• 2 Posts
  • 395 Comments
Joined 3 years ago
cake
Cake day: January 17th, 2022

help-circle
  • IMHO it goes deeper than getting your biometrics, namely do you trust your government? If you do not … then finding “tricks”, technical or legal, will not help in the long run. You need a new government either by changing the one you have or if in feasible becoming citizen of one you do trust.

    So… yes necessary “evil” but I’d argue the question is rather how to held the government holding your data accountable, not how to find ways not to have your government hold data. Your government having your data is precisely what let you legally exist and it’s hard to imagine, but maybe it’s just my own shortcomings, being able to exist in a legal system without identifying you as an individual. Note though that this is NOT the same as surveillance.


  • been running linux and bsd for 15 years, and now I’ve realized that my phone and the services I use have been a blind spot.

    Exactly! Few months ago a friend was home and I was proudly showcasing my HomeAssistant on RPi, all ZigBee, no non-standards IoT, no vendor lock-in, SteamDeck to play on Linux, streaming videos with VLC on my video projector via miniDLNA, etc. He was impressed… then asked “Right, and what’s your phone?” to which I, quite ashamed, had to confess I was relying on an iPhone. It was secure, no Android, etc. On that day I thought “Ok… ok I got PinePhones, I got other gadgets but somehow this specific part of my digital life is wrong!” and thought I should try, even if it wouldn’t work, something else. I also wanted, due to geopolitics (sadly), a non American solution so checked https://volla.online/ which looked wonderful but too expensive for a test. Noticed Murena, French based, refurbished or even new phones but much lower price but still paying for service and I hope for /e/OS maintenance and voila, found a compromise that works for me for now!

    S,T,U are build versions, where S and T are official and U is community. You can see a discussion on https://community.e.foundation/t/difference-between-e-os-builds/60585/7






  • Ah, glad you asked because this is precisely what I highlighted to a friend yesterday : it works, even that!

    I make online purchases, like train tickets here in Belgium on the go, with the phone, via the website of SNCB (the national railroad) or any most other commercial website basically. So yes at least some banking apps do work, as I can’t obviously confirm for ALL of them.

    In practice you get App Lounge in anonymous mode, letting you download and install apps from the (proxied AFAICT) Play Store. So you do not need to login to any store yet can install apps beyond solely F-Droid. That being said the vast majority of Apps I use come from F-Droid or directly install the .apk via adb.


  • multiple Android versions outdated.

    What’s the pragmatic consequence of that? Are the security risk actually that great because Android architecture isn’t that secure or rather isn’t there a smaller and smaller amount of hard to execute exploit anyway that yes being up to date is always more secure yet only marginally so?

    I’m asking because I worry that always playing faster catch up with Google leave them in charge.


  • utopiah@lemmy.mltoPrivacy@lemmy.mlGraphene OS Situation
    link
    fedilink
    arrow-up
    8
    arrow-down
    2
    ·
    edit-2
    1 day ago

    Bought /e/OS running CMF https://murena.com/shop/smartphones/brand-new/murena-cmf-phone-1/ few months ago, no frill, no tinkering, just works. Daily driver since I received it.

    I do have more… specific phones, e.g. PinePhone and PinePhone Pro, but I never managed to use they as daily drivers.

    That said, I’m only sharing this because it is “good enough” for me but you probably have different concerns than me. I’m not a political dissident, not a journalist, not a security researcher, just a random dude living in Western Europe.

    I tend to find that identifying precisely what your threat model is facilitate pinpointing pragmatic options.





  • Actually no I use it for CRYSTALS-Kyber /s

    Yes, just joking it’s not even meant for a “replacement” but rather how to give a pragmatic affordable (the 1st one I made was literally just 2 paper strips and scotch tape) fun way to explore ROT… but IMHO it can be just a starting point. You can do that and sequence them, e.g. ROT-X where X is the date so e.g. today is 06 12 2025 so you would ROT0 the first letter, ROT6 the second, etc.

    It is only meant to be fun, please don’t use this in actual serious situations.






  • utopiah@lemmy.mltoPrivacy@lemmy.mlI made a gpg Hat
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    4 days ago

    That’s the kind of things I expect somebody to be into deciphering to have already a ~/Prototypes/deciphers/ directory with a bunch of scripts with the basics and maybe a testing script that iterates through them sorted by probability (maybe based on popularity) and checks output against keywords, e.g. stop words of increasing length then dictionaries.

    TL;DR: I bet that person had automated that process.