Just another lunatic buzzing around the interwebs
I'm using EteSync paired with Task.org.
I have this set up on phone, and my (Linux) computers. EteSync costs $2/month but it is well worth it. I also use it to sync Calendar and Contacts. There was also a flatpak version that lets you sync Memos in the same setup, but I didn't set that up. I wanted to stay with the .deb version. That requires a separate Memo/Notes sync, but I never bothered. One of these days I might.
MarsTrue I heard somewhere that 105.3% of statistics are just made up on the spot...*
I have a 6a and when the time comes will probably got to an 8a, for the reason that it is almost as small. My pref is for the phone to be compact. If GOS supported the Sony Xperia XA2, which is slightly smaller than the 6a (and which I still have) that would have been great. But -- you can't re-lock the bootloader once you unlock it, so that's the dealbreaker for GOS devs. And fair enough, too.
* Humour alert! That was a whimsical off-hander.
When I travelled to Europe this year I installed Auditor with the Remote Attestation option -- see https://attestation.app/tutorial -- on my GOS Pixel, but I would think the same could be done in principle for a standard AOS phone, so long as Auditor can be installed onto it. Clearly, do this before any travel, so that the attestation is set up before any likely compromise.
I set it to test every 24 hours, with a 72-hour limit for delays before alerts are emailed (which I think is the default anyway). Obviously, a masked email and a nonsense username are recommended. The message each day from Auditor saying that remote verification succeeded is a welcome thing ;-)
DeletedUser84 I still use the given SIM numbers (I have two; one for personal one for professional; my Pixel is dual-SIM. I also maintain a personal Signal and professional Molly, per MB's approach). I haven't yet gone the route of VoIP numbers with a data-only SIM. I've found trying to get my head around how to set that up to be a bit too complex. But, if there is someone who has done it here in Oz, then I might look at that again in the new year. I'd try to port my existing numbers to VoIP, as I do not want to lose them.
DeletedUser84 I pestered MySudo in the past about .au numbers. Nothing changed. I used a UK +44 number for a while through MySudo, but it was somewhat awkward giving it out to people (what? +44?), so when I swapped from Very Leaky Android to Graphene, that went away.
My set-up is basically as much as I can get working of the techniques MB talks about in Extreme Privacy (mostly 4th & 5th edns) as well as those in the PDF e-books on computers and phones. This includes EteSync and Protonmail. But I eventually took Pop!OS off and went back to plain Debian Linux for both computers since I liked it more. I had used other de-Googled Androids before, but it was Extreme Privacy: Mobile Devices that pushed me to come to Graphene, and I have never looked back.
As another Aussie, I've often wondered how to enact some of the stuff MB talks about in his (e-)books, and from his earlier podcast, which I listened to Way Back in the Day when Justin Carroll was still involved -- pre Ep87. Remember how they used to use made-up names to introduce themselves? ("I'm Chetwynd Bandersnatch", "And I'm that guy from high school") It was based on their Complete Privacy & Security Desk Reference, vols 1 & 2. Ah, the old days....
Anyway, I've never really managed to make much headway with this direction because of the way the law works here. And, for example, the fact that MySudo still does not have any Australian phone numbers. The level of "extra"-ness required to do stuff that is simply basic in the US is so daunting and confusing. I wonder whether there might be a Session group that deals with doing MB-type things in Australia.
Malakai
I too would be interested if anybody finds such an app, as I too have two SIMs (e and p) for the same reason: personal vs work.
I do it manually, in the same session as I run a backup on the computer. First USB cable to phone, copy across. Another possibility, if you have a secure cloud (I use Proton) is to upload to cloud, download to phone. Then do computer backup as per usual. It adds about 10 seconds to the whole thing.
You might also want to know that e/OS/ has had a massive meltdown of their cloud services in the last couple of weeks, which is still not fully resolved. There has been a lot of chatter on their forums about this, mostly extremely annoyed.
Proton here, too. I've used it without incident in the countries I've visited over the last several years (Europe, USA, South-East Asia).
In the past I have had Wire, Session, and Wickr, in addition to Signal and Molly, and I tried SimpleX recently. I only ever had one or two people who wanted to use Session, similar with Wire, no-one ever wanted to use Wickr (especially after its privacy fail), and SimpleX is still a bit new for people. Michael Bazzell notes (correctly, as I see it) that each new messenger that we ask people to use burns some of our privacy capital. Do it too often, and they stop listening.
These days, I use Signal and Molly (two SIMs) and have gotten rid of the others, except where negotiated on an ad hoc basis with certain contacts.
Does this provide a way to enact Michael Bazzell's advice on mobile devices in the Australian context? The advice in his guides is great, but mostly useless for an Australian resident.
I use a file-based pwd manager (KeepassXC) which I used to manually copy across to the phone via USB cable (to be used with KeepassDX). More recently, however, I've taken to copying the file to a secure cloud (Proton) to effect the transfer to other devices. A separate backup copy lives on an old Android phone which has a hardware root of trust, that is locked away and only used for this purpose. A further backup lives on the encrypted external drive which does periodic backups of the main Linux laptop. A yet further copy lives on the "travel" laptop, which gets a wipe & re-install after every trip. Lots of redundant backups!! The main file is on the main laptop, which never leaves the house.
The WHOOP fitness tracker/band has been recommended to me on medical grounds (heart rate, respiration, sleep, etc etc etc), and so I did not buy it -- it was sent to me by an allied health organization who have been contracted to undertake the assessment (I'm elderly and have been to the Moon, remember ;-). I've done a search on Exodus Privacy, which shows 4 signatures for trackers, and some 60+ permissions, most of which make sense.
I am, as you might surmise, reluctant to put the associated app onto my very spartanly-populated GOS phone, and I've been using it via a de-Googled Android tablet with location turned off. Naturally, I registered it with a masked email address and used fake name initials, etc.
But the question I have is: if I turn off location settings for it, just how bad is it as a privacy issue for all that, given the sandboxing that GOS is renowned for? Does anyone here have/use one? If so, what's your privacy/health trade-off?
I'd had a Sony Xperia XA2 running de-Googled Android for several years. During my due diligence, I'd been looking at this forum for some time and noticed there had been some chatter that perhaps the XA2 might be added to the GOS list of supported devices. Alas, it was not, so I opted for a new Pixel 6a. But if the XA2 had been supported, I'd had stayed with it. They are almost the same size (P6a is slightly bigger).
I had a similar experience. I gave my wife the XM3s (she was always borrowing them...) and bought myself a set of XM4s after a couple of years of very satisfied use. Same deal -- not using the Sony spy app, just using the stock settings, etc. Agree that gadgetbridge was very finicky. The XM4s can link to two BT devices at once, which is handy if I want to be able to take a phone call while I am working on the laptop with sound coming from it.
So, to the OP, I have a Pixel 6a, and I have not had any trouble with these headphones, with the exception of the highly intrusive app that Sony wants you to use with it to set all those fancy settings (surround sound, etc). When you read the surveillance privacy policy, you will likely freak out, as many a GOS user would. They monitor everything through the app, which is why I (and presumably @Roger) don't use it.
I have set this up, so for anyone on a paid plan with access to Drive who may be wondering, this works very well.
Yes, I had multiple masked emails on multiple email masking services (eg Firefox Relay, 33Mail, etc) which can get to be a hassle to keep track of (but, thanks be to KeepassXC! ✊). These days I use SimpleLogin as part of a Proton Unlimited subscription, which also allows you to set up custom sub-domains that could even include some part of your name, if you need to use a masked email address that is still not your actual one, for services that may need your real name (eg some booksellers are a bit squeamish about obviously-masked addresses). Just another useful option.
I once demonstrated the utility of this to a colleague when we were out at a restaurant in a city I was visiting which required you to use their QR code to order food to your table, including an email address and a charge card. Whip out the Pixel, fire up the SimpleLogin app, cook up a purpose-chosen masked email and use a masked credit card number, all done in 2 minutes, real email and real credit card info not given out. The unique email will also tell me if that establishment later sells the info on, since it is used nowhere else.
I also had a Tutanota email at one stage (they had a very good calendar before Proton did one), but for some reason they bumped me off it and it eventually timed out. Not much use having encrypted emails that you can't access any more, so I became wary of Tuta (sadly, because I really liked their stuff).
lcalamar Don't ya just HATE google?
Yep. Enough said. That's why I've been using de-Googled Android ROMs for several years, and stopped using gmail long before that.
I concur with this advice. I have flashed other Android ROMs before, and the GOS web installer was by far the easiest to use.