If you want to set a small stone in Google's path, and you own a Google Pixel: you can install GrapheneOS and completely* degoogle your phone!

*at least until you install the google play services as a sandboxed app, which at least prevents it to access all of your phone sensors and data.

If not for degoogling, do it to increase the user base of GrapheneOS, because they are doing a pretty good job of opposing Google and their monopolistic policies, and the more user base they have, the more voices will shout at Google.

PS: as GrapheneOS does not collect data from you, they will not know that you have GOS on your phone. This means that, if having GrapheneOS breaks some app on your phone, it's up to you to raise your voice to the developers to tell them that a more secure OS than the average Android distribution is being blocked on their app.

Seriously, Google? You actually changed Gulf of Mexico to Gulf of America on Google Maps?

What the fuck?!

one thing i don't like about GrapheneOS is the call history. when I check there I want to know exactly when i made a call, and how long it was. But Graphene shows me none of it.

I called this number 3 times roughly two hours ago? great. but how long was the second call? was it exactly two hours ago?

It's just annoying

Android's security theater is pissing me off again.

Looking for some files to wirelessly shoot over to this new phone through KDE Connect:

Meanwhile, over here under GrapheneOS (basically greatly security hardened and largely de-Googled Android 14):

Yeah, with the amount of crap I wanted to copy over? It'll be a lot quicker and easier to just use USB with a computer middleman anyway. However little I like to use Mr. C's desktop since my laptop is still on the fritz, it's right in there.

But it still irritates me that Android 13 doesn't want to let me access my own damn files through its own file manager. Can't necessarily blame Samsung this time, since it is apparently a standard Android "security" provision for a while now.

I just want some of my mp3 files, which Amazon for some ungodly reason insists on sticking inside its own data folder.

(Yeah, this has come up before. I forgot because (a) I haven't needed to shuffle around inside app data for a while over there, and (b) you totally can over here.)

Man I've been offline for a while longer than I wanted to however! I just got a new victim! i mean, test subject! (a google pixel 3a) If I'm lucky and I don't brick it immediately, I'm gonna spend some time trying out a few different mobile distributions because I feel like I never gave them a fair enough chance in the past, plus a lot of them went through some major updates and whatnot since I last saw (or used) them! I'll prolly post here regarding what I experience, and what my opinions are. I don't think I'll make an argument as to which one is necessarily better however I will try and figure out what kinda person each is better for if that makes sense

I was thinking how incredible it'd be to start accepting old cells phones to put sub-market OS on for burner phones for organizers

I wanna have a booth at my local farmer's market with a banner that says like, everyone deserves beautiful, sustainable things and just do like,, a pay-what-you-can starting at like $10 for handmade goods and patched/altered clothes i source from the local thrift store's waste stream. That's the fuckin dream. Collecting paper bags to make printed wrapping paper? collecting people's old clothes to repurpose as patches or mended garments? Making beautiful, mended, clothes into an accessible aesthetic??????? i want it so bad

obtaining a pixel 8a in the near future.... grapheneOS imminent ! !

GrapheneOS: Seguridad y Privacidad en tu Smartphone

En un mundo cada vez más preocupado por la seguridad y la privacidad de los datos, GrapheneOS surge como una solución confiable y de código abierto para smartphones.

En DRAFT probamos el sistema operativo en un mundo cada vez más dependiente de los dispositivos móviles, la seguridad y la privacidad son aspectos críticos a considerar. En este sentido, GrapheneOS se presenta como una solución innovadora y de código abierto que busca proteger tus datos y tu privacidad en tu smartphone. En este artículo, exploraremos las funciones de GrapheneOS, cómo instalarlo y…

View On WordPress

why does my phone suggest ****** and ***** as typing suggestions ive not even talked about them on this phone 😭

So, about Linux. Do you have a phone that uses Linux? Is there one out there that can access tumblr and be reasonably usable? I'm just sick of Apple and Google's BS and want an opinion from someone in the know.

technically: android is built on linux

less pedantically: i personally have a google pixel with stock android because it's the least bloated and i don't trust most other manufacturers to not put dumb bullshit on my phone.

if you want a linux phone then i've heard good things about the pinephone. here are the operating systems it supports: https://pine64.org/documentation/PinePhone/Software/Releases/. note that a lot of the OSes don't have full support for all of the device features like bluetooth, and there won't be android app support out of the box. you'll have to use something like waydroid and idk how good the compatibility is.

if you want something closer to the normal android experience, grapheneOS might be up your alley. caveat: there is very limited device support; they basically only have official support for google pixel devices: https://grapheneos.org/faq#device-support. google play is disabled by default but you can enable the sandboxed version of it to install tumblr.

if you see other custom ROMs or AOSP-based OSes, you should do some research to make sure you're comfortable with the developers and the security for them. grapheneOS is generally well regarded and most other projects don't have anywhere near the level of focus on security. (less pussyfooted answer: i wouldn't use them.)

Opinion on Louis Rossman? I ended up following him when I was researching right to repair but as a newbie techie he's said a few things that I don't know if I should trust regarding tech privacy.

Louis Rossman knows a lot about macbook repair and needs to be factchecked on pretty much everything else; he admits this himself in a video called "Don't trust me" where he's issuing a correction because he leapt to conclusions in a previous video.

Rossman has a libertarian approach to tech (and to a lot of things; his channel is deeply invested in rugged individualism and a hustle and grind mentality). He believes that people who own various devices should have ultimate say in what happens to those devices and should have control over what data those devices are collecting and who they are sharing it with. That guides his attitudes about repair and privacy. These are not *incorrect* views but they are views which have made him very reactive in conversations about privacy and data collection, and he has a pretty bad habit of leaping to conclusions and interpreting things as uncharitably as possible with a WORSE habit of not doing any significant research before presenting information to his audience of 2 million people. Anything that looks like Big Brother is something he jumps on immediately, even if what he's looking at is a shadow with the vague outline that resembles an entity that might have a shape similar to Big Brother.

He's got many videos where he examines a privacy policy or a news report about a "startling" violation of privacy where he has to come back later and issue a correction, and of course most of his viewers are going to look at the startling video shit-talking nissan - in which he is worked up and animated and energetic and funny - not the staid correction put out a week later.

But as much as he might be wrong in individual readings of ToSs or legislation or court records, I don't think his overall approach is wrong. He might be incorrect that your Nissan is collecting information about your sexual history (he is incorrect about that) but it's still bad that Nissan is collecting data on you and you shouldn't buy a car that collects a shitload of data on you. He might be incorrect about grapheneOS for security (he is and he isn't and his beef with graphene is legit but personal, it's a fine OS) but he's not wrong that if you don't want google tracking your data you should use a degoogled OS.

One of the things that I've seen him get wrong on multiple occasions is a conflation of privacy and security. Privacy and Security aren't the same thing, and Rossman is a lot more focused on Privacy than he is on Security. I tend to be more on the Security side of that question, though I also think Privacy is important.

For both privacy and security what you need to ask yourself is why you are doing this and what you want to prevent. If you're using firefox because you don't want chrome collecting data on you and refining a profile to serve ads to you, that's a fine reason to move to firefox. If you're using firefox instead of chrome because you're an activist and you don't want the government to know what you're doing, you are missing several steps and possibly putting yourself in danger. If you're using firefox instead of chrome because you don't want your ex to be able to track your online activity you are missing several steps and possibly putting yourself in danger. If you want to use chromebooks instead of windows laptops in a hospital environment so that your administrator has extremely granular control and can implement security policies from an accessible console in order to meet HIPAA requirements more easily, that's a good reason to use chromebooks. It's very secure. But it's not terribly private for the *users* even if it is private for the *patients.*

So, some of what Rossman says is right but it's predicated on a worldview that is steeped in paranoia and an extremely individualistic approach to privacy and security. Some of what Rossman says is wrong because it's wrong, but also some of what Rossman says is wrong because it is wrong *for you and your specific situation* and he's giving general commentary, not advice for individuals.

You can see this really clearly in his video about being "important" enough to require privacy. The whole video is a response to a computer security streamer saying that you don't need a degoogled phone to work in security and that you are likely not important enough to worry about the kind of state-level threats that would require an extremely secure phone because nobody is going to waste resources for a random security goon. And in Rossman's response, he argues that you shouldn't have to be "important" in order to deserve a phone that doesn't have Google tracking your every move. But that's not what the initial clip was about. Rossman spends fifteen minutes arguing with something the initial clip doesn't say and brushing aside the *actually important* discussion about threat modeling that could be had on the subject in order to advocate for more low-level consumer privacy concerns. You SHOULD be able to install an OS that doesn't track you, but also you don't need some 1337h4x0r phone to do red teaming as a pentester, and also most people who get worried about security worry in completely the wrong direction.

Like, a couple weeks ago maia arson crimew got an ask that was like "should you really be posting your name out there on the internet? is that secure?" and its response was "i am wanted by the US government."

And that's like the *perfect* illustration of the distinction happening here. maia is posting online and sharing photos and chatting with people and using an app that gather some data, and that is not at all a concern for its privacy or security because A) if state-level actors are observing you then it does not matter whether or not you're posting selfies or your location for an upcoming talk, they know what you look like and can find out where you are and B) they are going to be able to subpoena data from any entities you've worked with so you're going to be taking precautions to work with encrypted tools for security, not relying on privacy policies.

and like a few years ago i made that post about the drug dealer who got arrested because he'd used his "secure" phone to text someone a photo of cheese and that photo was used to identify him - it is not the *existence* of social media photos or photo messaging that was the problem in his security, nor was it even necessarily that his "secure" phone was compromised (though yeah that wasn't good) it's that he was identified because he crossed the streams and put personally identifiable information in his secure encrypted crime phone for crimes.

Anyway. I need to sit down and actually write something up on this someday but here's a very basic breakdown:

Online privacy is about who has access to the data you generate while operating online; companies gather information about your habits and the websites you visit, what computer you're using and how long you look at item listings, how much you'll watch of a video and the keywords you use in your emails.

Security is about preventing access to information about YOU, not your behavior. It's ensuring that nobody can look into the boxes that you want to lock, and not leaving footprints when you don't want to be seen.

Lax rules about privacy can threaten your security, for instance police don't need a warrant to access data from Ring camera videos in your neighborhood, so the lack of privacy from Ring might make it easier for police to observe you even if you are cautious about your own personal security.

Poor security practices on the part of a business can be a problem for privacy in an individual sense - a hospital that doesn't have good security in place might get hacked and have private patient records leaked, for instance - but most of the data that people talk about when they discuss online privacy is either anonymous or in bulk packages of data that mean very little to your personal risk profile (because the 'privacy' data people are concerned about isn't the same as the 'security' data that gets leaked in big breaches, like passwords and usernames and email addresses - that's less about privacy and more about security but the fact that the businesses want an email address from you is generally a privacy issue - they don't need your email address for the most part and you shouldn't have to give them one to function - not a security issue. You see how this is confusing and intertwined?)

So when a lot of digital privacy activists are talking about digital privacy they're talking about stuff that is, realistically, pretty philosophical in most people's lives. The data profile that Google generates about you is *invasive* but in most circumstances it isn't a *threat* (at the moment, on an individual level), however the data privacy perspective (which i happen to share) is that living in a world where massive data collection is normalized, unquestioned, and constant could easily tip over into something that is dangerous, and which can already be weaponized against individual targets by state actors.

When security activists start talking about stuff it's because oh my god security is a mess everything is full of holes and you have no idea how easy it is to grab access to something that people probably do not want you to have access to please please please just start using strong passwords and passcodes and lock your phone and your computer please, baseline, please just use a password manager bitwarden is free and easy. (but also you need to MAKE AN EFFORT and LEARN A LOT if you're trying to cover your tracks online and no browser plugin or encrypted email service is going to keep you safe).

So when I'm talking about the benefits that most people get out of using Firefox, that's me talking about privacy. When I'm talking about the benefits of using Tor, that's me talking about security. When I'm talking about using Linux and open source software, that's me talking about *autonomy* having direct control over the system that you are using, and THAT is the kind of thing that Rossman knows a lot about and has good opinions about.

I feel like it should go without saying that one of the reasons to be concerned about digital privacy is because the companies that trash your digital privacy are profiting off of the profiles they build on you, and are always attempting to find new ways to violate your privacy in order to profit from you. It doesn't need to be a security risk for it to be wrong, and you don't have to be under active threat from a government to decide that you don't want Youtube deciding to serve you ads for diapers because google decided that you are pregnant based on the websites you've been visiting.

ANYWAY, TL;DR:

Louis Rossman needs to be fact-checked on privacy statements and has a history of visibly making mistakes because he speaks on something before he researches it

Privacy and Security are different.

Privacy is about the data that are shared by the tools you use with the manufacturers of those tools and what those manufacturers do with that information.

Security is about preventing unauthorized access to your personal information and preventing individuals from tracking you online or accessing your private information.

Privacy and security are distinct but intertwined; Rossman is primarily concerned with Privacy and Autonomy, not discussions of security, but may misinterpret discussions of security to be about Privacy.

If you are concerned about privacy, you can look for recommendations from privacyguides.org, which makes recommendations on privacy-focused tools. Cory Doctorow (@mostlysignssomeportents on tumblr) is a great resource for information about the practical and philosophical implications of data privacy.

Fuck google though. Genuinely I think that people should do everything reasonably within their power to deny tech companies access to data on their behavior.

If you are concerned about *security* that is genuinely a more complicated topic with much more significant risks up and down the chain but at the very least please use a password manager (bitwarden is so good and so easy i promise) and lock your phone with something other than your thumbprint or your face. To learn more about security i guess you can start with Troy Hunt and Bruce Schneier. It is like, genuinely a problem that it's difficult to find good, reliable security information for home computer users that isn't trying to sell them something but here's an FTC guide for small businesses that goes a bit more in-depth than "use a password manager" and is only SLIGHT overkill for your mom's 2010 desktop.

everything is a mess i'm sorry i love you please just use firefox and bitwarden.

Only this time, WITH sudo access, and that LED strip thankfully left somewhat on. Because it's dark as hell back in his lair at night otherwise.

Back in business for Operation Graphene!

The green light is probably coincidental, but we have the green light! 😅 (That strip is actually multicolored programmable, running off a Raspberry Pi. And I am still not sure how to control it. Wanted more illumination last night.)

Good thing that I did ask to be added to the sudo group earlier. Because it looks like next up, we're doing this, which I almost forgot about until "Oops, I guess it doesn't know how to talk to the phone yet!":

Looking like a relatively quick and easy option.

Once again, I just want to unlock my bootloader. 🫤

At least this shit is relatively easy dealing with the Pixels. Which is one of the reasons I opted for one this time.

it might be like. joever. android is only being developed internally now. the source code is still public but its not accepting any outside help. you wont be able to see any of the development process or whatever, only what google wants to show publically.

while still being technically possible to keep up forks like grapheneOS or lineage/divest, this will absolutely slow things down and make it harder as instead of being able to work in parallel with AOSP they will have to wait for google to properly release each version, which happens for many other components of android already.

AnarSec: Tech Guides for Anarchists

AnarSec is a new resource designed to help anarchists navigate the hostile terrain of technology — defensive guides for digital security and anonymity, as well as offensive guides for hacking. All guides are available in booklet format for printing and will be kept up to date.

As anarchists, we must defend ourselves against police and intelligence agencies that conduct targeted digital surveillance for the purposes of incrimination and network mapping. With the defensive series, our goal is to obscure the State’s visibility into our lives and projects. Our recommendations are intended for all anarchists, and they are accompanied by guides to put the advice into practice.

With the upcoming offensive series, we hope to contribute to the practice of hacking the State and capital. Astute readers may notice that the art featured on our homepage and booklets is taken from communiqués detailing how anarchists robbed a bank (Phineas Fisher) and destroyed police servers (AntiSec) using only a keyboard.

The defensive series currently includes:

Tails

Tails for Anarchists

Tails Best Practices

Qubes OS

Qubes OS for Anarchists

Phones

Kill the Cop in Your Pocket

GrapheneOS for Anarchists

General

Linux Essentials

Remove Identifying Metadata From Files

Encrypted Messaging for Anarchists

Make Your Electronics Tamper-Evident

3, 23, 27

@perl-official

spotify and occasionally apple music 😔 I'll move away from streaming eventually, but for right now I'm not paying for it (family plan) and all my playlists are there soooo

uhhh I discovered LSP recently and that NeoVim has builtin support that just needs to be activated in the config and that has saved me SO MUCH TIME as I relearn the bits of Python that I've forgotten

there's not a 27 on the list so I'll answer 7 and 17

GrapheneOS, love it, it had some growing pains in the early days but now it's rock-stable, ridiculously secure, and sandboxed Google Play is literally better than MicroG

Hosting is a mix, I have some institutional accounts that I have to deal with that are MS and Google, I have some Gmail accounts of my own because who can live without a google account these days, but my primary personal emails are all hosted on Zoho. I use Thunderbird for my desktop client and FairEmail on android right now, but I've been meaning to check out the new Android Thunderbird version