If your internet connection is coming from hotspot tethering to your phone you’ll want to put it in a Faraday bag when not in use since your phone will be trackable at all times even if off. If you use a hotspot instead the cell signal and WiFi are still trackable but the lack of Bluetooth and GPS aids greatly in keeping the tracking to a minimum.
I’ve had the same thing happen for my own personal domain that I run through Addy. Its frustrating because people can’t tell what a “good” domain is, so how can you have any rules about it? And if you do, then have a verification system with your customer service team.
But I’ve always said to myself, if this service won’t take my email then I don’t really want to be their customer. What else are they going to screw up when I give them my data?
I would probably argue they are the same in terms of security and privacy. Privacy communities tend to disfavor Proton because its all eggs in one basket, and also for political reasons. Both of those are subjective to your personal threat/privacy profile.
Its true that a single point of failure is more risk than separate services, but that fact doesn’t undermine their security on a technical level, and has nothing to do with privacy. As for the political, yes it’s something to watch but nothing wrong has been done. They are set up as a non profit with checks and measures in place to prevent corruption from happening. I’m OK with different points of view and having different points of view on a board is a good thing.
Just as a tip, set up and use a spare machine if you have one to make the transition easier. I’ve been running Mint now for a few months.
I have a test machine that I am learning and getting familiar with, setting up a virtual machine to learn that (I have some windows apps I will not escape from so running in a VM is my solution), etc… And all of this is with the freedom that if I break something I can wipe it and not care. I have since set up a media center and a gaming machine as well.
That experience is getting me feeling better about he whole thing. Honestly learning little idiosyncrasies like folder permissions not being inherited (I say as I set up my media center) are the things you juat need to learn through practice. Just my two cents as I am only a step ahead of you in a similar journey.
I don’t actually agree that your analogy applies, because it ignores my point.
Neither “side” (as if there were only a binary choice but that’s how they want you to think) wants you to have privacy. Be united with those who want to fight for those rights instead of divided on other policies which are political smokescreens.
Maybe a better analogy is that we are drowning in water that is not cold, maybe it’s tepid and maybe its boiling. But arguing over which is worse really doesn’t matter because we’ll be dead in a minute anyway.
I use two domains.
One is my name for people that actually know me.
The other is something random (it has meaning to me but nobody else would think that). I use that for all my “private” emails, creating aliases that forward to me.
The most important thing is to pick something easy to understand so its easy to convey. My domain is actually quite long, which normally is a bad thing but its distinct words so people understand it when I give it to them verbally.
As many have said, it shouldn’t matter.
Personally, I have been known to look at email addresses because I assess everything the resume gives me. No, I don’t really care what provider you choose, but it’s a tiny bit of information.
So if your email name is “BigBootyQT” then I have a glimpse of your personality and how you may or may not fit in the role. That’s a real example BTW. It also might bear light in other ways, say if you’re applying for a job in cybersscurity but you’re using a yahoo email. Yeah, that’s a negative mark.
Will any of this be THE reason I ditch somebody? No. But it weighs with the rest of it. I would not disqualify somebody for a typo for instance, but it is a negative because that should not have occurred (especially of the role requires attention to detail).
With that in mind, security and privacy are two completely different things.
For instance, I would say that WhatsApp is fairly secure. It just isn’t private at all. Meta can (and does) see and track your meta data.
Why is that important? I liked these 2 examples I read somewhere because they are simple but explain how powerful it is. Your phone calls are private. Your carrier isn’t allowed to listen in on your call to know what you talk about. But they can see that you called a suicide hotline while standing on a bridge. They can see that your doctor’s office called you and then you called an abortion clinic next. The following week your GPS location went to that clinic. Are these things Person A would willingly tell their phone provider? It’s none of their business so I assume not. But they essentially are when they don’t care about their privacy.
Another stance I take is that even if they don’t care about their privacy, can they at least respect mine? I don’t give their phone number out to anybody that asks. But non private apps look at all their contacts so they are doing exactly that to me. Think of the last spam call they got. If they knew it was because of you wouldn’t they be upset?
Change your password, and hopefully you don’t use the same password across multiple accounts. Since you’re asking, I assume you do. (Not shaming, just informing)
It would be best practice to use a different email and password for every account you create, and enable MFA. Email aliases work great for this, and use unique randomly generated passwords for everything. A password manager will help you create, remember, and fill these fields for you so its not cumbersome. There are many good ones, I personally recommend Bitwarden. You can get pretty far with their free version, but I recommend paying to get the authenticator built in, so you can auto fill MFA codes.
If you can’t afford this, or want to keep the codes separate (not all your eggs in one basket) then download the Aegis authenticator app. Its free and very good.
I would add to the conversation with the questions;
Should all information be known? Just because something doesn’t need to be hidden doesn’t imply that it should be known broadly. It’s not okay for somebody to know what color underwear I’m wearing right now.
Is all information equal in value? Presuming one kind of data point is okay to be public does not mean that all data points are okay to be public. My address is public record (unfortunately) but that doesn’t mean my social security number, ID number, and passport number should be public as well.
I agree that it helped with adoption. In a way I wish they still had it so I could get my text messaging family to use a messaging app instead.
The flip side was, if somebody tried signal and didn’t like it and uninstalled it, then any SMS message to them from signal went to their signal account that they no longer had installed so they didn’t get it. You had no way of knowing so it really sucked.
I got started with aliases on anonaddy (now just Addy). After using a while I jumped into using my own domain, this is the real game changer.
Aliases are great and do their thing, but owning your own domain let’s you move everything all at once if you need to.
For instance, when proton added aliases I tried it out. I just redirected my MX records and was done. I didn’t like how they handled the header data because it broke a majority of my filters, so I switched back. Again, a simple setting adjustment and done.
For the record, I’ll probably switch everything over to proton eventually, but at the time didn’t want to recreate my filters. It makes sense to have all email controls under your email provider.
Hotspots work well. They are hotspots though, so you have trade offs. For instance, you probably don’t want to leave it on all day (because it won’t last all day, probably 8 hours). You can set it to turn off if there’s no connected devices for x minutes to save battery. When you turn it on you need to wait for it to actually turn on and connect, then have your phone connect. It takes a while, relatively speaking (not long but longer than turning on your phone).
The Mifi X Pro also has an Ethernet port which is convenient for hard wiring a laptop.
The service is solid. Overall there’s no issues. I’ve had issues in hotels, but it’s a T-Mobile network so I’d presume a standard sim card would equally have issues.
Privacy is an interesting take. I’ll go ahead and trust them to not share my data (which you can sign up anonymously if you wish). The number is still trackable though, and I’d suspect stands out more because it’s in a specific spectrum range. But the sim isn’t in your phone, so it’s not technically tracking your phone (and a side benefit is you can’t get sim jacked) and I use a VPN to connect to it as well. I don’t think the sim card tracks the same way because there’s no GPS in the hotspot, but of course it still calls out to cell towers. I don’t know if it does this when off like a phone does (I’ve always presumed it does).
Overall my experience has been a positive one. Choosing a phone service has been a harder issue for me. But that’s another story.
The presumption is that the brick and mortar store is not bad. Yes, they are bad too. Maybe just as bad, maybe not as bad, but they are no saints.
Options are limited for shopping, so we don’t have much choice. The reason I buy from Amazon is that essentially I didn’t want to shop at any local store any longer, they have bad polices AND they treat me like crap - not a valued customer.
Along came Amazon and I started buying from them. Then there was a big boo-hoo that ecommerce was killing their brick and mortar store sales. No sir, you were killing the sales but now I have somewhere else to go.
Amazon is horrible for many reasons, but pricing and customer service is not one of them. There’s a silver lining to that storm cloud.
The description of the Matrix users is hysterically accurate.
First time I went there, I had an obscure problem with an app. A very friendly and helpful person jumped in and said they have that app but don’t use it often. Then proceeded to run multiple tests on their end to validate my experience. I was blown away. Super solid dude.
Every other time I’ve been mostly ignored. Which is fine if people can’t help. But as I check in all I see is forum fighting about what is right and best, as if there’s only 1 answer.
I’ve been trying to work this out since the beginning of the year. This is anecdotally what I’ve done, what works and what doesn’t.
Most of my solution comes from JMP.chat for my phone number along with the cheogram app for functionality.
Basically I got a number for friends and family. I got a second number to give to businesses that don’t care about VoIP (my dentist etc). ($5 ea). Cons here are that SMS groups are limited to 10 recipients. This doesn’t work for my large family chats (I can get them but can’t respond). Another thing I dislike is since its XMPP based, all contacts are listed as their phone number if in a group, so it’s hard to tell who’s in it. (Solo texts show as names just fine). They have a premium tier that routes differently to allow more than 10 in a group text, but I’ve tried that twice now and the actual phone calling gets screwed up. So I’m still trying to get it all sorted out (and I’m not optimistic) It’s also a service only in USA and CAN.
My original number that I’ve had for 20 years and all big tech have assigned to me, I ported to google voice ($20 fee)
Since my original phone number was a carrier number it is already assigned to all the stringent companies like banks. They continue to use it without knowing its now a VoIP number. I have all SMS messages forwarded to my email so I don’t have to log into google ever. It works perfectly for 2FA. Shortcoming of this is that any group texts the email just says you got a group text, but a single source text the actual text is forwarded. I don’t use it for groups so its not a problem but just mentioning it as a potential con. Then of course, its legacy so opening new accounts won’t work the same way since its a VoIP number now.
I bought a hotspot from calyx. By far the most expensive part of my solution. But it gives me WiFi access without a standard carrier (it does use T-Mobile but calyx doesn’t track you like they do). Check them out to see if it fits your threat model. It works out to about $50/mo but the biggest issue is that its an annual lump sum.
Another option I’ve been trying is 4freedommobile. They have decent plans and are focused on privacy. Everything runs through their app for encryption. But I’ve found the app lacking both in UI and functionality. You can’t do group SMS (which is apparently coming very soon) but my biggest issue is they require google play services for notifications. They state they don’t, but they do. Hands down it just doesn’t work without it. So that’s a deal killer for me.
Honorable mention is the premium service Elfani. I haven’t used it but have considered it. Its very expensive at $99 a month but is secure. However I don’t see much on privacy so I’m not sure how different they really end up being from their base AT&T provider.
Yeah, that’s why I mentioned having a secondary profile. Some stuff like bank apps you just can’t get away from so a profile with play services running is a workable solution. If you have a pixel phone already, you can give it a shot. One very nice feature of GOS is that it’s super easy to install - and uninstall if it’s not for you.
Like you said, banking apps. The logic behind that is they use google to security check their apps. A random non-bank example would be the slick deals app. Without play services it would just open then crash.
Many apps use play services for their notification system. So for instance, proton mail works fine but notifications do not.
NFC is not supported, so anything that uses that won’t work.
Not an app, but I was surprised that widgets don’t work unless you’re in the primary profile. Technically they work on any profile, but they randomly get deleted, and frequently. It’s a known bug that probably will never get fixed because the source of it comes from stock android.
I will mention that you can have a profile running play services, which gives you access to many apps that wouldnt normally work. And it’s sandboxed so it has less impact on your information (I don’t know all the specifics but it does limit in some way how much it can snoop into the rest of the OS). Then you can also set up granular controls on your apps to limit them from snooping.
Yeah, other than freezing credit, there’s not much you can do. It’s a toothpaste out of the tube scenario. It’s basically too late. The offerings always suck and are basically only there so they can say they’re doing something for you.
Other than that, harden your privacy in general. Yeah, it doesn’t help for breaches like this because you can’t hide from your doctors, but simple things like having an alternate email address makes it a tiny bit better.
- @Broken@lemmy.ml to
- •
- 1Y
- •
I can’t comment on their privacy, but I thought of Nine when I read your post. I used it back before the Outlook app supported folders. I think it was a great alternative and worked better than anything out there… Mind you, it was years ago.
Also, have you thought about using a different user profile for just work? I know you’re asking about apps but you can gain some privacy from segregation too.
The clarify, they said to get rid of all that stuff from OTHER peoples devices. The point being that you’re not the weakest link in this chain.
To illustrate, I have a phone number for less than a year that maybe 20 people have. All friends and family. I still had a sales call on it who was targeted and addressed me by name.