I’m scared.

Of what? This is not a rhetorical question. Security starts with threat modeling, and your threat model dictates the precautions you need to take.

If you’re most people, your main privacy threat is advertisers and data brokers. Other comments have detailed how they collect data, and it’s usually “voluntary”. Defenses against this include a browser with good adblocking like Firefox with uBlock Origin, using websites instead of native apps as much as practical, using DNS-based adblocking, limiting or eliminating use of corporate social media, turning off voice-activated assistants, and preferring open source when practical.

It is not likely that advertising companies are activating the microphone or camera on your phone without your knowledge. The legal penalties for doing something like that in most countries would be ruinous for even the largest corporations, and the motivation for security researchers to check for things like that is substantial. If it did happen, the impact on your life would likely be a small payment from the resulting class-action lawsuit several years later.

If you live under a repressive regime that is known to routinely install spyware on phones, you may have different concerns. If an intelligence agency, large criminal organization, or multinational corporation is directly targeting you and willing to spend more money than most people have surveilling you, they’ll probably succeed even if you throw your phone in the ocean.

In any case, modern Android phones and modern iPhones do display an indicator when an app (or the system) is accessing your microphone. I do not know if this can be disabled.

It can’t, for certain values of can’t.

On Google certified Android, the feature is required; apps cannot disable it, and there isn’t a UI toggle for it. A phone manufacturer who added a way to disable it would be breaking its contract with Google and could owe money or lose the ability to ship Google certified Android. As for Google’s own devices, “just trust us”. If you have a normal threat model, that’s probably good enough.

If someone very sophisticated and resourceful is targeting you directly, that may not be good enough. It can be disabled with ADB, and it’s possible to run ADB commands on-device. It would be hard to make that happen without physical access to your unlocked phone, but if your adversary is sophisticated enough and the stakes are high enough, it would be unwise to rule it out.

Sony once sold a video camera that could sort of do that under specific circumstances.

Cameras usually have a filter to block infrared light, but that camera offered the ability to toggle the filter to improve the camera’s performance in low light. Hobbyists also sometimes modify cameras to remove their infrared filters for artistic effect or to photograph animals at night without disturbing them with visible light. Some clothing is not fully opaque to infrared light, so an IR camera can sometimes capture some detail of what’s underneath. Adding a filter that reduces visible light and passes IR might increase the effect.

Do you see ads you don’t want to see? If not, it’s good enough.

I don’t especially want to be in the position of defending either spez or r/jailbait, but I was on Reddit at the time and I do think I should explain how 2008 was a different time on the web.

There had been a number of attempts to censor and age-gate the internet in the late 1990s and early 2000s. People involved in creating internet tech and building its culture were almost universally against anything that even smelled like censorship. Much of the early userbase migrated from Digg in response to Digg censoring a leaked DRM key. The only sitewide rule on Reddit was “don’t break Reddit”.

When r/jailbait finally did get banned in 2011 and Reddit’s first content policy was imposed, that decision was unpopular among Redditors even though most thought sexualizing young teenagers was disgusting. It signaled a change to what Reddit was, and people rightly feared that it would lead to significantly more restrictions. Now I have to enforce a rule on r/flashlight that people can’t sell flashlights designed to be attached to guns, and I don’t want to make or enforce such a rule.

It’s fair to be concerned. I have known the author online for several years, and he has reputation to lose if he publishes malware. Of course, you have no reason to trust me either.

It’s a recent fork and rebrand of Unexpected Keyboard.

That’s a good way to think about it because that’s what it does. More people see posts and comments that have more points.

spez implicitly supported the jailbait subreddit when he left it up for several years

spez did not work at reddit between 2009 and 2015.

The reason cast iron is useful for searing a big cut of meat is that it has a reasonably high specific heat capacity (less than aluminum, more than copper, similar to steel) combined with considerably more mass than typical cookware made of other materials. It takes longer for the meat to cool the pan, so more heat transfers into the outer surface of the meat.

Cleanup of properly seasoned cast iron should be about as easy as non-stick pans because the seasoning (polymerized cooking oil) is, in fact a non-stick surface. Contrary to popular belief, it’s fine to use soap on it, but aggressive abrasives can strip the seasoning. Fortunately, that’s not hard to fix.

You can absolutely scrape the seasoning off a cast iron pan through aggressive use of metal utensils, but you can also re-season it by applying a little cooking oil and getting it hot for an hour or so.

For something that’s sure to be enshitified, I use Perplexity regularly, especially since Paypal gave me a free year of its Pro plan. I’m finding it considerably more effective than traditional web search when I’m looking for something specific, though to be clear, I’m looking for an existing web page rather than the output of the LLM. It’s also pretty good at providing the exact command line incantation for some one-off task and producing short code samples for some API I’m probably never going to use again. Sometimes I pay Anthropic for the latter.

Some other stuff:

• Cleverkeys, an open source Android keyboard with open source swipe typing (no Google library dependency).
• Rio terminal - GPU accelerated, written in Rust.
• Lemmy - you may have heard of it.

Not actually new, but more people should know:

• KDE Connect - notification sync, shared clipboard, remote control, etc… between phones and PCs. Supports Android, iOS, Linux, Windows, Mac, and more.
• Syncthing - sync the contents of a directory between multiple devices. Syncthing-fork to do it on Android.

I don’t have a problem with the police entering private homes and installing spyware when authorized by a court order supported by strong evidence. That’s narrowly focused on investigating crime.

What I’m very concerned about is attempts to perform surveillance without individualized suspicion or independent oversight.

I normally dislike self censorship of profanity, but replacing fuck with fsck (filesystem check) is a Unix joke, and I can appreciate that.

I’m sure I hit numbers like that on my DSL.

If you are trying to get the Wordpress software and install it on a server you own or web hosting account you pay for, yes.

If you’re trying to do something else, like sign up for blog hosting from a privacy-respecting service provider without having to administer software yourself, then no. If you want recommendations for services like that, you should probably make a separate post asking for that, with as much detail about what you want to do and whether you’re willing to pay for it as possible.

Edit: I see you did make such a post. If you’re “not tech savvy” as your post says, I don’t recommend administering Wordpress yourself. While it’s something nearly anyone can learn if sufficiently motivated, it’s much more effort for someone without a technical background.

Wordpress the software is open source and isn’t known to do anything shady. Wordpress.com the hosted CMS product uses tracking pixels.

I had someone tell me in almost the same breath that I had written the cleanest code he had ever seen, and that he could hire someone with a PhD from India for a fraction of my rate. I told him to do it if he thought that would get him better results. He didn’t.

When companies try to use the cheapest possible labor, it usually results in a decrease in productivity and quality, which causes them to lose business to competitors in a healthy, competitive market.

If a company can find cheaper labor that performs just as well, they’ll do so and outperform the competition. If they can find a way to distort a market so competitive pressure has less impact, then they’ll do that absent a sufficient threat of punishment.

Yes, that’s adequate for someone who knows how their phone works and doesn’t stream video while out and about.

Signal seems unlikely to comply. It will be interesting to see how they respond. A way to register without a phone number would be ideal.