• Off Topic
  • GrapheneOS without SIM? Signal alternative?

In my County it is nearly impossible to get a sim anonym (for me at least)
what can i do too have Signal whith out personal identifiers?
Or is ther a nother app whitout phone nummer login an same text and calls features whitch same secrurity?

i thinking about dithing my sim complitly and youse my phone with eternet at home and mobile on wifi. What have i to do, to make shure im private and secure?

a question a bit off topic:
What is the best praxis to download an app, if its possible to get the app from the official website, github, f-droid and playstore?

i am new hear so thanks for answers. :)

    You might want to look at Session. It is similar to Signal, but doesn't need phone number to register as a user.

    Trouble is, Session, and to a certain extent Signal, is only useful if you have your counterparts on it as well. And to really make sure you're conversations don't get snooped, your counterpart has to have equal stringent measures. If his device gets compromised, your conversations might also get exposed.

      overpass
      Your other questions really do depend on what your threat model is. I do not know how extreme yours is but in general my opinion I would

      1. Use Vanadium browser to log into what I need for as much as possible without depending on installing apps. There is even a PWA (progressive web apps) option to have icons on your home screen.

      2. If you absolutely most install an app try the Aurora Store. Maybe even the official webpage download in some rare cases for instance to have IVPN apps option of utilizing the Facebook and Google blocking Hardcore mode DNS. The play store variation of IVPN does not include this for reasons that might be obvious. Also another example is Signal apps notifications that can work without google frameworks services. There are pros and cons to choosing between aurora store and official website as well. Play store (aurora store) has their own security checks for apps I have read.

      3. If google is not your threat model you could even use playstore however I personally dislike account IDs and seems like you might as well.

      4. I don't use f-droid and probably won't in the future
        I recommend the below read to get familiarized.
        https://wonderfall.dev/fdroid-issues/

      As far as the no sim in the phone is concerned, perhaps keep your phone in airplane mode and only use WiFi/Ethernet depending on severity. Maybe get an LTE portable router to put a new more private sim into it when you are out traveling to keep your phones IMEI from pairing to a sim. Also use a trusted always on VPN of course to mitigate a little of the other stuff.

        I am overpass. Make a mistake, so i had to do a new acc.

        DevilsDueRebellion
        Thanks for your answers. It is verry helpfull.
        SimpleX seams to be the solution. i will give it a try.

        DevilsDueRebellion Maybe even the official webpage download in some rare cases for instance to have IVPN apps option of utilizing the Facebook and Google blocking Hardcore mode DNS.

        Can you explane this to me? I dont here about IVPN and the Hardcore mode DNS.

        I feel better if i dont use google. Yes i dont like account IDs as well.

        Ass far ass i can see, the auroa store is only to get via f-droid. I cant open the website or ther GitLab site. Tho i think it isnt a good option to dowload via f-droid when auroastore musst be updated via f-droid, or i am false?

        DevilsDueRebellion I don't use f-droid and probably won't in the future
        I recommend the below read to get familiarized.
        https://wonderfall.dev/fdroid-issues/

        What are the drawbacks to download a apk from the website or from github, besite to update your self? For my understandig, to get the app direktly from the develorper sems to be the go to option. Or isnt it the best practice?

        Matth
        thanks. How can i protect my self when the other part dont realy care about privacy?

          Two more Messenger possibilities without mobile number verification would be:
          Threema
          Conversation

          For Signal you could use some VOIP provider which offers a trial account. Just register a answering machine to get the code via a phone call.

          Problem: In the past you would need the same number to switch the phone or restore a backup. But if you still have access to your old phone you can change your Signal number to a new temporary one and then use this to register the new phone. But this does not help you in case the old phone is broken and you need a backup.

            bartenderstoneware

            I guess you can't really protect yourself from that.

            In some messengers (Signal, Session) you can turn on disappearing messages, so they get deleted after a certain time period. That's certainly one way, but be aware that backups done during that period might still have those conversations somewhere.

              bartenderstoneware
              The IVPN Hardened mode DNS essentially tries to block the Facebook (Meta) and google tag trackers/links that many websites have which try to tag you while visiting websites. Keeping mind that using this will also block use of playstore and Aurora store as they utilize google addresses.

              It sounds like your threat model might be a little higher than average so even better would be to use Tor/orbot instead of VPN however I can only speculate on your adversary and threat model as of now. Bear in mind Tor is very slow to use but it helps to always have it on and not switch it off whichever one you choose. I prefer the speed of VPN personally and my threat model isn't so extreme that I must use Tor for everything.

              Aurora Store is a more private front end of the playstore. In very short it is like the playstore without the account IDs. It is not F-droid. The apps in aurora store should be the same as playstore.
              https://auroraoss.com/

              It all comes down to which you prefer to trust. There are always pros and cons to either choice. You can choose to download from the official webpages for your apps but you are choosing to trust that you can keep all your apps manually updated on time. Some of these apps do not self update. You must also trust that their website download page is not unknowingly compromised and also you must trust that developer or team for that app being published on that page.

              Aurora/playstore does have its own app checks however there definitely has also been malware known to be hidden in the playstore in the past. So in either choice there can be risk involved depending on which you prefer to trust.

                DevilsDueRebellion

                You can choose to download from the official webpages for your apps but you are choosing to trust that you can keep all your apps manually updated on time. Some of these apps do not self update.

                Maybe you are looking for Obtainium.

                You must also trust that their website download page is not unknowingly compromised and also you must trust that developer or team for that app being published on that page.

                This could apply to any app from anywhere. If his threat model includes a malicious developer, stolen signing keys, etc, there is really no other choice but to read the source code and compile himself. What if I did not trust the developers of GrapheneOS?

                  sebastianha

                  have you a voip provider to recommend?

                  sebastianha Problem: In the past you would need the same number to switch the phone or restore a backup. But if you still have access to your old phone you can change your Signal number to a new temporary one and then use this to register the new phone. But this does not help you in case the old phone is broken and you need a backup.

                  is it the case when make a new acc? if a provider is just i dont have a number at all.

                    Matth

                    so i ges the best way is to teach how to do it right. its difficult if the person isnt interesstet to lissen.

                    bartenderstoneware If you use a trial account (with a fake email) it will be closed after 14 days or so. The next time you register your old number might not be available.

                    Sorry, no voip service I can recommend right now, but I am sure you find one somewhere

                      DevilsDueRebellion

                      The IVPN Hardened mode DNS sound interessting. so auroa store isnt an option. i cant geht the link running aniway.

                      i think to use tor is the best option for me.

                      DevilsDueRebellion It all comes down to which you prefer to trust. There are always pros and cons to either choice.

                      this is true and not so easy to get to the right, becouse we live in a time in ther people trust almost all big parties or dont care. and if you will still be able to connect it is important to keep that in mind.

                      like signal is a good option and you get it runnig with a burner id, but your close ones are safe you conntact with your real name. so it is most likly better to use a service that present that, like you mentionet simpleX Chat.

                      thank you for all your answers on my treads.

                      Harald

                      optainium looks like a interessting option.

                      Harald This could apply to any app from anywhere. If his threat model includes a malicious developer, stolen signing keys, etc, there is really no other choice but to read the source code and compile himself. What if I did not trust the developers of GrapheneOS?

                      i think you have to trust the people involvt, the people they reviewed the code and that they protection himself good enough and when sey get compromist, they have to be onest about it.

                      and then you chose the option that is most like the best.

                      Harald
                      How do you got Obtainium working?
                      I tryed it in the past and today and got the same error code:
                      "There was a problem while parsing the package."

                      For me, changing the .zip to .apk isn't working.

                      I can recommend simpleX as well.