Android's security theater is pissing me off again.

Looking for some files to wirelessly shoot over to this new phone through KDE Connect:

Meanwhile, over here under GrapheneOS (basically greatly security hardened and largely de-Googled Android 14):

Yeah, with the amount of crap I wanted to copy over? It'll be a lot quicker and easier to just use USB with a computer middleman anyway. However little I like to use Mr. C's desktop since my laptop is still on the fritz, it's right in there.

But it still irritates me that Android 13 doesn't want to let me access my own damn files through its own file manager. Can't necessarily blame Samsung this time, since it is apparently a standard Android "security" provision for a while now.

I just want some of my mp3 files, which Amazon for some ungodly reason insists on sticking inside its own data folder.

(Yeah, this has come up before. I forgot because (a) I haven't needed to shuffle around inside app data for a while over there, and (b) you totally can over here.)

Would actually love to hear about that time you tried to degoogle your phone! Did you replace the OS with one without all the G trackers or dis you just turned them all off?

The short answer to this is that I have a phone with GrapheneOS installed, which is an OS that strips not just the trackers but all Google services out of the phone. It also has various security upgrades built in. You do have to have a Pixel to run it because they're more secure and get updates faster than other Android models, but you could always get one secondhand to avoid giving Google your money.

Graphene has an option to run Google services in a sandbox so you can still use their apps if you really want to, but my main profile doesn't have any of that installed on it. While I'm glad I've moved away from relying so much on Google, it is damn near impossible to do most things other people do with their phones.

I don't get push notifications (because most apps use Google Firebase for notes), I can't use most social media or streaming apps, and the few social apps that do work often have annoying popups complaining that Google services aren't installed. If I originally signed into something with my Google account, I can't use it on my phone. Anything I bought on the Google Play store I no longer have access to. My camera sucks even though Pixel camera hardware is pretty good because I don't have access to the Google algorithms that support the camera in their app. A lot of the FOSS apps I use to replace Google apps aren't bad, but they're missing some of the most useful features Google has. I never really thought about how often I use Maps ratings to help pick restaurants and such until that option was gone. Tumblr works with no issues, though!

I do have a separate profile on my phone where I enabled sandboxed Google Services so i could still have Maps and my work Gmail (and Webtoons) but I try very hard not to use it and to try and use FOSS alternatives. Despite all the inconveniences, I don't think I'm going to give up and go back to running Google services. I spend less time on Youtube and Instagram, I have fewer useless phone apps that primarily just waste my time, and as an avid Big Tech Hater™ it's important to me that I keep trying to cut as much of it out of my life as possible. I'm thinking about putting together a more extensive guide to de-Googling (and other tech companies) over the course of the year as I try to transition further away from big tech surveillance, and I'll probably post about that here if it happens?

GrapheneOS: Seguridad y Privacidad en tu Smartphone

En un mundo cada vez más preocupado por la seguridad y la privacidad de los datos, GrapheneOS surge como una solución confiable y de código abierto para smartphones.

En DRAFT probamos el sistema operativo en un mundo cada vez más dependiente de los dispositivos móviles, la seguridad y la privacidad son aspectos críticos a considerar. En este sentido, GrapheneOS se presenta como una solución innovadora y de código abierto que busca proteger tus datos y tu privacidad en tu smartphone. En este artículo, exploraremos las funciones de GrapheneOS, cómo instalarlo y…

View On WordPress

Also GrapheneOS, just for funsies.

Cell phones will never be 100% private (they gotta connect to cell towers to work lol), and your service provider can definitely track you, even with your location turned off. But controlling what data your phone and apps are sending to Facebook and Google can go a LONG way in keeping your business off the internet.

Facebook and google are helping cops prosecute people seeking abortion. Be very careful in this new era people.

Autism is not an excuse to bully people

Opinion on Louis Rossman? I ended up following him when I was researching right to repair but as a newbie techie he's said a few things that I don't know if I should trust regarding tech privacy.

Louis Rossman knows a lot about macbook repair and needs to be factchecked on pretty much everything else; he admits this himself in a video called "Don't trust me" where he's issuing a correction because he leapt to conclusions in a previous video.

Rossman has a libertarian approach to tech (and to a lot of things; his channel is deeply invested in rugged individualism and a hustle and grind mentality). He believes that people who own various devices should have ultimate say in what happens to those devices and should have control over what data those devices are collecting and who they are sharing it with. That guides his attitudes about repair and privacy. These are not *incorrect* views but they are views which have made him very reactive in conversations about privacy and data collection, and he has a pretty bad habit of leaping to conclusions and interpreting things as uncharitably as possible with a WORSE habit of not doing any significant research before presenting information to his audience of 2 million people. Anything that looks like Big Brother is something he jumps on immediately, even if what he's looking at is a shadow with the vague outline that resembles an entity that might have a shape similar to Big Brother.

He's got many videos where he examines a privacy policy or a news report about a "startling" violation of privacy where he has to come back later and issue a correction, and of course most of his viewers are going to look at the startling video shit-talking nissan - in which he is worked up and animated and energetic and funny - not the staid correction put out a week later.

But as much as he might be wrong in individual readings of ToSs or legislation or court records, I don't think his overall approach is wrong. He might be incorrect that your Nissan is collecting information about your sexual history (he is incorrect about that) but it's still bad that Nissan is collecting data on you and you shouldn't buy a car that collects a shitload of data on you. He might be incorrect about grapheneOS for security (he is and he isn't and his beef with graphene is legit but personal, it's a fine OS) but he's not wrong that if you don't want google tracking your data you should use a degoogled OS.

One of the things that I've seen him get wrong on multiple occasions is a conflation of privacy and security. Privacy and Security aren't the same thing, and Rossman is a lot more focused on Privacy than he is on Security. I tend to be more on the Security side of that question, though I also think Privacy is important.

For both privacy and security what you need to ask yourself is why you are doing this and what you want to prevent. If you're using firefox because you don't want chrome collecting data on you and refining a profile to serve ads to you, that's a fine reason to move to firefox. If you're using firefox instead of chrome because you're an activist and you don't want the government to know what you're doing, you are missing several steps and possibly putting yourself in danger. If you're using firefox instead of chrome because you don't want your ex to be able to track your online activity you are missing several steps and possibly putting yourself in danger. If you want to use chromebooks instead of windows laptops in a hospital environment so that your administrator has extremely granular control and can implement security policies from an accessible console in order to meet HIPAA requirements more easily, that's a good reason to use chromebooks. It's very secure. But it's not terribly private for the *users* even if it is private for the *patients.*

So, some of what Rossman says is right but it's predicated on a worldview that is steeped in paranoia and an extremely individualistic approach to privacy and security. Some of what Rossman says is wrong because it's wrong, but also some of what Rossman says is wrong because it is wrong *for you and your specific situation* and he's giving general commentary, not advice for individuals.

You can see this really clearly in his video about being "important" enough to require privacy. The whole video is a response to a computer security streamer saying that you don't need a degoogled phone to work in security and that you are likely not important enough to worry about the kind of state-level threats that would require an extremely secure phone because nobody is going to waste resources for a random security goon. And in Rossman's response, he argues that you shouldn't have to be "important" in order to deserve a phone that doesn't have Google tracking your every move. But that's not what the initial clip was about. Rossman spends fifteen minutes arguing with something the initial clip doesn't say and brushing aside the *actually important* discussion about threat modeling that could be had on the subject in order to advocate for more low-level consumer privacy concerns. You SHOULD be able to install an OS that doesn't track you, but also you don't need some 1337h4x0r phone to do red teaming as a pentester, and also most people who get worried about security worry in completely the wrong direction.

Like, a couple weeks ago maia arson crimew got an ask that was like "should you really be posting your name out there on the internet? is that secure?" and its response was "i am wanted by the US government."

And that's like the *perfect* illustration of the distinction happening here. maia is posting online and sharing photos and chatting with people and using an app that gather some data, and that is not at all a concern for its privacy or security because A) if state-level actors are observing you then it does not matter whether or not you're posting selfies or your location for an upcoming talk, they know what you look like and can find out where you are and B) they are going to be able to subpoena data from any entities you've worked with so you're going to be taking precautions to work with encrypted tools for security, not relying on privacy policies.

and like a few years ago i made that post about the drug dealer who got arrested because he'd used his "secure" phone to text someone a photo of cheese and that photo was used to identify him - it is not the *existence* of social media photos or photo messaging that was the problem in his security, nor was it even necessarily that his "secure" phone was compromised (though yeah that wasn't good) it's that he was identified because he crossed the streams and put personally identifiable information in his secure encrypted crime phone for crimes.

Anyway. I need to sit down and actually write something up on this someday but here's a very basic breakdown:

Online privacy is about who has access to the data you generate while operating online; companies gather information about your habits and the websites you visit, what computer you're using and how long you look at item listings, how much you'll watch of a video and the keywords you use in your emails.

Security is about preventing access to information about YOU, not your behavior. It's ensuring that nobody can look into the boxes that you want to lock, and not leaving footprints when you don't want to be seen.

Lax rules about privacy can threaten your security, for instance police don't need a warrant to access data from Ring camera videos in your neighborhood, so the lack of privacy from Ring might make it easier for police to observe you even if you are cautious about your own personal security.

Poor security practices on the part of a business can be a problem for privacy in an individual sense - a hospital that doesn't have good security in place might get hacked and have private patient records leaked, for instance - but most of the data that people talk about when they discuss online privacy is either anonymous or in bulk packages of data that mean very little to your personal risk profile (because the 'privacy' data people are concerned about isn't the same as the 'security' data that gets leaked in big breaches, like passwords and usernames and email addresses - that's less about privacy and more about security but the fact that the businesses want an email address from you is generally a privacy issue - they don't need your email address for the most part and you shouldn't have to give them one to function - not a security issue. You see how this is confusing and intertwined?)

So when a lot of digital privacy activists are talking about digital privacy they're talking about stuff that is, realistically, pretty philosophical in most people's lives. The data profile that Google generates about you is *invasive* but in most circumstances it isn't a *threat* (at the moment, on an individual level), however the data privacy perspective (which i happen to share) is that living in a world where massive data collection is normalized, unquestioned, and constant could easily tip over into something that is dangerous, and which can already be weaponized against individual targets by state actors.

When security activists start talking about stuff it's because oh my god security is a mess everything is full of holes and you have no idea how easy it is to grab access to something that people probably do not want you to have access to please please please just start using strong passwords and passcodes and lock your phone and your computer please, baseline, please just use a password manager bitwarden is free and easy. (but also you need to MAKE AN EFFORT and LEARN A LOT if you're trying to cover your tracks online and no browser plugin or encrypted email service is going to keep you safe).

So when I'm talking about the benefits that most people get out of using Firefox, that's me talking about privacy. When I'm talking about the benefits of using Tor, that's me talking about security. When I'm talking about using Linux and open source software, that's me talking about *autonomy* having direct control over the system that you are using, and THAT is the kind of thing that Rossman knows a lot about and has good opinions about.

I feel like it should go without saying that one of the reasons to be concerned about digital privacy is because the companies that trash your digital privacy are profiting off of the profiles they build on you, and are always attempting to find new ways to violate your privacy in order to profit from you. It doesn't need to be a security risk for it to be wrong, and you don't have to be under active threat from a government to decide that you don't want Youtube deciding to serve you ads for diapers because google decided that you are pregnant based on the websites you've been visiting.

ANYWAY, TL;DR:

Louis Rossman needs to be fact-checked on privacy statements and has a history of visibly making mistakes because he speaks on something before he researches it

Privacy and Security are different.

Privacy is about the data that are shared by the tools you use with the manufacturers of those tools and what those manufacturers do with that information.

Security is about preventing unauthorized access to your personal information and preventing individuals from tracking you online or accessing your private information.

Privacy and security are distinct but intertwined; Rossman is primarily concerned with Privacy and Autonomy, not discussions of security, but may misinterpret discussions of security to be about Privacy.

If you are concerned about privacy, you can look for recommendations from privacyguides.org, which makes recommendations on privacy-focused tools. Cory Doctorow (@mostlysignssomeportents on tumblr) is a great resource for information about the practical and philosophical implications of data privacy.

Fuck google though. Genuinely I think that people should do everything reasonably within their power to deny tech companies access to data on their behavior.

If you are concerned about *security* that is genuinely a more complicated topic with much more significant risks up and down the chain but at the very least please use a password manager (bitwarden is so good and so easy i promise) and lock your phone with something other than your thumbprint or your face. To learn more about security i guess you can start with Troy Hunt and Bruce Schneier. It is like, genuinely a problem that it's difficult to find good, reliable security information for home computer users that isn't trying to sell them something but here's an FTC guide for small businesses that goes a bit more in-depth than "use a password manager" and is only SLIGHT overkill for your mom's 2010 desktop.

everything is a mess i'm sorry i love you please just use firefox and bitwarden.

AnarSec: Tech Guides for Anarchists

AnarSec is a new resource designed to help anarchists navigate the hostile terrain of technology — defensive guides for digital security and anonymity, as well as offensive guides for hacking. All guides are available in booklet format for printing and will be kept up to date.

As anarchists, we must defend ourselves against police and intelligence agencies that conduct targeted digital surveillance for the purposes of incrimination and network mapping. With the defensive series, our goal is to obscure the State’s visibility into our lives and projects. Our recommendations are intended for all anarchists, and they are accompanied by guides to put the advice into practice.

With the upcoming offensive series, we hope to contribute to the practice of hacking the State and capital. Astute readers may notice that the art featured on our homepage and booklets is taken from communiqués detailing how anarchists robbed a bank (Phineas Fisher) and destroyed police servers (AntiSec) using only a keyboard.

The defensive series currently includes:

Tails

Tails for Anarchists

Tails Best Practices

Qubes OS

Qubes OS for Anarchists

Phones

Kill the Cop in Your Pocket

GrapheneOS for Anarchists

General

Linux Essentials

Remove Identifying Metadata From Files

Encrypted Messaging for Anarchists

Make Your Electronics Tamper-Evident

Once I'm able I'm going to install GrapheneOS onto my phone in order to at least degoogle 98% of my phone, give or take

speaking of bein on the computer. found this channel a week or two ago & it made me feel pretty significantly less insane than usual.

I follow a lot of channels that do videos about hardware & programming & linuxes & obviously MOST TO ALL of them are hosted by men. lot of them are very cool! I learn a lot. but I also can't help but get tired of just. Constantly thinking "what are the women who DEFINITELY ARE INTERESTED IN THIS STUFF doing instead of wrangling youtube channels." as one does.

most of the videos on "veronica explains" are more scripted than this one (& those are good, too. I learn!!), but this is the kind of thing I'm Exactly interested in & try to research and play around with on my own time, so listening to a Real Live Adult Minnesotan Mom Type Individual talk through the setup process live was like. wow! she's literally me! & that's nice to have sometimes.

I don't think I'd like grapheneOS, but FIRST of all it's nice to know how low-fuss it seems to be, and SECONDLY this reminded me that I should really try to VM some smartphone OS-es in my free time so I can find one I do like!

just makes you feel a little more grounded in your own hobby, seeing Content (tm) from people who probably have life experiences that are a little more like your own. now I am starting a counter for "how long until a woman makes listenable videos about dwarf fortress." so far we have men from like half the countries on planet earth, and low-dialogue stream VODs from one vtuber with a robot voice. and mirakurutaimu but she stopped playing. so. my money's on "heat death of the universe," basically.

Are you using Graphene as well?

As I understand it GrapheneOS is only for Google Pixel phones which isn't what I have. Don't think I'm quiet ready for custom ROMs anyway.

Only this time, WITH sudo access, and that LED strip thankfully left somewhat on. Because it's dark as hell back in his lair at night otherwise.

Back in business for Operation Graphene!

The green light is probably coincidental, but we have the green light! 😅 (That strip is actually multicolored programmable, running off a Raspberry Pi. And I am still not sure how to control it. Wanted more illumination last night.)

Good thing that I did ask to be added to the sudo group earlier. Because it looks like next up, we're doing this, which I almost forgot about until "Oops, I guess it doesn't know how to talk to the phone yet!":

Looking like a relatively quick and easy option.

Once again, I just want to unlock my bootloader. 🫤

At least this shit is relatively easy dealing with the Pixels. Which is one of the reasons I opted for one this time.

One for @palmtreepalmtree

Where do you get your mobile browsers from? R they on f droid? (I haven't looked but I will o7)

F-droid has Mull yeah. When I was using mobile Firefox I was using FFUpdater to get it, since Firefox isn't on F-Droid. I only have F-Droid and Aurora for package managers on my personal phone. But if you have GrapheneOS and need Google Play services you may as well install apps from the Google Play Store that GOS's sandboxed Google Play offers, not much point having Aurora Store if you have sandboxed GPlay

Edit: Oh if you meant Vanadium, it comes pre-installed with GrapheneOS and afaik is not distributed/intended for use outside of GrapheneOS, but I'm sure you can find an apk somewhere or compile it yourself if not

I wish I had enough spine to publish my writing. Not even for money, I don't need it and who cares anyway.

I don't want to be a writer but I also can't really stop writing.

If I were less of a bear socially speaking I could have a niche. But I'm annoying.

Also I have deactivated a lot of my social media accounts. Most of it but three - this one included in the saved ones.

Today I'm setting up a private email(I do have a proton mail account but I need an "official one" to set my banking etc) and I will toy with the idea of GrapheneOS.

If only Tumblr would allow me to create a dashboard with only certain people in it I could have only one account (and follow from sideblogs, this is my main) and it would be easier for me to find the things I want to read.

I might make a note on when the staff blog dedicated to this has the askbox open and suggest it. It would be the best thing of the hellsite.

What a pleasant surprise

Next thing I did look into, once I managed to get a photo off the new device, is the metadata stored with the image. As caution demands, I scrub that off any image before sharing it online. Surprisingly, the file generated by the stock camera coming with GrapheneOS does not store the geolocation in the metadata. I guess I should have figured? I can see how it can be useful to have the data, e.g. to group images taken in the same location. Maybe there is a setting to turn this feature on, but honestly, I'd rather lose it than not being able to disable it.