There are countries where a government ID is needed from opening a bank account to buying even prepaid Sim cards to LPG, electricity connection and everything in between and this ID requires you to give your all 10 fingerprints, iris scan and photo from all 3 angles. And to top it all off this data is leaked multiple times.
OK First thing GOS team is currently assuming that Pixel 10+ won’t meet their requirements. But for older Pixels it’s tough. Google just stopped sharing vendor blob, device tree, and instead of openly developing AOSP now it is fully behind close doors only releasing source later with full update. But I have hope. I’ve been daily driving custom ROMs for 10+ years and before I could afford Pixel I had cheap phones which also didn’t share any of these things but custom ROMs were very much thriving and they will always. Yes there may be a little more delay for new devices. All the new features may take longer but GOS already has a lot of security and privacy stuff figured out.
I think we should all support however we can to not just GOS but also other Custom ROMs. Because there will always be those who’ll stop society from progressing and all we can do is fight back with donations, our time, and resources.
If you want to run full Foss system then there is pinephone with Linux OS and physical switches to turn off camera and microphone and other stuff. But it is still in very very early stage and it may increase your privacy but it will definitely reduce your security.
I understand camera and microphone access to malicious actor could be a valuable. But if you think your phone’s camera is compromised you have bigger problems.
That being said, graphene OS is considered by far the most secure android OS. It has features to turn off camera, mic, sensors. But more importantly it has a lot of additional security features making it harder for anyone to break in. And that using Graphene is or any other is doesn’t directly make you secure.
Yes I can agree to assume baseband and all the other proprietary firmware is running a malicious code. But they can’t use it to do mass surveillance, because if they do someone will detect it sooner or later. And also this is not the right tool for mass surveillance. 99% people will and have already downloaded apps that track almost everything they do.
And if your threat model requires you to be safe from malicious firmware, then maybe smart phones aren’t for you.
OK so there are 2 main types of particles protons and electrons, well there are neutrons and positrons and few otheres but we will only consider these 2.
Electrons have negative charge and protons have positive charge. This doesn’t indicate anything significant other than they are opposite. Only reason protons are positively charged are is because protons were first discovered by some dude who fired some x ray into a good film with magnets around it. And electrons were discovered later so they got negative charge
Those electrons are much lighter than protons and they are attracted towards protons so they move in from negative voltage (high concentration of electrons) to positive voltage this can be explained if we consider that protons create a field which attracts electrons. This is electric field.
So current is just kind of energy that travels with this Field. There are few more rules that this electric field follows which we have found like the electric field inside a conductor is zero I.e all the electricity you see around you is at the very edge of the wire through which it is travelling.
Then there was that old chap named Maxwell whose laws are followed by all electrically charged particles and you can derive all other laws and equations if you know his 4 equations. I don’t remember them now because I’m too dumb and idiot you can google them. Or better yet duckduckgo them.
You should always verify signature and hash for any software you are installing but also keep in mind that if someone was really trying to send you a malicious download then there’s good chance that they will also deliver you a malicious signing key and hash. And there is really no good solution. If it is critical you can try to get signings keys from different places and with different IPs and maybe even different devices but pick and choose how long do you want to go down this rabbit hole.
It is not about police hijacking IMEI, my bank only provides 2FA with phone number, and the password can be reset using the OTP they send to my phone. I know the bank is terrible but where I live all banks do same thing. So if my phone ever gets stolen they can just remove the sim and put it in another phone and get access to the Bank account. Also did I mention you can also get username from OTP to your phone so, yeah I should probably not use any bank and go live in mountains. But SIM lock helps.
OK let me add fuel to the fire. here in Andy’s response he says the tweet was from last year which is technically true but it was from December 2024.
Also how can he think that Trump stands for little guys when he has elon musk as his pet monkey
Hyderabad also a fun fact Indian supreme Court has ruled that WA messages are not admissible in court.
Apps were banned only in Jammu and Kashmir
It’s true Indian government has banned Element and other Apps and forced Signal, WhatsApp and other such apps to have a local representative so that they can arrest someone and force their will. But there is one silver lining, it is that these politicians don’t fully understand how open source software works. So just banning Element app doesn’t do much I can switch to schildiChat or just download element source code and change the name and logo and boom I’m back in.
And also most of their app bans are just requests sent to Google play store and Apple App store, You can always download from FDroid or from other sources
and there is no real way they can enforce these stupid laws.
They started going through chats on traffic stops, but there are ways to avoid that also
If you are interested and want to support then you can donate to https://internetfreedom.in/ or if not possible just share the word.
No VPN over Tor means you first connect to Tor and then to VPN. This is highly discouraged because if someone can tie the VPN to you then they can bypass Tor entirely and get what websites you were visiting.
What you are suggesting is Tor over VPN, here you’ll first connect to VPN and then to Tor, this is less risky but still not recommended as using Tor is not illegal in most countries (remember US Navy built it initially and they and many other spy agencies still use it) also there are other better ways to achieve hiding from ISP. bridges were designed specifically for that.
If you don’t use VPN all your traffic will flow through ISP. That doesn’t mean ISP can see your passwords or anything. They can only see which website you’re connecting to given that you are using unencrypted DNS if you are using encrypted DNS with TLS Hello they can only see IP. The claims that VPN protects you from hackers in public WiFi is dead since all websites switched to HTTPS and HSTS.
By using VPN all of these details now won’t be visible to your ISP but they will be visible to VPN provider.
If you live in a place where LEA can’t kick down your door and arrest you for visiting website it deems illegal then using VPN doesn’t give you anything.
Of course even a lot of first world country have strict laws against piracy in that case VPN is good but if you aren’t pirating and live in a free country I’d suggest don’t bother with VPN unless you have other reasons.Another reason could be to access geo restricted content on Netflix and stuff
Another thing to keep in mind, if you are committing/suspected of any crime then LEA will definitely go through your search history, they can get this through your device if you’ve cleaned that up but use google account then they can ask google, or go to ISP and ask this, obviously if you’re in this category then there are better solutions like Tor I2P
There are other extreme examples where a cheap ad friendly VPN with no registration comes in handy. If you want to create a zero knowledge email. Most email provider will block you if you are trying to create account with ProtonVPN or from Tor, but if your route your traffic through Tor and then to an ad friendly VPN they mostly allow it cuz they think you’re a dumb dumb. Note - it is generally not recommended to use VPN over Tor.
I’ve watched few of his videos and they seem OK, but I would never trust a phone like that. I would suggest buy a pixel and flash Graphene OS yourself. It is best for security and privacy.
And as far as Ubuntu touch or any other Linux phone for that. They are currently so bad at security that I wouldn’t daily drive them. If you want to play with them or contribute to them then that’s OK but don’t daily drive them.
This is a misconception. If the sender is outside proton mail the emails arrive in plain text. So it is possible for proton to read those emails. It is just that they pinky promise not read them and immediately encrypted them with your key. But if they wanted to they can read and moreover SMTP means your email has already traveled through multiple MX which could read your email but This is mostly not an issue since most email provider do encrypt with SSL of receiving MX but you might want to check few services use very very outdated softwares. But keep in mind SSL encryption is with Proton’s keys and by necessity they have to first decrypt the SSL encrypted email and then encrypt with your key
Let’s say there was a perfect API present and WA allowed you to use a completely FOSS app witch didn’t share any data with FB. But still FB will know everything they can still access all the metadata like earlier. The only thing they can’t access is analytics data but that can be easily blocked by DNS. And as far as Add ID goes use graphene OS it protects against that by giving each app different ID. So even if FB collaborated with other services to collect data as they do they won’t be able tie all back to you.
What @jagged_circle said but also. Even if you were lucky enough to be born in a country where you don’t have to give government I’d and thumb print just to get a goddamn sim card. It is still feasible to trace it back to you if you are not careful and there are a lot of ways you can slip up.
Like if you use a phone/device which is know to be yours then even if you buy new prepaid sim card anonymously your ID will be revealed due to same IMEI.
Or if you turn it on in a public area where cops know that you are there (maybe because they caught you on a camera) even though this is public area how many people connected to that tower are using burner sims, and how many of those are into extreme privacy or into something they suspect you to be involved.
And so many other scenarios and at the end it will come down to humane error which will be very tricky to avoid in this case. Whereas in case of being online you can properly setup iptable rules. Qubes, whonix, etc. Test it yourself that even if your VPN/TOR/I2P/etc. Goes down you’re not reviling your true IP
Yes but, I ain’t joining a random group I found on Internet on a service which has my phone number. Which can be easily traced back to me. Because I don’t know who all the members are then if someone is on the list then that will put me also on the list. If it was something like matrix where even though the group could be unencrypted and open to all. I can use Qubes and whonix to make sure that some stupid idiot doesn’t put me on a watchlist I don’t want.
But if I know all the members and I or someone I trust controls who can join then anonymity isn’t a concern security is and in that scenario yes I’ll definitely be using signal. I already am. But not here.
Neither did I. Wow dead before arrival.