How do you find the compromise between privacy and daily phone usage?

1. email, everybody has that, if they can't use it, well up to them to offer an alternative but anyway with DeltaChat I can get notified instantly.
2. Web. Sure the app does provide some convenience but most banks do have a working website that do not need an app as usually SMS 2FA works.
3. Real taxis do have phone numbers... but they also have apps and most do not required Google Services AFAIK
4. OpenStreetMap and CityMapper and (I know I'm going to sound nuts) but actually road signs or asking people
5. No but same, plenty of apps on F-Droid that don't require Google Services, otherwise... a .txt file? .ods spreadsheet with visual? Same on NextCloud so you can share with others even though nobody cares? (sorry)
6. PinePhone, PinePhone Pro, Purism Librem, and (ahem...) Apple iPhone if you want a compromise between privacy and still convenience?

I had very similar experiences around 2015. Before that, it was reasonably easy to use a fully FOSS system, but things have gotten worse over the years. Sure, there’s more FOSS for mobile hardware than ever before, but the world surrounding the phone has moved in the exact opposite direction. Being compatible with the world around you is the problem here.

Back then, I couldn’t find a satisfactory solution. One extreme is to go full on FOSS, and cut at least 50% of the entire world from your life, while the other is to sacrifice your privacy at altar of corporate greed. Between the two there are numerous dissatisfying compromises, and you need to do some soul searching to figure out where you want to draw the line.

Seems that everyone else has said the same as what I mostly already do, but I'll just make a couple comments on the student communication topic:

My university already created a Microsoft 365 account for my university user, which included Teams. For my threat profile, I don't consider Teams a terrible option if I'm only using it for study purposes, so I've communicated over that for assignments before (web UI only).

Otherwise like others have suggested, some students are open to something like Signal (a fellow student got me onto it years ago) if you kindly ask and mention upfront that it just requires a phone number. I did an assignment over Signal with two other students, so it's very doable.

1. The fear of missing out was something that made me double think deleting my facebook. It turned out to be unfounded fear, as none of the hypothetical "missing out" scenarios have proven to be an actual problem.

If the study group is very important to you, and the study group is on Facebook, then just have a Facebook. Deadlines and test info are not critical information that you need to receive in your pocket as soon as it is shared. You can check your anonymous Facebook account once a week through a VPN in a desktop computer and you will likely be well informed enough. If you have a friend that is both in Signal and that Facebook group, you can tell them about this and ask as a favor that they forward any critical time-sensitive info.

As for my response, mostly I use XMPP. I turn on my WhatsApp phone on every few weeks. People can message me via XMPP, e-mail, or Signal.

2. I have a little scanner. I can use the phone's browser and log-in, using the scanner for the 2FA. But it is very rare that I use banking through the phone, as I do most of my banking via a desktop computer.
3. Bike, public transport, walking, and planning ahead.
4. On the desktop I do use Google Maps as it is quite efficient. Usually I plan ahead if I am biking somewhere new. I will often draw a path, write some street names at turns/crossings to remember, and pick some landmarks. Usually I am moving near places I know, so this is not task that comes up often.
5. At different points in time I have kept multiple fitness and nutrition logs (on websites and notebooks), but I rarely looked back at them. Now days I track rest times, hear rate, and running parameters while exercising, so I have a garmin watch and look at the output logs at the end of the exercise on the watch itself. It is not connected to any apps.
6. I make use of three devices: I. A Pixel phone running GrapheneOS has no SIM card. I have my apps, music, etc in this phone, and I use it as a mini tablet. It needs WiFi to get internet.

II. A PinePhone. I bought a large stack of the cheapest pre-paid SIM cards a while ago, and put in a new one whenever a SIM card runs out. I wrote a hook that, when I power down the device, a random IMEI is generated and written to the LTE modem. So, if I turn it off, swap the SIM, and turn it back on, I have a phone with a completely new mobile identity. This phone I can use to make calls and to share data with the GrapheneOS, but it does not have a static phone number. Usually it is off.

III. A Raspberry Pi 5 with a 4G LTE hat. This hat takes in a SIM card that is stable. So, this device is associated with a phone number and a persistent identifier, but it does not move. This is my phone number. SMS messages get sent to me via XMPP. If I am called, my XMPP also lets me know. I don't have VoIP, so I do need to call back if I choose to. However, it is so so rare that I make a phone call that I have not bothered to implement VoIP.

My compromise is to just to minimize big tech tracking.

I mean, 90% of data is because people use corporate social media with real names and real IPs. I don't use "social media" like everyone else, and that is just cutting away 90% of mass surveillance. I only occasionally look at reddit over VPN (without loggining in and never posting anything), I use Lemmy over Tor. Use Fennec (aka: firefox, but from F-Droid) + uBlock Origin + VPN, for everything else (like watching youtube videos)

I usually only have Fennec and Tor (amongst a few other things) through VPN, everything else is going to clearnet. My though is, if I put the entire traffic over VPN, Google would see my VPN IP attached to my device serial number.

If there is some university thing, I'd just begrudgingly use it. Use browser if possible, but if app is required, probably put it in a "work profile" (the Shelter app from F-Droid can do that) to separate it from everything else, and prevent any such app from seeing my files. Also give as few permissions as possible. And never installing any "profiles" or "certificates" they give you for access to their wifi. They should have a "guest wifi" without such requirements so just use that instead. (Or get a second phone with the "Share Wifi Connection" ability and use that as your "router" and connect your main phone to it.) Or just use mobile data if you can afford it.

For banking, put the app in the "work profile" or use browser if whatever you need to do doen't require the app.

For uber/lyft/taxi, probably use the browser, or if that doesn't work, again, put the app in work profile, don't give permissions until I'm ready to use it, and its getting deleted the moment my ride is done.

For maps, unfortunately I still have to use Google Maps, because I value being alive and not getting lost in some sketchy neighborhood over the privacy... 😓

I feel like Graphene OS is too much of a hassle for me, I'll have to get a Pixel, which does not have a microSD slot, and that's a dealbreaker for me.

Sometimes for work trips I’ll user uber in a vanadium web browser. I think they also have a number you can call to order one. Primarily for old people but works well in this case.

Using uber is its own question but you got to find the most private set up that works for you. Anything is better than nothing.

Some food for thought:

Absence of information is its own sort of information. You may find it worthwhile in your search for an acceptable compromise to place some kind of value on “looking normal”.

1. I tell people to contact me on signal or SimpleX, and if they don't, then I don't talk to them.
2. My banks app ran fine, but I wanted to use the website instead of having the app and the website did not support all functionality, so I switched banks entirely to an older style bank, not one of these new Neo fintech banks. Think Wells Fargo instead of chime.
3. At least at the moment, you can still use m.uber.com.
4. Use gps-coordinates.net, put in the address you wish to go to, and then copy the latitude and longitude given into OpenStreetmaps OSMAnd (f-droid).
5. No, i dont
6. The combination you mentioned is definitely the easiest. Otherwise, you have to look at lineage OS. And that doesn't have as many security protections.

First one is also my problem. I hate Facebook but for my college I have a account(totally nothing in it). It sucks.

1. At school lots of students use Discord. So I just use Discord along with them. I don't give Discord phone number and I expect all metadata, DMs, and server messages to be publicly available.
2. I don't use a banking app, even though it does work on my phone (graphene)
3. I don't use taxi/transport app so I actually haven't come across this yet. I guess I could try calling an old fashioned taxi.
4. Man, this is a toughie. I've tried Osmand, Organic Maps, and Magic Earth. None of them work flawlessly. Recently I've succumbed to using Waze with no account.
5. I don't, I kinda just try to be as healthy as possible. Although, if I had to, I would look into Garmin watches. I'm not sure about privacy but it seems they're one of the few that don't require a subscription.
6. Graphene is the best choice for privacy and security. You could try out Linux phones but it's very developmental. Calyx is an option but it's not security focused.

I think it's a lot to do with developing a threat model that works for you, and understanding that, unless you're trying to be Jason Bourne, there's always going to be SOME compromise - the level of compromise again, depends on you.

A couple years ago when I started down this rabbit hole, I was doing EVERYTHING that I read on every privacy blog: I started using GrapheneOS, completely degoogled my phone, didn't use any non-FOSS apps, no location apps, the whole 9 yards.

I soon came to realize I had to find a compromise. I now follow a threat model that best works for me... Naturally there are weaknesses in it, but it's things I'm willing to risk.

1. I use Element with anyone willing to use it with me. I use QKSMS with anyone else.
2. I created a separate profile on my phone with Graphene that only has my banking apps. It still uses Aurora store and sandboxed Google services.
3. I don't live in an area where things like Uber are available so that ones not a problem for me. I just call for a taxi oldschool.
4. OSMand+. I won't turn it on (or location) until I'm away from my house and already on the way. You can also manually download apps for offline and use it like an old school paper map.
5. Kind of unrelated but, I use Obsidian for almost everything I keep track of in my life. I document my fitness exploits on Obsidian.
6. I use a Pixel 8 with GrapheneOS. I use my phone calls as per normal but usually try and text (see #1 above) my phone also has a record button when you call someone - I'll generally record every conversation I have with anyone from any company, etc., which has already saved me some headaches in a few cases where service providers promised something and then didn't follow through and I could go back in the recording and prove they said a certain thing.

A few extras:

1. I also have an audio recorder on my phone with a shortcut that turns it on when I double tap my screen. I use this whenever I go somewhere strange/alone like a Kijiji meet up or something, get pulled over by the cops, etc. - just for safety/contingency.
2. I use Kmeet for video chat with family, friends.
3. I use Pipepipe, Newpipe, etc. for videos and most music.
4. Proton for VPN
5. Proton/Tuta for email.
6. Ente for photos.

That's just my little process... I know some of these aren't directly related to common phone usage but it's how I use my phone daily, so hopefully some of it is interesting to you.

4. osm2gmaps (osm -> gmaps) and/or Geo Share (gmaps -> osm)

In my personal life and in communicating with family, there are few compromises. Most of my compromises come from work.

Phone: Pixel with GrapheneOS and FOSS apps only as my primary. Old Pixel 4a with GrapheneOS as my secondary, with the main profile as testing grounds for various apps and a second profile holding work apps. Whatsapp seems to be the lowest common denominator for practical communication with colleagues.

My workplace is BYOD, with MDM only for software licensing. Alongside my customary X230, I carry my lightweight, secondhand X1 Nano, where I have Windows, software licensed alongside said MDM, and Firefox logged into my work Google account.

Key aspect for me is having work and personal life on separate devices. Not completely airtight, but as good as I can get it without making work any harder than it needs to be.

Banking: Fortunately everything my bank has to offer can be done through a browser. My plan if a mobile app with play integrity ever becomes necessary is to buy a regular Android with a removable battery just to host that app.

Transport: If I'm on a business trip without access to my car (no spyware, it's from the 90s) and there is no public transport, I'll get a friend or colleague to call an Uber for me. I haven't gone out drinking at night since college and I'm not inclined to do so in the future.

Maps: Usually Organic Maps suffices, I generally commit routes to memory before going out. For the occasional satellite map, Google Maps in a browser. I have gotten my family to use Magic Earth though.

Fitness: no actual stats, just a handwritten entry in my daily journal as to whether I followed through with my exercise routine.

The alternative is a discord server, which in privacy terms is questionable choice too.

I use a Discord-Matrix bridge to communicate with some groups that are only on Discord. Of course it still all goes over Discord's servers so the messaging itself isn't private, but you at least don't have to use Discord's proprietary client, and the only data Discord will have is the data you send it from the Matrix bridge (plus identifying data on the Matrix server you're using).

What do you usually use and offer when people ask you for contact?

Signal as a preference—not because I think it's the best chat app (I dislike its centralised nature; not being able to self-host is a near-on dealbreaker if not for the fact that everyone I know is on Signal; and it requiring a phone number to sign up is also bad for privacy)—but because it's the one the most people have. All my friends are on it luckily, by nature of my friends largely being communists or young queer people (or both). I also offer SMS and email. If someone asks a pretty open-ended "how can I contact you", I might also mention Matrix and Simplex as options in case they have those.

Do you use ba[n]king apps?

No, and I really don't understand why people do unless your bank requires it and there isn't another appropriate bank that doesn't require it. I've tried my bank's app (which works fine on GOS luckily) and found it didn't offer anything the web UI didn't offer, other than the option to use the app as 2FA for banking stuff, but I just get SMS 2FA from my bank.

What’s your way of transport after having few beers in pub? Do you use taxi via calling it directly or use that weird Telegram taxi addon?

I don't use taxis; I use public transport. But if I had to get a taxi, I would probably either use my GPlay profile on my GOS phone to install Uber, or I would probably just ring a taxi company over the phone.

Is there a way to convert google map pins to open source solutions and vice versa?

I'm not aware of a way. I've just told people to either give me an address or coordinates, because I don't have google maps.

What’s your recommended software for directions? What do you use for driving?

Organic Maps has been my go-to for a while. It's wonderful. Works well for driving too. I use RHVoice for text-to-speech, which iirc was recommended to me by a fellow lemming.

I don't track fitness activities, and I use GOS+Pixel.

What do you usually use and offer when people ask you for contact?

Ask your family/partner/friends to use signal, it is idiot proof enough for most people. You can provide your email and phone number for acquaintances who you don't speak with enough to justify installing signal.

I'm not in any student groups, but you can make a dummy Facebook account and only login using their website from behind a VPN.

Banking app I used has blocked me from app after few years of using it when they realized I have it from "unofficial" source - Aurora store.

Just use their website and carry a physical credit card in the back of your phone case.

What's your way of transport after having few beers in pub? Do you use taxi via calling it directly or use that weird Telegram taxi addon?

We literally just drive drunk here. Is public transit an option? Again, you can sandbox these apps or use their respective websites.

Is there a way to convert google map pins to open source solutions and vice versa? What's your recommended software for directions? What do you use for driving?

Organic maps is good if you have an address and only need directions. If you need complete records of where local businesses are and traffic info, google maps is your only option. I'd set it up in a sandboxes container though, at the very least.

Do you track fitness activities?

No, and I'd argue that nobody other than serious athletes need to. That being said, you can get a tracker that does not connect to your phone or the internet.

Do you have good phone recommendations? I know that GrapheneOS+Pixel is one, but what about others?

Graphene+pixel is head and shoulders the best option, especially in places like the US where you have to worry about illegal searches. Privacy requires security. That being said, there are alternatives if you cannot afford a new device: https://eylenburg.github.io/android_comparison.htm

1. I'm a minimalist, I only use Signal to make others switch to it. Also use Session but its rare.
2. I use banking. Still works on GrapheneOS. Just that it pops up that it might not work as it always scans for google play store.
3. Luckily for me, I have a car. I don't need other transports.
4. I use OSMand. Predownload a map and you don't need an internet connection to use it. If you need directions while driving, separate it from your phone and use a GPS in your car or buy an external GPS.
5. No, no tracking of fitness
6. Never used, but look into Pine64. Have hardware switches. Careful as some people have waited like a year, two or three to get their phone. Waiting time seems to be their bottleneck.

As for other devices than the Google Pixels, it is pretty bleak since the end of DivestOS a month ago now. One basically has to decide the ROM you want to run, then see what it supports. None of the other ROMs will be as locked down as GrapheneOS and maybe not as compatible. Other ROMs to look at include CalyxOS, /e/, IodeOS, LineageOS, and crDroid. I have no personal experience with these others and not all of them have a privacy focus, but the ones I listed seem to be fairly popular. You might find this comparison of ROMs helpful: https://eylenburg.github.io/android_comparison.htm .

Hardware. I find the Fairphone interesting. Maybe some of the Moto's since they are so common and inexpensive. One has to decide to what extent you want a Chinese phone considering the current geo-politics and your personal situation. I personally just upgraded to a new Pixel 8a and GrapheneOS myself. You can find my previous post https://beehaw.org/post/17618967 . Feel free to ask me anything.

1. Element or SMS.
2. ...
3. ...
4. Yeah, manually. Osmand, Organic Maps (both have public transport now)
5. No
6. OnePlus line sucks in hardware (digitizer & fingerprint are shit, no jack or SD). Get something else.

edit: fuck auto-ordering lists.

Regarding de-googling. Keep in mind it does not have to be all or nothing. At least on Graphene you can just install Google Play and Google Play Services in either the Private Space or in one of the other Profiles (that is one of the other User or Work Profiles). When you close those down that space Google Play and the remaining apps you cannot de-google are locked up. For me, I installed Google Play into my Private Space along with the few apps that I actually needed which was really only Lyft, and Uber. Other apps that I found needed Play and Play Services included GoodRx, Google Maps, PlutoTV, and TubiTV. and Home (for Chomecast) plus any app you want to Chromecast but there are other alternatives for these.

My banking app would just not run on my new phone even with Play installed and so I just left it on my old phone even though it no longer has cell. Primarily I need the banking app to deposit checks. Everything else can be done via the web. Google Wallet at least for payments probably does not run either so I plan on playing with Venmo at some point. That should work though I do not know if it needs Play or not.

Some of this is changing patterns too. A good way to de-google is to use the web more and/or use PWAs (Progressive Web Apps) if they are offered. Native Alpha is also an interesting tool to get a PWA like experience for sites that don't have PWAs. Some sites heavily promote their Apps to the point that they do not work well without using the Desktop site explicitly. User-Agent Switcher plugin in Firefox can set this by site. Other useful Firefox plugins may include uBlock Origin, NoScript, and Cookie AutoDelete which allow a lot of per site configuration.

Another useful strategy for de-googling is to avoid the Play store where you can and focus on your ROMs App Store (Graphene for example), F-Droid, Accrescent, and Obtainium sources. Then fetch the rest (mostly a few remaining commercial apps) via the Aurora Store with anonymous login.

Edit: Another problematic app is the UPS app. Never got that to work even with Google Play. One can just use the website for this though.

As you and others have said, privacy is just much harder on mobile than on desktop. Mobile hardware and software is generally closed-source and locked down. On a tiny screen web apps are also at a genuine UX disadvantage to native apps, which offer much weaker privacy protection.

The pragmatic not-quite solution is to do roughly what you're doing already. NB: maps are actually pretty easy - many people find that OsmAnd and Organic Maps are superior to the corporate options.

But the optimal solution is to move some of your computing back to desktop, i.e. probably to a laptop. This way you get more control over the hardware and software. And it's already some kind of privacy win just because the thing is not in your pocket all day. It's really not that hard and you might even find you appreciate the change! I did.

IMO the big sticking points are the messengers and transport tools - these are where you get genuine convenience from corporate spyware in your pocket. For all the rest, I'm not convinced, personally. For mapping and fitness etc, there are F-Droid apps which work great offline. For everything else including banking, just do it in your web browser while seated comfortably at home. As far as I know, no bank except Revolut insists that you use its app. If you want to do NFC payments, that may require a locked-down OS but not an app and it can be done in airplane mode (I do it regularly).

There are ways to get better privacy on mobile but nothing approaches the benefits of just using your mobile less and your laptop more.

For which ROM to use, I believe any ROM based on AOSP will suffice because even that will fully eliminate all Google tracking, I think LineageOS is the worst one. I do recommend Pixel since you can lock the bootloader after flashing it. You could try CalyxOS.

For privacy, I only use phone for communication, I don't use cell data service so no internet when I'm outside, no messaging, until I connect to wi-fi again. In F-Droid I turn off all anti-features in settings, and everything I install is from F-Droid. No social media and no Aurora store to use Play Store

Google Pixel 8a is probably the best and most cost effective at the moment and flash GrapheneOS. Typicically a recent "a" series phone is a good choice. Google now supports them for 7 years from release. Divide price by remaining support to get annual cost estimate.

Regarding mobile phone choice you could always go all the way and get dumb phone. :D

1. I keep my options open. I default to signal or matrix if that’s available, then my fall back is iMessage which I run on a macOS vm, and finally id relent to proprietary services like discord, groupme, etc. I minimize my communications on unencrypted and non-private channels, and only talk about benign things there if I have to use them. But I don’t let my commitment to privacy completely isolate me, I know my threat model and change behaviors depending on the environment.
2. My banking and money transfer apps all work under grapheneos in a user account with Google play services installed. I mostly manage these things on my computer though to minimize tracking and remove the need for safetycheck compatibility before it ever comes up.
3. I never use these services but pretty sure they also work on Graphene with sandboxed Google play services installed
4. Other users have posted programs to convert these coordinates on the fly, I have never needed those personally. When I need GPS I usually go for Organic Maps but thinking of switching to OSMAnd+ soon
5. Yes and this is an area where I need to improve my privacy more. I just use the garmin connect app with a garmin fitness tracker I got for cheap. I think it partially supports gadgetbridge so I might look into that but haven’t had the time to investigate.
6. Pixel+Graphene is really the gold standard for privacy, security, and compatibility. I’ve heard ok stuff about CalyxOS so that’s worth checking out. Also FairPhone devices tend to have good support for custom ROMs like Calyx and /e/os which are degoogled, but I don’t have personal experience with those so definitely research those topics before making any decisions

Banking has luckily not affected me after degoogling, however Revolut (which I've used maybe once a year) is a notable exception where I can't get it to work

Taxi - Bolt works, just make sure you have microG correctly set up

Phone - avoid Exynos/Mediatek devices as those are less likely to work correctly once degoogled or you change it's ROM. I used to have an Xperia 5 III with LineageOS on it, everything worked on it including VoLTE and Sony's stock camera apps.

I only have a smartphone because a job gave me a monthly stipend to have it in the past and I don't currently have a plan for it. that being said I am deeply in bed with google. I actually am more concerned with the fact that google could just drop all the services one day than the privacy so I am and advocate for government email (not as much in the last week or so) that would be guaranteed to not go away and allow for in person support maybe run by the post office (and run with similar independence and rights) or at the state level the secretary of state. Maybe both. Would it be my main social email? No, but I could rely on its stability. Most people are aghast at this but I really don't get how having some corporation, no matter how well their current safeguards are, is better than a government one run similarly.

For communication I just tell them I have signal or other close apps or they can text me. Rather have regular texts than Messenger.

Banking apps works fine for me even if they complain about the lack of google.

I use Organicmaps but I really wish they could make it so it could accept gmap links without me having to use another app as a medium.

I'm trying to find the best apps for fitness. I have a wear watch with Fitbit that I use, but I would like to integrate the Fitbit stats with a calorie tracker and an exercise app.
Right now I have all apps on a separate profile on my GrapheneOS. Except Waistline but that can't integrate, so I'm looking for alternatives.