The problem with graphene is that is shamelessly promotes proprietary software.
How does GrapheneOS “shamelessly promote” proprietary software? I don’t think I’ve ever seen them do this. Maybe you’re referring to Sandboxed Play Services? But that isn’t “shamelessly promoted” or recommended, it isn’t even included in the OS, its just an optional app that can be installed for those who need it.
They have build tools to try to make it safe to run non-free programs (proprietary software) but that entirely misses the point.
I assume you mean Sandboxed Play Services again? That’s far from the only feature or benefit that GrapheneOS gives. They do much more work than just Sandboxed Play Services or making it safe to run “non-free” programs. They make it safe to run ANY program, regardless of license.
App looks legitimately amazing. Seems a bit buggy in alpha but I’m sure it’ll be ironed out. I just hope they look into supporting Piped instead of directly connecting to YouTube, as well as SponsorBlock. Once they get those 2 things and iron out some of the bugs, I’ll primarily use it for sure. Its a great concept.
Yeah, anticheats are a privacy and security nightmare that most people don’t even think about. You’re effectively giving their proprietary software extremely invasive kernel level access to your system. They can access and do pretty much anything they want on your device with really nothing stopping them. Anticheats like this are extremely dangerous and should certainly be avoided where possible.
I understand the problem of cheating in games, but I feel like there has to be a better solution to this problem, as making users install an extremely invasive rootkit isn’t acceptable at all imo. I’d recommend avoiding games that include invasive anticheat or DRM like this. Best way to get across that this isn’t okay is through the wallet.
Google is actually right here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.
Only official places to download Signal are through the Google Play Store or their website (which self-updates).
The Hated One is my favorite. I also like Mental Outlaw.
Could you please provide and example or two? I wish to verify it, since I didn’t notice any last time I checked the site.
Sure, let’s look at the page for Firefox. They claim that there are “Automatic connections to some websites you’ve visited, including their trackers” with the new tab page, and that they “couldn’t find a way to disable it.” Whoever made this website couldn’t take 2 seconds to go to about:preferences and see the option to display recently visited sites?
They also have a section titled “Firefox tracks users with Google Analytics”, which they’re very misleading about. Instead of explaining that GA is only present in about:addons and that it can easily be disabled, they’re extremely vague about it and just blindly say it “sends analytics to Google”, which would lead people to believe its much worse than it actually is (i.e. Chrome level). There’s an important distinction between: “Google Analytics is present on 1 page in the browser and can be disabled” vs. vaguely stating “Firefox send analytics to Google” without full info or context. Hopefully I’m explaining that well enough.
Its also disingenuous to consider Firefox’s Captive Portal as “phoning home” without, again, providing full info or context. It has a legitimate purpose, to allow users to connect to public networks, and can be disabled for those who wish to do so. It doesn’t give any data to Mozilla, all it does is detect if a captive portal is present. I think this is another instance of the context being important to have, which the website just simply doesn’t give.
Another instance, look at their page on Tor Browser, where they just flat out lie and accuse Tor Browser of “sending telemetry”.
I could go through more, but these are a few I notice immediately that I take issue with.
They’re very clear that this is their approach (bold text on the home page). Even if you disagree with their definition, that doesn’t make the site bad.
Categorizing something as spyware solely based on the number of connections it makes is horribly irresponsible at best and dangerous at worst. Whoever made this couldn’t even be bothered to find what data is actually being exchanged for most of these connections. There’s a lot more to determine how privacy invasive something is then just sitting and counting the number of connections it makes, and treating them all as malicious and for “tracking”.
And there are many valid situations where a threat model should be this strict, consider anti-government activists in any country.
That’s why this website is so dangerous. Calling Tor Browser spyware and saying it sends telemetry could trick people who don’t know better to use worse alternatives. This even moreso extends to casual users too, who could also be misled into using a less private browser as a result of this website’s insane claims.
It says “Not Spyware”. https://spyware.neocities.org/articles/tor
They have a separate article up calling it spyware as well, see here. Weird contradiction from them and just shows this site isn’t very well designed or thought out.
Brave is not spyware. That website you linked is horrible and full of misinformation. They also claim that Firefox, and even Tor Browser, are spyware. They act as if any and all connections a browser makes are automatically bad and used for spying/tracking.
I won’t disagree with the other criticisms of Brave that you made, but just wanted to point that out. That website is just highly unreliable and makes verifiably false claims about the browsers it reviews.
I wouldn’t even trust the Google Play Store, its notorious for having problems with malware, and full of fake apps impersonating trustworthy ones. This has happened to apps like NewPipe several times.
Overall, only source I’d trust for apps is F-Droid, and maybe GitHub/GitLab/Codeberg, depending on how much I trust the developer and the app.
GrapheneOS has pretty much perfect app compatibility. I don’t think I’ve ever ran into an issue in around a year of using it as my daily driver.
Most apps function without Play Services, but you may lose some functionality like notifications, and a couple apps do very rarely genuinely break. But, that’s where Sandboxed Play Services comes in, which you can even put in an entirely separate user profile if you want to, so that you can still safely use those apps.
But yeah, I’ve personally had no issues with app compatibility. Even my bank app works perfectly on Graphene (didn’t even require Play Services either!).
I recommend checking this table out.
CalyxOS misses the mark imo. It does a couple things well (such as its improved Dialer app, and the ability for hotspots/tethered devices to be able to use the phone’s VPN/Tor) that I hope to see other projects adopt, but beyond that, it just doesn’t seem to stack up.
I’m not trying to bash them or anything because at the end of the day, they clearly have good intentions which I can respect, but I do hope they improve on a lot of things, because in its current state, CalyxOS just doesn’t even compare to GrapheneOS or DivestOS.
As far as anti-viruses/virus removals/etc go:
- For Windows & macOS, I would just enable and use the built-in anti-virus protection (Defender on Windows, XProtect on macOS).
- On macOS, I would also enable and use the built-in firewall (Nearly every other OS already comes with a firewall enabled out of the box, no idea why macOS doesn’t enable theirs by default…), as well as Lockdown Mode if you’re able to.
- On Linux, I would use ClamAV & ClamTK.
- On Android, I would use Hypatia & Auditor.
I would also strongly recommend making use of DNS level protection through a service like NextDNS, ensuring you have a good content blocker like uBlock Origin in your browser, and using Safe Browsing in your browser (As long as you use a good browser like Brave or Firefox, then Safe Browsing won’t endanger your privacy, it just improves your security and protection, so I’d recommend using it).
As far as encryption goes, I would recommend just using whatever is built-in to your OS, such as BitLocker on Windows, FileVault on macOS, & LUKS on Linux. You can also use VeraCrypt if you wish to as well, may be preferable in some cases, though I personally don’t bother.
Googling it and according to one answer the only difference between uBlock Origin and AdGuard browser extensions is that uBlock has a feature where they can hide stuff instead of completely blocking it.
Does AdGuard have anything equivalent to uBlock Origin’s advanced blocking modes? That’s mainly what I meant by “advanced features”.
The entire desktop app, yes. That does DNS blocking. Not the browser extensions, no blocked features there.
I know their Safari extension has some blocked functionality without paying, but fair enough, it may be different for other platforms, I’ll edit my reply then. Thanks for the correction. I stand by the other point though, I think uBlock Origin has an inherent advantage and added trust by being non-profit and fully community driven vs. AdGuard being ran by a for-profit company.
AdGuard being ran by a for-profit company and some of the functionality being locked behind a paywall probably doesn’t help its case compared to uBlock Origin, though AdGuard is definitely the next best option currently. I also just find uBlock Origin supports more advanced features.
(Edit: Apparantly the paywall only applies to the Safari extension and their desktop app, but not the extension on most platforms, see the reply below, my other points still stand)
I’ve considered setting up a passthrough VM like this (and almost did), I’m just reluctant to I guess because of how much work it takes to configure and get going, and how little I actually use Windows anyways, so I just stick to dualbooting when I really need it. I definitely wish the process of setting up the passthrough VM was easier, but like you pointed out, it’d probably be a good learning experience.
This is a very fair concern.
However, the thing to consider is with these Smart TV’s, and generally poor privacy companies and devices, is that they’ll always use the lowest hanging fruit where possible. I’d say the amount of data that the device will go through the lengths to collect offline and later upload are quite low.
Most Smart TV’s collect data from when people directly use the Smart TV itself (i.e. what apps and content you directly watch and download on it as an example). The vast majority of people who buy TV’s like this will just use the built-in Smart TV for watching media and for doing everything on the device, without even giving it a second thought, so the manufacturers basically automatically win and get data on 99% of consumers, without really any effort or work.
For people like us who do care and go through the trouble of circumventing it (i.e. not using the built-in Smart TV at all, and disconnecting the TV entirely from the internet besides for updates occasionally), I’d say that only leaves 2 issues: listening through the mic (I think this is unlikely since voice recordings take up a lot of storage space, as well as bandwith to upload, and like I said in my first comment, TV manufacturers really cheap out on these devices and cut corners wherever possible, and back to my point of the low hanging fruit, but regardless, if you’re concerned, then removing the mics or taping them would certainly solve this), and recording or storing what you view through other inputs like your streaming box (again I feel this is unlikely for same reasons as voice recording, it’d take up a lot of space and bandwith, isn’t quite practical, and they typically focus on the low hanging fruit).
These are both possible concerns, but I’d say they’re realistically extremely unlikely, especially due to how much effort and work it would take to spy on such a small portion of people. The investment and the amount of work and effort needed to do this just doesn’t make sense and isn’t really justified for them. If you’re still concerned, then I’d recommend just putting your TV behind a VPN and putting it into a separate VLAN whenever you do connect or update it (and also just taping/removing the microphone like I said above), or of course if you’re extra paranoid, you can always just leave it fully offline and deal without updates. But I personally just don’t see it as a major risk or something to worry about.
There definitely needs to be regulations on these devices, its completely unacceptable in its current state. It shouldn’t be this hard to just get something like a TV without it spying on you and completely invading your privacy, but I guess that’s the world we live in now. :/
The world of TV’s is pretty tricky for privacy right now, there’s a lot to say on it, so here’s my recommendations.
I recommend just getting any TV and disconnecting it from the internet, the brand shouldn’t matter. You can connect it to the internet every now and then to check for software updates (i.e. any bug fixes or new features being added), but for the most part I’d leave it fully offline, and would also recommend uninstalling any apps possible that are installed, to just speed up things, especially since we won’t be using them. All of the TV brands out there are pretty much equally bad for privacy, and will spy on you and collect and sell any data they can, and also built-in Smart TV’s just generally have very poor and slow performance, plus lack support for various codecs and formats, etc. So even besides privacy, built-in Smart TV’s are just a horrible experience and I really never recommend them and don’t see them worth using.
Now, you’ll need to obtain a streaming box to connect to your TV… so that you can actually consume content and use it. You have a few options as far as privacy goes.
-
Building/using your own PC, or using something like a Raspberry Pi, with Linux - This gives you the most control possible, but at the cost of being less convenient and requiring much more work to set-up and configure. You will be losing a lot of nice features like Dolby Vision with this approach as well, and will have to do some tinkering and configuring for sure, but overall it could be preferable to some people.
-
Apple TV 4K - Out of all the streaming boxes and sticks out there that you can buy, this is undeniably the most private out of the box. Its not a bad device in terms of specs and features (though there are better options for this as I will get to) … but it isn’t ideal though, as it is Apple after all. Despite being better than companies like Facebook and Google, Apple has definitely had some issues with things like privacy. Plus with an Apple device, you lose all freedom and control over it, you can’t even sideload apps on the Apple TV or install something like a VPN on it, plus OS and everything being closed source, etc. This is a hard recommendation for me for most people, but it could be ideal for people who want 0 tinkering or work, and just want something private out of the box that’s simple and easy. Though, I would certainly avoid it for the better options if possible.
-
NVIDIA Shield TV - This is what I personally use and would be my recommendation for most people. The specs and features of the device are essentially unparalleled to any other box out there, it even beats the Apple TV in terms of support for codecs and formats. For privacy… out of the box, the Shield is pretty horrible to say the least. Full of Google tracking and spying, and even requires a Google account on first set-up. The good thing is we can fix it. You have 2 options: Either install LineageOS (the Shield is officially supported) for the most privacy possible, or you can just keep the stock OS and use ADB to remove all Google apps and services, as well as any other bloatware and unwanted crap. The downside to Lineage is you lose Dolby Vision, AI Upscaling, and the App Switcher (so you can’t switch apps by double pressing the home button anymore), so for most people, if you go this route I would recommend just keeping stock and removing all of the BS through ADB (You can just use a random burner Google account for set-up). Isn’t 1000% ideal, but overall its really nice and seems to work well, while keeping privacy intact. You can also even use ADB to set a Private DNS, as well as disable connectivity checks (or change the server away from Google), so overall you can get a pretty nice set-up with this, its the best approach imo.
-
Dynalink TV Box - While I do recommend the Shield for most people, if its out of your price range and you aren’t willing to or can’t get it (though I can’t stress enough that it’s well worth it for what you get), then the Dynalink TV Box is the next best option imo. It officially supports LineageOS which can be installed, which is what I’d recommend doing if you go for this approach, since the lost features like AI Upscaling and Dolby Vision from the Shield are irrelevant since they aren’t present on the Dynalink box in the first place. This would give you great privacy if that’s the sole thing you’re after.
I’d avoid any other TV box out there besides the ones I just listed, as they all pretty much just spy on you and collect and sell your data, and there’s little to no gain or benefit that I see in using them over your built-in smart TV or any of the other options that exist.
I think overall these are the best recommendations and ways to be able to privately use a TV without it spying on you and phoning home any and everything you do on it. I do hope it gets easier and simpler in the future, but this is what we got for now.
Yeah. In my testing on my Shield 2019 Pro, with Lineage, my biggest problems were:
-
No Dolby Vision
-
No AI Upscaling
-
No App Switcher (Could no longer double press the home button to switch apps)
There were also some other little bugs here and there, but those were my biggest problems with LineageOS over Stock, so I didn’t stick with it. I’m currently just using my Shield on Stock, but with all Google apps and other bloatware and garbage removed through ADB, and while not perfectly ideal, its been a good enough experience, and I think by far the best option currently for a TV box.
I have some accounts saved in my previous browser e.g. Google, Discord, Spotify etc. that I don’t use really much, but require them regardless
I personally keep an entirely separate browser profile for Google, and another separate profile for Discord. Just further isolates things even more than Firefox/Librewolf already does, plus extensions and tweaks and such can be customized as needed per profile, etc. Profiles can be accessed through about:profiles in the browser FYI.
I use uBlock Origin and SponsorBlock as the only extensions
That’s pretty good. The only other extension I’d recommend is Skip Redirect, its pretty useful and improves privacy, also recommended by Arkenfox.
If you want a more private way to watch YouTube as well, you can try Piped. It proxies all connections to Google/YouTube (so never directly connects to them and their servers), plus removes ads, tracking, and telemetry. It also has SponsorBlock, Return YouTube Dislike, and more built-in, so would make the SponsorBlock extension unnecessary too. Piped does have its downsides, but I’d recommend trying it and seeing what you think.
If Piped isn’t for you, my recommendation is to just watch YouTube either logged out, or signed in with my suggestion above of using a separate profile if you really have to.
I installed Mull in my phone in the hope of pairing it with Librewolf while avoiding creating a Firefox account if possible
You will need a Firefox account for syncing. The good thing is the data synced is encrypted so not even Mozilla can see it, and Mozilla does generally have a good reputation with things like this, so I don’t think its a major concern.
Another general tip I can give is to set the browser to clear cookies and site data on close, and just make exceptions for sites you need to stay logged in to or set preferences on. This helps massively in preventing sites from tracking you and when, if, and how you use them, it also prevents unnecessary storage space being taken up on your drive, etc.
I personally do trust Brave as a company. I don’t think they’re perfect by any means, and I strongly disagree with and dislike their CEO, but overall I think their browser is the best Chromium option out there, and search engine is probably 2nd best to Kagi. I don’t primarily use Brave’s browser, I do mainly stick to and recommend hardened Firefox (as I dislike and am strongly against Chromium and it’s monopoly), but for the rare times I run into a site that needs Chromium, I use Brave. I do also primarily use Brave’s search engine because I think it’s just currently the best option out there for search (Kagi is excellent overall but its paid and too expensive imo), and I love that Brave Search has its own index, so no reliance on big tech like Google and Microsoft, unlike other options like StartPage and DDG. I’ve never bothered with Brave’s VPN.
I just think overall a lot of Brave as a company’s controversies have been blown out of proportion and aren’t as big of a deal as people make them out to be. Their browser is open source which means it can be fully audited, they have very strong privacy protections in place out of the box, and they’re even recommended by trustworthy sources like Privacy Guides. Their browser and search engine is really solid from a technical standpoint, and I don’t think that should be overlooked just because of a few fuck-ups as a company which were walked back and fixed.
For me personally, its for a variety of reasons
1: Targeted ads and algorithms and such are typically used to manipulate you to feel a certain way or hold opinions you may otherwise not have. This has been demonstrated and shown to happen several times, such as with Cambridge Analytica, and its pretty concerning. I want to see things for myself and form my own opinions, not just being manipulated to believe what some big tech company or advertisers or the like want me to think.
2: Just think about all the data a lot of these companies can and are collecting on you. For instance, if you’re on a regular fully Googled Android phone, Google pretty much has access to your physical location at all times. What possible need is there for this? Why does Google always need to know where I am? Just looking at it simply, its none of their business, and no justifiable reason for them to know it. There’s no possible benefit or good thing that could come out of Google knowing my wheareabouts 24/7. If there’s no reason for them to know the info, why give them it on a silver platter?
3: The data being collected is also usually handled very poorly as seen through constant data breaches of sensitive information and the like, and can also be easily abused in general. I myself have been personally targetted and stalked, and the stalker got mine and my family’s information from data broker websites. Its pretty scary the amount of information these companies collect and share and make freely available about you, and it can be easily used against you.
4: Another example of the data being collected being misused is for example what’s happening in China, with the social credit system. The social credit system basically determines what you can do and everything about your life, such as job opportunities and employment, access to finance and banks, ability to travel, and a lot more, based off a variety of factors, from things like what you post or do online, to even who you’re friends with, and more. While you may argue that this is just China and there’s nothing to worry about, similar systems to this are already being worked on and tried by US employers and companies, and there’s nothing stopping things comparable to the social credit system from happening or being put in place in the West or elsewhere in this current surveillence capitalism world we live in. Something like this happening should absolutely concern you.
5: People have straight up had their lives ruined as a result of this mass data collection and privacy invasiveness. For instance, I remember hearing a story of a man who shared his Google account with his uncle. His uncle murdered someone, with his Googled Android phone in his possession, and Google provided the location data and such to the police, and instead the nephew was accused of the crime, and basically had his entire life ruined because of it, over something he didn’t even do. Just look at what’s going on now with abortion in some states in the US for another example. Its pretty scary to think about things like this happening, as it really could happen to anyone.
At the end of the day, these companies like Facebook and Google aren’t your friends. Trust is earned, and I don’t think any of these big tech companies earn it based off their actions and track record. What I do and how I live my life is none of their business or concern, and that’s how I feel about it, and wish more people would see it the same way, or at least put some thought into it instead of blindly accepting mass surveillance and data collection.
(Hopefully this all makes sense and wasn’t too rambly, pretty tired rn lol)
My biggest problem is the delayed updates, which I don’t think they add enough to justify using imo. I think the base Signal itself already has excellent privacy, it can be used for notifications without Google Play Services (which I do myself), which works great. I haven’t used any maps features so not sure how that compares. I’ve never seen it make any connections to Google in my usage. I’d just stick to the main Signal so you’re getting updates as soon as possible. With these apps, you’re just adding another trusted party, and delaying updates, which can decrease security.
This is true, but you also gotta consider most people do browse and go to other websites than just ones they log-in to or social medias. I think using a VPN generally makes it harder for other websites (like news articles as an example) to track you across the web. (For instance, if I visit Website A with unique IP Address Y, and also visit Website B with unique IP Address Y, even without logging in or directly giving them any data, they could correlate those 2 things. That’s where I think a VPN can really help things because it gives you a large pool of users in this case without using your unique IP).
Even besides this, you’re missing another point. I’d argue the largest benefit to VPNs is just preventing your ISP from collecting and selling the websites you visit and metadata around them. That’s a huge and undeniable benefit to using VPNs for privacy if you use a trustworthy and reputable one, just being able to prevent your ISP from seeing what you’re doing, when you’re doing it, etc, which is especially important with how dodgy ISPs are and how most collect and sell user data.
I recommend Fedora for most people, its what I use. It has a great configuration out of the box for privacy, security, and usability, and is overall a really great option for both beginners and advanced users. Had no issues or complaints with it so far.
You can check out Privacy Guides for some other good options as well and more details, and just generally other recommendations and good resources.
Yeah, its just stupid on all angles. Nearly all security benefits of using iMessage over something like SMS go out the window entirely when using middleware like this. The only thing you gain is the color of your bubble and maybe some extra features. Overall its useless. If someone seriously thinks lower of a person or their social status of whatever because of the COLOR OF THEIR MESSAGE… that person has issues and I could care less about what they think of me, some self reflection could be nice.