• 36 Posts
Joined 3Y ago
Cake day: Jun 07, 2020


Private Browsers

(no Chrome based browser)

GrapheneOS is constantly being showboated by Ed Snowden which is a red flag and I did experience app contamination on it.

These are signs I can take you seriously, unlike most people out there. Also, very good recommendations to back it up. Generally I scoff at guide makers that either copypaste whatever info they find (without testing), or have particular tech agendas to push (Big Tech, closed source security).

I have also been thinking of writing a private life guide, since I literally created r/privatelife and c/privatelife. Whatever I recommend is in the form of threat modelling, non-root smartphone fortifications and Linux computing, but I have been thinking of it for atleast a year, trying to formulate something concrete in my head.

As someone who is a data hoarder/curator and dives into the deep ends of web abyss, I use Searx, Startpage and Yandex. I do not mind Startpage only because I no longer use search engines that much anymore. If something truly needs to be searched, Yandex is the absolute, untouchable king for web, image and reverse image searching, and is better than Google for privacy (very low bar but > Google/Bing).

Searx usually does deliver for the common use cases, and Startpage gives Google results minus SEO and sponsored trash.

If I were to rank them for results based on years of experience, Yandex is easily a 10 (ignoring its unbeatable image search), Searx with “default/all” language results a 7, Startpage a 5 (censors Russian/Chinese sources since it is based on Google), Qwant probably 3.5-4 (unavailable in many regions), Google 3, DDG and Bing 2. I am not sure how Metager, Mojeek and Kagi fare, but they probably perform somewhere between Searx with “default/all” language results and DDG.

Why Yandex is so above Searx metasearch is because its indexing is a lot faster than once a day, besides giving the experience of what Google was around 2009/10 and with no SEO crap. You will find the most obscure personal blog and website there, and DMCA bullshit does not work in Russia, which would work on any of these other search engines or metasearch instance owners.

Is this the r/VPN spreadsheet? They love affiliates. They once asked to partner with my r/privatelife subreddit, I pointed out some unreviewed VPNs and inconsistencies and they went silent.

Go to r/VPNTorrents, the only legit source of VPN info on reddit. Datahoarders and piracy people follow their advice. Ignore Techlore, PrivacyGuides and all those copypasta bloggers. They know nothing and are just quick enough to pick up on what’s trending among pirates and serious privacy advocates.

Any smartphone. You need no rooting for 99% of whatever fancy custom ROMs do, especially ones that sell snake oil in the name of security.

https://lemmy.ml/post/128667 You can use this guide for any Android smartphone made in the last 6-7 years.

Fairphone. Pixel is garbage. Fairphone gives you 3-5 years more security updates, and is thus more secure than Pixel.

Compress the video with Handbrake (HEVC @ CRF 24), send as split RAR files with 3-5% recovery record over any decent file upload site.

You are the one who introduced that detail about Hetzner. Nobody discussed using their hosting service. People were discussing cloud storage options and prices.

Oh no, its just GrapheneOS, other Android forks disallow changing keyboard and disabling network permissions! Has to be the most deluded form of advertisement.

Nobody is talking about using Hetzner.

User profiles are an Android feature, NOT a Graphene feature. You can use user profiles in any Android phone in the last 6-7 years.

Federation abuse allows for easy vote brigading and manipulation. For the past 2 weeks, I have been a victim of targeted vote manipulation. In the earlier days of Lemmy and after Reddit exodus, bot voting manipulation in hundreds and thousands was observed, with one even demonstrating this intentionally with a top Lemmy post.

Votes are not a priority factor.

Looks like I was missing in action, because Indians celebrate Diwali today, our biggest festival of the year. This is why I formulated rules against advertising, because this happens too often here. Will be on the lookout and more stricter. Some custom AOSP forks advertised and astroturfed will also face stricter action. A solid framework needs to be built.

This post is a troll post. Everyone seems to have missed the mark. But there are decent advice comments here, so what do I do now? OP wants to be humorous though, not malicious.

Either report it, reply what should I do, or maybe upvote enough if this post needs to be deleted.

Land of the free and privacy! The constitution and façade of good country presented through media just means they game optics to leech everyone, no matter citizens or the entire world.

That’s good, but this post is encouraging wrong conclusion. Camera permission is not the problem, instead the problem is VPN having nothing to do with camera. Using VPN configuration files should be the way, or logging into an account securely (ExpressVPN in this case).

Nothing is practical or significant other than iOS. My point was I am tired of this Calyx, Graphene, Iode, /e/ and all these groups magically calling their custom rebranding/skinning a different OS than Android. This is delusional and misleading for everyone, and anyone who does this should be condemned. This started back in the starting days of Android, when most of the OEMs started doing the same for false marketing purposes, followed by most XDA custom ROM projects that started appending -OS suffix.

There is no “OS”. Everyone uses Android with certain customisations, reskins and rebrandings. Android is the singular OS, unless you use iPhone or some non-smartphone.

You can get by without Google services, it is a bit inconvenient though, but you gain far more autonomy and independence, and are able to do things IRL without being a slave to their services. The best compromise IMHO is having that shitty $100 Googled (without account) Android for apps that need it and Safetynet DRM, that you never carry with you (Michael Bazzell recommends the same), while you have your degoogled/deBigTech’d phone with you as your sole primary phone. The only problem can be GMaps but OSM is equally or even better than GMaps in most instances except for the traffic nav feature.

I like that some people are aware of this. No metadata is also metadata.

Ubuntu with GNOME. GNOME is the best and most polished DE, period. Ubuntu is the distro with largest community support, and they are not filled with unwelcoming jerks like the ones in Arch community. It has enough tutorials that you might never even need to talk to a person to solve your few issues you ever get.

Here is my Linux/Windows computing guide to get you started. https://lemmy.ml/post/511377

That has stopped being an issue with 12 Bookworm, as long as you follow any decent guide or YouTube video tutorial on it. Learn Linux TV on YT, for example.

We are far from it, as enticing it sounds from Microsoft’s perspective. Microsoft will lose quite a bit (easily 20-50%) of marketshare the moment they go that way, from readymade offshelf machines’ preinstalls. The reason is simple – people no longer use computers, and do 95% of the computer stuff on their smartphones. And nobody will continue to pay for subscriptions for a computer that collects dust, unlike Netflix or Disney+ where people atleast use them twice a week actively. (And even streaming services becoming expensive is decreasing subscriptions and increasing piracy now.)

The blobs are a similar issue on traditional computers as well. This is something we are far from resolving until OpenISA like RISC-V become practically usable and purchasable for commoners.

AOSP is fully open source (LineageOS fork as well), and is not compromised or license/usage restricted by some developer/maintainer’s personal whims or crybully behaviour.

Zerush, Stantana and Xavier said the things I wanted to say in this thread. But they missed the biggest point – localised data storage, combined with learning data archival and compression.

Avoiding non-selfhosted or unencrypted cloud storage is not just the most ultimate form of metadata reduction, but also the biggest guarantee of preserving your data. Of course, minimised (or no) dependence on Big Tech SaaS is a progression after that in terms of metadata reduction.

Remember, freedom is the most important aspect, then privacy, then anonymity and below all that is security. Why? Because security is always a moving goalpost, the others are not. Freedom, privacy and anonymity will continue to mean the same throughout time.

That was not a generalisation, but a (perhaps confusing) way to convey this group exists in both FOSS and privacy community, attacking both, creating drama in both and normalising asshole behaviour and lies in general. I am well aware of the distinction, as a Debian user, and a Linux adopter since when W10 dropped. I advocate for both free libre OSS and privacy (if you noticed r/privatelife before).

Thanks for making me smirk a little with the WEI example. There is hope only in prioritising freedom AND democratisation of technology, everything else second, as principle. But I consider realism and use specific closed source software where needed, because the world is far from utopia. I have been a Netscape and Phoenix user since the beginning, only tried Chrome once for a few days around 2010s when it was being hyped in the Browser Grand Prix Wars and found it not worth the loss of freedom.

I would like to take this opportunity to show you how Micay and his acolytes and GrapheneOS members have time and time again evangelised Windows, MacOS, Google and Big Tech companies over the years.

This is one of the key reasons why I act as a defense line to protect Lemmy against their invasion. I stopped them completely on Reddit. I stopped them 2 years ago here. Now they are back, downvoting me with 5-6 alts, and I need community support. They are enemies of FLOSS, freedom and even many open source projects. All they do is create drama and spread hate, then when someone complains, they start crying. They are crybullies. Last year they even did this to me, trying to get me out of the way. https://archive.ph/acy2h

Its easy to see why “stepping down” means nothing, when you see that GrapheneOS is a one man army show, his GitHub says the same, and GrapheneOS commits tell the same story since April 2023 (when he told how there was a CP/gore spammer in his offtopic Matrix chat and he claimed to be swatted, no evidence or in local Canadian news in 5 months). Check his GitHub repo member list (flat hierarchy makes no sense), correlate with Matrix chatroom and Discourse admins/mods lists.

His whole game is playing with optics in the FOSS community, portraying his hobbyist stuff as professional even when his behaviour screams the opposite, and using labels like “lead dev”, as if many people make commits to GrapheneOS. Optics is the key word, which also plays into marketing fluff about features, mostly which are rebrandings like what OEMs do with tacky skins.

While things in life are not black and white, they are certainly not 45% and 55% gray either, but more like 20% gray and 80% gray. (I am a Pareto’s principle shill.) Most (not many) situations in life are just that, distinctly clear with no fog clouds. Nuance changing a situation’s dynamics is the exception, not the norm.

Fairphone is one of the top recommendations in my guide, and they now have 8-10 years of security updates as well (7y with FP3+ iirc).

All this is not to appease or stroke my ego (I have refused donations for my guides), but to refuse rewarding this IT brodude bullshit behaviour, and to put an end to it in the IT and FOSS/anonymous communities. The privacy community has been filled with illogical, conspiratorial nutjobs and assholes and I have been one to help clean it up myself for about 4 years now. I still fondly remember how r/privacy mod censored my r/privatelife subreddit with 26 members, and swore to clean this mess. Simply put, I am a meta-contrarian voice of reason that has and will go against anyone to say what needs to be told.

There are certain “security zealots” in FOSS community that shill Big Tech, dump on FOSS projects and promote typical IT dudebro asshole behaviours. I am documenting it since 5 years, so I am coming from a far different place, having seen it all. Being in their chatrooms, engaging with racists, IRL Nazis and absolute clowns has allowed me to see pretty much every trick they can pull.

The reason I called out the political affiliation is because as a leftist, cherrypicking and supporting/opposing issues is incorrect. IT dudebro behaviour is what GrapheneOS community staunchly supports and normalises, and is the root of many problems in tech sector.

Micay using the “autism” placard to dodge accountability is disgusting, and it hurts all autist and neurodivergent people. Micay is the embodiment of most of the worst kind of behaviours, and rewarding him by using his AOSP fork is one of the worst things you could do.

That is the ELI5 version, which is how I talk to people about technical matters. If you were to quote this 20 years later, it would require no further context and citation, and would still be a relevant comment. A lot of my comments are guest-blogging style mini posts. Generally one should have no further questions about picking a private and “secure” Android device for years after reading this.

Whichever system you can navigate through easily and freely, none of which is a smartphone. Smartphones are only temporary vessels on-the-go for calling, texting and photos/videos. Keep your computing as much as possible to a real, dedicated computer or laptop. Any mainstream Android phone in the past 3-4 years, if you do not root or unlock it, has been “secure” at this point, as long as you are not installing calculator apps that need your credit card info and camera access, and as far as your adversary is not the TSA airport agent with Israeli Cellebrite kit or you are not a state actor target for malware like Pegasus.

Funnily enough, Pixels have been horrifically insecure for a while now, besides their garbage QC issues. Google took months to fix these security issues for 6A, 7 series that were more easy to exploit than the security issues any other Android maker has had for the past few years.

Any decent Android phone post Android 9 version, provided you:

  • do not root or unlock it
  • you debloat it thoroughly
  • install apps carefully
  • put a firewall with nice DNS provider
  • restrict app permissions as much as possible
  • keep OTA security patches updated

is a secure phone to use. There is full disk encryption for years now, and iPhones are cheaper and easier to exploit than Androids since 5-6 years.

I have had a non-root smartphone guide for years now (https://lemmy.ml/post/128667), letting anyone have a private and secure Android device without any Safetynet tampering or bootloader unlocking complexity, which also allows to use Android Auto, bank apps and any of those Safetynet apps comfortably. This, to the best of my knowledge, is the Pareto frontier of usability, privacy and security on smartphones, provided you have an actual computer as well.

Someone made an Android app that allowed me to solve the issue of physical phone theft as well, effectively disallowing anyone (unless million dollar Cellebrite-like kits can exploit the stolen locked phone) to extract data out of your phone, in case someone took your phone on the street and ran away. This requires locked bootloader, which is the default state of any Android phone you purchase commercially, unless later unlocked or rooted.

This is not about “passion”. I have been monitoring and documenting the “security zealots” in FOSS community for the past 5 years. If you think that’s nuts, I recommend you take out an hour or two and go through this stuff. It will be worth it.



There is no conspiracy btw, regarding voting manipulation and sockpuppet trolling (they admittedly do it). GrapheneOS is by far the most vicious entity in FOSS/privacy community for a while now, to the point Techlore community openly calls them “rabid dogs”. Lemmy is just seeing this stuff afresh, what has been going on Reddit for over 3 years. They would have imported that culture onto Lemmy long ago, if I was not here for the past 3 years, and not a moderator acting as a defense line.

As for “security” and features of this AOSP fork, look no further. https://i.imgur.com/pQHoq84.jpg

There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things, them being offering:

  • instead of 16 character, 64 character password limit on lockscreen
  • PIN scrambling
  • Morula method of exec spawning instead of Zygote method used in most AOSP projects

Now, I will elaborate on these 3.

  • Elaborating on first one, it is kind of useless as you can see for obvious reasons.
  • For second one, you already understand why fingerprint avoids the issue of someone peeping at your PIN/password entered across your shoulder. Fingerprint is infinitely superior. Even more so with Android and iOS both offering biometric Lockdown features.
  • This one is somewhat half credible, but the goal is to destroy the memory blocks used by an app after it is exited, so that memory blocks do not retain essential text strings of data to exploit. For this, you can just go to Developer Options and enable “Don’t keep activities” and it will achieve the same effect as Morula method of exec spawning implemented by GrapheneOS.

So out of the 20-30 features GrapheneOS claims they developed, everything is either a modification of app permissions or firewalling or AOSP feature rebranding.

Also, as you may have famously heard about “Sandboxed Play Services”, it is not developed by GrapheneOS, but a project called ProtonAOSP, whose developer is kdrag0n. GrapheneOS copied that off and rebranded it as their own developed thing.

As you can see, GrapheneOS is basically a lot of marketing and in reality, there is negligible or nothing beyond the surface. This is called snake oil, or selling bridges/dreams.

A civil discussion is not possible with people that always lie about things for years (https://old.reddit.com/user/lo________________ol/comments/1314x2x/why_did_i_do_this/), then manufacture lies about how they were swatted to manufacture drama and gain fame, never to give evidence, label everyone neonazi or complicit in this hoax murder attempt, censor any attempts of being questioned and go underground, and use “autism” label to dodge accountability, and to be a witch hunting liar and an asshole to everyone.

Firefox 115 can silently remotely disable my extension on any site [Jeff Johnson’s blog]
I stan Firefox but I am scared about this to the point not much discussion exists on this.

Please report bad behaviours in accordance with Lemmy rules and Code Of Conduct! Here to cushion the
Lemmy is not going to be Reddit. It will not inherit the reactionary behaviours. Ensure civillity and disengage if uncomfortable. Have a good time!

Energized GitHub has been unmaintained since few months, and is showing 404 error on HOSTS files. He
cross-posted from: https://lemmy.ml/post/830873 > The HOSTS ruleset has been not maintained for a while, and that is not very helpful. This is a copy of Energized Ultimate from April 2022 that I am still using just fine. https://www21.zippyshare.com/v/qRxZ0lp9/file.html > > The various lists that Energized project used in combination can still be referenced. https://i.imgur.com/yZRDVAl.jpg > > I think **1Hosts PRO** is a good replacement, but try Lite or Pro whichever you prefer. https://github.com/badmojr/1Hosts You may try combining other HOSTS lists with this if you want to, and are technically adept enough. > > Another good option is **AdAway**, but you might need to combine other lists with it to have competent blocking compared to Energized. > > You also need to reference, download and merge spam and phishing lists manually if you want extra protection, unless you want to rely solely on DNS providers. I prefer having both HOSTS ruleset systemwide and a DNS provider, then whatever network firewalling/tunnelling is needed.

[X-post] [WRITEUP] Criticism of r/privacy, r/PrivacyGuides and GrapheneOS communities, moderators an
The purpose is only for this to reach more audiences. I have documented this over many years.

r/PrivacyGuides restored citation-less slander post as facts, and GrapheneOS community sockpuppet th
cross-posted from: https://lemmy.ml/post/143981 > Mod statement: https://np.reddit.com/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/hs1dxux?context=3 > > https://i.imgur.com/LahmNkO.jpg > > dng99/dngray has branded a citation-less slander post as facts. These are the "community standards" of r/PrivacyGuides. Always remember this. > > u/trai_dep, the record stands corrected once again > > Moreover, my theory about GrapheneOS community using sockpuppets is true, as confirmed by... > > https://np.reddit.com/r/fdroid/comments/rxtc14/came_across_this_thoughts/hs1o6no?context=3 > > https://i.imgur.com/JX6uTpx.jpg > > Tommy_Tran = B0risGrishenko (OP of slander post). Thanks for confirming my GrapheneOS community sockpuppet theory.

r/PrivacyGuides is allowing a personally targeting post with my name in post title currently, slande
https://teddit.net/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/ This is one of key GrapheneOS community members doing it, and r/PrivacyGuides has the same moderation team as r/privacytoolsio before, and the main moderator of r/privacy is also same. Has anyone seen this kind of behaviour in overall privacy community? Edit: https://ghostarchive.org/archive/ttkkU reddit post archived

100% FOSS Smartphone Hardening non-root Guide 4.0
https://lemmy.ml/post/128667 Crosspost but the guide body is so long, I had to break it into 5 parts.

[TINY GUIDE] How to stay safe from Pegasus and most social engineering malware these days
cross-posted from: https://lemmy.ml/post/74540 > Hello! I think it is a nice time to re-mention some 101 tips of IT security for folks here, that I also practice. Pegasus malware investigation will be big news for a good while, so the more awareness it helps spread, the better. > > # RULE 1 > > DO NOT CLICK ON RANDOM SMS AND EMAIL LINKS. Please, do not do this, ever. Just do not do it. Do not do it. Do not do it. Do not do it. > > Yes, that is how many times I repeated that line. That is how important this rule is. > > Also, do not download random email attachments. > > Phishing is such a common tactic that one would think this problem has been solved by now, but it has not. > > # RULE 2 > > Keep OFF auto download of photos, videos, documents and so on on WhatsApp, Signal and such apps. > > Drive by downloads being self executable surprise bombs is not a new thing. Basically, this rule is similar to keeping off AutoPlay for external USB sticks on Windows computers. > > # RULE 3 > > Avoid using popular software too much. > > I get it, this is a hard rule to workaround considering how much we need to use WhatsApp, Signal, Telegram and so on, so it is a lot better to compartmentalise your activities among multiple messengers. > > Pegasus and a lot of specialised malware uses zero-days to be able to design zero click deployment tricks, which is what these government surveillance tools are good at reserving. They use their millions of dollars of funding and R&D properly, so you have to be careful. > > As an example, try to keep WhatsApp internet turned off most of the times via NetGuard, and turn it on only when needed, a good method I have earlier suggested as well in my smartphone hardening guide. > > # CONCLUSION > > Those were some thoughts on the top of my head, before I go to sleep. Stay safe against surveillance! And feel free to ask whatever you want to!

[Belarus, Russia] How ProtonMail Lost the Public Trust it Needs to do Business [Moon Of Alabama]
cross-posted from: https://lemmy.ml/post/67987 > A fellow sent this to me, providing proof of how ProtonMail is vulnerable to state actors and for any activism or non-regular activities.

[PDF] Apple Transparency Report: Government and private party requests [Apple]
cross-posted from: https://lemmy.ml/post/60334 > Summary > > Out of 170K device requests, USA made ~56% (82% complied), Germany made ~11% (81% complied), China made ~8% (94% complied), Brazil made ~5% (85% complied) and Japan, South Korea, Hungary and Sweden made ~2% (~84% average complied). > > Total compliance rate is 80% according to Apple. > > For 85% of 31K iCloud accounts, user data was provided by Apple upon requests. 58% of these came from USA.

Comment section for 100% FOSS Smartphone Hardening non-root Guide 3.0 (for normal people) ft. some a
Guide: https://lemmy.ml/post/54596 I locked that post due to Lemmy limitations for post word limit, and commenting on post would have spoiled the rest of guide put in comments as a hack.

Check if your email leaked https://cybernews.com/personal-data-leak-check/

Smartphone Hardening non-root Guide 2.0 (for normal people)
(1/2) Lemmy does not allow too long post walls **UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. ~~This guide is nearly FOSS supported now.~~** **UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.** Hello! I am the founder of /r/privatelife . Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious. **A kind request to share this guide to any privacy seeker.** #User and device requirement * ANY Android 9+ device * knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me) #Why not Apple devices? iPhone [does not allow you to have privacy](https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d) due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was [discovered](https://9to5mac.com/2020/08/01/new-unpatchable-exploit-allegedly-found-on-apples-secure-enclave-chip-heres-what-it-could-mean/) in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable. 17/9/2020: [Apple gave the FBI access to the iCloud account of a protester **accused** of setting police cars on fire](https://www.businessinsider.com/apple-fbi-icloud-investigation-seattle-protester-arson-2020-9). Also, [they recently dropped plan for encrypting iCloud backups after FBI complained](https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT). They also collect and sell data [quite a lot](https://i.imgur.com/n8Bk0bA.jpg). Siri still records conversations 9 months after Apple [promised not](https://www.theregister.co.uk/2020/05/20/apple_siri_transcriptions/) to do it. Apple Mail app is vulnerable, yet Apple stays in [denial](https://9to5mac.com/2020/04/27/iphone-mail-vulnerabilities-2/). Also, [Apple sells certificates to third-party developers that allow them to track users](https://www.theatlantic.com/technology/archive/2019/01/apples-hypocritical-defense-data-privacy/581680/), [The San Ferdandino shooter publicity stunt was completely fraudulent](https://www.aclu.org/blog/privacy-technology/internet-privacy/one-fbis-major-claims-iphone-case-fraudulent), and [Louis Rossmann dismantled Apple's PR stunt "repair program"](https://invidio.us/watch?v=rwgpTDluufY). Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far [cheaper](https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/) to do than Android. ----- #LET'S GO!!! **ALL users must follow these steps before "for nerdy users" section.** **Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.** * **Sign out all your** Google and Huawei/Samsung/other phonemaker **accounts** from your device so that Settings-->Accounts do not show any sign-ins **except WhatsApp/Telegram** * Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/ * Use ["Universal Android Debloater"](https://gitlab.com/W1nst0n/universal-android-debloater) to easily debloat your bloated phone. NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/ * **Make DIY camera covers**, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). [**My rear camera cover**](https://i.postimg.cc/T37Qvc52/image.jpg) * Install **F-Droid app store** from [here](https://f-droid.org/en/) * Install **NetGuard** app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS] NOTE: NetGuard with [Energized Ultimate](https://block.energized.pro/ultimate/formats/hosts.txt) HOSTS file with any one of the above mentioned DNS providers is the ultimate solution. NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS * In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below: 1. https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo?fingerprint=8F992BBBA0340EFE6299C7A410B36D9C8889114CA6C58013C3587CDA411B4AED 2. https://apt.izzysoft.de/fdroid/repo?fingerprint=3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A 3. https://guardianproject.info/fdroid/repo?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135 Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu. ----- ###LIST OF APPS TO GET * Get **Firefox Preview** web browser from F-Droid (install uBlock Origin addon inside ([if technically advanced, try doing this](https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode))). Also get **Firefox Klar** if you like a separate incognito browser. * Get **Aurora Store** from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in * for 3rd party APKs source them only from **APKMirror** OR **APKPure** OR **APKMonk**, quite trusted, BUT **TRY AND AVOID IT IF POSSIBLE** * Get **Privacy Indicator** from F-Droid for **iOS 14 like camera/mic dot indicator feature** * Get **OSMAnd+** from F-Droid or **Qwant Maps inside web browser** for maps and/or print physical maps if you live and travel in one or two states or districts. NOTE: Qwant Maps has better search results than OSMAnd+ * Get **PilferShush Jammer** from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking) * Get **OpenBoard** (user friendly) OR **AnySoftKeyboard** (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware * Get **FTP Server (Free)** from F-Droid and **FileZilla on computer** for computer-to-phone internet less file sharing NOTE: for phone-computer sync or sharing, can TRY **KDE Connect**, available for Android, Windows, Linux * Get **TrebleShot** instead of SHAREIt for phone to phone file sharing * Get **K-9 Mail** or **FairEmail** as e-mail client * Get **NewPipe** for YouTube watching, or YouTube in Firefox Preview/Klar * Get **QKSMS** from F-Droid as SMS client app * Get **Shelter** from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal) * Get **SuperFreezZ** from F-Droid to freeze any apps from running in background * Get **Librera Pro** from F-Droid for PDF reader * Get **ImgurViewer** from F-Droid for opening reddit/imgur/other image links without invasive tracking * Get **InstaGrabber** from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is [here](https://github.com/austinhuang0131/instagrabber/releases), thanks u/sad_plan ) * Get **GreenTooth** from F-Droid to set Bluetooth to disable after you have used it * Get **Material Files** or **Simple File Manager** from F-Droid for file manager app * Get **ImagePipe** from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date) * Get **Note Crypt Pro** from F-Droid for encrypted note taking app * Get **Vinyl Music Player** from F-Droid for music player * Get **VLC** from F-Droid for video player ----- ###CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things. AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us. Now that you would have set up your phone with installing apps, now is a good time to perform this procedure. Step 1: Install **AppOpsX** from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/) Step 2: Plug phone to computer, and enable USB debugging in Settings --> Developer Options (you probably already did this in the starting of the guide) Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app. Step 4: On computer, type commands in order: ```adb devices``` ```adb tcpip 5555``` ```adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &``` Step 5: Now open "AppOpsX" app, and: * disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al. NOTE: Most apps that have text field to copy/paste text require this permission. * disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitor/stack special apps. * disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+) (2/2) in comment below.

[x-post] r/privacy moderator deleted my smartphone hardening non root guide after the admin reportin
Post linked here: https://www.reddit.com/r/privatelife/comments/h8hsdh/exclusive_rprivacy_moderator_deleted_smartphone/ Wanted to share this as an extensive timeline proof of how the reddit privacy communities and moderators censor constructive critics. The readable mirror of my guide is here: https://old.reddit.com/r/privatelife/comments/et8e3o/smartphone_hardening_guide_for_normal_people_with/ And here: https://dev.lemmy.ml/post/34217