• 1 Post
  • 60 Comments
Joined 3 years ago
cake
Cake day: January 17th, 2022

help-circle

  • IMHO it goes deeper than getting your biometrics, namely do you trust your government? If you do not … then finding “tricks”, technical or legal, will not help in the long run. You need a new government either by changing the one you have or if in feasible becoming citizen of one you do trust.

    So… yes necessary “evil” but I’d argue the question is rather how to held the government holding your data accountable, not how to find ways not to have your government hold data. Your government having your data is precisely what let you legally exist and it’s hard to imagine, but maybe it’s just my own shortcomings, being able to exist in a legal system without identifying you as an individual. Note though that this is NOT the same as surveillance.


  • been running linux and bsd for 15 years, and now I’ve realized that my phone and the services I use have been a blind spot.

    Exactly! Few months ago a friend was home and I was proudly showcasing my HomeAssistant on RPi, all ZigBee, no non-standards IoT, no vendor lock-in, SteamDeck to play on Linux, streaming videos with VLC on my video projector via miniDLNA, etc. He was impressed… then asked “Right, and what’s your phone?” to which I, quite ashamed, had to confess I was relying on an iPhone. It was secure, no Android, etc. On that day I thought “Ok… ok I got PinePhones, I got other gadgets but somehow this specific part of my digital life is wrong!” and thought I should try, even if it wouldn’t work, something else. I also wanted, due to geopolitics (sadly), a non American solution so checked https://volla.online/ which looked wonderful but too expensive for a test. Noticed Murena, French based, refurbished or even new phones but much lower price but still paying for service and I hope for /e/OS maintenance and voila, found a compromise that works for me for now!

    S,T,U are build versions, where S and T are official and U is community. You can see a discussion on https://community.e.foundation/t/difference-between-e-os-builds/60585/7






  • As others suggested the backend is probably already installed on most computers but not setup, namely :

    • ssh to manage passworldless across multiple computers (you need that for data to be safe)
    • scp/rsync/rdiff-backup to actually copy the data thanks to ssh keys

    One could imagine a dedicated user per machine that is for read-only of data (maybe after some encryption, limited to very specific directoriess) and another for storing only of data (with no access except to write on disk and with a maximum quota).

    What this highlight though is that the centralized managed cloud model is challenging to replicate as purely p2p at home, namely backing up your phone to your desktop might be find but the other way around, probably not. Maybe even more challenging, what do you actually backup? I would argue your home directory but… clearly not your e.g. Steam games (humongous) or other backups or video files downloaded from the Web. So… probably a select set of directories in home then, but which ones? ~/Documents only? This specific part implies some decision from the end user.

    Anyway I believe all the tools are there, but I think what most people lack is to view the result and for that maybe some equivalent of https://gitlab.com/ikus-soft/rdiffweb/ which shows when was the last backup done, how big it was, etc basically some form of visual to feel safe.

    Finally to skip the CLI key management part the closest I know, for end users, is KDE Connect https://kdeconnect.kde.org/ which I discovered after building my own https://git.benetou.fr/utopiah/offline-octopus kind of equivalent, namely a way to use devices on LAN. Backup is not a default feature though but could be.


  • Ah, glad you asked because this is precisely what I highlighted to a friend yesterday : it works, even that!

    I make online purchases, like train tickets here in Belgium on the go, with the phone, via the website of SNCB (the national railroad) or any most other commercial website basically. So yes at least some banking apps do work, as I can’t obviously confirm for ALL of them.

    In practice you get App Lounge in anonymous mode, letting you download and install apps from the (proxied AFAICT) Play Store. So you do not need to login to any store yet can install apps beyond solely F-Droid. That being said the vast majority of Apps I use come from F-Droid or directly install the .apk via adb.




  • multiple Android versions outdated.

    What’s the pragmatic consequence of that? Are the security risk actually that great because Android architecture isn’t that secure or rather isn’t there a smaller and smaller amount of hard to execute exploit anyway that yes being up to date is always more secure yet only marginally so?

    I’m asking because I worry that always playing faster catch up with Google leave them in charge.


  • utopiah@lemmy.mltoPrivacy@lemmy.mlGraphene OS Situation
    link
    fedilink
    arrow-up
    8
    arrow-down
    2
    ·
    edit-2
    2 days ago

    Bought /e/OS running CMF https://murena.com/shop/smartphones/brand-new/murena-cmf-phone-1/ few months ago, no frill, no tinkering, just works. Daily driver since I received it.

    I do have more… specific phones, e.g. PinePhone and PinePhone Pro, but I never managed to use they as daily drivers.

    That said, I’m only sharing this because it is “good enough” for me but you probably have different concerns than me. I’m not a political dissident, not a journalist, not a security researcher, just a random dude living in Western Europe.

    I tend to find that identifying precisely what your threat model is facilitate pinpointing pragmatic options.



  • 44 %

    Very interesting, thanks for sharing. That number is of course way too high. I won’t point fingers but… OK I will, I would argue, naively, that a lot of that frustration comes from corporate exploitation. I bet a lot of that comes from maintainer who noticed big number of downloads on CDN but no PR because somehow a paid for tool (so not blaming just BigTech here) relies on their work… and they don’t see a cent for it.

    I doubt most people who have a quirky side project, say something about how to use Lego controllers for their model train on the weekends with kids, really mind. Sure they’d love to see a bit of money from it but whatever.

    Anyway I’ll dig into that report a bit more, thanks for sharing!