The cheap secondary phone is the approach I have gone with for work apps. Powered up only when needed and doesn’t connect to my main home network.

Great for my tablet which is too weak to run IronFox smoothly. One annoyance is that it’ll insist on a refresh if your internet connection is interrupted or changes in any way. The reason for it is not immediately obvious and neither is the option to turn it off (Settings > Homepage > Ask to restart on connection change)

Glove Prints

Problem: Thin gloves like surgical gloves can still leave fingerprints on surfaces.

Source: https://en.wikipedia.org/wiki/Glove_prints

Mitigation: Wear thick, textured gloves

Finally found an explanation for why my phone’s fingerprint sensor works through thin gloves.

Have a NAS, Jellyfin server, and LLM on my LAN so far. Next step is to make them available outside my home, but I’ve been procrastinating.

The firmware isn’t open source and I only chose it for the employee discount, but the blue Yubico security key has held up well over hundreds of uses and several years jingling around in my keychain.

It’s prevalent among pdfs downloaded from academic publishers (text listing the receiving IP address and/or institution running down the margins). I wouldn’t be surprised if it’s also done with hidden white text or in the metadata.

What kind of CPU is in that laptop? The vast majority of x86 CPUs from the past 10 years include hardware acceleration for AES encryption so that the performance hit is negligible.

I want shows like Hell’s Kitchen but for tech stuff - criticizing people’s phones, gaming setups, and server rooms

idk man, but I’d still much rather have encryption, even if I’m up against the alphabet boys:

• They’ll be up a creek if I escape, die, or vanish into the woods first
• If I hid a disk somewhere, I’d rather know they found it when they come to torture me, than have it inspected without hearing a word
• If all else fails, they’ll at least have to expend a modicum of effort and resources to fight me

What’s the point of life if crippling, paralyzing fear is all there is to it? I work on being a good steward of my privacy as much as it brings me joy and satisfaction, not so much that it consumes every waking hour.

Whatever it is, review your threat model. What’s done is done and there is little that can be done to redact any evidence you may have left on the internet. Are you able to stop doing whatever it is that is putting you at risk of legal trouble?

If it’s an drug or psychological problem, you need to seek professional medical attention. Many people die or suffer life-changing illness each year fearing that their doctors will rat them out for substance abuse. Don’t be one of them. Patient privacy laws, at least in the US, prevent your doctors, therapists, etc. will protect you if you go and seek help. The main thing that they would have to disclose is if you make direct, credible threats to other people.

If it’s a criminal operation or worse, lawyer up and good luck.

I’m ready to be called milquetoast, and while I see where this comes from, it comes off idealistic if we are to communicate with people in the present day in any practical way. Do not forget how much of an improvement it already is over the likes of proprietary messaging apps and how much effort it already is to move people to Signal. It is surprisingly difficult for common folk to grasp the concept of anything but a phone number when it comes to messaging apps.

I’m interested to see if anyone else has run into the same situation and found a good thought process for it. Problem is, if I need to pull anything from a pseudonym over to an identifiable portfolio, that pseudonym is no longer useful. But I can’t really justify getting a personal domain name if all it’s doing is hosting a glorified resume.

Using a bridge can sidestep telemetry that comes with official apps/clients. The services will also see a ping from your bridge server rather than, say, a direct ping from your mobile device. Make sure to self-host if you want to avoid introducing new parties to your communication stack.

Conceptually, it’s a messaging app done right. Not haunted by legacy identifiers like phone numbers, can be run in a decentralized manner, and a more secure invite system.

In practice, it tends to burn through battery, and it’s already hard enough getting people to use Signal. People also seem to have a hard time grasping the concepts of invites, or anything that’s not a phone number for that matter.

I’ve stopped using it due to the battery issue and I don’t want to fragment my communication strategy further. It ought to have a privacy advantage by virtue of not needing a phone number, but at the end of the day, my messages are also getting swept up on the other end by non-privacy-respecting phones.

Maybe leeching (cursory search suggests subpar upload performance), but your hard-earned money would be better spent helping out a more ethical VPN provider than thrown to the sharks.

Most of the popular open-source ones are fine. VSCodium if you want a rich GUI or perhaps Geany if you want a lightweight but beginner-friendly editor. Only things you’ll have to watch out for are editors with online features like AI integration, particularly Microsoft VSCode and the new notepad.exe with AI.

What a shitty banking app. The malware explanation could just be customer service boilerplate. They might have just implemented some commercial fingerprinting/analysis/security library in the app that freaked out at the minimal fingerprint of the GrapheneOS profile and defaulted to locking you out.

As individuals, we need to continue defending and advocating for our privacy - using privacy-respecting phones and software even if it’s difficult and organize against surveillance capitalism, or at least donate to existing advocacy groups. And the developers that make privacy-respecting alternatives more accessible. Not much of an easy way out since we’re up against Big Tech on a profoundly uneven playing field.

But for immediate issues like this, I would get a cheap separate phone with regular Android to handle the app if the bank doesn’t offer the same services through a browser. Try to keep it on an isolated network and only power it on when necessary.

Very much agree with the encryption key management. My friend group and I stopped using Matrix because the getting encryption right between all of our devices proved frustrating, especially if a reinstall or phone upgrade comes up.

If you have $150 to spare (depending on country), a secondhand Pixel 7a is a great starting point to try out GrapheneOS without directly contributing to Google. Just make sure it’s carrier unlocked so it allows bootloader unlocking. For $100 more, a Pixel 8a will get you several more years of software support. Practically everything just works with GrapheneOS.

Fairphone with /e/OS is leagues better than Googled Android, but little to no additional security hardening has been done over plain AOSP (which itself is quite secure against non-state-sponsored attacks to be fair). Also, some pings to Google have yet to be patched out, see https://eylenburg.github.io/android_comparison.htm

Linux phones are much better than they were a few years ago, but unless your workflow tolerates the occasional disruption due to a bug or missing feature, they aren’t exactly production-ready for most users. But a good sneak peek into the future of privacy phones given the way Android is headed now.

MicroG works for many things, but not everything. Google’s own apps don’t play well and some of my work apps don’t send notifications when using MicroG. But GrapheneOS supports a sandboxed, proper instance of Google Play Services should you need it.

Google Wallet and anything requiring the Play Integrity API will not work with third-party OSes, not even GrapheneOS (perhaps until they release their own phone).

Easy, don’t use digital technology and live in a shack in the middle of Bir Tawil. That’s the exact attitude Apple, Google, et al. want people to have.

Privacy is not a game of absolutes. You make a threat model and do the best you reasonably can. I hope you at least enjoyed your head start on privacy by choosing GrapheneOS.

Fine choices and nothing wrong unless there’s someone actively out to get you. In that using TOR as VPN leaves a very distinct fingerprint compared to the vast majority of Tor users on the standardized Tor Browser.

Unfortunately, the post radiates small 🍆 energy.

To be fair, I only have a few of my friends and some of my family on XMPP. I’m also guilty of having WhatsApp on my work phone for colleagues and the rest of my friends.

It’s on the IzzyOnDroid repo: https://apt.izzysoft.de/fdroid/index/apk/com.cyb3rg0d.canvass

Fossify Paint does the same thing without adding the IzzyOnDroid repo, I just happen to have Canvass since it was the first thing that showed up when I searched.

My take is that Proton CEO Andy Yen’s pro-Trump comments were born out of naïvety, not the same mindset that plagues tech CEOs in the US. Combining that with Proton’s benign actions since then, I think it’s a good time to diversify, become familiar with alternatives like Tuta as you say, and make a backup plan should they enshittify, but don’t rush to jump ship now.

Pixel 5, unfortunately a bit out of date since I’m putting off the repair of my 7a. Same app selection on the 7a though since I’ve maintained this as my backup.

I would be in the loop, but not necessarily OP. I am calling out OC to defend their suggestion with more than a simple accusation.

My bad, misremembered that RiMusic fetches from Youtube music instead of Spotify

edit: got the reference. lol

Work phones are unfortunately rare, at least in my field. The number of people who put work apps on their personal phones without a second thought and expect I do the same is astonishing.

F-Droid

Not that I’m aware of. I only used it to diagnose weak signals and frequency band conflicts in the house.

Forgot to put that on my list earlier, it scans for nearby WiFi access points and returns the signal strength, band frequency, and various details about each.

I definitely agree with you on this. My pet theory is that phones have been getting uncomfortably big, at least from my perspective, since the average consumer is expecting it to serve as a computing and productivity platform, while all I want is a nice little digital Swiss army knife. I’m only logged into my messaging apps and personal email, and don’t expect to do any sort of “productivity” on my phone. When my friends and colleagues assume I’m logged in to this-or-that on my phone, all I can think about is how afraid I would be if I were logged in to so many things on my personal phone. It’s so much harder to inspect what’s going on in the background of mobile devices.

One of the compromises I’ve had to accept is the closed, yet exploitable nature of the baseband and firmware. Also how much more spying it could do compared to any PC if an exploit were to get through. Compiling Coreboot and neutering the Intel ME taught me a lot about who’s really in control - and how much control we all lose to smartphone manufacturers and telecom companies.

Of course

• Accrescent: Store run (edit: advocated) by the GrapheneOS team for third-party apps
• Aegis: 2FA TOTP code generator
• AirGuard: Scans for persistent AirTags in the vicinity, notifies if I may be victim to AirTag tracking
• AntennaPod: Podcast manager, also supports importing local folders of podcasts
• AudioMonitor: Measure sound level
• Binary Eye: Support for many types of 1D and 2D barcodes
• ByeDPI: routes internet traffic through the DNS port to bypass certain types of filtering
• Canvass: doodle app, useful for mid-conversation diagrams and clarifying things visually in the absence of pen and paper
• ClassiCube: Minecraft Classic clone
• Conversations: XMPP client
• Editor: raw text editor
• Elementary: periodic table
• SimpleEmail: minimalist e-mail app that does not automatically fetch linked images. Refereshes in the background every 15 minutes and sends notifications without need for Play Services or equivalent
• FakeStandby: for edge cases when I want something to keep running in the foreground, but don’t want to keep the screen on
• Feeder: RSS client
• Fintunes: Jellyfin client optimized for music
• FlorisBoard: customizable keyboard
• Fruity Game: Suika but with MS-Paint art style
• Graph 89: Graphing calculator emulator
• Invizible: Tor and DNS client
• Kiwix: Offline Wikipedia (you can download just the parts useful to you, e.g. medical articles without storage-hungry media files)
• Lemuroid: GBA emulator
• LocalSend: instant P2P filesharing over WLAN
• Markor: notes app with markdown
• Material Files: files app with SMB share support and various handy features
• Molly: Alternative Signal client
• Fossify Messages: I use it over the default messages app since it is easy to block numbers by pattern
• Notally: notes app with nice checklists
• Open Camera: as easy to use as the regular camera, but with a bunch more features below the surface
• OpenContacts: saves contacts as individual .vcf files to a directory for easy backup and allows dropping unknown callers without bothering me with a notification
• Organic Maps to be replaced with CoMaps later
• OSS Document Scanner: best FOSS scanning app I’ve found so far. Includes auto-cropping (given enough contrast) and adjustable B&W filter to eliminate off-white background colors.
• phyphox: view output of sensors like the barometer, magnetometer, accelerometer, etc.
• PipePipe: NewPipe but better (except for the occasional memory leakage)
• QDict & QuickDic: offline dictionaries and bilingual wordbooks
• RadioDroid: IP radio client. Can tune in to international news, music, sports broadcasts
• RHVoice: TTS app
• RiMusic: NewPipe, but for Spotify, etc. YT Music
• SecScanQR: QR scanner and generator with history, useful to save QR addresses for later use since I don’t want to fill out forms or read documents on my phone
• SuperTuxKart: the only [edit: other] game on my phone
• Symphony: Music app with a slick UI
• Trail Sense: Compass with various goodies useful for outdoor activities
• Breezy Weather: weather app and homescreen widget with a slick UI
• MicroMathematics: Math engine, but I never learned how to use it

It would have been helpful to explain why, whether that’s privacy, ethical, or political concerns.

But maybe the use of “🤣” says it all

For the best privacy when you do need a Chromium-based browser, the ungoogled-chromium flatpak is an excellent choice.

It would eat away at Apple’s claims of “privacy” on iOS.

OnePlus originally had really nice enthusiast features and support for the CyanogenMod ROM. Now it’s just another manufacturer of corporate-safe glass-and-metal slabs while the soul of CyanogenMod lives on in LineageOS.

Carl Pei left OnePlus and put together Nothing. Nothing is a bit closer to what OnePlus was supposed to be, but they still leave much to be desired. They went all the way to implement a detachable back on the CMF phone, but the battery is still sealed inside. Absolutely no advantage compared to manufacturers like Google in terms of the third-party ROM experience.

FairPhone is the best of the bunch, but their priorities don’t necessarily match those of the community (i.e. security concerns, loss of audio jack and USB 3.0 on the FP6)

Niche product, niche price, nice intentions, sure. But if they were going to go for a niche market, they really should have leaned into it.

Things like a headphone jack, removable battery, and not-gigantic display aren’t unrealistic beauty standards. They were perfected over a decade ago and still relevant among sub-300 phones from small-time manufacturers.

Also, the modem is the big unauditable black-box component that should have been the subject of the hardware kill switch.

I’ve travelled several times with multiple drives, never been stopped. I put them in USB drive enclosures, makes it look “normal” with the bonus of some mechanical protection.