one thing i don't like about GrapheneOS is the call history. when I check there I want to know exactly when i made a call, and how long it was. But Graphene shows me none of it.

I called this number 3 times roughly two hours ago? great. but how long was the second call? was it exactly two hours ago?

It's just annoying

Android's security theater is pissing me off again.

Looking for some files to wirelessly shoot over to this new phone through KDE Connect:

Meanwhile, over here under GrapheneOS (basically greatly security hardened and largely de-Googled Android 14):

Yeah, with the amount of crap I wanted to copy over? It'll be a lot quicker and easier to just use USB with a computer middleman anyway. However little I like to use Mr. C's desktop since my laptop is still on the fritz, it's right in there.

But it still irritates me that Android 13 doesn't want to let me access my own damn files through its own file manager. Can't necessarily blame Samsung this time, since it is apparently a standard Android "security" provision for a while now.

I just want some of my mp3 files, which Amazon for some ungodly reason insists on sticking inside its own data folder.

(Yeah, this has come up before. I forgot because (a) I haven't needed to shuffle around inside app data for a while over there, and (b) you totally can over here.)

GrapheneOS: Seguridad y Privacidad en tu Smartphone

En un mundo cada vez más preocupado por la seguridad y la privacidad de los datos, GrapheneOS surge como una solución confiable y de código abierto para smartphones.

En DRAFT probamos el sistema operativo en un mundo cada vez más dependiente de los dispositivos móviles, la seguridad y la privacidad son aspectos críticos a considerar. En este sentido, GrapheneOS se presenta como una solución innovadora y de código abierto que busca proteger tus datos y tu privacidad en tu smartphone. En este artículo, exploraremos las funciones de GrapheneOS, cómo instalarlo y…

View On WordPress

Also GrapheneOS, just for funsies.

Cell phones will never be 100% private (they gotta connect to cell towers to work lol), and your service provider can definitely track you, even with your location turned off. But controlling what data your phone and apps are sending to Facebook and Google can go a LONG way in keeping your business off the internet.

Facebook and google are helping cops prosecute people seeking abortion. Be very careful in this new era people.

Autism is not an excuse to bully people

Opinion on Louis Rossman? I ended up following him when I was researching right to repair but as a newbie techie he's said a few things that I don't know if I should trust regarding tech privacy.

Louis Rossman knows a lot about macbook repair and needs to be factchecked on pretty much everything else; he admits this himself in a video called "Don't trust me" where he's issuing a correction because he leapt to conclusions in a previous video.

Rossman has a libertarian approach to tech (and to a lot of things; his channel is deeply invested in rugged individualism and a hustle and grind mentality). He believes that people who own various devices should have ultimate say in what happens to those devices and should have control over what data those devices are collecting and who they are sharing it with. That guides his attitudes about repair and privacy. These are not *incorrect* views but they are views which have made him very reactive in conversations about privacy and data collection, and he has a pretty bad habit of leaping to conclusions and interpreting things as uncharitably as possible with a WORSE habit of not doing any significant research before presenting information to his audience of 2 million people. Anything that looks like Big Brother is something he jumps on immediately, even if what he's looking at is a shadow with the vague outline that resembles an entity that might have a shape similar to Big Brother.

He's got many videos where he examines a privacy policy or a news report about a "startling" violation of privacy where he has to come back later and issue a correction, and of course most of his viewers are going to look at the startling video shit-talking nissan - in which he is worked up and animated and energetic and funny - not the staid correction put out a week later.

But as much as he might be wrong in individual readings of ToSs or legislation or court records, I don't think his overall approach is wrong. He might be incorrect that your Nissan is collecting information about your sexual history (he is incorrect about that) but it's still bad that Nissan is collecting data on you and you shouldn't buy a car that collects a shitload of data on you. He might be incorrect about grapheneOS for security (he is and he isn't and his beef with graphene is legit but personal, it's a fine OS) but he's not wrong that if you don't want google tracking your data you should use a degoogled OS.

One of the things that I've seen him get wrong on multiple occasions is a conflation of privacy and security. Privacy and Security aren't the same thing, and Rossman is a lot more focused on Privacy than he is on Security. I tend to be more on the Security side of that question, though I also think Privacy is important.

For both privacy and security what you need to ask yourself is why you are doing this and what you want to prevent. If you're using firefox because you don't want chrome collecting data on you and refining a profile to serve ads to you, that's a fine reason to move to firefox. If you're using firefox instead of chrome because you're an activist and you don't want the government to know what you're doing, you are missing several steps and possibly putting yourself in danger. If you're using firefox instead of chrome because you don't want your ex to be able to track your online activity you are missing several steps and possibly putting yourself in danger. If you want to use chromebooks instead of windows laptops in a hospital environment so that your administrator has extremely granular control and can implement security policies from an accessible console in order to meet HIPAA requirements more easily, that's a good reason to use chromebooks. It's very secure. But it's not terribly private for the *users* even if it is private for the *patients.*

So, some of what Rossman says is right but it's predicated on a worldview that is steeped in paranoia and an extremely individualistic approach to privacy and security. Some of what Rossman says is wrong because it's wrong, but also some of what Rossman says is wrong because it is wrong *for you and your specific situation* and he's giving general commentary, not advice for individuals.

You can see this really clearly in his video about being "important" enough to require privacy. The whole video is a response to a computer security streamer saying that you don't need a degoogled phone to work in security and that you are likely not important enough to worry about the kind of state-level threats that would require an extremely secure phone because nobody is going to waste resources for a random security goon. And in Rossman's response, he argues that you shouldn't have to be "important" in order to deserve a phone that doesn't have Google tracking your every move. But that's not what the initial clip was about. Rossman spends fifteen minutes arguing with something the initial clip doesn't say and brushing aside the *actually important* discussion about threat modeling that could be had on the subject in order to advocate for more low-level consumer privacy concerns. You SHOULD be able to install an OS that doesn't track you, but also you don't need some 1337h4x0r phone to do red teaming as a pentester, and also most people who get worried about security worry in completely the wrong direction.

Like, a couple weeks ago maia arson crimew got an ask that was like "should you really be posting your name out there on the internet? is that secure?" and its response was "i am wanted by the US government."

And that's like the *perfect* illustration of the distinction happening here. maia is posting online and sharing photos and chatting with people and using an app that gather some data, and that is not at all a concern for its privacy or security because A) if state-level actors are observing you then it does not matter whether or not you're posting selfies or your location for an upcoming talk, they know what you look like and can find out where you are and B) they are going to be able to subpoena data from any entities you've worked with so you're going to be taking precautions to work with encrypted tools for security, not relying on privacy policies.

and like a few years ago i made that post about the drug dealer who got arrested because he'd used his "secure" phone to text someone a photo of cheese and that photo was used to identify him - it is not the *existence* of social media photos or photo messaging that was the problem in his security, nor was it even necessarily that his "secure" phone was compromised (though yeah that wasn't good) it's that he was identified because he crossed the streams and put personally identifiable information in his secure encrypted crime phone for crimes.

Anyway. I need to sit down and actually write something up on this someday but here's a very basic breakdown:

Online privacy is about who has access to the data you generate while operating online; companies gather information about your habits and the websites you visit, what computer you're using and how long you look at item listings, how much you'll watch of a video and the keywords you use in your emails.

Security is about preventing access to information about YOU, not your behavior. It's ensuring that nobody can look into the boxes that you want to lock, and not leaving footprints when you don't want to be seen.

Lax rules about privacy can threaten your security, for instance police don't need a warrant to access data from Ring camera videos in your neighborhood, so the lack of privacy from Ring might make it easier for police to observe you even if you are cautious about your own personal security.

Poor security practices on the part of a business can be a problem for privacy in an individual sense - a hospital that doesn't have good security in place might get hacked and have private patient records leaked, for instance - but most of the data that people talk about when they discuss online privacy is either anonymous or in bulk packages of data that mean very little to your personal risk profile (because the 'privacy' data people are concerned about isn't the same as the 'security' data that gets leaked in big breaches, like passwords and usernames and email addresses - that's less about privacy and more about security but the fact that the businesses want an email address from you is generally a privacy issue - they don't need your email address for the most part and you shouldn't have to give them one to function - not a security issue. You see how this is confusing and intertwined?)

So when a lot of digital privacy activists are talking about digital privacy they're talking about stuff that is, realistically, pretty philosophical in most people's lives. The data profile that Google generates about you is *invasive* but in most circumstances it isn't a *threat* (at the moment, on an individual level), however the data privacy perspective (which i happen to share) is that living in a world where massive data collection is normalized, unquestioned, and constant could easily tip over into something that is dangerous, and which can already be weaponized against individual targets by state actors.

When security activists start talking about stuff it's because oh my god security is a mess everything is full of holes and you have no idea how easy it is to grab access to something that people probably do not want you to have access to please please please just start using strong passwords and passcodes and lock your phone and your computer please, baseline, please just use a password manager bitwarden is free and easy. (but also you need to MAKE AN EFFORT and LEARN A LOT if you're trying to cover your tracks online and no browser plugin or encrypted email service is going to keep you safe).

So when I'm talking about the benefits that most people get out of using Firefox, that's me talking about privacy. When I'm talking about the benefits of using Tor, that's me talking about security. When I'm talking about using Linux and open source software, that's me talking about *autonomy* having direct control over the system that you are using, and THAT is the kind of thing that Rossman knows a lot about and has good opinions about.

I feel like it should go without saying that one of the reasons to be concerned about digital privacy is because the companies that trash your digital privacy are profiting off of the profiles they build on you, and are always attempting to find new ways to violate your privacy in order to profit from you. It doesn't need to be a security risk for it to be wrong, and you don't have to be under active threat from a government to decide that you don't want Youtube deciding to serve you ads for diapers because google decided that you are pregnant based on the websites you've been visiting.

ANYWAY, TL;DR:

Louis Rossman needs to be fact-checked on privacy statements and has a history of visibly making mistakes because he speaks on something before he researches it

Privacy and Security are different.

Privacy is about the data that are shared by the tools you use with the manufacturers of those tools and what those manufacturers do with that information.

Security is about preventing unauthorized access to your personal information and preventing individuals from tracking you online or accessing your private information.

Privacy and security are distinct but intertwined; Rossman is primarily concerned with Privacy and Autonomy, not discussions of security, but may misinterpret discussions of security to be about Privacy.

If you are concerned about privacy, you can look for recommendations from privacyguides.org, which makes recommendations on privacy-focused tools. Cory Doctorow (@mostlysignssomeportents on tumblr) is a great resource for information about the practical and philosophical implications of data privacy.

Fuck google though. Genuinely I think that people should do everything reasonably within their power to deny tech companies access to data on their behavior.

If you are concerned about *security* that is genuinely a more complicated topic with much more significant risks up and down the chain but at the very least please use a password manager (bitwarden is so good and so easy i promise) and lock your phone with something other than your thumbprint or your face. To learn more about security i guess you can start with Troy Hunt and Bruce Schneier. It is like, genuinely a problem that it's difficult to find good, reliable security information for home computer users that isn't trying to sell them something but here's an FTC guide for small businesses that goes a bit more in-depth than "use a password manager" and is only SLIGHT overkill for your mom's 2010 desktop.

everything is a mess i'm sorry i love you please just use firefox and bitwarden.

DON'T GO DARK; GO UNDERGROUND

Now is not the time to go dark. It is the time to connect with each other, to form networks across the country. It would be a danger and a shame to not form communications networks for everyone who needs them.

Downloading Briar, preferably through F-Droid, and Protonmail for encrypted chats. Switch or dual boot w/ Partition to Linux on your PC if you're feeling frisky. (or you could use a portable USB OS as one brilliant commenter stated, very useful for certain situations.)

Use Protonmail (EDIT: PROTONMAIL MAY or MAY NOT be compromised. Afaik it is safe for now despite the publicly announced support for chester cheetoes.) for encrypted comms too.

Discord, Fb, Ig, Xitler can be trusted only as far as those who own them.

Archive important and potentially subversive data and info, such as scientific literature, statistics, books. Compress it and encrypt it, back it up, stick it on your own old laptop servers, USB drives, SD cards, mirror it if possible and safe.

(Y'ALL LEARN ABOUT OPSEC I'M SERIOUS!)

THIS WILL BE CONTINUOUSLY UPDATED FOR AS LONG AS POSSIBLE:

LIST OF SAFE (AFAIK) COMMS:

Signal

Session

Briar

Meshstatic

Tutanota

LIST OF OTHER STUFF:

Nextcloud (good for content collaboration)

Meshstatic again

Tails OS (Good anticensorship and anti-surveillance OS)

Linux-based phone OS's

GrapheneOS for phone

AnarSec: Tech Guides for Anarchists

AnarSec is a new resource designed to help anarchists navigate the hostile terrain of technology — defensive guides for digital security and anonymity, as well as offensive guides for hacking. All guides are available in booklet format for printing and will be kept up to date.

As anarchists, we must defend ourselves against police and intelligence agencies that conduct targeted digital surveillance for the purposes of incrimination and network mapping. With the defensive series, our goal is to obscure the State’s visibility into our lives and projects. Our recommendations are intended for all anarchists, and they are accompanied by guides to put the advice into practice.

With the upcoming offensive series, we hope to contribute to the practice of hacking the State and capital. Astute readers may notice that the art featured on our homepage and booklets is taken from communiqués detailing how anarchists robbed a bank (Phineas Fisher) and destroyed police servers (AntiSec) using only a keyboard.

The defensive series currently includes:

Tails

Tails for Anarchists

Tails Best Practices

Qubes OS

Qubes OS for Anarchists

Phones

Kill the Cop in Your Pocket

GrapheneOS for Anarchists

General

Linux Essentials

Remove Identifying Metadata From Files

Encrypted Messaging for Anarchists

Make Your Electronics Tamper-Evident

3, 23, 27

@perl-official

spotify and occasionally apple music 😔 I'll move away from streaming eventually, but for right now I'm not paying for it (family plan) and all my playlists are there soooo

uhhh I discovered LSP recently and that NeoVim has builtin support that just needs to be activated in the config and that has saved me SO MUCH TIME as I relearn the bits of Python that I've forgotten

there's not a 27 on the list so I'll answer 7 and 17

GrapheneOS, love it, it had some growing pains in the early days but now it's rock-stable, ridiculously secure, and sandboxed Google Play is literally better than MicroG

Hosting is a mix, I have some institutional accounts that I have to deal with that are MS and Google, I have some Gmail accounts of my own because who can live without a google account these days, but my primary personal emails are all hosted on Zoho. I use Thunderbird for my desktop client and FairEmail on android right now, but I've been meaning to check out the new Android Thunderbird version

speaking of bein on the computer. found this channel a week or two ago & it made me feel pretty significantly less insane than usual.

I follow a lot of channels that do videos about hardware & programming & linuxes & obviously MOST TO ALL of them are hosted by men. lot of them are very cool! I learn a lot. but I also can't help but get tired of just. Constantly thinking "what are the women who DEFINITELY ARE INTERESTED IN THIS STUFF doing instead of wrangling youtube channels." as one does.

most of the videos on "veronica explains" are more scripted than this one (& those are good, too. I learn!!), but this is the kind of thing I'm Exactly interested in & try to research and play around with on my own time, so listening to a Real Live Adult Minnesotan Mom Type Individual talk through the setup process live was like. wow! she's literally me! & that's nice to have sometimes.

I don't think I'd like grapheneOS, but FIRST of all it's nice to know how low-fuss it seems to be, and SECONDLY this reminded me that I should really try to VM some smartphone OS-es in my free time so I can find one I do like!

just makes you feel a little more grounded in your own hobby, seeing Content (tm) from people who probably have life experiences that are a little more like your own. now I am starting a counter for "how long until a woman makes listenable videos about dwarf fortress." so far we have men from like half the countries on planet earth, and low-dialogue stream VODs from one vtuber with a robot voice. and mirakurutaimu but she stopped playing. so. my money's on "heat death of the universe," basically.

Only this time, WITH sudo access, and that LED strip thankfully left somewhat on. Because it's dark as hell back in his lair at night otherwise.

Back in business for Operation Graphene!

The green light is probably coincidental, but we have the green light! 😅 (That strip is actually multicolored programmable, running off a Raspberry Pi. And I am still not sure how to control it. Wanted more illumination last night.)

Good thing that I did ask to be added to the sudo group earlier. Because it looks like next up, we're doing this, which I almost forgot about until "Oops, I guess it doesn't know how to talk to the phone yet!":

Looking like a relatively quick and easy option.

Once again, I just want to unlock my bootloader. 🫤

At least this shit is relatively easy dealing with the Pixels. Which is one of the reasons I opted for one this time.

Are you using Graphene as well?

As I understand it GrapheneOS is only for Google Pixel phones which isn't what I have. Don't think I'm quiet ready for custom ROMs anyway.

One for @palmtreepalmtree

Where do you get your mobile browsers from? R they on f droid? (I haven't looked but I will o7)

F-droid has Mull yeah. When I was using mobile Firefox I was using FFUpdater to get it, since Firefox isn't on F-Droid. I only have F-Droid and Aurora for package managers on my personal phone. But if you have GrapheneOS and need Google Play services you may as well install apps from the Google Play Store that GOS's sandboxed Google Play offers, not much point having Aurora Store if you have sandboxed GPlay

Edit: Oh if you meant Vanadium, it comes pre-installed with GrapheneOS and afaik is not distributed/intended for use outside of GrapheneOS, but I'm sure you can find an apk somewhere or compile it yourself if not

I wish I had enough spine to publish my writing. Not even for money, I don't need it and who cares anyway.

I don't want to be a writer but I also can't really stop writing.

If I were less of a bear socially speaking I could have a niche. But I'm annoying.

Also I have deactivated a lot of my social media accounts. Most of it but three - this one included in the saved ones.

Today I'm setting up a private email(I do have a proton mail account but I need an "official one" to set my banking etc) and I will toy with the idea of GrapheneOS.

If only Tumblr would allow me to create a dashboard with only certain people in it I could have only one account (and follow from sideblogs, this is my main) and it would be easier for me to find the things I want to read.

I might make a note on when the staff blog dedicated to this has the askbox open and suggest it. It would be the best thing of the hellsite.