• 8 Posts
  • 72 Comments
Joined 2Y ago
cake
Cake day: Jun 07, 2020

help-circle
rss

GrapheneOS is a custom Android fork with largely no security enhancements, besides UX rework and copypasting other security projects. They sell snake oil in the name of prestigious glory that FLOSS label carries.

https://teddit.net/r/privatelife/comments/v4wkon/i_guess_people_still_havent_forgotten/iba4og2/

Its lead developer (who became irrelevant in society) and his acolytes believe in purposely creating insane amounts of toxicity and drama to remain relevant in the privacy community. They baselessly label everyone with political epithets to defame everyone, and then scream “defamation” when a counter argument is presented to their manufactured position.

The long comment by official GrapheneOS account should be here (spoiler: subject of comment is me): https://web.archive.org/web/20220502064114/https://old.reddit.com/r/PrivacyGuides/comments/uged1y/is_grapheneos_actually_good_or_just_hype/

Recently someone informed me of them creating drama with Bromite (on which their Vanadium browser is based) and FlorisBoard projects. They labelled those project maintainers with very bad, false epithets.

https://github.com/bromite/bromite/pull/2102#issuecomment-1155760155

https://github.com/bromite/bromite/issues/2141

http://web.archive.org/web/20220803142758/https://github.com/florisboard/florisboard/issues/1921


You forgot to use the correct word. Nazi.

Edit:


Ah yes ICE the great human rights advocate that rapes children


Source your VPN APKs directly from developers or on F-Droid. I see no reason to use Play Store for this.


Nobody uses Jami, XMPP and Matrix are whole lot better. IRC has a massive userbade.


Telegram is a public forum first, messenger second. Signal is just a 1-1 messenger (with group function as extra) and not a public forum. I can equate Whatsapp to Twitter, by this logic. People use this BS logic everytime for some reason.



4PDA is nice, I have an account there. Tough to make since you have to learn Russian numbers for captcha, or need Russian friend.


Depends. I prefer Modded Central Channel on Telegram for clean modded APKs.



This is a terrible study with no metrics on data amounts compared, and is most likely a pro-Apple agenda garbage article. The most authentic analysis on this subject is done by Douglas Leith here: https://teddit.net/r/privatelife/comments/mh9gt3/pdf_mobile_handset_privacy_measuring_the_data_ios/


It has been a very long time since they are doing it silently continuously. BurungHantu hinted on it on his PTIO blog, where he did revelations on PrivacyGuides crimes, IIRC.

P.S. since you are the OP, I will tell you I know werwolf personally and he was complaining in our personal group chat, of PrivacyGuides fans misusing this article to make themselves more credible.


Somebody wants to mention about PrivacyGuides stealing $17,500 of PTIO’s donations, or how they take Brave Rewards money and “recommend” Brave?

Anyone?


KeePass DX/XC. Offline, you can choose to sync database in any cloud way you want, create offline backups, does not matter.







I am sorry for this, I made a mistake. @gladiatorchocolate@lemmy.ml mistake noted, making/pinning new post. Change is made, post is now perfect.





r/PrivacyGuides restored citation-less slander post as facts, and GrapheneOS community sockpuppet theory is proven correct by one of its members
cross-posted from: https://lemmy.ml/post/143981 > Mod statement: https://np.reddit.com/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/hs1dxux?context=3 > > https://i.imgur.com/LahmNkO.jpg > > dng99/dngray has branded a citation-less slander post as facts. These are the "community standards" of r/PrivacyGuides. Always remember this. > > u/trai_dep, the record stands corrected once again > > Moreover, my theory about GrapheneOS community using sockpuppets is true, as confirmed by... > > https://np.reddit.com/r/fdroid/comments/rxtc14/came_across_this_thoughts/hs1o6no?context=3 > > https://i.imgur.com/JX6uTpx.jpg > > Tommy_Tran = B0risGrishenko (OP of slander post). Thanks for confirming my GrapheneOS community sockpuppet theory.
fedilink

r/PrivacyGuides is allowing a personally targeting post with my name in post title currently, slandering me and my smartphone guide
https://teddit.net/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/ This is one of key GrapheneOS community members doing it, and r/PrivacyGuides has the same moderation team as r/privacytoolsio before, and the main moderator of r/privacy is also same. Has anyone seen this kind of behaviour in overall privacy community? Edit: https://ghostarchive.org/archive/ttkkU reddit post archived
fedilink

100% FOSS Smartphone Hardening non-root Guide 4.0
https://lemmy.ml/post/128667 Crosspost but the guide body is so long, I had to break it into 5 parts.
fedilink

Smartphone Hardening non-root Guide 2.0 (for normal people)
(1/2) Lemmy does not allow too long post walls **UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. ~~This guide is nearly FOSS supported now.~~** **UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.** Hello! I am the founder of /r/privatelife . Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious. **A kind request to share this guide to any privacy seeker.** #User and device requirement * ANY Android 9+ device * knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me) #Why not Apple devices? iPhone [does not allow you to have privacy](https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d) due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was [discovered](https://9to5mac.com/2020/08/01/new-unpatchable-exploit-allegedly-found-on-apples-secure-enclave-chip-heres-what-it-could-mean/) in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable. 17/9/2020: [Apple gave the FBI access to the iCloud account of a protester **accused** of setting police cars on fire](https://www.businessinsider.com/apple-fbi-icloud-investigation-seattle-protester-arson-2020-9). Also, [they recently dropped plan for encrypting iCloud backups after FBI complained](https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT). They also collect and sell data [quite a lot](https://i.imgur.com/n8Bk0bA.jpg). Siri still records conversations 9 months after Apple [promised not](https://www.theregister.co.uk/2020/05/20/apple_siri_transcriptions/) to do it. Apple Mail app is vulnerable, yet Apple stays in [denial](https://9to5mac.com/2020/04/27/iphone-mail-vulnerabilities-2/). Also, [Apple sells certificates to third-party developers that allow them to track users](https://www.theatlantic.com/technology/archive/2019/01/apples-hypocritical-defense-data-privacy/581680/), [The San Ferdandino shooter publicity stunt was completely fraudulent](https://www.aclu.org/blog/privacy-technology/internet-privacy/one-fbis-major-claims-iphone-case-fraudulent), and [Louis Rossmann dismantled Apple's PR stunt "repair program"](https://invidio.us/watch?v=rwgpTDluufY). Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far [cheaper](https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/) to do than Android. ----- #LET'S GO!!! **ALL users must follow these steps before "for nerdy users" section.** **Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.** * **Sign out all your** Google and Huawei/Samsung/other phonemaker **accounts** from your device so that Settings-->Accounts do not show any sign-ins **except WhatsApp/Telegram** * Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/ * Use ["Universal Android Debloater"](https://gitlab.com/W1nst0n/universal-android-debloater) to easily debloat your bloated phone. NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/ * **Make DIY camera covers**, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). [**My rear camera cover**](https://i.postimg.cc/T37Qvc52/image.jpg) * Install **F-Droid app store** from [here](https://f-droid.org/en/) * Install **NetGuard** app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS] NOTE: NetGuard with [Energized Ultimate](https://block.energized.pro/ultimate/formats/hosts.txt) HOSTS file with any one of the above mentioned DNS providers is the ultimate solution. NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS * In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below: 1. https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo?fingerprint=8F992BBBA0340EFE6299C7A410B36D9C8889114CA6C58013C3587CDA411B4AED 2. https://apt.izzysoft.de/fdroid/repo?fingerprint=3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A 3. https://guardianproject.info/fdroid/repo?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135 Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu. ----- ###LIST OF APPS TO GET * Get **Firefox Preview** web browser from F-Droid (install uBlock Origin addon inside ([if technically advanced, try doing this](https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode))). Also get **Firefox Klar** if you like a separate incognito browser. * Get **Aurora Store** from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in * for 3rd party APKs source them only from **APKMirror** OR **APKPure** OR **APKMonk**, quite trusted, BUT **TRY AND AVOID IT IF POSSIBLE** * Get **Privacy Indicator** from F-Droid for **iOS 14 like camera/mic dot indicator feature** * Get **OSMAnd+** from F-Droid or **Qwant Maps inside web browser** for maps and/or print physical maps if you live and travel in one or two states or districts. NOTE: Qwant Maps has better search results than OSMAnd+ * Get **PilferShush Jammer** from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking) * Get **OpenBoard** (user friendly) OR **AnySoftKeyboard** (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware * Get **FTP Server (Free)** from F-Droid and **FileZilla on computer** for computer-to-phone internet less file sharing NOTE: for phone-computer sync or sharing, can TRY **KDE Connect**, available for Android, Windows, Linux * Get **TrebleShot** instead of SHAREIt for phone to phone file sharing * Get **K-9 Mail** or **FairEmail** as e-mail client * Get **NewPipe** for YouTube watching, or YouTube in Firefox Preview/Klar * Get **QKSMS** from F-Droid as SMS client app * Get **Shelter** from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal) * Get **SuperFreezZ** from F-Droid to freeze any apps from running in background * Get **Librera Pro** from F-Droid for PDF reader * Get **ImgurViewer** from F-Droid for opening reddit/imgur/other image links without invasive tracking * Get **InstaGrabber** from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is [here](https://github.com/austinhuang0131/instagrabber/releases), thanks u/sad_plan ) * Get **GreenTooth** from F-Droid to set Bluetooth to disable after you have used it * Get **Material Files** or **Simple File Manager** from F-Droid for file manager app * Get **ImagePipe** from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date) * Get **Note Crypt Pro** from F-Droid for encrypted note taking app * Get **Vinyl Music Player** from F-Droid for music player * Get **VLC** from F-Droid for video player ----- ###CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things. AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us. Now that you would have set up your phone with installing apps, now is a good time to perform this procedure. Step 1: Install **AppOpsX** from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/) Step 2: Plug phone to computer, and enable USB debugging in Settings --> Developer Options (you probably already did this in the starting of the guide) Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app. Step 4: On computer, type commands in order: ```adb devices``` ```adb tcpip 5555``` ```adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &``` Step 5: Now open "AppOpsX" app, and: * disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al. NOTE: Most apps that have text field to copy/paste text require this permission. * disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitor/stack special apps. * disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+) (2/2) in comment below.
fedilink