If you don’t know me, I make frequent write ups about privacy and security. I’ve covered some controversial topics in the past, such as whether or not Chromium is more secure than Firefox. Well, I will try my hand again at taking a look at some controversial topics.

I need ideas, though. So far, I would like to cover the controversy about Brave, controversy around Monero and other cryptocurrencies, and controversy around AI. These will be far easier to research and manage than Chromium vs. Firefox, for example. I’d like to know which ideas you have!

Which controversial privacy topics do you know of that you would like to see covered?

PLEASE DO NOT ARGUE ABOUT THEM IN THE COMMENTS!

Please save any debate for if/when I make a write up about the topic. Keep the comments clean, and simply upvote ideas you would like to see covered. I won’t be able to cover everything, so it helps bring attention!

Above all else, be kind, even if you don’t agree with an idea or topic :)

47 points

Step 1 of installing GrapheneOS for de-googling your life: Buy a Google Pixel phone

Look - I know, I know. I get it. Google allows you to unlock the bootloader while maintaining the phone’s unique and excellent hardware security features. The argument makes sense. It is compelling. Other manufacturers do not give you this freedom. I am not arguing about that. I have a Pixel phone running GrapheneOS myself.

However… It is just so very obviously ironic that one needs to trust Google’s hardware and purchase a Google product to de-google their life through GrapheneOS. I think that it is a perfectly valid position for someone to raise their eyebrows, laugh, and remain skeptical of the concept either because they do not want to support Google at all, or because they simply will not trust Google’s hardware.

The reason why I think that this is “controversial” is because I have seen multiple instances of someone pointing out the irony, followed by someone getting defensive about it and making use of the technical security arguments in an attempt to patch up the irony.

permalink
report
reply
9 points

My issue with that is that Pixels are expensive, and in some places are not sold officially (meaning they can only be bought from smaller resellers with usually much less generous return policies). The newest models are outright unaffordable new. The only ones below $150 are either secondhand or out of support, so that’s what poor people are left with? Plus, no headphone jack.

I use Graphene myself, but I dislike absolutism. I don’t in the slightest regret buying my Pixel even though $300 is a painful sum to spend on a phone (and it was on the cheaper end if we’re talking about up-to-date models!), but I know that my mother would never spend this much on a phone - so I look into Divest or Lineage on more common and affordable phones.

permalink
report
parent
reply
9 points

It’s obvious to me the blackbox radio contains an inscrutable backdoor that negates all privacy aspects.

permalink
report
parent
reply
6 points

Yeah, there is a whole “separate OS”, but, to my knowledge, there hasn’t been evidence of it casually being able to collect arbitrary data from the actual phone’s OS.

permalink
report
parent
reply
2 points

It has been made impossible to personally audit, the safe assumption, the null hypothesis is that it does until proven otherwise, which would be impossible and in any case implausible under our current surveillance capitalism.

permalink
report
parent
reply
7 points

Bought a second hand Pixel 7 in like new condition at the time for $250 on back market (dropped it, bought another, still cheaper than the equivalent iPhone 14 lol). That at least means I am not financially contributing to Google, but I do agree that I don’t think there is a way to verify that the hardware is completely foolproof even if its the best option we currently have.

I guess that’s true of any hardware though, and we have to make our assumptions based off known quantities such as Pixels’ unique hardware security features?

But yeah, it’s a minefield out there. Let’s get carrier pigeons.

permalink
report
parent
reply
2 points
*

Yeah… And probably all big players have somehow backdoored their phone :/.

permalink
report
parent
reply
1 point

This is entirely valid as a concern. In my matrix GC someone just said pixel and oneplus are best for modding and I was like… The whole point of me trying to degoogle is to contribute less to their economy, why would I buy their bs hardware😭☠️

permalink
report
parent
reply
34 points
*

Matrix is defacto centralized around Matrix.org & servers they provide (where the cost of hosting makes it largely inaccessible to low-spec & medium-sized servers causing them to inevitably shut down & recommending users back to Matrix.org). All the metadata gets synced back to the mothership that was funded by Israeli intelligence. Avoid it.

Cloudflare is a CIA front. They offer “free” DDoS protection + static proxy thereby giving Cloudflare the ability to MitM all TLS connections thru their servers. They convinced so many ‘developers’ via ‘influencers’ that every tiny site needs Cloudflare in front of it as a precaution/optimization, but it is an entirely premature optimization that doesn’t need to so widely deployed, but it is. 🤔

Microsoft has always been an enemy but somehow managed to Trojan horse their way into the minds of developers again (neo-EEE) trying to centralize how software is created. Like we avoid Microsoft Windows, the rest of the Microsoft ecosystem should equally be avoided: Copilot, LinkedIn, Outlook, Exchange, Office, Teams, Azure, VSCode, npm, GitHub (Sponsors, Codespaces, Copilot). Literally none of these projects/services can’t be replaced to help protect the privacy of your clients, coworkers, contributors.

permalink
report
reply
11 points

Cloudflare is a CIA front. They offer “free” DDoS protection + static proxy thereby giving Cloudflare the ability to MitM all TLS connections thru their servers.

I just started to learn about privacy in depth this year, and this little fact about Cloudflare has sat with me more than most things that I’ve learned. I feel like very few people think about the implications of Cloudflare’s practices. Even if its not a CIA front (I feel like it is), we should feel uncomfortable giving any private entity such power. Unrelated, but their crazy lava-lamp wall, as cool as it is, kinda gives me bad vibes lol.

permalink
report
parent
reply
3 points

I learned about Cloudflare mitm quickly because when you use Tor browser you will see how many websites use cloudflare because you can’t access all those sites. So I did a little research about this problem about cloudflare and found out how serious and huge problem it is.

permalink
report
parent
reply
7 points
*

Matrix originating in Israel made me decide not to use it. No way anything from that place isn’t spyware.

permalink
report
parent
reply
30 points

Browsing with JS disabled by default and expecting most sites to have basic functionality like “display this text”

permalink
report
reply
1 point

How dare you‽ 😂

permalink
report
parent
reply
28 points

Signal as a centralized meta-data honeypot.

permalink
report
reply
6 points
Deleted by creator
permalink
report
parent
reply
1 point

Oh boi I’m trying to get people to use simplex exactly because of this. I managed to bring most people to Signal and they’re cool with it because it just works, but I don’t trust them at all. Sure there was this court order where they didn’t have any user data except account created date and last active date, but since almost everybody uses either Google‘s or Apple‘s push notification servers turns out that doesn’t matter so much from what I undertstood.

permalink
report
parent
reply
3 points

Google‘s or Apple‘s push notification servers turns out that doesn’t matter so much from what I undertstood.

Can you elaborate? It’s my understanding that push notifications are only used to trigger Signal to check if there are messages - the message data and who/what triggered it is not being sent to Google/Apple. If you don’t trust push notifications, you can always use a De-google’d phone and the Signal APK which will fallback to polling the server; this will obviously impact battery life as the app needs to constantly be checking for new messages.

permalink
report
parent
reply
2 points

I‘m referring to them handing over the data to law enforcement of the US and other unknown governments.

What exactly they hand over I can’t tell you, it might be harmless. In the case that they revealed they used push notifications data to identify a pedophile who was using some encrypted messaging service. I hope he gets what he deserves but for us it means we shouldn’t trust anything that uses Apple‘s or Google‘s push notification servers.

Yeah I know about Molly etc., but the point is, no one I know is going to degoogle their phone and use that. It would be easier if they’d just use a more private, decentralized app that also doesn’t ask for a phone number ffs.

permalink
report
parent
reply
3 points

You can use your own builds of Signal (or preferably Molly-FOSS) including a self-hosted server. You can bring your own push notification as well.

permalink
report
parent
reply
1 point

I think that’s really cool. Unfortunately most people won’t be doing that, they don’t even care that WhatsApp, etc. are scraping all their data :(

permalink
report
parent
reply
27 points

There is no expectation of privacy in public.

By which I mean that things like blurring a house from Street View are unreasonable.

permalink
report
reply
15 points

IMO, blurring a house in Street View could lead to the Streisand effect, especially when 99% of all other property is unblurred.

If you want to remain private, in the case of Street View, your best bet is to keep it as inconspicuous as possible, otherwise people will start looking closer and ask questions; the exact opposite of what you want, even if you have nothing to hide.

permalink
report
parent
reply
1 point
1 point

Yeah, there’s a reason I added that clarifying second sentence. To be a little more nuanced (but still overly simplistic because I don’t feel like writing an enormous essay right now), I would say you don’t have any expectation of privacy by default in public, but that anything that might reasonably amount to stalking because it’s targeted tracking of an individual, even if it involves footage of someone in public, is certainly not ok.

permalink
report
parent
reply
-3 points

Nuclear war should do the trick at re-establishing this kind of privacy.

Hell, is other people

permalink
report
parent
reply
3 points

why do you think so?

permalink
report
parent
reply
1 point

The survivors will have more immediate concerns than invading my privacy and they will understand the value of their own privacy as well.

permalink
report
parent
reply

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 5.4K

    Monthly active users

  • 1.8K

    Posts

  • 27K

    Comments