Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
Do you think we can find a way to bypass these,
Yes. Direct physical access always wins. A device in my hands is my device.
or is the future of the digital world just authoritarian and dystopian?
Yes. Many people aren't going to explore the solutions, or be willing to give up the convenience that comes with not changing what they're doing.
A device in my hands is my device.
Could you then please help root the Meta Quest 3? So far I believe nobody managed.
I sadly believe we’re fucked
We were fucked a long time ago it's just the effects showing now. But I hope the rebels at Graphene OS and other custom ROMs will find a way.
Sadly I moved away from Graphene because of all the restrictions :(
IMO the only reason tech world can be authoritarian is people's negligence. Otherwise even if all major brands produce unhackable locked down hardware, people could boycott those and buy the one obscure open device (like pine64) and market force will force big names to revert.
Corporations do not have power by themselves. People refusing to think and understand gives them power. Same applies to mainstream politics.
So unless I can convince my mom to install Firefox we're fucked.
...we're fucked.
Unless you can convince them to get out of the 'surveillance for free stuff' market then they're fucked, not everyone.
You can choose to use free and open source software and sped time learning and putting together a system that benefits you. Or you can just sign up for Google, let them do all of the work in exchange for spying on you with every device that you buy and put in your house.
yes. also your friends, not only mom.
(/s aside, most people of younger generations don't care as well, not only elderly less tech literate folks)
We are soooo fucked.
It's a rat race. You can only win by not playing.
But if you don’t play, your pay with convenience and your time. You lose the freedom of installing a lot of apps. You lose a lot :( - to the point where it would make most people give up
Imagine I said that I would come into your house and install a new TV and entertainment system, re-build your bathroom, fix your maintenance issues, clean your floors, wash your dishes, etc. That'd save you a lot of time.
Now, I'll even do it for free! But, you have to let me install a door that only I have a key to so you can't stop me from entering your house and also to install cameras and microphones covering every square foot of your house and you consent to being recorded.
That's the deal people are making with their digital lives.
Yeah, it was inconvenient to have to learn how to setup the software so I could have 'cloud storage' using my home server. It's annoying that I have to deal with IP Cameras and ZoneMinder. But, because I do the work myself, I don't have to let Google/Meta/FBI/Amazon have access to listening devices in my home (Oh, sorry Alexa, I didn't know you were listening), footage from my security system or the contents of my personal files.
If you keep feeding the monster, you know what will happen.
As of now, I find very few apps beneficial, convenient or time savers - maybe I'm a weirdo luddite. Most apps seem to be for pastimes anyway so saving time seems odd - I prefer to take time to savour my pastimes. I think mp3 player app, and organic maps are the real ones that I actually find useful.
But refusing GPS/microG and therefore Microsoft Authenticate will become a problem for me quite soon I think. For now a phonecall still works, but I think it's only a matter of time. Once that goes I might have to quit my job, and will struggle to find one in my field that doesn't require it, so I guess I'll have to look for less skilled work or retrain, and I'm far too old for that shit. That's where it'll get constraining, when the tentacles of bundling enwrap and bind many other aspects of real society.
I really hope the EU keeps on at MS for bundling and other market power abuse, it seems so obvious that they've effectively ignored the fines from the old Internet Exploder case, and ramped up their misbehaviour regardless.
Of course the twats where I live are easily radicalised against EU regulations (or any regulations really) , so I'm probably still fucked. But at least someone needs to stand up for consumer rights and competition and keep kicking MS in the balls every time they pull their dick out to fuck consumers. Ideally kick them harder and harder too, 'punitive damages' are more than justified due to them being a repeat offender.
If you can root your phone and use an xposed module, maybe. Or the EU forces them. Otherwise, there's not much option.
Well the idea of having attestation isn't the problem. The problem is that apps requiring attestation (banks, insurance providers, ID-systems) use the most convenient solution. Slapping on Googles prebuild attestation. Graphene for example, provides alternative attestation for their OS and offers docs for anyone to implement a more fitting set of checks.
There are two approaches here: If you're upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I'd say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data. Breaking those checks is then breaking those compliances in an unsafe way.
If you believe your setup is actually secure and compliant, just not in a way the allmighty Google intended: Try and get an attestation module for your setup. Fight for these apps to accept non-Google attestation and fight for devices that don't artificially limit what can pass as secure.
If you're upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I'd say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data.
Hard disagree. If you own the device, you should be in full control of what's going on. Sure, attestation can give some extra security, but that decision should be up to the user. Everything else is just excuses for user hostile DRM: platforms levaraging technology to secure their own profit margin against the interests of user.
Yyyyyyupp
"Oh no, this device is rooted! :(" Yes because I know what I am doing, now show me my account balance you stupid piece of ahit banking app.
Banking app: "Oh no, your device does not conform to Google's latest whim, terribly insecure, can't let you make a SEPA."
Baking website: "Opera on an outdated, pirated copy of Windows? Looks a-ok to me!"
I don't disagree with owning your hardware. I'm saying that a regulatory body can pose rules on where critical software can run. Part of this is data exposure: A banking app running in a tampered environment makes some malwares possible, which is the side you want an "I know what I'm doing"-button for. But it also creates risk for the bank. In letting you look into network-traffic and memory-dumps, you may discover ways to manipulate an unrooted instance or the backend server. This is security through obscurity and I'd much rather have everything open-source, but it's what we're dealing with.
On the other hand, the bank promises to cover damages, whenever they do mess up. You could give them an easy excuse by taking on that responsibility. But regulations don't allow that, much like they don't allow you to do your own high-voltage, high-current electricity. And frown upon you breaking load-bearing walls in a housing complex to have a more open kitchen. There is a line where "let me do what I want" becomes anarchy.
Now bringing DRM into this, misses the point. There is telemetry in these apps. But there is no piracy or copyright infringement to be had. The bank doesn't fear you giving yourself a million dollars by changing your balance in memory. It's all about responsibility in case something goes south. They would love to shift it all onto you, but they're not allowed to do that. Attestation was never about protecting you, it's about protecting them from being blamed.
There is a bunch of parties making guarantees and complying with rulesets. Domino-ing all of them would make you extremely vulnerable. Which is why I opted for "tamper-proof containers running in a unproven host", rather than signing an unlimited waiver.
I switched to a feature phone that has nothing to do with Android for calling (Mocor RTOS) because I'm tired of fighting Android for the moment. I keep an unrooted smartphone at home for online banking. Kinda extreme but that's one way.
Can relate. I have a phone with stock Android and a removable battery for anything won't or I'd rather not have on my primary GrapheneOS phone. I only ever plug in the battery as needed and when I'm settled at the safety of my desk.
I personally don't know how a non-smartphone is better is terms of privacy. Can you explain?
AFAIK, they have the same level of spying, just more restrictions and less features.
Common vulnerabilities: Tracking by carrier, including cell tower triangulation, SMS, and call logs.
Non-smartphone specific vulnerabilities: Lack of security updates. However, the data to be exfiltrated from a non-smartphone is limited. If it's only call logs and text messages, everything's already compromised by virtue of the carrier. So the level of concern will vary with your threat model.
Smartphone-specific vulnerabilities: Tracking by apps, manufacturer, OS vendor, or just about anything that can take advantage of the smartphone's computing power. More data to be exfiltrated if it falls to a security vulnerability.
Smartphone-specific advantages: Can be run Wi-Fi only to avoid tracking by carrier.
Big tech can't win because you can't force the internet to do something.
Depends on what your definition of winning is. If we reach a state where it is literally impossible to run your own software without heavy hardware modification, which would exclude 99.9% of users, that would be like big tech winning in my book. That's why right to repair is important, and we probably also need laws to prevent OEMs from disallowing the use of alternate OS.
They don’t need to make us do anything. They just need to make it too inconvenient not to.
The Net interprets censorship as damage and routes around it.
Gilmore's quote was true then, it is not the current state of play.
If you need to use banking/government/transit apps, you need to play by the rules now
I must be missing something here. Can we not just use the web version of the bank interface insteadvof an app? It still works for my banking, and I don't even have the app. I just have to put my browser into desktop mode.
You can hide root/fake play integrity.
They can make it so much harder to do that, to the point where almost everyone just gives up.
i think we are already at this point.
its not necessarily harder, but its so annoying to do and find comprehensive information on the process.