Have a CMF1 from Murena for few months now, pretty happy with it. 350EUR with unlocked bootloader and rooted, used it as daily driver since day one. Transition from iOS was surprisingly painless.
- Posts
- 1
- Comments
- 926
- Joined
- 4 yr. ago
- Posts
- 1
- Comments
- 926
- Joined
- 4 yr. ago
In Belgium we do have e-ID and we had it for years.
If in any of the circles there is only BigTech then indeed you are right it is a threat.
In Belgium though I can access my official document with some of these (honestly I don't remember which, but AFAIR It'sMe is one option) but more importantly there are some options with some decoupling, e.g. SMS (arguable as one must have a phone number usually via BigTelco) but, last and not least :
- a card reader with your physical ID card and its chip with https://eid.belgium.be/en/what-eid which has had Linux packages for years
- just learned about it yesterday which is why I'm excited to clarify this, a 2-step authentification app which does NOT have to be from BigTech, e.g. Ente Auth https://ente.io/auth/ which is FOSS and available on F-Droid
which means as long as at least one of these alternative is available then IMHO we can get some of the benefits without the centralization risk.
"counter measure" against what?
If you have in mind https://dl.acm.org/doi/10.1145/2486001.2486039 then yes, sure, might help against that but honestly if your adversary has this kind of setup, you are in trouble. First what kind of information are you preserving that they would not be able to get otherwise, e.g. just watch through windows, mirrors through windows, hacking Webcam on computers, toys, phones, etc?
IMHO that's like .0001% improvement for a lot of effort so unless you already are pretty much entirely offline, live in the woods with your blind closed, they it's a lot of energy for pretty much no change.
it just redirects all the data collection from Google to Murena
Where did you see that? My understand is that it's only the case if you explicitly create then use a Murena account.
Also trading one corporation against another, in that case if the user genuinely want to (they are not being coerced), would be technically true but... Google is not "one corp". It's one of the largest corporation ever, one of the only two popular mobile OS. It does not mean automatically picking another corporation is better but it's definitely hard to do worst.
I thought eOS wasn’t trust worthy? I can’t remember why though
...seriously? Why do you even repeat it then? The least you can do if you don't want to fuel rumors is to :
- either ask a genuine question, rather than suggest the answer
or, IMHO better, actually
- take just few minutes to find the claim, one way or another, so that at least people can clarify, either confirming what you found or rather explain why it's no correct.
I bet you are referring to https://lemmy.ml/post/35472063 simply because it's relevant recent and (sadly) quite popular... but unfortunately you can read my response, incorrect. OP there has their opinion (they clearly don't like Murena and /e/OS and prefer alternatives, perfectly fine) but unfortunately, and that's what honestly piss me off, make claims that are just not true. You can check the details there. Now is it trust worthy or not, that's up to you, just don't imagine that Murena services are mandatory in /e/OS based on that posts because (as others in this thread also confirmed) it is just a lie.
You know the argument is facetious when Microsoft Corporation is being compared to Linux Foundation.
The whole raison d'etre of one is precisely that it can not be owned and control whereas other is trying since its inception to capture value. The organization of both being in the same country its actually irrelevant.
Edit: don't want to invest too much time on this kind of discussion but, and I don't think Linux == Torvalds anymore, his Wikipedia page does state that he has dual citizenship, in 2010 said "I have way too much personal pride to want to be associated with any of them [U.S. political party], quite frankly." then in 2024 "I'm Finnish. Did you think I'd be supporting Russian aggression?" so I'm not exactly convinced he feels like a US patriot, whatever that might mean.
It is a LOT of work indeed! In fact I even commented on that hours ago in https://lemmy.ml/post/36231170/21124115
... but as you mention the alternative is ALSO a lot of work PLUS frustrations.
So between learned helplessness and tiring empowerment the choice remains obvious.
FWIW whenever it feels like it's "too much" I reminder myself how I browse through obscure
manpages decades ago... to still find them useful today! It's crazy that so long after learning about tools likemoreorgrepis useful on :- a desktop
- a console (SteamDeck)
- a mobile phone (which basically didn't exist back then)
- a VR headset (yes, via
termux) - the "cloud" (as in fine it's just a server)
I don't remember exactly so you are probably right, editing my comment.
- JumpDeleted
Permanently Deleted
I understand the concern. I also imagine (I want to be optimistic here, maybe naively so) that most websites wants some form of analytics, probably does not code it themselves and instead of relying on aggregate data like a traffic counter of hits (maybe due to crawlers and other bad agents not respecting
robots.txt) then went with somethings fancier. Maybe that fancier tool is trying to mitigate automated traffic with fingerprint detectors.Well, one can understand and still disagree with it. I suggest contacting the administrator of such website with their concern BUT in the meantime, until they actually do act (which might be never) I suggest to start with self-defense and use dedicated tools e.g.
Firefox Enhanced Tracking Protection(you can use a non-Mozilla flavor of Firefox if you prefer) or even more specificallyJShelterwith its Fingerprint Detector. and the IT pro with 10 NAS setup are the perfect linux users.
Well I'm closer to that. I'm an "IT pro" (I pay my bills by writing software) and I did learn CS at uni... and yet it's STILL damn hard!
I think that might be the part that "grandma" (bit sexist and ageist there but going with the example) finds it hard is a given but that professionals are struggling daily is somehow hidden away.
I can give you examples from just yesterday :
- my deGoogled Android phone rejected my SIM card yesterday "SIM 1 not allowed"
- my home IoT server stopped working
and few others smaller problems. So... I had to find ways to fix that which lead me to learn that :
- some bug into HomeAssistant (my IoT server gateway) led me to
restartits container, without having to restart the device itself - my Android ROM has a "Reset Network Settings" within the "Reset Options" menu
The irony is that some people who are not professional might even know about the later one but I didn't. So... my whole point :
TL;DR: IT is hard for everyone because it's complex (lots of moving parts) and always changing ("updates" are not just "better" but different) so we ALL must keep on learning.
My point isn't really about the implementation per se (I'm aware of the limitation since at least 2011 by reading then Link Prediction by De-anonymization: How We Won the Kaggle Social Network Challenge so more than a decade ago) but rather that the "solution" Murena offers is not a mandatory service. If people want to use it, they can. I do not want to, I do NOT have to. I'm not arguing that their solution is good, or bad, only that it's optional.
Indeed, it's quite tiring especially when IMHO the goal is to decouple from large dominating actors that are obviously worst. I think the initial motivation is positive, namely genuinely improve privacy, but it goes to such extreme that no compromise is possible (which even that is fine) to actually inventing scenarii that aren't real to make the point.
TL;DR: let's focus on doing better than the popular worst offenders (random recent example) and eventually keep on improving without pushing imperfect projects down
means no Play Store
Indeed, by default AFAICT they provide
Aurora Store and F-DroidApp Lounge (edited: was a little while so I forgot, I install F-Droid on every Android device I have as a reflex).Regarding the consequence... well I don't know the future. Maybe alternative stores will have a "trick" so that they are considered verified and thus can install other
.apk, or maybe it won't matter for rooted phones anyway.I'll preface my answer to clarify that I'm against surveillance capitalism and privacy Zuckering. I say that in the open, do not use Google services, Amazon, have my own PeerTube instance, IoT at home is HomeAssistant with ZigBee, etc. So my goal here is NOT to cut some slack to anyone.
I started with this because I'm not actually sure what you are referring to. Since my initial comment is about Murena STT I'll assume it's that but if not please correct me. This specific service... is not a compromise I would accept. So I'm in NO way advocating for me. The only thing I'm clarifying is that this service is not something one can "stumble upon" and enable without paying attention. That's why I put such recurring emphasis on it. It's not coherent with "sharing all data" or imagining a scenario where somebody buys an /e/OS phone Murena and somehow ending up getting their data leaked (due to the potentially imperfect anonymization) to OpenAI. One has to activate it and to do so one must be a Murena services paying customer. This is not the case when "just" installing /e/OS. So once again I'm not saying Murena is perfect, not even that it did the right choice (according to my own privacy preferences) my relying on OpenAI, and yet that problem is not relevant to most people who use /e/OS.
To make a quick a analogy it's like installing WhatsApp on a privacy OS phone. Sure you technically can do that but if you do and complain about how Meta is collecting your data then you did it on yourself, you can't blame the OS developers.
While I appreciate your desire to improve privacy for yourself and others, you are again inventing things (optional service as if everybody using /e/OS had it, relying on Murena services where not everybody does it) from your very narrow perspective as if it was the truth. Again I imagine your ultimate goal is to help people to find a better alternative (which is something I hope too) but I can't spend more energy arguing with made up problems. I hope others who do read your words and are exhilarated by your passion and the strength of your words do still go check the source of the claims you make but I don't want to have this kind of conversations again so safer to block. Take care of yourself.
Edit: to clarify, Google is the enemy. Meta is the enemy. Amazon is the enemy. etc, not you, not me, not Murena, not LineageOS, not whatever tiny project of the Internet is trying to do slightly less worst than BigTech and surveillance capitalism.
Then it's arguably delegating some of the cost to the final user, large streaming companies spending a bit less on IXP contracts while viewers have to have newer hardware that might need a bit more energy too to run.
back with your Spam
Try it, report me for spam to the mods I'd be curious to hear their opinion.
With /e/, you have to use their own unencrypted servers.
Stop making stuff up... you do NOT have to use Murena services.
Well they say "kill switches are located beneath the battery cover and can be switched with a paperclip or similar tool, so it is not easy to switch them regularly, but for shifting the camera and microphone OFF for longer times they are very suitable"
I'm talking about public services. For private services I have no idea what they all do and, as importantly, what they are legally bound to do. I would hope that obviously they would have to provide at least 1 solution that doesn't rely on any third party, e.g at least provide the card reader with legal Belgian ID option (which seems to be what they offer you, so IMHO that's good enough), but I don't know.
ItsMe not running is pretty good in terms of privacy because their entire business model is, and correct me if I am wrong, to be an intermediary. I didn't check what data they share but I'd be pleasantly shocked if it was none.
The card reader might seem slightly inconvenient or outdated but there is no intermediary and it is, AFAICT, secure because it's based on well established cryptography.
PS: it's also fun because you can play with PAM and thus, I didn't try that, login or get
suandsudowith your ID card.