anyone’s (not even Google’s) word:
compile the most basic of flutter apps or some demo and see if the app makes any kind of request to the internet.
edit: a single web search reveals that Flutter has indeed Google telemetry enabled by default. developing your web searching skills is a good habit for developers.
edit: a single web search reveals that Flutter has indeed Google telemetry enabled by default. developing your web searching skills is a good habit for developers.
I already know this, just flutter config --disable-analytics solve this problem.
But there are more than this. For example, Flutter itself doesn’t work correctly. It needs the Android SDK (that is installed separately). And with this you need to accept the licenses and other stuff. That’s the point.
compile the most basic of flutter apps or some demo and see if the app makes any kind of request to the internet.
Jokes aside, Youtube doesn’t consider cracker to be a slur (because it’s not) I didn’t break the rule for Hate Speech I broke the rule for Harassment because I was mean to a billionaire. This is a repeated behavior on the site, where they’ll peckerwood for rich people.
simplex seems to check all boxes for respecting privacy. it doesnt rely on using any identity (no strong selectors like email addresses or phone number). seems very forward-thinking in its concepts.
there is now a discovery mechanism of some sort… but otherwise it’s a feature and not a bug that you can only identify people whom you had an initial exchange with. much preferable than something that Signal that without asking (and without opting out?) will by default access all your contacts and match them through the use of a strong selector (phone number) also:
i think with the minimal knowledge the server has of its users (and the no-identity concept) this really limits risk. Also it means that for the most tight of security models, one can use their own server (which is not feasible with most other chat protocols)
As someone who is a data hoarder/curator and dives into the deep ends of web abyss, I use Searx, Startpage and Yandex. I do not mind Startpage only because I no longer use search engines that much anymore. If something truly needs to be searched, Yandex is the absolute, untouchable king for web, image and reverse image searching, and is better than Google for privacy (very low bar but > Google/Bing).
Searx usually does deliver for the common use cases, and Startpage gives Google results minus SEO and sponsored trash.
If I were to rank them for results based on years of experience, Yandex is easily a 10 (ignoring its unbeatable image search), Searx with “default/all” language results a 7, Startpage a 5 (censors Russian/Chinese sources since it is based on Google), Qwant probably 3.5-4 (unavailable in many regions), Google 3, DDG and Bing 2. I am not sure how Metager, Mojeek and Kagi fare, but they probably perform somewhere between Searx with “default/all” language results and DDG.
Why Yandex is so above Searx metasearch is because its indexing is a lot faster than once a day, besides giving the experience of what Google was around 2009/10 and with no SEO crap. You will find the most obscure personal blog and website there, and DMCA bullshit does not work in Russia, which would work on any of these other search engines or metasearch instance owners.
privacy
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.