This article will describe how lemmy instance admins can purge images from pict-rs.

| [!Nightmare on Lemmy St - A GDPR Horror Story](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/) | |:--:| | Nightmare on Lemmy Street (A Fediverse GDPR Horror Story) |

This is (also) a horror story about accidentally uploading very sensitive data to Lemmy, and the (surprisingly) difficult task of deleting it.

People here's take about why free software ("open source") should be preferred, in my opinion (basically the OpenBSD's opinion) is flawed.

You said "open source" is "good" because it permits having eyes on ("auditing") and make sure there isn't malware.

This is NOT the most important benefit. But it is flawed because, you guys don't even have the knowledge to do coding. You guys are activist/"journalists" working for CIA. So you cannot audit the software yourselves.

Or "open source" but with a bad code style, how can you make sure the code doesn't have backdoors? But I think hilarious journalists that is only smart enough to post fake news about how down is the Russia and China economy can't even write bad code.

"open source" is good, firstly, because it permits auditing the source code and find the bugs, replace flawed/bad code with safer alternative (for example, the advantage of an open-source C software when porting to OpenBSD is they can replace every occurrence of strcat/strcpy with safer strlcat/strlcpy), sandbox it (on OpenBSD, with pledge and unveil), do privileges separation and revocation, etc.

And I think "you can make sure there isn't malware/backdoors" is the second benefit, NEVER THE FIRST.

Conclusion: Do not blindly trust what is "open source" when you can't even do code auditing.

So I want to make this post because I don't know why instances, mine specifically, choose to block others. Now, don't get me wrong that blocking instances that are CP related and anything illegal is something that should and needs to be blocked and/or removed. but if its something like Threads, let me choose to block a user myself, give me the freedom to do so. I've seen Brodie Robertson's video talking about this, and I whole heartily agree with his stance on this where letting the user have the freedom to block a user or instance themselves.

---

I just feel that some lemmy instances are turning into big tech companies where they are controlling everything, and don't get me wrong, its their server space, do what you want to do, but at least since you are using foss to run your lemmy server, at least be different then Reddit or YouTube etc. I created a lemmy account just to have a more private experience from Reddit without being tracked all the time. guess I was wrong.

---

not trying to get on the wrong foot here, I am just a fan of internet freedom, and I think you should have the right to do anything you want online, that's within legal waters.

Thoughts...

Whenever I encounter the label "made in EU", "Germany", "Estonia", "France" ...... in the footer of a web project, which implies enhanced data-protection, apparently, I wonder:

How can it be so? There're some data-protection laws, yes. But one can't control a hosting provider 24h/day. One can't know whether an employer there copies all data on his memory-drivers.

Can't the police, if need be, seize a server as easily as it would in any other country on Earth?

Don't the majority of all of countries in Europe share information with the intelligence of US by the agreements of the 5 eyes, 9 eyes, 14 eyes? Whereas the 2nd and 3rd world countries don't.

!

How is it better than a label "made in South Africa", "Thailand", "Costa Rica", "Egypt", "Kuwait"?

I can see how "made in Germany" or EU makes a project worse in terms of privacy and data-protection. How could it make it better, though?

From https://www.freedownloadmanager.org/blog/?p=664:

> It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software. Only a small subset of users, specifically those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed. It’s estimated that much less than 0.1% of our visitors might have encountered this issue. This limited scope is probably why the issue remained undetected until now. Intriguingly, this vulnerability was unknowingly resolved during a routine site update in 2022.

Hello everyone.

Currently me and my GF have our finances organized in a Google sheet file (hosted on Google drive), being that file integrated with a Google form.

What we do is having on our cellphones a shortcut to the form, where we input all our expenses, they are directly and automatically registered in the sheet, and on another tab we've built some sort of dashboard based on all the values the form registers.

So given this context, is there any option or group of options that are open source, and that achieve this same purpose / scenario?

If possible everything acessible on a cloud or at least onlinez so we don't lose this flexibility and accessibility on our cellphones.

Thanks in advance

I'm undertaking the process of disentangling Google and Microsoft from my life. Does anyone have any tips for removing my last 20 years of files from Onedrive and Google Drive? Where do you host your long-term storage? What's a good way to handle the migration?

We're happy to announce that we were successfully able to initiate a BusKill lockscreen trigger using a 3D-printed BusKill prototype!

| [!3D Printable BusKill (Proof-of-Concept Demo)](https://www.buskill.in/3d-print-2023-08/) | |:--:| | Watch the 3D Printable BusKill Proof-of-Concept Demo for more info youtube.com/v/Q-QjHelRvvk |

via @Goldfishlaser@lemmy.ml

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

| [!What is BusKill? (Explainer Video)](https://www.buskill.in/#demo) | |:--:| | Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4 |

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Why?

While we do what we can to allow at-risk folks to purchase BusKill cables anonymously, there is always the risk of interdiction.

We don't consider hologram stickers or tamper-evident tape/crisps/glitter to be sufficient solutions to supply-chain security. Rather, the solution to these attacks is to build open-source, disassembleable, and easily inspectable hardware whose integrity can be validated without damaging the device and without sophisticated technology.

Actually, the best way to confirm the integrity of your hardware is to build it yourself. Fortunately, printing your own circuit boards, microcontroller, or silicon has a steeper learning curve than a BusKill cable -- which is essentially just a USB extension cable with a magnetic breakaway in the middle.

Mitigating interdiction via 3D printing is one of many reasons that Melanie Allen has been diligently working on prototyping a 3D-printable BusKill cable this year. In our latest update, we hope to showcase her progress and provide you some OpenSCAD and .stl files so you can experiment with building your own and help test and improve our designs.

Print BusKill

[!Photo of the 3D-Printed BusKill Prototype](https://www.buskill.in/3d-print-2023-08)

If you'd like to reproduce our experiment and print your own BusKill cable prototype, you can download the stl files and read our instructions here:

• buskill.in/3d-print-2023-08/

Iterate with us!

If you have access to a 3D Printer, you have basic EE experience, or you'd like to help us test our 3D printable BusKill prototype, please let us know. The whole is greater than the sum of its parts, and we're eager to finish-off this 3D printable BusKill prototype to help make this security-critical tool accessible to more people world-wide!

A while ago I made an app for tracking baby activities because I became a parent and was horrified at how many permissions the existing apps required and how much tracking they contained. Both the app and the server are open source.

This is a web-app which also has an Android version in the Play Store (F-Droid didn't accept it because they don't feel like web-apps should be welcome in their store). On iPhones it can be installed as a PWA to the home screen.

Features:

• No tracking whatsoever
• End-to-end encrypted, no personal information is stored on the server unencrypted
• Track baby's feeding, diaper changes, breast pumping and sleeping (more to come)

Links:

• https://baby-journal.app - the PWA itself
• https://play.google.com/store/apps/details?id=app.baby_journal.twa - the Play Store Android wrapper
• https://github.com/RikudouSage/BabyJournalApi - the server source code
• https://github.com/RikudouSage/BabyJournalUi - the PWA source code

I stan Firefox but I am scared about this to the point not much discussion exists on this.

The HOSTS ruleset has been not maintained for a while, and that is not very helpful. This is a copy of Energized Ultimate from April 2022 that I am still using just fine. https://www21.zippyshare.com/v/qRxZ0lp9/file.html

The various lists that Energized project used in combination can still be referenced. https://i.imgur.com/yZRDVAl.jpg

I think 1Hosts PRO is a good replacement, but try Lite or Pro whichever you prefer. https://github.com/badmojr/1Hosts You may try combining other HOSTS lists with this if you want to, and are technically adept enough.

Another good option is AdAway, but you might need to combine other lists with it to have competent blocking compared to Energized.

You also need to reference, download and merge spam and phishing lists manually if you want extra protection, unless you want to rely solely on DNS providers. I prefer having both HOSTS ruleset systemwide and a DNS provider, then whatever network firewalling/tunnelling is needed.

Hello! Just a quick update, since all of us use these services, and everyone is suddenly thrown off.

YouTube has introduced a change in layout of videos. Until now, we could see videos sorted in chronological (ascending or descending) orders, or popular.

Now, we can only see "popular" and "recently uploaded" sorted videos due to YouTube's latest change. Invidious proxies (method which Newpipe uses to fetch video information) only show "oldest", "newest" and "popular" sorted videos. The former 2 sorting methods no longer work, which Invidious proxies show by default.

It is unclear why YouTube removed the chronological sorting, which has always been useful. A conspiratorial guess being made is that YouTube can remove older videos or videos with no ads or demonetised channel videos.

You can do few things, like:

METHOD 1

For this method, having https://www.f-droid.org/packages/com.trianguloy.urlchecker/ on your Android phone is very handy, because of quick URL string manipulation accessibility.

YouTube provides system playlists with user uploads: you can access them by taking the channel ID (not the user ID or the handle) (for instance, UCTwECeGqMZee77BjdoYtI2Q is the channel ID for the channel URL https://www.youtube.com/channel/UCTwECeGqMZee77BjdoYtI2Q), replacing the first two characters, UC, by UU, and appending the result to https://www.youtube.com/playlist?list= (for my example above, the resulting URL is https://www.youtube.com/playlist?list=UUTwECeGqMZee77BjdoYtI2Q).

Then open the link you get in NewPipe/Invidious

This has some limitations (again, yes): you can't see the view count and the upload date (these informations are not returned on playlists), but the first video of the playlist is the most recent one. However, age-restricted videos are included in these playlists.

METHOD 2

You can use Invidious proxies in web browser, and search your favourite YouTube channel or content. The first 10-20 search results should have recent videos listed for relevance.

METHOD 3

Using YouTube.com and use boolean operators for chronological search:

> exact match [“search term”]

> search terms in the name of the video [intitle:”search term”]

> Date: AFTER:YYYY Only videos after YYYY year

> BEFORE: Only videos before YYYY year

CONCLUSION

We could be entering an era of censorship, not by direct deletion of old or controversial content, but by obscurity and omission of argument tactics. Looking through older content, or dislikes on videos, is made difficult for reasons without a doubt. It is not a random change, so make the best of what you have right now. Times are changing very rapidly.

Original post locked to keep guide format pristine.

(1/4)

Hello! This has been requested from me dozens of times, and finally, from years of experience, I have created this guide that will serve an insanely large portion of computer users, from the most novice to the intermediate and advanced users. Everyone will find something here, this is a guarantee for both Linux and Windows users. This is something I have put my heart in, easily much more than the smartphone guide that people know me for. This might be one of my most definitive works by far, I carry this much confidence.

A little briefer, I have used Windows since the W98 dialup days, and Linux for the past 5 years. I have a fair amount of experience with data compression, archival and preservation, besides the OPSEC work I do here.

Before I move forward, I will thank many people:

• Narsil (https://git.nixnet.services/Narsil)
• DigDeeper (https://digdeeper.club)
• Ameliorated Team (https://ameliorated.info/)
• simplewall by henrypp (https://www.henrypp.org/product/simplewall)
• WindowsSpyBlocker project (https://crazymax.dev/WindowsSpyBlocker/)
• Energized HOSTS project (https://github.com/EnergizedProtection/EnergizedHosts)
• many who I cannot name or are lost in time
• and my dumb brain for remembering everything I put out here

There are some prerequisites for using this guide:

• You must know how to move mouse and type on keyboard, and copy paste files
• Have a little patience and vigour to learn things

Now that the basic things are out of way, we can move forward to the guide, which consists of 13 sections.

IMPARTING BASIC PHILOSOPHY

F(L)OSS VS CLOSED SOURCE

F(L)OSS means Free (Libre) Open Source software, and it means that the software is freeware, AND the source code that are building blocks of software, are available openly and freely for modification, reverse engineering, compilation and studying purposes. The correct way to say it, as Richard Stallman says, is FLOSS and not FOSS.

There are nuances to various software licenses (Apache, GPLv2, GPLv3, LGPL, MIT et al) which is out of scope of basic philosophy and concerns developers and highly advanced users or business users.

Generally freeware software (free as in free beer) exists whose source code is not available. This is freeware software and not open source or libre.

Closed source software does not provide its source code, and may be free or paid. The developer closes source code from public usually for these reasons – inclusion of non-free software code components, or monetising software, making a free artificially restricted version to monetise, or inserting ads/spyware/malware of some form.

As is obvious, FLOSS is highly transparent towards community and is generally laborious work done for free for the society’s greater good. This is rare in the case of closed source software, which serves one of the forementioned purposes.

The soul and spirit of FLOSS is socialist/communist, in a similar way to piracy. The purpose of it is to serve the greater good. In comparison, the soul and spirit of closed source software, outside rare cases of benevolence, is highly corporate and fascistic, similar to a leech, which in many cases these days may suck money out of your wallets for subscriptions. It may also serve as a leech to suck your data for telemetry and spying purposes.

FLOSS will rarely cause telemetry issues, and if it does, there will always either be a developer announcement or community uproar about it.

Always try to pick FLOSS software wherever possible, unless absolutely necessary otherwise, depending on job or social circle circumstances.

DEVELOPING EXPERIENCE AND VIGOUR

To do computing, there must be developed a little taste for computing. It is no different than a collector’s hobby, or an enthusiast for anything, be it pens, pencils, watches, cars, bikes, clothes, food and so on.

Computing is an art, and not just a way to get shit done and shutdown. You can not just do things but live with a computer. It has more capabilities and a bigger canvas than your itty bitty locked down smartphone or a crappy iPad. You may think that smartphone gets 95% of the job done, but there is no personal taste in convenience. This is the most non-human like part of convenience that people miss. There is a certain work ethic and class that computing has, when you sit on the desk and chair (not gaming chair).

There are simple ways to develop this vigour and proactiveness, like reading changelogs of software you want to download, install or update. This readies you in advance for knowing what the new software version carries with it, and forces you to learn more things naturally.

You should also, instead of blindly clicking the system update button, check what things are being updated. You will not die if you take a few minutes doing this practice every week. You may also benefit from it, at times.

There are examples of how this can save you, like the famous uTorrent 2.2.1 we all know, or Ubuntu’s file manager having to disable a functionality temporarily so that a vulnerability could be fixed, and so on. The most critical software to update is internet related, but everything else is not so critical. However, one of the biggest examples clearly would be the free upgrade offered to Windows 7 and 8 users, to Windows 10. Windows 10 was a nightmare of bugs and telemetry when it released, and there were no solutions. I primed my computer for the free upgrade, waited a couple days, and the forums and news all over basically taught me not to rush for upgrades. Let other people be guinea pig testers.

IDENTIFY PRETEND EXPERTS AND DRAMA QUEENS ON INTERNET

There are a lot of pretend experts these days. Some do it in the name of security, some do it on YouTube, some do it for drumming up hype purposes. Everything has a pretend expert these days, but I will restrict myself to the computing domain.

In the case of security, there are many people that ignore privacy and anonymity implications, telemetry implications, and act apologetic for corporate closed source software. This is generally done for Western Big Tech, especialy Google, Apple, Microsoft and so on. Most of them are generally either hopeless people, employed on behalf of companies for marketing, or secretly have shareholder stakes with these public companies. RUN FROM THEM! Run as far as you can. These people never have your security interests as a priority.

There are a lot of technology YouTube channels that try to capitalise and bank off of prominent and big software, and “recommend” it to people by reading the marketing sheet or website pages. Usually, they lack substance or are going to make a 2147483647th video about a topic, rinse and repeat. Unless something is FLOSS, if something comes from the corporate lovers, take it with a bag of salt, not just a grain.

It is not just corporate lovers, though, that have cults. There are some projects that are FLOSS but have toxic or propagandistic cults behind them. One of them has some wonderful recent examples, related to FlorisBoard or Bromite (Chromium-based web browser). One of them is largely known for scammy crypto currency and creating a harmful network effect by giving sponsorships to tech YouTube channels.

HARDWARE AND BASIC TIPS TO CONSIDER

• Do not fall for the special 50000 DPI mouse meme. 800-1000 DPI mouse works.
• For a desktop, get a $30-50 mechanical keyboard with replaceable keys. Get keyboard switches that make less sound (Cherry MX Brown or Kalih equivalent). You will save money forever instead of replacing membrane keyboards every year.
• Prefer brands for keyboard and mouse that can run without extra software. Zowie and Logitech are good brands. A lot of brands like Razer, SteelSeries and so on have spyware in the form of special software they “require” you to use for things like RGB lighting functionality.
• Get a $2 clip-on or USB strip lamp for your laptop, instead of finding a backlit keyboard laptop. Lasts years. And your laptop purchase choices will never be limited again.
• Get yourself USB 3.0 flash sticks made of metal instead of plastic.
• Wipe and clean your monitor screen, keyboard and mouse with alcohol every week.
• Take computer breaks every hour, and rotate your eyes and shoulders.
• DO NOT USE DARK MODE AT DAYTIME! Also, USE DARK MODE AFTER EVENING.

DIFFERENCES BETWEEN WINDOWS AND LINUX, SIMPLIFIED

You will not believe this, but Linux and Windows are almost identical today, with absolutely no emphasis on “almost”. The gap is so small, it is almost non existent now. Currently I have a setup of software that is identical and cross platform on both Linux and Windows, and the only difference lies with MS Office 2007 and CrystalDiskInfo.

You can easily keep Windows in a virtual machine (VM) using VirtualBox on Linux, and use MS Office inside it. Works even with Windows XP, and can run any 16 bit nostalgic programs (although you can use DOSBox or any of its frontend GUIs for it on any OS).

There is a compatibility layer (not emulator) called WINE, which you can use to run almost any Windows program natively on Linux without issues. A further improvement of it exists in the form of Bottles, a software based on WINE, available as a sandboxed Flatpak package. This allows to run things properly that even Windows 10 would not run today via backward compatibility.

Why would you need Windows? If you want to play one of those 5-10% specific non-Steam or non-Epic store games or some anti-cheat games that are unavailable on Linux natively or via WINE/Proton, this is a reason to use Windows. Or if you want to use the proprietary VSCode for your job, it is a valid reason. There are a few software like video editors you can count on fingers, or the latest subscription based Photoshop.

See this image for reference https://i.imgur.com/Uq4Xfxk.jpg

Archived: https://web.archive.org/web/20220501212233/https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/

I wanted to publish this a week ago, but my machine was begging for repairs and it gave up, so it stayed dead for a week. So, here we are.

Hello! The dust has settled. There is something I want to talk to all of you once again, something that I wrote approximately 23 months ago about, and has been stickied on this subreddit ever since. No, it is not the smartphone guide, and it is a lore that I do not think anybody except me has ever attempted to shed a light on, except until a month ago when BurungHantu, founder of PrivacyTools.io, did.

As always, my aim is to stay objective throughout, and drop my opinions separately in a section at the very end. I also want to mention that this is a lore that basically nobody other than me has tracked in this depth, and nobody else carries a record of these events in this manner to date or ever can.

REMINDER: NONE OF THIS WILL MAKE SENSE IF YOU KEEP ON READING WHILE NOT READING LINKED ARTICLES/SCREENSHOTS I MENTION AS I GO ON.

A BRIEF OVERVIEW

A lot of people seemed to appreciate BurungHantu's blog post, and openly saw the censorship attempted across subreddits r/privacy, r/opensource and r/PrivacyGuides. This last one is the new "privacy" cool hangout cafe of the mainstream privacy subreddit circle.

THE PLAYERS IN THE GAME

Before we move ahead, it is a good thing to make transparent the characters involved, so that we know who plays what role. A lot do not like this, apparently, because they want to fake objectivity.

TheAnonymouseJoker (shameless plug): the "arbiter of truth" <insert Micay comment link>, "false privacy prophet", wumao, 50cent, Chinese plant (https://i.imgur.com/vOyaidS.png), Putin bot these days... I am an independent privacy/freedom writer in the community with no donation/money channels and no links to YouTubers (Techlore, The Hated One, other privacytubers) and privacy communities in any form or way whatsoever. I am also a long term active user and promoter of the Fediverse platform Lemmy.

trai_dep: A power moderator on Reddit. Moderator of r/privacy, r/PrivacyGuides, r/privacytoolsio (now defunct). I have spoken about him extensively in my 2 year old criticism writeup. One of the 2 characters in BurungHantu/PTIO's recent blog post.

Jonah Aragon: A power moderator on Reddit. Moderator of r/PrivacyGuides and r/techlore, and Techlore Matrix room. The other person and focal point of BurungHantu/PTIO's blog post with many revelations.

carrotcypher: Another power moderator of Reddit. Moderator of r/privacy, r/opensource and dozens of micro digital privacy/censorship subreddits.

Daniel Micay: Developer of GrapheneOS, a security focused AOSP-based custom ROM exclusively for Google Pixels. Known to submit hardened malloc() patches for Linux kernel. A very controversial figure in privacy and FOSS/Linux communities. Uses @strcat and u/GrapheneOS handles across various platforms.

madaidan: Admin of GrapheneOS, NoGoolag, SpiteChat communities/chatrooms across various platforms. The "insecurities" blog chap, notorious for a lot of misinformation in FOSS and Linux communities but opposite in a big chunk of mainstream privacy community. A staple of the "redditor hackerman" starterpack, for people who know nothing better.

anupritaisno1/clannad/Coooom Yuki Nagato/randomhydrosol: same user, multiple names over time. They are one of the GrapheneOS members who use a lot of sockpuppets and frequently change pseudonym username. madaidan's friend.

Note: clannad is seen changing username across Telegram and Reddit over time: https://i.imgur.com/V7McLFO.jpg

cn3m: a friend of madaidan, who regularly spreads pro-Apple propaganda in privacy communities. For the most part, the account serves as a sockpuppet of someone since it has stayed inactive since 10 months.

Lunacy: one of the newer GrapheneOS community parrots out there on Lemmy (now defunct). Comment activity was suspiciously similar to that of madaidan. An active member of GrapheneOS community.

akc3n: moderator of GrapheneOS community, and active on PrivacyGuides and GrapheneOS subreddits, as well as on XMPP hunting users.

Note:

• He is one of the GrapheneOS Matrix room moderators. This will be important information later on. Proof: https://i.imgur.com/Uq4Xfxk.jpg

• Notorious for practicing censorship beyond the Matrix room to practice censorship and/or suppress any GrapheneOS dissent, on Lemmy (https://i.imgur.com/4HtArcj.jpg) and XMPP (https://i.imgur.com/Hi089y6.jpg).

Tommy_Tran/B0risGrishenko: New moderator of r/PrivacyGuides with suspiciously proven close links to GrapheneOS community. Did a hitpiece on me to gain recognition with PrivacyGuides team. Uses sockpuppets and identity obfuscation a lot on internet.

THE STORY. ONCE UPON A TIME...

GRSECURITY/SPENGLER SAGA

Let me dial back the time machine to a few years ago, when madaidan's "insecurities" blog came into existence. It brought in a fair amount of fandom to him for some bizarre reason, which nobody has been able to pin down realistically. I can pinpoint it down to one big reason - anti-Linux faction of FOSS community, a large part of which is Brad Spengler, head of grsecurity, a security team that makes Linux kernel patches but gets rejected due to very arrogant behaviour, and even got reprimanded by Linus Torvalds, creator of Linux kernel in a mailing list.

Some related threads on grsecurity:

https://web.archive.org/web/20220401163814/https://www.theregister.com/2017/06/26/linus_torvalds_slams_pure_garbage_from_clowns_at_grsecurity/

https://web.archive.org/web/20220416203735/https://old.reddit.com/r/linux/comments/pupumh/brad_spengler_grsecurity_brags_about_hoarding/

https://archive.is/f5djI

https://web.archive.org/web/20220416203035/https://nitter.42l.fr/spendergrsec/status/1486366129438212098

madaidan's certain amount of influence comes from the kind of Reddit and internet community that revolves around a particular group, a faction that I see as very anti-Linux and anti-FOSS for the most part, not because criticism is bad, but grift in the name of criticism is bad. I will expand upon this more in a moment.

I am sure, most are wondering what does madaidan have to do with this. Apparently, there have been way too many instances where, upon criticisms in discussions, GrapheneOS community proponents often cite a bunch of URLs, among which grsecurity is one of them. And this is not a one off instance, so I will link a couple screenshot threads from Lemmy from 6 months ago, which is an exchange between u/Lunacy and me. I will cite this in a later part of article as well.

< Lunacy Lemmy thread pic> https://i.imgur.com/dgWcn2J.jpg

https://i.imgur.com/fRXHRoR.jpg

ENTER THE DANIEL MICAY

He is a very underrated but important part of this whole story. I assume many people have an idea of CopperheadOS company splitting between Micay and James Donaldson (u/darknetj on Reddit) due to a lot of controversies and tussle I have nothing to do with, and therefore I will avoid commenting on. After this tussle, GrapheneOS project was born, essentially a fork of CopperheadOS in layman terms, which was also developed heavily by Micay. GrapheneOS is largely an AOSP fork of a fork with some security patchwork on top of it.

Here I would like to mention a little anecdote from 2 years ago, something Micay always avoids acknowledging for some funny reason. This screenshot is from my reddit inbox, where I was messaged by CopperheadOS CEO regarding something.

COPPERHEADOS CEO MODMAIL

https://i.imgur.com/hujn4P1.jpg

I will let the readers interpret this on their own.

DANIEL MICAY AND MADAIDAN'S POWER OF FRIENDSHIP

Moving on, there is a thread and mailing list I want to mention, which will help connect the dots as to how Micay and madaidan are not just related, but intertwined into each other, like a grandma's woven sweater. Most have no clue about this, so I will share the mailing list URL and screenshot here.

In the below reddit thread/screenshot, Daniel Micay and madaidan argue together against Firefox. Before the Tor Project mailing list happened in August 2019, the whole anti-Firefox sentiment mysteriously used to not exist in GrapheneOS community.

https://lists.torproject.org/pipermail/tor-dev/2019-August/013995.html

https://www.unddit.com/r/firefox/comments/gokcis/firefox_is_insecure_refuted/

Screenshot: https://i.imgur.com/8nkO5Ll.jpg

A SERIES OF COLLECTED THREADS OVER THE PAST FEW YEARS...

I will now share a Lemmy masterlist I made, perhaps a collection of various conversations by madaidan and his friend cn3m. Here is the URL: https://lemmy.ml/post/73800/comment/66676

I will relink the Lunacy Lemmy exchange screenshot once again, since Lunacy's comments are important for context.

https://i.imgur.com/fRXHRoR.jpg

I have never explained anything about the comment threads in my masterlist before, so this should help.

https://i.imgur.com/UHhQRIU.jpg I think this is self explanatory and shows madaidan's argumentation that is otherwise deleted by him.

https://i.imgur.com/FiYhbkk.jpg: madaidan being very 4chan-y in terms of blaming the computer language for problems in particular software code (in this case Linux kernel), while dismissing everything when it comes to Windows. His blog page about Linux is a massive piece of "toilet paper" repeatedly debunked at this point. If you think the phrase "toilet paper" is mine, come, have a look.

https://web.archive.org/web/20210929053611/https://old.reddit.com/r/linux/comments/pwi1l9/thoughts_about_an_article_talking_about_the/

https://web.archive.org/web/20220111035527/https://news.ycombinator.com/item?id=25590079

https://archive.is/zxS72

(1/3)

Relevant reading:

https://github.com/zlw9991/node-ipc-dependencies-list

https://web.archive.org/web/20220318095406/https://github.com/RIAEvangelist/peacenotwar/issues/45

https://security.snyk.io/vuln/SNYK-JS-NODEIPC-2426370

cross-posted from: https://lemmy.ml/post/177032

> Combined with access timestamps, they can uniquely identify the source of any shared PDFs. > > Source: https://social.coop/@jonny/107685726645817029 -- Also includes tips for removing this data.

Mod statement: https://np.reddit.com/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/hs1dxux?context=3

https://i.imgur.com/LahmNkO.jpg

dng99/dngray has branded a citation-less slander post as facts. These are the "community standards" of r/PrivacyGuides. Always remember this.

u/trai_dep, the record stands corrected once again

Moreover, my theory about GrapheneOS community using sockpuppets is true, as confirmed by...

https://np.reddit.com/r/fdroid/comments/rxtc14/came_across_this_thoughts/hs1o6no?context=3

https://i.imgur.com/JX6uTpx.jpg

Tommy_Tran = B0risGrishenko (OP of slander post). Thanks for confirming my GrapheneOS community sockpuppet theory.

https://lemmy.ml/post/128667

Lemmy unfortunately has a word limit for posts, and I had to break my post into 5 parts, 4 as comments, to be able to post it. So, comments and questions can be put here.

(1/5)

Edit(11/1/2022): * MIUI has no biometric Lockdown, solution. * FFUpdater and UntrackMe apps recommended. * Added back Vinyl Music Player.

NOTE (June) 15/06/2020: r_privacy moderator trai_dep revengefully deleted my highly gilded 1.0 guide post before.

NOTE: I will NOT respond to prejudiced and political trolls.

Hello! It took a while before I could gather enough upgrades to create this fourth iteration of the smartphone guide so many people love. It seems to have benefitted many people, and it was only a matter of time before things got spicier.

It is time to, once again, shake up the expectations of how much privacy, security and anonymity you can achieve on a non rooted smartphone, even compared to all those funky "security" custom ROMs. It is time to get top grade levels of privacy in the hands (pun intended) of all you smartphone users.

Steps are as always easy to apply if you follow the guide, which is a pivotal foundation of this guide I started 2 years ago. After all, what is a guide if you feel unease in even being able to follow its lead?

Unlike last year, I want to try and fully rewrite the guide wherever possible, but some parts will seem similar obviously, as this, while technically being an incremental improvement, is also a massive jump for darknet users. This version of the guide took a while compared to the previous versions.

A kind request to share this guide to any privacy seeker.

-----

User and device requirement

• ANY Android 9+ device (Android 10+ recommended for better security)
• knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)
• For intermediate tech users: typing some URLs and saving them in a text file

-----

What brings this fourth iteration? Was the previous version not good enough?

No, it was not, just like last time. There is always room for improvement, but I may have started to encounter law of diminishing returns, just like Moore's Law has started to fail with desktop CPU transistor count advancements. This does not mean I am stopping, but upgrades might get marginal from here on. The upgrades we now have are less in number, higher in quality. So, we have a lot explanation to read and understand this time around.

A summary of new additions to the 3.0 guide:

• Update to the Apple section
• Many additions in section for app recommendations and replacements
• NetGuard replaced with Invizible Pro (this is massive)
• A colossal jump in your data security in the event of a possible physical phone theft using a couple applications
• An attempt at teaching the importance of Android/AOSP's killswitch feature for VPNs/firewalls
• (FOR XIAOMI USERS) How to configure Work Profile, as Second Space causes issues, and adding back biometric Lockdown
• How to be able to copy files from work profile to main user storage without Shelter/Insular's Shuttle service
• Some changes in phone brand recommendations
• Caveat(s)

-----

Why not Apple devices?

iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable.

Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.

Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple's PR stunt "repair program".

Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire.

Apple's authorised repair leaked a customer's sex tape during iPhone repair. This is how much they respect your privacy. You want to know how much more they respect your privacy? Apple's Big Sur(veillance) fiasco seemed not enough, it seems. Still not enough to make your eyes pop wide open?

Apple's CSAM mandatory scanning of your local storage is a fiasco that will echo forever. This blog article should be of help. But they lied how their system was never hacked. I doubt. They even removed CSAM protection references off of their website for some reason.

Pretty sure atleast the most coveted privacy innovation of App Tracking protection with one button tracking denial would work, right? Pure. Privacy. Theater.

Surely this benevolent company blocked and destroyed Facebook and Google's ad network ecosystem by blocking all those bad trackers and ads. Sigh. Nope. Now it is just Apple having monopoly over your monetised data.

Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.

-----

LET'S GO!!!

ALL users must follow these steps except the "FOR ADVANCED/INTERMEDIATE USERS" tagged points or sections.

Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.

• Sign out all your Google and phone brand accounts from your device so that Settings-->Accounts do not show any sign-ins except WhatsApp/Signal/Telegram

• Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/

• Use "Universal Android Debloater" to easily debloat your bloated phone.

NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/

• Install F-Droid app store from here

• Install NetGuard app firewall (see NOTE) from F-Droid and set it up with privacy based DNS like AdGuard/Uncensored/Tenta/Quad9 DNS.

NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.

NOTE: Download the Energized Ultimate hosts file from https://github.com/EnergizedProtection/block and store it on phone beforehand. This will be used either for NetGuard or Invizible, whichever is picked later on.

(FOR ADVANCED USERS) If you know how to merge HOSTS rules in one text file, you can merge Xtreme addon pack from Energized GitHub. You can also experiment with the Porn and Malicious IP domain lists.

NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS

• Install Invizible Pro from F-Droid (LONG SECTION FOR THIS BELOW)

• In F-Droid store, open Repositories via the 3 dot menu on top right and add the following repositories below:

1. https://gitlab.com/rfc2822/fdroid-firefox

2. https://apt.izzysoft.de/fdroid/index.php

3. https://guardianproject.info/fdroid/repo/

Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu. (This may vary if you have newer F-Droid store app with new user interface.)

-----

cross-posted from: https://lemmy.ml/post/84636

> > > https://bugzilla.mozilla.org/show_bug.cgi?id=1727907 > > 'Offline' is currently the default which is explained in the source code: > > "This is the scenario for the "offline" rollout. Firefox Suggest suggestions are enabled by default. Search strings and matching keywords are not included in related telemetry. The onboarding dialog is not shown." > > Switching to 'online' would trigger a dialog that comes up when you start the browser. Only clicking 'Allow suggestions' on the dialog would opt you into the search query collection.

cross-posted from: https://lemmy.ml/post/76603

> I think this highlights a more general problem of data ownership. People do not own devices and services they pay for in a traditional sense because the company gets the final say on how they're used. Companies can decide to analyzer your data, share it with partners, and even prevent you from accessing it.