• Off Topic
  • GrapheneOS without SIM? Signal alternative?

overpass
Your other questions really do depend on what your threat model is. I do not know how extreme yours is but in general my opinion I would

  1. Use Vanadium browser to log into what I need for as much as possible without depending on installing apps. There is even a PWA (progressive web apps) option to have icons on your home screen.

  2. If you absolutely most install an app try the Aurora Store. Maybe even the official webpage download in some rare cases for instance to have IVPN apps option of utilizing the Facebook and Google blocking Hardcore mode DNS. The play store variation of IVPN does not include this for reasons that might be obvious. Also another example is Signal apps notifications that can work without google frameworks services. There are pros and cons to choosing between aurora store and official website as well. Play store (aurora store) has their own security checks for apps I have read.

  3. If google is not your threat model you could even use playstore however I personally dislike account IDs and seems like you might as well.

  4. I don't use f-droid and probably won't in the future
    I recommend the below read to get familiarized.
    https://wonderfall.dev/fdroid-issues/

As far as the no sim in the phone is concerned, perhaps keep your phone in airplane mode and only use WiFi/Ethernet depending on severity. Maybe get an LTE portable router to put a new more private sim into it when you are out traveling to keep your phones IMEI from pairing to a sim. Also use a trusted always on VPN of course to mitigate a little of the other stuff.

    I am overpass. Make a mistake, so i had to do a new acc.

    DevilsDueRebellion
    Thanks for your answers. It is verry helpfull.
    SimpleX seams to be the solution. i will give it a try.

    DevilsDueRebellion Maybe even the official webpage download in some rare cases for instance to have IVPN apps option of utilizing the Facebook and Google blocking Hardcore mode DNS.

    Can you explane this to me? I dont here about IVPN and the Hardcore mode DNS.

    I feel better if i dont use google. Yes i dont like account IDs as well.

    Ass far ass i can see, the auroa store is only to get via f-droid. I cant open the website or ther GitLab site. Tho i think it isnt a good option to dowload via f-droid when auroastore musst be updated via f-droid, or i am false?

    DevilsDueRebellion I don't use f-droid and probably won't in the future
    I recommend the below read to get familiarized.
    https://wonderfall.dev/fdroid-issues/

    What are the drawbacks to download a apk from the website or from github, besite to update your self? For my understandig, to get the app direktly from the develorper sems to be the go to option. Or isnt it the best practice?

    Matth
    thanks. How can i protect my self when the other part dont realy care about privacy?

      Two more Messenger possibilities without mobile number verification would be:
      Threema
      Conversation

      For Signal you could use some VOIP provider which offers a trial account. Just register a answering machine to get the code via a phone call.

      Problem: In the past you would need the same number to switch the phone or restore a backup. But if you still have access to your old phone you can change your Signal number to a new temporary one and then use this to register the new phone. But this does not help you in case the old phone is broken and you need a backup.

        bartenderstoneware

        I guess you can't really protect yourself from that.

        In some messengers (Signal, Session) you can turn on disappearing messages, so they get deleted after a certain time period. That's certainly one way, but be aware that backups done during that period might still have those conversations somewhere.

          bartenderstoneware
          The IVPN Hardened mode DNS essentially tries to block the Facebook (Meta) and google tag trackers/links that many websites have which try to tag you while visiting websites. Keeping mind that using this will also block use of playstore and Aurora store as they utilize google addresses.

          It sounds like your threat model might be a little higher than average so even better would be to use Tor/orbot instead of VPN however I can only speculate on your adversary and threat model as of now. Bear in mind Tor is very slow to use but it helps to always have it on and not switch it off whichever one you choose. I prefer the speed of VPN personally and my threat model isn't so extreme that I must use Tor for everything.

          Aurora Store is a more private front end of the playstore. In very short it is like the playstore without the account IDs. It is not F-droid. The apps in aurora store should be the same as playstore.
          https://auroraoss.com/

          It all comes down to which you prefer to trust. There are always pros and cons to either choice. You can choose to download from the official webpages for your apps but you are choosing to trust that you can keep all your apps manually updated on time. Some of these apps do not self update. You must also trust that their website download page is not unknowingly compromised and also you must trust that developer or team for that app being published on that page.

          Aurora/playstore does have its own app checks however there definitely has also been malware known to be hidden in the playstore in the past. So in either choice there can be risk involved depending on which you prefer to trust.

            DevilsDueRebellion

            You can choose to download from the official webpages for your apps but you are choosing to trust that you can keep all your apps manually updated on time. Some of these apps do not self update.

            Maybe you are looking for Obtainium.

            You must also trust that their website download page is not unknowingly compromised and also you must trust that developer or team for that app being published on that page.

            This could apply to any app from anywhere. If his threat model includes a malicious developer, stolen signing keys, etc, there is really no other choice but to read the source code and compile himself. What if I did not trust the developers of GrapheneOS?

              sebastianha

              have you a voip provider to recommend?

              sebastianha Problem: In the past you would need the same number to switch the phone or restore a backup. But if you still have access to your old phone you can change your Signal number to a new temporary one and then use this to register the new phone. But this does not help you in case the old phone is broken and you need a backup.

              is it the case when make a new acc? if a provider is just i dont have a number at all.

                Matth

                so i ges the best way is to teach how to do it right. its difficult if the person isnt interesstet to lissen.

                bartenderstoneware If you use a trial account (with a fake email) it will be closed after 14 days or so. The next time you register your old number might not be available.

                Sorry, no voip service I can recommend right now, but I am sure you find one somewhere

                  DevilsDueRebellion

                  The IVPN Hardened mode DNS sound interessting. so auroa store isnt an option. i cant geht the link running aniway.

                  i think to use tor is the best option for me.

                  DevilsDueRebellion It all comes down to which you prefer to trust. There are always pros and cons to either choice.

                  this is true and not so easy to get to the right, becouse we live in a time in ther people trust almost all big parties or dont care. and if you will still be able to connect it is important to keep that in mind.

                  like signal is a good option and you get it runnig with a burner id, but your close ones are safe you conntact with your real name. so it is most likly better to use a service that present that, like you mentionet simpleX Chat.

                  thank you for all your answers on my treads.

                  Harald

                  optainium looks like a interessting option.

                  Harald This could apply to any app from anywhere. If his threat model includes a malicious developer, stolen signing keys, etc, there is really no other choice but to read the source code and compile himself. What if I did not trust the developers of GrapheneOS?

                  i think you have to trust the people involvt, the people they reviewed the code and that they protection himself good enough and when sey get compromist, they have to be onest about it.

                  and then you chose the option that is most like the best.

                  Harald
                  How do you got Obtainium working?
                  I tryed it in the past and today and got the same error code:
                  "There was a problem while parsing the package."

                  For me, changing the .zip to .apk isn't working.

                  I can recommend simpleX as well.

                    Harald
                    I think if you really want to make sure, reading (and understanding) source code and compiling it yourself on a clean computer is the only option.

                    After all, wasn't that special ANOM device in fact an FBI device? Not implying anything at all, but couldn't a project like Graphene be a secret initiative from a powerful state player too?

                    Schiller Obtainium only works when the developer is releasing the APK in their github, gitlab, etc. It will not do the compiling for you.