LoRA is sort of a slower version of wifi and as such, you should assume Meshtastic is monitored, at least for traffic metadata. The actual messages are encrypted though.
Use of ham radio for this type of thing, or with any type of encryption, is against the ham regulations, though depending on how it is done it could be made hard to detect.
There is actually still such a thing as a satellite pager, a receive-only device that can get pages that cover regions as big as small countries. They stopped making the receivers quite a while back, but some are still around and the subscriptions are still available, though expensive. This info is itself some years old so maybe they are all gone by now.
POCSAG pagers still exist in the US too, though again, they are quite expensive compared to cell phones. Their main attraction is supposed to be higher reliability, so e.g. doctors can get paged even with the mobile phone network is out. I don’t know if that advantage still exists. In the more distant past there was something called ARDIS which I think is gone now. That was quite a robust signal, so you could get paged even in sub-basements of buildings and places where mobile phones didn’t work. Repair technicians who worked in those places often carried them.
I’ve followed this stuff slightly as it’s interesting for the reasons you say, but I’d have to say it’s not really cost effective for most of us. POCSAG in particular only works in relatively localized areas like single countries. I know a guy who would want something like it, but only if it worked pretty much everywhere, since he travels a lot.
I also have to ask how a privacy focused backup service can possibly lose any individual file. They really shouldn’t know how many files you have. They have to know much data you’re sending so they can charge you for the traffic and disk space, but they shouldn’t know whether it’s one giant file or a million small ones. It should just be a big lump of encrypted bits from their perspective.
Oh. borgbase.com looked ok to me a while back, fwiw.
sensorwatch.net is the only one I’d want. Note it doesn’t have any data communications to speak of. It’s an old fashioned digital watch with some cool features including software thermocompensation for accuracy within a few seconds per year. And it runs on a regular coin cell for a year or so, not a stupid nightly recharge like it thinks it’s a phone.
GNU Jami, when I can get it to work and not jank up the sound too much. https://jami.net/
For running a public-facing business where your customer leads have to come from online, I don’t have a good answer, except maybe to take an attitude that it’s your company rather than you who is using the social media. I did a similar thing when I had to do some windows development for a client. I don’t run windows on my own computers, but the client supplied a windows laptop that I did the work on, so it was their computer rather than mine, ok fine. I realize it’s possible to overstretch that concept but it’s a matter of your personal comfort level.
As an ordinary working stiff working privately for companies or clients but not seeking public exposure, I haven’t had significant problems despite not using the big social media including linkedin and github. Just respond to advertisements and stuff like that to get jobs, and self-host a public code repo if you want one. Once someone commented on it but it still wasn’t an issue.
Ideally, set up a battery and inverter system in your house, and turn the charging rate up or down depending on what other electric devices you are using at any given moment. Idea is to keep your power consumption exactly the same regardless of what you are doing at home. That way you give no information to the power company.
Black Hand of the Brotherhood of Nod
Empire of the Hand from Star Wars.
Added: yikes, lots of black hands, many unsavory.
Back when Craigslist had personals ads I answered one saying that I had 10 laptop computers and no facebook account, and I actually got a couple of dates that way. Not everyone wants corporate media.
I’ve been chatting (non romantically) with someone I met on another forum, who is about the same way. No facebook or reddit or anything, not even Lemmy, just a few niche forums.
I think of cloud storage as meaning automatic synchronization to a phone app and crap like that. If you just want plain storage, I’m happy with Hetzner Storage Box. The one I have is in EU so that adds some network latency. I don’t think they have it in the US yet.
You could also go on lowenspirit.com and look at storage offers. servarica.ca has some nice ones that are supposed to be good, but I haven’t tried them myself. They are in the Montreal area.
The Geotrust queries might be OCSP checks which is somewhat legitimate. OCSP is a scheme for checking (via a server query) that a TLS certificate is still valid (hasn’t been revoked) before accepting it. It is or was somewhat mandatory for EV (extended validation) certificates that were fashionable for entities like banks for a while. Without OCSP (like if you disabled it in your browser preferences), EV certificates worked like ordinary certificates instead of showing the company name on a highlighted green background.
Today, people are mostly ignoring that stuff in favor of shorter and shorter expiration periods for certificates.
It will help stop the phone from broadcasting your location, but the danger is the private stuff on your phone getting copied if your phone is seized. Better to use a burner phone with nothing private (such as contacts) on it. Used that way you don’t need multiple burners. Just keep it powered off til you reach the protest. I’d be hesitant to keep it powered (such as for mapping) on the way there, unless you don’t mind GPS track potentially being retained on the phone. OTOH they will probably track you anyway, through license plate and face recognition.
BTW the cheapest place I know of to get phones with minutes is below, especially the basic flip phones that are probably better for this anyway.
https://www.qvc.com/electronics/phones/tracfone/_/N-mlt0Z1z1393y/c.html
Google gets lots of your email either way, since many of your correspondents will be on gmail. I’ve been getting domains mostly from porkbun.com which offers free whois privacy. namesilo.com has it too.
https://biggaybunny.tumblr.com/post/166787080920/tech-enthusiasts-everything-in-my-house-is-wired
Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!
Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.
I’ve been using Vitelity (paid) but Twilio is a bit cheaper and has a better API. However, the more obnoxious confirmation code senders can detect all of these as being in data centers. IME it’s only a few senders that are snotty about that. You could always get a burner phone.
Hmm, I don’t know what happens if you get a mobile burner phone, set up call forwarding to your VOIP number, then throw the burner phone away (i.e. shut it off so you don’t have to keep it powered and broadcasting its location). The cheapest mobile plan that I know of ($30/year redpocket) unfortunately went up to $45 a few months ago, but it gets you a usable backup sim.
Added: 1) r/nocontract on reddit showed a $36/year infimobile plan with a 20% off coupon (so a little under $30/y) on amazon. Similar deal to redpocket I think. 2) Another idea: get cheap mobile plan, port number into a voip provider, cancel mobile plan. I wonder if the number then reports as data center terminated.
There are now starting to be a few “free” mobile providers where you are required to keep a spyware app running. I don’t think I’d bother with those. textnow.com is the one I remember but there were others. textnow does NOT support call forwarding on free plans.
No a lot less, twilio is $1/mo, see also VoIP.ms and vitelity.net
If we told just anyone, it wouldn’t be private!!!
Srsly any phone app is inherently insecure because the phone itself is insecure. And there’s lots of metadata leakage, like the phone broadcasting its location. There is no “go to app”. It all depends on what you are trying to do and who you are trying to communicate with.
If this is for live disks or mirrors (not backup), LUKS is reasonable. Backup is different from mirroring since one of the things it protects you from is accidentally deleting files. If you delete a file from your main drive, it also disappears from the mirror drive, so mirrors are not backup. For encrypted backup, I’ve been using Borg backup which is quite well thought out, though confusing at first. The backups go on a remote server which is ok since they are all encrypted.
The codecs are built into the client (I’m using linphone) and they all sound like crap. Provider is vitelity.net but I have a twilio account so could try that. Also, they only work at all when the phone is online by wifi. Using the phone’s mobile data is total fail. Too many dropouts etc.
This forwards to an (oh the irony) blogspot post, https://articlesgallery8543.blogspot.com/2023/10/lets-decentralize-web-together.html It encourages people to move off sites like facebook towards sites like lemmy. Great but I think we knew that already.
Voip call quality is terrible, it is near unusable over mobile data IME, it adds latency etc.
I guess an intermediate measure might be to make all your phone calls through a forwarding proxy (e.g. implemented with Twilio API) so that all the mobile carrier sees is that your phone calls all go to the same number. Similarly you’d give out a VOIP DID number that forwards to your mobile, so all your incoming calls would appear to come from the same number.
Don’t know about Signal but the way PFS usually works is there is something like a Diffie-Hellman (DH) key exchange. Each person generates a random (private) number, remembers it, crunches it mathematically into a public number, and sends the public number to the other person. Each then combines their private number with the public number that they got from the other person, and this (because of how DH works) cleverly gives both people the same secret number they use for the encryption, but the secret can’t be reconstructed without knowing at least one of the private numbers. Finally, the PFS part is simply that each person permanently deletes both the shared secret and the private number they generated for that exchange (they will create new ones next time they want to communicate). That means there is no way to reconstruct the secret and re-decrypt the message.
Of course, authentication also has to be added to all this.
For more info, probably easiest to look up Diffie-Hellman key exchange online.
Not commenting on the other stuff but people should get used to the fact that anonymized private data is still private, so a so-called privacy app should not be leaking or disclosing or selling it. It might be LESS invasive than personally identifiable data, but it’s not NON-invasive.
Who is willing to pay for it after all? Almost certainly, someone who is up to no good. And if you can think of a way it can possibly be misused, then enabling that misuse is invasive.