This is an update on my privacy setup since my last post. Yeah, I know WhatsApp belongs to Meta and is handing over all my data to the US, Israel, Iran, China, the Vatican, and Mars, but for personal reasons, I can't ditch it right now. How can I improve my setup?
I can't format my phone and install GrapheneOS since my phone is a Motorola, not a Google Pixel. I need Uber and the Play Store, there's not much I can do about that. "roblox linda cringe" isn't a good reason to uninstall it for privacy reasons.
that's interesting; a good reason, I already had plans to remove Roblox from my phone, thanks for giving me more reasons (this time plausible reactions)
I'm currently stuck with stock too, but at least with uad-ng, you can remove/freeze the offenders (or root it and also get a firewall). Careful: Play Store itself can not be removed, only frozen; you'll get a boot loop otherwise. And in case of the Xperia 10, i've had to replace the stock dialer (phone app) with the fossify one, since it and a few useless sony apps got crazy about missing Play Services.
Cross-platform GUI written in Rust using ADB to debloat non-rooted Android devices. Improve your privacy, the security and battery life of your device. - Universal-Debloater-Alliance/universal-andr...
unfortunately there's no LineageOS for my Motorola either, I really looked for many privacy-focused operating systems and none of them run on my Motorola
I've already seen the partnership between Motorola and Graphene, but nowhere do they say they're going to add Graphene to old Motorola models, only for the new phone(s) in the Graphene line.
Which phone and message app are you using? I also don't see a way to view photos or files and which camera app?
Obviously GrapheneOS is the best way to go for privacy but if you do stick to OEM Android then make sure you're using apps like the Fossify suite. I use their apps with all contacts and calendar synced via davx and self hosted on Nextcloud.
KeePass is a password manager that doesn't store your data in the cloud (like Bitwarden), meaning it doesn't need internet access to work (though that doesn't matter much to me, since I use a Motorola and can't restrict its network access like I would if I could afford a Pixel and install Graphene). In KeePass, your passwords are kept in a file that is YOUR responsibility; as long as you have the file, all your passwords are safe (but of course, you also need the master password to access the others, and if you want, you can add other security methods to make it harder to get into your vault).
Older pixel phones run relatively cheap if you don't mind having an older model. Mine was still locked by my ISP, but I used their insurance plan and they sent me an unlocked one lol
I know that, but lately I've been preferring to use KeePass (plus I have terrible memories involving self-hosting; I don't know anything about it and I can't self-host anything, whether it's due to a lack of knowledge or a lack of resources).
I didn't know that, but security-wise, wouldn't it still be better to use Aegis? 2FA is meant to provide extra security in case your password is compromised; this means that if someone gets into your password manager, they still wouldn't be able to access your accounts because of the 2FA. But if you put your 2FA inside the password manager, that just makes it easier to access your accounts, right? Anyway, I found that information interesting, I had no idea. Thanks!
In the world of privacy, it's often best to reject things that are too convenient, but I managed to find a way to use KeePass for 2FA. Just create another vault with a different password and use that one specifically for 2FA. This means that if one of your vaults is compromised, you're still not at risk.
honestly it doesn't really matter if they have access to my phone, because my Aegis and Keepass are protected by passwords, and different ones at that. anyway, I took your first comment into consideration and created a Keepass vault just for TOTP, with a different password from my password vault, of course, so if they access one of my vaults they wouldn't have access to my passwords. I deleted my Aegis since I won't need it anymore, but I kept a backup saved just in case.
If you’re using the password manager correctly, you will only use the password manager and have all different, impossible to remember and keep track of combinations of passwords and logins.
So losing access to the password manager would be catastrophic.
A tool like keepass relies on the user to not lose access to the password managers data, but many events far outside of the users control can happen. Natural disasters, confiscation and even good ol’ user error can lose access for the most careful users and cause seriously problematic situations.
A trustworthy cloud based option can close that hole and make very difficult situations much easier.
“My phone and computer were lost in a flood or fire. In order to receive aid or access assistance I need access to the credentials on them.”
“My phone and computer were confiscated by the authorities. They are locked and encrypted, but now I don’t have access to my credentials”
“Oops, I made a mistake!”
... Show more...
Consider dumping keepass for bitwarden.
If you’re using the password manager correctly, you will only use the password manager and have all different, impossible to remember and keep track of combinations of passwords and logins.
So losing access to the password manager would be catastrophic.
A tool like keepass relies on the user to not lose access to the password managers data, but many events far outside of the users control can happen. Natural disasters, confiscation and even good ol’ user error can lose access for the most careful users and cause seriously problematic situations.
A trustworthy cloud based option can close that hole and make very difficult situations much easier.
“My phone and computer were lost in a flood or fire. In order to receive aid or access assistance I need access to the credentials on them.”
“My phone and computer were confiscated by the authorities. They are locked and encrypted, but now I don’t have access to my credentials”
“Oops, I made a mistake!”
You almost certainly are better served by using a trustworthy service like Bitwarden that allows you to still do your shit in these situations.
I understand your concerns, but none of them really affect me. I live in a country located in the center of a tectonic plate, which makes it very difficult for natural disasters to occur; for example, high-magnitude earthquakes have never happened here, and tsunamis have never occurred within the territory either—at most on the country's coast in 2004, but I don't live on the coast or in a flood-prone area. The reason I'm protecting myself regarding privacy issues isn't to hide from the government, but if it were, one of the things I'd worry about least would be keeping my passwords secure. What might happen is that I could lose the password file, but I already keep it on three different devices; if I lose two at the same time, I'd still have one with the file. In the end, both KeePass and Bitwarden have their issues; for instance, if Bitwarden's servers were attacked, the passwords in the cloud would be at risk (although I know they have some extra protections in case that happens).
I'm so sorry you went through that, but there's really no way a massive disaster could happen where I live; like I said, the country is right in the middle of a tectonic plate.
I self host so the data in the cloud is stored on my own equipment, yes it is still technically online but it saves a copy locally so you only need an active connection to sync new items.
I regularly use multiple devices and having that sync is vital. Even at work, I cannot install software but I can install browser extensions. This means I can use my instance for both personal and work. I have also set up most of my family with access, all for free!
Serious suggestion - install Shelter and move both WhatsApp and Uber into your work profile. That has a number of advantages - keeping them away from your contacts and gives you the ability to suspend all closed source apps with a single click.
Is there really that much advantage to isolating these apps in a work profile? I've been using them under a work profile for a while now and I see not much point to it since I never practically disable them for concern over missing out on important notifications. They have as much access to device APIs as they do in the personal profile anyways so they can track my phone just as well. It just becomes inconvenient moving content between both profiles.
When I used it on GrapheneOS, it was to ensure untrusted apps (especially banking apps requiring Google Play Services) no longer remaining active after using them; but if you never close the work profile, they indeed remain active. But it's a good measure regardless: to ensure you don't accidentally give WhatsApp or whatever, permission to personal media; even if it means added inconvenience (which is the most common trade-off with privacy).
Man, I tried using Shelter, but I didn't have a good first impression of it. I went to download it and saw that it seemed to have a pretty simple design, but what caught my eye was the fact that it was last updated almost 3 years ago. I hesitated for a moment but tried to ignore that and went ahead and installed it: when I went to use it, it bundled about 6 apps without me asking, the app I actually wanted to bundle stopped working, and the others it bundled without my permission became extremely slow. Not only that, but my whole phone in general got really sluggish, lagging and all that. I didn't have a good experience with it and I don't plan on using it again.
zewm
in reply to degooglerleon • • •Format the phone and install GraphineOS.
Play store means you’re still using Google. Google is the largest vacuum of user data.
Uber records your location data.
Also unless you’re under 10, Roblox kinda cringe. This one is just a personal opinion. I don’t know how bad it is with respects to privacy.
degooglerleon
in reply to zewm • • •I need Uber and the Play Store, there's not much I can do about that.
"roblox linda cringe" isn't a good reason to uninstall it for privacy reasons.
Desyn0xox
in reply to degooglerleon • • •reports.exodus-privacy.eu.org/…
degooglerleon
in reply to Desyn0xox • • •MonkderVierte
in reply to degooglerleon • • •And it has no LineageOS either?
I'm currently stuck with stock too, but at least with uad-ng, you can remove/freeze the offenders (or root it and also get a firewall).
Careful: Play Store itself can not be removed, only frozen; you'll get a boot loop otherwise.
And in case of the Xperia 10, i've had to replace the stock dialer (phone app) with the fossify one, since it and a few useless sony apps got crazy about missing Play Services.
N.E.P.T.R
in reply to MonkderVierte • • •GitHub - Universal-Debloater-Alliance/universal-android-debloater-next-generation: Cross-platform GUI written in Rust using ADB to debloat non-rooted Android devices. Improve your privacy, the security and battery life of your device.
GitHubdegooglerleon
in reply to MonkderVierte • • •airikr
in reply to degooglerleon • • •Motorola partnership announcement - GrapheneOS Discussion Forum
GrapheneOS Discussion Forumdegooglerleon
in reply to airikr • • •TheIPW
in reply to degooglerleon • • •Which phone and message app are you using? I also don't see a way to view photos or files and which camera app?
Obviously GrapheneOS is the best way to go for privacy but if you do stick to OEM Android then make sure you're using apps like the Fossify suite. I use their apps with all contacts and calendar synced via davx and self hosted on Nextcloud.
What about KeePass, where is that data backed up?
degooglerleon
in reply to TheIPW • • •PolarPirate
in reply to degooglerleon • • •degooglerleon
in reply to PolarPirate • • •PolarPirate
in reply to degooglerleon • • •degooglerleon
in reply to PolarPirate • • •Scott
in reply to degooglerleon • • •degooglerleon
in reply to Scott • • •s38b35M5
in reply to degooglerleon • • •degooglerleon
in reply to s38b35M5 • • •2FA is meant to provide extra security in case your password is compromised; this means that if someone gets into your password manager, they still wouldn't be able to access your accounts because of the 2FA. But if you put your 2FA inside the password manager, that just makes it easier to access your accounts, right?
Anyway, I found that information interesting, I had no idea. Thanks!
Shrouded0603
in reply to degooglerleon • • •degooglerleon
in reply to Shrouded0603 • • •s38b35M5
in reply to degooglerleon • • •You're right, but if they have your password manager, they likely have your phone, and that means they have your Aegis too.
Still, my suggestion is less of a second factor unless you have 2fa on your keypass, so not best practice.
degooglerleon
in reply to s38b35M5 • • •I deleted my Aegis since I won't need it anymore, but I kept a backup saved just in case.
doodoo_wizard
in reply to degooglerleon • • •Consider dumping keepass for bitwarden.
If you’re using the password manager correctly, you will only use the password manager and have all different, impossible to remember and keep track of combinations of passwords and logins.
So losing access to the password manager would be catastrophic.
A tool like keepass relies on the user to not lose access to the password managers data, but many events far outside of the users control can happen. Natural disasters, confiscation and even good ol’ user error can lose access for the most careful users and cause seriously problematic situations.
A trustworthy cloud based option can close that hole and make very difficult situations much easier.
“My phone and computer were lost in a flood or fire. In order to receive aid or access assistance I need access to the credentials on them.”
“My phone and computer were confiscated by the authorities. They are locked and encrypted, but now I don’t have access to my credentials”
“Oops, I made a mistake!”
... Show more...Consider dumping keepass for bitwarden.
If you’re using the password manager correctly, you will only use the password manager and have all different, impossible to remember and keep track of combinations of passwords and logins.
So losing access to the password manager would be catastrophic.
A tool like keepass relies on the user to not lose access to the password managers data, but many events far outside of the users control can happen. Natural disasters, confiscation and even good ol’ user error can lose access for the most careful users and cause seriously problematic situations.
A trustworthy cloud based option can close that hole and make very difficult situations much easier.
“My phone and computer were lost in a flood or fire. In order to receive aid or access assistance I need access to the credentials on them.”
“My phone and computer were confiscated by the authorities. They are locked and encrypted, but now I don’t have access to my credentials”
“Oops, I made a mistake!”
You almost certainly are better served by using a trustworthy service like Bitwarden that allows you to still do your shit in these situations.
degooglerleon
in reply to doodoo_wizard • • •I live in a country located in the center of a tectonic plate, which makes it very difficult for natural disasters to occur; for example, high-magnitude earthquakes have never happened here, and tsunamis have never occurred within the territory either—at most on the country's coast in 2004, but I don't live on the coast or in a flood-prone area.
The reason I'm protecting myself regarding privacy issues isn't to hide from the government, but if it were, one of the things I'd worry about least would be keeping my passwords secure.
What might happen is that I could lose the password file, but I already keep it on three different devices; if I lose two at the same time, I'd still have one with the file.
In the end, both KeePass and Bitwarden have their issues; for instance, if Bitwarden's servers were attacked, the passwords in the cloud would be at risk (although I know they have some extra protections in case that happens).
doodoo_wizard
in reply to degooglerleon • • •I live in an area I would describe the same as you described yours.
Each example given are things that I experienced.
Be safe out there.
degooglerleon
in reply to doodoo_wizard • • •doodoo_wizard
in reply to degooglerleon • • •TheIPW
in reply to degooglerleon • • •I self host so the data in the cloud is stored on my own equipment, yes it is still technically online but it saves a copy locally so you only need an active connection to sync new items.
I regularly use multiple devices and having that sync is vital. Even at work, I cannot install software but I can install browser extensions. This means I can use my instance for both personal and work. I have also set up most of my family with access, all for free!
ropatrick
in reply to TheIPW • • •Good shout on the Fossify suite. Have replaced a few G products with those.
Excellent list of FOSS stuff here which helped me a lot.
github.com/pluja/awesome-priva…
GitHub - pluja/awesome-privacy: Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
GitHubDelascas
in reply to degooglerleon • • •Uber?????????
Serious suggestion - install Shelter and move both WhatsApp and Uber into your work profile. That has a number of advantages - keeping them away from your contacts and gives you the ability to suspend all closed source apps with a single click.
MonkderVierte
in reply to Delascas • • •enchantedgoldapple
in reply to Delascas • • •PierceTheBubble
in reply to enchantedgoldapple • • •degooglerleon
in reply to Delascas • • •I went to download it and saw that it seemed to have a pretty simple design, but what caught my eye was the fact that it was last updated almost 3 years ago. I hesitated for a moment but tried to ignore that and went ahead and installed it: when I went to use it, it bundled about 6 apps without me asking, the app I actually wanted to bundle stopped working, and the others it bundled without my permission became extremely slow. Not only that, but my whole phone in general got really sluggish, lagging and all that.
I didn't have a good experience with it and I don't plan on using it again.
FriendBesto
in reply to Delascas • • •northernlights
in reply to degooglerleon • • •aim4harmony
in reply to degooglerleon • • •degooglerleon
in reply to aim4harmony • • •aim4harmony
in reply to degooglerleon • • •