The privacy sub may be even more paranoid than the stim subs.
This haunts them in their sleep:
Privacy sub... Iphone
What a lack of computer literacy and libre software thought does to a mf.
Android is leagues ahead of Apple, first of all, the core of Android is libre, anyone is able to take Android and create their own mobile operating system around it (with various amounts of success). Of course, this leads to OEMs who create bastardized nonfree operating systems with privacy holes, but it also leads to things like Vanilla Android, GrapheneOS, CalyxOS, /e/ etc.
There are also GNU/Linux phones like UBports, GNOME/KDE mobile shell, so it's not a binary decision.
Android is not without its flaws (like Google play services and closed down hardware), but to say it's not better than Apple is misleading. Countries choose Android, only America pushes their Apple sludge.
Every cell phone, even dumb phones, can track you with a warrant or Stingray. Rather than picking which is better, understand that every single cellphone is snitching on you and act accordingly.
To be clear, it is possible to defend yourself, but ofc no defense is perfect. For illegal activities that might attract federal attention? best to avoid them at all costs. But for general privacy in your day to day life that isn't practical for most people, and "every cellphone is snitching on you" is way too reductive, even if it's true in a sense.
For example the person you are replying to mentions Linux phones, many of which publish schematics and make hardware kill switches for the discrete modem a big selling point. That still isn't perfect protection, but it would protect you from a stingray... and if you have a thought out threat model, you can make the choice whether or not that device is appropriate for your situation.
Let me be clear first: If you want to get rid of advertising, then yes your advise is OK. If you want to defend against the Surveillance system, it's not close to adequate. This is the fundamental gap I'm trying to address.
I understand where your heart is at, but you are making a mistake. Free/Libre software is about Freedom, and from that guarantee we can build other guarantees about security and privacy. However Freedom itself does not guarantee security nor privacy. Freedom is also the freedom to shoot yourself in the foot.
To be clear, it is possible to defend yourself, but ofc no defense is perfect.
There is a perfect defense: Don't use technology. Much of this advise is trying to use technology to fight technology. It's a rabbit hole that has no bottom, and the best defense is to not play. The problem is attack surface. Technology is incredibly complex and is chattier than your extroverted :LIB: friend at brunch, and boy howdy
do people love to listen! You can reduce this attack surface, but it never goes away as long as you are using technology.But for general privacy in your day to day life that isn't practical, and "every cellphone is snitching on you" is way too reductive, even if it's true in a sense.
Here's the trail crumbs you might make on the Web as you browse each and every website:
- DNS request - sends URL domain/hostname (www.hexbear.net, for example), collects IP and timestamp. Your ISP is often the default DNS, so they are collecting this information. Google (8.8.8.8) and Cloudflare (1.1.1.1) as well.
- 1st party HTTP(S) request - Encrypts body but sends URL domain/hostname in the clear across the network, collects IP and timestamp.
- 3rd party request - Usually advertising, but also could be security (Sign In With Google, Okta, etc), collects IP and timestamp
- 3rd party cookies - Sent and updated with every request to that domain (Amazon cookie to Amazon.com, FB cookie to Facebook.com, etc), collects IP and timestamp
- 1st party advertising - Think Amazon's "Customers also bought...", has full access to your request, collects IP and timestamp and User-Agent.
- Logs - Usage data about what you do on the website, both front-end and back-end, collects IP and timestamp
- Telemetry - Usage data about what you do with your app, collects IP and timestamp
You can use custom software for #3 and #4 on the device (most of the advise here), but do you block google.com? You can use a network DNS blocker (e.g. Pi-Hole) for #1, #3, #4, and some of #7, but that only works on networks you control. VPNs advertise as solving #2, but that's pure ideology; it only moves where the routing traffic goes and still can log information in transit.
This also ignores data brokers who buy all of this information and compile it together.
And this is just the advertising/surveillance defense against tech companies. I haven't even touched
or 
defense.if your threat is state-level actors your computer security is approximately moot and maybe you should spend your money on laywers and having a discreet way out of the country
That's not necessarily true. Police are purchasers of this data from data brokers. It's state surveillance without any need for a warrant.
Our research for this report involved interviewing experts on this issue and reviewing approximately 150 publicly available documents covering awards, solicitations, requests for proposals, and related information on contracts. We found significant evidence of agencies exploiting loopholes in existing law by purchasing data from private data brokers. The practice has prompted scrutiny from government watchdogs as well as members of Congress (Tau, 2021a; Wyden, 2021).
The problem is a byproduct of the lucrative private market for personal data, where many companies that offer online services collect, analyze, and sell data about individuals using those services. This data is aggregated by companies called ‘data brokers’ that typically lack any direct relationship with the individuals whose data they collect and sell, but may accumulate personal data from multiple sources with varying degrees of granularity, ranging from anonymized trends to the specific locations of individuals at specific times. Advertisers, retailers, and other companies may then seek access to data for varied commercial purposes.
As our research demonstrates, law enforcement and intelligence agencies are among the customers of some data brokers, spending millions of dollars to gain access to private sector databases which often contain very sensitive and very personal information on individuals.
That's not protection, and worse its giving you a false sense of security. I don't make my recommendations because I hate tech, but because (from a security posture) the attack surface is so large it is impossible to verify it cannot be used against you, and the consequences of that mistake are life-altering.
-
A SIM merely says you are Authorized to use the network. The phone still makes connections to the cellular network. All phones on the market allow emergency calls even without a SIM card.
-
Both your cellular chip and your WiFi chip broadcast their unique MAC address to every router/tower they see, and all of this information is logged.
-
Just like a burner phone, police can get the location data from the carrier and towers, and use that to trace where that phone went. If you brought that phone near other devices, those devices or your own location can be deduced.
You see this over and over: Big Protest ➡ Police Geofence warrant ➡ Cell logs ➡ Arrests. Given the criminalization of protests this will become the norm. If you want to get rid of advertising, many of the suggestions here are fine. But none of them go far enough to protect you beyond that, even from Big Tech surveillance.
True that for just using a sim card less phone.
However
GOS airplane mode disable any connection to the cellular network. If I'm wrong if love to hear some evidence to the contrary.
If I'm wrong if love to hear some evidence to the contrary.
It's not that we are wrong or right, we cannot verify. That is the danger. In a high security environment I treat everything as suspect until proven otherwise. However when you do not use technology you categorically exclude an entire attack surface, and it is extremely simple to get right.
Sure , not using a phone is of course the best option. If that is an option. For most people, activist or criminals of any kind. Not usually an option.
You can at least verify the Foss code. Or trust the people that verify it.
I'm not responding to be mean, so I'm sorry if this feels like bullying. I've had friends and comrades arrested and jailed, and I don't want anybody falling into that trap if it can be easily avoided. I'm trying to point out the Ideologies (*sniff*
), the things you don't know you know, so that you can operate a much stronger security posture.Sure , not using a phone is of course the best option. If that is an option. For most people, activist or criminals of any kind. Not usually an option.
-
The first Ideology is using the same device in both high and low security environments. Don't. Use multiple devices and compartmentalize aggressively. In security posture, you are only as secure as your weakest point. This is why those "criminals" use a different burner phone. Using a single device to communicate with grandma and radicals is a recipe for baking and arrest. I consider
a low-security place where I shitpost and goof off, but I absolutely do not engage in any 
here because it would be trivial to trace it to me. Same with my regular cell phone, which I text grandma baking recipes but never use it during protests. -
The second Ideology is thinking you are excluded from those so called "activists and criminals" while participating in very leftists and public online spaces. I guarantee
and watch both Lemmygrad and Hexbear as I type this, and they don't give a single 
! Rude! To them we are all being gay and doing crime. Have fun giving them 
but you deliberately never go beyond that.
You can at least verify the Foss code. Or trust the people that verify it.
- This is the third Ideology. You are trusting somebody you don't know for your safety, and you are trusting they did their job. Likewise, yes you can verify yourself, but did you actually verify yourself? Again, attack surface. Yes there are ways to mitigate this, and yes you could verify, but it's mitigation not exclusion. Excluding tech renders you invulnerable to this. Freedom/Libre software can only guarantee your freedom, not your security/safety, and this is why every FOSS license disclaims all liability for use of their software. Looking at it another way, why put yourself in a position where you must trust somebody else for your safety?
-
-
I'm with you on libre stuff, but I would say it's not any better than Apple unless you are actually using one of the options you mention. Essentially every OEM available in western countries (and probably most other countries but idk) jam it full of spyware and telemetry, both the default google kind and all kinds of OEM and carrier-based additional spyware which is also often horribly insecure.
I know your hearts in the right place about this, but android is not better than iOS for privacy.
The only way android can be made decently privacy respecting is through graphene and that requires a very small subset of the ocean of android devices and requires that you give up almost everything that makes a smartphone useful.
The solution to privacy isn’t graphene or android, it’s not using a smartphone at all.
and requires that you give up almost everything that makes a smartphone useful
that's hyperbolic, I use graphene and rarely use the profile I've got their play services shim enabled in. the only thing I have found myself entirely unable to use so far is google pay for event tickets that require it, which isn't often.
idk which features you mean, but you can get the google camera app and sideload it. highly recommend doing that
most if not all ML features like photo manipulation or whatever else are going to run on google's servers, so yeah you're not going to get that. not what I think of when I read 'everything that makes a smartphone useful'
most if not all ML features
The easy solution is to connect to China’s servers with lots of Marxist-Leninist features /s
It is leagues ahead if you are literate enough to wipe off the original firmware and get your own in it.
Its fine if you are not literate to install a custom ROM. Use the defaults.
I have mine modified, no need for a second job, just 30 minutes of research once.
what does this person think China will do with this information you live in another country dipshit china can't arrest you
All the pics I take of my feet are actually a matter of national security, sweaty.
this person doesn't seem to appreciate that the chinese government is too busy managing the chinese state to give a shit about them
from amazon or whoever, who they'll happily give their information to and who have way more ability to fuck with them
This is the kind of drivel which gets posted to that sub regarding why they should care China is "stealing their data" :
if they get enough data, then they can use machine learning to find patterns effectively reading the mind of an average american. The govt can then push specially crafted propaganda aimed at destroying your faith in country, and seed ideas like resisting the chinese is in vain and you should surrender.
With enough time the population will get weaker and starts to fear any retaliation against the chinese because they are TOO STRONG (they are in your mind). Without public support Democratic govts can't do shit ultimately causing US to crumble down and even taken over by chinese.
Data is dangerous.
I'd like to think this is a joke because I would write something like this as a bit, but I've seen a similar argument 1000 times by now.
One of the senators in the tiktok hearing basically insinuated that China was installing a communism activation word in the heads of Americans.
To put it mildly, Americans are not an intellectual people.
if they get enough data, then they can use machine learning to find patterns effectively reading the mind of an average american.
It's not hard you just take literally any issue no matter how pointless or obvious the solution and half the country will think it's good and the other half will think it's bad. America can only process new problems through the lens of adversarial politics where nothing can get done. Ultimately because the US constitution is the worst legal framework in history so they can't campaign on actual policy
the complicated statistical analysis necessary to predict American patterns is a coin flip. Of course the UK is simpler just ask what would an incredibly corrupt person do and there you have it the UK government
and the Chinese wouldn't want to intrude in the excellent job the US government is doing at destroying American faith in their country
if they get enough data, then they can use machine learning to find patterns effectively reading the mind of an average american. The govt can then push specially crafted propaganda aimed at destroying your faith in country, and seed ideas like resisting the chinese is in vain and you should surrender.
That's not how "machine learning" works. Do they think they live in a marvel movie?
You don't need special algorithms to read the mind of the average American. The American brainpan consists of "car good, racism, queerphobia, kill the homeless, CONSUME" and that really covers 99% of what goes on in the average American's head.
effectively reading the mind of an average american
"hot diggedy damn! i sure as shootin' have a hankerin' for a tasty burger!" fires revolvers into the sky
then they can use machine learning to find patterns effectively reading the mind of an average american.
Show
I don't think the cretin making the post on
can adequately explain why they are so terrified without resorting to blatant racism and westoid fantasies. But the existential crisis for the west is that capitialism has run out of road with data, attention and platforms the last all important commodities to shape and dominate what is left of the economy. Your attention is a zero sum game for them and the data is the all important fuel.The majority of people have huge data footprints with fragments of themselves everywhere. Yet is there any real example of blackmail with all this data? I remember reading a quater of Soshana Zuboff's Surveillience Capitialism before I could take no more of needlessly prolonged lib storytelling. Are there any worse examples of this specifically ruining somebodies life other then a ruined engagement? Like if somebody who made it to the end of that drivel enlight us that would be great or correct me where I am worng about data.
Surveillience Capitialism
Substance is buried beneath the libbery. The relevant bit: capitalist conditions have changed. Surveillance capitalism brings new rules distinct from those of industrial or finance capital. I mean we did have massive towers of data driven wealth arise and multiply in very short order. This also means new repression will operate differently from the fascism of the past
As a
Zuboff has fluffy, vibes based ideas on what to do about it, and a very cute belief that the West has meaningful democracy, eg the concept that top level decision making behind closed doors is newDisclaimer: I am a babby on theory, open to correction from real vanguard ppl
i absolutley have seen some of these idiots claim that china has underground police in the us. nothing seems to be to absurd for these people
Edward Snowden fucked up his life for nothing. Everything he revealed, and people are more scared of a government they don't live under using their data -- which they could already just buy from various US-based companies which take plenty of that data for their own purposes.
It’s like Snowden & Assange taught these people nothing.
All the new media literacy pedagogy should be thrown out and replaced with Michael Parenti’s Inventing Reality and Make-Believe Media.
cares about privacy
downloads a shopping/fast fashion app
on an i phone
posts to his reddit account
something isn't adding up
Is there an iPhone equivalent of deleting System32 because that's clearly the answer to this question.
If anyone is that worried about data privacy, they shouldn't have a smartphone lol.
I think that attitude is frankly toxic. It's the digital equivalent of "if you don't like America, you can move to Afghanistan!".
the platform and devices are kinda counter to principles of privacy. the towers track you, "free" software where your data is the product, the panopticon of everyone having a camera... Places that need to actually be secure ban them. You can get by without a smart phone just fine if you have a regular computer but then you transfer all the vulnerability to that device, it's just not physically with you and you have a little bit better control over it if you know or care enough to make the efforts.
The RF side is one thing. The software is another. Actually Libre software phones aren't an inherent impossibility.
Actually Libre software phones aren't an inherent impossibility.
neither is linux on the desktop. but reddit OP doesn't have a threat model he just has racism.
But I'm not talking about OP but the comment left in this thread.
how can acknowledging reality be toxic? it would be nice if it were different, but they're right - smartphones are anathema to privacy as they exist today
But they don't necessarily have to be, to that level anyway.
even a locked down smartphone is worse than a dumbphone, it's just the reality we live in
It doesn't have to be that way though. Properly designed hardware combined with Libre software could make things much much better.
Ok but this is like saying “I shouldn’t have to pay a 1/3 of my check to you” to your landlord and refusing to pay. You’re gonna end up on the street whether it’s true or not, until the security state and big tech is dismantled their phones are gonna be like this
Their phones are, but not all smart phones are. You can today daily drive a PinePhone Pro running linux.
Idk man by the company’s own admission it cant support a lot of the things people use smart phones for
If you depend on proprietary mainstream mobile messenger applications, banking applications, use loyalty or travel apps, consume DRM media, or play mobile video games on your fruit or Android smartphone, then the PinePhone Pro is likely not for you."
Like if you’re answer to “just use a dumb phone” is use one that’s this handicapped to the point it basically is a dumb phone with a touch screen then idk if it’s really there yet. (I am being somewhat hyperbolic here, I don’t want to split hairs about what counts as a smart phone I just mean it seems to be lacking functionality)
And a lot of the other solutions to this issue require a lot more tech competence than the average person has.
Edit: also isn’t saying “just use an obscure hong Kong produced device” the same kind of “go live in Afghanistan” kind of answer? Like you’ve done the same thing here but just with a slightly more advanced device
That is true. A lot of what makes smart phones invasive is built into the structures and networks; to interface with that system necessitates giving up privacy. The end user can mitigate it, but so long as the network exists in it's present form, it will always be a partial mitigation with diminishing returns the more you try.
I think it's also true that we should have these conversations about what could be. Especially with computers. These machines can be configured in practically endless ways, so it's pretty damn frustrating to see the scope of what is actually done with them get narrower and narrower.
Right. Like every thing that comes out that’s an alternative seems to be revealed at some point to be piggy backing off some system built by Google/whatever or just has some kind of backdoor for the cia (tor, signal).
I have my system pretty locked down on my computer but I think it’s at best naive to expect average users to jump through so many hoops with this thing. It’s like capitalism and everything else, the whole system needs retooling
I don't think there's technically any evidence of tor or signal being compromised. signal is just speculation based on some early funding by a cia cutout, but it's solid except for the architectural limitations (using phone numbers as identifiers still, some limited metadata they could theoretically collect). Tor might be worse idk, iirc a bunch of the exit nodes are run by some 3 letter agency? but that doesn't necessarily mean the whole system is compromised.
Depending on who you ask tor is compromised enough to make it iffy to full on honey pot, either way my point is that as long as the systems exist as they are it’s gonna be difficult to evade it and always gonna be significantly too involved for average people going about their lives. Paranoid tech enthusiasts being able to navigate this stuff doesn’t translate broadly. Capitalism and big techs strangle hold on tech has to be dismantled before this kind of thing won’t be a concern anymore.
Capitalism and big techs strangle hold on tech has to be dismantled before this kind of thing won’t be a concern anymore.
also isn’t saying “just use an obscure hong Kong produced device” the same kind of “go live in Afghanistan” kind of answer? Like you’ve done the same thing here but just with a slightly more advanced device
Plus the original
poster was freaking out about installing the Temu app for 15 seconds or whatever. Imagine convincing this person to buy a phone from a company based in China.they can use the made in USA version of the librem5, a similar tho arguably worse device. The pinephone isn't a one off even if it is in an obscure niche
They have to make a lot of caveats because they constantly get people whinging that they can't install fb messenger or whatever or that their bank app doesn't support linux. The hw manufacturer can't help that and they are setting expectations appropriately for the state of the ecosystem currently. None of those things are inherent to the device or software stack
It isn't fair to say it's a dumbphone with extra steps just because of these things, in fact depending on adoption rates many of those things will eventually gain workarounds or supported applications, they just don't want users to buy it and get disappointed, whereas more technical users will buy it with the expectation of configuring or building their own workarounds/workflows. It will get more mainstream as the path gets more trodden by early adopters, similar to desktop linux which is now a near-trivial switch for many people.
A dumbphone can't do Signal, Matrix, email, hotspot, run a full web browser with full desktop addon support, listen to podcasts, music, maps, and more importantly, a dummbphone isn't a purposefully extensible platform for installing community or commercially created applications, both dedicated and adapted from desktop versions.
They aren't comparable. Linux mobile isn't as mature as android or ios, of course, but android and iOS also don't include banking apps, facebook messenger, netflix, travel/loyalty apps, etc. and didn't have most of those >10 years ago when they were less mature. They gained an available software ecosystem as they grew more popular over time.
The hw manufacturer can't help that and they are setting expectations appropriately for the state of the ecosystem currently
This is the exact point that began this tho. It’d be nice if things were better but this is where things are currently
Their and my wording is pretty specific though, and it doesn't say 'it's so handicapped as to be basically a dumbphone" it says it doesnt work with a lot of specific common proprietary apps and I don't think those are interchangeable because it makes it sound way worse than it is. It's not that you can't do messaging on it, it's just that facebook messenger/whatsapp specifically will be more of a hassle because there isn't a native application. Others like Signal, Matrix, even some proprietary chat apps aren't so bad. Telegram has a native app that many people use as well, I think it comes preinstalled on some distros. Banking is similar. Similarly your exact bank might or might not work with it, but many will work great in an android container or in the browser (mine does, quite well, and its not a major chain).
It isn't there for every use case, but it is workable for more people than you'd think. Not everyone depends on fb messenger and instagram, or at least not in a way where they need push notifications 24/7 and a browser won't suffice. it's full of compromises but mostly not an outright lack of functionality. I use mobile linux, and while many people don't/won't find the compromises worth it currently, it isn't that it's simply incomprehensible to them, they just have to value the things it does bring to the table more than the compromises. A solid % of the people you see online talking about it are people with little linux experience but who are making it work for the sake of privacy, etc. Shit the guy I bought my device from was an older guy, some kind of libertarian, but not a linux/computer geek, just interested in privacy, and he had been daily driving it.
Those things are still in the developer stage, nobody who's daily driving an iphone is going to switch to a half-broken linux device that isn't ready for the average person to use it.
It doesn't have to be, but it is the way it is. Acknowledging that isn't toxic at all, it's the correct materialist take. Nobody's saying smartphones can't be more secure, but they are not, so it would be ridiculous to behave as though they are.
the camera and microphone should be controlled by a toggle switch that physically disconnects it from power and the mother board
those exist. pinephone/pinephone pro being first to mind. They have lots of issues but they're almost as good as it gets for open HW+SW right now
things not being conceptually bad in a vacuum has little relation as to how they are in the real world
Oh that's a really nice way to put it, I hope you don't mind if I use this without attribution.
The real toxic attitude is simply expecting everyone to have a smartphone. Stop trying to make me install an app or scan a QR code for everything. I've gone without using a smartphone for months at a time and I was fine. Pre-covid there were usually a couple times where some event or restaurant or work thing required some unnecessary app, but since covid I think people have gotten sick of this type of stuff and it's not as common. Worse case scenario just get a burner phone for when you're forced to use a smartphone.
You could always flash an invalid baseband — heard that irrecoverably bricks the device
r/privacy is full of the dumbest people I've ever met. If you cared about privacy you would never have a smartphone in the first place.
That product violates every Maoist principle, but damn does it look sexy.
the absence of a Stalin phone case is revisionism
You have to travel to a parallel dimension 2012 to get the CPUSSR 100 year anniversary Stalin drip
If I got a Mao phone case, would it make my landlord too scared to call me?
Once you install the Mao case, any landlord who calls you will be delivered a fatal electric shock upon you answering
The ones with the faces are pretty extra but I like the more minimalist ones
This guy just got tricked into downloading a communism and you're laughing?
Scared about privacy. Has a public reddit profile with a year long posting history.
Oh god oh fuck Xi is in my phone. He made my wallpaper an animated Chinese flag flapping in the breeze and the language preferences looked like they're being 变成中国人请帮忙我很害怕shit is so stupid. i don't care if the chinese government spies on me. I live in america. It's DHS, ICE, CIA, FBI that want to kidnap me and harvest my organs. chinese govt can't do shit to me and have no reason to. honestly i dare them.
I have a google phone right now but I'd love to get a Chinese phone when I need a new one. I'm pretty sure the party isn't getting transcripts of what I yell at my phone right now, so I'm hoping a Xiaomi or Huawei would be more conducive to sharing my political advice with the chairman
FWIW Xiaomi and Huawei phones still run android and come with google services installed by default. You have to install a custom OS to avoid that IIRC.
If you want to avoid Google then Huawei is the way to go. Xiaomis generally are Google app compatible out of the box, you just have to go one extra step and install them.
Huaweis, on the other hand, you have to go through all sorts of steps just to get Google play store installed and working, which I think says a lot about how devoid of google shit they are.
Some Huawei's have harmony OS (based on android though), but I thought Huawei lost access to Google play services years ago?
but I thought Huawei lost access to Google play services years ago?
You're probably right. I know a friend's phone had it but now that I'm thinking about it that's probably 3-4 years old now.
They have a sandboxed google play apps through GBox, though many of the apps one would want is on their own app store, App Gallery. Which is open to anyone to use (I have it on a xiaomi for example).
Not completely true. I imported a Xiaomi phone and it did not have Google Play enabled. I changed the region and the option was available for "basic google services". I did it to have access to banking apps (rather than using online banking, since 2FA is available on the app).
You'd think people interested in phone/computer privacy would take it upon themselves to educate themselves about computer security and how to protect their device.
Turns out they're way more interested in jumping at shadows and demanding praise for acting like a child scared of the monsters under the bed.
but for the companies that can access your information
enough to slide into Xi's DMs?
🦶
