That’s actually my recommendation yes.
If somehow after a month you feel like you do want this “lifestyle”, are comfortable with setting up a VPN (if you need external access) THEN spend more and get your a SBI like a RPi and have it at home. If that’s still not enough then go up to a proper server you host, use a non commercial ISP, etc … but IMHO don’t start with a server at home if you are not familiar with all this, it’s counter intuitively harder and definitely more expensive.
Also FWIW you should still have an offsite backup regardless of how you do it.
Sure, rent a cloud server for $10/month, install Docker/Podman then all self hosted services you need. Invite people on your Jitsi Meet server, publish your videos on PeerTube, work via NextCloud, etc. It’s not easy the first time but with each (well documented) step it becomes easier. Most important : backup your data.
Honestly I don’t mind that, at all. What I mind is if it’s mandatory and only through proprietary applications.
WiFi, BT, Zigbee, Z-wave etc are not per se a problem. The question instead is who practically owns the device. If the behavior is force on you as a customer, then it’s easy, it’s not YOUR device. Consider then buying OSHW or whatever alternative you need, including potentially non connected devices that you yourself connect on your terms.
Edit: check which devices are compatible with GadgetBridge and/or HomeAssistant then reviews from actual customers. That should help you find out which devices can match your requirements.
dumb shit like system updates
You can’t do that, if you allow that then how can you be sure the next “update” won’t make your experience worst? Optional update controlled by the user is great, mandatory ones mean “your” hardware is actually not yours.
For hardware that does insist on connection and even enable mesh networks, it’s safer to not buy those.
Right, Betamax much? It doesn’t really matter if one technology is objectively “better” on all aspects than another if the strategy to make it popular outpaces the other.
To be clear I wish you were right (even though I don’t find open source models to be free of problems) but I think the conclusion is a wish, not a logical one.
No.
Not because it’s not technically feasible but rather I would psychologically not manage to make money knowing my portfolio, either directly or via EFTs, makes me money by profiteering of BigTech or surveillance capitalism.
Full disclosure : I did have Apple and NVIDIA stocks and I did sell them not because they were not making money (there sure were) but because I felt disgusted by HOW they made money.
PS: KYC and related laws in a lot of countries demand you use your real information and declare your earnings, so again it’s not a technical problem, it’s at least ALSO a legal problem, and arguably a moral one if you believe KYC kind of laws help to curb money laundering.
A good rule of thumb is : does any of the participant maintain the backend?
If not then you are dependent on at least a 3rd party. If that 3rd party is not entirely open, meaning at least
- standards for the protocol,
- open source for the backend and frontend,
- alternative clients,
- alternative backends,
- both can be actually used (not just in theory because the protocol has been published)
then basically you should consider that this 3rd party owns your group, there is no expectation of privacy in it, it can be closed in an instant, messages can be modified without you knowing it, etc.
TL;DR: bad.
What software?
Anyway you can use QEMU https://computernewb.com/wiki/QEMU/Guests/Windows_11 or rent a VPS for the duration of your testing, assuming there is hardware related.
Apple still has the most reliable out of the box experience for hardware.
Out of curiosity, did you try an equivalent, e.g. Framework or Tuxedo or a SteamDeck, or only generic hardware, like a PC, then slapped on it a random distribution?
I don’t want to presume of your experiences and only to highlight that Apple out of the box experience better be flawless precisely because they have very limited hardware to support. In fact I would argue any distribution, even an obscure one, could fare very very well if it only had well known hardware (even if hundreds of them) supported, as opposed to an open and thus endless ecosystem.
It sure is possible to embed invisible information into videos and images, it’s called metadata. Now you might think of other techniques, e.g. https://en.wikipedia.org/wiki/Steganography but most if not all are, AFAIK (and I won’t pretend I know the state of the art in the domain) if they are within the data itself (thus become data, not meta-data), e.g. a visible stamp in an image, are made to remain visible. Compression codecs are specifically targeting the visible or audible spectrum. One of the most basic way to “compress” lossy information (as opposed to lossless) is precisely to remove the ends of the spectrum that is not perceived by the average human audience.
So… AFAICT it’s either visible and thus can be spotted (and thus can be removed, even if by adding a black mark over) or not visible but then most likely will be removed by basic compression codecs even without trying to do so.
TL;DR: no and I wouldn’t be until I see this in the wild (not a research paper claimed it’s technically possible).
When you generalize your position about your available time and technical knowledge as the limiting factor for everybody you are not saying it’s impossible for you, you’re saying it’s impossible for anybody and everybody. That’s the problem. It’s like saying “I don’t like this food” versus “It tastes bad!”. For you they are equivalent, for others they are totally different. I’m not saying you, or anybody else, should learn about self-hosting (federated) social platforms then set some up, what I’m rejecting instead is giving up pre-emptively on the behalf of others because it’s giving power back to BigTech.
Worthwhile yet tricky. Companies like OpenAI, Google, Meta, etc are full of experts in statistics and they have access to a lot of storage space. If use a service from those companies, say 4hrs per day between 7am and 9pm, at a certain frequency, e.g. 10 requests / hour, then suddenly, when you realize you actually do not trust them with your data, you do 10000 req/hr for 1hr then that’s a suspect pattern. Then might be able to rollback until before that “freak” event automatically. They might still present you as a user your data with the changes but not in their internal databases.
So… I’m not saying it’s not a good idea, nor useful, but I bet doing it properly is hard. It’s probably MUCH harder than do a GDPR (or equivalent) take out request then deletion request AND avoiding all services that might leverage your data from these providers.
I don’t think that’s possible. I think streaming in practice (not in theory!) is nowadays monitoring everything you do with the content they provide. In fact you yourself blocked your own TV from accessing the Internet.
Anyway I saw quite a few technical solutions (general purpose computers) but I didn’t see any service to then use those with. There are quite a few streaming services I would trust though, e.g. public services like Arte.TV or PBS (well… I did, not I’d be cautious) that can be accessed without an account.
So it depends in the end of what kind of content you mean to stream. You don’t have to answer that specifically but… if it’s not something that is genuinely public, available on services like PeerTube but instead rely on surveillance capitalism, e.g. YouTube, Netflix, etc then I’d argue the kind of streaming itself you want is not compatible with your privacy requirements.
Edit: I’m not streaming except public radio (specifically fip.fr that’s all) on my desktop. I just download the content I need what from whatever sources provide it DRM-free. It’s both a technical alternative and a healthier practice IMHO.
No https://search.f-droid.org/?q=waterfox and they don’t seem to list it on their official page either. Please show your interest at https://github.com/BrowserWorks/waterfox/issues/4002
so long as it’s optional, local, and private.
… yes but also
- open source,
- open model,
- all annotations done with proper respect to
- labor law (ideally verified by 3rd party)
- IP
- clear on ecological cost
- CO2 eq in model card (ideally verified by 3rd party)
- analogy non technical user can understand
… which makes for a rather limited list.
My own constraints https://fabien.benetou.fr/Content/CollaborationRelyingOnAI recommendations welcomed, both on such rules but also on models that do fit, if any.
Honestly why even ask the question or read the ToS when you know the business model of Google?
To be clear Google is NOT a technology company! Google is an advertising company which, unlike traditional advertising companies selling physical ad space, sells online ad space. Through vertical integration they also happen to distribute software, e.g. Android, Chrome, etc, services e.g. Google Search, GMail, GDrive, GCloud, and hardware, e.g. Pixel, Nest, etc which they are not giving for free but at a low price, and infrastructure, e.g. Google Fi.
… but ALL those products are ONLY existing to sell ads!
I let derive your own conclusion for Google Fi and every other product they provide.
TL;DR: of f*cking course.
AFAIK the packets are for discovery of other devices relying on mDNS / DNS-SD which is used by plenty of other services.
More importantly though, does it matter? What are you actually broadcasting while doing so? That you are using KDE Connect? Also the typical use case for it are on trusted networked, e.g. home WiFi but if it’s problematic on public networks then do not use KDE Connect on other networks?
Edit: what alternative device discovery solution could be used by KDE Connect to make it more private on untrusted ntetworks?
digital privacy and security
I bet there is an amalgamation going on there.
People who wants to maximum amount of security might not care as much about privacy, thinking relying on a famous actor which spends a ton on security (and runs ads to say so) give them privacy, typically Google or Meta, while ignoring their interests in using private data for profit.
The other way around some people claim they cherish privacy, which sounds like your uncle, yet can not realistically achieve it by using outdated systems leading to poor security and thus potentially bad privacy.
The 2 go hand in hand yet are different.
LineageOS and asked if I could use it […] He went to the Google Play Store and installed Files by Google after logging into my account.
Ugh… sorry to say but if your goal is “what a phone without Google services” then your father did not understand that. He might be able to help you but he might not. The point though is that have to clarify with him WHY you want to try that. Only then can he help with the how.
Anyway for music I recommend VLC, it even has an option to become a Web server to receive file. If you do exchange files often with your Linux desktop I also recommend KDE Connect which helps for SMSes too and more, you can even define custom commands. I recommend removing the PlayStore entirely and relying solely on F-Droid and on a case by case basis potentially on .apk from sources you trust, e.g. Signal Website.
Agree but nobody forces you to use anything except ProtonMail or ProtonVPN. In fact I have a visionary account and I mostly just use ProtonMail. I do use ProtonVPN but I also have WireGuard. Also my ProtonMail addresses are behind domains I host. If tomorrow I decide to switch away from Proton, I can.
So… sure Proton is not perfect and centralization is bad but IMHO it’s like saying Firefox is imperfect so it’s fine to use Chrome or Chromium browsers. Imperfect alternatives to BigTech and surveillance capitalism is better than relying on the things you hate until something “perfect” never comes along.
something watching, logging connections to everyone connected to that torrent
Might be, FWIW there are quite a few ways to torrent in a rather private way, namely require encrypted connection, have a blocklist, require to be behind a VPN, etc … but in the end you still share data with strangers, that’s the core premise. The whole point is to facilitate the sharing of data reliably but then who joins the pool is outside of the protocol itself.
Pay for stuff if you want something reliable and supporting your privacy. Sure test the free tier to make sure it fits your requirements but please do consider not sticking to it.
Might be Filen (don’t know of it) or Hetzner Storage Box (~10e/month for 5TB iirc) or Proton Drive (Visionary customers have a large quantity, e.g. >6TB) or whatever else you prefer but if you do not actually help people providing services by funding their work they you are supporting BigTech and their “free plans” that comes precisely at the cost of our collective privacy.
So infuriating.
Technology is, rightfully, seen as a tool of control.
It should be a tool for emancipation, gaining and increasing agency. It’s been “sold” as such only to then gradually yet inexorably do the exact opposite.
This is deeply dangerous because it erodes trust in both governments and technology.
That being said, it’s not new. It’s been done before, it will be done again.
Consequently what could be done is to refuse any technology without safeguards, including the potential dismantle of the entire ecosystem in place the second it’s being abuse. It should be impossible to have mandatory usage without matching “canary in the coal mine” that force the system to stop AND the person responsible for it to also be removed from their function.
IMHO the key aspect isn’t where you host things but rather understanding how hosting itself works.
To me the most challenging aspects are how to :
and also ideally
For that very first step I would say having a machine directly exposed to the Internet makes it easier. I don’t know what ISP you use but at least in Belgium where I’m currently located all ports are closed and IP are dynamic. That means if you want to show your freshly started Apache Web server to your mother in law it will challenging.
Meanwhile if you do manage to get to the last step, namely restore your entire setup, then restoring to a cloud service or a RPi is the same, you transfer your data, start your services and voila, you are back either LAN only or on the entire Internet via a cloud provider.
So autonomy isn’t as much as to where things are physically hosted and by whom as in the actual capacity to able to host there or elsewhere.
Finally if you are using a commercial ISP, as opposed to having your own AS, are you really self-hosting?