OpSec Lounge (Security, Privacy, etc.)

[Bird]

Do any of you guys have a privacy-friendly phone you'd recommend? After Snowden's interview with Vice, I've been looking to downgrade from my iphone. But it looks like even the qwerty and the flip phones now have internet browsers, etc.

My dumb phone also has an internet browser, but I haven't install the internet connection,
so it's still a dumb phone.

Would it be impossible to live without a smart phone? Covid has me working from home and it makes me want to get rid of my phone.

No, it wouldn't. I haven't used a smartphone ever.

Here is also a discussion on Dumping the Smartphone

 

[Emperor Constantine]

I installed the cookie autodelete plugin on Firefox, and I've been impressed by how many cookies big websites try and sneak in everywhere. Just clicking through this forum, I'll get these notifications that say "19 cookies deleted from wikimedia.org" or "5 cookies deleted from youtube.com".

 

[Er Miqué]

Firefox and most browsers have spyware features, like most websites and other software. There is this guide about spyware and privacy; https://spyware.neocities.org/articles/index.html A good read for any of you concerned about privacy.

 

[joost]

Do any of you guys have a privacy-friendly phone you'd recommend? After Snowden's interview with Vice, I've been looking to downgrade from my iphone. But it looks like even the qwerty and the flip phones now have internet browsers, etc.

Buy an unlocked Google Pixel 3 (even a used one) and install GrapheneOS.

Then you have to avoid installing spyware like Google and Facebook kind of apps.

 

[joost]

Firefox and most browsers have spyware features, like most websites and other software. There is this guide about spyware and privacy; https://spyware.neocities.org/articles/index.html A good read for any of you concerned about privacy.

Here you can download "ungoogled" version of Chromium:

Download latest stable Chromium binaries (64-bit and 32-bit)

Download latest stable Chromium binaries for Windows, Mac, Linux, BSD and Android (64-bit and 32-bit)

chromium.woolyss.com

Github page if you prefer:

GitHub - Eloston/ungoogled-chromium: Google Chromium, sans integration with Google

Google Chromium, sans integration with Google. Contribute to Eloston/ungoogled-chromium development by creating an account on GitHub.

github.com

 

[Max Roscoe]

I wouldnt recommend any IOS or Android phone to anyone concerned about privacy. Despite being a "techy" and having a good number of gadgets, I never got into the smartphone craze. I have an Ipad, Amazon kindle (tiny tablet), desktop and laptop, but honestly even having a mobile telephone when I'm out doing something is more a distraction than a benefit. If I'm with a real person doing something real, I don't want to be interrupted to talk to someone else--it's rude and disrespectful to the person I'm with, and it's a distraction from whatever thing I was doing in the first place. Voice mail was invented for a reason. People used to pay extra for a home answering machine. Having something to screen your calls so you can talk to people on your own schedule and terms is a great benefit (OK can you tell I'm an introvert?).

A smart phone will give you a false sense of security. I don't trust them not to spy on you. Apple is much better than Google for privacy, but they were caught years ago clandestinely storing your physical location using the GPS chip (how quaint that people were bothered by that!). Buy a Nokia (not their newer Lumia line). Check gsmarena for reviews if you want. The battery will last a week or more.

If you are a smartphone user, it will be an adjustment to stop using yours, but I think you will find it freeing. And if you enjoy the benefits of tech, you can get 95% of what your smartphone gave you. You don't have to stop using it. Just stop using it *everywhere*.

Just supplement your phone with a tablet or smartphone without a service plan. I own an iphone 6 that I bought at Wal Mart for $150, about 1/8 of what the flagship iphone costs. It is locked to their phone network, but I don't care as I turn the cell radio off and it has no service plan (or monthly fee--some people are paying $1,000 a year or more for this). I mainly use the thing to take photos, make notes, play podcasts, give me directions, or tell me the weather when I wake up. I have a plug-in GPS in my car, which I would need anyway for my work, which I can use as a backup for directions if needed (rarely).

I'm mostly using the phone on my home wifi where I have heavy ad- and tracker-blocking installed on my router. I have over a dozen podcast episodes downloaded at any time. A cellular data connection just isn't needed for most things. And the restaurants, cafes, auto repair shops, home improvement stores, etc. all have wifi. If I want higher quality audio, or video calling, I can make calls via whatsapp, facetime, or signal, and they are even better quality (Note: Signal is NOT secure).

I can do everything a typical smart phone user can, but I'm not tracked or bombarded with ads, or paying $1,000 a year for it and I'm not a zombie who always has his face in his phone. What can't I do? stream spotify in my car... ask for directions while I'm driving... that's about it. Don't care about those things.

 

[Hypno]

Someone mentioned a password manager above. I'm behind many of you on tech issues, so I only recently investigated them.

The main benefit of a password manager is it allows you to use crazy passwords li8ke 7U(@zg=1q but only memorize a single, easy to remember password. It also allows you to use different crazy passwords for each site. Together, this means in practice you are using more secure passwords and even if one of those sites get hacked the bad guys don't get access to other sites where you used the same password.

You do have to memorize a single password to your password manager. So it is putting all of your eggs in one basket. But they encourage a very long password for it. But this can be easier for you to remember than you might think - for example, you might use the first sentence to your favorite book or a saying like TheQuickBrownFoxJumpedOverTheLazySleepingDog.

 

[Easy_C]

A smart phone will give you a false sense of security. I don't trust them not to spy on you. Apple is much better than Google for privacy, but they were caught years ago clandestinely storing your physical location using the GPS chip (how quaint that people were bothered by that!). Buy a Nokia (not their newer Lumia line). Check gsmarena for reviews if you want. The battery will last a week or more.

That helps for advertising data, NOT government. They have backdoor access to the network providers, and the network providers track the locations of all devices using the network. If you're really paranoid the burner phones need to be used only away from home.

 

[Bird]

Here you can download "ungoogled" version of Chromium:

Download latest stable Chromium binaries (64-bit and 32-bit)

Download latest stable Chromium binaries for Windows, Mac, Linux, BSD and Android (64-bit and 32-bit)

chromium.woolyss.com

Github page if you prefer:

GitHub - Eloston/ungoogled-chromium: Google Chromium, sans integration with Google

Google Chromium, sans integration with Google. Contribute to Eloston/ungoogled-chromium development by creating an account on GitHub.

github.com

Iron Browser would also be recommended. Here's a comparison between Chrome and Iron

 

[Matianus]

I recommend Iridium which is essentially un-googled chromium but easier to update. I haven't tried Iron before.

https://spyware.neocities.org/guides/iridium.html

 

[budoslavic]

Good thread idea.

My current setup:

• Operating System: Linux Debian
• Browser #1: Firefox - (same extensions as already mentioned by Redbeard)
• Browser #2: Pale Moon browser (lite version of Firefox)
• Personal Email: ProtonMail
• VPN: still looking for a decent and useful VPN. Previously, I used ProtonVPN for a while.
• Privacy Tools (as mentioned by Redbeard) is a useful informational site for anyone who is concerned about privacy.

 

[budoslavic]

Do any of you guys have a privacy-friendly phone you'd recommend? After Snowden's interview with Vice, I've been looking to downgrade from my iphone. But it looks like even the qwerty and the flip phones now have internet browsers, etc.

Same. I have been trying to get my hands on a Sailfish OS mobile phone.

Sailfish OS fourth generation - Sailfish OS

sailfishos.org

Problem is, Sailfish OS isn't available and/or supported in some countries - i.e., Canada & USA.

Yes, this is intentional. From the official Sailfish X website:

Current availability: EU, Norway, Switzerland

And the Jolla Shop (where you can buy the SFOS X licences) even states:

Availability: Sailfish X is currently available in the countries of the European Union, Norway and Switzerland (“Authorized Countries”) and the use of our website and services to purchase Sailfish X outside of the Authorized Countries is prohibited.

Any idea of the reason behind?
objectifnul (Oct 15 2017)

Same situation was around Jolla C. So why this happening.
alexxy (Oct 15 2017)

James said the limitation results from payment issues. It may be that Jolla can't find a reliable partner for processing orders. Additionally, the whole taxes and warranty thing may be a big topic for Jolla. With the current availability (inside the EU / Schengen area), Jolla can easily and legally safe tax all sales in Finland. If they want to sell SFOS X outside of the EU area, they'll probably have quite some trouble regarding taxes and legal restrictions. I'd imagine that it's simply to much of a hassle (and not feasible from a financial point of view) to undergo the whole process (getting legal advice, meeting foreign laws etc) to just sell a few licences in that country.

I'd suspect Jolla simply hopes that it's customers are clever enough to find alternatives to purchase a SFOS licence if they live outside the EU
ghling (Oct 15 2017)

Is it able to order the image with use a vpn trial from http://www.vpntrial.net/country/finland/? Is a new account neccesary with adress in finland?
chris_bavaria (Oct 15 2017)

Should work with Tor browser if you get a route that ends in one of the accepted countries. Some of the routes are very slow. Also, It is not only the location, they test the browser fingerprint, so make sure you disable that as well in Tor.
bade866o (Oct 15 2017)

SailfishX not available in some countries - together.jolla.com

Hi! Is it intentional that SailfishX not available in some countryes? I cannot buy it from Russia =\ ...

together.jolla.com

With that being said, I am looking into buying a UBPorts (Ubuntu Touch) phone.

PINEPHONE – “Community Edition: UBports” Limited Edition Linux SmartPhone – PINE Store

store.pine64.org

 

[Mountaineer]

My current setup:
Personal Email: ProtonMail

On the bottom of ProtonMail page there is this badge:

Horizon 2020

The EU framework programme for research and innovation

ec.europa.eu

Everything EU on a site dedicated to privacy is suspicious. What to think of it?

 

[Bird]

 

[dansistor]

I find that DuckDuckGo while not as good as Google, is sufficient- and getting better

 

[Bird]

If you don't want to miss google results but concerned about privacy just try www.startpage.com

You can’t beat Google when it comes to online search. So we’re paying them to use their brilliant search results in order to remove all trackers and logs.

 

[joost]

Mobile OS:
I bought a used Google Pixel 3 for $200 and installed GrapheneOS. Open Source and recommended by Edward Snowden. I find iOS to be more polished but It's a matter of getting used to.
I use Wireguard instead of OpenVPN. Both you can set to block connection when not connected to VPN.
Instead of using Google Play Store you can use F-droid (for open source apps) and Aurora Store; you're able to download apps from Google Play Store without a google account. Pretty neat.
Mobile apps:
-For communications I use Signal.
-For email I use Protonmail. Don't expect email to be safe or anonymous. Any provider will give your information if receives a subpoena. Tutanota is another free service but their mobile app ain't that fast and polished as Protonmail.
-MEGA for cloud backup. You get 50GB and it's a zero-knowledge service. If you don't share your files online (specially illegal like ones that infringe copyright) you won't be targeted.
-Modified version of Spotify. You get premium service for free. I decided to not support them after offering me a BLM/Black Queer albums.
-Magic Earth as Google Maps substitute.
-NewPipe as Youtube substitute. No ads, play always in good quality and you don't have to sign in.
-Samourai Wallet for Bitcoin. It's pretty neat.

If you can't leave the Apple ecosystem, do not use iCloud or Siri. Avoid speakers that have dozens of microphones working all the time or Internet Connected cameras that backup "in the cloud".

 

[redbeard]

Good thread idea.

My current setup:

• Operating System: Linux Debian
• Browser #1: Firefox - (same extensions as already mentioned by Redbeard)
• Browser #2: Pale Moon browser (lite version of Firefox)
• Personal Email: ProtonMail
• VPN: still looking for a decent and useful VPN. Previously, I used ProtonVPN for a while.
• Privacy Tools (as mentioned by Redbeard) is a useful informational site for anyone who is concerned about privacy.

VPN's may or may not be necessary:

 

[redbeard]

Mobile OS:
I bought a used Google Pixel 3 for $200 and installed GrapheneOS. Open Source and recommended by Edward Snowden. I find iOS to be more polished but It's a matter of getting used to.
I use Wireguard instead of OpenVPN. Both you can set to block connection when not connected to VPN.
Instead of using Google Play Store you can use F-droid (for open source apps) and Aurora Store; you're able to download apps from Google Play Store without a google account. Pretty neat.
Mobile apps:
-For communications I use Signal.
-For email I use Protonmail. Don't expect email to be safe or anonymous. Any provider will give your information if receives a subpoena. Tutanota is another free service but their mobile app ain't that fast and polished as Protonmail.
-MEGA for cloud backup. You get 50GB and it's a zero-knowledge service. If you don't share your files online (specially illegal like ones that infringe copyright) you won't be targeted.
-Modified version of Spotify. You get premium service for free. I decided to not support them after offering me a BLM/Black Queer albums.
-Magic Earth as Google Maps substitute.
-NewPipe as Youtube substitute. No ads, play always in good quality and you don't have to sign in.
-Samourai Wallet for Bitcoin. It's pretty neat.

If you can't leave the Apple ecosystem, do not use iCloud or Siri. Avoid speakers that have dozens of microphones working all the time or Internet Connected cameras that backup "in the cloud".

How was your GrapheneOS installation process? I've been looking into this but it seems like a PITA.

 

[joost]

I'm installing from a Mac. It was a PITA initially until I discovered where the problem was. The solution was to drag the files to Terminal to give the correct location (example below).

Download GrapheneOS latest relase:

GrapheneOS releases

Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

grapheneos.org

Download latest platform-tools:

Android Studio release notes | Android Developers

Discover what's new in the latest versions of Android Studio, the official IDE for Android.

developer.android.com

On device:
Settings ➔ System ➔ Advanced ➔ Developer options and toggle on the 'Enable OEM unlocking'
Enable USB debug too.

On Device:
Boot device with VOLUME DOWN + POWER to enter BOOTLOADER.

On Macbook:
Drag fasboot file (from platform-tools) to Terminal adding flashing unlock. Like this:
/Users/YOURUSERNAME/platform-tools/fastboot flashing unlock

Unzip GrapheneOS relase inside platform-tools.

Open flash.all.sh with text editor and change path to files. Like this:
-----------------------------------------------
fastboot flash bootloader /Users/YOURUSERNAME/platform-tools/bootloader-blueline-b1c1-0.2-6085603.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio /Users/YOURUSERNAME/platform-tools/radio-blueline-g845-00096-200114-b-6134206.img
fastboot reboot-bootloader
sleep 5
fastboot erase avb_custom_key
fastboot flash avb_custom_key /Users/YOURUSERNAME/platform-tools/avb_pkmd.bin
fastboot reboot-bootloader
sleep 5
fastboot -w --skip-reboot update /Users/YOURUSERNAME/platform-tools/image-blueline-2020.05.23.12.zip
-----------------------------------------------

Drag flash.all.sh to Terminal to start. When finish, choose restart BOOTLOADER and lock fastboot:

/Users/YOURUSERNAME/platform-tools/fastboot flashing lock.

RESTART

Let me know if you need more detailed explanation.