Sadly, NOAA is prohibited from making their own weather app. God bless America.

What do you think of weather apps from F-Droid?

Do TOR Browser and Orbot have proprietary libraries?

Don’t worry, I handed out my Instagram to some people who requested it and those connections fizzled out just as easily.

Could be down to me only ever checking it on a designated laptop once a week, but in my opinion, if it comes down to an Instagram account and regular app access, can’t even exchange SMS numbers to text, then it’s already a tenuous connection.

Funny enough, I didn’t even make my own Instagram account. My friend really wanted me to be on Instagram so he went ahead, made it under my name, and handed me the keys. You probably can’t do this nowadays due to security checks, unless you’re Meta making a shadow profile kinda like my friend did for me. I’m just sitting on the shadow profile that would exist anyway, trying to contribute as little as possible.

I’ve been using purelymail.com, $10 a year gets me just what I need, which is as many independent addresses and inboxes as I would reasonably need under a parent account. It is what it says on the tin, so there aren’t any extras like file storage. Granted, there is a bus factor associated with Purelymail since it looks like a one-man operation for now.

I’m not qualified to speak on cloud-based calendars since I design and print my own.

The one thing that stood out about Purelymail to me was having not just aliases, but fully separate inboxes. But I’d also suggest checking out Tuta, Posteo, mailbox.org, and FastMail. I had also used Proton and was considering upgrading my plan. What kept me back was the web interface getting heavier by the year and having to install Bridge to use another client wasn’t my cup of tea. E2EE is certainly a good feature, but I’ve never found myself sending an email to another Proton user and therefore have never taken advantage of it.

I see. I’m notorious among colleagues for going the extra mile and putting Whatsapp on a separate phone, which I only check on a routine. Hoping that there’s a category of notifications can be disabled for ads, but no big loss if the notifications should be shut off altogether.

There’s the Whatsapp web client on F-Droid: https://f-droid.org/en/packages/io.kuenzler.whatsappwebtogo/

But it still requires the official mobile app for the initial login. When I used it, logging in once seemed to be good for a few months, as long you open it from time to time. There’s also a Whatsapp clone that seems to support login, but I haven’t tried it and it hasn’t seen updates in a couple years: https://github.com/KhubaibKhan4/Whatsify-Android

Same here, not yet at the point where I can convince all my colleagues to switch over. Why disable notifications in particular?

Wondering the same. I’ve been hoping to hold off on a new Pixel until the new EU battery laws take effect (also, where the hell is concept art for a new generation of user-serviceable batteries?).

You know those factories that pump out iPhone clones? Honestly, I’d love to get whoever runs one of those hooked on GrapheneOS. It’s damn impressive how they can set up the tooling, clone the iOS UI, and sell it all for cheap within a couple of months. And without the kickback Google gives for pre-installing Google Play or whatever. Imagine that effort being put towards a phone just for GrapheneOS.

Admittedly, someone who makes iPhone clones is probably not someone who thinks about security much, but my point is, I really wish someone stepped up to produce phones with first-class support for GrapheneOS.

More realistically, I’m banking on the passion of the folks at GrapheneOS. Should Google pull the plug one day, I’m hopeful the GOS team can recommend a plan of action until a more GOS-friendly device shows up. Worst case scenario, I’ll keep my Pixel with GOS kicking around and have a separate device with regular Android. It’ll be just for the apps that demand spying, shut off at night, and I’ll minimize travelling with it.

Some companies like to roll out just an app with no desktop equivalent. An Android phone with the SIM taken out is also one of the few ways to create a new Google account without disclosing your phone number nowadays.

My first instinct is to recommend a recent Pixel with GrapheneOS:

• Make sure to buy a factory-unlocked model so that it’s not locked down to the stock OS. Preferably also gently-used second-hand so no money goes directly to Google.
• Of the options, GrapheneOS gives you the most compatibility, security, and updates.
• Installing GrapheneOS can be intimidating at first, but it’s pretty hard to mess up if you install through a Chromium-based browser.

I’ve also used CalyxOS and it’s a solid option that supports a few models outside of Pixels. But if you end up needing Google Play Services, you’ll be stuck with its replacement microG, while GrapheneOS offers sandboxed full-fat Google Play Services. While still secure, it’s not the hardline security of GrapheneOS.

I have no experience with FairPhone or Linux phones. Fairphones’ main attractions are the easily replaceable battery and microSD slot. Linux phones are still too cumbersome for the regular user to daily drive.

EDIT: see also this table comparing privacy-focused options https://threecats.com.au/comparison-of-custom-alternative-android-os-roms-grapheneos-divestos-calyxos-iodos-eos-lineageos-stock-android-aosp

In the US, AT&T, Verizon, and T-Mobile have an oligopoly over the cellular infrastructure. All of the other carriers (MVNO) just piggyback off the infrastructure of the big three. Traditional voice calls and SMS (“green bubble”) texts are unencrypted and logged, no matter the carrier. Carriers can also perform cell tower triangulation and track the IMEI, which is permanently associated with your phone, surviving even an OS reinstall.

One way you may try to avoid handing over identification at activation or payment for cell service is to buy a 1-year prepaid SIM with a prepaid gift card to a trusted friend’s or otherwise shared mailbox. Or buy a prepaid SIM at a brick-and-mortar store with cash and top off with refill cards thereafter.

Common vulnerabilities: Tracking by carrier, including cell tower triangulation, SMS, and call logs.

Non-smartphone specific vulnerabilities: Lack of security updates. However, the data to be exfiltrated from a non-smartphone is limited. If it’s only call logs and text messages, everything’s already compromised by virtue of the carrier. So the level of concern will vary with your threat model.

Smartphone-specific vulnerabilities: Tracking by apps, manufacturer, OS vendor, or just about anything that can take advantage of the smartphone’s computing power. More data to be exfiltrated if it falls to a security vulnerability.

Smartphone-specific advantages: Can be run Wi-Fi only to avoid tracking by carrier.

Can relate. I have a phone with stock Android and a removable battery for anything won’t or I’d rather not have on my primary GrapheneOS phone. I only ever plug in the battery as needed and when I’m settled at the safety of my desk.

That’s quite appalling. Might try out LeOS, also curious why it isn’t brought up more often. Perhaps because the color scheme screams “I paid for all 16’777’216 colors so I’m gonna use them all!”? Not a dealbreaker for me, but if you have used it, is there an option for less colorful icons?

Also got the same impression back when I used XScreenSaver from jwz. I looked in to customizing the logo shown on the login dialog and some of the screensavers, only to find a rather preachy write-up on the advantages of XScreenSaver and a very stubborn affirmation that the logo is hard-coded and should not be changed because it is the identity of the program or something.

Limitations

• Debian with XFCE: I want all of my Linux machines, both older and newer, fast and slow, to be consistent, with the GUI customized to my taste. I accept that I will miss out on whatever security benefits Wayland or distros like secureblue may provide.

• Networking: In the grand scheme of things, I know jack shit about networking. OPNsense, Pi-Hole, VPN, etc. would probably help my cause but I have yet to implement many network-based measures.

• Corporate conveniences: There are colleagues I need to reach with Whatsapp or SMS and there is software for my job that requires Windows. I try to sequester all of this among my work devices.

All of my frequently-used computers on Linux have “hardened Debian”

• hardened to the best of my ability according to Madaidan, with compromises to avoid obstructing day-to-day work
• LUKS encryption
• MAC randomization
• Mullvad DNS
• Hyper-threading disabled
• Rootless Xorg
• Firewall defaulting to deny
• unattended-upgrades
• LibreWolf
• Passwords in KeePass

Personal devices

• Desktop: The usual software. Non-FOSS components are mostly gaming-related.

• Server: Jellyfin, NAS, Local LLM / Stable Diffusion, and secondary workstation, each hosted on LAN in their own VMs. SSH password authentication disabled. Would like to set up a VPN so I can access it away from home someday.

• Backups: weekly to server, which is pulled to an offline encrypted 8TB disk about monthly. Repeat for the off-site disk that I store in a drawer at work.

Phone:

• Pixel with GrapheneOS and FOSS apps only
• Messaging primarily using Molly (Signal client)
• Email from important work and family contacts forwarded to my inbox on PurelyMail
• Looking to get a non-KYC eSIM once I learn how to pay in Monero
• Mullvad DNS

The “DMZ”

• Tablet: Samsung Tab A7 Lite received as a gift. Installed an AOSP GSI ROM (no Google Play services or GApps), mostly used as a NewPipe and travel device.

• Laptop: ThinkPad X230 with Coreboot and soft-disabled Intel ME. Also hardened Debian with the usual software, nearly all FOSS components with the exception of intel-microcode and the VGA option BIOS. I say it’s the DMZ since personal stuff resides here, but most of my work also ends up here. Logged in to work-related websites and email in a separate user profile for LibreWolf.

“Work” devices (for context, work has BYOD policy and does not provide devices for us to bring home)

• Laptop: can’t be bothered anymore to fuss with Windows VMs or debloating that go stale twice a year, so I just bring a separate lightweight ThinkPad with full-fat Windows for everything that requires it. While some proprietary software packages support Linux, I’ll also just throw the Windows versions on this laptop.

• Backup Phone (unused for now): Samsung XCover Pro with removable battery, waiting for the day I encounter apps that demand a stock version of Android. When not in use, the battery is removed.

• Occasional check of social media also takes place on one of these devices, though through the browser rather than an app.

Phone:

• Old Pixel with GrapheneOS
• Nothing I use really needs Google Play services
• One user profile for work apps, including proprietary 2FA and Slack
• Another user profile for various proprietary apps that aren’t necessarily work-related, but that I’m not entirely comfortable having on my personal phone.

Nothing yet. This came about before I learned to use email aliases, so I created a couple accounts in fear of being correlated across shopping sites and other services. Though at no point did I consume more than 500 MB across my accounts, the limit for one free account. Not that this exonerates me, but I’d imagine heavy use across free accounts would raise suspicions sooner.

If anyone at Proton is reading this, my apologies and many thanks for graciously providing these accounts for free the past several years. I’ll stop leeching resources once I finish migrating to my new email provider.

Agreed, but company does not provide us devices. Everything I’ve said applies to my second phone running GrapheneOS, which I am using as my work phone. I’m trying to avoid setting up and running Play Services just for nice-to-have notifications when none of my other apps require it.

The Pixel Tablet with GrapheneOS is the gold standard, but there’s even more than just the tablets with LineageOS support if you are adventurous.

I was gifted a Samsung Tab A7 Lite, which is without LineageOS support. However, I’ve been able to flash TrebleDroid Generic System Images (GSI), which are vanilla AOSP images modified to support as many devices as possible. They come with no Google apps or services.

Nearly everything works as expected, performance is much better, and battery life is unchanged. I can even run Android 15 smoothly when Samsung will end support for my tablet with Android 14. If anyone wants a writeup to the best of my memory, feel free to reply.

If you are flashing GrapheneOS, it is a very simple and safe procedure. I’ve even interrupted the flashing when my laptop went to sleep, got the system corrupt warning, and just flashed again without a hitch. All that’s needed now is a browser with WebUSB support and USB cable.

Organic Maps. Living in a somewhat walkable area, it gives me good walking directions. I might be a bit out of touch though since I just commit routes to memory if I’m driving.

For the occasional satellite map, Google Maps unfortunately. If anyone knows of a privacy-respecting map with satellite views, I’d be interested.

It’s been quite a journey:

• Posting accurate personal info to my Google+ account when I first signed up
• Signing in to Google on my phone and browser
• Using an Android phone from eBay of dubious origin
• Sending confidential info via email
• Using the same gmail address for everything
• Signing up for things with my real info when it wasn’t necessary
• Handing out my phone number to loyalty programs
• Running hacked game APKs without checking for malware
• Using the User Agent Switcher extension on MS Edge, which was subsequently updated to include an infostealer
• Using browser extensions of unknown provenance

How to avoid:

• Ironically, Windows 10 started me on my privacy journey. Microsoft was in my face enough with privacy offenses that I began moving to Linux and investing time into my privacy.
• Don’t post unnecessary info to social media.
• Never email confidential info.
• Use a password manager, or at least some organized text file if you have an encrypted disk.
• FOSS software is more available and user-friendly than ever, always look for a FOSS alternative.

Work and networking (people) makes fully ditching Google, Whatsapp, etc. a practical impossibility for me. So I have a laptop, tablet, and phone dedicated to those purposes and nothing else. I check them on a schedule that my colleagues are aware of, at locations I consider safe. Otherwise they are stowed away, out of sight, and out of mind.

As someone who deals with Windows software and mobile apps of dubious provenance at a BYOD workplace:

• Get a separate device with sufficient horsepower to handle whatever work, school, etc. throws at it. Used ThinkPads and unlocked Google Pixels are a good bet.
• Pick a small and light laptop if you also need to have your primary one on hand. Preferably, both can use the same USB-C charger.
• Use that device for work-related things and nothing else. Assume it is compromised.
• Connect to a separate access point if you need to use it at home.

If a phone or tablet (preferably with GrapheneOS) will suffice, go for it:

• Recent Android and iOS versions have much stronger sandboxing than PCs and laptops in general. Spyware can still do a lot on mobile devices, but not nearly as comprehensively as on PCs and laptops.
• i.e. Commercial spyware can easily plant rootkits and kernel-level trackers on a laptop, but this would be much harder on an up-to-date mobile device.
• For Android devices that support it, limit work and MDM apps to a secondary profile and close that profile when not actively using the phone.
• Turn off cellular, wifi, bluetooth, and location when not actively in use.

If the offender is your partner, practice good digital hygiene, never let them touch your devices, and good luck.

I’ve done that a few times to reverse tether Android phones and tablets

When a colleague or new friend asks me to exchange contacts, I offer them the option to be part of my “main phone club” by getting Signal, Wire, or Element/Matrix.

I have a separate phone to handle SMS and Whatsapp. That covers 99% of cases, if they want something esoteric like Instagram/Snapchat/iMessage, then that’s too bad. I’ll turn off Airplane mode and check this secondary phone when I’m seated and comfortable like during my lunch break or when I get home. If, say, Johnny is running an event and needs me to text back whenever from 10 to 12, then I’ll generally leave my phone on for that time period. If there’s something sensitive but not particularly urgent, I’ll save it for the next time we meet in person.

If someone wants to message me at any random time of the day without prior notice and have a quick response back, they’ll have to join my main phone club.

A few years ago, when I cared little about my privacy, I would fancy buying a new car. Thanks to privacy concerns, I became proud to have my old car, which also happens to be highly repairable.

This stuff makes me grateful that my bank and your bank still maintain a fully-featured website. I would be quite upset if I were stuck with such an app and no website.

Would like to, but never figured out how to get the TPM 1.2 chip in my X230 to work with cryptsetup. Everything seems to be written for TPM 2.0 only.

same here but with hentai on searx.be

I miss print coupons. Hearing “get the app” or “there’s an app for it” makes me flinch these days.

Is DivestOS any better in this respect?