• 2 Posts
  • 338 Comments
Joined 1Y ago
cake
Cake day: Sep 21, 2023

help-circle
rss

Aren’t those VPNs isolated to that profile then? So only apps within that profile use the VPN in the profile?

Just trying to make sure I understand how Android does isolation. I guess if you run the apps that need each VPN in the appropriate profile and Island makes the isolation kind of transparent, it should work.

I’ve used Island for the app isolation, and a shortcut to an app will simply log in to the associated profile to launch the app. Just never tried with dual VPN.


Yet another argument for root. Then you can exclude the VPN app from OOM. Or even move it into /system.

I understand why this isn’t done (moving such apps to system), since mobile uses immutable OS concept. But we still need a way to manage such apps appropriately.


Right.

Because databases are never “hacked” and exfiltrated.

(By hacked, I mean most of the time it’s social engineering.)


And their bullshit excuse for dropping SMS support.

“It was too expensive from an engineering standpoint”. Nonsense, Android handled it, your app merely reads and writes to the SMS database via an API.

Or are you telling me the free SMS apps like Handcent, QuickSMS, etc, had a massive engineering team?

This is when I stopped using Signal, when this lie was so blatant, I can no longer trust them.


And being a Google app, which means it can access everything.

I’d sooner use a regular SMS app, and not reward their behaviour. Which is what I do. You want to use garbage like SMS or RCS? Then you suffer the issues that come with SMS.


For anyone who seems uninterested, ask if they’d like to be arrested for murder simply because they biked past a place every day.

For anyone looking for great talking points about this issue, I highly recommend “Taking Control of Your Personal Data” by prof. Jennifer Golbeck, published by The Teaching Company, ISBN:978-1629978390, likely available at your local library as a DVD or streaming.


Ah, yes, the ends justify the means, Dr. Mengele


It’s possible a smart TV will use its wifi to connect to another device of the same brand on its own. I’d read an article about it a couple years ago.

If I’m reading about it, that means a company has been working on it, and frankly it makes sense. If I were in their shoes I’d look into making it happen. It’s pretty trivial to do when you think about it.

Not that I think it’s happening in the wild, just an idea to keep in mind.

Also, those devices are always capturing data. So if/when they ever connect, that data will get uploaded.


As far as I recall, root has never been required to flash a phone.

This is because flashing occurs at the firmware level, while root, again, is a function of the installed OS.


Unlock has nothing at all to do with root.

Root is dependent on unlocking, not the reverse, as root is part of the installed OS.


At least one of the devs is an arrogant, condescending prick. Remember Nick the Computer Guy from SNL? He’s like 3 times worse than that. I’ve experienced it first hand - as in his second reply to me was to blame me: “you’re doing it wrong”. He’s exactly like some people I worked with 30 years ago. Smh.

There’s far more than that, though. In general, the Graphene team says everyone else is wrong. Classic idealist attitude.

I run DivestOS now because of that interaction, I will never use Graphene. That dev can go fuck himself with a pineapple - had enough of his kind of childishness decades ago.


It does, but it’s a step in the right direction.

I’m as guilty as anyone for allowing pursuit of perfection be the enemy of good.


As an older hobbyist, exactly.

I’m as guilty as anyone, but I promise I’m trying to be better.


Lineage and a fork, DivestOS are very close to Graphene, and run on far more devices.

The search for perfection is the enemy of good.

I’ve run Lineage for years on some spare devices. Battery life is so much better without Google Services.

My most recent device (Pixel 5 with DivestOS) is averaging 1.1% battery consumption per hour over the last day. That included an hour of navigation, using Google maps with microG services.

One old device runs longer with DivestOS than it ever did with stock, and the battery has lost 40% capacity. That’s how bad Google Services eat battery.

Plus Lineage permits you to use a number of old devices, unlike Graphene. It’s good, it gives you far more control than Google.

My final thought on Graphene - it needs to be taken over and lead by some professionals. Those folks act like stereotypical geeks of 30 years ago, arrogant, condescending (I worked with their type 30 years ago, and was a little like them then). They also denigrate anything less than what they deem “perfect”. The very definition of hubris.

Their attitude is “if you have a problem you must’ve done something wrong, why did you do something wrong”. Having that experience with them has put me off Graphene permanently.

Edit: I can re-lock the bootloader with Divest, so the condescending Graphene folks are just plain wrong about being the only OS that can do this. I don’t lock it, because my threat model doesn’t require it. The odds of my phone being grabbed by someone with state-actor-level skills being after me is non-existent, and there are easier ways to get the same data from me.


Didn’t you hear him? He said it’ll buff right out! 😆

(I’ll see myself out)


First, don’t buy new phones. You’re paying a massive premium to be first. Especially since you’re going to flash a rom, which has a little risk anyway (I’ve bricked phones by flashing, though not for years).

I just upgraded from a 2017 flagship to a Pixel 5 (only because my cell company decided to stop it working on their network, when I can throw a different Sim in and it works fine). I was able to buy 3 Pixel 5’s for less than you paid for your new phone. Which means I have a daily driver, a hot spare, and a test device for a little over $400.

If my daily breaks, I pickup my spare and swap the SIM, since I keep both phones synced with Syncthing. I don’t even have to login to anything because that’s all done. (I had 4 functional devices of my 2017 phone, they had become so cheap).

So pick a 1-2 year old model that you like the features, and pay far less for it.

Before (finally) coming to the pixel, I would look at the Lineage device list, then check those phones out at gsmarena.com and phonearena.com to see which I’d prefer, because Lineage has the broadest device support that I’ve seen.

Today I run DivestOS, a fork of Lineage with some changes to a few things. I forget now exactly what I preferred (I’d have to pull up my comparison spreadsheet), but average battery consumption is a staggering 0.5% per hour, with microg services installed and a couple apps using it. Consumption average increases to about 4% per hour when I’m doing a lot of intensive stuff - copying files over the network, using nav, watching a video, etc.


The databases at my company nearly 30 years ago were staggering at the time. I can only imagine.


Wow, great article, thanks for the link.

The moment I read the quote from Signal’s president, I called bullshit. I was there, working at a company that had massive records, probably of about 1/3 of Americans.

We were very much concerned with this data in private hands. We were concerned about this kind of data in anyone’s hands.

Such BS coming from Signal is part of why I no longer use or reccomend the app. I simply can’t trust them when they make such blatantly bullshit statements.

Like their reasononing for dropping SMS support because the “engineering costs”. There’s nothing your app does for SMS, other than to hand the message to the SMS system (technically, it reads and writes to the single SMS database on Android, which was a change implemented in about 2015), using a published API.

I’m starting to suspect the motives after reading such lies.


It also depends on your layering, or lack of. It’s the complexity issue you ran into.

Great post by the way.


Only by someone trying to do page layout with a document editing app.



If someone scanned that QR code, it means they have a copy. If they, or someone else then scanned it (or copied the text from it and pasted in a browser), it would function as if they scanned it.

I mean really, this is how QR codes work. It’s shorthand for text, typically used to URL’s.


You can easily get far more privacy with Android than iOS, even using a factory, unrooted, rom.

Though I’d say iOS is more private out of the gate than Android.

Once you start installing apps, it’s arguable which is worse - while Apple restricts a lot of stuff, I’ve had apps on iOS that eat battery to pull ads constantly (specifically one Solitaire game, but others too) and lots of Android apps are notorious for wanting every permission and to run at boot. “Free” games on both platforms are notably guilty.

At least with Android you can choose a lot of apps that don’t collect data, and don’t even want a network connection. Unrooted, you can use a VPN full time, that can block network access for apps, or even specific network connections (NoRoot Firewall is one, and ThinkDNS can do this too, IIRC). Like free games - on Android (even unrooted), I can block their network access. And I know it’s effective because it breaks some games.

I’ve used a stock, unrootable phone, and stripped down a lot of stuff using the Universal Android Debloat Utility. It can disable bloatware like all the Facebook components.

Though if OP wants to have a more private and more secure device, I’d go Android with a custom rom, especially Graphene, but Lineage and DivestOS can get you close to Graphene, especially is you manage your layers of privacy and security.


Yea, I’ve moved to DivestOS on a couple phones, and I really like it.

Some things it does differently, like allow you to choose your Internet Heartbeat provider, so your phone isn’t constantly pinging Google to check the internet connection is up. There are about 10 options, including none.


I give DivestOS a mention - it’s a Lineage fork with some security changes (such as sandboxing MicroG if you decide to install it).


As others have said, the Pixel line is the easiest if you want to have full control over the phone.

There are others, but it will take more effort to get there (I say this after flashing and rooting all my phones since 2010).

Take a look at lineageos.org/devices to see what devices they support, it’s a good approximation of which phones can be boot loader unlocked.

After lots of looking around, I decided to finally jump to Pixel, and I’m running DivestOS (a fork of Lineage with a little bit more tweaked, like sandboxing MicroG).

Once you decide to go down this road, I’d suggest downloading the factory rom image for your phone, and practice flashing it, before trying with a custom rom, just so you have some experience with a known-good image. Plus, sometimes you have to flash back to stock - I just did one the other day because I screwed up the custom rom flash.


You can enable Funnel, which doesn’t require others to have the TS client.


Hey, your upfront, honest, no-excuses post goes a long way, in my opinion.

Shit happens. We’ve all screwed things up - letting everyone know immediately what’s going on means we won’t guess when our shortcut doesn’t work, etc.

Also thanks for the effort you put into this. It’s really helpful.


For what OS?

Why not just run your own calendar server, then the sync issue is resolved by extant sync mechanism, rather than trying to make your own with Syncthing?

I use Syncthing to sync some stuff that doesn’t have standard server sync solutions, like some text files that may get updated at either end. But I don’t think it’s the way to sync calendar stuff, as calendaring is an established system.

And if you’re worried about getting to your calendar server, Mesh networks like Tailscale can provide an encrypted tunnel. You don’t even need the client on devices, if you use the Funnel feature (which funnels specific traffic from the internet into your tunnel, courtesy of Tailscale).

(That said, I’m curious to see what more knowledgeable people come up with, I can’t think of any calendar apps that auto import/export calendars).


Some are sensitive to upstream traffic, it really depends.


I wouldn’t say “any old computer”, power consumption on old boxes can be high. I have an old box that pulls 120w at idle, so it only runs a couple hours a day, at most, to replicate files.


I generally agree.

But any decent code review process would’ve exposed this, or at least a data surveillance system that checks this stuff. I’ve received a few notifications about my logs storing inappropriate data, as a result of a scanning system.

Some manager knew about this during a code review, and signed off on the risk because it was only in-house.


My point being the extensiveness of a review process.

The more important a system, the more people it impacts, etc, the more extensive the review process.

Someone chose to ignore this risk. That’s intentional.


Then incompetence at a level that’s incomprehensible.

A code review certainly exposed this, and some manager signed off on the risk.

Again, changes I make are trivial in comparison, and our code/risk reviews would’ve exposed this in no time.


Those are pretty bright patterns in my book. More of the usual BS.


Yep, I flew regularly in the 90’s, it was much easier and relaxed.


To control what can be accessed.

Having your own DNS enables you to block ads on every device in your network.

PiHole makes my smart TV more responsive, because it can’t get crap to load into the home screen.


Fuck ads.

You’re lying to yourself if you think ads will ever be delivered without tracking.

This whole “anonymization” nonsense is a lie. It’s been shown, repeatedly, that data can be de-anonymised, especially data that’s not exactly narrowly collected.


Hahaha, because data can never be de-anonymised, right?

Oh, yea, that’s repeatedly been show to not be true.


Didn’t we go through all this like a month ago?

Why are people still excusing Mozilla for this?


From their About page: >Project Liberty is stitching together an ecosystem of technologists, academics, policymakers and citizens committed to building a people-powered internet—where the data is ours to manage, the platforms are ours to govern, and the power is ours to reclaim. I just heard Frank McCourt on a podcast plugging his book "[Our Biggest Fight](https://ourbiggestfight.com/)". It was great to hear someone with a voice talking about the problems we see with user data and social media, especially the problem of the [Social Graph](https://webisoft.com/articles/web3-social-graph/) (the map of all your social connections, which includes weights and values). Their solution to this problem was to develop a social networking protocol that enables any compliant app to use (think how email works - a standard protocol, SMTP), but encrypted and user data controlled by the user. They call it DSNP - Decentralized Social Networking Protocol. I see both sides of their approach, I'm kind of ambivalent, lots of concern here long-term. They've already acquired MeWe and have converted some users to this protocol. He wants to buy the US side of TikTok (if it becomes available) and convert it to DSNP, which would encrypt about 30 million US accounts. I'm always cynical about stuff that sounds promising, but I don't have the tech background to really dissect what they're doing. Anyone understand this better?
fedilink

I have no idea where to even start to combat such things. Healthcare professionals must appease the masses of their peers. I've seen this first hand in the corporate world, where it's called a 360 review. It's a popularity contest. While there's value in the idea of such reviews, they're ripe for abuse. It *codifies* an environment of dishonesty - where people who are good at masking (err, sociopaths anyone) excel.
fedilink