• Off Topic
  • GrapheneOS without SIM? Signal alternative?

I am overpass. Make a mistake, so i had to do a new acc.

DevilsDueRebellion
Thanks for your answers. It is verry helpfull.
SimpleX seams to be the solution. i will give it a try.

DevilsDueRebellion Maybe even the official webpage download in some rare cases for instance to have IVPN apps option of utilizing the Facebook and Google blocking Hardcore mode DNS.

Can you explane this to me? I dont here about IVPN and the Hardcore mode DNS.

I feel better if i dont use google. Yes i dont like account IDs as well.

Ass far ass i can see, the auroa store is only to get via f-droid. I cant open the website or ther GitLab site. Tho i think it isnt a good option to dowload via f-droid when auroastore musst be updated via f-droid, or i am false?

DevilsDueRebellion I don't use f-droid and probably won't in the future
I recommend the below read to get familiarized.
https://wonderfall.dev/fdroid-issues/

What are the drawbacks to download a apk from the website or from github, besite to update your self? For my understandig, to get the app direktly from the develorper sems to be the go to option. Or isnt it the best practice?

Matth
thanks. How can i protect my self when the other part dont realy care about privacy?

    Two more Messenger possibilities without mobile number verification would be:
    Threema
    Conversation

    For Signal you could use some VOIP provider which offers a trial account. Just register a answering machine to get the code via a phone call.

    Problem: In the past you would need the same number to switch the phone or restore a backup. But if you still have access to your old phone you can change your Signal number to a new temporary one and then use this to register the new phone. But this does not help you in case the old phone is broken and you need a backup.

      bartenderstoneware

      I guess you can't really protect yourself from that.

      In some messengers (Signal, Session) you can turn on disappearing messages, so they get deleted after a certain time period. That's certainly one way, but be aware that backups done during that period might still have those conversations somewhere.

        bartenderstoneware
        The IVPN Hardened mode DNS essentially tries to block the Facebook (Meta) and google tag trackers/links that many websites have which try to tag you while visiting websites. Keeping mind that using this will also block use of playstore and Aurora store as they utilize google addresses.

        It sounds like your threat model might be a little higher than average so even better would be to use Tor/orbot instead of VPN however I can only speculate on your adversary and threat model as of now. Bear in mind Tor is very slow to use but it helps to always have it on and not switch it off whichever one you choose. I prefer the speed of VPN personally and my threat model isn't so extreme that I must use Tor for everything.

        Aurora Store is a more private front end of the playstore. In very short it is like the playstore without the account IDs. It is not F-droid. The apps in aurora store should be the same as playstore.
        https://auroraoss.com/

        It all comes down to which you prefer to trust. There are always pros and cons to either choice. You can choose to download from the official webpages for your apps but you are choosing to trust that you can keep all your apps manually updated on time. Some of these apps do not self update. You must also trust that their website download page is not unknowingly compromised and also you must trust that developer or team for that app being published on that page.

        Aurora/playstore does have its own app checks however there definitely has also been malware known to be hidden in the playstore in the past. So in either choice there can be risk involved depending on which you prefer to trust.

          DevilsDueRebellion

          You can choose to download from the official webpages for your apps but you are choosing to trust that you can keep all your apps manually updated on time. Some of these apps do not self update.

          Maybe you are looking for Obtainium.

          You must also trust that their website download page is not unknowingly compromised and also you must trust that developer or team for that app being published on that page.

          This could apply to any app from anywhere. If his threat model includes a malicious developer, stolen signing keys, etc, there is really no other choice but to read the source code and compile himself. What if I did not trust the developers of GrapheneOS?

            sebastianha

            have you a voip provider to recommend?

            sebastianha Problem: In the past you would need the same number to switch the phone or restore a backup. But if you still have access to your old phone you can change your Signal number to a new temporary one and then use this to register the new phone. But this does not help you in case the old phone is broken and you need a backup.

            is it the case when make a new acc? if a provider is just i dont have a number at all.

              Matth

              so i ges the best way is to teach how to do it right. its difficult if the person isnt interesstet to lissen.

              bartenderstoneware If you use a trial account (with a fake email) it will be closed after 14 days or so. The next time you register your old number might not be available.

              Sorry, no voip service I can recommend right now, but I am sure you find one somewhere

                DevilsDueRebellion

                The IVPN Hardened mode DNS sound interessting. so auroa store isnt an option. i cant geht the link running aniway.

                i think to use tor is the best option for me.

                DevilsDueRebellion It all comes down to which you prefer to trust. There are always pros and cons to either choice.

                this is true and not so easy to get to the right, becouse we live in a time in ther people trust almost all big parties or dont care. and if you will still be able to connect it is important to keep that in mind.

                like signal is a good option and you get it runnig with a burner id, but your close ones are safe you conntact with your real name. so it is most likly better to use a service that present that, like you mentionet simpleX Chat.

                thank you for all your answers on my treads.

                Harald

                optainium looks like a interessting option.

                Harald This could apply to any app from anywhere. If his threat model includes a malicious developer, stolen signing keys, etc, there is really no other choice but to read the source code and compile himself. What if I did not trust the developers of GrapheneOS?

                i think you have to trust the people involvt, the people they reviewed the code and that they protection himself good enough and when sey get compromist, they have to be onest about it.

                and then you chose the option that is most like the best.

                Harald
                How do you got Obtainium working?
                I tryed it in the past and today and got the same error code:
                "There was a problem while parsing the package."

                For me, changing the .zip to .apk isn't working.

                I can recommend simpleX as well.

                  Harald
                  I think if you really want to make sure, reading (and understanding) source code and compiling it yourself on a clean computer is the only option.

                  After all, wasn't that special ANOM device in fact an FBI device? Not implying anything at all, but couldn't a project like Graphene be a secret initiative from a powerful state player too?

                  Schiller Obtainium only works when the developer is releasing the APK in their github, gitlab, etc. It will not do the compiling for you.

                  • [deleted]

                  DevilsDueRebellion The IVPN Hardened mode DNS essentially tries to block the Facebook (Meta) and google tag trackers/links that many websites have which try to tag you while visiting websites.

                  DevilsDueRebellion The IVPN Hardened mode DNS essentially tries to block the Facebook (Meta) and google tag trackers/links that many websites have which try to tag you while visiting websites.

                  You can obtain the same output on GOS for free.

                  I described it, link below. You should just download other hosts file which includes social media addresses.

                  https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts
                  https://discuss.grapheneos.org/d/2139-which-vpn-to-choose/15

                  • [deleted]

                  If you care about privacy you can consider using i2p network and fork of Conversations, links below.
                  You don’t need any phone number to register a UUID.
                  There are more advantages to Signal but one is worth to highlight here.

                  Using xmpp + omemo (Conversations) you can get all messages on all your mobile devices. Signal/Molly allows you to have only one mobile device registered.

                  Add:
                  i2pd repo:
                  https://fdroid.i2pd.xyz/

                  Then install

                  i2pd, Conversations-i2p

                  You can set up an account here: xmpp.ilita.i2p

                  The best solution is to set up own xmpp server. It is super easy if you have capability and money resources to buy Pixel and install GOS.
                  There is a ton of tutorials in the internet to do that.