Even if they did, your messages are going to be scanned via your recipients who use Gmail without opting out.

Interesting, had no idea until now that there’s such a thing as first-party malware loaded with the BIOS. Admittedly I’m caught in an ivory tower with my Corebooted ThinkPad. Although I haven’t purchased one yet, I’d say you made the right choice going with Framework.

Lenovo’s ThinkPad line has a sterling reputation. Among the best in terms of quality, service, repairability, and Linux support.

As for the largely consumer-grade options of ASUS and Lenovo’s consumer-grade IdeaPads, they’re rather similar in reputation and quality. Not exceptional, but they’re both perfectly fine options as long as you avoid the budget laptop segment (plastic chassis, broken hinges, etc.)

Any difference in privacy would come down to the pre-installed software, which is irrelevant if you plan on using Linux. If you will be using Windows, it’s always better to install your own fresh copy to purge any potential spyware and bloatware installed by the manufacturer. The activation key for whichever edition of Windows it comes with is embedded in the BIOS, so it’ll activate automatically after a fresh reinstall.

the only way i escaped this until now as being able to afford the hefty price tags on linux-only hardware with something like system76 and i can’t afford it anymore since i no longer earn a software engineer’s salary.

Why not a second-hand ThinkPad/Latitude/ProBook? They’re cheap and cheerful and well-supported by most distros.

the only viable alternative would be to build septic tank

Me realizing I’m ahead of the game because I live in a home with a septic tank. But when you have to pump that tank every 5 years, if you can’t do that yourself, it’s going to be a lot less anonymous than a centralized sewer.

Good starting point would be looking up forum or blog posts from people who have disconnected the modem/TCU on a particular EV model. No self-interested auto manufacturer (all of them) would intentionally provide an option in the user interface to take the telemetry system offline. Take note of any side-effects they report, if it needs to be reconnected for inspections, and if there’s any gotchas between software and hardware revisions.

Especially wrt. modern gas-fuelled cars for the typical driver as EV prices are artificially jacked up in many Western countries.

Keeping an eye on it since no other company is offering a similar lack of connectivity, but also not going to be surprised if it doesn’t deliver on its promises.

What privacy though? The situation with LinkedIn just like Instagram. Even though they aren’t open for scraping, there’s still no expectation of privacy among the users who post anything.

Everything in Owner and a secondary phone for all proprietary work and communication apps. The secondary phone is powered off or at least disconnected once I leave work. Google stuff and banking through a computer browser whenever possible.

If I were forced to use only one phone, the secondary phone’s contents would be on a secondary profile. This used to be my setup but switching between profiles throughout the day wasn’t my thing.

I like knowing what my computer is doing and that was noticeably less and less the case as I went from Windows 98 to 10 and all the major versions in between. Before learning about Linux, simply going through the options in debloat scripts made me realize how invasive Microsoft was behind the scenes.

I know that he’s not necessarily the best resource, but Rob Braxman’s videos were first to bring mobile privacy concerns to my attention. Also, while his promotion of his custom phone didn’t lead to me buying one of them, it did lead to me learning about custom Android ROMs and eventually buying a Pixel for GrapheneOS.

No, they respect my goals and seem to have accepted that I’m sometimes just unreachable. The only thing they might be annoyed about is my GrapheneOS and Signal proselytism. If anything, it’s more apathy than antagonism. They’ll agree with me on privacy issues but rarely ever give up the conveniences of Apple, Microsoft, Google, etc. in practice.

Enlighten me, I just want a bit of mindless entertainment while doing the dishes

A noble goal in mind and I’m glad that the output of ChatGPT works for you. I’m not against LLMs in principle, but anything freshly spat out by an LLM is for you and you only. If AI was only used as an aid but you understand the codebase, document it and make it clear. Otherwise, you leave the assumption of vibe-coding open.

HP also made laptops with a Blu-Ray drive built right into them. I got one for a few bucks at a flea market and ended up swapping the BD drive into my old ThinkPad.

I’d look for an alternative. Failing that, I would try every trick to fake that selfie.

The cheap secondary phone is the approach I have gone with for work apps. Powered up only when needed and doesn’t connect to my main home network.

Great for my tablet which is too weak to run IronFox smoothly. One annoyance is that it’ll insist on a refresh if your internet connection is interrupted or changes in any way. The reason for it is not immediately obvious and neither is the option to turn it off (Settings > Homepage > Ask to restart on connection change)

Glove Prints

Problem: Thin gloves like surgical gloves can still leave fingerprints on surfaces.

Source: https://en.wikipedia.org/wiki/Glove_prints

Mitigation: Wear thick, textured gloves

Finally found an explanation for why my phone’s fingerprint sensor works through thin gloves.

Have a NAS, Jellyfin server, and LLM on my LAN so far. Next step is to make them available outside my home, but I’ve been procrastinating.

The firmware isn’t open source and I only chose it for the employee discount, but the blue Yubico security key has held up well over hundreds of uses and several years jingling around in my keychain.

It’s prevalent among pdfs downloaded from academic publishers (text listing the receiving IP address and/or institution running down the margins). I wouldn’t be surprised if it’s also done with hidden white text or in the metadata.

What kind of CPU is in that laptop? The vast majority of x86 CPUs from the past 10 years include hardware acceleration for AES encryption so that the performance hit is negligible.

I want shows like Hell’s Kitchen but for tech stuff - criticizing people’s phones, gaming setups, and server rooms

idk man, but I’d still much rather have encryption, even if I’m up against the alphabet boys:

• They’ll be up a creek if I escape, die, or vanish into the woods first
• If I hid a disk somewhere, I’d rather know they found it when they come to torture me, than have it inspected without hearing a word
• If all else fails, they’ll at least have to expend a modicum of effort and resources to fight me

What’s the point of life if crippling, paralyzing fear is all there is to it? I work on being a good steward of my privacy as much as it brings me joy and satisfaction, not so much that it consumes every waking hour.

Whatever it is, review your threat model. What’s done is done and there is little that can be done to redact any evidence you may have left on the internet. Are you able to stop doing whatever it is that is putting you at risk of legal trouble?

If it’s an drug or psychological problem, you need to seek professional medical attention. Many people die or suffer life-changing illness each year fearing that their doctors will rat them out for substance abuse. Don’t be one of them. Patient privacy laws, at least in the US, prevent your doctors, therapists, etc. will protect you if you go and seek help. The main thing that they would have to disclose is if you make direct, credible threats to other people.

If it’s a criminal operation or worse, lawyer up and good luck.

I’m ready to be called milquetoast, and while I see where this comes from, it comes off idealistic if we are to communicate with people in the present day in any practical way. Do not forget how much of an improvement it already is over the likes of proprietary messaging apps and how much effort it already is to move people to Signal. It is surprisingly difficult for common folk to grasp the concept of anything but a phone number when it comes to messaging apps.

I’m interested to see if anyone else has run into the same situation and found a good thought process for it. Problem is, if I need to pull anything from a pseudonym over to an identifiable portfolio, that pseudonym is no longer useful. But I can’t really justify getting a personal domain name if all it’s doing is hosting a glorified resume.

Using a bridge can sidestep telemetry that comes with official apps/clients. The services will also see a ping from your bridge server rather than, say, a direct ping from your mobile device. Make sure to self-host if you want to avoid introducing new parties to your communication stack.

Conceptually, it’s a messaging app done right. Not haunted by legacy identifiers like phone numbers, can be run in a decentralized manner, and a more secure invite system.

In practice, it tends to burn through battery, and it’s already hard enough getting people to use Signal. People also seem to have a hard time grasping the concepts of invites, or anything that’s not a phone number for that matter.

I’ve stopped using it due to the battery issue and I don’t want to fragment my communication strategy further. It ought to have a privacy advantage by virtue of not needing a phone number, but at the end of the day, my messages are also getting swept up on the other end by non-privacy-respecting phones.

Maybe leeching (cursory search suggests subpar upload performance), but your hard-earned money would be better spent helping out a more ethical VPN provider than thrown to the sharks.

Most of the popular open-source ones are fine. VSCodium if you want a rich GUI or perhaps Geany if you want a lightweight but beginner-friendly editor. Only things you’ll have to watch out for are editors with online features like AI integration, particularly Microsoft VSCode and the new notepad.exe with AI.

What a shitty banking app. The malware explanation could just be customer service boilerplate. They might have just implemented some commercial fingerprinting/analysis/security library in the app that freaked out at the minimal fingerprint of the GrapheneOS profile and defaulted to locking you out.

As individuals, we need to continue defending and advocating for our privacy - using privacy-respecting phones and software even if it’s difficult and organize against surveillance capitalism, or at least donate to existing advocacy groups. And the developers that make privacy-respecting alternatives more accessible. Not much of an easy way out since we’re up against Big Tech on a profoundly uneven playing field.

But for immediate issues like this, I would get a cheap separate phone with regular Android to handle the app if the bank doesn’t offer the same services through a browser. Try to keep it on an isolated network and only power it on when necessary.

Very much agree with the encryption key management. My friend group and I stopped using Matrix because the getting encryption right between all of our devices proved frustrating, especially if a reinstall or phone upgrade comes up.

If you have $150 to spare (depending on country), a secondhand Pixel 7a is a great starting point to try out GrapheneOS without directly contributing to Google. Just make sure it’s carrier unlocked so it allows bootloader unlocking. For $100 more, a Pixel 8a will get you several more years of software support. Practically everything just works with GrapheneOS.

Fairphone with /e/OS is leagues better than Googled Android, but little to no additional security hardening has been done over plain AOSP (which itself is quite secure against non-state-sponsored attacks to be fair). Also, some pings to Google have yet to be patched out, see https://eylenburg.github.io/android_comparison.htm

Linux phones are much better than they were a few years ago, but unless your workflow tolerates the occasional disruption due to a bug or missing feature, they aren’t exactly production-ready for most users. But a good sneak peek into the future of privacy phones given the way Android is headed now.

MicroG works for many things, but not everything. Google’s own apps don’t play well and some of my work apps don’t send notifications when using MicroG. But GrapheneOS supports a sandboxed, proper instance of Google Play Services should you need it.

Google Wallet and anything requiring the Play Integrity API will not work with third-party OSes, not even GrapheneOS (perhaps until they release their own phone).

Easy, don’t use digital technology and live in a shack in the middle of Bir Tawil. That’s the exact attitude Apple, Google, et al. want people to have.

Privacy is not a game of absolutes. You make a threat model and do the best you reasonably can. I hope you at least enjoyed your head start on privacy by choosing GrapheneOS.

Fine choices and nothing wrong unless there’s someone actively out to get you. In that using TOR as VPN leaves a very distinct fingerprint compared to the vast majority of Tor users on the standardized Tor Browser.

Unfortunately, the post radiates small 🍆 energy.

To be fair, I only have a few of my friends and some of my family on XMPP. I’m also guilty of having WhatsApp on my work phone for colleagues and the rest of my friends.

It’s on the IzzyOnDroid repo: https://apt.izzysoft.de/fdroid/index/apk/com.cyb3rg0d.canvass

Fossify Paint does the same thing without adding the IzzyOnDroid repo, I just happen to have Canvass since it was the first thing that showed up when I searched.

My take is that Proton CEO Andy Yen’s pro-Trump comments were born out of naïvety, not the same mindset that plagues tech CEOs in the US. Combining that with Proton’s benign actions since then, I think it’s a good time to diversify, become familiar with alternatives like Tuta as you say, and make a backup plan should they enshittify, but don’t rush to jump ship now.