If you are in the US, take a look at Fidelity or Vanguard. They haven’t required the use of a smartphone app.

Using a phone with Android 8 isn’t best practice for security by any means, but unless you are being targeted or going around downloading shady apps, it’s more likely it will run into app incompatibility issues in the coming years than anything else.

For sites where I’m making a low-value, one-off purchase and never coming back, I’ll use a pseudonym alongside a prepaid gift card, or failing that, a privacy.com virtual card. Not quite a sustainable strategy with eBay or Amazon, especially if the package needs a signature, so I’ll just use a privacy.com virtual card and supply a P.O. Box address

Mostly accepted that it is the way it is for these things. If the privacy-friendly option is giving up a few conveniences, I’ll take it. But if it’s keeping me from reaching certain goals, I’ll tolerate a compromise. I don’t think I’m being targeted either, so it’s all tolerable in my personal threat model.

How time-consuming would doing it yourself be, if anyone here has tried?

In my opinion, the reward for rooting LineageOS is pretty limited for having to risk one of the more important aspects of the Android security model, since the base system is already decently clean. If you want to go the extra mile, you could try installing the LeOS GSI, which strips out the remaining pings to Google servers (see LineageOS column of the table).

Definitely double check if the build you use has anything weird configured, but modern LineageOS (and Android in general) should already have good encryption by default. Not sure if LineageOS already has a way to toggle per-app network access, but if not, take a look at RethinkDNS, does a fine job without root.

Not much you can do about the unlocked bootloader, but as long as you aren’t being targeted by some agency, sticking to trusted sources like F-Droid for apps will go a long way. I have a similar approach with two phones and minimal personal data stored on each, so I’d personally approve of those elements.

Faraday cage might be of interest with regard to the iPhone since those can still function as their own AirTags even when powered off. But modern phones are surprisingly sensitive to signals so the slightest imperfection, especially in cheap Faraday bags, could give you away. While you’re at it, make a threat model to see if Faraday cages are necessary for your needs.

Another common mozilla L

And me over here wanting to use parental controls to protect my elders haha

A win for you getting parental controls lifted, hopefully you can eventually prove to them that the phone is just fine (or even better) with your apps of choice.

My uncle has worked many years in IT and sometimes lectures me on digital privacy and security. But I got a glimpse of his phones and computers, it was disappointing. Bogus security apps and optimizations and a refusal to update Windows. Probably different situation with OP’s father, but quite emphasizes the importance of continuing education.

OP probably isn’t self-hosting it. I haven’t got around to self-hosting it either and:

• a majority of instances no longer include Google
• many instances return absolutely bogus results
• the ones that return reasonable results have a 50% chance of getting ‘Suspended: timeout’

The rate-limiting has hit once-reliable instances really hard in the past few months.

If I had to go WiFi-only, there would probably be hours-long gaps when I am unreachable. So my compromise is to use a non-KYC data-only SIM. Even if VPN is left off, it routes traffic first to a datacenter far from my actual location, and there is no longer a route for unencrypted calls and SMS and the associated spam. I don’t have a habit of streaming media on the go, so the data lasts quite a while and there isn’t much of an urge to use public WiFi.

Doesn’t fully eliminate the problem as IMEI is still sent and the cellular modem is still a rogue black box, but a step in the right direction. Knowing that the cellular modem can run whatever code with deep privileges as it wishes, I try to keep as little of my business on my phone as I can, with the bulk of my workflow centered around my laptop. Don’t get me wrong, I don’t think this automatically makes me immune, but I do think it’s a neat little exercise. Perhaps one could abstract the problem of the modem by getting a separate wireless hotspot.

My friends and family have accepted that they either need to get Signal, XMPP, or Matrix or I will be largely unreachable. The only remaining need for SMS and GSM voice calls stems from work, which is all handled by my work phone that is powered down, or at least disconnected, once I leave for the day. It sucks that this is not the norm, but it looks like I am quite fortunate that my friends, family, and employer all tolerate this workflow.

Take a look at “IoT” SIM cards, they’re a bit expensive and data-only, but might not be subject to the same KYC regulations.

Anyone else wanting to move to CoMaps but procrastinating because they’d have to go about downloading the maps again?

Wow! That’s much more that I would have thought. Can’t wait to liberate my dad’s phone over the holidays, he’s on board with me getting GrapheneOS on it. Will have to see what I can do to their home network as well though since mom’s stuck on a carrier-locked phone.

Me over here having to provide my own work phone because BYOD. At least it’s my old phone I upgraded from, so the cost is already sunk.

Even if they did, your messages are going to be scanned via your recipients who use Gmail without opting out.

Interesting, had no idea until now that there’s such a thing as first-party malware loaded with the BIOS. Admittedly I’m caught in an ivory tower with my Corebooted ThinkPad. Although I haven’t purchased one yet, I’d say you made the right choice going with Framework.

Lenovo’s ThinkPad line has a sterling reputation. Among the best in terms of quality, service, repairability, and Linux support.

As for the largely consumer-grade options of ASUS and Lenovo’s consumer-grade IdeaPads, they’re rather similar in reputation and quality. Not exceptional, but they’re both perfectly fine options as long as you avoid the budget laptop segment (plastic chassis, broken hinges, etc.)

Any difference in privacy would come down to the pre-installed software, which is irrelevant if you plan on using Linux. If you will be using Windows, it’s always better to install your own fresh copy to purge any potential spyware and bloatware installed by the manufacturer. The activation key for whichever edition of Windows it comes with is embedded in the BIOS, so it’ll activate automatically after a fresh reinstall.

the only way i escaped this until now as being able to afford the hefty price tags on linux-only hardware with something like system76 and i can’t afford it anymore since i no longer earn a software engineer’s salary.

Why not a second-hand ThinkPad/Latitude/ProBook? They’re cheap and cheerful and well-supported by most distros.

the only viable alternative would be to build septic tank

Me realizing I’m ahead of the game because I live in a home with a septic tank. But when you have to pump that tank every 5 years, if you can’t do that yourself, it’s going to be a lot less anonymous than a centralized sewer.

Good starting point would be looking up forum or blog posts from people who have disconnected the modem/TCU on a particular EV model. No self-interested auto manufacturer (all of them) would intentionally provide an option in the user interface to take the telemetry system offline. Take note of any side-effects they report, if it needs to be reconnected for inspections, and if there’s any gotchas between software and hardware revisions.

Especially wrt. modern gas-fuelled cars for the typical driver as EVs prices are artificially jacked up in many Western countries.

Keeping an eye on it since no other company is offering a similar lack of connectivity, but also not going to be surprised if it doesn’t deliver on its promises.

What privacy though? The situation with LinkedIn just like Instagram. Even though they aren’t open for scraping, there’s still no expectation of privacy among the users who post anything.