Wordpress the software is open source and isn’t known to do anything shady. Wordpress.com the hosted CMS product uses tracking pixels.
I’m old enough to remember the web being primarily text, and turning off automatic image loading being a good way to see fewer ads. I’m old enough to remember popup windows and popup blocking.
I suppose the underlying issue is that if something I don’t like happens on my computer, my first thought is to look for a way to change it, and most people don’t think about computers that way. I’m sad that most people don’t think about computers that way.
I haven’t moved to a privacy OS on Android yet because of money.
That’s entirely reasonable. You can still block most ads if you want to:
- You can use a web browser that supports extensions. That includes Firefox and its various forks, and perhaps surprisingly, Microsoft Edge. uBlock Origin is still available for both, despite Edge being Chromium-based and Google trying to cripple adblockers there.
- You can use web, rather than app versions of most services so that they’re covered by the browser’s adblocker.
- You can use DNS-based adblocking to reduce ads where you need/want to use apps that display ads.
“But personalised ads are really convenient!”
Not seeing ads is really convenient, and I have trouble understanding why anyone wouldn’t block ads aggressively on every device they spend much time using in 2025.
To cover a couple common objections:
It’s a corporate/institutional device and I can’t
Then it’s the institution’s IT department I’m puzzled by. If I was running corporate IT, ad blocking would be part of the standard install. The FBI recommends it for security.
The device is too locked down for that
Why would you buy such a device, or continue using it now that you know better?
Someone logging timestamps for messages received on both ends of a conversation would be able to determine that two people are probably talking to each other given enough data. Signal is probably not doing that, but Signal’s other security guarantees provided by an open source client that encrypts communications end to end hold even if the organization was infiltrated or taken over by a bad actor. The anonymity of participants in a conversation is not protected as strongly as the contents of messages.
I’ll expand this question to my entire social circle.
I haven’t found that anybody cares about my email provider. It doesn’t affect them because email is federated. Nobody has ever asked me why I’m mailing them from a domain I own rather than a service provider they’ve heard of.
Where I do run into a lot of resistance is trying to get people to use Signal. Some people seem to find the concept of having multiple messaging apps objectionable, which has never made any sense to me as long as they have basic computer skills. On occasion, I’m on the other side of that conversation when I’m unwilling to use Facebook Messenger for reasons that should be obvious to anyone in this community.
I understand Lemmy doesn’t provide a way to fuse multiple signals like the combination of a high-reputation account with a low-reputation IP address and it would be too much to ask volunteer server admins to develop their own. I’m OK with that answer. I don’t expect to dictate the terms by which they give me free services.
The part I didn’t like was their dim view of the fact that Mullvad actually provides privacy to its users. I believe private internet access is valuable to the world even if it enables some harms.
Over the past few years, there has been a great increase in websites using geoblocking. Half the local news sites in the USA block traffic from the EU for example, likely because they want to inject 300 advertising trackers in a manner that would violate EU law. I’ve been using Mullvad for years, and I am happy with it.
Sometimes lemmy.world blocks me from posting from it, which I am not happy with. They were even critical of its strict privacy stance, which I found to be a weird take from a fediverse project.
I played with it briefly. It looks like a good choice for a situation where security is paramount and the people involved are reasonably motivated. I don’t have those needs, and nobody I know has asked to connect with me using it.
Signal, on the other hand is a familiar experience for most people with no new concepts to learn, and popular enough that I think most people will find a number of contacts already using it.
It does not have the option to encrypt group chats last I checked, and even the one-to-one encryption is not particularly well-liked among security experts.
This isn’t about casual chats with friends and family, but political activism against the actions of a country. People doing that should be willing to put at least a trivial amount of effort into security.
I assume for bribes of some sort from Google
This one is stick, not carrot: apps are generally required to use Google’s notification system to be allowed in the Play Store.
Signal gets notifications without GMS. I think battery use and latency are a little higher. Molly, a fork can use UnifiedPush for better results.
Asking people to leave things means they’re losing a line of communication to friends, family, and interest groups who still use those things. It’s probably more productive to ask people to add the services you prefer rather than leave the ones they’re used to.
I’ve encountered some resistance from Americans who use iPhones and hate the idea of adding a third-party messaging app. None of them seem very interested in justifying that position.
Getting around Google’s attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module. It’s also a good idea to put the apps in question on the Magisk denylist. I’ve been using this for years with good results and would not describe it as “a lot of things”.
Is that from installing an app or from install a malicious ROM?
A malicious app could modify the OS, but it would need root permissions. There are three ways that can happen:
- The app exploits a privilege escalation bug in the OS. This can happen even if you don’t have root access yourself.
- The app exploits a bug in a superuser permission manager (e.g. Magisk) to gain root privileges without prompting you.
- A previously legitimate app you’ve given root privileges to gets a malicious update (a supply chain attack).
A malicious ROM is certainly possible. Some random person’s LineageOS fork is slightly less trustworthy than its maintainer (due to supply chain attacks).
Privacy isn’t binary.
LineageOS without Gapps won’t send information to Google unless you install something that does. It won’t do a whole lot to prevent apps from collecting data like GrapheneOS does so it’s up to you to evaluate the privacy implications of anything you install.
A locked bootloader protects against two attack vectors: malware modifying the operating system at runtime, and an unauthorized person with physical access installing a malicious operating system while you’re not looking (an “evil maid” attack). The former is rare on Android. The latter is rare unless you’re a high-value target or dating an abusive hacker.
messengers started to E2EE
This is a big deal. I’ve had the archetypal non-technical user, my mother send me a PGP encrypted email. It will probably come as no surprise to anyone who has done so that this did not become our default.
Now the majority of our messaging and calling is via Signal. It’s effortless.
You’re not surprised. I’m not surprised. People who end up with this feature enabled without having fully understood it or intending to turn it on are surprised.
I’m not sure how much of this is people not thinking things through and how much is Meta being scumbags. There’s probably a little of both.
a lot of them are falling for the privately educated ex city trader Farages nonsense that he’s a “man of the people”
This parallels Trump, but I think it’s mostly not that people are really fooled into believing these wealthy politicians are just like them. I think the attraction is more that the current system isn’t working for a lot of people and hasn’t been for a long time. Someone who offers to tear it down can attract a large following even if they don’t have a good proposal for what to replace it with.
It took a while for me to see that because I find the racist and nationalist beliefs of the likes of Trump, Farage, and the AFD so appalling it’s hard to see anything else.
I never said anything to that effect. The ancestor comment discussed running Signal for Android inside an Android emulator for account creation, after which it could be linked to Signal desktop.
Someone could presumably fork Signal desktop to allow the scenario you’re describing, but I’m not aware of any such efforts.
If you are trying to get the Wordpress software and install it on a server you own or web hosting account you pay for, yes.
If you’re trying to do something else, like sign up for blog hosting from a privacy-respecting service provider without having to administer software yourself, then no. If you want recommendations for services like that, you should probably make a separate post asking for that, with as much detail about what you want to do and whether you’re willing to pay for it as possible.
Edit: I see you did make such a post. If you’re “not tech savvy” as your post says, I don’t recommend administering Wordpress yourself. While it’s something nearly anyone can learn if sufficiently motivated, it’s much more effort for someone without a technical background.