I get your frustration with recent mozilla actions, but I don’t think this one deserves it. For one your point seems like whataboutism. Secondly If you heard about Cambridge analytica it should be clear how much those algorithms shape our lives. It would be good to know for me if those algorithms are really just boring algorithms or if they are shaped by some political or company agenda.
first time I hear about it, seems to be based on lineageOS?
What’s with the premium tiers? Seems a bit sketchy to be honest.
Agreed. Google just didn’t consent to you getting an app without ads. My hope is maybe we can circumvent it for a while with PWA or browser website bookmarks. Maybe long enough for alternatives to arrive or consumer protection to kick in. I refuse to give up hope even though I might need to abandon android. For now I guess I will just not buy another phone since androids time seems limited. Really hard to find something to recommend to family and friends that just works. My goto grapheneOS also seems more and more cut down with more and more apps refusing to work outside play store downloads or refusing to work on 3rd party OS.
any version of android that’s not vendor or downloaded from the official android website
- like https://lineageos.org/
- https://e.foundation/e-os/
- or the aforementioned GrapheneOS
calyxos.org (paused)
Well for this case in particular yes, the dev will continue to develop the app on f-droid, the platform as a whole takes a hit through this though, so who knows how long they will continue out of goodwill.
Thank you for these links they are fantastic! I was aware of the procedural lock in via play integrity services and also the lockdown on side loading so that didn’t get past me, but I wasn’t aware google also wants to alienate developers now by requiring ID. It seems to me google want to now fully commercialize the platform, transforming it into the ad infested network that web2+3.0 already became. I think their plan, by alienating non commercial devs, is that all apps will run on their ad models and non without them will be left.
insta usually blocks me because of the vpn
if you’re already on kionite you can rebase
If you, a non tuta user, receive a mail from a tuta user you only get a download link. Which at least protects the content but not the metadata that someone send you an email. If a non tuta user sends a mail to a tuta user, there isn’t much tuta can do unfortunately. I’m not quite sure how you expect tuta to do magic? They do what they can.
Plugging my favorite block lists:
- general browsing https://firebog.net/
- For TV’s https://github.com/hkamran80/blocklists
- For Phones https://github.com/craiu/mobiletrackers
Thanks for clearing up my WiFi mix-up. From my understanding the same attack path still applies even to https://grapheneos.org/features#lte-only-mode and respectively https://grapheneos.org/usage#lte-only-mode correct?
https://en.wikipedia.org/wiki/International_Mobile_Subscriber_Identity states the phone would send a https://en.wikipedia.org/wiki/Mobility_management#TMSI most of the time? But your point about the IMEI still stands. So there is no real way to protect yourself other than to turn off cell tower roaming?
Right, that’s what I understood. So using a VPN, a CSS will be able to identify that my phone is active, but not the content I’m accessing, or who I am accessing it from, correct?
From my understanding your statement seems correct, but it’s also lacking a bit. Unless you also randomize your mac address (grapheneOS does this) they can still map your position and visiting times. Additionally not all of your phones data goes through the VPN, something like a phone call/SMS isn’t encrypted unless you’re using an app to make the call.
The previous comment said VPNs do nothing against this type of attack- were they just referring to identifying your device?
Yes, they are thinking of a VPN as a privacy tool, not strictly as a security tool as in your example. Privacy will be compromised.
That’s not how a VPN works. A VPN masks the information you are actually accessing by showing you query the VPN instead. To make a connection to a service you still need an address. This info is what they are using to identify your device.
Most traffic is already encrypted (httpS) so someone spying on you wouldn’t know the content of your communication only who you contact. But without a VPN a man in the Middle could see who you are contacting. E.g. looking up pornhub. With the VPN it only shows you looking up the VPN.
And you have data to prove that?