The privacy sub may be even more paranoid than the stim subs.

This haunts them in their sleep:

programming-communism

  • jaeme@hexbear.net
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Privacy sub… Iphone

    What a lack of computer literacy and libre software thought does to a mf.

      • jaeme@hexbear.net
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Android is leagues ahead of Apple, first of all, the core of Android is libre, anyone is able to take Android and create their own mobile operating system around it (with various amounts of success). Of course, this leads to OEMs who create bastardized nonfree operating systems with privacy holes, but it also leads to things like Vanilla Android, GrapheneOS, CalyxOS, /e/ etc.

        There are also GNU/Linux phones like UBports, GNOME/KDE mobile shell, so it’s not a binary decision.

        Android is not without its flaws (like Google play services and closed down hardware), but to say it’s not better than Apple is misleading. Countries choose Android, only America pushes their Apple sludge.

          • YearOfTheCommieDesktop [they/them]@hexbear.net
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            To be clear, it is possible to defend yourself, but ofc no defense is perfect. For illegal activities that might attract federal attention? best to avoid them at all costs. But for general privacy in your day to day life that isn’t practical for most people, and “every cellphone is snitching on you” is way too reductive, even if it’s true in a sense.

            For example the person you are replying to mentions Linux phones, many of which publish schematics and make hardware kill switches for the discrete modem a big selling point. That still isn’t perfect protection, but it would protect you from a stingray… and if you have a thought out threat model, you can make the choice whether or not that device is appropriate for your situation.

            • ChaosMaterialist [he/him]@hexbear.net
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 year ago

              Let me be clear first: If you want to get rid of advertising, then yes your advise is OK. If you want to defend against the Surveillance system, it’s not close to adequate. This is the fundamental gap I’m trying to address.

              I understand where your heart is at, but you are making a mistake. Free/Libre software is about Freedom, and from that guarantee we can build other guarantees about security and privacy. However Freedom itself does not guarantee security nor privacy. Freedom is also the freedom to shoot yourself in the foot.

              To be clear, it is possible to defend yourself, but ofc no defense is perfect.

              There is a perfect defense: Don’t use technology. Much of this advise is trying to use technology to fight technology. It’s a rabbit hole that has no bottom, and the best defense is to not play. The problem is attack surface. Technology is incredibly complex and is chattier than your extroverted :LIB: friend at brunch, and boy howdy kitty-cri-texas do people love to listen! You can reduce this attack surface, but it never goes away as long as you are using technology.

              But for general privacy in your day to day life that isn’t practical, and “every cellphone is snitching on you” is way too reductive, even if it’s true in a sense.

              Here’s the trail crumbs you might make on the Web as you browse each and every website:

              1. DNS request - sends URL domain/hostname (www.hexbear.net, for example), collects IP and timestamp. Your ISP is often the default DNS, so they are collecting this information. Google (8.8.8.8) and Cloudflare (1.1.1.1) as well.
              2. 1st party HTTP(S) request - Encrypts body but sends URL domain/hostname in the clear across the network, collects IP and timestamp.
              3. 3rd party request - Usually advertising, but also could be security (Sign In With Google, Okta, etc), collects IP and timestamp
              4. 3rd party cookies - Sent and updated with every request to that domain (Amazon cookie to Amazon.com, FB cookie to Facebook.com, etc), collects IP and timestamp
              5. 1st party advertising - Think Amazon’s “Customers also bought…”, has full access to your request, collects IP and timestamp and User-Agent.
              6. Logs - Usage data about what you do on the website, both front-end and back-end, collects IP and timestamp
              7. Telemetry - Usage data about what you do with your app, collects IP and timestamp

              You can use custom software for #3 and #4 on the device (most of the advise here), but do you block google.com? You can use a network DNS blocker (e.g. Pi-Hole) for #1, #3, #4, and some of #7, but that only works on networks you control. VPNs advertise as solving #2, but that’s pure ideology; it only moves where the routing traffic goes and still can log information in transit.

              This also ignores data brokers who buy all of this information and compile it together.

              And this is just the advertising/surveillance defense against tech companies. I haven’t even touched cop or fedposting defense.

              • robot_dog_with_gun [they/them]@hexbear.net
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 year ago

                if your threat is state-level actors your computer security is approximately moot and maybe you should spend your money on laywers and having a discreet way out of the country

        • xXthrowawayXx [none/use name]@hexbear.net
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          I know your hearts in the right place about this, but android is not better than iOS for privacy.

          The only way android can be made decently privacy respecting is through graphene and that requires a very small subset of the ocean of android devices and requires that you give up almost everything that makes a smartphone useful.

          The solution to privacy isn’t graphene or android, it’s not using a smartphone at all.

          • combat_brandonism [they/them]@hexbear.net
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            and requires that you give up almost everything that makes a smartphone useful

            that’s hyperbolic, I use graphene and rarely use the profile I’ve got their play services shim enabled in. the only thing I have found myself entirely unable to use so far is google pay for event tickets that require it, which isn’t often.

              • combat_brandonism [they/them]@hexbear.net
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 year ago

                idk which features you mean, but you can get the google camera app and sideload it. highly recommend doing that

                most if not all ML features like photo manipulation or whatever else are going to run on google’s servers, so yeah you’re not going to get that. not what I think of when I read ‘everything that makes a smartphone useful’

      • umbrella@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        It is leagues ahead if you are literate enough to wipe off the original firmware and get your own in it.

          • umbrella@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            Its fine if you are not literate to install a custom ROM. Use the defaults.

            I have mine modified, no need for a second job, just 30 minutes of research once.