Howdy y'all, I'm currently using an Amazon firestick on my living room TV, (running Wolf Launcher, Jellyfin, and SmartTube) but I'm considering upgrading to something more privacy friendly. Especially since Amazon is starting to crack down on ~~"Side Loading"~~ installing my own damn software.

The most open alternative seems to be an android TV box, but Google is walling up the android garden more heavily now too.

On the software side of things, I need something that:

• Is remote controllable
• Won't harvest my data
• Let's me install what I want
• Specifically will run the 3 programs I use. Jellyfin, SmartTube, and Kanopy.

On the hardware side of things, I'm pretty open, whether that be a rasberry pi, or a modified android TV box (provided I can flash an OS that isn't infected with Google).

Has anyone else done anything like this? Steaming devices all seem like locked down, data harvesters, which just so happen to also show you movies.

My current phone is starting to annoy me after 7 years of usage (Xiaomi Note 8 Pro) and I'm thinking of finally getting a new one. With that in mind, I'm considering setting up a De-Googled OS as well, but there are a few things that I cannot compromise on:

• Google Maps (I need the live traffic data when in a hurry, otherwise CoMaps is very nice)
• Banking Apps (I've checked them in the GrapheneOS list and they do seem to work)
• Instagram (it sucks I know, but I like not being a hermit)
• Company Portal & Teams (absolute garbage, but I need it for work)

If any one of these aren't guaranteed to work, then it's not an option for me right now.

If they do work, which De-Googled OS should I go for? GrapheneOS does seem like the most private one and maybe the most likely to remain worked on and supported for a long time, but it means that I'm going to have to buy a Pixel, probably a refurbished one.

Lastly, if I install another OS and regret it, is it possible to install the stock OS again?

Edit: Also, what happens after Google's "Unverified App" decision has passed, will this affect these alternative OS?

I recently got an e-mail from Fairphone that they will be ending support for Fairphone 3(+) in a couple of months and I'm thinking about getting a replacement with /e/OS installed on it instead of Android.

All the independent information I can find seems to be from two or three years ago, so I was wondering if anyone with recent experience or knowledge has any thoughts about it?

I'm not interested in recommendations for other operating systems as I'm only considering switching from Android because there is an option for it to come pre-installed on the latest Fairphone with the bootloader locked, which may solve a few headaches. I'd just like to know if /e/OS has any gotchas to be aware of and if Ecorp/Esolutions/Murena are considered to be reputable (i.e. they're not going to steal my data).

I wish to have a discussion about how physical surveillance affects you in your day-to-day life; apart from Flock and (Ring) doorbell cameras (which I believe are pretty established at this point). This in context with your country of residence, and whether in a rural or densely populated area (as ("smart") cities typically "progress" at a faster rate).

I live in a medium-sized village, in a low-density area of The Netherlands. I rarely travel long distances and visit cities, but despite that, I'm increasingly confronted with surveillance infrastructure. Maybe it's because I know too much about it, and I no longer have the option to be unaware of it, but it eats at me on a daily basis.

Most notable is surveillance surrounding highways, especially: the increased density of radar sensors (which, on their own, might not reveal much about individuals; but could reveal one's progression when paired to ALPR data, for instance), "focusflitsers" (a (mobile) array of thermal-imaging cameras: peering through a vehicle's windshield, supposedly patrolling phone-usage during driving, but also featuring an ALPR (which also captures the driver, besides the license plate of course), and may also be used to record speed-indications (to identify "verkeershufters": roughly translating to "traffic jerks")), dedicated (mobile or stationary) ALPR cameras (supposedly only for detecting warranted vehicles or "hits": unless published in the police's "cameraplan"), "trajectcontroles" (average speed monitoring: essentially two sets of ALPRs, calculating the average time between readings), and (now) digital speed cameras (typically at intersections: instead of adapting road design...). But I'm glad I trust my government to only store "hits" and those in violation... /s

Other than that, I've spotted ALPRs (alongside an increasing number of PTZ cameras) at gas stations and above infrastructure (like bridges), but also built within boom gates before parking areas or recycling centers (behind a little square of darkened glass: in the base of the gate); and in, and surrounding retail areas (especially supermarkets) the number of cameras have risen (including the cameras at the self-checkout lanes: staring customers straight in the face; supposedly to discourage theft, but considering the "pay by face" concept, I fear it's in preparation thereof). Buses, structurally driving through my street, also have (exterior) camera side-mirrors, and therefore frequently capture me. And finally the eyesore that is public-facing home-surveillance systems (despite legally not allowed to, but of course not actively being enforced: as the government would shoot itself in the foot if it did).

That was my little rant, please feel free to leave yours below in the comments; I'm somewhat desperate to hear it. I'm especially interested in stories from Denmark: as even my mom (despite of the "I've got nothing to hide" type) noticed "average speed monitoring" cameras all throughout the country, and "speed cameras" being at the entrance of villages (which I believe you aren't allowed to be notified about in navigation programs: which is also insane to me), when she was there on a holiday. Please be very critical of every camera you're confronted with, including those that appear to have been there for your entire life. It's safe to assume every camera (including old "analog" cameras: through encoders) feed back into modern, digital surveillance platforms: which allow the footage to be actively monitored by AI (often to potentially trigger an alert, which an operator could respond to), possibly retained for an extended period of time (especially when considered evidence, it may be stored long-term: on a centralized server and/or cloud storage), and is shared effortlessly over the internet (instead of requiring physical transfer).

The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)

Demo :
https://youtu.be/1hfDOhrNx1I

In short :
- The pin you set to lock the app is encrypted, not hashed, which means with the private key of the app it could be reversed (there's no need to get that as you'll see in the next points
- Once you verify your age, the pictures and data identifying you is not deleted. Although on regular phones you and other apps can't access it as they are protected at the Android level, this is still a breach of GDPR
- The app's data is stored in a shared preferences file, which is pretty much just plain text. If you delete the key for your PIN, the app will let you create a new one, and still access the data of the old account.
- Nevertheless, the EU still brands it as a privacy friendly option on their site at https://t.ly/labwF

In short, don't verify your age online! This is really bad for privacy!
@privacy

#privacy #europe #opensource #cybersecurity #ageverification

I have already a degoogled phone on /e/OS which works pretty fine but I have r​ed​ an article which said /e/OS is not actually very safe because it has very old security patches compared to ​AOSP which has is up-to-date.

/e/OS is the product of Murena company which is promoting their own stuff for profit.

Of course GrafeneOS would be better for privacy but I have a fairphone so it is not an option.

​What about CalyxOS ? It is more privacy o​riented but now releases are paused. Do you think I should install existing build of CalyxOS for FP5 or install LineageOS and find a good DNS/VPN to block ads and trackers. This is a tool I like on e/OS/​ to​ have a view on blocked trackers.

What alternative would you advice on AOSP ?

I'm using HaGeZi's Ultimate DNS Blocklist with AdAway as a base and am now trying to add my own "tweaks", according to what connections my phone makes.

I set PCAPdroid to automatically start capturing after reboot. Before reboot, I kill-ed as many apps and processes as possible without crashing Android and then cleared system memory. I then rebooted and left the phone untouched for five minutes. The following is a heavily edited excerpt of the resulting pcap file. I removed the source IPs, ports, package sizes and protocols, so that the excerpt only contains the destination hosts and the "issuing" apps/packages.

**Google Play Services**
playatoms-pa.googleapis.com
digitalassetlinks.googleapis.com
www.googleapis.com
mtalk.google.com
android.googleapis.com

**Google Play Store**
play-fe.googleapis.com
play.googleapis.com

**IronFox**
firefox.settings.services.mozilla.com
firefox-settings-attachments.cdn.mozilla.net
content-signature-2.cdn.mozilla.net

**Android**
es11.samsung-sm-ds.com

Here are four screenshots of the PCAPdroid capture, in which you additionally can see the protocols, destination ports, captured times, packet sizes and connection states. Let me know if the Buzzheavier link is broken.

Do you have any insights regarding these hosts? What they do, whether they are necessary for an Android system that still runs on the proprietary Google libraries and Google Play Services or whether they can be blocked? I am already blocking the Play Store with a firewall, so the hosts associated with it might not even be getting through. Unfortunately, my firewall doesn't come with granular enough control to allow blocking of individual hosts, which I guess I could do with AdAway instead and see what happens. Anyway, lend me your wisdom! :)

I'm using Mullvad because I like their company. F***! These is no way I can formulate this sentence without it sounding weird...

Anyway!

It seems like the state's websites and the municipalities' websites allow Mullvad but the counties' websites block it.

What the actual f.... 😂

What's the situation in YOUR country/region? Are you able to do taxes, surf on healthcare related websites (hospitals etc) and on government bodies' sites without issues?

Currently on an enjoyable journey of de-googling, upping privacy, data sovereignty and so on.

Apps that do this just get it.

This is an update on my privacy setup since my last post. Yeah, I know WhatsApp belongs to Meta and is handing over all my data to the US, Israel, Iran, China, the Vatican, and Mars, but for personal reasons, I can't ditch it right now. How can I improve my setup?

Is there much happening about this (symposium aside)? I read Tim Berners Lee's book recently and was intrigued by this idea.

I set up a pod (I think) and a Web ID (I think) but overall found the whole thing quite underdeveloped for an end user. To be fair, they do say it remains in development and is really aimed at developers. So that's fair.

I really like the idea though.

Peoples’ thoughts on it?

I wonder if they're using my data to something or spying on me.

Because I use Firefox Sync to sync mostly my history. I don't have bookmarks, I just remember what site I want to access by its URL then I start typing and the autocomplete do the rest.

For example, to access Lemmy I just type "le" because the only site I most access and starts with "le" is "lemmy.world". Rarely I get some conflict on this approach. And it works on both my phone and desktop.

I wonder if should I change this approach to avoid Firefox Sync or I can trust on Firefox Sync.

Location data collected from mobile apps and digital advertising can reveal habits, interests and almost any other aspect of someone's life. In this report, we uncover how a geolocation surveillance system called Webloc uses ad-based data to monitor hundreds of millions of people across the globe.

Link to video of the hacking: https://x.com/Paul_Reviews/status/2044723123287666921

Open-source and self-hostable, Thunderbolt gives organizations autonomy over how AI is built and run, with integrated infrastructure powered by deepset’s Haystack

I'm a big proponent of self-hosting, right to repair, and rolling your own whatever when you can. That probably started as teenage rebellion that got baked in - I was lucky enough to read both Walden and The Hobbit during a week-long cyclone lockdown several decades ago - but I suspect there's a non-trivial overlap between that space and privacy-minded people in general.

My endgame is a self-sufficient intranet for myself and family: if the net goes down tomorrow, we'd barely notice.

I also use LLMs as a tool. True self-hosted equivalence to state-of-the-art models is still an expensive proposition, so like many, I use cloud-based tools like Claude or Codex for domain-specific heavy lifting - mostly coding. Not apologising for it; I think it's a reasonable trade-off while local hardware catches up.

That context is just to establish where I'm coming from when I say this caught my attention today:

https://support.claude.com/en/articles/14328960-identity-verification-on-claude

To be accurate about what it actually says: this isn't a blanket "show us your passport to use Claude." Not yet.

The policy as written is narrower than it might first appear.

My concern isn't what it says - it's that the precedent now exists. OAI will do doubt follow suite.

Scope creep is a documented pattern with this kind of thing, and "we only use it for X" describes current intent, not a structural constraint.

Given the nature of this community, figured it was worth flagging.