Hi, I’m Miss Brainfart.

I’m afraid of sharks, with the exception being blåhaj. What could that possibly mean, huh.
(That’s not a hint, I genuinely have no idea)

Lemmings can also find me @miss_brainfart:catgirl.cloud on Matrix, if they desire to do so for e2ee reasons

  • 2 Posts
  • 208 Comments
Joined 1Y ago
cake
Cake day: Jul 17, 2023

help-circle
rss

Does Connect You work for you? I can send messages, but if someone replies, the notification only shows their number instead of the name I saved them as, and the reply doesn’t show up in the chat itself


What users often do not realize is that almost all such notifications travel over Google and Apple’s servers.

So on the Android side, is an app safe from this if it doesn’t rely on Firebase Cloud Messaging?


They might not know know, but there sure can be a lot of meta data one can use to determine that a person goes to school, where it might be, and what school it most likely is.

Or someone else straight up posted the information publicly. That’s always a possibility you have to consider.

Either way, isolating certain websites and services from each other and/or the rest is certainly a good practice to limit what they can gather about you. If you don’t do that already, that is.


Now for the important question though:

Do they allow the user to uninstall those apps like any other app?


  • no bloatware

Does it come without GApps? Most people don’t need half of those



Okay, the funniest part about this is that even with all the bullshit Twitter/X does nowadays, those ads actually violated their terms, too.

That is hysterical.

Dear EU Commission: What the actual fuck.


One of the reasons why I like my desktop PC so much is that both webcam and mic sit in a drawer and are only plugged in for when I actually need to use them.

Android at least has the setting in developer options to disable sensors, which includes gyroscope, camera, mic and gps, I believe.

But core system services still have permission to override this setting. Which makes sense, you don’t want your dialer app to break when calling emergency services.

But it does make me think, is Androids’ sandboxing of an app enough to prevent it from abusing this possibility?


Your info won’t be used for ads means exactly that, nothing more, nothing less.

They will still collect this info, they will continue building a profile of you, and they will continue selling this data.


They do their best to use the number in ways no one but your contacts who use Signal can actually see what that number is, to be fair. And you’re still private either way. What a phone number breaks is anonymity, which is something they don’t explicitely claim to give you. (I think)


Aw, the instance I use doesn’t seem to have it (yet?)


Huh, throws a server error 500 indeed.

Cool resource though, they basically list all kinds of products, both digital services and hardware appliances, sorting them after how well they deal with user privacy.


I always forget about that one. It’s also the one that serves as the basis for DivestOS’ System Webview, which is pretty cool


Mull is the best mobile browser based on Firefox imo. If you really want or need something Chromium based, then I’d go for Cromite.


Even the ones who actually want to respect the law won’t spend the time to double-check GDPR compliance with every little thing they do.

Almost everything that’s ever happened is a violation of article 44. In fact, the EU supreme court (I guess you’d call it) declared pretty much all EU-US data transfers from the last 20 years as unlawful. Fun.


If you’ve ever had a contact allow a service to read their contacts, you are in their database.

If this happens in a professional context, this can be a violation of article 44 of the GDPR. I don’t know where exactly I’m going with this, but at least there are some laws around that, I guess.


I was going to ask if the Irish DPA decided that on its own, but of course they had to be instructed to do so. They seem to love protecting Meta, looking at recent years


They have a lot to do with encryption. As an example, Signal and Matrix use different encryption standards. So to get a message across, it needs to be decrypted mid-transit, to then be re-encrypted with the protocol of the recipient.

Any one of your contacts can set this up without your knowledge or consent, and then there’s a gap in the encryption. They can just freely give away the keys to their chats they have with you, and now a third-party has the means to decrypt your messages.

That’s pretty fucked if you think about it, but there’s not much you can do.

Sure, it’s not a huge problem if the service doing it is verifiable to have good security and doesn’t snoop, but it’s still adding another link in the chain to trust and to keep intact.


I think it’s very much necessary to insist on our right to privacy. Personal chats not being encrypted should be a clear and absolute NO for anyone.


Telegram doesn’t surprise me, chats aren’t even encrypted per default in some instances (group chats, I believe?)

But then again, how solid is any encryption if Matrix bridges can exist?


your old messages magically show up without you having to provide an encryption key

Do they? I thought you had to explicitely back them up to get them on a new device. At least that’s how it was when I still used it.


Many people put privacy, security and anonymity all in a single basket. While they often go hand in hand between one another, they’re still fundamentally different things.


Didn’t Micay announce in May that he was going to step down as lead developer and head of the foundation?

Still though, him being a massive dick doesn’t mean Graphene is a bad system all of a sudden. As I said before, it’s a case of personal principles vs practical use, and people will decide whatever they’ll decide.

People are complex, and this kind of decision-making simply isn’t as black and white as you’d like it to be. (And don’t get me wrong here, there certainly are many situations where it should be)

Anyway, I guess you’ll be happy to hear that sustainability and repairability in form of a Fairphone is ultimately more important to me than being able to use Graphene.

That’s likely the route I’ll be going whenever DivestOS doesn’t support my device anymore.


If you were to quote this 20 years later, it would require no further context and citation

See, I genuinely appreciate the thought behind that. It’s just that the way you word things sounds like an uncomfortable mix between aggressive, a dash of condescending, and getting worked up about others not accepting „the one truth“, so to speak.

Again, I appreciate trying to raise awareness.
But firstly, roll back and try other ways of doing it, and secondly, you can’t force decisions on others.

You have to because you are XY political affiliation

No, just stop saying stuff like that. Seriously, it doesn’t do you or your cause any favours.


That is the most elaborate way of dancing around a simple answer I have ever seen, I am impressed.


Marketing, lies and deception aside, what is the most secure and private Android system?


Okay, first of all: Chill, and let me lay out an observation here.

You are very passionate about that topic, maybe a little too much. The way you talk about it is too heated, and gives people the idea that a civil discussion might not be possible.

The fact that you immediately start conspiring about where your downvotes come from doesn’t make it any better.

Now, the issues you describe are very much real, and a problem. There are merits and downfalls in each project, each one handles these differently, and it is for us to decide how to react to that.

So, you’re saying that as a reaction, I should neither use Graphene nor DivestOS, am I understanding this correctly?

What then? Compromise my privacy by using less optimal systems? Why would I do that?

Doing things out of principle vs doing them out of practical use is something this community is quite aware of, isn’t it. Sometimes the decision isn’t easy, sometimes it is.


Well, I do oppose this kind of behaviour, but I also want to use a system that fits my needs.

So what should I do? Making more people aware of issues is often the best we can realistically hope for.


I’ve heard of the general toxicity years ago already, but I will take no part in this drama and use whatever system fits the bill


Well, the table in the link OP posted does a good job of showcasing it


  • This website needs JavaScript to display the most basic content, have fun with a blank page otherwise

No bs in form of additional apps, but the core system itself does very little in terms of improving privacy


I’ve been using it for almost two years now, and I like it a lot. (small disclaimer, I’m running it on a OnePlus 5T, which is one of their so-called golden devices that it runs best on)

It’s pretty much the next best thing after Graphene, if you don’t want to buy a Pixel.

The guy who maintains it does an excellent job of documenting issues, what works on what device, what the system itself can and can’t do, it’s very transparent.

He doesn’t overpromise either, and explicitely states that getting a Pixel with Graphene is the better option overall. Greatly appreciate the honesty.

I’ll use it for as long as he’ll support my device, and then we’ll see if I switch to Graphene.

One important thing though: While you can install microG, DivestOS doesn’t officially support it, and while most things work, some don’t. SafetyNet, for instance.


I’ll be sad about that, but neither can I afford a new phone, nor would it be sustainable to buy one


Using Tor Browser with anything but its ootb configuration defeats the whole point, so… no


Getting a Pixel just to have Graphene is not always an option. At least not a sensible one that factors in everything that’s important when buying something.

My current phone still runs perfectly fine, so getting a new one feels like a massive waste, too.


DivestOS absolutely slaps. Well, all things considered

Edit: It’s absolutely fantastic for what it is, and that is fact. Maintained by a single person, well documented, and doesn’t promise more than it can deliver.


They never specified this subscription removing anything but ads, soooo

yeah, absolutely


We are dedicated to safe and ethical advertising practices

Mates, that ship has long sailed



Beeper - Has there been an independant audit yet?
*Let me edit in one more relevant info: I don't use it, but my contacts may or may not use it.* For those who don't know, Beeper is an app that aims to unite all your messaging apps into one. To do this, it makes use of Matrix, bridging all those services together. So far, so cool. However, since different services often use different encryption protocols, messages between those services and Matrix have to be decrypted on Beepers' servers, before being re-encrypted with the protocol of the recipient. They are completely open and transparent about this (which I can very much respect), and state that chats on their servers are encrypted, so they can't read them. Still though, decrypting mid-transit kinda throws the whole *end-to-end* part out of the window. Some might say that everyone needs to decide for themselves if that's a problem. But the issue with that is that if you decide to use Beeper, you also decide that every person you chat with is okay with it. Not very cool in my book. That's where the question asking for independant audits comes in, because I certainly don't have the expertise to look at their code. If everything is safe from attackers, then cool. But me for example, I switched to Signal specifically for verifiable and proper End-to-End Encryption, so chatting with someone who uses Signal through Beeper kinda defeats the point. Because, how does Beeper even get what they need to decrypt a message I send to a Beeper user? I don't consent to a third party decrypting my messages, simply because one of my contacts uses their service. That is fundamentally wrong in my opinion. What are your thoughts on this?
fedilink

I received messages about an account that wasn't mine, to an email address that wasn't even the one I used back when I still had Discord. It seems to be them, their address is correct, and is properly signed as far as I can tell. What is even going on here. Come on, Discord.
fedilink