Pantherina

Pantherina, 9 months ago

Yes just install something that never breaks, has a graphical appstore with the correct sources, and a good GUI.

I would say try Fedora Silverblue from Ublue.it. it updates automatically (at least it should), and all your apps can be installed from your software store.

Pantherina, 9 months ago

Forgot to turn off Bluetooth. Apple phones activate it automatically to keep up their tracking network anywhere.

Just going from your home to anywhere and coming back with a burner phone doesnt make sense. You have to turn it off before going anywhere near your home.

Connecting your identity based on the co-location of your burner and personal phones would generally require access to data from multiple sources and may not be easily achievable without your consent or cooperation.

Okay just no.

Do not use standard SMS or iMessage.

Good advice. Flight mode too. Also disable 2G and 3G, which poorly still is impossible in Germany.

Apple’s iMessage uses end-to-end encryption, which means that messages sent between Apple devices are encrypted and can only be decrypted by the sender and the recipient. This provides a high level of security.

Now advise for that messenger again? Trust me bro.

WhatsApp, which are available on both platforms, offer end-to-end encryption for text messages and voice/video calls.

Trust me bro 2.

Both Android and Apple devices allow users to control app permissions, including access to contacts, location, and other sensitive data. If you really want to enhance your security and privacy, it’s crucial to review and manage what permissions apps have.

On Stock Android all the spyware is already installed, as system apps. They have no permissions and you are already fucked.

Advanced tracking methods can link your activity to your IP address

No that is not advanced, that is the most basic possible.

Use a VPN to mask your IP address.

“a VPN”, very good tip thanks

---

Overall the article is okay though, lots of good tips. We have to see people dont know shit so they need to start somewhere.

But why they dont recommend a single app apart from Signal is insane.

General

• no stock Android or iOS ever!
• GrapheneOS
• Google Pixels (probably not having a backdoor?)
• preregistered SIM cards
• good email and VPN provider

Software

• Mull, Arkenfox, Brave
• SimpleX, Briar, Anonymous Messenger
• Onionshare
• Torbrowser
• Orbot
• or i2p alternatives that work
• Monero
• a privacy friendly Keyboard like Florisboard and Openboard
• no google play services (they are a way for carriers to install malware how they like)
• …

Settings

• anonymized MAC
• encryption without fingerprint and scrambled layout
• email aliases for everything
• Fakeaccounts with your real name and matching fake pictures
• automatic reboot and updates

Pantherina, 9 months ago

Same Wifi. If you want to not be identified to your home, use a VPN like Mullvad.

But yeah GFs with iphones, love it.

Pantherina, 9 months ago

Windows preloads the entire desktop it seems, before logging in. That is pretty great. Apps starting is the same, just more bloat often. Flatpaks make it more equal though. Firefox does some nice UI-preloading too, and FF on Windows is actually more secure than on Linux ironically.

So there are things to fix, but comparing breaking windows updates to never breaking and way faster immutable rpm-ostree updates, while you use the system normally, its worlds.

Pantherina, 9 months ago

I dont think Mozilla sends your account data to Google. And because the main homepage uses tracking, that is not a sign that the internal account database is shared. These are completely unrelated.

Pantherina, 9 months ago

Thats most often privacy improvements and not hardening, two different things.

I dont wanna use Chromium, but if I would, I would use Brave.

Pantherina, 9 months ago

No the base Browser needs to be hardened. On top of that you can install addons but privacy badger is pretty weak afaik, and canvas is just one vector. There still is UA, Apis, referrer policies, WebGL etc

Pantherina, 9 months ago

I would try the Distro on an external SSD first maybe?

PopOS is way more modern that Mint, so you may have negative effects from switching

Pantherina, 9 months ago (edited 8 months ago)

Yes if that works for sure. Problem here is that GNOME and KDE use different webengines, so yay no standards. Firefox doesnt support that I think?

I use a seperate firefox profile with a shortcut like

<span style="color:#323232;">blabla desktop entry
</span><span style="color:#323232;">Name=Captive Portal
</span><span style="color:#323232;">Exec=mullvad-exclude firefox -P captive http://captive.kuketz.de
</span>

I wanted to do something with mullvad-exclude but that didnt work for some reason, as when excluding it I think it had no internet?

Pantherina, 9 months ago

Yes I think you can exclude local IPs in systemd-resolved

Pantherina, 9 months ago

Cool!

Pantherina, 9 months ago

In Germany every public wifi, train (ICE windows block cell internetand they are currently lasering small waves in them), hotels, cafes, private wifis even if you are a guest.

Because of “data protection” everyone needs to accept TOS so every network has them.

No idea where you live but cell data is often expensive.

I just use the MullvadVPN app, my systemd-resolved is plain and insecure and Mullvad does all the secure DNS stuff. Obviously sucks and is not scalable at all.

Systemd implementing a switch that could then be integrated into GUIs, like KDE6’s captive portal opener, is crucial. So for the portals you would make the DNS insecure, log in and secure it again. Best automatically.

Pantherina, 9 months ago

That is neat! It is a specific response so it should work.

<span style="color:#323232;">#!/bin/bash
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Function to set insecure DNS
</span><span style="color:#323232;">function insecure-dns() {
</span><span style="color:#323232;">  # Backup the original resolved.conf file
</span><span style="color:#323232;">  cp /etc/systemd/resolved.conf /etc/systemd/resolved.conf.bak
</span><span style="color:#323232;">
</span><span style="color:#323232;">  # Modify resolved.conf to disable custom DNS, DoT, and DNSSEC
</span><span style="color:#323232;">  sed -i 's/^DNS=.*/#DNS=/; s/^Domains=.*/#Domains=/; s/^DNSOverTLS=.*/#DNSOverTLS=/; s/^DNSSEC=.*/#DNSSEC=/' /etc/systemd/resolved.conf
</span><span style="color:#323232;">
</span><span style="color:#323232;">  # Restart systemd-resolved
</span><span style="color:#323232;">  systemctl restart systemd-resolved
</span><span style="color:#323232;">}
</span><span style="color:#323232;">
</span><span style="color:#323232;"># Function to set secure DNS
</span><span style="color:#323232;">function secure-dns() {
</span><span style="color:#323232;">  # Restore the original resolved.conf file
</span><span style="color:#323232;">  mv /etc/systemd/resolved.conf.bak /etc/systemd/resolved.conf
</span><span style="color:#323232;">
</span><span style="color:#323232;">  # Restart systemd-resolved
</span><span style="color:#323232;">  systemctl restart systemd-resolved
</span><span style="color:#323232;">}
</span><span style="color:#323232;">
</span><span style="color:#323232;">while true; do
</span><span style="color:#323232;">  response=$(curl -sI captive.test.com | head -n 1 | cut -d' ' -f2)
</span><span style="color:#323232;">
</span><span style="color:#323232;">  if [ "$response" == "200" ]; then
</span><span style="color:#323232;">    insecure-dns
</span><span style="color:#323232;">    xdg-open captive.test.com
</span><span style="color:#323232;">    sleep 30
</span><span style="color:#323232;">    # something to wait until window is closed, otherwise spam!
</span><span style="color:#323232;">  else
</span><span style="color:#323232;">    secure-dns
</span><span style="color:#323232;">  fi
</span><span style="color:#323232;">
</span><span style="color:#323232;">  sleep 5
</span><span style="color:#323232;">done
</span>

This should work. What would be needed is to track the process of the login and only continue when the window is closed again.

Pantherina, 9 months ago

In the EU it is illegal to save unnecessary Cookies without active consent. So the best you can do for your privacy is use Ublock origin with a cookiebanner list!

But this should only be for EU I guess

Pantherina, 9 months ago

Florisboard if you want high customizability, clipboard actions and internal (!) history, great privacy option.

Openboard if you want swipe typing and autocomplete.

Thumbkey if you want a keyboard that is made for use with two thumbs.

Pantherina, 9 months ago

Grayjay, Freetube and Newpipe work.

So just use Googles resources, build decentralized identities (@ all content creators!) and you are just fine for the dooms day when Youtube uses DRM or something

Pantherina, 9 months ago

What experience?

Pantherina, 9 months ago

It isnt?

Pantherina, 9 months ago

Did you change your fstab, or have a full partition or something?

Pantherina, 9 months ago

Oh noooo, so I have a useless project now? But I guess I will just copy what I need and make it my own.

Thanks!

Pantherina, 9 months ago

Flatpak uses ostree just as my system. So probably lots of the files are already deduplicated and it is not as dramatic as it seems.

Pantherina, 9 months ago

Thanks! The same goes for ostree system versions and BTRFS snapshots probably.

I have a similar problem with virt-manager and I think that doesnt create dynamically allocated qcow2 containers?