Do TOR Browser and Orbot have proprietary libraries?

Don’t worry, I handed out my Instagram to some people who requested it and those connections fizzled out just as easily.

Could be down to me only ever checking it on a designated laptop once a week, but in my opinion, if it comes down to an Instagram account and regular app access, can’t even exchange SMS numbers to text, then it’s already a tenuous connection.

Funny enough, I didn’t even make my own Instagram account. My friend really wanted me to be on Instagram so he went ahead, made it under my name, and handed me the keys. You probably can’t do this nowadays due to security checks, unless you’re Meta making a shadow profile kinda like my friend did for me. I’m just sitting on the shadow profile that would exist anyway, trying to contribute as little as possible.

18650s, but the laptops refuse to charge the batteries, so the BMS might be toast already.

I’ve been using purelymail.com, $10 a year gets me just what I need, which is as many independent addresses and inboxes as I would reasonably need under a parent account. It is what it says on the tin, so there aren’t any extras like file storage. Granted, there is a bus factor associated with Purelymail since it looks like a one-man operation for now.

I’m not qualified to speak on cloud-based calendars since I design and print my own.

The one thing that stood out about Purelymail to me was having not just aliases, but fully separate inboxes. But I’d also suggest checking out Tuta, Posteo, mailbox.org, and FastMail. I had also used Proton and was considering upgrading my plan. What kept me back was the web interface getting heavier by the year and having to install Bridge to use another client wasn’t my cup of tea. E2EE is certainly a good feature, but I’ve never found myself sending an email to another Proton user and therefore have never taken advantage of it.

Plain text is how I have it set up. I have the files named by date in one folder (made effortless with my small script) and a plain text editor on my phone, also pointed to a specific folder. The setup is pretty much ready for Syncthing if I wanted to automate syncing, but I haven’t bothered yet.

I see. I’m notorious among colleagues for going the extra mile and putting Whatsapp on a separate phone, which I only check on a routine. Hoping that there’s a category of notifications can be disabled for ads, but no big loss if the notifications should be shut off altogether.

There’s the Whatsapp web client on F-Droid: https://f-droid.org/en/packages/io.kuenzler.whatsappwebtogo/

But it still requires the official mobile app for the initial login. When I used it, logging in once seemed to be good for a few months, as long you open it from time to time. There’s also a Whatsapp clone that seems to support login, but I haven’t tried it and it hasn’t seen updates in a couple years: https://github.com/KhubaibKhan4/Whatsify-Android

Same here, not yet at the point where I can convince all my colleagues to switch over. Why disable notifications in particular?

Wondering the same. I’ve been hoping to hold off on a new Pixel until the new EU battery laws take effect (also, where the hell is concept art for a new generation of user-serviceable batteries?).

You know those factories that pump out iPhone clones? Honestly, I’d love to get whoever runs one of those hooked on GrapheneOS. It’s damn impressive how they can set up the tooling, clone the iOS UI, and sell it all for cheap within a couple of months. And without the kickback Google gives for pre-installing Google Play or whatever. Imagine that effort being put towards a phone just for GrapheneOS.

Admittedly, someone who makes iPhone clones is probably not someone who thinks about security much, but my point is, I really wish someone stepped up to produce phones with first-class support for GrapheneOS.

More realistically, I’m banking on the passion of the folks at GrapheneOS. Should Google pull the plug one day, I’m hopeful the GOS team can recommend a plan of action until a more GOS-friendly device shows up. Worst case scenario, I’ll keep my Pixel with GOS kicking around and have a separate device with regular Android. It’ll be just for the apps that demand spying, shut off at night, and I’ll minimize travelling with it.

Some companies like to roll out just an app with no desktop equivalent. An Android phone with the SIM taken out is also one of the few ways to create a new Google account without disclosing your phone number nowadays.

My first instinct is to recommend a recent Pixel with GrapheneOS:

• Make sure to buy a factory-unlocked model so that it’s not locked down to the stock OS. Preferably also gently-used second-hand so no money goes directly to Google.
• Of the options, GrapheneOS gives you the most compatibility, security, and updates.
• Installing GrapheneOS can be intimidating at first, but it’s pretty hard to mess up if you install through a Chromium-based browser.

I’ve also used CalyxOS and it’s a solid option that supports a few models outside of Pixels. But if you end up needing Google Play Services, you’ll be stuck with its replacement microG, while GrapheneOS offers sandboxed full-fat Google Play Services. While still secure, it’s not the hardline security of GrapheneOS.

I have no experience with FairPhone or Linux phones. Fairphones’ main attractions are the easily replaceable battery and microSD slot. Linux phones are still too cumbersome for the regular user to daily drive.

EDIT: see also this table comparing privacy-focused options https://threecats.com.au/comparison-of-custom-alternative-android-os-roms-grapheneos-divestos-calyxos-iodos-eos-lineageos-stock-android-aosp

In the US, AT&T, Verizon, and T-Mobile have an oligopoly over the cellular infrastructure. All of the other carriers (MVNO) just piggyback off the infrastructure of the big three. Traditional voice calls and SMS (“green bubble”) texts are unencrypted and logged, no matter the carrier. Carriers can also perform cell tower triangulation and track the IMEI, which is permanently associated with your phone, surviving even an OS reinstall.

One way you may try to avoid handing over identification at activation or payment for cell service is to buy a 1-year prepaid SIM with a prepaid gift card to a trusted friend’s or otherwise shared mailbox. Or buy a prepaid SIM at a brick-and-mortar store with cash and top off with refill cards thereafter.

Common vulnerabilities: Tracking by carrier, including cell tower triangulation, SMS, and call logs.

Non-smartphone specific vulnerabilities: Lack of security updates. However, the data to be exfiltrated from a non-smartphone is limited. If it’s only call logs and text messages, everything’s already compromised by virtue of the carrier. So the level of concern will vary with your threat model.

Smartphone-specific vulnerabilities: Tracking by apps, manufacturer, OS vendor, or just about anything that can take advantage of the smartphone’s computing power. More data to be exfiltrated if it falls to a security vulnerability.

Smartphone-specific advantages: Can be run Wi-Fi only to avoid tracking by carrier.

Can relate. I have a phone with stock Android and a removable battery for anything won’t or I’d rather not have on my primary GrapheneOS phone. I only ever plug in the battery as needed and when I’m settled at the safety of my desk.

That’s quite appalling. Might try out LeOS, also curious why it isn’t brought up more often. Perhaps because the color scheme screams “I paid for all 16’777’216 colors so I’m gonna use them all!”? Not a dealbreaker for me, but if you have used it, is there an option for less colorful icons?

Looks like it’s made by a third party: https://www.telemessage.com/tag/tm-sgnl-android-installation-upgrade-guide/

Also got the same impression back when I used XScreenSaver from jwz. I looked in to customizing the logo shown on the login dialog and some of the screensavers, only to find a rather preachy write-up on the advantages of XScreenSaver and a very stubborn affirmation that the logo is hard-coded and should not be changed because it is the identity of the program or something.

It bugs me how, within a month after Apple releases a new iPhone, small-time manufacturers put together the hardware, custom ROMs, and tooling to pump out bespoke knock-offs of the latest model. Which sell for maybe $200. While we’re stuck worrying that the development of a new Linux phone, with completely ordinary hardware by today’s standards, might get mismanaged to hell or ends up costing a fortune.

Limitations

• Debian with XFCE: I want all of my Linux machines, both older and newer, fast and slow, to be consistent, with the GUI customized to my taste. I accept that I will miss out on whatever security benefits Wayland or distros like secureblue may provide.

• Networking: In the grand scheme of things, I know jack shit about networking. OPNsense, Pi-Hole, VPN, etc. would probably help my cause but I have yet to implement many network-based measures.

• Corporate conveniences: There are colleagues I need to reach with Whatsapp or SMS and there is software for my job that requires Windows. I try to sequester all of this among my work devices.

All of my frequently-used computers on Linux have “hardened Debian”

• hardened to the best of my ability according to Madaidan, with compromises to avoid obstructing day-to-day work
• LUKS encryption
• MAC randomization
• Mullvad DNS
• Hyper-threading disabled
• Rootless Xorg
• Firewall defaulting to deny
• unattended-upgrades
• LibreWolf
• Passwords in KeePass

Personal devices

• Desktop: The usual software. Non-FOSS components are mostly gaming-related.

• Server: Jellyfin, NAS, Local LLM / Stable Diffusion, and secondary workstation, each hosted on LAN in their own VMs. SSH password authentication disabled. Would like to set up a VPN so I can access it away from home someday.

• Backups: weekly to server, which is pulled to an offline encrypted 8TB disk about monthly. Repeat for the off-site disk that I store in a drawer at work.

Phone:

• Pixel with GrapheneOS and FOSS apps only
• Messaging primarily using Molly (Signal client)
• Email from important work and family contacts forwarded to my inbox on PurelyMail
• Looking to get a non-KYC eSIM once I learn how to pay in Monero
• Mullvad DNS

The “DMZ”

• Tablet: Samsung Tab A7 Lite received as a gift. Installed an AOSP GSI ROM (no Google Play services or GApps), mostly used as a NewPipe and travel device.

• Laptop: ThinkPad X230 with Coreboot and soft-disabled Intel ME. Also hardened Debian with the usual software, nearly all FOSS components with the exception of intel-microcode and the VGA option BIOS. I say it’s the DMZ since personal stuff resides here, but most of my work also ends up here. Logged in to work-related websites and email in a separate user profile for LibreWolf.

“Work” devices (for context, work has BYOD policy and does not provide devices for us to bring home)

• Laptop: can’t be bothered anymore to fuss with Windows VMs or debloating that go stale twice a year, so I just bring a separate lightweight ThinkPad with full-fat Windows for everything that requires it. While some proprietary software packages support Linux, I’ll also just throw the Windows versions on this laptop.

• Backup Phone (unused for now): Samsung XCover Pro with removable battery, waiting for the day I encounter apps that demand a stock version of Android. When not in use, the battery is removed.

• Occasional check of social media also takes place on one of these devices, though through the browser rather than an app.

Phone:

• Old Pixel with GrapheneOS
• Nothing I use really needs Google Play services
• One user profile for work apps, including proprietary 2FA and Slack
• Another user profile for various proprietary apps that aren’t necessarily work-related, but that I’m not entirely comfortable having on my personal phone.

Nothing yet. This came about before I learned to use email aliases, so I created a couple accounts in fear of being correlated across shopping sites and other services. Though at no point did I consume more than 500 MB across my accounts, the limit for one free account. Not that this exonerates me, but I’d imagine heavy use across free accounts would raise suspicions sooner.

If anyone at Proton is reading this, my apologies and many thanks for graciously providing these accounts for free the past several years. I’ll stop leeching resources once I finish migrating to my new email provider.

A video would show up there, but it is also missing for my setup of Librewolf.