Is it still viable to use Signal for privacy in 2026? It's centralized, and has had many suspicious occurrences in the past.(Unopen source server code, careless whisper exploit which is still active as far as I know, and the whole mobile coin situation.)

Thoughts?

From the homepage:

εxodus analyzes Android applications in order to list the embedded trackers.

A tracker is a piece of software meant to collect data about you or your usages. So, εxodus reports tell you what are the ingredients of the cake.

εxodus does not decompile applications, its analysis method is legal.

Howdy y'all, I'm currently using an Amazon firestick on my living room TV, (running Wolf Launcher, Jellyfin, and SmartTube) but I'm considering upgrading to something more privacy friendly. Especially since Amazon is starting to crack down on ~~"Side Loading"~~ installing my own damn software.

The most open alternative seems to be an android TV box, but Google is walling up the android garden more heavily now too.

On the software side of things, I need something that:

• Is remote controllable
• Won't harvest my data
• Let's me install what I want
• Specifically will run the 3 programs I use. Jellyfin, SmartTube, and Kanopy.

On the hardware side of things, I'm pretty open, whether that be a rasberry pi, or a modified android TV box (provided I can flash an OS that isn't infected with Google).

Has anyone else done anything like this? Steaming devices all seem like locked down, data harvesters, which just so happen to also show you movies.

My current phone is starting to annoy me after 7 years of usage (Xiaomi Note 8 Pro) and I'm thinking of finally getting a new one. With that in mind, I'm considering setting up a De-Googled OS as well, but there are a few things that I cannot compromise on:

• Google Maps (I need the live traffic data when in a hurry, otherwise CoMaps is very nice)
• Banking Apps (I've checked them in the GrapheneOS list and they do seem to work)
• Instagram (it sucks I know, but I like not being a hermit)
• Company Portal & Teams (absolute garbage, but I need it for work)

If any one of these aren't guaranteed to work, then it's not an option for me right now.

If they do work, which De-Googled OS should I go for? GrapheneOS does seem like the most private one and maybe the most likely to remain worked on and supported for a long time, but it means that I'm going to have to buy a Pixel, probably a refurbished one.

Lastly, if I install another OS and regret it, is it possible to install the stock OS again?

Edit: Also, what happens after Google's "Unverified App" decision has passed, will this affect these alternative OS?

Currently, we already have some companies that offer us privacy-focused products, such as Proton, Tutanota, Mullvad, and others, but a short while ago I found one that I've never seen anyone talk about called Ice Privacy. From what I've researched, they've been on this path since 2019 and currently have two services. The first is Ice Drive, a cloud drive that gives out 10GB for free (although I heard they reduced it to 3GB) and focuses on privacy, with features like end-to-end encryption and two-factor authentication. They store your files with zero-knowledge encryption, and they also offer lifetime plans. The other product is Ice VPN. I admit I haven't researched this one as much, but from what I've seen, it's a VPN that promises to keep as little user data as possible (something like MullvadVPN), and the data they do obtain is stored with 256-bit encryption. Their company is located in Gibraltar (a British Overseas Territory located in Europe), which has good privacy laws. The point of this post is to ask you guys if you've ever heard of Ice Privacy? I understand that when it comes to privacy, it's good to choose companies that have been on the market for a long time and have the trust of their customers, but for a company to grow, someone needs to take the first step and use their products. I'm not saying we should just go out and use all their products and join the company's ecosystem, but rather that we should add it to our arsenal of defense weapons regarding privacy. The only thing I didn't find interesting is the fact that they don't have Mastodon accounts or a community on Lemmy, and although they have subreddits for IceDrive and IceVPN, they aren't mentioned on the company's website (that is, if they are actually official).

Knowing this information, will you give them a chance? If you've ever used any of their products, what did you think?

Links for those who want to know more about the company:

Company page: https://ice.gi/

IceDrive privacy policy: https://icedrive.net/legal/privacy-policy

IceVPN privacy policy: https://icevpn.com/legal/privacy-policy

I recently got an e-mail from Fairphone that they will be ending support for Fairphone 3(+) in a couple of months and I'm thinking about getting a replacement with /e/OS installed on it instead of Android.

All the independent information I can find seems to be from two or three years ago, so I was wondering if anyone with recent experience or knowledge has any thoughts about it?

I'm not interested in recommendations for other operating systems as I'm only considering switching from Android because there is an option for it to come pre-installed on the latest Fairphone with the bootloader locked, which may solve a few headaches. I'd just like to know if /e/OS has any gotchas to be aware of and if Ecorp/Esolutions/Murena are considered to be reputable (i.e. they're not going to steal my data).

I wish to have a discussion about how physical surveillance affects you in your day-to-day life; apart from Flock and (Ring) doorbell cameras (which I believe are pretty established at this point). This in context with your country of residence, and whether in a rural or densely populated area (as ("smart") cities typically "progress" at a faster rate).

I live in a medium-sized village, in a low-density area of The Netherlands. I rarely travel long distances and visit cities, but despite that, I'm increasingly confronted with surveillance infrastructure. Maybe it's because I know too much about it, and I no longer have the option to be unaware of it, but it eats at me on a daily basis.

Most notable is surveillance surrounding highways, especially: the increased density of radar sensors (which, on their own, might not reveal much about individuals; but could reveal one's progression when paired to ALPR data, for instance), "focusflitsers" (a (mobile) array of thermal-imaging cameras: peering through a vehicle's windshield, supposedly patrolling phone-usage during driving, but also featuring an ALPR (which also captures the driver, besides the license plate of course), and may also be used to record speed-indications (to identify "verkeershufters": roughly translating to "traffic jerks")), dedicated (mobile or stationary) ALPR cameras (supposedly only for detecting warranted vehicles or "hits": unless published in the police's "cameraplan"), "trajectcontroles" (average speed monitoring: essentially two sets of ALPRs, calculating the average time between readings), and (now) digital speed cameras (typically at intersections: instead of adapting road design...). But I'm glad I trust my government to only store "hits" and those in violation... /s

Other than that, I've spotted ALPRs (alongside an increasing number of PTZ cameras) at gas stations and above infrastructure (like bridges), but also built within boom gates before parking areas or recycling centers (behind a little square of darkened glass: in the base of the gate); and in, and surrounding retail areas (especially supermarkets) the number of cameras have risen (including the cameras at the self-checkout lanes: staring customers straight in the face; supposedly to discourage theft, but considering the "pay by face" concept, I fear it's in preparation thereof). Buses, structurally driving through my street, also have (exterior) camera side-mirrors, and therefore frequently capture me. And finally the eyesore that is public-facing home-surveillance systems (despite legally not allowed to, but of course not actively being enforced: as the government would shoot itself in the foot if it did).

That was my little rant, please feel free to leave yours below in the comments; I'm somewhat desperate to hear it. I'm especially interested in stories from Denmark: as even my mom (despite of the "I've got nothing to hide" type) noticed "average speed monitoring" cameras all throughout the country, and "speed cameras" being at the entrance of villages (which I believe you aren't allowed to be notified about in navigation programs: which is also insane to me), when she was there on a holiday. Please be very critical of every camera you're confronted with, including those that appear to have been there for your entire life. It's safe to assume every camera (including old "analog" cameras: through encoders) feed back into modern, digital surveillance platforms: which allow the footage to be actively monitored by AI (often to potentially trigger an alert, which an operator could respond to), possibly retained for an extended period of time (especially when considered evidence, it may be stored long-term: on a centralized server and/or cloud storage), and is shared effortlessly over the internet (instead of requiring physical transfer).

The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)

Demo :
https://youtu.be/1hfDOhrNx1I

In short :
- The pin you set to lock the app is encrypted, not hashed, which means with the private key of the app it could be reversed (there's no need to get that as you'll see in the next points
- Once you verify your age, the pictures and data identifying you is not deleted. Although on regular phones you and other apps can't access it as they are protected at the Android level, this is still a breach of GDPR
- The app's data is stored in a shared preferences file, which is pretty much just plain text. If you delete the key for your PIN, the app will let you create a new one, and still access the data of the old account.
- Nevertheless, the EU still brands it as a privacy friendly option on their site at https://t.ly/labwF

In short, don't verify your age online! This is really bad for privacy!
@privacy

#privacy #europe #opensource #cybersecurity #ageverification

I have already a degoogled phone on /e/OS which works pretty fine but I have r​ed​ an article which said /e/OS is not actually very safe because it has very old security patches compared to ​AOSP which has is up-to-date.

/e/OS is the product of Murena company which is promoting their own stuff for profit.

Of course GrafeneOS would be better for privacy but I have a fairphone so it is not an option.

​What about CalyxOS ? It is more privacy o​riented but now releases are paused. Do you think I should install existing build of CalyxOS for FP5 or install LineageOS and find a good DNS/VPN to block ads and trackers. This is a tool I like on e/OS/​ to​ have a view on blocked trackers.

What alternative would you advice on AOSP ?

I'm using HaGeZi's Ultimate DNS Blocklist with AdAway as a base and am now trying to add my own "tweaks", according to what connections my phone makes.

I set PCAPdroid to automatically start capturing after reboot. Before reboot, I kill-ed as many apps and processes as possible without crashing Android and then cleared system memory. I then rebooted and left the phone untouched for five minutes. The following is a heavily edited excerpt of the resulting pcap file. I removed the source IPs, ports, package sizes and protocols, so that the excerpt only contains the destination hosts and the "issuing" apps/packages.

**Google Play Services**
playatoms-pa.googleapis.com
digitalassetlinks.googleapis.com
www.googleapis.com
mtalk.google.com
android.googleapis.com

**Google Play Store**
play-fe.googleapis.com
play.googleapis.com

**IronFox**
firefox.settings.services.mozilla.com
firefox-settings-attachments.cdn.mozilla.net
content-signature-2.cdn.mozilla.net

**Android**
es11.samsung-sm-ds.com

Here are four screenshots of the PCAPdroid capture, in which you additionally can see the protocols, destination ports, captured times, packet sizes and connection states. Let me know if the Buzzheavier link is broken.

Do you have any insights regarding these hosts? What they do, whether they are necessary for an Android system that still runs on the proprietary Google libraries and Google Play Services or whether they can be blocked? I am already blocking the Play Store with a firewall, so the hosts associated with it might not even be getting through. Unfortunately, my firewall doesn't come with granular enough control to allow blocking of individual hosts, which I guess I could do with AdAway instead and see what happens. Anyway, lend me your wisdom! :)

I'm using Mullvad because I like their company. F***! These is no way I can formulate this sentence without it sounding weird...

Anyway!

It seems like the state's websites and the municipalities' websites allow Mullvad but the counties' websites block it.

What the actual f.... 😂

What's the situation in YOUR country/region? Are you able to do taxes, surf on healthcare related websites (hospitals etc) and on government bodies' sites without issues?

Currently on an enjoyable journey of de-googling, upping privacy, data sovereignty and so on.

Apps that do this just get it.

This is an update on my privacy setup since my last post. Yeah, I know WhatsApp belongs to Meta and is handing over all my data to the US, Israel, Iran, China, the Vatican, and Mars, but for personal reasons, I can't ditch it right now. How can I improve my setup?

Is there much happening about this (symposium aside)? I read Tim Berners Lee's book recently and was intrigued by this idea.

I set up a pod (I think) and a Web ID (I think) but overall found the whole thing quite underdeveloped for an end user. To be fair, they do say it remains in development and is really aimed at developers. So that's fair.

I really like the idea though.

Peoples’ thoughts on it?

I wonder if they're using my data to something or spying on me.

Because I use Firefox Sync to sync mostly my history. I don't have bookmarks, I just remember what site I want to access by its URL then I start typing and the autocomplete do the rest.

For example, to access Lemmy I just type "le" because the only site I most access and starts with "le" is "lemmy.world". Rarely I get some conflict on this approach. And it works on both my phone and desktop.

I wonder if should I change this approach to avoid Firefox Sync or I can trust on Firefox Sync.

Link to video of the hacking: https://x.com/Paul_Reviews/status/2044723123287666921

Location data collected from mobile apps and digital advertising can reveal habits, interests and almost any other aspect of someone's life. In this report, we uncover how a geolocation surveillance system called Webloc uses ad-based data to monitor hundreds of millions of people across the globe.