kyub

AFAIK, browser choice is still limited (as usual with Apple) because every browser on iOS needs to use Apple's WebKit engine. That means they only differ in UI.

Of course they do. It's to be expected that big tech companies use all data they can gather for training AIs, tracking users, creating psychological profiles of the users and selling data to the highest bidders.

Microsoft is also known for creating tools and products which track employees and workers and provide nice looking dashboards and statistics for the employers. And they partner up with Palantir and other companies to create even more effective surveillance solutions for companies and law enforcement to use eventually. MS is a data company since a couple of years, just like Google or Meta is. Data is very valuable.

In the case of Microsoft Office and Teams, there's also the issue of corporate espionage. Companies from all over the world are freely giving away sensitive data about their documents, employees and projects to a US-based megacorp. There was a time in history when this would be called corporate espionage which is supposed to be bad and illegal and so on. But, since they're all doing it voluntarily, and there's no definite proof of MS doing anything because it's a black box and no one except MS can inspect what they're doing, it's apparently "fine". It's like we have collectively become dangerously naive.

So yeah, it's all "fine". Until it isn't. Until it is revealed one day. Then we can all be shocked and say "how could they do this, how could they violate our trust like that, their marketing slides looked so nice and the consultant was so charming and said we needn't to worry about anything they would keep our data safe". Well, if you trusted them in the first place, that's your mistake. You cannot trust a company like MS, Meta, Google, TikTok, and so on with a huge track record of privacy violations. Ever. Cloud = someone else's computer. Host your own stuff. Prefer not to use software with proven track records of privacy violations. Don't use products or services from companies with such track records. Prefer open source over proprietary because when the code is openly auditable that's a plus for trustworthiness, and proprietary applications usually have a bad track record of privacy violations and other anti-user features, while open source software rarely includes such things.

And it's only going to get worse. With upcoming things like Recall, that's almost like having a permanent camera behind you recording your screen at all times. I feel bad for all Windows users, but on the other hand, I don't actually have to care. Keep trusting them blindly, but please don't be surprised when it will come crashing down on you one day.

Well, US politics are more important than those of most other countries, because they still are a huge world-wide influence. But once enough climate change related disasters happened, everything will change anyway (for the worse). If you're young enough to experience the resulting chaos in a couple of decades, you should start preparing for that now (e.g. saving up, not buying houses near oceans, and so on), instead of worrying about more temporary and short-lived political decisions. Unless they directly and significantly affect your life in the short term already, of course. Humanity does and will not be able to fight the climate change based on past and current observations, so buckle up.

Yes.

If you still want to play such "modern" games loaded with what is akin to spyware, I recommend a dedicated only-for-gaming PC (running Linux of course*) using a different IP address than your main system (probably a notebook), for example by using a VPN on one but not the other. I'd recommend using the VPN for the gaming machine, it's less of a risk there, it allows for easy circumvention of geo-blocking, etc. If you need to access some services (e.g. chat) from both machines, create a separate account for it. Don't share account credentials between machines. In fact, act as if the gaming machine is permanently infected with random stuff "required" for modern games, and isolate it accordingly. This is just an idea how to mitigate those problems and don't let them creep into to your real machine where non-game-related data could leak out as a result. But you're still going to support the developer doing this which is not recommended.

*) Why still no Windows, in this isolated case, you ask? Well, because it's important to fight MS' monopoly on gaming machines, so don't support it by running it and contributing to its marketshare. Instead, run Linux and enjoy watching Windows' sinking market share. In fact, if you can, don't support such games either by not playing them, that would be the ideal solution. But this is written under the presumption that you or your friends still want to play it and you kind of feel left out otherwise.

Yes, but my post is for the people who DO care about privacy issues. I also don't like the defeatist's attitude. You can always start making things better. My post is for those who want to make a better informed decision, that's all.

Yeah, you should use Linux regardless. ;-)

Reasons are the data transmissions happening by default and Mozilla's questionable inclusion of add-on things like Pocket. See for example:

https://www.kuketz-blog.de/mozilla-firefox-datensendeverhalten-desktop-version-browser-check-teil20/

vs.

https://www.kuketz-blog.de/librewolf-datensendeverhalten-desktop-version-browser-check-teil8/ and https://www.kuketz-blog.de/mullvad-browser-datensendeverhalten-desktop-version-browser-check-teil22/

You might need to translate the site to English. If you compare that, you can see why it's easy to recommend the forks over the original. That said, you CAN configure Firefox to also behave well, but that takes an extra effort. It is far from there by default.

Well, they're only doing what they announced already like 1-2 years ago. So we knew it was coming. This is also accompanied by Google making YouTube more restrictive when viewed with adblockers. Google is (somewhat late, to be honest) showing its teeth against users who block ads. I always expected it to happen but it took them quite some time. Probably they wanted to play the good guys for long enough until most users are dependent on their services, and now their proprietary trap is very effective.

On the desktop, you should switch to a good Firefox fork right now. Firefox can also be used but needs configuring before it's good. The forks LibreWolf or Mullvad Browser are already very good out of the box. There's the potential issue of the forks not being updated fast enough, but so far these two have been fast. Mullvad shares a lot of configuration with the Tor Browser, so using it may break some sites. LibreWolf might be "better" for the average user because of that, but otherwise I think Mullvad is the best Firefox fork overall.

On mobile, Firefox-based browsers aren't recommended, because on Android, the sandboxing mechanism of Firefox is inferior to that of the Chromium-based browsers. And on iOS, all browsers (have to) run on Apple's proprietary Webkit engine anyway, but well this is Apple we're talking about so of course it's all locked-down and restricted. It's one of the reasons I don't even like talking about Apple that much, just be aware that as an iOS user, your choice doesn't mean as much when it comes to browsers, and your browser might not behave like you think it does on other platforms.

So on mobile, I'd suggest things like Brave, Cromite or Mull. Or Vanadium (GrapheneOS). If the browser doesn't have built-in adblocking capability which sidesteps the MV3 restrictions, make sure to use an ad-blocking DNS server, so your browser doesn't have to do it. But you still need it. Adblocking not only helps you retain your sanity when browsing the web in 2024, but it also proactively secures you against known and unknown security threats coming from ads. So adblocking is a security plus, a privacy plus, and a sanity plus. It's absolutely mandatory. As long as the ad industry is as terrible as it is, you should continue using adblocks. All the time. On every device and on every browser.

The ad industry is itself to blame for this. There could in theory be such a thing like acceptable ads, but that would require ads to be static images/text, not fed by personal data, and not dynamically generated by random scripts which could compromise your security, and not overly annoying. Since that is probably never going to happen, you should never give up using adblockers. Since they basically fight you by reducing your security and privacy, you have a right to defend yourself via technical means.

While this does seem overly restrictive and out of place there, the result of this isn't bad, because everyone should be at the most recent vesion at all times, period. If you aren't, you're exposed to more security holes and bugs. So it's weird that that program forces you to do that, but it's still not bad that you're forced to do it. If you get what I mean. For some less-caring users who'd otherwise never install updates, forced updates are actually a net positive.

I used Vim at first, for a long time, then Emacs since a couple of years. Since Emacs can essentially "contain" Vim (by using evil-mode and so on), and still offer much more flexibility, power and extensibility than Vim does, the answer is kind of clear: Emacs is much more powerful, but (to be fair) also more work up-front to learn and "get into". Plus it has many bad (historic) defaults that need reconfiguring, which also increases the up-front work. For some, this additional workload is too much, and that's fair.

If you're completely new to any of this, I'd suggest going this route: learn/use Vim first for a couple of months or even years. Vim is great, you might even just stick with it. It's also ubiquitous, it's available everywhere, so it's good tool knowledge to have. Learning its basics is no wasted time and it introduces you to powerful keyboard-driven modal editing. Then, when you want more power/flexibility/extensibility, you're ready to use Emacs with evil-mode. You'll continue editing text like you did in Vim, but you have all this added stuff on top. Doom Emacs is a nice distribution of Emacs which also sets up a lot more for you, making the initial configuration less work, and it also uses evil-mode (Vim emulation layer) by default. Evil-mode also isn't some badly implemented crutch. It's really powerful, feels just like Vim and I haven't noticed any Vim feature I'm missing.

If you don't like Vim, you can use Emacs with a different editing style, e.g. its original keybindings, but they have rather poor ergonomics and probably require several individual key rebindings or you'll at some point get RSI problems due to weird finger movement/positionings all the time.

If you don't like Vim and Emacs in general, there's the VSCode route for you, but that's a Microsoft-steered open source project including telemetry, and if you use a fork like VSCodium, thinking that you'll have outsmarted MS, you didn't actually, because there are VSCode extensions which you now can't use anymore because they require the ORIGINAL VSCode. So there is kind of a dependency trap. Plus you can never tell when MS starts making VSCode worse, like they do with Windows these days. Best avoid it altogether, to avoid any risks related to its data and profit-hungry megacorp behind it. Mature open source projects like Emacs have been basically the same rock in the sea since ~35 years or so, they are dependable and will still work the way you want them to work when everything else goes to sh*t.

"We", no. "Too many", yes. In general, hard dependencies on proprietary software or services are often overlooked or ignored as potential future problems. Recent examples of this are Microsoft and VMware. Once the vendor changes things so that you don't like anymore, or drives up prices like crazy, you'll quickly realize that you have a problem you can't solve other than switching, which you might not even be prepared to do short-term.

The Windows world now experiences this because Microsoft is no longer interested in maintaining a somewhat quality operating system, they are mostly interested in milking their user base for data, and don't hesitate to annoy or even disrupt their user base's workflows in a try to achieve that goal.

Many Windows users are currently looking at Linux because of this, but the more your whole workflow is based on dependencies to proprietary Windows-only software, the harder your time to switch will be. If you still use Windows today, you should at least start using more open source or cross platform software, which also will work on Linux, because you are on a sinking ship and there will probably be a time when you can't take MS' BS anymore and want to switch. Make it easier for you in the future by regarding Linux compatibility in the hard- and software you use today.

I hope that our courts in western democracies are strong enough to stop these developments, but I fear they ara not. Once this kind of stuff is being attributed to (even completely unproven) "higher security" or "national security", and once secret services run the software and identification routines, it will land in the same extra-legal space as internet mass surveillance already lives in: "No no, we're not doing that. Okay, you got us, we're doing it, but only in limited scope. Okay, you got us, we're doing it on everyone, but it's important for national security and we can't disclose anything else". And that's usually when nothing can be done anymore about this, and laws and ethics will be outmaneuvered.

Long-time GrapheneOS user here.

Can't say anything about Motorola gestures.

Banking apps MIGHT not all work on GrapheneOS, if unsure check first, or ask on the GrapheneOS forum. I forgot the reasons but it's probably something stupid like the banking app blocking any non-"Google-sanctioned" Android versions via the Play Integrity DRM kind of feature. It sucks, especially because GraphneOS is way more secure and private than any commercial Android, but what can you do, bad decisions are being done all the time.

GrapheneOS is my recommendation, it's easy to install and can be used by tech-illiterate people as well because almost none of its security and privacy enhancing features require any special configuration work from the user or require advanced knowledge, it all happens mostly in the background with good default settings. Even for tech-savvy people this has the advantage of not requiring any tinkering or maintenance work, it feels like using any proprietary Android, just hardened and much more privacy-friendly.

You should still maybe be aware of these potential minor issues:

Some apps might refuse to work on any "unsanctioned" Android version via the Play Integrity thing, but so far this seems to be very rare (thankfully). If you find any, make sure to tell the developers that they should stop doing that.
Some apps might simply require Google Play services to be installed. On GrapheneOS, you can install them via the "Apps" app, and they will be slightly less terrible than they are on any other Android because they won't run with full system rights, but instead they'll be sandboxed and can be completely shut down by using the standard permissions system, which the user is blocked from doing on proprietary Android systems. But then again, if you must use them, then of course they're going to require Network permission and they'll use that to phone home to Google, as they always do on standard Androids as well. So it's not recommended to install any proprietary apps from Google on top of GrapheneOS. Even though on Graphene, the amount of things an app is allowed to do is more limited compared to the huge amount of data an app can read and phone home on a propreitary Android system.
Some apps include certain widgets like Google maps which, again, require the respective app or Play services app to be installed as well. Depending on how these apps are written, they might simply fail completely when this dependency is not there. But so far, I've had luck, and some apps I've used which integrate a Google maps widget still worked without it. So it depends on the app and the quality of its developers.
When not having the Google play services installed (default), you won't have access to Google's push notification system in the cloud. Some apps, even some privacy-respecting apps like Signal, rely on that. Signal will work without, but then it uses a power-inefficient alternative based on websockets instead, which means Signal without Google play services drains your battery faster than it would otherwise. There are ways around this by using the Molly fork of Signal (Signal is open source and there is at least this one fork often being used as well) with the open source app "ntfy" and an either self-hosted or a privacy-respecting ntfy server instance somewhere to go along with it, which will then act as your own push notification server in the cloud. So you don't need to contact Google's stuff for that, and less connections overall to Google equals more privacy overall.
If you do decide to install the Google play services app on Graphene, make sure to allow it to run in the background. But, again, it's not recommended to use any proprietary Google apps/services.
Once you have Graphene installed, be sure to use its integrated browser called Vanadium (a hardened Chromium fork) to download and install an "app store" of your choice. When I first started out, I installed the F-Droid apk first, then from within it Aurora as a Play Store client. Giving me access to a lot of open source and Play Store apps, respectively. F-Droid unfortunately has some potential disadvantages, which is why I recommend using Obtainium instead of the F-Droid client (you'll still access the F-Droid repository sometimes because some APKs of open source apps are only hosted there, but at least you'll avoid potential issues with the F-Droid frontend application then). Using Obtainium instead of F-Droid will be slightly more work at the beginning because you have to gather URLs to the release APKs (usually on git forge repos like github) of the open soruce applications you want to install, but afterwards it's just as easy with one-click updates and so on. You can also use the app AppVerifier to verify apps. That app is available for example on the Accrescent app store, which is a new still in-development app repository hosting only a few open source Android apps currently but it's at least supposed to be more secure than F-Droid.
Make sure to configure a privacy-friendly and ad/tracker-blocking DNS server, as well as something like RethinkDNS or NetGuard Pro to control which apps are allowed to contact which hosts/IPs. Otherwise, while Graphene itself won't violate your privacy, many apps will still do that (especially proprietary apps often contain several trackers).
If you need tutorial videos on how to install or initially configure Graphene, or Obtainium, watch the youtube channel "Side of Burritos", excellent content.

If any of that sounds scary, it shouldn't be. Most of these issues are really minor and it's unlikely that you'll be too negatively impacted by any of it, so give Graphene a try without Google services. There are great open source apps out there for all sorts of functionality. Just felt I should mention any potentially small pitfalls.

Other Android variants or ROMs are inferior to GrapheneOS in terms of security and privacy, unfortunately, so it's best to buy a cheap Pixel (8th generation recommended due to strong hardware-based security) and install Graphene on it. Otherwise you'll miss out on Graphene's very strong security and privacy features. There are some other privacy and security oriented Android variants like Calyx or /e/OS or things like that, or even LineageOS, but they all, again, don't reach up to Graphene's level of security and privacy.

HTH

RethinkDNS is probably better, but I'm currently still using NetGuard Pro and kind of happy with it, but I will soon migrate to Rethink DNS. If you use NetGuard, make sure to use the Pro version, download its hosts file and use it in whitelist mode and display all contacted hosts/IPs for each app (block everything by default, allow only the technically necessary connections!). The more proprietary apps you use, the more tracking hosts you'll see being contacted (lots of proprietary apps contact Google, Meta, etc.). Don't allow these connections.

Remember that this is just one case in isolation. US-based data hoarders like Google, Meta, Microsoft, and so on are also regularly sued for various privacy law violations. And they all deserve it equally, TikTok included. I hope no one is left out. That said, unfortunately, the punishment is often a joke, which means these companies simply pay it out of their pocket change and then continue doing the exact same stuff. For example, France sued TikTok for something like 5 million $. Unless that number goes into the billions at least, I bet it's still way more profitable for those companies to continue to absolutely sh*t on anything privacy related. So, in essence, nothing will change because of this. Not for US-based data privacy violators, not for Chinese-based. "Same shit, different country" has never been more fitting.

Well, Linux is like a juggernaut that's inching ever closer in all sorts of areas (while already dominating in some areas). The time frame where it makes sense for Microsoft to spend increasing amounts of resources to maintain and further develop Windows is closing, and if you look closely, they've pretty much shown that Windows is not at all priority #1 anymore since at least Nadella became CEO. We also live in a world which is increasingly becoming OS agnostic, which is bad for Windows' dominance and great for Linux, MacOS, and others (because there's less and less relevant applications specifically requiring Windows). Of course, Linux on the desktop also grows stronger and more mature year after year, which further accelerates the change.

There will also be some points in time which hugely accelerate things, like Valve going all-in on Steam Deck and Proton and to make Steam a more independent store/community platform, and also Microsoft making Windows worse and more user-hostile over time. From a business perspective, it makes sense for MS - they want to go full cloud (= full control), almost full removal of control for the user, and full ingestion of as much data from the user as they can - to sell it, utilize it for own purposes, and train AIs with it. It's what increases profits in the short-term. A lot of companies are doing that kind of stuff. MS is just one of the more ruthless ones, which, again, makes sense, because they still have a big userbase to exploit. In the long-term, they're damaging, no, DESTROYING Windows' reputation as a half-decent OS (even among Windows fans) and driving more and more users to the alternatives. It's kind of inevitable. MS' striving for profit has doomed Windows, and soon, when no single company will be able to compete with the ever evolving Linux ecosystem anymore, Windows is also doomed. It's kind of a law of nature now. It's not a question of if, just when.

(I've used both Windows and Linux extensively, Windows since MSDOS/Win3.x, Linux since 1998. About 10 years ago, I've switched exclusively to Linux and banned Windows into a VM only that gets booted less and less [I think it's been off for 2 years already]). I, for one, welcome our new old Linux overlords.

Now that you know better, make sure to keep an eye on Windows or MacOS only dependencies in the future, and avoid those.

Flameshot is great, I use it every day at work and home. The integrated editing/annoation/drawing functions are superb.

Yes. It’s basically about a ban or circumvention of E2EE, as usual. And as usual, this is not an option. Do not throw away your rights to strong, working encryption. Never.

kyub

@ kyub @discuss.tchncs.de

Posts

1
Comments

234
Joined

3 yr. ago

kyub

iPhones in the EU get ability to set more default apps, delete more built-in ones

Talk me down: Teams could be a tool of mass data gathering

Permanently Deleted

StormGate - Privacy Policy and End User Agreement. Is this just the new industry standard to avoid?

Chrome will block one of its biggest ad blockers

Can't change xbox controller settings without updating Windows first

Chrome will block one of its biggest ad blockers

Chrome will block one of its biggest ad blockers

Can't change xbox controller settings without updating Windows first

Emacs or VI: The Definitive Answer. - Invidious

Are We Too Dependent on Microsoft?

Laptop recommendations

Starmer’s live facial recognition plan would usher in national ID, campaigners say

I want to move to a degoogled rom, what do I need to know?

Do you use apps like NetGuard or TrackerControl? How are they like?

US Justice Department sues TikTok, claiming it violated kids' privacy.

Switching back to Windows. For now.

Switching back to Windows. For now.

Flameshot, an Open Source screenshot software

Europol says mobile roaming tech is hampering crimefighters