I mean, exactly how invasive are default operating systems? (Like Windows, Mac, Chrome OS, Android, iOS) Do they log your keystrokes, log passwords, capture screen, upload your photos, videos, or audio? (Assuming you aren’t a target of government) Is it even possible for the average person who doesn’t feel comfortable messing with installing operating systems to have any privacy?
Privacy is not binary. There are degrees of privacy that can be achieved. Where you would like to be is totally based on your personal situation. If you are a beginner, understand that privacy is a journey.
Regarding which OSes you could use for your computer if Linux is not an option:
Windows in my experience is the worst offender when it comes to telemetry. It is so ingrained in the OS that you’ll never be certain there isn’t any telemetry regardless of the measures you take. MacOS on the other hand can be configured in such of way that Apple will have very little if any telemetry on you. It also has good permission controls which would cover things like screen capture and logging of keystrokes which you mentioned above. You could do the following:
- Purchase a Macbook
- Opt out of using an Apple Account (as of today it’s optional)
- Opt out of using iCloud
- Opt out of any telemetry
- Turn on built-in firewall
- Turn on disk encryption
- Install Lulu or Little Snitch to block any Apple telemetry
This alone will probably put you in a better position than 99% of people (not an actual statistic).
I’m not a Mac guy, but I get the sense that using a Mac without engaging in any of Apple’s ecosystem would result in a very degraded experience
I use my Macbook exactly like the points cited before, and i can assure that i’ve had a very good experience. Maybe it’s even better to avoid using AppStore etc…
Honestly it doesnt make the experience much worse in my experience
Agreed. I was using Apple products for more than a decade before switching to Linux and Android, and I opted out of several of their products long before I started considering the privacy aspects of things. For example, I found the experience of using something like iPhoto to be very lackluster. I reluctantly ended up using iCloud due to the superior pricing compared to Dropbox, which I used before. That was a particular nightmare when migrating away from the Apple “ecosystem”.
I’m sure their products cater to many users preferences, but I’m not one of those, and had a better experience using other products. That should’ve made me jump ship way earlier than I did, but a combination of cost (by the time I would’ve changed, I had already purchased a new MacBook which I ended up using for about 6 years) and inertia.
It might be degraded comparing to default experience but it’s not like you are missing something that you have on other OS. I mean, you can’t iMessage on Linux, right?
No you can’t but you can also have a Linux box for significantly less than apple. Guess that’s the price of ease of access though.
This is a highly loaded question.
You are making a number of very poor assumptions based on a number of ridiculous misconceptions.
The average, everyday human adult is fully capable of understanding their own personal “threat landscape”. How they deal with that will vary.
For most; if not all, average consumers; their concerns are still very limited. They’re not so much concerned with the provenance, the history, of companies…they just want to duck for the oncoming threats in their landscape. These metaphorical tree branches are what they’re ducking under. They have no logical need to fear the entire tree.
Personally, I choose not to live like Stallman, nor do I have fears of big state repercussions like Snowden does. Neither does your average consumer. Functionality is the top priority. Functionality on-par with the CSSC (Closed-Source Software, Corporate) competitor is critical. If the FLOSS (Free/Libre Open Source Software) version can do exactly what people typically want and expect it to do AND cost less monetarily AND can impact their privacy way less than using the CSSC competitor would, then it will be adopted by many and loved by all who use it.
This isn’t to say that privacy does not matter.
It simply means that privacy is a spectrum; and everyone has varying privacy wants and needs. For some reason, a large potion of the “tech-savvy” people in the FLOSS community feel the need to measure their superiority in “How private their systems are.” The average user does not give a damn about that dick measuring contest; and really would rather not be bothered. They just want the amount of privacy that is right for them, and their specific situation.
It is best to put your ego aside when discussing privacy, or helping someone else to discover and improve their own privacy.
for mobile a low effort approach is to simply buy a dumbphone and a faraday bag and you’re good to go.
No
I think you mean yes (you do just not have any privacy at all)
Damn Engrish! 😉
true all the way down to the silicon really. Unless you are prepared to do you own lithography you are on an untrusted platform.
Of course this is true, but moving to a privacy respecting OS, like linux or buying a phone w a custom ROM installed goes a long, long way to improving the situation.
One easy way to start is not by doing it all at once. Start by avoiding the Playstore and using fdroid instead. On your main OS replace proprietary software with foss alternatives. Once you get comfortable with that, THEN you can make the next steps. It doesn’t have to happen overnight, but you’ll be heading in the right direction:)
you are simply moving your trust base and saying that chip and board makers are more trustworthy. Unless you have the resources to validate the code you are running you are in the same boat in OSS, your trust is now in that FOSS community.
its necessity of course.
Sure, but I’ll say that FLOSS distros and builds have a much better privacy trust record than the alternatives - though I also have to say that at least I haven’t seen the news articles about Apple or Microsoft that you do about Google, Facebook et al. Some of this is literally around business models - Microsoft and Apple aren’t ad-tech companies really. They have obvious revenue streams that do not need to invade your privacy, and may actually hurt their business if they do. Not that I trust big corps to actually make sound business decisions though, and any cloud stuff is right out the window WRT privacy from governments.
I’m also left personally in a really weird situation - I don’t especially like or trust Google, but I use Android. There are several competing interests here - While Google may spy on me, Android (so far anyway) does allow FDroid and third party apps like AdGuard much easier than iPhone from what I understand. So at least for quite a while I was trading OS level telemetry vs every app and website telemetry. I think Apple might be better now, but I still think you have to jailbreak to install non App Store apps. In the third party apps are things like Syncthing, which lets me basically back up and sync my phone contents without touching any cloud at all.
The other benefit of Android is just the huge variety of vendors and phones available - I can get a brand new Android phone that’s “good enough” for $300, and my current one has lasted over 4 years (but at the cost of security updates, so YMMV). I’d love to get a phone I had root on, but most of those cost a stupid amount (to me) and also seem like the fun I had with the Pyra - they’re “in development” for 5 years with no real sign anything is actually going to come out, and then when one does it’s 5 years old tech.
It’s also not particularly useful to have Android without the play store. I tried that once a long time ago with a chinese tablet. You couldn’t install apps really. Like, yes, I can get FDroid - but how do I get my online bank’s app? - kind of needed to deposit checks, and they no longer have the scanner from a computer option. How do I get ParkMobile - now used instead of putting coins in the meter? Most shopping apps? Yes, you can make your smartphone de-googled, and about as useful as a feature phone from 2010, but then why bother - just get the cheapest flipphone I guess.
I don’t have answers - most companies don’t want to make privacy respecting tech, so unless you can realistically live your life mostly outside of current society - you’re sort of screwed.
100% you make your own choices and the tools available offer various levels of true privacy. I do tend to agree that if you carefully select your hardware then roll a project you trust onto your system you are likely 1000x better than any off-the-shelf big-brother setup.
There is no easy answer to 100% verifiable and trustable secure systems at this state in the industry. Though I expect that to change over time, even lithography is starting to become a workshed hobby.
We don’t know if they do, but they certainly can. Especially if you are on x86. I’m sure Android (which comes from OEMs) and iOS devices spy on you.
No, you have no respite unless you switch to custom. The good part is that this process is much easier than before (especially on the desktop), and will keep getting easier. Graphene already has their Web installer when you plug your mobile into your computer and let it do its job. Installing Linux is the easiest it has ever been, and I would argue that this trend has creeped into even the more advanced distributions like Gentoo/Funtoo (their guide is extremely well written and easy to follow + forums).
The only thing you are losing is time. If you don’t have the time, then no, you should stick with the easier ROMs/Distributions. I would never espouse using Windows/MacOS/OEM Android/iOS unless forced to by circumstance.
Of course we know they do
A good portion of it is laid out in their telemetry docs
And it’s why removing telemetry is so damn difficult
When I said that, I was trying to include both mobile and desktop OSes. Has Intel mentioned that ME will track users and processes using telemetry?
Why are we talking about Intel?
It’s microsoft that keeps releasing telemetry infested OS versions, and then forcing users onto their new shiny plague ships.
this and this this are both widely available tools to try and shut that shit off, and they only sort of work.
Now i know you wouldn’t recommend windows, but that’s the exact type of spying OP is asking about
(That said, i don’t doubt intel either already has or wants to implement telemetry as well)
I mentioned Intel because ME is cancer embedded in hardware. Even if someone was good enough to rewrite windows code to remove all telemetry (in theory), there is nothing one can do about hardware.
AMD’s OPENSIL might change that, but we’ll have to wait and see. The fact is that ME can hijack one’s system resources and push telemetry to Intel, including public IP. That’s the worst offender in my opinion
ah, i didn’t even know about intel’s telemetry in ME
I thought ME was cancer for the other reasons, damn. AMD FTW (until TLA’s force them to do the same thing)
AMD does the same thing with their PSP. But AMD is supposed to release OpenSIL in 2027 which should theoretically give the community the keys to stop PSP from booting and work Coreboot/Libreboot for other motherboards
You have some margin to work with. Of course it’s not going to be as effective than switching OS but you can use privacy focused firewall. For example Portmaster on windows or tracker control on Android.
These firewall will try to block as much telemetry as possible.
You should also be cautious about what you install on your system, opensource app usually have a better track record regarding privacy.
Thank you, I never knew about TrackerControl. I noticed it’s available in FDroid.
I’m not as worried by data logged by the os as such, but don’t want it sold to third party ad networks.
I use both macOS and Windows daily for combined work/personal stuff so hard to avoid. I trust Apples use of my data a little more than I trust Microsoft.
All my devices are always behind a VPN and always behind a DNS filter that blocks most vendor tracking from Apple, Microsoft etc. You have to allow a fair bit through for some functionality to work though.
You can buy computers and phones with those OSes preinstalled, so it’s not necessarily “custom”. Otherwise, no.
Default OSs are very invasive. Windows, Mac and iOS are constantly spying on everything you do and stock Android is only as private as the apps it comes with which include things like Google Play Services - an app so baked into the system it can only be disabled through adb/root
If you want to read into this - Louis Rossmann made a video on this and this is the paper he mentioned.
possible for the average person who doesn’t feel comfortable messing with installing operating systems to have any privacy?
Yes, depends on how far you are willing to take it.
Replace default apps with FOSS (F-droid)
Delete or disable defaut apps through developer options/adb
Limit the number of permissions you give to apps (your calculator shouldn’t have access to internet or your camera)
Don’t install apps that you don’t trust/need
Block app’s access to the internet with a firewall
Check out r/degoogle on Reddit for many useful resources
For Windows/iOS, etc.: change settings to be more private: give less permissions and turn off telemetry wherever possible.
If you think that’s not enough, consider dual booting a Linux distro like Linux Mint Cinnamon (easy to set up and very beginer-friendly). If you do that you can learn Linux and keep your private data there instead of on Windows/iOS
Here is an alternative Piped link(s): https://piped.video/watch?v=CE0EB5bXj14
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
deleted by creator
Bluetooth headphones actually work out of the box in Ubuntu but whatever.
deleted by creator
Idk if this is helpful but as someone that had issues with BT in Linux, I found it was a combination of my computer AND the device both had issues. On a separate laptop and a separate set of headphones it worked perfectly from jump. This was on kubuntu.
There are user friendly options if you’re willing to use them. There’s /e/ foundation’s Murena phone that you can buy. It’s based on LineageOS for microG with a custom launcher much like iOS. It works out of the box, no tinkering. There’s also GrapheneOS that has a web interface for installation. It is only for Google Pixel phones and takes a different approach to privacy than LineageOS for microG. They both work in protecting your privacy. As far as computer OSes, there are many “easy to use” options for the novice - PopOS & Linux Mint are the best two that come to mind.
It depends on what you consider spying. The vast majority of devices want some form of push notification capability, which requires being connected to Microsoft/Google/Apple servers, and thus the company knows your IP address. But doing pretty much anything on the internet and you expose your IP address.
If what you mean by spying you think it is looking at what app/program you are doing, recording your keystrokes, recording what your camera sees, the vast majority of devices don’t do any of this. Those are done on hacked laptops and school laptop admins that are either creepy and unchecked or overly intrusive.
Somewhere between these two extremes you would say it crosses the boundary into spying. You don’t need a custom OS to stop it unless you your threshold is all the way to the push notification level.
You can definitely harden operating systems like Windows and Android to be better for privacy and security. I’ve used some of Techlore’s videos to make my Windows system a bit more secure and private, and he’s made one for Android and other OSes too. Of course, this isn’t perfect, but it’s something if you don’t want to install a different OS, it’s better than nothing.
Privacy is not a black & white thing. Every step you take matters. And being entirely private without digital footprint is impossible unless you isolate yourself from the internet entirely.
To answer your question. Yes, they spy on you. To what degree depends on the OS and your settings. But they always cost you some privacy.
But it’s never useless to take other steps just because you don’t want to or can’t switch OS. Because you’ll still give them less data if you do. They might still have info on you. But the less, the better.
Taking easier steps like switching mail provider and other services you use to privacy-minded ones are a good and easy start anyone can do. Replacing apps/programs on your system with FOSS or privacy-minded ones is another good one.
Even the biggest noob can make a Proton account and use it instead of Gmail/Outlook. Use 1Password instead of your device/browser’s password manager. Use LibreOffice instead of MS Office. Check F-droid for apps before Google Play (and perhaps even use Aurora when you do need it). Use FireFox instead of Edge or Chrome. Install a FOSS keyboard on your phone. Get rid of Social Media. Use Signal instead of WhatsApp. Those are just some example of easy my-grandpa-can-do-this level of difficulty options that already greatly improve your privacy (in fact, after I installed it for him, my grandpa does many of these!). Is it as private as an extremely hardened custom device by a security expert? Nah, but it’s definitly much beter than a default device full of big-tech apps. Even if you just do 1 of them!
Since every step counts, I think we should apploud people for caring and starting to take steps instead of deminish them for not going in to the max. Changes like this are slow, especially with a big mass of people. The more people show they care, the more privacy-minded alternatives grow and show up and the more normal it becomes to care about privacy.
