I don’t disagree with owning your hardware. I’m saying that a regulatory body can pose rules on where critical software can run. Part of this is data exposure: A banking app running in a tampered environment makes some malwares possible, which is the side you want an “I know what I’m doing”-button for. But it also creates risk for the bank. In letting you look into network-traffic and memory-dumps, you may discover ways to manipulate an unrooted instance or the backend server. This is security through obscurity and I’d much rather have everything open-source, but it’s what we’re dealing with.

On the other hand, the bank promises to cover damages, whenever they do mess up. You could give them an easy excuse by taking on that responsibility. But regulations don’t allow that, much like they don’t allow you to do your own high-voltage, high-current electricity. And frown upon you breaking load-bearing walls in a housing complex to have a more open kitchen. There is a line where “let me do what I want” becomes anarchy.

Now bringing DRM into this, misses the point. There is telemetry in these apps. But there is no piracy or copyright infringement to be had. The bank doesn’t fear you giving yourself a million dollars by changing your balance in memory. It’s all about responsibility in case something goes south. They would love to shift it all onto you, but they’re not allowed to do that. Attestation was never about protecting you, it’s about protecting them from being blamed.

There is a bunch of parties making guarantees and complying with rulesets. Domino-ing all of them would make you extremely vulnerable. Which is why I opted for “tamper-proof containers running in a unproven host”, rather than signing an unlimited waiver.

Well the idea of having attestation isn’t the problem. The problem is that apps requiring attestation (banks, insurance providers, ID-systems) use the most convenient solution. Slapping on Googles prebuild attestation. Graphene for example, provides alternative attestation for their OS and offers docs for anyone to implement a more fitting set of checks.

There are two approaches here: If you’re upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I’d say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data. Breaking those checks is then breaking those compliances in an unsafe way.

If you believe your setup is actually secure and compliant, just not in a way the allmighty Google intended: Try and get an attestation module for your setup. Fight for these apps to accept non-Google attestation and fight for devices that don’t artificially limit what can pass as secure.

I feel there are plenty of local activist/independent servers all over the EU. As long as you mind the encryption/anonymization, you can even round-robin them. Having a central EU authority is better than Google/Cloudflare and should be safe, if the implementation is sound. But there is a lot of room to meddle.

LeOS isn’t very popular, because it’s a passion-project by one guy, with little marketing. Said guy is a somewhat opinionated Woodstock-era hippie, hence the colorful icons (they can be easily swapped via an icon-pack of your choice.) Though he is a friendly person.

To my knowledge it’s the only Treble-option with a hard stance on de-googling. Specifically made as an answer to some policies in eOS. There is an interview with him floating about, if you want the backstory. https://nixfaq.org/2021/01/exclusive-interview-with-guntram-lead-developer-of-a-popular-custom-degoogled-android-rom-called-leos.html

Hey there, for starters A-GPS, stun, secure DNS, and several other preconfigured servers default to Google. Some of these can be changed with ADB. Check out a guide on de-googleing LineageOS for a more complete list. It’s not AOSP, but close enough. There are also Google servers configured in the sources. How valuable those connections are, depends on your threat-model. If you’d like a paranoid GSI, check out LeOS. It’s probably the most complete treble-compatible option. AOSP by default, isn’t very private.

And have a script to secure erase the key material. Much faster and will prevent forced/coerced unlocks.

I’m currently on Tuta, because I can’t imagine Mail without a free tier. It’s run out of Germany(EU). Its 3€ a month for the normal tier, free takes away most features. Like Proton, you need to use their (OSS)-Client, for encryption reasons. It’s currently growing and I hope they don’t go crazy anytime soon.

I was looking at Posteo, but I don’t want my entire internet identity to be gone, if I ever can’t pay for it.

I’d be a good start, if content platforms had to apply the same guidelines to ads, as they do to content. It’s kinda telling that people on the platform need to not swear, while the ad below goes “You can’t last 5 seconds in this NFT gambling waifu gatcha collector aimed at teens.” or just offer money freud scams directly.

An advantage of Tuta and Proton is, that there is a basic free tier. Your Mail is a center-point of your online activity. Hoping it to never happen, if you ever can’t afford the (cheap) price, you won’t lose access to your mail. Which would suck, for all accounts linked to it.

From what I’ve seen, the argon does passive-cool alright too. With Flirc I’d need to keep the mini-HDMI-dongle and buy a separate IR dongle, that takes up a usb-slot and doesn’t have a low-power MCU. My Pi is currently in a no-name passive-case already. Unless I misunderstood you, I don’t see the advantage.

Yes, that’s what I meant by “widevine tax”, the certification is done by Google for a fee.

Yeah, it’s kinda telling, if you look at my prime subscription for example. I can either:

• Hook into the web-service with Kodi, breaking TOS and theoretically risking the account. While Google, missing their widevine tax, limits the quality.

• Pirate the same content without an account, at full 4K.

It’s truly a service problem.

I do have a Jellyfin server, this is mainly about being able to use the subscriptions I happen to already pay for. Decoding on the pi is actually quite decent with hvec and x264.

Like others said, banking needs licensing and licensing costs money. If you already have a bank account, you already trust one party. Ask them if they roll their own app-payment or are already partnered with a service. That way, you can avoid google/Apple and minimize spreading the trust to other parties. My bank cooperates with Fidesmo, for example. Fidesmo then sells wearables with nfc-pay.

I would absolutely buy a Pixel, if only they supported sd-cards. I get that Google is pushing cloud-storage. If I smash my phone on the sidewalk, I still want to have a local storage, I can take out and thus make live backups to. There are just some features Pixels lack and privacy shouldn’t lock you out of them.

As stated in OP, I have an S2 dish already. Agreed that it’s better than cable. But not everyone lives in a place they can set up a dish on. Rentals and such. My point was that I wanted to use the display without relying on some buggy vendor-locked OS.

From what I can see, this is still a Tizen based smart TV masquerading as a monitor, Apps and all.

When scaled to mass production, the SBCs become dirt cheap. Then they can subsidise with sponsored/preloaded content, ads and usage data.

I was eyeing Scepter, but I just saw that their stuff is made with exclusively US standards and EU power and broadcasting is different. Didn’t notice that would matter.

Seen them recommended in dumb-tv articles. Will check them out.

I might resort to this. It’s mainly just the e-waste potential that has me bothered. The OS will inevitable break after EOL, and the hardware becomes inoperable without the “hdmi-app”. The computer parts are usually dirt cheap and eventually break themselves even on minimal use.

Afaik google-pay is prone to fail even with faked safetynet. Magisk can also fix safetynet, but I don’t want to enable root-access. Kinda dumb that the way to fix overcritical security checks is to break security even more. :)

Thanks for the idea though.

Custom roms with relocked bootloader only work on pixels by design. You’ll have to live with an unlocked bootloader.

As for easy installs, Murena’s e/os exists with support. But I can’t vouch for their cloud ecosystem. Other than that, maybe an officially supported lineage device. You will lose safetynet on both unless you want to root.

Interesting discussion, but many of the questions have pretty lame default answers. I have a Sony bravia from 2015 for reference.

• The TVs that come with an OS instead of just firmware are smart-TVs in all aspects. Your cable TV or hdmi input is an app just like Netflix is, and is subject to a launcher. You can’t make it dumb by disabling stuff.

• You can mostly reject targeted ads and disable personalized data collection. But smart TVs are priced with ads included, so completely turning off everything will require unsupported modding.

• cameras are only found in telepresence hardware, unless you want to be paranoid. Check the feature list. Microphones can be in the remotes of some TVs, but this will usually be advertised as a smart assistent if present.

• I haven’t seen any TV actively complain about missing wifi (except for during setup for updates)

• unless you are tricking the TV into thinking it’s online, any connection attempts/power usage would be a bug. Do note that smart-TV will by default have a standby-draw influenced by WoL or similar.

• This is pure tinfoil-territory. No hotspot/carrier carries data without being payed for it. It’s also not economical when telemetry can be sent over the customers home-wifi in 99% of cases. There is no gain in hiding sim-cards in every TV. Unless you are a person of interest and are sent a modified TV in that case.

Hope this helps.