Cash is pretty accessible where I live, but I’m always in for a surprise when I gravitate towards self-checkout and realize that it’s a card-only machine.

Prepaid cards used to be my go-to online, but it seems that fewer and fewer payment processors are letting them through their “security” checks. They were also next to impossible to obtain when I was in Europe. For a lack of better options on hand, I went with privacy.com’s virtual cards, which doesn’t really anonymize things in the eyes of MasterCard, but I suppose it’s better than nothing.

The only other thing I could think of is signing up for eBay or Amazon with a pseudonym, paying with gift cards purchased at a store with cash, and shipping to a PO box or Amazon pick-up location.

Ideally Monero, but it’s not as straightforward to obtain and there’s a very limited selection of vendors that accept it.

Building a threat model helped me figure out what was worth my energy and what can be put off to be done later at my leisure. This should be your first step.

What kind of phone and OS do you use? You can contain the spying a bit if you set up a work profile with Insular or Shelter, install your proprietary apps there, set a schedule for checking those, and turn off the profile otherwise. I realize that it’s not the easiest, but if you can find people to talk to in real life regularly, frequent access to messages / social media need not be a prerequisite to a healthy social life.

Getting hacked through the BIOS/Intel ME, while possible, is statistically highly unlikely, activist or not. If there’s a piece of technology I have to use, but don’t trust, I just keep it at my desk, fine as long as it can’t actively track me moving around. Don’t let perfection get in the way of your bigger goals.

While we’re at it, have you considered libreboot on the T480? A few tiny scraps of the Intel ME do have to be left in place, but realistically they’re not going to see an exploit anytime soon. And you’ll still have most of the satisfaction of liberating your computer.

I credit a good part of my success bringing friends and family over to Signal to the fact that it emulates what ordinary people are used to: a centralized service where people’s identities are associated with phone numbers. No need to teach them anything new, just download it, punch in your number, and then punch in my number. I think Signal is targeting exactly that and putting more anonymous and decentralized models way on the back burner. Concepts as simple to us as ‘instances’ are surprisingly difficult to explain to newcomers, and I wouldn’t be surprised if accounts not associated with phone numbers pose a discoverability issue.

This all might be sidestepping the question a bit since I haven’t dug deep into the issue, but my thinking is that Signal, in its current state, should be seen as a transitional solution until things like SimpleX become more mature and widespread.

Can confirm, to a lesser extent. Each query takes a few seconds to resolve, which isn’t a huge deal, except when browsing, so I set Adguard DNS within the browser.

Personally a fan of XMPP, it’s about the only decentralized alternative to Signal that’s worked well and reliably “out of the box” for me. SimpleX is really nice in principle, but my messages end up stuck in limbo sometimes and it burns through my phone’s battery.

Haven’t used Briar much, was missing a couple features I wanted.

WiFi scanning itself does require location permissions, but I have no idea why a DNS app needs to also scan WiFi. Also, a closed-source app like that just doesn’t inspire confidence. Consider using Rethink DNS from F-Droid.

Makes me feel like I’m doing the best I reasonably can, even if it’s of limited effect. Also, built-in aliasing service.

I sorely miss DivestOS for this purpose, but I’d consider CalyxOS (development sadly on pause) and iodeOS as runners-up. /e/OS got caught sending voice-to-text data to OpenAI, so I’d stay away for the time being.

edit: sad to see that iode has a freemium model on some of its features. see replies for more nuance on the /e/OS situation.

LineageOS will get the most years of support out of the most devices. While leagues ahead of Android for privacy, bear in mind that it still isn’t airtight with regard to the occasional piece of telemetry data sent back to Google. It’s about the only thing that can keep one of my older Pixels somewhat up-to-date.

LeOS is like LineageOS with all Google telemetry stripped out, but only in GSI form (no builds optimized for specific devices), so YMMV with hardware compatibility. I have this on my Samsung tablet.

I’ve also heard about Volla Phones (with VollaOS) and Brax Phones (with iodeOS or Ubuntu Touch), but haven’t taken a serious look since the screen sizes offered are too big for me.

I might try out a Linux phone next, but the relative lack of battery optimizations and edge-case issues leave me a bit hesitant. Also, check out detailed comparison of the common Android ROMs with regard to privacy and security: https://eylenburg.github.io/android_comparison.htm

How I wish my friends and colleagues weren’t. Sometimes I don’t have the heart to ask them not to post pictures with my face online.

Keep in mind that every Apple phone is also an AirTag, even if “powered off”. This isn’t the case with most Android phones, and you can get one with a removable battery to ensure it. Sure, there’s Faraday bags, but they are easy to mess up, while you can’t go wrong with just pulling the power at the source.

Also, you don’t have to buy from Google. There’s the second-hand and discount reseller market.

We shouldn’t live life settling for the “lesser evil”, we need more hardware to support things like GrapheneOS.

Looks cool, but unless I’m missing something, they’ve only published a few bits and pieces of the LibertOS code

How much does the Librem 5 satisfy what you want out of a daily driver phone?

Until substantially more people join the fight for privacy or something else fundamentally changes, I think there is a very real possibility of Google completely clamping down on Android while governments and workplaces mandate apps that only run on phones with all of Google or Apple’s bells and whistles.

But the folks at GrapheneOS, Calyx, and Murena seem to be a devoted and resourceful bunch, so I am hopeful that they can give something for us to work with, even if Google pulls the plug, whether it’s a fork of Android or rebasing to mobile Linux.

If that all falls through, I’ll look for whichever phone supports Linux best and eventually move everything over. The vast majority of the apps I use regularly on my GrapheneOS phone aren’t very demanding and have a decent alternative on Linux. And whatever apps are forced on me by other people will reside on a dedicated Android phone, ideally with a removable battery.

For this year, I’d still recommend a secondhand or reseller Pixel with GrapheneOS. Everything just works on it.

ELI5 if this will affect the use of F-Droid?

Mine has been around for ages and I’m itching to delete it. But sometimes it comes in handy with an edge case where I do need a non-work Google account. I’m of the opinion that they’ll keep some sort of shadow profile kicking around after I delete the account, but it’ll at least feel liberating when I do.

Bear in mind that many modern fingerprint readers can work through even a latex glove, defeating non-destructive attempts to obscure fingerprints.

Also, a wet, wrinkly fingerprint is usually not recognized unless it is itself also enrolled on a fingerprint reader. Perhaps too anecdotal and conspicuous, but I’ll throw it out there too.

Not an answer to your question, but it would be interesting to see how much those companies already have on all of us already since the TSA sometimes hands out a free trial of PreCheck without any action on the traveller’s part.

That’s also the lovely thing with AI assistants like Gemini and Recall. Instead of having to deal with the PR fallout of client-side scanning, they just let the AI hoover up your data while it’s in plain view on your phone or computer.

Second one rides a fine line between privacy and practicality, but better to be tracked for a few frames every 10 minutes than continuously

The usual measures, like avoiding their browser extensions and cookies, should keep you in the clear for the most part. The last time I had a code from Honey, Retailmenot, or Groupon work for a major site like eBay and Amazon was maybe in 2021. Stopped trying later that year. They’ve mostly cracked down on it in favor of automatic discounts.