N
notahuman

  • Aug 9, 2024
  • Joined Jul 21, 2024
  • zzz

    I could be fine with Firefox showing ads based on generic tracking that is non-invasive.

    The problem is that if there's any server-side tracking that could be modified, I don't get to confirm that server-side code and there could be a demand made by the government to modify the server code.

    So as an example, if the browser monitors what websites I go to, assigns a category to them on the server such as "technology" and "golfing," and then shows ads, I don't mind that. But if the government then demands that all ping times are recorded and Mozilla retain all site history in secret, that is not something I want. Also, if the government requires Mozilla to make these changes, they woukdn't be able to tell is.

    It's very hard to trust a privacy-based US company because any time you rely on the servers as being private, you are placing trust in them not being required to be compromised.

    Because Mull is just a fork on Firefox with telemetry removed, you don't have to have concerns with Mull.

    Firefox is a good browser so if your threat model does not include the government (no illegal activity, not a minority group that could be persecuted such as LGBT or minority religious group or protester with minority that could become persecuted, no expected illegal activities in the future, no.one within the government upset with you and no anticipation of that happening and mostly moderate views or slightly right or left of center) then please use Firefox since they need the money since that judge's disasterous anticompetitive decision that Google is a monopoly because it subsidizes Mozilla by paying for it to be the default search, resulting in the possible destruction of Mozilla and the only non-Chromium based browser that holds back Google controlling all web standards and making them all pro-tracking.

    Mull also has built in default hardening. It's a good browser.

  • automaker4283

    So if you use a number lock in 1 profile and a word password in profile 2 and a corrupt officer threatens to beat the heck out of you unless you unlock, if you are at a password screen with the keyboard and no numbers showing and say the duress password is 9050, the corrupt officer may go "this makes no sense," and if you at a number password screen and say the password is "cumquat all over my kiwi" then the corrupt officer may say "this makes no sense."

    However, if you are at the keyboard screen and you say that the secret password is "cumquat all over my kiwi" and that's the duress password, and the corrupt officer enters it, then your data is irretreivably destroyed. (You may also get beaten, but in a really bad situation that may be the better option.)

    • Sbpr just get Mull and add Ublock

      Firefox doesn't have an about:config and Mull does. Firefox is adding new questionable features that may be fine or may be bad for privacy, let others be beta testers of that, stick with Mull

      • other8026 This makes no sense.

        The government could have demanded google create a backdoor in the hardware and issued a gag order.

        Such a backdoor would be useful. Google Play collects and sends data when a user is in the Internet. iIf a user goes into airplane mode the government couldn't track a user easily. If there's a hardware backdoor, they could be able to send a ping to the device to access info about the device even in that mode. There are use cases for it, so why wouldn't the government request? To say it's implausible just seems naive as to how these gag orders work.

        • since the phone processor when powered on problyhas access to the cellular modem, if there is anything like Intel ME built in, the chip if backdoored could request access to the cellular modem, then exfiltrate data through the cellular modem as well as provide a false reading for how much data is being used if OS monitors cellular packets and request that all telcoms do not include any packets going to exf.ilt.rat.e ip address be listed in billing. There would be no way to know. Doesn't it seem likely such a backdoor would be included by design? It would just mean that depending on threat model there could be risk of exfiltration. If threat model is low or mild it wouldnt matter.

          Is this not possible? Intel ME concerns me. I have been hacked on desktop and think it was through ME but do not knows.

          • I would like a to do list that works well in Graphene. Any opinions on best options?

          • Citizen22 I know people get hacked sometimes and sometimes it's done in a gaslighting way. I've been hacked before, in boring ways and in ways that woukd seem crazy (like filenames changed slightly with whiever it was knowing id notice)

          • ignoramous I think many users who want to use Rethink DNS are power users.

            You could always do an "Expert Mode" like ublock if you wanted.

            A lot of times I wish I could route everything through Orbot or Invizible, but some things won't work as a result. It's possible to use Orbot and FoxProxy in Firefox on top of it, but it means having a socks that will easily connect and a lot of times socks cost money, plus some Apps won't work with that configuration. I also would prefer to not have my ISP have a record of my being a Tor user. Many people use VPNs for many things. Tor puts me into a different pool of users.

            Rethink is already an incredible App and everyone is really impressed by it and I could be the only one who wants this. A feature like this would mean a lot of coding and be hard to do so I'm just glad Rethink exists!

            Although the poster above said Rethink is complicated, the only reason I don't use it is that much is the proxy doesn't offer the level of control I wanted. If I could Daisy chain VPNs then I would just have Rethink be something that analyzes or blocks packets prior to getting sent or coming in. But the options for proxy inside the App still mean everything is either coming out of 1 IP and I don't want that because so many servers and data centers are owned by big tech and able to do things like calculate ping time to guess which user is which.

            • jumpdeer

              Their code is closed source. They not only probably get media device identification but also probably use a proprietary method of identification (like having ram calculate some math problem and checking latency). With sandboxed browsers there is a limit to what can be done. With an App, it has access to a lot more. Even if Graphene isolates Apps somewhat, the value of such a test would be the same. The only way it could be different is if Graphene virtualized profiles, and it's not doing that. The Media ID being constant makes it easy for them to know, however.

              The way to find out how would be to do a fresh reinstall on the device which may make new media ID (check this, reinstall may not do it). if you can now reinstall and use then it was media ID.

            • leafnose

              I tried to submit something but they said I had to pass a google spam catch a thing which mysteriously wouldn't show up

              this is what I wrote, if anyone can help me get past the Turing test to submit this I'd be happy:

              Hi I am a person who uses computers. that is not my real name or email as I don't like being tracked.

              I prefer to use custom mobile operating system Roms because google has such bad privacy policies and lies so much.

              I don't like google closed-source telemetry reporting on my choices and sold without consent either through deceit like fine print terms or just not even telling me.

              Recently google has gotten even more evil with the integrity play api. All financial Apps and official apps use it, resulting in limited consumer choice. Much like Apple not allowing apps to be side loaded and requiring an apple store it hurts consumer choice in many ways.

              Although google would say play integrity api makes things safer for consumers it means that users end up locked into the google ecosystem., since any custom ROM can't use financial Apps since Google wont allow other OSs that run Android Apps to use play integrity API. Most people can't afford many phones and plans and so people end up stuck with Apple or Google. Some developers made Operating systems with open source code so consumers know their data is safe. Some of these custom open source ROMs can run Android Apps but isn't Android and has no google software built in to monitor user behavior to sell ads. Some of these are just as safe as Google's Android Operating system but Google has no process to allow any custom OS to apply to be certified in Integrity API, they are just locked out. its unfair to consumers!

              If Consumers can't run any of the important Apps they need except with Google Android and Apple iOS, how can consumers have a choice other than 2 US companies that don't publish their code, both of whom collect data in undisclosed ways and 1 of which harvests that data to sell many ads?

              Please help the consumers! Please stop pLay Integrity API from ruining different options for consumers!

              Here is an article:

              https://arstechnica.com/gadgets/2024/07/loss-of-popular-2fa-tool-puts-security-minded-grapheneos-in-a-paradox/

              Google claims it's about safety and preventing rooting but this is also about locking consumers into the google and apple ecosystems. there are OSes that don't have rooting but google won't provide integrity play api access.

              also feel free to take out any incoherent or weird parts if you want to submit it for me.

              • secrec great response, thanks for helping me better understand

                the only thing is most merchants use applepay or googlepay and don't have certain banks as options. so even if a bank is willing, it could be rarely used

                • Viewpoint0232 it looks really easy to complain

                  unless someone says not to I'll contact them. this play integrity api shit stuff needs to stop

                • dot_______166 why would you? adding Google Restore probably means that google has access to all that. putting it in your new device gives google so much access to identifiers even if it works. can't you use a USB? do you not mind google?

                  • notahuman the idea is that similar to "play store only" play Integrity api limits choice and demands google play in contravention of existing rehulations

                  • Viewpoint0232 is that something for which an official long complaint needs to be lodged or something in which a short form filled online could alert regulators this is a problem?

                    Also would developers be upset if some random user complained that this is effectively covered by that because they are doing a backdoor "all apps must be play no side loading" technique to violate existing demands?