idk man, but I’d still much rather have encryption, even if I’m up against the alphabet boys:
What’s the point of life if crippling, paralyzing fear is all there is to it? I work on being a good steward of my privacy as much as it brings me joy and satisfaction, not so much that it consumes every waking hour.
Whatever it is, review your threat model. What’s done is done and there is little that can be done to redact any evidence you may have left on the internet. Are you able to stop doing whatever it is that is putting you at risk of legal trouble?
If it’s an drug or psychological problem, you need to seek professional medical attention. Many people die or suffer life-changing illness each year fearing that their doctors will rat them out for substance abuse. Don’t be one of them. Patient privacy laws, at least in the US, prevent your doctors, therapists, etc. will protect you if you go and seek help. The main thing that they would have to disclose is if you make direct, credible threats to other people.
If it’s a criminal operation or worse, lawyer up and good luck.
I’m ready to be called milquetoast, and while I see where this comes from, it comes off idealistic if we are to communicate with people in the present day in any practical way. Do not forget how much of an improvement it already is over the likes of proprietary messaging apps and how much effort it already is to move people to Signal. It is surprisingly difficult for common folk to grasp the concept of anything but a phone number when it comes to messaging apps.
I’m interested to see if anyone else has run into the same situation and found a good thought process for it. Problem is, if I need to pull anything from a pseudonym over to an identifiable portfolio, that pseudonym is no longer useful. But I can’t really justify getting a personal domain name if all it’s doing is hosting a glorified resume.
Using a bridge can sidestep telemetry that comes with official apps/clients. The services will also see a ping from your bridge server rather than, say, a direct ping from your mobile device. Make sure to self-host if you want to avoid introducing new parties to your communication stack.
Conceptually, it’s a messaging app done right. Not haunted by legacy identifiers like phone numbers, can be run in a decentralized manner, and a more secure invite system.
In practice, it tends to burn through battery, and it’s already hard enough getting people to use Signal. People also seem to have a hard time grasping the concepts of invites, or anything that’s not a phone number for that matter.
I’ve stopped using it due to the battery issue and I don’t want to fragment my communication strategy further. It ought to have a privacy advantage by virtue of not needing a phone number, but at the end of the day, my messages are also getting swept up on the other end by non-privacy-respecting phones.
Maybe leeching (cursory search suggests subpar upload performance), but your hard-earned money would be better spent helping out a more ethical VPN provider than thrown to the sharks.
Most of the popular open-source ones are fine. VSCodium if you want a rich GUI or perhaps Geany if you want a lightweight but beginner-friendly editor. Only things you’ll have to watch out for are editors with online features like AI integration, particularly Microsoft VSCode and the new notepad.exe with AI.
What a shitty banking app. The malware explanation could just be customer service boilerplate. They might have just implemented some commercial fingerprinting/analysis/security library in the app that freaked out at the minimal fingerprint of the GrapheneOS profile and defaulted to locking you out.
As individuals, we need to continue defending and advocating for our privacy - using privacy-respecting phones and software even if it’s difficult and organize against surveillance capitalism, or at least donate to existing advocacy groups. And the developers that make privacy-respecting alternatives more accessible. Not much of an easy way out since we’re up against Big Tech on a profoundly uneven playing field.
But for immediate issues like this, I would get a cheap separate phone with regular Android to handle the app if the bank doesn’t offer the same services through a browser. Try to keep it on an isolated network and only power it on when necessary.
Very much agree with the encryption key management. My friend group and I stopped using Matrix because the getting encryption right between all of our devices proved frustrating, especially if a reinstall or phone upgrade comes up.
If you have $150 to spare (depending on country), a secondhand Pixel 7a is a great starting point to try out GrapheneOS without directly contributing to Google. Just make sure it’s carrier unlocked so it allows bootloader unlocking. For $100 more, a Pixel 8a will get you several more years of software support. Practically everything just works with GrapheneOS.
Fairphone with /e/OS is leagues better than Googled Android, but little to no additional security hardening has been done over plain AOSP (which itself is quite secure against non-state-sponsored attacks to be fair). Also, some pings to Google have yet to be patched out, see https://eylenburg.github.io/android_comparison.htm
Linux phones are much better than they were a few years ago, but unless your workflow tolerates the occasional disruption due to a bug or missing feature, they aren’t exactly production-ready for most users. But a good sneak peek into the future of privacy phones given the way Android is headed now.
MicroG works for many things, but not everything. Google’s own apps don’t play well and some of my work apps don’t send notifications when using MicroG. But GrapheneOS supports a sandboxed, proper instance of Google Play Services should you need it.
Google Wallet and anything requiring the Play Integrity API will not work with third-party OSes, not even GrapheneOS (perhaps until they release their own phone).
Easy, don’t use digital technology and live in a shack in the middle of Bir Tawil. That’s the exact attitude Apple, Google, et al. want people to have.
Privacy is not a game of absolutes. You make a threat model and do the best you reasonably can. I hope you at least enjoyed your head start on privacy by choosing GrapheneOS.
Fine choices and nothing wrong unless there’s someone actively out to get you. In that using TOR as VPN leaves a very distinct fingerprint compared to the vast majority of Tor users on the standardized Tor Browser.
Unfortunately, the post radiates small 🍆 energy.
To be fair, I only have a few of my friends and some of my family on XMPP. I’m also guilty of having WhatsApp on my work phone for colleagues and the rest of my friends.
It’s on the IzzyOnDroid repo: https://apt.izzysoft.de/fdroid/index/apk/com.cyb3rg0d.canvass
Fossify Paint does the same thing without adding the IzzyOnDroid repo, I just happen to have Canvass since it was the first thing that showed up when I searched.
My take is that Proton CEO Andy Yen’s pro-Trump comments were born out of naïvety, not the same mindset that plagues tech CEOs in the US. Combining that with Proton’s benign actions since then, I think it’s a good time to diversify, become familiar with alternatives like Tuta as you say, and make a backup plan should they enshittify, but don’t rush to jump ship now.
Pixel 5, unfortunately a bit out of date since I’m putting off the repair of my 7a. Same app selection on the 7a though since I’ve maintained this as my backup.
I would be in the loop, but not necessarily OP. I am calling out OC to defend their suggestion with more than a simple accusation.
My bad, misremembered that RiMusic fetches from Youtube music instead of Spotify
I want Hell’s Kitchen but for tech stuff - people’s phones, gaming setups, and server rooms