You say you were not using a vpn. Then the site has your ip and probably has meta/google ads or other shit running on it and links the product with your ip.

This data is added to some data broker/ ad network and you see an ad when you visit a site using this network as you have “signalled” interest in the product by viewing the product page the first time.

I dont see fdroid blocking the app. I think signal is in the guardian project repos. Anyway a repo can just be hosted in switzerland or on tor or something. I would be more worried about govenments blocking access to the signal servers.

All this theatre in the name of protecting kids, Yet the pedo formally known as prince andrew is still walking free.

It is available in fdroid

Freedom isn’t free, its a hefty fuckin fee …

What child has a VPN ?

Good to see more software offering an fdroid option.

Use a sim in a portable hostpot or a second dumb phone powered off

Financially they use trusts and LLCs to shield their assets so they are not in their names or directly owned.

They can afford to hire specialists

If i dont know the number i dont answer, if they ring again and its spam i block the number. I also only answer if its from my country.

Fartsniffer 🤣

They will probably just show message to Swedish ip addresses and state that they cannt provide you with the binary as you are using a Swedish ip.

Something very clear to say use a VPN 😉

If you trust the initial install then unless there is a warning about the signing key you are good. Only signal devs can sign the builds so if you installed the play store version then updated with their standalone apk or fdroid version then it should just work as the signing key is the same.

Guardian project are just publishing signals apk files as the signature matches.

Thanks for the heads up.

Buy a cheap second hand phone just for those apps and leave it at home… That way if you lose your phone you are not locked out

Also the FBI took signal to court and the only data they could provide was the date of signup and last login timestamp

Anyone tried waydroid or android in an emulator for these type of apps ?

As an update I got a router beryl ax and I’m testing it out. My use case is use a vpn on the router and a vpn on the laptop.

It works if I use an Ethernet cable from the travel router to the existing router and connect to the travel router by WiFi.

It also works if I plug the travel router into the laptop via ethernet and have the travel router connect to the existing wifi.

In other cases such as hotspotting it worked fine with one vpn but when adding the vpn on the laptop it resulted in too much latency.

In all of my tests so far both vpns were openvpn based so I will test again with one of them as a wireguard vpn and see how that goes.

Overall I’m pleased with it.

I love SUS too.

Either have a cheap second hand sim less phone just for that or carry the physical Id or perhaps a copy of the physical id.

Not off hand but here is a product tailored to advertisers that claims to be able to do it https://www.anura.io/product

It stands to reason that this company must be successful in doing it if they are able to stay in business. That means ad companies are paying for it so they see value in it. So they are successful in eliminating or reducing their false positives.

This was a quick search as I’m on mobile and in a meeting at the minute but you can be sure the big guys have in house teams for this eg Google, Meta etc

I think its a waste of time as they still get your data. They have algorithms designed to identify false positives in their click through rates and they have access to info from databrokers and things like facebook. Once they correlate that they know who the person is and the ip addresses and fingerprints of the hardware.

Instead I would recommend tails or use a combination of blockers and default with JavaScript and cookies disabled , only allowing on trusted sites.

Not at the same time as they would conflict.

I’m looking to get one soon enough from the EU store. Depending on the product they will say if it is shipping from China directly. I guess we have to trust some of these companies at some point with all of our devices. I plan to use it with a commercial vpn

If the news is that important you’ll find it elsewhere without this bs

Ah that explains it. They have their own way of doing things over there. Thanks for sharing your experience all the same, it is good to know.

Where are you experiencing this ? I have not experienced personally this in South America or Europe. It is usually just the immigration who look at the passport and let you through once you say you’re visiting or whatever

Buy a second hand phone

install a custom ROM / block all the shit corpo stuff

Make an email just for that phone

Get a temp number if needed for registration.

use a prepaid Sim or twillo or something. After registering remove the Sim and only use WiFi.

Install fdroid

install aurora store via fdroid

Install a vpn (próton is free or get mullvad)

force the vpn to always be on

then install Instagram

Dont give the app any permissions and keep private data off the phone.

Put tape over the cameras.

Do what you can and dont let perfect be the enemy of good. You’re still ahead of the rest of the crowd who don’t give a shit.

I don’t really bother much in public places, I use umbrellas when it rains and sunglasses when it is sunny, but In general I try to avoid connecting to public WiFi and always use my vpn when I do.

I dont have any identifying data on my mailbox. I make sure to destroy PII on mail.

My routine is normal, gray, boring.

Thats good to know. Thanks for sharing

Do you know if these folks actively develop it or do they just apply patches to the Firefox codebase ?

Like do they just pre configure a bunch of about config settings and the pre installed search or do they harden the binaries at compile time ?

I’ve not kept up with this but I’m curious if there is any real advantage of this over Firefox after it has been configured. If not I would stick with Firefox as it will get security updates quicker by people who know the source code intimately.

Anyway not shitting on anyone’s choices here just curious.

Both my browser and network level dns blocker blocked the test attacker site from loading but in general there are 2 approaches to this: minimize your fingerprint data points or change them to blend in with the crowd.

I think for the most part selectivly blocking js and cookies will do a lot for you. You can also block the canvas and limit fonts too. I’d also recommend a vpn as they can associate it with your ip too.

Random hackers, companies, dragnet surveillance.

The companies are probably the biggest exposure as we are forced to interact with them for utilities, flights etc . They get hacked all of the time and dont bother to secure their data.

Also as a side note I hate how lots of places just assume you want to download their shitty spyware ridden apps or hand over your phone number or an email.

Personally I would split them so they are not all in the same place. So for email use something like proton or tuta, vpn could be mullvad and a local password manager such as keepass xc synced with syncthing.

There is also i2p mail

I’m not sure but it is a good question and a good project if none already exists.

Looking at work history from employees of these companies on linkedin we might discover more.

I export my totp from freeotp+. I have it added to keepassxc and sync that with syncthing to multiple devices.

If I lose the phone I can just import the exports to a fresh app on another phone.

Another option is use waydroid and backup the VM

Fake details and don’t use the app should do the job.

You could set up a tor relay and use it too. They they will just see connections to tor.

Or vpn and seed torrents

I’d rather have the sites break to be honest