Worthwhile yet tricky. Companies like OpenAI, Google, Meta, etc are full of experts in statistics and they have access to a lot of storage space. If use a service from those companies, say 4hrs per day between 7am and 9pm, at a certain frequency, e.g. 10 requests / hour, then suddenly, when you realize you actually do not trust them with your data, you do 10000 req/hr for 1hr then that’s a suspect pattern. Then might be able to rollback until before that “freak” event automatically. They might still present you as a user your data with the changes but not in their internal databases.
So… I’m not saying it’s not a good idea, nor useful, but I bet doing it properly is hard. It’s probably MUCH harder than do a GDPR (or equivalent) take out request then deletion request AND avoiding all services that might leverage your data from these providers.
I don’t think that’s possible. I think streaming in practice (not in theory!) is nowadays monitoring everything you do with the content they provide. In fact you yourself blocked your own TV from accessing the Internet.
Anyway I saw quite a few technical solutions (general purpose computers) but I didn’t see any service to then use those with. There are quite a few streaming services I would trust though, e.g. public services like Arte.TV or PBS (well… I did, not I’d be cautious) that can be accessed without an account.
So it depends in the end of what kind of content you mean to stream. You don’t have to answer that specifically but… if it’s not something that is genuinely public, available on services like PeerTube but instead rely on surveillance capitalism, e.g. YouTube, Netflix, etc then I’d argue the kind of streaming itself you want is not compatible with your privacy requirements.
Edit: I’m not streaming except public radio (specifically fip.fr that’s all) on my desktop. I just download the content I need what from whatever sources provide it DRM-free. It’s both a technical alternative and a healthier practice IMHO.
No https://search.f-droid.org/?q=waterfox and they don’t seem to list it on their official page either. Please show your interest at https://github.com/BrowserWorks/waterfox/issues/4002
so long as it’s optional, local, and private.
… yes but also
- open source,
- open model,
- all annotations done with proper respect to
- labor law (ideally verified by 3rd party)
- IP
- clear on ecological cost
- CO2 eq in model card (ideally verified by 3rd party)
- analogy non technical user can understand
… which makes for a rather limited list.
My own constraints https://fabien.benetou.fr/Content/CollaborationRelyingOnAI recommendations welcomed, both on such rules but also on models that do fit, if any.
Honestly why even ask the question or read the ToS when you know the business model of Google?
To be clear Google is NOT a technology company! Google is an advertising company which, unlike traditional advertising companies selling physical ad space, sells online ad space. Through vertical integration they also happen to distribute software, e.g. Android, Chrome, etc, services e.g. Google Search, GMail, GDrive, GCloud, and hardware, e.g. Pixel, Nest, etc which they are not giving for free but at a low price, and infrastructure, e.g. Google Fi.
… but ALL those products are ONLY existing to sell ads!
I let derive your own conclusion for Google Fi and every other product they provide.
TL;DR: of f*cking course.
AFAIK the packets are for discovery of other devices relying on mDNS / DNS-SD which is used by plenty of other services.
More importantly though, does it matter? What are you actually broadcasting while doing so? That you are using KDE Connect? Also the typical use case for it are on trusted networked, e.g. home WiFi but if it’s problematic on public networks then do not use KDE Connect on other networks?
Edit: what alternative device discovery solution could be used by KDE Connect to make it more private on untrusted ntetworks?
digital privacy and security
I bet there is an amalgamation going on there.
People who wants to maximum amount of security might not care as much about privacy, thinking relying on a famous actor which spends a ton on security (and runs ads to say so) give them privacy, typically Google or Meta, while ignoring their interests in using private data for profit.
The other way around some people claim they cherish privacy, which sounds like your uncle, yet can not realistically achieve it by using outdated systems leading to poor security and thus potentially bad privacy.
The 2 go hand in hand yet are different.
LineageOS and asked if I could use it […] He went to the Google Play Store and installed Files by Google after logging into my account.
Ugh… sorry to say but if your goal is “what a phone without Google services” then your father did not understand that. He might be able to help you but he might not. The point though is that have to clarify with him WHY you want to try that. Only then can he help with the how.
Anyway for music I recommend VLC, it even has an option to become a Web server to receive file. If you do exchange files often with your Linux desktop I also recommend KDE Connect which helps for SMSes too and more, you can even define custom commands. I recommend removing the PlayStore entirely and relying solely on F-Droid and on a case by case basis potentially on .apk from sources you trust, e.g. Signal Website.
Agree but nobody forces you to use anything except ProtonMail or ProtonVPN. In fact I have a visionary account and I mostly just use ProtonMail. I do use ProtonVPN but I also have WireGuard. Also my ProtonMail addresses are behind domains I host. If tomorrow I decide to switch away from Proton, I can.
So… sure Proton is not perfect and centralization is bad but IMHO it’s like saying Firefox is imperfect so it’s fine to use Chrome or Chromium browsers. Imperfect alternatives to BigTech and surveillance capitalism is better than relying on the things you hate until something “perfect” never comes along.
something watching, logging connections to everyone connected to that torrent
Might be, FWIW there are quite a few ways to torrent in a rather private way, namely require encrypted connection, have a blocklist, require to be behind a VPN, etc … but in the end you still share data with strangers, that’s the core premise. The whole point is to facilitate the sharing of data reliably but then who joins the pool is outside of the protocol itself.
Pay for stuff if you want something reliable and supporting your privacy. Sure test the free tier to make sure it fits your requirements but please do consider not sticking to it.
Might be Filen (don’t know of it) or Hetzner Storage Box (~10e/month for 5TB iirc) or Proton Drive (Visionary customers have a large quantity, e.g. >6TB) or whatever else you prefer but if you do not actually help people providing services by funding their work they you are supporting BigTech and their “free plans” that comes precisely at the cost of our collective privacy.
So infuriating.
Technology is, rightfully, seen as a tool of control.
It should be a tool for emancipation, gaining and increasing agency. It’s been “sold” as such only to then gradually yet inexorably do the exact opposite.
This is deeply dangerous because it erodes trust in both governments and technology.
That being said, it’s not new. It’s been done before, it will be done again.
Consequently what could be done is to refuse any technology without safeguards, including the potential dismantle of the entire ecosystem in place the second it’s being abuse. It should be impossible to have mandatory usage without matching “canary in the coal mine” that force the system to stop AND the person responsible for it to also be removed from their function.
reMarkable isn’t about replacing books. You can have a PocketBook with KOReader for 120EUR. It’s not a price per book comparison, IMHO it’s a price per sketch and thus ideas, work, presentations, etc because that’s where reMarkable is unique, low latency e-ink writing.
For “just” reading there are plenty of alternatives, including cheaper alternatives.
I don’t see ads but if I were to, and despite all my precautions some would be on topic based on my past behavior I would methodically dissect to find out the leak. Namely I would try to automate the process :
- identify a place showing ads
- take an action, e.g. search or browser, on a verifiable unique topic (in order to prevent from generic suggestions, e.g medication during flu season)
- verify if the ads become relevant
- enable/disable any of the tools used, repeat
FWIW before whine about the lack of editing or digitization : take of photo of the result on your phone, auto-upload to your desktop or even server and voila, a proper process to have your cake and eat it too.
I very often take a basic A4 piece of paper, or even a napkin, whatever is around really, then sketch to summarize a complex situation, snap a pic and send it to myself. Amazing way to think, very flexible and intuitive, at basically no cost and entirely private. Sure you still have to re-draw it after, IF you want to, but typically the idea itself is already on a substrate, maybe that’s enough. If you want to edit it… guess what, you can edit the photo itself, no need to vectorize it first. Paper is great.
Pretty much all open hardware devices should be on such a list, e.g.
- NitroKey for both authentication tokens and storage (of e.g ssh keys)
- PGB-1 (based on RP2040) or Haxophone (based on RPi Zero) for music
- Precursor for token and dev (via its own FPGA)
so check CrowdSupply for more of such things.
I’d also add reMarkable. Sure you can use their cloud but you do NOT have to. It means you have your own Linux e-reader but also sketchpad entirely offline. You can work and sync with ssh or rsync and even setup your own cloud, cf https://github.com/ddvk/rmfakecloud . If you want something more open from the start check the PineNote but it’s harder to get and you have to tinker a bit more.
credit cards, debit cards, and now cashless vendors
FWIW in Belgium you can get prepaid nameless cards. The post and their bank partner know it’s yours (due to KYC) but not the shops and for online shops you can use drop boxes.
For membership cards I specifically reject because of that. It’s optional though so IMHO it’s precisely the easiest thing to escape, just say no.
FWIW in Brussels there are anonymous public transport cards. You can top up your card but it’s not attached to your name or ID. If you lose it though, it’s like cash, you can safely assume nobody will give it back because they can’t. Most people I know do not use them but maybe they do not even know it’s an option.
Sidetracked a bit but last week I was in the UK. I tried to visit a website (not porn actually, just private messaging on BlueSky) and it asked to verify my age. Initially I thought “Meh… OK… let’s see the process” which then lead to installing an app maybe (I’m not sure tbh as I was in rush). Clearly I didn’t want to do it because the DM was potentially urgent (scheduling to meet someone ASAP) … so what did I do? I switched from my browser to my VPN, connected from Austria, refreshed… no age verification. It took me a grand total of 5s to bypass the system.
TL;DR: maybe you can actually escape even though you are convinced you can’t.
- you owning a domain, e.g. familyname.potato , does not prevent you from owning 10 other domains. How you chose to use each is up to you. With whom you share each also.
- which services? I don’t understand. I typically use e.g. ProtonMail on my domain but I can have for each a different mail provider. I don’t see what somebody knowing which service uses is a problem as long as that service is secure.
- I’ve been using my own domain for years, maybe a decade now (can’t recall tbh) and had 0 problems, including with banking and public administration. Nobody knows even what it is or who owns what, just that it works.
- no idea, I know I’d use a free ProtonMail account if I needed sth disconnected from everything else
- your CV should be something public anyway, you’re trying to prove your are somebody with skills they can trust. If you have problems linking your skills with your identity something feels off. I have 0 problem saying I can do some locking picking publicly. Anyway your CV is also a temporary document. If somebody doesn’t visit your domain the moment they open your CV, chances are that years later it’s entirely irrelevant.
- yes, I have multiple domains because I don’t have to have 1 identity. I can share only professional things with you and personal things with others, or vice versa. Having different domains, and subdomains, for that help me doing so.
Tracking from WHOM and thus WHY should be the question.
It’s different to be tracked for profit, e.g. Google or Meta, versus for political or corporate espionage purposes.
The former is basically volunteering information through bad practices. Those companies do NOT care about “you” as an individual. In fact they arguably do not even know who you are. Avoiding their services is basically enough. It might be inconvenient but it’s easy : just do not.
The later is a totally different beast. If somehow the FSB, because you criticized Putin, or NSO Group, for something similar or because you have engineer something strategic to a business competitor who is a client of theirs, then you will be specifically targeted. This is an entirely different situation and IMHO radically more demanding. You basically don’t have to just care about privacy good practices, which is enough for the former, but rather know the state of the art of security.
So… assuming you “just” worry about surveillance capitalism and hopefully live in a jurisdiction benefiting from the Brussels effect with e.g GDPR related laws, either way is fine.
Thanks for sharing and the clarifications. I do think both the philosophy behind this and the technological choices are right but it’s also true that “How many people?” can it handle is important for people who want to actually try and onboard others. It’s one thing to try alone but as long as we ask others to join, knowing what the limits are makes everybody more understanding.
Belgian Post does that, prepaid MasterCard with IBAN. They or the partner bank does KYC (no choice) but shops don’t get your data.