So… I’ve done the whole “figure out your threat profile” exercise, and it seems the main concerns that I can do anything about that aren’t just closing the barn door after the horses got out is cutting down on new data collection via surveillance capitalism and data brokers and whatnot, making myself a little bit more protected against those scary wide-scope dragnet-style search warrants that sometimes get served to Google Maps, and just generally making my device less susceptible to attacks that aren’t specifically targeted at me, personally - aka script kiddies and such looking for easy pickings at airports and coffee shops or via sketchy or compromised advertisements / websites.

Which means I should probably be happy with getting a pixel 8 off Amazon, installing graphene, avoiding Google maps and whatnot, using a no-log vpn, and using silent link and jmp.chat (or an alternative? I don’t know which voips are good, pls help) to kick Verizon.

It does about the best I can do without going absolutely feral, because I’d have to leave my current home forever, buy one of those MUDI routers with cash, use tor AND a vpn, constantly change the IMEI and switch out new SIM’s, and buy a pixel 8 with cash, and finally learn new habits and abandon all of my accounts to avoid fingerprinting… which is faaaar beyond the amount of trouble and money I am able to handle.

I’m not a criminal/secret agent trying to be completely untraceable, I’m just trying to be reasonably responsible.

Does this sound about right?

    • [deleted]

    • Post #2
    • Edited

    GlytchMeister

    GlytchMeister Does this sound about right?

    Yes, I think most people just try and reduce the data broker drag net that you are refering to. Others need privacy for particular reasons (activists, journalists due to hostile authoritarian governments, spousal abuse, stalkers etc). There are many non-criminal reasons to want to maintain a private life style. Increased privacy also helps the security of things like your financial institutions, etc. (usually by implementing compartmentalization).

    GlytchMeister it seems the main concerns that I can do anything about that aren’t just closing the barn door after the horses got out is cutting down on new data collection

    You can be proactive and remove yourself from some databases.

    GlytchMeister Google Maps

    OsmAnd

    GlytchMeister I don’t know which voips are good, pls help)

    MySudo, twilio (do not recommend due to the setup being a nightmare). Remember though that any non e2ee messaging apps are not secure communication. Voips are just nice because you cancompartmentalize your life for security and privacy purposes, they are harder to "SIM" swap, some VOIP providers allow you to purge your data, etc.

    GlytchMeister kick Verizon

    Using VOIP numbers does not "kick" your mobile network provider (assuming you're going continue using a SIM card). They are still providing your connectivity to the internet. The "most secure" way is to not use a SIM and use your phone with WiFi only, which is pretty unrealistic for most people. You should kick verizon anyway and use a prepaid service like Mint mobile or whoever.

    GlytchMeister tor AND a vpn

    Tor does not recommend this unless you know what you are doing. This is why bridges exist.

    GlytchMeister have to leave my current home forever

    Depends what you're trying to accomplish, ideally you wouldn't really be giving out your home address. Privacy experts accomplish this by using something like a mail forwarding company, UPS box, etc and using that address on their ID as their "residence". Their actual home would be purchased through a "ghost business" that is not tied to them, so when researching the house you would never find who actually owns it. More can be learned about residency addresses on "RV life" forums (since the RV enthusiast actually have no home), they have figured out how to accomplish things like the afforementioned.

    Privacy and convenience are on opposite ends of the spectrum, so it comes down to what you need to protect yourself as well as how much inconvenience you're willing to deal with.

                    • [deleted]

                    • Post #3

                    GlytchMeister I don’t know which voips are good, pls help) to kick Verizon.

                    By the way, never buy an Pixel (for installing GrapheneOS) from Verizon

                        • [deleted]

                        • Post #5
                        • Edited

                        [deleted] Because devices bought from Verizon don't allow bootloader unlocking. Verizon also does not allow users to get their devices unlocked even after paying off and contacting Verizon's customer support.

                            Yeah I’m gonna get it off Amazon, and I’m going to drop Verizon and use data only Silent Link piggybacking off AT&T. The data only plan is rather cheap, and I think voips can be cheap, too. I’m mainly using the voips as a “fiiiiiine I’ll get a phone number because I need one for work, family, signing up for things, etc”.
                            It’ll be nice to compartmentalize those away from one another. It’s not “secure”, but it reduces the potential cost of a breach. Instead of gaining access to everything I use phone numbers for, they only get some.

                            And yeah, a lot of those efforts I listed off at the bottom of my last post (after “going feral”) are what I’m not gonna do, either because I don’t know enough (tor and vpn) or because it’s not worth it for me (leave home forever and use a hacked MUDI router).

                            What are bridges?

                            Re: voips: are both MySudo and twilio a pain, or just twilio?

                            I’m having a hard time finding a solid compilation of info on various voips with respect to privacy and security.

                              • [deleted]

                              • Post #9

                              GlytchMeister twilio is an absolute massive pain to setup. MySudo is quite easy, the problem is you can't create a mysudo account on a GOS phone atm, it has to be done on a secondary, non-GOS device and then transferred to the GOS device. It's really not hard at all, the part that makes it a "pain" is that you would need a secondary device.

                                  [deleted]

                                  The other negative of mysudo is that it requires google play services to be installed if you want notifications to function normally. Jmp.chat (and their Cheogram app) do not rely on google.

                                  One other negative is that I’ve heard of people having their mysudo accounts shut down for violating their supported country rules even when traveling to a non-supported country short term and using a VPN to appear to be in the USA for example. I don’t understand why a privacy focused voip company would limit you to using their service in a handful of countries.

                                      applesbana so does MySudo also freak out if I were to use a VPN that exits outside of the USA? Seems odd to me, too. Makes me wonder if they really are privacy focused if they’re so careful to not let anyone use their service outside a surveillance state.

                                        Either way, if MySudo depends on Google, that’s another mark against it. Is jmp.chat and their choreogram app trusted in the privacy and infosec community?

                                          Also, does installing Graphene void any warrantee or Preferred Care or whatever?

                                            I might get the pixel straight from google, still trying to figure out the best option

                                              • [deleted]

                                              • Post #16

                                              applesbana

                                              applesbana I don’t understand why a privacy focused voip company would limit you to using their service in a handful of countries.

                                              Why don't you email them and ask?

                                                    • [deleted]

                                                    • Post #18
                                                    • Edited

                                                    GlytchMeister you only need google services if you want push notifications the same is true with things like protonmail. MySudo is also recommended by privacy experts (it's endorsed by Michael Bazzell). They also purge data (such as your messages) from their servers 24 hours after being deleted by the user, it is also stored encrypted.

                                                        [deleted]

                                                        Why don’t you? I am not a customer of theirs and the stories I’ve read of them deleting user accounts for “violations” of their policies without recourse is enough for me to avoid for something as important as a phone number.

                                                            [deleted]

                                                            To be clear, notifications include incoming call notifications. So if you want your phone work like a phone with mysudo (to ring upon a phone call or ding upon an sms), you need google play services.